- Linux-stable-mirror - lists.linaro.org

netfilter request for -stable 4.9.x inclusion

by Pablo Neira Ayuso

Hi Greg, Could you enqueue the following patch for -stable 4.9.x? commit ab6dd1beac7be3c17f8bf3d38bdf29ecb7293f1e Author: Xin Long <lucien.xin(a)gmail.com> Date: Thu Aug 10 10:22:24 2017 +0800 netfilter: check for seqadj ext existence before adding it in nf_nat_setup_info Cc'ing Laura, combining SNAT+DNAT+ftp helper is currently broken with 4.9.x. The patch above cures the issues. Thanks.

6 years, 11 months

2
1
0 0

[PATCH 2/3] tracing: Fix synthetic event to allow semicolon at end

by Masami Hiramatsu

Fix synthetic event to allow independent semicolon at end. The synthetic_events interface accepts a semicolon after the last word if there is no space. # echo "myevent u64 var;" >> synthetic_events But if there is a space, it returns an error. # echo "myevent u64 var ;" > synthetic_events sh: write error: Invalid argument This behavior is difficult for users to understand. Let's allow the last independent semicolon too. Fixes: commit 4b147936fa50 ("tracing: Add support for 'synthetic' events") Signed-off-by: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: <stable(a)vger.kernel.org> Cc: Tom Zanussi <tom.zanussi(a)linux.intel.com> Cc: Steven Rostedt <rostedt(a)goodmis.org> --- kernel/trace/trace_events_hist.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/trace/trace_events_hist.c b/kernel/trace/trace_events_hist.c index 6ff83941065a..d239004aaf29 100644 --- a/kernel/trace/trace_events_hist.c +++ b/kernel/trace/trace_events_hist.c @@ -1088,7 +1088,7 @@ static int create_synth_event(int argc, char **argv) i += consumed - 1; } - if (i < argc) { + if (i < argc && strcmp(argv[i], ";") != 0) { ret = -EINVAL; goto err; }

6 years, 11 months

1
0
0 0

Images 34

by Nancy

We are an image team who can process 400+ images each day. If you need any image editing service, please let us know. Image cut out and clipping path, masking. Such as for ecommerce photos, jewelry photos retouching, beauty and skin images and wedding photos. We give test editing for your photos if you send us some. Thanks, Nancy

6 years, 11 months

1
0
0 0

[PATCH 0/4] FS-Cache: Miscellaneous fixes

by David Howells

Attached are another couple of miscellaneous fixes for FS-Cache and CacheFiles: (1) Fix a race between object burial in cachefiles and external rmdir. (2) Fix a race from a split atomic op. (3) Fix incomplete initialisation of cookie key space. (4) Fix out-of-bounds read. The patches are tagged here: git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git fscache-fixes-20181017 and can also be found on the following branch: http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git/log/?h=fs… David --- Al Viro (1): cachefiles: fix the race between cachefiles_bury_object() and rmdir(2) David Howells (1): fscache: Fix incomplete initialisation of inline key space Eric Sandeen (1): fscache: Fix out of bound read in long cookie keys kiran.modukuri (1): fscache: Fix race in fscache_op_complete() due to split atomic_sub & read fs/cachefiles/namei.c | 2 +- fs/fscache/cookie.c | 31 ++++++++++--------------------- fs/fscache/internal.h | 1 - fs/fscache/main.c | 4 +--- include/linux/fscache-cache.h | 4 ++-- 5 files changed, 14 insertions(+), 28 deletions(-)

6 years, 11 months

2
2
0 0

[PATCH] drm/sun4i: Fix an ulong overflow in the dotclock driver

by Boris Brezillon

The calculated ideal rate can easily overflow an unsigned long, thus making the best div selection buggy as soon as no ideal match is found before the overflow occurs. Fixes: 4731a72df273 ("drm/sun4i: request exact rates to our parents") Cc: <stable(a)vger.kernel.org> Signed-off-by: Boris Brezillon <boris.brezillon(a)bootlin.com> --- drivers/gpu/drm/sun4i/sun4i_dotclock.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/sun4i/sun4i_dotclock.c b/drivers/gpu/drm/sun4i/sun4i_dotclock.c index e36004fbe453..82132a9bd1d5 100644 --- a/drivers/gpu/drm/sun4i/sun4i_dotclock.c +++ b/drivers/gpu/drm/sun4i/sun4i_dotclock.c @@ -81,9 +81,12 @@ static long sun4i_dclk_round_rate(struct clk_hw *hw, unsigned long rate, int i; for (i = tcon->dclk_min_div; i <= tcon->dclk_max_div; i++) { - unsigned long ideal = rate * i; + u64 ideal = (u64)rate * i; unsigned long rounded; + if (ideal > ULONG_MAX) + break; + rounded = clk_hw_round_rate(clk_hw_get_parent(hw), ideal); -- 2.14.1

6 years, 11 months

2
1
0 0

Re: SV: MPC8321 boot failure

by gregkh＠linuxfoundation.org

On Thu, Oct 18, 2018 at 08:51:46AM +0000, David Gounaris wrote: > Hi, I can also confirm that it works after cherry-picking the proposed commit. > > Reported-and-tested-by: David Gounaris <david.gounaris(a)infinera.com<mailto:David.Gounaris@infinera.com>> > Now queued up, thanks. greg k-h

6 years, 11 months

1
0
0 0

Linux 4.18.15

by Greg KH

I'm announcing the release of the 4.18.15 kernel. All users of the 4.18 kernel series must upgrade. The updated 4.18.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.18.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/net/macb.txt | 1 Makefile | 16 - arch/arm/boot/dts/sama5d3_emac.dtsi | 2 arch/arm64/kernel/perf_event.c | 7 arch/mips/include/asm/processor.h | 10 arch/mips/kernel/process.c | 25 + arch/mips/kernel/setup.c | 48 +-- arch/mips/kernel/vdso.c | 18 + arch/powerpc/include/asm/book3s/64/pgtable.h | 4 arch/powerpc/kvm/book3s_64_mmu_radix.c | 101 ++---- arch/x86/include/asm/pgtable_types.h | 2 arch/x86/include/uapi/asm/kvm.h | 1 arch/x86/kvm/lapic.c | 22 + drivers/bluetooth/hci_ldisc.c | 2 drivers/clk/x86/clk-pmc-atom.c | 18 - drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.c | 6 drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.h | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gfx_v7.c | 2 drivers/gpu/drm/amd/amdkfd/kfd_device.c | 3 drivers/gpu/drm/amd/amdkfd/kfd_iommu.c | 13 drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v9.c | 2 drivers/gpu/drm/amd/amdkfd/kfd_priv.h | 1 drivers/gpu/drm/amd/amdkfd/kfd_topology.c | 21 + drivers/gpu/drm/amd/include/kgd_kfd_interface.h | 2 drivers/gpu/drm/nouveau/dispnv50/disp.c | 15 drivers/gpu/drm/pl111/pl111_vexpress.c | 3 drivers/hwmon/nct6775.c | 70 +++- drivers/i2c/busses/i2c-scmi.c | 1 drivers/input/joystick/xpad.c | 3 drivers/md/dm-cache-target.c | 5 drivers/md/dm-flakey.c | 2 drivers/md/dm-linear.c | 8 drivers/md/dm.c | 27 + drivers/mfd/omap-usb-host.c | 11 drivers/mmc/core/block.c | 10 drivers/net/bonding/bond_main.c | 65 ++-- drivers/net/dsa/b53/b53_common.c | 4 drivers/net/dsa/bcm_sf2.c | 14 drivers/net/ethernet/aquantia/atlantic/aq_ring.c | 32 +- drivers/net/ethernet/broadcom/bcmsysport.c | 22 - drivers/net/ethernet/broadcom/bnxt/bnxt.c | 27 + drivers/net/ethernet/broadcom/bnxt/bnxt_dcb.c | 6 drivers/net/ethernet/broadcom/bnxt/bnxt_tc.c | 20 - drivers/net/ethernet/cadence/macb_main.c | 8 drivers/net/ethernet/hisilicon/hns/hnae.c | 2 drivers/net/ethernet/hisilicon/hns/hns_enet.c | 30 + drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 19 - drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 3 drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 4 drivers/net/ethernet/mellanox/mlx5/core/transobj.c | 2 drivers/net/ethernet/mscc/ocelot_board.c | 12 drivers/net/ethernet/netronome/nfp/nfp_net_common.c | 17 - drivers/net/ethernet/qlogic/qed/qed_hsi.h | 1 drivers/net/ethernet/qlogic/qlcnic/qlcnic.h | 8 drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_hw.c | 3 drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_hw.h | 3 drivers/net/ethernet/qlogic/qlcnic/qlcnic_hw.h | 3 drivers/net/ethernet/qlogic/qlcnic/qlcnic_io.c | 12 drivers/net/ethernet/qualcomm/rmnet/rmnet_handlers.c | 7 drivers/net/ethernet/realtek/r8169.c | 24 - drivers/net/ethernet/stmicro/stmmac/common.h | 4 drivers/net/ethernet/stmicro/stmmac/stmmac.h | 14 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 238 ++++++++------- drivers/net/ethernet/stmicro/stmmac/stmmac_platform.c | 5 drivers/net/ethernet/ti/Kconfig | 1 drivers/net/phy/phylink.c | 48 +-- drivers/net/phy/sfp-bus.c | 4 drivers/net/team/team.c | 6 drivers/net/tun.c | 43 +- drivers/net/usb/qmi_wwan.c | 1 drivers/net/usb/smsc75xx.c | 1 drivers/net/vxlan.c | 3 drivers/pci/controller/pci-hyperv.c | 37 ++ drivers/perf/arm_pmu.c | 8 drivers/pinctrl/intel/pinctrl-cannonlake.c | 2 drivers/pinctrl/pinctrl-mcp23s08.c | 13 drivers/s390/cio/vfio_ccw_cp.c | 2 drivers/scsi/qla2xxx/qla_target.h | 4 drivers/target/iscsi/iscsi_target.c | 22 - drivers/video/fbdev/aty/atyfb.h | 3 drivers/video/fbdev/aty/atyfb_base.c | 7 drivers/video/fbdev/aty/mach64_ct.c | 10 fs/afs/rxrpc.c | 2 fs/dax.c | 13 include/linux/cgroup-defs.h | 1 include/linux/netdevice.h | 7 include/linux/perf/arm_pmu.h | 1 include/linux/stmmac.h | 1 include/linux/virtio_net.h | 18 + include/net/bonding.h | 7 include/net/inet_sock.h | 6 include/net/ip_fib.h | 1 include/sound/hdaudio.h | 1 include/sound/soc-dapm.h | 1 kernel/bpf/btf.c | 2 kernel/cgroup/cgroup.c | 25 + lib/vsprintf.c | 2 mm/huge_memory.c | 6 mm/mmap.c | 2 mm/percpu.c | 1 mm/vmscan.c | 11 mm/vmstat.c | 1 net/bluetooth/smp.c | 16 - net/core/dev.c | 28 + net/core/ethtool.c | 1 net/core/filter.c | 3 net/core/rtnetlink.c | 41 +- net/dccp/input.c | 4 net/dccp/ipv4.c | 4 net/ipv4/fib_frontend.c | 12 net/ipv4/fib_semantics.c | 50 +++ net/ipv4/inet_connection_sock.c | 5 net/ipv4/ip_sockglue.c | 3 net/ipv4/ip_tunnel.c | 9 net/ipv4/route.c | 7 net/ipv4/tcp_input.c | 4 net/ipv4/tcp_ipv4.c | 4 net/ipv4/udp.c | 2 net/ipv6/addrconf.c | 4 net/ipv6/ip6_fib.c | 2 net/ipv6/ip6_tunnel.c | 13 net/ipv6/raw.c | 29 + net/ipv6/route.c | 5 net/netlabel/netlabel_unlabeled.c | 3 net/packet/af_packet.c | 11 net/sched/cls_u32.c | 10 net/sched/sch_api.c | 24 + net/sctp/transport.c | 12 net/tipc/socket.c | 4 scripts/subarch.include | 13 sound/hda/hdac_controller.c | 15 sound/soc/amd/acp-pcm-dma.c | 21 + sound/soc/codecs/max98373.c | 3 sound/soc/codecs/rt5514.c | 8 sound/soc/codecs/sigmadsp.c | 3 sound/soc/codecs/wm8804-i2c.c | 15 sound/soc/intel/skylake/skl.c | 2 sound/soc/qcom/qdsp6/q6routing.c | 4 sound/soc/sh/rcar/adg.c | 5 sound/soc/sh/rcar/core.c | 10 sound/soc/sh/rcar/dma.c | 4 sound/soc/soc-core.c | 4 sound/soc/soc-dapm.c | 4 tools/perf/scripts/python/export-to-postgresql.py | 9 tools/perf/scripts/python/export-to-sqlite.py | 6 tools/testing/selftests/android/Makefile | 2 tools/testing/selftests/android/config | 5 tools/testing/selftests/android/ion/Makefile | 2 tools/testing/selftests/android/ion/config | 5 tools/testing/selftests/cgroup/cgroup_util.c | 17 - tools/testing/selftests/efivarfs/config | 1 tools/testing/selftests/futex/functional/Makefile | 1 tools/testing/selftests/gpio/Makefile | 7 tools/testing/selftests/kselftest.h | 1 tools/testing/selftests/kvm/Makefile | 7 tools/testing/selftests/lib.mk | 12 tools/testing/selftests/memory-hotplug/config | 1 tools/testing/selftests/net/Makefile | 1 tools/testing/selftests/networking/timestamping/Makefile | 1 tools/testing/selftests/vm/Makefile | 4 160 files changed, 1294 insertions(+), 626 deletions(-) Adrian Hunter (2): perf script python: Fix export-to-postgresql.py occasional failure perf script python: Fix export-to-sqlite.py sample columns Akshu Agrawal (1): ASoC: AMD: Ensure reset bit is cleared before configuring Al Viro (1): net: sched: cls_u32: fix hnode refcounting Alaa Hleihel (1): net/mlx5: Check for SQ and not RQ state when modifying hairpin SQ Amber Lin (1): drm/amdgpu: Fix SDMA HQD destroy error on gfx_v7 Anders Roxell (2): selftests: android: move config up a level selftests: add headers_install to lib.mk Antoine Tenart (2): net: mvpp2: fix a txq_done race condition net: mscc: fix the frame extraction into the skb Baruch Siach (1): net: phy: phylink: fix SFP interface autodetection Charles Keepax (1): ASoC: dapm: Fix NULL pointer deference on CODEC to CODEC DAIs Chris Boot (1): mmc: block: avoid multiblock reads for the last sector in SPI mode Corentin Labbe (1): net: ethernet: ti: add missing GENERIC_ALLOCATOR dependency Damien Le Moal (2): dm: fix report zone remapping to account for partition offset dm linear: fix linear_end_io conditional definition Dan Carpenter (1): scsi: qla2xxx: Fix an endian bug in fcpcmd_is_corrupted() Dan Williams (1): filesystem-dax: Fix dax_layout_busy_page() livelock Danny Smith (1): ASoC: sigmadsp: safeload should not have lower byte limit David Ahern (3): net: sched: Add policy validation for tc attributes rtnetlink: Fail dump if target netnsid is invalid net/ipv6: Remove extra call to ip6_convert_metrics for multipath case David Howells (2): afs: Fix afs_server struct leak afs: Fix clearance of reply Davide Caratti (1): bnxt_en: don't try to offload VLAN 'modify' action Edgar Cherkasov (1): i2c: i2c-scmi: fix for i2c_smbus_write_block_data Eran Ben Elisha (1): net/mlx5: E-Switch, Fix out of bound access when setting vport rate Eric Dumazet (7): ipv4: fix use-after-free in ip_cmsg_recv_dstaddr() rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096 tun: remove unused parameters tun: initialize napi_mutex unconditionally tun: napi flags belong to tfile tcp/dccp: fix lockdep issue when SYN is backlogged inet: make sure to grab rcu_read_lock before using ireq->ireq_opt Eric Farman (1): s390/cio: Fix how vfio-ccw checks pinned pages Florian Fainelli (4): net: dsa: bcm_sf2: Call setup during switch resume net: systemport: Fix wake-up interrupt race during resume net: dsa: bcm_sf2: Fix unbind ordering net: dsa: b53: Keep CPU port as tagged in all VLANs Friedemann Gerold (1): net: aquantia: memory corruption on jumbo frames Giacinto Cifelli (1): qmi_wwan: Added support for Gemalto's Cinterion ALASxx WWAN interface Greg Kroah-Hartman (1): Linux 4.18.15 Guenter Roeck (4): hwmon: (nct6775) Fix access to fan pulse registers hwmon: (nct6775) Fix virtual temperature sources for NCT6796D hwmon: (nct6775) Fix RPM output for fan7 on NCT6796D hwmon: (nct6775) Use different register to get fan RPM for fan7 Hangbin Liu (1): vxlan: fill ttl inherit info Hans de Goede (2): clk: x86: add "ether_clk" alias for Bay Trail / Cherry Trail clk: x86: Stop marking clocks as CLK_IS_CRITICAL Heiner Kallweit (1): r8169: fix network stalls due to missing bit TXCFG_AUTO_FIFO Hermes Zhang (1): Bluetooth: hci_ldisc: Free rw_semaphore on close Ido Schimmel (1): team: Forbid enslaving team device to itself Jakub Kicinski (1): nfp: avoid soft lockups under control message storm Jan Kara (1): mm: Preserve _PAGE_DEVMAP across mprotect() calls Jann Horn (2): mm/vmstat.c: fix outdated vmstat_text mm/mmap.c: don't clobber partially overlapping VMA with MAP_FIXED_NOREPLACE Jay Kamat (1): Fix cg_read_strcmp() Jeff Barnhill (1): net/ipv6: Display all addresses in output of /proc/net/if_inet6 Jianbo Liu (1): net/mlx5e: Set vlan masks for all offloaded TC rules Jianfeng Tan (1): net/packet: fix packet drop as of virtio gso Jiri Kosina (1): udp: Unbreak modules that rely on external __skb_recv_udp() availability Johan Hedberg (1): Bluetooth: SMP: Fix trying to use non-existent local OOB data Jongsung Kim (1): stmmac: fix valid numbers of unicast filter entries Jose Abreu (2): net: stmmac: Fixup the tail addr setting in xmit path net: stmmac: Rework coalesce timer and fix multi-queue races Jérôme Glisse (1): mm/thp: fix call to mmu_notifier in set_pmd_migration_entry() v2 Kuninori Morimoto (2): ASoC: rsnd: adg: care clock-frequency size ASoC: rsnd: don't fallback to PIO mode when -EPROBE_DEFER Laura Abbott (1): scsi: iscsi: target: Don't use stack buffer for scatterlist Lei Yang (2): selftests/efivarfs: add required kernel configs selftests: memory-hotplug: add required configs Lyude Paul (1): drm/nouveau/drm/nouveau: Grab runtime PM ref in nv50_mstc_detect() Maciej S. Szmigiero (1): r8169: set RX_MULTI_EN bit in RxConfig for 8168F-family chips Maciej Żenczykowski (1): net-ethtool: ETHTOOL_GUFO did not and should not require CAP_NET_ADMIN Mahesh Bandewar (3): bonding: avoid possible dead-lock bonding: pass link-local packets to bonding master also. bonding: fix warning message Marco Felsch (1): pinctrl: mcp23s08: fix irq and irqchip setup order Martin KaFai Lau (1): bpf: btf: Fix end boundary calculation for type section Matias Karhumaa (1): Bluetooth: Use correct tfm to generate OOB data Mauricio Faria de Oliveira (1): rtnetlink: fix rtnl_fdb_dump() for ndmsg header Maxime Chevallier (1): net: mvpp2: Extract the correct ethtype from the skb for tx csum offload Michael Chan (2): bnxt_en: Fix TX timeout during netpoll. bnxt_en: Fix VNIC reservations on the PF. Mike Rapoport (2): net/ipv6: stop leaking percpu memory in fib6 info percpu: stop leaking bitmap metadata blocks Mike Snitzer (1): dm linear: eliminate linear_end_io call if CONFIG_DM_ZONED disabled Mikulas Patocka (1): mach64: detect the dot clock divider correctly on sparc Nicholas Piggin (1): KVM: PPC: Book3S HV: Don't use compound_order to determine host mapping size Nicolas Ferre (2): net: macb: disable scatter-gather for macb on sama5d3 ARM: dts: at91: add new compatibility string for macb on sama5d3 Oder Chiou (1): ASoC: rt5514: Fix the issue of the delay volume applied again Paolo Abeni (2): ip6_tunnel: be careful when accessing the inner header ip_tunnel: be careful when accessing the inner header Parthasarathy Bhuvaragan (1): tipc: fix flow control accounting for implicit connect Paul Burton (2): MIPS: Fix CONFIG_CMDLINE handling MIPS: VDSO: Always map near top of user memory Paul Mackerras (1): KVM: PPC: Book3S HV: Avoid crash from THP collapse during radix page fault Pierre-Louis Bossart (1): ASoC: wm8804: Add ACPI support Ramses Ramírez (1): Input: xpad - add support for Xbox1 PDP Camo series gamepad Roman Gushchin (1): mm: slowly shrink slabs with a relatively small number of objects Russell King (1): sfp: fix oops with ethtool -m Ryan Lee (2): ASoC: max98373: Added speaker FS gain cotnrol register to volatile. ASoC: max98373: Added 10ms sleep after amp software reset Sabrina Dubroca (2): net: ipv4: update fnhe_pmtu when first hop's MTU changes net: ipv4: don't let PMTU updates increase route MTU Sean Tranchetti (2): netlabel: check for IPV4MASK in addrinfo_get net: qualcomm: rmnet: Skip processing loopback packets Shahed Shaikh (1): qlcnic: fix Tx descriptor corruption on 82xx devices Shenghui Wang (1): dm cache: destroy migration_cache if cache target registration failed Simon Detheridge (1): pinctrl: cannonlake: Fix gpio base for GPP-E Srinivas Kandagatla (1): ASoC: q6routing: initialize data correctly Stephen Hemminger (1): PCI: hv: support reporting serial number as slot information Steven Rostedt (VMware) (1): vsprintf: Fix off-by-one bug in bstr_printf() processing dereferenced pointers Subash Abhinov Kasiviswanathan (2): net: qualcomm: rmnet: Fix incorrect allocation flag in transmit net: qualcomm: rmnet: Fix incorrect allocation flag in receive path Sudarsana Reddy Kalluru (1): qed: Fix shmem structure inconsistency between driver and the mfw. Tejun Heo (1): cgroup: Fix dom_cgrp propagation when enabling threaded mode Thiago Jung Bauermann (1): selftests: kselftest: Remove outdated comment Tony Lindgren (1): mfd: omap-usb-host: Fix dts probe of children Tushar Dave (1): bpf: use __GFP_COMP while allocating page Vasundhara Volam (2): bnxt_en: Fix enables field in HWRM_QUEUE_COS2BW_CFG request bnxt_en: get the reduced max_irqs by the ones used by RDMA Venkat Duvvuru (1): bnxt_en: free hwrm resources, if driver probe fails. Vitaly Kuznetsov (1): x86/kvm/lapic: always disable MMIO interface in x2APIC mode Wei Wang (1): ipv6: take rcu lock in rawv6_send_hdrinc() Will Deacon (1): arm64: perf: Reject stand-alone CHAIN events for PMUv3 Xin Long (1): sctp: update dst pmtu with the correct daddr Yong Zhao (2): drm/amdkfd: Change the control stack MTYPE from UC to NC on GFX9 drm/amdkfd: Fix ATS capablity was not reported correctly on some APUs Yu Zhao (3): net/usb: cancel pending work when unbinding smsc75xx sound: enable interrupt after dma buffer initialization sound: don't call skl_init_chip() to reset intel skl soc Yunsheng Lin (1): net: hns: fix for unmapping problem when SMMU is on zhong jiang (1): drm/pl111: Make sure of_device_id tables are NULL terminated

6 years, 11 months

1
1
0 0

Linux 4.14.77

by Greg KH

I'm announcing the release of the 4.14.77 kernel. All users of the 4.14 kernel series must upgrade. The updated 4.14.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.14.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/net/macb.txt | 1 Makefile | 2 arch/arm/boot/dts/sama5d3_emac.dtsi | 2 arch/arm/include/asm/assembler.h | 12 + arch/arm/include/asm/barrier.h | 32 +++ arch/arm/include/asm/bugs.h | 6 arch/arm/include/asm/cp15.h | 3 arch/arm/include/asm/cputype.h | 8 arch/arm/include/asm/kvm_asm.h | 2 arch/arm/include/asm/kvm_host.h | 14 + arch/arm/include/asm/kvm_mmu.h | 23 ++ arch/arm/include/asm/proc-fns.h | 4 arch/arm/include/asm/system_misc.h | 15 + arch/arm/include/asm/thread_info.h | 4 arch/arm/include/asm/uaccess.h | 26 +- arch/arm/kernel/Makefile | 1 arch/arm/kernel/bugs.c | 18 + arch/arm/kernel/entry-common.S | 18 - arch/arm/kernel/entry-header.S | 25 ++ arch/arm/kernel/signal.c | 58 +++--- arch/arm/kernel/smp.c | 4 arch/arm/kernel/suspend.c | 2 arch/arm/kernel/sys_oabi-compat.c | 8 arch/arm/kvm/hyp/hyp-entry.S | 112 +++++++++++ arch/arm/lib/copy_from_user.S | 9 arch/arm/mm/Kconfig | 23 ++ arch/arm/mm/Makefile | 2 arch/arm/mm/fault.c | 3 arch/arm/mm/proc-macros.S | 3 arch/arm/mm/proc-v7-2level.S | 6 arch/arm/mm/proc-v7-bugs.c | 174 ++++++++++++++++++ arch/arm/mm/proc-v7.S | 154 ++++++++++++--- arch/arm/vfp/vfpmodule.c | 17 - arch/arm64/kernel/perf_event.c | 7 arch/mips/include/asm/processor.h | 10 - arch/mips/kernel/process.c | 25 ++ arch/mips/kernel/vdso.c | 18 + arch/powerpc/include/asm/book3s/64/pgtable.h | 4 arch/x86/include/asm/pgtable_types.h | 2 arch/x86/include/uapi/asm/kvm.h | 1 arch/x86/kvm/lapic.c | 22 +- drivers/bluetooth/hci_ldisc.c | 2 drivers/clk/x86/clk-pmc-atom.c | 18 + drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gfx_v7.c | 2 drivers/i2c/busses/i2c-scmi.c | 1 drivers/md/dm-cache-target.c | 5 drivers/md/dm-flakey.c | 2 drivers/md/dm-linear.c | 8 drivers/md/dm.c | 27 ++ drivers/mfd/omap-usb-host.c | 11 - drivers/mmc/core/block.c | 10 + drivers/net/bonding/bond_main.c | 65 +++--- drivers/net/dsa/bcm_sf2.c | 12 - drivers/net/ethernet/aquantia/atlantic/aq_ring.c | 32 +-- drivers/net/ethernet/broadcom/bcmsysport.c | 22 +- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 23 +- drivers/net/ethernet/broadcom/bnxt/bnxt_tc.c | 20 +- drivers/net/ethernet/cadence/macb_main.c | 8 drivers/net/ethernet/hisilicon/hns/hnae.c | 2 drivers/net/ethernet/hisilicon/hns/hns_enet.c | 30 +-- drivers/net/ethernet/marvell/mvpp2.c | 20 +- drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 3 drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 4 drivers/net/ethernet/netronome/nfp/nfp_net_common.c | 17 + drivers/net/ethernet/qlogic/qlcnic/qlcnic.h | 8 drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_hw.c | 3 drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_hw.h | 3 drivers/net/ethernet/qlogic/qlcnic/qlcnic_hw.h | 3 drivers/net/ethernet/qlogic/qlcnic/qlcnic_io.c | 12 - drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 8 drivers/net/ethernet/stmicro/stmmac/stmmac_platform.c | 5 drivers/net/hyperv/netvsc_drv.c | 9 drivers/net/team/team.c | 5 drivers/net/usb/qmi_wwan.c | 1 drivers/net/usb/smsc75xx.c | 1 drivers/pci/host/pci-hyperv.c | 37 +++ drivers/perf/arm_pmu.c | 8 drivers/pinctrl/pinctrl-mcp23s08.c | 13 + drivers/s390/cio/vfio_ccw_cp.c | 2 drivers/scsi/qla2xxx/qla_target.h | 4 drivers/target/iscsi/iscsi_target.c | 22 +- drivers/usb/host/xhci-hub.c | 18 - drivers/video/fbdev/aty/atyfb.h | 3 drivers/video/fbdev/aty/atyfb_base.c | 7 drivers/video/fbdev/aty/mach64_ct.c | 10 - fs/dcache.c | 38 +++ include/linux/cgroup-defs.h | 1 include/linux/mmzone.h | 1 include/linux/netdevice.h | 7 include/linux/perf/arm_pmu.h | 1 include/linux/virtio_net.h | 18 + include/net/bonding.h | 7 include/net/inet_sock.h | 6 include/net/ip_fib.h | 1 include/sound/hdaudio.h | 1 kernel/cgroup/cgroup.c | 25 +- mm/huge_memory.c | 6 mm/page_alloc.c | 7 mm/percpu.c | 1 mm/util.c | 7 mm/vmstat.c | 6 net/core/dev.c | 28 ++ net/core/ethtool.c | 1 net/core/rtnetlink.c | 35 ++- net/dccp/input.c | 4 net/dccp/ipv4.c | 4 net/ipv4/fib_frontend.c | 12 - net/ipv4/fib_semantics.c | 50 +++++ net/ipv4/inet_connection_sock.c | 5 net/ipv4/ip_sockglue.c | 3 net/ipv4/ip_tunnel.c | 9 net/ipv4/tcp_input.c | 4 net/ipv4/tcp_ipv4.c | 4 net/ipv4/udp.c | 2 net/ipv6/addrconf.c | 4 net/ipv6/ip6_tunnel.c | 13 + net/ipv6/raw.c | 29 ++- net/netlabel/netlabel_unlabeled.c | 3 net/packet/af_packet.c | 11 - net/sched/sch_api.c | 22 +- net/sctp/transport.c | 12 + net/tipc/socket.c | 4 sound/hda/hdac_controller.c | 15 + sound/soc/codecs/rt5514.c | 8 sound/soc/codecs/sigmadsp.c | 3 sound/soc/codecs/wm8804-i2c.c | 15 + sound/soc/intel/skylake/skl.c | 2 sound/soc/sh/rcar/adg.c | 5 sound/soc/sh/rcar/core.c | 10 - sound/soc/sh/rcar/dma.c | 4 tools/perf/builtin-script.c | 22 +- tools/perf/scripts/python/export-to-postgresql.py | 9 tools/perf/scripts/python/export-to-sqlite.py | 6 tools/perf/tests/attr.c | 4 tools/perf/tests/mem.c | 2 tools/perf/tests/pmu.c | 2 tools/perf/util/cgroup.c | 2 tools/perf/util/parse-events.c | 4 tools/perf/util/pmu.c | 2 tools/testing/selftests/efivarfs/config | 1 tools/testing/selftests/memory-hotplug/config | 1 141 files changed, 1488 insertions(+), 427 deletions(-) Adrian Hunter (2): perf script python: Fix export-to-postgresql.py occasional failure perf script python: Fix export-to-sqlite.py sample columns Amber Lin (1): drm/amdgpu: Fix SDMA HQD destroy error on gfx_v7 Antoine Tenart (1): net: mvpp2: fix a txq_done race condition Chris Boot (1): mmc: block: avoid multiblock reads for the last sector in SPI mode Damien Le Moal (2): dm: fix report zone remapping to account for partition offset dm linear: fix linear_end_io conditional definition Dan Carpenter (1): scsi: qla2xxx: Fix an endian bug in fcpcmd_is_corrupted() Danny Smith (1): ASoC: sigmadsp: safeload should not have lower byte limit David Ahern (1): net: sched: Add policy validation for tc attributes Davide Caratti (1): bnxt_en: don't try to offload VLAN 'modify' action Edgar Cherkasov (1): i2c: i2c-scmi: fix for i2c_smbus_write_block_data Eran Ben Elisha (1): net/mlx5: E-Switch, Fix out of bound access when setting vport rate Eric Dumazet (4): ipv4: fix use-after-free in ip_cmsg_recv_dstaddr() rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096 tcp/dccp: fix lockdep issue when SYN is backlogged inet: make sure to grab rcu_read_lock before using ireq->ireq_opt Eric Farman (1): s390/cio: Fix how vfio-ccw checks pinned pages Florian Fainelli (3): net: dsa: bcm_sf2: Call setup during switch resume net: systemport: Fix wake-up interrupt race during resume net: dsa: bcm_sf2: Fix unbind ordering Friedemann Gerold (1): net: aquantia: memory corruption on jumbo frames Giacinto Cifelli (1): qmi_wwan: Added support for Gemalto's Cinterion ALASxx WWAN interface Greg Kroah-Hartman (1): Linux 4.14.77 Hans de Goede (2): clk: x86: add "ether_clk" alias for Bay Trail / Cherry Trail clk: x86: Stop marking clocks as CLK_IS_CRITICAL Hermes Zhang (1): Bluetooth: hci_ldisc: Free rw_semaphore on close Ido Schimmel (1): team: Forbid enslaving team device to itself Jakub Kicinski (1): nfp: avoid soft lockups under control message storm Jan Kara (1): mm: Preserve _PAGE_DEVMAP across mprotect() calls Jann Horn (1): mm/vmstat.c: fix outdated vmstat_text Jeff Barnhill (1): net/ipv6: Display all addresses in output of /proc/net/if_inet6 Jianbo Liu (1): net/mlx5e: Set vlan masks for all offloaded TC rules Jianfeng Tan (1): net/packet: fix packet drop as of virtio gso Jiri Kosina (1): udp: Unbreak modules that rely on external __skb_recv_udp() availability Jiri Olsa (1): perf tools: Fix snprint warnings for gcc 8 Jongsung Kim (1): stmmac: fix valid numbers of unicast filter entries Jose Abreu (1): net: stmmac: Fixup the tail addr setting in xmit path Jérôme Glisse (1): mm/thp: fix call to mmu_notifier in set_pmd_migration_entry() v2 Kuninori Morimoto (2): ASoC: rsnd: adg: care clock-frequency size ASoC: rsnd: don't fallback to PIO mode when -EPROBE_DEFER Laura Abbott (1): scsi: iscsi: target: Don't use stack buffer for scatterlist Lei Yang (2): selftests/efivarfs: add required kernel configs selftests: memory-hotplug: add required configs Maciej Żenczykowski (1): net-ethtool: ETHTOOL_GUFO did not and should not require CAP_NET_ADMIN Mahesh Bandewar (3): bonding: avoid possible dead-lock bonding: pass link-local packets to bonding master also. bonding: fix warning message Marc Zyngier (2): ARM: KVM: invalidate BTB on guest exit for Cortex-A12/A17 ARM: KVM: invalidate icache on guest exit for Cortex-A15 Marco Felsch (1): pinctrl: mcp23s08: fix irq and irqchip setup order Mathias Nyman (1): xhci: Don't print a warning when setting link state for disabled ports Mauricio Faria de Oliveira (1): rtnetlink: fix rtnl_fdb_dump() for ndmsg header Maxime Chevallier (1): net: mvpp2: Extract the correct ethtype from the skb for tx csum offload Michael Chan (1): bnxt_en: Fix TX timeout during netpoll. Mike Rapoport (1): percpu: stop leaking bitmap metadata blocks Mike Snitzer (1): dm linear: eliminate linear_end_io call if CONFIG_DM_ZONED disabled Mikulas Patocka (1): mach64: detect the dot clock divider correctly on sparc Nicolas Ferre (2): net: macb: disable scatter-gather for macb on sama5d3 ARM: dts: at91: add new compatibility string for macb on sama5d3 Oder Chiou (1): ASoC: rt5514: Fix the issue of the delay volume applied again Paolo Abeni (2): ip6_tunnel: be careful when accessing the inner header ip_tunnel: be careful when accessing the inner header Parthasarathy Bhuvaragan (1): tipc: fix flow control accounting for implicit connect Paul Burton (1): MIPS: VDSO: Always map near top of user memory Pierre-Louis Bossart (1): ASoC: wm8804: Add ACPI support Roman Gushchin (5): mm: introduce NR_INDIRECTLY_RECLAIMABLE_BYTES mm: treat indirectly reclaimable memory as available in MemAvailable dcache: account external names as indirectly reclaimable memory mm: treat indirectly reclaimable memory as free in overcommit logic mm: don't show nr_indirectly_reclaimable in /proc/vmstat Russell King (22): ARM: add more CPU part numbers for Cortex and Brahma B15 CPUs ARM: bugs: prepare processor bug infrastructure ARM: bugs: hook processor bug checking into SMP and suspend paths ARM: bugs: add support for per-processor bug checking ARM: spectre: add Kconfig symbol for CPUs vulnerable to Spectre ARM: spectre-v2: harden branch predictor on context switches ARM: spectre-v2: add Cortex A8 and A15 validation of the IBE bit ARM: spectre-v2: harden user aborts in kernel space ARM: spectre-v2: add firmware based hardening ARM: spectre-v2: warn about incorrect context switching functions ARM: spectre-v2: KVM: invalidate icache on guest exit for Brahma B15 ARM: KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling ARM: KVM: report support for SMCCC_ARCH_WORKAROUND_1 ARM: spectre-v1: add speculation barrier (csdb) macros ARM: spectre-v1: add array_index_mask_nospec() implementation ARM: spectre-v1: fix syscall entry ARM: signal: copy registers using __copy_from_user() ARM: vfp: use __copy_from_user() when restoring VFP state ARM: oabi-compat: copy semops using __copy_from_user() ARM: use __inttype() in get_user() ARM: spectre-v1: use get_user() for __get_user() ARM: spectre-v1: mitigate user accesses Sabrina Dubroca (1): net: ipv4: update fnhe_pmtu when first hop's MTU changes Sean Tranchetti (1): netlabel: check for IPV4MASK in addrinfo_get Shahed Shaikh (1): qlcnic: fix Tx descriptor corruption on 82xx devices Shenghui Wang (1): dm cache: destroy migration_cache if cache target registration failed Stephen Hemminger (2): hv_netvsc: fix schedule in RCU context PCI: hv: support reporting serial number as slot information Tejun Heo (1): cgroup: Fix dom_cgrp propagation when enabling threaded mode Tony Lindgren (1): mfd: omap-usb-host: Fix dts probe of children Venkat Duvvuru (1): bnxt_en: free hwrm resources, if driver probe fails. Vitaly Kuznetsov (1): x86/kvm/lapic: always disable MMIO interface in x2APIC mode Wei Wang (1): ipv6: take rcu lock in rawv6_send_hdrinc() Will Deacon (1): arm64: perf: Reject stand-alone CHAIN events for PMUv3 Xin Long (1): sctp: update dst pmtu with the correct daddr Yu Zhao (3): net/usb: cancel pending work when unbinding smsc75xx sound: enable interrupt after dma buffer initialization sound: don't call skl_init_chip() to reset intel skl soc Yunsheng Lin (1): net: hns: fix for unmapping problem when SMMU is on

6 years, 11 months

1
1
0 0

Linux 4.9.134

by Greg KH

I'm announcing the release of the 4.9.134 kernel. All users of the 4.9 kernel series must upgrade. The updated 4.9.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.9.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/net/macb.txt | 1 Documentation/networking/ip-sysctl.txt | 13 Makefile | 2 arch/arm/boot/dts/sama5d3_emac.dtsi | 2 arch/x86/include/uapi/asm/kvm.h | 1 arch/x86/kvm/lapic.c | 22 drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gfx_v7.c | 2 drivers/i2c/busses/i2c-scmi.c | 1 drivers/mfd/omap-usb-host.c | 11 drivers/net/bonding/bond_main.c | 43 - drivers/net/dsa/bcm_sf2.c | 12 drivers/net/ethernet/broadcom/bcmsysport.c | 22 drivers/net/ethernet/broadcom/bnxt/bnxt.c | 13 drivers/net/ethernet/cadence/macb.c | 8 drivers/net/ethernet/hisilicon/hns/hnae.c | 2 drivers/net/ethernet/hisilicon/hns/hns_enet.c | 30 drivers/net/ethernet/marvell/mvpp2.c | 10 drivers/net/ethernet/qlogic/qlcnic/qlcnic.h | 8 drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_hw.c | 3 drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_hw.h | 3 drivers/net/ethernet/qlogic/qlcnic/qlcnic_hw.h | 3 drivers/net/ethernet/qlogic/qlcnic/qlcnic_io.c | 12 drivers/net/ethernet/stmicro/stmmac/stmmac_platform.c | 5 drivers/net/team/team.c | 5 drivers/net/usb/qmi_wwan.c | 1 drivers/net/usb/smsc75xx.c | 1 drivers/scsi/qla2xxx/qla_target.h | 4 drivers/target/iscsi/iscsi_target.c | 22 drivers/usb/host/xhci-hub.c | 18 drivers/video/fbdev/aty/atyfb.h | 3 drivers/video/fbdev/aty/atyfb_base.c | 7 drivers/video/fbdev/aty/mach64_ct.c | 10 fs/ext4/xattr.c | 2 include/linux/netdevice.h | 7 include/linux/rhashtable.h | 4 include/linux/skbuff.h | 34 - include/net/bonding.h | 7 include/net/inet_frag.h | 133 +--- include/net/inet_sock.h | 6 include/net/ip.h | 1 include/net/ip_fib.h | 1 include/net/ipv6.h | 26 include/uapi/linux/snmp.h | 1 lib/rhashtable.c | 5 mm/vmstat.c | 1 net/core/dev.c | 28 net/core/rtnetlink.c | 6 net/core/skbuff.c | 31 net/dccp/input.c | 4 net/dccp/ipv4.c | 4 net/ieee802154/6lowpan/6lowpan_i.h | 26 net/ieee802154/6lowpan/reassembly.c | 148 ++-- net/ipv4/fib_frontend.c | 12 net/ipv4/fib_semantics.c | 50 + net/ipv4/inet_connection_sock.c | 5 net/ipv4/inet_fragment.c | 379 ++--------- net/ipv4/ip_fragment.c | 573 +++++++++--------- net/ipv4/ip_sockglue.c | 3 net/ipv4/ip_tunnel.c | 9 net/ipv4/proc.c | 7 net/ipv4/tcp_input.c | 37 - net/ipv4/tcp_ipv4.c | 4 net/ipv6/addrconf.c | 4 net/ipv6/ip6_tunnel.c | 13 net/ipv6/netfilter/nf_conntrack_reasm.c | 100 +-- net/ipv6/proc.c | 5 net/ipv6/raw.c | 29 net/ipv6/reassembly.c | 212 +++--- net/netlabel/netlabel_unlabeled.c | 3 sound/hda/hdac_controller.c | 8 sound/soc/codecs/sigmadsp.c | 3 sound/soc/codecs/wm8804-i2c.c | 15 tools/perf/scripts/python/export-to-postgresql.py | 9 tools/testing/selftests/efivarfs/config | 1 tools/testing/selftests/memory-hotplug/config | 1 75 files changed, 1134 insertions(+), 1123 deletions(-) Adrian Hunter (1): perf script python: Fix export-to-postgresql.py occasional failure Amber Lin (1): drm/amdgpu: Fix SDMA HQD destroy error on gfx_v7 Dan Carpenter (2): scsi: qla2xxx: Fix an endian bug in fcpcmd_is_corrupted() ipv4: frags: precedence bug in ip_expire() Daniel Rosenberg (1): ext4: Fix error code in ext4_xattr_set_entry() Danny Smith (1): ASoC: sigmadsp: safeload should not have lower byte limit Edgar Cherkasov (1): i2c: i2c-scmi: fix for i2c_smbus_write_block_data Eric Dumazet (25): ipv4: fix use-after-free in ip_cmsg_recv_dstaddr() rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096 tcp/dccp: fix lockdep issue when SYN is backlogged inet: make sure to grab rcu_read_lock before using ireq->ireq_opt inet: frags: change inet_frags_init_net() return value inet: frags: add a pointer to struct netns_frags inet: frags: refactor ipfrag_init() inet: frags: refactor ipv6_frag_init() inet: frags: refactor lowpan_net_frag_init() ipv6: export ip6 fragments sysctl to unprivileged users rhashtable: add schedule points inet: frags: use rhashtables for reassembly units inet: frags: remove some helpers inet: frags: get rif of inet_frag_evicting() inet: frags: remove inet_frag_maybe_warn_overflow() inet: frags: break the 2GB limit for frags storage inet: frags: do not clone skb in ip_expire() ipv6: frags: rewrite ip6_expire_frag_queue() rhashtable: reorganize struct rhashtable layout inet: frags: reorganize struct netns_frags inet: frags: get rid of ipfrag_skb_cb/FRAG_CB inet: frags: fix ip6frag_low_thresh boundary net: speed up skb_rbtree_purge() net: pskb_trim_rcsum() and CHECKSUM_COMPLETE are friends net: add rb_to_skb() and other rb tree helpers Florian Fainelli (3): net: dsa: bcm_sf2: Call setup during switch resume net: dsa: bcm_sf2: Fix unbind ordering net: systemport: Fix wake-up interrupt race during resume Florian Westphal (1): ipv6: defrag: drop non-last frags smaller than min mtu Giacinto Cifelli (1): qmi_wwan: Added support for Gemalto's Cinterion ALASxx WWAN interface Greg Kroah-Hartman (1): Linux 4.9.134 Ido Schimmel (1): team: Forbid enslaving team device to itself Jann Horn (1): mm/vmstat.c: fix outdated vmstat_text Jeff Barnhill (1): net/ipv6: Display all addresses in output of /proc/net/if_inet6 Jongsung Kim (1): stmmac: fix valid numbers of unicast filter entries Laura Abbott (1): scsi: iscsi: target: Don't use stack buffer for scatterlist Lei Yang (2): selftests/efivarfs: add required kernel configs selftests: memory-hotplug: add required configs Mahesh Bandewar (1): bonding: avoid possible dead-lock Mathias Nyman (1): xhci: Don't print a warning when setting link state for disabled ports Maxime Chevallier (1): net: mvpp2: Extract the correct ethtype from the skb for tx csum offload Michael Chan (1): bnxt_en: Fix TX timeout during netpoll. Mikulas Patocka (1): mach64: detect the dot clock divider correctly on sparc Nicolas Ferre (2): net: macb: disable scatter-gather for macb on sama5d3 ARM: dts: at91: add new compatibility string for macb on sama5d3 Paolo Abeni (2): ip6_tunnel: be careful when accessing the inner header ip_tunnel: be careful when accessing the inner header Peter Oskolkov (5): ip: discard IPv4 datagrams with overlapping segments. net: modify skb_rbtree_purge to return the truesize of all purged skbs. ip: use rb trees for IP frag queue. ip: add helpers to process in-order fragments faster. ip: process in-order fragments efficiently Pierre-Louis Bossart (1): ASoC: wm8804: Add ACPI support Sabrina Dubroca (1): net: ipv4: update fnhe_pmtu when first hop's MTU changes Sean Tranchetti (1): netlabel: check for IPV4MASK in addrinfo_get Shahed Shaikh (1): qlcnic: fix Tx descriptor corruption on 82xx devices Taehee Yoo (1): ip: frags: fix crash in ip_do_fragment() Tony Lindgren (1): mfd: omap-usb-host: Fix dts probe of children Vitaly Kuznetsov (1): x86/kvm/lapic: always disable MMIO interface in x2APIC mode Wei Wang (1): ipv6: take rcu lock in rawv6_send_hdrinc() Yu Zhao (2): sound: enable interrupt after dma buffer initialization net/usb: cancel pending work when unbinding smsc75xx Yunsheng Lin (1): net: hns: fix for unmapping problem when SMMU is on

6 years, 11 months

1
1
0 0

[PATCH 4.14 000/109] 4.14.77-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.14.77 release. There are 109 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu Oct 18 17:04:58 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.77-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.14.77-rc1 Jiri Olsa <jolsa(a)kernel.org> perf tools: Fix snprint warnings for gcc 8 Russell King <rmk+kernel(a)armlinux.org.uk> ARM: spectre-v1: mitigate user accesses Russell King <rmk+kernel(a)armlinux.org.uk> ARM: spectre-v1: use get_user() for __get_user() Russell King <rmk+kernel(a)armlinux.org.uk> ARM: use __inttype() in get_user() Russell King <rmk+kernel(a)armlinux.org.uk> ARM: oabi-compat: copy semops using __copy_from_user() Russell King <rmk+kernel(a)armlinux.org.uk> ARM: vfp: use __copy_from_user() when restoring VFP state Russell King <rmk+kernel(a)armlinux.org.uk> ARM: signal: copy registers using __copy_from_user() Russell King <rmk+kernel(a)armlinux.org.uk> ARM: spectre-v1: fix syscall entry Russell King <rmk+kernel(a)armlinux.org.uk> ARM: spectre-v1: add array_index_mask_nospec() implementation Russell King <rmk+kernel(a)armlinux.org.uk> ARM: spectre-v1: add speculation barrier (csdb) macros Russell King <rmk+kernel(a)armlinux.org.uk> ARM: KVM: report support for SMCCC_ARCH_WORKAROUND_1 Russell King <rmk+kernel(a)armlinux.org.uk> ARM: KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling Russell King <rmk+kernel(a)armlinux.org.uk> ARM: spectre-v2: KVM: invalidate icache on guest exit for Brahma B15 Marc Zyngier <marc.zyngier(a)arm.com> ARM: KVM: invalidate icache on guest exit for Cortex-A15 Marc Zyngier <marc.zyngier(a)arm.com> ARM: KVM: invalidate BTB on guest exit for Cortex-A12/A17 Russell King <rmk+kernel(a)armlinux.org.uk> ARM: spectre-v2: warn about incorrect context switching functions Russell King <rmk+kernel(a)armlinux.org.uk> ARM: spectre-v2: add firmware based hardening Russell King <rmk+kernel(a)armlinux.org.uk> ARM: spectre-v2: harden user aborts in kernel space Russell King <rmk+kernel(a)armlinux.org.uk> ARM: spectre-v2: add Cortex A8 and A15 validation of the IBE bit Russell King <rmk+kernel(a)armlinux.org.uk> ARM: spectre-v2: harden branch predictor on context switches Russell King <rmk+kernel(a)armlinux.org.uk> ARM: spectre: add Kconfig symbol for CPUs vulnerable to Spectre Russell King <rmk+kernel(a)armlinux.org.uk> ARM: bugs: add support for per-processor bug checking Russell King <rmk+kernel(a)armlinux.org.uk> ARM: bugs: hook processor bug checking into SMP and suspend paths Russell King <rmk+kernel(a)armlinux.org.uk> ARM: bugs: prepare processor bug infrastructure Russell King <rmk+kernel(a)armlinux.org.uk> ARM: add more CPU part numbers for Cortex and Brahma B15 CPUs Roman Gushchin <guro(a)fb.com> mm: don't show nr_indirectly_reclaimable in /proc/vmstat Roman Gushchin <guro(a)fb.com> mm: treat indirectly reclaimable memory as free in overcommit logic Roman Gushchin <guro(a)fb.com> dcache: account external names as indirectly reclaimable memory Roman Gushchin <guro(a)fb.com> mm: treat indirectly reclaimable memory as available in MemAvailable Roman Gushchin <guro(a)fb.com> mm: introduce NR_INDIRECTLY_RECLAIMABLE_BYTES Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Don't print a warning when setting link state for disabled ports Edgar Cherkasov <echerkasov(a)dev.rtsoft.ru> i2c: i2c-scmi: fix for i2c_smbus_write_block_data Jan Kara <jack(a)suse.cz> mm: Preserve _PAGE_DEVMAP across mprotect() calls Jérôme Glisse <jglisse(a)redhat.com> mm/thp: fix call to mmu_notifier in set_pmd_migration_entry() v2 Will Deacon <will.deacon(a)arm.com> arm64: perf: Reject stand-alone CHAIN events for PMUv3 Marco Felsch <m.felsch(a)pengutronix.de> pinctrl: mcp23s08: fix irq and irqchip setup order Chris Boot <bootc(a)bootc.net> mmc: block: avoid multiblock reads for the last sector in SPI mode Tejun Heo <tj(a)kernel.org> cgroup: Fix dom_cgrp propagation when enabling threaded mode Damien Le Moal <damien.lemoal(a)wdc.com> dm linear: fix linear_end_io conditional definition Mike Snitzer <snitzer(a)redhat.com> dm linear: eliminate linear_end_io call if CONFIG_DM_ZONED disabled Damien Le Moal <damien.lemoal(a)wdc.com> dm: fix report zone remapping to account for partition offset Shenghui Wang <shhuiw(a)foxmail.com> dm cache: destroy migration_cache if cache target registration failed Eric Farman <farman(a)linux.ibm.com> s390/cio: Fix how vfio-ccw checks pinned pages Adrian Hunter <adrian.hunter(a)intel.com> perf script python: Fix export-to-sqlite.py sample columns Adrian Hunter <adrian.hunter(a)intel.com> perf script python: Fix export-to-postgresql.py occasional failure Mike Rapoport <rppt(a)linux.vnet.ibm.com> percpu: stop leaking bitmap metadata blocks Mikulas Patocka <mpatocka(a)redhat.com> mach64: detect the dot clock divider correctly on sparc Paul Burton <paul.burton(a)mips.com> MIPS: VDSO: Always map near top of user memory Jann Horn <jannh(a)google.com> mm/vmstat.c: fix outdated vmstat_text Amber Lin <Amber.Lin(a)amd.com> drm/amdgpu: Fix SDMA HQD destroy error on gfx_v7 Vitaly Kuznetsov <vkuznets(a)redhat.com> x86/kvm/lapic: always disable MMIO interface in x2APIC mode Hans de Goede <hdegoede(a)redhat.com> clk: x86: Stop marking clocks as CLK_IS_CRITICAL Hans de Goede <hdegoede(a)redhat.com> clk: x86: add "ether_clk" alias for Bay Trail / Cherry Trail Stephen Hemminger <stephen(a)networkplumber.org> PCI: hv: support reporting serial number as slot information Nicolas Ferre <nicolas.ferre(a)microchip.com> ARM: dts: at91: add new compatibility string for macb on sama5d3 Nicolas Ferre <nicolas.ferre(a)microchip.com> net: macb: disable scatter-gather for macb on sama5d3 Jongsung Kim <neidhard.kim(a)lge.com> stmmac: fix valid numbers of unicast filter entries Stephen Hemminger <stephen(a)networkplumber.org> hv_netvsc: fix schedule in RCU context Yu Zhao <yuzhao(a)google.com> sound: don't call skl_init_chip() to reset intel skl soc Yu Zhao <yuzhao(a)google.com> sound: enable interrupt after dma buffer initialization Dan Carpenter <dan.carpenter(a)oracle.com> scsi: qla2xxx: Fix an endian bug in fcpcmd_is_corrupted() Laura Abbott <labbott(a)redhat.com> scsi: iscsi: target: Don't use stack buffer for scatterlist Tony Lindgren <tony(a)atomide.com> mfd: omap-usb-host: Fix dts probe of children Hermes Zhang <chenhuiz(a)axis.com> Bluetooth: hci_ldisc: Free rw_semaphore on close Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: rsnd: don't fallback to PIO mode when -EPROBE_DEFER Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: rsnd: adg: care clock-frequency size Lei Yang <Lei.Yang(a)windriver.com> selftests: memory-hotplug: add required configs Lei Yang <Lei.Yang(a)windriver.com> selftests/efivarfs: add required kernel configs Danny Smith <danny.smith(a)axis.com> ASoC: sigmadsp: safeload should not have lower byte limit Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: wm8804: Add ACPI support Oder Chiou <oder_chiou(a)realtek.com> ASoC: rt5514: Fix the issue of the delay volume applied again Eric Dumazet <edumazet(a)google.com> inet: make sure to grab rcu_read_lock before using ireq->ireq_opt Eric Dumazet <edumazet(a)google.com> tcp/dccp: fix lockdep issue when SYN is backlogged Maciej Żenczykowski <maze(a)google.com> net-ethtool: ETHTOOL_GUFO did not and should not require CAP_NET_ADMIN Davide Caratti <dcaratti(a)redhat.com> bnxt_en: don't try to offload VLAN 'modify' action Jakub Kicinski <jakub.kicinski(a)netronome.com> nfp: avoid soft lockups under control message storm Mahesh Bandewar <maheshb(a)google.com> bonding: fix warning message Mahesh Bandewar <maheshb(a)google.com> bonding: pass link-local packets to bonding master also. Eran Ben Elisha <eranbe(a)mellanox.com> net/mlx5: E-Switch, Fix out of bound access when setting vport rate Friedemann Gerold <f.gerold(a)b-c-s.de> net: aquantia: memory corruption on jumbo frames Jianbo Liu <jianbol(a)mellanox.com> net/mlx5e: Set vlan masks for all offloaded TC rules Florian Fainelli <f.fainelli(a)gmail.com> net: dsa: bcm_sf2: Fix unbind ordering Jianfeng Tan <jianfeng.tan(a)linux.alibaba.com> net/packet: fix packet drop as of virtio gso Jose Abreu <Jose.Abreu(a)synopsys.com> net: stmmac: Fixup the tail addr setting in xmit path Jiri Kosina <jkosina(a)suse.cz> udp: Unbreak modules that rely on external __skb_recv_udp() availability Parthasarathy Bhuvaragan <parthasarathy.bhuvaragan(a)ericsson.com> tipc: fix flow control accounting for implicit connect Ido Schimmel <idosch(a)mellanox.com> team: Forbid enslaving team device to itself Xin Long <lucien.xin(a)gmail.com> sctp: update dst pmtu with the correct daddr Eric Dumazet <edumazet(a)google.com> rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096 Mauricio Faria de Oliveira <mfo(a)canonical.com> rtnetlink: fix rtnl_fdb_dump() for ndmsg header Giacinto Cifelli <gciofono(a)gmail.com> qmi_wwan: Added support for Gemalto's Cinterion ALASxx WWAN interface Shahed Shaikh <shahed.shaikh(a)cavium.com> qlcnic: fix Tx descriptor corruption on 82xx devices Yu Zhao <yuzhao(a)google.com> net/usb: cancel pending work when unbinding smsc75xx Florian Fainelli <f.fainelli(a)gmail.com> net: systemport: Fix wake-up interrupt race during resume David Ahern <dsahern(a)gmail.com> net: sched: Add policy validation for tc attributes Antoine Tenart <antoine.tenart(a)bootlin.com> net: mvpp2: fix a txq_done race condition Maxime Chevallier <maxime.chevallier(a)bootlin.com> net: mvpp2: Extract the correct ethtype from the skb for tx csum offload Sean Tranchetti <stranche(a)codeaurora.org> netlabel: check for IPV4MASK in addrinfo_get Jeff Barnhill <0xeffeff(a)gmail.com> net/ipv6: Display all addresses in output of /proc/net/if_inet6 Sabrina Dubroca <sd(a)queasysnail.net> net: ipv4: update fnhe_pmtu when first hop's MTU changes Yunsheng Lin <linyunsheng(a)huawei.com> net: hns: fix for unmapping problem when SMMU is on Florian Fainelli <f.fainelli(a)gmail.com> net: dsa: bcm_sf2: Call setup during switch resume Wei Wang <weiwan(a)google.com> ipv6: take rcu lock in rawv6_send_hdrinc() Eric Dumazet <edumazet(a)google.com> ipv4: fix use-after-free in ip_cmsg_recv_dstaddr() Paolo Abeni <pabeni(a)redhat.com> ip_tunnel: be careful when accessing the inner header Paolo Abeni <pabeni(a)redhat.com> ip6_tunnel: be careful when accessing the inner header Mahesh Bandewar <maheshb(a)google.com> bonding: avoid possible dead-lock Venkat Duvvuru <venkatkumar.duvvuru(a)broadcom.com> bnxt_en: free hwrm resources, if driver probe fails. Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Fix TX timeout during netpoll. ------------- Diffstat: Documentation/devicetree/bindings/net/macb.txt | 1 + Makefile | 4 +- arch/arm/boot/dts/sama5d3_emac.dtsi | 2 +- arch/arm/include/asm/assembler.h | 12 ++ arch/arm/include/asm/barrier.h | 32 ++++ arch/arm/include/asm/bugs.h | 6 +- arch/arm/include/asm/cp15.h | 3 + arch/arm/include/asm/cputype.h | 8 + arch/arm/include/asm/kvm_asm.h | 2 - arch/arm/include/asm/kvm_host.h | 14 +- arch/arm/include/asm/kvm_mmu.h | 23 ++- arch/arm/include/asm/proc-fns.h | 4 + arch/arm/include/asm/system_misc.h | 15 ++ arch/arm/include/asm/thread_info.h | 4 +- arch/arm/include/asm/uaccess.h | 26 ++- arch/arm/kernel/Makefile | 1 + arch/arm/kernel/bugs.c | 18 +++ arch/arm/kernel/entry-common.S | 18 +-- arch/arm/kernel/entry-header.S | 25 +++ arch/arm/kernel/signal.c | 58 +++---- arch/arm/kernel/smp.c | 4 + arch/arm/kernel/suspend.c | 2 + arch/arm/kernel/sys_oabi-compat.c | 8 +- arch/arm/kvm/hyp/hyp-entry.S | 112 ++++++++++++- arch/arm/lib/copy_from_user.S | 9 ++ arch/arm/mm/Kconfig | 23 +++ arch/arm/mm/Makefile | 2 +- arch/arm/mm/fault.c | 3 + arch/arm/mm/proc-macros.S | 3 +- arch/arm/mm/proc-v7-2level.S | 6 - arch/arm/mm/proc-v7-bugs.c | 174 +++++++++++++++++++++ arch/arm/mm/proc-v7.S | 154 ++++++++++++++---- arch/arm/vfp/vfpmodule.c | 17 +- arch/arm64/kernel/perf_event.c | 7 + arch/mips/include/asm/processor.h | 10 +- arch/mips/kernel/process.c | 25 +++ arch/mips/kernel/vdso.c | 18 ++- arch/powerpc/include/asm/book3s/64/pgtable.h | 4 +- arch/x86/include/asm/pgtable_types.h | 2 +- arch/x86/include/uapi/asm/kvm.h | 1 + arch/x86/kvm/lapic.c | 22 ++- drivers/bluetooth/hci_ldisc.c | 2 + drivers/clk/x86/clk-pmc-atom.c | 18 ++- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gfx_v7.c | 2 +- drivers/i2c/busses/i2c-scmi.c | 1 + drivers/md/dm-cache-target.c | 5 +- drivers/md/dm-flakey.c | 2 + drivers/md/dm-linear.c | 8 +- drivers/md/dm.c | 27 +++- drivers/mfd/omap-usb-host.c | 11 +- drivers/mmc/core/block.c | 10 ++ drivers/net/bonding/bond_main.c | 65 ++++---- drivers/net/dsa/bcm_sf2.c | 12 +- drivers/net/ethernet/aquantia/atlantic/aq_ring.c | 32 ++-- drivers/net/ethernet/broadcom/bcmsysport.c | 22 +-- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 23 ++- drivers/net/ethernet/broadcom/bnxt/bnxt_tc.c | 20 ++- drivers/net/ethernet/cadence/macb_main.c | 8 + drivers/net/ethernet/hisilicon/hns/hnae.c | 2 +- drivers/net/ethernet/hisilicon/hns/hns_enet.c | 30 ++-- drivers/net/ethernet/marvell/mvpp2.c | 20 ++- drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 3 + drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 4 +- .../net/ethernet/netronome/nfp/nfp_net_common.c | 17 +- drivers/net/ethernet/qlogic/qlcnic/qlcnic.h | 8 +- .../net/ethernet/qlogic/qlcnic/qlcnic_83xx_hw.c | 3 +- .../net/ethernet/qlogic/qlcnic/qlcnic_83xx_hw.h | 3 +- drivers/net/ethernet/qlogic/qlcnic/qlcnic_hw.h | 3 +- drivers/net/ethernet/qlogic/qlcnic/qlcnic_io.c | 12 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 8 +- .../net/ethernet/stmicro/stmmac/stmmac_platform.c | 5 +- drivers/net/hyperv/netvsc_drv.c | 9 +- drivers/net/team/team.c | 5 + drivers/net/usb/qmi_wwan.c | 1 + drivers/net/usb/smsc75xx.c | 1 + drivers/pci/host/pci-hyperv.c | 37 +++++ drivers/perf/arm_pmu.c | 8 +- drivers/pinctrl/pinctrl-mcp23s08.c | 13 +- drivers/s390/cio/vfio_ccw_cp.c | 2 +- drivers/scsi/qla2xxx/qla_target.h | 4 +- drivers/target/iscsi/iscsi_target.c | 22 ++- drivers/usb/host/xhci-hub.c | 18 +-- drivers/video/fbdev/aty/atyfb.h | 3 +- drivers/video/fbdev/aty/atyfb_base.c | 7 +- drivers/video/fbdev/aty/mach64_ct.c | 10 +- fs/dcache.c | 38 +++-- include/linux/cgroup-defs.h | 1 + include/linux/mmzone.h | 1 + include/linux/netdevice.h | 7 + include/linux/perf/arm_pmu.h | 1 + include/linux/virtio_net.h | 18 +++ include/net/bonding.h | 7 +- include/net/inet_sock.h | 6 - include/net/ip_fib.h | 1 + include/sound/hdaudio.h | 1 + kernel/cgroup/cgroup.c | 25 +-- mm/huge_memory.c | 6 - mm/page_alloc.c | 7 + mm/percpu.c | 1 + mm/util.c | 7 + mm/vmstat.c | 6 +- net/core/dev.c | 28 +++- net/core/ethtool.c | 1 + net/core/rtnetlink.c | 35 +++-- net/dccp/input.c | 4 +- net/dccp/ipv4.c | 4 +- net/ipv4/fib_frontend.c | 12 +- net/ipv4/fib_semantics.c | 50 ++++++ net/ipv4/inet_connection_sock.c | 5 +- net/ipv4/ip_sockglue.c | 3 +- net/ipv4/ip_tunnel.c | 9 ++ net/ipv4/tcp_input.c | 4 +- net/ipv4/tcp_ipv4.c | 4 +- net/ipv4/udp.c | 2 +- net/ipv6/addrconf.c | 4 +- net/ipv6/ip6_tunnel.c | 13 +- net/ipv6/raw.c | 29 ++-- net/netlabel/netlabel_unlabeled.c | 3 +- net/packet/af_packet.c | 11 +- net/sched/sch_api.c | 22 ++- net/sctp/transport.c | 12 +- net/tipc/socket.c | 4 +- sound/hda/hdac_controller.c | 15 +- sound/soc/codecs/rt5514.c | 8 +- sound/soc/codecs/sigmadsp.c | 3 +- sound/soc/codecs/wm8804-i2c.c | 15 +- sound/soc/intel/skylake/skl.c | 2 +- sound/soc/sh/rcar/adg.c | 5 + sound/soc/sh/rcar/core.c | 10 +- sound/soc/sh/rcar/dma.c | 4 + tools/perf/builtin-script.c | 22 +-- tools/perf/scripts/python/export-to-postgresql.py | 9 ++ tools/perf/scripts/python/export-to-sqlite.py | 6 +- tools/perf/tests/attr.c | 4 +- tools/perf/tests/mem.c | 2 +- tools/perf/tests/pmu.c | 2 +- tools/perf/util/cgroup.c | 2 +- tools/perf/util/parse-events.c | 4 +- tools/perf/util/pmu.c | 2 +- tools/testing/selftests/efivarfs/config | 1 + tools/testing/selftests/memory-hotplug/config | 1 + 141 files changed, 1489 insertions(+), 428 deletions(-)

6 years, 11 months

5
115
0 0

[PATCH 4.18 000/135] 4.18.15-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.18.15 release. There are 135 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu Oct 18 17:04:43 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.18.15-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.18.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.18.15-rc1 Edgar Cherkasov <echerkasov(a)dev.rtsoft.ru> i2c: i2c-scmi: fix for i2c_smbus_write_block_data Jan Kara <jack(a)suse.cz> mm: Preserve _PAGE_DEVMAP across mprotect() calls Dan Williams <dan.j.williams(a)intel.com> filesystem-dax: Fix dax_layout_busy_page() livelock Jérôme Glisse <jglisse(a)redhat.com> mm/thp: fix call to mmu_notifier in set_pmd_migration_entry() v2 Jann Horn <jannh(a)google.com> mm/mmap.c: don't clobber partially overlapping VMA with MAP_FIXED_NOREPLACE Will Deacon <will.deacon(a)arm.com> arm64: perf: Reject stand-alone CHAIN events for PMUv3 Marco Felsch <m.felsch(a)pengutronix.de> pinctrl: mcp23s08: fix irq and irqchip setup order Chris Boot <bootc(a)bootc.net> mmc: block: avoid multiblock reads for the last sector in SPI mode Lyude Paul <lyude(a)redhat.com> drm/nouveau/drm/nouveau: Grab runtime PM ref in nv50_mstc_detect() Ramses Ramírez <ramzeto(a)gmail.com> Input: xpad - add support for Xbox1 PDP Camo series gamepad Tejun Heo <tj(a)kernel.org> cgroup: Fix dom_cgrp propagation when enabling threaded mode Damien Le Moal <damien.lemoal(a)wdc.com> dm linear: fix linear_end_io conditional definition Mike Snitzer <snitzer(a)redhat.com> dm linear: eliminate linear_end_io call if CONFIG_DM_ZONED disabled Damien Le Moal <damien.lemoal(a)wdc.com> dm: fix report zone remapping to account for partition offset Shenghui Wang <shhuiw(a)foxmail.com> dm cache: destroy migration_cache if cache target registration failed Eric Farman <farman(a)linux.ibm.com> s390/cio: Fix how vfio-ccw checks pinned pages Adrian Hunter <adrian.hunter(a)intel.com> perf script python: Fix export-to-sqlite.py sample columns Adrian Hunter <adrian.hunter(a)intel.com> perf script python: Fix export-to-postgresql.py occasional failure Mike Rapoport <rppt(a)linux.vnet.ibm.com> percpu: stop leaking bitmap metadata blocks Steven Rostedt (VMware) <rostedt(a)goodmis.org> vsprintf: Fix off-by-one bug in bstr_printf() processing dereferenced pointers Mikulas Patocka <mpatocka(a)redhat.com> mach64: detect the dot clock divider correctly on sparc Paul Burton <paul.burton(a)mips.com> MIPS: VDSO: Always map near top of user memory Paul Burton <paul.burton(a)mips.com> MIPS: Fix CONFIG_CMDLINE handling David Howells <dhowells(a)redhat.com> afs: Fix clearance of reply David Howells <dhowells(a)redhat.com> afs: Fix afs_server struct leak Jann Horn <jannh(a)google.com> mm/vmstat.c: fix outdated vmstat_text Roman Gushchin <guro(a)fb.com> mm: slowly shrink slabs with a relatively small number of objects Yong Zhao <Yong.Zhao(a)amd.com> drm/amdkfd: Fix ATS capablity was not reported correctly on some APUs Yong Zhao <yong.zhao(a)amd.com> drm/amdkfd: Change the control stack MTYPE from UC to NC on GFX9 Amber Lin <Amber.Lin(a)amd.com> drm/amdgpu: Fix SDMA HQD destroy error on gfx_v7 Vitaly Kuznetsov <vkuznets(a)redhat.com> x86/kvm/lapic: always disable MMIO interface in x2APIC mode Simon Detheridge <s(a)sd.ai> pinctrl: cannonlake: Fix gpio base for GPP-E Hans de Goede <hdegoede(a)redhat.com> clk: x86: Stop marking clocks as CLK_IS_CRITICAL Hans de Goede <hdegoede(a)redhat.com> clk: x86: add "ether_clk" alias for Bay Trail / Cherry Trail Stephen Hemminger <stephen(a)networkplumber.org> hv_netvsc: pair VF based on serial number Stephen Hemminger <stephen(a)networkplumber.org> PCI: hv: support reporting serial number as slot information Nicolas Ferre <nicolas.ferre(a)microchip.com> ARM: dts: at91: add new compatibility string for macb on sama5d3 Nicolas Ferre <nicolas.ferre(a)microchip.com> net: macb: disable scatter-gather for macb on sama5d3 Corentin Labbe <clabbe(a)baylibre.com> net: ethernet: ti: add missing GENERIC_ALLOCATOR dependency Guenter Roeck <linux(a)roeck-us.net> hwmon: (nct6775) Use different register to get fan RPM for fan7 Jongsung Kim <neidhard.kim(a)lge.com> stmmac: fix valid numbers of unicast filter entries Guenter Roeck <linux(a)roeck-us.net> hwmon: (nct6775) Fix RPM output for fan7 on NCT6796D Guenter Roeck <linux(a)roeck-us.net> hwmon: (nct6775) Fix virtual temperature sources for NCT6796D Tushar Dave <tushar.n.dave(a)oracle.com> bpf: use __GFP_COMP while allocating page Martin KaFai Lau <kafai(a)fb.com> bpf: btf: Fix end boundary calculation for type section Yu Zhao <yuzhao(a)google.com> sound: don't call skl_init_chip() to reset intel skl soc Yu Zhao <yuzhao(a)google.com> sound: enable interrupt after dma buffer initialization Dan Carpenter <dan.carpenter(a)oracle.com> scsi: qla2xxx: Fix an endian bug in fcpcmd_is_corrupted() Laura Abbott <labbott(a)redhat.com> scsi: iscsi: target: Don't use stack buffer for scatterlist Nicholas Piggin <npiggin(a)gmail.com> KVM: PPC: Book3S HV: Don't use compound_order to determine host mapping size Tony Lindgren <tony(a)atomide.com> mfd: omap-usb-host: Fix dts probe of children Hermes Zhang <chenhuiz(a)axis.com> Bluetooth: hci_ldisc: Free rw_semaphore on close Matias Karhumaa <matias.karhumaa(a)gmail.com> Bluetooth: Use correct tfm to generate OOB data Johan Hedberg <johan.hedberg(a)intel.com> Bluetooth: SMP: Fix trying to use non-existent local OOB data zhong jiang <zhongjiang(a)huawei.com> drm/pl111: Make sure of_device_id tables are NULL terminated Akshu Agrawal <akshu.agrawal(a)amd.com> ASoC: AMD: Ensure reset bit is cleared before configuring Jay Kamat <jgkamat(a)fb.com> Add tests for memory.oom.group Jay Kamat <jgkamat(a)fb.com> Fix cg_read_strcmp() Guenter Roeck <linux(a)roeck-us.net> hwmon: (nct6775) Fix access to fan pulse registers Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: rsnd: don't fallback to PIO mode when -EPROBE_DEFER Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: rsnd: adg: care clock-frequency size Lei Yang <Lei.Yang(a)windriver.com> selftests: memory-hotplug: add required configs Lei Yang <Lei.Yang(a)windriver.com> selftests/efivarfs: add required kernel configs Anders Roxell <anders.roxell(a)linaro.org> selftests: add headers_install to lib.mk Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: q6routing: initialize data correctly Danny Smith <danny.smith(a)axis.com> ASoC: sigmadsp: safeload should not have lower byte limit Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: wm8804: Add ACPI support Ryan Lee <ryans.lee(a)maximintegrated.com> ASoC: max98373: Added 10ms sleep after amp software reset Thiago Jung Bauermann <bauerman(a)linux.ibm.com> selftests: kselftest: Remove outdated comment Anders Roxell <anders.roxell(a)linaro.org> selftests: android: move config up a level Oder Chiou <oder_chiou(a)realtek.com> ASoC: rt5514: Fix the issue of the delay volume applied again Ryan Lee <ryans.lee(a)maximintegrated.com> ASoC: max98373: Added speaker FS gain cotnrol register to volatile. Charles Keepax <ckeepax(a)opensource.cirrus.com> ASoC: dapm: Fix NULL pointer deference on CODEC to CODEC DAIs Hangbin Liu <liuhangbin(a)gmail.com> vxlan: fill ttl inherit info Maciej S. Szmigiero <mail(a)maciej.szmigiero.name> r8169: set RX_MULTI_EN bit in RxConfig for 8168F-family chips Heiner Kallweit <hkallweit1(a)gmail.com> r8169: fix network stalls due to missing bit TXCFG_AUTO_FIFO Sudarsana Reddy Kalluru <sudarsana.kalluru(a)cavium.com> qed: Fix shmem structure inconsistency between driver and the mfw. Antoine Tenart <antoine.tenart(a)bootlin.com> net: mscc: fix the frame extraction into the skb Mike Rapoport <rppt(a)linux.vnet.ibm.com> net/ipv6: stop leaking percpu memory in fib6 info David Ahern <dsahern(a)gmail.com> net/ipv6: Remove extra call to ip6_convert_metrics for multipath case Vasundhara Volam <vasundhara-v.volam(a)broadcom.com> bnxt_en: get the reduced max_irqs by the ones used by RDMA Vasundhara Volam <vasundhara-v.volam(a)broadcom.com> bnxt_en: Fix enables field in HWRM_QUEUE_COS2BW_CFG request Alaa Hleihel <alaa(a)mellanox.com> net/mlx5: Check for SQ and not RQ state when modifying hairpin SQ Sabrina Dubroca <sd(a)queasysnail.net> net: ipv4: don't let PMTU updates increase route MTU Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Fix VNIC reservations on the PF. David Ahern <dsahern(a)gmail.com> rtnetlink: Fail dump if target netnsid is invalid Florian Fainelli <f.fainelli(a)gmail.com> net: dsa: b53: Keep CPU port as tagged in all VLANs Eric Dumazet <edumazet(a)google.com> inet: make sure to grab rcu_read_lock before using ireq->ireq_opt Eric Dumazet <edumazet(a)google.com> tcp/dccp: fix lockdep issue when SYN is backlogged Russell King <rmk+kernel(a)armlinux.org.uk> sfp: fix oops with ethtool -m Baruch Siach <baruch(a)tkos.co.il> net: phy: phylink: fix SFP interface autodetection Maciej Żenczykowski <maze(a)google.com> net-ethtool: ETHTOOL_GUFO did not and should not require CAP_NET_ADMIN Davide Caratti <dcaratti(a)redhat.com> bnxt_en: don't try to offload VLAN 'modify' action Jakub Kicinski <jakub.kicinski(a)netronome.com> nfp: avoid soft lockups under control message storm Jose Abreu <Jose.Abreu(a)synopsys.com> net: stmmac: Rework coalesce timer and fix multi-queue races Mahesh Bandewar <maheshb(a)google.com> bonding: fix warning message Mahesh Bandewar <maheshb(a)google.com> bonding: pass link-local packets to bonding master also. Eran Ben Elisha <eranbe(a)mellanox.com> net/mlx5: E-Switch, Fix out of bound access when setting vport rate Friedemann Gerold <f.gerold(a)b-c-s.de> net: aquantia: memory corruption on jumbo frames Jianbo Liu <jianbol(a)mellanox.com> net/mlx5e: Set vlan masks for all offloaded TC rules Florian Fainelli <f.fainelli(a)gmail.com> net: dsa: bcm_sf2: Fix unbind ordering Jianfeng Tan <jianfeng.tan(a)linux.alibaba.com> net/packet: fix packet drop as of virtio gso Jose Abreu <Jose.Abreu(a)synopsys.com> net: stmmac: Fixup the tail addr setting in xmit path Eric Dumazet <edumazet(a)google.com> tun: napi flags belong to tfile Eric Dumazet <edumazet(a)google.com> tun: initialize napi_mutex unconditionally Eric Dumazet <edumazet(a)google.com> tun: remove unused parameters Subash Abhinov Kasiviswanathan <subashab(a)codeaurora.org> net: qualcomm: rmnet: Fix incorrect allocation flag in receive path Subash Abhinov Kasiviswanathan <subashab(a)codeaurora.org> net: qualcomm: rmnet: Fix incorrect allocation flag in transmit Sean Tranchetti <stranche(a)codeaurora.org> net: qualcomm: rmnet: Skip processing loopback packets Jiri Kosina <jkosina(a)suse.cz> udp: Unbreak modules that rely on external __skb_recv_udp() availability Parthasarathy Bhuvaragan <parthasarathy.bhuvaragan(a)ericsson.com> tipc: fix flow control accounting for implicit connect Ido Schimmel <idosch(a)mellanox.com> team: Forbid enslaving team device to itself Xin Long <lucien.xin(a)gmail.com> sctp: update dst pmtu with the correct daddr Eric Dumazet <edumazet(a)google.com> rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096 Mauricio Faria de Oliveira <mfo(a)canonical.com> rtnetlink: fix rtnl_fdb_dump() for ndmsg header Giacinto Cifelli <gciofono(a)gmail.com> qmi_wwan: Added support for Gemalto's Cinterion ALASxx WWAN interface Shahed Shaikh <shahed.shaikh(a)cavium.com> qlcnic: fix Tx descriptor corruption on 82xx devices Yu Zhao <yuzhao(a)google.com> net/usb: cancel pending work when unbinding smsc75xx Florian Fainelli <f.fainelli(a)gmail.com> net: systemport: Fix wake-up interrupt race during resume Al Viro <viro(a)zeniv.linux.org.uk> net: sched: cls_u32: fix hnode refcounting David Ahern <dsahern(a)gmail.com> net: sched: Add policy validation for tc attributes Antoine Tenart <antoine.tenart(a)bootlin.com> net: mvpp2: fix a txq_done race condition Maxime Chevallier <maxime.chevallier(a)bootlin.com> net: mvpp2: Extract the correct ethtype from the skb for tx csum offload Sean Tranchetti <stranche(a)codeaurora.org> netlabel: check for IPV4MASK in addrinfo_get Jeff Barnhill <0xeffeff(a)gmail.com> net/ipv6: Display all addresses in output of /proc/net/if_inet6 Sabrina Dubroca <sd(a)queasysnail.net> net: ipv4: update fnhe_pmtu when first hop's MTU changes Yunsheng Lin <linyunsheng(a)huawei.com> net: hns: fix for unmapping problem when SMMU is on Florian Fainelli <f.fainelli(a)gmail.com> net: dsa: bcm_sf2: Call setup during switch resume Wei Wang <weiwan(a)google.com> ipv6: take rcu lock in rawv6_send_hdrinc() Eric Dumazet <edumazet(a)google.com> ipv4: fix use-after-free in ip_cmsg_recv_dstaddr() Paolo Abeni <pabeni(a)redhat.com> ip_tunnel: be careful when accessing the inner header Paolo Abeni <pabeni(a)redhat.com> ip6_tunnel: be careful when accessing the inner header Mahesh Bandewar <maheshb(a)google.com> bonding: avoid possible dead-lock Venkat Duvvuru <venkatkumar.duvvuru(a)broadcom.com> bnxt_en: free hwrm resources, if driver probe fails. Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Fix TX timeout during netpoll. ------------- Diffstat: Documentation/devicetree/bindings/net/macb.txt | 1 + Makefile | 18 +- arch/arm/boot/dts/sama5d3_emac.dtsi | 2 +- arch/arm64/kernel/perf_event.c | 7 + arch/mips/include/asm/processor.h | 10 +- arch/mips/kernel/process.c | 25 +++ arch/mips/kernel/setup.c | 48 +++-- arch/mips/kernel/vdso.c | 18 +- arch/powerpc/include/asm/book3s/64/pgtable.h | 4 +- arch/powerpc/kvm/book3s_64_mmu_radix.c | 91 ++++---- arch/x86/include/asm/pgtable_types.h | 2 +- arch/x86/include/uapi/asm/kvm.h | 1 + arch/x86/kvm/lapic.c | 22 +- drivers/bluetooth/hci_ldisc.c | 2 + drivers/clk/x86/clk-pmc-atom.c | 18 +- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.c | 6 +- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.h | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gfx_v7.c | 2 +- drivers/gpu/drm/amd/amdkfd/kfd_device.c | 3 +- drivers/gpu/drm/amd/amdkfd/kfd_iommu.c | 13 +- drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v9.c | 2 +- drivers/gpu/drm/amd/amdkfd/kfd_priv.h | 1 + drivers/gpu/drm/amd/amdkfd/kfd_topology.c | 21 +- drivers/gpu/drm/amd/include/kgd_kfd_interface.h | 2 +- drivers/gpu/drm/nouveau/dispnv50/disp.c | 15 +- drivers/gpu/drm/pl111/pl111_vexpress.c | 3 +- drivers/hwmon/nct6775.c | 70 ++++-- drivers/i2c/busses/i2c-scmi.c | 1 + drivers/input/joystick/xpad.c | 3 + drivers/md/dm-cache-target.c | 5 +- drivers/md/dm-flakey.c | 2 + drivers/md/dm-linear.c | 8 +- drivers/md/dm.c | 27 ++- drivers/mfd/omap-usb-host.c | 11 +- drivers/mmc/core/block.c | 10 + drivers/net/bonding/bond_main.c | 65 +++--- drivers/net/dsa/b53/b53_common.c | 4 +- drivers/net/dsa/bcm_sf2.c | 14 +- drivers/net/ethernet/aquantia/atlantic/aq_ring.c | 32 +-- drivers/net/ethernet/broadcom/bcmsysport.c | 22 +- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 27 ++- drivers/net/ethernet/broadcom/bnxt/bnxt_dcb.c | 6 +- drivers/net/ethernet/broadcom/bnxt/bnxt_tc.c | 20 +- drivers/net/ethernet/cadence/macb_main.c | 8 + drivers/net/ethernet/hisilicon/hns/hnae.c | 2 +- drivers/net/ethernet/hisilicon/hns/hns_enet.c | 30 ++- drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 19 +- drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 3 + drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 4 +- drivers/net/ethernet/mellanox/mlx5/core/transobj.c | 2 +- drivers/net/ethernet/mscc/ocelot_board.c | 12 +- .../net/ethernet/netronome/nfp/nfp_net_common.c | 17 +- drivers/net/ethernet/qlogic/qed/qed_hsi.h | 1 + drivers/net/ethernet/qlogic/qlcnic/qlcnic.h | 8 +- .../net/ethernet/qlogic/qlcnic/qlcnic_83xx_hw.c | 3 +- .../net/ethernet/qlogic/qlcnic/qlcnic_83xx_hw.h | 3 +- drivers/net/ethernet/qlogic/qlcnic/qlcnic_hw.h | 3 +- drivers/net/ethernet/qlogic/qlcnic/qlcnic_io.c | 12 +- .../net/ethernet/qualcomm/rmnet/rmnet_handlers.c | 7 +- drivers/net/ethernet/realtek/r8169.c | 24 +-- drivers/net/ethernet/stmicro/stmmac/common.h | 4 +- drivers/net/ethernet/stmicro/stmmac/stmmac.h | 14 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 238 ++++++++++++--------- .../net/ethernet/stmicro/stmmac/stmmac_platform.c | 5 +- drivers/net/ethernet/ti/Kconfig | 1 + drivers/net/hyperv/netvsc.c | 3 + drivers/net/hyperv/netvsc_drv.c | 58 ++--- drivers/net/phy/phylink.c | 48 +++-- drivers/net/phy/sfp-bus.c | 4 +- drivers/net/team/team.c | 6 + drivers/net/tun.c | 43 ++-- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/usb/smsc75xx.c | 1 + drivers/net/vxlan.c | 3 + drivers/pci/controller/pci-hyperv.c | 37 ++++ drivers/perf/arm_pmu.c | 8 +- drivers/pinctrl/intel/pinctrl-cannonlake.c | 2 +- drivers/pinctrl/pinctrl-mcp23s08.c | 13 +- drivers/s390/cio/vfio_ccw_cp.c | 2 +- drivers/scsi/qla2xxx/qla_target.h | 4 +- drivers/target/iscsi/iscsi_target.c | 22 +- drivers/video/fbdev/aty/atyfb.h | 3 +- drivers/video/fbdev/aty/atyfb_base.c | 7 +- drivers/video/fbdev/aty/mach64_ct.c | 10 +- fs/afs/rxrpc.c | 2 - fs/dax.c | 13 +- include/linux/cgroup-defs.h | 1 + include/linux/netdevice.h | 7 + include/linux/perf/arm_pmu.h | 1 + include/linux/stmmac.h | 1 + include/linux/virtio_net.h | 18 ++ include/net/bonding.h | 7 +- include/net/inet_sock.h | 6 - include/net/ip_fib.h | 1 + include/sound/hdaudio.h | 1 + include/sound/soc-dapm.h | 1 + kernel/bpf/btf.c | 2 +- kernel/cgroup/cgroup.c | 25 ++- lib/vsprintf.c | 2 +- mm/huge_memory.c | 6 - mm/mmap.c | 2 +- mm/percpu.c | 1 + mm/vmscan.c | 11 + mm/vmstat.c | 1 - net/bluetooth/smp.c | 16 +- net/core/dev.c | 28 ++- net/core/ethtool.c | 1 + net/core/filter.c | 3 +- net/core/rtnetlink.c | 41 ++-- net/dccp/input.c | 4 +- net/dccp/ipv4.c | 4 +- net/ipv4/fib_frontend.c | 12 +- net/ipv4/fib_semantics.c | 50 +++++ net/ipv4/inet_connection_sock.c | 5 +- net/ipv4/ip_sockglue.c | 3 +- net/ipv4/ip_tunnel.c | 9 + net/ipv4/route.c | 7 +- net/ipv4/tcp_input.c | 4 +- net/ipv4/tcp_ipv4.c | 4 +- net/ipv4/udp.c | 2 +- net/ipv6/addrconf.c | 4 +- net/ipv6/ip6_fib.c | 2 + net/ipv6/ip6_tunnel.c | 13 +- net/ipv6/raw.c | 29 ++- net/ipv6/route.c | 5 - net/netlabel/netlabel_unlabeled.c | 3 +- net/packet/af_packet.c | 11 +- net/sched/cls_u32.c | 10 +- net/sched/sch_api.c | 24 ++- net/sctp/transport.c | 12 +- net/tipc/socket.c | 4 +- scripts/subarch.include | 13 ++ sound/hda/hdac_controller.c | 15 +- sound/soc/amd/acp-pcm-dma.c | 21 ++ sound/soc/codecs/max98373.c | 3 + sound/soc/codecs/rt5514.c | 8 +- sound/soc/codecs/sigmadsp.c | 3 +- sound/soc/codecs/wm8804-i2c.c | 15 +- sound/soc/intel/skylake/skl.c | 2 +- sound/soc/qcom/qdsp6/q6routing.c | 4 +- sound/soc/sh/rcar/adg.c | 5 + sound/soc/sh/rcar/core.c | 10 +- sound/soc/sh/rcar/dma.c | 4 + sound/soc/soc-core.c | 4 +- sound/soc/soc-dapm.c | 4 + tools/perf/scripts/python/export-to-postgresql.py | 9 + tools/perf/scripts/python/export-to-sqlite.py | 6 +- tools/testing/selftests/android/Makefile | 2 +- tools/testing/selftests/android/{ion => }/config | 0 tools/testing/selftests/android/ion/Makefile | 2 + tools/testing/selftests/cgroup/cgroup_util.c | 38 +++- tools/testing/selftests/cgroup/cgroup_util.h | 1 + tools/testing/selftests/cgroup/test_memcontrol.c | 205 ++++++++++++++++++ tools/testing/selftests/efivarfs/config | 1 + tools/testing/selftests/futex/functional/Makefile | 1 + tools/testing/selftests/gpio/Makefile | 7 +- tools/testing/selftests/kselftest.h | 1 - tools/testing/selftests/kvm/Makefile | 7 +- tools/testing/selftests/lib.mk | 12 ++ tools/testing/selftests/memory-hotplug/config | 1 + tools/testing/selftests/net/Makefile | 1 + .../selftests/networking/timestamping/Makefile | 1 + tools/testing/selftests/vm/Makefile | 4 - 163 files changed, 1543 insertions(+), 647 deletions(-)

6 years, 11 months

9
155
0 0

[PATCH] ACPICA: AML Parser: fix parse loop to correctly skip erroneous extended opcodes

by Erik Schmauss

AML opcodes come in two lengths: 1-byte opcodes and 2-byte, extended opcodes. If an error occurs due to illegal opcodes during table load, the AML parser needs to continue loading the table. In order to do this, it needs to skip parsing of the offending opcode and operands associated with that opcode. This change fixes the AML parse loop to correctly skip parsing of incorrect extended opcodes. Previously, only the short opcodes were skipped correctly. Signed-off-by: Erik Schmauss <erik.schmauss(a)intel.com> --- drivers/acpi/acpica/psloop.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/drivers/acpi/acpica/psloop.c b/drivers/acpi/acpica/psloop.c index 34fc2f7476ed..b0789c483b0f 100644 --- a/drivers/acpi/acpica/psloop.c +++ b/drivers/acpi/acpica/psloop.c @@ -417,6 +417,7 @@ acpi_status acpi_ps_parse_loop(struct acpi_walk_state *walk_state) union acpi_parse_object *op = NULL; /* current op */ struct acpi_parse_state *parser_state; u8 *aml_op_start = NULL; + u8 opcode_length; ACPI_FUNCTION_TRACE_PTR(ps_parse_loop, walk_state); @@ -540,8 +541,19 @@ acpi_status acpi_ps_parse_loop(struct acpi_walk_state *walk_state) "Skip parsing opcode %s", acpi_ps_get_opcode_name (walk_state->opcode))); + + /* + * Determine the opcode length before skipping the opcode. + * An opcode can be 1 byte or 2 bytes in length. + */ + opcode_length = 1; + if ((walk_state->opcode & 0xFF00) == + AML_EXTENDED_OPCODE) { + opcode_length = 2; + } walk_state->parser_state.aml = - walk_state->aml + 1; + walk_state->aml + opcode_length; + walk_state->parser_state.aml = acpi_ps_get_next_package_end (&walk_state->parser_state); -- 2.17.1

6 years, 11 months

2
1
0 0

[PATCH] ACPICA: AML interpreter: add region addresses in global list during initialization

by Erik Schmauss

The table load process omitted adding the operation region address range to the global list. This omission is problematic because the OS queries the global list to check for address range conflicts before deciding which drivers to load. This commit may result in warning messages that look like the following: [ 7.871761] ACPI Warning: system_IO range 0x00000428-0x0000042F conflicts with op_region 0x00000400-0x0000047F (\PMIO) (20180531/utaddress-213) [ 7.871769] ACPI: If an ACPI driver is available for this device, you should use it instead of the native driver However, these messages do not signify regressions. It is a result of properly adding address ranges within the global address list. Link: https://bugzilla.kernel.org/show_bug.cgi?id=200011 Tested-by: Jean-Marc Lenoir <archlinux(a)jihemel.com> Signed-off-by: Erik Schmauss <erik.schmauss(a)intel.com> --- drivers/acpi/acpica/dsopcode.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/acpi/acpica/dsopcode.c b/drivers/acpi/acpica/dsopcode.c index e9fb0bf3c8d2..78f9de260d5f 100644 --- a/drivers/acpi/acpica/dsopcode.c +++ b/drivers/acpi/acpica/dsopcode.c @@ -417,6 +417,10 @@ acpi_ds_eval_region_operands(struct acpi_walk_state *walk_state, ACPI_FORMAT_UINT64(obj_desc->region.address), obj_desc->region.length)); + status = acpi_ut_add_address_range(obj_desc->region.space_id, + obj_desc->region.address, + obj_desc->region.length, node); + /* Now the address and length are valid for this opregion */ obj_desc->region.flags |= AOPOBJ_DATA_VALID; -- 2.17.1

6 years, 11 months

2
1
0 0

Re: MPC8321 boot failure

by Christophe LEROY

Hi, I can now confirm that the boot failure is due to the absence of commit 8183d99f4a22 ("powerpc/lib/feature-fixups: use raw_patch_instruction()") Greg, could you please apply that patch to 4.14 stable ? Thanks Christophe Le 17/10/2018 à 18:36, Christophe LEROY a écrit : > Hi, > > Yes I discovered the same issue today on MPC8321E, I plan to look at it > more closely tomorrow morning (Paris Time). > > I think we are missing commit 8183d99f4a22c2abbc543847a588df3666ef0c0c , > I didn't realise it when we applied the serie to 4.14, > patch_instruction() is called too early without that patch. > > If you have opportunity to test now, you are welcome, otherwise I'll > test it tomorrow. > > Christophe > > Le 17/10/2018 à 17:18, David Gounaris a écrit : >> Hello, I got into troubles when I upgraded to Linux kernel 4.14.76 on >> boards with MPC8321. >> >> >> The symptom that I see is that the boot process gets cyclic, and no >> printouts are seen from the Linux kernel. It seems like it resets. >> >> >> When I revert the following commits it works again. >> >> af1a8101794dfea897290e057f61086dabfe6c91, powerpc/lib: fix book3s/32 >> boot failure due to code patching >> 609fbeddb24c4035d24fc32d82dc08b30ae3dfc0, powerpc: Avoid code patching >> freed init sections >> >> Any ideas of how to continue? >> >> BR / David Gounaris >> >> >>

6 years, 11 months

1
0
0 0

[PATCH v2 5/7] sd: Avoid that hibernation triggers a kernel warning

by Bart Van Assche

Although the power management code never calls the system-wide and runtime suspend callbacks concurrently, runtime power state changes can happen while the system is being suspended or resumed. See also the dpm_suspend() and dpm_resume() calls in hibernation_snapshot(). Make sure the sd driver supports this. This patch avoids that the following call trace is reported during system-wide suspend: WARNING: CPU: 0 PID: 701 at drivers/scsi/scsi_lib.c:3047 scsi_device_quiesce+0x4b/0xd0 Workqueue: events_unbound async_run_entry_fn RIP: 0010:scsi_device_quiesce+0x4b/0xd0 Call Trace: scsi_bus_suspend_common+0x71/0xe0 scsi_bus_freeze+0x15/0x20 dpm_run_callback+0x88/0x360 __device_suspend+0x1c4/0x840 async_suspend+0x1f/0xb0 async_run_entry_fn+0x6e/0x2c0 process_one_work+0x4ae/0xa20 worker_thread+0x63/0x5a0 kthread+0x1cf/0x1f0 ret_from_fork+0x24/0x30 Fixes: cd84a62e0078 ("block, scsi: Change the preempt-only flag into a counter") Cc: Lee Duncan <lduncan(a)suse.com> Cc: Hannes Reinecke <hare(a)suse.com> Cc: Luis Chamberlain <mcgrof(a)kernel.org> Cc: Johannes Thumshirn <jthumshirn(a)suse.de> Cc: Christoph Hellwig <hch(a)lst.de> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Dan Williams <dan.j.williams(a)intel.com> Cc: stable(a)vger.kernel.org Signed-off-by: Bart Van Assche <bvanassche(a)acm.org> --- drivers/scsi/scsi_lib.c | 15 ++++++--------- include/scsi/scsi_device.h | 1 - 2 files changed, 6 insertions(+), 10 deletions(-) diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c index 7db3c5fae469..6c18a61176e5 100644 --- a/drivers/scsi/scsi_lib.c +++ b/drivers/scsi/scsi_lib.c @@ -3052,11 +3052,12 @@ scsi_device_quiesce(struct scsi_device *sdev) int err; /* - * It is allowed to call scsi_device_quiesce() multiple times from - * the same context but concurrent scsi_device_quiesce() calls are - * not allowed. + * Since all scsi_device_quiesce() and scsi_device_resume() calls + * are serialized it is safe here to check the device state without + * holding the SCSI device state mutex. */ - WARN_ON_ONCE(sdev->quiesced_by && sdev->quiesced_by != current); + if (sdev->sdev_state == SDEV_QUIESCE) + return 0; blk_set_preempt_only(q); @@ -3072,9 +3073,7 @@ scsi_device_quiesce(struct scsi_device *sdev) mutex_lock(&sdev->state_mutex); err = scsi_device_set_state(sdev, SDEV_QUIESCE); - if (err == 0) - sdev->quiesced_by = current; - else + if (err) blk_clear_preempt_only(q); mutex_unlock(&sdev->state_mutex); @@ -3098,8 +3097,6 @@ void scsi_device_resume(struct scsi_device *sdev) * device deleted during suspend) */ mutex_lock(&sdev->state_mutex); - WARN_ON_ONCE(!sdev->quiesced_by); - sdev->quiesced_by = NULL; blk_clear_preempt_only(sdev->request_queue); if (sdev->sdev_state == SDEV_QUIESCE) scsi_device_set_state(sdev, SDEV_RUNNING); diff --git a/include/scsi/scsi_device.h b/include/scsi/scsi_device.h index 202f4d6a4342..ef86c8adc5d5 100644 --- a/include/scsi/scsi_device.h +++ b/include/scsi/scsi_device.h @@ -226,7 +226,6 @@ struct scsi_device { unsigned char access_state; struct mutex state_mutex; enum scsi_device_state sdev_state; - struct task_struct *quiesced_by; unsigned long sdev_data[0]; } __attribute__((aligned(sizeof(unsigned long)))); -- 2.19.1.568.g152ad8e336-goog

6 years, 11 months

1
0
0 0

[PATCH] scsi/sd: Avoid that hibernation triggers a kernel warning

by Bart Van Assche

Although the power management code never calls the system-wide and runtime suspend callbacks concurrently, runtime power state changes can happen while the system is being suspended or resumed. See also the dpm_suspend() and dpm_resume() calls in hibernation_snapshot(). Make sure the sd driver supports this. This patch avoids that the following call trace is reported during system-wide suspend: WARNING: CPU: 0 PID: 701 at drivers/scsi/scsi_lib.c:3047 scsi_device_quiesce+0x4b/0xd0 Workqueue: events_unbound async_run_entry_fn RIP: 0010:scsi_device_quiesce+0x4b/0xd0 Call Trace: scsi_bus_suspend_common+0x71/0xe0 scsi_bus_freeze+0x15/0x20 dpm_run_callback+0x88/0x360 __device_suspend+0x1c4/0x840 async_suspend+0x1f/0xb0 async_run_entry_fn+0x6e/0x2c0 process_one_work+0x4ae/0xa20 worker_thread+0x63/0x5a0 kthread+0x1cf/0x1f0 ret_from_fork+0x24/0x30 Fixes: cd84a62e0078 ("block, scsi: Change the preempt-only flag into a counter") Cc: Lee Duncan <lduncan(a)suse.com> Cc: Hannes Reinecke <hare(a)suse.com> Cc: Luis Chamberlain <mcgrof(a)kernel.org> Cc: Johannes Thumshirn <jthumshirn(a)suse.de> Cc: Christoph Hellwig <hch(a)lst.de> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Dan Williams <dan.j.williams(a)intel.com> Cc: stable(a)vger.kernel.org Signed-off-by: Bart Van Assche <bvanassche(a)acm.org> --- drivers/scsi/scsi_lib.c | 16 +++++----------- include/scsi/scsi_device.h | 1 - 2 files changed, 5 insertions(+), 12 deletions(-) diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c index 62348412ed1b..3106e910e766 100644 --- a/drivers/scsi/scsi_lib.c +++ b/drivers/scsi/scsi_lib.c @@ -3040,13 +3040,11 @@ scsi_device_quiesce(struct scsi_device *sdev) int err; /* - * It is allowed to call scsi_device_quiesce() multiple times from - * the same context but concurrent scsi_device_quiesce() calls are - * not allowed. + * Since all scsi_device_quiesce() and scsi_device_resume() calls + * are serialized it is safe to check the device state without holding + * the SCSI device state mutex. */ - WARN_ON_ONCE(sdev->quiesced_by && sdev->quiesced_by != current); - - if (sdev->quiesced_by == current) + if (sdev->sdev_state == SDEV_QUIESCE) return 0; blk_set_pm_only(q); @@ -3063,9 +3061,7 @@ scsi_device_quiesce(struct scsi_device *sdev) mutex_lock(&sdev->state_mutex); err = scsi_device_set_state(sdev, SDEV_QUIESCE); - if (err == 0) - sdev->quiesced_by = current; - else + if (err) blk_clear_pm_only(q); mutex_unlock(&sdev->state_mutex); @@ -3089,8 +3085,6 @@ void scsi_device_resume(struct scsi_device *sdev) * device deleted during suspend) */ mutex_lock(&sdev->state_mutex); - WARN_ON_ONCE(!sdev->quiesced_by); - sdev->quiesced_by = NULL; blk_clear_pm_only(sdev->request_queue); if (sdev->sdev_state == SDEV_QUIESCE) scsi_device_set_state(sdev, SDEV_RUNNING); diff --git a/include/scsi/scsi_device.h b/include/scsi/scsi_device.h index 202f4d6a4342..ef86c8adc5d5 100644 --- a/include/scsi/scsi_device.h +++ b/include/scsi/scsi_device.h @@ -226,7 +226,6 @@ struct scsi_device { unsigned char access_state; struct mutex state_mutex; enum scsi_device_state sdev_state; - struct task_struct *quiesced_by; unsigned long sdev_data[0]; } __attribute__((aligned(sizeof(unsigned long)))); -- 2.19.1.568.g152ad8e336-goog

6 years, 11 months

1
1
0 0

[PATCH v3] selinux: policydb - fix byte order and alignment issues

by Ondrej Mosnacek

Do the LE conversions before doing the Infiniband-related range checks. The incorrect checks are otherwise causing a failure to load any policy with an ibendportcon rule on BE systems. This can be reproduced by running (on e.g. ppc64): cat >my_module.cil <<EOF (type test_ibendport_t) (roletype object_r test_ibendport_t) (ibendportcon mlx4_0 1 (system_u object_r test_ibendport_t ((s0) (s0)))) EOF semodule -i my_module.cil Also, fix loading/storing the 64-bit subnet prefix for OCON_IBPKEY to use a correctly aligned buffer. Finally, do not use the 'nodebuf' (u32) buffer where 'buf' (__le32) should be used instead. Tested internally on a ppc64 machine with a RHEL 7 kernel with this patch applied. Cc: Daniel Jurgens <danielj(a)mellanox.com> Cc: Eli Cohen <eli(a)mellanox.com> Cc: James Morris <jmorris(a)namei.org> Cc: Doug Ledford <dledford(a)redhat.com> Cc: <stable(a)vger.kernel.org> # 4.13+ Fixes: a806f7a1616f ("selinux: Create policydb version for Infiniband support") Signed-off-by: Ondrej Mosnacek <omosnace(a)redhat.com> --- security/selinux/ss/policydb.c | 41 ++++++++++++++++++++++------------ 1 file changed, 27 insertions(+), 14 deletions(-) Changes in v3: - use separate buffer for the 64-bit subnet_prefix - add comments on the byte ordering of subnet_prefix - deduplicate the le32_to_cpu() calls from checks Changes in v2: - add reproducer to commit message - update e-mail address of James Morris - better Cc also the old SELinux ML diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c index f4eadd3f7350..b9029491869b 100644 --- a/security/selinux/ss/policydb.c +++ b/security/selinux/ss/policydb.c @@ -2108,6 +2108,7 @@ static int ocontext_read(struct policydb *p, struct policydb_compat_info *info, { int i, j, rc; u32 nel, len; + __be64 prefixbuf[1]; __le32 buf[3]; struct ocontext *l, *c; u32 nodebuf[8]; @@ -2218,21 +2219,26 @@ static int ocontext_read(struct policydb *p, struct policydb_compat_info *info, break; } case OCON_IBPKEY: - rc = next_entry(nodebuf, fp, sizeof(u32) * 4); + rc = next_entry(prefixbuf, fp, sizeof(u64)); if (rc) goto out; - c->u.ibpkey.subnet_prefix = be64_to_cpu(*((__be64 *)nodebuf)); + /* we need to have subnet_prefix in CPU order */ + c->u.ibpkey.subnet_prefix = be64_to_cpu(prefixbuf[0]); - if (nodebuf[2] > 0xffff || - nodebuf[3] > 0xffff) { + rc = next_entry(buf, fp, sizeof(u32) * 2); + if (rc) + goto out; + + c->u.ibpkey.low_pkey = le32_to_cpu(buf[0]); + c->u.ibpkey.high_pkey = le32_to_cpu(buf[1]); + + if (c->u.ibpkey.low_pkey > 0xffff || + c->u.ibpkey.high_pkey > 0xffff) { rc = -EINVAL; goto out; } - c->u.ibpkey.low_pkey = le32_to_cpu(nodebuf[2]); - c->u.ibpkey.high_pkey = le32_to_cpu(nodebuf[3]); - rc = context_read_and_validate(&c->context[0], p, fp); @@ -2249,13 +2255,14 @@ static int ocontext_read(struct policydb *p, struct policydb_compat_info *info, if (rc) goto out; - if (buf[1] > 0xff || buf[1] == 0) { + c->u.ibendport.port = le32_to_cpu(buf[1]); + + if (c->u.ibendport.port > 0xff || + c->u.ibendport.port == 0) { rc = -EINVAL; goto out; } - c->u.ibendport.port = le32_to_cpu(buf[1]); - rc = context_read_and_validate(&c->context[0], p, fp); @@ -3105,6 +3112,7 @@ static int ocontext_write(struct policydb *p, struct policydb_compat_info *info, { unsigned int i, j, rc; size_t nel, len; + __be64 prefixbuf[1]; __le32 buf[3]; u32 nodebuf[8]; struct ocontext *c; @@ -3192,12 +3200,17 @@ static int ocontext_write(struct policydb *p, struct policydb_compat_info *info, return rc; break; case OCON_IBPKEY: - *((__be64 *)nodebuf) = cpu_to_be64(c->u.ibpkey.subnet_prefix); + /* subnet_prefix is in CPU order */ + prefixbuf[0] = cpu_to_be64(c->u.ibpkey.subnet_prefix); - nodebuf[2] = cpu_to_le32(c->u.ibpkey.low_pkey); - nodebuf[3] = cpu_to_le32(c->u.ibpkey.high_pkey); + rc = put_entry(prefixbuf, sizeof(u64), 1, fp); + if (rc) + return rc; + + buf[0] = cpu_to_le32(c->u.ibpkey.low_pkey); + buf[1] = cpu_to_le32(c->u.ibpkey.high_pkey); - rc = put_entry(nodebuf, sizeof(u32), 4, fp); + rc = put_entry(buf, sizeof(u32), 2, fp); if (rc) return rc; rc = context_write(p, &c->context[0], fp); -- 2.17.2

6 years, 11 months

3
2
0 0

[PATCH 5/5] Tools: hv: kvp: Fix a warning of buffer overflow with gcc 8.0.1

by kys＠linuxonhyperv.com

From: Dexuan Cui <decui(a)microsoft.com> The patch fixes: hv_kvp_daemon.c: In function 'kvp_set_ip_info': hv_kvp_daemon.c:1305:2: note: 'snprintf' output between 41 and 4136 bytes into a destination of size 4096 Signed-off-by: Dexuan Cui <decui(a)microsoft.com> Cc: K. Y. Srinivasan <kys(a)microsoft.com> Cc: Haiyang Zhang <haiyangz(a)microsoft.com> Cc: Stephen Hemminger <sthemmin(a)microsoft.com> Cc: <Stable(a)vger.kernel.org> Signed-off-by: K. Y. Srinivasan <kys(a)microsoft.com> --- tools/hv/hv_kvp_daemon.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/hv/hv_kvp_daemon.c b/tools/hv/hv_kvp_daemon.c index bbb2a8ef367c..b7c2cf7eaba5 100644 --- a/tools/hv/hv_kvp_daemon.c +++ b/tools/hv/hv_kvp_daemon.c @@ -1176,7 +1176,7 @@ static int kvp_set_ip_info(char *if_name, struct hv_kvp_ipaddr_value *new_val) int error = 0; char if_file[PATH_MAX]; FILE *file; - char cmd[PATH_MAX]; + char cmd[PATH_MAX * 2]; char *mac_addr; /* -- 2.18.0

6 years, 11 months

3
2
0 0

[PATCH 2/2] tracing: Use trace_clock_local() for looping in preemptirq_delay_test.c

by Steven Rostedt

From: "Steven Rostedt (VMware)" <rostedt(a)goodmis.org> The preemptirq_delay_test module is used for the ftrace selftest code that tests the latency tracers. The problem is that it uses ktime for the delay loop, and then checks the tracer to see if the delay loop is caught, but the tracer uses trace_clock_local() which uses various different other clocks to measure the latency. As ktime uses the clock cycles, and the code then converts that to nanoseconds, it causes rounding errors, and the preemptirq latency tests are failing due to being off by 1 (it expects to see a delay of 500000 us, but the delay is only 499999 us). This is happening due to a rounding error in the ktime (which is totally legit). The purpose of the test is to see if it can catch the delay, not to test the accuracy between trace_clock_local() and ktime_get(). Best to use apples to apples, and have the delay loop use the same clock as the latency tracer does. Cc: stable(a)vger.kernel.org Fixes: f96e8577da102 ("lib: Add module for testing preemptoff/irqsoff latency tracers") Acked-by: Joel Fernandes (Google) <joel(a)joelfernandes.org> Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> --- kernel/trace/preemptirq_delay_test.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/kernel/trace/preemptirq_delay_test.c b/kernel/trace/preemptirq_delay_test.c index f704390db9fc..d8765c952fab 100644 --- a/kernel/trace/preemptirq_delay_test.c +++ b/kernel/trace/preemptirq_delay_test.c @@ -5,12 +5,12 @@ * Copyright (C) 2018 Joel Fernandes (Google) <joel(a)joelfernandes.org> */ +#include <linux/trace_clock.h> #include <linux/delay.h> #include <linux/interrupt.h> #include <linux/irq.h> #include <linux/kernel.h> #include <linux/kthread.h> -#include <linux/ktime.h> #include <linux/module.h> #include <linux/printk.h> #include <linux/string.h> @@ -25,13 +25,13 @@ MODULE_PARM_DESC(test_mode, "Mode of the test such as preempt or irq (default ir static void busy_wait(ulong time) { - ktime_t start, end; - start = ktime_get(); + u64 start, end; + start = trace_clock_local(); do { - end = ktime_get(); + end = trace_clock_local(); if (kthread_should_stop()) break; - } while (ktime_to_ns(ktime_sub(end, start)) < (time * 1000)); + } while ((end - start) < (time * 1000)); } static int preemptirq_delay_run(void *data) -- 2.19.0

6 years, 11 months

1
0
0 0

[PATCH 0/4] FS-Cache: Miscellaneous fixes

by David Howells

Attached are another couple of miscellaneous fixes for FS-Cache and CacheFiles: (1) Fix a race between object burial in cachefiles and external rmdir. (2) Fix a race from a split atomic op. (3) Fix incomplete initialisation of cookie key space. (4) Fix out-of-bounds read. The patches are tagged here: git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git fscache-fixes-20181017 and can also be found on the following branch: http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git/log/?h=fs… David --- Al Viro (1): cachefiles: fix the race between cachefiles_bury_object() and rmdir(2) David Howells (1): fscache: Fix incomplete initialisation of inline key space Eric Sandeen (1): fscache: Fix out of bound read in long cookie keys kiran.modukuri (1): fscache: Fix race in fscache_op_complete() due to split atomic_sub & read fs/cachefiles/namei.c | 2 +- fs/fscache/cookie.c | 31 ++++++++++--------------------- fs/fscache/internal.h | 1 - fs/fscache/main.c | 4 +--- include/linux/fscache-cache.h | 4 ++-- 5 files changed, 14 insertions(+), 28 deletions(-)

6 years, 11 months

1
1
0 0

For your photos 25

by Jenny

We provide photoshop services to some of the companies from around the world. Some online stores use our services for retouching portraits, jewelry, apparels, furnitures etc. Here are the details of what we provide: Clipping path Deep etching Image masking Portrait retouching Jewelry retouching Fashion retouching Please reply back for further info. We can provide testing for your photos if needed. Thanks, Jenny

6 years, 11 months

1
0
0 0

[PATCH] drm/i915/gen9+: Fix initial readout for Y tiled framebuffers

by Imre Deak

If BIOS configured a Y tiled FB we failed to set up the backing object tiling accordingly, leading to a lack of GT fence installed and a garbled console. The problem was bisected to commit 011f22eb545a ("drm/i915: Do NOT skip the first 4k of stolen memory for pre-allocated buffers v2") but it just revealed a pre-existing issue. Kudos to Ville who suspected a missing fence looking at the corruption on the screen. Cc: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Cc: Mika Westerberg <mika.westerberg(a)linux.intel.com> Cc: Hans de Goede <hdegoede(a)redhat.com> Cc: ronald(a)innovation.ch Cc: <stable(a)vger.kernel.org> Reported-by: Mika Westerberg <mika.westerberg(a)linux.intel.com> Reported-by: ronald(a)innovation.ch Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=108264 Fixes: bc8d7dffacb1 ("drm/i915/skl: Provide a Skylake version of get_plane_config()") Signed-off-by: Imre Deak <imre.deak(a)intel.com> --- drivers/gpu/drm/i915/intel_display.c | 25 +++++++++++++++++++++++-- 1 file changed, 23 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c index a2e729fa8d64..3d34b98c4634 100644 --- a/drivers/gpu/drm/i915/intel_display.c +++ b/drivers/gpu/drm/i915/intel_display.c @@ -2674,6 +2674,17 @@ intel_alloc_initial_plane_obj(struct intel_crtc *crtc, if (size_aligned * 2 > dev_priv->stolen_usable_size) return false; + switch (fb->modifier) { + case DRM_FORMAT_MOD_LINEAR: + case I915_FORMAT_MOD_X_TILED: + case I915_FORMAT_MOD_Y_TILED: + break; + default: + DRM_DEBUG_DRIVER("Unsupported modifier for initial FB: 0x%llx\n", + fb->modifier); + return false; + } + mutex_lock(&dev->struct_mutex); obj = i915_gem_object_create_stolen_for_preallocated(dev_priv, base_aligned, @@ -2683,8 +2694,17 @@ intel_alloc_initial_plane_obj(struct intel_crtc *crtc, if (!obj) return false; - if (plane_config->tiling == I915_TILING_X) - obj->tiling_and_stride = fb->pitches[0] | I915_TILING_X; + switch (plane_config->tiling) { + case I915_TILING_NONE: + break; + case I915_TILING_X: + case I915_TILING_Y: + obj->tiling_and_stride = fb->pitches[0] | plane_config->tiling; + break; + default: + MISSING_CASE(plane_config->tiling); + return false; + } mode_cmd.pixel_format = fb->format->format; mode_cmd.width = fb->width; @@ -8827,6 +8847,7 @@ skylake_get_initial_plane_config(struct intel_crtc *crtc, fb->modifier = I915_FORMAT_MOD_X_TILED; break; case PLANE_CTL_TILED_Y: + plane_config->tiling = I915_TILING_Y; if (val & PLANE_CTL_RENDER_DECOMPRESSION_ENABLE) fb->modifier = I915_FORMAT_MOD_Y_TILED_CCS; else -- 2.13.2

6 years, 11 months

3
2
0 0

[PATCH v2] selinux: fix byte order and alignment issues in policydb.c

by Ondrej Mosnacek

Add missing LE conversions to the Infiniband-related range checks. These were causing a failure to load any policy with an ibendportcon rule on BE systems. This can be reproduced by running: cat >my_module.cil <<EOF (type test_ibendport_t) (roletype object_r test_ibendport_t) (ibendportcon mlx4_0 1 (system_u object_r test_ibendport_t ((s0) (s0)))) EOF semodule -i my_module.cil (On ppc64 it fails with "/sbin/load_policy: Can't load policy: Invalid argument") Also, the temporary buffers are only guaranteed to be aligned for 32-bit access so use (get/put)_unaligned_be64() for 64-bit accesses. Finally, do not use the 'nodebuf' (u32) buffer where 'buf' (__le32) should be used instead. Tested internally on a ppc64 machine with a RHEL 7 kernel with this patch applied. Cc: Daniel Jurgens <danielj(a)mellanox.com> Cc: Eli Cohen <eli(a)mellanox.com> Cc: James Morris <jmorris(a)namei.org> Cc: Doug Ledford <dledford(a)redhat.com> Cc: <stable(a)vger.kernel.org> # 4.13+ Fixes: a806f7a1616f ("selinux: Create policydb version for Infiniband support") Signed-off-by: Ondrej Mosnacek <omosnace(a)redhat.com> --- security/selinux/ss/policydb.c | 28 +++++++++++++++------------- 1 file changed, 15 insertions(+), 13 deletions(-) Changes in v2: - add reproducer to commit message - update e-mail address of James Morris - better Cc also the old SELinux ML diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c index f4eadd3f7350..2b310e8f2923 100644 --- a/security/selinux/ss/policydb.c +++ b/security/selinux/ss/policydb.c @@ -37,6 +37,7 @@ #include <linux/errno.h> #include <linux/audit.h> #include <linux/flex_array.h> +#include <asm/unaligned.h> #include "security.h" #include "policydb.h" @@ -2108,7 +2109,7 @@ static int ocontext_read(struct policydb *p, struct policydb_compat_info *info, { int i, j, rc; u32 nel, len; - __le32 buf[3]; + __le32 buf[4]; struct ocontext *l, *c; u32 nodebuf[8]; @@ -2218,20 +2219,20 @@ static int ocontext_read(struct policydb *p, struct policydb_compat_info *info, break; } case OCON_IBPKEY: - rc = next_entry(nodebuf, fp, sizeof(u32) * 4); + rc = next_entry(buf, fp, sizeof(u32) * 4); if (rc) goto out; - c->u.ibpkey.subnet_prefix = be64_to_cpu(*((__be64 *)nodebuf)); + c->u.ibpkey.subnet_prefix = get_unaligned_be64(buf); - if (nodebuf[2] > 0xffff || - nodebuf[3] > 0xffff) { + if (le32_to_cpu(buf[2]) > 0xffff || + le32_to_cpu(buf[3]) > 0xffff) { rc = -EINVAL; goto out; } - c->u.ibpkey.low_pkey = le32_to_cpu(nodebuf[2]); - c->u.ibpkey.high_pkey = le32_to_cpu(nodebuf[3]); + c->u.ibpkey.low_pkey = le32_to_cpu(buf[2]); + c->u.ibpkey.high_pkey = le32_to_cpu(buf[3]); rc = context_read_and_validate(&c->context[0], p, @@ -2249,7 +2250,8 @@ static int ocontext_read(struct policydb *p, struct policydb_compat_info *info, if (rc) goto out; - if (buf[1] > 0xff || buf[1] == 0) { + if (le32_to_cpu(buf[1]) > 0xff || + le32_to_cpu(buf[1]) == 0) { rc = -EINVAL; goto out; } @@ -3105,7 +3107,7 @@ static int ocontext_write(struct policydb *p, struct policydb_compat_info *info, { unsigned int i, j, rc; size_t nel, len; - __le32 buf[3]; + __le32 buf[4]; u32 nodebuf[8]; struct ocontext *c; for (i = 0; i < info->ocon_num; i++) { @@ -3192,12 +3194,12 @@ static int ocontext_write(struct policydb *p, struct policydb_compat_info *info, return rc; break; case OCON_IBPKEY: - *((__be64 *)nodebuf) = cpu_to_be64(c->u.ibpkey.subnet_prefix); + put_unaligned_be64(c->u.ibpkey.subnet_prefix, buf); - nodebuf[2] = cpu_to_le32(c->u.ibpkey.low_pkey); - nodebuf[3] = cpu_to_le32(c->u.ibpkey.high_pkey); + buf[2] = cpu_to_le32(c->u.ibpkey.low_pkey); + buf[3] = cpu_to_le32(c->u.ibpkey.high_pkey); - rc = put_entry(nodebuf, sizeof(u32), 4, fp); + rc = put_entry(buf, sizeof(u32), 4, fp); if (rc) return rc; rc = context_write(p, &c->context[0], fp); -- 2.17.2

6 years, 11 months

2
3
0 0

[PATCH v2] drm/atomic_helper: Stop modesets on unregistered connectors harder

by Lyude Paul

Unfortunately, it appears our fix in: commit b5d29843d8ef ("drm/atomic_helper: Allow DPMS On<->Off changes for unregistered connectors") Which attempted to work around the problems introduced by: commit 4d80273976bf ("drm/atomic_helper: Disallow new modesets on unregistered connectors") Is still not the right solution, as modesets can still be triggered outside of drm_atomic_set_crtc_for_connector(). So in order to fix this, while still being careful that we don't break modesets that a driver may perform before being registered with userspace, we replace connector->registered with a tristate member, connector->registration_state. This allows us to keep track of whether or not a connector is still initializing and hasn't been exposed to userspace, is currently registered and exposed to userspace, or has been legitimately removed from the system after having once been present. Using this info, we can prevent userspace from performing new modesets on unregistered connectors while still allowing the driver to perform modesets on unregistered connectors before the driver has finished being registered. Changes since v1: - Fix WARN_ON() in drm_connector_cleanup() that CI caught with this patchset in igt@drv_module_reload@basic-reload-inject and igt@drv_module_reload@basic-reload by checking if the connector is registered instead of unregistered, as calling drm_connector_cleanup() on a connector that hasn't been registered with userspace yet should stay valid. - Remove unregistered_connector_check(), and just go back to what we were doing before in commit 4d80273976bf ("drm/atomic_helper: Disallow new modesets on unregistered connectors") except replacing READ_ONCE(connector->registered) with drm_connector_is_unregistered(). This gets rid of the behavior of allowing DPMS On<->Off, but that should be fine as it's more consistent with the UAPI we had before - danvet - s/drm_connector_unregistered/drm_connector_is_unregistered/ - danvet - Update documentation, fix some typos. Fixes: b5d29843d8ef ("drm/atomic_helper: Allow DPMS On<->Off changes for unregistered connectors") Cc: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Cc: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Cc: stable(a)vger.kernel.org Cc: David Airlie <airlied(a)linux.ie> Signed-off-by: Lyude Paul <lyude(a)redhat.com> --- drivers/gpu/drm/drm_atomic_helper.c | 21 ++++++++- drivers/gpu/drm/drm_atomic_uapi.c | 21 --------- drivers/gpu/drm/drm_connector.c | 11 +++-- drivers/gpu/drm/i915/intel_dp_mst.c | 8 ++-- include/drm/drm_connector.h | 71 ++++++++++++++++++++++++++++- 5 files changed, 99 insertions(+), 33 deletions(-) diff --git a/drivers/gpu/drm/drm_atomic_helper.c b/drivers/gpu/drm/drm_atomic_helper.c index 6f66777dca4b..ee6b2987a3c7 100644 --- a/drivers/gpu/drm/drm_atomic_helper.c +++ b/drivers/gpu/drm/drm_atomic_helper.c @@ -319,6 +319,26 @@ update_connector_routing(struct drm_atomic_state *state, return 0; } + crtc_state = drm_atomic_get_new_crtc_state(state, + new_connector_state->crtc); + /* + * For compatibility with legacy users, we want to make sure that + * we allow DPMS On->Off modesets on unregistered connectors. Modesets + * which would result in anything else must be considered invalid, to + * avoid turning on new displays on dead connectors. + * + * Since the connector can be unregistered at any point during an + * atomic check or commit, this is racy. But that's OK: all we care + * about is ensuring that userspace can't do anything but shut off the + * display on a connector that was destroyed after its been notified, + * not before. + */ + if (drm_connector_is_unregistered(connector) && crtc_state->active) { + DRM_DEBUG_ATOMIC("[CONNECTOR:%d:%s] is not registered\n", + connector->base.id, connector->name); + return -EINVAL; + } + funcs = connector->helper_private; if (funcs->atomic_best_encoder) @@ -363,7 +383,6 @@ update_connector_routing(struct drm_atomic_state *state, set_best_encoder(state, new_connector_state, new_encoder); - crtc_state = drm_atomic_get_new_crtc_state(state, new_connector_state->crtc); crtc_state->connectors_changed = true; DRM_DEBUG_ATOMIC("[CONNECTOR:%d:%s] using [ENCODER:%d:%s] on [CRTC:%d:%s]\n", diff --git a/drivers/gpu/drm/drm_atomic_uapi.c b/drivers/gpu/drm/drm_atomic_uapi.c index a22d6f269b07..d5b7f315098c 100644 --- a/drivers/gpu/drm/drm_atomic_uapi.c +++ b/drivers/gpu/drm/drm_atomic_uapi.c @@ -299,27 +299,6 @@ drm_atomic_set_crtc_for_connector(struct drm_connector_state *conn_state, struct drm_connector *connector = conn_state->connector; struct drm_crtc_state *crtc_state; - /* - * For compatibility with legacy users, we want to make sure that - * we allow DPMS On<->Off modesets on unregistered connectors, since - * legacy modesetting users will not be expecting these to fail. We do - * not however, want to allow legacy users to assign a connector - * that's been unregistered from sysfs to another CRTC, since doing - * this with a now non-existent connector could potentially leave us - * in an invalid state. - * - * Since the connector can be unregistered at any point during an - * atomic check or commit, this is racy. But that's OK: all we care - * about is ensuring that userspace can't use this connector for new - * configurations after it's been notified that the connector is no - * longer present. - */ - if (!READ_ONCE(connector->registered) && crtc) { - DRM_DEBUG_ATOMIC("[CONNECTOR:%d:%s] is not registered\n", - connector->base.id, connector->name); - return -EINVAL; - } - if (conn_state->crtc == crtc) return 0; diff --git a/drivers/gpu/drm/drm_connector.c b/drivers/gpu/drm/drm_connector.c index 5d01414ec9f7..891f9458d29e 100644 --- a/drivers/gpu/drm/drm_connector.c +++ b/drivers/gpu/drm/drm_connector.c @@ -396,7 +396,8 @@ void drm_connector_cleanup(struct drm_connector *connector) /* The connector should have been removed from userspace long before * it is finally destroyed. */ - if (WARN_ON(connector->registered)) + if (WARN_ON(connector->registration_state == + DRM_CONNECTOR_REGISTERED)) drm_connector_unregister(connector); if (connector->tile_group) { @@ -453,7 +454,7 @@ int drm_connector_register(struct drm_connector *connector) return 0; mutex_lock(&connector->mutex); - if (connector->registered) + if (connector->registration_state != DRM_CONNECTOR_INITIALIZING) goto unlock; ret = drm_sysfs_connector_add(connector); @@ -473,7 +474,7 @@ int drm_connector_register(struct drm_connector *connector) drm_mode_object_register(connector->dev, &connector->base); - connector->registered = true; + connector->registration_state = DRM_CONNECTOR_REGISTERED; goto unlock; err_debugfs: @@ -495,7 +496,7 @@ EXPORT_SYMBOL(drm_connector_register); void drm_connector_unregister(struct drm_connector *connector) { mutex_lock(&connector->mutex); - if (!connector->registered) { + if (connector->registration_state != DRM_CONNECTOR_REGISTERED) { mutex_unlock(&connector->mutex); return; } @@ -506,7 +507,7 @@ void drm_connector_unregister(struct drm_connector *connector) drm_sysfs_connector_remove(connector); drm_debugfs_connector_remove(connector); - connector->registered = false; + connector->registration_state = DRM_CONNECTOR_UNREGISTERED; mutex_unlock(&connector->mutex); } EXPORT_SYMBOL(drm_connector_unregister); diff --git a/drivers/gpu/drm/i915/intel_dp_mst.c b/drivers/gpu/drm/i915/intel_dp_mst.c index b268bdd71bd3..8b71d64ebd9d 100644 --- a/drivers/gpu/drm/i915/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/intel_dp_mst.c @@ -78,7 +78,7 @@ static bool intel_dp_mst_compute_config(struct intel_encoder *encoder, pipe_config->pbn = mst_pbn; /* Zombie connectors can't have VCPI slots */ - if (READ_ONCE(connector->registered)) { + if (!drm_connector_is_unregistered(connector)) { slots = drm_dp_atomic_find_vcpi_slots(state, &intel_dp->mst_mgr, port, @@ -314,7 +314,7 @@ static int intel_dp_mst_get_ddc_modes(struct drm_connector *connector) struct edid *edid; int ret; - if (!READ_ONCE(connector->registered)) + if (drm_connector_is_unregistered(connector)) return intel_connector_update_modes(connector, NULL); edid = drm_dp_mst_get_edid(connector, &intel_dp->mst_mgr, intel_connector->port); @@ -330,7 +330,7 @@ intel_dp_mst_detect(struct drm_connector *connector, bool force) struct intel_connector *intel_connector = to_intel_connector(connector); struct intel_dp *intel_dp = intel_connector->mst_port; - if (!READ_ONCE(connector->registered)) + if (drm_connector_is_unregistered(connector)) return connector_status_disconnected; return drm_dp_mst_detect_port(connector, &intel_dp->mst_mgr, intel_connector->port); @@ -361,7 +361,7 @@ intel_dp_mst_mode_valid(struct drm_connector *connector, int bpp = 24; /* MST uses fixed bpp */ int max_rate, mode_rate, max_lanes, max_link_clock; - if (!READ_ONCE(connector->registered)) + if (drm_connector_is_unregistered(connector)) return MODE_ERROR; if (mode->flags & DRM_MODE_FLAG_DBLSCAN) diff --git a/include/drm/drm_connector.h b/include/drm/drm_connector.h index 5b3cf909fd5e..dd0552cb7472 100644 --- a/include/drm/drm_connector.h +++ b/include/drm/drm_connector.h @@ -82,6 +82,53 @@ enum drm_connector_status { connector_status_unknown = 3, }; +/** + * enum drm_connector_registration_status - userspace registration status for + * a &drm_connector + * + * This enum is used to track the status of initializing a connector and + * registering it with userspace, so that DRM can prevent bogus modesets on + * connectors that no longer exist. + */ +enum drm_connector_registration_state { + /** + * @DRM_CONNECTOR_INITIALIZING: The connector has just been created, + * but has yet to be exposed to userspace. There should be no + * additional restrictions to how the state of this connector may be + * modified. + */ + DRM_CONNECTOR_INITIALIZING = 0, + + /** + * @DRM_CONNECTOR_REGISTERED: The connector has been fully initialized + * and registered with sysfs, as such it has been exposed to + * userspace. There should be no additional restrictions to how the + * state of this connector may be modified. + */ + DRM_CONNECTOR_REGISTERED = 1, + + /** + * @DRM_CONNECTOR_UNREGISTERED: The connector has either been exposed + * to userspace and has since been unregistered and removed from + * userspace, or the connector was unregistered before it had a chance + * to be exposed to userspace (e.g. still in the + * @DRM_CONNECTOR_INITIALIZING state). When a connector is + * unregistered, there are additional restrictions to how its state + * may be modified: + * + * - An unregistered connector may only have its DPMS changed from + * On->Off. Once DPMS is changed to Off, it may not be switched back + * to On. + * - Modesets are not allowed on unregistered connectors, unless they + * would result in disabling its assigned CRTCs. This means + * disabling a CRTC on an unregistered connector is OK, but enabling + * one is not. + * - Removing a CRTC from an unregistered connector is OK, but new + * CRTCs may never be assigned to an unregistered connector. + */ + DRM_CONNECTOR_UNREGISTERED = 2, +}; + enum subpixel_order { SubPixelUnknown = 0, SubPixelHorizontalRGB, @@ -853,10 +900,12 @@ struct drm_connector { bool ycbcr_420_allowed; /** - * @registered: Is this connector exposed (registered) with userspace? + * @registration_state: Is this connector initializing, exposed + * (registered) with userspace, or unregistered? + * * Protected by @mutex. */ - bool registered; + enum drm_connector_registration_state registration_state; /** * @modes: @@ -1167,6 +1216,24 @@ static inline void drm_connector_unreference(struct drm_connector *connector) drm_connector_put(connector); } +/** + * drm_connector_is_unregistered - has the connector been unregistered from + * userspace? + * @connector: DRM connector + * + * Checks whether or not @connector has been unregistered from userspace. + * + * Returns: + * True if the connector was unregistered, false if the connector is + * registered or has not yet been registered with userspace. + */ +static inline bool +drm_connector_is_unregistered(struct drm_connector *connector) +{ + return READ_ONCE(connector->registration_state) == + DRM_CONNECTOR_UNREGISTERED; +} + const char *drm_get_connector_status_name(enum drm_connector_status status); const char *drm_get_subpixel_order_name(enum subpixel_order order); const char *drm_get_dpms_name(int val); -- 2.17.2

6 years, 11 months

2
1
0 0

[PATCH 4/5] Drivers: hv: kvp: Use %u to print U32

by kys＠linuxonhyperv.com

From: Dexuan Cui <decui(a)microsoft.com> I didn't find a real issue. Let's just make it consistent with the next "case REG_U64:" where %llu is used. Signed-off-by: Dexuan Cui <decui(a)microsoft.com> Cc: K. Y. Srinivasan <kys(a)microsoft.com> Cc: Haiyang Zhang <haiyangz(a)microsoft.com> Cc: Stephen Hemminger <sthemmin(a)microsoft.com> Cc: <Stable(a)vger.kernel.org> Signed-off-by: K. Y. Srinivasan <kys(a)microsoft.com> --- drivers/hv/hv_kvp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/hv/hv_kvp.c b/drivers/hv/hv_kvp.c index 9fbb15c62c6c..3b8590ff94ba 100644 --- a/drivers/hv/hv_kvp.c +++ b/drivers/hv/hv_kvp.c @@ -437,7 +437,7 @@ kvp_send_key(struct work_struct *dummy) val32 = in_msg->body.kvp_set.data.value_u32; message->body.kvp_set.data.value_size = sprintf(message->body.kvp_set.data.value, - "%d", val32) + 1; + "%u", val32) + 1; break; case REG_U64: -- 2.18.0

6 years, 11 months

3
2
0 0

[PATCH 3/4] [for linux-4.4.y only] Drivers: hv: kvp: fix IP Failover

by Dexuan Cui

Hyper-V VMs can be replicated to another hosts and there is a feature to set different IP for replicas, it is called 'Failover TCP/IP'. When such guest starts Hyper-V host sends it KVP_OP_SET_IP_INFO message as soon as we finish negotiation procedure. The problem is that it can happen (and it actually happens) before userspace daemon connects and we reply with HV_E_FAIL to the message. As there are no repetitions we fail to set the requested IP. Solve the issue by postponing our reply to the negotiation message till userspace daemon is connected. We can't wait too long as there is a host-side timeout (cca. 75 seconds) and if we fail to reply in this time frame the whole KVP service will become inactive. The solution is not ideal - if it takes userspace daemon more than 60 seconds to connect IP Failover will still fail but I don't see a solution with our current separation between kernel and userspace parts. Other two modules (VSS and FCOPY) don't require such delay, leave them untouched. Signed-off-by: Vitaly Kuznetsov <vkuznets(a)redhat.com> Signed-off-by: K. Y. Srinivasan <kys(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Dexuan Cui <decui(a)microsoft.com> --- This is cherry-picked from the mainline: 4dbfc2e ("Drivers: hv: kvp: fix IP Failover") I added my Signed-off-by as I identified and tested the patches. If this is unnecessary, please feel free to remove it. drivers/hv/hv_kvp.c | 31 +++++++++++++++++++++++++++++++ drivers/hv/hyperv_vmbus.h | 5 +++++ 2 files changed, 36 insertions(+) diff --git a/drivers/hv/hv_kvp.c b/drivers/hv/hv_kvp.c index cd3fb01..ff0a426 100644 --- a/drivers/hv/hv_kvp.c +++ b/drivers/hv/hv_kvp.c @@ -78,9 +78,11 @@ static void kvp_send_key(struct work_struct *dummy); static void kvp_respond_to_host(struct hv_kvp_msg *msg, int error); static void kvp_timeout_func(struct work_struct *dummy); +static void kvp_host_handshake_func(struct work_struct *dummy); static void kvp_register(int); static DECLARE_DELAYED_WORK(kvp_timeout_work, kvp_timeout_func); +static DECLARE_DELAYED_WORK(kvp_host_handshake_work, kvp_host_handshake_func); static DECLARE_WORK(kvp_sendkey_work, kvp_send_key); static const char kvp_devname[] = "vmbus/hv_kvp"; @@ -131,6 +133,11 @@ static void kvp_timeout_func(struct work_struct *dummy) hv_poll_channel(kvp_transaction.recv_channel, kvp_poll_wrapper); } +static void kvp_host_handshake_func(struct work_struct *dummy) +{ + hv_poll_channel(kvp_transaction.recv_channel, hv_kvp_onchannelcallback); +} + static int kvp_handle_handshake(struct hv_kvp_msg *msg) { switch (msg->kvp_hdr.operation) { @@ -155,6 +162,12 @@ static int kvp_handle_handshake(struct hv_kvp_msg *msg) pr_debug("KVP: userspace daemon ver. %d registered\n", KVP_OP_REGISTER); kvp_register(dm_reg_value); + + /* + * If we're still negotiating with the host cancel the timeout + * work to not poll the channel twice. + */ + cancel_delayed_work_sync(&kvp_host_handshake_work); hv_poll_channel(kvp_transaction.recv_channel, kvp_poll_wrapper); return 0; @@ -595,7 +608,22 @@ void hv_kvp_onchannelcallback(void *context) struct icmsg_negotiate *negop = NULL; int util_fw_version; int kvp_srv_version; + static enum {NEGO_NOT_STARTED, + NEGO_IN_PROGRESS, + NEGO_FINISHED} host_negotiatied = NEGO_NOT_STARTED; + if (host_negotiatied == NEGO_NOT_STARTED && + kvp_transaction.state < HVUTIL_READY) { + /* + * If userspace daemon is not connected and host is asking + * us to negotiate we need to delay to not lose messages. + * This is important for Failover IP setting. + */ + host_negotiatied = NEGO_IN_PROGRESS; + schedule_delayed_work(&kvp_host_handshake_work, + HV_UTIL_NEGO_TIMEOUT * HZ); + return; + } if (kvp_transaction.state > HVUTIL_READY) return; @@ -673,6 +701,8 @@ void hv_kvp_onchannelcallback(void *context) vmbus_sendpacket(channel, recv_buffer, recvlen, requestid, VM_PKT_DATA_INBAND, 0); + + host_negotiatied = NEGO_FINISHED; } } @@ -711,6 +741,7 @@ hv_kvp_init(struct hv_util_service *srv) void hv_kvp_deinit(void) { kvp_transaction.state = HVUTIL_DEVICE_DYING; + cancel_delayed_work_sync(&kvp_host_handshake_work); cancel_delayed_work_sync(&kvp_timeout_work); cancel_work_sync(&kvp_sendkey_work); hvutil_transport_destroy(hvt); diff --git a/drivers/hv/hyperv_vmbus.h b/drivers/hv/hyperv_vmbus.h index 75e383e..15e0649 100644 --- a/drivers/hv/hyperv_vmbus.h +++ b/drivers/hv/hyperv_vmbus.h @@ -36,6 +36,11 @@ #define HV_UTIL_TIMEOUT 30 /* + * Timeout for guest-host handshake for services. + */ +#define HV_UTIL_NEGO_TIMEOUT 60 + +/* * The below CPUID leaves are present if VersionAndFeatures.HypervisorPresent * is set by CPUID(HVCPUID_VERSION_FEATURES). */ -- 2.7.4

6 years, 11 months

1
0
0 0

[PATCH 2/4] [for linux-4.4.y only] Drivers: hv: util: Pass the channel information during the init call

by Dexuan Cui

Pass the channel information to the util drivers that need to defer reading the channel while they are processing a request. This would address the following issue reported by Vitaly: Commit 3cace4a61610 ("Drivers: hv: utils: run polling callback always in interrupt context") removed direct *_transaction.state = HVUTIL_READY assignments from *_handle_handshake() functions introducing the following race: if a userspace daemon connects before we get first non-negotiation request from the server hv_poll_channel() won't set transaction state to HVUTIL_READY as (!channel) condition will fail, we set it to non-NULL on the first real request from the server. Signed-off-by: K. Y. Srinivasan <kys(a)microsoft.com> Reported-by: Vitaly Kuznetsov <vkuznets(a)redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Dexuan Cui <decui(a)microsoft.com> --- This is cherry-picked from the mainline: b9830d1 ("Drivers: hv: util: Pass the channel information during the init call") I added my Signed-off-by as I identified and tested the patches. If this is unnecessary, please feel free to remove it. drivers/hv/hv_fcopy.c | 2 +- drivers/hv/hv_kvp.c | 2 +- drivers/hv/hv_snapshot.c | 2 +- drivers/hv/hv_util.c | 1 + include/linux/hyperv.h | 1 + 5 files changed, 5 insertions(+), 3 deletions(-) diff --git a/drivers/hv/hv_fcopy.c b/drivers/hv/hv_fcopy.c index 12dcbd8..2cce48d 100644 --- a/drivers/hv/hv_fcopy.c +++ b/drivers/hv/hv_fcopy.c @@ -256,7 +256,6 @@ void hv_fcopy_onchannelcallback(void *context) */ fcopy_transaction.recv_len = recvlen; - fcopy_transaction.recv_channel = channel; fcopy_transaction.recv_req_id = requestid; fcopy_transaction.fcopy_msg = fcopy_msg; @@ -323,6 +322,7 @@ static void fcopy_on_reset(void) int hv_fcopy_init(struct hv_util_service *srv) { recv_buffer = srv->recv_buffer; + fcopy_transaction.recv_channel = srv->channel; init_completion(&release_event); /* diff --git a/drivers/hv/hv_kvp.c b/drivers/hv/hv_kvp.c index b97ef3e..cd3fb01 100644 --- a/drivers/hv/hv_kvp.c +++ b/drivers/hv/hv_kvp.c @@ -640,7 +640,6 @@ void hv_kvp_onchannelcallback(void *context) */ kvp_transaction.recv_len = recvlen; - kvp_transaction.recv_channel = channel; kvp_transaction.recv_req_id = requestid; kvp_transaction.kvp_msg = kvp_msg; @@ -690,6 +689,7 @@ int hv_kvp_init(struct hv_util_service *srv) { recv_buffer = srv->recv_buffer; + kvp_transaction.recv_channel = srv->channel; init_completion(&release_event); /* diff --git a/drivers/hv/hv_snapshot.c b/drivers/hv/hv_snapshot.c index c5fb249..b0feddb 100644 --- a/drivers/hv/hv_snapshot.c +++ b/drivers/hv/hv_snapshot.c @@ -264,7 +264,6 @@ void hv_vss_onchannelcallback(void *context) */ vss_transaction.recv_len = recvlen; - vss_transaction.recv_channel = channel; vss_transaction.recv_req_id = requestid; vss_transaction.msg = (struct hv_vss_msg *)vss_msg; @@ -340,6 +339,7 @@ hv_vss_init(struct hv_util_service *srv) return -ENOTSUPP; } recv_buffer = srv->recv_buffer; + vss_transaction.recv_channel = srv->channel; /* * When this driver loads, the user level daemon that diff --git a/drivers/hv/hv_util.c b/drivers/hv/hv_util.c index 41f5896..9dc6372 100644 --- a/drivers/hv/hv_util.c +++ b/drivers/hv/hv_util.c @@ -326,6 +326,7 @@ static int util_probe(struct hv_device *dev, srv->recv_buffer = kmalloc(PAGE_SIZE * 4, GFP_KERNEL); if (!srv->recv_buffer) return -ENOMEM; + srv->channel = dev->channel; if (srv->util_init) { ret = srv->util_init(srv); if (ret) { diff --git a/include/linux/hyperv.h b/include/linux/hyperv.h index ae6a711..281bb00 100644 --- a/include/linux/hyperv.h +++ b/include/linux/hyperv.h @@ -1179,6 +1179,7 @@ int vmbus_allocate_mmio(struct resource **new, struct hv_device *device_obj, struct hv_util_service { u8 *recv_buffer; + void *channel; void (*util_cb)(void *); int (*util_init)(struct hv_util_service *); void (*util_deinit)(void); -- 2.7.4

6 years, 11 months

1
0
0 0

[PATCH 1/4] [for linux-4.4.y only] Drivers: hv: utils: Invoke the poll function after handshake

by Dexuan Cui

When the handshake with daemon is complete, we should poll the channel since during the handshake, we will not be processing any messages. This is a potential bug if the host is waiting for a response from the guest. I would like to thank Dexuan for pointing this out. Signed-off-by: K. Y. Srinivasan <kys(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Dexuan Cui <decui(a)microsoft.com> --- This is cherry-picked from the mainline: 2d0c3b5 ("Drivers: hv: utils: Invoke the poll function after handshake") I added my Signed-off-by as I identified and tested the patches. If this is unnecessary, please feel free to remove it. drivers/hv/hv_kvp.c | 2 +- drivers/hv/hv_snapshot.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/hv/hv_kvp.c b/drivers/hv/hv_kvp.c index ce4d3a9..b97ef3e 100644 --- a/drivers/hv/hv_kvp.c +++ b/drivers/hv/hv_kvp.c @@ -155,7 +155,7 @@ static int kvp_handle_handshake(struct hv_kvp_msg *msg) pr_debug("KVP: userspace daemon ver. %d registered\n", KVP_OP_REGISTER); kvp_register(dm_reg_value); - kvp_transaction.state = HVUTIL_READY; + hv_poll_channel(kvp_transaction.recv_channel, kvp_poll_wrapper); return 0; } diff --git a/drivers/hv/hv_snapshot.c b/drivers/hv/hv_snapshot.c index faad79a..c5fb249 100644 --- a/drivers/hv/hv_snapshot.c +++ b/drivers/hv/hv_snapshot.c @@ -114,7 +114,7 @@ static int vss_handle_handshake(struct hv_vss_msg *vss_msg) default: return -EINVAL; } - vss_transaction.state = HVUTIL_READY; + hv_poll_channel(vss_transaction.recv_channel, vss_poll_wrapper); pr_debug("VSS: userspace daemon ver. %d registered\n", dm_reg_value); return 0; } -- 2.7.4

6 years, 11 months

1
0
0 0

[PATCH] [linux-4.4.y only] HV: properly delay KVP packets when negotiation is in progress

by Dexuan Cui

The host may send multiple negotiation packets (due to timeout) before the KVP user-mode daemon is connected. KVP user-mode daemon is connected. We need to defer processing those packets until the daemon is negotiated and connected. It's okay for guest to respond to all negotiation packets. In addition, the host may send multiple staged KVP requests as soon as negotiation is done. We need to properly process those packets using one tasklet for exclusive access to ring buffer. This patch is based on the work of Nick Meier <Nick.Meier(a)microsoft.com>. Signed-off-by: Long Li <longli(a)microsoft.com> Signed-off-by: K. Y. Srinivasan <kys(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> The above is the original changelog of a3ade8cc474d ("HV: properly delay KVP packets when negotiation is in progress" Here I re-worked the original patch because the mainline version can't work for the linux-4.4.y branch, on which channel->callback_event doesn't exist yet. In the mainline, channel->callback_event was added by: 631e63a9f346 ("vmbus: change to per channel tasklet"). Here we don't want to backport it to v4.4, as it requires extra supporting changes and fixes, which are unnecessary as to the KVP bug we're trying to resolve. NOTE: before this patch is used, we should cherry-pick the other related 3 patches from the mainline first: 2d0c3b5 ("Drivers: hv: utils: Invoke the poll function after handshake") b9830d1 ("Drivers: hv: util: Pass the channel information during the init call") 4dbfc2e ("Drivers: hv: kvp: fix IP Failover") And, actually it would better if we can cherry-pick more fixes from the mainline first (the 3 above patches are also included in this 27-patch list): 01 b003596 Drivers: hv: utils: use memdup_user in hvt_op_write 02 2d0c3b5 Drivers: hv: utils: Invoke the poll function after handshake 03 1f75338 Drivers: hv: utils: fix memory leak on on_msg() failure 04 a72f3a4 Drivers: hv: utils: rename outmsg_lock 05 a150256 Drivers: hv: utils: introduce HVUTIL_TRANSPORT_DESTROY mode 06 9420098 Drivers: hv: utils: fix crash when device is removed from host side 07 77b744a Drivers: hv: utils: fix hvt_op_poll() return value on transport destroy 08 b9830d1 Drivers: hv: util: Pass the channel information during the init call 09 e66853b Drivers: hv: utils: Remove util transport handler from list if registration fails 10 4dbfc2e Drivers: hv: kvp: fix IP Failover 11 e0fa3e5 Drivers: hv: utils: fix a race on userspace daemons registration 12 497af84 Drivers: hv: utils: Continue to poll VSS channel after handling requests. 13 db886e4 Drivers: hv: utils: Check VSS daemon is listening before a hot backup 14 abeda47 Drivers: hv: utils: Rename version definitions to reflect protocol version. 15 2e338f7 Drivers: hv: utils: Use TimeSync samples to adjust the clock after boot. 16 8e1d260 Drivers: hv: utils: Support TimeSync version 4.0 protocol samples. 17 3ba1eb1 Drivers: hv: hv_util: Avoid dynamic allocation in time synch 18 3da0401b Drivers: hv: utils: Fix the mapping between host version and protocol to use 19 23d2cc0 Drivers: hv: vss: Improve log messages. 20 b357fd3 Drivers: hv: vss: Operation timeouts should match host expectation 21 1724462 hv_util: switch to using timespec64 22 a165645 Drivers: hv: vmbus: Use all supported IC versions to negotiate 23 1274a69 Drivers: hv: Log the negotiated IC versions. 24 bb6a4db Drivers: hv: util: Fix a typo 25 e9c18ae Drivers: hv: util: move waiting for release to hv_utils_transport itself 26 bdc1dd4 vmbus: fix spelling errors 27 ddce54b Drivers: hv: kvp: Use MAX_ADAPTER_ID_SIZE for translating adapter id This to to say, we're requesting a backport of 4 patches or 28 patches. If 28 patches seem too many, we hope at least the 4 patches can be backported. The patches can be applied cleanly to the latest v4.4 branch (currently it's v4.4.160). The background of this backport request is that: recently Wang Jian reported some KVP issues: https://github.com/LIS/lis-next/issues/593: e.g. the /var/lib/hyperv/.kvp_pool_* files can not be updated, and sometimes if the hv_kvp_daemon doesn't timely start, the host may not be able to query the VM's IP address via KVP. Wang Jian tested the 4 patches and the 28 patches, and the issues can be fixed by the patches. Reported-by: Wang Jian <jianjian.wang1(a)gmail.com> Tested-by: Wang Jian <jianjian.wang1(a)gmail.com> Signed-off-by: Dexuan Cui <decui(a)microsoft.com> --- drivers/hv/hv_kvp.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/drivers/hv/hv_kvp.c b/drivers/hv/hv_kvp.c index f3d3d75ac913e..e4fbc17bbe190 100644 --- a/drivers/hv/hv_kvp.c +++ b/drivers/hv/hv_kvp.c @@ -627,21 +627,22 @@ void hv_kvp_onchannelcallback(void *context) NEGO_IN_PROGRESS, NEGO_FINISHED} host_negotiatied = NEGO_NOT_STARTED; - if (host_negotiatied == NEGO_NOT_STARTED && - kvp_transaction.state < HVUTIL_READY) { + if (kvp_transaction.state < HVUTIL_READY) { /* * If userspace daemon is not connected and host is asking * us to negotiate we need to delay to not lose messages. * This is important for Failover IP setting. */ - host_negotiatied = NEGO_IN_PROGRESS; - schedule_delayed_work(&kvp_host_handshake_work, + if (host_negotiatied == NEGO_NOT_STARTED) { + host_negotiatied = NEGO_IN_PROGRESS; + schedule_delayed_work(&kvp_host_handshake_work, HV_UTIL_NEGO_TIMEOUT * HZ); + } return; } if (kvp_transaction.state > HVUTIL_READY) return; - +recheck: vmbus_recvpacket(channel, recv_buffer, PAGE_SIZE * 4, &recvlen, &requestid); @@ -704,6 +705,8 @@ void hv_kvp_onchannelcallback(void *context) VM_PKT_DATA_INBAND, 0); host_negotiatied = NEGO_FINISHED; + + goto recheck; } }

6 years, 11 months

3
3
0 0

[PATCH 0/7] NULL pointer deref fix for stm32-dma

by Joel Fernandes (Google)

Hi Greg, While looking at android-4.14, I found a NULL pointer deref with stm32-dma driver using Coccicheck errors. I found that upstream had a bunch of patches on stm32-dma that have fixed this and other issues, I applied these patches cleanly onto Android 4.14. I believe these should goto stable and flow into Android 4.14 from there, but I haven't tested this since I have no hardware to do so. Atleast I can say that the coccicheck error below goes away when running: make coccicheck MODE=report ./drivers/dma/stm32-dma.c:567:18-24: ERROR: chan -> desc is NULL but dereferenced. Anyway, please consider this series for 4.14 stable, I have CC'd the author and others, thanks. Pierre Yves MORDRET (7): dmaengine: stm32-dma: threshold manages with bitfield feature dmaengine: stm32-dma: fix incomplete configuration in cyclic mode dmaengine: stm32-dma: fix typo and reported checkpatch warnings dmaengine: stm32-dma: Improve memory burst management dmaengine: stm32-dma: fix DMA IRQ status handling dmaengine: stm32-dma: fix max items per transfer dmaengine: stm32-dma: properly mask irq bits drivers/dma/stm32-dma.c | 287 +++++++++++++++++++++++++++++++++------- 1 file changed, 240 insertions(+), 47 deletions(-) -- 2.19.0.605.g01d371f741-goog

6 years, 11 months

4
10
0 0

[PATCH 3/3] x86/fpu: Save FPU registers on context switch if there is a FPU

by Sebastian Andrzej Siewior

Booting a 486 with "no387 nofxsr" ends with | math_emulate: 0060:c101987d | Kernel panic - not syncing: Math emulation needed in kernel on the first context switch in user land. The reason is that copy_fpregs_to_fpstate() tries `fnsave' which does not work. This happens since commit f1c8cd0176078 ("x86/fpu: Change fpu->fpregs_active users to fpu->fpstate_active"). Add a check for X86_FEATURE_FPU before trying to save FPU registers (we have such a check switch_fpu_finish() already). Fixes: f1c8cd0176078 ("x86/fpu: Change fpu->fpregs_active users to fpu->fpstate_active") Cc: stable(a)vger.kernel.org Signed-off-by: Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> --- arch/x86/include/asm/fpu/internal.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/include/asm/fpu/internal.h b/arch/x86/include/asm/fpu/internal.h index a38bf5a1e37ad..69dcdf195b611 100644 --- a/arch/x86/include/asm/fpu/internal.h +++ b/arch/x86/include/asm/fpu/internal.h @@ -528,7 +528,7 @@ static inline void fpregs_activate(struct fpu *fpu) static inline void switch_fpu_prepare(struct fpu *old_fpu, int cpu) { - if (old_fpu->initialized) { + if (static_cpu_has(X86_FEATURE_FPU) && old_fpu->initialized) { if (!copy_fpregs_to_fpstate(old_fpu)) old_fpu->last_cpu = -1; else -- 2.19.1

6 years, 11 months

2
1
0 0

[PATCH v2] clk: s2mps11: Fix matching when built as module and DT node contains compatible

by Krzysztof Kozlowski

When driver is built as module and DT node contains clocks compatible (e.g. "samsung,s2mps11-clk"), the module will not be autoloaded because module aliases won't match. The modalias from uevent: of:NclocksT<NULL>Csamsung,s2mps11-clk The modalias from driver: platform:s2mps11-clk The devices are instantiated by parent's MFD. However both Device Tree bindings and parent define the compatible for clocks devices. In case of module matching this DT compatible will be used. The issue will not happen if this is a built-in (no need for module matching) or when clocks DT node does not contain compatible (not correct from bindings perspective but working for driver). Note when backporting to stable kernels: adjust the list of device ID entries. Cc: <stable(a)vger.kernel.org> Fixes: 53c31b3437a6 ("mfd: sec-core: Add of_compatible strings for clock MFD cells") Signed-off-by: Krzysztof Kozlowski <krzk(a)kernel.org> Acked-by: Stephen Boyd <sboyd(a)kernel.org> --- Changes since v1: 1. Add Stephen's ack. 2. Minor language changes to comment. Stephen, can you apply it to clk tree? I think you acked it so I could take it... but anyway I cannot combine it with DT changes. --- drivers/clk/clk-s2mps11.c | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/drivers/clk/clk-s2mps11.c b/drivers/clk/clk-s2mps11.c index d44e0eea31ec..0934d3724495 100644 --- a/drivers/clk/clk-s2mps11.c +++ b/drivers/clk/clk-s2mps11.c @@ -245,6 +245,36 @@ static const struct platform_device_id s2mps11_clk_id[] = { }; MODULE_DEVICE_TABLE(platform, s2mps11_clk_id); +#ifdef CONFIG_OF +/* + * Device is instantiated through parent MFD device and device matching is done + * through platform_device_id. + * + * However if device's DT node contains proper clock compatible and driver is + * built as a module, then the *module* matching will be done trough DT aliases. + * This requires of_device_id table. In the same time this will not change the + * actual *device* matching so do not add .of_match_table. + */ +static const struct of_device_id s2mps11_dt_match[] = { + { + .compatible = "samsung,s2mps11-clk", + .data = (void *)S2MPS11X, + }, { + .compatible = "samsung,s2mps13-clk", + .data = (void *)S2MPS13X, + }, { + .compatible = "samsung,s2mps14-clk", + .data = (void *)S2MPS14X, + }, { + .compatible = "samsung,s5m8767-clk", + .data = (void *)S5M8767X, + }, { + /* Sentinel */ + }, +}; +MODULE_DEVICE_TABLE(of, s2mps11_dt_match); +#endif + static struct platform_driver s2mps11_clk_driver = { .driver = { .name = "s2mps11-clk", -- 2.14.1

6 years, 11 months

2
1
0 0

[PATCH] IB/hfi1: Fix destroy_qp hang after a link down

by Michael J. Ruhl

From: Michael J. Ruhl <michael.j.ruhl(a)intel.com> commit b4a4957d3d1c328b733fce783b7264996f866ad2 upstream. rvt_destroy_qp() cannot complete until all in process packets have been released from the underlying hardware. If a link down event occurs, an application can hang with a kernel stack similar to: cat /proc/<app PID>/stack quiesce_qp+0x178/0x250 [hfi1] rvt_reset_qp+0x23d/0x400 [rdmavt] rvt_destroy_qp+0x69/0x210 [rdmavt] ib_destroy_qp+0xba/0x1c0 [ib_core] nvme_rdma_destroy_queue_ib+0x46/0x80 [nvme_rdma] nvme_rdma_free_queue+0x3c/0xd0 [nvme_rdma] nvme_rdma_destroy_io_queues+0x88/0xd0 [nvme_rdma] nvme_rdma_error_recovery_work+0x52/0xf0 [nvme_rdma] process_one_work+0x17a/0x440 worker_thread+0x126/0x3c0 kthread+0xcf/0xe0 ret_from_fork+0x58/0x90 0xffffffffffffffff quiesce_qp() waits until all outstanding packets have been freed. This wait should be momentary. During a link down event, the cleanup handling does not ensure that all packets caught by the link down are flushed properly. This is caused by the fact that the freeze path and the link down event is handled the same. This is not correct. The freeze path waits until the HFI is unfrozen and then restarts PIO. A link down is not a freeze event. The link down path cannot restart the PIO until link is restored. If the PIO path is restarted before the link comes up, the application (QP) using the PIO path will hang (until link is restored). Fix by separating the linkdown path from the freeze path and use the link down path for link down events. Close a race condition sc_disable() by acquiring both the progress and release locks. Close a race condition in sc_stop() by moving the setting of the flag bits under the alloc lock. Fixes: 7724105686e7 ("IB/hfi1: add driver files") Cc: <stable(a)vger.kernel.org> # 4.14.x Reviewed-by: Mike Marciniszyn <mike.marciniszyn(a)intel.com> Signed-off-by: Michael J. Ruhl <michael.j.ruhl(a)intel.com> Signed-off-by: Dennis Dalessandro <dennis.dalessandro(a)intel.com> --- drivers/infiniband/hw/hfi1/chip.c | 7 +++++- drivers/infiniband/hw/hfi1/pio.c | 42 ++++++++++++++++++++++++++++++------- drivers/infiniband/hw/hfi1/pio.h | 2 ++ 3 files changed, 42 insertions(+), 9 deletions(-) diff --git a/drivers/infiniband/hw/hfi1/chip.c b/drivers/infiniband/hw/hfi1/chip.c index 33cf173..f9faacc 100644 --- a/drivers/infiniband/hw/hfi1/chip.c +++ b/drivers/infiniband/hw/hfi1/chip.c @@ -6722,6 +6722,7 @@ void start_freeze_handling(struct hfi1_pportdata *ppd, int flags) struct hfi1_devdata *dd = ppd->dd; struct send_context *sc; int i; + int sc_flags; if (flags & FREEZE_SELF) write_csr(dd, CCE_CTRL, CCE_CTRL_SPC_FREEZE_SMASK); @@ -6732,11 +6733,13 @@ void start_freeze_handling(struct hfi1_pportdata *ppd, int flags) /* notify all SDMA engines that they are going into a freeze */ sdma_freeze_notify(dd, !!(flags & FREEZE_LINK_DOWN)); + sc_flags = SCF_FROZEN | SCF_HALTED | (flags & FREEZE_LINK_DOWN ? + SCF_LINK_DOWN : 0); /* do halt pre-handling on all enabled send contexts */ for (i = 0; i < dd->num_send_contexts; i++) { sc = dd->send_contexts[i].sc; if (sc && (sc->flags & SCF_ENABLED)) - sc_stop(sc, SCF_FROZEN | SCF_HALTED); + sc_stop(sc, sc_flags); } /* Send context are frozen. Notify user space */ @@ -10646,6 +10649,8 @@ int set_link_state(struct hfi1_pportdata *ppd, u32 state) add_rcvctrl(dd, RCV_CTRL_RCV_PORT_ENABLE_SMASK); handle_linkup_change(dd, 1); + pio_kernel_linkup(dd); + ppd->host_link_state = HLS_UP_INIT; break; case HLS_UP_ARMED: diff --git a/drivers/infiniband/hw/hfi1/pio.c b/drivers/infiniband/hw/hfi1/pio.c index a95ac62..44a8940 100644 --- a/drivers/infiniband/hw/hfi1/pio.c +++ b/drivers/infiniband/hw/hfi1/pio.c @@ -937,20 +937,18 @@ void sc_free(struct send_context *sc) void sc_disable(struct send_context *sc) { u64 reg; - unsigned long flags; struct pio_buf *pbuf; if (!sc) return; /* do all steps, even if already disabled */ - spin_lock_irqsave(&sc->alloc_lock, flags); + spin_lock_irq(&sc->alloc_lock); reg = read_kctxt_csr(sc->dd, sc->hw_context, SC(CTRL)); reg &= ~SC(CTRL_CTXT_ENABLE_SMASK); sc->flags &= ~SCF_ENABLED; sc_wait_for_packet_egress(sc, 1); write_kctxt_csr(sc->dd, sc->hw_context, SC(CTRL), reg); - spin_unlock_irqrestore(&sc->alloc_lock, flags); /* * Flush any waiters. Once the context is disabled, @@ -960,7 +958,7 @@ void sc_disable(struct send_context *sc) * proceed with the flush. */ udelay(1); - spin_lock_irqsave(&sc->release_lock, flags); + spin_lock(&sc->release_lock); if (sc->sr) { /* this context has a shadow ring */ while (sc->sr_tail != sc->sr_head) { pbuf = &sc->sr[sc->sr_tail].pbuf; @@ -971,7 +969,8 @@ void sc_disable(struct send_context *sc) sc->sr_tail = 0; } } - spin_unlock_irqrestore(&sc->release_lock, flags); + spin_unlock(&sc->release_lock); + spin_unlock_irq(&sc->alloc_lock); } /* return SendEgressCtxtStatus.PacketOccupancy */ @@ -1194,11 +1193,39 @@ void pio_kernel_unfreeze(struct hfi1_devdata *dd) sc = dd->send_contexts[i].sc; if (!sc || !(sc->flags & SCF_FROZEN) || sc->type == SC_USER) continue; + if (sc->flags & SCF_LINK_DOWN) + continue; sc_enable(sc); /* will clear the sc frozen flag */ } } +/** + * pio_kernel_linkup() - Re-enable send contexts after linkup event + * @dd: valid devive data + * + * When the link goes down, the freeze path is taken. However, a link down + * event is different from a freeze because if the send context is re-enabled + * whowever is sending data will start sending data again, which will hang + * any QP that is sending data. + * + * The freeze path now looks at the type of event that occurs and takes this + * path for link down event. + */ +void pio_kernel_linkup(struct hfi1_devdata *dd) +{ + struct send_context *sc; + int i; + + for (i = 0; i < dd->num_send_contexts; i++) { + sc = dd->send_contexts[i].sc; + if (!sc || !(sc->flags & SCF_LINK_DOWN) || sc->type == SC_USER) + continue; + + sc_enable(sc); /* will clear the sc link down flag */ + } +} + /* * Wait for the SendPioInitCtxt.PioInitInProgress bit to clear. * Returns: @@ -1398,11 +1425,10 @@ void sc_stop(struct send_context *sc, int flag) { unsigned long flags; - /* mark the context */ - sc->flags |= flag; - /* stop buffer allocations */ spin_lock_irqsave(&sc->alloc_lock, flags); + /* mark the context */ + sc->flags |= flag; sc->flags &= ~SCF_ENABLED; spin_unlock_irqrestore(&sc->alloc_lock, flags); wake_up(&sc->halt_wait); diff --git a/drivers/infiniband/hw/hfi1/pio.h b/drivers/infiniband/hw/hfi1/pio.h index 99ca5ed..c7c4e6e 100644 --- a/drivers/infiniband/hw/hfi1/pio.h +++ b/drivers/infiniband/hw/hfi1/pio.h @@ -145,6 +145,7 @@ struct send_context { #define SCF_IN_FREE 0x02 #define SCF_HALTED 0x04 #define SCF_FROZEN 0x08 +#define SCF_LINK_DOWN 0x10 struct send_context_info { struct send_context *sc; /* allocated working context */ @@ -312,6 +313,7 @@ struct pio_buf *sc_buffer_alloc(struct send_context *sc, u32 dw_len, void pio_reset_all(struct hfi1_devdata *dd); void pio_freeze(struct hfi1_devdata *dd); void pio_kernel_unfreeze(struct hfi1_devdata *dd); +void pio_kernel_linkup(struct hfi1_devdata *dd); /* global PIO send control operations */ #define PSC_GLOBAL_ENABLE 0

6 years, 11 months

1
0
0 0

[PATCH 4.14 00/45] 4.14.76-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.14.76 release. There are 45 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat Oct 13 15:24:53 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.76-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.14.76-rc1 Zhi Chen <zhichen(a)codeaurora.org> ath10k: fix scan crash due to incorrect length calculation Jan Stancek <jstancek(a)redhat.com> virtio_balloon: fix increment of vb->num_pfns in fill_balloon() Michael S. Tsirkin <mst(a)redhat.com> virtio_balloon: fix deadlock on OOM Ka-Cheong Poon <ka-cheong.poon(a)oracle.com> rds: rds_ib_recv_alloc_cache() should call alloc_percpu_gfp() instead Richard Weinberger <richard(a)nod.at> ubifs: Check for name being NULL while mounting Cong Wang <xiyou.wangcong(a)gmail.com> ucma: fix a use-after-free in ucma_resolve_ip() Chao Yu <yuchao0(a)huawei.com> f2fs: fix invalid memory access Jiri Olsa <jolsa(a)kernel.org> perf utils: Move is_directory() to path.h Harsh Jain <harsh(a)chelsio.com> crypto: chelsio - Fix memory corruption in DMA Mapped buffers. Vineet Gupta <vgupta(a)synopsys.com> ARC: clone syscall to setp r25 as thread pointer Christophe Leroy <christophe.leroy(a)c-s.fr> powerpc/lib: fix book3s/32 boot failure due to code patching Michael Neuling <mikey(a)neuling.org> powerpc: Avoid code patching freed init sections Christophe Leroy <christophe.leroy(a)c-s.fr> powerpc/lib/code-patching: refactor patch_instruction() James Smart <jsmart2021(a)gmail.com> nvme_fc: fix ctrl create failures racing with workq items Yu Wang <yyuwang(a)codeaurora.org> ath10k: fix kernel panic issue during pci probe Carl Huang <cjhuang(a)codeaurora.org> ath10k: fix use-after-free in ath10k_wmi_cmd_send_nowait Prateek Sood <prsood(a)codeaurora.org> cgroup/cpuset: remove circular dependency deadlock Jiri Olsa <jolsa(a)kernel.org> perf tools: Fix python extension build for gcc 8 Arnaldo Carvalho de Melo <acme(a)redhat.com> perf annotate: Use asprintf when formatting objdump command line Guenter Roeck <linux(a)roeck-us.net> of: unittest: Disable interrupt node tests for old world MAC systems Dmitry Safonov <dima(a)arista.com> tty: Drop tty->count on tty_reopen() failure Romain Izard <romain.izard.pro(a)gmail.com> usb: cdc_acm: Do not leak URB buffers Johan Hovold <johan(a)kernel.org> USB: serial: simple: add Motorola Tetra MTP6550 id Chunfeng Yun <chunfeng.yun(a)mediatek.com> usb: xhci-mtk: resume USB3 roothub first Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Add missing CAS workaround for Intel Sunrise Point xHCI Mike Snitzer <snitzer(a)redhat.com> dm cache: fix resize crash if user doesn't reload cache table Joe Thornber <ejt(a)redhat.com> dm cache metadata: ignore hints array being too small during resize Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM / core: Clear the direct_complete flag on errors Felix Fietkau <nbd(a)nbd.name> mac80211: fix setting IEEE80211_KEY_FLAG_RX_MGMT for AP mode keys Daniel Drake <drake(a)endlessm.com> PCI: Reprogram bridge prefetch registers on resume Andy Lutomirski <luto(a)kernel.org> x86/vdso: Fix vDSO syscall fallback asm constraint regression Andy Lutomirski <luto(a)kernel.org> x86/vdso: Only enable vDSO retpolines when enabled and supported Andy Lutomirski <luto(a)kernel.org> selftests/x86: Add clock_gettime() tests to test_vdso Andy Lutomirski <luto(a)kernel.org> x86/vdso: Fix asm constraints on vDSO syscall fallbacks Jason Ekstrand <jason(a)jlekstrand.net> drm/syncobj: Don't leak fences when WAIT_FOR_SUBMIT is set Rex Zhu <Rex.Zhu(a)amd.com> drm/amdgpu: Fix vce work queue was not cancelled when suspend Jan Beulich <JBeulich(a)suse.com> xen-netback: fix input validation in xenvif_set_hash_mapping() Tomi Valkeinen <tomi.valkeinen(a)ti.com> fbdev/omapfb: fix omapfb_memory_read infoleak Alexandre Belloni <alexandre.belloni(a)bootlin.com> clocksource/drivers/timer-atmel-pit: Properly handle error cases Ilya Dryomov <idryomov(a)gmail.com> blk-mq: I/O and timer unplugs are inverted in blktrace Sean Christopherson <sean.j.christopherson(a)intel.com> KVM: x86: fix L1TF's MMIO GFN calculation Jann Horn <jannh(a)google.com> mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> mm, thp: fix mlocking THP page with migration enabled Mike Kravetz <mike.kravetz(a)oracle.com> mm: migration: fix migration of huge PMD shared pages Reinette Chatre <reinette.chatre(a)intel.com> perf/core: Add sanity check to deal with pinned event failure ------------- Diffstat: Makefile | 4 +- arch/arc/kernel/process.c | 20 +++ arch/powerpc/include/asm/setup.h | 1 + arch/powerpc/lib/code-patching.c | 44 +++--- arch/powerpc/mm/mem.c | 2 + arch/x86/entry/vdso/Makefile | 16 ++- arch/x86/entry/vdso/vclock_gettime.c | 26 ++-- arch/x86/kvm/mmu.c | 24 +++- block/blk-mq.c | 4 +- drivers/base/power/main.c | 5 +- drivers/clocksource/timer-atmel-pit.c | 20 ++- drivers/crypto/chelsio/chcr_algo.c | 41 ++++-- drivers/crypto/chelsio/chcr_crypto.h | 2 + drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_vcn.c | 4 +- drivers/gpu/drm/drm_syncobj.c | 5 + drivers/infiniband/core/ucma.c | 2 + drivers/md/dm-cache-metadata.c | 4 +- drivers/md/dm-cache-target.c | 9 +- drivers/net/wireless/ath/ath10k/debug.c | 12 +- drivers/net/wireless/ath/ath10k/trace.h | 12 +- drivers/net/wireless/ath/ath10k/wmi-tlv.c | 8 +- drivers/net/wireless/ath/ath10k/wmi.c | 2 +- drivers/net/xen-netback/hash.c | 12 +- drivers/nvme/host/fc.c | 4 + drivers/of/unittest.c | 26 ++-- drivers/pci/pci.c | 27 ++-- drivers/tty/tty_io.c | 11 +- drivers/usb/class/cdc-acm.c | 6 + drivers/usb/host/xhci-mtk.c | 4 +- drivers/usb/host/xhci-pci.c | 2 + drivers/usb/serial/usb-serial-simple.c | 3 +- drivers/video/fbdev/omap2/omapfb/omapfb-ioctl.c | 5 +- drivers/virtio/virtio_balloon.c | 23 +++- fs/f2fs/checkpoint.c | 9 +- fs/ubifs/super.c | 3 + include/linux/balloon_compaction.h | 35 ++++- include/linux/hugetlb.h | 14 ++ include/linux/mm.h | 6 + kernel/cgroup/cpuset.c | 53 ++++---- kernel/events/core.c | 6 + mm/balloon_compaction.c | 28 +++- mm/huge_memory.c | 2 +- mm/hugetlb.c | 37 ++++- mm/migrate.c | 3 + mm/rmap.c | 42 +++++- mm/vmstat.c | 3 + net/mac80211/cfg.c | 2 +- net/rds/ib.h | 2 +- net/rds/ib_cm.c | 2 +- net/rds/ib_recv.c | 10 +- tools/perf/builtin-script.c | 14 +- tools/perf/util/annotate.c | 17 ++- tools/perf/util/path.c | 14 ++ tools/perf/util/path.h | 3 + tools/perf/util/setup.py | 2 + tools/testing/selftests/x86/test_vdso.c | 172 ++++++++++++++++++++++++ 57 files changed, 690 insertions(+), 182 deletions(-)

6 years, 11 months

7
53
0 0

Building 4.14 LTS kernel with GCC 8

by Ignat Korchagin

Hello, We were trying to build 4.14 kernel with GCC 8, but perf failed to compile. The upstream tree seems to have necessary commits to support GCC 8, but they were not ported to 4.14 branch. With backporting the following commits we were able to restore perf compilation and compile a working 4.14 kernel with GCC 8.2: 6810158d526e483868e519befff407b91e76b3db: perf annotate: Use asprintf when formatting objdump command b7a313d84e853049062011d78cb04b6decd12f5c: perf tools: Fix python extension build for gcc 8 77f18153c080855e1c3fb520ca31a4e61530121d: perf tools: Fix snprint warnings for gcc 8 06c3f2aa9fc68e7f3fe3d83e7569d2a2801d9f99: perf utils: Move is_directory() to path.h Propose to apply the above commits to 4.14 to be able to compile it with GCC 8 (mostly to properly support CONFIG_RETPOLINE) Commit 6810158d526e483868e519befff407b91e76b3db might need adjustment to cleanly apply on 4.14 branch. Regards, Ignat

6 years, 11 months

3
6
0 0

[GIT PULL] commits for Linux 3.18

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 3.18 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 0d63979c1bc9c85578be4c589768a13dc0a7c5eb: Linux 3.18.124 (2018-10-13 09:09:32 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-3.18-16102018 for you to fetch changes up to 8103cbfd1edd20d4de51defa9d6914e33b043f91: powerpc/tm: Avoid possible userspace r1 corruption on reclaim (2018-10-15 18:02:23 -0400) - ---------------------------------------------------------------- for-greg-3.18-16102018 - ---------------------------------------------------------------- James Cowgill (1): RISC-V: include linux/ftrace.h in asm-prototypes.h Jozef Balga (1): media: af9035: prevent buffer overflow on write Michael Neuling (2): powerpc/tm: Fix userspace r13 corruption powerpc/tm: Avoid possible userspace r1 corruption on reclaim arch/powerpc/kernel/tm.S | 20 +++++++++++++++++--- arch/riscv/include/asm/asm-prototypes.h | 7 +++++++ drivers/media/usb/dvb-usb-v2/af9035.c | 6 ++++-- 3 files changed, 28 insertions(+), 5 deletions(-) create mode 100644 arch/riscv/include/asm/asm-prototypes.h -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlvGFIkACgkQ3qZv95d3 LNz4Kw//VdIsXsVwvtQ3NCLX5PUgxqzP+oJO7JpOP53HpbmkUbpq2tqs4BxIsc5e 4/1HXQjkP4of+y82mLmX6lsH0QMPusrmzWMv5+fcUL3hA2pN9/6a5EVEFdiwCrhy siVoXIEXCFIzw+bKOziSW3Zeggmju0pCjP7dNn2td3Fj+f/vBF9Yd7WUsKSbrWrY 2/U4HRbySBQEtphElk5HjpEJ4zdy6z2OZs+oPXjEjL0akoDo3JSHmYySrZiUj0Gr ZcRqm1aPp0+5AgSTrmxpznSoUlj3Aivc9XuqRo2/wxbasaNVmF7CsYoj9ErUB7YR NKXM7xhgd1zwTr3pW1n/p2Gwf5qTrOt1oOM22hLqOp/KgoUXNGMWrM3nyEAC9cvH ysaVBcj1wDz6Si4wUMyaMrWqNZl/gBRxYQW9UvS7Zi7i+qdAZ1MpdXR9LIKWv1uN f490e1HHuid3qWa2QtRR4LGxIves74uHORUs0xnEsXtoqHy51ozTY9y+6NIfikDQ TDk7+a5JV/9XKRnNTl3flwEmQIkWJ6mpZ1JPM/XeSpmoEFQYAaKJg6DC6V8kgdHM INYbCY8DOqxhdCTN6+qDEkOVwuClpEpWntQF8rxg/W/NdiiXnzCUlOQBmjok8kXW ajgcPZ2n9SzjpbqiXvBPNsXGs5Akt9Vyo6Kyosq+YEY/Jn0HQcM= =j/HW -----END PGP SIGNATURE-----

6 years, 11 months

1
0
0 0

[GIT PULL] commits for Linux 4.4

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.4 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit b001adea66f0e0a7803adfbf9128a2d7969daa4e: Linux 4.4.161 (2018-10-13 09:11:36 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.4-16102018 for you to fetch changes up to 0d850290d80e46758e82d87904cec458113f923e: powerpc/tm: Avoid possible userspace r1 corruption on reclaim (2018-10-15 18:02:16 -0400) - ---------------------------------------------------------------- for-greg-4.4-16102018 - ---------------------------------------------------------------- Andreas Schwab (1): Input: atakbd - fix Atari keymap James Cowgill (1): RISC-V: include linux/ftrace.h in asm-prototypes.h Jozef Balga (1): media: af9035: prevent buffer overflow on write Keerthy (1): clocksource/drivers/ti-32k: Add CLOCK_SOURCE_SUSPEND_NONSTOP flag for non-am43 SoCs Michael Neuling (2): powerpc/tm: Fix userspace r13 corruption powerpc/tm: Avoid possible userspace r1 corruption on reclaim Michael Schmitz (1): Input: atakbd - fix Atari CapsLock behaviour Nathan Chancellor (1): net/mlx4: Use cpumask_available for eq->affinity_mask arch/powerpc/kernel/tm.S | 20 +++++++-- arch/riscv/include/asm/asm-prototypes.h | 7 ++++ drivers/clocksource/timer-ti-32k.c | 3 ++ drivers/input/keyboard/atakbd.c | 74 +++++++++++++-------------------- drivers/media/usb/dvb-usb-v2/af9035.c | 6 ++- drivers/net/ethernet/mellanox/mlx4/eq.c | 3 +- 6 files changed, 61 insertions(+), 52 deletions(-) create mode 100644 arch/riscv/include/asm/asm-prototypes.h -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlvGFIEACgkQ3qZv95d3 LNxv3g//ZDlmu6pfxVo4C+l0pRa+uZvBorGmr+6hHlTYe19kbttuAGykjm+QCCb5 QXvUAft6YJaclXPXWi6NtEEG0TYrEtz7f7GWJyAr9FQ4kHHck2cUZrMq/marpK7i nkFD8ERCqixSV6VWk3PFQGv1oaEJnEi4ygEQXaSwSgVi47GZUS3MxkzUn1T9JAL0 eDR/DhoMOg9IXD8KVlg6yrkOoiSEbUIaYdXoa2JYGalJbAMvsPB4KqOnVe/Ry+/j RAGOzAok3Y8yvpmFSiz/gpkjSL3jQpdlsfvZFZcnnTks3Q6MlHuWt+SNRbRgtmdG VN2ijzyyhdvewj78KIz5V6uewSaw8TauWq6HqLdnTadisA9mvicDuHNkhn8dm54/ irawJcLsVn+KNA6m8fFRgpfRNMP92DvVz25tTbF08QeKGtr/aF/XelPEj2B3YD/R CFE0f5n/vkv6KSs8GSjqvJD8w4vpP1P8TqJwNAdU7yF+aisNWJqaueKdQ8FA8q54 TDPSFUWqqLuDkDyLwfidMJl0R60PhmkVuAFLBqPkIo7m05AFm3Ab71nq7+U45g3C ELw1z/hFSlmj8z9l8VwlxqAdTa/ppKVHnK9eYAnCItpO5G26FNcbpeAZF3lT74XK mzutvuFZznNX6cxxc5fsan5r7c5+oENNMlNlgPplY97mTyUs2/w= =uvan -----END PGP SIGNATURE-----

6 years, 11 months

1
0
0 0

[GIT PULL] commits for Linux 4.9

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.9 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit deb3303f665b31c29210ef4b30b1e69cb06cc397: Linux 4.9.133 (2018-10-13 09:18:59 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.9-16102018 for you to fetch changes up to 088da20301ef9c8cf3a2b3a16945e7675b90e66e: iommu/amd: Return devid as alias for ACPI HID devices (2018-10-15 18:02:10 -0400) - ---------------------------------------------------------------- for-greg-4.9-16102018 - ---------------------------------------------------------------- Alexandru Gheorghe (1): drm: mali-dp: Call drm_crtc_vblank_reset on device init Andreas Schwab (1): Input: atakbd - fix Atari keymap Arindam Nath (1): iommu/amd: Return devid as alias for ACPI HID devices James Cowgill (1): RISC-V: include linux/ftrace.h in asm-prototypes.h Johannes Thumshirn (1): scsi: sd: don't crash the host on invalid commands Jozef Balga (1): media: af9035: prevent buffer overflow on write Kazuya Mizuguchi (1): ravb: do not write 1 to reserved bits Keerthy (1): clocksource/drivers/ti-32k: Add CLOCK_SOURCE_SUSPEND_NONSTOP flag for non-am43 SoCs Laura Abbott (2): scsi: ibmvscsis: Fix a stringop-overflow warning scsi: ibmvscsis: Ensure partition name is properly NUL terminated Marek Lindner (2): batman-adv: fix backbone_gw refcount on queue_work() failure batman-adv: fix hardif_neigh refcount on queue_work() failure Michael Neuling (2): powerpc/tm: Fix userspace r13 corruption powerpc/tm: Avoid possible userspace r1 corruption on reclaim Michael Schmitz (1): Input: atakbd - fix Atari CapsLock behaviour Nathan Chancellor (1): net/mlx4: Use cpumask_available for eq->affinity_mask Sven Eckelmann (6): batman-adv: Fix segfault when writing to throughput_override batman-adv: Fix segfault when writing to sysfs elp_interval batman-adv: Prevent duplicated nc_node entry batman-adv: Prevent duplicated softif_vlan entry batman-adv: Prevent duplicated global TT entry batman-adv: Prevent duplicated tvlv handler arch/powerpc/kernel/tm.S | 20 +++++++-- arch/riscv/include/asm/asm-prototypes.h | 7 +++ drivers/clocksource/timer-ti-32k.c | 3 ++ drivers/gpu/drm/arm/malidp_drv.c | 1 + drivers/input/keyboard/atakbd.c | 74 ++++++++++++-------------------- drivers/iommu/amd_iommu.c | 6 +++ drivers/media/usb/dvb-usb-v2/af9035.c | 6 ++- drivers/net/ethernet/mellanox/mlx4/eq.c | 3 +- drivers/net/ethernet/renesas/ravb.h | 5 +++ drivers/net/ethernet/renesas/ravb_main.c | 11 ++--- drivers/net/ethernet/renesas/ravb_ptp.c | 2 +- drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c | 5 +-- drivers/scsi/sd.c | 3 +- net/batman-adv/bat_v_elp.c | 8 +++- net/batman-adv/bridge_loop_avoidance.c | 10 ++++- net/batman-adv/network-coding.c | 27 ++++++------ net/batman-adv/soft-interface.c | 25 ++++++++--- net/batman-adv/sysfs.c | 30 ++++++++----- net/batman-adv/translation-table.c | 6 ++- net/batman-adv/tvlv.c | 8 +++- 20 files changed, 161 insertions(+), 99 deletions(-) create mode 100644 arch/riscv/include/asm/asm-prototypes.h -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlvGFHoACgkQ3qZv95d3 LNx+DBAAuEHwt9B1fQdY9RCXkJdOzi1nTvuJsw9BbCcM2iyHFpn2Cz4GVe4DLKy0 ochgEkOKoeUEdJe10twylhyL2H+awkq1EcSmz6/Ncnltft9t+y8zg+/t5GD2yrI9 L0wZcI6vs3kIhJXDZah7b/xapcwcLRq+qiM7+HfYuaG0g9TauzphOr9bwwSIkEW5 qWkJMd1iMrvr9ZTcjTTtrrgW9MnOWpewRIGxaLEDoZ+EzRGgw/NBdDb8CJU6vH6G 9Hsd/IWk/ObWSwToauy02g+lNqwKBc3Y+Vb79YKJfY8k1KXjnyVNtXHCkF63dG7J h+zbdd/mII7fA8b99pfdNlFLPxAXpF6jPpXQsb8wvGw/kWeq+s8ek22ly4p9zIDP 9ZQheepIWL5ATDPwNH8dZ7iuJW3JvBRftBuyyJNcCfCC6dXbhtXSFECmKB+xI5vq iwO01ZGw81yX8N3kSnqmtZBgU1mmFYkvUDe38s63P9rDZOdhshm9XHBwBu54KDyA tF81VuxVvEvYRpPO3a6d/fIZEMcGIplDA/97yIHaNvZWWnURJMnDo+OsphqM5h5c Dt2xvi/t0Hc8RKmILCP6jXrOowj+hrUYjV3Sp7Pb9XtrKPvkKiL1cqu3I3GdeG3i OuXnHApabuLSU0RW21D7LZeHkrRKM+Rj2aaJlyT+ln7j/G8fl74= =C4kD -----END PGP SIGNATURE-----

6 years, 11 months

1
0
0 0

[GIT PULL] commits for Linux 4.14

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.14 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 0b46ce3e3423aee80d28d296e1806176cdcec7ad: Linux 4.14.76 (2018-10-13 09:27:30 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.14-16102018 for you to fetch changes up to d4c8a84b095877b071d34320c5abcd3a2fb33094: iommu/amd: Return devid as alias for ACPI HID devices (2018-10-15 18:02:03 -0400) - ---------------------------------------------------------------- for-greg-4.14-16102018 - ---------------------------------------------------------------- Alexander Shishkin (1): intel_th: pci: Add Ice Lake PCH support Alexandru Gheorghe (1): drm: mali-dp: Call drm_crtc_vblank_reset on device init Andreas Schwab (1): Input: atakbd - fix Atari keymap Arindam Nath (1): iommu/amd: Return devid as alias for ACPI HID devices Christian Lamparter (1): net: emac: fix fixed-link setup for the RTL8363SB switch Davide Caratti (1): bnxt_en: don't try to offload VLAN 'modify' action Friedemann Gerold (1): net: aquantia: memory corruption on jumbo frames James Cowgill (1): RISC-V: include linux/ftrace.h in asm-prototypes.h Jisheng Zhang (1): PCI: dwc: Fix scheduling while atomic issues Johannes Thumshirn (1): scsi: sd: don't crash the host on invalid commands Jozef Balga (1): media: af9035: prevent buffer overflow on write Kazuya Mizuguchi (1): ravb: do not write 1 to reserved bits Keerthy (1): clocksource/drivers/ti-32k: Add CLOCK_SOURCE_SUSPEND_NONSTOP flag for non-am43 SoCs Laura Abbott (2): scsi: ibmvscsis: Fix a stringop-overflow warning scsi: ibmvscsis: Ensure partition name is properly NUL terminated Marek Lindner (2): batman-adv: fix backbone_gw refcount on queue_work() failure batman-adv: fix hardif_neigh refcount on queue_work() failure Michael Neuling (2): powerpc/tm: Fix userspace r13 corruption powerpc/tm: Avoid possible userspace r1 corruption on reclaim Michael Schmitz (1): Input: atakbd - fix Atari CapsLock behaviour Nathan Chancellor (1): net/mlx4: Use cpumask_available for eq->affinity_mask Sven Eckelmann (8): batman-adv: Avoid probe ELP information leak batman-adv: Fix segfault when writing to throughput_override batman-adv: Fix segfault when writing to sysfs elp_interval batman-adv: Prevent duplicated gateway_node entry batman-adv: Prevent duplicated nc_node entry batman-adv: Prevent duplicated softif_vlan entry batman-adv: Prevent duplicated global TT entry batman-adv: Prevent duplicated tvlv handler Tao Ren (1): clocksource/drivers/fttmr010: Fix set_next_event handler Wen Xiong (1): scsi: ipr: System hung while dlpar adding primary ipr adapter back arch/powerpc/kernel/tm.S | 20 ++++- arch/riscv/include/asm/asm-prototypes.h | 7 ++ drivers/clocksource/timer-fttmr010.c | 18 ++-- drivers/clocksource/timer-ti-32k.c | 3 + drivers/gpu/drm/arm/malidp_drv.c | 1 + drivers/hwtracing/intel_th/pci.c | 5 ++ drivers/input/keyboard/atakbd.c | 74 ++++++---------- drivers/iommu/amd_iommu.c | 6 ++ drivers/media/usb/dvb-usb-v2/af9035.c | 6 +- drivers/net/ethernet/aquantia/atlantic/aq_ring.c | 32 ++++--- drivers/net/ethernet/broadcom/bnxt/bnxt_tc.c | 20 +++-- drivers/net/ethernet/ibm/emac/core.c | 15 ++-- drivers/net/ethernet/mellanox/mlx4/eq.c | 3 +- drivers/net/ethernet/renesas/ravb.h | 5 ++ drivers/net/ethernet/renesas/ravb_main.c | 11 +-- drivers/net/ethernet/renesas/ravb_ptp.c | 2 +- drivers/pci/dwc/pcie-designware.c | 8 +- drivers/pci/dwc/pcie-designware.h | 3 +- drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c | 5 +- drivers/scsi/ipr.c | 106 +++++++++++++---------- drivers/scsi/ipr.h | 1 + drivers/scsi/sd.c | 3 +- net/batman-adv/bat_v_elp.c | 10 ++- net/batman-adv/bridge_loop_avoidance.c | 10 ++- net/batman-adv/gateway_client.c | 11 ++- net/batman-adv/network-coding.c | 27 +++--- net/batman-adv/soft-interface.c | 25 ++++-- net/batman-adv/sysfs.c | 30 ++++--- net/batman-adv/translation-table.c | 6 +- net/batman-adv/tvlv.c | 8 +- 30 files changed, 296 insertions(+), 185 deletions(-) create mode 100644 arch/riscv/include/asm/asm-prototypes.h -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlvGFHMACgkQ3qZv95d3 LNxd3w//el01UZYBcr5IwNl+TCESFIpZu0fKopnSqBcKA5o7I6saYNrWBV3bgoTx Ob+XSfKe0FtXFsvXVveLCyEa/ctAz3wj+6D00kV1x6fbIknAg8GjKogu0rpZgXEG 5acEKpw/zutWSGJcZ166gN0sPH8TZDZJDj3qAXLiSmu0CHAJlTooD+tQd6gtKhrG 8pL7HUoJXIK1PVvghaLhiJh01m7iPAjA5rS1M359dWlNwpgCdOfeAjWThy+3QUaM DEs35AvRFPq+kzGRsJyy++NCp2rqgctorhh1O0FUO8tqBN59poMyPXImjtj/NwJG pRqFaohwjDpIaKjWUiP63dVglrlxshI9uSebVGZwEOJm4tq9nkQtzKtaLYirjiIe nOHPuIYG9u8en9MIImw0m3vmfViHAxATh9/dEZuk4rYyTjVMrNC2d9RPbnpARITH PGHsgysAgFt95f3YQbe7ZnCiojS82sc9+Nn6fi9RXzF3q9k9SyIQ4JF1+fjF45LV Uz5EK08tDS2LcvqdqYeR3Ws5nlhGZVVO7q0ec4b0TBZZ4IxWME6jLGQT6g8UTmwG UV4gVL8/kZ2UlqClk/rYoelYYFo5fL8ntImbGvr+BckRSYcV2+DsQ1t3sHM04fVL kkYMASseaPyGC/c+Xfdcod05lzKdwx0uBdFxb+Wce3qSuefei04= =aLi0 -----END PGP SIGNATURE-----

6 years, 11 months

1
0
0 0

Backports that remove FPU lazy-mode deadcode (4.4)

by Daniel Sangorrin

Hello Greg, This series contains patches that complete the removal of FPU lazy-mode code, documentation and comments for kernel 4.4.y. The patches are mostly cleanups and they can be useful to backport future patches if more bugs on the FPU code are found. [PATCH v4 4.4 1/4] KVM: x86: remove eager_fpu field of struct [PATCH v4 4.4 2/4] x86/fpu: Remove use_eager_fpu() [PATCH v4 4.4 3/4] x86/fpu: Remove struct fpu::counter [PATCH v4 4.4 4/4] x86/fpu: Finish excising 'eagerfpu' Diffstat: Documentation/kernel-parameters.txt | 5 ----- arch/x86/crypto/crc32c-intel_glue.c | 17 ++++------------- arch/x86/include/asm/cpufeatures.h | 1 - arch/x86/include/asm/fpu/internal.h | 37 +------------------------------------ arch/x86/include/asm/fpu/types.h | 34 ---------------------------------- arch/x86/include/asm/kvm_host.h | 1 - arch/x86/kernel/fpu/core.c | 41 +++++------------------------------------ arch/x86/kernel/fpu/signal.c | 8 +++----- arch/x86/kvm/cpuid.c | 5 +---- arch/x86/kvm/x86.c | 10 ---------- 10 files changed, 14 insertions(+), 145 deletions(-) Thanks, Daniel

6 years, 11 months

2
5
0 0

[PATCH stable 4.9 v2 00/29] backport of IP fragmentation fixes

by Florian Fainelli

This is based on Stephen's v4.14 patches, with the necessary merge conflicts, and the lack of timer_setup() on the 4.9 baseline. Perf results on a gigabit capable system, before and after are below. Series can also be found here: https://github.com/ffainelli/linux/commits/fragment-stack-v4.9-v2 Changes in v2: - drop "net: sk_buff rbnode reorg" - added original "ip: use rb trees for IP frag queue." commit Before patches: PerfTop: 180 irqs/sec kernel:78.9% exact: 0.0% [4000Hz cycles:ppp], (all, 4 CPUs) ------------------------------------------------------------------------------- 34.81% [kernel] [k] ip_defrag 4.57% [kernel] [k] arch_cpu_idle 2.09% [kernel] [k] fib_table_lookup 1.74% [kernel] [k] finish_task_switch 1.57% [kernel] [k] v7_dma_inv_range 1.47% [kernel] [k] __netif_receive_skb_core 1.06% [kernel] [k] __slab_free 1.04% [kernel] [k] __netdev_alloc_skb 0.99% [kernel] [k] ip_route_input_noref 0.96% [kernel] [k] dev_gro_receive 0.96% [kernel] [k] tick_nohz_idle_enter 0.93% [kernel] [k] bcm_sysport_poll 0.92% [kernel] [k] skb_release_data 0.91% [kernel] [k] __memzero 0.90% [kernel] [k] __free_page_frag 0.87% [kernel] [k] ip_rcv 0.77% [kernel] [k] eth_type_trans 0.71% [kernel] [k] _raw_spin_unlock_irqrestore 0.68% [kernel] [k] tick_nohz_idle_exit 0.65% [kernel] [k] bcm_sysport_rx_refill After patches: PerfTop: 214 irqs/sec kernel:80.4% exact: 0.0% [4000Hz cycles:ppp], (all, 4 CPUs) ------------------------------------------------------------------------------- 6.61% [kernel] [k] arch_cpu_idle 3.77% [kernel] [k] ip_defrag 3.65% [kernel] [k] v7_dma_inv_range 3.18% [kernel] [k] fib_table_lookup 3.04% [kernel] [k] __netif_receive_skb_core 2.31% [kernel] [k] finish_task_switch 2.31% [kernel] [k] _raw_spin_unlock_irqrestore 1.65% [kernel] [k] bcm_sysport_poll 1.63% [kernel] [k] ip_route_input_noref 1.63% [kernel] [k] __memzero 1.58% [kernel] [k] __netdev_alloc_skb 1.47% [kernel] [k] tick_nohz_idle_enter 1.40% [kernel] [k] __slab_free 1.32% [kernel] [k] ip_rcv 1.32% [kernel] [k] __softirqentry_text_start 1.30% [kernel] [k] dev_gro_receive 1.23% [kernel] [k] bcm_sysport_rx_refill 1.11% [kernel] [k] tick_nohz_idle_exit 1.06% [kernel] [k] memcmp 1.02% [kernel] [k] dma_cache_maint_page Dan Carpenter (1): ipv4: frags: precedence bug in ip_expire() Eric Dumazet (21): inet: frags: change inet_frags_init_net() return value inet: frags: add a pointer to struct netns_frags inet: frags: refactor ipfrag_init() inet: frags: refactor ipv6_frag_init() inet: frags: refactor lowpan_net_frag_init() ipv6: export ip6 fragments sysctl to unprivileged users rhashtable: add schedule points inet: frags: use rhashtables for reassembly units inet: frags: remove some helpers inet: frags: get rif of inet_frag_evicting() inet: frags: remove inet_frag_maybe_warn_overflow() inet: frags: break the 2GB limit for frags storage inet: frags: do not clone skb in ip_expire() ipv6: frags: rewrite ip6_expire_frag_queue() rhashtable: reorganize struct rhashtable layout inet: frags: reorganize struct netns_frags inet: frags: get rid of ipfrag_skb_cb/FRAG_CB inet: frags: fix ip6frag_low_thresh boundary net: speed up skb_rbtree_purge() net: pskb_trim_rcsum() and CHECKSUM_COMPLETE are friends net: add rb_to_skb() and other rb tree helpers Florian Westphal (1): ipv6: defrag: drop non-last frags smaller than min mtu Peter Oskolkov (5): ip: discard IPv4 datagrams with overlapping segments. net: modify skb_rbtree_purge to return the truesize of all purged skbs. ip: use rb trees for IP frag queue. ip: add helpers to process in-order fragments faster. ip: process in-order fragments efficiently Taehee Yoo (1): ip: frags: fix crash in ip_do_fragment() Documentation/networking/ip-sysctl.txt | 13 +- include/linux/rhashtable.h | 4 +- include/linux/skbuff.h | 34 +- include/net/inet_frag.h | 133 +++--- include/net/ip.h | 1 - include/net/ipv6.h | 26 +- include/uapi/linux/snmp.h | 1 + lib/rhashtable.c | 5 +- net/core/skbuff.c | 31 +- net/ieee802154/6lowpan/6lowpan_i.h | 26 +- net/ieee802154/6lowpan/reassembly.c | 148 +++--- net/ipv4/inet_fragment.c | 379 ++++------------ net/ipv4/ip_fragment.c | 573 +++++++++++++----------- net/ipv4/proc.c | 7 +- net/ipv4/tcp_input.c | 33 +- net/ipv6/netfilter/nf_conntrack_reasm.c | 100 ++--- net/ipv6/proc.c | 5 +- net/ipv6/reassembly.c | 212 ++++----- 18 files changed, 774 insertions(+), 957 deletions(-) -- 2.17.1

6 years, 11 months

3
32
0 0

[PATCH 4.14 00/24] V4.14 backport of 32-bit arm spectre patches

by David Long

From: "David A. Long" <dave.long(a)linaro.org> V4.14 backport of spectre patches from Russell M. King's spectre branch. Patches not yet in upstream are excluded. Marc Zyngier (2): ARM: KVM: invalidate BTB on guest exit for Cortex-A12/A17 ARM: KVM: invalidate icache on guest exit for Cortex-A15 Russell King (22): ARM: add more CPU part numbers for Cortex and Brahma B15 CPUs ARM: bugs: prepare processor bug infrastructure ARM: bugs: hook processor bug checking into SMP and suspend paths ARM: bugs: add support for per-processor bug checking ARM: spectre: add Kconfig symbol for CPUs vulnerable to Spectre ARM: spectre-v2: harden branch predictor on context switches ARM: spectre-v2: add Cortex A8 and A15 validation of the IBE bit ARM: spectre-v2: harden user aborts in kernel space ARM: spectre-v2: add firmware based hardening ARM: spectre-v2: warn about incorrect context switching functions ARM: spectre-v2: KVM: invalidate icache on guest exit for Brahma B15 ARM: KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling ARM: KVM: report support for SMCCC_ARCH_WORKAROUND_1 ARM: spectre-v1: add speculation barrier (csdb) macros ARM: spectre-v1: add array_index_mask_nospec() implementation ARM: spectre-v1: fix syscall entry ARM: signal: copy registers using __copy_from_user() ARM: vfp: use __copy_from_user() when restoring VFP state ARM: oabi-compat: copy semops using __copy_from_user() ARM: use __inttype() in get_user() ARM: spectre-v1: use get_user() for __get_user() ARM: spectre-v1: mitigate user accesses arch/arm/include/asm/assembler.h | 12 +++ arch/arm/include/asm/barrier.h | 32 +++++++ arch/arm/include/asm/bugs.h | 6 +- arch/arm/include/asm/cp15.h | 3 + arch/arm/include/asm/cputype.h | 8 ++ arch/arm/include/asm/kvm_asm.h | 2 - arch/arm/include/asm/kvm_host.h | 14 ++- arch/arm/include/asm/kvm_mmu.h | 23 ++++- arch/arm/include/asm/proc-fns.h | 4 + arch/arm/include/asm/system_misc.h | 15 ++++ arch/arm/include/asm/thread_info.h | 4 +- arch/arm/include/asm/uaccess.h | 26 ++++-- arch/arm/kernel/Makefile | 1 + arch/arm/kernel/bugs.c | 18 ++++ arch/arm/kernel/entry-common.S | 18 ++-- arch/arm/kernel/entry-header.S | 25 ++++++ arch/arm/kernel/signal.c | 58 ++++++------- arch/arm/kernel/smp.c | 4 + arch/arm/kernel/suspend.c | 2 + arch/arm/kernel/sys_oabi-compat.c | 8 +- arch/arm/kvm/hyp/hyp-entry.S | 112 +++++++++++++++++++++++- arch/arm/lib/copy_from_user.S | 9 ++ arch/arm/mm/Kconfig | 23 +++++ arch/arm/mm/Makefile | 2 +- arch/arm/mm/fault.c | 3 + arch/arm/mm/proc-macros.S | 3 +- arch/arm/mm/proc-v7-2level.S | 6 -- arch/arm/mm/proc-v7-bugs.c | 174 +++++++++++++++++++++++++++++++++++++ arch/arm/mm/proc-v7.S | 154 +++++++++++++++++++++++++------- arch/arm/vfp/vfpmodule.c | 17 ++-- 30 files changed, 674 insertions(+), 112 deletions(-) create mode 100644 arch/arm/kernel/bugs.c create mode 100644 arch/arm/mm/proc-v7-bugs.c -- 2.5.0

6 years, 11 months

2
25
0 0

[PATCH] ACPICA: Fix dispatcher timeout mechanism

by Bart Van Assche

This patch avoids that the following warning is reported during hibernation: WARNING: CPU: 0 PID: 612 at kernel/time/timekeeping.c:751 ktime_get+0x116/0x120 RIP: 0010:ktime_get+0x116/0x120 Call Trace: acpi_os_get_timer+0xe/0x30 acpi_ds_exec_begin_control_op+0x175/0x1de acpi_ds_exec_begin_op+0x2c7/0x39a acpi_ps_create_op+0x573/0x5e4 acpi_ps_parse_loop+0x349/0x1220 acpi_ps_parse_aml+0x25b/0x6da acpi_ps_execute_method+0x327/0x41b acpi_ns_evaluate+0x4e9/0x6f5 acpi_ut_evaluate_object+0xd9/0x2f2 acpi_rs_get_method_data+0x8f/0x114 acpi_walk_resources+0x122/0x1b6 acpi_pci_link_get_current.isra.2+0x157/0x280 acpi_pci_link_set+0x32f/0x4a0 irqrouter_resume+0x58/0x80 syscore_resume+0x84/0x380 hibernation_snapshot+0x20c/0x4f0 hibernate+0x22d/0x3a6 state_store+0x99/0xa0 kobj_attr_store+0x37/0x50 sysfs_kf_write+0x87/0xa0 kernfs_fop_write+0x1a5/0x240 __vfs_write+0xd2/0x410 vfs_write+0x101/0x250 ksys_write+0xab/0x120 __x64_sys_write+0x43/0x50 do_syscall_64+0x71/0x220 entry_SYSCALL_64_after_hwframe+0x49/0xbe Reported-by: Fengguang Wu <fengguang.wu(a)intel.com> Fixes: 164a08cee135 ("ACPICA: Dispatcher: Introduce timeout mechanism for infinite loop detection") References: https://lists.01.org/pipermail/lkp/2018-April/008406.html Signed-off-by: Bart Van Assche <bvanassche(a)acm.org> Cc: Rafael J. Wysocki <rjw(a)rjwysocki.net> Cc: Len Brown <lenb(a)kernel.org> Cc: Fengguang Wu <fengguang.wu(a)intel.com> Cc: linux-acpi(a)vger.kernel.org Cc: stable(a)vger.kernel.org --- drivers/acpi/acpica/aclocal.h | 2 +- drivers/acpi/acpica/dscontrol.c | 9 ++++----- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/drivers/acpi/acpica/aclocal.h b/drivers/acpi/acpica/aclocal.h index 0f28a38a43ea..7b093bcbaef5 100644 --- a/drivers/acpi/acpica/aclocal.h +++ b/drivers/acpi/acpica/aclocal.h @@ -588,7 +588,7 @@ struct acpi_control_state { union acpi_parse_object *predicate_op; u8 *aml_predicate_start; /* Start of if/while predicate */ u8 *package_end; /* End of if/while block */ - u64 loop_timeout; /* While() loop timeout */ + unsigned long loop_timeout; /* While() loop timeout */ }; /* diff --git a/drivers/acpi/acpica/dscontrol.c b/drivers/acpi/acpica/dscontrol.c index 0da96268deb5..9dbea4549484 100644 --- a/drivers/acpi/acpica/dscontrol.c +++ b/drivers/acpi/acpica/dscontrol.c @@ -84,8 +84,8 @@ acpi_ds_exec_begin_control_op(struct acpi_walk_state *walk_state, control_state->control.package_end = walk_state->parser_state.pkg_end; control_state->control.opcode = op->common.aml_opcode; - control_state->control.loop_timeout = acpi_os_get_timer() + - (u64)(acpi_gbl_max_loop_iterations * ACPI_100NSEC_PER_SEC); + control_state->control.loop_timeout = jiffies + + acpi_gbl_max_loop_iterations * HZ; /* Push the control state on this walk's control stack */ @@ -179,9 +179,8 @@ acpi_ds_exec_end_control_op(struct acpi_walk_state *walk_state, * written AML when the hardware does not respond within a while * loop and the loop does not implement a timeout. */ - if (ACPI_TIME_AFTER(acpi_os_get_timer(), - control_state->control. - loop_timeout)) { + if (time_after(jiffies, + control_state->control.loop_timeout)) { status = AE_AML_LOOP_TIMEOUT; break; } -- 2.19.1.331.ge82ca0e54c-goog

6 years, 11 months

3
4
0 0

FAILED: patch "[PATCH] mm: treat indirectly reclaimable memory as free in overcommit" failed to apply to 4.16-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.16-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From d79f7aa496fc94d763f67b833a1f36f4c171176f Mon Sep 17 00:00:00 2001 From: Roman Gushchin <guro(a)fb.com> Date: Tue, 10 Apr 2018 16:27:47 -0700 Subject: [PATCH] mm: treat indirectly reclaimable memory as free in overcommit logic Indirectly reclaimable memory can consume a significant part of total memory and it's actually reclaimable (it will be released under actual memory pressure). So, the overcommit logic should treat it as free. Otherwise, it's possible to cause random system-wide memory allocation failures by consuming a significant amount of memory by indirectly reclaimable memory, e.g. dentry external names. If overcommit policy GUESS is used, it might be used for denial of service attack under some conditions. The following program illustrates the approach. It causes the kernel to allocate an unreclaimable kmalloc-256 chunk for each stat() call, so that at some point the overcommit logic may start blocking large allocation system-wide. int main() { char buf[256]; unsigned long i; struct stat statbuf; buf[0] = '/'; for (i = 1; i < sizeof(buf); i++) buf[i] = '_'; for (i = 0; 1; i++) { sprintf(&buf[248], "%8lu", i); stat(buf, &statbuf); } return 0; } This patch in combination with related indirectly reclaimable memory patches closes this issue. Link: http://lkml.kernel.org/r/20180313130041.8078-1-guro@fb.com Signed-off-by: Roman Gushchin <guro(a)fb.com> Reviewed-by: Andrew Morton <akpm(a)linux-foundation.org> Cc: Alexander Viro <viro(a)zeniv.linux.org.uk> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> diff --git a/mm/util.c b/mm/util.c index 029fc2f3b395..73676f0f1b43 100644 --- a/mm/util.c +++ b/mm/util.c @@ -667,6 +667,13 @@ int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin) */ free += global_node_page_state(NR_SLAB_RECLAIMABLE); + /* + * Part of the kernel memory, which can be released + * under memory pressure. + */ + free += global_node_page_state( + NR_INDIRECTLY_RECLAIMABLE_BYTES) >> PAGE_SHIFT; + /* * Leave reserved pages. The pages are not for anonymous pages. */

6 years, 11 months

3
4
0 0

[stable PATCH] xhci: Don't print a warning when setting link state for disabled ports

by Ross Zwisler

From: Mathias Nyman <mathias.nyman(a)linux.intel.com> commit 1208d8a84fdcae6b395c57911cdf907450d30e70 upstream. When disabling a USB3 port the hub driver will set the port link state to U3 to prevent "ejected" or "safely removed" devices that are still physically connected from immediately re-enumerating. If the device was really unplugged, then error messages were printed as the hub tries to set the U3 link state for a port that is no longer enabled. xhci-hcd ee000000.usb: Cannot set link state. usb usb8-port1: cannot disable (err = -32) Don't print error message in xhci-hub if hub tries to set port link state for a disabled port. Return -ENODEV instead which also silences hub driver. Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> Tested-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Ross Zwisler <zwisler(a)google.com> --- We'd like to get this commit added to linux-4.14.y, linux-4.9.y and linux-4.4.y, please. We continue to get error reports from users who are concerned about the USB error messages referred to in the changelog. The upstream commit 1208d8a84fdc can be cherry-picked cleanly to linux-4.14.y, and this patch applies cleanly to both linux-4.9.y and linux-4.4.y. I've tested both the clean cherry-pick and this version of the patch on real hardware. --- drivers/usb/host/xhci-hub.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/drivers/usb/host/xhci-hub.c b/drivers/usb/host/xhci-hub.c index 0722f75f1d6a..54bde0f45666 100644 --- a/drivers/usb/host/xhci-hub.c +++ b/drivers/usb/host/xhci-hub.c @@ -1073,13 +1073,15 @@ int xhci_hub_control(struct usb_hcd *hcd, u16 typeReq, u16 wValue, break; } - /* Software should not attempt to set - * port link state above '3' (U3) and the port - * must be enabled. - */ - if ((temp & PORT_PE) == 0 || - (link_state > USB_SS_PORT_LS_U3)) { - xhci_warn(xhci, "Cannot set link state.\n"); + /* Port must be enabled */ + if (!(temp & PORT_PE)) { + retval = -ENODEV; + break; + } + /* Can't set port link state above '3' (U3) */ + if (link_state > USB_SS_PORT_LS_U3) { + xhci_warn(xhci, "Cannot set port %d link state %d\n", + wIndex, link_state); goto error; } -- 2.19.0.605.g01d371f741-goog

6 years, 11 months

2
1
0 0

i2c: i2c-scmi: fix for i2c_smbus_write_block_data

by Wolfram Sang

Hi, upstream commit 08d9db00fe0e ("i2c: i2c-scmi: fix for i2c_smbus_write_block_data") should go to stable. I simply forgot to tag it accordingly. I am sorry about that. It should have: Fixes: dc9854212e0d ("i2c: Add driver for SMBus Control Method Interface") # v2.6.32+ Thanks, Wolfram

6 years, 11 months

2
1
0 0

FAILED: patch "[PATCH] MIPS: memset: Fix CPU_DADDI_WORKAROUNDS `small_fixup'" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 148b9aba99e0bbadf361747d21456e1589015f74 Mon Sep 17 00:00:00 2001 From: "Maciej W. Rozycki" <macro(a)linux-mips.org> Date: Tue, 2 Oct 2018 12:50:11 +0100 Subject: [PATCH] MIPS: memset: Fix CPU_DADDI_WORKAROUNDS `small_fixup' regression Fix a commit 8a8158c85e1e ("MIPS: memset.S: EVA & fault support for small_memset") regression and remove assembly warnings: arch/mips/lib/memset.S: Assembler messages: arch/mips/lib/memset.S:243: Warning: Macro instruction expanded into multiple instructions in a branch delay slot triggering with the CPU_DADDI_WORKAROUNDS option set and this code: PTR_SUBU a2, t1, a0 jr ra PTR_ADDIU a2, 1 This is because with that option in place the DADDIU instruction, which the PTR_ADDIU CPP macro expands to, becomes a GAS macro, which in turn expands to an LI/DADDU (or actually ADDIU/DADDU) sequence: 13c: 01a4302f dsubu a2,t1,a0 140: 03e00008 jr ra 144: 24010001 li at,1 148: 00c1302d daddu a2,a2,at ... Correct this by switching off the `noreorder' assembly mode and letting GAS schedule this jump's delay slot, as there is nothing special about it that would require manual scheduling. With this change in place correct code is produced: 13c: 01a4302f dsubu a2,t1,a0 140: 24010001 li at,1 144: 03e00008 jr ra 148: 00c1302d daddu a2,a2,at ... Signed-off-by: Maciej W. Rozycki <macro(a)linux-mips.org> Signed-off-by: Paul Burton <paul.burton(a)mips.com> Fixes: 8a8158c85e1e ("MIPS: memset.S: EVA & fault support for small_memset") Patchwork: https://patchwork.linux-mips.org/patch/20833/ Cc: Ralf Baechle <ralf(a)linux-mips.org> Cc: stable(a)vger.kernel.org # 4.17+ diff --git a/arch/mips/lib/memset.S b/arch/mips/lib/memset.S index 3a6f34ef5ffc..069acec3df9f 100644 --- a/arch/mips/lib/memset.S +++ b/arch/mips/lib/memset.S @@ -280,9 +280,11 @@ * unset_bytes = end_addr - current_addr + 1 * a2 = t1 - a0 + 1 */ + .set reorder PTR_SUBU a2, t1, a0 + PTR_ADDIU a2, 1 jr ra - PTR_ADDIU a2, 1 + .set noreorder .endm

6 years, 11 months

1
0
0 0

FAILED: patch "[PATCH] MIPS: memset: Fix CPU_DADDI_WORKAROUNDS `small_fixup'" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 148b9aba99e0bbadf361747d21456e1589015f74 Mon Sep 17 00:00:00 2001 From: "Maciej W. Rozycki" <macro(a)linux-mips.org> Date: Tue, 2 Oct 2018 12:50:11 +0100 Subject: [PATCH] MIPS: memset: Fix CPU_DADDI_WORKAROUNDS `small_fixup' regression Fix a commit 8a8158c85e1e ("MIPS: memset.S: EVA & fault support for small_memset") regression and remove assembly warnings: arch/mips/lib/memset.S: Assembler messages: arch/mips/lib/memset.S:243: Warning: Macro instruction expanded into multiple instructions in a branch delay slot triggering with the CPU_DADDI_WORKAROUNDS option set and this code: PTR_SUBU a2, t1, a0 jr ra PTR_ADDIU a2, 1 This is because with that option in place the DADDIU instruction, which the PTR_ADDIU CPP macro expands to, becomes a GAS macro, which in turn expands to an LI/DADDU (or actually ADDIU/DADDU) sequence: 13c: 01a4302f dsubu a2,t1,a0 140: 03e00008 jr ra 144: 24010001 li at,1 148: 00c1302d daddu a2,a2,at ... Correct this by switching off the `noreorder' assembly mode and letting GAS schedule this jump's delay slot, as there is nothing special about it that would require manual scheduling. With this change in place correct code is produced: 13c: 01a4302f dsubu a2,t1,a0 140: 24010001 li at,1 144: 03e00008 jr ra 148: 00c1302d daddu a2,a2,at ... Signed-off-by: Maciej W. Rozycki <macro(a)linux-mips.org> Signed-off-by: Paul Burton <paul.burton(a)mips.com> Fixes: 8a8158c85e1e ("MIPS: memset.S: EVA & fault support for small_memset") Patchwork: https://patchwork.linux-mips.org/patch/20833/ Cc: Ralf Baechle <ralf(a)linux-mips.org> Cc: stable(a)vger.kernel.org # 4.17+ diff --git a/arch/mips/lib/memset.S b/arch/mips/lib/memset.S index 3a6f34ef5ffc..069acec3df9f 100644 --- a/arch/mips/lib/memset.S +++ b/arch/mips/lib/memset.S @@ -280,9 +280,11 @@ * unset_bytes = end_addr - current_addr + 1 * a2 = t1 - a0 + 1 */ + .set reorder PTR_SUBU a2, t1, a0 + PTR_ADDIU a2, 1 jr ra - PTR_ADDIU a2, 1 + .set noreorder .endm

6 years, 11 months

1
0
0 0

FAILED: patch "[PATCH] MIPS: memset: Fix CPU_DADDI_WORKAROUNDS `small_fixup'" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 148b9aba99e0bbadf361747d21456e1589015f74 Mon Sep 17 00:00:00 2001 From: "Maciej W. Rozycki" <macro(a)linux-mips.org> Date: Tue, 2 Oct 2018 12:50:11 +0100 Subject: [PATCH] MIPS: memset: Fix CPU_DADDI_WORKAROUNDS `small_fixup' regression Fix a commit 8a8158c85e1e ("MIPS: memset.S: EVA & fault support for small_memset") regression and remove assembly warnings: arch/mips/lib/memset.S: Assembler messages: arch/mips/lib/memset.S:243: Warning: Macro instruction expanded into multiple instructions in a branch delay slot triggering with the CPU_DADDI_WORKAROUNDS option set and this code: PTR_SUBU a2, t1, a0 jr ra PTR_ADDIU a2, 1 This is because with that option in place the DADDIU instruction, which the PTR_ADDIU CPP macro expands to, becomes a GAS macro, which in turn expands to an LI/DADDU (or actually ADDIU/DADDU) sequence: 13c: 01a4302f dsubu a2,t1,a0 140: 03e00008 jr ra 144: 24010001 li at,1 148: 00c1302d daddu a2,a2,at ... Correct this by switching off the `noreorder' assembly mode and letting GAS schedule this jump's delay slot, as there is nothing special about it that would require manual scheduling. With this change in place correct code is produced: 13c: 01a4302f dsubu a2,t1,a0 140: 24010001 li at,1 144: 03e00008 jr ra 148: 00c1302d daddu a2,a2,at ... Signed-off-by: Maciej W. Rozycki <macro(a)linux-mips.org> Signed-off-by: Paul Burton <paul.burton(a)mips.com> Fixes: 8a8158c85e1e ("MIPS: memset.S: EVA & fault support for small_memset") Patchwork: https://patchwork.linux-mips.org/patch/20833/ Cc: Ralf Baechle <ralf(a)linux-mips.org> Cc: stable(a)vger.kernel.org # 4.17+ diff --git a/arch/mips/lib/memset.S b/arch/mips/lib/memset.S index 3a6f34ef5ffc..069acec3df9f 100644 --- a/arch/mips/lib/memset.S +++ b/arch/mips/lib/memset.S @@ -280,9 +280,11 @@ * unset_bytes = end_addr - current_addr + 1 * a2 = t1 - a0 + 1 */ + .set reorder PTR_SUBU a2, t1, a0 + PTR_ADDIU a2, 1 jr ra - PTR_ADDIU a2, 1 + .set noreorder .endm

6 years, 11 months

1
0
0 0

FAILED: patch "[PATCH] MIPS: memset: Fix CPU_DADDI_WORKAROUNDS `small_fixup'" failed to apply to 4.18-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.18-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 148b9aba99e0bbadf361747d21456e1589015f74 Mon Sep 17 00:00:00 2001 From: "Maciej W. Rozycki" <macro(a)linux-mips.org> Date: Tue, 2 Oct 2018 12:50:11 +0100 Subject: [PATCH] MIPS: memset: Fix CPU_DADDI_WORKAROUNDS `small_fixup' regression Fix a commit 8a8158c85e1e ("MIPS: memset.S: EVA & fault support for small_memset") regression and remove assembly warnings: arch/mips/lib/memset.S: Assembler messages: arch/mips/lib/memset.S:243: Warning: Macro instruction expanded into multiple instructions in a branch delay slot triggering with the CPU_DADDI_WORKAROUNDS option set and this code: PTR_SUBU a2, t1, a0 jr ra PTR_ADDIU a2, 1 This is because with that option in place the DADDIU instruction, which the PTR_ADDIU CPP macro expands to, becomes a GAS macro, which in turn expands to an LI/DADDU (or actually ADDIU/DADDU) sequence: 13c: 01a4302f dsubu a2,t1,a0 140: 03e00008 jr ra 144: 24010001 li at,1 148: 00c1302d daddu a2,a2,at ... Correct this by switching off the `noreorder' assembly mode and letting GAS schedule this jump's delay slot, as there is nothing special about it that would require manual scheduling. With this change in place correct code is produced: 13c: 01a4302f dsubu a2,t1,a0 140: 24010001 li at,1 144: 03e00008 jr ra 148: 00c1302d daddu a2,a2,at ... Signed-off-by: Maciej W. Rozycki <macro(a)linux-mips.org> Signed-off-by: Paul Burton <paul.burton(a)mips.com> Fixes: 8a8158c85e1e ("MIPS: memset.S: EVA & fault support for small_memset") Patchwork: https://patchwork.linux-mips.org/patch/20833/ Cc: Ralf Baechle <ralf(a)linux-mips.org> Cc: stable(a)vger.kernel.org # 4.17+ diff --git a/arch/mips/lib/memset.S b/arch/mips/lib/memset.S index 3a6f34ef5ffc..069acec3df9f 100644 --- a/arch/mips/lib/memset.S +++ b/arch/mips/lib/memset.S @@ -280,9 +280,11 @@ * unset_bytes = end_addr - current_addr + 1 * a2 = t1 - a0 + 1 */ + .set reorder PTR_SUBU a2, t1, a0 + PTR_ADDIU a2, 1 jr ra - PTR_ADDIU a2, 1 + .set noreorder .endm

6 years, 11 months

1
0
0 0

FAILED: patch "[PATCH] MIPS: VDSO: Always map near top of user memory" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From ea7e0480a4b695d0aa6b3fa99bd658a003122113 Mon Sep 17 00:00:00 2001 From: Paul Burton <paul.burton(a)mips.com> Date: Tue, 25 Sep 2018 15:51:26 -0700 Subject: [PATCH] MIPS: VDSO: Always map near top of user memory When using the legacy mmap layout, for example triggered using ulimit -s unlimited, get_unmapped_area() fills memory from bottom to top starting from a fairly low address near TASK_UNMAPPED_BASE. This placement is suboptimal if the user application wishes to allocate large amounts of heap memory using the brk syscall. With the VDSO being located low in the user's virtual address space, the amount of space available for access using brk is limited much more than it was prior to the introduction of the VDSO. For example: # ulimit -s unlimited; cat /proc/self/maps 00400000-004ec000 r-xp 00000000 08:00 71436 /usr/bin/coreutils 004fc000-004fd000 rwxp 000ec000 08:00 71436 /usr/bin/coreutils 004fd000-0050f000 rwxp 00000000 00:00 0 00cc3000-00ce4000 rwxp 00000000 00:00 0 [heap] 2ab96000-2ab98000 r--p 00000000 00:00 0 [vvar] 2ab98000-2ab99000 r-xp 00000000 00:00 0 [vdso] 2ab99000-2ab9d000 rwxp 00000000 00:00 0 ... Resolve this by adjusting STACK_TOP to reserve space for the VDSO & providing an address hint to get_unmapped_area() causing it to use this space even when using the legacy mmap layout. We reserve enough space for the VDSO, plus 1MB or 256MB for 32 bit & 64 bit systems respectively within which we randomize the VDSO base address. Previously this randomization was taken care of by the mmap base address randomization performed by arch_mmap_rnd(). The 1MB & 256MB sizes are somewhat arbitrary but chosen such that we have some randomization without taking up too much of the user's virtual address space, which is often in short supply for 32 bit systems. With this the VDSO is always mapped at a high address, leaving lots of space for statically linked programs to make use of brk: # ulimit -s unlimited; cat /proc/self/maps 00400000-004ec000 r-xp 00000000 08:00 71436 /usr/bin/coreutils 004fc000-004fd000 rwxp 000ec000 08:00 71436 /usr/bin/coreutils 004fd000-0050f000 rwxp 00000000 00:00 0 00c28000-00c49000 rwxp 00000000 00:00 0 [heap] ... 7f67c000-7f69d000 rwxp 00000000 00:00 0 [stack] 7f7fc000-7f7fd000 rwxp 00000000 00:00 0 7fcf1000-7fcf3000 r--p 00000000 00:00 0 [vvar] 7fcf3000-7fcf4000 r-xp 00000000 00:00 0 [vdso] Signed-off-by: Paul Burton <paul.burton(a)mips.com> Reported-by: Huacai Chen <chenhc(a)lemote.com> Fixes: ebb5e78cc634 ("MIPS: Initial implementation of a VDSO") Cc: Huacai Chen <chenhc(a)lemote.com> Cc: linux-mips(a)linux-mips.org Cc: stable(a)vger.kernel.org # v4.4+ diff --git a/arch/mips/include/asm/processor.h b/arch/mips/include/asm/processor.h index b2fa62922d88..49d6046ca1d0 100644 --- a/arch/mips/include/asm/processor.h +++ b/arch/mips/include/asm/processor.h @@ -13,6 +13,7 @@ #include <linux/atomic.h> #include <linux/cpumask.h> +#include <linux/sizes.h> #include <linux/threads.h> #include <asm/cachectl.h> @@ -80,11 +81,10 @@ extern unsigned int vced_count, vcei_count; #endif -/* - * One page above the stack is used for branch delay slot "emulation". - * See dsemul.c for details. - */ -#define STACK_TOP ((TASK_SIZE & PAGE_MASK) - PAGE_SIZE) +#define VDSO_RANDOMIZE_SIZE (TASK_IS_32BIT_ADDR ? SZ_1M : SZ_256M) + +extern unsigned long mips_stack_top(void); +#define STACK_TOP mips_stack_top() /* * This decides where the kernel will search for a free chunk of vm diff --git a/arch/mips/kernel/process.c b/arch/mips/kernel/process.c index 8fc69891e117..d4f7fd4550e1 100644 --- a/arch/mips/kernel/process.c +++ b/arch/mips/kernel/process.c @@ -32,6 +32,7 @@ #include <linux/nmi.h> #include <linux/cpu.h> +#include <asm/abi.h> #include <asm/asm.h> #include <asm/bootinfo.h> #include <asm/cpu.h> @@ -39,6 +40,7 @@ #include <asm/dsp.h> #include <asm/fpu.h> #include <asm/irq.h> +#include <asm/mips-cps.h> #include <asm/msa.h> #include <asm/pgtable.h> #include <asm/mipsregs.h> @@ -645,6 +647,29 @@ unsigned long get_wchan(struct task_struct *task) return pc; } +unsigned long mips_stack_top(void) +{ + unsigned long top = TASK_SIZE & PAGE_MASK; + + /* One page for branch delay slot "emulation" */ + top -= PAGE_SIZE; + + /* Space for the VDSO, data page & GIC user page */ + top -= PAGE_ALIGN(current->thread.abi->vdso->size); + top -= PAGE_SIZE; + top -= mips_gic_present() ? PAGE_SIZE : 0; + + /* Space for cache colour alignment */ + if (cpu_has_dc_aliases) + top -= shm_align_mask + 1; + + /* Space to randomize the VDSO base */ + if (current->flags & PF_RANDOMIZE) + top -= VDSO_RANDOMIZE_SIZE; + + return top; +} + /* * Don't forget that the stack pointer must be aligned on a 8 bytes * boundary for 32-bits ABI and 16 bytes for 64-bits ABI. diff --git a/arch/mips/kernel/vdso.c b/arch/mips/kernel/vdso.c index 8f845f6e5f42..48a9c6b90e07 100644 --- a/arch/mips/kernel/vdso.c +++ b/arch/mips/kernel/vdso.c @@ -15,6 +15,7 @@ #include <linux/ioport.h> #include <linux/kernel.h> #include <linux/mm.h> +#include <linux/random.h> #include <linux/sched.h> #include <linux/slab.h> #include <linux/timekeeper_internal.h> @@ -97,6 +98,21 @@ void update_vsyscall_tz(void) } } +static unsigned long vdso_base(void) +{ + unsigned long base; + + /* Skip the delay slot emulation page */ + base = STACK_TOP + PAGE_SIZE; + + if (current->flags & PF_RANDOMIZE) { + base += get_random_int() & (VDSO_RANDOMIZE_SIZE - 1); + base = PAGE_ALIGN(base); + } + + return base; +} + int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp) { struct mips_vdso_image *image = current->thread.abi->vdso; @@ -137,7 +153,7 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp) if (cpu_has_dc_aliases) size += shm_align_mask + 1; - base = get_unmapped_area(NULL, 0, size, 0, 0); + base = get_unmapped_area(NULL, vdso_base(), size, 0, 0); if (IS_ERR_VALUE(base)) { ret = base; goto out;

6 years, 11 months

1
0
0 0

stable backport request: 28e2c4bb99aa ("mm/vmstat.c: fix outdated vmstat_text")

by Jann Horn

I guess I should put more stable backport tags on stuff, I've been bugged about not having requested a backport for the following: commit 28e2c4bb99aa ("mm/vmstat.c: fix outdated vmstat_text"), for stable kernels 4.14 and 4.18.

6 years, 11 months

2
1
0 0

[PATCH] drm/atomic_helper: Stop modesets on unregistered connectors harder

by Lyude Paul

Unfortunately, it appears our fix in: commit b5d29843d8ef ("drm/atomic_helper: Allow DPMS On<->Off changes for unregistered connectors") Which attempted to work around the problems introduced by: commit 4d80273976bf ("drm/atomic_helper: Disallow new modesets on unregistered connectors") Is still not the right solution, as modesets can still be triggered outside of drm_atomic_set_crtc_for_connector(). So in order to fix this, while still being careful that we don't break modesets that a driver may perform before being registered with userspace, we replace connector->registered with a tristate member, connector->registration_state. This allows us to keep track of whether or not a connector is still initializing and hasn't been exposed to userspace, is currently registered and exposed to userspace, or has been legitimately removed from the system after having once been present. Using this info, we can prevent userspace from performing new modesets on unregistered connectors while still allowing the driver to perform modesets on unregistered connectors before the driver has finished being registered. Fixes: b5d29843d8ef ("drm/atomic_helper: Allow DPMS On<->Off changes for unregistered connectors") Cc: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Cc: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Cc: stable(a)vger.kernel.org Cc: David Airlie <airlied(a)linux.ie> Signed-off-by: Lyude Paul <lyude(a)redhat.com> --- drivers/gpu/drm/drm_atomic_helper.c | 60 +++++++++++++++++++++---- drivers/gpu/drm/drm_atomic_uapi.c | 21 --------- drivers/gpu/drm/drm_connector.c | 10 ++--- drivers/gpu/drm/i915/intel_dp_mst.c | 8 ++-- include/drm/drm_connector.h | 68 ++++++++++++++++++++++++++++- 5 files changed, 127 insertions(+), 40 deletions(-) diff --git a/drivers/gpu/drm/drm_atomic_helper.c b/drivers/gpu/drm/drm_atomic_helper.c index 6f66777dca4b..6cadeaf28ae4 100644 --- a/drivers/gpu/drm/drm_atomic_helper.c +++ b/drivers/gpu/drm/drm_atomic_helper.c @@ -529,6 +529,35 @@ mode_valid(struct drm_atomic_state *state) return 0; } +static int +unregistered_connector_check(struct drm_atomic_state *state, + struct drm_connector *connector, + struct drm_connector_state *old_conn_state, + struct drm_connector_state *new_conn_state) +{ + struct drm_crtc_state *crtc_state; + struct drm_crtc *crtc; + + if (!drm_connector_unregistered(connector)) + return 0; + + crtc = new_conn_state->crtc; + if (!crtc) + return 0; + + crtc_state = drm_atomic_get_new_crtc_state(state, crtc); + if (!crtc_state || !drm_atomic_crtc_needs_modeset(crtc_state)) + return 0; + + if (crtc_state->mode_changed) { + DRM_DEBUG_ATOMIC("[CONNECTOR:%d:%s] can't change mode on unregistered connector\n", + connector->base.id, connector->name); + return -EINVAL; + } + + return 0; +} + /** * drm_atomic_helper_check_modeset - validate state object for modeset changes * @dev: DRM device @@ -684,18 +713,33 @@ drm_atomic_helper_check_modeset(struct drm_device *dev, return ret; } - /* - * Iterate over all connectors again, to make sure atomic_check() - * has been called on them when a modeset is forced. - */ for_each_oldnew_connector_in_state(state, connector, old_connector_state, new_connector_state, i) { const struct drm_connector_helper_funcs *funcs = connector->helper_private; - if (connectors_mask & BIT(i)) - continue; + /* Make sure atomic_check() is called on any unchecked + * connectors when a modeset has been forced + */ + if (connectors_mask & BIT(i) && funcs->atomic_check) { + ret = funcs->atomic_check(connector, + new_connector_state); + if (ret) + return ret; + } - if (funcs->atomic_check) - ret = funcs->atomic_check(connector, new_connector_state); + /* + * Prevent userspace from turning on new displays or setting + * new modes using connectors which have been removed from + * userspace. This is racy since an unplug could happen at any + * time including after this check, but that's OK: we only + * care about preventing userspace from trying to set invalid + * state using destroyed connectors that it's been notified + * about. No one can save us after the atomic check completes + * but ourselves. + */ + ret = unregistered_connector_check(state, + connector, + old_connector_state, + new_connector_state); if (ret) return ret; } diff --git a/drivers/gpu/drm/drm_atomic_uapi.c b/drivers/gpu/drm/drm_atomic_uapi.c index a22d6f269b07..d5b7f315098c 100644 --- a/drivers/gpu/drm/drm_atomic_uapi.c +++ b/drivers/gpu/drm/drm_atomic_uapi.c @@ -299,27 +299,6 @@ drm_atomic_set_crtc_for_connector(struct drm_connector_state *conn_state, struct drm_connector *connector = conn_state->connector; struct drm_crtc_state *crtc_state; - /* - * For compatibility with legacy users, we want to make sure that - * we allow DPMS On<->Off modesets on unregistered connectors, since - * legacy modesetting users will not be expecting these to fail. We do - * not however, want to allow legacy users to assign a connector - * that's been unregistered from sysfs to another CRTC, since doing - * this with a now non-existent connector could potentially leave us - * in an invalid state. - * - * Since the connector can be unregistered at any point during an - * atomic check or commit, this is racy. But that's OK: all we care - * about is ensuring that userspace can't use this connector for new - * configurations after it's been notified that the connector is no - * longer present. - */ - if (!READ_ONCE(connector->registered) && crtc) { - DRM_DEBUG_ATOMIC("[CONNECTOR:%d:%s] is not registered\n", - connector->base.id, connector->name); - return -EINVAL; - } - if (conn_state->crtc == crtc) return 0; diff --git a/drivers/gpu/drm/drm_connector.c b/drivers/gpu/drm/drm_connector.c index 5d01414ec9f7..79943102fe18 100644 --- a/drivers/gpu/drm/drm_connector.c +++ b/drivers/gpu/drm/drm_connector.c @@ -396,7 +396,7 @@ void drm_connector_cleanup(struct drm_connector *connector) /* The connector should have been removed from userspace long before * it is finally destroyed. */ - if (WARN_ON(connector->registered)) + if (WARN_ON(!drm_connector_unregistered(connector))) drm_connector_unregister(connector); if (connector->tile_group) { @@ -453,7 +453,7 @@ int drm_connector_register(struct drm_connector *connector) return 0; mutex_lock(&connector->mutex); - if (connector->registered) + if (connector->registration_state != DRM_CONNECTOR_INITIALIZING) goto unlock; ret = drm_sysfs_connector_add(connector); @@ -473,7 +473,7 @@ int drm_connector_register(struct drm_connector *connector) drm_mode_object_register(connector->dev, &connector->base); - connector->registered = true; + connector->registration_state = DRM_CONNECTOR_REGISTERED; goto unlock; err_debugfs: @@ -495,7 +495,7 @@ EXPORT_SYMBOL(drm_connector_register); void drm_connector_unregister(struct drm_connector *connector) { mutex_lock(&connector->mutex); - if (!connector->registered) { + if (connector->registration_state != DRM_CONNECTOR_REGISTERED) { mutex_unlock(&connector->mutex); return; } @@ -506,7 +506,7 @@ void drm_connector_unregister(struct drm_connector *connector) drm_sysfs_connector_remove(connector); drm_debugfs_connector_remove(connector); - connector->registered = false; + connector->registration_state = DRM_CONNECTOR_UNREGISTERED; mutex_unlock(&connector->mutex); } EXPORT_SYMBOL(drm_connector_unregister); diff --git a/drivers/gpu/drm/i915/intel_dp_mst.c b/drivers/gpu/drm/i915/intel_dp_mst.c index b268bdd71bd3..ad367309e10b 100644 --- a/drivers/gpu/drm/i915/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/intel_dp_mst.c @@ -78,7 +78,7 @@ static bool intel_dp_mst_compute_config(struct intel_encoder *encoder, pipe_config->pbn = mst_pbn; /* Zombie connectors can't have VCPI slots */ - if (READ_ONCE(connector->registered)) { + if (!drm_connector_unregistered(connector)) { slots = drm_dp_atomic_find_vcpi_slots(state, &intel_dp->mst_mgr, port, @@ -314,7 +314,7 @@ static int intel_dp_mst_get_ddc_modes(struct drm_connector *connector) struct edid *edid; int ret; - if (!READ_ONCE(connector->registered)) + if (drm_connector_unregistered(connector)) return intel_connector_update_modes(connector, NULL); edid = drm_dp_mst_get_edid(connector, &intel_dp->mst_mgr, intel_connector->port); @@ -330,7 +330,7 @@ intel_dp_mst_detect(struct drm_connector *connector, bool force) struct intel_connector *intel_connector = to_intel_connector(connector); struct intel_dp *intel_dp = intel_connector->mst_port; - if (!READ_ONCE(connector->registered)) + if (drm_connector_unregistered(connector)) return connector_status_disconnected; return drm_dp_mst_detect_port(connector, &intel_dp->mst_mgr, intel_connector->port); @@ -361,7 +361,7 @@ intel_dp_mst_mode_valid(struct drm_connector *connector, int bpp = 24; /* MST uses fixed bpp */ int max_rate, mode_rate, max_lanes, max_link_clock; - if (!READ_ONCE(connector->registered)) + if (drm_connector_unregistered(connector)) return MODE_ERROR; if (mode->flags & DRM_MODE_FLAG_DBLSCAN) diff --git a/include/drm/drm_connector.h b/include/drm/drm_connector.h index 5b3cf909fd5e..5f3e4a37bcd2 100644 --- a/include/drm/drm_connector.h +++ b/include/drm/drm_connector.h @@ -82,6 +82,51 @@ enum drm_connector_status { connector_status_unknown = 3, }; +/** + * enum drm_connector_registration_status - userspace registration status for + * a &drm_connector + * + * This enum is used to track the status of initializing a connector and + * registering it with userspace, so that DRM can prevent bogus modesets on + * connectors that no longer exist. + */ +enum drm_connector_registration_state { + /** + * @DRM_CONNECTOR_INITIALIZING: The connector has just been created, + * but has yet to be exposed to userspace. There should be no + * additional restrictions to how the state of this connector may be + * modified. connector to a new CRTC. + */ + DRM_CONNECTOR_INITIALIZING = 0, + + /** + * @DRM_CONNECTOR_REGISTERED: The connector has been fully initialized + * and registered with sysfs, as such it has been exposed to + * userspace. There should be no additional restrictions to how the + * state of this connector may be modified. + */ + DRM_CONNECTOR_REGISTERED = 1, + + /** + * @DRM_CONNECTOR_UNREGISTERED: The connector has either been exposed + * to userspace and has since been unregistered and removed from + * userspace, or the connector was destroyed before it had a chance to + * be exposed to userspace. There are additional restrictions to how + * the state of an unregistered connector may be modified: + * + * - The current display mode as exposed to userspace must remain the + * same as it was when the connector was unregistered. + * - The connector's currently assigned CRTC may be unassigned from + * this connector. Unassigning the connector's CRTC must be + * permanent. + * - New CRTCs must not be assigned to this connector. + * - The DPMS state of the connector (for compatibility with legacy + * modesetting) may modified freely, so long as doing so does not + * cause the new atomic state to violate any of these rules. + */ + DRM_CONNECTOR_UNREGISTERED = 2, +}; + enum subpixel_order { SubPixelUnknown = 0, SubPixelHorizontalRGB, @@ -853,10 +898,12 @@ struct drm_connector { bool ycbcr_420_allowed; /** - * @registered: Is this connector exposed (registered) with userspace? + * @registration_state: Is this connector initializing, exposed + * (registered) with userspace, or unregistered? + * * Protected by @mutex. */ - bool registered; + enum drm_connector_registration_state registration_state; /** * @modes: @@ -1167,6 +1214,23 @@ static inline void drm_connector_unreference(struct drm_connector *connector) drm_connector_put(connector); } +/** + * drm_connector_unregistered - has the connector been unregistered from + * userspace? + * @connector: DRM connector + * + * Checks whether or not @connector has been unregistered from userspace. + * + * Returns: + * True if the connector was unregistered, false if the connector is + * registered or has not yet been registered with userspace. + */ +static inline bool drm_connector_unregistered(struct drm_connector *connector) +{ + return READ_ONCE(connector->registration_state) == + DRM_CONNECTOR_UNREGISTERED; +} + const char *drm_get_connector_status_name(enum drm_connector_status status); const char *drm_get_subpixel_order_name(enum subpixel_order order); const char *drm_get_dpms_name(int val); -- 2.17.2

6 years, 11 months

2
1
0 0

patch "USB: fix the usbfs flag sanitization for control transfers" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled USB: fix the usbfs flag sanitization for control transfers to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 665c365a77fbfeabe52694aedf3446d5f2f1ce42 Mon Sep 17 00:00:00 2001 From: Alan Stern <stern(a)rowland.harvard.edu> Date: Mon, 15 Oct 2018 16:55:04 -0400 Subject: USB: fix the usbfs flag sanitization for control transfers Commit 7a68d9fb8510 ("USB: usbdevfs: sanitize flags more") checks the transfer flags for URBs submitted from userspace via usbfs. However, the check for whether the USBDEVFS_URB_SHORT_NOT_OK flag should be allowed for a control transfer was added in the wrong place, before the code has properly determined the direction of the control transfer. (Control transfers are special because for them, the direction is set by the bRequestType byte of the Setup packet rather than direction bit of the endpoint address.) This patch moves code which sets up the allow_short flag for control transfers down after is_in has been set to the correct value. Signed-off-by: Alan Stern <stern(a)rowland.harvard.edu> Reported-and-tested-by: syzbot+24a30223a4b609bb802e(a)syzkaller.appspotmail.com Fixes: 7a68d9fb8510 ("USB: usbdevfs: sanitize flags more") CC: Oliver Neukum <oneukum(a)suse.com> CC: <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/core/devio.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c index 244417d0dfd1..ffccd40ea67d 100644 --- a/drivers/usb/core/devio.c +++ b/drivers/usb/core/devio.c @@ -1474,8 +1474,6 @@ static int proc_do_submiturb(struct usb_dev_state *ps, struct usbdevfs_urb *uurb u = 0; switch (uurb->type) { case USBDEVFS_URB_TYPE_CONTROL: - if (is_in) - allow_short = true; if (!usb_endpoint_xfer_control(&ep->desc)) return -EINVAL; /* min 8 byte setup packet */ @@ -1505,6 +1503,8 @@ static int proc_do_submiturb(struct usb_dev_state *ps, struct usbdevfs_urb *uurb is_in = 0; uurb->endpoint &= ~USB_DIR_IN; } + if (is_in) + allow_short = true; snoop(&ps->dev->dev, "control urb: bRequestType=%02x " "bRequest=%02x wValue=%04x " "wIndex=%04x wLength=%04x\n", -- 2.19.1

6 years, 11 months

1
0
0 0

[GIT PULL] commits for Linux 4.18

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.18 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 7da07a3216a00aa3c523db4539fc6914497d0576: Linux 4.18.12 (2018-10-03 16:59:28 -0700) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.18-12102018 for you to fetch changes up to 6504d46ffb696d2b116606dbb44a16b06241cf49: mm: slowly shrink slabs with a relatively small number of objects (2018-10-03 22:24:11 -0400) - ---------------------------------------------------------------- for-greg-4.18-12102018 - ---------------------------------------------------------------- Akshu Agrawal (1): ASoC: AMD: Ensure reset bit is cleared before configuring Amber Lin (1): drm/amdgpu: Fix SDMA HQD destroy error on gfx_v7 Anders Roxell (2): selftests: android: move config up a level selftests: add headers_install to lib.mk Charles Keepax (1): ASoC: dapm: Fix NULL pointer deference on CODEC to CODEC DAIs Corentin Labbe (1): net: ethernet: ti: add missing GENERIC_ALLOCATOR dependency Dan Carpenter (1): scsi: qla2xxx: Fix an endian bug in fcpcmd_is_corrupted() Danny Smith (1): ASoC: sigmadsp: safeload should not have lower byte limit Guenter Roeck (4): hwmon: (nct6775) Fix access to fan pulse registers hwmon: (nct6775) Fix virtual temperature sources for NCT6796D hwmon: (nct6775) Fix RPM output for fan7 on NCT6796D hwmon: (nct6775) Use different register to get fan RPM for fan7 Hans de Goede (2): clk: x86: add "ether_clk" alias for Bay Trail / Cherry Trail clk: x86: Stop marking clocks as CLK_IS_CRITICAL Hermes Zhang (1): Bluetooth: hci_ldisc: Free rw_semaphore on close Jay Kamat (2): Fix cg_read_strcmp() Add tests for memory.oom.group Johan Hedberg (1): Bluetooth: SMP: Fix trying to use non-existent local OOB data Jongsung Kim (1): stmmac: fix valid numbers of unicast filter entries Kuninori Morimoto (2): ASoC: rsnd: adg: care clock-frequency size ASoC: rsnd: don't fallback to PIO mode when -EPROBE_DEFER Laura Abbott (1): scsi: iscsi: target: Don't use stack buffer for scatterlist Lei Yang (2): selftests/efivarfs: add required kernel configs selftests: memory-hotplug: add required configs Martin KaFai Lau (1): bpf: btf: Fix end boundary calculation for type section Matias Karhumaa (1): Bluetooth: Use correct tfm to generate OOB data Nicholas Piggin (1): KVM: PPC: Book3S HV: Don't use compound_order to determine host mapping size Nicolas Ferre (2): net: macb: disable scatter-gather for macb on sama5d3 ARM: dts: at91: add new compatibility string for macb on sama5d3 Oder Chiou (1): ASoC: rt5514: Fix the issue of the delay volume applied again Pierre-Louis Bossart (1): ASoC: wm8804: Add ACPI support Richard Weinberger (1): ubifs: Check for name being NULL while mounting Roman Gushchin (1): mm: slowly shrink slabs with a relatively small number of objects Ryan Lee (2): ASoC: max98373: Added speaker FS gain cotnrol register to volatile. ASoC: max98373: Added 10ms sleep after amp software reset Simon Detheridge (1): pinctrl: cannonlake: Fix gpio base for GPP-E Srinivas Kandagatla (1): ASoC: q6routing: initialize data correctly Stephen Hemminger (2): PCI: hv: support reporting serial number as slot information hv_netvsc: pair VF based on serial number Thiago Jung Bauermann (1): selftests: kselftest: Remove outdated comment Tony Lindgren (1): mfd: omap-usb-host: Fix dts probe of children Tushar Dave (1): bpf: use __GFP_COMP while allocating page Vitaly Kuznetsov (1): x86/kvm/lapic: always disable MMIO interface in x2APIC mode Yong Zhao (2): drm/amdkfd: Change the control stack MTYPE from UC to NC on GFX9 drm/amdkfd: Fix ATS capablity was not reported correctly on some APUs Yu Zhao (2): sound: enable interrupt after dma buffer initialization sound: don't call skl_init_chip() to reset intel skl soc zhong jiang (1): drm/pl111: Make sure of_device_id tables are NULL terminated Documentation/devicetree/bindings/net/macb.txt | 1 + Makefile | 14 +- arch/arm/boot/dts/sama5d3_emac.dtsi | 2 +- arch/powerpc/kvm/book3s_64_mmu_radix.c | 91 ++++----- arch/x86/include/uapi/asm/kvm.h | 1 + arch/x86/kvm/lapic.c | 22 ++- drivers/bluetooth/hci_ldisc.c | 2 + drivers/clk/x86/clk-pmc-atom.c | 18 +- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.c | 6 +- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.h | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gfx_v7.c | 2 +- drivers/gpu/drm/amd/amdkfd/kfd_device.c | 3 +- drivers/gpu/drm/amd/amdkfd/kfd_iommu.c | 13 +- drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v9.c | 2 +- drivers/gpu/drm/amd/amdkfd/kfd_priv.h | 1 + drivers/gpu/drm/amd/amdkfd/kfd_topology.c | 21 ++- drivers/gpu/drm/amd/include/kgd_kfd_interface.h | 2 +- drivers/gpu/drm/pl111/pl111_vexpress.c | 3 +- drivers/hwmon/nct6775.c | 70 ++++--- drivers/mfd/omap-usb-host.c | 11 +- drivers/net/ethernet/cadence/macb_main.c | 8 + .../net/ethernet/stmicro/stmmac/stmmac_platform.c | 5 +- drivers/net/ethernet/ti/Kconfig | 1 + drivers/net/hyperv/netvsc.c | 3 + drivers/net/hyperv/netvsc_drv.c | 58 +++--- drivers/pci/controller/pci-hyperv.c | 37 ++++ drivers/pinctrl/intel/pinctrl-cannonlake.c | 2 +- drivers/scsi/qla2xxx/qla_target.h | 4 +- drivers/target/iscsi/iscsi_target.c | 22 ++- fs/ubifs/super.c | 3 + include/sound/hdaudio.h | 1 + include/sound/soc-dapm.h | 1 + kernel/bpf/btf.c | 2 +- mm/vmscan.c | 11 ++ net/bluetooth/smp.c | 16 +- net/core/filter.c | 3 +- scripts/subarch.include | 13 ++ sound/hda/hdac_controller.c | 15 +- sound/soc/amd/acp-pcm-dma.c | 21 +++ sound/soc/codecs/max98373.c | 3 + sound/soc/codecs/rt5514.c | 8 +- sound/soc/codecs/sigmadsp.c | 3 +- sound/soc/codecs/wm8804-i2c.c | 15 +- sound/soc/intel/skylake/skl.c | 2 +- sound/soc/qcom/qdsp6/q6routing.c | 4 +- sound/soc/sh/rcar/adg.c | 5 + sound/soc/sh/rcar/core.c | 10 +- sound/soc/sh/rcar/dma.c | 4 + sound/soc/soc-core.c | 4 +- sound/soc/soc-dapm.c | 4 + tools/testing/selftests/android/Makefile | 2 +- tools/testing/selftests/android/{ion => }/config | 0 tools/testing/selftests/android/ion/Makefile | 2 + tools/testing/selftests/cgroup/cgroup_util.c | 38 +++- tools/testing/selftests/cgroup/cgroup_util.h | 1 + tools/testing/selftests/cgroup/test_memcontrol.c | 205 +++++++++++++++++++++ tools/testing/selftests/efivarfs/config | 1 + tools/testing/selftests/futex/functional/Makefile | 1 + tools/testing/selftests/gpio/Makefile | 7 +- tools/testing/selftests/kselftest.h | 1 - tools/testing/selftests/kvm/Makefile | 7 +- tools/testing/selftests/lib.mk | 12 ++ tools/testing/selftests/memory-hotplug/config | 1 + tools/testing/selftests/net/Makefile | 1 + .../selftests/networking/timestamping/Makefile | 1 + tools/testing/selftests/vm/Makefile | 4 - 66 files changed, 661 insertions(+), 198 deletions(-) create mode 100644 scripts/subarch.include rename tools/testing/selftests/android/{ion => }/config (100%) create mode 100644 tools/testing/selftests/efivarfs/config -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlvAsVIACgkQ3qZv95d3 LNzS0A/+LZrhb4rh1ifRLjDSnBSMWN6vAhRvxHt1qzmU+aFjfyhYjAUmyYjt5mVC z+zO6rHsWbplvVdQnKK+/PJdyROsOwSxpTwlsCAC7AfneMpcBdxAs+fJUczkVxgz AI8e3/hbAfqGf+RaLTDnj6muuFK1RlQCjxCjX5iu5jkWaQj1OJ+BdXXMpkynaxiz OwRRUtV8jmpv3VhU/2ae0Posk96qJoogtj/sDfWQB9t1R/pnsU8udUwFft1NfB7x 2OSwfIGm84gMrzVhgbcvHaSKzj4SqC/tsZ3Q9+cdmtA2WDOlJcwI7E7kNYeeo+tD VhVJuqtGZRQUT81WIVPIK+bLBn8tF0kkTBQyKopsHvGfxRT/+k9/nGz+WNn8Zm7G r8Uhf4c/YkXprsxvbIc+2TRaJ3hmu71HigXakdowndu42ndZmqQSPJtLZPHBP27E LBI1gz/hFCiLv13cN7cvlGmy2SVM2LbYh10st8nw6buEY4S7CKRcXxuVDrBI7wtQ PlbjdM1FWW9BnfIv8yJuzQpBycB/R9Fz+++qWV3uAXqN52tiW/51ylh+9fvEKfid +gEuAyL1pVHh1RFcRzHbX2lEZ3kDAzrWS22IRBSmQSdkForiidNZbOHyCMCV6gLt o4OUAAHzu5XnjGHZ3+dRBEPBEjTvWQPLmbDEiEtHjXiKQsI8vW4= =DhcF -----END PGP SIGNATURE-----

6 years, 11 months

2
1
0 0

[PATCH 1/2] arm64: dts: meson: fix reserve memory regions

by Jerome Brunet

Since commit 50d7ba36b916 ("arm64: export memblock_reserve()d regions via /proc/iomem") was merged Amlogic's boards using mainline u-boot started showing the following warning: WARNING: CPU: 0 PID: 1 at arch/arm64/kernel/setup.c:271 reserve_memblock_reserved_regions+0xd8/0x144 Modules linked in: CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.19.0-rc7-00263-g385684b3eb27-dirty #254 pstate: 40000005 (nZcv daif -PAN -UAO) pc : reserve_memblock_reserved_regions+0xd8/0x144 lr : reserve_memblock_reserved_regions+0xd0/0x144 [...] This is due to u-boot setting some /reservedmem/ region while our dts declares reserved memory on the same region with no-map. The conflict produce the warning. This is fixed by using /reservedmem/ in our dts as well, which is probably something we should have done from the beginning. Cc: stable(a)vger.kernel.org Cc: Neil Armstrong <narmstrong(a)baylibre.com> Signed-off-by: Jerome Brunet <jbrunet(a)baylibre.com> --- Hi Kevin, I would have liked to put a Fixes tag above but I could not figure out which commit to pick, considering how much we changed those regions in the past. If you have suggestion, I'll be happy to repost this patch. If you prefer, feel free to amend this patch directly. Cheers Jerome arch/arm64/boot/dts/amlogic/meson-axg.dtsi | 24 +++++-------------- arch/arm64/boot/dts/amlogic/meson-gx.dtsi | 27 ++++++++-------------- 2 files changed, 15 insertions(+), 36 deletions(-) diff --git a/arch/arm64/boot/dts/amlogic/meson-axg.dtsi b/arch/arm64/boot/dts/amlogic/meson-axg.dtsi index 178d8e8c56b8..06a06f11f114 100644 --- a/arch/arm64/boot/dts/amlogic/meson-axg.dtsi +++ b/arch/arm64/boot/dts/amlogic/meson-axg.dtsi @@ -13,6 +13,12 @@ #include <dt-bindings/reset/amlogic,meson-axg-audio-arb.h> #include <dt-bindings/reset/amlogic,meson-axg-reset.h> +/* 16 MiB reserved for Hardware ROM Firmware */ +/memreserve/ 0x0 0x1000000; + +/* 3 MiB reserved for ARM Trusted Firmware (BL31) */ +/memreserve/ 0x05000000 0x300000; + / { compatible = "amlogic,meson-axg"; @@ -115,24 +121,6 @@ method = "smc"; }; - reserved-memory { - #address-cells = <2>; - #size-cells = <2>; - ranges; - - /* 16 MiB reserved for Hardware ROM Firmware */ - hwrom_reserved: hwrom@0 { - reg = <0x0 0x0 0x0 0x1000000>; - no-map; - }; - - /* Alternate 3 MiB reserved for ARM Trusted Firmware (BL31) */ - secmon_reserved: secmon@5000000 { - reg = <0x0 0x05000000 0x0 0x300000>; - no-map; - }; - }; - soc { compatible = "simple-bus"; #address-cells = <2>; diff --git a/arch/arm64/boot/dts/amlogic/meson-gx.dtsi b/arch/arm64/boot/dts/amlogic/meson-gx.dtsi index 676a995fb912..23e879b29b1e 100644 --- a/arch/arm64/boot/dts/amlogic/meson-gx.dtsi +++ b/arch/arm64/boot/dts/amlogic/meson-gx.dtsi @@ -13,6 +13,15 @@ #include <dt-bindings/interrupt-controller/irq.h> #include <dt-bindings/interrupt-controller/arm-gic.h> +/* 16 MiB reserved for Hardware ROM Firmware */ +/memreserve/ 0x0 0x1000000; + +/* 2 MiB reserved for ARM Trusted Firmware (BL31) */ +/memreserve/ 0x10000000 0x200000; + +/* Alternate 3 MiB reserved for ARM Trusted Firmware (BL31) */ +/memreserve/ 0x05000000 0x300000; + / { interrupt-parent = <&gic>; #address-cells = <2>; @@ -23,24 +32,6 @@ #size-cells = <2>; ranges; - /* 16 MiB reserved for Hardware ROM Firmware */ - hwrom_reserved: hwrom@0 { - reg = <0x0 0x0 0x0 0x1000000>; - no-map; - }; - - /* 2 MiB reserved for ARM Trusted Firmware (BL31) */ - secmon_reserved: secmon@10000000 { - reg = <0x0 0x10000000 0x0 0x200000>; - no-map; - }; - - /* Alternate 3 MiB reserved for ARM Trusted Firmware (BL31) */ - secmon_reserved_alt: secmon@5000000 { - reg = <0x0 0x05000000 0x0 0x300000>; - no-map; - }; - linux,cma { compatible = "shared-dma-pool"; reusable; -- 2.17.2

6 years, 11 months

3
3
0 0

+ mm-proc-pid-smaps_rollup-fix-null-pointer-deref-in-smaps_pte_range.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm: /proc/pid/smaps_rollup: fix NULL pointer deref in smaps_pte_range() has been added to the -mm tree. Its filename is mm-proc-pid-smaps_rollup-fix-null-pointer-deref-in-smaps_pte_range.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/mm-proc-pid-smaps_rollup-fix-null-… and later at http://ozlabs.org/~akpm/mmotm/broken-out/mm-proc-pid-smaps_rollup-fix-null-… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Vlastimil Babka <vbabka(a)suse.cz> Subject: mm: /proc/pid/smaps_rollup: fix NULL pointer deref in smaps_pte_range() Leonardo reports an apparent regression in 4.19-rc7: BUG: unable to handle kernel NULL pointer dereference at 00000000000000f0 PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 3 PID: 6032 Comm: python Not tainted 4.19.0-041900rc7-lowlatency #201810071631 Hardware name: LENOVO 80UG/Toronto 4A2, BIOS 0XCN45WW 08/09/2018 RIP: 0010:smaps_pte_range+0x32d/0x540 Code: 80 00 00 00 00 74 a9 48 89 de 41 f6 40 52 40 0f 85 04 02 00 00 49 2b 30 48 c1 ee 0c 49 03 b0 98 00 00 00 49 8b 80 a0 00 00 00 <48> 8b b8 f0 00 00 00 e8 b7 ef ec ff 48 85 c0 0f 84 71 ff ff ff a8 RSP: 0018:ffffb0cbc484fb88 EFLAGS: 00010202 RAX: 0000000000000000 RBX: 0000560ddb9e9000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000560ddb9e9 RDI: 0000000000000001 RBP: ffffb0cbc484fbc0 R08: ffff94a5a227a578 R09: ffff94a5a227a578 R10: 0000000000000000 R11: 0000560ddbbe7000 R12: ffffe903098ba728 R13: ffffb0cbc484fc78 R14: ffffb0cbc484fcf8 R15: ffff94a5a2e9cf48 FS: 00007f6dfb683740(0000) GS:ffff94a5aaf80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000000000f0 CR3: 000000011c118001 CR4: 00000000003606e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __walk_page_range+0x3c2/0x6f0 walk_page_vma+0x42/0x60 smap_gather_stats+0x79/0xe0 ? gather_pte_stats+0x320/0x320 ? gather_hugetlb_stats+0x70/0x70 show_smaps_rollup+0xcd/0x1c0 seq_read+0x157/0x400 __vfs_read+0x3a/0x180 ? security_file_permission+0x93/0xc0 ? security_file_permission+0x93/0xc0 vfs_read+0x8f/0x140 ksys_read+0x55/0xc0 __x64_sys_read+0x1a/0x20 do_syscall_64+0x5a/0x110 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Decoded code matched to local compilation+disassembly points to smaps_pte_entry(): } else if (unlikely(IS_ENABLED(CONFIG_SHMEM) && mss->check_shmem_swap && pte_none(*pte))) { page = find_get_entry(vma->vm_file->f_mapping, linear_page_index(vma, addr)); Here, vma->vm_file is NULL. mss->check_shmem_swap should be false in that case, however for smaps_rollup, smap_gather_stats() can set the flag true for one vma and leave it true for subsequent vma's where it should be false. To fix, reset the check_shmem_swap flag to false. There's also related bug which sets mss->swap to shmem_swapped, which in the context of smaps_rollup overwrites any value accumulated from previous vma's. Fix that as well. Note that the report suggests a regression between 4.17.19 and 4.19-rc7, which makes the 4.19 series ending with commit 258f669e7e88 ("mm: /proc/pid/smaps_rollup: convert to single value seq_file") suspicious. But the mss was reused for rollup since 493b0e9d945f ("mm: add /proc/pid/smaps_rollup") so let's play it safe with the stable backport. Link: http://lkml.kernel.org/r/555fbd1f-4ac9-0b58-dcd4-5dc4380ff7ca@suse.cz Link: https://bugzilla.kernel.org/show_bug.cgi?id=201377 Fixes: 493b0e9d945f ("mm: add /proc/pid/smaps_rollup") Signed-off-by: Vlastimil Babka <vbabka(a)suse.cz> Reported-by: Leonardo Soares Mller <leozinho29_eu(a)hotmail.com> Tested-by: Leonardo Soares Mller <leozinho29_eu(a)hotmail.com> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Daniel Colascione <dancol(a)google.com> Cc: Alexey Dobriyan <adobriyan(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/proc/task_mmu.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/fs/proc/task_mmu.c~mm-proc-pid-smaps_rollup-fix-null-pointer-deref-in-smaps_pte_range +++ a/fs/proc/task_mmu.c @@ -713,6 +713,8 @@ static void smap_gather_stats(struct vm_ smaps_walk.private = mss; #ifdef CONFIG_SHMEM + /* In case of smaps_rollup, reset the value from previous vma */ + mss->check_shmem_swap = false; if (vma->vm_file && shmem_mapping(vma->vm_file->f_mapping)) { /* * For shared or readonly shmem mappings we know that all @@ -728,7 +730,7 @@ static void smap_gather_stats(struct vm_ if (!shmem_swapped || (vma->vm_flags & VM_SHARED) || !(vma->vm_flags & VM_WRITE)) { - mss->swap = shmem_swapped; + mss->swap += shmem_swapped; } else { mss->check_shmem_swap = true; smaps_walk.pte_hole = smaps_pte_hole; _ Patches currently in -mm which might be from vbabka(a)suse.cz are mm-proc-pid-smaps_rollup-fix-null-pointer-deref-in-smaps_pte_range.patch mm-slab-combine-kmalloc_caches-and-kmalloc_dma_caches.patch mm-slab-slub-introduce-kmalloc-reclaimable-caches.patch dcache-allocate-external-names-from-reclaimable-kmalloc-caches.patch mm-rename-and-change-semantics-of-nr_indirectly_reclaimable_bytes.patch mm-proc-add-kreclaimable-to-proc-meminfo.patch mm-slab-shorten-kmalloc-cache-names-for-large-sizes.patch

6 years, 11 months

2
1
0 0

[GIT] PATCHES

by David Miller

Please queue up the following networking bug fixes for v4.14 and v4.18 -stable, respectively. Thanks!

6 years, 11 months

2
1
0 0

[PATCH AUTOSEL 3.18 01/15] xfrm: Validate address prefix lengths in the xfrm selector.

by Sasha Levin

From: Steffen Klassert <steffen.klassert(a)secunet.com> [ Upstream commit 07bf7908950a8b14e81aa1807e3c667eab39287a ] We don't validate the address prefix lengths in the xfrm selector we got from userspace. This can lead to undefined behaviour in the address matching functions if the prefix is too big for the given address family. Fix this by checking the prefixes and refuse SA/policy insertation when a prefix is invalid. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Reported-by: Air Icy <icytxw(a)gmail.com> Signed-off-by: Steffen Klassert <steffen.klassert(a)secunet.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- net/xfrm/xfrm_user.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 4fe43d80c153..ca99638b5d5a 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -150,10 +150,16 @@ static int verify_newsa_info(struct xfrm_usersa_info *p, err = -EINVAL; switch (p->family) { case AF_INET: + if (p->sel.prefixlen_d > 32 || p->sel.prefixlen_s > 32) + goto out; + break; case AF_INET6: #if IS_ENABLED(CONFIG_IPV6) + if (p->sel.prefixlen_d > 128 || p->sel.prefixlen_s > 128) + goto out; + break; #else err = -EAFNOSUPPORT; @@ -1285,10 +1291,16 @@ static int verify_newpolicy_info(struct xfrm_userpolicy_info *p) switch (p->sel.family) { case AF_INET: + if (p->sel.prefixlen_d > 32 || p->sel.prefixlen_s > 32) + return -EINVAL; + break; case AF_INET6: #if IS_ENABLED(CONFIG_IPV6) + if (p->sel.prefixlen_d > 128 || p->sel.prefixlen_s > 128) + return -EINVAL; + break; #else return -EAFNOSUPPORT; -- 2.17.1

6 years, 11 months

1
14
0 0

[PATCH AUTOSEL 4.9 01/38] xfrm: Validate address prefix lengths in the xfrm selector.

by Sasha Levin

From: Steffen Klassert <steffen.klassert(a)secunet.com> [ Upstream commit 07bf7908950a8b14e81aa1807e3c667eab39287a ] We don't validate the address prefix lengths in the xfrm selector we got from userspace. This can lead to undefined behaviour in the address matching functions if the prefix is too big for the given address family. Fix this by checking the prefixes and refuse SA/policy insertation when a prefix is invalid. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Reported-by: Air Icy <icytxw(a)gmail.com> Signed-off-by: Steffen Klassert <steffen.klassert(a)secunet.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- net/xfrm/xfrm_user.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 6e768093d7c8..b7ac834a6091 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -151,10 +151,16 @@ static int verify_newsa_info(struct xfrm_usersa_info *p, err = -EINVAL; switch (p->family) { case AF_INET: + if (p->sel.prefixlen_d > 32 || p->sel.prefixlen_s > 32) + goto out; + break; case AF_INET6: #if IS_ENABLED(CONFIG_IPV6) + if (p->sel.prefixlen_d > 128 || p->sel.prefixlen_s > 128) + goto out; + break; #else err = -EAFNOSUPPORT; @@ -1316,10 +1322,16 @@ static int verify_newpolicy_info(struct xfrm_userpolicy_info *p) switch (p->sel.family) { case AF_INET: + if (p->sel.prefixlen_d > 32 || p->sel.prefixlen_s > 32) + return -EINVAL; + break; case AF_INET6: #if IS_ENABLED(CONFIG_IPV6) + if (p->sel.prefixlen_d > 128 || p->sel.prefixlen_s > 128) + return -EINVAL; + break; #else return -EAFNOSUPPORT; -- 2.17.1

6 years, 11 months

1
37
0 0

[PATCH AUTOSEL 4.14 01/61] xfrm: Validate address prefix lengths in the xfrm selector.

by Sasha Levin

From: Steffen Klassert <steffen.klassert(a)secunet.com> [ Upstream commit 07bf7908950a8b14e81aa1807e3c667eab39287a ] We don't validate the address prefix lengths in the xfrm selector we got from userspace. This can lead to undefined behaviour in the address matching functions if the prefix is too big for the given address family. Fix this by checking the prefixes and refuse SA/policy insertation when a prefix is invalid. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Reported-by: Air Icy <icytxw(a)gmail.com> Signed-off-by: Steffen Klassert <steffen.klassert(a)secunet.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- net/xfrm/xfrm_user.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 5554d28a32eb..4292347bf45e 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -151,10 +151,16 @@ static int verify_newsa_info(struct xfrm_usersa_info *p, err = -EINVAL; switch (p->family) { case AF_INET: + if (p->sel.prefixlen_d > 32 || p->sel.prefixlen_s > 32) + goto out; + break; case AF_INET6: #if IS_ENABLED(CONFIG_IPV6) + if (p->sel.prefixlen_d > 128 || p->sel.prefixlen_s > 128) + goto out; + break; #else err = -EAFNOSUPPORT; @@ -1353,10 +1359,16 @@ static int verify_newpolicy_info(struct xfrm_userpolicy_info *p) switch (p->sel.family) { case AF_INET: + if (p->sel.prefixlen_d > 32 || p->sel.prefixlen_s > 32) + return -EINVAL; + break; case AF_INET6: #if IS_ENABLED(CONFIG_IPV6) + if (p->sel.prefixlen_d > 128 || p->sel.prefixlen_s > 128) + return -EINVAL; + break; #else return -EAFNOSUPPORT; -- 2.17.1

6 years, 11 months

1
60
0 0

[PATCH AUTOSEL 4.18 001/100] xfrm: Validate address prefix lengths in the xfrm selector.

by Sasha Levin

From: Steffen Klassert <steffen.klassert(a)secunet.com> [ Upstream commit 07bf7908950a8b14e81aa1807e3c667eab39287a ] We don't validate the address prefix lengths in the xfrm selector we got from userspace. This can lead to undefined behaviour in the address matching functions if the prefix is too big for the given address family. Fix this by checking the prefixes and refuse SA/policy insertation when a prefix is invalid. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Reported-by: Air Icy <icytxw(a)gmail.com> Signed-off-by: Steffen Klassert <steffen.klassert(a)secunet.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- net/xfrm/xfrm_user.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 33878e6e0d0a..5151b3ebf068 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -151,10 +151,16 @@ static int verify_newsa_info(struct xfrm_usersa_info *p, err = -EINVAL; switch (p->family) { case AF_INET: + if (p->sel.prefixlen_d > 32 || p->sel.prefixlen_s > 32) + goto out; + break; case AF_INET6: #if IS_ENABLED(CONFIG_IPV6) + if (p->sel.prefixlen_d > 128 || p->sel.prefixlen_s > 128) + goto out; + break; #else err = -EAFNOSUPPORT; @@ -1359,10 +1365,16 @@ static int verify_newpolicy_info(struct xfrm_userpolicy_info *p) switch (p->sel.family) { case AF_INET: + if (p->sel.prefixlen_d > 32 || p->sel.prefixlen_s > 32) + return -EINVAL; + break; case AF_INET6: #if IS_ENABLED(CONFIG_IPV6) + if (p->sel.prefixlen_d > 128 || p->sel.prefixlen_s > 128) + return -EINVAL; + break; #else return -EAFNOSUPPORT; -- 2.17.1

6 years, 11 months

1
99
0 0

Re: [PATCH] powerpc/traps: restore recoverability of machine_check interrupts

by Christophe LEROY

Cc: stable(a)vger.kernel.org <stable(a)vger.kernel.org> Le 13/10/2018 à 11:16, Christophe Leroy a écrit : > commit b96672dd840f ("powerpc: Machine check interrupt is a non- > maskable interrupt") added a call to nmi_enter() at the beginning of > machine check restart exception handler. Due to that, in_interrupt() > always returns true regardless of the state before entering the > exception, and die() panics even when the system was not already in > interrupt. > > This patch calls nmi_exit() before calling die() in order to restore > the interrupt state we had before calling nmi_enter() > > Fixes: b96672dd840f ("powerpc: Machine check interrupt is a non-maskable interrupt") > Signed-off-by: Christophe Leroy <christophe.leroy(a)c-s.fr> > --- > arch/powerpc/kernel/traps.c | 9 +++++++-- > 1 file changed, 7 insertions(+), 2 deletions(-) > > diff --git a/arch/powerpc/kernel/traps.c b/arch/powerpc/kernel/traps.c > index fd58749b4d6b..4f880c2a6e4c 100644 > --- a/arch/powerpc/kernel/traps.c > +++ b/arch/powerpc/kernel/traps.c > @@ -765,12 +765,17 @@ void machine_check_exception(struct pt_regs *regs) > if (check_io_access(regs)) > goto bail; > > - die("Machine check", regs, SIGBUS); > - > /* Must die if the interrupt is not recoverable */ > if (!(regs->msr & MSR_RI)) > nmi_panic(regs, "Unrecoverable Machine check"); > > + if (!nested) > + nmi_exit(); > + > + die("Machine check", regs, SIGBUS); > + > + return; > + > bail: > if (!nested) > nmi_exit(); >

6 years, 11 months

2
1
0 0

[PATCH] ext4: Fix error code in ext4_xattr_set_entry()

by Daniel Rosenberg

ext4_xattr_set_entry should return EFSCORRUPTED instead of EIO for corrupted xattr entries. Fixes b469713e0c0c ("ext4: add corruption check in ext4_xattr_set_entry()") Signed-off-by: Daniel Rosenberg <drosen(a)google.com> --- Apply to 4.9 fs/ext4/xattr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c index c10180d0b0189..7d6da09e637b7 100644 --- a/fs/ext4/xattr.c +++ b/fs/ext4/xattr.c @@ -657,7 +657,7 @@ ext4_xattr_set_entry(struct ext4_xattr_info *i, struct ext4_xattr_search *s, next = EXT4_XATTR_NEXT(last); if ((void *)next >= s->end) { EXT4_ERROR_INODE(inode, "corrupted xattr entries"); - return -EIO; + return -EFSCORRUPTED; } if (last->e_value_size) { size_t offs = le16_to_cpu(last->e_value_offs); -- 2.19.1.331.ge82ca0e54c-goog

6 years, 11 months

1
0
0 0

[PATCH v2] ext4: add corruption check in ext4_xattr_set_entry()

by Daniel Rosenberg

From: Theodore Ts'o <tytso(a)mit.edu> commit 5369a762c882c0b6e9599e4ebbb3a9ba9eee7e2d upstream. In theory this should have been caught earlier when the xattr list was verified, but in case it got missed, it's simple enough to add check to make sure we don't overrun the xattr buffer. This addresses CVE-2018-10879. https://bugzilla.kernel.org/show_bug.cgi?id=200001 Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Reviewed-by: Andreas Dilger <adilger(a)dilger.ca> [bwh: Backported to 3.16: - Add inode parameter to ext4_xattr_set_entry() and update callers - Adjust context] Signed-off-by: Ben Hutchings <ben(a)decadent.org.uk> [adjusted for 4.4 context] Signed-off-by: Daniel Rosenberg <drosen(a)google.com> --- fs/ext4/xattr.c | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c index d0aaf338fa9fa..d6bae37489af0 100644 --- a/fs/ext4/xattr.c +++ b/fs/ext4/xattr.c @@ -638,14 +638,20 @@ static size_t ext4_xattr_free_space(struct ext4_xattr_entry *last, } static int -ext4_xattr_set_entry(struct ext4_xattr_info *i, struct ext4_xattr_search *s) +ext4_xattr_set_entry(struct ext4_xattr_info *i, struct ext4_xattr_search *s, + struct inode *inode) { - struct ext4_xattr_entry *last; + struct ext4_xattr_entry *last, *next; size_t free, min_offs = s->end - s->base, name_len = strlen(i->name); /* Compute min_offs and last. */ last = s->first; - for (; !IS_LAST_ENTRY(last); last = EXT4_XATTR_NEXT(last)) { + for (; !IS_LAST_ENTRY(last); last = next) { + next = EXT4_XATTR_NEXT(last); + if ((void *)next >= s->end) { + EXT4_ERROR_INODE(inode, "corrupted xattr entries"); + return -EFSCORRUPTED; + } if (!last->e_value_block && last->e_value_size) { size_t offs = le16_to_cpu(last->e_value_offs); if (offs < min_offs) @@ -825,7 +831,7 @@ ext4_xattr_block_set(handle_t *handle, struct inode *inode, ce = NULL; } ea_bdebug(bs->bh, "modifying in-place"); - error = ext4_xattr_set_entry(i, s); + error = ext4_xattr_set_entry(i, s, inode); if (!error) { if (!IS_LAST_ENTRY(s->first)) ext4_xattr_rehash(header(s->base), @@ -875,7 +881,7 @@ ext4_xattr_block_set(handle_t *handle, struct inode *inode, s->end = s->base + sb->s_blocksize; } - error = ext4_xattr_set_entry(i, s); + error = ext4_xattr_set_entry(i, s, inode); if (error == -EFSCORRUPTED) goto bad_block; if (error) @@ -1037,7 +1043,7 @@ int ext4_xattr_ibody_inline_set(handle_t *handle, struct inode *inode, if (EXT4_I(inode)->i_extra_isize == 0) return -ENOSPC; - error = ext4_xattr_set_entry(i, s); + error = ext4_xattr_set_entry(i, s, inode); if (error) { if (error == -ENOSPC && ext4_has_inline_data(inode)) { @@ -1049,7 +1055,7 @@ int ext4_xattr_ibody_inline_set(handle_t *handle, struct inode *inode, error = ext4_xattr_ibody_find(inode, i, is); if (error) return error; - error = ext4_xattr_set_entry(i, s); + error = ext4_xattr_set_entry(i, s, inode); } if (error) return error; @@ -1075,7 +1081,7 @@ static int ext4_xattr_ibody_set(handle_t *handle, struct inode *inode, if (EXT4_I(inode)->i_extra_isize == 0) return -ENOSPC; - error = ext4_xattr_set_entry(i, s); + error = ext4_xattr_set_entry(i, s, inode); if (error) return error; header = IHDR(inode, ext4_raw_inode(&is->iloc)); -- 2.19.1.331.ge82ca0e54c-goog

6 years, 11 months

1
0
0 0

[PATCH] Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15IGM

by Mikhail Nikiforov

Add ELAN061C to the ACPI table to support Elan touchpad found in Lenovo IdeaPad 330-15IGM. Signed-off-by: Mikhail Nikiforov <jackxviichaos(a)gmail.com> Cc: stable(a)vger.kernel.org --- drivers/input/mouse/elan_i2c_core.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/input/mouse/elan_i2c_core.c b/drivers/input/mouse/elan_i2c_core.c index f5ae24865355..b0f9d19b3410 100644 --- a/drivers/input/mouse/elan_i2c_core.c +++ b/drivers/input/mouse/elan_i2c_core.c @@ -1346,6 +1346,7 @@ static const struct acpi_device_id elan_acpi_id[] = { { "ELAN0611", 0 }, { "ELAN0612", 0 }, { "ELAN0618", 0 }, + { "ELAN061C", 0 }, { "ELAN061D", 0 }, { "ELAN0622", 0 }, { "ELAN1000", 0 }, -- 2.17.1

6 years, 11 months

2
1
0 0

[PATCH] acpi, nfit: Fix Address Range Scrub completion tracking

by Dan Williams

The Address Range Scrub implementation tried to skip running scrubs against ranges that were already scrubbed by the BIOS. Unfortunately that support also resulted in early scrub completions as evidenced by this debug output from nfit_test: nd_region region9: ARS: range 1 short complete nd_region region3: ARS: range 1 short complete nd_region region4: ARS: range 2 ARS start (0) nd_region region4: ARS: range 2 short complete ...i.e. completions without any indications that the scrub was started. This state of affairs was hard to see in the code due to the proliferation of state bits and mistakenly trying to track done state per-range when the completion is a global property of the bus. So, kill the four ARS state bits (ARS_REQ, ARS_REQ_REDO, ARS_DONE, and ARS_SHORT), and replace them with just 2 request flags ARS_REQ_SHORT and ARS_REQ_LONG. The implementation will still complete and reap the results of BIOS initiated ARS, but it will not attempt to use that information to affect the completion status of scrubbing the ranges from a Linux perspective. Instead, try to synchronously run a short ARS per range at init time and schedule a long scrub in the background. If ARS is busy with an ARS request schedule both a short and a long scrub for when ARS returns to idle. This logic also satisfies the intent of what ARS_REQ_REDO was trying to achieve. The new rule is that the REQ flag stays set until the next successful ars_start() for that range. With the new policy that the REQ flags are not cleared until the next start, the implementation no longer loses requests as can be seen from the following log: nd_region region3: ARS: range 1 ARS start short (0) nd_region region9: ARS: range 1 ARS start short (0) nd_region region3: ARS: range 1 complete nd_region region4: ARS: range 2 ARS start short (0) nd_region region9: ARS: range 1 complete nd_region region9: ARS: range 1 ARS start long (0) nd_region region4: ARS: range 2 complete nd_region region3: ARS: range 1 ARS start long (0) nd_region region9: ARS: range 1 complete nd_region region3: ARS: range 1 complete nd_region region4: ARS: range 2 ARS start long (0) nd_region region4: ARS: range 2 complete ...note that the nfit_test emulated driver provides 2 buses, that is why some of the range indices are duplicated. Notice that each range now successfully completes a short and long scrub. Cc: <stable(a)vger.kernel.org> Fixes: 14c73f997a5e ("nfit, address-range-scrub: introduce nfit_spa->ars_state") Fixes: cc3d3458d46f ("acpi/nfit: queue issuing of ars when an uc error...") Reported-by: Jacek Zloch <jacek.zloch(a)intel.com> Reported-by: Krzysztof Rusocki <krzysztof.rusocki(a)intel.com> Signed-off-by: Dan Williams <dan.j.williams(a)intel.com> --- drivers/acpi/nfit/core.c | 169 ++++++++++++++++++++++++++-------------------- drivers/acpi/nfit/nfit.h | 10 +-- 2 files changed, 101 insertions(+), 78 deletions(-) diff --git a/drivers/acpi/nfit/core.c b/drivers/acpi/nfit/core.c index a0dfbcf8220d..f7efcd9843e0 100644 --- a/drivers/acpi/nfit/core.c +++ b/drivers/acpi/nfit/core.c @@ -2572,7 +2572,8 @@ static int ars_get_cap(struct acpi_nfit_desc *acpi_desc, return cmd_rc; } -static int ars_start(struct acpi_nfit_desc *acpi_desc, struct nfit_spa *nfit_spa) +static int ars_start(struct acpi_nfit_desc *acpi_desc, + struct nfit_spa *nfit_spa, enum nfit_ars_state req_type) { int rc; int cmd_rc; @@ -2583,7 +2584,7 @@ static int ars_start(struct acpi_nfit_desc *acpi_desc, struct nfit_spa *nfit_spa memset(&ars_start, 0, sizeof(ars_start)); ars_start.address = spa->address; ars_start.length = spa->length; - if (test_bit(ARS_SHORT, &nfit_spa->ars_state)) + if (req_type == ARS_REQ_SHORT) ars_start.flags = ND_ARS_RETURN_PREV_DATA; if (nfit_spa_type(spa) == NFIT_SPA_PM) ars_start.type = ND_ARS_PERSISTENT; @@ -2640,6 +2641,15 @@ static void ars_complete(struct acpi_nfit_desc *acpi_desc, struct nd_region *nd_region = nfit_spa->nd_region; struct device *dev; + lockdep_assert_held(&acpi_desc->init_mutex); + /* + * Only advance the ARS state for ARS runs initiated by the + * kernel, ignore ARS results from BIOS initiated runs for scrub + * completion tracking. + */ + if (acpi_desc->scrub_spa != nfit_spa) + return; + if ((ars_status->address >= spa->address && ars_status->address < spa->address + spa->length) || (ars_status->address < spa->address)) { @@ -2659,28 +2669,13 @@ static void ars_complete(struct acpi_nfit_desc *acpi_desc, } else return; - if (test_bit(ARS_DONE, &nfit_spa->ars_state)) - return; - - if (!test_and_clear_bit(ARS_REQ, &nfit_spa->ars_state)) - return; - + acpi_desc->scrub_spa = NULL; if (nd_region) { dev = nd_region_dev(nd_region); nvdimm_region_notify(nd_region, NVDIMM_REVALIDATE_POISON); } else dev = acpi_desc->dev; - - dev_dbg(dev, "ARS: range %d %s complete\n", spa->range_index, - test_bit(ARS_SHORT, &nfit_spa->ars_state) - ? "short" : "long"); - clear_bit(ARS_SHORT, &nfit_spa->ars_state); - if (test_and_clear_bit(ARS_REQ_REDO, &nfit_spa->ars_state)) { - set_bit(ARS_SHORT, &nfit_spa->ars_state); - set_bit(ARS_REQ, &nfit_spa->ars_state); - dev_dbg(dev, "ARS: processing scrub request received while in progress\n"); - } else - set_bit(ARS_DONE, &nfit_spa->ars_state); + dev_dbg(dev, "ARS: range %d complete\n", spa->range_index); } static int ars_status_process_records(struct acpi_nfit_desc *acpi_desc) @@ -2961,46 +2956,55 @@ static int acpi_nfit_query_poison(struct acpi_nfit_desc *acpi_desc) return 0; } -static int ars_register(struct acpi_nfit_desc *acpi_desc, struct nfit_spa *nfit_spa, - int *query_rc) +static int ars_register(struct acpi_nfit_desc *acpi_desc, + struct nfit_spa *nfit_spa) { - int rc = *query_rc; + int rc; - if (no_init_ars) + if (no_init_ars || test_bit(ARS_FAILED, &nfit_spa->ars_state)) return acpi_nfit_register_region(acpi_desc, nfit_spa); - set_bit(ARS_REQ, &nfit_spa->ars_state); - set_bit(ARS_SHORT, &nfit_spa->ars_state); + set_bit(ARS_REQ_SHORT, &nfit_spa->ars_state); + set_bit(ARS_REQ_LONG, &nfit_spa->ars_state); - switch (rc) { + switch (acpi_nfit_query_poison(acpi_desc)) { case 0: case -EAGAIN: - rc = ars_start(acpi_desc, nfit_spa); - if (rc == -EBUSY) { - *query_rc = rc; + rc = ars_start(acpi_desc, nfit_spa, ARS_REQ_SHORT); + /* shouldn't happen, try again later */ + if (rc == -EBUSY) break; - } else if (rc == 0) { - rc = acpi_nfit_query_poison(acpi_desc); - } else { + if (rc) { set_bit(ARS_FAILED, &nfit_spa->ars_state); break; } - if (rc == -EAGAIN) - clear_bit(ARS_SHORT, &nfit_spa->ars_state); - else if (rc == 0) - ars_complete(acpi_desc, nfit_spa); + clear_bit(ARS_REQ_SHORT, &nfit_spa->ars_state); + rc = acpi_nfit_query_poison(acpi_desc); + if (rc) + break; + acpi_desc->scrub_spa = nfit_spa; + ars_complete(acpi_desc, nfit_spa); + /* + * If ars_complete() says we didn't complete the + * short scrub, we'll try again with a long + * request. + */ + acpi_desc->scrub_spa = NULL; break; case -EBUSY: + case -ENOMEM: case -ENOSPC: + /* + * BIOS was using ARS, wait for it to complete (or + * resources to become available) and then perform our + * own scrubs. + */ break; default: set_bit(ARS_FAILED, &nfit_spa->ars_state); break; } - if (test_and_clear_bit(ARS_DONE, &nfit_spa->ars_state)) - set_bit(ARS_REQ, &nfit_spa->ars_state); - return acpi_nfit_register_region(acpi_desc, nfit_spa); } @@ -3022,6 +3026,8 @@ static unsigned int __acpi_nfit_scrub(struct acpi_nfit_desc *acpi_desc, struct device *dev = acpi_desc->dev; struct nfit_spa *nfit_spa; + lockdep_assert_held(&acpi_desc->init_mutex); + if (acpi_desc->cancel) return 0; @@ -3045,21 +3051,49 @@ static unsigned int __acpi_nfit_scrub(struct acpi_nfit_desc *acpi_desc, ars_complete_all(acpi_desc); list_for_each_entry(nfit_spa, &acpi_desc->spas, list) { + enum nfit_ars_state req_type; + int rc; + if (test_bit(ARS_FAILED, &nfit_spa->ars_state)) continue; - if (test_bit(ARS_REQ, &nfit_spa->ars_state)) { - int rc = ars_start(acpi_desc, nfit_spa); - - clear_bit(ARS_DONE, &nfit_spa->ars_state); - dev = nd_region_dev(nfit_spa->nd_region); - dev_dbg(dev, "ARS: range %d ARS start (%d)\n", - nfit_spa->spa->range_index, rc); - if (rc == 0 || rc == -EBUSY) - return 1; - dev_err(dev, "ARS: range %d ARS failed (%d)\n", - nfit_spa->spa->range_index, rc); - set_bit(ARS_FAILED, &nfit_spa->ars_state); + + /* prefer short ARS requests first */ + if (test_bit(ARS_REQ_SHORT, &nfit_spa->ars_state)) + req_type = ARS_REQ_SHORT; + else if (test_bit(ARS_REQ_LONG, &nfit_spa->ars_state)) + req_type = ARS_REQ_LONG; + else + continue; + rc = ars_start(acpi_desc, nfit_spa, req_type); + + dev = nd_region_dev(nfit_spa->nd_region); + dev_dbg(dev, "ARS: range %d ARS start %s (%d)\n", + nfit_spa->spa->range_index, + req_type == ARS_REQ_SHORT ? "short" : "long", + rc); + /* + * Hmm, we raced someone else starting ARS? Try again in + * a bit. + */ + if (rc == -EBUSY) + return 1; + if (rc == 0) { + dev_WARN_ONCE(dev, acpi_desc->scrub_spa, + "scrub start while range %d active\n", + acpi_desc->scrub_spa->spa->range_index); + clear_bit(req_type, &nfit_spa->ars_state); + acpi_desc->scrub_spa = nfit_spa; + /* + * Consider this spa last for future scrub + * requests + */ + list_move_tail(&nfit_spa->list, &acpi_desc->spas); + return 1; } + + dev_err(dev, "ARS: range %d ARS failed (%d)\n", + nfit_spa->spa->range_index, rc); + set_bit(ARS_FAILED, &nfit_spa->ars_state); } return 0; } @@ -3115,6 +3149,7 @@ static void acpi_nfit_init_ars(struct acpi_nfit_desc *acpi_desc, struct nd_cmd_ars_cap ars_cap; int rc; + set_bit(ARS_FAILED, &nfit_spa->ars_state); memset(&ars_cap, 0, sizeof(ars_cap)); rc = ars_get_cap(acpi_desc, &ars_cap, nfit_spa); if (rc < 0) @@ -3131,16 +3166,14 @@ static void acpi_nfit_init_ars(struct acpi_nfit_desc *acpi_desc, nfit_spa->clear_err_unit = ars_cap.clear_err_unit; acpi_desc->max_ars = max(nfit_spa->max_ars, acpi_desc->max_ars); clear_bit(ARS_FAILED, &nfit_spa->ars_state); - set_bit(ARS_REQ, &nfit_spa->ars_state); } static int acpi_nfit_register_regions(struct acpi_nfit_desc *acpi_desc) { struct nfit_spa *nfit_spa; - int rc, query_rc; + int rc; list_for_each_entry(nfit_spa, &acpi_desc->spas, list) { - set_bit(ARS_FAILED, &nfit_spa->ars_state); switch (nfit_spa_type(nfit_spa->spa)) { case NFIT_SPA_VOLATILE: case NFIT_SPA_PM: @@ -3149,20 +3182,12 @@ static int acpi_nfit_register_regions(struct acpi_nfit_desc *acpi_desc) } } - /* - * Reap any results that might be pending before starting new - * short requests. - */ - query_rc = acpi_nfit_query_poison(acpi_desc); - if (query_rc == 0) - ars_complete_all(acpi_desc); - list_for_each_entry(nfit_spa, &acpi_desc->spas, list) switch (nfit_spa_type(nfit_spa->spa)) { case NFIT_SPA_VOLATILE: case NFIT_SPA_PM: /* register regions and kick off initial ARS run */ - rc = ars_register(acpi_desc, nfit_spa, &query_rc); + rc = ars_register(acpi_desc, nfit_spa); if (rc) return rc; break; @@ -3374,7 +3399,8 @@ static int acpi_nfit_clear_to_send(struct nvdimm_bus_descriptor *nd_desc, return __acpi_nfit_clear_to_send(nd_desc, nvdimm, cmd); } -int acpi_nfit_ars_rescan(struct acpi_nfit_desc *acpi_desc, unsigned long flags) +int acpi_nfit_ars_rescan(struct acpi_nfit_desc *acpi_desc, + enum nfit_ars_state req_type) { struct device *dev = acpi_desc->dev; int scheduled = 0, busy = 0; @@ -3394,14 +3420,10 @@ int acpi_nfit_ars_rescan(struct acpi_nfit_desc *acpi_desc, unsigned long flags) if (test_bit(ARS_FAILED, &nfit_spa->ars_state)) continue; - if (test_and_set_bit(ARS_REQ, &nfit_spa->ars_state)) { + if (test_and_set_bit(req_type, &nfit_spa->ars_state)) busy++; - set_bit(ARS_REQ_REDO, &nfit_spa->ars_state); - } else { - if (test_bit(ARS_SHORT, &flags)) - set_bit(ARS_SHORT, &nfit_spa->ars_state); + else scheduled++; - } } if (scheduled) { sched_ars(acpi_desc); @@ -3587,10 +3609,11 @@ static void acpi_nfit_update_notify(struct device *dev, acpi_handle handle) static void acpi_nfit_uc_error_notify(struct device *dev, acpi_handle handle) { struct acpi_nfit_desc *acpi_desc = dev_get_drvdata(dev); - unsigned long flags = (acpi_desc->scrub_mode == HW_ERROR_SCRUB_ON) ? - 0 : 1 << ARS_SHORT; - acpi_nfit_ars_rescan(acpi_desc, flags); + if (acpi_desc->scrub_mode == HW_ERROR_SCRUB_ON) + acpi_nfit_ars_rescan(acpi_desc, ARS_REQ_LONG); + else + acpi_nfit_ars_rescan(acpi_desc, ARS_REQ_SHORT); } void __acpi_nfit_notify(struct device *dev, acpi_handle handle, u32 event) diff --git a/drivers/acpi/nfit/nfit.h b/drivers/acpi/nfit/nfit.h index 8c1af38a5dee..a7d95b427efd 100644 --- a/drivers/acpi/nfit/nfit.h +++ b/drivers/acpi/nfit/nfit.h @@ -133,10 +133,8 @@ enum nfit_dimm_notifiers { }; enum nfit_ars_state { - ARS_REQ, - ARS_REQ_REDO, - ARS_DONE, - ARS_SHORT, + ARS_REQ_SHORT, + ARS_REQ_LONG, ARS_FAILED, }; @@ -223,6 +221,7 @@ struct acpi_nfit_desc { struct device *dev; u8 ars_start_flags; struct nd_cmd_ars_status *ars_status; + struct nfit_spa *scrub_spa; struct delayed_work dwork; struct list_head list; struct kernfs_node *scrub_count_state; @@ -277,7 +276,8 @@ struct nfit_blk { extern struct list_head acpi_descs; extern struct mutex acpi_desc_lock; -int acpi_nfit_ars_rescan(struct acpi_nfit_desc *acpi_desc, unsigned long flags); +int acpi_nfit_ars_rescan(struct acpi_nfit_desc *acpi_desc, + enum nfit_ars_state req_type); #ifdef CONFIG_X86_MCE void nfit_mce_register(void);

6 years, 11 months

2
1
0 0

Working test 5

by Judy

Did you get my email from last week? Let me know if you have photos for cutting out or retouching? We are an image team who can do editing for your the web store photos, industry photos or portrait photos. Send photos, we will do testing for you to check quality. Waiting for your reply soon. Thanks, Judy

6 years, 11 months

1
0
0 0

[PATCH] afs: Fix clearance of reply

by David Howells

The recent patch to fix the afs_server struct leak didn't actually fix the bug, but rather fixed some of the symptoms. The problem is that an asynchronous call that holds a resource pointed to by call->reply[0] will find the pointer cleared in the call destructor, thereby preventing the resource from being cleaned up. In the case of the server record leak, the afs_fs_get_capabilities() function in devel code sets up a call with reply[0] pointing at the server record that should be altered when the result is obtained, but this was being cleared before the destructor was called, so the put in the destructor does nothing and the record is leaked. Commit f014ffb025c1 removed the additional ref obtained by afs_install_server(), but the removal of this ref is actually used by the garbage collector to mark a server record as being defunct after the record has expired through lack of use. The offending clearance of call->reply[0] upon completion in afs_process_async_call() has been there from the origin of the code, but none of the asynchronous calls actually use that pointer currently, so it should be safe to remove (note that synchronous calls don't involve this function). Fix this by the following means: (1) Revert commit f014ffb025c1. (2) Remove the clearance of reply[0] from afs_process_async_call(). Without this, afs_manage_servers() will suffer an assertion failure if it sees a server record that didn't get used because the usage count is not 1. Fixes: f014ffb025c1 ("afs: Fix afs_server struct leak") Fixes: 08e0e7c82eea ("[AF_RXRPC]: Make the in-kernel AFS filesystem use AF_RXRPC.") Signed-off-by: David Howells <dhowells(a)redhat.com> --- fs/afs/rxrpc.c | 2 -- fs/afs/server.c | 2 -- 2 files changed, 4 deletions(-) diff --git a/fs/afs/rxrpc.c b/fs/afs/rxrpc.c index 748b37b130a2..9bbb8af000b4 100644 --- a/fs/afs/rxrpc.c +++ b/fs/afs/rxrpc.c @@ -620,8 +620,6 @@ static void afs_process_async_call(struct work_struct *work) } if (call->state == AFS_CALL_COMPLETE) { - call->reply[0] = NULL; - /* We have two refs to release - one from the alloc and one * queued with the work item - and we can't just deallocate the * call because the work item may be queued again. diff --git a/fs/afs/server.c b/fs/afs/server.c index d5ef05e24e18..1a087eb8f2d7 100644 --- a/fs/afs/server.c +++ b/fs/afs/server.c @@ -199,11 +199,9 @@ static struct afs_server *afs_install_server(struct afs_net *net, write_sequnlock(&net->fs_addr_lock); ret = 0; - goto out; exists: afs_get_server(server); -out: write_sequnlock(&net->fs_lock); return server; }

6 years, 11 months

2
1
0 0

[git:media_tree/master] media: cec: forgot to cancel delayed work

by Mauro Carvalho Chehab

This is an automatic generated email to let you know that the following patch were queued: Subject: media: cec: forgot to cancel delayed work Author: Hans Verkuil <hverkuil(a)xs4all.nl> Date: Mon Oct 15 06:14:22 2018 -0400 If the wait for completion was interrupted, then make sure to cancel any delayed work. This can only happen if a transmit is waiting for a reply, and you press Ctrl-C or reboot/poweroff or something like that which interrupts the thread waiting for the reply and then proceeds to delete the CEC message. Since the delayed work wasn't canceled, once it would trigger it referred to stale data and resulted in a kernel oops. Fixes: 7ec2b3b941a6 ("cec: add new tx/rx status bits to detect aborts/timeouts") Signed-off-by: Hans Verkuil <hans.verkuil(a)cisco.com> Cc: <stable(a)vger.kernel.org> # for v4.18 and up Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> drivers/media/cec/cec-adap.c | 2 ++ 1 file changed, 2 insertions(+) --- diff --git a/drivers/media/cec/cec-adap.c b/drivers/media/cec/cec-adap.c index 0c0d9107383e..31d1f4ab915e 100644 --- a/drivers/media/cec/cec-adap.c +++ b/drivers/media/cec/cec-adap.c @@ -844,6 +844,8 @@ int cec_transmit_msg_fh(struct cec_adapter *adap, struct cec_msg *msg, */ mutex_unlock(&adap->lock); wait_for_completion_killable(&data->c); + if (!data->completed) + cancel_delayed_work_sync(&data->work); mutex_lock(&adap->lock); /* Cancel the transmit if it was interrupted */

6 years, 11 months

1
0
0 0

[PATCHv5 0/7] tty: Hold write ldisc sem in tty_reopen()

by Dmitry Safonov

Hi all, Three fixes that worth to have in the @stable, as they were hit by different people, including Arista on v4.9 stable. And for linux-next - adding lockdep asserts for line discipline changing code, verifying that write ldisc sem will be held forthwith. The last patch is an optional and probably, timeout can be dropped for read_lock(). I'll do it if everyone agrees. (Or as per discussion with Peter in v3, just convert ldisc to a regular rwsem). Thanks, Dima Changes since v4: - back to lock ldisc with (5*HZ) timeout in tty_reopen() (LKP report link: lkml.kernel.org/r/<1536940609.3185.29.camel(a)arista.com>) - reordered 3/7 with 2/7 for LKP robot Changes since v3: - Added tested-by Mark Rutland (thanks!) - Dropped patch with smp_wmb() - wrong idea - lockdep_assert_held() should be actually lockdep_assert_held_exclusive() - Described why tty_ldisc_open() can be called without ldisc_sem held for pty slave end (o_tty). - Added Peter's patch for dropping self-made lockdep annotations - Fix for a reader(s) of ldisc semaphore waiting for an active reader(s) Changes since v2: - Added reviewed-by tags - Hopefully, fixed reported by 0-day issue. - Added optional fix for wait_readers decrement Changes since v1: - Added tested-by/reported-by tags - Dropped 3/4 (locking tty pair for lockdep sake), Because of that - not adding lockdep_assert_held() in tty_ldisc_open() - Added 4/4 cleanup to inc tty->count only on success of tty_ldisc_reinit() - lock ldisc without (5*HZ) timeout in tty_reopen() v1 link: lkml.kernel.org/r/<20180829022353.23568-1-dima(a)arista.com> v2 link: lkml.kernel.org/r/<20180903165257.29227-1-dima(a)arista.com> v3 link: lkml.kernel.org/r/<20180911014821.26286-1-dima(a)arista.com> v4 link: lkml.kernel.org/r/<20180912001702.18522-1-dima(a)arista.com> Cc: Daniel Axtens <dja(a)axtens.net> Cc: Dmitry Vyukov <dvyukov(a)google.com> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Michael Neuling <mikey(a)neuling.org> Cc: Mikulas Patocka <mpatocka(a)redhat.com> Cc: Nathan March <nathan(a)gt.net> Cc: Pasi Kärkkäinen <pasik(a)iki.fi> Cc: Peter Hurley <peter(a)hurleysoftware.com> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: "Rong, Chen" <rong.a.chen(a)intel.com> Cc: Sergey Senozhatsky <sergey.senozhatsky.work(a)gmail.com> Cc: Tan Xiaojun <tanxiaojun(a)huawei.com> Cc: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> (please, ignore if I Cc'ed you mistakenly) Dmitry Safonov (6): tty: Drop tty->count on tty_reopen() failure tty/ldsem: Wake up readers after timed out down_write() tty: Hold tty_ldisc_lock() during tty_reopen() tty: Simplify tty->count math in tty_reopen() tty/ldsem: Add lockdep asserts for ldisc_sem tty/ldsem: Decrement wait_readers on timeouted down_read() Peter Zijlstra (1): tty/ldsem: Convert to regular lockdep annotations drivers/tty/tty_io.c | 13 ++++++++--- drivers/tty/tty_ldisc.c | 9 +++++++ drivers/tty/tty_ldsem.c | 62 ++++++++++++++++++++----------------------------- 3 files changed, 44 insertions(+), 40 deletions(-) -- 2.13.6

6 years, 11 months

4
13
0 0

[PATCH] fs: fix possible Spectre V1 indexing in __close_fd()

by Greg Hackmann

__close_fd() is reachable via the close() syscall with a userspace-controlled fd. Ensure that it can't be used to speculatively access past the end of current->fdt. Reported-by: Omer Tripp <trippo(a)google.com> Cc: stable(a)vger.kernel.org Signed-off-by: Greg Hackmann <ghackmann(a)google.com> --- fs/file.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/file.c b/fs/file.c index 7ffd6e9d103d..a80cf82be96b 100644 --- a/fs/file.c +++ b/fs/file.c @@ -18,6 +18,7 @@ #include <linux/bitops.h> #include <linux/spinlock.h> #include <linux/rcupdate.h> +#include <linux/nospec.h> unsigned int sysctl_nr_open __read_mostly = 1024*1024; unsigned int sysctl_nr_open_min = BITS_PER_LONG; @@ -626,6 +627,7 @@ int __close_fd(struct files_struct *files, unsigned fd) fdt = files_fdtable(files); if (fd >= fdt->max_fds) goto out_unlock; + fd = array_index_nospec(fd, fdt->max_fds); file = fdt->fd[fd]; if (!file) goto out_unlock; -- 2.19.0.397.gdd90340f6a-goog

6 years, 11 months

2
2
0 0

Apply For Affordable Loan Offer

by rifat

Do you need a loan? If YES Kindly contact us via: citigrouploaninvestment(a)aol.com

6 years, 11 months

1
0
0 0

Re: [PATCH 3.16 194/366] drivers: tty: Merge alloc_tty_struct and initialize_tty_struct

by Ben Hutchings

On Sun, 2018-10-14 at 19:22 +0200, Rasmus Villemoes wrote: > IIRC, I messed up back then, so you'll need some followup as well, but I'm > on my phone ATM. I guess that's commit 07584d4a356e "drivers: tty: Fix use-after-free in pty_common_install"? I missed that but will add it now. > I assume you're taking this to make it easier to backport > some actual fix? This is required as preparation for commit 903f9db10f18 "tty: Don't call panic() at tty_ldisc_init()". Ben. > > On Sun, Oct 14, 2018, 17:39 Ben Hutchings <ben(a)decadent.org.uk> wrote: > > > 3.16.60-rc1 review patch. If anyone has any objections, please let me > > know. > > > > ------------------ > > > > From: Rasmus Villemoes <linux(a)rasmusvillemoes.dk> > > > > commit 2c964a2f4191f2229566895f1a0e85f8339f5dd1 upstream. > > > > The two functions alloc_tty_struct and initialize_tty_struct are > > always called together. Merge them into alloc_tty_struct, updating its > > prototype and the only two callers of these functions. > > > > Signed-off-by: Rasmus Villemoes <linux(a)rasmusvillemoes.dk> > > Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> > > Signed-off-by: Ben Hutchings <ben(a)decadent.org.uk> > > --- > > drivers/tty/pty.c | 19 +++++++++---------- > > drivers/tty/tty_io.c | 37 +++++++++++++------------------------ > > include/linux/tty.h | 4 +--- > > 3 files changed, 23 insertions(+), 37 deletions(-) > > > > --- a/drivers/tty/pty.c > > +++ b/drivers/tty/pty.c > > @@ -319,7 +319,7 @@ done: > > * pty_common_install - set up the pty pair > > * @driver: the pty driver > > * @tty: the tty being instantiated > > - * @bool: legacy, true if this is BSD style > > + * @legacy: true if this is BSD style > > * > > * Perform the initial set up for the tty/pty pair. Called from the > > * tty layer when the port is first opened. > > @@ -334,18 +334,17 @@ static int pty_common_install(struct tty > > int idx = tty->index; > > int retval = -ENOMEM; > > > > - o_tty = alloc_tty_struct(); > > - if (!o_tty) > > - goto err; > > ports[0] = kmalloc(sizeof **ports, GFP_KERNEL); > > ports[1] = kmalloc(sizeof **ports, GFP_KERNEL); > > if (!ports[0] || !ports[1]) > > - goto err_free_tty; > > + goto err; > > if (!try_module_get(driver->other->owner)) { > > /* This cannot in fact currently happen */ > > - goto err_free_tty; > > + goto err; > > } > > - initialize_tty_struct(o_tty, driver->other, idx); > > + o_tty = alloc_tty_struct(driver->other, idx); > > + if (!o_tty) > > + goto err_put_module; > > > > if (legacy) { > > /* We always use new tty termios data so we can do this > > @@ -390,12 +389,12 @@ err_free_termios: > > tty_free_termios(tty); > > err_deinit_tty: > > deinitialize_tty_struct(o_tty); > > + free_tty_struct(o_tty); > > +err_put_module: > > module_put(o_tty->driver->owner); > > -err_free_tty: > > +err: > > kfree(ports[0]); > > kfree(ports[1]); > > - free_tty_struct(o_tty); > > -err: > > return retval; > > } > > > > --- a/drivers/tty/tty_io.c > > +++ b/drivers/tty/tty_io.c > > @@ -157,20 +157,6 @@ static void __proc_set_tty(struct task_s > > static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty); > > > > /** > > - * alloc_tty_struct - allocate a tty object > > - * > > - * Return a new empty tty structure. The data fields have not > > - * been initialized in any way but has been zeroed > > - * > > - * Locking: none > > - */ > > - > > -struct tty_struct *alloc_tty_struct(void) > > -{ > > - return kzalloc(sizeof(struct tty_struct), GFP_KERNEL); > > -} > > - > > -/** > > * free_tty_struct - free a disused tty > > * @tty: tty struct to free > > * > > @@ -1455,12 +1441,11 @@ struct tty_struct *tty_init_dev(struct t > > if (!try_module_get(driver->owner)) > > return ERR_PTR(-ENODEV); > > > > - tty = alloc_tty_struct(); > > + tty = alloc_tty_struct(driver, idx); > > if (!tty) { > > retval = -ENOMEM; > > goto err_module_put; > > } > > - initialize_tty_struct(tty, driver, idx); > > > > tty_lock(tty); > > retval = tty_driver_install_tty(driver, tty); > > @@ -3034,19 +3019,21 @@ static struct device *tty_get_device(str > > > > > > /** > > - * initialize_tty_struct > > - * @tty: tty to initialize > > + * alloc_tty_struct > > * > > - * This subroutine initializes a tty structure that has been newly > > - * allocated. > > + * This subroutine allocates and initializes a tty structure. > > * > > - * Locking: none - tty in question must not be exposed at this point > > + * Locking: none - tty in question is not exposed at this point > > */ > > > > -void initialize_tty_struct(struct tty_struct *tty, > > - struct tty_driver *driver, int idx) > > +struct tty_struct *alloc_tty_struct(struct tty_driver *driver, int idx) > > { > > - memset(tty, 0, sizeof(struct tty_struct)); > > + struct tty_struct *tty; > > + > > + tty = kzalloc(sizeof(*tty), GFP_KERNEL); > > + if (!tty) > > + return NULL; > > + > > kref_init(&tty->kref); > > tty->magic = TTY_MAGIC; > > tty_ldisc_init(tty); > > @@ -3070,6 +3057,8 @@ void initialize_tty_struct(struct tty_st > > tty->index = idx; > > tty_line_name(driver, idx, tty->name); > > tty->dev = tty_get_device(tty); > > + > > + return tty; > > } > > > > /** > > --- a/include/linux/tty.h > > +++ b/include/linux/tty.h > > @@ -477,13 +477,11 @@ extern int tty_mode_ioctl(struct tty_str > > unsigned int cmd, unsigned long arg); > > extern int tty_perform_flush(struct tty_struct *tty, unsigned long arg); > > extern void tty_default_fops(struct file_operations *fops); > > -extern struct tty_struct *alloc_tty_struct(void); > > +extern struct tty_struct *alloc_tty_struct(struct tty_driver *driver, int > > idx); > > extern int tty_alloc_file(struct file *file); > > extern void tty_add_file(struct tty_struct *tty, struct file *file); > > extern void tty_free_file(struct file *file); > > extern void free_tty_struct(struct tty_struct *tty); > > -extern void initialize_tty_struct(struct tty_struct *tty, > > - struct tty_driver *driver, int idx); > > extern void deinitialize_tty_struct(struct tty_struct *tty); > > extern struct tty_struct *tty_init_dev(struct tty_driver *driver, int > > idx); > > extern int tty_release(struct inode *inode, struct file *filp); > > > > -- Ben Hutchings I haven't lost my mind; it's backed up on tape somewhere.

6 years, 11 months

1
0
0 0

What is the expected date of release for 4.19

by salil GK

Hello I would like to know the expected date of release of 4.19 kernel. Thanks ~S

6 years, 11 months

2
1
0 0

URGENT RESPONSE NEEDED

by Sean Kim.

Hello my dear. Did you receive my email message to you? Please, get back to me ASAP as the matter is becoming late. Expecting your urgent response. Sean.

6 years, 11 months

1
0
0 0

patch "usb: xhci: pci: Enable Intel USB role mux on Apollo Lake platforms" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: xhci: pci: Enable Intel USB role mux on Apollo Lake platforms to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From c02588a352defaf985fc1816eb6232663159e1b8 Mon Sep 17 00:00:00 2001 From: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Date: Mon, 1 Oct 2018 18:53:05 +0300 Subject: usb: xhci: pci: Enable Intel USB role mux on Apollo Lake platforms Intel Apollo Lake has the same internal USB role mux as Intel Cherry Trail. Cc: <stable(a)vger.kernel.org> Signed-off-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/host/xhci-pci.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/usb/host/xhci-pci.c b/drivers/usb/host/xhci-pci.c index 722860eb5a91..51dd8e00c4f8 100644 --- a/drivers/usb/host/xhci-pci.c +++ b/drivers/usb/host/xhci-pci.c @@ -179,10 +179,12 @@ static void xhci_pci_quirks(struct device *dev, struct xhci_hcd *xhci) xhci->quirks |= XHCI_PME_STUCK_QUIRK; } if (pdev->vendor == PCI_VENDOR_ID_INTEL && - pdev->device == PCI_DEVICE_ID_INTEL_CHERRYVIEW_XHCI) { + pdev->device == PCI_DEVICE_ID_INTEL_CHERRYVIEW_XHCI) xhci->quirks |= XHCI_SSIC_PORT_UNUSED; + if (pdev->vendor == PCI_VENDOR_ID_INTEL && + (pdev->device == PCI_DEVICE_ID_INTEL_CHERRYVIEW_XHCI || + pdev->device == PCI_DEVICE_ID_INTEL_APL_XHCI)) xhci->quirks |= XHCI_INTEL_USB_ROLE_SW; - } if (pdev->vendor == PCI_VENDOR_ID_INTEL && (pdev->device == PCI_DEVICE_ID_INTEL_CHERRYVIEW_XHCI || pdev->device == PCI_DEVICE_ID_INTEL_SUNRISEPOINT_LP_XHCI || -- 2.19.1

6 years, 11 months

1
0
0 0

patch "usb: roles: intel_xhci: Fix Unbalanced pm_runtime_enable" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: roles: intel_xhci: Fix Unbalanced pm_runtime_enable to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 009b1948e153ae448f62f1887e2b58d0e05db51b Mon Sep 17 00:00:00 2001 From: Wan Ahmad Zainie <wan.ahmad.zainie.wan.mohamad(a)intel.com> Date: Tue, 9 Oct 2018 12:52:47 +0800 Subject: usb: roles: intel_xhci: Fix Unbalanced pm_runtime_enable Add missing pm_runtime_disable() to remove(), in order to avoid an Unbalanced pm_runtime_enable when the module is removed and re-probed. Error log: root@intel-corei7-64:~# modprobe -r intel_xhci_usb_role_switch root@intel-corei7-64:~# modprobe intel_xhci_usb_role_switch intel_xhci_usb_sw intel_xhci_usb_sw: Unbalanced pm_runtime_enable! Fixes: cb2968468605 (usb: roles: intel_xhci: Enable runtime PM) Cc: <stable(a)vger.kernel.org> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Signed-off-by: Wan Ahmad Zainie <wan.ahmad.zainie.wan.mohamad(a)intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/roles/intel-xhci-usb-role-switch.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/usb/roles/intel-xhci-usb-role-switch.c b/drivers/usb/roles/intel-xhci-usb-role-switch.c index 1fb3dd0f1dfa..277de96181f9 100644 --- a/drivers/usb/roles/intel-xhci-usb-role-switch.c +++ b/drivers/usb/roles/intel-xhci-usb-role-switch.c @@ -161,6 +161,8 @@ static int intel_xhci_usb_remove(struct platform_device *pdev) { struct intel_xhci_usb_data *data = platform_get_drvdata(pdev); + pm_runtime_disable(&pdev->dev); + usb_role_switch_unregister(data->role_sw); return 0; } -- 2.19.1

6 years, 11 months

1
0
0 0

patch "cdc-acm: correct counting of UART states in serial state notification" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled cdc-acm: correct counting of UART states in serial state notification to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From f976d0e5747ca65ccd0fb2a4118b193d70aa1836 Mon Sep 17 00:00:00 2001 From: Tobias Herzog <t-herzog(a)gmx.de> Date: Sat, 22 Sep 2018 22:11:11 +0200 Subject: cdc-acm: correct counting of UART states in serial state notification The usb standard ("Universal Serial Bus Class Definitions for Communication Devices") distiguishes between "consistent signals" (DSR, DCD), and "irregular signals" (break, ring, parity error, framing error, overrun). The bits of "irregular signals" are set, if this error/event occurred on the device side and are immeadeatly unset, if the serial state notification was sent. Like other drivers of real serial ports do, just the occurence of those events should be counted in serial_icounter_struct (but no 1->0 transitions). Signed-off-by: Tobias Herzog <t-herzog(a)gmx.de> Acked-by: Oliver Neukum <oneukum(a)suse.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/class/cdc-acm.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c index e43ea9641416..9ede35cecb12 100644 --- a/drivers/usb/class/cdc-acm.c +++ b/drivers/usb/class/cdc-acm.c @@ -310,17 +310,17 @@ static void acm_process_notification(struct acm *acm, unsigned char *buf) if (difference & ACM_CTRL_DSR) acm->iocount.dsr++; - if (difference & ACM_CTRL_BRK) - acm->iocount.brk++; - if (difference & ACM_CTRL_RI) - acm->iocount.rng++; if (difference & ACM_CTRL_DCD) acm->iocount.dcd++; - if (difference & ACM_CTRL_FRAMING) + if (newctrl & ACM_CTRL_BRK) + acm->iocount.brk++; + if (newctrl & ACM_CTRL_RI) + acm->iocount.rng++; + if (newctrl & ACM_CTRL_FRAMING) acm->iocount.frame++; - if (difference & ACM_CTRL_PARITY) + if (newctrl & ACM_CTRL_PARITY) acm->iocount.parity++; - if (difference & ACM_CTRL_OVERRUN) + if (newctrl & ACM_CTRL_OVERRUN) acm->iocount.overrun++; spin_unlock_irqrestore(&acm->read_lock, flags); -- 2.19.1

6 years, 11 months

1
0
0 0

patch "usb: usbip: Fix BUG: KASAN: slab-out-of-bounds in vhci_hub_control()" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: usbip: Fix BUG: KASAN: slab-out-of-bounds in vhci_hub_control() to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 81f7567c51ad97668d1c3a48e8ecc482e64d4161 Mon Sep 17 00:00:00 2001 From: "Shuah Khan (Samsung OSG)" <shuah(a)kernel.org> Date: Fri, 5 Oct 2018 16:17:44 -0600 Subject: usb: usbip: Fix BUG: KASAN: slab-out-of-bounds in vhci_hub_control() vhci_hub_control() accesses port_status array with out of bounds port value. Fix it to reference port_status[] only with a valid rhport value when invalid_rhport flag is true. The invalid_rhport flag is set early on after detecting in port value is within the bounds or not. The following is used reproduce the problem and verify the fix: C reproducer: https://syzkaller.appspot.com/x/repro.c?x=14ed8ab6400000 Reported-by: syzbot+bccc1fe10b70fadc78d0(a)syzkaller.appspotmail.com Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Shuah Khan (Samsung OSG) <shuah(a)kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/usbip/vhci_hcd.c | 57 ++++++++++++++++++++++++++---------- 1 file changed, 42 insertions(+), 15 deletions(-) diff --git a/drivers/usb/usbip/vhci_hcd.c b/drivers/usb/usbip/vhci_hcd.c index d11f3f8dad40..1e592ec94ba4 100644 --- a/drivers/usb/usbip/vhci_hcd.c +++ b/drivers/usb/usbip/vhci_hcd.c @@ -318,8 +318,9 @@ static int vhci_hub_control(struct usb_hcd *hcd, u16 typeReq, u16 wValue, struct vhci_hcd *vhci_hcd; struct vhci *vhci; int retval = 0; - int rhport; + int rhport = -1; unsigned long flags; + bool invalid_rhport = false; u32 prev_port_status[VHCI_HC_PORTS]; @@ -334,9 +335,19 @@ static int vhci_hub_control(struct usb_hcd *hcd, u16 typeReq, u16 wValue, usbip_dbg_vhci_rh("typeReq %x wValue %x wIndex %x\n", typeReq, wValue, wIndex); - if (wIndex > VHCI_HC_PORTS) - pr_err("invalid port number %d\n", wIndex); - rhport = wIndex - 1; + /* + * wIndex can be 0 for some request types (typeReq). rhport is + * in valid range when wIndex >= 1 and < VHCI_HC_PORTS. + * + * Reference port_status[] only with valid rhport when + * invalid_rhport is false. + */ + if (wIndex < 1 || wIndex > VHCI_HC_PORTS) { + invalid_rhport = true; + if (wIndex > VHCI_HC_PORTS) + pr_err("invalid port number %d\n", wIndex); + } else + rhport = wIndex - 1; vhci_hcd = hcd_to_vhci_hcd(hcd); vhci = vhci_hcd->vhci; @@ -345,8 +356,9 @@ static int vhci_hub_control(struct usb_hcd *hcd, u16 typeReq, u16 wValue, /* store old status and compare now and old later */ if (usbip_dbg_flag_vhci_rh) { - memcpy(prev_port_status, vhci_hcd->port_status, - sizeof(prev_port_status)); + if (!invalid_rhport) + memcpy(prev_port_status, vhci_hcd->port_status, + sizeof(prev_port_status)); } switch (typeReq) { @@ -354,8 +366,10 @@ static int vhci_hub_control(struct usb_hcd *hcd, u16 typeReq, u16 wValue, usbip_dbg_vhci_rh(" ClearHubFeature\n"); break; case ClearPortFeature: - if (rhport < 0) + if (invalid_rhport) { + pr_err("invalid port number %d\n", wIndex); goto error; + } switch (wValue) { case USB_PORT_FEAT_SUSPEND: if (hcd->speed == HCD_USB3) { @@ -415,9 +429,10 @@ static int vhci_hub_control(struct usb_hcd *hcd, u16 typeReq, u16 wValue, break; case GetPortStatus: usbip_dbg_vhci_rh(" GetPortStatus port %x\n", wIndex); - if (wIndex < 1) { + if (invalid_rhport) { pr_err("invalid port number %d\n", wIndex); retval = -EPIPE; + goto error; } /* we do not care about resume. */ @@ -513,16 +528,20 @@ static int vhci_hub_control(struct usb_hcd *hcd, u16 typeReq, u16 wValue, goto error; } - if (rhport < 0) + if (invalid_rhport) { + pr_err("invalid port number %d\n", wIndex); goto error; + } vhci_hcd->port_status[rhport] |= USB_PORT_STAT_SUSPEND; break; case USB_PORT_FEAT_POWER: usbip_dbg_vhci_rh( " SetPortFeature: USB_PORT_FEAT_POWER\n"); - if (rhport < 0) + if (invalid_rhport) { + pr_err("invalid port number %d\n", wIndex); goto error; + } if (hcd->speed == HCD_USB3) vhci_hcd->port_status[rhport] |= USB_SS_PORT_STAT_POWER; else @@ -531,8 +550,10 @@ static int vhci_hub_control(struct usb_hcd *hcd, u16 typeReq, u16 wValue, case USB_PORT_FEAT_BH_PORT_RESET: usbip_dbg_vhci_rh( " SetPortFeature: USB_PORT_FEAT_BH_PORT_RESET\n"); - if (rhport < 0) + if (invalid_rhport) { + pr_err("invalid port number %d\n", wIndex); goto error; + } /* Applicable only for USB3.0 hub */ if (hcd->speed != HCD_USB3) { pr_err("USB_PORT_FEAT_BH_PORT_RESET req not " @@ -543,8 +564,10 @@ static int vhci_hub_control(struct usb_hcd *hcd, u16 typeReq, u16 wValue, case USB_PORT_FEAT_RESET: usbip_dbg_vhci_rh( " SetPortFeature: USB_PORT_FEAT_RESET\n"); - if (rhport < 0) + if (invalid_rhport) { + pr_err("invalid port number %d\n", wIndex); goto error; + } /* if it's already enabled, disable */ if (hcd->speed == HCD_USB3) { vhci_hcd->port_status[rhport] = 0; @@ -565,8 +588,10 @@ static int vhci_hub_control(struct usb_hcd *hcd, u16 typeReq, u16 wValue, default: usbip_dbg_vhci_rh(" SetPortFeature: default %d\n", wValue); - if (rhport < 0) + if (invalid_rhport) { + pr_err("invalid port number %d\n", wIndex); goto error; + } if (hcd->speed == HCD_USB3) { if ((vhci_hcd->port_status[rhport] & USB_SS_PORT_STAT_POWER) != 0) { @@ -608,7 +633,7 @@ static int vhci_hub_control(struct usb_hcd *hcd, u16 typeReq, u16 wValue, if (usbip_dbg_flag_vhci_rh) { pr_debug("port %d\n", rhport); /* Only dump valid port status */ - if (rhport >= 0) { + if (!invalid_rhport) { dump_port_status_diff(prev_port_status[rhport], vhci_hcd->port_status[rhport], hcd->speed == HCD_USB3); @@ -618,8 +643,10 @@ static int vhci_hub_control(struct usb_hcd *hcd, u16 typeReq, u16 wValue, spin_unlock_irqrestore(&vhci->lock, flags); - if ((vhci_hcd->port_status[rhport] & PORT_C_MASK) != 0) + if (!invalid_rhport && + (vhci_hcd->port_status[rhport] & PORT_C_MASK) != 0) { usb_hcd_poll_rh_status(hcd); + } return retval; } -- 2.19.1

6 years, 11 months

1
0
0 0

patch "cdc-acm: fix race between reset and control messaging" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled cdc-acm: fix race between reset and control messaging to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 9397940ed812b942c520e0c25ed4b2c64d57e8b9 Mon Sep 17 00:00:00 2001 From: Oliver Neukum <oneukum(a)suse.com> Date: Thu, 4 Oct 2018 15:49:06 +0200 Subject: cdc-acm: fix race between reset and control messaging If a device splits up a control message and a reset() happens between the parts, the message is lost and already recieved parts must be dropped. Signed-off-by: Oliver Neukum <oneukum(a)suse.com> Fixes: 1aba579f3cf51 ("cdc-acm: handle read pipe errors") Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/class/cdc-acm.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c index bc03b0a690b4..1833912f7f5f 100644 --- a/drivers/usb/class/cdc-acm.c +++ b/drivers/usb/class/cdc-acm.c @@ -1642,6 +1642,7 @@ static int acm_pre_reset(struct usb_interface *intf) struct acm *acm = usb_get_intfdata(intf); clear_bit(EVENT_RX_STALL, &acm->flags); + acm->nb_index = 0; /* pending control transfers are lost */ return 0; } -- 2.19.1

6 years, 11 months

1
0
0 0

patch "cdc-acm: do not reset notification buffer index upon urb unlinking" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled cdc-acm: do not reset notification buffer index upon urb unlinking to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From dae3ddba36f8c337fb59cef07d564da6fc9b7551 Mon Sep 17 00:00:00 2001 From: Tobias Herzog <t-herzog(a)gmx.de> Date: Sat, 22 Sep 2018 22:11:10 +0200 Subject: cdc-acm: do not reset notification buffer index upon urb unlinking Resetting the write index of the notification buffer on urb unlink (e.g. closing a cdc-acm device from userspace) may lead to wrong interpretation of further received notifications, in case the index is not 0 when urb unlink happens (i.e. when parts of a notification already have been transferred). On the device side there is no "reset" of the notification transimission and thus we would get out of sync with the device. Signed-off-by: Tobias Herzog <t-herzog(a)gmx.de> Acked-by: Oliver Neukum <oneukum(a)suse.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/class/cdc-acm.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c index 1833912f7f5f..e43ea9641416 100644 --- a/drivers/usb/class/cdc-acm.c +++ b/drivers/usb/class/cdc-acm.c @@ -355,7 +355,6 @@ static void acm_ctrl_irq(struct urb *urb) case -ENOENT: case -ESHUTDOWN: /* this urb is terminated, clean up */ - acm->nb_index = 0; dev_dbg(&acm->control->dev, "%s - urb shutting down with status: %d\n", __func__, status); -- 2.19.1

6 years, 11 months

1
0
0 0

[PATCH] iwlwifi: mvm: check return value of rs_rate_from_ucode_rate()

by Luca Coelho

From: Luca Coelho <luciano.coelho(a)intel.com> The rs_rate_from_ucode_rate() function may return -EINVAL if the rate is invalid, but none of the callsites check for the error, potentially making us access arrays with index IWL_RATE_INVALID, which is larger than the arrays, causing an out-of-bounds access. This will trigger KASAN warnings, such as the one reported in the bugzilla issue mentioned below. This fixes https://bugzilla.kernel.org/show_bug.cgi?id=200659 Cc: stable(a)vger.kernel.org Signed-off-by: Luca Coelho <luciano.coelho(a)intel.com> --- drivers/net/wireless/intel/iwlwifi/mvm/rs.c | 24 ++++++++++++++++----- 1 file changed, 19 insertions(+), 5 deletions(-) diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/rs.c b/drivers/net/wireless/intel/iwlwifi/mvm/rs.c index 2c75f51a04e4..089972280daa 100644 --- a/drivers/net/wireless/intel/iwlwifi/mvm/rs.c +++ b/drivers/net/wireless/intel/iwlwifi/mvm/rs.c @@ -1239,7 +1239,11 @@ void iwl_mvm_rs_tx_status(struct iwl_mvm *mvm, struct ieee80211_sta *sta, !(info->flags & IEEE80211_TX_STAT_AMPDU)) return; - rs_rate_from_ucode_rate(tx_resp_hwrate, info->band, &tx_resp_rate); + if (rs_rate_from_ucode_rate(tx_resp_hwrate, info->band, + &tx_resp_rate)) { + WARN_ON_ONCE(1); + return; + } #ifdef CONFIG_MAC80211_DEBUGFS /* Disable last tx check if we are debugging with fixed rate but @@ -1290,7 +1294,10 @@ void iwl_mvm_rs_tx_status(struct iwl_mvm *mvm, struct ieee80211_sta *sta, */ table = &lq_sta->lq; lq_hwrate = le32_to_cpu(table->rs_table[0]); - rs_rate_from_ucode_rate(lq_hwrate, info->band, &lq_rate); + if (rs_rate_from_ucode_rate(lq_hwrate, info->band, &lq_rate)) { + WARN_ON_ONCE(1); + return; + } /* Here we actually compare this rate to the latest LQ command */ if (lq_color != LQ_FLAG_COLOR_GET(table->flags)) { @@ -1392,8 +1399,12 @@ void iwl_mvm_rs_tx_status(struct iwl_mvm *mvm, struct ieee80211_sta *sta, /* Collect data for each rate used during failed TX attempts */ for (i = 0; i <= retries; ++i) { lq_hwrate = le32_to_cpu(table->rs_table[i]); - rs_rate_from_ucode_rate(lq_hwrate, info->band, - &lq_rate); + if (rs_rate_from_ucode_rate(lq_hwrate, info->band, + &lq_rate)) { + WARN_ON_ONCE(1); + return; + } + /* * Only collect stats if retried rate is in the same RS * table as active/search. @@ -3260,7 +3271,10 @@ static void rs_build_rates_table_from_fixed(struct iwl_mvm *mvm, for (i = 0; i < num_rates; i++) lq_cmd->rs_table[i] = ucode_rate_le32; - rs_rate_from_ucode_rate(ucode_rate, band, &rate); + if (rs_rate_from_ucode_rate(ucode_rate, band, &rate)) { + WARN_ON_ONCE(1); + return; + } if (is_mimo(&rate)) lq_cmd->mimo_delim = num_rates - 1; -- 2.19.1

6 years, 11 months

3
2
0 0

Linux 3.18.124

by Greg KH

I'm announcing the release of the 3.18.124 kernel. All users of the 3.18 kernel series must upgrade. The updated 3.18.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-3.18.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/mach-mvebu/pmsu.c | 6 - arch/arm64/include/asm/kvm_emulate.h | 5 + arch/arm64/kernel/entry.S | 3 arch/arm64/kvm/guest.c | 55 +++++++++++++++ arch/hexagon/include/asm/bitops.h | 4 - arch/hexagon/kernel/dma.c | 2 arch/powerpc/kernel/machine_kexec.c | 7 +- arch/powerpc/kvm/book3s_64_mmu_hv.c | 2 arch/s390/mm/extmem.c | 4 - arch/x86/kernel/tsc_msr.c | 1 arch/x86/mm/numa_emulation.c | 2 arch/x86/vdso/vclock_gettime.c | 26 ++++--- crypto/ablkcipher.c | 2 crypto/blkcipher.c | 1 drivers/base/power/main.c | 5 + drivers/block/floppy.c | 3 drivers/crypto/mxs-dcp.c | 53 ++++++++------- drivers/gpio/gpio-adp5588.c | 24 +++++- drivers/hid/hid-core.c | 3 drivers/hid/hid-ids.h | 2 drivers/hid/hid-ntrig.c | 2 drivers/hid/hid-sony.c | 6 + drivers/hwmon/adt7475.c | 14 ++-- drivers/infiniband/core/ucma.c | 6 + drivers/md/dm-thin-metadata.c | 34 +++++++++ drivers/md/dm-thin.c | 73 ++++++++++++++++++--- drivers/md/raid10.c | 5 + drivers/media/i2c/soc_camera/ov772x.c | 2 drivers/media/platform/exynos4-is/fimc-isp-video.c | 11 ++- drivers/media/platform/s3c-camif/camif-capture.c | 2 drivers/media/usb/tm6000/tm6000-dvb.c | 5 + drivers/media/usb/uvc/uvc_video.c | 24 +++++- drivers/media/v4l2-core/v4l2-event.c | 37 +++++----- drivers/media/v4l2-core/v4l2-fh.c | 2 drivers/misc/tsl2550.c | 2 drivers/mtd/spi-nor/fsl-quadspi.c | 20 ++--- drivers/net/appletalk/ipddp.c | 8 +- drivers/net/ethernet/cadence/macb.c | 2 drivers/net/ethernet/hp/hp100.c | 2 drivers/net/ethernet/intel/e1000/e1000_ethtool.c | 7 +- drivers/net/ethernet/realtek/r8169.c | 9 +- drivers/net/wireless/rndis_wlan.c | 2 drivers/net/wireless/ti/wlcore/cmd.c | 6 + drivers/pci/pci.c | 27 +++++-- drivers/s390/net/qeth_l2_main.c | 2 drivers/s390/net/qeth_l3_main.c | 2 drivers/scsi/bnx2i/bnx2i_hwi.c | 2 drivers/scsi/ibmvscsi/ibmvscsi.c | 4 - drivers/spi/spi-rspi.c | 10 +- drivers/spi/spi-sh-msiof.c | 3 drivers/spi/spi-tegra20-slink.c | 31 ++++++-- drivers/staging/android/ashmem.c | 6 + drivers/staging/android/ion/ion.c | 60 ++++++++++------- drivers/target/iscsi/iscsi_target_auth.c | 45 ++++-------- drivers/target/iscsi/iscsi_target_tpg.c | 3 drivers/thermal/of-thermal.c | 7 +- drivers/tty/serial/8250/serial_cs.c | 6 + drivers/tty/serial/cpm_uart/cpm_uart_core.c | 10 ++ drivers/usb/class/cdc-wdm.c | 2 drivers/usb/core/devio.c | 24 ++++++ drivers/usb/core/driver.c | 28 ++++---- drivers/usb/core/usb.c | 2 drivers/usb/misc/yurex.c | 3 drivers/usb/serial/kobil_sct.c | 12 ++- drivers/usb/serial/usb-serial-simple.c | 3 drivers/usb/wusbcore/security.c | 2 drivers/uwb/hwa-rc.c | 1 drivers/video/fbdev/omap2/omapfb/omapfb-ioctl.c | 5 + drivers/xen/events/events_base.c | 2 drivers/xen/manage.c | 6 + fs/cifs/cifs_unicode.c | 3 fs/cifs/cifssmb.c | 11 ++- fs/cifs/misc.c | 8 ++ fs/cifs/smb2ops.c | 2 fs/ext4/balloc.c | 21 +++--- fs/ext4/dir.c | 20 ++--- fs/ext4/ext4.h | 8 -- fs/ext4/ext4_extents.h | 1 fs/ext4/extents.c | 6 + fs/ext4/ialloc.c | 19 ++++- fs/ext4/inline.c | 42 +----------- fs/ext4/inode.c | 3 fs/ext4/mballoc.c | 6 + fs/ext4/mmp.c | 1 fs/ext4/resize.c | 20 +++++ fs/ext4/super.c | 14 +++- fs/ext4/xattr.c | 49 ++++++-------- fs/jbd2/transaction.c | 2 fs/nfsd/nfs4proc.c | 1 fs/ocfs2/buffer_head_io.c | 1 fs/ocfs2/dlm/dlmmaster.c | 4 - fs/proc/base.c | 14 ++++ fs/seq_file.c | 7 +- fs/ubifs/super.c | 3 include/linux/netfilter_bridge/ebtables.h | 5 + include/linux/seq_file.h | 13 +-- include/linux/slub_def.h | 3 include/media/v4l2-fh.h | 1 kernel/cgroup.c | 6 + kernel/module.c | 6 + kernel/time/alarmtimer.c | 3 kernel/trace/ring_buffer.c | 2 mm/madvise.c | 2 mm/shmem.c | 2 mm/slub.c | 6 - net/bridge/netfilter/ebt_arpreply.c | 3 net/core/neighbour.c | 13 ++- net/ipv4/af_inet.c | 1 net/ipv6/ip6_offload.c | 1 net/ipv6/ip6_output.c | 3 net/mac80211/cfg.c | 2 net/mac80211/ibss.c | 22 +++--- net/mac80211/main.c | 26 ++++++- net/mac80211/mlme.c | 53 +++++++++++++++ net/wireless/nl80211.c | 1 sound/aoa/core/gpio-feature.c | 4 - sound/firewire/bebob/bebob_maudio.c | 24 ++++-- sound/pci/emu10k1/emufx.c | 2 sound/pci/hda/hda_intel.c | 3 sound/soc/codecs/cs4265.c | 4 - sound/soc/soc-dapm.c | 7 ++ tools/vm/page-types.c | 6 - tools/vm/slabinfo.c | 4 - 124 files changed, 891 insertions(+), 404 deletions(-) Akinobu Mita (2): media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power media: soc_camera: ov772x: correct setting of banding filter Alan Stern (3): USB: fix error handling in usb_driver_claim_interface() USB: handle NULL config in usb_find_alt_setting() USB: remove LPM management from usb_driver_claim_interface() Alexey Dobriyan (1): slub: make ->cpu_partial unsigned int Alistair Strachan (1): staging: android: ashmem: Fix mmap size validation Andy Lutomirski (2): x86/vdso: Fix asm constraints on vDSO syscall fallbacks x86/vdso: Fix vDSO syscall fallback asm constraint regression Andy Shevchenko (1): x86/tsc: Add missing header to tsc_msr.c Andy Whitcroft (1): floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl Anson Huang (1): thermal: of-thermal: disable passive polling when thermal zone is disabled Anton Vasilyev (1): uwb: hwa-rc: fix memory leak at probe Arunk Khandavalli (1): cfg80211: nl80211_update_ft_ies() to validate NL80211_ATTR_IE Ashish Samant (1): ocfs2: fix locking for res->tracking and dlm->tracking_list Aurelien Aptel (1): smb2: fix missing files in root share directory listing Bart Van Assche (1): scsi: target/iscsi: Make iscsit_ta_authentication() respect the output buffer size Ben Hutchings (1): USB: yurex: Check for truncation in yurex_read() Bo Chen (2): e1000: check on netif_running() before calling e1000_up() e1000: ensure to free old tx/rx rings in set_ringparam() Breno Leitao (1): scsi: ibmvscsi: Improve strings handling Catalin Marinas (1): arm64: Add trace_hardirqs_off annotation in ret_to_user Christophe Leroy (1): serial: cpm_uart: return immediately from console poll Colin Ian King (1): net: hp100: fix always-true check for link up state Dan Carpenter (3): rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication() hwmon: (adt7475) Make adt7475_read_word() return errors cifs: read overflow in is_valid_oplock_break() Dan Williams (1): x86/numa_emulation: Fix emulated-to-physical node mapping Danek Duvall (1): mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X Daniel Black (1): mm: madvise(MADV_DODUMP): allow hugetlbfs pages Daniel Drake (1): PCI: Reprogram bridge prefetch registers on resume Dave Martin (1): arm64: KVM: Tighten guest core register access from userspace Emmanuel Grumbach (2): mac80211: fix a race between restart and CSA flows mac80211: shorten the IBSS debug messages Eric Dumazet (1): ipv6: fix possible use-after-free in ip6_xmit() Ethan Tuttle (1): ARM: mvebu: declare asm symbols as character arrays in pmsu.c Felix Fietkau (1): mac80211: fix setting IEEE80211_KEY_FLAG_RX_MGMT for AP mode keys Gao Feng (1): ebtables: arpreply: Add the standard target sanity check Geert Uytterhoeven (1): spi: rspi: Fix interrupted DMA transfers Greg Hackmann (1): staging: android: ion: fix ION_IOC_{MAP,SHARE} use-after-free Greg Kroah-Hartman (1): Linux 3.18.124 Han Xu (1): mtd: fsl-quadspi: fix macro collision problems with READ/WRITE Hari Bathini (1): powerpc/kdump: Handle crashkernel memory reservation failure Hiromitsu Yamasaki (1): spi: sh-msiof: Fix handling of write value for SISTR register Ilan Peer (1): mac80211: Fix station bandwidth setting after channel switch J. Bruce Fields (1): nfsd: fix corrupted reply to badly ordered compound Jann Horn (2): RDMA/ucma: check fd type in ucma_migrate_id() proc: restrict kernel stack dumps to root Jessica Yu (1): module: exclude SHN_UNDEF symbols from kallsyms api Jia-Ju Bai (1): net: cadence: Fix a sleep-in-atomic-context bug in macb_halt_tx() Joe Thornber (1): dm thin metadata: try to avoid ever aborting transactions Joel Fernandes (Google) (1): mm: shmem.c: Correctly annotate new inodes for lockdep Johan Hovold (2): USB: serial: kobil_sct: fix modem-status error handling USB: serial: simple: add Motorola Tetra MTP6550 id Jon Kuhn (1): fs/cifs: don't translate SFM_SLASH (U+F026) to backslash Josh Abraham (1): xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage Julia Lawall (1): usb: wusbcore: security: cast sizeof to int for comparison Julian Wiedmann (1): s390/qeth: don't dump past end of unknown HW header Junxiao Bi (1): ocfs2: fix ocfs2 read block panic Kai-Heng Feng (2): ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED Leonard Crestez (1): crypto: mxs-dcp - Fix wait logic on chan threads Li Dongyang (1): ext4: don't mark mmp buffer head dirty Liam Girdwood (1): ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs Linus Torvalds (1): Make file credentials available to the seqfile interfaces Marc Zyngier (1): arm64: KVM: Sanitize PSTATE.M when being set from userspace Marcel Ziswiler (1): spi: tegra20-slink: explicitly enable/disable clock Matt Ranostay (1): tsl2550: fix lux1_input error in low light Michael Hennerich (1): gpio: adp5588: Fix sleep-in-atomic-context bug Mike Snitzer (1): dm thin metadata: fix __udivdi3 undefined on 32-bit Naoya Horiguchi (2): tools/vm/slabinfo.c: fix sign-compare warning tools/vm/page-types.c: fix "defined but not used" warning Nicholas Mc Guire (1): ALSA: snd-aoa: add of_node_put() in error path Oliver Neukum (2): USB: usbdevfs: sanitize flags more USB: usbdevfs: restore warning for nonsensical flags Paul Mackerras (1): KVM: PPC: Book3S HV: Don't truncate HPTE index in xlate function Prateek Sood (1): cgroup: Fix deadlock in cpu hotplug path Rafael J. Wysocki (1): PM / core: Clear the direct_complete flag on errors Randy Dunlap (2): arch/hexagon: fix kernel/dma.c build warning hexagon: modify ffs() and fls() to return int Richard Weinberger (1): ubifs: Check for name being NULL while mounting Roderick Colenbrander (2): HID: sony: Update device ids HID: sony: Support DS4 dongle Sakari Ailus (1): media: v4l: event: Prevent freeing event subscriptions while accessed Sebastian Andrzej Siewior (1): Revert "usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt()" Stafford Horne (1): crypto: skcipher - Fix -Wstringop-truncation warnings Stephen Rothwell (1): fs/cifs: suppress a string overflow warning Sylwester Nawrocki (1): media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt() Sébastien Szymanski (1): ASoC: cs4265: fix MMTLR Data switch control Takashi Sakamoto (1): ALSA: bebob: use address returned by kmalloc() instead of kernel stack for streaming DMA mapping Theodore Ts'o (14): ext4: avoid divide by zero fault when deleting corrupted inline directories ext4: recalucate superblock checksum after updating free blocks/inodes ext4: fix online resize's handling of a too-small final block group ext4: verify the depth of extent tree in ext4_find_extent() ext4: only look at the bg_flags field if it is valid ext4: fix check to prevent initializing reserved inodes ext4: always check block group bounds in ext4_init_block_bitmap() ext4: fix false negatives *and* false positives in ext4_check_descriptors() ext4: add corruption check in ext4_xattr_set_entry() ext4: always verify the magic number in xattr blocks ext4: never move the system.data xattr out of the inode body ext4: add more inode number paranoia checks jbd2: don't mark block as modified if the handle is out of credits ext4: avoid running out of journal credits when appending to an inline file Thomas Gleixner (1): alarmtimer: Prevent overflow for relative nanosleep Toke Høiland-Jørgensen (1): gso_segment: Reset skb->mac_len after modifying network header Tomi Valkeinen (1): fbdev/omapfb: fix omapfb_memory_read infoleak Tony Lindgren (1): wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout() Vaibhav Nagarnaik (1): ring-buffer: Allow for rescheduling when removing pages Vasily Gorbik (1): s390/extmem: fix gcc 8 stringop-overflow warning Vasily Khoruzhick (1): neighbour: confirm neigh entries when ARP packet is received Vincent Pelletier (2): scsi: target: iscsi: Use hex2bin instead of a re-implementation scsi: target: iscsi: Use bin2hex instead of a re-implementation Vitaly Kuznetsov (1): xen/manage: don't complain about an empty value in control/sysrq node Willy Tarreau (2): ALSA: emu10k1: fix possible info leak to userspace on SNDRV_EMU10K1_IOCTL_INFO net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT Xiao Ni (1): RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0 Zhouyang Jia (4): drivers/tty: add error handling for pcmcia_loop_config media: tm6000: add error handling for dvb_register_adapter HID: hid-ntrig: add error handling for sysfs_create_group scsi: bnx2i: add error handling for ioremap_nocache ming_qian (1): media: uvcvideo: Support realtek's UVC 1.5 device

6 years, 11 months

1
1
0 0

Linux 3.18.123

by Greg KH

I'm announcing the release of the 3.18.124 kernel. All users of the 3.18 kernel series must upgrade. The updated 3.18.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-3.18.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/mach-mvebu/pmsu.c | 6 - arch/arm64/include/asm/kvm_emulate.h | 5 + arch/arm64/kernel/entry.S | 3 arch/arm64/kvm/guest.c | 55 +++++++++++++++ arch/hexagon/include/asm/bitops.h | 4 - arch/hexagon/kernel/dma.c | 2 arch/powerpc/kernel/machine_kexec.c | 7 +- arch/powerpc/kvm/book3s_64_mmu_hv.c | 2 arch/s390/mm/extmem.c | 4 - arch/x86/kernel/tsc_msr.c | 1 arch/x86/mm/numa_emulation.c | 2 arch/x86/vdso/vclock_gettime.c | 26 ++++--- crypto/ablkcipher.c | 2 crypto/blkcipher.c | 1 drivers/base/power/main.c | 5 + drivers/block/floppy.c | 3 drivers/crypto/mxs-dcp.c | 53 ++++++++------- drivers/gpio/gpio-adp5588.c | 24 +++++- drivers/hid/hid-core.c | 3 drivers/hid/hid-ids.h | 2 drivers/hid/hid-ntrig.c | 2 drivers/hid/hid-sony.c | 6 + drivers/hwmon/adt7475.c | 14 ++-- drivers/infiniband/core/ucma.c | 6 + drivers/md/dm-thin-metadata.c | 34 +++++++++ drivers/md/dm-thin.c | 73 ++++++++++++++++++--- drivers/md/raid10.c | 5 + drivers/media/i2c/soc_camera/ov772x.c | 2 drivers/media/platform/exynos4-is/fimc-isp-video.c | 11 ++- drivers/media/platform/s3c-camif/camif-capture.c | 2 drivers/media/usb/tm6000/tm6000-dvb.c | 5 + drivers/media/usb/uvc/uvc_video.c | 24 +++++- drivers/media/v4l2-core/v4l2-event.c | 37 +++++----- drivers/media/v4l2-core/v4l2-fh.c | 2 drivers/misc/tsl2550.c | 2 drivers/mtd/spi-nor/fsl-quadspi.c | 20 ++--- drivers/net/appletalk/ipddp.c | 8 +- drivers/net/ethernet/cadence/macb.c | 2 drivers/net/ethernet/hp/hp100.c | 2 drivers/net/ethernet/intel/e1000/e1000_ethtool.c | 7 +- drivers/net/ethernet/realtek/r8169.c | 9 +- drivers/net/wireless/rndis_wlan.c | 2 drivers/net/wireless/ti/wlcore/cmd.c | 6 + drivers/pci/pci.c | 27 +++++-- drivers/s390/net/qeth_l2_main.c | 2 drivers/s390/net/qeth_l3_main.c | 2 drivers/scsi/bnx2i/bnx2i_hwi.c | 2 drivers/scsi/ibmvscsi/ibmvscsi.c | 4 - drivers/spi/spi-rspi.c | 10 +- drivers/spi/spi-sh-msiof.c | 3 drivers/spi/spi-tegra20-slink.c | 31 ++++++-- drivers/staging/android/ashmem.c | 6 + drivers/staging/android/ion/ion.c | 60 ++++++++++------- drivers/target/iscsi/iscsi_target_auth.c | 45 ++++-------- drivers/target/iscsi/iscsi_target_tpg.c | 3 drivers/thermal/of-thermal.c | 7 +- drivers/tty/serial/8250/serial_cs.c | 6 + drivers/tty/serial/cpm_uart/cpm_uart_core.c | 10 ++ drivers/usb/class/cdc-wdm.c | 2 drivers/usb/core/devio.c | 24 ++++++ drivers/usb/core/driver.c | 28 ++++---- drivers/usb/core/usb.c | 2 drivers/usb/misc/yurex.c | 3 drivers/usb/serial/kobil_sct.c | 12 ++- drivers/usb/serial/usb-serial-simple.c | 3 drivers/usb/wusbcore/security.c | 2 drivers/uwb/hwa-rc.c | 1 drivers/video/fbdev/omap2/omapfb/omapfb-ioctl.c | 5 + drivers/xen/events/events_base.c | 2 drivers/xen/manage.c | 6 + fs/cifs/cifs_unicode.c | 3 fs/cifs/cifssmb.c | 11 ++- fs/cifs/misc.c | 8 ++ fs/cifs/smb2ops.c | 2 fs/ext4/balloc.c | 21 +++--- fs/ext4/dir.c | 20 ++--- fs/ext4/ext4.h | 8 -- fs/ext4/ext4_extents.h | 1 fs/ext4/extents.c | 6 + fs/ext4/ialloc.c | 19 ++++- fs/ext4/inline.c | 42 +----------- fs/ext4/inode.c | 3 fs/ext4/mballoc.c | 6 + fs/ext4/mmp.c | 1 fs/ext4/resize.c | 20 +++++ fs/ext4/super.c | 14 +++- fs/ext4/xattr.c | 49 ++++++-------- fs/jbd2/transaction.c | 2 fs/nfsd/nfs4proc.c | 1 fs/ocfs2/buffer_head_io.c | 1 fs/ocfs2/dlm/dlmmaster.c | 4 - fs/proc/base.c | 14 ++++ fs/seq_file.c | 7 +- fs/ubifs/super.c | 3 include/linux/netfilter_bridge/ebtables.h | 5 + include/linux/seq_file.h | 13 +-- include/linux/slub_def.h | 3 include/media/v4l2-fh.h | 1 kernel/cgroup.c | 6 + kernel/module.c | 6 + kernel/time/alarmtimer.c | 3 kernel/trace/ring_buffer.c | 2 mm/madvise.c | 2 mm/shmem.c | 2 mm/slub.c | 6 - net/bridge/netfilter/ebt_arpreply.c | 3 net/core/neighbour.c | 13 ++- net/ipv4/af_inet.c | 1 net/ipv6/ip6_offload.c | 1 net/ipv6/ip6_output.c | 3 net/mac80211/cfg.c | 2 net/mac80211/ibss.c | 22 +++--- net/mac80211/main.c | 26 ++++++- net/mac80211/mlme.c | 53 +++++++++++++++ net/wireless/nl80211.c | 1 sound/aoa/core/gpio-feature.c | 4 - sound/firewire/bebob/bebob_maudio.c | 24 ++++-- sound/pci/emu10k1/emufx.c | 2 sound/pci/hda/hda_intel.c | 3 sound/soc/codecs/cs4265.c | 4 - sound/soc/soc-dapm.c | 7 ++ tools/vm/page-types.c | 6 - tools/vm/slabinfo.c | 4 - 124 files changed, 891 insertions(+), 404 deletions(-) Akinobu Mita (2): media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power media: soc_camera: ov772x: correct setting of banding filter Alan Stern (3): USB: fix error handling in usb_driver_claim_interface() USB: handle NULL config in usb_find_alt_setting() USB: remove LPM management from usb_driver_claim_interface() Alexey Dobriyan (1): slub: make ->cpu_partial unsigned int Alistair Strachan (1): staging: android: ashmem: Fix mmap size validation Andy Lutomirski (2): x86/vdso: Fix asm constraints on vDSO syscall fallbacks x86/vdso: Fix vDSO syscall fallback asm constraint regression Andy Shevchenko (1): x86/tsc: Add missing header to tsc_msr.c Andy Whitcroft (1): floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl Anson Huang (1): thermal: of-thermal: disable passive polling when thermal zone is disabled Anton Vasilyev (1): uwb: hwa-rc: fix memory leak at probe Arunk Khandavalli (1): cfg80211: nl80211_update_ft_ies() to validate NL80211_ATTR_IE Ashish Samant (1): ocfs2: fix locking for res->tracking and dlm->tracking_list Aurelien Aptel (1): smb2: fix missing files in root share directory listing Bart Van Assche (1): scsi: target/iscsi: Make iscsit_ta_authentication() respect the output buffer size Ben Hutchings (1): USB: yurex: Check for truncation in yurex_read() Bo Chen (2): e1000: check on netif_running() before calling e1000_up() e1000: ensure to free old tx/rx rings in set_ringparam() Breno Leitao (1): scsi: ibmvscsi: Improve strings handling Catalin Marinas (1): arm64: Add trace_hardirqs_off annotation in ret_to_user Christophe Leroy (1): serial: cpm_uart: return immediately from console poll Colin Ian King (1): net: hp100: fix always-true check for link up state Dan Carpenter (3): rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication() hwmon: (adt7475) Make adt7475_read_word() return errors cifs: read overflow in is_valid_oplock_break() Dan Williams (1): x86/numa_emulation: Fix emulated-to-physical node mapping Danek Duvall (1): mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X Daniel Black (1): mm: madvise(MADV_DODUMP): allow hugetlbfs pages Daniel Drake (1): PCI: Reprogram bridge prefetch registers on resume Dave Martin (1): arm64: KVM: Tighten guest core register access from userspace Emmanuel Grumbach (2): mac80211: fix a race between restart and CSA flows mac80211: shorten the IBSS debug messages Eric Dumazet (1): ipv6: fix possible use-after-free in ip6_xmit() Ethan Tuttle (1): ARM: mvebu: declare asm symbols as character arrays in pmsu.c Felix Fietkau (1): mac80211: fix setting IEEE80211_KEY_FLAG_RX_MGMT for AP mode keys Gao Feng (1): ebtables: arpreply: Add the standard target sanity check Geert Uytterhoeven (1): spi: rspi: Fix interrupted DMA transfers Greg Hackmann (1): staging: android: ion: fix ION_IOC_{MAP,SHARE} use-after-free Greg Kroah-Hartman (1): Linux 3.18.124 Han Xu (1): mtd: fsl-quadspi: fix macro collision problems with READ/WRITE Hari Bathini (1): powerpc/kdump: Handle crashkernel memory reservation failure Hiromitsu Yamasaki (1): spi: sh-msiof: Fix handling of write value for SISTR register Ilan Peer (1): mac80211: Fix station bandwidth setting after channel switch J. Bruce Fields (1): nfsd: fix corrupted reply to badly ordered compound Jann Horn (2): RDMA/ucma: check fd type in ucma_migrate_id() proc: restrict kernel stack dumps to root Jessica Yu (1): module: exclude SHN_UNDEF symbols from kallsyms api Jia-Ju Bai (1): net: cadence: Fix a sleep-in-atomic-context bug in macb_halt_tx() Joe Thornber (1): dm thin metadata: try to avoid ever aborting transactions Joel Fernandes (Google) (1): mm: shmem.c: Correctly annotate new inodes for lockdep Johan Hovold (2): USB: serial: kobil_sct: fix modem-status error handling USB: serial: simple: add Motorola Tetra MTP6550 id Jon Kuhn (1): fs/cifs: don't translate SFM_SLASH (U+F026) to backslash Josh Abraham (1): xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage Julia Lawall (1): usb: wusbcore: security: cast sizeof to int for comparison Julian Wiedmann (1): s390/qeth: don't dump past end of unknown HW header Junxiao Bi (1): ocfs2: fix ocfs2 read block panic Kai-Heng Feng (2): ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED Leonard Crestez (1): crypto: mxs-dcp - Fix wait logic on chan threads Li Dongyang (1): ext4: don't mark mmp buffer head dirty Liam Girdwood (1): ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs Linus Torvalds (1): Make file credentials available to the seqfile interfaces Marc Zyngier (1): arm64: KVM: Sanitize PSTATE.M when being set from userspace Marcel Ziswiler (1): spi: tegra20-slink: explicitly enable/disable clock Matt Ranostay (1): tsl2550: fix lux1_input error in low light Michael Hennerich (1): gpio: adp5588: Fix sleep-in-atomic-context bug Mike Snitzer (1): dm thin metadata: fix __udivdi3 undefined on 32-bit Naoya Horiguchi (2): tools/vm/slabinfo.c: fix sign-compare warning tools/vm/page-types.c: fix "defined but not used" warning Nicholas Mc Guire (1): ALSA: snd-aoa: add of_node_put() in error path Oliver Neukum (2): USB: usbdevfs: sanitize flags more USB: usbdevfs: restore warning for nonsensical flags Paul Mackerras (1): KVM: PPC: Book3S HV: Don't truncate HPTE index in xlate function Prateek Sood (1): cgroup: Fix deadlock in cpu hotplug path Rafael J. Wysocki (1): PM / core: Clear the direct_complete flag on errors Randy Dunlap (2): arch/hexagon: fix kernel/dma.c build warning hexagon: modify ffs() and fls() to return int Richard Weinberger (1): ubifs: Check for name being NULL while mounting Roderick Colenbrander (2): HID: sony: Update device ids HID: sony: Support DS4 dongle Sakari Ailus (1): media: v4l: event: Prevent freeing event subscriptions while accessed Sebastian Andrzej Siewior (1): Revert "usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt()" Stafford Horne (1): crypto: skcipher - Fix -Wstringop-truncation warnings Stephen Rothwell (1): fs/cifs: suppress a string overflow warning Sylwester Nawrocki (1): media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt() Sébastien Szymanski (1): ASoC: cs4265: fix MMTLR Data switch control Takashi Sakamoto (1): ALSA: bebob: use address returned by kmalloc() instead of kernel stack for streaming DMA mapping Theodore Ts'o (14): ext4: avoid divide by zero fault when deleting corrupted inline directories ext4: recalucate superblock checksum after updating free blocks/inodes ext4: fix online resize's handling of a too-small final block group ext4: verify the depth of extent tree in ext4_find_extent() ext4: only look at the bg_flags field if it is valid ext4: fix check to prevent initializing reserved inodes ext4: always check block group bounds in ext4_init_block_bitmap() ext4: fix false negatives *and* false positives in ext4_check_descriptors() ext4: add corruption check in ext4_xattr_set_entry() ext4: always verify the magic number in xattr blocks ext4: never move the system.data xattr out of the inode body ext4: add more inode number paranoia checks jbd2: don't mark block as modified if the handle is out of credits ext4: avoid running out of journal credits when appending to an inline file Thomas Gleixner (1): alarmtimer: Prevent overflow for relative nanosleep Toke Høiland-Jørgensen (1): gso_segment: Reset skb->mac_len after modifying network header Tomi Valkeinen (1): fbdev/omapfb: fix omapfb_memory_read infoleak Tony Lindgren (1): wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout() Vaibhav Nagarnaik (1): ring-buffer: Allow for rescheduling when removing pages Vasily Gorbik (1): s390/extmem: fix gcc 8 stringop-overflow warning Vasily Khoruzhick (1): neighbour: confirm neigh entries when ARP packet is received Vincent Pelletier (2): scsi: target: iscsi: Use hex2bin instead of a re-implementation scsi: target: iscsi: Use bin2hex instead of a re-implementation Vitaly Kuznetsov (1): xen/manage: don't complain about an empty value in control/sysrq node Willy Tarreau (2): ALSA: emu10k1: fix possible info leak to userspace on SNDRV_EMU10K1_IOCTL_INFO net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT Xiao Ni (1): RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0 Zhouyang Jia (4): drivers/tty: add error handling for pcmcia_loop_config media: tm6000: add error handling for dvb_register_adapter HID: hid-ntrig: add error handling for sysfs_create_group scsi: bnx2i: add error handling for ioremap_nocache ming_qian (1): media: uvcvideo: Support realtek's UVC 1.5 device

6 years, 11 months

2
3
0 0

Linux 4.18.14

by Greg KH

I'm announcing the release of the 4.18.14 kernel. All users of the 4.18 kernel series must upgrade. The updated 4.18.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.18.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arc/kernel/process.c | 20 ++ arch/powerpc/include/asm/setup.h | 1 arch/powerpc/lib/code-patching.c | 14 + arch/powerpc/mm/mem.c | 2 arch/x86/entry/vdso/Makefile | 16 +- arch/x86/entry/vdso/vclock_gettime.c | 26 +-- arch/x86/kvm/mmu.c | 24 ++- arch/x86/kvm/vmx.c | 7 block/blk-mq.c | 4 drivers/base/power/main.c | 5 drivers/clocksource/timer-atmel-pit.c | 20 +- drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_vcn.c | 4 drivers/gpu/drm/drm_lease.c | 6 drivers/gpu/drm/drm_syncobj.c | 5 drivers/infiniband/core/ucma.c | 2 drivers/md/dm-cache-metadata.c | 4 drivers/md/dm-cache-target.c | 9 - drivers/md/dm-mpath.c | 14 + drivers/mmc/core/host.c | 2 drivers/mmc/core/slot-gpio.c | 2 drivers/net/wireless/ath/ath10k/wmi-tlv.c | 8 - drivers/net/xen-netback/hash.c | 12 - drivers/of/unittest.c | 26 ++- drivers/pci/pci.c | 27 ++- drivers/tty/tty_io.c | 11 + drivers/usb/class/cdc-acm.c | 6 drivers/usb/host/xhci-mtk.c | 4 drivers/usb/host/xhci-pci.c | 2 drivers/usb/serial/option.c | 15 +- drivers/usb/serial/usb-serial-simple.c | 3 drivers/video/fbdev/omap2/omapfb/omapfb-ioctl.c | 5 fs/f2fs/checkpoint.c | 9 - fs/pstore/ram.c | 29 +++- fs/ubifs/super.c | 3 include/linux/hugetlb.h | 14 + include/linux/mm.h | 6 kernel/events/core.c | 6 mm/huge_memory.c | 2 mm/hugetlb.c | 37 ++++- mm/migrate.c | 3 mm/rmap.c | 42 +++++ mm/vmstat.c | 3 net/mac80211/cfg.c | 2 net/mac80211/iface.c | 3 net/rds/ib.h | 2 net/rds/ib_cm.c | 2 net/rds/ib_recv.c | 10 - net/tipc/netlink_compat.c | 2 net/tipc/socket.c | 17 +- net/tipc/socket.h | 1 tools/testing/selftests/x86/test_vdso.c | 172 ++++++++++++++++++++++++ 53 files changed, 562 insertions(+), 114 deletions(-) Alexandre Belloni (1): clocksource/drivers/timer-atmel-pit: Properly handle error cases Andy Lutomirski (4): x86/vdso: Fix asm constraints on vDSO syscall fallbacks selftests/x86: Add clock_gettime() tests to test_vdso x86/vdso: Only enable vDSO retpolines when enabled and supported x86/vdso: Fix vDSO syscall fallback asm constraint regression Chao Yu (1): f2fs: fix invalid memory access Christophe Leroy (1): powerpc/lib: fix book3s/32 boot failure due to code patching Chunfeng Yun (1): usb: xhci-mtk: resume USB3 roothub first Cong Wang (2): tipc: call start and done ops directly in __tipc_nl_compat_dumpit() ucma: fix a use-after-free in ucma_resolve_ip() Daniel Drake (1): PCI: Reprogram bridge prefetch registers on resume Dmitry Safonov (1): tty: Drop tty->count on tty_reopen() failure Felix Fietkau (2): mac80211: allocate TXQs for active monitor interfaces mac80211: fix setting IEEE80211_KEY_FLAG_RX_MGMT for AP mode keys Greg Kroah-Hartman (1): Linux 4.18.14 Guenter Roeck (1): of: unittest: Disable interrupt node tests for old world MAC systems Ilya Dryomov (1): blk-mq: I/O and timer unplugs are inverted in blktrace Jan Beulich (1): xen-netback: fix input validation in xenvif_set_hash_mapping() Jann Horn (2): mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly drm: fix use-after-free read in drm_mode_create_lease_ioctl() Jason Ekstrand (1): drm/syncobj: Don't leak fences when WAIT_FOR_SUBMIT is set Joe Thornber (1): dm cache metadata: ignore hints array being too small during resize Johan Hovold (2): USB: serial: simple: add Motorola Tetra MTP6550 id USB: serial: option: add two-endpoints device-id flag Ka-Cheong Poon (1): rds: rds_ib_recv_alloc_cache() should call alloc_percpu_gfp() instead Kees Cook (1): pstore/ram: Fix failure-path memory leak in ramoops_init Kirill A. Shutemov (1): mm, thp: fix mlocking THP page with migration enabled Kristian Evensen (1): USB: serial: option: improve Quectel EP06 detection Marek Szyprowski (1): mmc: slot-gpio: Fix debounce time to use miliseconds again Mathias Nyman (1): xhci: Add missing CAS workaround for Intel Sunrise Point xHCI Michael Neuling (1): powerpc: Avoid code patching freed init sections Mike Kravetz (1): mm: migration: fix migration of huge PMD shared pages Mike Snitzer (2): dm mpath: fix attached_handler_name leak and dangling hw_handler_name pointer dm cache: fix resize crash if user doesn't reload cache table Rafael J. Wysocki (1): PM / core: Clear the direct_complete flag on errors Reinette Chatre (1): perf/core: Add sanity check to deal with pinned event failure Rex Zhu (1): drm/amdgpu: Fix vce work queue was not cancelled when suspend Richard Weinberger (1): ubifs: Check for name being NULL while mounting Romain Izard (1): usb: cdc_acm: Do not leak URB buffers Sean Christopherson (2): KVM: x86: fix L1TF's MMIO GFN calculation KVM: VMX: check for existence of secondary exec controls before accessing Tomi Valkeinen (1): fbdev/omapfb: fix omapfb_memory_read infoleak Tony Lindgren (1): mmc: core: Fix debounce time to use microseconds Vineet Gupta (1): ARC: clone syscall to setp r25 as thread pointer Zhi Chen (1): ath10k: fix scan crash due to incorrect length calculation

6 years, 11 months

1
1
0 0

Linux 4.14.76

by Greg KH

I'm announcing the release of the 4.14.76 kernel. All users of the 4.14 kernel series must upgrade. The updated 4.14.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.14.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arc/kernel/process.c | 20 ++ arch/powerpc/include/asm/setup.h | 1 arch/powerpc/lib/code-patching.c | 45 +++--- arch/powerpc/mm/mem.c | 2 arch/x86/entry/vdso/Makefile | 16 +- arch/x86/entry/vdso/vclock_gettime.c | 26 +-- arch/x86/kvm/mmu.c | 24 ++- block/blk-mq.c | 4 drivers/base/power/main.c | 5 drivers/clocksource/timer-atmel-pit.c | 20 +- drivers/crypto/chelsio/chcr_algo.c | 41 +++-- drivers/crypto/chelsio/chcr_crypto.h | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_vcn.c | 4 drivers/gpu/drm/drm_syncobj.c | 5 drivers/infiniband/core/ucma.c | 2 drivers/md/dm-cache-metadata.c | 4 drivers/md/dm-cache-target.c | 9 - drivers/net/wireless/ath/ath10k/debug.c | 12 + drivers/net/wireless/ath/ath10k/trace.h | 12 - drivers/net/wireless/ath/ath10k/wmi-tlv.c | 8 - drivers/net/wireless/ath/ath10k/wmi.c | 2 drivers/net/xen-netback/hash.c | 12 - drivers/nvme/host/fc.c | 4 drivers/of/unittest.c | 26 ++- drivers/pci/pci.c | 27 ++- drivers/tty/tty_io.c | 11 + drivers/usb/class/cdc-acm.c | 6 drivers/usb/host/xhci-mtk.c | 4 drivers/usb/host/xhci-pci.c | 2 drivers/usb/serial/usb-serial-simple.c | 3 drivers/video/fbdev/omap2/omapfb/omapfb-ioctl.c | 5 drivers/virtio/virtio_balloon.c | 23 ++- fs/f2fs/checkpoint.c | 9 - fs/ubifs/super.c | 3 include/linux/balloon_compaction.h | 35 ++++ include/linux/hugetlb.h | 14 + include/linux/mm.h | 6 kernel/events/core.c | 6 mm/balloon_compaction.c | 28 ++- mm/huge_memory.c | 2 mm/hugetlb.c | 37 ++++- mm/migrate.c | 3 mm/rmap.c | 42 +++++ mm/vmstat.c | 3 net/mac80211/cfg.c | 2 net/rds/ib.h | 2 net/rds/ib_cm.c | 2 net/rds/ib_recv.c | 10 - tools/perf/builtin-script.c | 14 - tools/perf/util/annotate.c | 17 +- tools/perf/util/path.c | 14 + tools/perf/util/path.h | 3 tools/perf/util/setup.py | 2 tools/testing/selftests/x86/test_vdso.c | 172 ++++++++++++++++++++++++ 56 files changed, 660 insertions(+), 158 deletions(-) Alexandre Belloni (1): clocksource/drivers/timer-atmel-pit: Properly handle error cases Andy Lutomirski (4): x86/vdso: Fix asm constraints on vDSO syscall fallbacks selftests/x86: Add clock_gettime() tests to test_vdso x86/vdso: Only enable vDSO retpolines when enabled and supported x86/vdso: Fix vDSO syscall fallback asm constraint regression Arnaldo Carvalho de Melo (1): perf annotate: Use asprintf when formatting objdump command line Carl Huang (1): ath10k: fix use-after-free in ath10k_wmi_cmd_send_nowait Chao Yu (1): f2fs: fix invalid memory access Christophe Leroy (2): powerpc/lib/code-patching: refactor patch_instruction() powerpc/lib: fix book3s/32 boot failure due to code patching Chunfeng Yun (1): usb: xhci-mtk: resume USB3 roothub first Cong Wang (1): ucma: fix a use-after-free in ucma_resolve_ip() Daniel Drake (1): PCI: Reprogram bridge prefetch registers on resume Dmitry Safonov (1): tty: Drop tty->count on tty_reopen() failure Felix Fietkau (1): mac80211: fix setting IEEE80211_KEY_FLAG_RX_MGMT for AP mode keys Greg Kroah-Hartman (1): Linux 4.14.76 Guenter Roeck (1): of: unittest: Disable interrupt node tests for old world MAC systems Harsh Jain (1): crypto: chelsio - Fix memory corruption in DMA Mapped buffers. Ilya Dryomov (1): blk-mq: I/O and timer unplugs are inverted in blktrace James Smart (1): nvme_fc: fix ctrl create failures racing with workq items Jan Beulich (1): xen-netback: fix input validation in xenvif_set_hash_mapping() Jan Stancek (1): virtio_balloon: fix increment of vb->num_pfns in fill_balloon() Jann Horn (1): mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly Jason Ekstrand (1): drm/syncobj: Don't leak fences when WAIT_FOR_SUBMIT is set Jiri Olsa (2): perf tools: Fix python extension build for gcc 8 perf utils: Move is_directory() to path.h Joe Thornber (1): dm cache metadata: ignore hints array being too small during resize Johan Hovold (1): USB: serial: simple: add Motorola Tetra MTP6550 id Ka-Cheong Poon (1): rds: rds_ib_recv_alloc_cache() should call alloc_percpu_gfp() instead Kirill A. Shutemov (1): mm, thp: fix mlocking THP page with migration enabled Mathias Nyman (1): xhci: Add missing CAS workaround for Intel Sunrise Point xHCI Michael Neuling (1): powerpc: Avoid code patching freed init sections Michael S. Tsirkin (1): virtio_balloon: fix deadlock on OOM Mike Kravetz (1): mm: migration: fix migration of huge PMD shared pages Mike Snitzer (1): dm cache: fix resize crash if user doesn't reload cache table Rafael J. Wysocki (1): PM / core: Clear the direct_complete flag on errors Reinette Chatre (1): perf/core: Add sanity check to deal with pinned event failure Rex Zhu (1): drm/amdgpu: Fix vce work queue was not cancelled when suspend Richard Weinberger (1): ubifs: Check for name being NULL while mounting Romain Izard (1): usb: cdc_acm: Do not leak URB buffers Sean Christopherson (1): KVM: x86: fix L1TF's MMIO GFN calculation Tomi Valkeinen (1): fbdev/omapfb: fix omapfb_memory_read infoleak Vineet Gupta (1): ARC: clone syscall to setp r25 as thread pointer Yu Wang (1): ath10k: fix kernel panic issue during pci probe Zhi Chen (1): ath10k: fix scan crash due to incorrect length calculation

6 years, 11 months

1
1
0 0

Linux 4.9.133

by Greg KH

I'm announcing the release of the 4.9.133 kernel. All users of the 4.9 kernel series must upgrade. The updated 4.9.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.9.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/kernel-parameters.txt | 6 --- Makefile | 2 - arch/arc/kernel/process.c | 20 ++++++++++++ arch/powerpc/kernel/fadump.c | 23 +++++++++----- arch/x86/crypto/crc32c-intel_glue.c | 17 ++-------- arch/x86/entry/vdso/vclock_gettime.c | 26 ++++++++-------- arch/x86/include/asm/cpufeatures.h | 1 arch/x86/include/asm/fixmap.h | 10 ++++++ arch/x86/include/asm/fpu/internal.h | 37 ---------------------- arch/x86/include/asm/fpu/types.h | 34 -------------------- arch/x86/include/asm/pgtable_64.h | 3 + arch/x86/include/asm/trace/fpu.h | 5 --- arch/x86/kernel/fpu/core.c | 39 ++---------------------- arch/x86/kernel/fpu/signal.c | 8 +--- arch/x86/kernel/fpu/xstate.c | 9 ----- arch/x86/kernel/head_64.S | 16 +++++++-- arch/x86/kvm/cpuid.c | 4 -- arch/x86/kvm/x86.c | 10 ------ arch/x86/mm/pgtable.c | 9 +++++ arch/x86/mm/pkeys.c | 3 - arch/x86/xen/mmu.c | 8 +++- drivers/base/power/main.c | 5 ++- drivers/infiniband/core/ucma.c | 2 + drivers/md/dm-cache-metadata.c | 4 +- drivers/md/dm-cache-target.c | 9 ++++- drivers/net/wireless/ath/ath10k/debug.c | 12 ++++++- drivers/net/wireless/ath/ath10k/trace.h | 12 ++----- drivers/net/wireless/ath/ath10k/wmi-tlv.c | 8 ++-- drivers/net/wireless/ath/ath10k/wmi.c | 2 - drivers/net/xen-netback/hash.c | 12 ++++--- drivers/of/unittest.c | 28 +++++++++++------ drivers/pci/pci.c | 27 +++++++++++----- drivers/tty/tty_io.c | 11 ++++-- drivers/usb/host/xhci-mtk.c | 4 +- drivers/usb/host/xhci-pci.c | 2 + drivers/usb/serial/usb-serial-simple.c | 3 + drivers/video/fbdev/omap2/omapfb/omapfb-ioctl.c | 5 ++- fs/ext4/xattr.c | 28 ++++++++++------- fs/f2fs/checkpoint.c | 9 +++-- fs/ubifs/super.c | 3 + include/linux/netfilter_bridge/ebtables.h | 5 +++ kernel/cgroup.c | 6 +++ mm/vmstat.c | 3 + net/bridge/netfilter/ebt_arpreply.c | 3 + net/mac80211/cfg.c | 2 - tools/arch/x86/include/asm/cpufeatures.h | 1 46 files changed, 243 insertions(+), 253 deletions(-) Andy Lutomirski (4): x86/vdso: Fix asm constraints on vDSO syscall fallbacks x86/vdso: Fix vDSO syscall fallback asm constraint regression x86/fpu: Remove use_eager_fpu() x86/fpu: Finish excising 'eagerfpu' Carl Huang (1): ath10k: fix use-after-free in ath10k_wmi_cmd_send_nowait Chao Yu (1): f2fs: fix invalid memory access Chunfeng Yun (1): usb: xhci-mtk: resume USB3 roothub first Cong Wang (1): ucma: fix a use-after-free in ucma_resolve_ip() Daniel Drake (1): PCI: Reprogram bridge prefetch registers on resume Dmitry Safonov (1): tty: Drop tty->count on tty_reopen() failure Felix Fietkau (1): mac80211: fix setting IEEE80211_KEY_FLAG_RX_MGMT for AP mode keys Feng Tang (1): x86/mm: Expand static page table for fixmap space Gao Feng (1): ebtables: arpreply: Add the standard target sanity check Greg Kroah-Hartman (2): Revert "perf: sync up x86/.../cpufeatures.h" Linux 4.9.133 Guenter Roeck (1): of: unittest: Disable interrupt node tests for old world MAC systems Jan Beulich (1): xen-netback: fix input validation in xenvif_set_hash_mapping() Jann Horn (1): mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly Joe Thornber (1): dm cache metadata: ignore hints array being too small during resize Johan Hovold (1): USB: serial: simple: add Motorola Tetra MTP6550 id Mathias Nyman (1): xhci: Add missing CAS workaround for Intel Sunrise Point xHCI Michal Suchanek (1): powerpc/fadump: Return error when fadump registration fails Mike Snitzer (1): dm cache: fix resize crash if user doesn't reload cache table Prateek Sood (1): cgroup: Fix deadlock in cpu hotplug path Rafael J. Wysocki (1): PM / core: Clear the direct_complete flag on errors Richard Weinberger (1): ubifs: Check for name being NULL while mounting Rik van Riel (1): x86/fpu: Remove struct fpu::counter Theodore Ts'o (2): ext4: add corruption check in ext4_xattr_set_entry() ext4: always verify the magic number in xattr blocks Tomi Valkeinen (1): fbdev/omapfb: fix omapfb_memory_read infoleak Vineet Gupta (1): ARC: clone syscall to setp r25 as thread pointer Yu Wang (1): ath10k: fix kernel panic issue during pci probe Zhi Chen (1): ath10k: fix scan crash due to incorrect length calculation

6 years, 11 months

1
1
0 0

Linux 4.4.161

by Greg KH

I'm announcing the release of the 4.4.161 kernel. All users of the 4.4 kernel series must upgrade. The updated 4.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.4.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arc/kernel/process.c | 20 + arch/powerpc/kernel/fadump.c | 23 - arch/x86/entry/vdso/vclock_gettime.c | 26 - drivers/base/power/main.c | 5 drivers/infiniband/core/ucma.c | 2 drivers/md/dm-cache-target.c | 9 drivers/net/wireless/ath/ath10k/trace.h | 12 drivers/net/wireless/ath/ath10k/wmi-tlv.c | 8 drivers/net/wireless/ath/ath10k/wmi.c | 2 drivers/of/unittest.c | 28 + drivers/pci/pci.c | 27 + drivers/usb/host/xhci-pci.c | 2 drivers/usb/serial/usb-serial-simple.c | 3 drivers/video/fbdev/omap2/omapfb/omapfb-ioctl.c | 5 fs/ext4/xattr.c | 6 fs/ubifs/super.c | 3 include/linux/netfilter_bridge/ebtables.h | 5 include/linux/skbuff.h | 8 include/linux/tcp.h | 7 include/net/sock.h | 7 include/net/tcp.h | 2 kernel/cgroup.c | 6 mm/vmstat.c | 3 net/bridge/netfilter/ebt_arpreply.c | 3 net/core/skbuff.c | 19 + net/ipv4/tcp.c | 4 net/ipv4/tcp_input.c | 417 ++++++++++++++---------- net/ipv4/tcp_ipv4.c | 3 net/ipv4/tcp_minisocks.c | 1 net/ipv6/tcp_ipv6.c | 1 net/mac80211/cfg.c | 2 32 files changed, 438 insertions(+), 233 deletions(-) Andy Lutomirski (2): x86/vdso: Fix asm constraints on vDSO syscall fallbacks x86/vdso: Fix vDSO syscall fallback asm constraint regression Carl Huang (1): ath10k: fix use-after-free in ath10k_wmi_cmd_send_nowait Cong Wang (1): ucma: fix a use-after-free in ucma_resolve_ip() Daniel Drake (1): PCI: Reprogram bridge prefetch registers on resume Eric Dumazet (5): tcp: increment sk_drops for dropped rx packets tcp: fix a stale ooo_last_skb after a replace tcp: free batches of packets in tcp_prune_ofo_queue() tcp: call tcp_drop() from tcp_data_queue_ofo() tcp: add tcp_ooo_try_coalesce() helper Felix Fietkau (1): mac80211: fix setting IEEE80211_KEY_FLAG_RX_MGMT for AP mode keys Gao Feng (1): ebtables: arpreply: Add the standard target sanity check Greg Kroah-Hartman (1): Linux 4.4.161 Guenter Roeck (1): of: unittest: Disable interrupt node tests for old world MAC systems Jann Horn (1): mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly Johan Hovold (1): USB: serial: simple: add Motorola Tetra MTP6550 id Mathias Nyman (1): xhci: Add missing CAS workaround for Intel Sunrise Point xHCI Michal Suchanek (1): powerpc/fadump: Return error when fadump registration fails Mike Snitzer (1): dm cache: fix resize crash if user doesn't reload cache table Prateek Sood (1): cgroup: Fix deadlock in cpu hotplug path Rafael J. Wysocki (1): PM / core: Clear the direct_complete flag on errors Richard Weinberger (1): ubifs: Check for name being NULL while mounting Theodore Ts'o (1): ext4: always verify the magic number in xattr blocks Tomi Valkeinen (1): fbdev/omapfb: fix omapfb_memory_read infoleak Vineet Gupta (1): ARC: clone syscall to setp r25 as thread pointer Yaogong Wang (1): tcp: use an RB tree for ooo receive queue Zhi Chen (1): ath10k: fix scan crash due to incorrect length calculation

6 years, 11 months

1
1
0 0

[PATCH 3.18 000/120] 3.18.124-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 3.18.124 release. There are 120 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat Oct 13 15:25:29 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v3.x/stable-review/patch-3.18.124-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-3.18.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 3.18.124-rc1 Gao Feng <gfree.wind(a)vip.163.com> ebtables: arpreply: Add the standard target sanity check Richard Weinberger <richard(a)nod.at> ubifs: Check for name being NULL while mounting Prateek Sood <prsood(a)codeaurora.org> cgroup: Fix deadlock in cpu hotplug path Theodore Ts'o <tytso(a)mit.edu> ext4: avoid running out of journal credits when appending to an inline file Theodore Ts'o <tytso(a)mit.edu> jbd2: don't mark block as modified if the handle is out of credits Theodore Ts'o <tytso(a)mit.edu> ext4: add more inode number paranoia checks Theodore Ts'o <tytso(a)mit.edu> ext4: never move the system.data xattr out of the inode body Theodore Ts'o <tytso(a)mit.edu> ext4: always verify the magic number in xattr blocks Theodore Ts'o <tytso(a)mit.edu> ext4: add corruption check in ext4_xattr_set_entry() Theodore Ts'o <tytso(a)mit.edu> ext4: fix false negatives *and* false positives in ext4_check_descriptors() Theodore Ts'o <tytso(a)mit.edu> ext4: always check block group bounds in ext4_init_block_bitmap() Theodore Ts'o <tytso(a)mit.edu> ext4: fix check to prevent initializing reserved inodes Theodore Ts'o <tytso(a)mit.edu> ext4: only look at the bg_flags field if it is valid Johan Hovold <johan(a)kernel.org> USB: serial: simple: add Motorola Tetra MTP6550 id Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM / core: Clear the direct_complete flag on errors Felix Fietkau <nbd(a)nbd.name> mac80211: fix setting IEEE80211_KEY_FLAG_RX_MGMT for AP mode keys Daniel Drake <drake(a)endlessm.com> PCI: Reprogram bridge prefetch registers on resume Andy Lutomirski <luto(a)kernel.org> x86/vdso: Fix vDSO syscall fallback asm constraint regression Andy Lutomirski <luto(a)kernel.org> x86/vdso: Fix asm constraints on vDSO syscall fallbacks Tomi Valkeinen <tomi.valkeinen(a)ti.com> fbdev/omapfb: fix omapfb_memory_read infoleak Jann Horn <jannh(a)google.com> proc: restrict kernel stack dumps to root Linus Torvalds <torvalds(a)linux-foundation.org> Make file credentials available to the seqfile interfaces Mike Snitzer <snitzer(a)redhat.com> dm thin metadata: fix __udivdi3 undefined on 32-bit Ashish Samant <ashish.samant(a)oracle.com> ocfs2: fix locking for res->tracking and dlm->tracking_list Leonard Crestez <leonard.crestez(a)nxp.com> crypto: mxs-dcp - Fix wait logic on chan threads Aurelien Aptel <aaptel(a)suse.com> smb2: fix missing files in root share directory listing Josh Abraham <j.abraham1776(a)gmail.com> xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage Vitaly Kuznetsov <vkuznets(a)redhat.com> xen/manage: don't complain about an empty value in control/sysrq node Dan Carpenter <dan.carpenter(a)oracle.com> cifs: read overflow in is_valid_oplock_break() Julian Wiedmann <jwi(a)linux.ibm.com> s390/qeth: don't dump past end of unknown HW header Kai-Heng Feng <kai.heng.feng(a)canonical.com> r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED Randy Dunlap <rdunlap(a)infradead.org> hexagon: modify ffs() and fls() to return int Randy Dunlap <rdunlap(a)infradead.org> arch/hexagon: fix kernel/dma.c build warning Joe Thornber <ejt(a)redhat.com> dm thin metadata: try to avoid ever aborting transactions Stephen Rothwell <sfr(a)canb.auug.org.au> fs/cifs: suppress a string overflow warning Ben Hutchings <ben.hutchings(a)codethink.co.uk> USB: yurex: Check for truncation in yurex_read() Jann Horn <jannh(a)google.com> RDMA/ucma: check fd type in ucma_migrate_id() Daniel Black <daniel(a)linux.ibm.com> mm: madvise(MADV_DODUMP): allow hugetlbfs pages Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> tools/vm/page-types.c: fix "defined but not used" warning Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> tools/vm/slabinfo.c: fix sign-compare warning Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> mac80211: shorten the IBSS debug messages Ilan Peer <ilan.peer(a)intel.com> mac80211: Fix station bandwidth setting after channel switch Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> mac80211: fix a race between restart and CSA flows Jon Kuhn <jkuhn(a)barracuda.com> fs/cifs: don't translate SFM_SLASH (U+F026) to backslash Jia-Ju Bai <baijiaju1990(a)gmail.com> net: cadence: Fix a sleep-in-atomic-context bug in macb_halt_tx() Xiao Ni <xni(a)redhat.com> RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0 Arunk Khandavalli <akhandav(a)codeaurora.org> cfg80211: nl80211_update_ft_ies() to validate NL80211_ATTR_IE Michael Hennerich <michael.hennerich(a)analog.com> gpio: adp5588: Fix sleep-in-atomic-context bug Danek Duvall <duvall(a)comfychair.org> mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X Paul Mackerras <paulus(a)ozlabs.org> KVM: PPC: Book3S HV: Don't truncate HPTE index in xlate function Sakari Ailus <sakari.ailus(a)linux.intel.com> media: v4l: event: Prevent freeing event subscriptions while accessed Marc Zyngier <marc.zyngier(a)arm.com> arm64: KVM: Sanitize PSTATE.M when being set from userspace Dan Carpenter <dan.carpenter(a)oracle.com> hwmon: (adt7475) Make adt7475_read_word() return errors Bo Chen <chenbo(a)pdx.edu> e1000: ensure to free old tx/rx rings in set_ringparam() Bo Chen <chenbo(a)pdx.edu> e1000: check on netif_running() before calling e1000_up() Anson Huang <Anson.Huang(a)nxp.com> thermal: of-thermal: disable passive polling when thermal zone is disabled Theodore Ts'o <tytso(a)mit.edu> ext4: verify the depth of extent tree in ext4_find_extent() Dave Martin <Dave.Martin(a)arm.com> arm64: KVM: Tighten guest core register access from userspace Greg Hackmann <ghackmann(a)android.com> staging: android: ion: fix ION_IOC_{MAP,SHARE} use-after-free Vincent Pelletier <plr.vincent(a)gmail.com> scsi: target: iscsi: Use bin2hex instead of a re-implementation Alan Stern <stern(a)rowland.harvard.edu> USB: remove LPM management from usb_driver_claim_interface() Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> Revert "usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt()" Oliver Neukum <oneukum(a)suse.com> USB: usbdevfs: restore warning for nonsensical flags Oliver Neukum <oneukum(a)suse.com> USB: usbdevfs: sanitize flags more ming_qian <ming_qian(a)realsil.com.cn> media: uvcvideo: Support realtek's UVC 1.5 device Alexey Dobriyan <adobriyan(a)gmail.com> slub: make ->cpu_partial unsigned int Alan Stern <stern(a)rowland.harvard.edu> USB: handle NULL config in usb_find_alt_setting() Alan Stern <stern(a)rowland.harvard.edu> USB: fix error handling in usb_driver_claim_interface() Geert Uytterhoeven <geert+renesas(a)glider.be> spi: rspi: Fix interrupted DMA transfers Hiromitsu Yamasaki <hiromitsu.yamasaki.ym(a)renesas.com> spi: sh-msiof: Fix handling of write value for SISTR register Marcel Ziswiler <marcel.ziswiler(a)toradex.com> spi: tegra20-slink: explicitly enable/disable clock Christophe Leroy <christophe.leroy(a)c-s.fr> serial: cpm_uart: return immediately from console poll Andy Whitcroft <apw(a)canonical.com> floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl J. Bruce Fields <bfields(a)redhat.com> nfsd: fix corrupted reply to badly ordered compound Jessica Yu <jeyu(a)kernel.org> module: exclude SHN_UNDEF symbols from kallsyms api Liam Girdwood <liam.r.girdwood(a)linux.intel.com> ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs Zhouyang Jia <jiazhouyang09(a)gmail.com> scsi: bnx2i: add error handling for ioremap_nocache Zhouyang Jia <jiazhouyang09(a)gmail.com> HID: hid-ntrig: add error handling for sysfs_create_group Ethan Tuttle <ethan(a)ethantuttle.com> ARM: mvebu: declare asm symbols as character arrays in pmsu.c Tony Lindgren <tony(a)atomide.com> wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout() Dan Carpenter <dan.carpenter(a)oracle.com> rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication() Kai-Heng Feng <kai.heng.feng(a)canonical.com> ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge Zhouyang Jia <jiazhouyang09(a)gmail.com> media: tm6000: add error handling for dvb_register_adapter Zhouyang Jia <jiazhouyang09(a)gmail.com> drivers/tty: add error handling for pcmcia_loop_config Alistair Strachan <astrachan(a)google.com> staging: android: ashmem: Fix mmap size validation Akinobu Mita <akinobu.mita(a)gmail.com> media: soc_camera: ov772x: correct setting of banding filter Akinobu Mita <akinobu.mita(a)gmail.com> media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power Nicholas Mc Guire <hofrat(a)osadl.org> ALSA: snd-aoa: add of_node_put() in error path Vasily Gorbik <gor(a)linux.ibm.com> s390/extmem: fix gcc 8 stringop-overflow warning Thomas Gleixner <tglx(a)linutronix.de> alarmtimer: Prevent overflow for relative nanosleep Julia Lawall <Julia.Lawall(a)lip6.fr> usb: wusbcore: security: cast sizeof to int for comparison Breno Leitao <leitao(a)debian.org> scsi: ibmvscsi: Improve strings handling Bart Van Assche <bart.vanassche(a)wdc.com> scsi: target/iscsi: Make iscsit_ta_authentication() respect the output buffer size Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> x86/tsc: Add missing header to tsc_msr.c Hari Bathini <hbathini(a)linux.ibm.com> powerpc/kdump: Handle crashkernel memory reservation failure Sylwester Nawrocki <s.nawrocki(a)samsung.com> media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt() Johan Hovold <johan(a)kernel.org> USB: serial: kobil_sct: fix modem-status error handling Anton Vasilyev <vasilyev(a)ispras.ru> uwb: hwa-rc: fix memory leak at probe Dan Williams <dan.j.williams(a)intel.com> x86/numa_emulation: Fix emulated-to-physical node mapping Matt Ranostay <matt.ranostay(a)konsulko.com> tsl2550: fix lux1_input error in low light Stafford Horne <shorne(a)gmail.com> crypto: skcipher - Fix -Wstringop-truncation warnings Roderick Colenbrander <roderick.colenbrander(a)sony.com> HID: sony: Support DS4 dongle Roderick Colenbrander <roderick.colenbrander(a)sony.com> HID: sony: Update device ids Catalin Marinas <catalin.marinas(a)arm.com> arm64: Add trace_hardirqs_off annotation in ret_to_user Li Dongyang <dongyangli(a)ddn.com> ext4: don't mark mmp buffer head dirty Theodore Ts'o <tytso(a)mit.edu> ext4: fix online resize's handling of a too-small final block group Theodore Ts'o <tytso(a)mit.edu> ext4: recalucate superblock checksum after updating free blocks/inodes Theodore Ts'o <tytso(a)mit.edu> ext4: avoid divide by zero fault when deleting corrupted inline directories Junxiao Bi <junxiao.bi(a)oracle.com> ocfs2: fix ocfs2 read block panic Vincent Pelletier <plr.vincent(a)gmail.com> scsi: target: iscsi: Use hex2bin instead of a re-implementation Eric Dumazet <edumazet(a)google.com> ipv6: fix possible use-after-free in ip6_xmit() Vasily Khoruzhick <vasilykh(a)arista.com> neighbour: confirm neigh entries when ARP packet is received Colin Ian King <colin.king(a)canonical.com> net: hp100: fix always-true check for link up state Willy Tarreau <w(a)1wt.eu> net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT Toke Høiland-Jørgensen <toke(a)toke.dk> gso_segment: Reset skb->mac_len after modifying network header Joel Fernandes (Google) <joel(a)joelfernandes.org> mm: shmem.c: Correctly annotate new inodes for lockdep Vaibhav Nagarnaik <vnagarnaik(a)google.com> ring-buffer: Allow for rescheduling when removing pages Willy Tarreau <w(a)1wt.eu> ALSA: emu10k1: fix possible info leak to userspace on SNDRV_EMU10K1_IOCTL_INFO Takashi Sakamoto <o-takashi(a)sakamocchi.jp> ALSA: bebob: use address returned by kmalloc() instead of kernel stack for streaming DMA mapping Sébastien Szymanski <sebastien.szymanski(a)armadeus.com> ASoC: cs4265: fix MMTLR Data switch control ------------- Diffstat: Makefile | 4 +- arch/arm/mach-mvebu/pmsu.c | 6 +- arch/arm64/include/asm/kvm_emulate.h | 5 ++ arch/arm64/kernel/entry.S | 3 + arch/arm64/kvm/guest.c | 55 +++++++++++++++- arch/hexagon/include/asm/bitops.h | 4 +- arch/hexagon/kernel/dma.c | 2 +- arch/powerpc/kernel/machine_kexec.c | 7 ++- arch/powerpc/kvm/book3s_64_mmu_hv.c | 2 +- arch/s390/mm/extmem.c | 4 +- arch/x86/kernel/tsc_msr.c | 1 + arch/x86/mm/numa_emulation.c | 2 +- arch/x86/vdso/vclock_gettime.c | 26 ++++---- crypto/ablkcipher.c | 2 + crypto/blkcipher.c | 1 + drivers/base/power/main.c | 5 +- drivers/block/floppy.c | 3 + drivers/crypto/mxs-dcp.c | 53 +++++++++------- drivers/gpio/gpio-adp5588.c | 24 +++++-- drivers/hid/hid-core.c | 3 + drivers/hid/hid-ids.h | 2 + drivers/hid/hid-ntrig.c | 2 + drivers/hid/hid-sony.c | 6 ++ drivers/hwmon/adt7475.c | 14 +++-- drivers/infiniband/core/ucma.c | 6 ++ drivers/md/dm-thin-metadata.c | 34 +++++++++- drivers/md/dm-thin.c | 73 +++++++++++++++++++--- drivers/md/raid10.c | 5 +- drivers/media/i2c/soc_camera/ov772x.c | 2 +- drivers/media/platform/exynos4-is/fimc-isp-video.c | 11 +++- drivers/media/platform/s3c-camif/camif-capture.c | 2 + drivers/media/usb/tm6000/tm6000-dvb.c | 5 ++ drivers/media/usb/uvc/uvc_video.c | 24 +++++-- drivers/media/v4l2-core/v4l2-event.c | 37 +++++------ drivers/media/v4l2-core/v4l2-fh.c | 2 + drivers/misc/tsl2550.c | 2 +- drivers/net/appletalk/ipddp.c | 8 ++- drivers/net/ethernet/cadence/macb.c | 2 +- drivers/net/ethernet/hp/hp100.c | 2 +- drivers/net/ethernet/intel/e1000/e1000_ethtool.c | 7 ++- drivers/net/ethernet/realtek/r8169.c | 9 ++- drivers/net/wireless/rndis_wlan.c | 2 + drivers/net/wireless/ti/wlcore/cmd.c | 6 ++ drivers/pci/pci.c | 27 +++++--- drivers/s390/net/qeth_l2_main.c | 2 +- drivers/s390/net/qeth_l3_main.c | 2 +- drivers/scsi/bnx2i/bnx2i_hwi.c | 2 + drivers/scsi/ibmvscsi/ibmvscsi.c | 4 +- drivers/spi/spi-rspi.c | 10 +-- drivers/spi/spi-sh-msiof.c | 3 +- drivers/spi/spi-tegra20-slink.c | 31 ++++++--- drivers/staging/android/ashmem.c | 6 ++ drivers/staging/android/ion/ion.c | 60 +++++++++++------- drivers/target/iscsi/iscsi_target_auth.c | 45 +++++-------- drivers/target/iscsi/iscsi_target_tpg.c | 3 +- drivers/thermal/of-thermal.c | 7 ++- drivers/tty/serial/8250/serial_cs.c | 6 +- drivers/tty/serial/cpm_uart/cpm_uart_core.c | 10 ++- drivers/usb/class/cdc-wdm.c | 2 +- drivers/usb/core/devio.c | 24 ++++++- drivers/usb/core/driver.c | 28 ++++----- drivers/usb/core/usb.c | 2 + drivers/usb/misc/yurex.c | 3 + drivers/usb/serial/kobil_sct.c | 12 +++- drivers/usb/serial/usb-serial-simple.c | 3 +- drivers/usb/wusbcore/security.c | 2 +- drivers/uwb/hwa-rc.c | 1 + drivers/video/fbdev/omap2/omapfb/omapfb-ioctl.c | 5 +- drivers/xen/events/events_base.c | 2 +- drivers/xen/manage.c | 6 +- fs/cifs/cifs_unicode.c | 3 - fs/cifs/cifssmb.c | 11 +++- fs/cifs/misc.c | 8 +++ fs/cifs/smb2ops.c | 2 +- fs/ext4/balloc.c | 21 ++++--- fs/ext4/dir.c | 20 +++--- fs/ext4/ext4.h | 8 --- fs/ext4/ext4_extents.h | 1 + fs/ext4/extents.c | 6 ++ fs/ext4/ialloc.c | 19 +++++- fs/ext4/inline.c | 42 ++----------- fs/ext4/inode.c | 3 +- fs/ext4/mballoc.c | 6 +- fs/ext4/mmp.c | 1 - fs/ext4/resize.c | 20 ++++++ fs/ext4/super.c | 14 ++++- fs/ext4/xattr.c | 49 +++++++-------- fs/jbd2/transaction.c | 2 +- fs/nfsd/nfs4proc.c | 1 + fs/ocfs2/buffer_head_io.c | 1 + fs/ocfs2/dlm/dlmmaster.c | 4 +- fs/proc/base.c | 14 +++++ fs/seq_file.c | 7 ++- fs/ubifs/super.c | 3 + include/linux/netfilter_bridge/ebtables.h | 5 ++ include/linux/seq_file.h | 13 ++-- include/linux/slub_def.h | 3 +- include/media/v4l2-fh.h | 1 + kernel/cgroup.c | 6 +- kernel/module.c | 6 +- kernel/time/alarmtimer.c | 3 +- kernel/trace/ring_buffer.c | 2 + mm/madvise.c | 2 +- mm/shmem.c | 2 + mm/slub.c | 6 +- net/bridge/netfilter/ebt_arpreply.c | 3 + net/core/neighbour.c | 13 ++-- net/ipv4/af_inet.c | 1 + net/ipv6/ip6_offload.c | 1 + net/ipv6/ip6_output.c | 3 +- net/mac80211/cfg.c | 2 +- net/mac80211/ibss.c | 22 +++---- net/mac80211/main.c | 26 ++++++-- net/mac80211/mlme.c | 53 ++++++++++++++++ net/wireless/nl80211.c | 1 + sound/aoa/core/gpio-feature.c | 4 +- sound/firewire/bebob/bebob_maudio.c | 24 ++++--- sound/pci/emu10k1/emufx.c | 2 +- sound/pci/hda/hda_intel.c | 3 +- sound/soc/codecs/cs4265.c | 4 +- sound/soc/soc-dapm.c | 7 +++ tools/vm/page-types.c | 6 -- tools/vm/slabinfo.c | 4 +- 123 files changed, 882 insertions(+), 395 deletions(-)

6 years, 11 months

4
133
0 0

[patch 3/4] mm/thp: fix call to mmu_notifier in set_pmd_migration_entry() v2

by akpm＠linux-foundation.org

From: Jérôme Glisse <jglisse(a)redhat.com> Subject: mm/thp: fix call to mmu_notifier in set_pmd_migration_entry() v2 Inside set_pmd_migration_entry() we are holding page table locks and thus we can not sleep so we can not call invalidate_range_start/end() So remove call to mmu_notifier_invalidate_range_start/end() because they are call inside the function calling set_pmd_migration_entry() (see try_to_unmap_one()). Link: http://lkml.kernel.org/r/20181012181056.7864-1-jglisse@redhat.com Signed-off-by: Jérôme Glisse <jglisse(a)redhat.com> Reported-by: Andrea Arcangeli <aarcange(a)redhat.com> Reviewed-by: Zi Yan <zi.yan(a)cs.rutgers.edu> Acked-by: Michal Hocko <mhocko(a)kernel.org> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: Anshuman Khandual <khandual(a)linux.vnet.ibm.com> Cc: Dave Hansen <dave.hansen(a)intel.com> Cc: David Nellans <dnellans(a)nvidia.com> Cc: Ingo Molnar <mingo(a)elte.hu> Cc: Mel Gorman <mgorman(a)techsingularity.net> Cc: Minchan Kim <minchan(a)kernel.org> Cc: Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- --- a/mm/huge_memory.c~mm-thp-fix-call-to-mmu_notifier-in-set_pmd_migration_entry-v2 +++ a/mm/huge_memory.c @@ -2885,9 +2885,6 @@ void set_pmd_migration_entry(struct page if (!(pvmw->pmd && !pvmw->pte)) return; - mmu_notifier_invalidate_range_start(mm, address, - address + HPAGE_PMD_SIZE); - flush_cache_range(vma, address, address + HPAGE_PMD_SIZE); pmdval = *pvmw->pmd; pmdp_invalidate(vma, address, pvmw->pmd); @@ -2900,9 +2897,6 @@ void set_pmd_migration_entry(struct page set_pmd_at(mm, address, pvmw->pmd, pmdswp); page_remove_rmap(page, true); put_page(page); - - mmu_notifier_invalidate_range_end(mm, address, - address + HPAGE_PMD_SIZE); } void remove_migration_pmd(struct page_vma_mapped_walk *pvmw, struct page *new) _

6 years, 11 months

1
0
0 0

[patch 2/4] mm/mmap.c: don't clobber partially overlapping VMA with MAP_FIXED_NOREPLACE

by akpm＠linux-foundation.org

From: Jann Horn <jannh(a)google.com> Subject: mm/mmap.c: don't clobber partially overlapping VMA with MAP_FIXED_NOREPLACE Daniel Micay reports that attempting to use MAP_FIXED_NOREPLACE in an application causes that application to randomly crash. The existing check for handling MAP_FIXED_NOREPLACE looks up the first VMA that either overlaps or follows the requested region, and then bails out if that VMA overlaps *the start* of the requested region. It does not bail out if the VMA only overlaps another part of the requested region. Fix it by checking that the found VMA only starts at or after the end of the requested region, in which case there is no overlap. Test case: user@debian:~$ cat mmap_fixed_simple.c #include <sys/mman.h> #include <errno.h> #include <stdio.h> #include <stdlib.h> #include <unistd.h> #ifndef MAP_FIXED_NOREPLACE #define MAP_FIXED_NOREPLACE 0x100000 #endif int main(void) { char *p; errno = 0; p = mmap((void*)0x10001000, 0x4000, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_FIXED_NOREPLACE, -1, 0); printf("p1=%p err=%m\n", p); errno = 0; p = mmap((void*)0x10000000, 0x2000, PROT_READ, MAP_PRIVATE|MAP_ANONYMOUS|MAP_FIXED_NOREPLACE, -1, 0); printf("p2=%p err=%m\n", p); char cmd[100]; sprintf(cmd, "cat /proc/%d/maps", getpid()); system(cmd); return 0; } user@debian:~$ gcc -o mmap_fixed_simple mmap_fixed_simple.c user@debian:~$ ./mmap_fixed_simple p1=0x10001000 err=Success p2=0x10000000 err=Success 10000000-10002000 r--p 00000000 00:00 0 10002000-10005000 ---p 00000000 00:00 0 564a9a06f000-564a9a070000 r-xp 00000000 fe:01 264004 /home/user/mmap_fixed_simple 564a9a26f000-564a9a270000 r--p 00000000 fe:01 264004 /home/user/mmap_fixed_simple 564a9a270000-564a9a271000 rw-p 00001000 fe:01 264004 /home/user/mmap_fixed_simple 564a9a54a000-564a9a56b000 rw-p 00000000 00:00 0 [heap] 7f8eba447000-7f8eba5dc000 r-xp 00000000 fe:01 405885 /lib/x86_64-linux-gnu/libc-2.24.so 7f8eba5dc000-7f8eba7dc000 ---p 00195000 fe:01 405885 /lib/x86_64-linux-gnu/libc-2.24.so 7f8eba7dc000-7f8eba7e0000 r--p 00195000 fe:01 405885 /lib/x86_64-linux-gnu/libc-2.24.so 7f8eba7e0000-7f8eba7e2000 rw-p 00199000 fe:01 405885 /lib/x86_64-linux-gnu/libc-2.24.so 7f8eba7e2000-7f8eba7e6000 rw-p 00000000 00:00 0 7f8eba7e6000-7f8eba809000 r-xp 00000000 fe:01 405876 /lib/x86_64-linux-gnu/ld-2.24.so 7f8eba9e9000-7f8eba9eb000 rw-p 00000000 00:00 0 7f8ebaa06000-7f8ebaa09000 rw-p 00000000 00:00 0 7f8ebaa09000-7f8ebaa0a000 r--p 00023000 fe:01 405876 /lib/x86_64-linux-gnu/ld-2.24.so 7f8ebaa0a000-7f8ebaa0b000 rw-p 00024000 fe:01 405876 /lib/x86_64-linux-gnu/ld-2.24.so 7f8ebaa0b000-7f8ebaa0c000 rw-p 00000000 00:00 0 7ffcc99fa000-7ffcc9a1b000 rw-p 00000000 00:00 0 [stack] 7ffcc9b44000-7ffcc9b47000 r--p 00000000 00:00 0 [vvar] 7ffcc9b47000-7ffcc9b49000 r-xp 00000000 00:00 0 [vdso] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall] user@debian:~$ uname -a Linux debian 4.19.0-rc6+ #181 SMP Wed Oct 3 23:43:42 CEST 2018 x86_64 GNU/Linux user@debian:~$ As you can see, the first page of the mapping at 0x10001000 was clobbered. Link: http://lkml.kernel.org/r/20181010152736.99475-1-jannh@google.com Fixes: a4ff8e8620d3 ("mm: introduce MAP_FIXED_NOREPLACE") Signed-off-by: Jann Horn <jannh(a)google.com> Reported-by: Daniel Micay <danielmicay(a)gmail.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Acked-by: John Hubbard <jhubbard(a)nvidia.com> Acked-by: Kees Cook <keescook(a)chromium.org> Acked-by: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- --- a/mm/mmap.c~mm-dont-clobber-partially-overlapping-vma-with-map_fixed_noreplace +++ a/mm/mmap.c @@ -1410,7 +1410,7 @@ unsigned long do_mmap(struct file *file, if (flags & MAP_FIXED_NOREPLACE) { struct vm_area_struct *vma = find_vma(mm, addr); - if (vma && vma->vm_start <= addr) + if (vma && vma->vm_start < addr + len) return -EEXIST; } _

6 years, 11 months

1
0
0 0

+ mm-thp-fix-call-to-mmu_notifier-in-set_pmd_migration_entry-v2.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm/thp: fix call to mmu_notifier in set_pmd_migration_entry() v2 has been added to the -mm tree. Its filename is mm-thp-fix-call-to-mmu_notifier-in-set_pmd_migration_entry-v2.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/mm-thp-fix-call-to-mmu_notifier-in… and later at http://ozlabs.org/~akpm/mmotm/broken-out/mm-thp-fix-call-to-mmu_notifier-in… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Jérôme Glisse <jglisse(a)redhat.com> Subject: mm/thp: fix call to mmu_notifier in set_pmd_migration_entry() v2 Inside set_pmd_migration_entry() we are holding page table locks and thus we can not sleep so we can not call invalidate_range_start/end() So remove call to mmu_notifier_invalidate_range_start/end() because they are call inside the function calling set_pmd_migration_entry() (see try_to_unmap_one()). Link: http://lkml.kernel.org/r/20181012181056.7864-1-jglisse@redhat.com Signed-off-by: Jérôme Glisse <jglisse(a)redhat.com> Reported-by: Andrea Arcangeli <aarcange(a)redhat.com> Reviewed-by: Zi Yan <zi.yan(a)cs.rutgers.edu> Acked-by: Michal Hocko <mhocko(a)kernel.org> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: Anshuman Khandual <khandual(a)linux.vnet.ibm.com> Cc: Dave Hansen <dave.hansen(a)intel.com> Cc: David Nellans <dnellans(a)nvidia.com> Cc: Ingo Molnar <mingo(a)elte.hu> Cc: Mel Gorman <mgorman(a)techsingularity.net> Cc: Minchan Kim <minchan(a)kernel.org> Cc: Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- --- a/mm/huge_memory.c~mm-thp-fix-call-to-mmu_notifier-in-set_pmd_migration_entry-v2 +++ a/mm/huge_memory.c @@ -2885,9 +2885,6 @@ void set_pmd_migration_entry(struct page if (!(pvmw->pmd && !pvmw->pte)) return; - mmu_notifier_invalidate_range_start(mm, address, - address + HPAGE_PMD_SIZE); - flush_cache_range(vma, address, address + HPAGE_PMD_SIZE); pmdval = *pvmw->pmd; pmdp_invalidate(vma, address, pvmw->pmd); @@ -2900,9 +2897,6 @@ void set_pmd_migration_entry(struct page set_pmd_at(mm, address, pvmw->pmd, pmdswp); page_remove_rmap(page, true); put_page(page); - - mmu_notifier_invalidate_range_end(mm, address, - address + HPAGE_PMD_SIZE); } void remove_migration_pmd(struct page_vma_mapped_walk *pvmw, struct page *new) _ Patches currently in -mm which might be from jglisse(a)redhat.com are mm-thp-fix-call-to-mmu_notifier-in-set_pmd_migration_entry-v2.patch

6 years, 11 months

1
0
0 0

[PATCH v7 0/7] mm: Merge hmm into devm_memremap_pages, mark GPL-only

by Dan Williams

[ apologies for the resend, script error ] Changes since v6 [1]: * Rebase on next-20181008 and fixup conflicts with the xarray conversion and hotplug optimizations * It has soaked on a 0day visible branch for a few days without any reports. [1]: https://lkml.org/lkml/2018/9/13/104 --- Hi Andrew, Jérôme has reviewed the cleanups, thanks Jérôme. We still disagree on the EXPORT_SYMBOL_GPL status of the core HMM implementation, but Logan, Christoph and I continue to support marking all devm_memremap_pages() derivatives EXPORT_SYMBOL_GPL. HMM has been upstream for over a year, with no in-tree users it is clear it was designed first and foremost for out of tree drivers. It takes advantage of a facility Christoph and I spearheaded to support persistent memory. It continues to see expanding use cases with no clear end date when it will stop attracting features / revisions. It is not suitable to export devm_memremap_pages() as a stable 3rd party driver api. devm_memremap_pages() is a facility that can create struct page entries for any arbitrary range and give out-of-tree drivers the ability to subvert core aspects of page management. It, and anything derived from it (e.g. hmm, pcip2p, etc...), is a deep integration point into the core kernel, and an EXPORT_SYMBOL_GPL() interface. Commit 31c5bda3a656 "mm: fix exports that inadvertently make put_page() EXPORT_SYMBOL_GPL" was merged ahead of this series to relieve some of the pressure from innocent consumers of put_page(), but now we need this series to address *producers* of device pages. More details and justification in the changelogs. The 0day infrastructure has reported success across 152 configs and this survives the libnvdimm unit test suite. Aside from the controversial bits the diffstat is compelling at: 7 files changed, 126 insertions(+), 323 deletions(-) Note that the series has some minor collisions with Alex's recent series to improve devm_memremap_pages() scalability [2]. So, whichever you take first the other will need a minor rebase. [2]: https://www.lkml.org/lkml/2018/9/11/10 Dan Williams (7): mm, devm_memremap_pages: Mark devm_memremap_pages() EXPORT_SYMBOL_GPL mm, devm_memremap_pages: Kill mapping "System RAM" support mm, devm_memremap_pages: Fix shutdown handling mm, devm_memremap_pages: Add MEMORY_DEVICE_PRIVATE support mm, hmm: Use devm semantics for hmm_devmem_{add,remove} mm, hmm: Replace hmm_devmem_pages_create() with devm_memremap_pages() mm, hmm: Mark hmm_devmem_{add,add_resource} EXPORT_SYMBOL_GPL drivers/dax/pmem.c | 14 -- drivers/nvdimm/pmem.c | 13 +- include/linux/hmm.h | 4 include/linux/memremap.h | 2 kernel/memremap.c | 94 +++++++---- mm/hmm.c | 305 +++++-------------------------------- tools/testing/nvdimm/test/iomap.c | 17 ++ 7 files changed, 126 insertions(+), 323 deletions(-)

6 years, 11 months

2
2
0 0

[PATCH] mm/thp: fix call to mmu_notifier in set_pmd_migration_entry() v2

by jglisse＠redhat.com

From: Jérôme Glisse <jglisse(a)redhat.com> Inside set_pmd_migration_entry() we are holding page table locks and thus we can not sleep so we can not call invalidate_range_start/end() So remove call to mmu_notifier_invalidate_range_start/end() because they are call inside the function calling set_pmd_migration_entry() (see try_to_unmap_one()). Changed since v1: - removed call to invalidate_range() and updated commit message Signed-off-by: Jérôme Glisse <jglisse(a)redhat.com> Reported-by: Andrea Arcangeli <aarcange(a)redhat.com> Reviewed-by: Zi Yan <zi.yan(a)cs.rutgers.edu> Acked-by: Michal Hocko <mhocko(a)kernel.org> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: Anshuman Khandual <khandual(a)linux.vnet.ibm.com> Cc: Dave Hansen <dave.hansen(a)intel.com> Cc: David Nellans <dnellans(a)nvidia.com> Cc: Ingo Molnar <mingo(a)elte.hu> Cc: Mel Gorman <mgorman(a)techsingularity.net> Cc: Minchan Kim <minchan(a)kernel.org> Cc: Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: stable(a)vger.kernel.org --- mm/huge_memory.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/mm/huge_memory.c b/mm/huge_memory.c index 533f9b00147d..a5b28547e321 100644 --- a/mm/huge_memory.c +++ b/mm/huge_memory.c @@ -2885,9 +2885,6 @@ void set_pmd_migration_entry(struct page_vma_mapped_walk *pvmw, if (!(pvmw->pmd && !pvmw->pte)) return; - mmu_notifier_invalidate_range_start(mm, address, - address + HPAGE_PMD_SIZE); - flush_cache_range(vma, address, address + HPAGE_PMD_SIZE); pmdval = *pvmw->pmd; pmdp_invalidate(vma, address, pvmw->pmd); @@ -2900,9 +2897,6 @@ void set_pmd_migration_entry(struct page_vma_mapped_walk *pvmw, set_pmd_at(mm, address, pvmw->pmd, pmdswp); page_remove_rmap(page, true); put_page(page); - - mmu_notifier_invalidate_range_end(mm, address, - address + HPAGE_PMD_SIZE); } void remove_migration_pmd(struct page_vma_mapped_walk *pvmw, struct page *new) -- 2.17.2

6 years, 11 months

1
0
0 0

[PATCH v7 0/7] mm: Merge hmm into devm_memremap_pages, mark GPL-only

by Dan Williams

Changes since v6 [1]: * Rebase on next-20181008 and fixup conflicts with the xarray conversion and hotplug optimizations * It has soaked on a 0day visible branch for a few days without any reports. [1]: https://lkml.org/lkml/2018/9/13/104 --- Hi Andrew, Jérôme has reviewed the cleanups, thanks Jérôme. We still disagree on the EXPORT_SYMBOL_GPL status of the core HMM implementation, but Logan, Christoph and I continue to support marking all devm_memremap_pages() derivatives EXPORT_SYMBOL_GPL. HMM has been upstream for over a year, with no in-tree users it is clear it was designed first and foremost for out of tree drivers. It takes advantage of a facility Christoph and I spearheaded to support persistent memory. It continues to see expanding use cases with no clear end date when it will stop attracting features / revisions. It is not suitable to export devm_memremap_pages() as a stable 3rd party driver api. devm_memremap_pages() is a facility that can create struct page entries for any arbitrary range and give out-of-tree drivers the ability to subvert core aspects of page management. It, and anything derived from it (e.g. hmm, pcip2p, etc...), is a deep integration point into the core kernel, and an EXPORT_SYMBOL_GPL() interface. Commit 31c5bda3a656 "mm: fix exports that inadvertently make put_page() EXPORT_SYMBOL_GPL" was merged ahead of this series to relieve some of the pressure from innocent consumers of put_page(), but now we need this series to address *producers* of device pages. More details and justification in the changelogs. The 0day infrastructure has reported success across 152 configs and this survives the libnvdimm unit test suite. Aside from the controversial bits the diffstat is compelling at: 7 files changed, 126 insertions(+), 323 deletions(-) Note that the series has some minor collisions with Alex's recent series to improve devm_memremap_pages() scalability [2]. So, whichever you take first the other will need a minor rebase. [2]: https://www.lkml.org/lkml/2018/9/11/10 Dan Williams (7): mm, devm_memremap_pages: Mark devm_memremap_pages() EXPORT_SYMBOL_GPL mm, devm_memremap_pages: Kill mapping "System RAM" support mm, devm_memremap_pages: Fix shutdown handling mm, devm_memremap_pages: Add MEMORY_DEVICE_PRIVATE support mm, hmm: Use devm semantics for hmm_devmem_{add,remove} mm, hmm: Replace hmm_devmem_pages_create() with devm_memremap_pages() mm, hmm: Mark hmm_devmem_{add,add_resource} EXPORT_SYMBOL_GPL drivers/dax/pmem.c | 14 -- drivers/nvdimm/pmem.c | 13 +- include/linux/hmm.h | 4 include/linux/memremap.h | 2 kernel/memremap.c | 94 +++++++---- mm/hmm.c | 305 +++++-------------------------------- tools/testing/nvdimm/test/iomap.c | 17 ++ 7 files changed, 126 insertions(+), 323 deletions(-)

6 years, 11 months

1
0
0 0

[PATCH 4.4 00/27] 4.4.161-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.4.161 release. There are 27 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat Oct 13 15:25:23 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.161-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.4.161-rc1 Gao Feng <gfree.wind(a)vip.163.com> ebtables: arpreply: Add the standard target sanity check Zhi Chen <zhichen(a)codeaurora.org> ath10k: fix scan crash due to incorrect length calculation Eric Dumazet <edumazet(a)google.com> tcp: add tcp_ooo_try_coalesce() helper Eric Dumazet <edumazet(a)google.com> tcp: call tcp_drop() from tcp_data_queue_ofo() Eric Dumazet <edumazet(a)google.com> tcp: free batches of packets in tcp_prune_ofo_queue() Eric Dumazet <edumazet(a)google.com> tcp: fix a stale ooo_last_skb after a replace Yaogong Wang <wygivan(a)google.com> tcp: use an RB tree for ooo receive queue Eric Dumazet <edumazet(a)google.com> tcp: increment sk_drops for dropped rx packets Richard Weinberger <richard(a)nod.at> ubifs: Check for name being NULL while mounting Cong Wang <xiyou.wangcong(a)gmail.com> ucma: fix a use-after-free in ucma_resolve_ip() Vineet Gupta <vgupta(a)synopsys.com> ARC: clone syscall to setp r25 as thread pointer Michal Suchanek <msuchanek(a)suse.de> powerpc/fadump: Return error when fadump registration fails Carl Huang <cjhuang(a)codeaurora.org> ath10k: fix use-after-free in ath10k_wmi_cmd_send_nowait Prateek Sood <prsood(a)codeaurora.org> cgroup: Fix deadlock in cpu hotplug path Theodore Ts'o <tytso(a)mit.edu> ext4: always verify the magic number in xattr blocks Theodore Ts'o <tytso(a)mit.edu> ext4: add corruption check in ext4_xattr_set_entry() Guenter Roeck <linux(a)roeck-us.net> of: unittest: Disable interrupt node tests for old world MAC systems Johan Hovold <johan(a)kernel.org> USB: serial: simple: add Motorola Tetra MTP6550 id Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Add missing CAS workaround for Intel Sunrise Point xHCI Mike Snitzer <snitzer(a)redhat.com> dm cache: fix resize crash if user doesn't reload cache table Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM / core: Clear the direct_complete flag on errors Felix Fietkau <nbd(a)nbd.name> mac80211: fix setting IEEE80211_KEY_FLAG_RX_MGMT for AP mode keys Daniel Drake <drake(a)endlessm.com> PCI: Reprogram bridge prefetch registers on resume Andy Lutomirski <luto(a)kernel.org> x86/vdso: Fix vDSO syscall fallback asm constraint regression Andy Lutomirski <luto(a)kernel.org> x86/vdso: Fix asm constraints on vDSO syscall fallbacks Tomi Valkeinen <tomi.valkeinen(a)ti.com> fbdev/omapfb: fix omapfb_memory_read infoleak Jann Horn <jannh(a)google.com> mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly ------------- Diffstat: Makefile | 4 +- arch/arc/kernel/process.c | 20 ++ arch/powerpc/kernel/fadump.c | 23 +- arch/x86/entry/vdso/vclock_gettime.c | 26 +- drivers/base/power/main.c | 5 +- drivers/infiniband/core/ucma.c | 2 + drivers/md/dm-cache-target.c | 9 +- drivers/net/wireless/ath/ath10k/trace.h | 12 +- drivers/net/wireless/ath/ath10k/wmi-tlv.c | 8 +- drivers/net/wireless/ath/ath10k/wmi.c | 2 +- drivers/of/unittest.c | 28 +- drivers/pci/pci.c | 27 +- drivers/usb/host/xhci-pci.c | 2 + drivers/usb/serial/usb-serial-simple.c | 3 +- drivers/video/fbdev/omap2/omapfb/omapfb-ioctl.c | 5 +- fs/ext4/xattr.c | 28 +- fs/ubifs/super.c | 3 + include/linux/netfilter_bridge/ebtables.h | 5 + include/linux/skbuff.h | 8 + include/linux/tcp.h | 7 +- include/net/sock.h | 7 + include/net/tcp.h | 2 +- kernel/cgroup.c | 6 +- mm/vmstat.c | 3 + net/bridge/netfilter/ebt_arpreply.c | 3 + net/core/skbuff.c | 19 ++ net/ipv4/tcp.c | 4 +- net/ipv4/tcp_input.c | 417 +++++++++++++++--------- net/ipv4/tcp_ipv4.c | 3 +- net/ipv4/tcp_minisocks.c | 1 - net/ipv6/tcp_ipv6.c | 1 + net/mac80211/cfg.c | 2 +- 32 files changed, 453 insertions(+), 242 deletions(-)

6 years, 11 months

6
32
0 0

Re: [PATCH] mm/thp: fix call to mmu_notifier in set_pmd_migration_entry()

by Jerome Glisse

On Fri, Oct 12, 2018 at 06:55:48PM +0200, Michal Hocko wrote: > On Fri 12-10-18 12:09:53, jglisse(a)redhat.com wrote: > > From: Jérôme Glisse <jglisse(a)redhat.com> > > > > Inside set_pmd_migration_entry() we are holding page table locks and > > thus we can not sleep so we can not call invalidate_range_start/end() > > > > So remove call to mmu_notifier_invalidate_range_start/end() and add > > call to mmu_notifier_invalidate_range(). Note that we are already > > calling mmu_notifier_invalidate_range_start/end() inside the function > > calling set_pmd_migration_entry() (see try_to_unmap_one()). > > > > Signed-off-by: Jérôme Glisse <jglisse(a)redhat.com> > > Reported-by: Andrea Arcangeli <aarcange(a)redhat.com> > > Cc: Andrew Morton <akpm(a)linux-foundation.org> > > Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> > > Cc: Zi Yan <zi.yan(a)cs.rutgers.edu> > > Cc: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> > > Cc: "H. Peter Anvin" <hpa(a)zytor.com> > > Cc: Anshuman Khandual <khandual(a)linux.vnet.ibm.com> > > Cc: Dave Hansen <dave.hansen(a)intel.com> > > Cc: David Nellans <dnellans(a)nvidia.com> > > Cc: Ingo Molnar <mingo(a)elte.hu> > > Cc: Mel Gorman <mgorman(a)techsingularity.net> > > Cc: Minchan Kim <minchan(a)kernel.org> > > Cc: Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> > > Cc: Thomas Gleixner <tglx(a)linutronix.de> > > Cc: Vlastimil Babka <vbabka(a)suse.cz> > > Cc: Michal Hocko <mhocko(a)kernel.org> > > Cc: Andrea Arcangeli <aarcange(a)redhat.com> > > Is this worth backporting to stable trees? Yes it is i forgot to cc stable :( > > The patch looks good to me > Acked-by: Michal Hocko <mhocko(a)suse.com> > > > --- > > mm/huge_memory.c | 7 +------ > > 1 file changed, 1 insertion(+), 6 deletions(-) > > > > diff --git a/mm/huge_memory.c b/mm/huge_memory.c > > index 533f9b00147d..93cb80fe12cb 100644 > > --- a/mm/huge_memory.c > > +++ b/mm/huge_memory.c > > @@ -2885,9 +2885,6 @@ void set_pmd_migration_entry(struct page_vma_mapped_walk *pvmw, > > if (!(pvmw->pmd && !pvmw->pte)) > > return; > > > > - mmu_notifier_invalidate_range_start(mm, address, > > - address + HPAGE_PMD_SIZE); > > - > > flush_cache_range(vma, address, address + HPAGE_PMD_SIZE); > > pmdval = *pvmw->pmd; > > pmdp_invalidate(vma, address, pvmw->pmd); > > @@ -2898,11 +2895,9 @@ void set_pmd_migration_entry(struct page_vma_mapped_walk *pvmw, > > if (pmd_soft_dirty(pmdval)) > > pmdswp = pmd_swp_mksoft_dirty(pmdswp); > > set_pmd_at(mm, address, pvmw->pmd, pmdswp); > > + mmu_notifier_invalidate_range(mm, address, address + HPAGE_PMD_SIZE); > > page_remove_rmap(page, true); > > put_page(page); > > - > > - mmu_notifier_invalidate_range_end(mm, address, > > - address + HPAGE_PMD_SIZE); > > } > > > > void remove_migration_pmd(struct page_vma_mapped_walk *pvmw, struct page *new) > > -- > > 2.17.2 > > -- > Michal Hocko > SUSE Labs

6 years, 11 months

1
0
0 0

Applied "ASoC: sta32x: set ->component pointer in private struct" to the asoc tree

by Mark Brown

The patch ASoC: sta32x: set ->component pointer in private struct has been applied to the asoc tree at https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound.git All being well this means that it will be integrated into the linux-next tree (usually sometime in the next 24 hours) and sent to Linus during the next merge window (or sooner if it is a bug fix), however if problems are discovered then the patch may be dropped or reverted. You may get further e-mails resulting from automated or manual testing and review of the tree, please engage with people reporting problems and send followup patches addressing any issues that are reported if needed. If any updates are required or you are submitting further changes they should be sent as incremental updates against current git, existing patches will not be replaced. Please add any relevant lists and maintainers to the CCs when replying to this mail. Thanks, Mark >From 747df19747bc9752cd40b9cce761e17a033aa5c2 Mon Sep 17 00:00:00 2001 From: Daniel Mack <daniel(a)zonque.org> Date: Thu, 11 Oct 2018 20:32:05 +0200 Subject: [PATCH] ASoC: sta32x: set ->component pointer in private struct The ESD watchdog code in sta32x_watchdog() dereferences the pointer which is never assigned. This is a regression from a1be4cead9b950 ("ASoC: sta32x: Convert to direct regmap API usage.") which went unnoticed since nobody seems to use that ESD workaround. Fixes: a1be4cead9b950 ("ASoC: sta32x: Convert to direct regmap API usage.") Signed-off-by: Daniel Mack <daniel(a)zonque.org> Signed-off-by: Mark Brown <broonie(a)kernel.org> Cc: stable(a)vger.kernel.org --- sound/soc/codecs/sta32x.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sound/soc/codecs/sta32x.c b/sound/soc/codecs/sta32x.c index d5035f2f2b2b..ce508b4cc85c 100644 --- a/sound/soc/codecs/sta32x.c +++ b/sound/soc/codecs/sta32x.c @@ -879,6 +879,9 @@ static int sta32x_probe(struct snd_soc_component *component) struct sta32x_priv *sta32x = snd_soc_component_get_drvdata(component); struct sta32x_platform_data *pdata = sta32x->pdata; int i, ret = 0, thermal = 0; + + sta32x->component = component; + ret = regulator_bulk_enable(ARRAY_SIZE(sta32x->supplies), sta32x->supplies); if (ret != 0) { -- 2.19.0

6 years, 11 months

1
0
0 0

[PATCH 4.18 00/44] 4.18.14-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.18.14 release. There are 44 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat Oct 13 15:24:36 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.18.14-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.18.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.18.14-rc1 Zhi Chen <zhichen(a)codeaurora.org> ath10k: fix scan crash due to incorrect length calculation Ka-Cheong Poon <ka-cheong.poon(a)oracle.com> rds: rds_ib_recv_alloc_cache() should call alloc_percpu_gfp() instead Richard Weinberger <richard(a)nod.at> ubifs: Check for name being NULL while mounting Cong Wang <xiyou.wangcong(a)gmail.com> ucma: fix a use-after-free in ucma_resolve_ip() Cong Wang <xiyou.wangcong(a)gmail.com> tipc: call start and done ops directly in __tipc_nl_compat_dumpit() Chao Yu <yuchao0(a)huawei.com> f2fs: fix invalid memory access Vineet Gupta <vgupta(a)synopsys.com> ARC: clone syscall to setp r25 as thread pointer Christophe Leroy <christophe.leroy(a)c-s.fr> powerpc/lib: fix book3s/32 boot failure due to code patching Michael Neuling <mikey(a)neuling.org> powerpc: Avoid code patching freed init sections Guenter Roeck <linux(a)roeck-us.net> of: unittest: Disable interrupt node tests for old world MAC systems Dmitry Safonov <dima(a)arista.com> tty: Drop tty->count on tty_reopen() failure Romain Izard <romain.izard.pro(a)gmail.com> usb: cdc_acm: Do not leak URB buffers Johan Hovold <johan(a)kernel.org> USB: serial: option: add two-endpoints device-id flag Kristian Evensen <kristian.evensen(a)gmail.com> USB: serial: option: improve Quectel EP06 detection Johan Hovold <johan(a)kernel.org> USB: serial: simple: add Motorola Tetra MTP6550 id Chunfeng Yun <chunfeng.yun(a)mediatek.com> usb: xhci-mtk: resume USB3 roothub first Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Add missing CAS workaround for Intel Sunrise Point xHCI Mike Snitzer <snitzer(a)redhat.com> dm cache: fix resize crash if user doesn't reload cache table Joe Thornber <ejt(a)redhat.com> dm cache metadata: ignore hints array being too small during resize Mike Snitzer <snitzer(a)redhat.com> dm mpath: fix attached_handler_name leak and dangling hw_handler_name pointer Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM / core: Clear the direct_complete flag on errors Felix Fietkau <nbd(a)nbd.name> mac80211: fix setting IEEE80211_KEY_FLAG_RX_MGMT for AP mode keys Daniel Drake <drake(a)endlessm.com> PCI: Reprogram bridge prefetch registers on resume Andy Lutomirski <luto(a)kernel.org> x86/vdso: Fix vDSO syscall fallback asm constraint regression Andy Lutomirski <luto(a)kernel.org> x86/vdso: Only enable vDSO retpolines when enabled and supported Andy Lutomirski <luto(a)kernel.org> selftests/x86: Add clock_gettime() tests to test_vdso Andy Lutomirski <luto(a)kernel.org> x86/vdso: Fix asm constraints on vDSO syscall fallbacks Jann Horn <jannh(a)google.com> drm: fix use-after-free read in drm_mode_create_lease_ioctl() Jason Ekstrand <jason(a)jlekstrand.net> drm/syncobj: Don't leak fences when WAIT_FOR_SUBMIT is set Rex Zhu <Rex.Zhu(a)amd.com> drm/amdgpu: Fix vce work queue was not cancelled when suspend Felix Fietkau <nbd(a)nbd.name> mac80211: allocate TXQs for active monitor interfaces Marek Szyprowski <m.szyprowski(a)samsung.com> mmc: slot-gpio: Fix debounce time to use miliseconds again Tony Lindgren <tony(a)atomide.com> mmc: core: Fix debounce time to use microseconds Jan Beulich <JBeulich(a)suse.com> xen-netback: fix input validation in xenvif_set_hash_mapping() Tomi Valkeinen <tomi.valkeinen(a)ti.com> fbdev/omapfb: fix omapfb_memory_read infoleak Alexandre Belloni <alexandre.belloni(a)bootlin.com> clocksource/drivers/timer-atmel-pit: Properly handle error cases Kees Cook <keescook(a)chromium.org> pstore/ram: Fix failure-path memory leak in ramoops_init Ilya Dryomov <idryomov(a)gmail.com> blk-mq: I/O and timer unplugs are inverted in blktrace Sean Christopherson <sean.j.christopherson(a)intel.com> KVM: VMX: check for existence of secondary exec controls before accessing Sean Christopherson <sean.j.christopherson(a)intel.com> KVM: x86: fix L1TF's MMIO GFN calculation Jann Horn <jannh(a)google.com> mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> mm, thp: fix mlocking THP page with migration enabled Mike Kravetz <mike.kravetz(a)oracle.com> mm: migration: fix migration of huge PMD shared pages Reinette Chatre <reinette.chatre(a)intel.com> perf/core: Add sanity check to deal with pinned event failure ------------- Diffstat: Makefile | 4 +- arch/arc/kernel/process.c | 20 +++ arch/powerpc/include/asm/setup.h | 1 + arch/powerpc/lib/code-patching.c | 14 +- arch/powerpc/mm/mem.c | 2 + arch/x86/entry/vdso/Makefile | 16 ++- arch/x86/entry/vdso/vclock_gettime.c | 26 ++-- arch/x86/kvm/mmu.c | 24 +++- arch/x86/kvm/vmx.c | 7 +- block/blk-mq.c | 4 +- drivers/base/power/main.c | 5 +- drivers/clocksource/timer-atmel-pit.c | 20 ++- drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_vcn.c | 4 +- drivers/gpu/drm/drm_lease.c | 6 +- drivers/gpu/drm/drm_syncobj.c | 5 + drivers/infiniband/core/ucma.c | 2 + drivers/md/dm-cache-metadata.c | 4 +- drivers/md/dm-cache-target.c | 9 +- drivers/md/dm-mpath.c | 14 +- drivers/mmc/core/host.c | 2 +- drivers/mmc/core/slot-gpio.c | 2 +- drivers/net/wireless/ath/ath10k/wmi-tlv.c | 8 +- drivers/net/xen-netback/hash.c | 12 +- drivers/of/unittest.c | 26 ++-- drivers/pci/pci.c | 27 ++-- drivers/tty/tty_io.c | 11 +- drivers/usb/class/cdc-acm.c | 6 + drivers/usb/host/xhci-mtk.c | 4 +- drivers/usb/host/xhci-pci.c | 2 + drivers/usb/serial/option.c | 15 ++- drivers/usb/serial/usb-serial-simple.c | 3 +- drivers/video/fbdev/omap2/omapfb/omapfb-ioctl.c | 5 +- fs/f2fs/checkpoint.c | 9 +- fs/pstore/ram.c | 29 +++- fs/ubifs/super.c | 3 + include/linux/hugetlb.h | 14 ++ include/linux/mm.h | 6 + kernel/events/core.c | 6 + mm/huge_memory.c | 2 +- mm/hugetlb.c | 37 ++++- mm/migrate.c | 3 + mm/rmap.c | 42 +++++- mm/vmstat.c | 3 + net/mac80211/cfg.c | 2 +- net/mac80211/iface.c | 3 +- net/rds/ib.h | 2 +- net/rds/ib_cm.c | 2 +- net/rds/ib_recv.c | 10 +- net/tipc/netlink_compat.c | 2 + net/tipc/socket.c | 17 ++- net/tipc/socket.h | 1 + tools/testing/selftests/x86/test_vdso.c | 172 ++++++++++++++++++++++++ 53 files changed, 563 insertions(+), 115 deletions(-)

6 years, 11 months

4
48
0 0

[PATCH] afs: Fix afs_server struct leak

by David Howells

Fix a leak of afs_server structs. The routine that installs them in the various lookup lists and trees gets a ref on leaving the function, whether it added the server or a server already exists. It shouldn't increment the refcount if it added the server. The effect of this that "rmmod kafs" will hang waiting for the leaked server to become unused. Fixes: d2ddc776a458 ("afs: Overhaul volume and server record caching and fileserver rotation") Signed-off-by: David Howells <dhowells(a)redhat.com> --- fs/afs/server.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/afs/server.c b/fs/afs/server.c index 1d329e6981d5..2f306c0cc4ee 100644 --- a/fs/afs/server.c +++ b/fs/afs/server.c @@ -199,9 +199,11 @@ static struct afs_server *afs_install_server(struct afs_net *net, write_sequnlock(&net->fs_addr_lock); ret = 0; + goto out; exists: afs_get_server(server); +out: write_sequnlock(&net->fs_lock); return server; }

6 years, 11 months

2
1
0 0

[PATCH 4.9 0/4] Fix softirq time accounting issues on 4.9

by Ivan Delalande

Hi Greg, This series fixes issues we've seen with softirq time accounting in 4.9: - when ksoftirqd is running at 100% on a CPU, none of the values reported by /proc/stat for that CPU will change, sometimes for dozens of seconds, - large deviations in the total number of ticks accumulated over a fixed time for a CPU, probably because of the first issue hitting for shorter periods. We found out that something pretty similar had been reported 9 months ago, see the reference link below. In that discussion, Rabin Vincent had made a 4.9 specific patch which fixes our first issue, but we were still seeing some deviation from the total number of ticks (up to 1.7% from expected, where we had only 0.2% on older kernels), and you had also asked for a direct backport from the mainline series, if possible. As mentioned in that thread, a lot of changes (probably 50+) went into 4.11 to remove cputime, but we could get something working with only the 4 attached patches to fix these two issues. Three of these patches apply without change, and the second one in the series ("sched/cputime: Convert kcpustat to nsecs") needed a minor change as a cast had been added in 527b0a76f41d ("sched/cpuacct: Avoid %lld seq_printf warning") to fix a build warning on s390. I guess we could also include that patch in this series, let me know if this is the preferred way to handle this. We ran our tests on 3.18, 4.4 and 4.9 and confirmed that only 4.9 would need this series, and that this series indeed restores the behavior we were seeing on those older kernels. Thanks! Reference: http://lkml.kernel.org/r/%3C1513159876-5125-1-git-send-email-rabin.vincent@… Frederic Weisbecker (4): time: Introduce jiffies64_to_nsecs() sched/cputime: Convert kcpustat to nsecs sched/cputime: Increment kcpustat directly on irqtime account sched/cputime: Fix ksoftirqd cputime accounting regression arch/s390/appldata/appldata_os.c | 16 +++---- drivers/cpufreq/cpufreq.c | 6 +-- drivers/cpufreq/cpufreq_governor.c | 2 +- drivers/cpufreq/cpufreq_stats.c | 1 - drivers/macintosh/rack-meter.c | 2 +- fs/proc/stat.c | 68 +++++++++++++-------------- fs/proc/uptime.c | 7 +-- include/linux/jiffies.h | 2 + kernel/sched/cpuacct.c | 2 +- kernel/sched/cputime.c | 75 +++++++++++++----------------- kernel/sched/sched.h | 12 +++-- kernel/time/time.c | 10 ++++ kernel/time/timeconst.bc | 6 +++ 13 files changed, 109 insertions(+), 100 deletions(-) -- 2.18.0

6 years, 11 months

2
8
0 0

[PATCH] drm/i915: Large page offsets for pread/pwrite

by Chris Wilson

Handle integer overflow when computing the sub-page length for shmem backed pread/pwrite. Reported-by: Tvrtko Ursulin <tvrtko.ursulin(a)intel.com> Signed-off-by: Chris Wilson <chris(a)chris-wilson.co.uk> Cc: Tvrtko Ursulin <tvrtko.ursulin(a)intel.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/i915/i915_gem.c | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/drivers/gpu/drm/i915/i915_gem.c b/drivers/gpu/drm/i915/i915_gem.c index 7d45e71100bc..93d09282710d 100644 --- a/drivers/gpu/drm/i915/i915_gem.c +++ b/drivers/gpu/drm/i915/i915_gem.c @@ -1127,11 +1127,7 @@ i915_gem_shmem_pread(struct drm_i915_gem_object *obj, offset = offset_in_page(args->offset); for (idx = args->offset >> PAGE_SHIFT; remain; idx++) { struct page *page = i915_gem_object_get_page(obj, idx); - int length; - - length = remain; - if (offset + length > PAGE_SIZE) - length = PAGE_SIZE - offset; + unsigned int length = min_t(u64, remain, PAGE_SIZE - offset); ret = shmem_pread(page, offset, length, user_data, page_to_phys(page) & obj_do_bit17_swizzling, @@ -1575,11 +1571,7 @@ i915_gem_shmem_pwrite(struct drm_i915_gem_object *obj, offset = offset_in_page(args->offset); for (idx = args->offset >> PAGE_SHIFT; remain; idx++) { struct page *page = i915_gem_object_get_page(obj, idx); - int length; - - length = remain; - if (offset + length > PAGE_SIZE) - length = PAGE_SIZE - offset; + unsigned int length = min_t(u64, remain, PAGE_SIZE - offset); ret = shmem_pwrite(page, offset, length, user_data, page_to_phys(page) & obj_do_bit17_swizzling, -- 2.19.1

6 years, 11 months

2
1
0 0

[GIT PULL] commits for Linux 3.18

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 3.18 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 921b2fed6a79439ef1609ef4af0ada5cccb3555c: Linux 3.18.123 (2018-09-26 08:33:59 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-3.18-12102018 for you to fetch changes up to a2d2ae775f75f02d321a460304a08bd54ba5035c: ubifs: Check for name being NULL while mounting (2018-09-30 09:20:38 -0400) - ---------------------------------------------------------------- for-greg-3.18-12102018 - ---------------------------------------------------------------- Andy Whitcroft (1): floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl Colin Ian King (1): net: hp100: fix always-true check for link up state Jongsung Kim (1): stmmac: fix valid numbers of unicast filter entries Lei Yang (1): selftests/efivarfs: add required kernel configs Richard Weinberger (1): ubifs: Check for name being NULL while mounting Tony Lindgren (1): mfd: omap-usb-host: Fix dts probe of children drivers/block/floppy.c | 3 +++ drivers/mfd/omap-usb-host.c | 11 ++++++----- drivers/net/ethernet/hp/hp100.c | 2 +- drivers/net/ethernet/stmicro/stmmac/stmmac_platform.c | 5 ++--- fs/ubifs/super.c | 3 +++ tools/testing/selftests/efivarfs/config | 1 + 6 files changed, 16 insertions(+), 9 deletions(-) create mode 100644 tools/testing/selftests/efivarfs/config -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlvAsXMACgkQ3qZv95d3 LNxOlQ//ZAaryjy7Ag365v91Oil+S+khKLagLFG76rWWsI5i2ANRM9ZJa4acr56u T4sbqPEZMsIVY5c6xhq6ZwvHVk1nxesihbfGh30KNvsRh+WtIvhmozYPXX7F3X9K PpUBFVomZHl5b3K58R1cF/NFOJwcMo7Mj1oDf0ojYXhtNmwhPaosqnfjOpzBZ3By 3Zqf41srQfbVMuHe5G58gVh3hsKqqrTzvCZRjPk1OyuFeLv0t5dCtXkIjDbskeii sQEyqcykplD05g1sZjkt9YaSvVH9Pn7B9oTIML1Bbyl/gbCitRMAPeoX3sJUUCWA 3nbzNSOCyFHPjmoGIrBth8gFeo68lsbHPRgh2KeWMLBYoQDuPADnCnioFuvEEdg0 m0sr0V3X+RAf2dq5fmLwG24FbTqb227tU73R8uf/bmtD9QbgEdJwZ5pxFAWOqKvX unaQAwIUiACMoajzK/46sfdTMZUeZy8aHxgwPuhoIL7JGxhdAJ4/qjEysykxrVr0 vw/IPvFAklDCMnSQfBuLvbzPwE5uXpBetc3A1rUE4OLAWGxa5ofYBEYSkWcZIp6S vloi8jWVkb7oqTLcM8YoUN3WlMJxSOVKJbcr53H4E/3nF77a6X+7igxf99ah35II NtkqIxrE4PPbj2616Azb6manOJHyTLzRt7bRh/mod7+6U9URNAM= =hSsg -----END PGP SIGNATURE-----

6 years, 11 months

1
0
0 0

[GIT PULL] commits for Linux 4.4

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.4 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 9c6cd3f3a4b8194e82fa927bc00028c7a505e3b3: Linux 4.4.159 (2018-09-29 03:08:55 -0700) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.4-12102018 for you to fetch changes up to b31f37e2464344b280d92298f7330803c887376b: ubifs: Check for name being NULL while mounting (2018-09-30 09:20:30 -0400) - ---------------------------------------------------------------- for-greg-4.4-12102018 - ---------------------------------------------------------------- Amber Lin (1): drm/amdgpu: Fix SDMA HQD destroy error on gfx_v7 Andy Whitcroft (1): floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl Danny Smith (1): ASoC: sigmadsp: safeload should not have lower byte limit Jongsung Kim (1): stmmac: fix valid numbers of unicast filter entries Lei Yang (1): selftests/efivarfs: add required kernel configs Nicolas Ferre (2): net: macb: disable scatter-gather for macb on sama5d3 ARM: dts: at91: add new compatibility string for macb on sama5d3 Pierre-Louis Bossart (1): ASoC: wm8804: Add ACPI support Richard Weinberger (1): ubifs: Check for name being NULL while mounting Tony Lindgren (1): mfd: omap-usb-host: Fix dts probe of children Yu Zhao (1): sound: enable interrupt after dma buffer initialization Documentation/devicetree/bindings/net/macb.txt | 1 + arch/arm/boot/dts/sama5d3_emac.dtsi | 2 +- drivers/block/floppy.c | 3 +++ drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gfx_v7.c | 2 +- drivers/mfd/omap-usb-host.c | 11 ++++++----- drivers/net/ethernet/cadence/macb.c | 8 ++++++++ drivers/net/ethernet/stmicro/stmmac/stmmac_platform.c | 5 ++--- fs/ubifs/super.c | 3 +++ sound/hda/hdac_controller.c | 8 ++++++-- sound/soc/codecs/sigmadsp.c | 3 +-- sound/soc/codecs/wm8804-i2c.c | 15 ++++++++++++++- tools/testing/selftests/efivarfs/config | 1 + 12 files changed, 47 insertions(+), 15 deletions(-) create mode 100644 tools/testing/selftests/efivarfs/config -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlvAsWsACgkQ3qZv95d3 LNxOsg//UcgqG5gMEQkgrEhj5E8zjY4gJLptiwXywYcHSjE22lost/kRMEoZltcq eqew1h9IIpn/MWuuxaz0Yt/bDhtlU1hxSbsW03J/j6MAbdae0SP9Gy7U3bVUQwOS 3JtozDcGc6KzSVqZzzlZXupo+2gpU60MkGUF0NT2p3lInO9MLxeH05bUd3FXo+2p t0RLnSNBgutyb9kMIPu1ZTRMADBIldwlGWYZHkKdUNxycUj7a1A2pCwaVdxUHsp9 zNnyHRBjRQhOe9VQDYra9lMkqDGnt6BNK0UyfugYfeBOCZE11OWNU0WGACX9vMpP +CMvZUO5vglHJOrk1hYhwEaIffODbY4LGSKdTofx57eBzIF62BP2Ia2X5oHUkkjA K7jJZiMWa5T+qDqhrvGXYZNx2CKfwI534pU+M45Jl5oF1oSgYAjFugpAHPX37PQK /BFQN8ckkJ4UlQLqaEUsJLxlKZj0ZSe0HQOaf4cJz/I2konvP6rajD6DBOaoZvxW FPkzAH7iEY6EaMksnoRZOmmI+nRXwaAmTO+J4yOfvICDm84080PXwUhVWCyB4gbn TSiV51Zn2cdvWofi0o7TOSRiNixlZrXJQJdW1CExM1RhHa66Z6kGefjhNYn+hjQg 5yqU0srpClNd6HR4wz+j52VkbZBe11bL0GVA6hcFZN7QVdf/saU= =Oywh -----END PGP SIGNATURE-----

6 years, 11 months

1
0
0 0

[GIT PULL] commits for Linux 4.9

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.9 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit cdd48f386d7e6671e7cc21e517ae258b298ec877: Linux 4.9.131 (2018-10-03 17:01:55 -0700) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.9-12102018 for you to fetch changes up to d514c460687636708db3def7a68150092dc785c0: ubifs: Check for name being NULL while mounting (2018-10-03 22:24:27 -0400) - ---------------------------------------------------------------- for-greg-4.9-12102018 - ---------------------------------------------------------------- Amber Lin (1): drm/amdgpu: Fix SDMA HQD destroy error on gfx_v7 Dan Carpenter (1): scsi: qla2xxx: Fix an endian bug in fcpcmd_is_corrupted() Danny Smith (1): ASoC: sigmadsp: safeload should not have lower byte limit Jongsung Kim (1): stmmac: fix valid numbers of unicast filter entries Laura Abbott (1): scsi: iscsi: target: Don't use stack buffer for scatterlist Lei Yang (2): selftests/efivarfs: add required kernel configs selftests: memory-hotplug: add required configs Nicolas Ferre (2): net: macb: disable scatter-gather for macb on sama5d3 ARM: dts: at91: add new compatibility string for macb on sama5d3 Pierre-Louis Bossart (1): ASoC: wm8804: Add ACPI support Richard Weinberger (1): ubifs: Check for name being NULL while mounting Tony Lindgren (1): mfd: omap-usb-host: Fix dts probe of children Vitaly Kuznetsov (1): x86/kvm/lapic: always disable MMIO interface in x2APIC mode Yu Zhao (1): sound: enable interrupt after dma buffer initialization Documentation/devicetree/bindings/net/macb.txt | 1 + arch/arm/boot/dts/sama5d3_emac.dtsi | 2 +- arch/x86/include/uapi/asm/kvm.h | 1 + arch/x86/kvm/lapic.c | 22 +++++++++++++++++++--- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gfx_v7.c | 2 +- drivers/mfd/omap-usb-host.c | 11 ++++++----- drivers/net/ethernet/cadence/macb.c | 8 ++++++++ .../net/ethernet/stmicro/stmmac/stmmac_platform.c | 5 ++--- drivers/scsi/qla2xxx/qla_target.h | 4 ++-- drivers/target/iscsi/iscsi_target.c | 22 ++++++++++++++-------- fs/ubifs/super.c | 3 +++ sound/hda/hdac_controller.c | 8 ++++++-- sound/soc/codecs/sigmadsp.c | 3 +-- sound/soc/codecs/wm8804-i2c.c | 15 ++++++++++++++- tools/testing/selftests/efivarfs/config | 1 + tools/testing/selftests/memory-hotplug/config | 1 + 16 files changed, 81 insertions(+), 28 deletions(-) create mode 100644 tools/testing/selftests/efivarfs/config -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlvAsWUACgkQ3qZv95d3 LNw2dxAAknTmD/Y3wcfhcAEK3xci39b3ouXaCUABLe8zL/jwOiJzgZrq4JQbqCNL Kd0p5JK4gGSaokfU65aYeTFAAKOPyoaK0fzP1avfFI5FuaKqrMoZtcZCGerfL6dX HolN96N2qEDMCpgl+Uzb2+OtJi+ZBcWqZgnaYuLQVgfS/4S7+Rqh2NptdPXJNU3h ZVsJ3oZ9y3clOpSF3om5UWsicXC+4MRRor+Bi32K0aEI+XvDxgqIUNxA9wd43jHf UDxsRTG4R8om66aWB87lTUJONTquRCIw/bJIj9mDnpa6tOZ3AIwjcj42QlObuJEw PSuLA7Yuup8QaySaulyGazDs9Z/ARhJw8SKlBQjdIrg07Ld6NZMOl7iOQVdM9HWG Rl3pynuPjBOLmIC3FH6qKr4qabEoKHo7BoIA728FQ7hh5UoyKkSWDfDTmjOF+jAd RyojoRqC4V5MSrPpaTvyjya68Wn2RMDAWH2SpUUTUkkRo+tNG95+N/xIR1Pe0bLv 9cUycnMNIJKXVvp2h3AgaisFz7Kx1PaN88fxWNPKVsjqziZKND9S/PrGKuTmZIF2 gml7Nb5zgUrWaFZm8xKiVOFWu5BCbHTZvasAhcCU8qO8Llm7C9GoVkGo6bqrRdYW 7JUgFFilululaoGch/824F/MGchxTtbymnlrj97FxZeKK/Bpw84= =JL5/ -----END PGP SIGNATURE-----

6 years, 11 months

1
0
0 0

[GIT PULL] commits for Linux 4.14

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.14 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit e6abbe80c8838e9c0bdb51835e6218008fa49386: Linux 4.14.74 (2018-10-03 17:01:00 -0700) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.14-12102018 for you to fetch changes up to cb9c65e3917e1f240e8a30729afeffe1b1f1338f: ubifs: Check for name being NULL while mounting (2018-10-03 22:24:19 -0400) - ---------------------------------------------------------------- for-greg-4.14-12102018 - ---------------------------------------------------------------- Amber Lin (1): drm/amdgpu: Fix SDMA HQD destroy error on gfx_v7 Dan Carpenter (1): scsi: qla2xxx: Fix an endian bug in fcpcmd_is_corrupted() Danny Smith (1): ASoC: sigmadsp: safeload should not have lower byte limit Hans de Goede (2): clk: x86: add "ether_clk" alias for Bay Trail / Cherry Trail clk: x86: Stop marking clocks as CLK_IS_CRITICAL Hermes Zhang (1): Bluetooth: hci_ldisc: Free rw_semaphore on close Jongsung Kim (1): stmmac: fix valid numbers of unicast filter entries Kuninori Morimoto (2): ASoC: rsnd: adg: care clock-frequency size ASoC: rsnd: don't fallback to PIO mode when -EPROBE_DEFER Laura Abbott (1): scsi: iscsi: target: Don't use stack buffer for scatterlist Lei Yang (2): selftests/efivarfs: add required kernel configs selftests: memory-hotplug: add required configs Nicolas Ferre (2): net: macb: disable scatter-gather for macb on sama5d3 ARM: dts: at91: add new compatibility string for macb on sama5d3 Oder Chiou (1): ASoC: rt5514: Fix the issue of the delay volume applied again Pierre-Louis Bossart (1): ASoC: wm8804: Add ACPI support Richard Weinberger (1): ubifs: Check for name being NULL while mounting Stephen Hemminger (2): hv_netvsc: fix schedule in RCU context PCI: hv: support reporting serial number as slot information Tony Lindgren (1): mfd: omap-usb-host: Fix dts probe of children Vitaly Kuznetsov (1): x86/kvm/lapic: always disable MMIO interface in x2APIC mode Yu Zhao (2): sound: enable interrupt after dma buffer initialization sound: don't call skl_init_chip() to reset intel skl soc Documentation/devicetree/bindings/net/macb.txt | 1 + arch/arm/boot/dts/sama5d3_emac.dtsi | 2 +- arch/x86/include/uapi/asm/kvm.h | 1 + arch/x86/kvm/lapic.c | 22 +++++++++++-- drivers/bluetooth/hci_ldisc.c | 2 ++ drivers/clk/x86/clk-pmc-atom.c | 18 +++++++---- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gfx_v7.c | 2 +- drivers/mfd/omap-usb-host.c | 11 ++++--- drivers/net/ethernet/cadence/macb_main.c | 8 +++++ .../net/ethernet/stmicro/stmmac/stmmac_platform.c | 5 ++- drivers/net/hyperv/netvsc_drv.c | 9 ++---- drivers/pci/host/pci-hyperv.c | 37 ++++++++++++++++++++++ drivers/scsi/qla2xxx/qla_target.h | 4 +-- drivers/target/iscsi/iscsi_target.c | 22 ++++++++----- fs/ubifs/super.c | 3 ++ include/sound/hdaudio.h | 1 + sound/hda/hdac_controller.c | 15 ++++++--- sound/soc/codecs/rt5514.c | 8 ++--- sound/soc/codecs/sigmadsp.c | 3 +- sound/soc/codecs/wm8804-i2c.c | 15 ++++++++- sound/soc/intel/skylake/skl.c | 2 +- sound/soc/sh/rcar/adg.c | 5 +++ sound/soc/sh/rcar/core.c | 10 +++++- sound/soc/sh/rcar/dma.c | 4 +++ tools/testing/selftests/efivarfs/config | 1 + tools/testing/selftests/memory-hotplug/config | 1 + 26 files changed, 162 insertions(+), 50 deletions(-) create mode 100644 tools/testing/selftests/efivarfs/config -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlvAsV4ACgkQ3qZv95d3 LNyWgQ//XANh5mQDMTeunoBjoec8HKAhmEnQgvldgovAeQ0xZobjzliIj4N8vWQ0 XGsCc/LD1Vhe1LhTwoY2GHzS2NayHOMq5X4/+kgUakBJaBFS5i76J24mFcJK7rZq Qmgl51xfiIk9Y/tdk3vjAUfp4bv+hZnOv+WvRSTA22l07wTh0yh7btODNmYtNoRl +Xgwi73O1tmUyBY3fAiu1Gyo4nTrJlOHtXBUyvoJKlGoZuL2C5A4uU/r5sOf1ROt ng+2dTU9KaGsI5z8MyjTS9ZyI+3mUyXtWhsBlnzTHgMRw/AnbJIWTn6Sq9Ij8yYO 4BRIJfmz4mn2EC5m2T/u/RbDdmArwjaygwZwP/20rr8ChqAiqwvOMjAjmzV3pToT AqEnlwZZSMd+sdP/HnAC1qQJCgt1Kk6G+98klZlSTYXx2iGekkshL+jAX1WPOSwS mu4HUKjsKdusQTuikFhKOdvLULcizQ3isMVmIGKKBQVeg/zr4tPopNGrW/kpyr9L eEed6B/g5ioi3Oel1nLHNalu2sjuFuScbxuyXDEVYvA8Yhb07lbNpAMEfH9xF0wn OCv8l48+Gp25c7rtVZ0+erkmAmfWKXS0Kv9mVrNHSREzbGVmwLsBh5jX72jwLRiT P7JOMZvSI9BYhYI8sieJWJI8K8J9z69KgCmTe/oeqFD75St3ggg= =+Ugj -----END PGP SIGNATURE-----

6 years, 11 months

1
0
0 0

[PATCH v3] mtd: spi-nor: fsl-quadspi: fix read error for flash size larger than 16MB

by Liu Xiang

If the size of spi-nor flash is larger than 16MB, the read_opcode is set to SPINOR_OP_READ_1_1_4_4B, and fsl_qspi_get_seqid() will return -EINVAL when cmd is SPINOR_OP_READ_1_1_4_4B. This can cause read operation fail. Fixes: e46ecda764dc ("mtd: spi-nor: Add Freescale QuadSPI driver") Cc: <stable(a)vger.kernel.org> Signed-off-by: Liu Xiang <liu.xiang6(a)zte.com.cn> --- Changes in v3: move changelog position. drivers/mtd/spi-nor/fsl-quadspi.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/mtd/spi-nor/fsl-quadspi.c b/drivers/mtd/spi-nor/fsl-quadspi.c index 7d9620c..64304a3 100644 --- a/drivers/mtd/spi-nor/fsl-quadspi.c +++ b/drivers/mtd/spi-nor/fsl-quadspi.c @@ -478,6 +478,7 @@ static int fsl_qspi_get_seqid(struct fsl_qspi *q, u8 cmd) { switch (cmd) { case SPINOR_OP_READ_1_1_4: + case SPINOR_OP_READ_1_1_4_4B: return SEQID_READ; case SPINOR_OP_WREN: return SEQID_WREN; -- 1.9.1

6 years, 11 months

2
2
0 0

Re: PROBLEM: brcmfmac driver crashes on resuming if no firmware is loaded

by Jon Hunter

Correcting stable address ... On 12/10/18 13:37, Jon Hunter wrote: > [1.] One line summary of the problem: > brcmfmac driver crashes on resuming if no firmware is loaded > > [2.] Full description of the problem/report: > In stable-v4.4, if the brcmfmac driver fails to load the required > firmware on boot for an SDIO based device, then the driver fails > to remove one of the two devices it registered during probe with > the kernel. If the kernel then enters suspend, on resume the > kernel tries to resume the device registered by brcmfmac driver > and crashes due to a NULL pointer deference (see 6 below). > > This issue is seen in stable-v4.4 but not in stable-v4.9 and I > believe is fixed by commit 7a51461fc2da ("brcmfmac: unbind all > devices upon failure in firmware callback"). Unfortunately, this > fix is dependent on other changes and so is not easily > back-ported AFAICT. > > This issue is seen on Tegra20 Ventana and Tegra30 Cardhu. > > [3.] Keywords (i.e., modules, networking, kernel): > BROADCOM BRCM80211 > > [4.] Kernel information > [4.1.] Kernel version (from /proc/version): > Linux version 4.4.160-rc1-00116-g5826f1d1ce56 > [4.2.] Kernel .config file: > Generated using tegra_defconfig > > [5.] Most recent kernel version which did not have the bug: > Not seen in current mainline or -next. > > [6.] Output of Oops.. message (if applicable) with symbolic information > > [ 51.941094] Unable to handle kernel NULL pointer dereference at virtual address 00000000 > > [ 51.949836] pgd = eee54000 > > [ 51.952771] [00000000] *pgd=2db16831, *pte=00000000, *ppte=00000000 > > [ 51.959722] Internal error: Oops: 17 [#1] SMP ARM > > [ 51.964774] Modules linked in: snd_soc_tegra_wm8903 snd_soc_wm8903 snd_soc_tegra_utils snd_soc_core snd_pcm_dmaengine snd_pcm brcmfmac brcmutil cfg80211 snd_timer snd soundcore ac97_bus snd_soc_tegra20_das > > [ 51.984922] CPU: 1 PID: 512 Comm: rtcwake Not tainted 4.4.160-rc1-00116-g5826f1d1ce56 #1 > > [ 51.993577] Hardware name: NVIDIA Tegra SoC (Flattened Device Tree) > > [ 52.000303] task: eefa3900 ti: ed93c000 task.ti: ed93c000 > > [ 52.006294] PC is at brcmf_ops_sdio_resume+0x10/0x5c [brcmfmac] > > [ 52.012672] LR is at pm_generic_resume+0x2c/0x38 > > [ 52.017641] pc : [<bf12bbb8>] lr : [<c06502d4>] psr: 60000113 > > [ 52.017641] sp : ed93ddb8 ip : eed72e74 fp : c0f4a2d8 > > [ 52.029914] r10: c0fa7580 r9 : 00000010 r8 : 00000000 > > [ 52.035522] r7 : 00000010 r6 : eed7303c r5 : 00000001 r4 : c06502a8 > > [ 52.042514] r3 : 00000000 r2 : 00000002 r1 : eed73008 r0 : eed73008 > > [ 52.049511] Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none > > [ 52.057156] Control: 10c5387d Table: 2ee5404a DAC: 00000051 > > [ 52.063319] Process rtcwake (pid: 512, stack limit = 0xed93c220) > > [ 52.069761] Stack: (0xed93ddb8 to 0xed93e000) > > [ 52.074450] dda0: c06502a8 c06502d4 > > [ 52.083225] ddc0: c0cae914 c0653674 17c10408 c027fc00 eed72e08 eed73008 00000001 c0653cdc > > [ 52.091993] dde0: eed73070 eed73008 c0fa7548 c0fa7578 c104ce7c c0655018 c0f4a2d8 c0654ee8 > > [ 52.100757] de00: 0ea73a40 0000000c 0ea73a40 0000000c 0e3050d8 00000010 00000003 00000000 > > [ 52.109529] de20: c0f1650c c10109f4 c0f170a4 00000000 00000000 c06552e8 c10109f4 c02870b0 > > [ 52.118399] de40: 00000000 c028a464 c0d3b71c ed93de6c c0f49314 c02cd350 00000003 c10109f4 > > [ 52.127166] de60: 00000003 00000000 00000003 edbb45c0 00000004 00000000 00000000 c0287540 > > [ 52.135933] de80: 00000003 c0c8401c c1010a04 c02862fc 00000004 ee8f86e0 edbb45c0 edbb4fcc > > [ 52.144698] dea0: 00000004 ed93df80 00028290 c048c684 00000004 c036dec8 c036de84 edbb4fc0 > > [ 52.169613] dec0: edbb45c0 c036d70c 00000000 00000000 000081a4 c0a0113c 00028290 eee13b40 > > [ 52.194484] dee0: ed93df80 00000004 00028290 00000000 00000005 c030f990 c0f1ba64 ed93dfb0 > > [ 52.219219] df00: 00002710 000001ff b6fb42e4 c020a29c 5a9fd343 0b532b80 5a9fd343 0b532b80 > > [ 52.244031] df20: 0000050e 00000000 eee13b40 becb54b8 00028128 00028128 000000c5 eee13b40 > > [ 52.268893] df40: eee13b40 00028290 ed93df80 00000004 00000004 c031018c 0000000f 000081a4 > > [ 52.293765] df60: 00000001 00000000 00000000 eee13b40 eee13b40 00000004 00028290 c0310994 > > [ 52.318818] df80: 00000000 00000000 5a9fd343 00000004 00028290 00028128 00000004 c0210c44 > > [ 52.343980] dfa0: ed93c000 c0210a80 00000004 00028290 00000004 00028290 00000004 00000000 > > [ 52.369292] dfc0: 00000004 00028290 00028128 00000004 00014f40 00026180 00014ca4 00000005 > > [ 52.394701] dfe0: 00000000 becb5a1c b6f3479b b6f700d6 000f0030 00000004 00000000 00000000 > > [ 52.420294] [<bf12bbb8>] (brcmf_ops_sdio_resume [brcmfmac]) from [<c06502d4>] (pm_generic_resume+0x2c/0x38) > > [ 52.447649] [<c06502d4>] (pm_generic_resume) from [<c0653674>] (dpm_run_callback+0x1c/0x58) > > [ 52.474009] [<c0653674>] (dpm_run_callback) from [<c0653cdc>] (device_resume+0x98/0x260) > > [ 52.500177] [<c0653cdc>] (device_resume) from [<c0655018>] (dpm_resume+0x100/0x228) > > [ 52.525931] [<c0655018>] (dpm_resume) from [<c06552e8>] (dpm_resume_end+0xc/0x18) > > [ 52.551807] [<c06552e8>] (dpm_resume_end) from [<c02870b0>] (suspend_devices_and_enter+0x124/0x420) > > [ 52.579701] [<c02870b0>] (suspend_devices_and_enter) from [<c0287540>] (pm_suspend+0x194/0x254) > > [ 52.607599] [<c0287540>] (pm_suspend) from [<c02862fc>] (state_store+0x6c/0xbc) > > [ 52.634364] [<c02862fc>] (state_store) from [<c048c684>] (kobj_attr_store+0x14/0x20) > > [ 52.661518] [<c048c684>] (kobj_attr_store) from [<c036dec8>] (sysfs_kf_write+0x44/0x48) > > [ 52.688909] [<c036dec8>] (sysfs_kf_write) from [<c036d70c>] (kernfs_fop_write+0xbc/0x1b0) > > [ 52.716566] [<c036d70c>] (kernfs_fop_write) from [<c030f990>] (__vfs_write+0x24/0xd8) > > [ 52.743917] [<c030f990>] (__vfs_write) from [<c031018c>] (vfs_write+0x94/0x154) > > [ 52.770230] [<c031018c>] (vfs_write) from [<c0310994>] (SyS_write+0x40/0x94) > > [ 52.795713] [<c0310994>] (SyS_write) from [<c0210a80>] (ret_fast_syscall+0x0/0x48) > > [ 52.821478] Code: e92d4010 e590218c e5903058 e3520002 (e5934000) > > [ 52.845762] ---[ end trace d797b5b1ce195377 ]--- > -- nvpublic

6 years, 11 months

1
0
0 0

Re: [PATCH 4.4 00/27] 4.4.161-stable review

by Greg Kroah-Hartman

On Thu, Oct 11, 2018 at 03:22:11PM -0700, kernelci.org bot wrote: > > > Full Boot Summary: https://kernelci.org/boot/all/job/stable-rc/branch/linux-4.4.y/kernel/v4.4.… > Full Build Summary: https://kernelci.org/build/stable-rc/branch/linux-4.4.y/kernel/v4.4.160-28-… > > Tree: stable-rc > Branch: linux-4.4.y > Git Describe: v4.4.160-28-gb3522afcec59 > Git Commit: b3522afcec59a6a8030ebf4397f5b285b3e804d2 > Git URL: http://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git > Tested: 39 unique boards, 20 SoC families, 13 builds out of 178 > > Boot Regressions Detected: > > x86: > > x86_64_defconfig: > qemu: > lab-baylibre: new failure (last pass: v4.4.160) Should I worry about this? thanks, greg k-h

6 years, 11 months

2
1
0 0

URGENT RESPONSE NEEDED

by Sean Kim.

Hello my dear. Did you receive my email message to you? Please, get back to me ASAP as the matter is becoming late. Expecting your urgent response. Sean.

6 years, 11 months

1
0
0 0

[PATCH] ALSA: hda - Add mic quirk for the Lenovo G50-30 (17aa:3905)

by Jeremy Cline

The Lenovo G50-30, like other G50 models, has a Conexant codec that requires a quirk for its inverted stereo dmic. Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1249364 Reported-by: Alexander Ploumistos <alex.ploumistos(a)gmail.com> Tested-by: Alexander Ploumistos <alex.ploumistos(a)gmail.com> Cc: stable(a)vger.kernel.org Signed-off-by: Jeremy Cline <jcline(a)redhat.com> --- sound/pci/hda/patch_conexant.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sound/pci/hda/patch_conexant.c b/sound/pci/hda/patch_conexant.c index 5592557fe50e..950e02e71766 100644 --- a/sound/pci/hda/patch_conexant.c +++ b/sound/pci/hda/patch_conexant.c @@ -943,6 +943,7 @@ static const struct snd_pci_quirk cxt5066_fixups[] = { SND_PCI_QUIRK(0x17aa, 0x21da, "Lenovo X220", CXT_PINCFG_LENOVO_TP410), SND_PCI_QUIRK(0x17aa, 0x21db, "Lenovo X220-tablet", CXT_PINCFG_LENOVO_TP410), SND_PCI_QUIRK(0x17aa, 0x38af, "Lenovo IdeaPad Z560", CXT_FIXUP_MUTE_LED_EAPD), + SND_PCI_QUIRK(0x17aa, 0x3905, "Lenovo G50-30", CXT_FIXUP_STEREO_DMIC), SND_PCI_QUIRK(0x17aa, 0x390b, "Lenovo G50-80", CXT_FIXUP_STEREO_DMIC), SND_PCI_QUIRK(0x17aa, 0x3975, "Lenovo U300s", CXT_FIXUP_STEREO_DMIC), SND_PCI_QUIRK(0x17aa, 0x3977, "Lenovo IdeaPad U310", CXT_FIXUP_STEREO_DMIC), -- 2.19.1

6 years, 11 months

2
1
0 0

[RESEND][PATCH 4.4-stable] jffs2: return -ERANGE when xattr buffer is too small

by Hou Tao

When a file have multiple xattrs and the passed buffer is smaller than the required size, jffs2_listxattr() should return -ERANGE instead of continue, else Oops may occur due to memory corruption. Also remove the unnecessary check ("rc < 0"), because xhandle->list(...) will not return an error number. Spotted by generic/377 in xfstests-dev. NB: The problem had been fixed by commit 764a5c6b1fa4 ("xattr handlers: Simplify list operation") in v4.5-rc1, but the modification in that commit may be too much because it modifies all file-systems which implement xattr, so I create a single patch for jffs2 to fix the problem. Signed-off-by: Hou Tao <houtao1(a)huawei.com> --- fs/jffs2/xattr.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/fs/jffs2/xattr.c b/fs/jffs2/xattr.c index 4c2c03663533..8e1427762eeb 100644 --- a/fs/jffs2/xattr.c +++ b/fs/jffs2/xattr.c @@ -1004,12 +1004,14 @@ ssize_t jffs2_listxattr(struct dentry *dentry, char *buffer, size_t size) rc = xhandle->list(xhandle, dentry, buffer + len, size - len, xd->xname, xd->name_len); + if (rc > size - len) { + rc = -ERANGE; + goto out; + } } else { rc = xhandle->list(xhandle, dentry, NULL, 0, xd->xname, xd->name_len); } - if (rc < 0) - goto out; len += rc; } rc = len; -- 2.16.2.dirty

6 years, 11 months

1
0
0 0

Fwd: [PATCH stable 4.4 V2 0/6] fix SegmentSmack in stable branch (CVE-2018-5390)

by salil GK

I was looking for fix for CVE-2018-5390 and CVE-2018-5390) in 4.18.x. Will these fix be available in 4.18 train ? PS: Sorry for sending again - I got a rejection message as my previous message contains html tags ! Thanks ~S On Oct 11, 2018 7:38 PM, "Greg KH" <gregkh(a)linux-foundation.org> wrote: On Wed, Sep 26, 2018 at 10:21:21PM +0200, Greg KH wrote: > On Tue, Sep 25, 2018 at 10:10:15PM +0800, maowenan wrote: > > Hi Greg: > > > > can you review this patch set? > > It is still in the queue, don't worry. It will take some more time to > properly review and test it. > > Ideally you could get someone else to test this and provide a > "tested-by:" tag for it? All now queued up, let's see what breaks :) thanks, greg k-h

6 years, 11 months

1
0
0 0

Re: [PATCH stable 4.4 V2 0/6] fix SegmentSmack in stable branch (CVE-2018-5390)

by maowenan

On 2018/10/12 10:28, salil GK wrote: > I was looking for fix for CVE-2018-5390 and CVE-2018-5390) in 4.18.x. Will these fix be available in 4.18 train ? The fixes of CVE-2018-5390 have already existed in stable 4.18. These fixes only available with < 4.9 that don't using RB tree. 58152ec tcp: add tcp_ooo_try_coalesce() helper 8541b21 tcp: call tcp_drop() from tcp_data_queue_ofo() 3d4bf93 tcp: detect malicious patterns in tcp_collapse_ofo_queue() f4a3313 tcp: avoid collapses in tcp_prune_queue() if possible 72cd43b tcp: free batches of packets in tcp_prune_ofo_queue() > > Thanks > ~S > > On Oct 11, 2018 7:38 PM, "Greg KH" <gregkh(a)linux-foundation.org <mailto:gregkh@linux-foundation.org>> wrote: > > On Wed, Sep 26, 2018 at 10:21:21PM +0200, Greg KH wrote: > > On Tue, Sep 25, 2018 at 10:10:15PM +0800, maowenan wrote: > > > Hi Greg: > > > > > > can you review this patch set? > > > > It is still in the queue, don't worry. It will take some more time to > > properly review and test it. > > > > Ideally you could get someone else to test this and provide a > > "tested-by:" tag for it? > > All now queued up, let's see what breaks :) > > thanks, > > greg k-h > >

6 years, 11 months

1
0
0 0

[PATCH AUTOSEL 4.18 01/58] soundwire: Fix duplicate stream state assignment

by Sasha Levin

From: Shreyas NC <shreyas.nc(a)intel.com> [ Upstream commit 0aebe40bae6cf5652fdc3d05ecee15fbf5748194 ] For a SoundWire stream it is expected that a Slave is added to the stream before Master is added. So, move the stream state to CONFIGURED after the first Slave is added and remove the stream state assignment for Master add. Along with these changes, add additional comments to explain the same. Signed-off-by: Shreyas NC <shreyas.nc(a)intel.com> Acked-by: Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> Signed-off-by: Vinod Koul <vkoul(a)kernel.org> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- drivers/soundwire/stream.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/drivers/soundwire/stream.c b/drivers/soundwire/stream.c index 4b5e250e8615..7ba6d4d8cd03 100644 --- a/drivers/soundwire/stream.c +++ b/drivers/soundwire/stream.c @@ -1123,8 +1123,6 @@ int sdw_stream_add_master(struct sdw_bus *bus, if (ret) goto stream_error; - stream->state = SDW_STREAM_CONFIGURED; - stream_error: sdw_release_master_stream(stream); error: @@ -1141,6 +1139,10 @@ EXPORT_SYMBOL(sdw_stream_add_master); * @stream: SoundWire stream * @port_config: Port configuration for audio stream * @num_ports: Number of ports + * + * It is expected that Slave is added before adding Master + * to the Stream. + * */ int sdw_stream_add_slave(struct sdw_slave *slave, struct sdw_stream_config *stream_config, @@ -1186,6 +1188,12 @@ int sdw_stream_add_slave(struct sdw_slave *slave, if (ret) goto stream_error; + /* + * Change stream state to CONFIGURED on first Slave add. + * Bus is not aware of number of Slave(s) in a stream at this + * point so cannot depend on all Slave(s) to be added in order to + * change stream state to CONFIGURED. + */ stream->state = SDW_STREAM_CONFIGURED; goto error; -- 2.17.1

6 years, 11 months

5
75
0 0

[PATCH 4/6] ocfs2: fix locking for res->tracking and dlm->tracking_list

by Rodrigo Vivi

From: Ashish Samant <ashish.samant(a)oracle.com> In dlm_init_lockres() we access and modify res->tracking and dlm->tracking_list without holding dlm->track_lock. This can cause list corruptions and can end up in kernel panic. Fix this by locking res->tracking and dlm->tracking_list with dlm->track_lock instead of dlm->spinlock. Link: http://lkml.kernel.org/r/1529951192-4686-1-git-send-email-ashish.samant@ora… Signed-off-by: Ashish Samant <ashish.samant(a)oracle.com> Reviewed-by: Changwei Ge <ge.changwei(a)h3c.com> Acked-by: Joseph Qi <jiangqi903(a)gmail.com> Acked-by: Jun Piao <piaojun(a)huawei.com> Cc: Mark Fasheh <mark(a)fasheh.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Changwei Ge <ge.changwei(a)h3c.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/ocfs2/dlm/dlmmaster.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/ocfs2/dlm/dlmmaster.c b/fs/ocfs2/dlm/dlmmaster.c index aaca0949fe53..826f0567ec43 100644 --- a/fs/ocfs2/dlm/dlmmaster.c +++ b/fs/ocfs2/dlm/dlmmaster.c @@ -584,9 +584,9 @@ static void dlm_init_lockres(struct dlm_ctxt *dlm, res->last_used = 0; - spin_lock(&dlm->spinlock); + spin_lock(&dlm->track_lock); list_add_tail(&res->tracking, &dlm->tracking_list); - spin_unlock(&dlm->spinlock); + spin_unlock(&dlm->track_lock); memset(res->lvb, 0, DLM_LVB_LEN); memset(res->refmap, 0, sizeof(res->refmap)); -- 2.17.1

6 years, 11 months

1
0
0 0

[PATCH 2/6] mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly

by Rodrigo Vivi

From: Jann Horn <jannh(a)google.com> 5dd0b16cdaff ("mm/vmstat: Make NR_TLB_REMOTE_FLUSH_RECEIVED available even on UP") made the availability of the NR_TLB_REMOTE_FLUSH* counters inside the kernel unconditional to reduce #ifdef soup, but (either to avoid showing dummy zero counters to userspace, or because that code was missed) didn't update the vmstat_array, meaning that all following counters would be shown with incorrect values. This only affects kernel builds with CONFIG_VM_EVENT_COUNTERS=y && CONFIG_DEBUG_TLBFLUSH=y && CONFIG_SMP=n. Link: http://lkml.kernel.org/r/20181001143138.95119-2-jannh@google.com Fixes: 5dd0b16cdaff ("mm/vmstat: Make NR_TLB_REMOTE_FLUSH_RECEIVED available even on UP") Signed-off-by: Jann Horn <jannh(a)google.com> Reviewed-by: Kees Cook <keescook(a)chromium.org> Reviewed-by: Andrew Morton <akpm(a)linux-foundation.org> Acked-by: Michal Hocko <mhocko(a)suse.com> Acked-by: Roman Gushchin <guro(a)fb.com> Cc: Davidlohr Bueso <dave(a)stgolabs.net> Cc: Oleg Nesterov <oleg(a)redhat.com> Cc: Christoph Lameter <clameter(a)sgi.com> Cc: Kemi Wang <kemi.wang(a)intel.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Ingo Molnar <mingo(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- mm/vmstat.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/mm/vmstat.c b/mm/vmstat.c index 4cea7b8f519d..7878da76abf2 100644 --- a/mm/vmstat.c +++ b/mm/vmstat.c @@ -1275,6 +1275,9 @@ const char * const vmstat_text[] = { #ifdef CONFIG_SMP "nr_tlb_remote_flush", "nr_tlb_remote_flush_received", +#else + "", /* nr_tlb_remote_flush */ + "", /* nr_tlb_remote_flush_received */ #endif /* CONFIG_SMP */ "nr_tlb_local_flush_all", "nr_tlb_local_flush_one", -- 2.17.1

6 years, 11 months

1
0
0 0

[PATCH] blk-wbt: wake up all when we scale up, not down

by Josef Bacik

Tetsuo brought to my attention that I screwed up the scale_up/scale_down helpers when I factored out the rq-qos code. We need to wake up all the waiters when we add slots for requests to make, not when we shrink the slots. Otherwise we'll end up things waiting forever. This was a mistake and simply puts everything back the way it was. cc: stable(a)vger.kernel.org Fixes: a79050434b45 ("blk-rq-qos: refactor out common elements of blk-wbt") eported-by: Tetsuo Handa <penguin-kernel(a)i-love.sakura.ne.jp> Signed-off-by: Josef Bacik <josef(a)toxicpanda.com> --- JENS! I did this on for-4.20/block FYI block/blk-wbt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/block/blk-wbt.c b/block/blk-wbt.c index 8e20a0677dcf..8ac93fcbaa2e 100644 --- a/block/blk-wbt.c +++ b/block/blk-wbt.c @@ -310,6 +310,7 @@ static void scale_up(struct rq_wb *rwb) rq_depth_scale_up(&rwb->rq_depth); calc_wb_limits(rwb); rwb->unknown_cnt = 0; + rwb_wake_all(rwb); rwb_trace_step(rwb, "scale up"); } @@ -318,7 +319,6 @@ static void scale_down(struct rq_wb *rwb, bool hard_throttle) rq_depth_scale_down(&rwb->rq_depth, hard_throttle); calc_wb_limits(rwb); rwb->unknown_cnt = 0; - rwb_wake_all(rwb); rwb_trace_step(rwb, "scale down"); } -- 2.14.3

6 years, 11 months

2
1
0 0

[PATCH] pci: Add a few new IDs for Intel GPU "spurious interrupt" quirk

by Bin Meng

Add more PCI IDs to the Intel GPU "spurious interrupt" quirk table, which are known to break. See commit f67fd55fa96f ("PCI: Add quirk for still enabled interrupts on Intel Sandy Bridge GPUs"), and commit 7c82126a94e6 ("PCI: Add new ID for Intel GPU "spurious interrupt" quirk") for some history. Based on current findings, it is highly possible that all Intel 1st/2nd/3rd generation Core processors' IGD has such quirk. Signed-off-by: Bin Meng <bmeng.cn(a)gmail.com> Cc: <stable(a)vger.kernel.org> # v3.4+ --- drivers/pci/quirks.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c index 6bc27b7..c0673a7 100644 --- a/drivers/pci/quirks.c +++ b/drivers/pci/quirks.c @@ -3190,7 +3190,11 @@ static void disable_igfx_irq(struct pci_dev *dev) pci_iounmap(dev, regs); } +DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_INTEL, 0x0042, disable_igfx_irq); +DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_INTEL, 0x0046, disable_igfx_irq); +DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_INTEL, 0x004a, disable_igfx_irq); DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_INTEL, 0x0102, disable_igfx_irq); +DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_INTEL, 0x0106, disable_igfx_irq); DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_INTEL, 0x010a, disable_igfx_irq); DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_INTEL, 0x0152, disable_igfx_irq); -- 2.7.4

6 years, 11 months

4
12
0 0

Backports that remove FPU lazy-mode deadcode

by Daniel Sangorrin

Hello Greg, This is my 3rd attempt* at sending to you the FPU backported patches that complete the removal of FPU lazy-mode code, documentation and comments. Please apply the next patch before the 4.4.y 3-patch series. - a1dbf52c1a38 ("KVM: x86: remove eager_fpu field of struct kvm_vcpu_arch") [PATCH v3 4.4.y 1/3] x86/fpu: Remove use_eager_fpu() [PATCH v3 4.4.y 2/3] x86/fpu: Remove struct fpu::counter [PATCH v3 4.4.y 3/3] x86/fpu: Finish excising 'eagerfpu' [Note] I already sent to you a patch backported for 4.9.y (please make sure you follow the annotations). https://www.spinics.net/lists/stable/msg247014.html Thanks, Daniel *Sorry if I mess up again. I am going to use the get_maintainer.pl from the upstream kernel because last time I had some "returned e-mails".

6 years, 11 months

2
4
0 0

Backports that remove FPU lazy-mode deadcode for 4.9.y

by Daniel Sangorrin

Hello Greg, Please consider this backport for 4.9.y. It completes the removal of FPU lazy-mode code, documentation and comments. [PATCH v3 4.9] x86/fpu: Remove use_eager_fpu() After applying the patch, please do the following: - cherry-pick: 3913cc350757 ("x86/fpu: Remove struct fpu::counter") - revert: f09a7b0eead7 ("perf: sync up x86/.../cpufeatures.h") - Because the modification in this patch actually belongs to e63650840e8b ("x86/fpu: Finish excising 'eagerfpu'") - cherry-pick: e63650840e8b ("x86/fpu: Finish excising 'eagerfpu'") Thanks, Daniel

6 years, 11 months

3
4
0 0

[PATCH] selinux: fix byte order and alignment issues in policydb.c

by Ondrej Mosnacek

Add missing LE conversions to the Infiniband-related range checks. These were causing a failure to load any policy with an ibendportcon rule on BE systems. Also, the temporary buffers are only guaranteed to be aligned for 32-bit access so use (get/put)_unaligned_be64() for 64-bit accesses. Finally, do not use the 'nodebuf' (u32) buffer where 'buf' (__le32) should be used instead. Tested internally on a ppc64 machine with a RHEL 7 kernel with this patch applied. Cc: Daniel Jurgens <danielj(a)mellanox.com> Cc: Eli Cohen <eli(a)mellanox.com> Cc: James Morris <james.l.morris(a)oracle.com> Cc: Doug Ledford <dledford(a)redhat.com> Cc: <stable(a)vger.kernel.org> # 4.13+ Fixes: a806f7a1616f ("selinux: Create policydb version for Infiniband support") Signed-off-by: Ondrej Mosnacek <omosnace(a)redhat.com> --- security/selinux/ss/policydb.c | 28 +++++++++++++++------------- 1 file changed, 15 insertions(+), 13 deletions(-) diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c index f4eadd3f7350..2b310e8f2923 100644 --- a/security/selinux/ss/policydb.c +++ b/security/selinux/ss/policydb.c @@ -37,6 +37,7 @@ #include <linux/errno.h> #include <linux/audit.h> #include <linux/flex_array.h> +#include <asm/unaligned.h> #include "security.h" #include "policydb.h" @@ -2108,7 +2109,7 @@ static int ocontext_read(struct policydb *p, struct policydb_compat_info *info, { int i, j, rc; u32 nel, len; - __le32 buf[3]; + __le32 buf[4]; struct ocontext *l, *c; u32 nodebuf[8]; @@ -2218,20 +2219,20 @@ static int ocontext_read(struct policydb *p, struct policydb_compat_info *info, break; } case OCON_IBPKEY: - rc = next_entry(nodebuf, fp, sizeof(u32) * 4); + rc = next_entry(buf, fp, sizeof(u32) * 4); if (rc) goto out; - c->u.ibpkey.subnet_prefix = be64_to_cpu(*((__be64 *)nodebuf)); + c->u.ibpkey.subnet_prefix = get_unaligned_be64(buf); - if (nodebuf[2] > 0xffff || - nodebuf[3] > 0xffff) { + if (le32_to_cpu(buf[2]) > 0xffff || + le32_to_cpu(buf[3]) > 0xffff) { rc = -EINVAL; goto out; } - c->u.ibpkey.low_pkey = le32_to_cpu(nodebuf[2]); - c->u.ibpkey.high_pkey = le32_to_cpu(nodebuf[3]); + c->u.ibpkey.low_pkey = le32_to_cpu(buf[2]); + c->u.ibpkey.high_pkey = le32_to_cpu(buf[3]); rc = context_read_and_validate(&c->context[0], p, @@ -2249,7 +2250,8 @@ static int ocontext_read(struct policydb *p, struct policydb_compat_info *info, if (rc) goto out; - if (buf[1] > 0xff || buf[1] == 0) { + if (le32_to_cpu(buf[1]) > 0xff || + le32_to_cpu(buf[1]) == 0) { rc = -EINVAL; goto out; } @@ -3105,7 +3107,7 @@ static int ocontext_write(struct policydb *p, struct policydb_compat_info *info, { unsigned int i, j, rc; size_t nel, len; - __le32 buf[3]; + __le32 buf[4]; u32 nodebuf[8]; struct ocontext *c; for (i = 0; i < info->ocon_num; i++) { @@ -3192,12 +3194,12 @@ static int ocontext_write(struct policydb *p, struct policydb_compat_info *info, return rc; break; case OCON_IBPKEY: - *((__be64 *)nodebuf) = cpu_to_be64(c->u.ibpkey.subnet_prefix); + put_unaligned_be64(c->u.ibpkey.subnet_prefix, buf); - nodebuf[2] = cpu_to_le32(c->u.ibpkey.low_pkey); - nodebuf[3] = cpu_to_le32(c->u.ibpkey.high_pkey); + buf[2] = cpu_to_le32(c->u.ibpkey.low_pkey); + buf[3] = cpu_to_le32(c->u.ibpkey.high_pkey); - rc = put_entry(nodebuf, sizeof(u32), 4, fp); + rc = put_entry(buf, sizeof(u32), 4, fp); if (rc) return rc; rc = context_write(p, &c->context[0], fp); -- 2.17.1

6 years, 11 months

1
0
0 0

[for -stable] commit "c82919888064 ath10k: fix scan crash due to incorrect length calculation"

by Brian Norris

Hi Greg / stable maintainer(s), IIUC, this commit is a good candidate for -stable. I just hit the bug on 4.14, because of new vendor firmware that noticed the mismatched length (an internal "assert"), but it seems like this is equally problematic from the kernel side for as long as this code existed [1]: commit c8291988806407e02a01b4b15b4504eafbcc04e0 Author: Zhi Chen <zhichen(a)codeaurora.org> Date: Mon Jun 18 17:00:39 2018 +0300 ath10k: fix scan crash due to incorrect length calculation Thanks, Brian [1] I guess that would be: Fixes: ca996ec56608 ("ath10k: implement wmi-tlv backend") which was in v4.0.

6 years, 11 months

3
2
0 0

request for 4.14-stable: c7cdff0e8647 ("virtio_balloon: fix deadlock on OOM")

by Sudip Mukherjee

Hi Greg, This was not marked for stable but seems it should be in stable. Please apply to your queue of 4.14-stable. And at the same time, there was another later patch which fixed a bug in this patch. Both are attached as a series to this mail. -- Regards Sudip

6 years, 11 months

2
1
0 0

[PATCH stable 4.4 V2 0/6] fix SegmentSmack in stable branch (CVE-2018-5390)

by Mao Wenan

There are five patches to fix CVE-2018-5390 in latest mainline branch, but only two patches exist in stable 4.4 and 3.18: dc6ae4d tcp: detect malicious patterns in tcp_collapse_ofo_queue() 5fbec48 tcp: avoid collapses in tcp_prune_queue() if possible I have tested with stable 4.4 kernel, and found the cpu usage was very high. So I think only two patches can't fix the CVE-2018-5390. test results: with fix patch： 78.2% ksoftirqd withoutfix patch： 90% ksoftirqd Then I try to imitate 72cd43ba(tcp: free batches of packets in tcp_prune_ofo_queue()) to drop at least 12.5 % of sk_rcvbuf to avoid malicious attacks with simple queue instead of RB tree. The result is not very well. After analysing the codes of stable 4.4, and debuging the system, shows that search of ofo_queue(tcp ofo using a simple queue) cost more cycles. So I try to backport "tcp: use an RB tree for ooo receive queue" using RB tree instead of simple queue, then backport Eric Dumazet 5 fixed patches in mainline, good news is that ksoftirqd is turn to about 20%, which is the same with mainline now. Stable 4.4 have already back port two patches, f4a3313d(tcp: avoid collapses in tcp_prune_queue() if possible) 3d4bf93a(tcp: detect malicious patterns in tcp_collapse_ofo_queue()) If we want to change simple queue to RB tree to finally resolve, we should apply previous patch 9f5afeae(tcp: use an RB tree for ooo receive queue.) firstly, but 9f5afeae have many conflicts with 3d4bf93a and f4a3313d, which are part of patch series from Eric in mainline to fix CVE-2018-5390, so I need revert part of patches in stable 4.4 firstly, then apply 9f5afeae, and reapply five patches from Eric. V1->V2: 1) Don't revert 3d4bf93a and f4a3313d firstly, all of 6 patches based on 4.4.155. 2) Add one bug fix patch for RB tree:76f0dcbb5ae1a7c3dbeec13dd98233b8e6b0b32a tcp: fix a stale ooo_last_skb Eric Dumazet (5): tcp: increment sk_drops for dropped rx packets tcp: fix a stale ooo_last_skb after a replace tcp: free batches of packets in tcp_prune_ofo_queue() tcp: call tcp_drop() from tcp_data_queue_ofo() tcp: add tcp_ooo_try_coalesce() helper Yaogong Wang (1): tcp: use an RB tree for ooo receive queue include/linux/skbuff.h | 8 + include/linux/tcp.h | 7 +- include/net/sock.h | 7 + include/net/tcp.h | 2 +- net/core/skbuff.c | 19 +++ net/ipv4/tcp.c | 4 +- net/ipv4/tcp_input.c | 417 +++++++++++++++++++++++++++++------------------ net/ipv4/tcp_ipv4.c | 3 +- net/ipv4/tcp_minisocks.c | 1 - net/ipv6/tcp_ipv6.c | 1 + 10 files changed, 297 insertions(+), 172 deletions(-) -- 1.8.3.1

6 years, 11 months

3
9
0 0

[PATCH 4.4-stable] jffs2: return -ERANGE when xattr buffer is too small

by Hou Tao

Hi Greg, The problem had been fixed by 764a5c6b1fa4 ("xattr handlers: Simplify list operation") in v4.5-rc1, but the modification in that commit may be too much because it modifies all file-systems which implement xattr, so I create a single patch for jffs2 to fix the problem. Which one is your preference ? Hi Andreas, Could you please help review the patch ? Thanks, Tao --- From: Hou Tao <houtao1(a)huawei.com> When a file have multiple xattrs and the passed buffer is smaller than the required size, jffs2_listxattr() should return -ERANGE instead of continue, else Oops may occurs due to memory corruption. Also remove the unnecessary check ("rc < 0"), because xhandle->list(...) will not return an error number. Spotted by generic/377 in xfstests-dev. Signed-off-by: Hou Tao <houtao1(a)huawei.com> --- fs/jffs2/xattr.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/fs/jffs2/xattr.c b/fs/jffs2/xattr.c index 4c2c03663533..8e1427762eeb 100644 --- a/fs/jffs2/xattr.c +++ b/fs/jffs2/xattr.c @@ -1004,12 +1004,14 @@ ssize_t jffs2_listxattr(struct dentry *dentry, char *buffer, size_t size) rc = xhandle->list(xhandle, dentry, buffer + len, size - len, xd->xname, xd->name_len); + if (rc > size - len) { + rc = -ERANGE; + goto out; + } } else { rc = xhandle->list(xhandle, dentry, NULL, 0, xd->xname, xd->name_len); } - if (rc < 0) - goto out; len += rc; } rc = len; --

6 years, 11 months

2
1
0 0

[PATCH] HID: wacom: Work around HID descriptor bug in DTK-2451 and DTH-2452

by Jason Gerecke

The DTK-2451 and DTH-2452 have a buggy HID descriptor which incorrectly contains a Cintiq-like report, complete with pen tilt, rotation, twist, serial number, etc. The hardware doesn't actually support this data but our driver duitifully sets up the device as though it does. To ensure userspace has a correct view of devices without updated firmware, we clean up this incorrect data in wacom_setup_device_quirks. We're also careful to clear the WACOM_QUIRK_TOOLSERIAL flag since its presence causes the driver to wait for serial number information (via wacom_wac_pen_serial_enforce) that never comes, resulting in the pen being non-responsive. Signed-off-by: Jason Gerecke <jason.gerecke(a)wacom.com> Fixes: 8341720642 ("HID: wacom: Queue events with missing type/serial data for later processing") Cc: stable(a)vger.kernel.org # v4.16+ --- drivers/hid/wacom_wac.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/drivers/hid/wacom_wac.c b/drivers/hid/wacom_wac.c index e0a06be5ef5c..b4b4a30e3982 100644 --- a/drivers/hid/wacom_wac.c +++ b/drivers/hid/wacom_wac.c @@ -3335,6 +3335,7 @@ static void wacom_setup_intuos(struct wacom_wac *wacom_wac) void wacom_setup_device_quirks(struct wacom *wacom) { + struct wacom_wac *wacom_wac = &wacom->wacom_wac; struct wacom_features *features = &wacom->wacom_wac.features; /* The pen and pad share the same interface on most devices */ @@ -3464,6 +3465,25 @@ void wacom_setup_device_quirks(struct wacom *wacom) if (features->type == REMOTE) features->device_type |= WACOM_DEVICETYPE_WL_MONITOR; + + /* HID descriptor for DTK-2451 / DTH-2452 claims to report lots + * of things it shouldn't. Lets fix up the damage... + */ + if (wacom->hdev->product == 0x382 || wacom->hdev->product == 0x37d) { + features->quirks &= ~WACOM_QUIRK_TOOLSERIAL; + __clear_bit(BTN_TOOL_BRUSH, wacom_wac->pen_input->keybit); + __clear_bit(BTN_TOOL_PENCIL, wacom_wac->pen_input->keybit); + __clear_bit(BTN_TOOL_AIRBRUSH, wacom_wac->pen_input->keybit); + __clear_bit(ABS_Z, wacom_wac->pen_input->absbit); + __clear_bit(ABS_DISTANCE, wacom_wac->pen_input->absbit); + __clear_bit(ABS_TILT_X, wacom_wac->pen_input->absbit); + __clear_bit(ABS_TILT_Y, wacom_wac->pen_input->absbit); + __clear_bit(ABS_WHEEL, wacom_wac->pen_input->absbit); + __clear_bit(ABS_MISC, wacom_wac->pen_input->absbit); + __clear_bit(MSC_SERIAL, wacom_wac->pen_input->mscbit); + __clear_bit(EV_MSC, wacom_wac->pen_input->evbit); + } } int wacom_setup_pen_input_capabilities(struct input_dev *input_dev, -- 2.19.1

6 years, 11 months

2
1
0 0

[PATCH 1/1] crypto:chelsio: Fix memory corruption in DMA Mapped buffers.

by Harsh Jain

commit add92a817e60e308a419693413a38d9d1e663aff upstream Update PCI Id in "cpl_rx_phys_dsgl" header. In case pci_chan_id and tx_chan_id are not derived from same queue, H/W can send request completion indication before completing DMA Transfer. Cc: <stable(a)vger.kernel.org> # 4.14.x Signed-off-by: Harsh Jain <harsh(a)chelsio.com> --- drivers/crypto/chelsio/chcr_algo.c | 41 ++++++++++++++++++++++++------------ drivers/crypto/chelsio/chcr_crypto.h | 2 ++ 2 files changed, 29 insertions(+), 14 deletions(-) diff --git a/drivers/crypto/chelsio/chcr_algo.c b/drivers/crypto/chelsio/chcr_algo.c index 0e81607..bb7b59f 100644 --- a/drivers/crypto/chelsio/chcr_algo.c +++ b/drivers/crypto/chelsio/chcr_algo.c @@ -384,7 +384,8 @@ static inline int is_hmac(struct crypto_tfm *tfm) static void write_phys_cpl(struct cpl_rx_phys_dsgl *phys_cpl, struct scatterlist *sg, - struct phys_sge_parm *sg_param) + struct phys_sge_parm *sg_param, + int pci_chan_id) { struct phys_sge_pairs *to; unsigned int len = 0, left_size = sg_param->obsize; @@ -402,6 +403,7 @@ static void write_phys_cpl(struct cpl_rx_phys_dsgl *phys_cpl, phys_cpl->rss_hdr_int.opcode = CPL_RX_PHYS_ADDR; phys_cpl->rss_hdr_int.qid = htons(sg_param->qid); phys_cpl->rss_hdr_int.hash_val = 0; + phys_cpl->rss_hdr_int.channel = pci_chan_id; to = (struct phys_sge_pairs *)((unsigned char *)phys_cpl + sizeof(struct cpl_rx_phys_dsgl)); for (i = 0; nents && left_size; to++) { @@ -418,7 +420,8 @@ static void write_phys_cpl(struct cpl_rx_phys_dsgl *phys_cpl, static inline int map_writesg_phys_cpl(struct device *dev, struct cpl_rx_phys_dsgl *phys_cpl, struct scatterlist *sg, - struct phys_sge_parm *sg_param) + struct phys_sge_parm *sg_param, + int pci_chan_id) { if (!sg || !sg_param->nents) return -EINVAL; @@ -428,7 +431,7 @@ static inline int map_writesg_phys_cpl(struct device *dev, pr_err("CHCR : DMA mapping failed\n"); return -EINVAL; } - write_phys_cpl(phys_cpl, sg, sg_param); + write_phys_cpl(phys_cpl, sg, sg_param, pci_chan_id); return 0; } @@ -608,7 +611,7 @@ static inline void create_wreq(struct chcr_context *ctx, is_iv ? iv_loc : IV_NOP, !!lcb, ctx->tx_qidx); - chcr_req->ulptx.cmd_dest = FILL_ULPTX_CMD_DEST(ctx->dev->tx_channel_id, + chcr_req->ulptx.cmd_dest = FILL_ULPTX_CMD_DEST(ctx->tx_chan_id, qid); chcr_req->ulptx.len = htonl((DIV_ROUND_UP((calc_tx_flits_ofld(skb) * 8), 16) - ((sizeof(chcr_req->wreq)) >> 4))); @@ -698,7 +701,8 @@ static struct sk_buff *create_cipher_wr(struct cipher_wr_param *wrparam) sg_param.obsize = wrparam->bytes; sg_param.qid = wrparam->qid; error = map_writesg_phys_cpl(&u_ctx->lldi.pdev->dev, phys_cpl, - reqctx->dst, &sg_param); + reqctx->dst, &sg_param, + ctx->pci_chan_id); if (error) goto map_fail1; @@ -1228,16 +1232,23 @@ static int chcr_device_init(struct chcr_context *ctx) adap->vres.ncrypto_fc); rxq_perchan = u_ctx->lldi.nrxq / u_ctx->lldi.nchan; txq_perchan = ntxq / u_ctx->lldi.nchan; - rxq_idx = ctx->dev->tx_channel_id * rxq_perchan; - rxq_idx += id % rxq_perchan; - txq_idx = ctx->dev->tx_channel_id * txq_perchan; - txq_idx += id % txq_perchan; spin_lock(&ctx->dev->lock_chcr_dev); - ctx->rx_qidx = rxq_idx; - ctx->tx_qidx = txq_idx; + ctx->tx_chan_id = ctx->dev->tx_channel_id; ctx->dev->tx_channel_id = !ctx->dev->tx_channel_id; ctx->dev->rx_channel_id = 0; spin_unlock(&ctx->dev->lock_chcr_dev); + rxq_idx = ctx->tx_chan_id * rxq_perchan; + rxq_idx += id % rxq_perchan; + txq_idx = ctx->tx_chan_id * txq_perchan; + txq_idx += id % txq_perchan; + ctx->rx_qidx = rxq_idx; + ctx->tx_qidx = txq_idx; + /* Channel Id used by SGE to forward packet to Host. + * Same value should be used in cpl_fw6_pld RSS_CH field + * by FW. Driver programs PCI channel ID to be used in fw + * at the time of queue allocation with value "pi->tx_chan" + */ + ctx->pci_chan_id = txq_idx / txq_perchan; } out: return err; @@ -2066,7 +2077,8 @@ static struct sk_buff *create_authenc_wr(struct aead_request *req, sg_param.obsize = req->cryptlen + (op_type ? -authsize : authsize); sg_param.qid = qid; error = map_writesg_phys_cpl(&u_ctx->lldi.pdev->dev, phys_cpl, - reqctx->dst, &sg_param); + reqctx->dst, &sg_param, + ctx->pci_chan_id); if (error) goto dstmap_fail; @@ -2389,7 +2401,7 @@ static struct sk_buff *create_aead_ccm_wr(struct aead_request *req, sg_param.obsize = req->cryptlen + (op_type ? -authsize : authsize); sg_param.qid = qid; error = map_writesg_phys_cpl(&u_ctx->lldi.pdev->dev, phys_cpl, - reqctx->dst, &sg_param); + reqctx->dst, &sg_param, ctx->pci_chan_id); if (error) goto dstmap_fail; @@ -2545,7 +2557,8 @@ static struct sk_buff *create_gcm_wr(struct aead_request *req, sg_param.obsize = req->cryptlen + (op_type ? -authsize : authsize); sg_param.qid = qid; error = map_writesg_phys_cpl(&u_ctx->lldi.pdev->dev, phys_cpl, - reqctx->dst, &sg_param); + reqctx->dst, &sg_param, + ctx->pci_chan_id); if (error) goto dstmap_fail; diff --git a/drivers/crypto/chelsio/chcr_crypto.h b/drivers/crypto/chelsio/chcr_crypto.h index 30af1ee..e039d9a 100644 --- a/drivers/crypto/chelsio/chcr_crypto.h +++ b/drivers/crypto/chelsio/chcr_crypto.h @@ -222,6 +222,8 @@ struct chcr_context { struct chcr_dev *dev; unsigned char tx_qidx; unsigned char rx_qidx; + unsigned char tx_chan_id; + unsigned char pci_chan_id; struct __crypto_ctx crypto_ctx[0]; }; -- 2.1.4

6 years, 11 months

2
1
0 0

[PATCH backport for 4.9] x86/mm: Expand static page table for fixmap space

by Feng Tang

commit 05ab1d8a4b36ee912b7087c6da127439ed0a903e upstream We met a kernel panic when enabling earlycon, which is due to the fixmap address of earlycon is not statically setup. Currently the static fixmap setup in head_64.S only covers 2M virtual address space, while it actually could be in 4M space with different kernel configurations, e.g. when VSYSCALL emulation is disabled. So increase the static space to 4M for now by defining FIXMAP_PMD_NUM to 2, and add a build time check to ensure that the fixmap is covered by the initial static page tables. Fixes: 1ad83c858c7d ("x86_64,vsyscall: Make vsyscall emulation configurable") Suggested-by: Thomas Gleixner <tglx(a)linutronix.de> Signed-off-by: Feng Tang <feng.tang(a)intel.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: <stable(a)vger.kernel.org> # v4.9 Cc: Juergen Gross <jgross(a)suse.com> Cc: H Peter Anvin <hpa(a)linux.intel.com> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Michal Hocko <mhocko(a)kernel.org> Cc: Yinghai Lu <yinghai(a)kernel.org> Cc: Dave Hansen <dave.hansen(a)intel.com> Cc: Andi Kleen <ak(a)linux.intel.com> Cc: Andy Lutomirsky <luto(a)kernel.org> --- arch/x86/include/asm/fixmap.h | 10 ++++++++++ arch/x86/include/asm/pgtable_64.h | 3 ++- arch/x86/kernel/head_64.S | 16 ++++++++++++---- arch/x86/mm/pgtable.c | 9 +++++++++ arch/x86/xen/mmu.c | 8 ++++++-- 5 files changed, 39 insertions(+), 7 deletions(-) diff --git a/arch/x86/include/asm/fixmap.h b/arch/x86/include/asm/fixmap.h index 8554f960..2515284 100644 --- a/arch/x86/include/asm/fixmap.h +++ b/arch/x86/include/asm/fixmap.h @@ -14,6 +14,16 @@ #ifndef _ASM_X86_FIXMAP_H #define _ASM_X86_FIXMAP_H +/* + * Exposed to assembly code for setting up initial page tables. Cannot be + * calculated in assembly code (fixmap entries are an enum), but is sanity + * checked in the actual fixmap C code to make sure that the fixmap is + * covered fully. + */ +#define FIXMAP_PMD_NUM 2 +/* fixmap starts downwards from the 507th entry in level2_fixmap_pgt */ +#define FIXMAP_PMD_TOP 507 + #ifndef __ASSEMBLY__ #include <linux/kernel.h> #include <asm/acpi.h> diff --git a/arch/x86/include/asm/pgtable_64.h b/arch/x86/include/asm/pgtable_64.h index 221a32e..d5c4df9 100644 --- a/arch/x86/include/asm/pgtable_64.h +++ b/arch/x86/include/asm/pgtable_64.h @@ -13,13 +13,14 @@ #include <asm/processor.h> #include <linux/bitops.h> #include <linux/threads.h> +#include <asm/fixmap.h> extern pud_t level3_kernel_pgt[512]; extern pud_t level3_ident_pgt[512]; extern pmd_t level2_kernel_pgt[512]; extern pmd_t level2_fixmap_pgt[512]; extern pmd_t level2_ident_pgt[512]; -extern pte_t level1_fixmap_pgt[512]; +extern pte_t level1_fixmap_pgt[512 * FIXMAP_PMD_NUM]; extern pgd_t init_level4_pgt[]; #define swapper_pg_dir init_level4_pgt diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S index 9d72cf5..b0d6697 100644 --- a/arch/x86/kernel/head_64.S +++ b/arch/x86/kernel/head_64.S @@ -23,6 +23,7 @@ #include "../entry/calling.h" #include <asm/export.h> #include <asm/nospec-branch.h> +#include <asm/fixmap.h> #ifdef CONFIG_PARAVIRT #include <asm/asm-offsets.h> @@ -493,13 +494,20 @@ NEXT_PAGE(level2_kernel_pgt) KERNEL_IMAGE_SIZE/PMD_SIZE) NEXT_PAGE(level2_fixmap_pgt) - .fill 506,8,0 - .quad level1_fixmap_pgt - __START_KERNEL_map + _PAGE_TABLE - /* 8MB reserved for vsyscalls + a 2MB hole = 4 + 1 entries */ - .fill 5,8,0 + .fill (512 - 4 - FIXMAP_PMD_NUM),8,0 + pgtno = 0 + .rept (FIXMAP_PMD_NUM) + .quad level1_fixmap_pgt + (pgtno << PAGE_SHIFT) - __START_KERNEL_map \ + + _PAGE_TABLE; + pgtno = pgtno + 1 + .endr + /* 6 MB reserved space + a 2MB hole */ + .fill 4,8,0 NEXT_PAGE(level1_fixmap_pgt) + .rept (FIXMAP_PMD_NUM) .fill 512,8,0 + .endr #undef PMDS diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c index e30baa8..8cbed30 100644 --- a/arch/x86/mm/pgtable.c +++ b/arch/x86/mm/pgtable.c @@ -536,6 +536,15 @@ void __native_set_fixmap(enum fixed_addresses idx, pte_t pte) { unsigned long address = __fix_to_virt(idx); +#ifdef CONFIG_X86_64 + /* + * Ensure that the static initial page tables are covering the + * fixmap completely. + */ + BUILD_BUG_ON(__end_of_permanent_fixed_addresses > + (FIXMAP_PMD_NUM * PTRS_PER_PTE)); +#endif + if (idx >= __end_of_fixed_addresses) { BUG(); return; diff --git a/arch/x86/xen/mmu.c b/arch/x86/xen/mmu.c index c92f75f..ebceaba 100644 --- a/arch/x86/xen/mmu.c +++ b/arch/x86/xen/mmu.c @@ -1936,7 +1936,7 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn) * L3_k[511] -> level2_fixmap_pgt */ convert_pfn_mfn(level3_kernel_pgt); - /* L3_k[511][506] -> level1_fixmap_pgt */ + /* L3_k[511][508-FIXMAP_PMD_NUM ... 507] -> level1_fixmap_pgt */ convert_pfn_mfn(level2_fixmap_pgt); } /* We get [511][511] and have Xen's version of level2_kernel_pgt */ @@ -1970,7 +1970,11 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn) set_page_prot(level2_ident_pgt, PAGE_KERNEL_RO); set_page_prot(level2_kernel_pgt, PAGE_KERNEL_RO); set_page_prot(level2_fixmap_pgt, PAGE_KERNEL_RO); - set_page_prot(level1_fixmap_pgt, PAGE_KERNEL_RO); + + for (i = 0; i < FIXMAP_PMD_NUM; i++) { + set_page_prot(level1_fixmap_pgt + i * PTRS_PER_PTE, + PAGE_KERNEL_RO); + } /* Pin down new L4 */ pin_pagetable_pfn(MMUEXT_PIN_L4_TABLE, -- 2.7.4

6 years, 11 months

2
1
0 0

[PATCH 0/1] Fix 4.4-stable and 4.9-stable ppc build

by Kleber Sacilotto de Souza

Hi Greg, The backport of upstream commit 1bd6a1c4b80a ("powerpc/fadump: handle crash memory ranges array index overflow") introduced a ppc build failure on 4.4-stable and 4.9-stable when CONFIG_FA_DUMP is enabled: arch/powerpc/kernel/fadump.c: In function ‘register_fadump’: arch/powerpc/kernel/fadump.c:1015:10: error: ‘return’ with a value, in function returning void [-Werror] return ret; ^~~ arch/powerpc/kernel/fadump.c:1000:13: note: declared here static void register_fadump(void) ^~~~~~~~~~~~~~~ I am suggesting to fix it by backporting 98b8cd7f7564 ("powerpc/fadump: Return error when fadump registration fails"), which is an earlier commit that (among other things) set the return of register_fadump() to int and has little functional changes. It was applied upstream for v4.13, so 4.14-stable and later are already fixed. Thanks, Kleber Michal Suchanek (1): powerpc/fadump: Return error when fadump registration fails arch/powerpc/kernel/fadump.c | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) -- 2.17.1

6 years, 11 months

2
2
0 0

FAILED: patch "[PATCH] powerpc/lib: fix book3s/32 boot failure due to code patching" failed to apply to 4.18-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.18-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From b45ba4a51cde29b2939365ef0c07ad34c8321789 Mon Sep 17 00:00:00 2001 From: Christophe Leroy <christophe.leroy(a)c-s.fr> Date: Mon, 1 Oct 2018 12:21:10 +0000 Subject: [PATCH] powerpc/lib: fix book3s/32 boot failure due to code patching Commit 51c3c62b58b3 ("powerpc: Avoid code patching freed init sections") accesses 'init_mem_is_free' flag too early, before the kernel is relocated. This provokes early boot failure (before the console is active). As it is not necessary to do this verification that early, this patch moves the test into patch_instruction() instead of __patch_instruction(). This modification also has the advantage of avoiding unnecessary remappings. Fixes: 51c3c62b58b3 ("powerpc: Avoid code patching freed init sections") Cc: stable(a)vger.kernel.org # 4.13+ Signed-off-by: Christophe Leroy <christophe.leroy(a)c-s.fr> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> diff --git a/arch/powerpc/lib/code-patching.c b/arch/powerpc/lib/code-patching.c index 6ae2777c220d..5ffee298745f 100644 --- a/arch/powerpc/lib/code-patching.c +++ b/arch/powerpc/lib/code-patching.c @@ -28,12 +28,6 @@ static int __patch_instruction(unsigned int *exec_addr, unsigned int instr, { int err; - /* Make sure we aren't patching a freed init section */ - if (init_mem_is_free && init_section_contains(exec_addr, 4)) { - pr_debug("Skipping init section patching addr: 0x%px\n", exec_addr); - return 0; - } - __put_user_size(instr, patch_addr, 4, err); if (err) return err; @@ -148,7 +142,7 @@ static inline int unmap_patch_area(unsigned long addr) return 0; } -int patch_instruction(unsigned int *addr, unsigned int instr) +static int do_patch_instruction(unsigned int *addr, unsigned int instr) { int err; unsigned int *patch_addr = NULL; @@ -188,12 +182,22 @@ int patch_instruction(unsigned int *addr, unsigned int instr) } #else /* !CONFIG_STRICT_KERNEL_RWX */ -int patch_instruction(unsigned int *addr, unsigned int instr) +static int do_patch_instruction(unsigned int *addr, unsigned int instr) { return raw_patch_instruction(addr, instr); } #endif /* CONFIG_STRICT_KERNEL_RWX */ + +int patch_instruction(unsigned int *addr, unsigned int instr) +{ + /* Make sure we aren't patching a freed init section */ + if (init_mem_is_free && init_section_contains(addr, 4)) { + pr_debug("Skipping init section patching addr: 0x%px\n", addr); + return 0; + } + return do_patch_instruction(addr, instr); +} NOKPROBE_SYMBOL(patch_instruction); int patch_branch(unsigned int *addr, unsigned long target, int flags)

6 years, 11 months

3
2
0 0

[PATCH for-4.14.y 1/4] cgroup/cpuset: remove circular dependency deadlock

by Amit Pundir

From: Prateek Sood <prsood(a)codeaurora.org> commit aa24163b2ee5c92120e32e99b5a93143a0f4258e upstream. Remove circular dependency deadlock in a scenario where hotplug of CPU is being done while there is updation in cgroup and cpuset triggered from userspace. Process A => kthreadd => Process B => Process C => Process A Process A cpu_subsys_offline(); cpu_down(); _cpu_down(); percpu_down_write(&cpu_hotplug_lock); //held cpuhp_invoke_callback(); workqueue_offline_cpu(); queue_work_on(); // unbind_work on system_highpri_wq __queue_work(); insert_work(); wake_up_worker(); flush_work(); wait_for_completion(); worker_thread(); manage_workers(); create_worker(); kthread_create_on_node(); wake_up_process(kthreadd_task); kthreadd kthreadd(); kernel_thread(); do_fork(); copy_process(); percpu_down_read(&cgroup_threadgroup_rwsem); __rwsem_down_read_failed_common(); //waiting Process B kernfs_fop_write(); cgroup_file_write(); cgroup_procs_write(); percpu_down_write(&cgroup_threadgroup_rwsem); //held cgroup_attach_task(); cgroup_migrate(); cgroup_migrate_execute(); cpuset_can_attach(); mutex_lock(&cpuset_mutex); //waiting Process C kernfs_fop_write(); cgroup_file_write(); cpuset_write_resmask(); mutex_lock(&cpuset_mutex); //held update_cpumask(); update_cpumasks_hier(); rebuild_sched_domains_locked(); get_online_cpus(); percpu_down_read(&cpu_hotplug_lock); //waiting Eliminating deadlock by reversing the locking order for cpuset_mutex and cpu_hotplug_lock. Signed-off-by: Prateek Sood <prsood(a)codeaurora.org> Signed-off-by: Tejun Heo <tj(a)kernel.org> Signed-off-by: Amit Pundir <amit.pundir(a)linaro.org> --- Build tested on 4.14.74 for ARCH=arm/arm64 allmodconfig. kernel/cgroup/cpuset.c | 53 ++++++++++++++++++++++++++++---------------------- 1 file changed, 30 insertions(+), 23 deletions(-) diff --git a/kernel/cgroup/cpuset.c b/kernel/cgroup/cpuset.c index 4657e2924ecb..54f4855b92fa 100644 --- a/kernel/cgroup/cpuset.c +++ b/kernel/cgroup/cpuset.c @@ -817,6 +817,18 @@ static int generate_sched_domains(cpumask_var_t **domains, return ndoms; } +static void cpuset_sched_change_begin(void) +{ + cpus_read_lock(); + mutex_lock(&cpuset_mutex); +} + +static void cpuset_sched_change_end(void) +{ + mutex_unlock(&cpuset_mutex); + cpus_read_unlock(); +} + /* * Rebuild scheduler domains. * @@ -826,16 +838,14 @@ static int generate_sched_domains(cpumask_var_t **domains, * 'cpus' is removed, then call this routine to rebuild the * scheduler's dynamic sched domains. * - * Call with cpuset_mutex held. Takes get_online_cpus(). */ -static void rebuild_sched_domains_locked(void) +static void rebuild_sched_domains_cpuslocked(void) { struct sched_domain_attr *attr; cpumask_var_t *doms; int ndoms; lockdep_assert_held(&cpuset_mutex); - get_online_cpus(); /* * We have raced with CPU hotplug. Don't do anything to avoid @@ -843,27 +853,25 @@ static void rebuild_sched_domains_locked(void) * Anyways, hotplug work item will rebuild sched domains. */ if (!cpumask_equal(top_cpuset.effective_cpus, cpu_active_mask)) - goto out; + return; /* Generate domain masks and attrs */ ndoms = generate_sched_domains(&doms, &attr); /* Have scheduler rebuild the domains */ partition_sched_domains(ndoms, doms, attr); -out: - put_online_cpus(); } #else /* !CONFIG_SMP */ -static void rebuild_sched_domains_locked(void) +static void rebuild_sched_domains_cpuslocked(void) { } #endif /* CONFIG_SMP */ void rebuild_sched_domains(void) { - mutex_lock(&cpuset_mutex); - rebuild_sched_domains_locked(); - mutex_unlock(&cpuset_mutex); + cpuset_sched_change_begin(); + rebuild_sched_domains_cpuslocked(); + cpuset_sched_change_end(); } /** @@ -949,7 +957,7 @@ static void update_cpumasks_hier(struct cpuset *cs, struct cpumask *new_cpus) rcu_read_unlock(); if (need_rebuild_sched_domains) - rebuild_sched_domains_locked(); + rebuild_sched_domains_cpuslocked(); } /** @@ -1281,7 +1289,7 @@ static int update_relax_domain_level(struct cpuset *cs, s64 val) cs->relax_domain_level = val; if (!cpumask_empty(cs->cpus_allowed) && is_sched_load_balance(cs)) - rebuild_sched_domains_locked(); + rebuild_sched_domains_cpuslocked(); } return 0; @@ -1314,7 +1322,6 @@ static void update_tasks_flags(struct cpuset *cs) * * Call with cpuset_mutex held. */ - static int update_flag(cpuset_flagbits_t bit, struct cpuset *cs, int turning_on) { @@ -1347,7 +1354,7 @@ static int update_flag(cpuset_flagbits_t bit, struct cpuset *cs, spin_unlock_irq(&callback_lock); if (!cpumask_empty(trialcs->cpus_allowed) && balance_flag_changed) - rebuild_sched_domains_locked(); + rebuild_sched_domains_cpuslocked(); if (spread_flag_changed) update_tasks_flags(cs); @@ -1615,7 +1622,7 @@ static int cpuset_write_u64(struct cgroup_subsys_state *css, struct cftype *cft, cpuset_filetype_t type = cft->private; int retval = 0; - mutex_lock(&cpuset_mutex); + cpuset_sched_change_begin(); if (!is_cpuset_online(cs)) { retval = -ENODEV; goto out_unlock; @@ -1651,7 +1658,7 @@ static int cpuset_write_u64(struct cgroup_subsys_state *css, struct cftype *cft, break; } out_unlock: - mutex_unlock(&cpuset_mutex); + cpuset_sched_change_end(); return retval; } @@ -1662,7 +1669,7 @@ static int cpuset_write_s64(struct cgroup_subsys_state *css, struct cftype *cft, cpuset_filetype_t type = cft->private; int retval = -ENODEV; - mutex_lock(&cpuset_mutex); + cpuset_sched_change_begin(); if (!is_cpuset_online(cs)) goto out_unlock; @@ -1675,7 +1682,7 @@ static int cpuset_write_s64(struct cgroup_subsys_state *css, struct cftype *cft, break; } out_unlock: - mutex_unlock(&cpuset_mutex); + cpuset_sched_change_end(); return retval; } @@ -1714,7 +1721,7 @@ static ssize_t cpuset_write_resmask(struct kernfs_open_file *of, kernfs_break_active_protection(of->kn); flush_work(&cpuset_hotplug_work); - mutex_lock(&cpuset_mutex); + cpuset_sched_change_begin(); if (!is_cpuset_online(cs)) goto out_unlock; @@ -1738,7 +1745,7 @@ static ssize_t cpuset_write_resmask(struct kernfs_open_file *of, free_trial_cpuset(trialcs); out_unlock: - mutex_unlock(&cpuset_mutex); + cpuset_sched_change_end(); kernfs_unbreak_active_protection(of->kn); css_put(&cs->css); flush_workqueue(cpuset_migrate_mm_wq); @@ -2039,14 +2046,14 @@ static int cpuset_css_online(struct cgroup_subsys_state *css) /* * If the cpuset being removed has its flag 'sched_load_balance' * enabled, then simulate turning sched_load_balance off, which - * will call rebuild_sched_domains_locked(). + * will call rebuild_sched_domains_cpuslocked(). */ static void cpuset_css_offline(struct cgroup_subsys_state *css) { struct cpuset *cs = css_cs(css); - mutex_lock(&cpuset_mutex); + cpuset_sched_change_begin(); if (is_sched_load_balance(cs)) update_flag(CS_SCHED_LOAD_BALANCE, cs, 0); @@ -2054,7 +2061,7 @@ static void cpuset_css_offline(struct cgroup_subsys_state *css) cpuset_dec(); clear_bit(CS_ONLINE, &cs->flags); - mutex_unlock(&cpuset_mutex); + cpuset_sched_change_end(); } static void cpuset_css_free(struct cgroup_subsys_state *css) -- 2.7.4

6 years, 11 months

2
6
0 0

[PATCH for-4.9.y] cgroup: Fix deadlock in cpu hotplug path

by Amit Pundir

From: Prateek Sood <prsood(a)codeaurora.org> commit 116d2f7496c51b2e02e8e4ecdd2bdf5fb9d5a641 upstream. Deadlock during cgroup migration from cpu hotplug path when a task T is being moved from source to destination cgroup. kworker/0:0 cpuset_hotplug_workfn() cpuset_hotplug_update_tasks() hotplug_update_tasks_legacy() remove_tasks_in_empty_cpuset() cgroup_transfer_tasks() // stuck in iterator loop cgroup_migrate() cgroup_migrate_add_task() In cgroup_migrate_add_task() it checks for PF_EXITING flag of task T. Task T will not migrate to destination cgroup. css_task_iter_start() will keep pointing to task T in loop waiting for task T cg_list node to be removed. Task T do_exit() exit_signals() // sets PF_EXITING exit_task_namespaces() switch_task_namespaces() free_nsproxy() put_mnt_ns() drop_collected_mounts() namespace_unlock() synchronize_rcu() _synchronize_rcu_expedited() schedule_work() // on cpu0 low priority worker pool wait_event() // waiting for work item to execute Task T inserted a work item in the worklist of cpu0 low priority worker pool. It is waiting for expedited grace period work item to execute. This work item will only be executed once kworker/0:0 complete execution of cpuset_hotplug_workfn(). kworker/0:0 ==> Task T ==>kworker/0:0 In case of PF_EXITING task being migrated from source to destination cgroup, migrate next available task in source cgroup. Signed-off-by: Prateek Sood <prsood(a)codeaurora.org> Signed-off-by: Tejun Heo <tj(a)kernel.org> [AmitP: Upstream commit cherry-pick failed, so I picked the backported changes from CAF/msm-4.9 tree instead: https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=49b74f16964…] Signed-off-by: Amit Pundir <amit.pundir(a)linaro.org> --- This patch can be cleanly applied and build tested on 4.4.y and 3.18.y as well but I couldn't find it in msm-4.4 and msm-3.18 trees. So this patch is really untested on those stable trees. Build tested on 4.9.131, 4.4.159 and 3.18.123 for ARCH=arm/arm64 allmodconfig. kernel/cgroup.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/kernel/cgroup.c b/kernel/cgroup.c index 4c233437ee1a..bb0cf1caf1cd 100644 --- a/kernel/cgroup.c +++ b/kernel/cgroup.c @@ -4386,7 +4386,11 @@ int cgroup_transfer_tasks(struct cgroup *to, struct cgroup *from) */ do { css_task_iter_start(&from->self, &it); - task = css_task_iter_next(&it); + + do { + task = css_task_iter_next(&it); + } while (task && (task->flags & PF_EXITING)); + if (task) get_task_struct(task); css_task_iter_end(&it); -- 2.7.4

6 years, 11 months

2
1
0 0

[4.4.y 4.9.y 0/1] ext4 CVE fixes for 4.9 and 4.4

by Chenbo Feng

This patch is aimed to fixing CVE-2018-10883 and is already in 4.14 stable. The upstream one has minor conflicts when backporting to 4.4 and 4.9 but it is trivial to resolve. I have tested the patch with xfstests on kvm and there is no regression. Theodore Ts'o (1): ext4: avoid running out of journal credits when appending to an inline file fs/ext4/ext4.h | 3 --- fs/ext4/inline.c | 38 +------------------------------------- fs/ext4/xattr.c | 18 ++---------------- 3 files changed, 3 insertions(+), 56 deletions(-) -- 2.19.0.605.g01d371f741-goog

6 years, 11 months

2
2
0 0

[PATCH 0/2] A couple recent ext4 CVE fixes

by Daniel Rosenberg

A couple ext4-related CVE fixes were released to other kernels in linux-stable, but didn't cleanly apply to 4.9.y. These are adjusted cherry-picks of Ben Hutching's 3.16.y backports. Theodore Ts'o (2): ext4: add corruption check in ext4_xattr_set_entry() ext4: always verify the magic number in xattr blocks fs/ext4/xattr.c | 28 +++++++++++++++++----------- 1 file changed, 17 insertions(+), 11 deletions(-) -- 2.19.0.605.g01d371f741-goog

6 years, 11 months

2
3
0 0

[PATCH 0/2] A couple recent ext4 CVE fixes

by Daniel Rosenberg

A couple ext4-related CVE fixes were released to other kernels in linux-stable, but didn't cleanly apply to 4.4.y. These are adjusted cherry-picks of Ben Hutching's 3.16.y backports. Theodore Ts'o (2): ext4: add corruption check in ext4_xattr_set_entry() ext4: always verify the magic number in xattr blocks fs/ext4/xattr.c | 28 +++++++++++++++++----------- 1 file changed, 17 insertions(+), 11 deletions(-) -- 2.19.0.605.g01d371f741-goog

6 years, 11 months

2
3
0 0

Re: [PATCH] platform-msi: Free descriptors in platform_msi_domain_free()

by Miquel Raynal

Hi Marc, Marc Zyngier <marc.zyngier(a)arm.com> wrote on Thu, 11 Oct 2018 09:36:04 +0100: > Miquel, > > On Fri, 28 Sep 2018 16:10:29 +0100, > Miquel Raynal <miquel.raynal(a)bootlin.com> wrote: > > > > Hi Marc, > > > > [...] > > > > > At that stage, you're better off just calling > > > > > > list_del(&desc->list); > > > free_msi_entry(desc); > > > > > > I like this approach better as we only traverse the list once. > > > > Right. > > > > > > > > > } > > > > } > > > > > /** > > > > diff --git a/include/linux/msi.h b/include/linux/msi.h > > > > index 5839d8062dfc..be8ec813dbfb 100644 > > > > --- a/include/linux/msi.h > > > > +++ b/include/linux/msi.h > > > > @@ -116,6 +116,8 @@ struct msi_desc { > > > > list_first_entry(dev_to_msi_list((dev)), struct msi_desc, list) > > > > #define for_each_msi_entry(desc, dev) \ > > > > list_for_each_entry((desc), dev_to_msi_list((dev)), list) > > > > +#define for_each_msi_entry_safe(desc, tmp, dev) \ > > > > + list_for_each_entry_safe((desc), (tmp), dev_to_msi_list((dev)), list) > > > > > #ifdef CONFIG_PCI_MSI > > > > #define first_pci_msi_entry(pdev) first_msi_entry(&(pdev)->dev) > > > > > > If you repin this, I'll queue it right away. > > > > Let me test the new version to be sure I'm not breaking anything and > > I'll send a v2. > > What is the status of this? Are you still planning to send a v2? I'd > really like this fix to reach 4.19 before we put the last nail on it. Sorry about that, I was sure I already sent the v2, now it's done. The changes in this v2 are that instead of creating a platform_msi_domain_free_descs() helper that iterates over the list of descriptors, the descriptor itself is removed from the list and destroyed directly in platform_msi_domain_free(). The for_each_msi_entry() loop is also transformed to use the "_safe" alternative. Thanks, Miquèl

6 years, 11 months

1
0
0 0

[PATCH 3.18.y 00/10] recent ext4 CVE fixes

by Greg Hackmann

A batch of ext4-related CVE fixes were released to other kernels in linux-stable, but don't apply cleanly to 3.18.y. For the most part these are unmodified cherry-picks of Ben Hutchings's 3.16.y backports (exceptions are noted above my Signed-off-by). Theodore Ts'o (10): ext4: only look at the bg_flags field if it is valid ext4: fix check to prevent initializing reserved inodes ext4: always check block group bounds in ext4_init_block_bitmap() ext4: fix false negatives *and* false positives in ext4_check_descriptors() ext4: add corruption check in ext4_xattr_set_entry() ext4: always verify the magic number in xattr blocks ext4: never move the system.data xattr out of the inode body ext4: add more inode number paranoia checks jbd2: don't mark block as modified if the handle is out of credits ext4: avoid running out of journal credits when appending to an inline file fs/ext4/balloc.c | 21 ++++++++++++------- fs/ext4/ext4.h | 8 ------- fs/ext4/ialloc.c | 19 ++++++++++++++--- fs/ext4/inline.c | 38 +-------------------------------- fs/ext4/inode.c | 3 ++- fs/ext4/mballoc.c | 6 ++++-- fs/ext4/super.c | 12 +++++++++-- fs/ext4/xattr.c | 49 ++++++++++++++++++++----------------------- fs/jbd2/transaction.c | 2 +- 9 files changed, 70 insertions(+), 88 deletions(-) -- 2.19.0.605.g01d371f741-goog

6 years, 11 months

2
11
0 0

[PATCH 1/6] arm64: perf: Reject stand-alone CHAIN events for PMUv3

by Will Deacon

It doesn't make sense for a perf event to be configured as a CHAIN event in isolation, so extend the arm_pmu structure with a ->filter_match() function to allow the backend PMU implementation to reject CHAIN events early. Cc: <stable(a)vger.kernel.org> Signed-off-by: Will Deacon <will.deacon(a)arm.com> --- arch/arm64/kernel/perf_event.c | 7 +++++++ drivers/perf/arm_pmu.c | 8 +++++++- include/linux/perf/arm_pmu.h | 1 + 3 files changed, 15 insertions(+), 1 deletion(-) diff --git a/arch/arm64/kernel/perf_event.c b/arch/arm64/kernel/perf_event.c index 8e38d5267f22..e213f8e867f6 100644 --- a/arch/arm64/kernel/perf_event.c +++ b/arch/arm64/kernel/perf_event.c @@ -966,6 +966,12 @@ static int armv8pmu_set_event_filter(struct hw_perf_event *event, return 0; } +static int armv8pmu_filter_match(struct perf_event *event) +{ + unsigned long evtype = event->hw.config_base & ARMV8_PMU_EVTYPE_EVENT; + return evtype != ARMV8_PMUV3_PERFCTR_CHAIN; +} + static void armv8pmu_reset(void *info) { struct arm_pmu *cpu_pmu = (struct arm_pmu *)info; @@ -1114,6 +1120,7 @@ static int armv8_pmu_init(struct arm_pmu *cpu_pmu) cpu_pmu->stop = armv8pmu_stop, cpu_pmu->reset = armv8pmu_reset, cpu_pmu->set_event_filter = armv8pmu_set_event_filter; + cpu_pmu->filter_match = armv8pmu_filter_match; return 0; } diff --git a/drivers/perf/arm_pmu.c b/drivers/perf/arm_pmu.c index 7f01f6f60b87..d0b7dd8fb184 100644 --- a/drivers/perf/arm_pmu.c +++ b/drivers/perf/arm_pmu.c @@ -485,7 +485,13 @@ static int armpmu_filter_match(struct perf_event *event) { struct arm_pmu *armpmu = to_arm_pmu(event->pmu); unsigned int cpu = smp_processor_id(); - return cpumask_test_cpu(cpu, &armpmu->supported_cpus); + int ret; + + ret = cpumask_test_cpu(cpu, &armpmu->supported_cpus); + if (ret && armpmu->filter_match) + return armpmu->filter_match(event); + + return ret; } static ssize_t armpmu_cpumask_show(struct device *dev, diff --git a/include/linux/perf/arm_pmu.h b/include/linux/perf/arm_pmu.h index 10f92e1d8e7b..bf309ff6f244 100644 --- a/include/linux/perf/arm_pmu.h +++ b/include/linux/perf/arm_pmu.h @@ -99,6 +99,7 @@ struct arm_pmu { void (*stop)(struct arm_pmu *); void (*reset)(void *); int (*map_event)(struct perf_event *event); + int (*filter_match)(struct perf_event *event); int num_events; bool secure_access; /* 32-bit ARM only */ #define ARMV8_PMUV3_MAX_COMMON_EVENTS 0x40 -- 2.1.4

6 years, 11 months

2
2
0 0

[PATCH] drm/atomic_helper: Allow DPMS On<->Off changes for unregistered connectors

by Lyude Paul

It appears when testing my previous fix for some of the legacy modesetting issues with MST, I misattributed some kernel splats that started appearing on my machine after a rebase as being from upstream. But it appears they actually came from my patch series: [ 2.980512] [drm:drm_atomic_helper_check_modeset [drm_kms_helper]] Updating routing for [CONNECTOR:65:eDP-1] [ 2.980516] [drm:drm_atomic_helper_check_modeset [drm_kms_helper]] [CONNECTOR:65:eDP-1] is not registered [ 2.980516] ------------[ cut here ]------------ [ 2.980519] Could not determine valid watermarks for inherited state [ 2.980553] WARNING: CPU: 3 PID: 551 at drivers/gpu/drm/i915/intel_display.c:14983 intel_modeset_init+0x14d7/0x19f0 [i915] [ 2.980556] Modules linked in: i915(O+) i2c_algo_bit drm_kms_helper(O) syscopyarea sysfillrect sysimgblt fb_sys_fops drm(O) intel_rapl x86_pkg_temp_thermal iTCO_wdt wmi_bmof coretemp crc32_pclmul psmouse i2c_i801 mei_me mei i2c_core lpc_ich mfd_core tpm_tis tpm_tis_core wmi tpm thinkpad_acpi pcc_cpufreq video ehci_pci crc32c_intel serio_raw ehci_hcd xhci_pci xhci_hcd [ 2.980577] CPU: 3 PID: 551 Comm: systemd-udevd Tainted: G O 4.19.0-rc7Lyude-Test+ #1 [ 2.980579] Hardware name: LENOVO 20BWS1KY00/20BWS1KY00, BIOS JBET63WW (1.27 ) 11/10/2016 [ 2.980605] RIP: 0010:intel_modeset_init+0x14d7/0x19f0 [i915] [ 2.980607] Code: 89 df e8 ec 27 02 00 e9 24 f2 ff ff be 03 00 00 00 48 89 df e8 da 27 02 00 e9 26 f2 ff ff 48 c7 c7 c8 d1 34 a0 e8 23 cf dc e0 <0f> 0b e9 7c fd ff ff f6 c4 04 0f 85 37 f7 ff ff 48 8b 83 60 08 00 [ 2.980611] RSP: 0018:ffffc90000287988 EFLAGS: 00010282 [ 2.980614] RAX: 0000000000000000 RBX: ffff88031b488000 RCX: 0000000000000006 [ 2.980617] RDX: 0000000000000007 RSI: 0000000000000086 RDI: ffff880321ad54d0 [ 2.980620] RBP: ffffc90000287a10 R08: 000000000000040a R09: 0000000000000065 [ 2.980623] R10: ffff88030ebb8f00 R11: ffffffff81416590 R12: ffff88031b488000 [ 2.980626] R13: ffff88031b4883a0 R14: ffffc900002879a8 R15: ffff880319099800 [ 2.980630] FS: 00007f475620d180(0000) GS:ffff880321ac0000(0000) knlGS:0000000000000000 [ 2.980633] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 2.980636] CR2: 00007f9ef28018a0 CR3: 000000031b72c001 CR4: 00000000003606e0 [ 2.980639] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 2.980642] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 2.980645] Call Trace: [ 2.980675] i915_driver_load+0xb0e/0xdc0 [i915] [ 2.980681] ? kernfs_add_one+0xe7/0x130 [ 2.980709] i915_pci_probe+0x46/0x60 [i915] [ 2.980715] pci_device_probe+0xd4/0x150 [ 2.980719] really_probe+0x243/0x3b0 [ 2.980722] driver_probe_device+0xba/0x100 [ 2.980726] __driver_attach+0xe4/0x110 [ 2.980729] ? driver_probe_device+0x100/0x100 [ 2.980733] bus_for_each_dev+0x74/0xb0 [ 2.980736] driver_attach+0x1e/0x20 [ 2.980739] bus_add_driver+0x159/0x230 [ 2.980743] ? 0xffffffffa0393000 [ 2.980746] driver_register+0x70/0xc0 [ 2.980749] ? 0xffffffffa0393000 [ 2.980753] __pci_register_driver+0x57/0x60 [ 2.980780] i915_init+0x55/0x58 [i915] [ 2.980785] do_one_initcall+0x4a/0x1c4 [ 2.980789] ? do_init_module+0x27/0x210 [ 2.980793] ? kmem_cache_alloc_trace+0x131/0x190 [ 2.980797] do_init_module+0x60/0x210 [ 2.980800] load_module+0x2063/0x22e0 [ 2.980804] ? vfs_read+0x116/0x140 [ 2.980807] ? vfs_read+0x116/0x140 [ 2.980811] __do_sys_finit_module+0xbd/0x120 [ 2.980814] ? __do_sys_finit_module+0xbd/0x120 [ 2.980818] __x64_sys_finit_module+0x1a/0x20 [ 2.980821] do_syscall_64+0x5a/0x110 [ 2.980824] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2.980826] RIP: 0033:0x7f4754e32879 [ 2.980828] Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d f7 45 2c 00 f7 d8 64 89 01 48 [ 2.980831] RSP: 002b:00007fff43fd97d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 [ 2.980834] RAX: ffffffffffffffda RBX: 0000559a44ca64f0 RCX: 00007f4754e32879 [ 2.980836] RDX: 0000000000000000 RSI: 00007f475599f4cd RDI: 0000000000000018 [ 2.980838] RBP: 00007f475599f4cd R08: 0000000000000000 R09: 0000000000000000 [ 2.980839] R10: 0000000000000018 R11: 0000000000000246 R12: 0000000000000000 [ 2.980841] R13: 0000559a44c92fd0 R14: 0000000000020000 R15: 0000000000000000 [ 2.980881] WARNING: CPU: 3 PID: 551 at drivers/gpu/drm/i915/intel_display.c:14983 intel_modeset_init+0x14d7/0x19f0 [i915] [ 2.980884] ---[ end trace 5eb47a76277d4731 ]--- The cause of this appears to be due to the fact that if there's pre-existing display state that was set by the BIOS when i915 loads, it will attempt to perform a modeset before the driver is registered with userspace. Since this happens before the driver's registered with userspace, it's connectors are also unregistered and thus-states which would turn on DPMS on a connector end up getting rejected since the connector isn't registered. These bugs managed to get past Intel's CI partially due to the fact it never ran a full test on my patches for some reason, but also because all of the tests unload the GPU once before running. Since this bug is only really triggered when the drivers tries to perform a modeset before it's been fully registered with userspace when coming from whatever display configuration the firmware left us with, it likely would never have been picked up by CI in the first place. After some discussion with vsyrjala, we decided the best course of action would be to just move the unregistered connector checks out of update_connector_routing() and into drm_atomic_set_crtc_for_connector(). The reason for this being that legacy modesetting isn't going to be expecting failures anywhere (at least this is the case with X), so ideally we want to ensure that any DPMS changes will still work even on unregistered connectors. Instead, we now only reject new modesets which would change the current CRTC assigned to an unregistered connector unless no new CRTC is being assigned to replace the connector's previous one. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Reported-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Fixes: 4d80273976bf ("drm/atomic_helper: Disallow new modesets on unregistered connectors") Cc: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/drm_atomic_helper.c | 21 +-------------------- drivers/gpu/drm/drm_atomic_uapi.c | 21 +++++++++++++++++++++ 2 files changed, 22 insertions(+), 20 deletions(-) diff --git a/drivers/gpu/drm/drm_atomic_helper.c b/drivers/gpu/drm/drm_atomic_helper.c index e6a2cf72de5e..6f66777dca4b 100644 --- a/drivers/gpu/drm/drm_atomic_helper.c +++ b/drivers/gpu/drm/drm_atomic_helper.c @@ -319,26 +319,6 @@ update_connector_routing(struct drm_atomic_state *state, return 0; } - crtc_state = drm_atomic_get_new_crtc_state(state, - new_connector_state->crtc); - /* - * For compatibility with legacy users, we want to make sure that - * we allow DPMS On->Off modesets on unregistered connectors. Modesets - * which would result in anything else must be considered invalid, to - * avoid turning on new displays on dead connectors. - * - * Since the connector can be unregistered at any point during an - * atomic check or commit, this is racy. But that's OK: all we care - * about is ensuring that userspace can't do anything but shut off the - * display on a connector that was destroyed after its been notified, - * not before. - */ - if (!READ_ONCE(connector->registered) && crtc_state->active) { - DRM_DEBUG_ATOMIC("[CONNECTOR:%d:%s] is not registered\n", - connector->base.id, connector->name); - return -EINVAL; - } - funcs = connector->helper_private; if (funcs->atomic_best_encoder) @@ -383,6 +363,7 @@ update_connector_routing(struct drm_atomic_state *state, set_best_encoder(state, new_connector_state, new_encoder); + crtc_state = drm_atomic_get_new_crtc_state(state, new_connector_state->crtc); crtc_state->connectors_changed = true; DRM_DEBUG_ATOMIC("[CONNECTOR:%d:%s] using [ENCODER:%d:%s] on [CRTC:%d:%s]\n", diff --git a/drivers/gpu/drm/drm_atomic_uapi.c b/drivers/gpu/drm/drm_atomic_uapi.c index d5b7f315098c..7acec863b10c 100644 --- a/drivers/gpu/drm/drm_atomic_uapi.c +++ b/drivers/gpu/drm/drm_atomic_uapi.c @@ -299,6 +299,27 @@ drm_atomic_set_crtc_for_connector(struct drm_connector_state *conn_state, struct drm_connector *connector = conn_state->connector; struct drm_crtc_state *crtc_state; + /* + * For compatibility with legacy users, we want to make sure that + * we allow DPMS On<->Off modesets on unregistered connectors, since + * legacy modesetting users will not be expecting these to fail. We do + * not however, want to allow legacy users to assign a connector + * that's been unregistered from sysfs to another CRTC, since doing + * this with a now non-existant connector could potentially leave us + * in an invalid state. + * + * Since the connector can be unregistered at any point during an + * atomic check or commit, this is racy. But that's OK: all we care + * about is ensuring that userspace can't use this connector for new + * configurations after it's been notified that the connector is no + * longer present. + */ + if (!READ_ONCE(connector->registered) && crtc) { + DRM_DEBUG_ATOMIC("[CONNECTOR:%d:%s] is not registered\n", + connector->base.id, connector->name); + return -EINVAL; + } + if (conn_state->crtc == crtc) return 0; -- 2.17.1

6 years, 11 months

3
2
0 0

[PATCH v7 1/5] drm/atomic_helper: Disallow new modesets on unregistered connectors

by Lyude Paul

With the exception of modesets which would switch the DPMS state of a connector from on to off, we want to make sure that we disallow all modesets which would result in enabling a new monitor or a new mode configuration on a monitor if the connector for the display in question is no longer registered. This allows us to stop userspace from trying to enable new displays on connectors for an MST topology that were just removed from the system, without preventing userspace from disabling DPMS on those connectors. Changes since v5: - Fix typo in comment, nothing else Signed-off-by: Lyude Paul <lyude(a)redhat.com> Reviewed-by: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/drm_atomic_helper.c | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/drm_atomic_helper.c b/drivers/gpu/drm/drm_atomic_helper.c index 6f66777dca4b..e6a2cf72de5e 100644 --- a/drivers/gpu/drm/drm_atomic_helper.c +++ b/drivers/gpu/drm/drm_atomic_helper.c @@ -319,6 +319,26 @@ update_connector_routing(struct drm_atomic_state *state, return 0; } + crtc_state = drm_atomic_get_new_crtc_state(state, + new_connector_state->crtc); + /* + * For compatibility with legacy users, we want to make sure that + * we allow DPMS On->Off modesets on unregistered connectors. Modesets + * which would result in anything else must be considered invalid, to + * avoid turning on new displays on dead connectors. + * + * Since the connector can be unregistered at any point during an + * atomic check or commit, this is racy. But that's OK: all we care + * about is ensuring that userspace can't do anything but shut off the + * display on a connector that was destroyed after its been notified, + * not before. + */ + if (!READ_ONCE(connector->registered) && crtc_state->active) { + DRM_DEBUG_ATOMIC("[CONNECTOR:%d:%s] is not registered\n", + connector->base.id, connector->name); + return -EINVAL; + } + funcs = connector->helper_private; if (funcs->atomic_best_encoder) @@ -363,7 +383,6 @@ update_connector_routing(struct drm_atomic_state *state, set_best_encoder(state, new_connector_state, new_encoder); - crtc_state = drm_atomic_get_new_crtc_state(state, new_connector_state->crtc); crtc_state->connectors_changed = true; DRM_DEBUG_ATOMIC("[CONNECTOR:%d:%s] using [ENCODER:%d:%s] on [CRTC:%d:%s]\n", -- 2.17.1

6 years, 11 months

3
2
0 0

FAILED: patch "[PATCH] USB: serial: option: improve Quectel EP06 detection" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 36cae568404a298a19a6e8a3f18641075d4cab04 Mon Sep 17 00:00:00 2001 From: Kristian Evensen <kristian.evensen(a)gmail.com> Date: Thu, 13 Sep 2018 11:21:49 +0200 Subject: [PATCH] USB: serial: option: improve Quectel EP06 detection The Quectel EP06 (and EM06/EG06) LTE modem supports updating the USB configuration, without the VID/PID or configuration number changing. When the configuration is updated and interfaces are added/removed, the interface numbers are updated. This causes our current code for matching EP06 not to work as intended, as the assumption about reserved interfaces no longer holds. If for example the diagnostic (first) interface is removed, option will (try to) bind to the QMI interface. This patch improves EP06 detection by replacing the current match with two matches, and those matches check class, subclass and protocol as well as VID and PID. The diag interface exports class, subclass and protocol as 0xff. For the other serial interfaces, class is 0xff and subclass and protocol are both 0x0. The modem can export the following devices and always in this order: diag, nmea, at, ppp. qmi and adb. This means that diag can only ever be interface 0, and interface numbers 1-5 should be marked as reserved. The three other serial devices can have interface numbers 0-3, but I have not marked any interfaces as reserved. The reason is that the serial devices are the only interfaces exported by the device where subclass and protocol is 0x0. QMI exports the same class, subclass and protocol values as the diag interface. However, the two interfaces have different number of endpoints, QMI has three and diag two. I have added a check for number of interfaces if VID/PID matches the EP06, and we ignore the device if number of interfaces equals three (and subclass is set). Signed-off-by: Kristian Evensen <kristian.evensen(a)gmail.com> Acked-by: Dan Williams <dcbw(a)redhat.com> [ johan: drop uneeded RSVD(5) for ADB ] Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Johan Hovold <johan(a)kernel.org> diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c index 0215b70c4efc..382feafbd127 100644 --- a/drivers/usb/serial/option.c +++ b/drivers/usb/serial/option.c @@ -1081,8 +1081,9 @@ static const struct usb_device_id option_ids[] = { .driver_info = RSVD(4) }, { USB_DEVICE(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_BG96), .driver_info = RSVD(4) }, - { USB_DEVICE(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EP06), - .driver_info = RSVD(4) | RSVD(5) }, + { USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EP06, 0xff, 0xff, 0xff), + .driver_info = RSVD(1) | RSVD(2) | RSVD(3) | RSVD(4) }, + { USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EP06, 0xff, 0, 0) }, { USB_DEVICE(CMOTECH_VENDOR_ID, CMOTECH_PRODUCT_6001) }, { USB_DEVICE(CMOTECH_VENDOR_ID, CMOTECH_PRODUCT_CMU_300) }, { USB_DEVICE(CMOTECH_VENDOR_ID, CMOTECH_PRODUCT_6003), @@ -1985,6 +1986,7 @@ static int option_probe(struct usb_serial *serial, { struct usb_interface_descriptor *iface_desc = &serial->interface->cur_altsetting->desc; + struct usb_device_descriptor *dev_desc = &serial->dev->descriptor; unsigned long device_flags = id->driver_info; /* Never bind to the CD-Rom emulation interface */ @@ -1999,6 +2001,18 @@ static int option_probe(struct usb_serial *serial, if (device_flags & RSVD(iface_desc->bInterfaceNumber)) return -ENODEV; + /* + * Don't bind to the QMI device of the Quectel EP06/EG06/EM06. Class, + * subclass and protocol is 0xff for both the diagnostic port and the + * QMI interface, but the diagnostic port only has two endpoints (QMI + * has three). + */ + if (dev_desc->idVendor == cpu_to_le16(QUECTEL_VENDOR_ID) && + dev_desc->idProduct == cpu_to_le16(QUECTEL_PRODUCT_EP06) && + iface_desc->bInterfaceSubClass && iface_desc->bNumEndpoints == 3) { + return -ENODEV; + } + /* Store the device flags so we can use them during attach. */ usb_set_serial_data(serial, (void *)device_flags);

6 years, 11 months

1
0
0 0

FAILED: patch "[PATCH] USB: serial: option: add two-endpoints device-id flag" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 35aecc02b5b621782111f64cbb032c7f6a90bb32 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan(a)kernel.org> Date: Thu, 13 Sep 2018 11:21:50 +0200 Subject: [PATCH] USB: serial: option: add two-endpoints device-id flag Allow matching on interfaces having two endpoints by adding a new device-id flag. This allows for the handling of devices whose interface numbers can change (e.g. Quectel EP06) to be contained in the device-id table. Tested-by: Kristian Evensen <kristian.evensen(a)gmail.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Johan Hovold <johan(a)kernel.org> diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c index 382feafbd127..e72ad9f81c73 100644 --- a/drivers/usb/serial/option.c +++ b/drivers/usb/serial/option.c @@ -561,6 +561,9 @@ static void option_instat_callback(struct urb *urb); /* Interface is reserved */ #define RSVD(ifnum) ((BIT(ifnum) & 0xff) << 0) +/* Interface must have two endpoints */ +#define NUMEP2 BIT(16) + static const struct usb_device_id option_ids[] = { { USB_DEVICE(OPTION_VENDOR_ID, OPTION_PRODUCT_COLT) }, @@ -1082,7 +1085,7 @@ static const struct usb_device_id option_ids[] = { { USB_DEVICE(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_BG96), .driver_info = RSVD(4) }, { USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EP06, 0xff, 0xff, 0xff), - .driver_info = RSVD(1) | RSVD(2) | RSVD(3) | RSVD(4) }, + .driver_info = RSVD(1) | RSVD(2) | RSVD(3) | RSVD(4) | NUMEP2 }, { USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EP06, 0xff, 0, 0) }, { USB_DEVICE(CMOTECH_VENDOR_ID, CMOTECH_PRODUCT_6001) }, { USB_DEVICE(CMOTECH_VENDOR_ID, CMOTECH_PRODUCT_CMU_300) }, @@ -1986,7 +1989,6 @@ static int option_probe(struct usb_serial *serial, { struct usb_interface_descriptor *iface_desc = &serial->interface->cur_altsetting->desc; - struct usb_device_descriptor *dev_desc = &serial->dev->descriptor; unsigned long device_flags = id->driver_info; /* Never bind to the CD-Rom emulation interface */ @@ -2002,16 +2004,11 @@ static int option_probe(struct usb_serial *serial, return -ENODEV; /* - * Don't bind to the QMI device of the Quectel EP06/EG06/EM06. Class, - * subclass and protocol is 0xff for both the diagnostic port and the - * QMI interface, but the diagnostic port only has two endpoints (QMI - * has three). + * Allow matching on bNumEndpoints for devices whose interface numbers + * can change (e.g. Quectel EP06). */ - if (dev_desc->idVendor == cpu_to_le16(QUECTEL_VENDOR_ID) && - dev_desc->idProduct == cpu_to_le16(QUECTEL_PRODUCT_EP06) && - iface_desc->bInterfaceSubClass && iface_desc->bNumEndpoints == 3) { + if (device_flags & NUMEP2 && iface_desc->bNumEndpoints != 2) return -ENODEV; - } /* Store the device flags so we can use them during attach. */ usb_set_serial_data(serial, (void *)device_flags);

6 years, 11 months

1
0
0 0

FAILED: patch "[PATCH] powerpc/lib: fix book3s/32 boot failure due to code patching" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From b45ba4a51cde29b2939365ef0c07ad34c8321789 Mon Sep 17 00:00:00 2001 From: Christophe Leroy <christophe.leroy(a)c-s.fr> Date: Mon, 1 Oct 2018 12:21:10 +0000 Subject: [PATCH] powerpc/lib: fix book3s/32 boot failure due to code patching Commit 51c3c62b58b3 ("powerpc: Avoid code patching freed init sections") accesses 'init_mem_is_free' flag too early, before the kernel is relocated. This provokes early boot failure (before the console is active). As it is not necessary to do this verification that early, this patch moves the test into patch_instruction() instead of __patch_instruction(). This modification also has the advantage of avoiding unnecessary remappings. Fixes: 51c3c62b58b3 ("powerpc: Avoid code patching freed init sections") Cc: stable(a)vger.kernel.org # 4.13+ Signed-off-by: Christophe Leroy <christophe.leroy(a)c-s.fr> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> diff --git a/arch/powerpc/lib/code-patching.c b/arch/powerpc/lib/code-patching.c index 6ae2777c220d..5ffee298745f 100644 --- a/arch/powerpc/lib/code-patching.c +++ b/arch/powerpc/lib/code-patching.c @@ -28,12 +28,6 @@ static int __patch_instruction(unsigned int *exec_addr, unsigned int instr, { int err; - /* Make sure we aren't patching a freed init section */ - if (init_mem_is_free && init_section_contains(exec_addr, 4)) { - pr_debug("Skipping init section patching addr: 0x%px\n", exec_addr); - return 0; - } - __put_user_size(instr, patch_addr, 4, err); if (err) return err; @@ -148,7 +142,7 @@ static inline int unmap_patch_area(unsigned long addr) return 0; } -int patch_instruction(unsigned int *addr, unsigned int instr) +static int do_patch_instruction(unsigned int *addr, unsigned int instr) { int err; unsigned int *patch_addr = NULL; @@ -188,12 +182,22 @@ int patch_instruction(unsigned int *addr, unsigned int instr) } #else /* !CONFIG_STRICT_KERNEL_RWX */ -int patch_instruction(unsigned int *addr, unsigned int instr) +static int do_patch_instruction(unsigned int *addr, unsigned int instr) { return raw_patch_instruction(addr, instr); } #endif /* CONFIG_STRICT_KERNEL_RWX */ + +int patch_instruction(unsigned int *addr, unsigned int instr) +{ + /* Make sure we aren't patching a freed init section */ + if (init_mem_is_free && init_section_contains(addr, 4)) { + pr_debug("Skipping init section patching addr: 0x%px\n", addr); + return 0; + } + return do_patch_instruction(addr, instr); +} NOKPROBE_SYMBOL(patch_instruction); int patch_branch(unsigned int *addr, unsigned long target, int flags)

6 years, 11 months

1
0
0 0

FAILED: patch "[PATCH] dm cache metadata: ignore hints array being too small during" failed to apply to 3.18-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 3.18-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 4561ffca88c546f96367f94b8f1e4715a9c62314 Mon Sep 17 00:00:00 2001 From: Joe Thornber <ejt(a)redhat.com> Date: Mon, 24 Sep 2018 16:19:30 -0400 Subject: [PATCH] dm cache metadata: ignore hints array being too small during resize Commit fd2fa9541 ("dm cache metadata: save in-core policy_hint_size to on-disk superblock") enabled previously written policy hints to be used after a cache is reactivated. But in doing so the cache metadata's hint array was left exposed to out of bounds access because on resize the metadata's on-disk hint array wasn't ever extended. Fix this by ignoring that there are no on-disk hints associated with the newly added cache blocks. An expanded on-disk hint array is later rewritten upon the next clean shutdown of the cache. Fixes: fd2fa9541 ("dm cache metadata: save in-core policy_hint_size to on-disk superblock") Cc: stable(a)vger.kernel.org Signed-off-by: Joe Thornber <ejt(a)redhat.com> Signed-off-by: Mike Snitzer <snitzer(a)redhat.com> diff --git a/drivers/md/dm-cache-metadata.c b/drivers/md/dm-cache-metadata.c index 69dddeab124c..5936de71883f 100644 --- a/drivers/md/dm-cache-metadata.c +++ b/drivers/md/dm-cache-metadata.c @@ -1455,8 +1455,8 @@ static int __load_mappings(struct dm_cache_metadata *cmd, if (hints_valid) { r = dm_array_cursor_next(&cmd->hint_cursor); if (r) { - DMERR("dm_array_cursor_next for hint failed"); - goto out; + dm_array_cursor_end(&cmd->hint_cursor); + hints_valid = false; } }

6 years, 11 months

1
0
0 0

FAILED: patch "[PATCH] dm cache metadata: ignore hints array being too small during" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 4561ffca88c546f96367f94b8f1e4715a9c62314 Mon Sep 17 00:00:00 2001 From: Joe Thornber <ejt(a)redhat.com> Date: Mon, 24 Sep 2018 16:19:30 -0400 Subject: [PATCH] dm cache metadata: ignore hints array being too small during resize Commit fd2fa9541 ("dm cache metadata: save in-core policy_hint_size to on-disk superblock") enabled previously written policy hints to be used after a cache is reactivated. But in doing so the cache metadata's hint array was left exposed to out of bounds access because on resize the metadata's on-disk hint array wasn't ever extended. Fix this by ignoring that there are no on-disk hints associated with the newly added cache blocks. An expanded on-disk hint array is later rewritten upon the next clean shutdown of the cache. Fixes: fd2fa9541 ("dm cache metadata: save in-core policy_hint_size to on-disk superblock") Cc: stable(a)vger.kernel.org Signed-off-by: Joe Thornber <ejt(a)redhat.com> Signed-off-by: Mike Snitzer <snitzer(a)redhat.com> diff --git a/drivers/md/dm-cache-metadata.c b/drivers/md/dm-cache-metadata.c index 69dddeab124c..5936de71883f 100644 --- a/drivers/md/dm-cache-metadata.c +++ b/drivers/md/dm-cache-metadata.c @@ -1455,8 +1455,8 @@ static int __load_mappings(struct dm_cache_metadata *cmd, if (hints_valid) { r = dm_array_cursor_next(&cmd->hint_cursor); if (r) { - DMERR("dm_array_cursor_next for hint failed"); - goto out; + dm_array_cursor_end(&cmd->hint_cursor); + hints_valid = false; } }

6 years, 11 months

1
0
0 0

FAILED: patch "[PATCH] drm/i915: Handle incomplete Z_FINISH for compressed error" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 4c9613ce556fdeb671e779668b627ea3a2b61728 Mon Sep 17 00:00:00 2001 From: Chris Wilson <chris(a)chris-wilson.co.uk> Date: Wed, 3 Oct 2018 09:24:22 +0100 Subject: [PATCH] drm/i915: Handle incomplete Z_FINISH for compressed error states The final call to zlib_deflate(Z_FINISH) may require more output space to be allocated and so needs to re-invoked. Failure to do so in the current code leads to incomplete zlib streams (albeit intact due to the use of Z_SYNC_FLUSH) resulting in the occasional short object capture. v2: Check against overrunning our pre-allocated page array v3: Drop Z_SYNC_FLUSH entirely Testcase: igt/i915-error-capture.js Fixes: 0a97015d45ee ("drm/i915: Compress GPU objects in error state") Signed-off-by: Chris Wilson <chris(a)chris-wilson.co.uk> Cc: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> # v4.10+ Cc: Tvrtko Ursulin <tvrtko.ursulin(a)intel.com> Reviewed-by: Tvrtko Ursulin <tvrtko.ursulin(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20181003082422.23214-1-chris@… (cherry picked from commit 83bc0f5b432f60394466deef16fc753e27371d0b) Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> diff --git a/drivers/gpu/drm/i915/i915_gpu_error.c b/drivers/gpu/drm/i915/i915_gpu_error.c index f7f2aa71d8d9..a262a64f5625 100644 --- a/drivers/gpu/drm/i915/i915_gpu_error.c +++ b/drivers/gpu/drm/i915/i915_gpu_error.c @@ -232,6 +232,20 @@ static bool compress_init(struct compress *c) return true; } +static void *compress_next_page(struct drm_i915_error_object *dst) +{ + unsigned long page; + + if (dst->page_count >= dst->num_pages) + return ERR_PTR(-ENOSPC); + + page = __get_free_page(GFP_ATOMIC | __GFP_NOWARN); + if (!page) + return ERR_PTR(-ENOMEM); + + return dst->pages[dst->page_count++] = (void *)page; +} + static int compress_page(struct compress *c, void *src, struct drm_i915_error_object *dst) @@ -245,19 +259,14 @@ static int compress_page(struct compress *c, do { if (zstream->avail_out == 0) { - unsigned long page; - - page = __get_free_page(GFP_ATOMIC | __GFP_NOWARN); - if (!page) - return -ENOMEM; + zstream->next_out = compress_next_page(dst); + if (IS_ERR(zstream->next_out)) + return PTR_ERR(zstream->next_out); - dst->pages[dst->page_count++] = (void *)page; - - zstream->next_out = (void *)page; zstream->avail_out = PAGE_SIZE; } - if (zlib_deflate(zstream, Z_SYNC_FLUSH) != Z_OK) + if (zlib_deflate(zstream, Z_NO_FLUSH) != Z_OK) return -EIO; } while (zstream->avail_in); @@ -268,19 +277,42 @@ static int compress_page(struct compress *c, return 0; } -static void compress_fini(struct compress *c, +static int compress_flush(struct compress *c, struct drm_i915_error_object *dst) { struct z_stream_s *zstream = &c->zstream; - if (dst) { - zlib_deflate(zstream, Z_FINISH); - dst->unused = zstream->avail_out; - } + do { + switch (zlib_deflate(zstream, Z_FINISH)) { + case Z_OK: /* more space requested */ + zstream->next_out = compress_next_page(dst); + if (IS_ERR(zstream->next_out)) + return PTR_ERR(zstream->next_out); + + zstream->avail_out = PAGE_SIZE; + break; + + case Z_STREAM_END: + goto end; + + default: /* any error */ + return -EIO; + } + } while (1); + +end: + memset(zstream->next_out, 0, zstream->avail_out); + dst->unused = zstream->avail_out; + return 0; +} + +static void compress_fini(struct compress *c, + struct drm_i915_error_object *dst) +{ + struct z_stream_s *zstream = &c->zstream; zlib_deflateEnd(zstream); kfree(zstream->workspace); - if (c->tmp) free_page((unsigned long)c->tmp); } @@ -319,6 +351,12 @@ static int compress_page(struct compress *c, return 0; } +static int compress_flush(struct compress *c, + struct drm_i915_error_object *dst) +{ + return 0; +} + static void compress_fini(struct compress *c, struct drm_i915_error_object *dst) { @@ -917,6 +955,7 @@ i915_error_object_create(struct drm_i915_private *i915, unsigned long num_pages; struct sgt_iter iter; dma_addr_t dma; + int ret; if (!vma) return NULL; @@ -930,6 +969,7 @@ i915_error_object_create(struct drm_i915_private *i915, dst->gtt_offset = vma->node.start; dst->gtt_size = vma->node.size; + dst->num_pages = num_pages; dst->page_count = 0; dst->unused = 0; @@ -938,28 +978,26 @@ i915_error_object_create(struct drm_i915_private *i915, return NULL; } + ret = -EINVAL; for_each_sgt_dma(dma, iter, vma->pages) { void __iomem *s; - int ret; ggtt->vm.insert_page(&ggtt->vm, dma, slot, I915_CACHE_NONE, 0); s = io_mapping_map_atomic_wc(&ggtt->iomap, slot); ret = compress_page(&compress, (void __force *)s, dst); io_mapping_unmap_atomic(s); - if (ret) - goto unwind; + break; } - goto out; -unwind: - while (dst->page_count--) - free_page((unsigned long)dst->pages[dst->page_count]); - kfree(dst); - dst = NULL; + if (ret || compress_flush(&compress, dst)) { + while (dst->page_count--) + free_page((unsigned long)dst->pages[dst->page_count]); + kfree(dst); + dst = NULL; + } -out: compress_fini(&compress, dst); ggtt->vm.clear_range(&ggtt->vm, slot, PAGE_SIZE); return dst; diff --git a/drivers/gpu/drm/i915/i915_gpu_error.h b/drivers/gpu/drm/i915/i915_gpu_error.h index f893a4e8b783..8710fb18ed74 100644 --- a/drivers/gpu/drm/i915/i915_gpu_error.h +++ b/drivers/gpu/drm/i915/i915_gpu_error.h @@ -135,6 +135,7 @@ struct i915_gpu_state { struct drm_i915_error_object { u64 gtt_offset; u64 gtt_size; + int num_pages; int page_count; int unused; u32 *pages[0];

6 years, 11 months

1
0
0 0

FAILED: patch "[PATCH] drm/i915: Handle incomplete Z_FINISH for compressed error" failed to apply to 4.18-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.18-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 4c9613ce556fdeb671e779668b627ea3a2b61728 Mon Sep 17 00:00:00 2001 From: Chris Wilson <chris(a)chris-wilson.co.uk> Date: Wed, 3 Oct 2018 09:24:22 +0100 Subject: [PATCH] drm/i915: Handle incomplete Z_FINISH for compressed error states The final call to zlib_deflate(Z_FINISH) may require more output space to be allocated and so needs to re-invoked. Failure to do so in the current code leads to incomplete zlib streams (albeit intact due to the use of Z_SYNC_FLUSH) resulting in the occasional short object capture. v2: Check against overrunning our pre-allocated page array v3: Drop Z_SYNC_FLUSH entirely Testcase: igt/i915-error-capture.js Fixes: 0a97015d45ee ("drm/i915: Compress GPU objects in error state") Signed-off-by: Chris Wilson <chris(a)chris-wilson.co.uk> Cc: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> # v4.10+ Cc: Tvrtko Ursulin <tvrtko.ursulin(a)intel.com> Reviewed-by: Tvrtko Ursulin <tvrtko.ursulin(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20181003082422.23214-1-chris@… (cherry picked from commit 83bc0f5b432f60394466deef16fc753e27371d0b) Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> diff --git a/drivers/gpu/drm/i915/i915_gpu_error.c b/drivers/gpu/drm/i915/i915_gpu_error.c index f7f2aa71d8d9..a262a64f5625 100644 --- a/drivers/gpu/drm/i915/i915_gpu_error.c +++ b/drivers/gpu/drm/i915/i915_gpu_error.c @@ -232,6 +232,20 @@ static bool compress_init(struct compress *c) return true; } +static void *compress_next_page(struct drm_i915_error_object *dst) +{ + unsigned long page; + + if (dst->page_count >= dst->num_pages) + return ERR_PTR(-ENOSPC); + + page = __get_free_page(GFP_ATOMIC | __GFP_NOWARN); + if (!page) + return ERR_PTR(-ENOMEM); + + return dst->pages[dst->page_count++] = (void *)page; +} + static int compress_page(struct compress *c, void *src, struct drm_i915_error_object *dst) @@ -245,19 +259,14 @@ static int compress_page(struct compress *c, do { if (zstream->avail_out == 0) { - unsigned long page; - - page = __get_free_page(GFP_ATOMIC | __GFP_NOWARN); - if (!page) - return -ENOMEM; + zstream->next_out = compress_next_page(dst); + if (IS_ERR(zstream->next_out)) + return PTR_ERR(zstream->next_out); - dst->pages[dst->page_count++] = (void *)page; - - zstream->next_out = (void *)page; zstream->avail_out = PAGE_SIZE; } - if (zlib_deflate(zstream, Z_SYNC_FLUSH) != Z_OK) + if (zlib_deflate(zstream, Z_NO_FLUSH) != Z_OK) return -EIO; } while (zstream->avail_in); @@ -268,19 +277,42 @@ static int compress_page(struct compress *c, return 0; } -static void compress_fini(struct compress *c, +static int compress_flush(struct compress *c, struct drm_i915_error_object *dst) { struct z_stream_s *zstream = &c->zstream; - if (dst) { - zlib_deflate(zstream, Z_FINISH); - dst->unused = zstream->avail_out; - } + do { + switch (zlib_deflate(zstream, Z_FINISH)) { + case Z_OK: /* more space requested */ + zstream->next_out = compress_next_page(dst); + if (IS_ERR(zstream->next_out)) + return PTR_ERR(zstream->next_out); + + zstream->avail_out = PAGE_SIZE; + break; + + case Z_STREAM_END: + goto end; + + default: /* any error */ + return -EIO; + } + } while (1); + +end: + memset(zstream->next_out, 0, zstream->avail_out); + dst->unused = zstream->avail_out; + return 0; +} + +static void compress_fini(struct compress *c, + struct drm_i915_error_object *dst) +{ + struct z_stream_s *zstream = &c->zstream; zlib_deflateEnd(zstream); kfree(zstream->workspace); - if (c->tmp) free_page((unsigned long)c->tmp); } @@ -319,6 +351,12 @@ static int compress_page(struct compress *c, return 0; } +static int compress_flush(struct compress *c, + struct drm_i915_error_object *dst) +{ + return 0; +} + static void compress_fini(struct compress *c, struct drm_i915_error_object *dst) { @@ -917,6 +955,7 @@ i915_error_object_create(struct drm_i915_private *i915, unsigned long num_pages; struct sgt_iter iter; dma_addr_t dma; + int ret; if (!vma) return NULL; @@ -930,6 +969,7 @@ i915_error_object_create(struct drm_i915_private *i915, dst->gtt_offset = vma->node.start; dst->gtt_size = vma->node.size; + dst->num_pages = num_pages; dst->page_count = 0; dst->unused = 0; @@ -938,28 +978,26 @@ i915_error_object_create(struct drm_i915_private *i915, return NULL; } + ret = -EINVAL; for_each_sgt_dma(dma, iter, vma->pages) { void __iomem *s; - int ret; ggtt->vm.insert_page(&ggtt->vm, dma, slot, I915_CACHE_NONE, 0); s = io_mapping_map_atomic_wc(&ggtt->iomap, slot); ret = compress_page(&compress, (void __force *)s, dst); io_mapping_unmap_atomic(s); - if (ret) - goto unwind; + break; } - goto out; -unwind: - while (dst->page_count--) - free_page((unsigned long)dst->pages[dst->page_count]); - kfree(dst); - dst = NULL; + if (ret || compress_flush(&compress, dst)) { + while (dst->page_count--) + free_page((unsigned long)dst->pages[dst->page_count]); + kfree(dst); + dst = NULL; + } -out: compress_fini(&compress, dst); ggtt->vm.clear_range(&ggtt->vm, slot, PAGE_SIZE); return dst; diff --git a/drivers/gpu/drm/i915/i915_gpu_error.h b/drivers/gpu/drm/i915/i915_gpu_error.h index f893a4e8b783..8710fb18ed74 100644 --- a/drivers/gpu/drm/i915/i915_gpu_error.h +++ b/drivers/gpu/drm/i915/i915_gpu_error.h @@ -135,6 +135,7 @@ struct i915_gpu_state { struct drm_i915_error_object { u64 gtt_offset; u64 gtt_size; + int num_pages; int page_count; int unused; u32 *pages[0];

6 years, 11 months

1
0
0 0

FAILED: patch "[PATCH] bcache: add separate workqueue for journal_write to avoid" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 0f843e65d9eef4936929bb036c5f771fb261eea4 Mon Sep 17 00:00:00 2001 From: Guoju Fang <fangguoju(a)gmail.com> Date: Thu, 27 Sep 2018 23:41:46 +0800 Subject: [PATCH] bcache: add separate workqueue for journal_write to avoid deadlock After write SSD completed, bcache schedules journal_write work to system_wq, which is a public workqueue in system, without WQ_MEM_RECLAIM flag. system_wq is also a bound wq, and there may be no idle kworker on current processor. Creating a new kworker may unfortunately need to reclaim memory first, by shrinking cache and slab used by vfs, which depends on bcache device. That's a deadlock. This patch create a new workqueue for journal_write with WQ_MEM_RECLAIM flag. It's rescuer thread will work to avoid the deadlock. Signed-off-by: Guoju Fang <fangguoju(a)gmail.com> Cc: stable(a)vger.kernel.org Signed-off-by: Coly Li <colyli(a)suse.de> Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/drivers/md/bcache/bcache.h b/drivers/md/bcache/bcache.h index 83504dd8100a..954dad29e6e8 100644 --- a/drivers/md/bcache/bcache.h +++ b/drivers/md/bcache/bcache.h @@ -965,6 +965,7 @@ void bch_prio_write(struct cache *ca); void bch_write_bdev_super(struct cached_dev *dc, struct closure *parent); extern struct workqueue_struct *bcache_wq; +extern struct workqueue_struct *bch_journal_wq; extern struct mutex bch_register_lock; extern struct list_head bch_cache_sets; diff --git a/drivers/md/bcache/journal.c b/drivers/md/bcache/journal.c index 6116bbf870d8..522c7426f3a0 100644 --- a/drivers/md/bcache/journal.c +++ b/drivers/md/bcache/journal.c @@ -485,7 +485,7 @@ static void do_journal_discard(struct cache *ca) closure_get(&ca->set->cl); INIT_WORK(&ja->discard_work, journal_discard_work); - schedule_work(&ja->discard_work); + queue_work(bch_journal_wq, &ja->discard_work); } } @@ -592,7 +592,7 @@ static void journal_write_done(struct closure *cl) : &j->w[0]; __closure_wake_up(&w->wait); - continue_at_nobarrier(cl, journal_write, system_wq); + continue_at_nobarrier(cl, journal_write, bch_journal_wq); } static void journal_write_unlock(struct closure *cl) @@ -627,7 +627,7 @@ static void journal_write_unlocked(struct closure *cl) spin_unlock(&c->journal.lock); btree_flush_write(c); - continue_at(cl, journal_write, system_wq); + continue_at(cl, journal_write, bch_journal_wq); return; } diff --git a/drivers/md/bcache/super.c b/drivers/md/bcache/super.c index 94c756c66bd7..30ba9aeb5ee8 100644 --- a/drivers/md/bcache/super.c +++ b/drivers/md/bcache/super.c @@ -47,6 +47,7 @@ static int bcache_major; static DEFINE_IDA(bcache_device_idx); static wait_queue_head_t unregister_wait; struct workqueue_struct *bcache_wq; +struct workqueue_struct *bch_journal_wq; #define BTREE_MAX_PAGES (256 * 1024 / PAGE_SIZE) /* limitation of partitions number on single bcache device */ @@ -2341,6 +2342,9 @@ static void bcache_exit(void) kobject_put(bcache_kobj); if (bcache_wq) destroy_workqueue(bcache_wq); + if (bch_journal_wq) + destroy_workqueue(bch_journal_wq); + if (bcache_major) unregister_blkdev(bcache_major, "bcache"); unregister_reboot_notifier(&reboot); @@ -2370,6 +2374,10 @@ static int __init bcache_init(void) if (!bcache_wq) goto err; + bch_journal_wq = alloc_workqueue("bch_journal", WQ_MEM_RECLAIM, 0); + if (!bch_journal_wq) + goto err; + bcache_kobj = kobject_create_and_add("bcache", fs_kobj); if (!bcache_kobj) goto err;

6 years, 11 months

1
0
0 0

FAILED: patch "[PATCH] bcache: add separate workqueue for journal_write to avoid" failed to apply to 4.18-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.18-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 0f843e65d9eef4936929bb036c5f771fb261eea4 Mon Sep 17 00:00:00 2001 From: Guoju Fang <fangguoju(a)gmail.com> Date: Thu, 27 Sep 2018 23:41:46 +0800 Subject: [PATCH] bcache: add separate workqueue for journal_write to avoid deadlock After write SSD completed, bcache schedules journal_write work to system_wq, which is a public workqueue in system, without WQ_MEM_RECLAIM flag. system_wq is also a bound wq, and there may be no idle kworker on current processor. Creating a new kworker may unfortunately need to reclaim memory first, by shrinking cache and slab used by vfs, which depends on bcache device. That's a deadlock. This patch create a new workqueue for journal_write with WQ_MEM_RECLAIM flag. It's rescuer thread will work to avoid the deadlock. Signed-off-by: Guoju Fang <fangguoju(a)gmail.com> Cc: stable(a)vger.kernel.org Signed-off-by: Coly Li <colyli(a)suse.de> Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/drivers/md/bcache/bcache.h b/drivers/md/bcache/bcache.h index 83504dd8100a..954dad29e6e8 100644 --- a/drivers/md/bcache/bcache.h +++ b/drivers/md/bcache/bcache.h @@ -965,6 +965,7 @@ void bch_prio_write(struct cache *ca); void bch_write_bdev_super(struct cached_dev *dc, struct closure *parent); extern struct workqueue_struct *bcache_wq; +extern struct workqueue_struct *bch_journal_wq; extern struct mutex bch_register_lock; extern struct list_head bch_cache_sets; diff --git a/drivers/md/bcache/journal.c b/drivers/md/bcache/journal.c index 6116bbf870d8..522c7426f3a0 100644 --- a/drivers/md/bcache/journal.c +++ b/drivers/md/bcache/journal.c @@ -485,7 +485,7 @@ static void do_journal_discard(struct cache *ca) closure_get(&ca->set->cl); INIT_WORK(&ja->discard_work, journal_discard_work); - schedule_work(&ja->discard_work); + queue_work(bch_journal_wq, &ja->discard_work); } } @@ -592,7 +592,7 @@ static void journal_write_done(struct closure *cl) : &j->w[0]; __closure_wake_up(&w->wait); - continue_at_nobarrier(cl, journal_write, system_wq); + continue_at_nobarrier(cl, journal_write, bch_journal_wq); } static void journal_write_unlock(struct closure *cl) @@ -627,7 +627,7 @@ static void journal_write_unlocked(struct closure *cl) spin_unlock(&c->journal.lock); btree_flush_write(c); - continue_at(cl, journal_write, system_wq); + continue_at(cl, journal_write, bch_journal_wq); return; } diff --git a/drivers/md/bcache/super.c b/drivers/md/bcache/super.c index 94c756c66bd7..30ba9aeb5ee8 100644 --- a/drivers/md/bcache/super.c +++ b/drivers/md/bcache/super.c @@ -47,6 +47,7 @@ static int bcache_major; static DEFINE_IDA(bcache_device_idx); static wait_queue_head_t unregister_wait; struct workqueue_struct *bcache_wq; +struct workqueue_struct *bch_journal_wq; #define BTREE_MAX_PAGES (256 * 1024 / PAGE_SIZE) /* limitation of partitions number on single bcache device */ @@ -2341,6 +2342,9 @@ static void bcache_exit(void) kobject_put(bcache_kobj); if (bcache_wq) destroy_workqueue(bcache_wq); + if (bch_journal_wq) + destroy_workqueue(bch_journal_wq); + if (bcache_major) unregister_blkdev(bcache_major, "bcache"); unregister_reboot_notifier(&reboot); @@ -2370,6 +2374,10 @@ static int __init bcache_init(void) if (!bcache_wq) goto err; + bch_journal_wq = alloc_workqueue("bch_journal", WQ_MEM_RECLAIM, 0); + if (!bch_journal_wq) + goto err; + bcache_kobj = kobject_create_and_add("bcache", fs_kobj); if (!bcache_kobj) goto err;

6 years, 11 months

1
0
0 0

FAILED: patch "[PATCH] KVM: VMX: hide flexpriority from guest when disabled at the" failed to apply to 4.18-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.18-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 2cf7ea9f40fabee0f8b40db4eb2d1e85cc6c0a95 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini <pbonzini(a)redhat.com> Date: Wed, 3 Oct 2018 10:34:00 +0200 Subject: [PATCH] KVM: VMX: hide flexpriority from guest when disabled at the module level As of commit 8d860bbeedef ("kvm: vmx: Basic APIC virtualization controls have three settings"), KVM will disable VIRTUALIZE_APIC_ACCESSES when a nested guest writes APIC_BASE MSR and kvm-intel.flexpriority=0, whereas previously KVM would allow a nested guest to enable VIRTUALIZE_APIC_ACCESSES so long as it's supported in hardware. That is, KVM now advertises VIRTUALIZE_APIC_ACCESSES to a guest but doesn't (always) allow setting it when kvm-intel.flexpriority=0, and may even initially allow the control and then clear it when the nested guest writes APIC_BASE MSR, which is decidedly odd even if it doesn't cause functional issues. Hide the control completely when the module parameter is cleared. reported-by: Sean Christopherson <sean.j.christopherson(a)intel.com> Fixes: 8d860bbeedef ("kvm: vmx: Basic APIC virtualization controls have three settings") Cc: Jim Mattson <jmattson(a)google.com> Cc: stable(a)vger.kernel.org Signed-off-by: Paolo Bonzini <pbonzini(a)redhat.com> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c index 764ae031054f..55b62760b694 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -3589,12 +3589,12 @@ static void nested_vmx_setup_ctls_msrs(struct nested_vmx_msrs *msrs, bool apicv) msrs->secondary_ctls_high); msrs->secondary_ctls_low = 0; msrs->secondary_ctls_high &= - SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES | SECONDARY_EXEC_DESC | SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE | SECONDARY_EXEC_APIC_REGISTER_VIRT | SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY | SECONDARY_EXEC_WBINVD_EXITING; + /* * We can emulate "VMCS shadowing," even if the hardware * doesn't support it. @@ -3651,6 +3651,10 @@ static void nested_vmx_setup_ctls_msrs(struct nested_vmx_msrs *msrs, bool apicv) msrs->secondary_ctls_high |= SECONDARY_EXEC_UNRESTRICTED_GUEST; + if (flexpriority_enabled) + msrs->secondary_ctls_high |= + SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES; + /* miscellaneous data */ rdmsr(MSR_IA32_VMX_MISC, msrs->misc_low,

6 years, 11 months

1
0
0 0

[PATCH stable 4.9 00/29] backport of IP fragmentation fixes

by Florian Fainelli

This is based on Stephen's v4.14 patches, with the necessary merge conflicts, and the lack of timer_setup() on the 4.9 baseline. Perf results on a gigabit capable system, before and after are below. Series can also be found here: https://github.com/ffainelli/linux/commits/fragment-stack-v4.9 PerfTop: 457 irqs/sec kernel:74.4% exact: 0.0% [4000Hz cycles], (all, 4 CPUs) ------------------------------------------------------------------------------- 29.62% [kernel] [k] ip_defrag 6.57% [kernel] [k] arch_cpu_idle 1.72% [kernel] [k] v7_dma_inv_range 1.68% [kernel] [k] __netif_receive_skb_core 1.43% [kernel] [k] fib_table_lookup 1.30% [kernel] [k] finish_task_switch 1.08% [kernel] [k] ip_rcv 1.01% [kernel] [k] skb_release_data 0.99% [kernel] [k] __slab_free 0.96% [kernel] [k] bcm_sysport_poll 0.88% [kernel] [k] __netdev_alloc_skb 0.87% [kernel] [k] tick_nohz_idle_enter 0.86% [kernel] [k] dev_gro_receive 0.85% [kernel] [k] _raw_spin_unlock_irqrestore 0.84% [kernel] [k] __memzero 0.74% [kernel] [k] tick_nohz_idle_exit 0.73% ld-2.24.so [.] do_lookup_x 0.66% [kernel] [k] kmem_cache_free 0.66% [kernel] [k] bcm_sysport_rx_refill 0.65% [kernel] [k] eth_type_trans After patching: PerfTop: 170 irqs/sec kernel:86.5% exact: 0.0% [4000Hz cycles], (all, 4 CPUs) ------------------------------------------------------------------------------- 7.79% [kernel] [k] arch_cpu_idle 5.14% [kernel] [k] v7_dma_inv_range 4.20% [kernel] [k] ip_defrag 3.89% [kernel] [k] __netif_receive_skb_core 3.65% [kernel] [k] fib_table_lookup 2.16% [kernel] [k] finish_task_switch 1.93% [kernel] [k] _raw_spin_unlock_irqrestore 1.90% [kernel] [k] ip_rcv 1.84% [kernel] [k] bcm_sysport_poll 1.83% [kernel] [k] __memzero 1.65% [kernel] [k] __netdev_alloc_skb 1.60% [kernel] [k] __slab_free 1.49% [kernel] [k] __do_softirq 1.49% [kernel] [k] bcm_sysport_rx_refill 1.31% [kernel] [k] dma_cache_maint_page 1.25% [kernel] [k] tick_nohz_idle_enter 1.24% [kernel] [k] ip_route_input_noref 1.17% [kernel] [k] eth_type_trans 1.06% [kernel] [k] fib_validate_source 1.03% [kernel] [k] inet_frag_find Dan Carpenter (1): ipv4: frags: precedence bug in ip_expire() Eric Dumazet (22): inet: frags: change inet_frags_init_net() return value inet: frags: add a pointer to struct netns_frags inet: frags: refactor ipfrag_init() inet: frags: refactor ipv6_frag_init() inet: frags: refactor lowpan_net_frag_init() ipv6: export ip6 fragments sysctl to unprivileged users rhashtable: add schedule points inet: frags: use rhashtables for reassembly units inet: frags: remove some helpers inet: frags: get rif of inet_frag_evicting() inet: frags: remove inet_frag_maybe_warn_overflow() inet: frags: break the 2GB limit for frags storage inet: frags: do not clone skb in ip_expire() ipv6: frags: rewrite ip6_expire_frag_queue() rhashtable: reorganize struct rhashtable layout inet: frags: reorganize struct netns_frags inet: frags: get rid of ipfrag_skb_cb/FRAG_CB inet: frags: fix ip6frag_low_thresh boundary net: speed up skb_rbtree_purge() net: pskb_trim_rcsum() and CHECKSUM_COMPLETE are friends net: add rb_to_skb() and other rb tree helpers net: sk_buff rbnode reorg Florian Westphal (1): ipv6: defrag: drop non-last frags smaller than min mtu Peter Oskolkov (4): ip: discard IPv4 datagrams with overlapping segments. net: modify skb_rbtree_purge to return the truesize of all purged skbs. ip: add helpers to process in-order fragments faster. ip: process in-order fragments efficiently Taehee Yoo (1): ip: frags: fix crash in ip_do_fragment() Documentation/networking/ip-sysctl.txt | 13 +- include/linux/rhashtable.h | 4 +- include/linux/skbuff.h | 48 +- include/net/inet_frag.h | 133 +++--- include/net/ip.h | 1 - include/net/ipv6.h | 26 +- include/uapi/linux/snmp.h | 1 + lib/rhashtable.c | 5 +- net/core/skbuff.c | 31 +- net/ieee802154/6lowpan/6lowpan_i.h | 26 +- net/ieee802154/6lowpan/reassembly.c | 148 +++--- net/ipv4/inet_fragment.c | 379 ++++------------ net/ipv4/ip_fragment.c | 573 +++++++++++++----------- net/ipv4/proc.c | 7 +- net/ipv4/tcp_input.c | 33 +- net/ipv6/netfilter/nf_conntrack_reasm.c | 100 ++--- net/ipv6/proc.c | 5 +- net/ipv6/reassembly.c | 212 ++++----- 18 files changed, 785 insertions(+), 960 deletions(-) -- 2.17.1

6 years, 11 months

3
33
0 0

+ mm-dont-clobber-partially-overlapping-vma-with-map_fixed_noreplace.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm/mmap.c: don't clobber partially overlapping VMA with MAP_FIXED_NOREPLACE has been added to the -mm tree. Its filename is mm-dont-clobber-partially-overlapping-vma-with-map_fixed_noreplace.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/mm-dont-clobber-partially-overlapp… and later at http://ozlabs.org/~akpm/mmotm/broken-out/mm-dont-clobber-partially-overlapp… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Jann Horn <jannh(a)google.com> Subject: mm/mmap.c: don't clobber partially overlapping VMA with MAP_FIXED_NOREPLACE Daniel Micay reports that attempting to use MAP_FIXED_NOREPLACE in an application causes that application to randomly crash. The existing check for handling MAP_FIXED_NOREPLACE looks up the first VMA that either overlaps or follows the requested region, and then bails out if that VMA overlaps *the start* of the requested region. It does not bail out if the VMA only overlaps another part of the requested region. Fix it by checking that the found VMA only starts at or after the end of the requested region, in which case there is no overlap. Test case: user@debian:~$ cat mmap_fixed_simple.c #include <sys/mman.h> #include <errno.h> #include <stdio.h> #include <stdlib.h> #include <unistd.h> #ifndef MAP_FIXED_NOREPLACE #define MAP_FIXED_NOREPLACE 0x100000 #endif int main(void) { char *p; errno = 0; p = mmap((void*)0x10001000, 0x4000, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_FIXED_NOREPLACE, -1, 0); printf("p1=%p err=%m\n", p); errno = 0; p = mmap((void*)0x10000000, 0x2000, PROT_READ, MAP_PRIVATE|MAP_ANONYMOUS|MAP_FIXED_NOREPLACE, -1, 0); printf("p2=%p err=%m\n", p); char cmd[100]; sprintf(cmd, "cat /proc/%d/maps", getpid()); system(cmd); return 0; } user@debian:~$ gcc -o mmap_fixed_simple mmap_fixed_simple.c user@debian:~$ ./mmap_fixed_simple p1=0x10001000 err=Success p2=0x10000000 err=Success 10000000-10002000 r--p 00000000 00:00 0 10002000-10005000 ---p 00000000 00:00 0 564a9a06f000-564a9a070000 r-xp 00000000 fe:01 264004 /home/user/mmap_fixed_simple 564a9a26f000-564a9a270000 r--p 00000000 fe:01 264004 /home/user/mmap_fixed_simple 564a9a270000-564a9a271000 rw-p 00001000 fe:01 264004 /home/user/mmap_fixed_simple 564a9a54a000-564a9a56b000 rw-p 00000000 00:00 0 [heap] 7f8eba447000-7f8eba5dc000 r-xp 00000000 fe:01 405885 /lib/x86_64-linux-gnu/libc-2.24.so 7f8eba5dc000-7f8eba7dc000 ---p 00195000 fe:01 405885 /lib/x86_64-linux-gnu/libc-2.24.so 7f8eba7dc000-7f8eba7e0000 r--p 00195000 fe:01 405885 /lib/x86_64-linux-gnu/libc-2.24.so 7f8eba7e0000-7f8eba7e2000 rw-p 00199000 fe:01 405885 /lib/x86_64-linux-gnu/libc-2.24.so 7f8eba7e2000-7f8eba7e6000 rw-p 00000000 00:00 0 7f8eba7e6000-7f8eba809000 r-xp 00000000 fe:01 405876 /lib/x86_64-linux-gnu/ld-2.24.so 7f8eba9e9000-7f8eba9eb000 rw-p 00000000 00:00 0 7f8ebaa06000-7f8ebaa09000 rw-p 00000000 00:00 0 7f8ebaa09000-7f8ebaa0a000 r--p 00023000 fe:01 405876 /lib/x86_64-linux-gnu/ld-2.24.so 7f8ebaa0a000-7f8ebaa0b000 rw-p 00024000 fe:01 405876 /lib/x86_64-linux-gnu/ld-2.24.so 7f8ebaa0b000-7f8ebaa0c000 rw-p 00000000 00:00 0 7ffcc99fa000-7ffcc9a1b000 rw-p 00000000 00:00 0 [stack] 7ffcc9b44000-7ffcc9b47000 r--p 00000000 00:00 0 [vvar] 7ffcc9b47000-7ffcc9b49000 r-xp 00000000 00:00 0 [vdso] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall] user@debian:~$ uname -a Linux debian 4.19.0-rc6+ #181 SMP Wed Oct 3 23:43:42 CEST 2018 x86_64 GNU/Linux user@debian:~$ As you can see, the first page of the mapping at 0x10001000 was clobbered. Link: http://lkml.kernel.org/r/20181010152736.99475-1-jannh@google.com Fixes: a4ff8e8620d3 ("mm: introduce MAP_FIXED_NOREPLACE") Signed-off-by: Jann Horn <jannh(a)google.com> Reported-by: Daniel Micay <danielmicay(a)gmail.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Acked-by: John Hubbard <jhubbard(a)nvidia.com> Acked-by: Kees Cook <keescook(a)chromium.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- diff -puN mm/mmap.c~mm-dont-clobber-partially-overlapping-vma-with-map_fixed_noreplace mm/mmap.c --- a/mm/mmap.c~mm-dont-clobber-partially-overlapping-vma-with-map_fixed_noreplace +++ a/mm/mmap.c @@ -1410,7 +1410,7 @@ unsigned long do_mmap(struct file *file, if (flags & MAP_FIXED_NOREPLACE) { struct vm_area_struct *vma = find_vma(mm, addr); - if (vma && vma->vm_start <= addr) + if (vma && vma->vm_start < addr + len) return -EEXIST; } _ Patches currently in -mm which might be from jannh(a)google.com are mm-dont-clobber-partially-overlapping-vma-with-map_fixed_noreplace.patch mm-vmstat-assert-that-vmstat_text-is-in-sync-with-stat_items_size.patch reiserfs-propagate-errors-from-fill_with_dentries-properly.patch

6 years, 11 months

1
0
0 0

[GIT PULL] vsprintf: Fix off-by-one bug in bstr_printf() processing dereferenced pointers

by Steven Rostedt

Linus (aka Greg), It was reported that trace_printk() was not reporting properly values that came after a dereference pointer. trace_printk() utilizes vbin_printf() and bstr_printf() to keep the overhead of tracing down. vbin_printf() does not do any conversions and just stors the string format and the raw arguments into the buffer. bstr_printf() is used to read the buffer and does the conversions to complete the printf() output. This can be troublesome with dereferenced pointers because the reference may be different from the time vbin_printf() is called to the time bstr_printf() is called. To fix this, a prior commit changed vbin_printf() to convert dereferenced pointers into strings and load the converted string into the buffer. But the change to bstr_printf() had an off-by-one error and didn't account for the nul character at the end of the string and this corrupted the rest of the values in the format that came after a dereferenced pointer. Please pull the latest trace-v4.19-rc5 tree, which can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace.git trace-v4.19-rc5 Tag SHA1: b5fc80d980ae316323e88c165084deef39afd168 Head SHA1: 62165600ae73ebd76e2d9b992b36360408d570d8 Steven Rostedt (VMware) (1): vsprintf: Fix off-by-one bug in bstr_printf() processing dereferenced pointers ---- lib/vsprintf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --------------------------- commit 62165600ae73ebd76e2d9b992b36360408d570d8 Author: Steven Rostedt (VMware) <rostedt(a)goodmis.org> Date: Fri Oct 5 10:08:03 2018 -0400 vsprintf: Fix off-by-one bug in bstr_printf() processing dereferenced pointers The functions vbin_printf() and bstr_printf() are used by trace_printk() to try to keep the overhead down during printing. trace_printk() uses vbin_printf() at the time of execution, as it only scans the fmt string to record the printf values into the buffer, and then uses vbin_printf() to do the conversions to print the string based on the format and the saved values in the buffer. This is an issue for dereferenced pointers, as before commit 841a915d20c7b, the processing of the pointer could happen some time after the pointer value was recorded (reading the trace buffer). This means the processing of the value at a later time could show different results, or even crash the system, if the pointer no longer existed. Commit 841a915d20c7b addressed this by processing dereferenced pointers at the time of execution and save the result in the ring buffer as a string. The bstr_printf() would then treat these pointers as normal strings, and print the value. But there was an off-by-one bug here, where after processing the argument, it move the pointer only "strlen(arg)" which made the arg pointer not point to the next argument in the ring buffer, but instead point to the nul character of the last argument. This causes any values after a dereferenced pointer to be corrupted. Cc: stable(a)vger.kernel.org Fixes: 841a915d20c7b ("vsprintf: Do not have bprintf dereference pointers") Reported-by: Nikolay Borisov <nborisov(a)suse.com> Tested-by: Nikolay Borisov <nborisov(a)suse.com> Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> diff --git a/lib/vsprintf.c b/lib/vsprintf.c index d5b3a3f95c01..812e59e13fe6 100644 --- a/lib/vsprintf.c +++ b/lib/vsprintf.c @@ -2794,7 +2794,7 @@ int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf) copy = end - str; memcpy(str, args, copy); str += len; - args += len; + args += len + 1; } } if (process)

6 years, 11 months

2
1
0 0

[PATCH] drm/amdgpu: Suppress keypresses from ACPI_VIDEO events

by Lyude Paul

Currently we return NOTIFY_DONE for any event which we don't think is ours. However, many laptops will send more then just an ATIF event and will also send an ACPI_VIDEO_NOTIFY_PROBE event as well. Since we don't check for this, we return NOTIFY_DONE which causes a keypress for the ACPI event to be propogated to userspace. This is the equivalent of someone pressing the display key on a laptop every time there's a hotplug event. So, check for ACPI_VIDEO_NOTIFY_PROBE events and suppress keypresses from them. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c index 353993218f21..f008804f0b97 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c @@ -358,7 +358,9 @@ static int amdgpu_atif_get_sbios_requests(struct amdgpu_atif *atif, * * Checks the acpi event and if it matches an atif event, * handles it. - * Returns NOTIFY code + * + * Returns: + * NOTIFY_BAD or NOTIFY_DONE, depending on the event. */ static int amdgpu_atif_handler(struct amdgpu_device *adev, struct acpi_bus_event *event) @@ -372,11 +374,16 @@ static int amdgpu_atif_handler(struct amdgpu_device *adev, if (strcmp(event->device_class, ACPI_VIDEO_CLASS) != 0) return NOTIFY_DONE; + /* Is this actually our event? */ if (!atif || !atif->notification_cfg.enabled || - event->type != atif->notification_cfg.command_code) - /* Not our event */ - return NOTIFY_DONE; + event->type != atif->notification_cfg.command_code) { + /* These events will generate keypresses otherwise */ + if (event->type == ACPI_VIDEO_NOTIFY_PROBE) + return NOTIFY_BAD; + else + return NOTIFY_DONE; + } if (atif->functions.sbios_requests) { struct atif_sbios_requests req; @@ -385,7 +392,7 @@ static int amdgpu_atif_handler(struct amdgpu_device *adev, count = amdgpu_atif_get_sbios_requests(atif, &req); if (count <= 0) - return NOTIFY_DONE; + return NOTIFY_BAD; DRM_DEBUG_DRIVER("ATIF: %d pending SBIOS requests\n", count); -- 2.17.1

6 years, 11 months

2
1
0 0

[PATCH 4.4 000/113] 4.4.160-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.4.160 release. There are 113 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed Oct 10 17:55:13 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.160-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.4.160-rc1 Ashish Samant <ashish.samant(a)oracle.com> ocfs2: fix locking for res->tracking and dlm->tracking_list Jann Horn <jannh(a)google.com> proc: restrict kernel stack dumps to root Leonard Crestez <leonard.crestez(a)nxp.com> crypto: mxs-dcp - Fix wait logic on chan threads Kai-Heng Feng <kai.heng.feng(a)canonical.com> ALSA: hda/realtek - Cannot adjust speaker's volume on Dell XPS 27 7760 Aurelien Aptel <aaptel(a)suse.com> smb2: fix missing files in root share directory listing Josh Abraham <j.abraham1776(a)gmail.com> xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage Olaf Hering <olaf(a)aepfle.de> xen: avoid crash in disable_hotplug_cpu Vitaly Kuznetsov <vkuznets(a)redhat.com> xen/manage: don't complain about an empty value in control/sysrq node Dan Carpenter <dan.carpenter(a)oracle.com> cifs: read overflow in is_valid_oplock_break() Julian Wiedmann <jwi(a)linux.ibm.com> s390/qeth: don't dump past end of unknown HW header Kai-Heng Feng <kai.heng.feng(a)canonical.com> r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED Miguel Ojeda <miguel.ojeda.sandonis(a)gmail.com> arm64: jump_label.h: use asm_volatile_goto macro instead of "asm goto" Randy Dunlap <rdunlap(a)infradead.org> hexagon: modify ffs() and fls() to return int Randy Dunlap <rdunlap(a)infradead.org> arch/hexagon: fix kernel/dma.c build warning Joe Thornber <ejt(a)redhat.com> dm thin metadata: try to avoid ever aborting transactions Stephen Rothwell <sfr(a)canb.auug.org.au> fs/cifs: suppress a string overflow warning Ben Skeggs <bskeggs(a)redhat.com> drm/nouveau/TBDdevinit: don't fail when PMU/PRE_OS is missing from VBIOS Ben Hutchings <ben.hutchings(a)codethink.co.uk> USB: yurex: Check for truncation in yurex_read() Jann Horn <jannh(a)google.com> RDMA/ucma: check fd type in ucma_migrate_id() Sandipan Das <sandipan(a)linux.ibm.com> perf probe powerpc: Ignore SyS symbols irrespective of endianness Stephen Boyd <swboyd(a)chromium.org> pinctrl: msm: Really mask level interrupts to prevent latching Anton Vasilyev <vasilyev(a)ispras.ru> usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i] Daniel Black <daniel(a)linux.ibm.com> mm: madvise(MADV_DODUMP): allow hugetlbfs pages Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> tools/vm/page-types.c: fix "defined but not used" warning Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> tools/vm/slabinfo.c: fix sign-compare warning Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> mac80211: shorten the IBSS debug messages Ilan Peer <ilan.peer(a)intel.com> mac80211: Fix station bandwidth setting after channel switch Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> mac80211: fix a race between restart and CSA flows Dan Carpenter <dan.carpenter(a)oracle.com> cfg80211: fix a type issue in ieee80211_chandef_to_operating_class() Jon Kuhn <jkuhn(a)barracuda.com> fs/cifs: don't translate SFM_SLASH (U+F026) to backslash Jia-Ju Bai <baijiaju1990(a)gmail.com> net: cadence: Fix a sleep-in-atomic-context bug in macb_halt_tx() Masahiro Yamada <yamada.masahiro(a)socionext.com> i2c: uniphier-f: issue STOP only for last message or I2C_M_STOP Masahiro Yamada <yamada.masahiro(a)socionext.com> i2c: uniphier: issue STOP only for last message or I2C_M_STOP Xiao Ni <xni(a)redhat.com> RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0 Arunk Khandavalli <akhandav(a)codeaurora.org> cfg80211: nl80211_update_ft_ies() to validate NL80211_ATTR_IE Yuan-Chi Pang <fu3mo6goo(a)gmail.com> mac80211: mesh: fix HWMP sequence numbering to follow standard Michael Hennerich <michael.hennerich(a)analog.com> gpio: adp5588: Fix sleep-in-atomic-context bug Danek Duvall <duvall(a)comfychair.org> mac80211_hwsim: correct use of IEEE80211_VHT_CAP_RXSTBC_X Danek Duvall <duvall(a)comfychair.org> mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X Paul Mackerras <paulus(a)ozlabs.org> KVM: PPC: Book3S HV: Don't truncate HPTE index in xlate function Sakari Ailus <sakari.ailus(a)linux.intel.com> media: v4l: event: Prevent freeing event subscriptions while accessed Marc Zyngier <marc.zyngier(a)arm.com> arm64: KVM: Sanitize PSTATE.M when being set from userspace Suzuki K Poulose <suzuki.poulose(a)arm.com> arm64: cpufeature: Track 32bit EL0 support Mika Westerberg <mika.westerberg(a)linux.intel.com> i2c: i801: Allow ACPI AML access I/O ports not reserved for SMBus Dan Carpenter <dan.carpenter(a)oracle.com> hwmon: (adt7475) Make adt7475_read_word() return errors Lothar Felten <lothar.felten(a)gmail.com> hwmon: (ina2xx) fix sysfs shunt resistor read access Bo Chen <chenbo(a)pdx.edu> e1000: ensure to free old tx/rx rings in set_ringparam() Bo Chen <chenbo(a)pdx.edu> e1000: check on netif_running() before calling e1000_up() Huazhong Tan <tanhuazhong(a)huawei.com> net: hns: fix length and page_offset overflow when CONFIG_ARM64_64K_PAGES Anson Huang <Anson.Huang(a)nxp.com> thermal: of-thermal: disable passive polling when thermal zone is disabled Theodore Ts'o <tytso(a)mit.edu> ext4: never move the system.data xattr out of the inode body Dave Martin <Dave.Martin(a)arm.com> arm64: KVM: Tighten guest core register access from userspace Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> serial: imx: restore handshaking irq for imx1 Vincent Pelletier <plr.vincent(a)gmail.com> scsi: target: iscsi: Use bin2hex instead of a re-implementation Bart Van Assche <bvanassche(a)acm.org> IB/srp: Avoid that sg_reset -d ${srp_device} triggers an infinite loop Aaron Ma <aaron.ma(a)canonical.com> Input: elantech - enable middle button of touchpad on ThinkPad P72 Alan Stern <stern(a)rowland.harvard.edu> USB: remove LPM management from usb_driver_claim_interface() Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> Revert "usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt()" Oliver Neukum <oneukum(a)suse.com> USB: usbdevfs: restore warning for nonsensical flags Oliver Neukum <oneukum(a)suse.com> USB: usbdevfs: sanitize flags more ming_qian <ming_qian(a)realsil.com.cn> media: uvcvideo: Support realtek's UVC 1.5 device Alexey Dobriyan <adobriyan(a)gmail.com> slub: make ->cpu_partial unsigned int Alan Stern <stern(a)rowland.harvard.edu> USB: handle NULL config in usb_find_alt_setting() Alan Stern <stern(a)rowland.harvard.edu> USB: fix error handling in usb_driver_claim_interface() Geert Uytterhoeven <geert+renesas(a)glider.be> spi: rspi: Fix interrupted DMA transfers Geert Uytterhoeven <geert+renesas(a)glider.be> spi: rspi: Fix invalid SPI use during system suspend Hiromitsu Yamasaki <hiromitsu.yamasaki.ym(a)renesas.com> spi: sh-msiof: Fix handling of write value for SISTR register Gaku Inami <gaku.inami.xw(a)bp.renesas.com> spi: sh-msiof: Fix invalid SPI use during system suspend Marcel Ziswiler <marcel.ziswiler(a)toradex.com> spi: tegra20-slink: explicitly enable/disable clock Christophe Leroy <christophe.leroy(a)c-s.fr> serial: cpm_uart: return immediately from console poll Andy Whitcroft <apw(a)canonical.com> floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl Kevin Hilman <khilman(a)baylibre.com> ARM: dts: dra7: fix DCAN node addresses J. Bruce Fields <bfields(a)redhat.com> nfsd: fix corrupted reply to badly ordered compound Jessica Yu <jeyu(a)kernel.org> module: exclude SHN_UNDEF symbols from kallsyms api Liam Girdwood <liam.r.girdwood(a)linux.intel.com> ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs Johan Hovold <johan(a)kernel.org> EDAC, i7core: Fix memleaks and use-after-free on probe and remove Zhouyang Jia <jiazhouyang09(a)gmail.com> scsi: bnx2i: add error handling for ioremap_nocache Zhouyang Jia <jiazhouyang09(a)gmail.com> HID: hid-ntrig: add error handling for sysfs_create_group Ethan Tuttle <ethan(a)ethantuttle.com> ARM: mvebu: declare asm symbols as character arrays in pmsu.c Tony Lindgren <tony(a)atomide.com> wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout() Dan Carpenter <dan.carpenter(a)oracle.com> rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication() Ben Greear <greearb(a)candelatech.com> ath10k: protect ath10k_htt_rx_ring_free with rx_ring.lock Kai-Heng Feng <kai.heng.feng(a)canonical.com> ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge Zhouyang Jia <jiazhouyang09(a)gmail.com> media: tm6000: add error handling for dvb_register_adapter Zhouyang Jia <jiazhouyang09(a)gmail.com> drivers/tty: add error handling for pcmcia_loop_config Alistair Strachan <astrachan(a)google.com> staging: android: ashmem: Fix mmap size validation Javier Martinez Canillas <javierm(a)redhat.com> media: omap3isp: zero-initialize the isp cam_xclk{a,b} initial data Akinobu Mita <akinobu.mita(a)gmail.com> media: soc_camera: ov772x: correct setting of banding filter Akinobu Mita <akinobu.mita(a)gmail.com> media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power Nicholas Mc Guire <hofrat(a)osadl.org> ALSA: snd-aoa: add of_node_put() in error path Vasily Gorbik <gor(a)linux.ibm.com> s390/extmem: fix gcc 8 stringop-overflow warning Thomas Gleixner <tglx(a)linutronix.de> alarmtimer: Prevent overflow for relative nanosleep Alexey Kardashevskiy <aik(a)ozlabs.ru> powerpc/powernv/ioda2: Reduce upper limit for DMA window size Julia Lawall <Julia.Lawall(a)lip6.fr> usb: wusbcore: security: cast sizeof to int for comparison Breno Leitao <leitao(a)debian.org> scsi: ibmvscsi: Improve strings handling Bart Van Assche <bart.vanassche(a)wdc.com> scsi: klist: Make it safe to use klists in atomic context Bart Van Assche <bart.vanassche(a)wdc.com> scsi: target/iscsi: Make iscsit_ta_authentication() respect the output buffer size Jan Beulich <JBeulich(a)suse.com> x86/entry/64: Add two more instruction suffixes Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> x86/tsc: Add missing header to tsc_msr.c Alexey Khoroshilov <khoroshilov(a)ispras.ru> media: fsl-viu: fix error handling in viu_of_probe() Hari Bathini <hbathini(a)linux.ibm.com> powerpc/kdump: Handle crashkernel memory reservation failure Sylwester Nawrocki <s.nawrocki(a)samsung.com> media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt() Guoqing Jiang <gqjiang(a)suse.com> md-cluster: clear another node's suspend_area after the copy is finished Michael Scott <michael(a)opensourcefoundries.com> 6lowpan: iphc: reset mac_header after decompress to fix panic Johan Hovold <johan(a)kernel.org> USB: serial: kobil_sct: fix modem-status error handling Jian-Hong Pan <jian-hong(a)endlessm.com> Bluetooth: Add a new Realtek 8723DE ID 0bda:b009 Sudeep Holla <sudeep.holla(a)arm.com> power: vexpress: fix corruption in notifier registration Anton Vasilyev <vasilyev(a)ispras.ru> uwb: hwa-rc: fix memory leak at probe Colin Ian King <colin.king(a)canonical.com> staging: rts5208: fix missing error check on call to rtsx_write_register Dan Williams <dan.j.williams(a)intel.com> x86/numa_emulation: Fix emulated-to-physical node mapping Dan Carpenter <dan.carpenter(a)oracle.com> vmci: type promotion bug in qp_host_get_user_memory() Matt Ranostay <matt.ranostay(a)konsulko.com> tsl2550: fix lux1_input error in low light Stafford Horne <shorne(a)gmail.com> crypto: skcipher - Fix -Wstringop-truncation warnings ------------- Diffstat: Documentation/hwmon/ina2xx | 2 +- Makefile | 4 +- arch/arm/boot/dts/dra7.dtsi | 4 +- arch/arm/mach-mvebu/pmsu.c | 6 +- arch/arm64/include/asm/cpufeature.h | 8 ++- arch/arm64/include/asm/jump_label.h | 4 +- arch/arm64/include/asm/kvm_emulate.h | 5 ++ arch/arm64/include/asm/sysreg.h | 1 + arch/arm64/kernel/cpufeature.c | 8 +++ arch/arm64/kvm/guest.c | 55 +++++++++++++++- arch/hexagon/include/asm/bitops.h | 4 +- arch/hexagon/kernel/dma.c | 2 +- arch/powerpc/kernel/machine_kexec.c | 7 ++- arch/powerpc/kvm/book3s_64_mmu_hv.c | 2 +- arch/powerpc/platforms/powernv/pci-ioda.c | 2 +- arch/s390/mm/extmem.c | 4 +- arch/x86/entry/entry_64.S | 4 +- arch/x86/kernel/tsc_msr.c | 1 + arch/x86/mm/numa_emulation.c | 2 +- crypto/ablkcipher.c | 2 + crypto/blkcipher.c | 1 + drivers/block/floppy.c | 3 + drivers/bluetooth/btusb.c | 1 + drivers/crypto/mxs-dcp.c | 53 +++++++++------- drivers/edac/i7core_edac.c | 22 ++++--- drivers/gpio/gpio-adp5588.c | 24 +++++-- .../gpu/drm/nouveau/nvkm/subdev/devinit/gm204.c | 3 +- drivers/hid/hid-ntrig.c | 2 + drivers/hwmon/adt7475.c | 14 +++-- drivers/hwmon/ina2xx.c | 13 +++- drivers/i2c/busses/i2c-i801.c | 9 ++- drivers/i2c/busses/i2c-uniphier-f.c | 7 +-- drivers/i2c/busses/i2c-uniphier.c | 7 +-- drivers/infiniband/core/ucma.c | 6 ++ drivers/infiniband/ulp/srp/ib_srp.c | 6 +- drivers/input/mouse/elantech.c | 2 + drivers/md/dm-thin-metadata.c | 36 ++++++++++- drivers/md/dm-thin.c | 73 +++++++++++++++++++--- drivers/md/md-cluster.c | 19 +++--- drivers/md/raid10.c | 5 +- drivers/media/i2c/soc_camera/ov772x.c | 2 +- drivers/media/platform/exynos4-is/fimc-isp-video.c | 11 +++- drivers/media/platform/fsl-viu.c | 38 ++++++----- drivers/media/platform/omap3isp/isp.c | 2 +- drivers/media/platform/s3c-camif/camif-capture.c | 2 + drivers/media/usb/tm6000/tm6000-dvb.c | 5 ++ drivers/media/usb/uvc/uvc_video.c | 24 +++++-- drivers/media/v4l2-core/v4l2-event.c | 37 +++++------ drivers/media/v4l2-core/v4l2-fh.c | 2 + drivers/misc/tsl2550.c | 2 +- drivers/misc/vmw_vmci/vmci_queue_pair.c | 4 +- drivers/net/ethernet/cadence/macb.c | 2 +- drivers/net/ethernet/hisilicon/hns/hnae.h | 6 +- drivers/net/ethernet/intel/e1000/e1000_ethtool.c | 7 ++- drivers/net/ethernet/realtek/r8169.c | 9 ++- drivers/net/wireless/ath/ath10k/htt_rx.c | 5 +- drivers/net/wireless/mac80211_hwsim.c | 3 - drivers/net/wireless/rndis_wlan.c | 2 + drivers/net/wireless/ti/wlcore/cmd.c | 6 ++ drivers/pinctrl/qcom/pinctrl-msm.c | 24 +++++++ drivers/power/reset/vexpress-poweroff.c | 12 ++-- drivers/s390/net/qeth_l2_main.c | 2 +- drivers/s390/net/qeth_l3_main.c | 2 +- drivers/scsi/bnx2i/bnx2i_hwi.c | 2 + drivers/scsi/ibmvscsi/ibmvscsi.c | 4 +- drivers/spi/spi-rspi.c | 34 ++++++++-- drivers/spi/spi-sh-msiof.c | 28 ++++++++- drivers/spi/spi-tegra20-slink.c | 31 ++++++--- drivers/staging/android/ashmem.c | 6 ++ drivers/staging/rts5208/sd.c | 2 +- drivers/target/iscsi/iscsi_target_auth.c | 15 +---- drivers/target/iscsi/iscsi_target_tpg.c | 3 +- drivers/thermal/of-thermal.c | 7 ++- drivers/tty/serial/8250/serial_cs.c | 6 +- drivers/tty/serial/cpm_uart/cpm_uart_core.c | 10 ++- drivers/tty/serial/imx.c | 8 +++ drivers/usb/class/cdc-wdm.c | 2 +- drivers/usb/core/devio.c | 24 ++++++- drivers/usb/core/driver.c | 28 ++++----- drivers/usb/core/usb.c | 2 + drivers/usb/gadget/udc/fotg210-udc.c | 15 +++-- drivers/usb/misc/yurex.c | 3 + drivers/usb/serial/kobil_sct.c | 12 +++- drivers/usb/wusbcore/security.c | 2 +- drivers/uwb/hwa-rc.c | 1 + drivers/xen/cpu_hotplug.c | 15 ++--- drivers/xen/events/events_base.c | 2 +- drivers/xen/manage.c | 6 +- fs/cifs/cifs_unicode.c | 3 - fs/cifs/cifssmb.c | 11 +++- fs/cifs/misc.c | 8 +++ fs/cifs/smb2ops.c | 2 +- fs/ext4/xattr.c | 5 ++ fs/nfsd/nfs4proc.c | 1 + fs/ocfs2/dlm/dlmmaster.c | 4 +- fs/proc/base.c | 14 +++++ include/linux/platform_data/ina2xx.h | 2 +- include/linux/slub_def.h | 3 +- include/media/v4l2-fh.h | 1 + kernel/module.c | 6 +- kernel/time/alarmtimer.c | 3 +- lib/klist.c | 10 +-- mm/madvise.c | 2 +- mm/slub.c | 6 +- net/6lowpan/iphc.c | 1 + net/mac80211/ibss.c | 22 +++---- net/mac80211/main.c | 26 ++++++-- net/mac80211/mesh_hwmp.c | 4 ++ net/mac80211/mlme.c | 53 ++++++++++++++++ net/wireless/nl80211.c | 1 + net/wireless/util.c | 2 +- sound/aoa/core/gpio-feature.c | 4 +- sound/pci/hda/hda_intel.c | 3 +- sound/pci/hda/patch_realtek.c | 1 + sound/soc/soc-dapm.c | 7 +++ tools/perf/arch/powerpc/util/sym-handling.c | 4 +- tools/vm/page-types.c | 6 -- tools/vm/slabinfo.c | 4 +- 118 files changed, 842 insertions(+), 287 deletions(-)

6 years, 11 months

10
128
0 0

[PATCH AUTOSEL 3.18 1/6] selftests/efivarfs: add required kernel configs

by Sasha Levin

From: Lei Yang <Lei.Yang(a)windriver.com> [ Upstream commit 53cf59d6c0ad3edc4f4449098706a8f8986258b6 ] add config file Signed-off-by: Lei Yang <Lei.Yang(a)windriver.com> Signed-off-by: Shuah Khan (Samsung OSG) <shuah(a)kernel.org> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- tools/testing/selftests/efivarfs/config | 1 + 1 file changed, 1 insertion(+) create mode 100644 tools/testing/selftests/efivarfs/config diff --git a/tools/testing/selftests/efivarfs/config b/tools/testing/selftests/efivarfs/config new file mode 100644 index 000000000000..4e151f1005b2 --- /dev/null +++ b/tools/testing/selftests/efivarfs/config @@ -0,0 +1 @@ +CONFIG_EFIVAR_FS=y -- 2.17.1

6 years, 11 months

2
7
0 0

[PATCH 2/2] xen: make xen_qlock_wait() nestable

by Juergen Gross

xen_qlock_wait() isn't safe for nested calls due to interrupts. A call of xen_qlock_kick() might be ignored in case a deeper nesting level was active right before the call of xen_poll_irq(): CPU 1: CPU 2: spin_lock(lock1) spin_lock(lock1) -> xen_qlock_wait() -> xen_clear_irq_pending() Interrupt happens spin_unlock(lock1) -> xen_qlock_kick(CPU 2) spin_lock_irqsave(lock2) spin_lock_irqsave(lock2) -> xen_qlock_wait() -> xen_clear_irq_pending() clears kick for lock1 -> xen_poll_irq() spin_unlock_irq_restore(lock2) -> xen_qlock_kick(CPU 2) wakes up spin_unlock_irq_restore(lock2) IRET resumes in xen_qlock_wait() -> xen_poll_irq() never wakes up The solution is to disable interrupts in xen_qlock_wait() and not to poll for the irq in case xen_qlock_wait() is called in nmi context. Cc: stable(a)vger.kernel.org Cc: Waiman.Long(a)hp.com Cc: peterz(a)infradead.org Signed-off-by: Juergen Gross <jgross(a)suse.com> --- arch/x86/xen/spinlock.c | 24 ++++++++++-------------- 1 file changed, 10 insertions(+), 14 deletions(-) diff --git a/arch/x86/xen/spinlock.c b/arch/x86/xen/spinlock.c index cd210a4ba7b1..e8d880e98057 100644 --- a/arch/x86/xen/spinlock.c +++ b/arch/x86/xen/spinlock.c @@ -39,29 +39,25 @@ static void xen_qlock_kick(int cpu) */ static void xen_qlock_wait(u8 *byte, u8 val) { + unsigned long flags; int irq = __this_cpu_read(lock_kicker_irq); /* If kicker interrupts not initialized yet, just spin */ - if (irq == -1) + if (irq == -1 || in_nmi()) return; - /* If irq pending already clear it and return. */ + /* Guard against reentry. */ + local_irq_save(flags); + + /* If irq pending already clear it. */ if (xen_test_irq_pending(irq)) { xen_clear_irq_pending(irq); - return; + } else if (READ_ONCE(*byte) == val) { + /* Block until irq becomes pending (or a spurious wakeup) */ + xen_poll_irq(irq); } - if (READ_ONCE(*byte) != val) - return; - - /* - * If an interrupt happens here, it will leave the wakeup irq - * pending, which will cause xen_poll_irq() to return - * immediately. - */ - - /* Block until irq becomes pending (or perhaps a spurious wakeup) */ - xen_poll_irq(irq); + local_irq_restore(flags); } static irqreturn_t dummy_handler(int irq, void *dev_id) -- 2.16.4

6 years, 11 months

4
8
0 0

troubles with https://www.kernel.org/

by Pavlos Parissis

Hi, https://www.kernel.org is either down or very slow for me(based in The Netherlands, Europe). I do understand this is not the right ML to report this issue, but the contact page doesn't load for me and as a result I could find the right communication channel. Cheers, Pavlos

6 years, 11 months

2
2
0 0

Linux 4.18.13

by Greg KH

I'm announcing the release of the 4.18.13 kernel. All users of the 4.18 kernel series must upgrade. The updated 4.18.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.18.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/net/sh_eth.txt | 1 Makefile | 2 arch/arc/include/asm/atomic.h | 2 arch/arm64/include/asm/jump_label.h | 4 arch/hexagon/include/asm/bitops.h | 4 arch/hexagon/kernel/dma.c | 2 arch/nds32/include/asm/elf.h | 4 arch/nds32/include/asm/uaccess.h | 26 - arch/nds32/kernel/atl2c.c | 3 arch/nds32/kernel/module.c | 4 arch/nds32/kernel/traps.c | 2 arch/nds32/kernel/vmlinux.lds.S | 12 arch/powerpc/kvm/book3s_64_mmu_hv.c | 2 arch/riscv/kernel/setup.c | 7 arch/x86/events/intel/lbr.c | 4 arch/x86/kernel/apm_32.c | 2 block/blk-cgroup.c | 78 +---- drivers/ata/libata-core.c | 2 drivers/base/firmware_loader/main.c | 35 +- drivers/cpufreq/qcom-cpufreq-kryo.c | 4 drivers/crypto/caam/caamalg.c | 8 drivers/crypto/chelsio/chcr_algo.c | 32 +- drivers/crypto/chelsio/chcr_crypto.h | 2 drivers/crypto/mxs-dcp.c | 53 ++- drivers/crypto/qat/qat_c3xxx/adf_drv.c | 6 drivers/crypto/qat/qat_c3xxxvf/adf_drv.c | 6 drivers/crypto/qat/qat_c62x/adf_drv.c | 6 drivers/crypto/qat/qat_c62xvf/adf_drv.c | 6 drivers/crypto/qat/qat_dh895xcc/adf_drv.c | 6 drivers/crypto/qat/qat_dh895xccvf/adf_drv.c | 6 drivers/firmware/arm_scmi/perf.c | 8 drivers/gpio/gpio-adp5588.c | 24 + drivers/gpio/gpio-dwapb.c | 1 drivers/gpio/gpiolib-acpi.c | 86 +++-- drivers/gpio/gpiolib-of.c | 1 drivers/gpio/gpiolib.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 23 + drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c | 7 drivers/gpu/drm/amd/powerplay/hwmgr/smu7_hwmgr.c | 8 drivers/gpu/drm/amd/powerplay/hwmgr/smu8_hwmgr.c | 6 drivers/gpu/drm/nouveau/nouveau_drm.c | 14 drivers/gpu/drm/nouveau/nvkm/engine/disp/base.c | 14 drivers/gpu/drm/nouveau/nvkm/engine/disp/dp.c | 17 - drivers/gpu/drm/nouveau/nvkm/engine/disp/ior.h | 1 drivers/gpu/drm/nouveau/nvkm/engine/disp/nv50.c | 6 drivers/gpu/drm/nouveau/nvkm/engine/disp/outp.c | 17 - drivers/gpu/drm/nouveau/nvkm/engine/disp/outp.h | 4 drivers/gpu/drm/nouveau/nvkm/subdev/devinit/gm200.c | 3 drivers/gpu/drm/nouveau/nvkm/subdev/mmu/vmm.c | 2 drivers/hid/hid-apple.c | 9 drivers/hid/hid-ids.h | 7 drivers/hid/hid-saitek.c | 2 drivers/hid/hid-sensor-hub.c | 23 + drivers/hid/i2c-hid/i2c-hid.c | 24 + drivers/hid/intel-ish-hid/ipc/hw-ish.h | 1 drivers/hid/intel-ish-hid/ipc/pci-ish.c | 1 drivers/hv/connection.c | 8 drivers/i2c/busses/i2c-uniphier-f.c | 7 drivers/i2c/busses/i2c-uniphier.c | 7 drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_buffer.c | 13 drivers/iio/temperature/maxim_thermocouple.c | 1 drivers/infiniband/core/ucma.c | 6 drivers/infiniband/hw/bnxt_re/ib_verbs.c | 2 drivers/infiniband/hw/bnxt_re/qplib_fp.c | 2 drivers/iommu/amd_iommu.c | 2 drivers/md/dm-raid.c | 144 +++------ drivers/md/dm-thin-metadata.c | 34 ++ drivers/md/dm-thin.c | 73 ++++ drivers/md/raid10.c | 5 drivers/md/raid5-log.h | 5 drivers/md/raid5.c | 6 drivers/net/ethernet/amazon/ena/ena_com.c | 8 drivers/net/ethernet/amazon/ena/ena_netdev.c | 52 +-- drivers/net/ethernet/amazon/ena/ena_netdev.h | 11 drivers/net/ethernet/cadence/macb_main.c | 2 drivers/net/ethernet/hisilicon/hns/hnae.h | 2 drivers/net/ethernet/hisilicon/hns/hns_ae_adapt.c | 67 ++++ drivers/net/ethernet/hisilicon/hns/hns_dsaf_gmac.c | 36 ++ drivers/net/ethernet/hisilicon/hns/hns_dsaf_mac.c | 44 ++ drivers/net/ethernet/hisilicon/hns/hns_dsaf_mac.h | 8 drivers/net/ethernet/hisilicon/hns/hns_dsaf_main.c | 29 + drivers/net/ethernet/hisilicon/hns/hns_dsaf_main.h | 3 drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.c | 23 + drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.h | 1 drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.c | 23 + drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.h | 1 drivers/net/ethernet/hisilicon/hns/hns_dsaf_reg.h | 1 drivers/net/ethernet/hisilicon/hns/hns_enet.c | 21 + drivers/net/ethernet/hisilicon/hns/hns_ethtool.c | 2 drivers/net/ethernet/ibm/emac/core.c | 6 drivers/net/ethernet/ibm/ibmvnic.c | 12 drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 12 drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 1 drivers/net/ethernet/mellanox/mlx5/core/dev.c | 7 drivers/net/ethernet/realtek/r8169.c | 11 drivers/net/ethernet/renesas/sh_eth.c | 36 ++ drivers/net/wireless/broadcom/b43/dma.c | 6 drivers/net/wireless/intel/iwlwifi/iwl-nvm-parse.c | 50 --- drivers/net/wireless/mac80211_hwsim.c | 12 drivers/nvme/target/rdma.c | 27 + drivers/s390/net/qeth_core_main.c | 5 drivers/s390/net/qeth_l2_main.c | 2 drivers/s390/net/qeth_l3_main.c | 2 drivers/scsi/aacraid/aacraid.h | 2 drivers/scsi/csiostor/csio_hw.c | 71 +++- drivers/scsi/csiostor/csio_hw.h | 1 drivers/scsi/csiostor/csio_mb.c | 6 drivers/scsi/qedi/qedi.h | 7 drivers/scsi/qedi/qedi_main.c | 28 + drivers/target/iscsi/iscsi_target.c | 9 drivers/target/iscsi/iscsi_target_login.c | 149 +++++----- drivers/target/iscsi/iscsi_target_login.h | 2 drivers/usb/gadget/udc/fotg210-udc.c | 15 - drivers/usb/host/xhci-plat.c | 27 + drivers/usb/misc/yurex.c | 3 drivers/xen/cpu_hotplug.c | 15 - drivers/xen/events/events_base.c | 2 drivers/xen/manage.c | 6 fs/afs/proc.c | 15 - fs/btrfs/ctree.h | 1 fs/btrfs/disk-io.c | 1 fs/btrfs/inode.c | 25 - fs/btrfs/ioctl.c | 16 + fs/btrfs/volumes.c | 7 fs/ceph/super.c | 16 - fs/cifs/cifs_unicode.c | 3 fs/cifs/cifssmb.c | 11 fs/cifs/misc.c | 8 fs/cifs/smb2ops.c | 2 fs/dcache.c | 2 fs/inode.c | 53 +++ fs/notify/fsnotify.c | 13 fs/ocfs2/dlm/dlmmaster.c | 4 fs/overlayfs/dir.c | 4 fs/overlayfs/namei.c | 2 fs/overlayfs/overlayfs.h | 4 fs/overlayfs/util.c | 3 fs/proc/base.c | 14 fs/xattr.c | 24 - include/asm-generic/io.h | 3 include/linux/blk-cgroup.h | 1 include/linux/fs.h | 6 include/net/cfg80211.h | 4 include/net/regulatory.h | 4 kernel/bpf/sockmap.c | 64 ++-- kernel/bpf/verifier.c | 10 kernel/sched/topology.c | 5 mm/madvise.c | 2 net/core/filter.c | 57 ++- net/ipv4/netfilter/Kconfig | 8 net/mac80211/ibss.c | 22 - net/mac80211/main.c | 28 + net/mac80211/mesh_hwmp.c | 4 net/mac80211/mlme.c | 70 ++++ net/mac80211/tx.c | 54 ++- net/mac80211/util.c | 11 net/netfilter/Kconfig | 12 net/netfilter/nf_tables_api.c | 1 net/netfilter/nfnetlink_queue.c | 1 net/netfilter/xt_CHECKSUM.c | 22 + net/netfilter/xt_cluster.c | 14 net/netfilter/xt_hashlimit.c | 18 - net/tipc/diag.c | 2 net/tipc/netlink.c | 2 net/tipc/socket.c | 76 +++-- net/tipc/socket.h | 2 net/wireless/nl80211.c | 15 - net/wireless/reg.c | 91 ------ net/wireless/util.c | 2 sound/pci/hda/patch_realtek.c | 1 tools/hv/hv_fcopy_daemon.c | 1 tools/kvm/kvm_stat/kvm_stat | 25 + tools/perf/arch/powerpc/util/sym-handling.c | 4 tools/perf/util/annotate.c | 32 +- tools/perf/util/annotate.h | 1 tools/perf/util/evsel.c | 5 tools/perf/util/trace-event-info.c | 2 tools/testing/selftests/net/pmtu.sh | 7 tools/testing/selftests/rseq/param_test.c | 19 - tools/testing/selftests/tc-testing/tc-tests/actions/police.json | 48 +++ tools/vm/page-types.c | 6 tools/vm/slabinfo.c | 4 182 files changed, 1827 insertions(+), 990 deletions(-) Al Viro (1): new primitive: discard_new_inode() Alexey Khoroshilov (1): gpio: dwapb: Fix error handling in dwapb_gpio_probe() Amir Goldstein (3): fsnotify: fix ignore mask logic in fsnotify() ovl: fix access beyond unterminated strings ovl: fix memory leak on unlink of indexed file Anand Jain (1): btrfs: btrfs_shrink_device should call commit transaction at the end Andreas Bosch (1): HID: intel-ish-hid: Enable Sunrise Point-H ish driver Andreas Gruenbacher (1): sysfs: Do not return POSIX ACL xattrs via listxattr Andrew Murray (1): asm-generic: io: Fix ioport_map() for !CONFIG_GENERIC_IOMAP && CONFIG_INDIRECT_PIO Andy Shevchenko (1): gpiolib: acpi: Switch to cansleep version of GPIO library call Anisse Astier (1): HID: i2c-hid: disable runtime PM operations on hantick touchpad Anton Vasilyev (1): usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i] Anurag Kumar Vulisha (1): usb: host: xhci-plat: Iterate over parent nodes for finding quirks Arunk Khandavalli (1): cfg80211: nl80211_update_ft_ies() to validate NL80211_ATTR_IE Ashish Samant (1): ocfs2: fix locking for res->tracking and dlm->tracking_list Aurelien Aptel (1): smb2: fix missing files in root share directory listing Baruch Siach (1): net: mvpp2: initialize port of_node pointer Ben Hutchings (1): USB: yurex: Check for truncation in yurex_read() Ben Skeggs (5): drm/nouveau: fix oops in client init failure path drm/nouveau/mmu: don't attempt to dereference vmm without valid instance pointer drm/nouveau/TBDdevinit: don't fail when PMU/PRE_OS is missing from VBIOS drm/nouveau/disp: fix DP disable race drm/nouveau/disp/gm200-: enforce identity-mapped SOR assignment for LVDS/eDP panels Bjorn Andersson (1): firmware: Always initialize the fw_priv list object Chris Brandt (1): sh_eth: Add R7S9210 support Chris Phlipot (1): perf util: Fix bad memory access in trace info. Christian König (1): drm/amdgpu: fix error handling in amdgpu_cs_user_fence_chunk Cong Wang (2): tipc: switch to rhashtable iterator netfilter: xt_hashlimit: use s->file instead of s->private Dan Carpenter (3): scsi: aacraid: fix a signedness bug cfg80211: fix a type issue in ieee80211_chandef_to_operating_class() cifs: read overflow in is_valid_oplock_break() Danek Duvall (2): mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X mac80211_hwsim: correct use of IEEE80211_VHT_CAP_RXSTBC_X Daniel Black (1): mm: madvise(MADV_DODUMP): allow hugetlbfs pages Daniel Borkmann (6): bpf, sockmap: fix potential use after free in bpf_tcp_close bpf, sockmap: fix psock refcount leak in bpf_tcp_recvmsg bpf: fix several offset tests in bpf_msg_pull_data bpf: fix msg->data/data_end after sg shift repair in bpf_msg_pull_data bpf: fix shift upon scatterlist ring wrap-around in bpf_msg_pull_data bpf: fix sg shift repair start offset in bpf_msg_pull_data Daniel Jurgens (1): net/mlx5: Consider PCI domain in search for next dev David Howells (1): afs: Fix cell specification to permit an empty address list Dennis Zhou (Facebook) (1): Revert "blk-throttle: fix race between blkcg_bio_issue_check() and cgroup_rmdir()" Dexuan Cui (1): Drivers: hv: vmbus: Use get/put_cpu() in vmbus_connect() Dreyfuss, Haim (1): mac80211: fix WMM TXOP calculation Emmanuel Grumbach (3): mac80211: fix a race between restart and CSA flows mac80211: don't Tx a deauth frame if the AP forbade Tx mac80211: shorten the IBSS debug messages Florian Westphal (2): netfilter: xt_checksum: ignore gso skbs netfilter: kconfig: nat related expression depend on nftables core Geert Uytterhoeven (1): scsi: libata: Add missing newline at end of file Greentime Hu (3): nds32: fix logic for module nds32: fix build error because of wrong semicolon nds32: linker script: GCOV kernel may refers data in __exit Greg Kroah-Hartman (2): Revert "drm/amd/pp: Send khz clock values to DC for smu7/8" Linux 4.18.13 Guenter Roeck (1): riscv: Do not overwrite initrd_start and initrd_end Haim Dreyfuss (2): nl80211: Fix nla_put_u8 to u16 for NL80211_WMMR_TXOP nl80211: Pass center frequency in kHz instead of MHz Hans de Goede (2): gpiolib-acpi: Register GpioInt ACPI event handlers from a late_initcall HID: sensor-hub: Restore fixup for Lenovo ThinkPad Helix 2 sensor hub report Harry Mallon (1): HID: hid-saitek: Add device ID for RAT 7 Contagion Harsh Jain (1): crypto: chelsio - Fix memory corruption in DMA Mapped buffers. Heinz Mauelshagen (4): dm raid: fix reshape race on small devices dm raid: fix stripe adding reshape deadlock dm raid: fix rebuild of specific devices by updating superblock dm raid: fix RAID leg rebuild errors Hisao Tanabe (1): perf evsel: Fix potential null pointer dereference in perf_evsel__new_idx() Horia Geantă (1): crypto: caam/jr - fix ablkcipher_edesc pointer arithmetic Ilan Peer (1): mac80211: Fix station bandwidth setting after channel switch Ilya Dryomov (1): ceph: avoid a use-after-free in ceph_destroy_options() Ivan Mikhaylov (1): net/ibm/emac: wrong emac_calc_base call was used by typo Jacek Tomaka (1): perf/x86/intel: Add support/quirk for the MISPREDICT bit on Knights Landing CPUs Jann Horn (3): bpf: 32-bit RSH verification must truncate input before the ALU op RDMA/ucma: check fd type in ucma_migrate_id() proc: restrict kernel stack dumps to root Jia-Ju Bai (1): net: cadence: Fix a sleep-in-atomic-context bug in macb_halt_tx() Jinbum Park (1): mac80211_hwsim: Fix possible Spectre-v1 for hwsim_world_regdom_custom Joe Thornber (1): dm thin metadata: try to avoid ever aborting transactions Johannes Berg (3): mac80211_hwsim: require at least one channel cfg80211: remove division by size of sizeof(struct ieee80211_wmm_rule) mac80211: always account for A-MSDU header changes John Fastabend (2): bpf: sockmap, decrement copied count correctly in redirect error case bpf: avoid misuse of psock when TCP_ULP_BPF collides with another ULP Jon Kuhn (1): fs/cifs: don't translate SFM_SLASH (U+F026) to backslash Josh Abraham (1): xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage Julian Wiedmann (1): s390/qeth: don't dump past end of unknown HW header Kai-Heng Feng (3): HID: i2c-hid: Don't reset device upon system resume r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED ALSA: hda/realtek - Cannot adjust speaker's volume on Dell XPS 27 7760 Kim Phillips (1): perf annotate: Fix parsing aarch64 branch instructions after objdump update Larry Finger (1): b43: fix DMA error related regression with proprietary firmware Leonard Crestez (1): crypto: mxs-dcp - Fix wait logic on chan threads Lorenzo Bianconi (3): mac80211: do not convert to A-MSDU if frag/subframe limited mac80211: fix an off-by-one issue in A-MSDU max_subframe computation iio: imu: st_lsm6dsx: take into account ts samples in wm configuration Maciej S. Szmigiero (1): r8169: set TxConfig register after TX / RX is enabled, just like RxConfig Martin Liška (1): perf annotate: Properly interpret indirect call Martin Willi (1): netfilter: xt_cluster: add dependency on conntrack module Masahiro Yamada (2): i2c: uniphier: issue STOP only for last message or I2C_M_STOP i2c: uniphier-f: issue STOP only for last message or I2C_M_STOP Mathieu Desnoyers (1): rseq/selftests: fix parametrized test with -fpie Matt Ranostay (1): Revert "iio: temperature: maxim_thermocouple: add MAX31856 part" Michael Hennerich (1): gpio: adp5588: Fix sleep-in-atomic-context bug Michal 'vorner' Vaner (1): netfilter: nfnetlink_queue: Solve the NFQUEUE/conntrack clash for NF_REPEAT Miguel Ojeda (1): arm64: jump_label.h: use asm_volatile_goto macro instead of "asm goto" Mike Christie (1): scsi: iscsi: target: Fix conn_ops double free Mike Snitzer (1): dm thin metadata: fix __udivdi3 undefined on 32-bit Miklos Szeredi (3): vfs: don't evict uninitialized inode ovl: set I_CREATING on inode being created ovl: fix format of setxattr debug Naoya Horiguchi (2): tools/vm/slabinfo.c: fix sign-compare warning tools/vm/page-types.c: fix "defined but not used" warning Nathan Chancellor (1): cpufreq: qcom-kryo: Fix section annotations Netanel Belgazal (6): net: ena: fix surprise unplug NULL dereference kernel crash net: ena: fix driver when PAGE_SIZE == 64kB net: ena: fix device destruction to gracefully free resources net: ena: fix potential double ena_destroy_device() net: ena: fix missing lock during device destruction net: ena: fix missing calls to READ_ONCE Nilesh Javali (1): scsi: qedi: Add the CRC size within iSCSI NVM image Olaf Hering (1): xen: avoid crash in disable_hotplug_cpu Paolo Abeni (1): tc-testing: add test-cases for numeric and invalid control action Paul Mackerras (1): KVM: PPC: Book3S HV: Don't truncate HPTE index in xlate function Peng Li (2): net: hns: add the code for cleaning pkt in chip net: hns: add netif_carrier_off before change speed and duplex Randy Dunlap (3): arch/hexagon: fix kernel/dma.c build warning hexagon: modify ffs() and fls() to return int x86/APM: Fix build warning when PROC_FS is not enabled Ricardo Ribalda Delgado (1): gpiolib: Free the last requested descriptor Rishabh Bhatnagar (1): firmware: Fix security issue with request_firmware_into_buf() Robbie Ko (1): Btrfs: fix unexpected failure of nocow buffered writes after snapshotting when low on space Sabrina Dubroca (2): selftests: pmtu: maximum MTU for vti4 is 2^16-1-20 selftests: pmtu: detect correct binary to ping ipv6 addresses Sagi Grimberg (1): nvmet-rdma: fix possible bogus dereference under heavy load Sandipan Das (1): perf probe powerpc: Ignore SyS symbols irrespective of endianness Sara Sharon (1): mac80211: avoid kernel panic when building AMSDU from non-linear SKB Sean O'Brien (1): HID: add support for Apple Magic Keyboards Shaohua Li (1): md/raid5-cache: disable reshape completely Singh, Brijesh (1): iommu/amd: Clear memory encryption mask from physical address Somnath Kotur (1): bnxt_re: Fix couple of memory leaks that could lead to IOMMU call traces Song Liu (1): ixgbe: check return value of napi_complete_done() Srikar Dronamraju (1): sched/topology: Set correct NUMA topology type Stanislaw Gruszka (1): cfg80211: make wmm_rule part of the reg_rule structure Stefan Raspl (3): tools/kvm_stat: fix python3 issues tools/kvm_stat: fix handling of invalid paths in debugfs provider tools/kvm_stat: fix updates for dead guests Stephen Rothwell (1): fs/cifs: suppress a string overflow warning Sudeep Holla (1): firmware: arm_scmi: fix divide by zero when sustained_perf_level is zero Taehee Yoo (1): netfilter: nf_tables: release chain in flushing set Tao Zhou (1): drm/amdgpu: Fix SDMA hang in prt mode v2 Thomas Falcon (1): ibmvnic: Include missing return code checks in reset function Toke Høiland-Jørgensen (1): mac80211: Run TXQ teardown code before de-registering interfaces Tushar Dave (1): bpf: Fix bpf_msg_pull_data() Varun Prakash (2): scsi: csiostor: add a check for NULL pointer after kmalloc() scsi: csiostor: fix incorrect port capabilities Vincent Pelletier (1): scsi: iscsi: target: Set conn->sess to NULL when iscsi_login_set_conn_values fails Vincent Whitchurch (1): gpio: Fix crash due to registration race Vitaly Kuznetsov (2): xen/manage: don't complain about an empty value in control/sysrq node tools: hv: fcopy: set 'error' in case an unknown operation was requested Waiman Long (1): crypto: qat - Fix KASAN stack-out-of-bounds bug in adf_probe() Wenjia Zhang (1): s390/qeth: use vzalloc for QUERY OAT buffer Will Deacon (1): ARC: atomics: unbork atomic_fetch_##op() Xiao Ni (1): RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0 Yuan-Chi Pang (1): mac80211: mesh: fix HWMP sequence numbering to follow standard YueHaibing (1): nds32: add NULL entry to the end of_device_id array Zong Li (2): nds32: Fix empty call trace nds32: Fix get_user/put_user macro expand pointer problem

6 years, 11 months

1
1
0 0

Linux 4.14.75

by Greg KH

I'm announcing the release of the 4.14.75 kernel. All users of the 4.14 kernel series must upgrade. The updated 4.14.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.14.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arc/include/asm/atomic.h | 2 arch/arm64/include/asm/jump_label.h | 4 arch/hexagon/include/asm/bitops.h | 4 arch/hexagon/kernel/dma.c | 2 arch/powerpc/kvm/book3s_64_mmu_hv.c | 2 arch/x86/events/intel/lbr.c | 4 drivers/crypto/caam/caamalg.c | 8 - drivers/crypto/mxs-dcp.c | 53 +++++----- drivers/crypto/qat/qat_c3xxx/adf_drv.c | 6 - drivers/crypto/qat/qat_c3xxxvf/adf_drv.c | 6 - drivers/crypto/qat/qat_c62x/adf_drv.c | 6 - drivers/crypto/qat/qat_c62xvf/adf_drv.c | 6 - drivers/crypto/qat/qat_dh895xcc/adf_drv.c | 6 - drivers/crypto/qat/qat_dh895xccvf/adf_drv.c | 6 - drivers/gpio/gpio-adp5588.c | 24 +++- drivers/gpio/gpiolib-acpi.c | 86 +++++++++-------- drivers/gpio/gpiolib-of.c | 1 drivers/gpio/gpiolib.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_atpx_handler.c | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 23 ++-- drivers/gpu/drm/amd/powerplay/hwmgr/vega10_powertune.c | 2 drivers/gpu/drm/nouveau/nvkm/engine/disp/dp.c | 17 ++- drivers/gpu/drm/nouveau/nvkm/engine/disp/nv50.c | 6 - drivers/gpu/drm/nouveau/nvkm/engine/disp/outp.c | 2 drivers/gpu/drm/nouveau/nvkm/engine/disp/outp.h | 3 drivers/gpu/drm/nouveau/nvkm/subdev/devinit/gm200.c | 3 drivers/hid/hid-apple.c | 9 + drivers/hid/hid-ids.h | 3 drivers/hid/hid-saitek.c | 2 drivers/hid/hid-sensor-hub.c | 23 ++++ drivers/hv/connection.c | 8 - drivers/i2c/busses/i2c-uniphier-f.c | 7 - drivers/i2c/busses/i2c-uniphier.c | 7 - drivers/iio/temperature/maxim_thermocouple.c | 1 drivers/infiniband/core/ucma.c | 6 + drivers/iommu/amd_iommu.c | 2 drivers/md/dm-raid.c | 5 drivers/md/dm-thin-metadata.c | 34 ++++++ drivers/md/dm-thin.c | 73 ++++++++++++-- drivers/md/raid10.c | 5 drivers/md/raid5-log.h | 5 drivers/md/raid5.c | 6 - drivers/net/ethernet/amazon/ena/ena_com.c | 8 - drivers/net/ethernet/amazon/ena/ena_netdev.c | 10 - drivers/net/ethernet/amazon/ena/ena_netdev.h | 11 ++ drivers/net/ethernet/cadence/macb_main.c | 2 drivers/net/ethernet/hisilicon/hns/hnae.h | 2 drivers/net/ethernet/hisilicon/hns/hns_ae_adapt.c | 67 +++++++++++++ drivers/net/ethernet/hisilicon/hns/hns_dsaf_gmac.c | 36 +++++++ drivers/net/ethernet/hisilicon/hns/hns_dsaf_mac.c | 44 ++++++++ drivers/net/ethernet/hisilicon/hns/hns_dsaf_mac.h | 8 + drivers/net/ethernet/hisilicon/hns/hns_dsaf_main.c | 29 +++++ drivers/net/ethernet/hisilicon/hns/hns_dsaf_main.h | 3 drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.c | 23 ++++ drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.h | 1 drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.c | 23 ++++ drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.h | 1 drivers/net/ethernet/hisilicon/hns/hns_dsaf_reg.h | 1 drivers/net/ethernet/hisilicon/hns/hns_enet.c | 21 +++- drivers/net/ethernet/hisilicon/hns/hns_ethtool.c | 2 drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 12 +- drivers/net/ethernet/mellanox/mlx5/core/dev.c | 7 - drivers/net/ethernet/realtek/r8169.c | 9 + drivers/net/wireless/mac80211_hwsim.c | 8 - drivers/nvme/target/rdma.c | 27 ++++- drivers/s390/net/qeth_core_main.c | 5 drivers/s390/net/qeth_l2_main.c | 2 drivers/s390/net/qeth_l3_main.c | 2 drivers/scsi/csiostor/csio_hw.c | 16 +-- drivers/scsi/qedi/qedi.h | 7 + drivers/scsi/qedi/qedi_main.c | 28 ++--- drivers/target/iscsi/iscsi_target_login.c | 8 - drivers/tty/serial/mvebu-uart.c | 4 drivers/usb/gadget/udc/fotg210-udc.c | 15 +- drivers/usb/misc/yurex.c | 3 drivers/xen/cpu_hotplug.c | 15 +- drivers/xen/events/events_base.c | 2 drivers/xen/manage.c | 6 - fs/btrfs/volumes.c | 7 + fs/cifs/cifs_unicode.c | 3 fs/cifs/cifssmb.c | 11 +- fs/cifs/misc.c | 8 + fs/cifs/smb2ops.c | 2 fs/ocfs2/dlm/dlmmaster.c | 4 fs/overlayfs/namei.c | 2 fs/overlayfs/overlayfs.h | 4 fs/overlayfs/util.c | 3 fs/proc/base.c | 14 ++ fs/xattr.c | 24 ++-- kernel/bpf/verifier.c | 10 + mm/madvise.c | 2 net/mac80211/ibss.c | 22 ++-- net/mac80211/main.c | 28 ++++- net/mac80211/mesh_hwmp.c | 4 net/mac80211/mlme.c | 70 +++++++++++++ net/mac80211/tx.c | 54 +++++----- net/netfilter/nf_tables_api.c | 1 net/netfilter/xt_cluster.c | 14 ++ net/wireless/nl80211.c | 1 net/wireless/util.c | 2 sound/pci/hda/patch_realtek.c | 1 tools/hv/hv_fcopy_daemon.c | 1 tools/kvm/kvm_stat/kvm_stat | 14 ++ tools/perf/arch/powerpc/util/sym-handling.c | 4 tools/perf/util/evsel.c | 5 tools/perf/util/trace-event-info.c | 2 tools/power/x86/turbostat/turbostat.c | 2 tools/vm/page-types.c | 6 - tools/vm/slabinfo.c | 4 110 files changed, 974 insertions(+), 306 deletions(-) Alex Deucher (1): drm/amdgpu: add another ATPX quirk for TOPAZ Amir Goldstein (2): ovl: fix access beyond unterminated strings ovl: fix memory leak on unlink of indexed file Anand Jain (1): btrfs: btrfs_shrink_device should call commit transaction at the end Andreas Gruenbacher (1): sysfs: Do not return POSIX ACL xattrs via listxattr Andy Shevchenko (1): gpiolib: acpi: Switch to cansleep version of GPIO library call Anton Vasilyev (1): usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i] Arunk Khandavalli (1): cfg80211: nl80211_update_ft_ies() to validate NL80211_ATTR_IE Ashish Samant (1): ocfs2: fix locking for res->tracking and dlm->tracking_list Aurelien Aptel (1): smb2: fix missing files in root share directory listing Ben Hutchings (1): USB: yurex: Check for truncation in yurex_read() Ben Skeggs (2): drm/nouveau/TBDdevinit: don't fail when PMU/PRE_OS is missing from VBIOS drm/nouveau/disp: fix DP disable race Chris Phlipot (1): perf util: Fix bad memory access in trace info. Christian König (1): drm/amdgpu: fix error handling in amdgpu_cs_user_fence_chunk Colin Ian King (1): drm/amd/pp: initialize result to before or'ing in data Dan Carpenter (2): cfg80211: fix a type issue in ieee80211_chandef_to_operating_class() cifs: read overflow in is_valid_oplock_break() Danek Duvall (2): mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X mac80211_hwsim: correct use of IEEE80211_VHT_CAP_RXSTBC_X Daniel Black (1): mm: madvise(MADV_DODUMP): allow hugetlbfs pages Daniel Jurgens (1): net/mlx5: Consider PCI domain in search for next dev Dexuan Cui (1): Drivers: hv: vmbus: Use get/put_cpu() in vmbus_connect() Emmanuel Grumbach (3): mac80211: fix a race between restart and CSA flows mac80211: don't Tx a deauth frame if the AP forbade Tx mac80211: shorten the IBSS debug messages Greg Kroah-Hartman (1): Linux 4.14.75 Hans de Goede (2): gpiolib-acpi: Register GpioInt ACPI event handlers from a late_initcall HID: sensor-hub: Restore fixup for Lenovo ThinkPad Helix 2 sensor hub report Harry Mallon (1): HID: hid-saitek: Add device ID for RAT 7 Contagion Heinz Mauelshagen (1): dm raid: fix rebuild of specific devices by updating superblock Hisao Tanabe (1): perf evsel: Fix potential null pointer dereference in perf_evsel__new_idx() Horia Geantă (1): crypto: caam/jr - fix ablkcipher_edesc pointer arithmetic Ilan Peer (1): mac80211: Fix station bandwidth setting after channel switch Jacek Tomaka (1): perf/x86/intel: Add support/quirk for the MISPREDICT bit on Knights Landing CPUs Jan Kiszka (1): serial: mvebu-uart: Fix reporting of effective CSIZE to userspace Jann Horn (3): bpf: 32-bit RSH verification must truncate input before the ALU op RDMA/ucma: check fd type in ucma_migrate_id() proc: restrict kernel stack dumps to root Jia-Ju Bai (1): net: cadence: Fix a sleep-in-atomic-context bug in macb_halt_tx() Joe Thornber (1): dm thin metadata: try to avoid ever aborting transactions Johannes Berg (2): mac80211_hwsim: require at least one channel mac80211: always account for A-MSDU header changes Jon Kuhn (1): fs/cifs: don't translate SFM_SLASH (U+F026) to backslash Josh Abraham (1): xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage Julian Wiedmann (1): s390/qeth: don't dump past end of unknown HW header Kai-Heng Feng (2): r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED ALSA: hda/realtek - Cannot adjust speaker's volume on Dell XPS 27 7760 Len Brown (1): tools/power turbostat: fix possible sprintf buffer overflow Leonard Crestez (1): crypto: mxs-dcp - Fix wait logic on chan threads Lorenzo Bianconi (2): mac80211: do not convert to A-MSDU if frag/subframe limited mac80211: fix an off-by-one issue in A-MSDU max_subframe computation Martin Willi (1): netfilter: xt_cluster: add dependency on conntrack module Masahiro Yamada (2): i2c: uniphier: issue STOP only for last message or I2C_M_STOP i2c: uniphier-f: issue STOP only for last message or I2C_M_STOP Matt Ranostay (1): Revert "iio: temperature: maxim_thermocouple: add MAX31856 part" Michael Hennerich (1): gpio: adp5588: Fix sleep-in-atomic-context bug Miguel Ojeda (1): arm64: jump_label.h: use asm_volatile_goto macro instead of "asm goto" Mike Snitzer (1): dm thin metadata: fix __udivdi3 undefined on 32-bit Miklos Szeredi (1): ovl: fix format of setxattr debug Naoya Horiguchi (2): tools/vm/slabinfo.c: fix sign-compare warning tools/vm/page-types.c: fix "defined but not used" warning Netanel Belgazal (2): net: ena: fix driver when PAGE_SIZE == 64kB net: ena: fix missing calls to READ_ONCE Nilesh Javali (1): scsi: qedi: Add the CRC size within iSCSI NVM image Olaf Hering (1): xen: avoid crash in disable_hotplug_cpu Paul Mackerras (1): KVM: PPC: Book3S HV: Don't truncate HPTE index in xlate function Peng Li (2): net: hns: add the code for cleaning pkt in chip net: hns: add netif_carrier_off before change speed and duplex Randy Dunlap (2): arch/hexagon: fix kernel/dma.c build warning hexagon: modify ffs() and fls() to return int Ricardo Ribalda Delgado (1): gpiolib: Free the last requested descriptor Sagi Grimberg (1): nvmet-rdma: fix possible bogus dereference under heavy load Sandipan Das (1): perf probe powerpc: Ignore SyS symbols irrespective of endianness Sara Sharon (1): mac80211: avoid kernel panic when building AMSDU from non-linear SKB Sean O'Brien (1): HID: add support for Apple Magic Keyboards Shaohua Li (1): md/raid5-cache: disable reshape completely Singh, Brijesh (1): iommu/amd: Clear memory encryption mask from physical address Song Liu (1): ixgbe: check return value of napi_complete_done() Stefan Raspl (2): tools/kvm_stat: fix python3 issues tools/kvm_stat: fix handling of invalid paths in debugfs provider Stephen Rothwell (1): fs/cifs: suppress a string overflow warning Taehee Yoo (1): netfilter: nf_tables: release chain in flushing set Toke Høiland-Jørgensen (1): mac80211: Run TXQ teardown code before de-registering interfaces Varun Prakash (1): scsi: csiostor: add a check for NULL pointer after kmalloc() Vincent Pelletier (1): scsi: iscsi: target: Set conn->sess to NULL when iscsi_login_set_conn_values fails Vincent Whitchurch (1): gpio: Fix crash due to registration race Vitaly Kuznetsov (2): xen/manage: don't complain about an empty value in control/sysrq node tools: hv: fcopy: set 'error' in case an unknown operation was requested Waiman Long (1): crypto: qat - Fix KASAN stack-out-of-bounds bug in adf_probe() Wenjia Zhang (1): s390/qeth: use vzalloc for QUERY OAT buffer Will Deacon (1): ARC: atomics: unbork atomic_fetch_##op() Xiao Ni (1): RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0 Yuan-Chi Pang (1): mac80211: mesh: fix HWMP sequence numbering to follow standard

6 years, 11 months

1
1
0 0

Linux 4.9.132

by Greg KH

I'm announcing the release of the 4.9.132 kernel. All users of the 4.9 kernel series must upgrade. The updated 4.9.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.9.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arc/include/asm/atomic.h | 2 arch/arm64/include/asm/jump_label.h | 4 - arch/hexagon/include/asm/bitops.h | 4 - arch/hexagon/kernel/dma.c | 2 arch/powerpc/kvm/book3s_64_mmu_hv.c | 2 arch/x86/events/intel/lbr.c | 4 + drivers/crypto/mxs-dcp.c | 53 ++++++++------ drivers/crypto/qat/qat_c3xxx/adf_drv.c | 6 - drivers/crypto/qat/qat_c3xxxvf/adf_drv.c | 6 - drivers/crypto/qat/qat_c62x/adf_drv.c | 6 - drivers/crypto/qat/qat_c62xvf/adf_drv.c | 6 - drivers/crypto/qat/qat_dh895xcc/adf_drv.c | 6 - drivers/crypto/qat/qat_dh895xccvf/adf_drv.c | 6 - drivers/gpio/gpio-adp5588.c | 24 +++++- drivers/gpio/gpiolib-of.c | 1 drivers/gpio/gpiolib.c | 2 drivers/gpu/drm/nouveau/nvkm/subdev/devinit/gm200.c | 3 drivers/hid/hid-apple.c | 9 ++ drivers/hid/hid-ids.h | 3 drivers/hid/hid-saitek.c | 2 drivers/i2c/busses/i2c-uniphier-f.c | 7 - drivers/i2c/busses/i2c-uniphier.c | 7 - drivers/infiniband/core/ucma.c | 6 + drivers/md/dm-raid.c | 5 + drivers/md/dm-thin-metadata.c | 34 +++++++++ drivers/md/dm-thin.c | 73 +++++++++++++++++--- drivers/md/raid10.c | 5 + drivers/net/ethernet/amazon/ena/ena_netdev.c | 10 +- drivers/net/ethernet/amazon/ena/ena_netdev.h | 11 +++ drivers/net/ethernet/cadence/macb.c | 2 drivers/net/ethernet/hisilicon/hns/hns_ethtool.c | 2 drivers/net/ethernet/mellanox/mlx5/core/dev.c | 7 + drivers/net/ethernet/realtek/r8169.c | 9 +- drivers/net/wireless/mac80211_hwsim.c | 3 drivers/nvme/target/rdma.c | 27 ++++++- drivers/s390/net/qeth_core_main.c | 5 - drivers/s390/net/qeth_l2_main.c | 2 drivers/s390/net/qeth_l3_main.c | 2 drivers/tty/serial/mvebu-uart.c | 4 - drivers/usb/gadget/udc/fotg210-udc.c | 15 ++-- drivers/usb/misc/yurex.c | 3 drivers/xen/cpu_hotplug.c | 15 ++-- drivers/xen/events/events_base.c | 2 drivers/xen/manage.c | 6 + fs/cifs/cifs_unicode.c | 3 fs/cifs/cifssmb.c | 11 ++- fs/cifs/misc.c | 8 ++ fs/cifs/smb2ops.c | 2 fs/ocfs2/dlm/dlmmaster.c | 4 - fs/proc/base.c | 14 +++ fs/xattr.c | 24 +++--- include/linux/jiffies.h | 2 kernel/time/time.c | 10 ++ kernel/time/timeconst.bc | 6 + mm/madvise.c | 2 net/mac80211/ibss.c | 22 +++--- net/mac80211/main.c | 28 ++++++- net/mac80211/mesh_hwmp.c | 4 + net/mac80211/mlme.c | 70 ++++++++++++++++++- net/wireless/nl80211.c | 1 net/wireless/util.c | 2 sound/pci/hda/patch_realtek.c | 1 tools/perf/arch/powerpc/util/sym-handling.c | 4 - tools/perf/util/evsel.c | 5 - tools/vm/page-types.c | 6 - tools/vm/slabinfo.c | 4 - 67 files changed, 483 insertions(+), 165 deletions(-) Andreas Gruenbacher (1): sysfs: Do not return POSIX ACL xattrs via listxattr Anton Vasilyev (1): usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i] Arunk Khandavalli (1): cfg80211: nl80211_update_ft_ies() to validate NL80211_ATTR_IE Ashish Samant (1): ocfs2: fix locking for res->tracking and dlm->tracking_list Aurelien Aptel (1): smb2: fix missing files in root share directory listing Ben Hutchings (1): USB: yurex: Check for truncation in yurex_read() Ben Skeggs (1): drm/nouveau/TBDdevinit: don't fail when PMU/PRE_OS is missing from VBIOS Dan Carpenter (2): cfg80211: fix a type issue in ieee80211_chandef_to_operating_class() cifs: read overflow in is_valid_oplock_break() Danek Duvall (2): mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X mac80211_hwsim: correct use of IEEE80211_VHT_CAP_RXSTBC_X Daniel Black (1): mm: madvise(MADV_DODUMP): allow hugetlbfs pages Daniel Jurgens (1): net/mlx5: Consider PCI domain in search for next dev Emmanuel Grumbach (3): mac80211: fix a race between restart and CSA flows mac80211: don't Tx a deauth frame if the AP forbade Tx mac80211: shorten the IBSS debug messages Frederic Weisbecker (1): time: Introduce jiffies64_to_nsecs() Greg Kroah-Hartman (1): Linux 4.9.132 Harry Mallon (1): HID: hid-saitek: Add device ID for RAT 7 Contagion Heinz Mauelshagen (1): dm raid: fix rebuild of specific devices by updating superblock Hisao Tanabe (1): perf evsel: Fix potential null pointer dereference in perf_evsel__new_idx() Ilan Peer (1): mac80211: Fix station bandwidth setting after channel switch Jacek Tomaka (1): perf/x86/intel: Add support/quirk for the MISPREDICT bit on Knights Landing CPUs Jan Kiszka (1): serial: mvebu-uart: Fix reporting of effective CSIZE to userspace Jann Horn (2): RDMA/ucma: check fd type in ucma_migrate_id() proc: restrict kernel stack dumps to root Jia-Ju Bai (1): net: cadence: Fix a sleep-in-atomic-context bug in macb_halt_tx() Joe Thornber (1): dm thin metadata: try to avoid ever aborting transactions Jon Kuhn (1): fs/cifs: don't translate SFM_SLASH (U+F026) to backslash Josh Abraham (1): xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage Julian Wiedmann (1): s390/qeth: don't dump past end of unknown HW header Kai-Heng Feng (2): r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED ALSA: hda/realtek - Cannot adjust speaker's volume on Dell XPS 27 7760 Leonard Crestez (1): crypto: mxs-dcp - Fix wait logic on chan threads Masahiro Yamada (2): i2c: uniphier: issue STOP only for last message or I2C_M_STOP i2c: uniphier-f: issue STOP only for last message or I2C_M_STOP Michael Hennerich (1): gpio: adp5588: Fix sleep-in-atomic-context bug Miguel Ojeda (1): arm64: jump_label.h: use asm_volatile_goto macro instead of "asm goto" Mike Snitzer (1): dm thin metadata: fix __udivdi3 undefined on 32-bit Naoya Horiguchi (2): tools/vm/slabinfo.c: fix sign-compare warning tools/vm/page-types.c: fix "defined but not used" warning Netanel Belgazal (1): net: ena: fix driver when PAGE_SIZE == 64kB Olaf Hering (1): xen: avoid crash in disable_hotplug_cpu Paul Mackerras (1): KVM: PPC: Book3S HV: Don't truncate HPTE index in xlate function Peng Li (1): net: hns: add netif_carrier_off before change speed and duplex Randy Dunlap (2): arch/hexagon: fix kernel/dma.c build warning hexagon: modify ffs() and fls() to return int Ricardo Ribalda Delgado (1): gpiolib: Free the last requested descriptor Sagi Grimberg (1): nvmet-rdma: fix possible bogus dereference under heavy load Sandipan Das (1): perf probe powerpc: Ignore SyS symbols irrespective of endianness Sean O'Brien (1): HID: add support for Apple Magic Keyboards Stephen Rothwell (1): fs/cifs: suppress a string overflow warning Toke Høiland-Jørgensen (1): mac80211: Run TXQ teardown code before de-registering interfaces Vincent Whitchurch (1): gpio: Fix crash due to registration race Vitaly Kuznetsov (1): xen/manage: don't complain about an empty value in control/sysrq node Waiman Long (1): crypto: qat - Fix KASAN stack-out-of-bounds bug in adf_probe() Wenjia Zhang (1): s390/qeth: use vzalloc for QUERY OAT buffer Will Deacon (1): ARC: atomics: unbork atomic_fetch_##op() Xiao Ni (1): RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0 Yuan-Chi Pang (1): mac80211: mesh: fix HWMP sequence numbering to follow standard

6 years, 11 months

1
1
0 0

Linux 4.4.160

by Greg KH

I'm announcing the release of the 4.4.160 kernel. All users of the 4.4 kernel series must upgrade. The updated 4.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.4.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/hwmon/ina2xx | 2 Makefile | 2 arch/arm/boot/dts/dra7.dtsi | 4 - arch/arm/mach-mvebu/pmsu.c | 6 - arch/arm64/include/asm/cpufeature.h | 8 +- arch/arm64/include/asm/jump_label.h | 4 - arch/arm64/include/asm/kvm_emulate.h | 5 + arch/arm64/include/asm/sysreg.h | 1 arch/arm64/kernel/cpufeature.c | 8 ++ arch/arm64/kvm/guest.c | 55 ++++++++++++++- arch/hexagon/include/asm/bitops.h | 4 - arch/hexagon/kernel/dma.c | 2 arch/powerpc/kernel/machine_kexec.c | 7 + arch/powerpc/kvm/book3s_64_mmu_hv.c | 2 arch/powerpc/platforms/powernv/pci-ioda.c | 2 arch/s390/mm/extmem.c | 4 - arch/x86/entry/entry_64.S | 4 - arch/x86/kernel/tsc_msr.c | 1 arch/x86/mm/numa_emulation.c | 2 crypto/ablkcipher.c | 2 crypto/blkcipher.c | 1 drivers/block/floppy.c | 3 drivers/bluetooth/btusb.c | 1 drivers/crypto/mxs-dcp.c | 53 ++++++++------ drivers/edac/i7core_edac.c | 22 ++++-- drivers/gpio/gpio-adp5588.c | 24 +++++- drivers/gpu/drm/nouveau/nvkm/subdev/devinit/gm204.c | 3 drivers/hid/hid-ntrig.c | 2 drivers/hwmon/adt7475.c | 14 ++- drivers/hwmon/ina2xx.c | 13 +++ drivers/i2c/busses/i2c-i801.c | 9 ++ drivers/i2c/busses/i2c-uniphier-f.c | 7 - drivers/i2c/busses/i2c-uniphier.c | 7 - drivers/infiniband/core/ucma.c | 6 + drivers/infiniband/ulp/srp/ib_srp.c | 6 - drivers/input/mouse/elantech.c | 2 drivers/md/dm-thin-metadata.c | 34 +++++++++ drivers/md/dm-thin.c | 73 +++++++++++++++++--- drivers/md/md-cluster.c | 19 ++--- drivers/md/raid10.c | 5 + drivers/media/i2c/soc_camera/ov772x.c | 2 drivers/media/platform/exynos4-is/fimc-isp-video.c | 11 ++- drivers/media/platform/fsl-viu.c | 38 ++++++---- drivers/media/platform/omap3isp/isp.c | 2 drivers/media/platform/s3c-camif/camif-capture.c | 2 drivers/media/usb/tm6000/tm6000-dvb.c | 5 + drivers/media/usb/uvc/uvc_video.c | 24 ++++-- drivers/media/v4l2-core/v4l2-event.c | 37 +++++----- drivers/media/v4l2-core/v4l2-fh.c | 2 drivers/misc/tsl2550.c | 2 drivers/misc/vmw_vmci/vmci_queue_pair.c | 4 - drivers/net/ethernet/cadence/macb.c | 2 drivers/net/ethernet/hisilicon/hns/hnae.h | 6 - drivers/net/ethernet/intel/e1000/e1000_ethtool.c | 7 + drivers/net/ethernet/realtek/r8169.c | 9 +- drivers/net/wireless/ath/ath10k/htt_rx.c | 5 + drivers/net/wireless/mac80211_hwsim.c | 3 drivers/net/wireless/rndis_wlan.c | 2 drivers/net/wireless/ti/wlcore/cmd.c | 6 + drivers/power/reset/vexpress-poweroff.c | 12 ++- drivers/s390/net/qeth_l2_main.c | 2 drivers/s390/net/qeth_l3_main.c | 2 drivers/scsi/bnx2i/bnx2i_hwi.c | 2 drivers/scsi/ibmvscsi/ibmvscsi.c | 4 - drivers/spi/spi-rspi.c | 34 ++++++++- drivers/spi/spi-sh-msiof.c | 28 +++++++ drivers/spi/spi-tegra20-slink.c | 31 ++++++-- drivers/staging/android/ashmem.c | 6 + drivers/staging/rts5208/sd.c | 2 drivers/target/iscsi/iscsi_target_auth.c | 15 ---- drivers/target/iscsi/iscsi_target_tpg.c | 3 drivers/thermal/of-thermal.c | 7 + drivers/tty/serial/8250/serial_cs.c | 6 + drivers/tty/serial/cpm_uart/cpm_uart_core.c | 10 +- drivers/tty/serial/imx.c | 8 ++ drivers/usb/class/cdc-wdm.c | 2 drivers/usb/core/devio.c | 24 +++++- drivers/usb/core/driver.c | 28 +++---- drivers/usb/core/usb.c | 2 drivers/usb/gadget/udc/fotg210-udc.c | 15 ++-- drivers/usb/misc/yurex.c | 3 drivers/usb/serial/kobil_sct.c | 12 ++- drivers/usb/wusbcore/security.c | 2 drivers/uwb/hwa-rc.c | 1 drivers/xen/cpu_hotplug.c | 15 ++-- drivers/xen/events/events_base.c | 2 drivers/xen/manage.c | 6 + fs/cifs/cifs_unicode.c | 3 fs/cifs/cifssmb.c | 11 ++- fs/cifs/misc.c | 8 ++ fs/cifs/smb2ops.c | 2 fs/ext4/xattr.c | 5 + fs/nfsd/nfs4proc.c | 1 fs/ocfs2/dlm/dlmmaster.c | 4 - fs/proc/base.c | 14 +++ include/linux/platform_data/ina2xx.h | 2 include/linux/slub_def.h | 3 include/media/v4l2-fh.h | 1 kernel/module.c | 6 + kernel/time/alarmtimer.c | 3 lib/klist.c | 10 +- mm/madvise.c | 2 mm/slub.c | 6 - net/6lowpan/iphc.c | 1 net/mac80211/ibss.c | 22 +++--- net/mac80211/main.c | 26 +++++-- net/mac80211/mesh_hwmp.c | 4 + net/mac80211/mlme.c | 53 ++++++++++++++ net/wireless/nl80211.c | 1 net/wireless/util.c | 2 sound/aoa/core/gpio-feature.c | 4 - sound/pci/hda/hda_intel.c | 3 sound/pci/hda/patch_realtek.c | 1 sound/soc/soc-dapm.c | 7 + tools/perf/arch/powerpc/util/sym-handling.c | 4 - tools/vm/page-types.c | 6 - tools/vm/slabinfo.c | 4 - 117 files changed, 815 insertions(+), 286 deletions(-) Aaron Ma (1): Input: elantech - enable middle button of touchpad on ThinkPad P72 Akinobu Mita (2): media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power media: soc_camera: ov772x: correct setting of banding filter Alan Stern (3): USB: fix error handling in usb_driver_claim_interface() USB: handle NULL config in usb_find_alt_setting() USB: remove LPM management from usb_driver_claim_interface() Alexey Dobriyan (1): slub: make ->cpu_partial unsigned int Alexey Kardashevskiy (1): powerpc/powernv/ioda2: Reduce upper limit for DMA window size Alexey Khoroshilov (1): media: fsl-viu: fix error handling in viu_of_probe() Alistair Strachan (1): staging: android: ashmem: Fix mmap size validation Andy Shevchenko (1): x86/tsc: Add missing header to tsc_msr.c Andy Whitcroft (1): floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl Anson Huang (1): thermal: of-thermal: disable passive polling when thermal zone is disabled Anton Vasilyev (2): uwb: hwa-rc: fix memory leak at probe usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i] Arunk Khandavalli (1): cfg80211: nl80211_update_ft_ies() to validate NL80211_ATTR_IE Ashish Samant (1): ocfs2: fix locking for res->tracking and dlm->tracking_list Aurelien Aptel (1): smb2: fix missing files in root share directory listing Bart Van Assche (3): scsi: target/iscsi: Make iscsit_ta_authentication() respect the output buffer size scsi: klist: Make it safe to use klists in atomic context IB/srp: Avoid that sg_reset -d ${srp_device} triggers an infinite loop Ben Greear (1): ath10k: protect ath10k_htt_rx_ring_free with rx_ring.lock Ben Hutchings (1): USB: yurex: Check for truncation in yurex_read() Ben Skeggs (1): drm/nouveau/TBDdevinit: don't fail when PMU/PRE_OS is missing from VBIOS Bo Chen (2): e1000: check on netif_running() before calling e1000_up() e1000: ensure to free old tx/rx rings in set_ringparam() Breno Leitao (1): scsi: ibmvscsi: Improve strings handling Christophe Leroy (1): serial: cpm_uart: return immediately from console poll Colin Ian King (1): staging: rts5208: fix missing error check on call to rtsx_write_register Dan Carpenter (5): vmci: type promotion bug in qp_host_get_user_memory() rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication() hwmon: (adt7475) Make adt7475_read_word() return errors cfg80211: fix a type issue in ieee80211_chandef_to_operating_class() cifs: read overflow in is_valid_oplock_break() Dan Williams (1): x86/numa_emulation: Fix emulated-to-physical node mapping Danek Duvall (2): mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X mac80211_hwsim: correct use of IEEE80211_VHT_CAP_RXSTBC_X Daniel Black (1): mm: madvise(MADV_DODUMP): allow hugetlbfs pages Dave Martin (1): arm64: KVM: Tighten guest core register access from userspace Emmanuel Grumbach (2): mac80211: fix a race between restart and CSA flows mac80211: shorten the IBSS debug messages Ethan Tuttle (1): ARM: mvebu: declare asm symbols as character arrays in pmsu.c Gaku Inami (1): spi: sh-msiof: Fix invalid SPI use during system suspend Geert Uytterhoeven (2): spi: rspi: Fix invalid SPI use during system suspend spi: rspi: Fix interrupted DMA transfers Greg Kroah-Hartman (1): Linux 4.4.160 Guoqing Jiang (1): md-cluster: clear another node's suspend_area after the copy is finished Hari Bathini (1): powerpc/kdump: Handle crashkernel memory reservation failure Hiromitsu Yamasaki (1): spi: sh-msiof: Fix handling of write value for SISTR register Huazhong Tan (1): net: hns: fix length and page_offset overflow when CONFIG_ARM64_64K_PAGES Ilan Peer (1): mac80211: Fix station bandwidth setting after channel switch J. Bruce Fields (1): nfsd: fix corrupted reply to badly ordered compound Jan Beulich (1): x86/entry/64: Add two more instruction suffixes Jann Horn (2): RDMA/ucma: check fd type in ucma_migrate_id() proc: restrict kernel stack dumps to root Javier Martinez Canillas (1): media: omap3isp: zero-initialize the isp cam_xclk{a,b} initial data Jessica Yu (1): module: exclude SHN_UNDEF symbols from kallsyms api Jia-Ju Bai (1): net: cadence: Fix a sleep-in-atomic-context bug in macb_halt_tx() Jian-Hong Pan (1): Bluetooth: Add a new Realtek 8723DE ID 0bda:b009 Joe Thornber (1): dm thin metadata: try to avoid ever aborting transactions Johan Hovold (2): USB: serial: kobil_sct: fix modem-status error handling EDAC, i7core: Fix memleaks and use-after-free on probe and remove Jon Kuhn (1): fs/cifs: don't translate SFM_SLASH (U+F026) to backslash Josh Abraham (1): xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage Julia Lawall (1): usb: wusbcore: security: cast sizeof to int for comparison Julian Wiedmann (1): s390/qeth: don't dump past end of unknown HW header Kai-Heng Feng (3): ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED ALSA: hda/realtek - Cannot adjust speaker's volume on Dell XPS 27 7760 Kevin Hilman (1): ARM: dts: dra7: fix DCAN node addresses Leonard Crestez (1): crypto: mxs-dcp - Fix wait logic on chan threads Liam Girdwood (1): ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs Lothar Felten (1): hwmon: (ina2xx) fix sysfs shunt resistor read access Marc Zyngier (1): arm64: KVM: Sanitize PSTATE.M when being set from userspace Marcel Ziswiler (1): spi: tegra20-slink: explicitly enable/disable clock Masahiro Yamada (2): i2c: uniphier: issue STOP only for last message or I2C_M_STOP i2c: uniphier-f: issue STOP only for last message or I2C_M_STOP Matt Ranostay (1): tsl2550: fix lux1_input error in low light Michael Hennerich (1): gpio: adp5588: Fix sleep-in-atomic-context bug Michael Scott (1): 6lowpan: iphc: reset mac_header after decompress to fix panic Miguel Ojeda (1): arm64: jump_label.h: use asm_volatile_goto macro instead of "asm goto" Mika Westerberg (1): i2c: i801: Allow ACPI AML access I/O ports not reserved for SMBus Mike Snitzer (1): dm thin metadata: fix __udivdi3 undefined on 32-bit Naoya Horiguchi (2): tools/vm/slabinfo.c: fix sign-compare warning tools/vm/page-types.c: fix "defined but not used" warning Nicholas Mc Guire (1): ALSA: snd-aoa: add of_node_put() in error path Olaf Hering (1): xen: avoid crash in disable_hotplug_cpu Oliver Neukum (2): USB: usbdevfs: sanitize flags more USB: usbdevfs: restore warning for nonsensical flags Paul Mackerras (1): KVM: PPC: Book3S HV: Don't truncate HPTE index in xlate function Randy Dunlap (2): arch/hexagon: fix kernel/dma.c build warning hexagon: modify ffs() and fls() to return int Sakari Ailus (1): media: v4l: event: Prevent freeing event subscriptions while accessed Sandipan Das (1): perf probe powerpc: Ignore SyS symbols irrespective of endianness Sebastian Andrzej Siewior (1): Revert "usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt()" Stafford Horne (1): crypto: skcipher - Fix -Wstringop-truncation warnings Stephen Rothwell (1): fs/cifs: suppress a string overflow warning Sudeep Holla (1): power: vexpress: fix corruption in notifier registration Suzuki K Poulose (1): arm64: cpufeature: Track 32bit EL0 support Sylwester Nawrocki (1): media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt() Theodore Ts'o (1): ext4: never move the system.data xattr out of the inode body Thomas Gleixner (1): alarmtimer: Prevent overflow for relative nanosleep Tony Lindgren (1): wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout() Uwe Kleine-König (1): serial: imx: restore handshaking irq for imx1 Vasily Gorbik (1): s390/extmem: fix gcc 8 stringop-overflow warning Vincent Pelletier (1): scsi: target: iscsi: Use bin2hex instead of a re-implementation Vitaly Kuznetsov (1): xen/manage: don't complain about an empty value in control/sysrq node Xiao Ni (1): RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0 Yuan-Chi Pang (1): mac80211: mesh: fix HWMP sequence numbering to follow standard Zhouyang Jia (4): drivers/tty: add error handling for pcmcia_loop_config media: tm6000: add error handling for dvb_register_adapter HID: hid-ntrig: add error handling for sysfs_create_group scsi: bnx2i: add error handling for ioremap_nocache ming_qian (1): media: uvcvideo: Support realtek's UVC 1.5 device

6 years, 11 months

1
1
0 0

[PATCH] xen/balloon: Support xend-based toolstack

by Boris Ostrovsky

Xend-based toolstacks don't have static-max entry in xenstore. The equivalent node for those toolstacks is memory_static_max. Fixes: 5266b8e4445c (xen: fix booting ballooned down hvm guest) Signed-off-by: Boris Ostrovsky <boris.ostrovsky(a)oracle.com> Cc: <stable(a)vger.kernel.org> # 4.13 --- drivers/xen/xen-balloon.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/drivers/xen/xen-balloon.c b/drivers/xen/xen-balloon.c index 63c1494a8d73..2acbfe104e46 100644 --- a/drivers/xen/xen-balloon.c +++ b/drivers/xen/xen-balloon.c @@ -76,12 +76,15 @@ static void watch_target(struct xenbus_watch *watch, if (!watch_fired) { watch_fired = true; - err = xenbus_scanf(XBT_NIL, "memory", "static-max", "%llu", - &static_max); - if (err != 1) - static_max = new_target; - else + + if ((xenbus_scanf(XBT_NIL, "memory", "static-max", + "%llu", &static_max) == 1) || + (xenbus_scanf(XBT_NIL, "memory", "memory_static_max", + "%llu", &static_max) == 1)) static_max >>= PAGE_SHIFT - 10; + else + static_max = new_target; + target_diff = (xen_pv_domain() || xen_initial_domain()) ? 0 : static_max - balloon_stats.target_pages; } -- 2.17.1

6 years, 11 months

2
2
0 0

[PATCH] mm: Preserve _PAGE_DEVMAP across mprotect() calls

by Jan Kara

Currently _PAGE_DEVMAP bit is not preserved in mprotect(2) calls. As a result we will see warnings such as: BUG: Bad page map in process JobWrk0013 pte:800001803875ea25 pmd:7624381067 addr:00007f0930720000 vm_flags:280000f9 anon_vma: (null) mapping:ffff97f2384056f0 index:0 file:457-000000fe00000030-00000009-000000ca-00000001_2001.fileblock fault:xfs_filemap_fault [xfs] mmap:xfs_file_mmap [xfs] readpage: (null) CPU: 3 PID: 15848 Comm: JobWrk0013 Tainted: G W 4.12.14-2.g7573215-default #1 SLE12-SP4 (unreleased) Hardware name: Intel Corporation S2600WFD/S2600WFD, BIOS SE5C620.86B.01.00.0833.051120182255 05/11/2018 Call Trace: dump_stack+0x5a/0x75 print_bad_pte+0x217/0x2c0 ? enqueue_task_fair+0x76/0x9f0 _vm_normal_page+0xe5/0x100 zap_pte_range+0x148/0x740 unmap_page_range+0x39a/0x4b0 unmap_vmas+0x42/0x90 unmap_region+0x99/0xf0 ? vma_gap_callbacks_rotate+0x1a/0x20 do_munmap+0x255/0x3a0 vm_munmap+0x54/0x80 SyS_munmap+0x1d/0x30 do_syscall_64+0x74/0x150 entry_SYSCALL_64_after_hwframe+0x3d/0xa2 ... when mprotect(2) gets used on DAX mappings. Also there is a wide variety of other failures that can result from the missing _PAGE_DEVMAP flag when the area gets used by get_user_pages() later. Fix the problem by including _PAGE_DEVMAP in a set of flags that get preserved by mprotect(2). Fixes: 69660fd797c3 ("x86, mm: introduce _PAGE_DEVMAP") Fixes: ebd31197931d ("powerpc/mm: Add devmap support for ppc64") CC: stable(a)vger.kernel.org Signed-off-by: Jan Kara <jack(a)suse.cz> --- arch/powerpc/include/asm/book3s/64/pgtable.h | 4 ++-- arch/x86/include/asm/pgtable_types.h | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/powerpc/include/asm/book3s/64/pgtable.h b/arch/powerpc/include/asm/book3s/64/pgtable.h index 2fdc865ca374..2a2486526d1f 100644 --- a/arch/powerpc/include/asm/book3s/64/pgtable.h +++ b/arch/powerpc/include/asm/book3s/64/pgtable.h @@ -114,7 +114,7 @@ */ #define _HPAGE_CHG_MASK (PTE_RPN_MASK | _PAGE_HPTEFLAGS | _PAGE_DIRTY | \ _PAGE_ACCESSED | H_PAGE_THP_HUGE | _PAGE_PTE | \ - _PAGE_SOFT_DIRTY) + _PAGE_SOFT_DIRTY | _PAGE_DEVMAP) /* * user access blocked by key */ @@ -132,7 +132,7 @@ */ #define _PAGE_CHG_MASK (PTE_RPN_MASK | _PAGE_HPTEFLAGS | _PAGE_DIRTY | \ _PAGE_ACCESSED | _PAGE_SPECIAL | _PAGE_PTE | \ - _PAGE_SOFT_DIRTY) + _PAGE_SOFT_DIRTY | _PAGE_DEVMAP) #define H_PTE_PKEY (H_PTE_PKEY_BIT0 | H_PTE_PKEY_BIT1 | H_PTE_PKEY_BIT2 | \ H_PTE_PKEY_BIT3 | H_PTE_PKEY_BIT4) diff --git a/arch/x86/include/asm/pgtable_types.h b/arch/x86/include/asm/pgtable_types.h index b64acb08a62b..106b7d0e2dae 100644 --- a/arch/x86/include/asm/pgtable_types.h +++ b/arch/x86/include/asm/pgtable_types.h @@ -124,7 +124,7 @@ */ #define _PAGE_CHG_MASK (PTE_PFN_MASK | _PAGE_PCD | _PAGE_PWT | \ _PAGE_SPECIAL | _PAGE_ACCESSED | _PAGE_DIRTY | \ - _PAGE_SOFT_DIRTY) + _PAGE_SOFT_DIRTY | _PAGE_DEVMAP) #define _HPAGE_CHG_MASK (_PAGE_CHG_MASK | _PAGE_PSE) /* -- 2.16.4

6 years, 11 months

4
4
0 0

[PATCH 4.14 00/94] 4.14.75-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.14.75 release. There are 94 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed Oct 10 17:55:37 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.75-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.14.75-rc1 Song Liu <songliubraving(a)fb.com> ixgbe: check return value of napi_complete_done() Ashish Samant <ashish.samant(a)oracle.com> ocfs2: fix locking for res->tracking and dlm->tracking_list Jann Horn <jannh(a)google.com> proc: restrict kernel stack dumps to root Vitaly Kuznetsov <vkuznets(a)redhat.com> tools: hv: fcopy: set 'error' in case an unknown operation was requested Dexuan Cui <decui(a)microsoft.com> Drivers: hv: vmbus: Use get/put_cpu() in vmbus_connect() Ricardo Ribalda Delgado <ricardo.ribalda(a)gmail.com> gpiolib: Free the last requested descriptor Horia Geantă <horia.geanta(a)nxp.com> crypto: caam/jr - fix ablkcipher_edesc pointer arithmetic Leonard Crestez <leonard.crestez(a)nxp.com> crypto: mxs-dcp - Fix wait logic on chan threads Waiman Long <longman(a)redhat.com> crypto: qat - Fix KASAN stack-out-of-bounds bug in adf_probe() Kai-Heng Feng <kai.heng.feng(a)canonical.com> ALSA: hda/realtek - Cannot adjust speaker's volume on Dell XPS 27 7760 Singh, Brijesh <brijesh.singh(a)amd.com> iommu/amd: Clear memory encryption mask from physical address Aurelien Aptel <aaptel(a)suse.com> smb2: fix missing files in root share directory listing Andreas Gruenbacher <agruenba(a)redhat.com> sysfs: Do not return POSIX ACL xattrs via listxattr Miklos Szeredi <mszeredi(a)redhat.com> ovl: fix format of setxattr debug Amir Goldstein <amir73il(a)gmail.com> ovl: fix memory leak on unlink of indexed file Amir Goldstein <amir73il(a)gmail.com> ovl: fix access beyond unterminated strings Josh Abraham <j.abraham1776(a)gmail.com> xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage Olaf Hering <olaf(a)aepfle.de> xen: avoid crash in disable_hotplug_cpu Vitaly Kuznetsov <vkuznets(a)redhat.com> xen/manage: don't complain about an empty value in control/sysrq node Dan Carpenter <dan.carpenter(a)oracle.com> cifs: read overflow in is_valid_oplock_break() Julian Wiedmann <jwi(a)linux.ibm.com> s390/qeth: don't dump past end of unknown HW header Wenjia Zhang <wenjia(a)linux.ibm.com> s390/qeth: use vzalloc for QUERY OAT buffer Kai-Heng Feng <kai.heng.feng(a)canonical.com> r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED Christian König <christian.koenig(a)amd.com> drm/amdgpu: fix error handling in amdgpu_cs_user_fence_chunk Miguel Ojeda <miguel.ojeda.sandonis(a)gmail.com> arm64: jump_label.h: use asm_volatile_goto macro instead of "asm goto" Randy Dunlap <rdunlap(a)infradead.org> hexagon: modify ffs() and fls() to return int Randy Dunlap <rdunlap(a)infradead.org> arch/hexagon: fix kernel/dma.c build warning Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: conntrack: timeout interface depend on CONFIG_NF_CONNTRACK_TIMEOUT Joe Thornber <ejt(a)redhat.com> dm thin metadata: try to avoid ever aborting transactions Jacek Tomaka <jacek.tomaka(a)poczta.fm> perf/x86/intel: Add support/quirk for the MISPREDICT bit on Knights Landing CPUs Netanel Belgazal <netanel(a)amazon.com> net: ena: fix missing calls to READ_ONCE Netanel Belgazal <netanel(a)amazon.com> net: ena: fix driver when PAGE_SIZE == 64kB Stephen Rothwell <sfr(a)canb.auug.org.au> fs/cifs: suppress a string overflow warning Heinz Mauelshagen <heinzm(a)redhat.com> dm raid: fix rebuild of specific devices by updating superblock Ben Skeggs <bskeggs(a)redhat.com> drm/nouveau/disp: fix DP disable race Ben Skeggs <bskeggs(a)redhat.com> drm/nouveau/TBDdevinit: don't fail when PMU/PRE_OS is missing from VBIOS Daniel Jurgens <danielj(a)mellanox.com> net/mlx5: Consider PCI domain in search for next dev Sagi Grimberg <sagi(a)grimberg.me> nvmet-rdma: fix possible bogus dereference under heavy load Ben Hutchings <ben.hutchings(a)codethink.co.uk> USB: yurex: Check for truncation in yurex_read() Hans de Goede <hdegoede(a)redhat.com> HID: sensor-hub: Restore fixup for Lenovo ThinkPad Helix 2 sensor hub report Jann Horn <jannh(a)google.com> RDMA/ucma: check fd type in ucma_migrate_id() Matt Ranostay <matt.ranostay(a)konsulko.com> Revert "iio: temperature: maxim_thermocouple: add MAX31856 part" Taehee Yoo <ap420073(a)gmail.com> netfilter: nf_tables: release chain in flushing set Sandipan Das <sandipan(a)linux.ibm.com> perf probe powerpc: Ignore SyS symbols irrespective of endianness Chris Phlipot <cphlipot0(a)gmail.com> perf util: Fix bad memory access in trace info. Hisao Tanabe <xtanabe(a)gmail.com> perf evsel: Fix potential null pointer dereference in perf_evsel__new_idx() Nilesh Javali <nilesh.javali(a)cavium.com> scsi: qedi: Add the CRC size within iSCSI NVM image Vincent Pelletier <plr.vincent(a)gmail.com> scsi: iscsi: target: Set conn->sess to NULL when iscsi_login_set_conn_values fails Harry Mallon <hjmallon(a)gmail.com> HID: hid-saitek: Add device ID for RAT 7 Contagion Stephen Boyd <swboyd(a)chromium.org> pinctrl: msm: Really mask level interrupts to prevent latching Anton Vasilyev <vasilyev(a)ispras.ru> usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i] Sean O'Brien <seobrien(a)chromium.org> HID: add support for Apple Magic Keyboards Martin Willi <martin(a)strongswan.org> netfilter: xt_cluster: add dependency on conntrack module Jann Horn <jannh(a)google.com> bpf: 32-bit RSH verification must truncate input before the ALU op Daniel Black <daniel(a)linux.ibm.com> mm: madvise(MADV_DODUMP): allow hugetlbfs pages Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> tools/vm/page-types.c: fix "defined but not used" warning Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> tools/vm/slabinfo.c: fix sign-compare warning Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> mac80211: shorten the IBSS debug messages Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> mac80211: don't Tx a deauth frame if the AP forbade Tx Ilan Peer <ilan.peer(a)intel.com> mac80211: Fix station bandwidth setting after channel switch Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> mac80211: fix a race between restart and CSA flows Dan Carpenter <dan.carpenter(a)oracle.com> cfg80211: fix a type issue in ieee80211_chandef_to_operating_class() Lorenzo Bianconi <lorenzo.bianconi(a)redhat.com> mac80211: fix an off-by-one issue in A-MSDU max_subframe computation Jon Kuhn <jkuhn(a)barracuda.com> fs/cifs: don't translate SFM_SLASH (U+F026) to backslash Jia-Ju Bai <baijiaju1990(a)gmail.com> net: cadence: Fix a sleep-in-atomic-context bug in macb_halt_tx() Masahiro Yamada <yamada.masahiro(a)socionext.com> i2c: uniphier-f: issue STOP only for last message or I2C_M_STOP Masahiro Yamada <yamada.masahiro(a)socionext.com> i2c: uniphier: issue STOP only for last message or I2C_M_STOP Xiao Ni <xni(a)redhat.com> RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0 Shaohua Li <shli(a)fb.com> md/raid5-cache: disable reshape completely Will Deacon <will.deacon(a)arm.com> ARC: atomics: unbork atomic_fetch_##op() Vincent Whitchurch <vincent.whitchurch(a)axis.com> gpio: Fix crash due to registration race Stefan Raspl <stefan.raspl(a)de.ibm.com> tools/kvm_stat: fix handling of invalid paths in debugfs provider Stefan Raspl <stefan.raspl(a)de.ibm.com> tools/kvm_stat: fix python3 issues Johannes Berg <johannes.berg(a)intel.com> mac80211: always account for A-MSDU header changes Lorenzo Bianconi <lorenzo.bianconi(a)redhat.com> mac80211: do not convert to A-MSDU if frag/subframe limited Arunk Khandavalli <akhandav(a)codeaurora.org> cfg80211: nl80211_update_ft_ies() to validate NL80211_ATTR_IE Peng Li <lipeng321(a)huawei.com> net: hns: add netif_carrier_off before change speed and duplex Peng Li <lipeng321(a)huawei.com> net: hns: add the code for cleaning pkt in chip Hans de Goede <hdegoede(a)redhat.com> gpiolib-acpi: Register GpioInt ACPI event handlers from a late_initcall Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpiolib: acpi: Switch to cansleep version of GPIO library call Sara Sharon <sara.sharon(a)intel.com> mac80211: avoid kernel panic when building AMSDU from non-linear SKB Yuan-Chi Pang <fu3mo6goo(a)gmail.com> mac80211: mesh: fix HWMP sequence numbering to follow standard Michael Hennerich <michael.hennerich(a)analog.com> gpio: adp5588: Fix sleep-in-atomic-context bug Danek Duvall <duvall(a)comfychair.org> mac80211_hwsim: correct use of IEEE80211_VHT_CAP_RXSTBC_X Danek Duvall <duvall(a)comfychair.org> mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X Varun Prakash <varun(a)chelsio.com> scsi: csiostor: add a check for NULL pointer after kmalloc() Anand Jain <anand.jain(a)oracle.com> btrfs: btrfs_shrink_device should call commit transaction at the end Paul Mackerras <paulus(a)ozlabs.org> KVM: PPC: Book3S HV: Don't truncate HPTE index in xlate function Johannes Berg <johannes.berg(a)intel.com> mac80211_hwsim: require at least one channel Toke Høiland-Jørgensen <toke(a)toke.dk> mac80211: Run TXQ teardown code before de-registering interfaces Len Brown <len.brown(a)intel.com> tools/power turbostat: fix possible sprintf buffer overflow Jan Kiszka <jan.kiszka(a)siemens.com> serial: mvebu-uart: Fix reporting of effective CSIZE to userspace Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: add another ATPX quirk for TOPAZ Colin Ian King <colin.king(a)canonical.com> drm/amd/pp: initialize result to before or'ing in data ------------- Diffstat: Makefile | 4 +- arch/arc/include/asm/atomic.h | 2 +- arch/arm64/include/asm/jump_label.h | 4 +- arch/hexagon/include/asm/bitops.h | 4 +- arch/hexagon/kernel/dma.c | 2 +- arch/powerpc/kvm/book3s_64_mmu_hv.c | 2 +- arch/x86/events/intel/lbr.c | 4 + drivers/crypto/caam/caamalg.c | 8 +- drivers/crypto/mxs-dcp.c | 53 +++++++------ drivers/crypto/qat/qat_c3xxx/adf_drv.c | 6 +- drivers/crypto/qat/qat_c3xxxvf/adf_drv.c | 6 +- drivers/crypto/qat/qat_c62x/adf_drv.c | 6 +- drivers/crypto/qat/qat_c62xvf/adf_drv.c | 6 +- drivers/crypto/qat/qat_dh895xcc/adf_drv.c | 6 +- drivers/crypto/qat/qat_dh895xccvf/adf_drv.c | 6 +- drivers/gpio/gpio-adp5588.c | 24 +++++- drivers/gpio/gpiolib-acpi.c | 86 +++++++++++++--------- drivers/gpio/gpiolib-of.c | 1 + drivers/gpio/gpiolib.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_atpx_handler.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 23 ++++-- .../gpu/drm/amd/powerplay/hwmgr/vega10_powertune.c | 2 +- drivers/gpu/drm/nouveau/nvkm/engine/disp/dp.c | 17 +++-- drivers/gpu/drm/nouveau/nvkm/engine/disp/nv50.c | 6 +- drivers/gpu/drm/nouveau/nvkm/engine/disp/outp.c | 2 + drivers/gpu/drm/nouveau/nvkm/engine/disp/outp.h | 3 +- .../gpu/drm/nouveau/nvkm/subdev/devinit/gm200.c | 3 +- drivers/hid/hid-apple.c | 9 ++- drivers/hid/hid-ids.h | 3 + drivers/hid/hid-saitek.c | 2 + drivers/hid/hid-sensor-hub.c | 23 ++++++ drivers/hv/connection.c | 8 +- drivers/i2c/busses/i2c-uniphier-f.c | 7 +- drivers/i2c/busses/i2c-uniphier.c | 7 +- drivers/iio/temperature/maxim_thermocouple.c | 1 - drivers/infiniband/core/ucma.c | 6 ++ drivers/iommu/amd_iommu.c | 2 +- drivers/md/dm-raid.c | 5 ++ drivers/md/dm-thin-metadata.c | 36 ++++++++- drivers/md/dm-thin.c | 73 ++++++++++++++++-- drivers/md/raid10.c | 5 +- drivers/md/raid5-log.h | 5 ++ drivers/md/raid5.c | 6 +- drivers/net/ethernet/amazon/ena/ena_com.c | 8 +- drivers/net/ethernet/amazon/ena/ena_netdev.c | 10 +-- drivers/net/ethernet/amazon/ena/ena_netdev.h | 11 +++ drivers/net/ethernet/cadence/macb_main.c | 2 +- drivers/net/ethernet/hisilicon/hns/hnae.h | 2 + drivers/net/ethernet/hisilicon/hns/hns_ae_adapt.c | 67 ++++++++++++++++- drivers/net/ethernet/hisilicon/hns/hns_dsaf_gmac.c | 36 +++++++++ drivers/net/ethernet/hisilicon/hns/hns_dsaf_mac.c | 44 +++++++++++ drivers/net/ethernet/hisilicon/hns/hns_dsaf_mac.h | 8 ++ drivers/net/ethernet/hisilicon/hns/hns_dsaf_main.c | 29 ++++++++ drivers/net/ethernet/hisilicon/hns/hns_dsaf_main.h | 3 + drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.c | 23 ++++++ drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.h | 1 + drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.c | 23 ++++++ drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.h | 1 + drivers/net/ethernet/hisilicon/hns/hns_dsaf_reg.h | 1 + drivers/net/ethernet/hisilicon/hns/hns_enet.c | 21 +++++- drivers/net/ethernet/hisilicon/hns/hns_ethtool.c | 2 + drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 12 +-- drivers/net/ethernet/mellanox/mlx5/core/dev.c | 7 +- drivers/net/ethernet/realtek/r8169.c | 9 ++- drivers/net/wireless/mac80211_hwsim.c | 8 +- drivers/nvme/target/rdma.c | 27 ++++++- drivers/pinctrl/qcom/pinctrl-msm.c | 24 ++++++ drivers/s390/net/qeth_core_main.c | 5 +- drivers/s390/net/qeth_l2_main.c | 2 +- drivers/s390/net/qeth_l3_main.c | 2 +- drivers/scsi/csiostor/csio_hw.c | 16 ++-- drivers/scsi/qedi/qedi.h | 7 +- drivers/scsi/qedi/qedi_main.c | 28 +++---- drivers/target/iscsi/iscsi_target_login.c | 8 +- drivers/tty/serial/mvebu-uart.c | 4 +- drivers/usb/gadget/udc/fotg210-udc.c | 15 ++-- drivers/usb/misc/yurex.c | 3 + drivers/xen/cpu_hotplug.c | 15 ++-- drivers/xen/events/events_base.c | 2 +- drivers/xen/manage.c | 6 +- fs/btrfs/volumes.c | 7 +- fs/cifs/cifs_unicode.c | 3 - fs/cifs/cifssmb.c | 11 ++- fs/cifs/misc.c | 8 ++ fs/cifs/smb2ops.c | 2 +- fs/ocfs2/dlm/dlmmaster.c | 4 +- fs/overlayfs/namei.c | 2 +- fs/overlayfs/overlayfs.h | 4 +- fs/overlayfs/util.c | 3 +- fs/proc/base.c | 14 ++++ fs/xattr.c | 24 +++--- kernel/bpf/verifier.c | 10 ++- mm/madvise.c | 2 +- net/ipv4/netfilter/nf_conntrack_proto_icmp.c | 8 +- net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c | 8 +- net/mac80211/ibss.c | 22 +++--- net/mac80211/main.c | 28 +++++-- net/mac80211/mesh_hwmp.c | 4 + net/mac80211/mlme.c | 70 +++++++++++++++++- net/mac80211/tx.c | 54 ++++++++------ net/netfilter/nf_conntrack_proto_dccp.c | 12 +-- net/netfilter/nf_conntrack_proto_generic.c | 8 +- net/netfilter/nf_conntrack_proto_gre.c | 8 +- net/netfilter/nf_conntrack_proto_sctp.c | 14 ++-- net/netfilter/nf_conntrack_proto_tcp.c | 12 +-- net/netfilter/nf_conntrack_proto_udp.c | 20 ++--- net/netfilter/nf_tables_api.c | 1 + net/netfilter/xt_cluster.c | 14 +++- net/wireless/nl80211.c | 1 + net/wireless/util.c | 2 +- sound/pci/hda/patch_realtek.c | 1 + tools/hv/hv_fcopy_daemon.c | 1 + tools/kvm/kvm_stat/kvm_stat | 14 +++- tools/perf/arch/powerpc/util/sym-handling.c | 4 +- tools/perf/util/evsel.c | 5 +- tools/perf/util/trace-event-info.c | 2 +- tools/power/x86/turbostat/turbostat.c | 2 +- tools/vm/page-types.c | 6 -- tools/vm/slabinfo.c | 4 +- 119 files changed, 1046 insertions(+), 352 deletions(-)

6 years, 11 months

6
102
0 0

[PATCH] ALSA: hda/realtek - Fix the problem of the front MIC on the Lenovo M715

by Hui Wang

The front MIC on the Lenovo M715 can't record sound, after applying the ALC294_FIXUP_LENOVO_MIC_LOCATION, the problem is fixed. So add the pin configuration of this machine to the pin quirk table. Cc: <stable(a)vger.kernel.org> Signed-off-by: Hui Wang <hui.wang(a)canonical.com> --- sound/pci/hda/patch_realtek.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c index 6f3c8e888c2a..2871c54f62ab 100644 --- a/sound/pci/hda/patch_realtek.c +++ b/sound/pci/hda/patch_realtek.c @@ -6840,6 +6840,12 @@ static const struct snd_hda_pin_quirk alc269_pin_fixup_tbl[] = { {0x1a, 0x02a11040}, {0x1b, 0x01014020}, {0x21, 0x0221101f}), + SND_HDA_PIN_QUIRK(0x10ec0235, 0x17aa, "Lenovo", ALC294_FIXUP_LENOVO_MIC_LOCATION, + {0x14, 0x90170110}, + {0x19, 0x02a11030}, + {0x1a, 0x02a11040}, + {0x1b, 0x01011020}, + {0x21, 0x0221101f}), SND_HDA_PIN_QUIRK(0x10ec0235, 0x17aa, "Lenovo", ALC294_FIXUP_LENOVO_MIC_LOCATION, {0x14, 0x90170110}, {0x19, 0x02a11020}, -- 2.17.1

6 years, 11 months

2
1
0 0

[PATCH v5 1/3] x86/xen: fix boot loader version reported for pvh guests

by Juergen Gross

The boot loader version reported via sysfs is wrong in case of the kernel being booted via the Xen PVH boot entry. it should be 2.12 (0x020c), but it is reported to be 2.18 (0x0212). As the current way to set the version is error prone use the more readable variant (2 << 8) | 12. Cc: <stable(a)vger.kernel.org> # 4.12 Signed-off-by: Juergen Gross <jgross(a)suse.com> --- arch/x86/xen/enlighten_pvh.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/xen/enlighten_pvh.c b/arch/x86/xen/enlighten_pvh.c index c85d1a88f476..f7f77023288a 100644 --- a/arch/x86/xen/enlighten_pvh.c +++ b/arch/x86/xen/enlighten_pvh.c @@ -75,7 +75,7 @@ static void __init init_pvh_bootparams(void) * Version 2.12 supports Xen entry point but we will use default x86/PC * environment (i.e. hardware_subarch 0). */ - pvh_bootparams.hdr.version = 0x212; + pvh_bootparams.hdr.version = (2 << 8) | 12; pvh_bootparams.hdr.type_of_loader = (9 << 4) | 0; /* Xen loader */ x86_init.acpi.get_root_pointer = pvh_get_root_pointer; -- 2.16.4

6 years, 11 months

1
0
0 0

[PATCH 4.18 000/168] 4.18.13-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.18.13 release. There are 168 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed Oct 10 17:55:44 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.18.13-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.18.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.18.13-rc1 Song Liu <songliubraving(a)fb.com> ixgbe: check return value of napi_complete_done() Anisse Astier <anisse(a)astier.eu> HID: i2c-hid: disable runtime PM operations on hantick touchpad Ashish Samant <ashish.samant(a)oracle.com> ocfs2: fix locking for res->tracking and dlm->tracking_list Jann Horn <jannh(a)google.com> proc: restrict kernel stack dumps to root Vitaly Kuznetsov <vkuznets(a)redhat.com> tools: hv: fcopy: set 'error' in case an unknown operation was requested Dexuan Cui <decui(a)microsoft.com> Drivers: hv: vmbus: Use get/put_cpu() in vmbus_connect() Ricardo Ribalda Delgado <ricardo.ribalda(a)gmail.com> gpiolib: Free the last requested descriptor Horia Geantă <horia.geanta(a)nxp.com> crypto: caam/jr - fix ablkcipher_edesc pointer arithmetic Leonard Crestez <leonard.crestez(a)nxp.com> crypto: mxs-dcp - Fix wait logic on chan threads Harsh Jain <harsh(a)chelsio.com> crypto: chelsio - Fix memory corruption in DMA Mapped buffers. Waiman Long <longman(a)redhat.com> crypto: qat - Fix KASAN stack-out-of-bounds bug in adf_probe() Kai-Heng Feng <kai.heng.feng(a)canonical.com> ALSA: hda/realtek - Cannot adjust speaker's volume on Dell XPS 27 7760 Singh, Brijesh <brijesh.singh(a)amd.com> iommu/amd: Clear memory encryption mask from physical address Aurelien Aptel <aaptel(a)suse.com> smb2: fix missing files in root share directory listing Nathan Chancellor <natechancellor(a)gmail.com> cpufreq: qcom-kryo: Fix section annotations Bjorn Andersson <bjorn.andersson(a)linaro.org> firmware: Always initialize the fw_priv list object Rishabh Bhatnagar <rishabhb(a)codeaurora.org> firmware: Fix security issue with request_firmware_into_buf() Larry Finger <Larry.Finger(a)lwfinger.net> b43: fix DMA error related regression with proprietary firmware Andreas Gruenbacher <agruenba(a)redhat.com> sysfs: Do not return POSIX ACL xattrs via listxattr Miklos Szeredi <mszeredi(a)redhat.com> ovl: fix format of setxattr debug Amir Goldstein <amir73il(a)gmail.com> ovl: fix memory leak on unlink of indexed file Amir Goldstein <amir73il(a)gmail.com> ovl: fix access beyond unterminated strings Miklos Szeredi <miklos(a)szeredi.hu> ovl: set I_CREATING on inode being created Miklos Szeredi <mszeredi(a)redhat.com> vfs: don't evict uninitialized inode Al Viro <viro(a)zeniv.linux.org.uk> new primitive: discard_new_inode() Randy Dunlap <rdunlap(a)infradead.org> x86/APM: Fix build warning when PROC_FS is not enabled Josh Abraham <j.abraham1776(a)gmail.com> xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage Olaf Hering <olaf(a)aepfle.de> xen: avoid crash in disable_hotplug_cpu Vitaly Kuznetsov <vkuznets(a)redhat.com> xen/manage: don't complain about an empty value in control/sysrq node Andrew Murray <andrew.murray(a)arm.com> asm-generic: io: Fix ioport_map() for !CONFIG_GENERIC_IOMAP && CONFIG_INDIRECT_PIO Dan Carpenter <dan.carpenter(a)oracle.com> cifs: read overflow in is_valid_oplock_break() Julian Wiedmann <jwi(a)linux.ibm.com> s390/qeth: don't dump past end of unknown HW header Wenjia Zhang <wenjia(a)linux.ibm.com> s390/qeth: use vzalloc for QUERY OAT buffer Kai-Heng Feng <kai.heng.feng(a)canonical.com> r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED Christian König <christian.koenig(a)amd.com> drm/amdgpu: fix error handling in amdgpu_cs_user_fence_chunk Miguel Ojeda <miguel.ojeda.sandonis(a)gmail.com> arm64: jump_label.h: use asm_volatile_goto macro instead of "asm goto" Tao Zhou <tao.zhou1(a)amd.com> drm/amdgpu: Fix SDMA hang in prt mode v2 Randy Dunlap <rdunlap(a)infradead.org> hexagon: modify ffs() and fls() to return int Randy Dunlap <rdunlap(a)infradead.org> arch/hexagon: fix kernel/dma.c build warning Cong Wang <xiyou.wangcong(a)gmail.com> netfilter: xt_hashlimit: use s->file instead of s->private Michal 'vorner' Vaner <michal.vaner(a)avast.com> netfilter: nfnetlink_queue: Solve the NFQUEUE/conntrack clash for NF_REPEAT Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: conntrack: timeout interface depend on CONFIG_NF_CONNTRACK_TIMEOUT Joe Thornber <ejt(a)redhat.com> dm thin metadata: try to avoid ever aborting transactions Srikar Dronamraju <srikar(a)linux.vnet.ibm.com> sched/topology: Set correct NUMA topology type Jacek Tomaka <jacek.tomaka(a)poczta.fm> perf/x86/intel: Add support/quirk for the MISPREDICT bit on Knights Landing CPUs Netanel Belgazal <netanel(a)amazon.com> net: ena: fix missing calls to READ_ONCE Netanel Belgazal <netanel(a)amazon.com> net: ena: fix missing lock during device destruction Netanel Belgazal <netanel(a)amazon.com> net: ena: fix potential double ena_destroy_device() Netanel Belgazal <netanel(a)amazon.com> net: ena: fix device destruction to gracefully free resources Netanel Belgazal <netanel(a)amazon.com> net: ena: fix driver when PAGE_SIZE == 64kB Netanel Belgazal <netanel(a)amazon.com> net: ena: fix surprise unplug NULL dereference kernel crash Stephen Rothwell <sfr(a)canb.auug.org.au> fs/cifs: suppress a string overflow warning Maciej S. Szmigiero <mail(a)maciej.szmigiero.name> r8169: set TxConfig register after TX / RX is enabled, just like RxConfig Heinz Mauelshagen <heinzm(a)redhat.com> dm raid: fix RAID leg rebuild errors Heinz Mauelshagen <heinzm(a)redhat.com> dm raid: fix rebuild of specific devices by updating superblock Heinz Mauelshagen <heinzm(a)redhat.com> dm raid: fix stripe adding reshape deadlock Ben Skeggs <bskeggs(a)redhat.com> drm/nouveau/disp/gm200-: enforce identity-mapped SOR assignment for LVDS/eDP panels Ben Skeggs <bskeggs(a)redhat.com> drm/nouveau/disp: fix DP disable race Ben Skeggs <bskeggs(a)redhat.com> drm/nouveau/TBDdevinit: don't fail when PMU/PRE_OS is missing from VBIOS Ben Skeggs <bskeggs(a)redhat.com> drm/nouveau/mmu: don't attempt to dereference vmm without valid instance pointer Ben Skeggs <bskeggs(a)redhat.com> drm/nouveau: fix oops in client init failure path Heinz Mauelshagen <heinzm(a)redhat.com> dm raid: fix reshape race on small devices Kai-Heng Feng <kai.heng.feng(a)canonical.com> HID: i2c-hid: Don't reset device upon system resume Daniel Jurgens <danielj(a)mellanox.com> net/mlx5: Consider PCI domain in search for next dev Somnath Kotur <somnath.kotur(a)broadcom.com> bnxt_re: Fix couple of memory leaks that could lead to IOMMU call traces Sagi Grimberg <sagi(a)grimberg.me> nvmet-rdma: fix possible bogus dereference under heavy load Ben Hutchings <ben.hutchings(a)codethink.co.uk> USB: yurex: Check for truncation in yurex_read() Anurag Kumar Vulisha <anurag.kumar.vulisha(a)xilinx.com> usb: host: xhci-plat: Iterate over parent nodes for finding quirks Hans de Goede <hdegoede(a)redhat.com> HID: sensor-hub: Restore fixup for Lenovo ThinkPad Helix 2 sensor hub report Guenter Roeck <linux(a)roeck-us.net> riscv: Do not overwrite initrd_start and initrd_end Jann Horn <jannh(a)google.com> RDMA/ucma: check fd type in ucma_migrate_id() Lorenzo Bianconi <lorenzo.bianconi(a)redhat.com> iio: imu: st_lsm6dsx: take into account ts samples in wm configuration Matt Ranostay <matt.ranostay(a)konsulko.com> Revert "iio: temperature: maxim_thermocouple: add MAX31856 part" Taehee Yoo <ap420073(a)gmail.com> netfilter: nf_tables: release chain in flushing set Florian Westphal <fw(a)strlen.de> netfilter: kconfig: nat related expression depend on nftables core Kim Phillips <kim.phillips(a)arm.com> perf annotate: Fix parsing aarch64 branch instructions after objdump update Sandipan Das <sandipan(a)linux.ibm.com> perf probe powerpc: Ignore SyS symbols irrespective of endianness Chris Phlipot <cphlipot0(a)gmail.com> perf util: Fix bad memory access in trace info. Hisao Tanabe <xtanabe(a)gmail.com> perf evsel: Fix potential null pointer dereference in perf_evsel__new_idx() Martin Liška <mliska(a)suse.cz> perf annotate: Properly interpret indirect call Nilesh Javali <nilesh.javali(a)cavium.com> scsi: qedi: Add the CRC size within iSCSI NVM image Mike Christie <mchristi(a)redhat.com> scsi: iscsi: target: Fix conn_ops double free Vincent Pelletier <plr.vincent(a)gmail.com> scsi: iscsi: target: Set conn->sess to NULL when iscsi_login_set_conn_values fails Harry Mallon <hjmallon(a)gmail.com> HID: hid-saitek: Add device ID for RAT 7 Contagion Stephen Boyd <swboyd(a)chromium.org> pinctrl: msm: Really mask level interrupts to prevent latching Anton Vasilyev <vasilyev(a)ispras.ru> usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i] Sean O'Brien <seobrien(a)chromium.org> HID: add support for Apple Magic Keyboards Andreas Bosch <linux(a)progandy.de> HID: intel-ish-hid: Enable Sunrise Point-H ish driver Florian Westphal <fw(a)strlen.de> netfilter: xt_checksum: ignore gso skbs Martin Willi <martin(a)strongswan.org> netfilter: xt_cluster: add dependency on conntrack module Jann Horn <jannh(a)google.com> bpf: 32-bit RSH verification must truncate input before the ALU op Daniel Black <daniel(a)linux.ibm.com> mm: madvise(MADV_DODUMP): allow hugetlbfs pages David Howells <dhowells(a)redhat.com> afs: Fix cell specification to permit an empty address list Sudeep Holla <sudeep.holla(a)arm.com> firmware: arm_scmi: fix divide by zero when sustained_perf_level is zero Ilya Dryomov <idryomov(a)gmail.com> ceph: avoid a use-after-free in ceph_destroy_options() Greentime Hu <greentime(a)andestech.com> nds32: linker script: GCOV kernel may refers data in __exit Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> tools/vm/page-types.c: fix "defined but not used" warning Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> tools/vm/slabinfo.c: fix sign-compare warning Greentime Hu <greentime(a)andestech.com> nds32: fix build error because of wrong semicolon Zong Li <zong(a)andestech.com> nds32: Fix get_user/put_user macro expand pointer problem Zong Li <zong(a)andestech.com> nds32: Fix empty call trace YueHaibing <yuehaibing(a)huawei.com> nds32: add NULL entry to the end of_device_id array Greentime Hu <greentime(a)andestech.com> nds32: fix logic for module Ivan Mikhaylov <ivan(a)de.ibm.com> net/ibm/emac: wrong emac_calc_base call was used by typo Amir Goldstein <amir73il(a)gmail.com> fsnotify: fix ignore mask logic in fsnotify() Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> mac80211: shorten the IBSS debug messages Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> mac80211: don't Tx a deauth frame if the AP forbade Tx Ilan Peer <ilan.peer(a)intel.com> mac80211: Fix station bandwidth setting after channel switch Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> mac80211: fix a race between restart and CSA flows Dreyfuss, Haim <haim.dreyfuss(a)intel.com> mac80211: fix WMM TXOP calculation Dan Carpenter <dan.carpenter(a)oracle.com> cfg80211: fix a type issue in ieee80211_chandef_to_operating_class() Lorenzo Bianconi <lorenzo.bianconi(a)redhat.com> mac80211: fix an off-by-one issue in A-MSDU max_subframe computation Jon Kuhn <jkuhn(a)barracuda.com> fs/cifs: don't translate SFM_SLASH (U+F026) to backslash Jia-Ju Bai <baijiaju1990(a)gmail.com> net: cadence: Fix a sleep-in-atomic-context bug in macb_halt_tx() Masahiro Yamada <yamada.masahiro(a)socionext.com> i2c: uniphier-f: issue STOP only for last message or I2C_M_STOP Masahiro Yamada <yamada.masahiro(a)socionext.com> i2c: uniphier: issue STOP only for last message or I2C_M_STOP John Fastabend <john.fastabend(a)gmail.com> bpf: avoid misuse of psock when TCP_ULP_BPF collides with another ULP Tushar Dave <tushar.n.dave(a)oracle.com> bpf: Fix bpf_msg_pull_data() Thomas Falcon <tlfalcon(a)linux.vnet.ibm.com> ibmvnic: Include missing return code checks in reset function Sabrina Dubroca <sd(a)queasysnail.net> selftests: pmtu: detect correct binary to ping ipv6 addresses Sabrina Dubroca <sd(a)queasysnail.net> selftests: pmtu: maximum MTU for vti4 is 2^16-1-20 Xiao Ni <xni(a)redhat.com> RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0 Shaohua Li <shli(a)fb.com> md/raid5-cache: disable reshape completely Dennis Zhou (Facebook) <dennisszhou(a)gmail.com> Revert "blk-throttle: fix race between blkcg_bio_issue_check() and cgroup_rmdir()" Will Deacon <will.deacon(a)arm.com> ARC: atomics: unbork atomic_fetch_##op() Vincent Whitchurch <vincent.whitchurch(a)axis.com> gpio: Fix crash due to registration race Stefan Raspl <stefan.raspl(a)de.ibm.com> tools/kvm_stat: fix updates for dead guests Stefan Raspl <stefan.raspl(a)de.ibm.com> tools/kvm_stat: fix handling of invalid paths in debugfs provider Stefan Raspl <stefan.raspl(a)de.ibm.com> tools/kvm_stat: fix python3 issues Johannes Berg <johannes.berg(a)intel.com> mac80211: always account for A-MSDU header changes Lorenzo Bianconi <lorenzo.bianconi(a)redhat.com> mac80211: do not convert to A-MSDU if frag/subframe limited Arunk Khandavalli <akhandav(a)codeaurora.org> cfg80211: nl80211_update_ft_ies() to validate NL80211_ATTR_IE Paolo Abeni <pabeni(a)redhat.com> tc-testing: add test-cases for numeric and invalid control action Baruch Siach <baruch(a)tkos.co.il> net: mvpp2: initialize port of_node pointer Chris Brandt <chris.brandt(a)renesas.com> sh_eth: Add R7S9210 support Peng Li <lipeng321(a)huawei.com> net: hns: add netif_carrier_off before change speed and duplex Peng Li <lipeng321(a)huawei.com> net: hns: add the code for cleaning pkt in chip Cong Wang <xiyou.wangcong(a)gmail.com> tipc: switch to rhashtable iterator Daniel Borkmann <daniel(a)iogearbox.net> bpf: fix sg shift repair start offset in bpf_msg_pull_data Daniel Borkmann <daniel(a)iogearbox.net> bpf: fix shift upon scatterlist ring wrap-around in bpf_msg_pull_data Daniel Borkmann <daniel(a)iogearbox.net> bpf: fix msg->data/data_end after sg shift repair in bpf_msg_pull_data Alexey Khoroshilov <khoroshilov(a)ispras.ru> gpio: dwapb: Fix error handling in dwapb_gpio_probe() Hans de Goede <hdegoede(a)redhat.com> gpiolib-acpi: Register GpioInt ACPI event handlers from a late_initcall Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpiolib: acpi: Switch to cansleep version of GPIO library call Sara Sharon <sara.sharon(a)intel.com> mac80211: avoid kernel panic when building AMSDU from non-linear SKB Yuan-Chi Pang <fu3mo6goo(a)gmail.com> mac80211: mesh: fix HWMP sequence numbering to follow standard Michael Hennerich <michael.hennerich(a)analog.com> gpio: adp5588: Fix sleep-in-atomic-context bug Daniel Borkmann <daniel(a)iogearbox.net> bpf: fix several offset tests in bpf_msg_pull_data Haim Dreyfuss <haim.dreyfuss(a)intel.com> nl80211: Pass center frequency in kHz instead of MHz Haim Dreyfuss <haim.dreyfuss(a)intel.com> nl80211: Fix nla_put_u8 to u16 for NL80211_WMMR_TXOP Jinbum Park <jinb.park7(a)gmail.com> mac80211_hwsim: Fix possible Spectre-v1 for hwsim_world_regdom_custom Stanislaw Gruszka <sgruszka(a)redhat.com> cfg80211: make wmm_rule part of the reg_rule structure Danek Duvall <duvall(a)comfychair.org> mac80211_hwsim: correct use of IEEE80211_VHT_CAP_RXSTBC_X Danek Duvall <duvall(a)comfychair.org> mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X John Fastabend <john.fastabend(a)gmail.com> bpf: sockmap, decrement copied count correctly in redirect error case Daniel Borkmann <daniel(a)iogearbox.net> bpf, sockmap: fix psock refcount leak in bpf_tcp_recvmsg Daniel Borkmann <daniel(a)iogearbox.net> bpf, sockmap: fix potential use after free in bpf_tcp_close Dan Carpenter <dan.carpenter(a)oracle.com> scsi: aacraid: fix a signedness bug Geert Uytterhoeven <geert(a)linux-m68k.org> scsi: libata: Add missing newline at end of file Varun Prakash <varun(a)chelsio.com> scsi: csiostor: fix incorrect port capabilities Varun Prakash <varun(a)chelsio.com> scsi: csiostor: add a check for NULL pointer after kmalloc() Anand Jain <anand.jain(a)oracle.com> btrfs: btrfs_shrink_device should call commit transaction at the end Johannes Berg <johannes.berg(a)intel.com> cfg80211: remove division by size of sizeof(struct ieee80211_wmm_rule) Paul Mackerras <paulus(a)ozlabs.org> KVM: PPC: Book3S HV: Don't truncate HPTE index in xlate function Robbie Ko <robbieko(a)synology.com> Btrfs: fix unexpected failure of nocow buffered writes after snapshotting when low on space Johannes Berg <johannes.berg(a)intel.com> mac80211_hwsim: require at least one channel Toke Høiland-Jørgensen <toke(a)toke.dk> mac80211: Run TXQ teardown code before de-registering interfaces Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> rseq/selftests: fix parametrized test with -fpie ------------- Diffstat: Documentation/devicetree/bindings/net/sh_eth.txt | 1 + Makefile | 4 +- arch/arc/include/asm/atomic.h | 2 +- arch/arm64/include/asm/jump_label.h | 4 +- arch/hexagon/include/asm/bitops.h | 4 +- arch/hexagon/kernel/dma.c | 2 +- arch/nds32/include/asm/elf.h | 4 +- arch/nds32/include/asm/uaccess.h | 26 ++-- arch/nds32/kernel/atl2c.c | 3 +- arch/nds32/kernel/module.c | 4 +- arch/nds32/kernel/traps.c | 2 +- arch/nds32/kernel/vmlinux.lds.S | 12 ++ arch/powerpc/kvm/book3s_64_mmu_hv.c | 2 +- arch/riscv/kernel/setup.c | 7 - arch/x86/events/intel/lbr.c | 4 + arch/x86/kernel/apm_32.c | 2 + block/blk-cgroup.c | 78 +++-------- drivers/ata/libata-core.c | 2 +- drivers/base/firmware_loader/main.c | 35 +++-- drivers/cpufreq/qcom-cpufreq-kryo.c | 4 +- drivers/crypto/caam/caamalg.c | 8 +- drivers/crypto/chelsio/chcr_algo.c | 32 +++-- drivers/crypto/chelsio/chcr_crypto.h | 2 + drivers/crypto/mxs-dcp.c | 53 ++++---- drivers/crypto/qat/qat_c3xxx/adf_drv.c | 6 +- drivers/crypto/qat/qat_c3xxxvf/adf_drv.c | 6 +- drivers/crypto/qat/qat_c62x/adf_drv.c | 6 +- drivers/crypto/qat/qat_c62xvf/adf_drv.c | 6 +- drivers/crypto/qat/qat_dh895xcc/adf_drv.c | 6 +- drivers/crypto/qat/qat_dh895xccvf/adf_drv.c | 6 +- drivers/firmware/arm_scmi/perf.c | 8 +- drivers/gpio/gpio-adp5588.c | 24 +++- drivers/gpio/gpio-dwapb.c | 1 + drivers/gpio/gpiolib-acpi.c | 86 +++++++----- drivers/gpio/gpiolib-of.c | 1 + drivers/gpio/gpiolib.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 23 ++-- drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c | 7 +- drivers/gpu/drm/nouveau/nouveau_drm.c | 14 +- drivers/gpu/drm/nouveau/nvkm/engine/disp/base.c | 14 ++ drivers/gpu/drm/nouveau/nvkm/engine/disp/dp.c | 17 ++- drivers/gpu/drm/nouveau/nvkm/engine/disp/ior.h | 1 + drivers/gpu/drm/nouveau/nvkm/engine/disp/nv50.c | 6 +- drivers/gpu/drm/nouveau/nvkm/engine/disp/outp.c | 17 ++- drivers/gpu/drm/nouveau/nvkm/engine/disp/outp.h | 4 +- .../gpu/drm/nouveau/nvkm/subdev/devinit/gm200.c | 3 +- drivers/gpu/drm/nouveau/nvkm/subdev/mmu/vmm.c | 2 +- drivers/hid/hid-apple.c | 9 +- drivers/hid/hid-ids.h | 7 +- drivers/hid/hid-saitek.c | 2 + drivers/hid/hid-sensor-hub.c | 23 ++++ drivers/hid/i2c-hid/i2c-hid.c | 24 ++-- drivers/hid/intel-ish-hid/ipc/hw-ish.h | 1 + drivers/hid/intel-ish-hid/ipc/pci-ish.c | 1 + drivers/hv/connection.c | 8 +- drivers/i2c/busses/i2c-uniphier-f.c | 7 +- drivers/i2c/busses/i2c-uniphier.c | 7 +- drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_buffer.c | 13 +- drivers/iio/temperature/maxim_thermocouple.c | 1 - drivers/infiniband/core/ucma.c | 6 + drivers/infiniband/hw/bnxt_re/ib_verbs.c | 2 + drivers/infiniband/hw/bnxt_re/qplib_fp.c | 2 +- drivers/iommu/amd_iommu.c | 2 +- drivers/md/dm-raid.c | 144 ++++++++------------ drivers/md/dm-thin-metadata.c | 36 ++++- drivers/md/dm-thin.c | 73 ++++++++-- drivers/md/raid10.c | 5 +- drivers/md/raid5-log.h | 5 + drivers/md/raid5.c | 6 +- drivers/net/ethernet/amazon/ena/ena_com.c | 8 +- drivers/net/ethernet/amazon/ena/ena_netdev.c | 52 +++---- drivers/net/ethernet/amazon/ena/ena_netdev.h | 11 ++ drivers/net/ethernet/cadence/macb_main.c | 2 +- drivers/net/ethernet/hisilicon/hns/hnae.h | 2 + drivers/net/ethernet/hisilicon/hns/hns_ae_adapt.c | 67 ++++++++- drivers/net/ethernet/hisilicon/hns/hns_dsaf_gmac.c | 36 +++++ drivers/net/ethernet/hisilicon/hns/hns_dsaf_mac.c | 44 ++++++ drivers/net/ethernet/hisilicon/hns/hns_dsaf_mac.h | 8 ++ drivers/net/ethernet/hisilicon/hns/hns_dsaf_main.c | 29 ++++ drivers/net/ethernet/hisilicon/hns/hns_dsaf_main.h | 3 + drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.c | 23 ++++ drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.h | 1 + drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.c | 23 ++++ drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.h | 1 + drivers/net/ethernet/hisilicon/hns/hns_dsaf_reg.h | 1 + drivers/net/ethernet/hisilicon/hns/hns_enet.c | 21 ++- drivers/net/ethernet/hisilicon/hns/hns_ethtool.c | 2 + drivers/net/ethernet/ibm/emac/core.c | 6 +- drivers/net/ethernet/ibm/ibmvnic.c | 12 +- drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 12 +- drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 1 + drivers/net/ethernet/mellanox/mlx5/core/dev.c | 7 +- drivers/net/ethernet/realtek/r8169.c | 11 +- drivers/net/ethernet/renesas/sh_eth.c | 36 +++++ drivers/net/wireless/broadcom/b43/dma.c | 6 +- drivers/net/wireless/intel/iwlwifi/iwl-nvm-parse.c | 50 +------ drivers/net/wireless/mac80211_hwsim.c | 12 +- drivers/nvme/target/rdma.c | 27 +++- drivers/pinctrl/qcom/pinctrl-msm.c | 24 ++++ drivers/s390/net/qeth_core_main.c | 5 +- drivers/s390/net/qeth_l2_main.c | 2 +- drivers/s390/net/qeth_l3_main.c | 2 +- drivers/scsi/aacraid/aacraid.h | 2 +- drivers/scsi/csiostor/csio_hw.c | 71 +++++++--- drivers/scsi/csiostor/csio_hw.h | 1 + drivers/scsi/csiostor/csio_mb.c | 6 +- drivers/scsi/qedi/qedi.h | 7 +- drivers/scsi/qedi/qedi_main.c | 28 ++-- drivers/target/iscsi/iscsi_target.c | 9 +- drivers/target/iscsi/iscsi_target_login.c | 149 +++++++++++---------- drivers/target/iscsi/iscsi_target_login.h | 2 +- drivers/usb/gadget/udc/fotg210-udc.c | 15 ++- drivers/usb/host/xhci-plat.c | 27 ++-- drivers/usb/misc/yurex.c | 3 + drivers/xen/cpu_hotplug.c | 15 ++- drivers/xen/events/events_base.c | 2 +- drivers/xen/manage.c | 6 +- fs/afs/proc.c | 15 +-- fs/btrfs/ctree.h | 1 + fs/btrfs/disk-io.c | 1 + fs/btrfs/inode.c | 25 +--- fs/btrfs/ioctl.c | 16 +++ fs/btrfs/volumes.c | 7 +- fs/ceph/super.c | 16 ++- fs/cifs/cifs_unicode.c | 3 - fs/cifs/cifssmb.c | 11 +- fs/cifs/misc.c | 8 ++ fs/cifs/smb2ops.c | 2 +- fs/dcache.c | 2 +- fs/inode.c | 53 +++++++- fs/notify/fsnotify.c | 13 +- fs/ocfs2/dlm/dlmmaster.c | 4 +- fs/overlayfs/dir.c | 4 + fs/overlayfs/namei.c | 2 +- fs/overlayfs/overlayfs.h | 4 +- fs/overlayfs/util.c | 3 +- fs/proc/base.c | 14 ++ fs/xattr.c | 24 ++-- include/asm-generic/io.h | 3 +- include/linux/blk-cgroup.h | 1 - include/linux/fs.h | 6 +- include/net/cfg80211.h | 4 +- include/net/regulatory.h | 4 +- kernel/bpf/sockmap.c | 64 +++++---- kernel/bpf/verifier.c | 10 +- kernel/sched/topology.c | 5 +- mm/madvise.c | 2 +- net/core/filter.c | 57 ++++---- net/ipv4/netfilter/Kconfig | 8 +- net/ipv4/netfilter/nf_conntrack_proto_icmp.c | 8 +- net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c | 8 +- net/mac80211/ibss.c | 22 +-- net/mac80211/main.c | 28 +++- net/mac80211/mesh_hwmp.c | 4 + net/mac80211/mlme.c | 70 +++++++++- net/mac80211/tx.c | 54 ++++---- net/mac80211/util.c | 11 +- net/netfilter/Kconfig | 12 +- net/netfilter/nf_conntrack_proto_dccp.c | 12 +- net/netfilter/nf_conntrack_proto_generic.c | 8 +- net/netfilter/nf_conntrack_proto_gre.c | 8 +- net/netfilter/nf_conntrack_proto_sctp.c | 14 +- net/netfilter/nf_conntrack_proto_tcp.c | 12 +- net/netfilter/nf_conntrack_proto_udp.c | 20 +-- net/netfilter/nf_tables_api.c | 1 + net/netfilter/nfnetlink_queue.c | 1 + net/netfilter/xt_CHECKSUM.c | 22 ++- net/netfilter/xt_cluster.c | 14 +- net/netfilter/xt_hashlimit.c | 18 +-- net/tipc/diag.c | 2 + net/tipc/netlink.c | 2 + net/tipc/socket.c | 76 +++++++---- net/tipc/socket.h | 2 + net/wireless/nl80211.c | 15 ++- net/wireless/reg.c | 91 ++----------- net/wireless/util.c | 2 +- sound/pci/hda/patch_realtek.c | 1 + tools/hv/hv_fcopy_daemon.c | 1 + tools/kvm/kvm_stat/kvm_stat | 25 +++- tools/perf/arch/powerpc/util/sym-handling.c | 4 +- tools/perf/util/annotate.c | 32 ++++- tools/perf/util/annotate.h | 1 + tools/perf/util/evsel.c | 5 +- tools/perf/util/trace-event-info.c | 2 +- tools/testing/selftests/net/pmtu.sh | 7 +- tools/testing/selftests/rseq/param_test.c | 19 +-- .../tc-testing/tc-tests/actions/police.json | 48 +++++++ tools/vm/page-types.c | 6 - tools/vm/slabinfo.c | 4 +- 189 files changed, 1892 insertions(+), 1029 deletions(-)

6 years, 11 months

6
180
0 0

[PATCH 4.9 00/59] 4.9.132-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.9.132 release. There are 59 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed Oct 10 17:55:28 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.132-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.9.132-rc1 Ashish Samant <ashish.samant(a)oracle.com> ocfs2: fix locking for res->tracking and dlm->tracking_list Jann Horn <jannh(a)google.com> proc: restrict kernel stack dumps to root Ricardo Ribalda Delgado <ricardo.ribalda(a)gmail.com> gpiolib: Free the last requested descriptor Leonard Crestez <leonard.crestez(a)nxp.com> crypto: mxs-dcp - Fix wait logic on chan threads Waiman Long <longman(a)redhat.com> crypto: qat - Fix KASAN stack-out-of-bounds bug in adf_probe() Kai-Heng Feng <kai.heng.feng(a)canonical.com> ALSA: hda/realtek - Cannot adjust speaker's volume on Dell XPS 27 7760 Aurelien Aptel <aaptel(a)suse.com> smb2: fix missing files in root share directory listing Andreas Gruenbacher <agruenba(a)redhat.com> sysfs: Do not return POSIX ACL xattrs via listxattr Josh Abraham <j.abraham1776(a)gmail.com> xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage Olaf Hering <olaf(a)aepfle.de> xen: avoid crash in disable_hotplug_cpu Vitaly Kuznetsov <vkuznets(a)redhat.com> xen/manage: don't complain about an empty value in control/sysrq node Dan Carpenter <dan.carpenter(a)oracle.com> cifs: read overflow in is_valid_oplock_break() Julian Wiedmann <jwi(a)linux.ibm.com> s390/qeth: don't dump past end of unknown HW header Wenjia Zhang <wenjia(a)linux.ibm.com> s390/qeth: use vzalloc for QUERY OAT buffer Kai-Heng Feng <kai.heng.feng(a)canonical.com> r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED Miguel Ojeda <miguel.ojeda.sandonis(a)gmail.com> arm64: jump_label.h: use asm_volatile_goto macro instead of "asm goto" Randy Dunlap <rdunlap(a)infradead.org> hexagon: modify ffs() and fls() to return int Randy Dunlap <rdunlap(a)infradead.org> arch/hexagon: fix kernel/dma.c build warning Joe Thornber <ejt(a)redhat.com> dm thin metadata: try to avoid ever aborting transactions Jacek Tomaka <jacek.tomaka(a)poczta.fm> perf/x86/intel: Add support/quirk for the MISPREDICT bit on Knights Landing CPUs Netanel Belgazal <netanel(a)amazon.com> net: ena: fix driver when PAGE_SIZE == 64kB Stephen Rothwell <sfr(a)canb.auug.org.au> fs/cifs: suppress a string overflow warning Heinz Mauelshagen <heinzm(a)redhat.com> dm raid: fix rebuild of specific devices by updating superblock Ben Skeggs <bskeggs(a)redhat.com> drm/nouveau/TBDdevinit: don't fail when PMU/PRE_OS is missing from VBIOS Daniel Jurgens <danielj(a)mellanox.com> net/mlx5: Consider PCI domain in search for next dev Sagi Grimberg <sagi(a)grimberg.me> nvmet-rdma: fix possible bogus dereference under heavy load Ben Hutchings <ben.hutchings(a)codethink.co.uk> USB: yurex: Check for truncation in yurex_read() Jann Horn <jannh(a)google.com> RDMA/ucma: check fd type in ucma_migrate_id() Sandipan Das <sandipan(a)linux.ibm.com> perf probe powerpc: Ignore SyS symbols irrespective of endianness Hisao Tanabe <xtanabe(a)gmail.com> perf evsel: Fix potential null pointer dereference in perf_evsel__new_idx() Harry Mallon <hjmallon(a)gmail.com> HID: hid-saitek: Add device ID for RAT 7 Contagion Stephen Boyd <swboyd(a)chromium.org> pinctrl: msm: Really mask level interrupts to prevent latching Anton Vasilyev <vasilyev(a)ispras.ru> usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i] Sean O'Brien <seobrien(a)chromium.org> HID: add support for Apple Magic Keyboards Daniel Black <daniel(a)linux.ibm.com> mm: madvise(MADV_DODUMP): allow hugetlbfs pages Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> tools/vm/page-types.c: fix "defined but not used" warning Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> tools/vm/slabinfo.c: fix sign-compare warning Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> mac80211: shorten the IBSS debug messages Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> mac80211: don't Tx a deauth frame if the AP forbade Tx Ilan Peer <ilan.peer(a)intel.com> mac80211: Fix station bandwidth setting after channel switch Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> mac80211: fix a race between restart and CSA flows Dan Carpenter <dan.carpenter(a)oracle.com> cfg80211: fix a type issue in ieee80211_chandef_to_operating_class() Jon Kuhn <jkuhn(a)barracuda.com> fs/cifs: don't translate SFM_SLASH (U+F026) to backslash Jia-Ju Bai <baijiaju1990(a)gmail.com> net: cadence: Fix a sleep-in-atomic-context bug in macb_halt_tx() Masahiro Yamada <yamada.masahiro(a)socionext.com> i2c: uniphier-f: issue STOP only for last message or I2C_M_STOP Masahiro Yamada <yamada.masahiro(a)socionext.com> i2c: uniphier: issue STOP only for last message or I2C_M_STOP Xiao Ni <xni(a)redhat.com> RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0 Will Deacon <will.deacon(a)arm.com> ARC: atomics: unbork atomic_fetch_##op() Vincent Whitchurch <vincent.whitchurch(a)axis.com> gpio: Fix crash due to registration race Arunk Khandavalli <akhandav(a)codeaurora.org> cfg80211: nl80211_update_ft_ies() to validate NL80211_ATTR_IE Peng Li <lipeng321(a)huawei.com> net: hns: add netif_carrier_off before change speed and duplex Yuan-Chi Pang <fu3mo6goo(a)gmail.com> mac80211: mesh: fix HWMP sequence numbering to follow standard Michael Hennerich <michael.hennerich(a)analog.com> gpio: adp5588: Fix sleep-in-atomic-context bug Danek Duvall <duvall(a)comfychair.org> mac80211_hwsim: correct use of IEEE80211_VHT_CAP_RXSTBC_X Danek Duvall <duvall(a)comfychair.org> mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X Paul Mackerras <paulus(a)ozlabs.org> KVM: PPC: Book3S HV: Don't truncate HPTE index in xlate function Toke Høiland-Jørgensen <toke(a)toke.dk> mac80211: Run TXQ teardown code before de-registering interfaces Frederic Weisbecker <fweisbec(a)gmail.com> time: Introduce jiffies64_to_nsecs() Jan Kiszka <jan.kiszka(a)siemens.com> serial: mvebu-uart: Fix reporting of effective CSIZE to userspace ------------- Diffstat: Makefile | 4 +- arch/arc/include/asm/atomic.h | 2 +- arch/arm64/include/asm/jump_label.h | 4 +- arch/hexagon/include/asm/bitops.h | 4 +- arch/hexagon/kernel/dma.c | 2 +- arch/powerpc/kvm/book3s_64_mmu_hv.c | 2 +- arch/x86/events/intel/lbr.c | 4 ++ drivers/crypto/mxs-dcp.c | 53 +++++++++------- drivers/crypto/qat/qat_c3xxx/adf_drv.c | 6 +- drivers/crypto/qat/qat_c3xxxvf/adf_drv.c | 6 +- drivers/crypto/qat/qat_c62x/adf_drv.c | 6 +- drivers/crypto/qat/qat_c62xvf/adf_drv.c | 6 +- drivers/crypto/qat/qat_dh895xcc/adf_drv.c | 6 +- drivers/crypto/qat/qat_dh895xccvf/adf_drv.c | 6 +- drivers/gpio/gpio-adp5588.c | 24 +++++-- drivers/gpio/gpiolib-of.c | 1 + drivers/gpio/gpiolib.c | 2 +- .../gpu/drm/nouveau/nvkm/subdev/devinit/gm200.c | 3 +- drivers/hid/hid-apple.c | 9 ++- drivers/hid/hid-ids.h | 3 + drivers/hid/hid-saitek.c | 2 + drivers/i2c/busses/i2c-uniphier-f.c | 7 +-- drivers/i2c/busses/i2c-uniphier.c | 7 +-- drivers/infiniband/core/ucma.c | 6 ++ drivers/md/dm-raid.c | 5 ++ drivers/md/dm-thin-metadata.c | 36 ++++++++++- drivers/md/dm-thin.c | 73 +++++++++++++++++++--- drivers/md/raid10.c | 5 +- drivers/net/ethernet/amazon/ena/ena_netdev.c | 10 +-- drivers/net/ethernet/amazon/ena/ena_netdev.h | 11 ++++ drivers/net/ethernet/cadence/macb.c | 2 +- drivers/net/ethernet/hisilicon/hns/hns_ethtool.c | 2 + drivers/net/ethernet/mellanox/mlx5/core/dev.c | 7 ++- drivers/net/ethernet/realtek/r8169.c | 9 ++- drivers/net/wireless/mac80211_hwsim.c | 3 - drivers/nvme/target/rdma.c | 27 +++++++- drivers/pinctrl/qcom/pinctrl-msm.c | 24 +++++++ drivers/s390/net/qeth_core_main.c | 5 +- drivers/s390/net/qeth_l2_main.c | 2 +- drivers/s390/net/qeth_l3_main.c | 2 +- drivers/tty/serial/mvebu-uart.c | 4 +- drivers/usb/gadget/udc/fotg210-udc.c | 15 +++-- drivers/usb/misc/yurex.c | 3 + drivers/xen/cpu_hotplug.c | 15 ++--- drivers/xen/events/events_base.c | 2 +- drivers/xen/manage.c | 6 +- fs/cifs/cifs_unicode.c | 3 - fs/cifs/cifssmb.c | 11 +++- fs/cifs/misc.c | 8 +++ fs/cifs/smb2ops.c | 2 +- fs/ocfs2/dlm/dlmmaster.c | 4 +- fs/proc/base.c | 14 +++++ fs/xattr.c | 24 +++---- include/linux/jiffies.h | 2 + kernel/time/time.c | 10 +++ kernel/time/timeconst.bc | 6 ++ mm/madvise.c | 2 +- net/mac80211/ibss.c | 22 +++---- net/mac80211/main.c | 28 +++++++-- net/mac80211/mesh_hwmp.c | 4 ++ net/mac80211/mlme.c | 70 ++++++++++++++++++++- net/wireless/nl80211.c | 1 + net/wireless/util.c | 2 +- sound/pci/hda/patch_realtek.c | 1 + tools/perf/arch/powerpc/util/sym-handling.c | 4 +- tools/perf/util/evsel.c | 5 +- tools/vm/page-types.c | 6 -- tools/vm/slabinfo.c | 4 +- 68 files changed, 510 insertions(+), 166 deletions(-)

6 years, 11 months

5
64
0 0

[PATCH] drm/vc4: Set ->is_yuv to false when num_planes == 1

by Boris Brezillon

When vc4_plane_state is duplicated ->is_yuv is left assigned to its previous value, and we never set it back to false when switching to a non-YUV format. Fix that by setting ->is_yuv to false in the 'num_planes == 1' branch of the vc4_plane_setup_clipping_and_scaling() function. Fixes: fc04023fafecf ("drm/vc4: Add support for YUV planes.") Cc: <stable(a)vger.kernel.org> Signed-off-by: Boris Brezillon <boris.brezillon(a)bootlin.com> --- drivers/gpu/drm/vc4/vc4_plane.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/gpu/drm/vc4/vc4_plane.c b/drivers/gpu/drm/vc4/vc4_plane.c index d04b3c3246ba..60d5ad19cedd 100644 --- a/drivers/gpu/drm/vc4/vc4_plane.c +++ b/drivers/gpu/drm/vc4/vc4_plane.c @@ -321,6 +321,7 @@ static int vc4_plane_setup_clipping_and_scaling(struct drm_plane_state *state) if (vc4_state->is_unity) vc4_state->x_scaling[0] = VC4_SCALING_PPF; } else { + vc4_state->is_yuv = false; vc4_state->x_scaling[1] = VC4_SCALING_NONE; vc4_state->y_scaling[1] = VC4_SCALING_NONE; } -- 2.14.1

6 years, 11 months

2
1
0 0

[PATCH] usb: dwc3: gadget: Properly check last unaligned/zero chain TRB

by Thinh Nguyen

Current check for the last extra TRB for zero and unaligned transfers does not account for isoc OUT. The last TRB of the Buffer Descriptor for isoc OUT transfers will be retired with HWO=0. As a result, we won't return early. The req->remaining will be updated to include the BUFSIZ count of the extra TRB, and the actual number of transferred bytes calculation will be wrong. To fix this, check whether it's a short or zero packet and the last TRB chain bit to return early. Cc: stable(a)vger.kernel.org Fixes: c6267a51639b ("usb: dwc3: gadget: align transfers to wMaxPacketSize") Signed-off-by: Thinh Nguyen <thinhn(a)synopsys.com> --- drivers/usb/dwc3/gadget.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c index 032ea7d709ba..c09e4f784810 100644 --- a/drivers/usb/dwc3/gadget.c +++ b/drivers/usb/dwc3/gadget.c @@ -2251,7 +2251,7 @@ static int dwc3_gadget_ep_reclaim_completed_trb(struct dwc3_ep *dep, * with one TRB pending in the ring. We need to manually clear HWO bit * from that TRB. */ - if ((req->zero || req->unaligned) && (trb->ctrl & DWC3_TRB_CTRL_HWO)) { + if ((req->zero || req->unaligned) && !(trb->ctrl & DWC3_TRB_CTRL_CHN)) { trb->ctrl &= ~DWC3_TRB_CTRL_HWO; return 1; } -- 2.11.0

6 years, 11 months

2
1
0 0

[PATCH 4.18 000/235] 4.18.10-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.18.10 release. There are 235 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed Sep 26 11:30:01 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.18.10-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.18.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.18.10-rc1 Brijesh Singh <brijesh.singh(a)amd.com> crypto: ccp - add timeout support in the SEV command Dan Carpenter <dan.carpenter(a)oracle.com> mei: bus: type promotion bug in mei_nfc_if_version() Mikko Perttunen <mperttunen(a)nvidia.com> clk: tegra: bpmp: Don't crash when a clock fails to register Douglas Anderson <dianders(a)chromium.org> pinctrl: qcom: spmi-gpio: Fix pmic_gpio_config_get() to be compliant Douglas Anderson <dianders(a)chromium.org> pinctrl: msm: Fix msm_config_group_get() to be compliant Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpiolib: Respect error code of ->get_direction() Ming Lei <ming.lei(a)redhat.com> blk-mq: avoid to synchronize rcu inside blk_cleanup_queue() Ming Lei <ming.lei(a)redhat.com> blk-mq: only attempt to merge bio if there is rq in sw queue Jann Horn <jannh(a)google.com> IB/mlx5: fix uaccess beyond "count" in debugfs read/write handlers Randy Dunlap <rdunlap(a)infradead.org> block/DAC960.c: fix defined but not used build warnings Bart Van Assche <bart.vanassche(a)wdc.com> IB/nes: Fix a compiler warning Ioana Radulescu <ruxandra.radulescu(a)nxp.com> staging: fsl-dpaa2/eth: Fix DMA mapping direction Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> dmaengine: sh: rcar-dmac: avoid to write CHCR.TE to 1 if TCR is set to 0 Harry Wentland <harry.wentland(a)amd.com> drm/amd/pp: Send khz clock values to DC for smu7/8 Suzuki K Poulose <suzuki.poulose(a)arm.com> arm64: perf: Disable PMU while processing counter overflows Dan Carpenter <dan.carpenter(a)oracle.com> drm/panel: type promotion bug in s6e8aa0_read_mtp_id() Hans de Goede <hdegoede(a)redhat.com> ASoC: rt5651: Fix workqueue cancel vs irq free race on remove John Stultz <john.stultz(a)linaro.org> selftest: timers: Tweak raw_skew to SKIP when ADJ_OFFSET/other clock adjustments are in progress Sibi Sankar <sibis(a)codeaurora.org> remoteproc: qcom: q6v5-pil: fix modem hang on SDM845 after axis2 clk unvote James Smart <jsmart2021(a)gmail.com> scsi: lpfc: Fix panic if driver unloaded when port is offline James Smart <jsmart2021(a)gmail.com> scsi: lpfc: Fix NVME Target crash in defer rcv logic Hannes Reinecke <hare(a)suse.de> scsi: libfc: fixup 'sleeping function called from invalid context' Timo Wischer <twischer(a)de.adit-jv.com> ALSA: pcm: Fix snd_interval_refine first/last with open min/max Li Zhijian <lizhijian(a)cn.fujitsu.com> selftests/android: initialize heap_type to avoid compiling warning Shuah Khan (Samsung OSG) <shuah(a)kernel.org> selftests: vDSO - fix to return KSFT_SKIP when test couldn't be run Zhouyang Jia <jiazhouyang09(a)gmail.com> rtc: bq4802: add error handling for devm_ioremap Wei Lu <wei.lu2(a)amd.com> drm/amdkfd: Fix error codes in kfd_get_process Shaoyun Liu <Shaoyun.Liu(a)amd.com> drm/amdkfd: Fix kernel queue 64 bit doorbell offset calculation Paul E. McKenney <paulmck(a)linux.vnet.ibm.com> rcu: Fix grace-period hangs due to race with CPU offline Peter Rosin <peda(a)axentia.se> input: rohm_bu21023: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT) Peter Rosin <peda(a)axentia.se> mfd: 88pm860x-i2c: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT) Arnd Bergmann <arnd(a)arndb.de> rcutorture: Use monotonic timestamp for stall detection Maxime Chevallier <maxime.chevallier(a)bootlin.com> net: mvpp2: make sure we use single queue mode on PPv2.1 Linus Walleij <linus.walleij(a)linaro.org> net: gemini: Allow multiple ports to instantiate Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpiolib: Mark gpio_suffixes array with __maybe_unused Wei Yongjun <weiyongjun1(a)huawei.com> gpio: pxa: Fix potential NULL dereference Tuomas Tynkkynen <tuomas(a)tuxera.com> staging: bcm2835-audio: Don't leak workqueue if open fails Matias Bjørling <mb(a)lightnvm.io> lightnvm: pblk: enable line minor version detection Hans Holmberg <hans.holmberg(a)cnexlabs.com> lightnvm: pblk: assume that chunks are closed on 1.2 devices Dan Carpenter <dan.carpenter(a)oracle.com> ASoC: qdsp6: q6afe-dai: fix a range check in of_q6afe_parse_dai_data() Eric Yang <Eric.Yang2(a)amd.com> drm/amd/display: support access ddc for mst branch Dan Williams <dan.j.williams(a)intel.com> tools/testing/nvdimm: Fix support for emulating controller temperature Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: do checkpoint in kill_sb Suzuki K Poulose <suzuki.poulose(a)arm.com> coresight: ETM: Add support for Arm Cortex-A73 and Cortex-A35 Robin Murphy <robin.murphy(a)arm.com> coresight: tpiu: Fix disabling timeouts Suzuki K Poulose <suzuki.poulose(a)arm.com> coresight: Handle errors in finding input/output ports Quentin Perret <quentin.perret(a)arm.com> sched/fair: Fix util_avg of new tasks for asymmetric systems Julia Lawall <Julia.Lawall(a)lip6.fr> parport: sunbpp: fix error return code Boris Pismenny <borisp(a)mellanox.com> tls: Fix zerocopy_from_iter iov handling Thierry Reding <treding(a)nvidia.com> drm/nouveau: tegra: Detach from ARM DMA/IOMMU mapping Karol Herbst <karolherbst(a)gmail.com> drm/nouveau/debugfs: Wake up GPU before doing any reclocking Lyude Paul <lyude(a)redhat.com> drm/nouveau: Fix runtime PM leak in drm_open() Stefan Agner <stefan(a)agner.ch> mmc: sdhci: do not try to use 3.3V signaling if not supported Stefan Agner <stefan(a)agner.ch> mmc: tegra: prevent HS200 on Tegra 3 Laurentiu Tudor <laurentiu.tudor(a)nxp.com> mmc: sdhci-of-esdhc: set proper dma mask for ls104x chips Johan Hovold <johan(a)kernel.org> tty: fix termios input-speed encoding Johan Hovold <johan(a)kernel.org> tty: fix termios input-speed encoding when using BOTHER Alexander Sverdlin <alexander.sverdlin(a)nokia.com> serial: 8250: of: Correct of_platform_serial_setup() error handling Bartosz Golaszewski <brgl(a)bgdev.pl> gpiolib: don't allow userspace to set values of input lines Russell King <rmk+kernel(a)armlinux.org.uk> ASoC: hdmi-codec: fix routing Enrico Scholz <enrico.scholz(a)sigma-chemnitz.de> gpu: ipu-v3: csi: pass back mbus_code_to_bus_cfg error codes Rick Farrington <ricardo.farrington(a)cavium.com> liquidio: fix hang when re-binding VF host drv after running DPDK VF driver Nicholas Mc Guire <hofrat(a)osadl.org> ARM: hisi: check of_iomap and fix missing of_node_put Huazhong Tan <tanhuazhong(a)huawei.com> net: hns3: Fix return value error in hns3_reset_notify_down_enet Nicholas Mc Guire <hofrat(a)osadl.org> ARM: hisi: fix error handling and missing of_node_put Nicholas Mc Guire <hofrat(a)osadl.org> ARM: hisi: handle of_iomap and fix missing of_node_put Yunsheng Lin <linyunsheng(a)huawei.com> net: hns3: Fix for reset_level default assignment probelm Huazhong Tan <tanhuazhong(a)huawei.com> net: hns3: Reset net device with rtnl_lock Ard Biesheuvel <ard.biesheuvel(a)linaro.org> efi/esrt: Only call efi_mem_reserve() for boot services memory Andrea Parri <andrea.parri(a)amarulasolutions.com> sched/core: Use smp_mb() in wake_woken_function() Ryder Lee <ryder.lee(a)mediatek.com> arm64: dts: mt7622: update a clock property for UART0 Tony Lindgren <tony(a)atomide.com> pinctrl: pinmux: Return selector to the pinctrl driver Tony Lindgren <tony(a)atomide.com> pinctrl: rza1: Fix selector use for groups and functions Sean Wang <sean.wang(a)mediatek.com> pinctrl: mt7622: Fix probe fail by misuse the selector Mike Christie <mchristi(a)redhat.com> configfs: fix registered group removal Paul Burton <paul.burton(a)mips.com> MIPS: loongson64: cs5536: Fix PCI_OHCI_INT_REG reads Alexey Kardashevskiy <aik(a)ozlabs.ru> KVM: PPC: Book3S: Fix matching of hardware and emulated TCE tables Arvind Yadav <arvind.yadav.cs(a)gmail.com> PM / devfreq: use put_device() instead of kfree() Eric Biggers <ebiggers(a)google.com> security: check for kstrdup() failure in lsm_append() Nicholas Mc Guire <hofrat(a)osadl.org> KVM: PPC: Book3S HV: Add of_node_put() in success path Matthew Garrett <mjg59(a)google.com> evm: Don't deadlock if a crypto algorithm is unavailable Philipp Puschmann <pp(a)emlix.com> Bluetooth: Use lock_sock_nested in bt_accept_enqueue Alexandre Belloni <alexandre.belloni(a)bootlin.com> spi: dw: fix possible race condition Roman Gushchin <guro(a)fb.com> bpf: fix rcu annotations in compute_effective_progs() Miklos Szeredi <mszeredi(a)redhat.com> vfs: fix freeze protection in mnt_want_write_file() for overlayfs Jann Horn <jannh(a)google.com> mtdchar: fix overflows in adjustment of `count` Ronny Chevalier <ronny.chevalier(a)hp.com> audit: fix use-after-free in audit_add_watch Viresh Kumar <viresh.kumar(a)linaro.org> arm64: dts: uniphier: Add missing cooling device properties for CPUs Noa Osherovich <noaos(a)mellanox.com> net/mlx5: Add missing SET_DRIVER_VERSION command translation Maciej W. Rozycki <macro(a)mips.com> binfmt_elf: Respect error return from `regset->active' Johan Hovold <johan(a)kernel.org> mmc: meson-mx-sdio: fix OF child-node lookup Johan Hovold <johan(a)kernel.org> of: add helper to lookup compatible child node Trond Myklebust <trondmy(a)gmail.com> NFSv4.1 fix infinite loop on I/O. Trond Myklebust <trondmy(a)gmail.com> NFSv4: Fix a tracepoint Oops in initiate_file_draining() Boris Ostrovsky <boris.ostrovsky(a)oracle.com> x86/EISA: Don't probe EISA bus for Xen PV guests Rob Herring <robh(a)kernel.org> of: fix phandle cache creation for DTs with no phandles Adrian Hunter <adrian.hunter(a)intel.com> perf tools: Fix maps__find_symbol_by_name() Yabin Cui <yabinc(a)google.com> perf/core: Force USER_DS when recording user stack data Max Filippov <jcmvbkbc(a)gmail.com> xtensa: ISS: don't allocate memory in platform_setup Dan Carpenter <dan.carpenter(a)oracle.com> cifs: integer overflow in in SMB2_ioctl() Dan Carpenter <dan.carpenter(a)oracle.com> CIFS: fix wrapping bugs in num_entries() Dan Carpenter <dan.carpenter(a)oracle.com> cifs: prevent integer overflow in nxt_dir_entry() Oliver Neukum <oneukum(a)suse.com> Revert "cdc-acm: implement put_char() and flush_chars()" Jia-Ju Bai <baijiaju1990(a)gmail.com> usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt() Ben Hutchings <ben.hutchings(a)codethink.co.uk> USB: yurex: Fix buffer over-read in yurex_write() Johan Hovold <johan(a)kernel.org> USB: serial: ti_usb_3410_5052: fix array underflow in completion handler Jia-Ju Bai <baijiaju1990(a)gmail.com> usb: misc: uss720: Fix two sleep-in-atomic-context bugs Johan Hovold <johan(a)kernel.org> USB: serial: io_ti: fix array underflow in completion handler Alan Stern <stern(a)rowland.harvard.edu> USB: net2280: Fix erroneous synchronization change Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> usb: gadget: udc: renesas_usb3: fix maxpacket size of ep0 Maxence Duprès <xpros64(a)hotmail.fr> USB: add quirk for WORLDE Controller KS49 or Prodipe MIDI 49C USB controller Jia-Ju Bai <baijiaju1990(a)gmail.com> usb: host: u132-hcd: Fix a sleep-in-atomic-context bug in u132_get_frame() Mathias Nyman <mathias.nyman(a)linux.intel.com> usb: Avoid use-after-free by flushing endpoints early in usb_set_interface() Oliver Neukum <oneukum(a)suse.com> usb: uas: add support for more quirk flags Tim Anderson <tsa(a)biglakesoftware.com> USB: Add quirk to support DJI CineSSD Mikulas Patocka <mpatocka(a)redhat.com> dm verity: fix crash on bufio buffer that was allocated with vmalloc Tomas Winkler <tomas.winkler(a)intel.com> mei: bus: need to unlink client before freeing Tomas Winkler <tomas.winkler(a)intel.com> mei: bus: fix hw module get/put balance Alexander Usyskin <alexander.usyskin(a)intel.com> mei: ignore not found client in the enumeration Chunfeng Yun <chunfeng.yun(a)mediatek.com> usb: mtu3: fix error of xhci port id when enable U3 dual role Chunfeng Yun <chunfeng.yun(a)mediatek.com> usb: xhci: fix interrupt transfer error happened on MTK platforms Mathias Nyman <mathias.nyman(a)linux.intel.com> usb: Don't die twice if PCI xhci host is not responding in resume Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Fix use after free for URB cancellation on a reallocated endpoint Gustavo A. R. Silva <gustavo(a)embeddedor.com> misc: hmc6352: fix potential Spectre v1 Bryant G. Ly <bryantly(a)linux.ibm.com> misc: ibmvsm: Fix wrong assignment of return code K. Y. Srinivasan <kys(a)microsoft.com> Tools: hv: Fix a bug in the key delete code Stephen Hemminger <stephen(a)networkplumber.org> vmbus: don't return values for uninitalized channels Miklos Szeredi <mszeredi(a)redhat.com> ovl: fix oopses in ovl_fill_super() failure paths Corey Minyard <cminyard(a)mvista.com> ipmi: Fix I2C client removal in the SSIF driver Corey Minyard <cminyard(a)mvista.com> ipmi: Move BT capabilities detection to the detect call Corey Minyard <cminyard(a)mvista.com> ipmi: Rework SMI registration failure Andreas Kemnade <andreas(a)kemnade.info> mmc: omap_hsmmc: fix wakeirq handling on removal Ingo Franzki <ifranzki(a)linux.ibm.com> s390/crypto: Fix return code checking in cbc_paes_crypt() Aaron Knister <aaron.s.knister(a)nasa.gov> IB/ipoib: Avoid a race condition between start_xmit and cm_rep_handler Juergen Gross <jgross(a)suse.com> xen/netfront: fix waiting for xenbus state change Bin Yang <bin.yang(a)intel.com> pstore: Fix incorrect persistent ram buffer mapping Parav Pandit <parav(a)mellanox.com> RDMA/cma: Protect cma dev list with lock Xiao Liang <xiliang(a)redhat.com> xen-netfront: fix warn message as irq device name has '/' Alexandru Gagniuc <mr.nuke.me(a)gmail.com> PCI/AER: Honor "pcie_ports=native" even if HEST sets FIRMWARE_FIRST Joerg Roedel <jroedel(a)suse.de> x86/mm/pti: Add an overflow check to pti_clone_pmds() Jiang Biao <jiang.biao2(a)zte.com.cn> x86/pti: Check the return value of pti_user_pagetable_walk_pmd() Jiang Biao <jiang.biao2(a)zte.com.cn> x86/pti: Check the return value of pti_user_pagetable_walk_p4d() Michael Müller <michael(a)fds-team.de> crypto: sharah - Unregister correct algorithms for SAHARA 3 Hanna Hawa <hannah(a)marvell.com> dmaengine: mv_xor_v2: kill the tasklets upon exit Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> iommu/ipmmu-vmsa: IMUCTRn.TTSEL needs a special usage on R-Car Gen3 Niklas Cassel <niklas.cassel(a)linaro.org> regulator: qcom_spmi: Fix warning Bad of_node_put() Niklas Cassel <niklas.cassel(a)linaro.org> regulator: qcom_spmi: Use correct regmap when checking for error Rex Zhu <rex.zhu(a)amd.com> drm/amd/pp: Set Max clock level to display by default Jae Hyun Yoo <jae.hyun.yoo(a)linux.intel.com> i2c: aspeed: Fix initial values of master and slave state Pingfan Liu <kernelfans(a)gmail.com> drivers/base: stop new probing during shutdown Christoffer Dall <christoffer.dall(a)arm.com> KVM: arm/arm64: Fix vgic init race Randy Dunlap <rdunlap(a)infradead.org> platform/x86: toshiba_acpi: Fix defined but not used build warnings Julian Wiedmann <jwi(a)linux.ibm.com> s390/qeth: reset layer2 attribute on layer switch Julian Wiedmann <jwi(a)linux.ibm.com> s390/qeth: fix race in used-buffer accounting Bjorn Andersson <bjorn.andersson(a)linaro.org> soc: qcom: smem: Correct check for global partition Bhushan Shah <bshah(a)kde.org> ARM: dts: qcom: msm8974-hammerhead: increase load on l20 for sdhci Loic Poulain <loic.poulain(a)linaro.org> arm64: dts: qcom: db410c: Fix Bluetooth LED trigger Vitaly Kuznetsov <vkuznets(a)redhat.com> xen-netfront: fix queue name setting Jakub Kicinski <jakub.kicinski(a)netronome.com> nfp: avoid buffer leak when FW communication fails Yue Wang <yuleopen(a)gmail.com> ALSA: usb-audio: Generic DSD detection for Thesycon-based implementations Ard Biesheuvel <ard.biesheuvel(a)linaro.org> efi/arm: preserve early mapping of UEFI memory map longer for BGRT Leonard Crestez <leonard.crestez(a)nxp.com> reset: imx7: Fix always writing bits as 0 Mark Rutland <mark.rutland(a)arm.com> arm64: fix possible spectre-v1 write in ptrace_hbp_set_event() YueHaibing <yuehaibing(a)huawei.com> wan/fsl_ucc_hdlc: use IS_ERR_VALUE() to check return value of qe_muram_alloc Piotr Sawicki <p.sawicki2(a)partner.samsung.com> Smack: Fix handling of IPv4 traffic received by PF_INET6 sockets Manikanta Pubbisetty <mpubbise(a)codeaurora.org> mac80211: restrict delayed tailroom needed decrement Paul Cercueil <paul(a)crapouillou.net> MIPS: jz4740: Bump zload address Oder Chiou <oder_chiou(a)realtek.com> ASoC: rt5514: Fix the issue of the delay volume applied Nicholas Mc Guire <hofrat(a)osadl.org> staging: bcm2835-camera: handle wait_for_completion_timeout return properly Nicholas Mc Guire <hofrat(a)osadl.org> staging: bcm2835-camera: fix timeout handling in wait_for_completion_timeout Sandipan Das <sandipan(a)linux.ibm.com> perf script: Show correct offsets for DWARF-based unwinding Nicholas Piggin <npiggin(a)gmail.com> powerpc/powernv: opal_put_chars partial write fix Mark Rutland <mark.rutland(a)arm.com> KVM: arm/arm64: vgic: Fix possible spectre-v1 write in vgic_mmio_write_apr() Sagi Grimberg <sagi(a)grimberg.me> nvme-rdma: unquiesce queues when deleting the controller Sagi Grimberg <sagi(a)grimberg.me> nvmet: fix file discard return status Sandipan Das <sandipan(a)linux.ibm.com> perf powerpc: Fix callchain ip filtering Krzysztof Kozlowski <krzk(a)kernel.org> ARM: exynos: Clear global variable on init error path Arnd Bergmann <arnd(a)arndb.de> omapfb: rename omap2 module to omap2fb.ko Fredrik Noring <noring(a)nocrew.org> fbdev: Distinguish between interlaced and progressive modes Daniel Mack <daniel(a)zonque.org> video: fbdev: pxafb: clear allocated memory for video modes Sandipan Das <sandipan(a)linux.ibm.com> perf powerpc: Fix callchain ip filtering when return address is in a register Randy Dunlap <rdunlap(a)infradead.org> fbdev/via: fix defined but not used warning Anton Vasilyev <vasilyev(a)ispras.ru> video: goldfishfb: fix memory leak on driver remove Jiri Olsa <jolsa(a)redhat.com> perf tools: Fix struct comm_str removal crash Dan Carpenter <dan.carpenter(a)oracle.com> fbdev: omapfb: off by one in omapfb_register_client() Sandipan Das <sandipan(a)linux.ibm.com> perf tests: Fix record+probe_libc_inet_pton.sh to ensure cleanups Sandipan Das <sandipan(a)linux.ibm.com> perf tests: Fix record+probe_libc_inet_pton.sh when event exists Sandipan Das <sandipan(a)linux.ibm.com> perf tests: Fix record+probe_libc_inet_pton.sh for powerpc64 Jiri Olsa <jolsa(a)kernel.org> perf tools: Synthesize GROUP_DESC feature in pipe mode Bob Peterson <rpeterso(a)redhat.com> gfs2: Don't reject a supposedly full bitmap if we have blocks reserved Thomas Richter <tmricht(a)linux.ibm.com> perf test: Fix subtest number when showing results Todor Tomov <todor.tomov(a)linaro.org> media: ov5645: Supported external clock is 24MHz Randy Dunlap <rdunlap(a)infradead.org> mtd/maps: fix solutionengine.c printk format warnings Wei Yongjun <weiyongjun1(a)huawei.com> IB/ipoib: Fix error return code in ipoib_dev_init() Mike Snitzer <snitzer(a)redhat.com> block: allow max_discard_segments to be stacked Zhu Yanjun <yanjun.zhu(a)oracle.com> IB/rxe: Drop QP0 silently Hans Verkuil <hverkuil(a)xs4all.nl> media: videobuf2-core: check for q->error in vb2_core_qbuf() Felix Fietkau <nbd(a)nbd.name> MIPS: ath79: fix system restart John Keeping <john(a)metanate.com> dmaengine: pl330: fix irq race with terminate_all Krzysztof Ha?asa <khalasa(a)piap.pl> media: tw686x: Fix oops on buffer alloc failure Masahiro Yamada <yamada.masahiro(a)socionext.com> kbuild: do not update config when running install targets Masahiro Yamada <yamada.masahiro(a)socionext.com> kbuild: add .DELETE_ON_ERROR special target Rajan Vaja <rajan.vaja(a)xilinx.com> clk: clk-fixed-factor: Clear OF_POPULATED flag in case of failure Mikko Perttunen <mperttunen(a)nvidia.com> clk: core: Potentially free connection id Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: pxrc - fix freeing URB on device teardown Gregory CLEMENT <gregory.clement(a)bootlin.com> clk: mvebu: armada-37xx-periph: Fix wrong return value in get_parent Nicholas Mc Guire <hofrat(a)osadl.org> clk: imx6sll: fix missing of_node_put() Nicholas Mc Guire <hofrat(a)osadl.org> clk: imx6ul: fix missing of_node_put() Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Special-case rindex for gfs2_grow Golan Ben Ami <golan.ben.ami(a)intel.com> iwlwifi: cancel the injective function between hw pointers to tfd entry index Jakub Kicinski <jakub.kicinski(a)netronome.com> nfp: don't fail probe on pci_sriov_set_totalvfs() errors YueHaibing <yuehaibing(a)huawei.com> amd-xgbe: use dma_mapping_error to check map errors YueHaibing <yuehaibing(a)huawei.com> xfrm: fix 'passing zero to ERR_PTR()' warning Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Fix multiple definitions in AU0828_DEVICE() macro Jeff Crukley <jcrukley(a)gmail.com> ALSA: usb-audio: Add support for Encore mDSD USB DAC Takashi Iwai <tiwai(a)suse.de> ALSA: msnd: Fix the default sample sizes Jean-Philippe Brucker <jean-philippe.brucker(a)arm.com> iommu/io-pgtable-arm: Fix pgtable allocation in selftest Jean-Philippe Brucker <jean-philippe.brucker(a)arm.com> iommu/io-pgtable-arm-v7s: Abort allocation when table address overflows the PTE Miao Zhong <zhongmiao(a)hisilicon.com> iommu/arm-smmu-v3: sync the OVACKFLG to PRIQ consumer register Erich E. Hoover <ehoover(a)sweptlaser.com> usb: dwc3: change stream event enable bit back to 13 Tariq Toukan <tariqt(a)mellanox.com> net/mlx5: Use u16 for Work Queue buffer fragment size Roi Dayan <roid(a)mellanox.com> net/mlx5: Fix possible deadlock from lockdep when adding fte to fg Roi Dayan <roid(a)mellanox.com> net/mlx5: Fix not releasing read lock when adding flow rules Vincent Whitchurch <vincent.whitchurch(a)axis.com> tcp: really ignore MSG_ZEROCOPY if no SO_ZEROCOPY Haishuang Yan <yanhaishuang(a)cmss.chinamobile.com> erspan: return PACKET_REJECT when the appropriate tunnel is not found Haishuang Yan <yanhaishuang(a)cmss.chinamobile.com> erspan: fix error handling for erspan tunnel Jack Morgenstein <jackm(a)dev.mellanox.co.il> net/mlx5: Fix debugfs cleanup in the device init/remove flow Huy Nguyen <huyn(a)mellanox.com> net/mlx5: Check for error in mlx5_attach_interface Vakul Garg <vakul.garg(a)nxp.com> net/tls: Set count of SG entries if sk_alloc_sg returns -ENOSPC Raed Salem <raeds(a)mellanox.com> net/mlx5: E-Switch, Fix memory leak when creating switchdev mode FDB tables Cong Wang <xiyou.wangcong(a)gmail.com> tipc: orphan sock in tipc_release() Cong Wang <xiyou.wangcong(a)gmail.com> rds: fix two RCU related problems Stefan Wahren <stefan.wahren(a)i2se.com> net: qca_spi: Fix race condition in spi transfers Jack Morgenstein <jackm(a)dev.mellanox.co.il> net/mlx5: Fix use-after-free in self-healing flow Petr Oros <poros(a)redhat.com> be2net: Fix memory leak in be_cmd_get_profile_config() ------------- Diffstat: Makefile | 31 ++++-- .../dts/qcom-msm8974-lge-nexus5-hammerhead.dts | 2 + arch/arm/mach-exynos/suspend.c | 1 + arch/arm/mach-hisi/hotplug.c | 41 +++++--- arch/arm64/boot/dts/mediatek/mt7622.dtsi | 2 +- arch/arm64/boot/dts/qcom/apq8016-sbc.dtsi | 2 +- arch/arm64/boot/dts/socionext/uniphier-ld20.dtsi | 2 + arch/arm64/kernel/perf_event.c | 50 +++++----- arch/arm64/kernel/ptrace.c | 19 ++-- arch/mips/ath79/setup.c | 1 + arch/mips/include/asm/mach-ath79/ath79.h | 1 + arch/mips/jz4740/Platform | 2 +- arch/mips/loongson64/common/cs5536/cs5536_ohci.c | 2 +- arch/powerpc/kvm/book3s_64_vio.c | 5 +- arch/powerpc/kvm/book3s_hv.c | 2 + arch/powerpc/platforms/powernv/opal.c | 2 +- arch/s390/crypto/paes_s390.c | 2 +- arch/x86/kernel/eisa.c | 10 +- arch/x86/mm/pti.c | 25 ++++- arch/xtensa/platforms/iss/setup.c | 25 +++-- block/blk-core.c | 8 +- block/blk-mq-sched.c | 3 +- block/blk-settings.c | 2 +- crypto/api.c | 2 +- drivers/base/core.c | 3 + drivers/block/DAC960.c | 9 +- drivers/char/ipmi/ipmi_bt_sm.c | 92 ++++++++--------- drivers/char/ipmi/ipmi_msghandler.c | 53 +++++----- drivers/char/ipmi/ipmi_si_intf.c | 17 +--- drivers/char/ipmi/ipmi_ssif.c | 30 ++---- drivers/clk/clk-fixed-factor.c | 9 +- drivers/clk/clk.c | 3 + drivers/clk/imx/clk-imx6sll.c | 1 + drivers/clk/imx/clk-imx6ul.c | 1 + drivers/clk/mvebu/armada-37xx-periph.c | 3 - drivers/clk/tegra/clk-bpmp.c | 12 ++- drivers/crypto/ccp/psp-dev.c | 46 ++++++++- drivers/crypto/sahara.c | 4 +- drivers/devfreq/devfreq.c | 4 +- drivers/dma/mv_xor_v2.c | 2 + drivers/dma/pl330.c | 5 +- drivers/dma/sh/rcar-dmac.c | 5 +- drivers/firmware/efi/arm-init.c | 1 - drivers/firmware/efi/arm-runtime.c | 4 +- drivers/firmware/efi/esrt.c | 3 +- drivers/gpio/gpio-pxa.c | 2 + drivers/gpio/gpiolib.c | 14 ++- drivers/gpio/gpiolib.h | 2 +- drivers/gpu/drm/amd/amdkfd/kfd_doorbell.c | 9 +- drivers/gpu/drm/amd/amdkfd/kfd_process.c | 2 + drivers/gpu/drm/amd/display/dc/core/dc_link.c | 4 + drivers/gpu/drm/amd/powerplay/amd_powerplay.c | 9 +- drivers/gpu/drm/amd/powerplay/hwmgr/smu7_hwmgr.c | 8 +- drivers/gpu/drm/amd/powerplay/hwmgr/smu8_hwmgr.c | 6 +- drivers/gpu/drm/nouveau/nouveau_debugfs.c | 4 + drivers/gpu/drm/nouveau/nouveau_drm.c | 6 +- drivers/gpu/drm/nouveau/nvkm/engine/device/tegra.c | 13 +++ drivers/gpu/drm/panel/panel-samsung-s6e8aa0.c | 2 +- drivers/gpu/ipu-v3/ipu-csi.c | 20 +++- drivers/hv/vmbus_drv.c | 3 + drivers/hwtracing/coresight/coresight-etm4x.c | 31 +++--- drivers/hwtracing/coresight/coresight-tpiu.c | 7 +- drivers/hwtracing/coresight/coresight.c | 7 +- drivers/i2c/busses/i2c-aspeed.c | 4 +- drivers/infiniband/core/cma.c | 12 ++- drivers/infiniband/hw/mlx5/cong.c | 9 +- drivers/infiniband/hw/mlx5/mr.c | 32 ++---- drivers/infiniband/hw/nes/nes.h | 2 +- drivers/infiniband/sw/rxe/rxe_recv.c | 9 +- drivers/infiniband/ulp/ipoib/ipoib_cm.c | 2 + drivers/infiniband/ulp/ipoib/ipoib_main.c | 3 +- drivers/input/joystick/pxrc.c | 66 ++++++------- drivers/input/touchscreen/rohm_bu21023.c | 4 +- drivers/iommu/arm-smmu-v3.c | 1 + drivers/iommu/io-pgtable-arm-v7s.c | 7 +- drivers/iommu/io-pgtable-arm.c | 3 +- drivers/iommu/ipmmu-vmsa.c | 8 ++ drivers/lightnvm/pblk-init.c | 5 +- drivers/lightnvm/pblk-recovery.c | 5 +- drivers/md/dm-verity-target.c | 24 ++++- drivers/media/common/videobuf2/videobuf2-core.c | 5 + drivers/media/i2c/ov5645.c | 13 +-- drivers/media/pci/tw686x/tw686x-video.c | 11 ++- drivers/mfd/88pm860x-i2c.c | 8 +- drivers/misc/hmc6352.c | 2 + drivers/misc/ibmvmc.c | 2 +- drivers/misc/mei/bus-fixup.c | 2 +- drivers/misc/mei/bus.c | 12 +-- drivers/misc/mei/hbm.c | 9 +- drivers/mmc/host/meson-mx-sdio.c | 8 +- drivers/mmc/host/omap_hsmmc.c | 1 + drivers/mmc/host/sdhci-of-esdhc.c | 6 ++ drivers/mmc/host/sdhci-tegra.c | 3 +- drivers/mmc/host/sdhci.c | 9 +- drivers/mtd/maps/solutionengine.c | 6 +- drivers/mtd/mtdchar.c | 10 +- drivers/net/ethernet/amd/xgbe/xgbe-desc.c | 7 +- .../ethernet/cavium/liquidio/cn23xx_pf_device.c | 3 + .../ethernet/cavium/liquidio/cn23xx_vf_device.c | 3 + drivers/net/ethernet/cortina/gemini.c | 5 +- drivers/net/ethernet/emulex/benet/be_cmds.c | 2 +- drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 8 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 5 +- drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 6 ++ drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 1 + drivers/net/ethernet/mellanox/mlx5/core/dev.c | 15 ++- .../ethernet/mellanox/mlx5/core/eswitch_offloads.c | 1 + drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 76 +++++++------- drivers/net/ethernet/mellanox/mlx5/core/health.c | 10 +- drivers/net/ethernet/mellanox/mlx5/core/main.c | 12 ++- drivers/net/ethernet/mellanox/mlx5/core/wq.c | 4 +- drivers/net/ethernet/mellanox/mlx5/core/wq.h | 2 +- drivers/net/ethernet/netronome/nfp/nfp_main.c | 20 ++-- .../net/ethernet/netronome/nfp/nfp_net_common.c | 13 ++- drivers/net/ethernet/qualcomm/qca_7k.c | 76 +++++++------- drivers/net/ethernet/qualcomm/qca_spi.c | 110 +++++++++++---------- drivers/net/ethernet/qualcomm/qca_spi.h | 5 - drivers/net/wan/fsl_ucc_hdlc.c | 6 +- drivers/net/wireless/intel/iwlwifi/pcie/internal.h | 12 ++- drivers/net/wireless/intel/iwlwifi/pcie/tx.c | 11 ++- drivers/net/xen-netfront.c | 30 +++--- drivers/nvme/host/rdma.c | 2 + drivers/nvme/target/io-cmd-file.c | 18 ++-- drivers/of/base.c | 28 ++++++ drivers/parport/parport_sunbpp.c | 8 +- drivers/pci/pcie/aer.c | 6 ++ drivers/pinctrl/mediatek/pinctrl-mt7622.c | 4 +- drivers/pinctrl/pinctrl-rza1.c | 24 ++--- drivers/pinctrl/pinmux.c | 16 ++- drivers/pinctrl/qcom/pinctrl-msm.c | 14 ++- drivers/pinctrl/qcom/pinctrl-spmi-gpio.c | 32 ++++-- drivers/platform/x86/toshiba_acpi.c | 3 +- drivers/regulator/qcom_spmi-regulator.c | 34 ++++--- drivers/remoteproc/qcom_q6v5_pil.c | 1 - drivers/reset/reset-imx7.c | 2 +- drivers/rtc/rtc-bq4802.c | 4 + drivers/s390/net/qeth_core_main.c | 3 +- drivers/s390/net/qeth_core_sys.c | 1 + drivers/scsi/libfc/fc_disc.c | 7 +- drivers/scsi/lpfc/lpfc_nvme.c | 5 +- drivers/scsi/lpfc/lpfc_nvmet.c | 12 ++- drivers/soc/qcom/smem.c | 10 +- drivers/spi/spi-dw.c | 3 +- drivers/staging/fsl-dpaa2/ethernet/dpaa2-eth.c | 2 +- .../vc04_services/bcm2835-audio/bcm2835-vchiq.c | 16 +-- .../vc04_services/bcm2835-camera/bcm2835-camera.c | 7 +- .../vc04_services/bcm2835-camera/mmal-vchiq.c | 11 ++- drivers/tty/serial/8250/8250_of.c | 2 +- drivers/tty/tty_baudrate.c | 13 ++- drivers/usb/class/cdc-acm.c | 73 -------------- drivers/usb/class/cdc-acm.h | 1 - drivers/usb/class/cdc-wdm.c | 2 +- drivers/usb/core/hcd-pci.c | 2 - drivers/usb/core/message.c | 11 +++ drivers/usb/core/quirks.c | 7 ++ drivers/usb/dwc3/gadget.h | 2 +- drivers/usb/gadget/udc/net2280.c | 16 ++- drivers/usb/gadget/udc/renesas_usb3.c | 5 +- drivers/usb/host/u132-hcd.c | 2 +- drivers/usb/host/xhci-mem.c | 4 + drivers/usb/host/xhci.c | 30 ++++++ drivers/usb/misc/uss720.c | 4 +- drivers/usb/misc/yurex.c | 5 +- drivers/usb/mtu3/mtu3_core.c | 6 +- drivers/usb/mtu3/mtu3_hw_regs.h | 1 + drivers/usb/serial/io_ti.h | 2 +- drivers/usb/serial/ti_usb_3410_5052.c | 2 +- drivers/usb/storage/scsiglue.c | 9 ++ drivers/usb/storage/uas.c | 21 ++++ drivers/usb/storage/unusual_devs.h | 7 ++ drivers/video/fbdev/core/modedb.c | 41 +++++--- drivers/video/fbdev/goldfishfb.c | 1 + drivers/video/fbdev/omap/omapfb_main.c | 2 +- drivers/video/fbdev/omap2/omapfb/Makefile | 4 +- drivers/video/fbdev/pxafb.c | 4 +- drivers/video/fbdev/via/viafbdev.c | 3 +- fs/binfmt_elf.c | 2 +- fs/cifs/readdir.c | 11 ++- fs/cifs/smb2pdu.c | 29 +++--- fs/configfs/dir.c | 11 +++ fs/f2fs/super.c | 16 ++- fs/gfs2/bmap.c | 2 +- fs/gfs2/rgrp.c | 3 +- fs/namespace.c | 7 +- fs/nfs/nfs4proc.c | 10 +- fs/nfs/nfs4state.c | 2 + fs/nfs/nfs4trace.h | 2 +- fs/overlayfs/super.c | 26 ++--- fs/pstore/ram_core.c | 17 +++- include/linux/crypto.h | 5 + include/linux/mlx5/driver.h | 4 +- include/linux/of.h | 8 ++ kernel/audit_watch.c | 12 ++- kernel/bpf/cgroup.c | 7 +- kernel/events/core.c | 4 + kernel/rcu/rcutorture.c | 5 +- kernel/rcu/tree.c | 6 ++ kernel/rcu/tree.h | 4 + kernel/sched/fair.c | 10 +- kernel/sched/wait.c | 47 ++++----- net/bluetooth/af_bluetooth.c | 2 +- net/core/skbuff.c | 3 - net/ipv4/ip_gre.c | 5 + net/ipv4/tcp.c | 2 +- net/mac80211/cfg.c | 2 +- net/mac80211/key.c | 24 +++-- net/rds/bind.c | 5 +- net/tipc/socket.c | 1 + net/tls/tls_sw.c | 14 ++- net/xfrm/xfrm_policy.c | 5 +- scripts/Kbuild.include | 3 + security/integrity/evm/evm_crypto.c | 3 +- security/security.c | 2 + security/smack/smack_lsm.c | 14 ++- sound/core/pcm_lib.c | 14 ++- sound/isa/msnd/msnd_pinnacle.c | 4 +- sound/soc/codecs/hdmi-codec.c | 21 ++-- sound/soc/codecs/rt5514.c | 8 +- sound/soc/codecs/rt5651.c | 22 +++-- sound/soc/qcom/qdsp6/q6afe-dai.c | 2 +- sound/usb/quirks-table.h | 3 +- sound/usb/quirks.c | 2 + tools/hv/hv_kvp_daemon.c | 2 +- tools/perf/arch/powerpc/util/skip-callchain-idx.c | 10 +- tools/perf/tests/builtin-test.c | 2 +- .../tests/shell/record+probe_libc_inet_pton.sh | 36 ++++++- tools/perf/util/comm.c | 16 ++- tools/perf/util/header.c | 2 +- tools/perf/util/machine.c | 9 +- tools/perf/util/map.c | 11 +++ tools/perf/util/unwind-libdw.c | 2 +- tools/perf/util/unwind-libunwind-local.c | 2 +- tools/testing/nvdimm/test/nfit.c | 3 +- .../testing/selftests/android/ion/ionapp_export.c | 1 + tools/testing/selftests/timers/raw_skew.c | 5 + tools/testing/selftests/vDSO/vdso_test.c | 7 +- virt/kvm/arm/vgic/vgic-init.c | 4 + virt/kvm/arm/vgic/vgic-mmio-v2.c | 3 + 238 files changed, 1599 insertions(+), 926 deletions(-)

6 years, 11 months

10
260
0 0

[git:media_tree/master] media: v4l2-tpg: fix kernel oops when enabling HFLIP and OSD

by Mauro Carvalho Chehab

This is an automatic generated email to let you know that the following patch were queued: Subject: media: v4l2-tpg: fix kernel oops when enabling HFLIP and OSD Author: Hans Verkuil <hverkuil(a)xs4all.nl> Date: Mon Oct 8 15:08:27 2018 -0400 When the OSD is on (i.e. vivid displays text on top of the test pattern), and you enable hflip, then the driver crashes. The cause turned out to be a division of a negative number by an unsigned value. You expect that -8 / 2U would be -4, but in reality it is 2147483644 :-( Fixes: 3e14e7a82c1ef ("vivid-tpg: add hor/vert downsampling support to tpg_gen_text") Signed-off-by: Hans Verkuil <hans.verkuil(a)cisco.com> Reported-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> Cc: <stable(a)vger.kernel.org> # for v4.1 and up Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> drivers/media/common/v4l2-tpg/v4l2-tpg-core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- diff --git a/drivers/media/common/v4l2-tpg/v4l2-tpg-core.c b/drivers/media/common/v4l2-tpg/v4l2-tpg-core.c index 76b125ebee6d..fa483b95bc5a 100644 --- a/drivers/media/common/v4l2-tpg/v4l2-tpg-core.c +++ b/drivers/media/common/v4l2-tpg/v4l2-tpg-core.c @@ -1801,7 +1801,7 @@ typedef struct { u16 __; u8 _; } __packed x24; pos[7] = (chr & (0x01 << 0) ? fg : bg); \ } \ \ - pos += (tpg->hflip ? -8 : 8) / hdiv; \ + pos += (tpg->hflip ? -8 : 8) / (int)hdiv; \ } \ } \ } while (0)

6 years, 11 months

1
0
0 0

[PATCH v4 1/3] x86/xen: fix boot loader version reported for pvh guests

by Juergen Gross

The boot loader version reported via sysfs is wrong in case of the kernel being booted via the Xen PVH boot entry. it should be 2.12 (0x020c), but it is reported to be 2.18 (0x0212). As the current way to set the version is error prone use the more readable variant (2 << 8) | 12. Cc: <stable(a)vger.kernel.org> # 4.12 Signed-off-by: Juergen Gross <jgross(a)suse.com> --- arch/x86/xen/enlighten_pvh.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/xen/enlighten_pvh.c b/arch/x86/xen/enlighten_pvh.c index c85d1a88f476..f7f77023288a 100644 --- a/arch/x86/xen/enlighten_pvh.c +++ b/arch/x86/xen/enlighten_pvh.c @@ -75,7 +75,7 @@ static void __init init_pvh_bootparams(void) * Version 2.12 supports Xen entry point but we will use default x86/PC * environment (i.e. hardware_subarch 0). */ - pvh_bootparams.hdr.version = 0x212; + pvh_bootparams.hdr.version = (2 << 8) | 12; pvh_bootparams.hdr.type_of_loader = (9 << 4) | 0; /* Xen loader */ x86_init.acpi.get_root_pointer = pvh_get_root_pointer; -- 2.16.4

6 years, 11 months

1
0
0 0

FAILED: patch "[PATCH] firmware: Always initialize the fw_priv list object" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 7012040576c6ae25a47035659ee48673612c2c27 Mon Sep 17 00:00:00 2001 From: Bjorn Andersson <bjorn.andersson(a)linaro.org> Date: Wed, 19 Sep 2018 18:09:38 -0700 Subject: [PATCH] firmware: Always initialize the fw_priv list object When freeing the fw_priv the item is taken off the list. This causes an oops in the FW_OPT_NOCACHE case as the list object is not initialized. Make sure to initialize the list object regardless of this flag. Fixes: 422b3db2a503 ("firmware: Fix security issue with request_firmware_into_buf()") Cc: stable(a)vger.kernel.org Cc: Rishabh Bhatnagar <rishabhb(a)codeaurora.org> Signed-off-by: Bjorn Andersson <bjorn.andersson(a)linaro.org> Reviewed-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/base/firmware_loader/main.c b/drivers/base/firmware_loader/main.c index b3c0498ee433..8e9213b36e31 100644 --- a/drivers/base/firmware_loader/main.c +++ b/drivers/base/firmware_loader/main.c @@ -226,8 +226,11 @@ static int alloc_lookup_fw_priv(const char *fw_name, } tmp = __allocate_fw_priv(fw_name, fwc, dbuf, size); - if (tmp && !(opt_flags & FW_OPT_NOCACHE)) - list_add(&tmp->list, &fwc->head); + if (tmp) { + INIT_LIST_HEAD(&tmp->list); + if (!(opt_flags & FW_OPT_NOCACHE)) + list_add(&tmp->list, &fwc->head); + } spin_unlock(&fwc->lock); *fw_priv = tmp;

6 years, 11 months

3
2
0 0

[PATCH net-next] net/ipv6: stop leaking percpu memory in fib6 info

by Mike Rapoport

The fib6_info_alloc() function allocates percpu memory to hold per CPU pointers to rt6_info, but this memory is never freed. Fix it. Fixes: a64efe142f5e ("net/ipv6: introduce fib6_info struct and helpers") Signed-off-by: Mike Rapoport <rppt(a)linux.vnet.ibm.com> Cc: stable(a)vger.kernel.org --- net/ipv6/ip6_fib.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/ipv6/ip6_fib.c b/net/ipv6/ip6_fib.c index cf709eadc932..cc7de7eb8b9c 100644 --- a/net/ipv6/ip6_fib.c +++ b/net/ipv6/ip6_fib.c @@ -194,6 +194,8 @@ void fib6_info_destroy_rcu(struct rcu_head *head) *ppcpu_rt = NULL; } } + + free_percpu(f6i->rt6i_pcpu); } lwtstate_put(f6i->fib6_nh.nh_lwtstate); -- 2.7.4

6 years, 11 months

3
3
0 0

[merged] ocfs2-fix-locking-for-res-tracking-and-dlm-tracking_list.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: ocfs2: fix locking for res->tracking and dlm->tracking_list has been removed from the -mm tree. Its filename was ocfs2-fix-locking-for-res-tracking-and-dlm-tracking_list.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Ashish Samant <ashish.samant(a)oracle.com> Subject: ocfs2: fix locking for res->tracking and dlm->tracking_list In dlm_init_lockres() we access and modify res->tracking and dlm->tracking_list without holding dlm->track_lock. This can cause list corruptions and can end up in kernel panic. Fix this by locking res->tracking and dlm->tracking_list with dlm->track_lock instead of dlm->spinlock. Link: http://lkml.kernel.org/r/1529951192-4686-1-git-send-email-ashish.samant@ora… Signed-off-by: Ashish Samant <ashish.samant(a)oracle.com> Reviewed-by: Changwei Ge <ge.changwei(a)h3c.com> Acked-by: Joseph Qi <jiangqi903(a)gmail.com> Acked-by: Jun Piao <piaojun(a)huawei.com> Cc: Mark Fasheh <mark(a)fasheh.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Changwei Ge <ge.changwei(a)h3c.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/ocfs2/dlm/dlmmaster.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/fs/ocfs2/dlm/dlmmaster.c~ocfs2-fix-locking-for-res-tracking-and-dlm-tracking_list +++ a/fs/ocfs2/dlm/dlmmaster.c @@ -584,9 +584,9 @@ static void dlm_init_lockres(struct dlm_ res->last_used = 0; - spin_lock(&dlm->spinlock); + spin_lock(&dlm->track_lock); list_add_tail(&res->tracking, &dlm->tracking_list); - spin_unlock(&dlm->spinlock); + spin_unlock(&dlm->track_lock); memset(res->lvb, 0, DLM_LVB_LEN); memset(res->refmap, 0, sizeof(res->refmap)); _ Patches currently in -mm which might be from ashish.samant(a)oracle.com are

6 years, 11 months

1
0
0 0

[merged] mm-vmstat-skip-nr_tlb_remote_flush-properly.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly has been removed from the -mm tree. Its filename was mm-vmstat-skip-nr_tlb_remote_flush-properly.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Jann Horn <jannh(a)google.com> Subject: mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly 5dd0b16cdaff ("mm/vmstat: Make NR_TLB_REMOTE_FLUSH_RECEIVED available even on UP") made the availability of the NR_TLB_REMOTE_FLUSH* counters inside the kernel unconditional to reduce #ifdef soup, but (either to avoid showing dummy zero counters to userspace, or because that code was missed) didn't update the vmstat_array, meaning that all following counters would be shown with incorrect values. This only affects kernel builds with CONFIG_VM_EVENT_COUNTERS=y && CONFIG_DEBUG_TLBFLUSH=y && CONFIG_SMP=n. Link: http://lkml.kernel.org/r/20181001143138.95119-2-jannh@google.com Fixes: 5dd0b16cdaff ("mm/vmstat: Make NR_TLB_REMOTE_FLUSH_RECEIVED available even on UP") Signed-off-by: Jann Horn <jannh(a)google.com> Reviewed-by: Kees Cook <keescook(a)chromium.org> Reviewed-by: Andrew Morton <akpm(a)linux-foundation.org> Acked-by: Michal Hocko <mhocko(a)suse.com> Acked-by: Roman Gushchin <guro(a)fb.com> Cc: Davidlohr Bueso <dave(a)stgolabs.net> Cc: Oleg Nesterov <oleg(a)redhat.com> Cc: Christoph Lameter <clameter(a)sgi.com> Cc: Kemi Wang <kemi.wang(a)intel.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Ingo Molnar <mingo(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/vmstat.c | 3 +++ 1 file changed, 3 insertions(+) --- a/mm/vmstat.c~mm-vmstat-skip-nr_tlb_remote_flush-properly +++ a/mm/vmstat.c @@ -1275,6 +1275,9 @@ const char * const vmstat_text[] = { #ifdef CONFIG_SMP "nr_tlb_remote_flush", "nr_tlb_remote_flush_received", +#else + "", /* nr_tlb_remote_flush */ + "", /* nr_tlb_remote_flush_received */ #endif /* CONFIG_SMP */ "nr_tlb_local_flush_all", "nr_tlb_local_flush_one", _ Patches currently in -mm which might be from jannh(a)google.com are mm-vmstat-assert-that-vmstat_text-is-in-sync-with-stat_items_size.patch reiserfs-propagate-errors-from-fill_with_dentries-properly.patch

6 years, 11 months

1
0
0 0

[merged] proc-restrict-kernel-stack-dumps-to-root.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: proc: restrict kernel stack dumps to root has been removed from the -mm tree. Its filename was proc-restrict-kernel-stack-dumps-to-root.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Jann Horn <jannh(a)google.com> Subject: proc: restrict kernel stack dumps to root Currently, you can use /proc/self/task/*/stack to cause a stack walk on a task you control while it is running on another CPU. That means that the stack can change under the stack walker. The stack walker does have guards against going completely off the rails and into random kernel memory, but it can interpret random data from your kernel stack as instruction pointers and stack pointers. This can cause exposure of kernel stack contents to userspace. Restrict the ability to inspect kernel stacks of arbitrary tasks to root in order to prevent a local attacker from exploiting racy stack unwinding to leak kernel task stack contents. See the added comment for a longer rationale. There don't seem to be any users of this userspace API that can't gracefully bail out if reading from the file fails. Therefore, I believe that this change is unlikely to break things. In the case that this patch does end up needing a revert, the next-best solution might be to fake a single-entry stack based on wchan. Link: http://lkml.kernel.org/r/20180927153316.200286-1-jannh@google.com Fixes: 2ec220e27f50 ("proc: add /proc/*/stack") Signed-off-by: Jann Horn <jannh(a)google.com> Acked-by: Kees Cook <keescook(a)chromium.org> Cc: Alexey Dobriyan <adobriyan(a)gmail.com> Cc: Ken Chen <kenchen(a)google.com> Cc: Will Deacon <will.deacon(a)arm.com> Cc: Laura Abbott <labbott(a)redhat.com> Cc: Andy Lutomirski <luto(a)amacapital.net> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Josh Poimboeuf <jpoimboe(a)redhat.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: "H . Peter Anvin" <hpa(a)zytor.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/proc/base.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) --- a/fs/proc/base.c~proc-restrict-kernel-stack-dumps-to-root +++ a/fs/proc/base.c @@ -407,6 +407,20 @@ static int proc_pid_stack(struct seq_fil unsigned long *entries; int err; + /* + * The ability to racily run the kernel stack unwinder on a running task + * and then observe the unwinder output is scary; while it is useful for + * debugging kernel issues, it can also allow an attacker to leak kernel + * stack contents. + * Doing this in a manner that is at least safe from races would require + * some work to ensure that the remote task can not be scheduled; and + * even then, this would still expose the unwinder as local attack + * surface. + * Therefore, this interface is restricted to root. + */ + if (!file_ns_capable(m->file, &init_user_ns, CAP_SYS_ADMIN)) + return -EACCES; + entries = kmalloc_array(MAX_STACK_TRACE_DEPTH, sizeof(*entries), GFP_KERNEL); if (!entries) _ Patches currently in -mm which might be from jannh(a)google.com are mm-vmstat-assert-that-vmstat_text-is-in-sync-with-stat_items_size.patch reiserfs-propagate-errors-from-fill_with_dentries-properly.patch

6 years, 11 months

1
0
0 0

[merged] mm-thp-fix-mlocking-thp-page-with-migration-enabled.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm, thp: fix mlocking THP page with migration enabled has been removed from the -mm tree. Its filename was mm-thp-fix-mlocking-thp-page-with-migration-enabled.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: "Kirill A. Shutemov" <kirill.shutemov(a)linux.intel.com> Subject: mm, thp: fix mlocking THP page with migration enabled A transparent huge page is represented by a single entry on an LRU list. Therefore, we can only make unevictable an entire compound page, not individual subpages. If a user tries to mlock() part of a huge page, we want the rest of the page to be reclaimable. We handle this by keeping PTE-mapped huge pages on normal LRU lists: the PMD on border of VM_LOCKED VMA will be split into PTE table. Introduction of THP migration breaks[1] the rules around mlocking THP pages. If we had a single PMD mapping of the page in mlocked VMA, the page will get mlocked, regardless of PTE mappings of the page. For tmpfs/shmem it's easy to fix by checking PageDoubleMap() in remove_migration_pmd(). Anon THP pages can only be shared between processes via fork(). Mlocked page can only be shared if parent mlocked it before forking, otherwise CoW will be triggered on mlock(). For Anon-THP, we can fix the issue by munlocking the page on removing PTE migration entry for the page. PTEs for the page will always come after mlocked PMD: rmap walks VMAs from oldest to newest. Test-case: #include <unistd.h> #include <sys/mman.h> #include <sys/wait.h> #include <linux/mempolicy.h> #include <numaif.h> int main(void) { unsigned long nodemask = 4; void *addr; addr = mmap((void *)0x20000000UL, 2UL << 20, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS | MAP_LOCKED, -1, 0); if (fork()) { wait(NULL); return 0; } mlock(addr, 4UL << 10); mbind(addr, 2UL << 20, MPOL_PREFERRED | MPOL_F_RELATIVE_NODES, &nodemask, 4, MPOL_MF_MOVE); return 0; } [1] https://lkml.kernel.org/r/CAOMGZ=G52R-30rZvhGxEbkTw7rLLwBGadVYeo--iizcD3upL… Link: http://lkml.kernel.org/r/20180917133816.43995-1-kirill.shutemov@linux.intel… Fixes: 616b8371539a ("mm: thp: enable thp migration in generic path") Signed-off-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Reported-by: Vegard Nossum <vegard.nossum(a)oracle.com> Reviewed-by: Zi Yan <zi.yan(a)cs.rutgers.edu> Cc: Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: <stable(a)vger.kernel.org> [4.14+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/huge_memory.c | 2 +- mm/migrate.c | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) --- a/mm/huge_memory.c~mm-thp-fix-mlocking-thp-page-with-migration-enabled +++ a/mm/huge_memory.c @@ -2931,7 +2931,7 @@ void remove_migration_pmd(struct page_vm else page_add_file_rmap(new, true); set_pmd_at(mm, mmun_start, pvmw->pmd, pmde); - if (vma->vm_flags & VM_LOCKED) + if ((vma->vm_flags & VM_LOCKED) && !PageDoubleMap(new)) mlock_vma_page(new); update_mmu_cache_pmd(vma, address, pvmw->pmd); } --- a/mm/migrate.c~mm-thp-fix-mlocking-thp-page-with-migration-enabled +++ a/mm/migrate.c @@ -275,6 +275,9 @@ static bool remove_migration_pte(struct if (vma->vm_flags & VM_LOCKED && !PageTransCompound(new)) mlock_vma_page(new); + if (PageTransHuge(page) && PageMlocked(page)) + clear_page_mlock(page); + /* No need to invalidate - it was non-present before */ update_mmu_cache(vma, pvmw.address, pvmw.pte); } _ Patches currently in -mm which might be from kirill.shutemov(a)linux.intel.com are

6 years, 11 months

1
0
0 0

[merged] mm-migration-fix-migration-of-huge-pmd-shared-pages.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm: migration: fix migration of huge PMD shared pages has been removed from the -mm tree. Its filename was mm-migration-fix-migration-of-huge-pmd-shared-pages.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Mike Kravetz <mike.kravetz(a)oracle.com> Subject: mm: migration: fix migration of huge PMD shared pages The page migration code employs try_to_unmap() to try and unmap the source page. This is accomplished by using rmap_walk to find all vmas where the page is mapped. This search stops when page mapcount is zero. For shared PMD huge pages, the page map count is always 1 no matter the number of mappings. Shared mappings are tracked via the reference count of the PMD page. Therefore, try_to_unmap stops prematurely and does not completely unmap all mappings of the source page. This problem can result is data corruption as writes to the original source page can happen after contents of the page are copied to the target page. Hence, data is lost. This problem was originally seen as DB corruption of shared global areas after a huge page was soft offlined due to ECC memory errors. DB developers noticed they could reproduce the issue by (hotplug) offlining memory used to back huge pages. A simple testcase can reproduce the problem by creating a shared PMD mapping (note that this must be at least PUD_SIZE in size and PUD_SIZE aligned (1GB on x86)), and using migrate_pages() to migrate process pages between nodes while continually writing to the huge pages being migrated. To fix, have the try_to_unmap_one routine check for huge PMD sharing by calling huge_pmd_unshare for hugetlbfs huge pages. If it is a shared mapping it will be 'unshared' which removes the page table entry and drops the reference on the PMD page. After this, flush caches and TLB. mmu notifiers are called before locking page tables, but we can not be sure of PMD sharing until page tables are locked. Therefore, check for the possibility of PMD sharing before locking so that notifiers can prepare for the worst possible case. Link: http://lkml.kernel.org/r/20180823205917.16297-2-mike.kravetz@oracle.com [mike.kravetz(a)oracle.com: make _range_in_vma() a static inline] Link: http://lkml.kernel.org/r/6063f215-a5c8-2f0c-465a-2c515ddc952d@oracle.com Fixes: 39dde65c9940 ("shared page table for hugetlb page") Signed-off-by: Mike Kravetz <mike.kravetz(a)oracle.com> Acked-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Reviewed-by: Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Davidlohr Bueso <dave(a)stgolabs.net> Cc: Jerome Glisse <jglisse(a)redhat.com> Cc: Mike Kravetz <mike.kravetz(a)oracle.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/hugetlb.h | 14 ++++++++++++ include/linux/mm.h | 6 +++++ mm/hugetlb.c | 37 +++++++++++++++++++++++++++++++-- mm/rmap.c | 42 +++++++++++++++++++++++++++++++++++--- 4 files changed, 94 insertions(+), 5 deletions(-) --- a/include/linux/hugetlb.h~mm-migration-fix-migration-of-huge-pmd-shared-pages +++ a/include/linux/hugetlb.h @@ -140,6 +140,8 @@ pte_t *huge_pte_alloc(struct mm_struct * pte_t *huge_pte_offset(struct mm_struct *mm, unsigned long addr, unsigned long sz); int huge_pmd_unshare(struct mm_struct *mm, unsigned long *addr, pte_t *ptep); +void adjust_range_if_pmd_sharing_possible(struct vm_area_struct *vma, + unsigned long *start, unsigned long *end); struct page *follow_huge_addr(struct mm_struct *mm, unsigned long address, int write); struct page *follow_huge_pd(struct vm_area_struct *vma, @@ -170,6 +172,18 @@ static inline unsigned long hugetlb_tota return 0; } +static inline int huge_pmd_unshare(struct mm_struct *mm, unsigned long *addr, + pte_t *ptep) +{ + return 0; +} + +static inline void adjust_range_if_pmd_sharing_possible( + struct vm_area_struct *vma, + unsigned long *start, unsigned long *end) +{ +} + #define follow_hugetlb_page(m,v,p,vs,a,b,i,w,n) ({ BUG(); 0; }) #define follow_huge_addr(mm, addr, write) ERR_PTR(-EINVAL) #define copy_hugetlb_page_range(src, dst, vma) ({ BUG(); 0; }) --- a/include/linux/mm.h~mm-migration-fix-migration-of-huge-pmd-shared-pages +++ a/include/linux/mm.h @@ -2455,6 +2455,12 @@ static inline struct vm_area_struct *fin return vma; } +static inline bool range_in_vma(struct vm_area_struct *vma, + unsigned long start, unsigned long end) +{ + return (vma && vma->vm_start <= start && end <= vma->vm_end); +} + #ifdef CONFIG_MMU pgprot_t vm_get_page_prot(unsigned long vm_flags); void vma_set_page_prot(struct vm_area_struct *vma); --- a/mm/hugetlb.c~mm-migration-fix-migration-of-huge-pmd-shared-pages +++ a/mm/hugetlb.c @@ -4545,13 +4545,41 @@ static bool vma_shareable(struct vm_area /* * check on proper vm_flags and page table alignment */ - if (vma->vm_flags & VM_MAYSHARE && - vma->vm_start <= base && end <= vma->vm_end) + if (vma->vm_flags & VM_MAYSHARE && range_in_vma(vma, base, end)) return true; return false; } /* + * Determine if start,end range within vma could be mapped by shared pmd. + * If yes, adjust start and end to cover range associated with possible + * shared pmd mappings. + */ +void adjust_range_if_pmd_sharing_possible(struct vm_area_struct *vma, + unsigned long *start, unsigned long *end) +{ + unsigned long check_addr = *start; + + if (!(vma->vm_flags & VM_MAYSHARE)) + return; + + for (check_addr = *start; check_addr < *end; check_addr += PUD_SIZE) { + unsigned long a_start = check_addr & PUD_MASK; + unsigned long a_end = a_start + PUD_SIZE; + + /* + * If sharing is possible, adjust start/end if necessary. + */ + if (range_in_vma(vma, a_start, a_end)) { + if (a_start < *start) + *start = a_start; + if (a_end > *end) + *end = a_end; + } + } +} + +/* * Search for a shareable pmd page for hugetlb. In any case calls pmd_alloc() * and returns the corresponding pte. While this is not necessary for the * !shared pmd case because we can allocate the pmd later as well, it makes the @@ -4648,6 +4676,11 @@ int huge_pmd_unshare(struct mm_struct *m { return 0; } + +void adjust_range_if_pmd_sharing_possible(struct vm_area_struct *vma, + unsigned long *start, unsigned long *end) +{ +} #define want_pmd_share() (0) #endif /* CONFIG_ARCH_WANT_HUGE_PMD_SHARE */ --- a/mm/rmap.c~mm-migration-fix-migration-of-huge-pmd-shared-pages +++ a/mm/rmap.c @@ -1362,11 +1362,21 @@ static bool try_to_unmap_one(struct page } /* - * We have to assume the worse case ie pmd for invalidation. Note that - * the page can not be free in this function as call of try_to_unmap() - * must hold a reference on the page. + * For THP, we have to assume the worse case ie pmd for invalidation. + * For hugetlb, it could be much worse if we need to do pud + * invalidation in the case of pmd sharing. + * + * Note that the page can not be free in this function as call of + * try_to_unmap() must hold a reference on the page. */ end = min(vma->vm_end, start + (PAGE_SIZE << compound_order(page))); + if (PageHuge(page)) { + /* + * If sharing is possible, start and end will be adjusted + * accordingly. + */ + adjust_range_if_pmd_sharing_possible(vma, &start, &end); + } mmu_notifier_invalidate_range_start(vma->vm_mm, start, end); while (page_vma_mapped_walk(&pvmw)) { @@ -1409,6 +1419,32 @@ static bool try_to_unmap_one(struct page subpage = page - page_to_pfn(page) + pte_pfn(*pvmw.pte); address = pvmw.address; + if (PageHuge(page)) { + if (huge_pmd_unshare(mm, &address, pvmw.pte)) { + /* + * huge_pmd_unshare unmapped an entire PMD + * page. There is no way of knowing exactly + * which PMDs may be cached for this mm, so + * we must flush them all. start/end were + * already adjusted above to cover this range. + */ + flush_cache_range(vma, start, end); + flush_tlb_range(vma, start, end); + mmu_notifier_invalidate_range(mm, start, end); + + /* + * The ref count of the PMD page was dropped + * which is part of the way map counting + * is done for shared PMDs. Return 'true' + * here. When there is no other sharing, + * huge_pmd_unshare returns false and we will + * unmap the actual page and drop map count + * to zero. + */ + page_vma_mapped_walk_done(&pvmw); + break; + } + } if (IS_ENABLED(CONFIG_MIGRATION) && (flags & TTU_MIGRATION) && _ Patches currently in -mm which might be from mike.kravetz(a)oracle.com are

6 years, 11 months

1
0
0 0

[PATCH v7 5/5] drm/i915: Fix intel_dp_mst_best_encoder()

by Lyude Paul

Currently, i915 appears to rely on blocking modesets on no-longer-present MSTB ports by simply returning NULL for ->best_encoder(), which in turn causes any new atomic commits that don't disable the CRTC to fail. This is wrong however, since we still want to allow userspace to disable CRTCs on no-longer-present MSTB ports by changing the DPMS state to off and this still requires that we retrieve an encoder. So, fix this by always returning a valid encoder regardless of the state of the MST port. Changes since v1: - Remove mst atomic helper, since this got replaced with a much simpler solution Signed-off-by: Lyude Paul <lyude(a)redhat.com> Reviewed-by: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/i915/intel_dp_mst.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_dp_mst.c b/drivers/gpu/drm/i915/intel_dp_mst.c index 0f14c0d1669c..7f155b4f1a7d 100644 --- a/drivers/gpu/drm/i915/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/intel_dp_mst.c @@ -404,8 +404,6 @@ static struct drm_encoder *intel_mst_atomic_best_encoder(struct drm_connector *c struct intel_dp *intel_dp = intel_connector->mst_port; struct intel_crtc *crtc = to_intel_crtc(state->crtc); - if (!READ_ONCE(connector->registered)) - return NULL; return &intel_dp->mst_encoders[crtc->pipe]->base.base; } -- 2.17.1

6 years, 11 months

1
0
0 0

[PATCH v7 4/5] drm/i915: Skip vcpi allocation for MSTB ports that are gone

by Lyude Paul

Since we need to be able to allow DPMS on->off prop changes after an MST port has disappeared from the system, we need to be able to make sure we can compute a config for the resulting atomic commit. Currently this is impossible when the port has disappeared, since the VCPI slot searching we try to do in intel_dp_mst_compute_config() will fail with -EINVAL. Since the only commits we want to allow on no-longer-present MST ports are ones that shut off display hardware, we already know that no VCPI allocations are needed. So, hardcode the VCPI slot count to 0 when intel_dp_mst_compute_config() is called on an MST port that's gone. Changes since V4: - Don't use mst_port_gone at all, just check whether or not the drm connector is registered - Daniel Vetter Signed-off-by: Lyude Paul <lyude(a)redhat.com> Reviewed-by: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/i915/intel_dp_mst.c | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_dp_mst.c b/drivers/gpu/drm/i915/intel_dp_mst.c index aa21742d8634..0f14c0d1669c 100644 --- a/drivers/gpu/drm/i915/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/intel_dp_mst.c @@ -38,11 +38,11 @@ static bool intel_dp_mst_compute_config(struct intel_encoder *encoder, struct intel_dp_mst_encoder *intel_mst = enc_to_mst(&encoder->base); struct intel_digital_port *intel_dig_port = intel_mst->primary; struct intel_dp *intel_dp = &intel_dig_port->dp; - struct intel_connector *connector = - to_intel_connector(conn_state->connector); + struct drm_connector *connector = conn_state->connector; + void *port = to_intel_connector(connector)->port; struct drm_atomic_state *state = pipe_config->base.state; int bpp; - int lane_count, slots; + int lane_count, slots = 0; const struct drm_display_mode *adjusted_mode = &pipe_config->base.adjusted_mode; int mst_pbn; bool constant_n = drm_dp_has_quirk(&intel_dp->desc, @@ -70,17 +70,23 @@ static bool intel_dp_mst_compute_config(struct intel_encoder *encoder, pipe_config->port_clock = intel_dp_max_link_rate(intel_dp); - if (drm_dp_mst_port_has_audio(&intel_dp->mst_mgr, connector->port)) + if (drm_dp_mst_port_has_audio(&intel_dp->mst_mgr, port)) pipe_config->has_audio = true; mst_pbn = drm_dp_calc_pbn_mode(adjusted_mode->crtc_clock, bpp); pipe_config->pbn = mst_pbn; - slots = drm_dp_atomic_find_vcpi_slots(state, &intel_dp->mst_mgr, - connector->port, mst_pbn); - if (slots < 0) { - DRM_DEBUG_KMS("failed finding vcpi slots:%d\n", slots); - return false; + /* Zombie connectors can't have VCPI slots */ + if (READ_ONCE(connector->registered)) { + slots = drm_dp_atomic_find_vcpi_slots(state, + &intel_dp->mst_mgr, + port, + mst_pbn); + if (slots < 0) { + DRM_DEBUG_KMS("failed finding vcpi slots:%d\n", + slots); + return false; + } } intel_link_compute_m_n(bpp, lane_count, -- 2.17.1

6 years, 11 months

1
0
0 0

[PATCH v7 3/5] drm/i915: Don't unset intel_connector->mst_port

by Lyude Paul

Currently we set intel_connector->mst_port to NULL to signify that the MST port has been removed from the system so that we can prevent further action on the port such as connector probes, mode probing, etc. However, we're going to need access to intel_connector->mst_port in order to fixup ->best_encoder() so that it can always return the correct encoder for an MST port to prevent legacy DPMS prop changes from failing. This should be safe, so instead keep intel_connector->mst_port always set and instead just check the status of drm_connector->regustered to signify whether or not the connector has disappeared from the system. Changes since v2: - Add a comment to mst_port_gone (Jani Nikula) - Change mst_port_gone to a u8 instead of a bool, per the kernel bot. Apparently bool is discouraged in structs these days Changes since v4: - Don't use mst_port_gone at all! Just check if the connector is registered or not - Daniel Vetter Signed-off-by: Lyude Paul <lyude(a)redhat.com> Reviewed-by: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/i915/intel_dp_mst.c | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_dp_mst.c b/drivers/gpu/drm/i915/intel_dp_mst.c index 43db2e9ac575..aa21742d8634 100644 --- a/drivers/gpu/drm/i915/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/intel_dp_mst.c @@ -307,9 +307,8 @@ static int intel_dp_mst_get_ddc_modes(struct drm_connector *connector) struct edid *edid; int ret; - if (!intel_dp) { + if (!READ_ONCE(connector->registered)) return intel_connector_update_modes(connector, NULL); - } edid = drm_dp_mst_get_edid(connector, &intel_dp->mst_mgr, intel_connector->port); ret = intel_connector_update_modes(connector, edid); @@ -324,9 +323,10 @@ intel_dp_mst_detect(struct drm_connector *connector, bool force) struct intel_connector *intel_connector = to_intel_connector(connector); struct intel_dp *intel_dp = intel_connector->mst_port; - if (!intel_dp) + if (!READ_ONCE(connector->registered)) return connector_status_disconnected; - return drm_dp_mst_detect_port(connector, &intel_dp->mst_mgr, intel_connector->port); + return drm_dp_mst_detect_port(connector, &intel_dp->mst_mgr, + intel_connector->port); } static void @@ -366,7 +366,7 @@ intel_dp_mst_mode_valid(struct drm_connector *connector, int bpp = 24; /* MST uses fixed bpp */ int max_rate, mode_rate, max_lanes, max_link_clock; - if (!intel_dp) + if (!READ_ONCE(connector->registered)) return MODE_ERROR; if (mode->flags & DRM_MODE_FLAG_DBLSCAN) @@ -398,7 +398,7 @@ static struct drm_encoder *intel_mst_atomic_best_encoder(struct drm_connector *c struct intel_dp *intel_dp = intel_connector->mst_port; struct intel_crtc *crtc = to_intel_crtc(state->crtc); - if (!intel_dp) + if (!READ_ONCE(connector->registered)) return NULL; return &intel_dp->mst_encoders[crtc->pipe]->base.base; } @@ -499,7 +499,6 @@ static void intel_dp_register_mst_connector(struct drm_connector *connector) static void intel_dp_destroy_mst_connector(struct drm_dp_mst_topology_mgr *mgr, struct drm_connector *connector) { - struct intel_connector *intel_connector = to_intel_connector(connector); struct drm_i915_private *dev_priv = to_i915(connector->dev); DRM_DEBUG_KMS("[CONNECTOR:%d:%s]\n", connector->base.id, connector->name); @@ -508,10 +507,6 @@ static void intel_dp_destroy_mst_connector(struct drm_dp_mst_topology_mgr *mgr, if (dev_priv->fbdev) drm_fb_helper_remove_one_connector(&dev_priv->fbdev->helper, connector); - /* prevent race with the check in ->detect */ - drm_modeset_lock(&connector->dev->mode_config.connection_mutex, NULL); - intel_connector->mst_port = NULL; - drm_modeset_unlock(&connector->dev->mode_config.connection_mutex); drm_connector_put(connector); } -- 2.17.1

6 years, 11 months

1
0
0 0

[PATCH v7 2/5] drm/nouveau: Fix nv50_mstc->best_encoder()

by Lyude Paul

As mentioned in the previous commit, we currently prevent new modesets on recently-removed MST connectors by returning no encoder from our ->best_encoder() callback once the MST port has disappeared. This is wrong however, because it prevents legacy modesetting users from being able to disable CRTCs on MST connectors after the connector's respective topology has disappeared. So, fix this by instead by just always returning a valid encoder. Changes since v2: - Remove usage of atomic MST helper for now, since that got replaced with a much simpler solution Signed-off-by: Lyude Paul <lyude(a)redhat.com> Reviewed-by: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/nouveau/dispnv50/disp.c | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/drivers/gpu/drm/nouveau/dispnv50/disp.c b/drivers/gpu/drm/nouveau/dispnv50/disp.c index 9f32b10c7c29..31b94bc9ec90 100644 --- a/drivers/gpu/drm/nouveau/dispnv50/disp.c +++ b/drivers/gpu/drm/nouveau/dispnv50/disp.c @@ -843,22 +843,16 @@ nv50_mstc_atomic_best_encoder(struct drm_connector *connector, { struct nv50_head *head = nv50_head(connector_state->crtc); struct nv50_mstc *mstc = nv50_mstc(connector); - if (mstc->port) { - struct nv50_mstm *mstm = mstc->mstm; - return &mstm->msto[head->base.index]->encoder; - } - return NULL; + + return &mstc->mstm->msto[head->base.index]->encoder; } static struct drm_encoder * nv50_mstc_best_encoder(struct drm_connector *connector) { struct nv50_mstc *mstc = nv50_mstc(connector); - if (mstc->port) { - struct nv50_mstm *mstm = mstc->mstm; - return &mstm->msto[0]->encoder; - } - return NULL; + + return &mstc->mstm->msto[0]->encoder; } static enum drm_mode_status -- 2.17.1

6 years, 11 months

1
0
0 0

FAILED: patch "[PATCH] powerpc: Avoid code patching freed init sections" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 51c3c62b58b357e8d35e4cc32f7b4ec907426fe3 Mon Sep 17 00:00:00 2001 From: Michael Neuling <mikey(a)neuling.org> Date: Fri, 14 Sep 2018 11:14:11 +1000 Subject: [PATCH] powerpc: Avoid code patching freed init sections This stops us from doing code patching in init sections after they've been freed. In this chain: kvm_guest_init() -> kvm_use_magic_page() -> fault_in_pages_readable() -> __get_user() -> __get_user_nocheck() -> barrier_nospec(); We have a code patching location at barrier_nospec() and kvm_guest_init() is an init function. This whole chain gets inlined, so when we free the init section (hence kvm_guest_init()), this code goes away and hence should no longer be patched. We seen this as userspace memory corruption when using a memory checker while doing partition migration testing on powervm (this starts the code patching post migration via /sys/kernel/mobility/migration). In theory, it could also happen when using /sys/kernel/debug/powerpc/barrier_nospec. Cc: stable(a)vger.kernel.org # 4.13+ Signed-off-by: Michael Neuling <mikey(a)neuling.org> Reviewed-by: Nicholas Piggin <npiggin(a)gmail.com> Reviewed-by: Christophe Leroy <christophe.leroy(a)c-s.fr> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> diff --git a/arch/powerpc/include/asm/setup.h b/arch/powerpc/include/asm/setup.h index 1a951b00465d..1fffbba8d6a5 100644 --- a/arch/powerpc/include/asm/setup.h +++ b/arch/powerpc/include/asm/setup.h @@ -9,6 +9,7 @@ extern void ppc_printk_progress(char *s, unsigned short hex); extern unsigned int rtas_data; extern unsigned long long memory_limit; +extern bool init_mem_is_free; extern unsigned long klimit; extern void *zalloc_maybe_bootmem(size_t size, gfp_t mask); diff --git a/arch/powerpc/lib/code-patching.c b/arch/powerpc/lib/code-patching.c index 850f3b8f4da5..6ae2777c220d 100644 --- a/arch/powerpc/lib/code-patching.c +++ b/arch/powerpc/lib/code-patching.c @@ -28,6 +28,12 @@ static int __patch_instruction(unsigned int *exec_addr, unsigned int instr, { int err; + /* Make sure we aren't patching a freed init section */ + if (init_mem_is_free && init_section_contains(exec_addr, 4)) { + pr_debug("Skipping init section patching addr: 0x%px\n", exec_addr); + return 0; + } + __put_user_size(instr, patch_addr, 4, err); if (err) return err; diff --git a/arch/powerpc/mm/mem.c b/arch/powerpc/mm/mem.c index 5c8530d0c611..04ccb274a620 100644 --- a/arch/powerpc/mm/mem.c +++ b/arch/powerpc/mm/mem.c @@ -63,6 +63,7 @@ #endif unsigned long long memory_limit; +bool init_mem_is_free; #ifdef CONFIG_HIGHMEM pte_t *kmap_pte; @@ -396,6 +397,7 @@ void free_initmem(void) { ppc_md.progress = ppc_printk_progress; mark_initmem_nx(); + init_mem_is_free = true; free_initmem_default(POISON_FREE_INITMEM); }

6 years, 11 months

2
1
0 0

[PATCH v6 5/5] drm/i915: Fix intel_dp_mst_best_encoder()

by Lyude Paul

Currently, i915 appears to rely on blocking modesets on no-longer-present MSTB ports by simply returning NULL for ->best_encoder(), which in turn causes any new atomic commits that don't disable the CRTC to fail. This is wrong however, since we still want to allow userspace to disable CRTCs on no-longer-present MSTB ports by changing the DPMS state to off and this still requires that we retrieve an encoder. So, fix this by always returning a valid encoder regardless of the state of the MST port. Changes since v1: - Remove mst atomic helper, since this got replaced with a much simpler solution Signed-off-by: Lyude Paul <lyude(a)redhat.com> Reviewed-by: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/i915/intel_dp_mst.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_dp_mst.c b/drivers/gpu/drm/i915/intel_dp_mst.c index 0f14c0d1669c..7f155b4f1a7d 100644 --- a/drivers/gpu/drm/i915/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/intel_dp_mst.c @@ -404,8 +404,6 @@ static struct drm_encoder *intel_mst_atomic_best_encoder(struct drm_connector *c struct intel_dp *intel_dp = intel_connector->mst_port; struct intel_crtc *crtc = to_intel_crtc(state->crtc); - if (!READ_ONCE(connector->registered)) - return NULL; return &intel_dp->mst_encoders[crtc->pipe]->base.base; } -- 2.17.1

6 years, 11 months

1
0
0 0

[PATCH v6 4/5] drm/i915: Skip vcpi allocation for MSTB ports that are gone

by Lyude Paul

Since we need to be able to allow DPMS on->off prop changes after an MST port has disappeared from the system, we need to be able to make sure we can compute a config for the resulting atomic commit. Currently this is impossible when the port has disappeared, since the VCPI slot searching we try to do in intel_dp_mst_compute_config() will fail with -EINVAL. Since the only commits we want to allow on no-longer-present MST ports are ones that shut off display hardware, we already know that no VCPI allocations are needed. So, hardcode the VCPI slot count to 0 when intel_dp_mst_compute_config() is called on an MST port that's gone. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Reviewed-by: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: stable(a)vger.kernel.org Changes since V4: - Don't use mst_port_gone at all, just check whether or not the drm connector is registered - Daniel Vetter Signed-off-by: Lyude Paul <lyude(a)redhat.com> --- drivers/gpu/drm/i915/intel_dp_mst.c | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_dp_mst.c b/drivers/gpu/drm/i915/intel_dp_mst.c index aa21742d8634..0f14c0d1669c 100644 --- a/drivers/gpu/drm/i915/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/intel_dp_mst.c @@ -38,11 +38,11 @@ static bool intel_dp_mst_compute_config(struct intel_encoder *encoder, struct intel_dp_mst_encoder *intel_mst = enc_to_mst(&encoder->base); struct intel_digital_port *intel_dig_port = intel_mst->primary; struct intel_dp *intel_dp = &intel_dig_port->dp; - struct intel_connector *connector = - to_intel_connector(conn_state->connector); + struct drm_connector *connector = conn_state->connector; + void *port = to_intel_connector(connector)->port; struct drm_atomic_state *state = pipe_config->base.state; int bpp; - int lane_count, slots; + int lane_count, slots = 0; const struct drm_display_mode *adjusted_mode = &pipe_config->base.adjusted_mode; int mst_pbn; bool constant_n = drm_dp_has_quirk(&intel_dp->desc, @@ -70,17 +70,23 @@ static bool intel_dp_mst_compute_config(struct intel_encoder *encoder, pipe_config->port_clock = intel_dp_max_link_rate(intel_dp); - if (drm_dp_mst_port_has_audio(&intel_dp->mst_mgr, connector->port)) + if (drm_dp_mst_port_has_audio(&intel_dp->mst_mgr, port)) pipe_config->has_audio = true; mst_pbn = drm_dp_calc_pbn_mode(adjusted_mode->crtc_clock, bpp); pipe_config->pbn = mst_pbn; - slots = drm_dp_atomic_find_vcpi_slots(state, &intel_dp->mst_mgr, - connector->port, mst_pbn); - if (slots < 0) { - DRM_DEBUG_KMS("failed finding vcpi slots:%d\n", slots); - return false; + /* Zombie connectors can't have VCPI slots */ + if (READ_ONCE(connector->registered)) { + slots = drm_dp_atomic_find_vcpi_slots(state, + &intel_dp->mst_mgr, + port, + mst_pbn); + if (slots < 0) { + DRM_DEBUG_KMS("failed finding vcpi slots:%d\n", + slots); + return false; + } } intel_link_compute_m_n(bpp, lane_count, -- 2.17.1

6 years, 11 months

1
0
0 0

[PATCH v6 3/5] drm/i915: Don't unset intel_connector->mst_port

by Lyude Paul

Currently we set intel_connector->mst_port to NULL to signify that the MST port has been removed from the system so that we can prevent further action on the port such as connector probes, mode probing, etc. However, we're going to need access to intel_connector->mst_port in order to fixup ->best_encoder() so that it can always return the correct encoder for an MST port to prevent legacy DPMS prop changes from failing. This should be safe, so instead keep intel_connector->mst_port always set and instead just check the status of drm_connector->regustered to signify whether or not the connector has disappeared from the system. Changes since v2: - Add a comment to mst_port_gone (Jani Nikula) - Change mst_port_gone to a u8 instead of a bool, per the kernel bot. Apparently bool is discouraged in structs these days Changes since v4: - Don't use mst_port_gone at all! Just check if the connector is registered or not - Daniel Vetter Signed-off-by: Lyude Paul <lyude(a)redhat.com> Reviewed-by: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/i915/intel_dp_mst.c | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_dp_mst.c b/drivers/gpu/drm/i915/intel_dp_mst.c index 43db2e9ac575..aa21742d8634 100644 --- a/drivers/gpu/drm/i915/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/intel_dp_mst.c @@ -307,9 +307,8 @@ static int intel_dp_mst_get_ddc_modes(struct drm_connector *connector) struct edid *edid; int ret; - if (!intel_dp) { + if (!READ_ONCE(connector->registered)) return intel_connector_update_modes(connector, NULL); - } edid = drm_dp_mst_get_edid(connector, &intel_dp->mst_mgr, intel_connector->port); ret = intel_connector_update_modes(connector, edid); @@ -324,9 +323,10 @@ intel_dp_mst_detect(struct drm_connector *connector, bool force) struct intel_connector *intel_connector = to_intel_connector(connector); struct intel_dp *intel_dp = intel_connector->mst_port; - if (!intel_dp) + if (!READ_ONCE(connector->registered)) return connector_status_disconnected; - return drm_dp_mst_detect_port(connector, &intel_dp->mst_mgr, intel_connector->port); + return drm_dp_mst_detect_port(connector, &intel_dp->mst_mgr, + intel_connector->port); } static void @@ -366,7 +366,7 @@ intel_dp_mst_mode_valid(struct drm_connector *connector, int bpp = 24; /* MST uses fixed bpp */ int max_rate, mode_rate, max_lanes, max_link_clock; - if (!intel_dp) + if (!READ_ONCE(connector->registered)) return MODE_ERROR; if (mode->flags & DRM_MODE_FLAG_DBLSCAN) @@ -398,7 +398,7 @@ static struct drm_encoder *intel_mst_atomic_best_encoder(struct drm_connector *c struct intel_dp *intel_dp = intel_connector->mst_port; struct intel_crtc *crtc = to_intel_crtc(state->crtc); - if (!intel_dp) + if (!READ_ONCE(connector->registered)) return NULL; return &intel_dp->mst_encoders[crtc->pipe]->base.base; } @@ -499,7 +499,6 @@ static void intel_dp_register_mst_connector(struct drm_connector *connector) static void intel_dp_destroy_mst_connector(struct drm_dp_mst_topology_mgr *mgr, struct drm_connector *connector) { - struct intel_connector *intel_connector = to_intel_connector(connector); struct drm_i915_private *dev_priv = to_i915(connector->dev); DRM_DEBUG_KMS("[CONNECTOR:%d:%s]\n", connector->base.id, connector->name); @@ -508,10 +507,6 @@ static void intel_dp_destroy_mst_connector(struct drm_dp_mst_topology_mgr *mgr, if (dev_priv->fbdev) drm_fb_helper_remove_one_connector(&dev_priv->fbdev->helper, connector); - /* prevent race with the check in ->detect */ - drm_modeset_lock(&connector->dev->mode_config.connection_mutex, NULL); - intel_connector->mst_port = NULL; - drm_modeset_unlock(&connector->dev->mode_config.connection_mutex); drm_connector_put(connector); } -- 2.17.1

6 years, 11 months

1
0
0 0

[PATCH v6 2/5] drm/nouveau: Fix nv50_mstc->best_encoder()

by Lyude Paul

As mentioned in the previous commit, we currently prevent new modesets on recently-removed MST connectors by returning no encoder from our ->best_encoder() callback once the MST port has disappeared. This is wrong however, because it prevents legacy modesetting users from being able to disable CRTCs on MST connectors after the connector's respective topology has disappeared. So, fix this by instead by just always returning a valid encoder. Changes since v2: - Remove usage of atomic MST helper for now, since that got replaced with a much simpler solution Signed-off-by: Lyude Paul <lyude(a)redhat.com> Reviewed-by: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/nouveau/dispnv50/disp.c | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/drivers/gpu/drm/nouveau/dispnv50/disp.c b/drivers/gpu/drm/nouveau/dispnv50/disp.c index 9f32b10c7c29..31b94bc9ec90 100644 --- a/drivers/gpu/drm/nouveau/dispnv50/disp.c +++ b/drivers/gpu/drm/nouveau/dispnv50/disp.c @@ -843,22 +843,16 @@ nv50_mstc_atomic_best_encoder(struct drm_connector *connector, { struct nv50_head *head = nv50_head(connector_state->crtc); struct nv50_mstc *mstc = nv50_mstc(connector); - if (mstc->port) { - struct nv50_mstm *mstm = mstc->mstm; - return &mstm->msto[head->base.index]->encoder; - } - return NULL; + + return &mstc->mstm->msto[head->base.index]->encoder; } static struct drm_encoder * nv50_mstc_best_encoder(struct drm_connector *connector) { struct nv50_mstc *mstc = nv50_mstc(connector); - if (mstc->port) { - struct nv50_mstm *mstm = mstc->mstm; - return &mstm->msto[0]->encoder; - } - return NULL; + + return &mstc->mstm->msto[0]->encoder; } static enum drm_mode_status -- 2.17.1

6 years, 11 months

1
0
0 0

[PATCH v6 1/5] drm/atomic_helper: Disallow new modesets on unregistered connectors

by Lyude Paul

With the exception of modesets which would switch the DPMS state of a connector from on to off, we want to make sure that we disallow all modesets which would result in enabling a new monitor or a new mode configuration on a monitor if the connector for the display in question is no longer registered. This allows us to stop userspace from trying to enable new displays on connectors for an MST topology that were just removed from the system, without preventing userspace from disabling DPMS on those connectors. Changes since v5: - Fix typo in comment, nothing else Signed-off-by: Lyude Paul <lyude(a)redhat.com> Reviewed-by: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/drm_atomic_helper.c | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/drm_atomic_helper.c b/drivers/gpu/drm/drm_atomic_helper.c index 6f66777dca4b..e6a2cf72de5e 100644 --- a/drivers/gpu/drm/drm_atomic_helper.c +++ b/drivers/gpu/drm/drm_atomic_helper.c @@ -319,6 +319,26 @@ update_connector_routing(struct drm_atomic_state *state, return 0; } + crtc_state = drm_atomic_get_new_crtc_state(state, + new_connector_state->crtc); + /* + * For compatibility with legacy users, we want to make sure that + * we allow DPMS On->Off modesets on unregistered connectors. Modesets + * which would result in anything else must be considered invalid, to + * avoid turning on new displays on dead connectors. + * + * Since the connector can be unregistered at any point during an + * atomic check or commit, this is racy. But that's OK: all we care + * about is ensuring that userspace can't do anything but shut off the + * display on a connector that was destroyed after its been notified, + * not before. + */ + if (!READ_ONCE(connector->registered) && crtc_state->active) { + DRM_DEBUG_ATOMIC("[CONNECTOR:%d:%s] is not registered\n", + connector->base.id, connector->name); + return -EINVAL; + } + funcs = connector->helper_private; if (funcs->atomic_best_encoder) @@ -363,7 +383,6 @@ update_connector_routing(struct drm_atomic_state *state, set_best_encoder(state, new_connector_state, new_encoder); - crtc_state = drm_atomic_get_new_crtc_state(state, new_connector_state->crtc); crtc_state->connectors_changed = true; DRM_DEBUG_ATOMIC("[CONNECTOR:%d:%s] using [ENCODER:%d:%s] on [CRTC:%d:%s]\n", -- 2.17.1

6 years, 11 months

1
0
0 0

[PATCH v5 5/5] drm/i915: Fix intel_dp_mst_best_encoder()

by Lyude Paul

Currently, i915 appears to rely on blocking modesets on no-longer-present MSTB ports by simply returning NULL for ->best_encoder(), which in turn causes any new atomic commits that don't disable the CRTC to fail. This is wrong however, since we still want to allow userspace to disable CRTCs on no-longer-present MSTB ports by changing the DPMS state to off and this still requires that we retrieve an encoder. So, fix this by always returning a valid encoder regardless of the state of the MST port. Changes since v1: - Remove mst atomic helper, since this got replaced with a much simpler solution Signed-off-by: Lyude Paul <lyude(a)redhat.com> Reviewed-by: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/i915/intel_dp_mst.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_dp_mst.c b/drivers/gpu/drm/i915/intel_dp_mst.c index 0f14c0d1669c..7f155b4f1a7d 100644 --- a/drivers/gpu/drm/i915/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/intel_dp_mst.c @@ -404,8 +404,6 @@ static struct drm_encoder *intel_mst_atomic_best_encoder(struct drm_connector *c struct intel_dp *intel_dp = intel_connector->mst_port; struct intel_crtc *crtc = to_intel_crtc(state->crtc); - if (!READ_ONCE(connector->registered)) - return NULL; return &intel_dp->mst_encoders[crtc->pipe]->base.base; } -- 2.17.1

6 years, 11 months

1
0
0 0

[PATCH v5 4/5] drm/i915: Skip vcpi allocation for MSTB ports that are gone

by Lyude Paul

Since we need to be able to allow DPMS on->off prop changes after an MST port has disappeared from the system, we need to be able to make sure we can compute a config for the resulting atomic commit. Currently this is impossible when the port has disappeared, since the VCPI slot searching we try to do in intel_dp_mst_compute_config() will fail with -EINVAL. Since the only commits we want to allow on no-longer-present MST ports are ones that shut off display hardware, we already know that no VCPI allocations are needed. So, hardcode the VCPI slot count to 0 when intel_dp_mst_compute_config() is called on an MST port that's gone. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Reviewed-by: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: stable(a)vger.kernel.org Changes since V4: - Don't use mst_port_gone at all, just check whether or not the drm connector is registered - Daniel Vetter Signed-off-by: Lyude Paul <lyude(a)redhat.com> --- drivers/gpu/drm/i915/intel_dp_mst.c | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_dp_mst.c b/drivers/gpu/drm/i915/intel_dp_mst.c index aa21742d8634..0f14c0d1669c 100644 --- a/drivers/gpu/drm/i915/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/intel_dp_mst.c @@ -38,11 +38,11 @@ static bool intel_dp_mst_compute_config(struct intel_encoder *encoder, struct intel_dp_mst_encoder *intel_mst = enc_to_mst(&encoder->base); struct intel_digital_port *intel_dig_port = intel_mst->primary; struct intel_dp *intel_dp = &intel_dig_port->dp; - struct intel_connector *connector = - to_intel_connector(conn_state->connector); + struct drm_connector *connector = conn_state->connector; + void *port = to_intel_connector(connector)->port; struct drm_atomic_state *state = pipe_config->base.state; int bpp; - int lane_count, slots; + int lane_count, slots = 0; const struct drm_display_mode *adjusted_mode = &pipe_config->base.adjusted_mode; int mst_pbn; bool constant_n = drm_dp_has_quirk(&intel_dp->desc, @@ -70,17 +70,23 @@ static bool intel_dp_mst_compute_config(struct intel_encoder *encoder, pipe_config->port_clock = intel_dp_max_link_rate(intel_dp); - if (drm_dp_mst_port_has_audio(&intel_dp->mst_mgr, connector->port)) + if (drm_dp_mst_port_has_audio(&intel_dp->mst_mgr, port)) pipe_config->has_audio = true; mst_pbn = drm_dp_calc_pbn_mode(adjusted_mode->crtc_clock, bpp); pipe_config->pbn = mst_pbn; - slots = drm_dp_atomic_find_vcpi_slots(state, &intel_dp->mst_mgr, - connector->port, mst_pbn); - if (slots < 0) { - DRM_DEBUG_KMS("failed finding vcpi slots:%d\n", slots); - return false; + /* Zombie connectors can't have VCPI slots */ + if (READ_ONCE(connector->registered)) { + slots = drm_dp_atomic_find_vcpi_slots(state, + &intel_dp->mst_mgr, + port, + mst_pbn); + if (slots < 0) { + DRM_DEBUG_KMS("failed finding vcpi slots:%d\n", + slots); + return false; + } } intel_link_compute_m_n(bpp, lane_count, -- 2.17.1

6 years, 11 months

1
0
0 0

[PATCH v5 3/5] drm/i915: Don't unset intel_connector->mst_port

by Lyude Paul

Currently we set intel_connector->mst_port to NULL to signify that the MST port has been removed from the system so that we can prevent further action on the port such as connector probes, mode probing, etc. However, we're going to need access to intel_connector->mst_port in order to fixup ->best_encoder() so that it can always return the correct encoder for an MST port to prevent legacy DPMS prop changes from failing. This should be safe, so instead keep intel_connector->mst_port always set and instead just check the status of drm_connector->regustered to signify whether or not the connector has disappeared from the system. Changes since v2: - Add a comment to mst_port_gone (Jani Nikula) - Change mst_port_gone to a u8 instead of a bool, per the kernel bot. Apparently bool is discouraged in structs these days Changes since v4: - Don't use mst_port_gone at all! Just check if the connector is registered or not - Daniel Vetter Signed-off-by: Lyude Paul <lyude(a)redhat.com> Reviewed-by: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/i915/intel_dp_mst.c | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_dp_mst.c b/drivers/gpu/drm/i915/intel_dp_mst.c index 43db2e9ac575..aa21742d8634 100644 --- a/drivers/gpu/drm/i915/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/intel_dp_mst.c @@ -307,9 +307,8 @@ static int intel_dp_mst_get_ddc_modes(struct drm_connector *connector) struct edid *edid; int ret; - if (!intel_dp) { + if (!READ_ONCE(connector->registered)) return intel_connector_update_modes(connector, NULL); - } edid = drm_dp_mst_get_edid(connector, &intel_dp->mst_mgr, intel_connector->port); ret = intel_connector_update_modes(connector, edid); @@ -324,9 +323,10 @@ intel_dp_mst_detect(struct drm_connector *connector, bool force) struct intel_connector *intel_connector = to_intel_connector(connector); struct intel_dp *intel_dp = intel_connector->mst_port; - if (!intel_dp) + if (!READ_ONCE(connector->registered)) return connector_status_disconnected; - return drm_dp_mst_detect_port(connector, &intel_dp->mst_mgr, intel_connector->port); + return drm_dp_mst_detect_port(connector, &intel_dp->mst_mgr, + intel_connector->port); } static void @@ -366,7 +366,7 @@ intel_dp_mst_mode_valid(struct drm_connector *connector, int bpp = 24; /* MST uses fixed bpp */ int max_rate, mode_rate, max_lanes, max_link_clock; - if (!intel_dp) + if (!READ_ONCE(connector->registered)) return MODE_ERROR; if (mode->flags & DRM_MODE_FLAG_DBLSCAN) @@ -398,7 +398,7 @@ static struct drm_encoder *intel_mst_atomic_best_encoder(struct drm_connector *c struct intel_dp *intel_dp = intel_connector->mst_port; struct intel_crtc *crtc = to_intel_crtc(state->crtc); - if (!intel_dp) + if (!READ_ONCE(connector->registered)) return NULL; return &intel_dp->mst_encoders[crtc->pipe]->base.base; } @@ -499,7 +499,6 @@ static void intel_dp_register_mst_connector(struct drm_connector *connector) static void intel_dp_destroy_mst_connector(struct drm_dp_mst_topology_mgr *mgr, struct drm_connector *connector) { - struct intel_connector *intel_connector = to_intel_connector(connector); struct drm_i915_private *dev_priv = to_i915(connector->dev); DRM_DEBUG_KMS("[CONNECTOR:%d:%s]\n", connector->base.id, connector->name); @@ -508,10 +507,6 @@ static void intel_dp_destroy_mst_connector(struct drm_dp_mst_topology_mgr *mgr, if (dev_priv->fbdev) drm_fb_helper_remove_one_connector(&dev_priv->fbdev->helper, connector); - /* prevent race with the check in ->detect */ - drm_modeset_lock(&connector->dev->mode_config.connection_mutex, NULL); - intel_connector->mst_port = NULL; - drm_modeset_unlock(&connector->dev->mode_config.connection_mutex); drm_connector_put(connector); } -- 2.17.1

6 years, 11 months

1
0
0 0

[PATCH v5 2/5] drm/nouveau: Fix nv50_mstc->best_encoder()

by Lyude Paul

As mentioned in the previous commit, we currently prevent new modesets on recently-removed MST connectors by returning no encoder from our ->best_encoder() callback once the MST port has disappeared. This is wrong however, because it prevents legacy modesetting users from being able to disable CRTCs on MST connectors after the connector's respective topology has disappeared. So, fix this by instead by just always returning a valid encoder. Changes since v2: - Remove usage of atomic MST helper for now, since that got replaced with a much simpler solution Signed-off-by: Lyude Paul <lyude(a)redhat.com> Reviewed-by: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/nouveau/dispnv50/disp.c | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/drivers/gpu/drm/nouveau/dispnv50/disp.c b/drivers/gpu/drm/nouveau/dispnv50/disp.c index 9f32b10c7c29..31b94bc9ec90 100644 --- a/drivers/gpu/drm/nouveau/dispnv50/disp.c +++ b/drivers/gpu/drm/nouveau/dispnv50/disp.c @@ -843,22 +843,16 @@ nv50_mstc_atomic_best_encoder(struct drm_connector *connector, { struct nv50_head *head = nv50_head(connector_state->crtc); struct nv50_mstc *mstc = nv50_mstc(connector); - if (mstc->port) { - struct nv50_mstm *mstm = mstc->mstm; - return &mstm->msto[head->base.index]->encoder; - } - return NULL; + + return &mstc->mstm->msto[head->base.index]->encoder; } static struct drm_encoder * nv50_mstc_best_encoder(struct drm_connector *connector) { struct nv50_mstc *mstc = nv50_mstc(connector); - if (mstc->port) { - struct nv50_mstm *mstm = mstc->mstm; - return &mstm->msto[0]->encoder; - } - return NULL; + + return &mstc->mstm->msto[0]->encoder; } static enum drm_mode_status -- 2.17.1

6 years, 11 months

1
0
0 0

[PATCH v5 1/5] drm/atomic_helper: Disallow new modesets on unregistered connectors

by Lyude Paul

With the exception of modesets which would switch the DPMS state of a connector from on to off, we want to make sure that we disallow all modesets which would result in enabling a new monitor or a new mode configuration on a monitor if the connector for the display in question is no longer registered. This allows us to stop userspace from trying to enable new displays on connectors for an MST topology that were just removed from the system, without preventing userspace from disabling DPMS on those connectors. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Reviewed-by: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/drm_atomic_helper.c | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/drm_atomic_helper.c b/drivers/gpu/drm/drm_atomic_helper.c index 6f66777dca4b..788749021ac9 100644 --- a/drivers/gpu/drm/drm_atomic_helper.c +++ b/drivers/gpu/drm/drm_atomic_helper.c @@ -319,6 +319,26 @@ update_connector_routing(struct drm_atomic_state *state, return 0; } + crtc_state = drm_atomic_get_new_crtc_state(state, + new_connector_state->crtc); + /* + * For compatibility with legacy users, we want to make sure that + * we allow DPMS On->Off modesets on unregistered connectors. Modesets + * which would result in anything else must be considered invalid, to + * avoid turning on new displays on dead connectors. + * + * Since the connector can be unregistered at any point during an + * atomic check or commit, this is racy. But that's OK: all we care + * about is ensuring that userspace can't do anything but shut off the + * display on a connector that was destroyed after it's been notified, + * not before. + */ + if (!READ_ONCE(connector->registered) && crtc_state->active) { + DRM_DEBUG_ATOMIC("[CONNECTOR:%d:%s] is not registered\n", + connector->base.id, connector->name); + return -EINVAL; + } + funcs = connector->helper_private; if (funcs->atomic_best_encoder) @@ -363,7 +383,6 @@ update_connector_routing(struct drm_atomic_state *state, set_best_encoder(state, new_connector_state, new_encoder); - crtc_state = drm_atomic_get_new_crtc_state(state, new_connector_state->crtc); crtc_state->connectors_changed = true; DRM_DEBUG_ATOMIC("[CONNECTOR:%d:%s] using [ENCODER:%d:%s] on [CRTC:%d:%s]\n", -- 2.17.1

6 years, 11 months

1
0
0 0

[PATCH] usbip: vhci_hcd: check port number before using

by Sudip Mukherjee

From: Sudip Mukherjee <sudipm.mukherjee(a)gmail.com> The port number is checked and it just prints an error message but it still continues to use the invalid port. And as a result it accesses memory which is not its resulting in BUG report from KASAN. Reported-by: syzbot+600b03e0cf1b73bb23c4(a)syzkaller.appspotmail.com Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Sudip Mukherjee <sudipm.mukherjee(a)gmail.com> --- drivers/usb/usbip/vhci_hcd.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/usb/usbip/vhci_hcd.c b/drivers/usb/usbip/vhci_hcd.c index d11f3f8dad40..71883aa788ac 100644 --- a/drivers/usb/usbip/vhci_hcd.c +++ b/drivers/usb/usbip/vhci_hcd.c @@ -334,8 +334,10 @@ static int vhci_hub_control(struct usb_hcd *hcd, u16 typeReq, u16 wValue, usbip_dbg_vhci_rh("typeReq %x wValue %x wIndex %x\n", typeReq, wValue, wIndex); - if (wIndex > VHCI_HC_PORTS) + if (wIndex > VHCI_HC_PORTS) { pr_err("invalid port number %d\n", wIndex); + return -ENODEV; + } rhport = wIndex - 1; vhci_hcd = hcd_to_vhci_hcd(hcd); -- 2.11.0

6 years, 11 months

2
3
0 0

[PATCH 4.18 000/228] 4.18.12-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.18.12 release. There are 228 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu Oct 4 13:24:08 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.18.12-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.18.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.18.12-rc1 Michael Bringmann <mwb(a)linux.vnet.ibm.com> powerpc/pseries: Fix unitialized timer reset on migration Thiago Jung Bauermann <bauerman(a)linux.ibm.com> powerpc/pkeys: Fix reading of ibm, processor-storage-keys property Christophe Leroy <christophe.leroy(a)c-s.fr> powerpc: fix csum_ipv6_magic() on little endian platforms Michael Neuling <mikey(a)neuling.org> KVM: PPC: Book3S HV: Fix guest r11 corruption with POWER9 TM workarounds Randy Dunlap <rdunlap(a)infradead.org> x86/pti: Fix section mismatch warning/error Akshu Agrawal <akshu.agrawal(a)amd.com> clk: x86: Set default parent to 48Mhz Mika Westerberg <mika.westerberg(a)linux.intel.com> i2c: i801: Allow ACPI AML access I/O ports not reserved for SMBus Marc Zyngier <marc.zyngier(a)arm.com> arm/arm64: smccc-1.1: Handle function result as parameters Marc Zyngier <marc.zyngier(a)arm.com> arm/arm64: smccc-1.1: Make return values unsigned long Emily Deng <Emily.Deng(a)amd.com> drm/amdgpu: Need to set moved to true when evict bo Tony Lindgren <tony(a)atomide.com> ARM: dts: omap4-droid4: Fix emmc errors seen on some devices James Smart <jsmart2021(a)gmail.com> nvme-fcloop: Fix dropped LS's to removed target port Linus Walleij <linus.walleij(a)linaro.org> ata: ftide010: Add a quirk for SQ201 Rex Zhu <Rex.Zhu(a)amd.com> drm/amdgpu: Update power state at the end of smu hw_init. Rex Zhu <Rex.Zhu(a)amd.com> drm/amdgpu: Enable/disable gfx PG feature in rlc safe mode Leonard Crestez <leonard.crestez(a)nxp.com> Revert "ARM: dts: imx7d: Invert legacy PCI irq mapping" Dan Carpenter <dan.carpenter(a)oracle.com> hwmon: (adt7475) Make adt7475_read_word() return errors Lothar Felten <lothar.felten(a)gmail.com> hwmon: (ina2xx) fix sysfs shunt resistor read access Srikanth Jampala <Jampala.Srikanth(a)cavium.com> crypto: cavium/nitrox - fix for command corruption in queue full case with backlog submissions. Ganesh Goudar <ganeshgr(a)chelsio.com> crypto: chtls - fix null dereference chtls_free_uld() Jacob Keller <jacob.e.keller(a)intel.com> i40e: fix condition of WARN_ONCE for stat strings Martyna Szapar <martyna.szapar(a)intel.com> i40e: Fix for Tx timeouts when interface is brought up if DCB is enabled Sebastian Basierski <sebastianx.basierski(a)intel.com> ixgbe: fix driver behaviour after issuing VFLR Bo Chen <chenbo(a)pdx.edu> e1000: ensure to free old tx/rx rings in set_ringparam() Bo Chen <chenbo(a)pdx.edu> e1000: check on netif_running() before calling e1000_up() Jesse Brandeburg <jesse.brandeburg(a)intel.com> ice: Fix potential return of uninitialized value Anirudh Venkataramanan <anirudh.venkataramanan(a)intel.com> ice: Fix a few null pointer dereference issues Quentin Monnet <quentin.monnet(a)netronome.com> tools: bpftool: return from do_event_pipe() on bad arguments Brett Creeley <brett.creeley(a)intel.com> ice: Set VLAN flags correctly Jacob Keller <jacob.e.keller(a)intel.com> ice: Use order_base_2 to calculate higher power of 2 Anirudh Venkataramanan <anirudh.venkataramanan(a)intel.com> ice: Fix bugs in control queue processing Preethi Banala <preethi.banala(a)intel.com> ice: Clean control queues only when they are initialized Jacob Keller <jacob.e.keller(a)intel.com> ice: Report stats for allocated queues via ethtool stats Anirudh Venkataramanan <anirudh.venkataramanan(a)intel.com> ice: Fix multiple static analyser warnings Huazhong Tan <tanhuazhong(a)huawei.com> net: hns3: fix page_offset overflow when CONFIG_ARM64_64K_PAGES Huazhong Tan <tanhuazhong(a)huawei.com> net: hns: fix skb->truesize underestimation Huazhong Tan <tanhuazhong(a)huawei.com> net: hns: fix length and page_offset overflow when CONFIG_ARM64_64K_PAGES Kevin Yang <yyd(a)google.com> tcp_bbr: in restart from idle, see if we should exit PROBE_RTT Kevin Yang <yyd(a)google.com> tcp_bbr: add bbr_check_probe_rtt_done() helper Samuel Mendoza-Jonas <sam(a)mendozajonas.com> net/ncsi: Fixup .dumpit message flags and ID check in Netlink handler Emily Deng <Emily.Deng(a)amd.com> amdgpu: fix multi-process hang issue Christian König <christian.koenig(a)amd.com> drm/amdgpu: fix preamble handling Christian König <christian.koenig(a)amd.com> drm/amdgpu: fix VM clearing for the root PD John Fastabend <john.fastabend(a)gmail.com> bpf: sockmap: write_space events need to be passed to TCP handler John Fastabend <john.fastabend(a)gmail.com> tls: possible hang when do_tcp_sendpages hits sndbuf is full case Daniel Borkmann <daniel(a)iogearbox.net> bpf, sockmap: fix sock hash count in alloc_sock_hash_elem Daniel Borkmann <daniel(a)iogearbox.net> bpf, sockmap: fix sock_hash_alloc and reject zero-sized keys Pavel Machek <pavel(a)ucw.cz> ARM: dts: omap4-droid4: fix vibrations on Droid 4 Tony Lindgren <tony(a)atomide.com> bus: ti-sysc: Fix no_console_suspend handling Ludovic Desroches <ludovic.desroches(a)microchip.com> mmc: android-goldfish: fix bad logic of sg_copy_{from,to}_buffer conversion Ludovic Desroches <ludovic.desroches(a)microchip.com> mmc: atmel-mci: fix bad logic of sg_copy_{from,to}_buffer conversion Eric Sandeen <sandeen(a)redhat.com> isofs: reject hardware sector size > 2048 bytes Anson Huang <Anson.Huang(a)nxp.com> thermal: of-thermal: disable passive polling when thermal zone is disabled Tomer Tayar <Tomer.Tayar(a)cavium.com> qed: Avoid sending mailbox commands when MFW is not responsive Tomer Tayar <Tomer.Tayar(a)cavium.com> qed: Prevent a possible deadlock during driver load and unload Tomer Tayar <Tomer.Tayar(a)cavium.com> qed: Wait for MCP halt and resume commands to take place Tomer Tayar <Tomer.Tayar(a)cavium.com> qed: Wait for ready indication before rereading the shmem Tony Lindgren <tony(a)atomide.com> bus: ti-sysc: Fix module register ioremap for larger offsets Tony Lindgren <tony(a)atomide.com> ARM: OMAP2+: Fix module address for modules using mpu_rt_idx Tony Lindgren <tony(a)atomide.com> ARM: OMAP2+: Fix null hwmod for ti-sysc debug Dave Martin <Dave.Martin(a)arm.com> arm64: KVM: Tighten guest core register access from userspace Steve Wise <swise(a)opengridcomputing.com> RDMA/uverbs: Atomically flush and mark closed the comp event queue Mika Westerberg <mika.westerberg(a)linux.intel.com> ACPI / hotplug / PCI: Don't scan for non-hotplug bridges if slot is not bridge Michael J. Ruhl <michael.j.ruhl(a)intel.com> IB/hfi1: Fix destroy_qp hang after a link down Michael J. Ruhl <michael.j.ruhl(a)intel.com> IB/hfi1: Fix context recovery when PBC has an UnsupportedVL Michael J. Ruhl <michael.j.ruhl(a)intel.com> IB/hfi1: Invalid user input can result in crash Ira Weiny <ira.weiny(a)intel.com> IB/hfi1: Fix SL array bounds check Bart Van Assche <bvanassche(a)acm.org> IB/srp: Avoid that sg_reset -d ${srp_device} triggers an infinite loop Aaron Ma <aaron.ma(a)canonical.com> Input: elantech - enable middle button of touchpad on ThinkPad P72 Matthew Wilcox <willy(a)infradead.org> filesystem-dax: Fix use of zero page Toshi Kani <toshi.kani(a)hpe.com> ext2, dax: set ext2_dax_aops for dax files Dave Jiang <dave.jiang(a)intel.com> uaccess: Fix is_source param for check_copy_size() in copy_to_iter_mcsafe() Alan Stern <stern(a)rowland.harvard.edu> USB: remove LPM management from usb_driver_claim_interface() Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> Revert "usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt()" Oliver Neukum <oneukum(a)suse.com> USB: usbdevfs: restore warning for nonsensical flags Oliver Neukum <oneukum(a)suse.com> USB: usbdevfs: sanitize flags more Bin Liu <b-liu(a)ti.com> usb: musb: dsps: do not disable CPPI41 irq in driver teardown Harry Pan <harry.pan(a)intel.com> usb: core: safely deal with the dynamic quirk lists Heikki Krogerus <heikki.krogerus(a)linux.intel.com> usb: roles: Take care of driver module reference counting Alan Stern <stern(a)rowland.harvard.edu> USB: handle NULL config in usb_find_alt_setting() Alan Stern <stern(a)rowland.harvard.edu> USB: fix error handling in usb_driver_claim_interface() Marek Szyprowski <m.szyprowski(a)samsung.com> regulator: Fix 'do-nothing' value for regulators without suspend state Yu Zhao <yuzhao(a)google.com> regulator: fix crash caused by null driver data Geert Uytterhoeven <geert+renesas(a)glider.be> spi: rspi: Fix interrupted DMA transfers Geert Uytterhoeven <geert+renesas(a)glider.be> spi: rspi: Fix invalid SPI use during system suspend Hiromitsu Yamasaki <hiromitsu.yamasaki.ym(a)renesas.com> spi: sh-msiof: Fix handling of write value for SISTR register Gaku Inami <gaku.inami.xw(a)bp.renesas.com> spi: sh-msiof: Fix invalid SPI use during system suspend Marcel Ziswiler <marcel.ziswiler(a)toradex.com> spi: tegra20-slink: explicitly enable/disable clock Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: Fix resource handling for ACPI glue layer Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: Fix device removal logic Christophe Leroy <christophe.leroy(a)c-s.fr> serial: cpm_uart: return immediately from console poll Jan Kiszka <jan.kiszka(a)siemens.com> serial: mvebu-uart: Fix reporting of effective CSIZE to userspace Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> serial: imx: restore handshaking irq for imx1 Stefan Agner <stefan(a)agner.ch> tty: serial: lpuart: avoid leaking struct tty_struct Feng Tang <feng.tang(a)intel.com> x86/mm: Expand static page table for fixmap space Damien Le Moal <damien.lemoal(a)wdc.com> block: fix deadline elevator drain for zoned block devices Andy Whitcroft <apw(a)canonical.com> floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl Dmitry Osipenko <digetx(a)gmail.com> gpio: tegra: Fix tegra_gpio_irq_set_type() Sandipan Das <sandipan(a)linux.ibm.com> perf tests: Fix indexing when invoking subtests Maxime Ripard <maxime.ripard(a)bootlin.com> drm/vc4: plane: Expand the lower bits by repeating the higher bits Kevin Hilman <khilman(a)baylibre.com> ARM: dts: dra7: fix DCAN node addresses Eric Anholt <eric(a)anholt.net> drm/vc4: Add missing formats to vc4_format_mod_supported(). William Breathitt Gray <vilhelm.gray(a)gmail.com> iio: 104-quad-8: Fix off-by-one error in register selection Oleksandr Andrushchenko <oleksandr_andrushchenko(a)epam.com> Input: xen-kbdfront - fix multi-touch XenStore node's locations Colin Ian King <colin.king(a)canonical.com> ath10k: fix memory leak of tpc_stats Konstantin Khorenko <khorenko(a)virtuozzo.com> fs/lock: skip lock owner pid translation in case we are in init_pid_ns Brian Norris <briannorris(a)chromium.org> ath10k: snoc: use correct bus-specific pointer in RX retry YueHaibing <yuehaibing(a)huawei.com> ath10k: fix incorrect size of dma_free_coherent in ath10k_ce_alloc_src_ring_64 Hugo Lefeuvre <hle(a)owl.eu.com> staging: pi433: fix race condition in pi433_ioctl Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> EDAC, altera: Fix an error handling path in altr_s10_sdram_probe() Johan Hovold <johan(a)kernel.org> EDAC: Fix memleak in module init error path J. Bruce Fields <bfields(a)redhat.com> nfsd: fix corrupted reply to badly ordered compound Nadav Amit <namit(a)vmware.com> gpio: Fix wrong rounding in gpio-menz127 Jessica Yu <jeyu(a)kernel.org> module: exclude SHN_UNDEF symbols from kallsyms api Liam Girdwood <liam.r.girdwood(a)linux.intel.com> ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs Johan Hovold <johan(a)kernel.org> EDAC, i7core: Fix memleaks and use-after-free on probe and remove Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: rsnd: SSI parent cares SWSP bit Geert Uytterhoeven <geert(a)linux-m68k.org> ASoC: rt1305: Use ULL suffixes for 64-bit constants Hans de Goede <hdegoede(a)redhat.com> ASoC: Intel: bytcr_rt5640: Fix Acer Iconia 8 over-current detect threshold Shivasharan S <shivasharan.srikanteshwara(a)broadcom.com> scsi: megaraid_sas: Update controller info during resume Jan Kundrát <jan.kundrat(a)cesnet.cz> spi: orion: fix CS GPIO handling again Xiaofei Tan <tanxiaofei(a)huawei.com> scsi: hisi_sas: Fix the conflict between dev gone and host reset Andreas Gruenbacher <agruenba(a)redhat.com> iomap: complete partial direct I/O writes synchronously Zhouyang Jia <jiazhouyang09(a)gmail.com> scsi: bnx2i: add error handling for ioremap_nocache Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel/lbr: Fix incomplete LBR call stack Eric Anholt <eric(a)anholt.net> drm/v3d: Take a lock across GPU scheduler job creation and queuing. Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> arm64: dts: renesas: Fix VSPD registers range Masahiro Yamada <yamada.masahiro(a)socionext.com> MIPS: boot: fix build rule of vmlinux.its.S Stephen Boyd <swboyd(a)chromium.org> HID: i2c-hid: Use devm to allocate i2c_hid struct Zhouyang Jia <jiazhouyang09(a)gmail.com> HID: hid-ntrig: add error handling for sysfs_create_group Viresh Kumar <viresh.kumar(a)linaro.org> arm: dts: mediatek: Add missing cooling device properties for CPUs Frederic Weisbecker <frederic(a)kernel.org> perf/hw_breakpoint: Split attribute parse and commit Randy Dunlap <rdunlap(a)infradead.org> Documentation/process: fix reST table border error Leon Romanovsky <leon(a)kernel.org> RDMA/uverbs: Don't overwrite NULL pointer with ZERO_SIZE_PTR Ethan Tuttle <ethan(a)ethantuttle.com> ARM: mvebu: declare asm symbols as character arrays in pmsu.c Daniel Vetter <daniel.vetter(a)ffwll.ch> drm/omap: gem: Fix mm_list locking Tony Lindgren <tony(a)atomide.com> wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout() Johannes Berg <johannes(a)sipsolutions.net> bitfield: fix *_encode_bits() Stefan Agner <stefan(a)agner.ch> brcmsmac: fix wrap around in conversion from constant to s16 Dan Carpenter <dan.carpenter(a)oracle.com> rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication() Lorenzo Bianconi <lorenzo.bianconi(a)redhat.com> mt76x2: fix mrr idx/count estimation in mt76x2_mac_fill_tx_status() Niklas Cassel <niklas.cassel(a)linaro.org> ath10k: transmit queued frames after processing rx packets Jernej Skrabec <jernej.skrabec(a)siol.net> drm/sun4i: Fix releasing node when enumerating enpoints Brandon Maier <brandon.maier(a)rockwellcollins.com> net: phy: xgmiitorgmii: Check phy_driver ready before accessing Jernej Skrabec <jernej.skrabec(a)siol.net> drm/sun4i: Enable DW HDMI PHY clock Ben Greear <greearb(a)candelatech.com> ath10k: protect ath10k_htt_rx_ring_free with rx_ring.lock Brandon Maier <brandon.maier(a)rockwellcollins.com> net: phy: xgmiitorgmii: Check read_status results Kai-Heng Feng <kai.heng.feng(a)canonical.com> ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge Dan Carpenter <dan.carpenter(a)oracle.com> ASoC: qdsp6: qdafe: fix some off by one bugs Zhouyang Jia <jiazhouyang09(a)gmail.com> media: tm6000: add error handling for dvb_register_adapter Rosen Penev <rosenp(a)gmail.com> staging: mt7621-dts: Fix remaining pcie warnings Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> serial: pxa: Fix an error handling path in 'serial_pxa_probe()' Geert Uytterhoeven <geert+renesas(a)glider.be> arm64: dts: renesas: salvator-common: Fix adv7482 decimal unit addresses Zhouyang Jia <jiazhouyang09(a)gmail.com> drivers/tty: add error handling for pcmcia_loop_config Kamal Heib <kamalheib1(a)gmail.com> staging: mt7621-eth: Fix memory leak in mtk_add_mac() error path Akinobu Mita <akinobu.mita(a)gmail.com> media: ov772x: allow i2c controllers without I2C_FUNC_PROTOCOL_MANGLING Alistair Strachan <astrachan(a)google.com> staging: android: ashmem: Fix mmap size validation Akinobu Mita <akinobu.mita(a)gmail.com> media: ov772x: add checks for register read errors Javier Martinez Canillas <javierm(a)redhat.com> media: omap3isp: zero-initialize the isp cam_xclk{a,b} initial data Akinobu Mita <akinobu.mita(a)gmail.com> media: soc_camera: ov772x: correct setting of banding filter Akinobu Mita <akinobu.mita(a)gmail.com> media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power Bob Copeland <me(a)bobcopeland.com> ath10k: use locked skb_dequeue for rx completions Petr Machata <petrm(a)mellanox.com> selftests: forwarding: Tweak tc filters for mirror-to-gretap tests Nicholas Mc Guire <hofrat(a)osadl.org> ALSA: snd-aoa: add of_node_put() in error path Thomas Gleixner <tglx(a)linutronix.de> posix-timers: Sanitize overrun handling Thomas Gleixner <tglx(a)linutronix.de> posix-timers: Make forward callback return s64 Akinobu Mita <akinobu.mita(a)gmail.com> iio: accel: adxl345: convert address field usage in iio_chan_spec Peter Rosin <peda(a)axentia.se> mtd: rawnand: atmel: add module param to avoid using dma Vasily Gorbik <gor(a)linux.ibm.com> s390/extmem: fix gcc 8 stringop-overflow warning Vasily Gorbik <gor(a)linux.ibm.com> s390/scm_blk: correct numa_node in scm_blk_dev_setup Vasily Gorbik <gor(a)linux.ibm.com> s390/dasd: correct numa_node in dasd_alloc_queue Thomas Gleixner <tglx(a)linutronix.de> alarmtimer: Prevent overflow for relative nanosleep Heiko Carstens <heiko.carstens(a)de.ibm.com> s390/sysinfo: add missing #ifdef CONFIG_PROC_FS Ravi Chandra Sadineni <ravisadineni(a)chromium.org> ACPI / button: increment wakeup count only when notified João Paulo Rechi Vita <jprvita(a)endlessm.com> platform/x86: asus-wireless: Fix uninitialized symbol usage Alexey Kardashevskiy <aik(a)ozlabs.ru> powerpc/powernv/ioda2: Reduce upper limit for DMA window size Alagu Sankar <alagusankar(a)silex-india.com> ath10k: sdio: set skb len for all rx packets Alagu Sankar <alagusankar(a)silex-india.com> ath10k: sdio: use same endpoint id for all packets in a bundle Julia Lawall <Julia.Lawall(a)lip6.fr> usb: wusbcore: security: cast sizeof to int for comparison Bart Van Assche <bart.vanassche(a)wdc.com> scsi: target: Avoid that EXTENDED COPY commands trigger lock inversion Breno Leitao <leitao(a)debian.org> scsi: ibmvscsi: Improve strings handling Bart Van Assche <bart.vanassche(a)wdc.com> scsi: klist: Make it safe to use klists in atomic context Jean-Christophe Dubois <jcd(a)tribudubois.net> thermal: i.MX: Allow thermal probe to fail gracefully in case of bad calibration. Bart Van Assche <bart.vanassche(a)wdc.com> scsi: target/iscsi: Make iscsit_ta_authentication() respect the output buffer size Viresh Kumar <viresh.kumar(a)linaro.org> ARM: dts: ls1021a: Add missing cooling device properties for CPUs Jan Beulich <JBeulich(a)suse.com> x86/entry/64: Add two more instruction suffixes Dave Gerlach <d-gerlach(a)ti.com> ARM: hwmod: RTC: Don't assume lock/unlock will be called with irq enabled Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> x86/tsc: Add missing header to tsc_msr.c Bart Van Assche <bart.vanassche(a)wdc.com> include/rdma/opa_addr.h: Fix an endianness issue Maor Gottlieb <maorg(a)mellanox.com> IB/mlx5: Fix GRE flow specification Peter Seiderer <ps.report(a)gmx.net> media: staging/imx: fill vb2_v4l2_buffer field entry Toshiaki Makita <makita.toshiaki(a)lab.ntt.co.jp> vhost_net: Avoid tx vring kicks during busyloop Alexey Khoroshilov <khoroshilov(a)ispras.ru> media: fsl-viu: fix error handling in viu_of_probe() Hari Bathini <hbathini(a)linux.ibm.com> powerpc/kdump: Handle crashkernel memory reservation failure Tarick Bedeir <tarick(a)google.com> IB/mlx4: Test port number before querying type. Sylwester Nawrocki <s.nawrocki(a)samsung.com> media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt() Dan Carpenter <dan.carpenter(a)oracle.com> IB/core: type promotion bug in rdma_rw_init_one_mr() Dan Carpenter <dan.carpenter(a)oracle.com> RDMA/bnxt_re: Fix a bunch of off by one bugs in qplib_fp.c Leon Romanovsky <leon(a)kernel.org> RDMA/i40w: Hold read semaphore while looking after VMA Dan Carpenter <dan.carpenter(a)oracle.com> RDMA/bnxt_re: Fix a couple off by one bugs Ganesh Goudar <ganeshgr(a)chelsio.com> cxgb4: Fix the condition to check if the card is T5 Guoqing Jiang <gqjiang(a)suse.com> md-cluster: clear another node's suspend_area after the copy is finished Wesley Chalmers <Wesley.Chalmers(a)amd.com> drm/amd/display: fix use of uninitialized memory Gustavo A. R. Silva <gustavo(a)embeddedor.com> drm/amd/display/dc/dce: Fix multiple potential integer overflows Benjamin Tissoires <benjamin.tissoires(a)redhat.com> power: remove possible deadlock when unregistering power_supply Vasily Gorbik <gor(a)linux.ibm.com> s390/mm: correct allocate_pgste proc_handler callback Niklas Cassel <niklas.cassel(a)linaro.org> iommu/msm: Don't call iommu_device_{,un}link from atomic context Michael Scott <michael(a)opensourcefoundries.com> 6lowpan: iphc: reset mac_header after decompress to fix panic Johan Hovold <johan(a)kernel.org> USB: serial: kobil_sct: fix modem-status error handling Jian-Hong Pan <jian-hong(a)endlessm.com> Bluetooth: Add a new Realtek 8723DE ID 0bda:b009 Zhen Lei <thunder.leizhen(a)huawei.com> iommu/amd: make sure TLB to be flushed before IOVA freed Sudeep Holla <sudeep.holla(a)arm.com> power: vexpress: fix corruption in notifier registration Anton Vasilyev <vasilyev(a)ispras.ru> uwb: hwa-rc: fix memory leak at probe Geert Uytterhoeven <geert+renesas(a)glider.be> serial: sh-sci: Stop RX FIFO timer during port shutdown Johan Hovold <johan(a)kernel.org> misc: sram: enable clock before registering regions Hans de Goede <hdegoede(a)redhat.com> power: supply: axp288_charger: Fix initial constant_charge_current value Colin Ian King <colin.king(a)canonical.com> staging: rts5208: fix missing error check on call to rtsx_write_register Dan Williams <dan.j.williams(a)intel.com> x86/numa_emulation: Fix emulated-to-physical node mapping Yunsheng Lin <linyunsheng(a)huawei.com> net: hns3: Fix get_vector ops in hclgevf_main module Yunsheng Lin <linyunsheng(a)huawei.com> net: hns3: Fix warning bug when doing lp selftest Yunsheng Lin <linyunsheng(a)huawei.com> net: hns3: Fix for mac pause not disable in pfc mode Fuyun Liang <liangfuyun1(a)huawei.com> net: hns3: Fix for mailbox message truncated problem Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> siox: don't create a thread without starting it Dan Carpenter <dan.carpenter(a)oracle.com> vmci: type promotion bug in qp_host_get_user_memory() Wei Yongjun <weiyongjun1(a)huawei.com> misc: ibmvmc: Use GFP_ATOMIC under spin lock Matt Ranostay <matt.ranostay(a)konsulko.com> tsl2550: fix lux1_input error in low light Akinobu Mita <akinobu.mita(a)gmail.com> iio: adc: ina2xx: avoid kthread_stop() with stale task_struct Stafford Horne <shorne(a)gmail.com> crypto: skcipher - Fix -Wstringop-truncation warnings ------------- Diffstat: Documentation/hwmon/ina2xx | 2 +- Documentation/process/2.Process.rst | 2 +- Makefile | 4 +- arch/arm/boot/dts/dra7.dtsi | 4 +- arch/arm/boot/dts/imx7d.dtsi | 12 +- arch/arm/boot/dts/ls1021a.dtsi | 1 + arch/arm/boot/dts/mt7623.dtsi | 3 + arch/arm/boot/dts/omap4-droid4-xt894.dts | 20 +-- arch/arm/mach-mvebu/pmsu.c | 6 +- arch/arm/mach-omap2/omap_hwmod.c | 39 ++++- arch/arm/mach-omap2/omap_hwmod_reset.c | 12 +- arch/arm64/boot/dts/renesas/r8a7795-es1.dtsi | 2 +- arch/arm64/boot/dts/renesas/r8a7795.dtsi | 6 +- arch/arm64/boot/dts/renesas/r8a7796.dtsi | 6 +- arch/arm64/boot/dts/renesas/r8a77965.dtsi | 4 +- arch/arm64/boot/dts/renesas/r8a77970.dtsi | 2 +- arch/arm64/boot/dts/renesas/r8a77995.dtsi | 4 +- arch/arm64/boot/dts/renesas/salvator-common.dtsi | 4 +- arch/arm64/kvm/guest.c | 45 +++++ arch/mips/boot/Makefile | 6 +- arch/powerpc/kernel/exceptions-64s.S | 4 +- arch/powerpc/kernel/machine_kexec.c | 7 +- arch/powerpc/lib/checksum_64.S | 3 + arch/powerpc/mm/numa.c | 3 +- arch/powerpc/mm/pkeys.c | 2 +- arch/powerpc/platforms/powernv/pci-ioda.c | 2 +- arch/s390/kernel/sysinfo.c | 4 + arch/s390/mm/extmem.c | 4 +- arch/s390/mm/pgalloc.c | 2 +- arch/x86/entry/entry_64.S | 4 +- arch/x86/events/intel/lbr.c | 32 +++- arch/x86/events/perf_event.h | 1 + arch/x86/include/asm/fixmap.h | 10 ++ arch/x86/include/asm/pgtable_64.h | 3 +- arch/x86/kernel/head64.c | 4 +- arch/x86/kernel/head_64.S | 16 +- arch/x86/kernel/tsc_msr.c | 1 + arch/x86/mm/numa_emulation.c | 2 +- arch/x86/mm/pgtable.c | 9 + arch/x86/mm/pti.c | 2 +- arch/x86/xen/mmu_pv.c | 8 +- block/elevator.c | 2 +- crypto/ablkcipher.c | 2 + crypto/blkcipher.c | 1 + drivers/acpi/button.c | 13 +- drivers/ata/pata_ftide010.c | 27 +-- drivers/block/floppy.c | 3 + drivers/bluetooth/btusb.c | 1 + drivers/bus/ti-sysc.c | 37 ++-- drivers/clk/x86/clk-st.c | 2 +- drivers/crypto/cavium/nitrox/nitrox_dev.h | 3 +- drivers/crypto/cavium/nitrox/nitrox_lib.c | 1 + drivers/crypto/cavium/nitrox/nitrox_reqmgr.c | 57 ++++--- drivers/crypto/chelsio/chtls/chtls.h | 5 + drivers/crypto/chelsio/chtls/chtls_main.c | 7 +- drivers/edac/altera_edac.c | 3 +- drivers/edac/edac_mc_sysfs.c | 6 +- drivers/edac/i7core_edac.c | 22 ++- drivers/gpio/gpio-menz127.c | 4 +- drivers/gpio/gpio-tegra.c | 15 +- drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 16 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ib.c | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 3 +- drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c | 11 +- drivers/gpu/drm/amd/amdgpu/kv_dpm.c | 4 +- drivers/gpu/drm/amd/amdgpu/si_dpm.c | 3 +- .../gpu/drm/amd/display/dc/dce/dce_clock_source.c | 10 +- .../amd/display/dc/dml/dml1_display_rq_dlg_calc.c | 2 + drivers/gpu/drm/omapdrm/omap_debugfs.c | 2 + drivers/gpu/drm/omapdrm/omap_drv.c | 2 +- drivers/gpu/drm/omapdrm/omap_drv.h | 2 +- drivers/gpu/drm/omapdrm/omap_gem.c | 15 +- drivers/gpu/drm/sun4i/sun4i_drv.c | 3 +- drivers/gpu/drm/sun4i/sun8i_hdmi_phy.c | 7 +- drivers/gpu/drm/v3d/v3d_drv.h | 5 + drivers/gpu/drm/v3d/v3d_gem.c | 4 + drivers/gpu/drm/vc4/vc4_plane.c | 3 + drivers/hid/hid-ntrig.c | 2 + drivers/hid/i2c-hid/i2c-hid.c | 9 +- drivers/hwmon/adt7475.c | 14 +- drivers/hwmon/ina2xx.c | 13 +- drivers/hwtracing/intel_th/core.c | 16 +- drivers/i2c/busses/i2c-i801.c | 9 +- drivers/iio/accel/adxl345_core.c | 21 ++- drivers/iio/adc/ina2xx-adc.c | 17 +- drivers/iio/counter/104-quad-8.c | 2 +- drivers/infiniband/core/rw.c | 2 +- drivers/infiniband/core/uverbs_cmd.c | 5 +- drivers/infiniband/core/uverbs_main.c | 1 + drivers/infiniband/hw/bnxt_re/qplib_fp.c | 12 +- drivers/infiniband/hw/bnxt_re/qplib_sp.c | 4 +- drivers/infiniband/hw/hfi1/chip.c | 6 +- drivers/infiniband/hw/hfi1/pio.c | 51 ++++-- drivers/infiniband/hw/hfi1/pio.h | 2 + drivers/infiniband/hw/hfi1/user_sdma.c | 2 +- drivers/infiniband/hw/hfi1/verbs.c | 8 +- drivers/infiniband/hw/i40iw/i40iw_verbs.c | 2 + drivers/infiniband/hw/mlx4/qp.c | 2 +- drivers/infiniband/hw/mlx5/main.c | 2 +- drivers/infiniband/ulp/srp/ib_srp.c | 6 +- drivers/input/misc/xen-kbdfront.c | 8 +- drivers/input/mouse/elantech.c | 2 + drivers/iommu/amd_iommu.c | 2 +- drivers/iommu/msm_iommu.c | 16 +- drivers/md/md-cluster.c | 19 ++- drivers/media/i2c/ov772x.c | 40 +++-- drivers/media/i2c/soc_camera/ov772x.c | 2 +- drivers/media/platform/exynos4-is/fimc-isp-video.c | 11 +- drivers/media/platform/fsl-viu.c | 38 +++-- drivers/media/platform/omap3isp/isp.c | 2 +- drivers/media/platform/s3c-camif/camif-capture.c | 2 + drivers/media/usb/tm6000/tm6000-dvb.c | 5 + drivers/misc/ibmvmc.c | 2 +- drivers/misc/sram.c | 13 +- drivers/misc/tsl2550.c | 2 +- drivers/misc/vmw_vmci/vmci_queue_pair.c | 4 +- drivers/mmc/host/android-goldfish.c | 4 +- drivers/mmc/host/atmel-mci.c | 12 +- drivers/mtd/nand/raw/atmel/nand-controller.c | 7 +- drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 2 +- drivers/net/ethernet/hisilicon/hns/hnae.h | 6 +- drivers/net/ethernet/hisilicon/hns/hns_enet.c | 2 +- drivers/net/ethernet/hisilicon/hns3/hns3_enet.h | 6 +- drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c | 2 + .../net/ethernet/hisilicon/hns3/hns3pf/hclge_tm.c | 9 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 11 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_mbx.c | 3 +- drivers/net/ethernet/intel/e1000/e1000_ethtool.c | 7 +- drivers/net/ethernet/intel/i40e/i40e_ethtool.c | 2 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 15 +- drivers/net/ethernet/intel/ice/ice.h | 7 + drivers/net/ethernet/intel/ice/ice_adminq_cmd.h | 25 +-- drivers/net/ethernet/intel/ice/ice_common.c | 27 +-- drivers/net/ethernet/intel/ice/ice_controlq.c | 29 +++- drivers/net/ethernet/intel/ice/ice_ethtool.c | 52 ++++-- drivers/net/ethernet/intel/ice/ice_main.c | 98 ++++++----- drivers/net/ethernet/intel/ice/ice_switch.c | 4 +- drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 26 +++ drivers/net/ethernet/intel/ixgbe/ixgbe_type.h | 1 + drivers/net/ethernet/qlogic/qed/qed_mcp.c | 187 +++++++++++++++++---- drivers/net/ethernet/qlogic/qed/qed_mcp.h | 27 ++- drivers/net/ethernet/qlogic/qed/qed_reg_addr.h | 2 + drivers/net/phy/xilinx_gmii2rgmii.c | 10 +- drivers/net/wireless/ath/ath10k/ce.c | 2 +- drivers/net/wireless/ath/ath10k/htt_rx.c | 13 +- drivers/net/wireless/ath/ath10k/mac.c | 1 + drivers/net/wireless/ath/ath10k/sdio.c | 9 +- drivers/net/wireless/ath/ath10k/snoc.c | 2 +- drivers/net/wireless/ath/ath10k/wmi.c | 8 +- .../broadcom/brcm80211/brcmsmac/phy/phy_qmath.c | 2 +- drivers/net/wireless/mediatek/mt76/mt76x2_mac.c | 6 +- drivers/net/wireless/rndis_wlan.c | 2 + drivers/net/wireless/ti/wlcore/cmd.c | 6 + drivers/nvme/target/fcloop.c | 3 +- drivers/pci/hotplug/acpiphp_glue.c | 11 +- drivers/platform/x86/asus-wireless.c | 23 +-- drivers/power/reset/vexpress-poweroff.c | 12 +- drivers/power/supply/axp288_charger.c | 2 +- drivers/power/supply/power_supply_core.c | 11 +- drivers/regulator/core.c | 4 +- drivers/regulator/of_regulator.c | 2 - drivers/s390/block/dasd.c | 1 + drivers/s390/block/scm_blk.c | 1 + drivers/scsi/bnx2i/bnx2i_hwi.c | 2 + drivers/scsi/hisi_sas/hisi_sas.h | 1 + drivers/scsi/hisi_sas/hisi_sas_main.c | 6 + drivers/scsi/ibmvscsi/ibmvscsi.c | 4 +- drivers/scsi/megaraid/megaraid_sas_base.c | 3 + drivers/siox/siox-core.c | 10 +- drivers/spi/spi-orion.c | 77 +++++---- drivers/spi/spi-rspi.c | 34 +++- drivers/spi/spi-sh-msiof.c | 28 ++- drivers/spi/spi-tegra20-slink.c | 31 +++- drivers/staging/android/ashmem.c | 6 + drivers/staging/media/imx/imx-ic-prpencvf.c | 1 + drivers/staging/media/imx/imx-media-csi.c | 1 + drivers/staging/mt7621-dts/gbpc1.dts | 2 + drivers/staging/mt7621-dts/mt7621.dtsi | 21 +-- drivers/staging/mt7621-eth/mtk_eth_soc.c | 13 +- drivers/staging/pi433/pi433_if.c | 7 +- drivers/staging/rts5208/sd.c | 2 +- drivers/target/iscsi/iscsi_target_tpg.c | 3 +- drivers/target/target_core_device.c | 22 ++- drivers/thermal/imx_thermal.c | 5 +- drivers/thermal/of-thermal.c | 7 +- drivers/tty/serial/8250/serial_cs.c | 6 +- drivers/tty/serial/cpm_uart/cpm_uart_core.c | 10 +- drivers/tty/serial/fsl_lpuart.c | 3 +- drivers/tty/serial/imx.c | 8 + drivers/tty/serial/mvebu-uart.c | 1 + drivers/tty/serial/pxa.c | 3 +- drivers/tty/serial/sh-sci.c | 2 + drivers/usb/class/cdc-wdm.c | 2 +- drivers/usb/common/roles.c | 15 +- drivers/usb/core/devio.c | 24 ++- drivers/usb/core/driver.c | 28 +-- drivers/usb/core/quirks.c | 3 +- drivers/usb/core/usb.c | 2 + drivers/usb/musb/musb_dsps.c | 12 +- drivers/usb/serial/kobil_sct.c | 12 +- drivers/usb/wusbcore/security.c | 2 +- drivers/uwb/hwa-rc.c | 1 + drivers/vhost/net.c | 35 ++-- fs/dax.c | 13 +- fs/ext2/inode.c | 2 +- fs/iomap.c | 21 +-- fs/isofs/inode.c | 7 + fs/locks.c | 7 + fs/nfsd/nfs4proc.c | 1 + include/linux/arm-smccc.h | 38 +++-- include/linux/bitfield.h | 6 +- include/linux/platform_data/ina2xx.h | 2 +- include/linux/posix-timers.h | 4 +- include/linux/power_supply.h | 1 + include/linux/regulator/machine.h | 6 +- include/linux/uio.h | 2 +- include/rdma/opa_addr.h | 2 +- kernel/bpf/sockmap.c | 11 +- kernel/events/hw_breakpoint.c | 57 +++++-- kernel/module.c | 6 +- kernel/time/alarmtimer.c | 7 +- kernel/time/posix-cpu-timers.c | 2 +- kernel/time/posix-timers.c | 33 ++-- kernel/time/posix-timers.h | 2 +- lib/klist.c | 10 +- net/6lowpan/iphc.c | 1 + net/ipv4/tcp_bbr.c | 38 +++-- net/ncsi/ncsi-netlink.c | 4 +- net/tls/tls_main.c | 9 +- sound/aoa/core/gpio-feature.c | 4 +- sound/pci/hda/hda_intel.c | 3 +- sound/soc/codecs/rt1305.c | 4 +- sound/soc/intel/boards/bytcr_rt5640.c | 2 +- sound/soc/qcom/qdsp6/q6afe.c | 6 +- sound/soc/sh/rcar/ssi.c | 32 ++-- sound/soc/soc-dapm.c | 7 + tools/bpf/bpftool/map_perf_ring.c | 5 +- tools/perf/tests/builtin-test.c | 2 +- .../net/forwarding/mirror_gre_bridge_1d_vlan.sh | 6 +- .../selftests/net/forwarding/mirror_gre_lib.sh | 2 +- .../net/forwarding/mirror_gre_vlan_bridge_1q.sh | 6 +- 241 files changed, 1730 insertions(+), 789 deletions(-)

6 years, 11 months

6
242
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror