- Linux-stable-mirror - lists.linaro.org

[PATCH v4 0/7] kprobes: Fix %p in kprobes

by Masami Hiramatsu

Hi, This 4th version of the series which fixes %p uses in kprobes. Some by replacing with %pS, some by replacing with %px but masking with kallsyms_show_value(). I've read the thread about %pK and if I understand correctly we shouldn't print kernel addresses. However, kprobes debugfs interface can not stop to show the actual probe address because it should be compared with addresses in kallsyms for debugging. So, it depends on that kallsyms_show_value() allows to show address to user, because if it returns true, anyway that user can dump /proc/kallsyms. Other error messages are replaced it with %pS or just removed. This series also including fixes for arch ports too. Changes in this version; [1/7] Fix "list" file's mode too. [2/7] Do not use local variables and fix comment. [4/7] Use WARN_ONCE() for single bug. [5/7] Just remove %p. Thank you, --- Masami Hiramatsu (7): kprobes: Make list and blacklist root user read only kprobes: Show blacklist addresses as same as kallsyms does kprobes: Show address of kprobes if kallsyms does kprobes: Replace %p with other pointer types kprobes/x86: Fix %p uses in error messages kprobes/arm: Fix %p uses in error messages kprobes/arm64: Fix %p uses in error messages arch/arm/probes/kprobes/core.c | 10 +++---- arch/arm/probes/kprobes/test-core.c | 1 - arch/arm64/kernel/probes/kprobes.c | 4 +-- arch/x86/kernel/kprobes/core.c | 13 +++------ kernel/kprobes.c | 52 +++++++++++++++++++++-------------- 5 files changed, 42 insertions(+), 38 deletions(-) -- Masami Hiramatsu (Linaro) <mhiramat(a)kernel.org>

7 years, 2 months

1
7
0 0

[PATCH V3] cpufreq: powernv: Fix the hardlockup by synchronus smp_call in timer interrupt

by Shilpasri G Bhat

gpstate_timer_handler() uses synchronous smp_call to set the pstate on the requested core. This causes the below hard lockup: [c000003fe566b320] [c0000000001d5340] smp_call_function_single+0x110/0x180 (unreliable) [c000003fe566b390] [c0000000001d55e0] smp_call_function_any+0x180/0x250 [c000003fe566b3f0] [c000000000acd3e8] gpstate_timer_handler+0x1e8/0x580 [c000003fe566b4a0] [c0000000001b46b0] call_timer_fn+0x50/0x1c0 [c000003fe566b520] [c0000000001b4958] expire_timers+0x138/0x1f0 [c000003fe566b590] [c0000000001b4bf8] run_timer_softirq+0x1e8/0x270 [c000003fe566b630] [c000000000d0d6c8] __do_softirq+0x158/0x3e4 [c000003fe566b710] [c000000000114be8] irq_exit+0xe8/0x120 [c000003fe566b730] [c000000000024d0c] timer_interrupt+0x9c/0xe0 [c000003fe566b760] [c000000000009014] decrementer_common+0x114/0x120 -- interrupt: 901 at doorbell_global_ipi+0x34/0x50 LR = arch_send_call_function_ipi_mask+0x120/0x130 [c000003fe566ba50] [c00000000004876c] arch_send_call_function_ipi_mask+0x4c/0x130 [c000003fe566ba90] [c0000000001d59f0] smp_call_function_many+0x340/0x450 [c000003fe566bb00] [c000000000075f18] pmdp_invalidate+0x98/0xe0 [c000003fe566bb30] [c0000000003a1120] change_huge_pmd+0xe0/0x270 [c000003fe566bba0] [c000000000349278] change_protection_range+0xb88/0xe40 [c000003fe566bcf0] [c0000000003496c0] mprotect_fixup+0x140/0x340 [c000003fe566bdb0] [c000000000349a74] SyS_mprotect+0x1b4/0x350 [c000003fe566be30] [c00000000000b184] system_call+0x58/0x6c One way to avoid this is removing the smp-call. We can ensure that the timer always runs on one of the policy-cpus. If the timer gets migrated to a cpu outside the policy then re-queue it back on the policy->cpus. This way we can get rid of the smp-call which was being used to set the pstate on the policy->cpus. Fixes: 7bc54b652f13 (timers, cpufreq/powernv: Initialize the gpstate timer as pinned) Cc: <stable(a)vger.kernel.org> [4.8+] Reported-by: Nicholas Piggin <npiggin(a)gmail.com> Reported-by: Pridhiviraj Paidipeddi <ppaidipe(a)linux.vnet.ibm.com> Signed-off-by: Shilpasri G Bhat <shilpa.bhat(a)linux.vnet.ibm.com> --- Changes from V2: - Remove the check for active policy while requeing the migrated timer Changes from V1: - Remove smp_call in the pstate handler. drivers/cpufreq/powernv-cpufreq.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/drivers/cpufreq/powernv-cpufreq.c b/drivers/cpufreq/powernv-cpufreq.c index 71f8682..e368e1f 100644 --- a/drivers/cpufreq/powernv-cpufreq.c +++ b/drivers/cpufreq/powernv-cpufreq.c @@ -679,6 +679,16 @@ void gpstate_timer_handler(struct timer_list *t) if (!spin_trylock(&gpstates->gpstate_lock)) return; + /* + * If the timer has migrated to the different cpu then bring + * it back to one of the policy->cpus + */ + if (!cpumask_test_cpu(raw_smp_processor_id(), policy->cpus)) { + gpstates->timer.expires = jiffies + msecs_to_jiffies(1); + add_timer_on(&gpstates->timer, cpumask_first(policy->cpus)); + spin_unlock(&gpstates->gpstate_lock); + return; + } /* * If PMCR was last updated was using fast_swtich then @@ -718,10 +728,8 @@ void gpstate_timer_handler(struct timer_list *t) if (gpstate_idx != gpstates->last_lpstate_idx) queue_gpstate_timer(gpstates); + set_pstate(&freq_data); spin_unlock(&gpstates->gpstate_lock); - - /* Timer may get migrated to a different cpu on cpu hot unplug */ - smp_call_function_any(policy->cpus, set_pstate, &freq_data, 1); } /* -- 1.8.3.1

7 years, 2 months

5
4
0 0

[fixed Patch] KVM: s390: wire up bpb feature

by Christian Borntraeger

From: Christian Borntraeger <borntraeger(a)de.ibm.com> [ Upstream commit 35b3fde6203b932b2b1a5b53b3d8808abc9c4f60 ] The new firmware interfaces for branch prediction behaviour changes are transparently available for the guest. Nevertheless, there is new state attached that should be migrated and properly resetted. Provide a mechanism for handling reset, migration and VSIE. Signed-off-by: Christian Borntraeger <borntraeger(a)de.ibm.com> Reviewed-by: David Hildenbrand <david(a)redhat.com> Reviewed-by: Cornelia Huck <cohuck(a)redhat.com> [Changed capability number to 152. - Radim] Signed-off-by: Radim Krčmář <rkrcmar(a)redhat.com> --- arch/s390/include/asm/kvm_host.h | 3 ++- arch/s390/include/uapi/asm/kvm.h | 3 +++ arch/s390/kvm/kvm-s390.c | 13 ++++++++++++- include/uapi/linux/kvm.h | 1 + 4 files changed, 18 insertions(+), 2 deletions(-) Index: linux/arch/s390/include/asm/kvm_host.h =================================================================== --- linux.orig/arch/s390/include/asm/kvm_host.h +++ linux/arch/s390/include/asm/kvm_host.h @@ -136,7 +136,8 @@ struct kvm_s390_sie_block { __u16 ipa; /* 0x0056 */ __u32 ipb; /* 0x0058 */ __u32 scaoh; /* 0x005c */ - __u8 reserved60; /* 0x0060 */ +#define FPF_BPBC 0x20 + __u8 fpf; /* 0x0060 */ __u8 ecb; /* 0x0061 */ __u8 ecb2; /* 0x0062 */ #define ECB3_AES 0x04 Index: linux/arch/s390/include/uapi/asm/kvm.h =================================================================== --- linux.orig/arch/s390/include/uapi/asm/kvm.h +++ linux/arch/s390/include/uapi/asm/kvm.h @@ -151,6 +151,7 @@ struct kvm_guest_debug_arch { #define KVM_SYNC_ARCH0 (1UL << 4) #define KVM_SYNC_PFAULT (1UL << 5) #define KVM_SYNC_VRS (1UL << 6) +#define KVM_SYNC_BPBC (1UL << 10) /* definition of registers in kvm_run */ struct kvm_sync_regs { __u64 prefix; /* prefix register */ @@ -168,6 +169,8 @@ struct kvm_sync_regs { __u64 vrs[32][2]; /* vector registers */ __u8 reserved[512]; /* for future vector expansion */ __u32 fpc; /* only valid with vector registers */ + __u8 bpbc : 1; /* bp mode */ + __u8 reserved2 : 7; }; #define KVM_REG_S390_TODPR (KVM_REG_S390 | KVM_REG_SIZE_U32 | 0x1) Index: linux/arch/s390/kvm/kvm-s390.c =================================================================== --- linux.orig/arch/s390/kvm/kvm-s390.c +++ linux/arch/s390/kvm/kvm-s390.c @@ -257,6 +257,9 @@ int kvm_vm_ioctl_check_extension(struct case KVM_CAP_S390_VECTOR_REGISTERS: r = MACHINE_HAS_VX; break; + case KVM_CAP_S390_BPB: + r = test_facility(82); + break; default: r = 0; } @@ -1264,6 +1267,8 @@ int kvm_arch_vcpu_init(struct kvm_vcpu * KVM_SYNC_PFAULT; if (test_kvm_facility(vcpu->kvm, 129)) vcpu->run->kvm_valid_regs |= KVM_SYNC_VRS; + if (test_kvm_facility(vcpu->kvm, 82)) + vcpu->run->kvm_valid_regs |= KVM_SYNC_BPBC; if (kvm_is_ucontrol(vcpu->kvm)) return __kvm_ucontrol_vcpu_init(vcpu); @@ -1327,6 +1332,7 @@ static void kvm_s390_vcpu_initial_reset( current->thread.fpu.fpc = 0; vcpu->arch.sie_block->gbea = 1; vcpu->arch.sie_block->pp = 0; + vcpu->arch.sie_block->fpf &= ~FPF_BPBC; vcpu->arch.pfault_token = KVM_S390_PFAULT_TOKEN_INVALID; kvm_clear_async_pf_completion_queue(vcpu); if (!kvm_s390_user_cpu_state_ctrl(vcpu->kvm)) @@ -2145,6 +2151,11 @@ static void sync_regs(struct kvm_vcpu *v if (vcpu->arch.pfault_token == KVM_S390_PFAULT_TOKEN_INVALID) kvm_clear_async_pf_completion_queue(vcpu); } + if ((kvm_run->kvm_dirty_regs & KVM_SYNC_BPBC) && + test_kvm_facility(vcpu->kvm, 82)) { + vcpu->arch.sie_block->fpf &= ~FPF_BPBC; + vcpu->arch.sie_block->fpf |= kvm_run->s.regs.bpbc ? FPF_BPBC : 0; + } kvm_run->kvm_dirty_regs = 0; } @@ -2162,6 +2173,7 @@ static void store_regs(struct kvm_vcpu * kvm_run->s.regs.pft = vcpu->arch.pfault_token; kvm_run->s.regs.pfs = vcpu->arch.pfault_select; kvm_run->s.regs.pfc = vcpu->arch.pfault_compare; + kvm_run->s.regs.bpbc = (vcpu->arch.sie_block->fpf & FPF_BPBC) == FPF_BPBC; } int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run) Index: linux/include/uapi/linux/kvm.h =================================================================== --- linux.orig/include/uapi/linux/kvm.h +++ linux/include/uapi/linux/kvm.h @@ -831,6 +831,7 @@ struct kvm_ppc_smmu_info { #define KVM_CAP_GUEST_DEBUG_HW_WPS 120 #define KVM_CAP_SPLIT_IRQCHIP 121 #define KVM_CAP_IOEVENTFD_ANY_LENGTH 122 +#define KVM_CAP_S390_BPB 152 #ifdef KVM_CAP_IRQ_ROUTING

7 years, 2 months

2
1
0 0

[PATCH] powerpc/eeh: Fix race with driver un/bind

by Michael Neuling

commit f0295e047fcf52ccb42561fb7de6942f5201b676 upstream. The current EEH callbacks can race with a driver unbind. This can result in a backtraces like this: EEH: Frozen PHB#0-PE#1fc detected EEH: PE location: S000009, PHB location: N/A CPU: 2 PID: 2312 Comm: kworker/u258:3 Not tainted 4.15.6-openpower1 #2 Workqueue: nvme-wq nvme_reset_work [nvme] Call Trace: dump_stack+0x9c/0xd0 (unreliable) eeh_dev_check_failure+0x420/0x470 eeh_check_failure+0xa0/0xa4 nvme_reset_work+0x138/0x1414 [nvme] process_one_work+0x1ec/0x328 worker_thread+0x2e4/0x3a8 kthread+0x14c/0x154 ret_from_kernel_thread+0x5c/0xc8 nvme nvme1: Removing after probe failure status: -19 <snip> cpu 0x23: Vector: 300 (Data Access) at [c000000ff50f3800] pc: c0080000089a0eb0: nvme_error_detected+0x4c/0x90 [nvme] lr: c000000000026564: eeh_report_error+0xe0/0x110 sp: c000000ff50f3a80 msr: 9000000000009033 dar: 400 dsisr: 40000000 current = 0xc000000ff507c000 paca = 0xc00000000fdc9d80 softe: 0 irq_happened: 0x01 pid = 782, comm = eehd Linux version 4.15.6-openpower1 (smc@smc-desktop) (gcc version 6.4.0 (Buildroot 2017.11.2-00008-g4b6188e)) #2 SM P Tue Feb 27 12:33:27 PST 2018 enter ? for help eeh_report_error+0xe0/0x110 eeh_pe_dev_traverse+0xc0/0xdc eeh_handle_normal_event+0x184/0x4c4 eeh_handle_event+0x30/0x288 eeh_event_handler+0x124/0x170 kthread+0x14c/0x154 ret_from_kernel_thread+0x5c/0xc8 The first part is an EEH (on boot), the second half is the resulting crash. nvme probe starts the nvme_reset_work() worker thread. This worker thread starts touching the device which see a device error (EEH) and hence queues up an event in the powerpc EEH worker thread. nvme_reset_work() then continues and runs nvme_remove_dead_ctrl_work() which results in unbinding the driver from the device and hence releases all resources. At the same time, the EEH worker thread starts doing the EEH .error_detected() driver callback, which no longer works since the resources have been freed. This fixes the problem in the same way the generic PCIe AER code (in drivers/pci/pcie/aer/aerdrv_core.c) does. It makes the EEH code hold the device_lock() while performing the driver EEH callbacks and associated code. This ensures either the callbacks are no longer register, or if they are registered the driver will not be removed from underneath us. This has been broken forever. The EEH call backs were first introduced in 2005 (in 77bd7415610) but it's not clear if a lock was needed back then. Fixes: 77bd74156101 ("[PATCH] powerpc: PCI Error Recovery: PPC64 core recovery routines") Cc: stable(a)vger.kernel.org # v4.9, v4.14 Signed-off-by: Michael Neuling <mikey(a)neuling.org> Reviewed-by: Benjamin Herrenschmidt <benh(a)kernel.crashing.org> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> --- Greg, > And it breaks the build on the 4.14.y tree: > arch/powerpc/kernel/eeh_driver.c: In function 'eeh_report_resume': > arch/powerpc/kernel/eeh_driver.c:395:13: error: 'struct eeh_ops' has no member named 'notify_resume' This fixes the build issue from the last try. Sorry again, Mikey --- arch/powerpc/kernel/eeh_driver.c | 61 +++++++++++++++++++++++++--------------- 1 file changed, 38 insertions(+), 23 deletions(-) diff --git a/arch/powerpc/kernel/eeh_driver.c b/arch/powerpc/kernel/eeh_driver.c index 8b840191df..ca2243df9c 100644 --- a/arch/powerpc/kernel/eeh_driver.c +++ b/arch/powerpc/kernel/eeh_driver.c @@ -207,18 +207,18 @@ static void *eeh_report_error(void *data, void *userdata) if (!dev || eeh_dev_removed(edev) || eeh_pe_passed(edev->pe)) return NULL; + + device_lock(&dev->dev); dev->error_state = pci_channel_io_frozen; driver = eeh_pcid_get(dev); - if (!driver) return NULL; + if (!driver) goto out_no_dev; eeh_disable_irq(dev); if (!driver->err_handler || - !driver->err_handler->error_detected) { - eeh_pcid_put(dev); - return NULL; - } + !driver->err_handler->error_detected) + goto out; rc = driver->err_handler->error_detected(dev, pci_channel_io_frozen); @@ -227,7 +227,10 @@ static void *eeh_report_error(void *data, void *userdata) if (*res == PCI_ERS_RESULT_NONE) *res = rc; edev->in_error = true; +out: eeh_pcid_put(dev); +out_no_dev: + device_unlock(&dev->dev); return NULL; } @@ -250,15 +253,14 @@ static void *eeh_report_mmio_enabled(void *data, void *userdata) if (!dev || eeh_dev_removed(edev) || eeh_pe_passed(edev->pe)) return NULL; + device_lock(&dev->dev); driver = eeh_pcid_get(dev); - if (!driver) return NULL; + if (!driver) goto out_no_dev; if (!driver->err_handler || !driver->err_handler->mmio_enabled || - (edev->mode & EEH_DEV_NO_HANDLER)) { - eeh_pcid_put(dev); - return NULL; - } + (edev->mode & EEH_DEV_NO_HANDLER)) + goto out; rc = driver->err_handler->mmio_enabled(dev); @@ -266,7 +268,10 @@ static void *eeh_report_mmio_enabled(void *data, void *userdata) if (rc == PCI_ERS_RESULT_NEED_RESET) *res = rc; if (*res == PCI_ERS_RESULT_NONE) *res = rc; +out: eeh_pcid_put(dev); +out_no_dev: + device_unlock(&dev->dev); return NULL; } @@ -289,20 +294,20 @@ static void *eeh_report_reset(void *data, void *userdata) if (!dev || eeh_dev_removed(edev) || eeh_pe_passed(edev->pe)) return NULL; + + device_lock(&dev->dev); dev->error_state = pci_channel_io_normal; driver = eeh_pcid_get(dev); - if (!driver) return NULL; + if (!driver) goto out_no_dev; eeh_enable_irq(dev); if (!driver->err_handler || !driver->err_handler->slot_reset || (edev->mode & EEH_DEV_NO_HANDLER) || - (!edev->in_error)) { - eeh_pcid_put(dev); - return NULL; - } + (!edev->in_error)) + goto out; rc = driver->err_handler->slot_reset(dev); if ((*res == PCI_ERS_RESULT_NONE) || @@ -310,7 +315,10 @@ static void *eeh_report_reset(void *data, void *userdata) if (*res == PCI_ERS_RESULT_DISCONNECT && rc == PCI_ERS_RESULT_NEED_RESET) *res = rc; +out: eeh_pcid_put(dev); +out_no_dev: + device_unlock(&dev->dev); return NULL; } @@ -361,10 +369,12 @@ static void *eeh_report_resume(void *data, void *userdata) if (!dev || eeh_dev_removed(edev) || eeh_pe_passed(edev->pe)) return NULL; + + device_lock(&dev->dev); dev->error_state = pci_channel_io_normal; driver = eeh_pcid_get(dev); - if (!driver) return NULL; + if (!driver) goto out_no_dev; was_in_error = edev->in_error; edev->in_error = false; @@ -374,13 +384,15 @@ static void *eeh_report_resume(void *data, void *userdata) !driver->err_handler->resume || (edev->mode & EEH_DEV_NO_HANDLER) || !was_in_error) { edev->mode &= ~EEH_DEV_NO_HANDLER; - eeh_pcid_put(dev); - return NULL; + goto out; } driver->err_handler->resume(dev); +out: eeh_pcid_put(dev); +out_no_dev: + device_unlock(&dev->dev); return NULL; } @@ -400,22 +412,25 @@ static void *eeh_report_failure(void *data, void *userdata) if (!dev || eeh_dev_removed(edev) || eeh_pe_passed(edev->pe)) return NULL; + + device_lock(&dev->dev); dev->error_state = pci_channel_io_perm_failure; driver = eeh_pcid_get(dev); - if (!driver) return NULL; + if (!driver) goto out_no_dev; eeh_disable_irq(dev); if (!driver->err_handler || - !driver->err_handler->error_detected) { - eeh_pcid_put(dev); - return NULL; - } + !driver->err_handler->error_detected) + goto out; driver->err_handler->error_detected(dev, pci_channel_io_perm_failure); +out: eeh_pcid_put(dev); +out_no_dev: + device_unlock(&dev->dev); return NULL; } -- 2.14.1

7 years, 2 months

2
1
0 0

[PATCH] powerpc/eeh: Fix race with driver un/bind

by Michael Neuling

commit f0295e047fcf52ccb42561fb7de6942f5201b676 upstream. The current EEH callbacks can race with a driver unbind. This can result in a backtraces like this: EEH: Frozen PHB#0-PE#1fc detected EEH: PE location: S000009, PHB location: N/A CPU: 2 PID: 2312 Comm: kworker/u258:3 Not tainted 4.15.6-openpower1 #2 Workqueue: nvme-wq nvme_reset_work [nvme] Call Trace: dump_stack+0x9c/0xd0 (unreliable) eeh_dev_check_failure+0x420/0x470 eeh_check_failure+0xa0/0xa4 nvme_reset_work+0x138/0x1414 [nvme] process_one_work+0x1ec/0x328 worker_thread+0x2e4/0x3a8 kthread+0x14c/0x154 ret_from_kernel_thread+0x5c/0xc8 nvme nvme1: Removing after probe failure status: -19 <snip> cpu 0x23: Vector: 300 (Data Access) at [c000000ff50f3800] pc: c0080000089a0eb0: nvme_error_detected+0x4c/0x90 [nvme] lr: c000000000026564: eeh_report_error+0xe0/0x110 sp: c000000ff50f3a80 msr: 9000000000009033 dar: 400 dsisr: 40000000 current = 0xc000000ff507c000 paca = 0xc00000000fdc9d80 softe: 0 irq_happened: 0x01 pid = 782, comm = eehd Linux version 4.15.6-openpower1 (smc@smc-desktop) (gcc version 6.4.0 (Buildroot 2017.11.2-00008-g4b6188e)) #2 SM P Tue Feb 27 12:33:27 PST 2018 enter ? for help eeh_report_error+0xe0/0x110 eeh_pe_dev_traverse+0xc0/0xdc eeh_handle_normal_event+0x184/0x4c4 eeh_handle_event+0x30/0x288 eeh_event_handler+0x124/0x170 kthread+0x14c/0x154 ret_from_kernel_thread+0x5c/0xc8 The first part is an EEH (on boot), the second half is the resulting crash. nvme probe starts the nvme_reset_work() worker thread. This worker thread starts touching the device which see a device error (EEH) and hence queues up an event in the powerpc EEH worker thread. nvme_reset_work() then continues and runs nvme_remove_dead_ctrl_work() which results in unbinding the driver from the device and hence releases all resources. At the same time, the EEH worker thread starts doing the EEH .error_detected() driver callback, which no longer works since the resources have been freed. This fixes the problem in the same way the generic PCIe AER code (in drivers/pci/pcie/aer/aerdrv_core.c) does. It makes the EEH code hold the device_lock() while performing the driver EEH callbacks and associated code. This ensures either the callbacks are no longer register, or if they are registered the driver will not be removed from underneath us. This has been broken forever. The EEH call backs were first introduced in 2005 (in 77bd7415610) but it's not clear if a lock was needed back then. Fixes: 77bd74156101 ("[PATCH] powerpc: PCI Error Recovery: PPC64 core recovery routines") Cc: stable(a)vger.kernel.org # v4.9, v4.14 Signed-off-by: Michael Neuling <mikey(a)neuling.org> Reviewed-by: Benjamin Herrenschmidt <benh(a)kernel.crashing.org> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> --- Greg, this is a backport since the upstream patch didn't apply to v4.9 and v4.14. mikey --- arch/powerpc/kernel/eeh_driver.c | 65 ++++++++++++++++++++++++++-------------- 1 file changed, 42 insertions(+), 23 deletions(-) diff --git a/arch/powerpc/kernel/eeh_driver.c b/arch/powerpc/kernel/eeh_driver.c index 8b840191df..0a88e6b595 100644 --- a/arch/powerpc/kernel/eeh_driver.c +++ b/arch/powerpc/kernel/eeh_driver.c @@ -207,18 +207,18 @@ static void *eeh_report_error(void *data, void *userdata) if (!dev || eeh_dev_removed(edev) || eeh_pe_passed(edev->pe)) return NULL; + + device_lock(&dev->dev); dev->error_state = pci_channel_io_frozen; driver = eeh_pcid_get(dev); - if (!driver) return NULL; + if (!driver) goto out_no_dev; eeh_disable_irq(dev); if (!driver->err_handler || - !driver->err_handler->error_detected) { - eeh_pcid_put(dev); - return NULL; - } + !driver->err_handler->error_detected) + goto out; rc = driver->err_handler->error_detected(dev, pci_channel_io_frozen); @@ -227,7 +227,10 @@ static void *eeh_report_error(void *data, void *userdata) if (*res == PCI_ERS_RESULT_NONE) *res = rc; edev->in_error = true; +out: eeh_pcid_put(dev); +out_no_dev: + device_unlock(&dev->dev); return NULL; } @@ -250,15 +253,14 @@ static void *eeh_report_mmio_enabled(void *data, void *userdata) if (!dev || eeh_dev_removed(edev) || eeh_pe_passed(edev->pe)) return NULL; + device_lock(&dev->dev); driver = eeh_pcid_get(dev); - if (!driver) return NULL; + if (!driver) goto out_no_dev; if (!driver->err_handler || !driver->err_handler->mmio_enabled || - (edev->mode & EEH_DEV_NO_HANDLER)) { - eeh_pcid_put(dev); - return NULL; - } + (edev->mode & EEH_DEV_NO_HANDLER)) + goto out; rc = driver->err_handler->mmio_enabled(dev); @@ -266,7 +268,10 @@ static void *eeh_report_mmio_enabled(void *data, void *userdata) if (rc == PCI_ERS_RESULT_NEED_RESET) *res = rc; if (*res == PCI_ERS_RESULT_NONE) *res = rc; +out: eeh_pcid_put(dev); +out_no_dev: + device_unlock(&dev->dev); return NULL; } @@ -289,20 +294,20 @@ static void *eeh_report_reset(void *data, void *userdata) if (!dev || eeh_dev_removed(edev) || eeh_pe_passed(edev->pe)) return NULL; + + device_lock(&dev->dev); dev->error_state = pci_channel_io_normal; driver = eeh_pcid_get(dev); - if (!driver) return NULL; + if (!driver) goto out_no_dev; eeh_enable_irq(dev); if (!driver->err_handler || !driver->err_handler->slot_reset || (edev->mode & EEH_DEV_NO_HANDLER) || - (!edev->in_error)) { - eeh_pcid_put(dev); - return NULL; - } + (!edev->in_error)) + goto out; rc = driver->err_handler->slot_reset(dev); if ((*res == PCI_ERS_RESULT_NONE) || @@ -310,7 +315,10 @@ static void *eeh_report_reset(void *data, void *userdata) if (*res == PCI_ERS_RESULT_DISCONNECT && rc == PCI_ERS_RESULT_NEED_RESET) *res = rc; +out: eeh_pcid_put(dev); +out_no_dev: + device_unlock(&dev->dev); return NULL; } @@ -361,10 +369,12 @@ static void *eeh_report_resume(void *data, void *userdata) if (!dev || eeh_dev_removed(edev) || eeh_pe_passed(edev->pe)) return NULL; + + device_lock(&dev->dev); dev->error_state = pci_channel_io_normal; driver = eeh_pcid_get(dev); - if (!driver) return NULL; + if (!driver) goto out_no_dev; was_in_error = edev->in_error; edev->in_error = false; @@ -374,13 +384,19 @@ static void *eeh_report_resume(void *data, void *userdata) !driver->err_handler->resume || (edev->mode & EEH_DEV_NO_HANDLER) || !was_in_error) { edev->mode &= ~EEH_DEV_NO_HANDLER; - eeh_pcid_put(dev); - return NULL; + goto out; } driver->err_handler->resume(dev); +out: eeh_pcid_put(dev); +#ifdef CONFIG_PCI_IOV + if (eeh_ops->notify_resume && eeh_dev_to_pdn(edev)) + eeh_ops->notify_resume(eeh_dev_to_pdn(edev)); +#endif +out_no_dev: + device_unlock(&dev->dev); return NULL; } @@ -400,22 +416,25 @@ static void *eeh_report_failure(void *data, void *userdata) if (!dev || eeh_dev_removed(edev) || eeh_pe_passed(edev->pe)) return NULL; + + device_lock(&dev->dev); dev->error_state = pci_channel_io_perm_failure; driver = eeh_pcid_get(dev); - if (!driver) return NULL; + if (!driver) goto out_no_dev; eeh_disable_irq(dev); if (!driver->err_handler || - !driver->err_handler->error_detected) { - eeh_pcid_put(dev); - return NULL; - } + !driver->err_handler->error_detected) + goto out; driver->err_handler->error_detected(dev, pci_channel_io_perm_failure); +out: eeh_pcid_put(dev); +out_no_dev: + device_unlock(&dev->dev); return NULL; } -- 2.14.1

7 years, 2 months

2
4
0 0

[PATCH] tty: serdev: fix missing static modifier on DEVICE_ATTR_RO(modalias)

by David Lechner

This fixes the compile error "multiple definition of `dev_attr_modalias'" by adding the static modifier to DEVICE_ATTR_RO(modalias). This change was made in the mainline kernel in 2460942f51f1 ("serdev: do not generate modaliases for controllers") along with some other changes. Fixes: 4fe99816a1ab ("tty: serdev: use dev_groups and not dev_attrs for bus_type") Cc: Hans de Goede <hdegoede(a)redhat.com> Cc: Johan Hovold <johan(a)kernel.org> Cc: Sebastian Reichel <sebastian.reichel(a)collabora.co.uk> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: <stable(a)vger.kernel.org> # 4.14.x Signed-off-by: David Lechner <david(a)lechnology.com> --- Should we pick up the patch 2460942f51f1 ("serdev: do not generate modaliases for controllers") for stable or is this patch good enough? drivers/tty/serdev/core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/tty/serdev/core.c b/drivers/tty/serdev/core.c index 97db76afced2..25298b7b2419 100644 --- a/drivers/tty/serdev/core.c +++ b/drivers/tty/serdev/core.c @@ -276,7 +276,7 @@ static ssize_t modalias_show(struct device *dev, { return of_device_modalias(dev, buf, PAGE_SIZE); } -DEVICE_ATTR_RO(modalias); +static DEVICE_ATTR_RO(modalias); static struct attribute *serdev_device_attrs[] = { &dev_attr_modalias.attr, -- 2.17.0

7 years, 2 months

2
3
0 0

[PATCH v3 0/7] kprobes: Fix %p in kprobes

by Masami Hiramatsu

Hi, This 3rd version of the series which fixes %p uses in kprobes. Some by replacing with %pS, some by replacing with %px but masking with kallsyms_show_value(). I've read the thread about %pK and if I understand correctly we shouldn't print kernel addresses. However, kprobes debugfs interface can not stop to show the actual probe address because it should be compared with addresses in kallsyms for debugging. So, it depends on that kallsyms_show_value() allows to show address to user, because if it returns true, anyway that user can dump /proc/kallsyms. Other error messages are replaced it with %pS or just removed. This series also including some fixes for arch ports too. Changes in this version; - [2/7]: Updated for the latest linus tree. - [4/7][5/7]: Do not use %px. Thank you, --- Masami Hiramatsu (7): kprobes: Make blacklist root user read only kprobes: Show blacklist addresses as same as kallsyms does kprobes: Show address of kprobes if kallsyms does kprobes: Replace %p with other pointer types kprobes/x86: Fix %p uses in error messages kprobes/arm: Fix %p uses in error messages kprobes/arm64: Fix %p uses in error messages arch/arm/probes/kprobes/core.c | 10 ++++--- arch/arm/probes/kprobes/test-core.c | 1 - arch/arm64/kernel/probes/kprobes.c | 4 +-- arch/x86/kernel/kprobes/core.c | 12 +++------ kernel/kprobes.c | 48 ++++++++++++++++++++++------------- 5 files changed, 41 insertions(+), 34 deletions(-) -- Masami Hiramatsu (Linaro) <mhiramat(a)kernel.org>

7 years, 2 months

3
18
0 0

[PATCH V3 09/10] MIPS: Loongson-3: Fix CPU UART irq delivery problem

by Huacai Chen

Masking/unmasking the CPU UART irq in CP0_Status (and redirecting it to other CPUs) may cause interrupts be lost, especially in multi-package machines (Package-0's UART irq cannot be delivered to others). So make mask_loongson_irq() and unmask_loongson_irq() be no-ops. The original problem (UART IRQ may deliver to any core) is also because of masking/unmasking the CPU UART irq in CP0_Status. So it is safe to remove all of the stuff. Cc: stable(a)vger.kernel.org Signed-off-by: Huacai Chen <chenhc(a)lemote.com> --- arch/mips/loongson64/loongson-3/irq.c | 41 ++--------------------------------- 1 file changed, 2 insertions(+), 39 deletions(-) diff --git a/arch/mips/loongson64/loongson-3/irq.c b/arch/mips/loongson64/loongson-3/irq.c index cbeb20f..e8381ec 100644 --- a/arch/mips/loongson64/loongson-3/irq.c +++ b/arch/mips/loongson64/loongson-3/irq.c @@ -102,45 +102,8 @@ static struct irqaction cascade_irqaction = { .name = "cascade", }; -static inline void mask_loongson_irq(struct irq_data *d) -{ - clear_c0_status(0x100 << (d->irq - MIPS_CPU_IRQ_BASE)); - irq_disable_hazard(); - - /* Workaround: UART IRQ may deliver to any core */ - if (d->irq == LOONGSON_UART_IRQ) { - int cpu = smp_processor_id(); - int node_id = cpu_logical_map(cpu) / loongson_sysconf.cores_per_node; - int core_id = cpu_logical_map(cpu) % loongson_sysconf.cores_per_node; - u64 intenclr_addr = smp_group[node_id] | - (u64)(&LOONGSON_INT_ROUTER_INTENCLR); - u64 introuter_lpc_addr = smp_group[node_id] | - (u64)(&LOONGSON_INT_ROUTER_LPC); - - *(volatile u32 *)intenclr_addr = 1 << 10; - *(volatile u8 *)introuter_lpc_addr = 0x10 + (1<<core_id); - } -} - -static inline void unmask_loongson_irq(struct irq_data *d) -{ - /* Workaround: UART IRQ may deliver to any core */ - if (d->irq == LOONGSON_UART_IRQ) { - int cpu = smp_processor_id(); - int node_id = cpu_logical_map(cpu) / loongson_sysconf.cores_per_node; - int core_id = cpu_logical_map(cpu) % loongson_sysconf.cores_per_node; - u64 intenset_addr = smp_group[node_id] | - (u64)(&LOONGSON_INT_ROUTER_INTENSET); - u64 introuter_lpc_addr = smp_group[node_id] | - (u64)(&LOONGSON_INT_ROUTER_LPC); - - *(volatile u32 *)intenset_addr = 1 << 10; - *(volatile u8 *)introuter_lpc_addr = 0x10 + (1<<core_id); - } - - set_c0_status(0x100 << (d->irq - MIPS_CPU_IRQ_BASE)); - irq_enable_hazard(); -} +static inline void mask_loongson_irq(struct irq_data *d) { } +static inline void unmask_loongson_irq(struct irq_data *d) { } /* For MIPS IRQs which shared by all cores */ static struct irq_chip loongson_irq_chip = { -- 2.7.0

7 years, 2 months

1
0
0 0

[PATCH V3 07/10] MIPS: Align kernel load address to 64KB

by Huacai Chen

KEXEC needs the new kernel's load address to be aligned on a page boundary (see sanity_check_segment_list()), but on MIPS the default vmlinuz load address is only explicitly aligned to 16 bytes. Since the largest PAGE_SIZE supported by MIPS kernels is 64KB, increase the alignment calculated by calc_vmlinuz_load_addr to 64KB. Cc: <stable(a)vger.kernel.org> # 2.6.36+ Signed-off-by: Huacai Chen <chenhc(a)lemote.com> --- arch/mips/boot/compressed/calc_vmlinuz_load_addr.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/arch/mips/boot/compressed/calc_vmlinuz_load_addr.c b/arch/mips/boot/compressed/calc_vmlinuz_load_addr.c index 37fe58c..542c3ed 100644 --- a/arch/mips/boot/compressed/calc_vmlinuz_load_addr.c +++ b/arch/mips/boot/compressed/calc_vmlinuz_load_addr.c @@ -13,6 +13,7 @@ #include <stdint.h> #include <stdio.h> #include <stdlib.h> +#include "../../../../include/linux/sizes.h" int main(int argc, char *argv[]) { @@ -45,11 +46,11 @@ int main(int argc, char *argv[]) vmlinuz_load_addr = vmlinux_load_addr + vmlinux_size; /* - * Align with 16 bytes: "greater than that used for any standard data - * types by a MIPS compiler." -- See MIPS Run Linux (Second Edition). + * Align with 64KB: KEXEC needs load sections to be aligned to PAGE_SIZE, + * which may be as large as 64KB depending on the kernel configuration. */ - vmlinuz_load_addr += (16 - vmlinux_size % 16); + vmlinuz_load_addr += (SZ_64K - vmlinux_size % SZ_64K); printf("0x%llx\n", vmlinuz_load_addr); -- 2.7.0

7 years, 2 months

1
0
0 0

[PATCH V3 05/10] MIPS: Ensure pmd_present() returns false after pmd_mknotpresent()

by Huacai Chen

This patch is borrowed from ARM64 to ensure pmd_present() returns false after pmd_mknotpresent(). This is needed for THP. Cc: <stable(a)vger.kernel.org> # 3.8+ References: 5bb1cc0ff9a6 ("arm64: Ensure pmd_present() returns false after pmd_mknotpresent()") Reviewed-by: James Hogan <jhogan(a)kernel.org> Signed-off-by: Huacai Chen <chenhc(a)lemote.com> --- arch/mips/include/asm/pgtable-64.h | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/arch/mips/include/asm/pgtable-64.h b/arch/mips/include/asm/pgtable-64.h index 0036ea0..93a9dce 100644 --- a/arch/mips/include/asm/pgtable-64.h +++ b/arch/mips/include/asm/pgtable-64.h @@ -265,6 +265,11 @@ static inline int pmd_bad(pmd_t pmd) static inline int pmd_present(pmd_t pmd) { +#ifdef CONFIG_MIPS_HUGE_TLB_SUPPORT + if (unlikely(pmd_val(pmd) & _PAGE_HUGE)) + return pmd_val(pmd) & _PAGE_PRESENT; +#endif + return pmd_val(pmd) != (unsigned long) invalid_pte_table; } -- 2.7.0

7 years, 2 months

1
0
0 0

[PATCH V3 04/10] MIPS: c-r4k: Add r4k_blast_scache_node for Loongson-3

by Huacai Chen

For multi-node Loongson-3 (NUMA configuration), r4k_blast_scache() can only flush Node-0's scache. So we add r4k_blast_scache_node() by using (CAC_BASE | (node_id << NODE_ADDRSPACE_SHIFT)) instead of CKSEG0 as the start address. Cc: <stable(a)vger.kernel.org> # 3.15+ Signed-off-by: Huacai Chen <chenhc(a)lemote.com> --- arch/mips/include/asm/mach-loongson64/mmzone.h | 1 + arch/mips/include/asm/mmzone.h | 8 +++++ arch/mips/include/asm/r4kcache.h | 25 +++++++++++++++ arch/mips/mm/c-r4k.c | 44 ++++++++++++++++++++++---- 4 files changed, 71 insertions(+), 7 deletions(-) diff --git a/arch/mips/include/asm/mach-loongson64/mmzone.h b/arch/mips/include/asm/mach-loongson64/mmzone.h index c9f7e23..59c8b11 100644 --- a/arch/mips/include/asm/mach-loongson64/mmzone.h +++ b/arch/mips/include/asm/mach-loongson64/mmzone.h @@ -21,6 +21,7 @@ #define NODE3_ADDRSPACE_OFFSET 0x300000000000UL #define pa_to_nid(addr) (((addr) & 0xf00000000000) >> NODE_ADDRSPACE_SHIFT) +#define nid_to_addrbase(nid) ((nid) << NODE_ADDRSPACE_SHIFT) #define LEVELS_PER_SLICE 128 diff --git a/arch/mips/include/asm/mmzone.h b/arch/mips/include/asm/mmzone.h index f085fba..2a0fe1d 100644 --- a/arch/mips/include/asm/mmzone.h +++ b/arch/mips/include/asm/mmzone.h @@ -9,6 +9,14 @@ #include <asm/page.h> #include <mmzone.h> +#ifndef pa_to_nid +#define pa_to_nid(addr) 0 +#endif + +#ifndef nid_to_addrbase +#define nid_to_addrbase(nid) 0 +#endif + #ifdef CONFIG_DISCONTIGMEM #define pfn_to_nid(pfn) pa_to_nid((pfn) << PAGE_SHIFT) diff --git a/arch/mips/include/asm/r4kcache.h b/arch/mips/include/asm/r4kcache.h index 7f12d7e..e3f70dc 100644 --- a/arch/mips/include/asm/r4kcache.h +++ b/arch/mips/include/asm/r4kcache.h @@ -747,4 +747,29 @@ __BUILD_BLAST_CACHE_RANGE(s, scache, Hit_Writeback_Inv_SD, , ) __BUILD_BLAST_CACHE_RANGE(inv_d, dcache, Hit_Invalidate_D, , ) __BUILD_BLAST_CACHE_RANGE(inv_s, scache, Hit_Invalidate_SD, , ) +/* Currently, this is very specific to Loongson-3 */ +#define __BUILD_BLAST_CACHE_NODE(pfx, desc, indexop, hitop, lsize) \ +static inline void blast_##pfx##cache##lsize##_node(long node) \ +{ \ + unsigned long start = CAC_BASE | nid_to_addrbase(node); \ + unsigned long end = start + current_cpu_data.desc.waysize; \ + unsigned long ws_inc = 1UL << current_cpu_data.desc.waybit; \ + unsigned long ws_end = current_cpu_data.desc.ways << \ + current_cpu_data.desc.waybit; \ + unsigned long ws, addr; \ + \ + __##pfx##flush_prologue \ + \ + for (ws = 0; ws < ws_end; ws += ws_inc) \ + for (addr = start; addr < end; addr += lsize * 32) \ + cache##lsize##_unroll32(addr|ws, indexop); \ + \ + __##pfx##flush_epilogue \ +} + +__BUILD_BLAST_CACHE_NODE(s, scache, Index_Writeback_Inv_SD, Hit_Writeback_Inv_SD, 16) +__BUILD_BLAST_CACHE_NODE(s, scache, Index_Writeback_Inv_SD, Hit_Writeback_Inv_SD, 32) +__BUILD_BLAST_CACHE_NODE(s, scache, Index_Writeback_Inv_SD, Hit_Writeback_Inv_SD, 64) +__BUILD_BLAST_CACHE_NODE(s, scache, Index_Writeback_Inv_SD, Hit_Writeback_Inv_SD, 128) + #endif /* _ASM_R4KCACHE_H */ diff --git a/arch/mips/mm/c-r4k.c b/arch/mips/mm/c-r4k.c index 6f534b20..2f5abc2 100644 --- a/arch/mips/mm/c-r4k.c +++ b/arch/mips/mm/c-r4k.c @@ -459,11 +459,28 @@ static void r4k_blast_scache_setup(void) r4k_blast_scache = blast_scache128; } +static void (*r4k_blast_scache_node)(long node); + +static void r4k_blast_scache_node_setup(void) +{ + unsigned long sc_lsize = cpu_scache_line_size(); + + if (current_cpu_type() != CPU_LOONGSON3) + r4k_blast_scache_node = (void *)cache_noop; + else if (sc_lsize == 16) + r4k_blast_scache_node = blast_scache16_node; + else if (sc_lsize == 32) + r4k_blast_scache_node = blast_scache32_node; + else if (sc_lsize == 64) + r4k_blast_scache_node = blast_scache64_node; + else if (sc_lsize == 128) + r4k_blast_scache_node = blast_scache128_node; +} + static inline void local_r4k___flush_cache_all(void * args) { switch (current_cpu_type()) { case CPU_LOONGSON2: - case CPU_LOONGSON3: case CPU_R4000SC: case CPU_R4000MC: case CPU_R4400SC: @@ -480,6 +497,11 @@ static inline void local_r4k___flush_cache_all(void * args) r4k_blast_scache(); break; + case CPU_LOONGSON3: + /* Use get_ebase_cpunum() for both NUMA=y/n */ + r4k_blast_scache_node(get_ebase_cpunum() >> 2); + break; + case CPU_BMIPS5000: r4k_blast_scache(); __sync(); @@ -839,10 +861,14 @@ static void r4k_dma_cache_wback_inv(unsigned long addr, unsigned long size) preempt_disable(); if (cpu_has_inclusive_pcaches) { - if (size >= scache_size) - r4k_blast_scache(); - else + if (size >= scache_size) { + if (current_cpu_type() != CPU_LOONGSON3) + r4k_blast_scache(); + else + r4k_blast_scache_node(pa_to_nid(addr)); + } else { blast_scache_range(addr, addr + size); + } preempt_enable(); __sync(); return; @@ -872,9 +898,12 @@ static void r4k_dma_cache_inv(unsigned long addr, unsigned long size) preempt_disable(); if (cpu_has_inclusive_pcaches) { - if (size >= scache_size) - r4k_blast_scache(); - else { + if (size >= scache_size) { + if (current_cpu_type() != CPU_LOONGSON3) + r4k_blast_scache(); + else + r4k_blast_scache_node(pa_to_nid(addr)); + } else { /* * There is no clearly documented alignment requirement * for the cache instruction on MIPS processors and @@ -1905,6 +1934,7 @@ void r4k_cache_init(void) r4k_blast_scache_page_setup(); r4k_blast_scache_page_indexed_setup(); r4k_blast_scache_setup(); + r4k_blast_scache_node_setup(); #ifdef CONFIG_EVA r4k_blast_dcache_user_page_setup(); r4k_blast_icache_user_page_setup(); -- 2.7.0

7 years, 2 months

1
0
0 0

Re: [PATCH] arm64: export tishift functions to modules

by Jason A. Donenfeld

On Tue, Apr 24, 2018 at 3:34 PM, Will Deacon <will.deacon(a)arm.com> wrote: > I've not run into any build issues here -- is this specifically with some > out-of-tree module? I received a bug report email about this. I'm not sure which specific module, and I assumed from the email that it was actually a result of in-tree configuration options rather than an out-of-tree module, but I'm not sure exactly. Either way, I was able to reproduce the problem by coding up a little PoC out-of-tree module, so it is certainly a real problem. > It would be better not to introduce a new header file just for this, I > think. How about compiler.h instead? I could, but actually after I wrote this email I noticed that this is a widespread convention: zx2c4@thinkpad ~/Projects/linux $ subfind asm-prototypes ./arch/s390/include/asm/asm-prototypes.h ./arch/alpha/include/asm/asm-prototypes.h ./arch/powerpc/include/asm/asm-prototypes.h ./arch/m68k/include/asm/asm-prototypes.h ./arch/mips/include/asm/asm-prototypes.h ./arch/x86/include/asm/asm-prototypes.h ./arch/sparc/include/asm/asm-prototypes.h ./arch/ia64/include/asm/asm-prototypes.h ./arch/um/include/asm/asm-prototypes.h ./include/asm-generic/asm-prototypes.h > > We normally export asm symbols via arm64ksyms.c. In fact, would doing that > remove the need for the explicit declarations completely? I'm pretty sure it still needs the declaration; otherwise the module hashing will get confused. Also, the EXPORT_SYMBOL macro is a different one when called from assembly versus from C, though not sure that makes a substantive difference. It seems like this is what other architectures are doing: zx2c4@thinkpad ~/Projects/linux $ rg 'EXPORT_SYMBOL.*__.*[std]i[0-9]' -g '*.S' arch/m68k/lib/modsi3.S 111: EXPORT_SYMBOL(__modsi3) arch/m68k/lib/umodsi3.S 108: EXPORT_SYMBOL(__umodsi3) arch/m68k/lib/udivsi3.S 157: EXPORT_SYMBOL(__udivsi3) arch/m68k/lib/divsi3.S 123: EXPORT_SYMBOL(__divsi3) arch/m68k/lib/mulsi3.S 105: EXPORT_SYMBOL(__mulsi3) arch/powerpc/kernel/misc_32.S 529:EXPORT_SYMBOL(__ashrdi3) 541:EXPORT_SYMBOL(__ashldi3) 553:EXPORT_SYMBOL(__lshrdi3) 569:EXPORT_SYMBOL(__cmpdi2) 584:EXPORT_SYMBOL(__ucmpdi2) 596:EXPORT_SYMBOL(__bswapdi2) arch/powerpc/kernel/misc_64.S 211:EXPORT_SYMBOL(__bswapdi2) arch/sparc/lib/lshrdi3.S 30:EXPORT_SYMBOL(__lshrdi3) arch/sparc/lib/muldi3.S 78:EXPORT_SYMBOL(__muldi3) arch/sparc/lib/divdi3.S 283:EXPORT_SYMBOL(__divdi3) arch/sparc/lib/ashrdi3.S 40:EXPORT_SYMBOL(__ashrdi3) arch/sparc/lib/multi3.S 36:EXPORT_SYMBOL(__multi3) arch/sparc/lib/ashldi3.S 38:EXPORT_SYMBOL(__ashldi3)

7 years, 2 months

2
4
0 0

[merged] fix-null-pointer-in-page_cache_tree_insert.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm/filemap.c: fix NULL pointer in page_cache_tree_insert() has been removed from the -mm tree. Its filename was fix-null-pointer-in-page_cache_tree_insert.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Matthew Wilcox <mawilcox(a)microsoft.com> Subject: mm/filemap.c: fix NULL pointer in page_cache_tree_insert() f2fs specifies the __GFP_ZERO flag for allocating some of its pages. Unfortunately, the page cache also uses the mapping's GFP flags for allocating radix tree nodes. It always masked off the __GFP_HIGHMEM flag, and masks off __GFP_ZERO in some paths, but not all. That causes radix tree nodes to be allocated with a NULL list_head, which causes backtraces like: [<ffffff80086f4de0>] __list_del_entry+0x30/0xd0 [<ffffff8008362018>] list_lru_del+0xac/0x1ac [<ffffff800830f04c>] page_cache_tree_insert+0xd8/0x110 The __GFP_DMA and __GFP_DMA32 flags would also be able to sneak through if they are ever used. Fix them all by using GFP_RECLAIM_MASK at the innermost location, and remove it from earlier in the callchain. Link: http://lkml.kernel.org/r/20180411060320.14458-2-willy@infradead.org Fixes: 449dd6984d0e ("mm: keep page cache radix tree nodes in check") Signed-off-by: Matthew Wilcox <mawilcox(a)microsoft.com> Reported-by: Chris Fries <cfries(a)google.com> Debugged-by: Minchan Kim <minchan(a)kernel.org> Acked-by: Johannes Weiner <hannes(a)cmpxchg.org> Acked-by: Michal Hocko <mhocko(a)suse.com> Reviewed-by: Jan Kara <jack(a)suse.cz> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/filemap.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff -puN mm/filemap.c~fix-null-pointer-in-page_cache_tree_insert mm/filemap.c --- a/mm/filemap.c~fix-null-pointer-in-page_cache_tree_insert +++ a/mm/filemap.c @@ -786,7 +786,7 @@ int replace_page_cache_page(struct page VM_BUG_ON_PAGE(!PageLocked(new), new); VM_BUG_ON_PAGE(new->mapping, new); - error = radix_tree_preload(gfp_mask & ~__GFP_HIGHMEM); + error = radix_tree_preload(gfp_mask & GFP_RECLAIM_MASK); if (!error) { struct address_space *mapping = old->mapping; void (*freepage)(struct page *); @@ -842,7 +842,7 @@ static int __add_to_page_cache_locked(st return error; } - error = radix_tree_maybe_preload(gfp_mask & ~__GFP_HIGHMEM); + error = radix_tree_maybe_preload(gfp_mask & GFP_RECLAIM_MASK); if (error) { if (!huge) mem_cgroup_cancel_charge(page, memcg, false); @@ -1585,8 +1585,7 @@ no_page: if (fgp_flags & FGP_ACCESSED) __SetPageReferenced(page); - err = add_to_page_cache_lru(page, mapping, offset, - gfp_mask & GFP_RECLAIM_MASK); + err = add_to_page_cache_lru(page, mapping, offset, gfp_mask); if (unlikely(err)) { put_page(page); page = NULL; @@ -2387,7 +2386,7 @@ static int page_cache_read(struct file * if (!page) return -ENOMEM; - ret = add_to_page_cache_lru(page, mapping, offset, gfp_mask & GFP_KERNEL); + ret = add_to_page_cache_lru(page, mapping, offset, gfp_mask); if (ret == 0) ret = mapping->a_ops->readpage(file, page); else if (ret == -EEXIST) _ Patches currently in -mm which might be from mawilcox(a)microsoft.com are slab-__gfp_zero-is-incompatible-with-a-constructor.patch ida-remove-simple_ida_lock.patch

7 years, 2 months

1
0
0 0

[merged] autofs-mount-point-create-should-honour-passed-in-mode.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: autofs: mount point create should honour passed in mode has been removed from the -mm tree. Its filename was autofs-mount-point-create-should-honour-passed-in-mode.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Ian Kent <raven(a)themaw.net> Subject: autofs: mount point create should honour passed in mode The autofs file system mkdir inode operation blindly sets the created directory mode to S_IFDIR | 0555, ingoring the passed in mode, which can cause selinux dac_override denials. But the function also checks if the caller is the daemon (as no-one else should be able to do anything here) so there's no point in not honouring the passed in mode, allowing the daemon to set appropriate mode when required. Link: http://lkml.kernel.org/r/152361593601.8051.14014139124905996173.stgit@pluto… Signed-off-by: Ian Kent <raven(a)themaw.net> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/autofs4/root.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff -puN fs/autofs4/root.c~autofs-mount-point-create-should-honour-passed-in-mode fs/autofs4/root.c --- a/fs/autofs4/root.c~autofs-mount-point-create-should-honour-passed-in-mode +++ a/fs/autofs4/root.c @@ -749,7 +749,7 @@ static int autofs4_dir_mkdir(struct inod autofs4_del_active(dentry); - inode = autofs4_get_inode(dir->i_sb, S_IFDIR | 0555); + inode = autofs4_get_inode(dir->i_sb, S_IFDIR | mode); if (!inode) return -ENOMEM; d_add(dentry, inode); _ Patches currently in -mm which might be from raven(a)themaw.net are

7 years, 2 months

1
0
0 0

[merged] rapidio-fix-rio_dma_transfer-error-handling.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: rapidio: fix rio_dma_transfer error handling has been removed from the -mm tree. Its filename was rapidio-fix-rio_dma_transfer-error-handling.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Ioan Nicu <ioan.nicu.ext(a)nokia.com> Subject: rapidio: fix rio_dma_transfer error handling Some of the mport_dma_req structure members were initialized late inside the do_dma_request() function, just before submitting the request to the dma engine. But we have some error branches before that. In case of such an error, the code would return on the error path and trigger the calling of dma_req_free() with a req structure which is not completely initialized. This causes a NULL pointer dereference in dma_req_free(). This patch fixes these error branches by making sure that all necessary mport_dma_req structure members are initialized in rio_dma_transfer() immediately after the request structure gets allocated. Link: http://lkml.kernel.org/r/20180412150605.GA31409@nokia.com Fixes: bbd876adb8c72 ("rapidio: use a reference count for struct mport_dma_req") Signed-off-by: Ioan Nicu <ioan.nicu.ext(a)nokia.com> Tested-by: Alexander Sverdlin <alexander.sverdlin(a)nokia.com> Acked-by: Alexandre Bounine <alex.bou9(a)gmail.com> Cc: Barry Wood <barry.wood(a)idt.com> Cc: Matt Porter <mporter(a)kernel.crashing.org> Cc: Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> Cc: Logan Gunthorpe <logang(a)deltatee.com> Cc: Chris Wilson <chris(a)chris-wilson.co.uk> Cc: Tvrtko Ursulin <tvrtko.ursulin(a)intel.com> Cc: Frank Kunz <frank.kunz(a)nokia.com> Cc: <stable(a)vger.kernel.org> [4.6+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- drivers/rapidio/devices/rio_mport_cdev.c | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff -puN drivers/rapidio/devices/rio_mport_cdev.c~rapidio-fix-rio_dma_transfer-error-handling drivers/rapidio/devices/rio_mport_cdev.c --- a/drivers/rapidio/devices/rio_mport_cdev.c~rapidio-fix-rio_dma_transfer-error-handling +++ a/drivers/rapidio/devices/rio_mport_cdev.c @@ -740,10 +740,7 @@ static int do_dma_request(struct mport_d tx->callback = dma_xfer_callback; tx->callback_param = req; - req->dmach = chan; - req->sync = sync; req->status = DMA_IN_PROGRESS; - init_completion(&req->req_comp); kref_get(&req->refcount); cookie = dmaengine_submit(tx); @@ -831,13 +828,20 @@ rio_dma_transfer(struct file *filp, u32 if (!req) return -ENOMEM; - kref_init(&req->refcount); - ret = get_dma_channel(priv); if (ret) { kfree(req); return ret; } + chan = priv->dmach; + + kref_init(&req->refcount); + init_completion(&req->req_comp); + req->dir = dir; + req->filp = filp; + req->priv = priv; + req->dmach = chan; + req->sync = sync; /* * If parameter loc_addr != NULL, we are transferring data from/to @@ -925,11 +929,6 @@ rio_dma_transfer(struct file *filp, u32 xfer->offset, xfer->length); } - req->dir = dir; - req->filp = filp; - req->priv = priv; - chan = priv->dmach; - nents = dma_map_sg(chan->device->dev, req->sgt.sgl, req->sgt.nents, dir); if (nents == 0) { _ Patches currently in -mm which might be from ioan.nicu.ext(a)nokia.com are

7 years, 2 months

1
0
0 0

[merged] writeback-safer-lock-nesting.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: writeback: safer lock nesting has been removed from the -mm tree. Its filename was writeback-safer-lock-nesting.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Greg Thelen <gthelen(a)google.com> Subject: writeback: safer lock nesting lock_page_memcg()/unlock_page_memcg() use spin_lock_irqsave/restore() if the page's memcg is undergoing move accounting, which occurs when a process leaves its memcg for a new one that has memory.move_charge_at_immigrate set. unlocked_inode_to_wb_begin,end() use spin_lock_irq/spin_unlock_irq() if the given inode is switching writeback domains. Switches occur when enough writes are issued from a new domain. This existing pattern is thus suspicious: lock_page_memcg(page); unlocked_inode_to_wb_begin(inode, &locked); ... unlocked_inode_to_wb_end(inode, locked); unlock_page_memcg(page); If both inode switch and process memcg migration are both in-flight then unlocked_inode_to_wb_end() will unconditionally enable interrupts while still holding the lock_page_memcg() irq spinlock. This suggests the possibility of deadlock if an interrupt occurs before unlock_page_memcg(). truncate __cancel_dirty_page lock_page_memcg unlocked_inode_to_wb_begin unlocked_inode_to_wb_end <interrupts mistakenly enabled> <interrupt> end_page_writeback test_clear_page_writeback lock_page_memcg <deadlock> unlock_page_memcg Due to configuration limitations this deadlock is not currently possible because we don't mix cgroup writeback (a cgroupv2 feature) and memory.move_charge_at_immigrate (a cgroupv1 feature). If the kernel is hacked to always claim inode switching and memcg moving_account, then this script triggers lockup in less than a minute: cd /mnt/cgroup/memory mkdir a b echo 1 > a/memory.move_charge_at_immigrate echo 1 > b/memory.move_charge_at_immigrate ( echo $BASHPID > a/cgroup.procs while true; do dd if=/dev/zero of=/mnt/big bs=1M count=256 done ) & while true; do sync done & sleep 1h & SLEEP=$! while true; do echo $SLEEP > a/cgroup.procs echo $SLEEP > b/cgroup.procs done The deadlock does not seem possible, so it's debatable if there's any reason to modify the kernel. I suggest we should to prevent future surprises. And Wang Long said "this deadlock occurs three times in our environment", so there's more reason to apply this, even to stable. Stable 4.4 has minor conflicts applying this patch. For a clean 4.4 patch see "[PATCH for-4.4] writeback: safer lock nesting" https://lkml.org/lkml/2018/4/11/146 Wang Long said "this deadlock occurs three times in our environment" [gthelen(a)google.com: v4] Link: http://lkml.kernel.org/r/20180411084653.254724-1-gthelen@google.com [akpm(a)linux-foundation.org: comment tweaks, struct initialization simplification] Change-Id: Ibb773e8045852978f6207074491d262f1b3fb613 Link: http://lkml.kernel.org/r/20180410005908.167976-1-gthelen@google.com Fixes: 682aa8e1a6a1 ("writeback: implement unlocked_inode_to_wb transaction and use it for stat updates") Signed-off-by: Greg Thelen <gthelen(a)google.com> Reported-by: Wang Long <wanglong19(a)meituan.com> Acked-by: Wang Long <wanglong19(a)meituan.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Reviewed-by: Andrew Morton <akpm(a)linux-foundation.org> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Tejun Heo <tj(a)kernel.org> Cc: Nicholas Piggin <npiggin(a)gmail.com> Cc: <stable(a)vger.kernel.org> [v4.2+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/fs-writeback.c | 7 +++--- include/linux/backing-dev-defs.h | 5 ++++ include/linux/backing-dev.h | 30 +++++++++++++++-------------- mm/page-writeback.c | 18 ++++++++--------- 4 files changed, 34 insertions(+), 26 deletions(-) diff -puN fs/fs-writeback.c~writeback-safer-lock-nesting fs/fs-writeback.c --- a/fs/fs-writeback.c~writeback-safer-lock-nesting +++ a/fs/fs-writeback.c @@ -745,11 +745,12 @@ int inode_congested(struct inode *inode, */ if (inode && inode_to_wb_is_valid(inode)) { struct bdi_writeback *wb; - bool locked, congested; + struct wb_lock_cookie lock_cookie = {}; + bool congested; - wb = unlocked_inode_to_wb_begin(inode, &locked); + wb = unlocked_inode_to_wb_begin(inode, &lock_cookie); congested = wb_congested(wb, cong_bits); - unlocked_inode_to_wb_end(inode, locked); + unlocked_inode_to_wb_end(inode, &lock_cookie); return congested; } diff -puN include/linux/backing-dev-defs.h~writeback-safer-lock-nesting include/linux/backing-dev-defs.h --- a/include/linux/backing-dev-defs.h~writeback-safer-lock-nesting +++ a/include/linux/backing-dev-defs.h @@ -223,6 +223,11 @@ static inline void set_bdi_congested(str set_wb_congested(bdi->wb.congested, sync); } +struct wb_lock_cookie { + bool locked; + unsigned long flags; +}; + #ifdef CONFIG_CGROUP_WRITEBACK /** diff -puN include/linux/backing-dev.h~writeback-safer-lock-nesting include/linux/backing-dev.h --- a/include/linux/backing-dev.h~writeback-safer-lock-nesting +++ a/include/linux/backing-dev.h @@ -347,7 +347,7 @@ static inline struct bdi_writeback *inod /** * unlocked_inode_to_wb_begin - begin unlocked inode wb access transaction * @inode: target inode - * @lockedp: temp bool output param, to be passed to the end function + * @cookie: output param, to be passed to the end function * * The caller wants to access the wb associated with @inode but isn't * holding inode->i_lock, the i_pages lock or wb->list_lock. This @@ -355,12 +355,12 @@ static inline struct bdi_writeback *inod * association doesn't change until the transaction is finished with * unlocked_inode_to_wb_end(). * - * The caller must call unlocked_inode_to_wb_end() with *@lockdep - * afterwards and can't sleep during transaction. IRQ may or may not be - * disabled on return. + * The caller must call unlocked_inode_to_wb_end() with *@cookie afterwards and + * can't sleep during the transaction. IRQs may or may not be disabled on + * return. */ static inline struct bdi_writeback * -unlocked_inode_to_wb_begin(struct inode *inode, bool *lockedp) +unlocked_inode_to_wb_begin(struct inode *inode, struct wb_lock_cookie *cookie) { rcu_read_lock(); @@ -368,10 +368,10 @@ unlocked_inode_to_wb_begin(struct inode * Paired with store_release in inode_switch_wb_work_fn() and * ensures that we see the new wb if we see cleared I_WB_SWITCH. */ - *lockedp = smp_load_acquire(&inode->i_state) & I_WB_SWITCH; + cookie->locked = smp_load_acquire(&inode->i_state) & I_WB_SWITCH; - if (unlikely(*lockedp)) - xa_lock_irq(&inode->i_mapping->i_pages); + if (unlikely(cookie->locked)) + xa_lock_irqsave(&inode->i_mapping->i_pages, cookie->flags); /* * Protected by either !I_WB_SWITCH + rcu_read_lock() or the i_pages @@ -383,12 +383,13 @@ unlocked_inode_to_wb_begin(struct inode /** * unlocked_inode_to_wb_end - end inode wb access transaction * @inode: target inode - * @locked: *@lockedp from unlocked_inode_to_wb_begin() + * @cookie: @cookie from unlocked_inode_to_wb_begin() */ -static inline void unlocked_inode_to_wb_end(struct inode *inode, bool locked) +static inline void unlocked_inode_to_wb_end(struct inode *inode, + struct wb_lock_cookie *cookie) { - if (unlikely(locked)) - xa_unlock_irq(&inode->i_mapping->i_pages); + if (unlikely(cookie->locked)) + xa_unlock_irqrestore(&inode->i_mapping->i_pages, cookie->flags); rcu_read_unlock(); } @@ -435,12 +436,13 @@ static inline struct bdi_writeback *inod } static inline struct bdi_writeback * -unlocked_inode_to_wb_begin(struct inode *inode, bool *lockedp) +unlocked_inode_to_wb_begin(struct inode *inode, struct wb_lock_cookie *cookie) { return inode_to_wb(inode); } -static inline void unlocked_inode_to_wb_end(struct inode *inode, bool locked) +static inline void unlocked_inode_to_wb_end(struct inode *inode, + struct wb_lock_cookie *cookie) { } diff -puN mm/page-writeback.c~writeback-safer-lock-nesting mm/page-writeback.c --- a/mm/page-writeback.c~writeback-safer-lock-nesting +++ a/mm/page-writeback.c @@ -2502,13 +2502,13 @@ void account_page_redirty(struct page *p if (mapping && mapping_cap_account_dirty(mapping)) { struct inode *inode = mapping->host; struct bdi_writeback *wb; - bool locked; + struct wb_lock_cookie cookie = {}; - wb = unlocked_inode_to_wb_begin(inode, &locked); + wb = unlocked_inode_to_wb_begin(inode, &cookie); current->nr_dirtied--; dec_node_page_state(page, NR_DIRTIED); dec_wb_stat(wb, WB_DIRTIED); - unlocked_inode_to_wb_end(inode, locked); + unlocked_inode_to_wb_end(inode, &cookie); } } EXPORT_SYMBOL(account_page_redirty); @@ -2614,15 +2614,15 @@ void __cancel_dirty_page(struct page *pa if (mapping_cap_account_dirty(mapping)) { struct inode *inode = mapping->host; struct bdi_writeback *wb; - bool locked; + struct wb_lock_cookie cookie = {}; lock_page_memcg(page); - wb = unlocked_inode_to_wb_begin(inode, &locked); + wb = unlocked_inode_to_wb_begin(inode, &cookie); if (TestClearPageDirty(page)) account_page_cleaned(page, mapping, wb); - unlocked_inode_to_wb_end(inode, locked); + unlocked_inode_to_wb_end(inode, &cookie); unlock_page_memcg(page); } else { ClearPageDirty(page); @@ -2654,7 +2654,7 @@ int clear_page_dirty_for_io(struct page if (mapping && mapping_cap_account_dirty(mapping)) { struct inode *inode = mapping->host; struct bdi_writeback *wb; - bool locked; + struct wb_lock_cookie cookie = {}; /* * Yes, Virginia, this is indeed insane. @@ -2691,14 +2691,14 @@ int clear_page_dirty_for_io(struct page * always locked coming in here, so we get the desired * exclusion. */ - wb = unlocked_inode_to_wb_begin(inode, &locked); + wb = unlocked_inode_to_wb_begin(inode, &cookie); if (TestClearPageDirty(page)) { dec_lruvec_page_state(page, NR_FILE_DIRTY); dec_zone_page_state(page, NR_ZONE_WRITE_PENDING); dec_wb_stat(wb, WB_RECLAIMABLE); ret = 1; } - unlocked_inode_to_wb_end(inode, locked); + unlocked_inode_to_wb_end(inode, &cookie); return ret; } return TestClearPageDirty(page); _ Patches currently in -mm which might be from gthelen(a)google.com are

7 years, 2 months

1
0
0 0

[PATCH] Revert "x86/mm: implement free pmd/pte page interfaces"

by Joerg Roedel

From: Joerg Roedel <jroedel(a)suse.de> This reverts commit 28ee90fe6048fa7b7ceaeb8831c0e4e454a4cf89. This commit is broken for x86, as it unmaps the PTE and PMD pages and immediatly frees them without doing a TLB flush. Further this lacks synchronization with other page-tables in the system when the PMD pages are not shared between mm_structs. On x86-32 with PAE and PTI patches on-top this patch triggers the BUG_ON in vmalloc_sync_one() because the kernel and the process page-table were not synchronized. Signed-off-by: Joerg Roedel <jroedel(a)suse.de> --- arch/x86/mm/pgtable.c | 28 ++-------------------------- 1 file changed, 2 insertions(+), 26 deletions(-) diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c index ae98d4c5e32a..fd02a537a80f 100644 --- a/arch/x86/mm/pgtable.c +++ b/arch/x86/mm/pgtable.c @@ -787,22 +787,7 @@ int pmd_clear_huge(pmd_t *pmd) */ int pud_free_pmd_page(pud_t *pud) { - pmd_t *pmd; - int i; - - if (pud_none(*pud)) - return 1; - - pmd = (pmd_t *)pud_page_vaddr(*pud); - - for (i = 0; i < PTRS_PER_PMD; i++) - if (!pmd_free_pte_page(&pmd[i])) - return 0; - - pud_clear(pud); - free_page((unsigned long)pmd); - - return 1; + return pud_none(*pud); } /** @@ -814,15 +799,6 @@ int pud_free_pmd_page(pud_t *pud) */ int pmd_free_pte_page(pmd_t *pmd) { - pte_t *pte; - - if (pmd_none(*pmd)) - return 1; - - pte = (pte_t *)pmd_page_vaddr(*pmd); - pmd_clear(pmd); - free_page((unsigned long)pte); - - return 1; + return pmd_none(*pmd); } #endif /* CONFIG_HAVE_ARCH_HUGE_VMAP */ -- 2.13.6

7 years, 2 months

5
5
0 0

[PATCH 4/9] x86, pkeys: override pkey when moving away from PROT_EXEC

by Dave Hansen

From: Dave Hansen <dave.hansen(a)linux.intel.com> I got a bug report that the following code (roughly) was causing a SIGSEGV: mprotect(ptr, size, PROT_EXEC); mprotect(ptr, size, PROT_NONE); mprotect(ptr, size, PROT_READ); *ptr = 100; The problem is hit when the mprotect(PROT_EXEC) is implicitly assigned a protection key to the VMA, and made that key ACCESS_DENY|WRITE_DENY. The PROT_NONE mprotect() failed to remove the protection key, and the PROT_NONE-> PROT_READ left the PTE usable, but the pkey still in place and left the memory inaccessible. To fix this, we ensure that we always "override" the pkee at mprotect() if the VMA does not have execute-only permissions, but the VMA has the execute-only pkey. We had a check for PROT_READ/WRITE, but it did not work for PROT_NONE. This entirely removes the PROT_* checks, which ensures that PROT_NONE now works. Signed-off-by: Dave Hansen <dave.hansen(a)linux.intel.com> Fixes: 62b5f7d013f ("mm/core, x86/mm/pkeys: Add execute-only protection keys support") Reported-by: Shakeel Butt <shakeelb(a)google.com> Cc: stable(a)vger.kernel.org Cc: Ram Pai <linuxram(a)us.ibm.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Dave Hansen <dave.hansen(a)intel.com> Cc: Michael Ellermen <mpe(a)ellerman.id.au> Cc: Ingo Molnar <mingo(a)kernel.org> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Shuah Khan <shuah(a)kernel.org> --- b/arch/x86/include/asm/pkeys.h | 12 +++++++++++- b/arch/x86/mm/pkeys.c | 21 +++++++++++---------- 2 files changed, 22 insertions(+), 11 deletions(-) diff -puN arch/x86/include/asm/pkeys.h~pkeys-abandon-exec-only-pkey-more-aggressively arch/x86/include/asm/pkeys.h --- a/arch/x86/include/asm/pkeys.h~pkeys-abandon-exec-only-pkey-more-aggressively 2018-04-26 10:42:18.971487371 -0700 +++ b/arch/x86/include/asm/pkeys.h 2018-04-26 10:42:18.977487371 -0700 @@ -2,6 +2,8 @@ #ifndef _ASM_X86_PKEYS_H #define _ASM_X86_PKEYS_H +#define ARCH_DEFAULT_PKEY 0 + #define arch_max_pkey() (boot_cpu_has(X86_FEATURE_OSPKE) ? 16 : 1) extern int arch_set_user_pkey_access(struct task_struct *tsk, int pkey, @@ -15,7 +17,7 @@ extern int __execute_only_pkey(struct mm static inline int execute_only_pkey(struct mm_struct *mm) { if (!boot_cpu_has(X86_FEATURE_OSPKE)) - return 0; + return ARCH_DEFAULT_PKEY; return __execute_only_pkey(mm); } @@ -56,6 +58,14 @@ bool mm_pkey_is_allocated(struct mm_stru return false; if (pkey >= arch_max_pkey()) return false; + /* + * The exec-only pkey is set in the allocation map, but + * is not available to any of the user interfaces like + * mprotect_pkey(). + */ + if (pkey == mm->context.execute_only_pkey) + return false; + return mm_pkey_allocation_map(mm) & (1U << pkey); } diff -puN arch/x86/mm/pkeys.c~pkeys-abandon-exec-only-pkey-more-aggressively arch/x86/mm/pkeys.c --- a/arch/x86/mm/pkeys.c~pkeys-abandon-exec-only-pkey-more-aggressively 2018-04-26 10:42:18.973487371 -0700 +++ b/arch/x86/mm/pkeys.c 2018-04-26 10:47:34.806486584 -0700 @@ -94,26 +94,27 @@ int __arch_override_mprotect_pkey(struct */ if (pkey != -1) return pkey; - /* - * Look for a protection-key-drive execute-only mapping - * which is now being given permissions that are not - * execute-only. Move it back to the default pkey. - */ - if (vma_is_pkey_exec_only(vma) && - (prot & (PROT_READ|PROT_WRITE))) { - return 0; - } + /* * The mapping is execute-only. Go try to get the * execute-only protection key. If we fail to do that, * fall through as if we do not have execute-only - * support. + * support in this mm. */ if (prot == PROT_EXEC) { pkey = execute_only_pkey(vma->vm_mm); if (pkey > 0) return pkey; + } else if (vma_is_pkey_exec_only(vma)) { + /* + * Protections are *not* PROT_EXEC, but the mapping + * is using the exec-only pkey. This mapping was + * PROT_EXEC and will no longer be. Move back to + * the default pkey. + */ + return ARCH_DEFAULT_PKEY; } + /* * This is a vanilla, non-pkey mprotect (or we failed to * setup execute-only), inherit the pkey from the VMA we _

7 years, 2 months

1
0
0 0

[PATCH 1/9] x86, pkeys: do not special case protection key 0

by Dave Hansen

From: Dave Hansen <dave.hansen(a)linux.intel.com> mm_pkey_is_allocated() treats pkey 0 as unallocated. That is inconsistent with the manpages, and also inconsistent with mm->context.pkey_allocation_map. Stop special casing it and only disallow values that are actually bad (< 0). The end-user visible effect of this is that you can now use mprotect_pkey() to set pkey=0. This is a bit nicer than what Ram proposed because it is simpler and removes special-casing for pkey 0. On the other hand, it does allow applciations to pkey_free() pkey-0, but that's just a silly thing to do, so we are not going to protect against it. Signed-off-by: Dave Hansen <dave.hansen(a)linux.intel.com> Fixes: 58ab9a088dda ("x86/pkeys: Check against max pkey to avoid overflows") Cc: stable(a)kernel.org Cc: Ram Pai <linuxram(a)us.ibm.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Dave Hansen <dave.hansen(a)intel.com> Cc: Michael Ellermen <mpe(a)ellerman.id.au> Cc: Ingo Molnar <mingo(a)kernel.org> Cc: Andrew Morton <akpm(a)linux-foundation.org>p Cc: Shuah Khan <shuah(a)kernel.org> --- b/arch/x86/include/asm/mmu_context.h | 2 +- b/arch/x86/include/asm/pkeys.h | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff -puN arch/x86/include/asm/mmu_context.h~x86-pkey-0-default-allocated arch/x86/include/asm/mmu_context.h --- a/arch/x86/include/asm/mmu_context.h~x86-pkey-0-default-allocated 2018-03-26 10:22:33.742170197 -0700 +++ b/arch/x86/include/asm/mmu_context.h 2018-03-26 10:22:33.747170197 -0700 @@ -192,7 +192,7 @@ static inline int init_new_context(struc #ifdef CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS if (cpu_feature_enabled(X86_FEATURE_OSPKE)) { - /* pkey 0 is the default and always allocated */ + /* pkey 0 is the default and allocated implicitly */ mm->context.pkey_allocation_map = 0x1; /* -1 means unallocated or invalid */ mm->context.execute_only_pkey = -1; diff -puN arch/x86/include/asm/pkeys.h~x86-pkey-0-default-allocated arch/x86/include/asm/pkeys.h --- a/arch/x86/include/asm/pkeys.h~x86-pkey-0-default-allocated 2018-03-26 10:22:33.744170197 -0700 +++ b/arch/x86/include/asm/pkeys.h 2018-03-26 10:22:33.747170197 -0700 @@ -49,10 +49,10 @@ bool mm_pkey_is_allocated(struct mm_stru { /* * "Allocated" pkeys are those that have been returned - * from pkey_alloc(). pkey 0 is special, and never - * returned from pkey_alloc(). + * from pkey_alloc() or pkey 0 which is allocated + * implicitly when the mm is created. */ - if (pkey <= 0) + if (pkey < 0) return false; if (pkey >= arch_max_pkey()) return false; _

7 years, 2 months

1
0
0 0

[PATCH] NET: usb: qmi_wwan: add support for ublox R410M PID 0x90b2

by SZ Lin (林上智)

This patch adds support for PID 0x90b2 of ublox R410M. qmicli -d /dev/cdc-wdm0 --dms-get-manufacturer [/dev/cdc-wdm0] Device manufacturer retrieved: Manufacturer: 'u-blox' qmicli -d /dev/cdc-wdm0 --dms-get-model [/dev/cdc-wdm0] Device model retrieved: Model: 'SARA-R410M-02B' Signed-off-by: SZ Lin (林上智) <sz.lin(a)moxa.com> Cc: stable <stable(a)vger.kernel.org> --- drivers/net/usb/qmi_wwan.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/net/usb/qmi_wwan.c b/drivers/net/usb/qmi_wwan.c index c853e7410f5a..51c68fc416fa 100644 --- a/drivers/net/usb/qmi_wwan.c +++ b/drivers/net/usb/qmi_wwan.c @@ -1098,6 +1098,7 @@ static const struct usb_device_id products[] = { {QMI_FIXED_INTF(0x05c6, 0x9080, 8)}, {QMI_FIXED_INTF(0x05c6, 0x9083, 3)}, {QMI_FIXED_INTF(0x05c6, 0x9084, 4)}, + {QMI_FIXED_INTF(0x05c6, 0x90b2, 3)}, /* ublox R410M */ {QMI_FIXED_INTF(0x05c6, 0x920d, 0)}, {QMI_FIXED_INTF(0x05c6, 0x920d, 5)}, {QMI_QUIRK_SET_DTR(0x05c6, 0x9625, 4)}, /* YUGA CLM920-NC5 */ -- 2.17.0

7 years, 2 months

3
2
0 0

[PATCH] Revert "Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174"

by Hans de Goede

Commit f44cb4b19ed4 ("Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174") is causing bluetooth to no longer work for several people, see: https://bugzilla.redhat.com/show_bug.cgi?id=1568911 So lets revert it for now and try to find another solution for devices which need the modified quirk. Cc: stable(a)vger.kernel.org Cc: Takashi Iwai <tiwai(a)suse.de> Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> --- drivers/bluetooth/btusb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c index 7f987c81c006..55693648b211 100644 --- a/drivers/bluetooth/btusb.c +++ b/drivers/bluetooth/btusb.c @@ -231,6 +231,7 @@ static const struct usb_device_id blacklist_table[] = { { USB_DEVICE(0x0930, 0x0227), .driver_info = BTUSB_ATH3012 }, { USB_DEVICE(0x0b05, 0x17d0), .driver_info = BTUSB_ATH3012 }, { USB_DEVICE(0x0cf3, 0x0036), .driver_info = BTUSB_ATH3012 }, + { USB_DEVICE(0x0cf3, 0x3004), .driver_info = BTUSB_ATH3012 }, { USB_DEVICE(0x0cf3, 0x3008), .driver_info = BTUSB_ATH3012 }, { USB_DEVICE(0x0cf3, 0x311d), .driver_info = BTUSB_ATH3012 }, { USB_DEVICE(0x0cf3, 0x311e), .driver_info = BTUSB_ATH3012 }, @@ -263,7 +264,6 @@ static const struct usb_device_id blacklist_table[] = { { USB_DEVICE(0x0489, 0xe03c), .driver_info = BTUSB_ATH3012 }, /* QCA ROME chipset */ - { USB_DEVICE(0x0cf3, 0x3004), .driver_info = BTUSB_QCA_ROME }, { USB_DEVICE(0x0cf3, 0xe007), .driver_info = BTUSB_QCA_ROME }, { USB_DEVICE(0x0cf3, 0xe009), .driver_info = BTUSB_QCA_ROME }, { USB_DEVICE(0x0cf3, 0xe010), .driver_info = BTUSB_QCA_ROME }, -- 2.17.0

7 years, 2 months

2
4
0 0

[PATCH] RDMA/cxgb4: release hw resources on device removal

by Raju Rangoju

The c4iw_rdev_close() logic was not releasing all the hw resources (PBL and RQT memory) during the device removal event (driver unload / system reboot). This can cause panic in gen_pool_destroy(). The module remove function will wait for all the hw resources to be released during the device removal event. Fixes c12a67fe(iw_cxgb4: free EQ queue memory on last deref) Signed-off-by: Raju Rangoju <rajur(a)chelsio.com> Reviewed-by: Steve Wise <swise(a)opengridcomputing.com> Cc: stable(a)vger.kernel.org --- drivers/infiniband/hw/cxgb4/device.c | 9 ++++++++- drivers/infiniband/hw/cxgb4/iw_cxgb4.h | 4 ++++ drivers/infiniband/hw/cxgb4/resource.c | 26 ++++++++++++++++++++++++-- 3 files changed, 36 insertions(+), 3 deletions(-) diff --git a/drivers/infiniband/hw/cxgb4/device.c b/drivers/infiniband/hw/cxgb4/device.c index feeb8ee6f4a2..44161ca4d2a8 100644 --- a/drivers/infiniband/hw/cxgb4/device.c +++ b/drivers/infiniband/hw/cxgb4/device.c @@ -875,6 +875,11 @@ static int c4iw_rdev_open(struct c4iw_rdev *rdev) rdev->status_page->db_off = 0; + init_completion(&rdev->rqt_compl); + init_completion(&rdev->pbl_compl); + kref_init(&rdev->rqt_kref); + kref_init(&rdev->pbl_kref); + return 0; err_free_status_page_and_wr_log: if (c4iw_wr_log && rdev->wr_log) @@ -893,13 +898,15 @@ static int c4iw_rdev_open(struct c4iw_rdev *rdev) static void c4iw_rdev_close(struct c4iw_rdev *rdev) { - destroy_workqueue(rdev->free_workq); kfree(rdev->wr_log); c4iw_release_dev_ucontext(rdev, &rdev->uctx); free_page((unsigned long)rdev->status_page); c4iw_pblpool_destroy(rdev); c4iw_rqtpool_destroy(rdev); + wait_for_completion(&rdev->pbl_compl); + wait_for_completion(&rdev->rqt_compl); c4iw_ocqp_pool_destroy(rdev); + destroy_workqueue(rdev->free_workq); c4iw_destroy_resource(&rdev->resource); } diff --git a/drivers/infiniband/hw/cxgb4/iw_cxgb4.h b/drivers/infiniband/hw/cxgb4/iw_cxgb4.h index cc929002c05e..a60def23e9ef 100644 --- a/drivers/infiniband/hw/cxgb4/iw_cxgb4.h +++ b/drivers/infiniband/hw/cxgb4/iw_cxgb4.h @@ -185,6 +185,10 @@ struct c4iw_rdev { struct wr_log_entry *wr_log; int wr_log_size; struct workqueue_struct *free_workq; + struct completion rqt_compl; + struct completion pbl_compl; + struct kref rqt_kref; + struct kref pbl_kref; }; static inline int c4iw_fatal_error(struct c4iw_rdev *rdev) diff --git a/drivers/infiniband/hw/cxgb4/resource.c b/drivers/infiniband/hw/cxgb4/resource.c index 3cf25997ed2b..0ef25ae05e6f 100644 --- a/drivers/infiniband/hw/cxgb4/resource.c +++ b/drivers/infiniband/hw/cxgb4/resource.c @@ -260,12 +260,22 @@ u32 c4iw_pblpool_alloc(struct c4iw_rdev *rdev, int size) rdev->stats.pbl.cur += roundup(size, 1 << MIN_PBL_SHIFT); if (rdev->stats.pbl.cur > rdev->stats.pbl.max) rdev->stats.pbl.max = rdev->stats.pbl.cur; + kref_get(&rdev->pbl_kref); } else rdev->stats.pbl.fail++; mutex_unlock(&rdev->stats.lock); return (u32)addr; } +static void destroy_pblpool(struct kref *kref) +{ + struct c4iw_rdev *rdev; + + rdev = container_of(kref, struct c4iw_rdev, pbl_kref); + gen_pool_destroy(rdev->pbl_pool); + complete(&rdev->pbl_compl); +} + void c4iw_pblpool_free(struct c4iw_rdev *rdev, u32 addr, int size) { pr_debug("addr 0x%x size %d\n", addr, size); @@ -273,6 +283,7 @@ void c4iw_pblpool_free(struct c4iw_rdev *rdev, u32 addr, int size) rdev->stats.pbl.cur -= roundup(size, 1 << MIN_PBL_SHIFT); mutex_unlock(&rdev->stats.lock); gen_pool_free(rdev->pbl_pool, (unsigned long)addr, size); + kref_put(&rdev->pbl_kref, destroy_pblpool); } int c4iw_pblpool_create(struct c4iw_rdev *rdev) @@ -310,7 +321,7 @@ int c4iw_pblpool_create(struct c4iw_rdev *rdev) void c4iw_pblpool_destroy(struct c4iw_rdev *rdev) { - gen_pool_destroy(rdev->pbl_pool); + kref_put(&rdev->pbl_kref, destroy_pblpool); } /* @@ -331,12 +342,22 @@ u32 c4iw_rqtpool_alloc(struct c4iw_rdev *rdev, int size) rdev->stats.rqt.cur += roundup(size << 6, 1 << MIN_RQT_SHIFT); if (rdev->stats.rqt.cur > rdev->stats.rqt.max) rdev->stats.rqt.max = rdev->stats.rqt.cur; + kref_get(&rdev->rqt_kref); } else rdev->stats.rqt.fail++; mutex_unlock(&rdev->stats.lock); return (u32)addr; } +static void destroy_rqtpool(struct kref *kref) +{ + struct c4iw_rdev *rdev; + + rdev = container_of(kref, struct c4iw_rdev, rqt_kref); + gen_pool_destroy(rdev->rqt_pool); + complete(&rdev->rqt_compl); +} + void c4iw_rqtpool_free(struct c4iw_rdev *rdev, u32 addr, int size) { pr_debug("addr 0x%x size %d\n", addr, size << 6); @@ -344,6 +365,7 @@ void c4iw_rqtpool_free(struct c4iw_rdev *rdev, u32 addr, int size) rdev->stats.rqt.cur -= roundup(size << 6, 1 << MIN_RQT_SHIFT); mutex_unlock(&rdev->stats.lock); gen_pool_free(rdev->rqt_pool, (unsigned long)addr, size << 6); + kref_put(&rdev->rqt_kref, destroy_rqtpool); } int c4iw_rqtpool_create(struct c4iw_rdev *rdev) @@ -380,7 +402,7 @@ int c4iw_rqtpool_create(struct c4iw_rdev *rdev) void c4iw_rqtpool_destroy(struct c4iw_rdev *rdev) { - gen_pool_destroy(rdev->rqt_pool); + kref_put(&rdev->rqt_kref, destroy_rqtpool); } /* -- 2.12.0

7 years, 2 months

2
1
0 0

[PATCH 00/18] s390 spectre mititgation for 4.4

by Martin Schwidefsky

Greetings, this series is the backport of 18 upstream patches to add the current s390 spectre mitigation to kernel version 4.14. One less patch than 4.14 and 4.9 as there is no nested KVM guest support (aka vsie) in 4.4. It follows the x86 approach with array_index_nospec for the v1 spectre attack and retpoline/expoline for v2. As a fallback there is the ppa-12/ppa-13 based defense which requires an micro-code update. Christian Borntraeger (2): KVM: s390: wire up bpb feature s390/entry.S: fix spurious zeroing of r0 Eugeniu Rosca (1): s390: Replace IS_ENABLED(EXPOLINE_*) with IS_ENABLED(CONFIG_EXPOLINE_*) Heiko Carstens (1): s390: enable CPU alternatives unconditionally Martin Schwidefsky (13): s390: scrub registers on kernel entry and KVM exit s390: add optimized array_index_mask_nospec s390/alternative: use a copy of the facility bit mask s390: add options to change branch prediction behaviour for the kernel s390: run user space and KVM guests with modified branch prediction s390: introduce execute-trampolines for branches s390: do not bypass BPENTER for interrupt system calls s390: move nobp parameter functions to nospec-branch.c s390: add automatic detection of the spectre defense s390: report spectre mitigation via syslog s390: add sysfs attributes for spectre s390: correct nospec auto detection init order s390: correct module section names for expoline code revert Vasily Gorbik (1): s390: introduce CPU alternatives Documentation/kernel-parameters.txt | 3 + arch/s390/Kconfig | 47 +++++++ arch/s390/Makefile | 10 ++ arch/s390/include/asm/alternative.h | 149 ++++++++++++++++++++ arch/s390/include/asm/barrier.h | 24 ++++ arch/s390/include/asm/facility.h | 18 +++ arch/s390/include/asm/kvm_host.h | 3 +- arch/s390/include/asm/lowcore.h | 7 +- arch/s390/include/asm/nospec-branch.h | 17 +++ arch/s390/include/asm/processor.h | 4 + arch/s390/include/asm/thread_info.h | 4 + arch/s390/include/uapi/asm/kvm.h | 3 + arch/s390/kernel/Makefile | 5 +- arch/s390/kernel/alternative.c | 112 +++++++++++++++ arch/s390/kernel/early.c | 5 + arch/s390/kernel/entry.S | 250 ++++++++++++++++++++++++++++++---- arch/s390/kernel/ipl.c | 1 + arch/s390/kernel/module.c | 65 ++++++++- arch/s390/kernel/nospec-branch.c | 169 +++++++++++++++++++++++ arch/s390/kernel/processor.c | 18 +++ arch/s390/kernel/setup.c | 14 +- arch/s390/kernel/smp.c | 7 +- arch/s390/kernel/vmlinux.lds.S | 37 +++++ arch/s390/kvm/kvm-s390.c | 13 +- drivers/s390/char/Makefile | 2 + include/uapi/linux/kvm.h | 1 + 26 files changed, 952 insertions(+), 36 deletions(-) create mode 100644 arch/s390/include/asm/alternative.h create mode 100644 arch/s390/include/asm/nospec-branch.h create mode 100644 arch/s390/kernel/alternative.c create mode 100644 arch/s390/kernel/nospec-branch.c -- 2.13.5

7 years, 2 months

3
20
0 0

Re: [PATCH 4.9 30/74] KVM: s390: wire up bpb feature

by Christian Borntraeger

On 04/27/2018 03:58 PM, Greg Kroah-Hartman wrote: > 4.9-stable review patch. If anyone has any objections, please let me know. > > ------------------ > > From: Martin Schwidefsky <schwidefsky(a)de.ibm.com> > > > From: Christian Borntraeger <borntraeger(a)de.ibm.com> Minus the double author and the unrelated white space change this backport looks good. > > [ Upstream commit 35b3fde6203b932b2b1a5b53b3d8808abc9c4f60 ] > > The new firmware interfaces for branch prediction behaviour changes > are transparently available for the guest. Nevertheless, there is > new state attached that should be migrated and properly resetted. > Provide a mechanism for handling reset, migration and VSIE. > > Signed-off-by: Christian Borntraeger <borntraeger(a)de.ibm.com> > Reviewed-by: David Hildenbrand <david(a)redhat.com> > Reviewed-by: Cornelia Huck <cohuck(a)redhat.com> > [Changed capability number to 152. - Radim] > Signed-off-by: Radim Krčmář <rkrcmar(a)redhat.com> > Signed-off-by: Martin Schwidefsky <schwidefsky(a)de.ibm.com> > Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> > --- > arch/s390/include/asm/kvm_host.h | 3 ++- > arch/s390/include/uapi/asm/kvm.h | 5 ++++- > arch/s390/kvm/kvm-s390.c | 13 ++++++++++++- > arch/s390/kvm/vsie.c | 10 ++++++++++ > include/uapi/linux/kvm.h | 1 + > 5 files changed, 29 insertions(+), 3 deletions(-) > > --- a/arch/s390/include/asm/kvm_host.h > +++ b/arch/s390/include/asm/kvm_host.h > @@ -181,7 +181,8 @@ struct kvm_s390_sie_block { > __u16 ipa; /* 0x0056 */ > __u32 ipb; /* 0x0058 */ > __u32 scaoh; /* 0x005c */ > - __u8 reserved60; /* 0x0060 */ > +#define FPF_BPBC 0x20 > + __u8 fpf; /* 0x0060 */ > __u8 ecb; /* 0x0061 */ > __u8 ecb2; /* 0x0062 */ > #define ECB3_AES 0x04 > --- a/arch/s390/include/uapi/asm/kvm.h > +++ b/arch/s390/include/uapi/asm/kvm.h > @@ -197,6 +197,7 @@ struct kvm_guest_debug_arch { > #define KVM_SYNC_VRS (1UL << 6) > #define KVM_SYNC_RICCB (1UL << 7) > #define KVM_SYNC_FPRS (1UL << 8) > +#define KVM_SYNC_BPBC (1UL << 10) > /* definition of registers in kvm_run */ > struct kvm_sync_regs { > __u64 prefix; /* prefix register */ > @@ -217,7 +218,9 @@ struct kvm_sync_regs { > }; > __u8 reserved[512]; /* for future vector expansion */ > __u32 fpc; /* valid on KVM_SYNC_VRS or KVM_SYNC_FPRS */ > - __u8 padding[52]; /* riccb needs to be 64byte aligned */ > + __u8 bpbc : 1; /* bp mode */ > + __u8 reserved2 : 7; > + __u8 padding1[51]; /* riccb needs to be 64byte aligned */ > __u8 riccb[64]; /* runtime instrumentation controls block */ > }; > > --- a/arch/s390/kvm/kvm-s390.c > +++ b/arch/s390/kvm/kvm-s390.c > @@ -401,6 +401,9 @@ int kvm_vm_ioctl_check_extension(struct > case KVM_CAP_S390_RI: > r = test_facility(64); > break; > + case KVM_CAP_S390_BPB: > + r = test_facility(82); > + break; > default: > r = 0; > } > @@ -1713,6 +1716,8 @@ int kvm_arch_vcpu_init(struct kvm_vcpu * > kvm_s390_set_prefix(vcpu, 0); > if (test_kvm_facility(vcpu->kvm, 64)) > vcpu->run->kvm_valid_regs |= KVM_SYNC_RICCB; > + if (test_kvm_facility(vcpu->kvm, 82)) > + vcpu->run->kvm_valid_regs |= KVM_SYNC_BPBC; > /* fprs can be synchronized via vrs, even if the guest has no vx. With > * MACHINE_HAS_VX, (load|store)_fpu_regs() will work with vrs format. > */ > @@ -1829,7 +1834,6 @@ void kvm_arch_vcpu_load(struct kvm_vcpu > if (test_fp_ctl(current->thread.fpu.fpc)) > /* User space provided an invalid FPC, let's clear it */ > current->thread.fpu.fpc = 0; > - > save_access_regs(vcpu->arch.host_acrs); > restore_access_regs(vcpu->run->s.regs.acrs); > gmap_enable(vcpu->arch.enabled_gmap); > @@ -1877,6 +1881,7 @@ static void kvm_s390_vcpu_initial_reset( > current->thread.fpu.fpc = 0; > vcpu->arch.sie_block->gbea = 1; > vcpu->arch.sie_block->pp = 0; > + vcpu->arch.sie_block->fpf &= ~FPF_BPBC; > vcpu->arch.pfault_token = KVM_S390_PFAULT_TOKEN_INVALID; > kvm_clear_async_pf_completion_queue(vcpu); > if (!kvm_s390_user_cpu_state_ctrl(vcpu->kvm)) > @@ -2744,6 +2749,11 @@ static void sync_regs(struct kvm_vcpu *v > if (riccb->valid) > vcpu->arch.sie_block->ecb3 |= 0x01; > } > + if ((kvm_run->kvm_dirty_regs & KVM_SYNC_BPBC) && > + test_kvm_facility(vcpu->kvm, 82)) { > + vcpu->arch.sie_block->fpf &= ~FPF_BPBC; > + vcpu->arch.sie_block->fpf |= kvm_run->s.regs.bpbc ? FPF_BPBC : 0; > + } > > kvm_run->kvm_dirty_regs = 0; > } > @@ -2762,6 +2772,7 @@ static void store_regs(struct kvm_vcpu * > kvm_run->s.regs.pft = vcpu->arch.pfault_token; > kvm_run->s.regs.pfs = vcpu->arch.pfault_select; > kvm_run->s.regs.pfc = vcpu->arch.pfault_compare; > + kvm_run->s.regs.bpbc = (vcpu->arch.sie_block->fpf & FPF_BPBC) == FPF_BPBC; > } > > int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run) > --- a/arch/s390/kvm/vsie.c > +++ b/arch/s390/kvm/vsie.c > @@ -217,6 +217,12 @@ static void unshadow_scb(struct kvm_vcpu > memcpy(scb_o->gcr, scb_s->gcr, 128); > scb_o->pp = scb_s->pp; > > + /* branch prediction */ > + if (test_kvm_facility(vcpu->kvm, 82)) { > + scb_o->fpf &= ~FPF_BPBC; > + scb_o->fpf |= scb_s->fpf & FPF_BPBC; > + } > + > /* interrupt intercept */ > switch (scb_s->icptcode) { > case ICPT_PROGI: > @@ -259,6 +265,7 @@ static int shadow_scb(struct kvm_vcpu *v > scb_s->ecb3 = 0; > scb_s->ecd = 0; > scb_s->fac = 0; > + scb_s->fpf = 0; > > rc = prepare_cpuflags(vcpu, vsie_page); > if (rc) > @@ -316,6 +323,9 @@ static int shadow_scb(struct kvm_vcpu *v > prefix_unmapped(vsie_page); > scb_s->ecb |= scb_o->ecb & 0x10U; > } > + /* branch prediction */ > + if (test_kvm_facility(vcpu->kvm, 82)) > + scb_s->fpf |= scb_o->fpf & FPF_BPBC; > /* SIMD */ > if (test_kvm_facility(vcpu->kvm, 129)) { > scb_s->eca |= scb_o->eca & 0x00020000U; > --- a/include/uapi/linux/kvm.h > +++ b/include/uapi/linux/kvm.h > @@ -870,6 +870,7 @@ struct kvm_ppc_smmu_info { > #define KVM_CAP_S390_USER_INSTR0 130 > #define KVM_CAP_MSI_DEVID 131 > #define KVM_CAP_PPC_HTM 132 > +#define KVM_CAP_S390_BPB 152 > > #ifdef KVM_CAP_IRQ_ROUTING > > >

7 years, 2 months

1
0
0 0

[PATCH] KVM: vmx: update SECONDARY_EXEC_DESC only if CR4.UMIP changes

by Sean Christopherson

Update SECONDARY_EXEC_DESC in SECONDARY_VM_EXEC_CONTROL for UMIP emulation if and only if CR4.UMIP is being modified and UMIP is not supported by hardware, i.e. we're emulating UMIP. If CR4.UMIP is not being changed then it's safe to assume that the previous invocation of vmx_set_cr4() correctly set SECONDARY_EXEC_DESC, i.e. the desired value is already the current value. This avoids unnecessary VMREAD/VMWRITE to SECONDARY_VM_EXEC_CONTROL, which is critical as not all processors support SECONDARY_VM_EXEC_CONTROL. WARN once and signal a fault if CR4.UMIP is changing and UMIP can't be emulated, i.e. SECONDARY_EXEC_DESC can't be set. Prior checks should prevent setting UMIP if it can't be emulated, i.e. UMIP shouldn't have been advertised to the guest if it can't be emulated, regardless of whether or not UMIP is supported in bare metal. Fixes: 0367f205a3b7 ("KVM: vmx: add support for emulating UMIP") Cc: stable(a)vger.kernel.org #4.16 Reported-by: Paolo Zeppegno <pzeppegno(a)gmail.com> Signed-off-by: Sean Christopherson <sean.j.christopherson(a)intel.com> --- arch/x86/kvm/vmx.c | 34 ++++++++++++++++++++-------------- 1 file changed, 20 insertions(+), 14 deletions(-) diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c index aafcc9881e88..1502a2ac7884 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -1494,6 +1494,12 @@ static inline bool cpu_has_vmx_vmfunc(void) SECONDARY_EXEC_ENABLE_VMFUNC; } +static bool vmx_umip_emulated(void) +{ + return vmcs_config.cpu_based_2nd_exec_ctrl & + SECONDARY_EXEC_DESC; +} + static inline bool report_flexpriority(void) { return flexpriority_enabled; @@ -4776,14 +4782,20 @@ static int vmx_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4) else hw_cr4 |= KVM_PMODE_VM_CR4_ALWAYS_ON; - if ((cr4 & X86_CR4_UMIP) && !boot_cpu_has(X86_FEATURE_UMIP)) { - vmcs_set_bits(SECONDARY_VM_EXEC_CONTROL, - SECONDARY_EXEC_DESC); - hw_cr4 &= ~X86_CR4_UMIP; - } else if (!is_guest_mode(vcpu) || - !nested_cpu_has2(get_vmcs12(vcpu), SECONDARY_EXEC_DESC)) - vmcs_clear_bits(SECONDARY_VM_EXEC_CONTROL, - SECONDARY_EXEC_DESC); + if (((cr4 ^ kvm_read_cr4(vcpu)) & X86_CR4_UMIP) && + !boot_cpu_has(X86_FEATURE_UMIP)) { + if (WARN_ON_ONCE(!vmx_umip_emulated())) + return 1; + + if (cr4 & X86_CR4_UMIP) { + vmcs_set_bits(SECONDARY_VM_EXEC_CONTROL, + SECONDARY_EXEC_DESC); + hw_cr4 &= ~X86_CR4_UMIP; + } else if (!is_guest_mode(vcpu) || + !nested_cpu_has2(get_vmcs12(vcpu), SECONDARY_EXEC_DESC)) + vmcs_clear_bits(SECONDARY_VM_EXEC_CONTROL, + SECONDARY_EXEC_DESC); + } if (cr4 & X86_CR4_VMXE) { /* @@ -9512,12 +9524,6 @@ static bool vmx_xsaves_supported(void) SECONDARY_EXEC_XSAVES; } -static bool vmx_umip_emulated(void) -{ - return vmcs_config.cpu_based_2nd_exec_ctrl & - SECONDARY_EXEC_DESC; -} - static void vmx_recover_nmi_blocking(struct vcpu_vmx *vmx) { u32 exit_intr_info; -- 2.16.2

7 years, 2 months

2
1
0 0

Re: [PATCH] cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status

by Dan Carpenter

On Fri, Apr 27, 2018 at 08:43:03AM -0600, Scott Bauer wrote: > > > On 04/27/2018 06:41 AM, Dan Carpenter wrote: > > I sent you an email to send this patch, but reviewing it now it's not > > actually a run time bug. The cdrom_slot_status() function takes an > > integer argument so it works. > > It's still runtime bug... I should reword the commit a bit to reflect that it's not > like the upper 32 bit issue that you had found. Look at it this way, ints can be negative, right? > Oh. Yeah. Duh... > The check is as follows: > > 2545: if (((int)arg >= cdi->capacity)) > return -EINVAL <https://elixir.bootlin.com/linux/v4.17-rc2/ident/EINVAL>; > return cdrom_slot_status <https://elixir.bootlin.com/linux/v4.17-rc2/ident/cdrom_slot_status>(cdi, arg); so if (-65536 >= cdi->capacity) it's not so we don't return -einval. And we pass a negative index into cdrom_slot_status. > > > where we do the following (https://elixir.bootlin.com/linux/v4.17-rc2/source/drivers/cdrom/cdrom.c#L13…): > > 1336: > if (info->slots <https://elixir.bootlin.com/linux/v4.17-rc2/ident/slots>[slot <https://elixir.bootlin.com/linux/v4.17-rc2/ident/slot>].disc_present) > ret = CDS_DISC_OK <https://elixir.bootlin.com/linux/v4.17-rc2/ident/CDS_DISC_OK>; > > > > > > > I'm working on a static checker warning for these kinds of bugs: > > > > drivers/cdrom/cdrom.c:2444 cdrom_ioctl_select_disc() warn: truncated comparison 'arg' 'u64max' to 's32max' > > > > drivers/cdrom/cdrom.c > > 2435 static int cdrom_ioctl_select_disc(struct cdrom_device_info *cdi, > > 2436 unsigned long arg) > > 2437 { > > 2438 cd_dbg(CD_DO_IOCTL, "entering CDROM_SELECT_DISC\n"); > > 2439 > > 2440 if (!CDROM_CAN(CDC_SELECT_DISC)) > > 2441 return -ENOSYS; > > 2442 > > 2443 if (arg != CDSL_CURRENT && arg != CDSL_NONE) { > > 2444 if ((int)arg >= cdi->capacity) > > ^^^^^^^^^^^^^^^^^^^^^^^^^ > > 2445 return -EINVAL; > > 2446 } > > 2447 > > 2448 /* > > 2449 * ->select_disc is a hook to allow a driver-specific way of > > 2450 * seleting disc. However, since there is no equivalent hook for > > 2451 * cdrom_slot_status this may not actually be useful... > > 2452 */ > > 2453 if (cdi->ops->select_disc) > > 2454 return cdi->ops->select_disc(cdi, arg); > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > ->select_disc() also take an int so it's fine (plus there is no such > > function so it's dead code). > > > > 2455 > > 2456 cd_dbg(CD_CHANGER, "Using generic cdrom_select_disc()\n"); > > 2457 return cdrom_select_disc(cdi, arg); > > ^^^ > > Also an int. > > > > 2458 } > > > > So I think it's a good idea to fix these just for cleanliness and to > > silence the static checker warnings but it doesn't affect runtime. > > Yeah, this one was "fine" aside from being messy, that's why I didn't send a patch for it. > I'm not convinced any more. Could you patch it and resend? We could end up sending invalid commands to the cdrom firmware when we do cdrom_load_unload() at the end of the cdrom_select_disc() function. Proably there is no impact but we may as well fix it. Here is my analysis if you are curious: 1371 /* If SLOT < 0, unload the current slot. Otherwise, try to load SLOT. */ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ CDSL_CURRENT is INT_MAX and CDSL_NONE is "INT_MAX - 1" but cdrom_select_disc() calls this with slot set to -1. 1372 static int cdrom_load_unload(struct cdrom_device_info *cdi, int slot) 1373 { 1374 struct packet_command cgc; 1375 1376 cd_dbg(CD_CHANGER, "entering cdrom_load_unload()\n"); 1377 if (cdi->sanyo_slot && slot < 0) 1378 return 0; 1379 1380 init_cdrom_command(&cgc, NULL, 0, CGC_DATA_NONE); 1381 cgc.cmd[0] = GPCMD_LOAD_UNLOAD; 1382 cgc.cmd[4] = 2 + (slot >= 0); ^^^^^^^^^^ So cmd[4] is 2. 1383 cgc.cmd[8] = slot; ^^^^^^^^^^^^^^^^^ Here were setting cmd[8] to any u8 value we choose. 1384 cgc.timeout = 60 * HZ; 1385 1386 /* The Sanyo 3 CD changer uses byte 7 of the 1387 GPCMD_TEST_UNIT_READY to command to switch CDs instead of 1388 using the GPCMD_LOAD_UNLOAD opcode. */ 1389 if (cdi->sanyo_slot && -1 < slot) { 1390 cgc.cmd[0] = GPCMD_TEST_UNIT_READY; 1391 cgc.cmd[7] = slot; 1392 cgc.cmd[4] = cgc.cmd[8] = 0; 1393 cdi->sanyo_slot = slot ? slot : 3; 1394 } 1395 1396 return cdi->ops->generic_packet(cdi, &cgc); 1397 } > P.S. Is your static analysis tooling available for the general public to look at? Sure. I've been dorking with it for a couple days and I haven't tested the latest version except on drivers/cdrom/cdrom.c so let me do some more testing and then I'll post it. regards, dan carpenter

7 years, 2 months

1
0
0 0

[PATCH -tip v2 0/7] kprobes: Fix %p in kprobes

by Masami Hiramatsu

Hi, This 2nd version of the series which fixes %p uses in kprobes. Some by replacing with %pS, some by replacing with %px but masking with kallsyms_show_value(). V1 series is here: https://lkml.org/lkml/2018/1/25/1 I've read the thread about %pK and if I understand correctly we shouldn't print kernel addresses. However, kprobes debugfs interface can not stop to show the actual probe address because it should be compared with addresses in kallsyms for debugging. So, it depends on that kallsyms_show_value() allows to show address to user, because if it returns true, anyway that user can dump /proc/kallsyms. Other error messages are replaced it with %pS, and one critical function uses %px which is called right before BUG(). Also, I tried to fix this issue on each arch port. I searched it by # find arch/* | grep -e 'kprobe.*c' | xargs grep -w %p And fixed all %p uses in those files. Changes in this version; - [1/7] is newly added. - patches for MN10300(deleted) and s390(merged) are removed. Thank you, --- Masami Hiramatsu (7): kprobes: Make blacklist root user read only kprobes: Show blacklist addresses as same as kallsyms does kprobes: Show address of kprobes if kallsyms does kprobes: Replace %p with other pointer types kprobes/x86: Fix %p uses in error messages kprobes/arm: Fix %p uses in error messages kprobes/arm64: Fix %p uses in error messages arch/arm/probes/kprobes/core.c | 10 ++++---- arch/arm/probes/kprobes/test-core.c | 1 - arch/arm64/kernel/probes/kprobes.c | 4 ++- arch/x86/kernel/kprobes/core.c | 12 +++------ kernel/kprobes.c | 46 ++++++++++++++++++++++------------- 5 files changed, 40 insertions(+), 33 deletions(-) -- Masami Hiramatsu (Linaro) <mhiramat(a)kernel.org>

7 years, 2 months

3
17
0 0

FAILED: patch "[PATCH] s390: correct module section names for expoline code revert" failed to apply to 4.16-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.16-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 6cf09958f32b9667bb3ebadf74367c791112771b Mon Sep 17 00:00:00 2001 From: Martin Schwidefsky <schwidefsky(a)de.ibm.com> Date: Fri, 20 Apr 2018 12:48:52 +0200 Subject: [PATCH] s390: correct module section names for expoline code revert The main linker script vmlinux.lds.S for the kernel image merges the expoline code patch tables into two section ".nospec_call_table" and ".nospec_return_table". This is *not* done for the modules, there the sections retain their original names as generated by gcc: ".s390_indirect_call", ".s390_return_mem" and ".s390_return_reg". The module_finalize code has to check for the compiler generated section names, otherwise no code patching is done. This slows down the module code in case of "spectre_v2=off". Cc: stable(a)vger.kernel.org # 4.16 Fixes: f19fbd5ed6 ("s390: introduce execute-trampolines for branches") Signed-off-by: Martin Schwidefsky <schwidefsky(a)de.ibm.com> diff --git a/arch/s390/kernel/module.c b/arch/s390/kernel/module.c index 5a83be955c70..0dc8ac8548ee 100644 --- a/arch/s390/kernel/module.c +++ b/arch/s390/kernel/module.c @@ -465,11 +465,11 @@ int module_finalize(const Elf_Ehdr *hdr, apply_alternatives(aseg, aseg + s->sh_size); if (IS_ENABLED(CONFIG_EXPOLINE) && - (!strcmp(".nospec_call_table", secname))) + (!strncmp(".s390_indirect", secname, 14))) nospec_revert(aseg, aseg + s->sh_size); if (IS_ENABLED(CONFIG_EXPOLINE) && - (!strcmp(".nospec_return_table", secname))) + (!strncmp(".s390_return", secname, 12))) nospec_revert(aseg, aseg + s->sh_size); }

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] s390/cpum_cf: rename IBM z13/z14 counter names" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 5f3ba878e7a2ffef82fb0882c0dd2c3507d734bc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Wild?= <wild(a)linux.ibm.com> Date: Wed, 18 Apr 2018 17:59:58 +0200 Subject: [PATCH] s390/cpum_cf: rename IBM z13/z14 counter names MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Change the IBM z13/z14 counter names to be in sync with all other models. Cc: stable(a)vger.kernel.org # v4.12+ Fixes: 3593eb944c ("s390/cpum_cf: add hardware counter support for IBM z14") Fixes: 3fc7acebae ("s390/cpum_cf: add IBM z13 counter event names") Signed-off-by: André Wild <wild(a)linux.ibm.com> Signed-off-by: Hendrik Brueckner <brueckner(a)linux.vnet.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky(a)de.ibm.com> diff --git a/arch/s390/kernel/perf_cpum_cf_events.c b/arch/s390/kernel/perf_cpum_cf_events.c index 5ee27dc9a10c..feebb2944882 100644 --- a/arch/s390/kernel/perf_cpum_cf_events.c +++ b/arch/s390/kernel/perf_cpum_cf_events.c @@ -123,7 +123,7 @@ CPUMF_EVENT_ATTR(cf_zec12, L1I_OFFBOOK_L3_SOURCED_WRITES_IV, 0x00a1); CPUMF_EVENT_ATTR(cf_zec12, TX_NC_TABORT, 0x00b1); CPUMF_EVENT_ATTR(cf_zec12, TX_C_TABORT_NO_SPECIAL, 0x00b2); CPUMF_EVENT_ATTR(cf_zec12, TX_C_TABORT_SPECIAL, 0x00b3); -CPUMF_EVENT_ATTR(cf_z13, L1D_WRITES_RO_EXCL, 0x0080); +CPUMF_EVENT_ATTR(cf_z13, L1D_RO_EXCL_WRITES, 0x0080); CPUMF_EVENT_ATTR(cf_z13, DTLB1_WRITES, 0x0081); CPUMF_EVENT_ATTR(cf_z13, DTLB1_MISSES, 0x0082); CPUMF_EVENT_ATTR(cf_z13, DTLB1_HPAGE_WRITES, 0x0083); @@ -179,7 +179,7 @@ CPUMF_EVENT_ATTR(cf_z13, TX_C_TABORT_NO_SPECIAL, 0x00db); CPUMF_EVENT_ATTR(cf_z13, TX_C_TABORT_SPECIAL, 0x00dc); CPUMF_EVENT_ATTR(cf_z13, MT_DIAG_CYCLES_ONE_THR_ACTIVE, 0x01c0); CPUMF_EVENT_ATTR(cf_z13, MT_DIAG_CYCLES_TWO_THR_ACTIVE, 0x01c1); -CPUMF_EVENT_ATTR(cf_z14, L1D_WRITES_RO_EXCL, 0x0080); +CPUMF_EVENT_ATTR(cf_z14, L1D_RO_EXCL_WRITES, 0x0080); CPUMF_EVENT_ATTR(cf_z14, DTLB2_WRITES, 0x0081); CPUMF_EVENT_ATTR(cf_z14, DTLB2_MISSES, 0x0082); CPUMF_EVENT_ATTR(cf_z14, DTLB2_HPAGE_WRITES, 0x0083); @@ -371,7 +371,7 @@ static struct attribute *cpumcf_zec12_pmu_event_attr[] __initdata = { }; static struct attribute *cpumcf_z13_pmu_event_attr[] __initdata = { - CPUMF_EVENT_PTR(cf_z13, L1D_WRITES_RO_EXCL), + CPUMF_EVENT_PTR(cf_z13, L1D_RO_EXCL_WRITES), CPUMF_EVENT_PTR(cf_z13, DTLB1_WRITES), CPUMF_EVENT_PTR(cf_z13, DTLB1_MISSES), CPUMF_EVENT_PTR(cf_z13, DTLB1_HPAGE_WRITES), @@ -431,7 +431,7 @@ static struct attribute *cpumcf_z13_pmu_event_attr[] __initdata = { }; static struct attribute *cpumcf_z14_pmu_event_attr[] __initdata = { - CPUMF_EVENT_PTR(cf_z14, L1D_WRITES_RO_EXCL), + CPUMF_EVENT_PTR(cf_z14, L1D_RO_EXCL_WRITES), CPUMF_EVENT_PTR(cf_z14, DTLB2_WRITES), CPUMF_EVENT_PTR(cf_z14, DTLB2_MISSES), CPUMF_EVENT_PTR(cf_z14, DTLB2_HPAGE_WRITES),

7 years, 2 months

1
0
0 0

Applied "ASoC: mediatek: preallocate pages use platform device" to the asoc tree

by Mark Brown

The patch ASoC: mediatek: preallocate pages use platform device has been applied to the asoc tree at https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound.git All being well this means that it will be integrated into the linux-next tree (usually sometime in the next 24 hours) and sent to Linus during the next merge window (or sooner if it is a bug fix), however if problems are discovered then the patch may be dropped or reverted. You may get further e-mails resulting from automated or manual testing and review of the tree, please engage with people reporting problems and send followup patches addressing any issues that are reported if needed. If any updates are required or you are submitting further changes they should be sent as incremental updates against current git, existing patches will not be replaced. Please add any relevant lists and maintainers to the CCs when replying to this mail. Thanks, Mark >From 5845e6155d8f4a4a9bae2d4c1d1bb4a4d9a925c2 Mon Sep 17 00:00:00 2001 From: Kai Chieh Chuang <kaichieh.chuang(a)mediatek.com> Date: Fri, 27 Apr 2018 10:11:35 +0800 Subject: [PATCH] ASoC: mediatek: preallocate pages use platform device preallocate pages should use platform device, since we set dma mask for platform device. Signed-off-by: KaiChieh Chuang <kaichieh.chuang(a)mediatek.com> Signed-off-by: Mark Brown <broonie(a)kernel.org> Cc: stable(a)vger.kernel.org --- sound/soc/mediatek/common/mtk-afe-platform-driver.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sound/soc/mediatek/common/mtk-afe-platform-driver.c b/sound/soc/mediatek/common/mtk-afe-platform-driver.c index 53215b52e4f2..f8a06709f76d 100644 --- a/sound/soc/mediatek/common/mtk-afe-platform-driver.c +++ b/sound/soc/mediatek/common/mtk-afe-platform-driver.c @@ -64,14 +64,14 @@ static const struct snd_pcm_ops mtk_afe_pcm_ops = { static int mtk_afe_pcm_new(struct snd_soc_pcm_runtime *rtd) { size_t size; - struct snd_card *card = rtd->card->snd_card; struct snd_pcm *pcm = rtd->pcm; struct snd_soc_component *component = snd_soc_rtdcom_lookup(rtd, AFE_PCM_NAME); struct mtk_base_afe *afe = snd_soc_component_get_drvdata(component); size = afe->mtk_afe_hardware->buffer_bytes_max; return snd_pcm_lib_preallocate_pages_for_all(pcm, SNDRV_DMA_TYPE_DEV, - card->dev, size, size); + rtd->platform->dev, + size, size); } static void mtk_afe_pcm_free(struct snd_pcm *pcm) -- 2.17.0

7 years, 2 months

1
0
0 0

Re: stable-rc build: 4 warnings 0 failures (stable-rc/v4.15.7)

by Arnd Bergmann

On Wed, Feb 28, 2018 at 1:12 PM, Olof's autobuilder <build(a)lixom.net> wrote: > Here are the build results from automated periodic testing. > Warnings: > > arm64.allmodconfig: > WARNING: modpost: missing MODULE_LICENSE() in drivers/phy/qualcomm/phy-qcom-ufs.o Hi Greg, It seems we're still missing one backport for a clean allmodconfig build: 59fba0869aca phy: qcom-ufs: add MODULE_LICENSE tag Arnd

7 years, 2 months

2
2
0 0

Cherry-pick "arm64: dts: rockchip: remove vdd_log from rk3399-puma" for 4.14.y?

by Jakob Unterwurzacher

Dear Greg, a fix for a voltage instability on our rk3399-puma board went into 4.15 (commit 87eba0716011, quoted below). As we have users who prefer to stay on longterm 4.14, would you consider cherry-picking the commit into 4.14.y? It applies cleanly and has no effect outside of our rk3399-puma board, where it fixes the instability. Thank you and best regards, Jakob > commit 87eba0716011e528f7841026f2cc65683219d0ad > Author: Klaus Goger <klaus.goger(a)theobroma-systems.com> > Date: Tue Dec 5 08:11:58 2017 +0100 > > arm64: dts: rockchip: remove vdd_log from rk3399-puma > > vdd_log has no consumer and therefore will not be set to a specific > voltage. Still the PWM output pin gets configured and thence the vdd_log > output voltage will changed from it's default. Depending on the idle > state of the PWM this will slightly over or undervoltage the logic supply > of the RK3399 and cause instability with GbE (undervoltage) and PCIe > (overvoltage). Since the default value set by a voltage divider is the > correct supply voltage and we don't need to change it during runtime we > remove the rail from the devicetree completely so the PWM pin will not > be configured. > > Signed-off-by: Klaus Goger <klaus.goger(a)theobroma-systems.com> > Signed-off-by: Heiko Stuebner <heiko(a)sntech.de> > > arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi | 11 ----------- > 1 file changed, 11 deletions(-)

7 years, 2 months

2
1
0 0

[PATCH 00/19] s390 spectre mititgation for 4.9

by Martin Schwidefsky

Greetings, this series is the backport of 19 upstream patches to add the current s390 spectre mitigation to kernel version 4.9. It follows the x86 approach with array_index_nospec for the v1 spectre attack and retpoline/expoline for v2. As a fallback there is the ppa-12/ppa-13 based defense which requires an micro-code update. Christian Borntraeger (3): KVM: s390: wire up bpb feature KVM: s390: force bp isolation for VSIE s390/entry.S: fix spurious zeroing of r0 Eugeniu Rosca (1): s390: Replace IS_ENABLED(EXPOLINE_*) with IS_ENABLED(CONFIG_EXPOLINE_*) Heiko Carstens (1): s390: enable CPU alternatives unconditionally Martin Schwidefsky (13): s390: scrub registers on kernel entry and KVM exit s390: add optimized array_index_mask_nospec s390/alternative: use a copy of the facility bit mask s390: add options to change branch prediction behaviour for the kernel s390: run user space and KVM guests with modified branch prediction s390: introduce execute-trampolines for branches s390: do not bypass BPENTER for interrupt system calls s390: move nobp parameter functions to nospec-branch.c s390: add automatic detection of the spectre defense s390: report spectre mitigation via syslog s390: add sysfs attributes for spectre s390: correct nospec auto detection init order s390: correct module section names for expoline code revert Vasily Gorbik (1): s390: introduce CPU alternatives Documentation/kernel-parameters.txt | 3 + arch/s390/Kconfig | 47 +++++++ arch/s390/Makefile | 10 ++ arch/s390/include/asm/alternative.h | 149 ++++++++++++++++++++ arch/s390/include/asm/barrier.h | 24 ++++ arch/s390/include/asm/facility.h | 18 +++ arch/s390/include/asm/kvm_host.h | 3 +- arch/s390/include/asm/lowcore.h | 7 +- arch/s390/include/asm/nospec-branch.h | 17 +++ arch/s390/include/asm/processor.h | 4 + arch/s390/include/asm/thread_info.h | 4 + arch/s390/include/uapi/asm/kvm.h | 5 +- arch/s390/kernel/Makefile | 6 +- arch/s390/kernel/alternative.c | 112 +++++++++++++++ arch/s390/kernel/early.c | 5 + arch/s390/kernel/entry.S | 250 ++++++++++++++++++++++++++++++---- arch/s390/kernel/ipl.c | 1 + arch/s390/kernel/module.c | 65 ++++++++- arch/s390/kernel/nospec-branch.c | 169 +++++++++++++++++++++++ arch/s390/kernel/processor.c | 18 +++ arch/s390/kernel/setup.c | 14 +- arch/s390/kernel/smp.c | 7 +- arch/s390/kernel/vmlinux.lds.S | 37 +++++ arch/s390/kvm/kvm-s390.c | 13 +- arch/s390/kvm/vsie.c | 30 ++++ drivers/s390/char/Makefile | 2 + include/uapi/linux/kvm.h | 1 + 27 files changed, 984 insertions(+), 37 deletions(-) create mode 100644 arch/s390/include/asm/alternative.h create mode 100644 arch/s390/include/asm/nospec-branch.h create mode 100644 arch/s390/kernel/alternative.c create mode 100644 arch/s390/kernel/nospec-branch.c -- 2.13.5

7 years, 2 months

2
20
0 0

[PATCH 00/19] s390 spectre mititgation for 4.14

by Martin Schwidefsky

Greetings, this series is the backport of 19 upstream patches to add the current s390 spectre mitigation to kernel version 4.14. It follows the x86 approach with array_index_nospec for the v1 spectre attack and retpoline/expoline for v2. As a fallback there is the ppa-12/ppa-13 based defense which requires an micro-code update. Christian Borntraeger (3): KVM: s390: wire up bpb feature KVM: s390: force bp isolation for VSIE s390/entry.S: fix spurious zeroing of r0 Eugeniu Rosca (1): s390: Replace IS_ENABLED(EXPOLINE_*) with IS_ENABLED(CONFIG_EXPOLINE_*) Heiko Carstens (1): s390: enable CPU alternatives unconditionally Martin Schwidefsky (13): s390: scrub registers on kernel entry and KVM exit s390: add optimized array_index_mask_nospec s390/alternative: use a copy of the facility bit mask s390: add options to change branch prediction behaviour for the kernel s390: run user space and KVM guests with modified branch prediction s390: introduce execute-trampolines for branches s390: do not bypass BPENTER for interrupt system calls s390: move nobp parameter functions to nospec-branch.c s390: add automatic detection of the spectre defense s390: report spectre mitigation via syslog s390: add sysfs attributes for spectre s390: correct nospec auto detection init order s390: correct module section names for expoline code revert Vasily Gorbik (1): s390: introduce CPU alternatives Documentation/admin-guide/kernel-parameters.txt | 3 + arch/s390/Kconfig | 47 +++++ arch/s390/Makefile | 10 + arch/s390/include/asm/alternative.h | 149 ++++++++++++++ arch/s390/include/asm/barrier.h | 24 +++ arch/s390/include/asm/facility.h | 18 ++ arch/s390/include/asm/kvm_host.h | 3 +- arch/s390/include/asm/lowcore.h | 7 +- arch/s390/include/asm/nospec-branch.h | 17 ++ arch/s390/include/asm/processor.h | 4 + arch/s390/include/asm/thread_info.h | 4 + arch/s390/include/uapi/asm/kvm.h | 5 +- arch/s390/kernel/Makefile | 6 +- arch/s390/kernel/alternative.c | 112 +++++++++++ arch/s390/kernel/early.c | 5 + arch/s390/kernel/entry.S | 250 +++++++++++++++++++++--- arch/s390/kernel/ipl.c | 1 + arch/s390/kernel/module.c | 65 +++++- arch/s390/kernel/nospec-branch.c | 169 ++++++++++++++++ arch/s390/kernel/processor.c | 18 ++ arch/s390/kernel/setup.c | 14 +- arch/s390/kernel/smp.c | 7 +- arch/s390/kernel/vmlinux.lds.S | 37 ++++ arch/s390/kvm/kvm-s390.c | 12 ++ arch/s390/kvm/vsie.c | 30 +++ drivers/s390/char/Makefile | 2 + include/uapi/linux/kvm.h | 1 + 27 files changed, 984 insertions(+), 36 deletions(-) create mode 100644 arch/s390/include/asm/alternative.h create mode 100644 arch/s390/include/asm/nospec-branch.h create mode 100644 arch/s390/kernel/alternative.c create mode 100644 arch/s390/kernel/nospec-branch.c -- 2.13.5

7 years, 2 months

2
20
0 0

Sorry wrong cc

by Seyeong Kim

Sorry mistakes..

7 years, 2 months

1
0
0 0

[PATCH] fsnotify: Fix fsnotify_mark_connector race

by Seyeong Kim

From: Robert Kolchmeyer <rkolchmeyer(a)google.com> BugLink: http://bugs.launchpad.net/bugs/1765564 fsnotify() acquires a reference to a fsnotify_mark_connector through the SRCU-protected pointer to_tell->i_fsnotify_marks. However, it appears that no precautions are taken in fsnotify_put_mark() to ensure that fsnotify() drops its reference to this fsnotify_mark_connector before assigning a value to its 'destroy_next' field. This can result in fsnotify_put_mark() assigning a value to a connector's 'destroy_next' field right before fsnotify() tries to traverse the linked list referenced by the connector's 'list' field. Since these two fields are members of the same union, this behavior results in a kernel panic. This issue is resolved by moving the connector's 'destroy_next' field into the object pointer union. This should work since the object pointer access is protected by both a spinlock and the value of the 'flags' field, and the 'flags' field is cleared while holding the spinlock in fsnotify_put_mark() before 'destroy_next' is updated. It shouldn't be possible for another thread to accidentally read from the object pointer after the 'destroy_next' field is updated. The offending behavior here is extremely unlikely; since fsnotify_put_mark() removes references to a connector (specifically, it ensures that the connector is unreachable from the inode it was formerly attached to) before updating its 'destroy_next' field, a sizeable chunk of code in fsnotify_put_mark() has to execute in the short window between when fsnotify() acquires the connector reference and saves the value of its 'list' field. On the HEAD kernel, I've only been able to reproduce this by inserting a udelay(1) in fsnotify(). However, I've been able to reproduce this issue without inserting a udelay(1) anywhere on older unmodified release kernels, so I believe it's worth fixing at HEAD. References: https://bugzilla.kernel.org/show_bug.cgi?id=199437 Fixes: 08991e83b7286635167bab40927665a90fb00d81 CC: stable(a)vger.kernel.org Signed-off-by: Robert Kolchmeyer <rkolchmeyer(a)google.com> Signed-off-by: Jan Kara <jack(a)suse.cz> (cherry picked from commit d90a10e2444ba5a351fa695917258ff4c5709fa5) Signed-off-by: Seyeong Kim <seyeong.kim(a)canonical.com> --- include/linux/fsnotify_backend.h | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/include/linux/fsnotify_backend.h b/include/linux/fsnotify_backend.h index 067d52e..d719194 100644 --- a/include/linux/fsnotify_backend.h +++ b/include/linux/fsnotify_backend.h @@ -217,12 +217,10 @@ struct fsnotify_mark_connector { union { /* Object pointer [lock] */ struct inode *inode; struct vfsmount *mnt; - }; - union { - struct hlist_head list; /* Used listing heads to free after srcu period expires */ struct fsnotify_mark_connector *destroy_next; }; + struct hlist_head list; }; /* -- 2.7.4

7 years, 2 months

1
0
0 0

[PATCH] arm64: defconfig: Enable CONFIG_PINCTRL_MT7622 by default

by sean.wang＠mediatek.com

From: Sean Wang <sean.wang(a)mediatek.com> Recently kernelCI reported the board mt7622-rfb1 has a fail test with kernel: ERROR: did not start booting whose details could be seen at [1]. The cause is that UART0 can't output anything when it's missing a proper pin setup with current DTS, so the essential driver is always getting enabled to fix up the issue. [1] https://kernelci.org/boot/id/5ad7d62759b51461bfb1f829/ Cc: Kevin Hilman <khilman(a)baylibre.com> Cc: stable(a)vger.kernel.org Fixes: ae457b7679c4 ("arm64: dts: mt7622: add SoC and peripheral related device nodes") Signed-off-by: Sean Wang <sean.wang(a)mediatek.com> --- arch/arm64/configs/defconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/arm64/configs/defconfig b/arch/arm64/configs/defconfig index ecf6137..fe005df 100644 --- a/arch/arm64/configs/defconfig +++ b/arch/arm64/configs/defconfig @@ -320,6 +320,7 @@ CONFIG_PINCTRL_MAX77620=y CONFIG_PINCTRL_MSM8916=y CONFIG_PINCTRL_MSM8994=y CONFIG_PINCTRL_MSM8996=y +CONFIG_PINCTRL_MT7622=y CONFIG_PINCTRL_QDF2XXX=y CONFIG_PINCTRL_QCOM_SPMI_PMIC=y CONFIG_GPIO_DWAPB=y -- 2.7.4

7 years, 2 months

2
1
0 0

[PATCH 4.9 00/95] 4.9.96-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.9.96 release. There are 95 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Tue Apr 24 13:51:53 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.96-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.9.96-rc1 Wanpeng Li <wanpeng.li(a)hotmail.com> block/mq: fix potential deadlock during cpu hotplug Greg Thelen <gthelen(a)google.com> writeback: safer lock nesting Amir Goldstein <amir73il(a)gmail.com> fanotify: fix logic of events on child Matthew Wilcox <mawilcox(a)microsoft.com> mm/filemap.c: fix NULL pointer in page_cache_tree_insert() Ian Kent <raven(a)themaw.net> autofs: mount point create should honour passed in mode Al Viro <viro(a)zeniv.linux.org.uk> Don't leak MNT_INTERNAL away from internal mounts Al Viro <viro(a)zeniv.linux.org.uk> rpc_pipefs: fix double-dput() Al Viro <viro(a)zeniv.linux.org.uk> orangefs_kill_sb(): deal with allocation failures Al Viro <viro(a)zeniv.linux.org.uk> hypfs_kill_super(): deal with failed allocations Al Viro <viro(a)zeniv.linux.org.uk> jffs2_kill_sb(): deal with failed allocations Jan Kara <jack(a)suse.cz> udf: Fix leak of UTF-16 surrogates into encoded strings Michael Ellerman <mpe(a)ellerman.id.au> powerpc/lib: Fix off-by-one in alternate feature patching Michael Neuling <mikey(a)neuling.org> powerpc/eeh: Fix enabling bridge MMIO windows Matt Redfearn <matt.redfearn(a)mips.com> MIPS: memset.S: Fix clobber of v1 in last_fixup Matt Redfearn <matt.redfearn(a)mips.com> MIPS: memset.S: Fix return of __clear_user from Lpartial_fixup Matt Redfearn <matt.redfearn(a)mips.com> MIPS: memset.S: EVA & fault support for small_memset Matt Redfearn <matt.redfearn(a)mips.com> MIPS: uaccess: Add micromips clobbers to bzero invocation Rodrigo Rivas Costa <rodrigorivascosta(a)gmail.com> HID: hidraw: Fix crash on HIDIOCGFEATURE with a destroyed device Theodore Ts'o <tytso(a)mit.edu> random: add new ioctl RNDRESEEDCRNG Theodore Ts'o <tytso(a)mit.edu> random: crng_reseed() should lock the crng instance that it is modifying Theodore Ts'o <tytso(a)mit.edu> random: set up the NUMA crng instances after the CRNG is fully initialized Theodore Ts'o <tytso(a)mit.edu> random: fix crng_ready() test David Wang <davidwang(a)zhaoxin.com> ALSA: hda - New VIA controller suppor no-snoop path Takashi Iwai <tiwai(a)suse.de> ALSA: rawmidi: Fix missing input substream checks in compat ioctls Fabián Inostroza <soulsonceonfire(a)gmail.com> ALSA: line6: Use correct endpoint type for midi output Paul Parsons <lost.distance(a)yahoo.com> drm/radeon: Fix PCIe lane width calculation Marc Zyngier <marc.zyngier(a)arm.com> drm/rockchip: Clear all interrupts before requesting the IRQ Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: Fix PCIe lane width calculation Bas Nieuwenhuizen <basni(a)chromium.org> drm/amdgpu: Fix always_valid bos multiple LRU insertions. Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: Add an ATPX quirk for hybrid laptop Theodore Ts'o <tytso(a)mit.edu> ext4: don't allow r/w mounts if metadata blocks overlap the superblock Takashi Iwai <tiwai(a)suse.de> ALSA: pcm: Fix endless loop for XRUN recovery in OSS emulation Takashi Iwai <tiwai(a)suse.de> ALSA: pcm: Fix mutex unbalance in OSS emulation ioctls Takashi Iwai <tiwai(a)suse.de> ALSA: pcm: Return -EBUSY for OSS ioctls changing busy streams Takashi Iwai <tiwai(a)suse.de> ALSA: pcm: Avoid potential races between OSS ioctls and read/write Takashi Iwai <tiwai(a)suse.de> ALSA: pcm: Use ERESTARTSYS instead of EINTR in OSS emulation Alex Williamson <alex.williamson(a)redhat.com> vfio/pci: Virtualize Maximum Read Request Size Igor Pylypiv <igor.pylypiv(a)gmail.com> watchdog: f71808e_wdt: Fix WD_EN register read Sean Wang <sean.wang(a)mediatek.com> dt-bindings: clock: mediatek: add binding for fixed-factor clock axisel_d4 Mikhail Lappo <mikhail.lappo(a)esrlabs.com> thermal: imx: Fix race condition in imx_thermal_probe() Ryo Kodama <ryo.kodama.vz(a)renesas.com> pwm: rcar: Fix a condition to prevent mismatch value setting to duty Boris Brezillon <boris.brezillon(a)bootlin.com> clk: bcm2835: De-assert/assert PLL reset signal when appropriate Arnd Bergmann <arnd(a)arndb.de> clk: fix false-positive Wmaybe-uninitialized warning Richard Genoud <richard.genoud(a)gmail.com> clk: mvebu: armada-38x: add support for missing clocks Ralph Sennhauser <ralph.sennhauser(a)gmail.com> clk: mvebu: armada-38x: add support for 1866MHz variants Alex Smith <alex.smith(a)imgtec.com> mmc: jz4740: Fix race condition in IRQ mask update Lu Baolu <baolu.lu(a)linux.intel.com> iommu/vt-d: Fix a potential memory leak Krzysztof Mazur <krzysiek(a)podlesie.net> um: Use POSIX ucontext_t instead of struct ucontext Jason A. Donenfeld <Jason(a)zx2c4.com> um: Compile with modern headers Dan Williams <dan.j.williams(a)intel.com> nfit, address-range-scrub: fix scrub in-progress reporting Dan Williams <dan.j.williams(a)intel.com> libnvdimm, namespace: use a safe lookup for dimm device name Maxime Jayat <maxime.jayat(a)mobile-devices.fr> dmaengine: at_xdmac: fix rare residue corruption Bart Van Assche <bart.vanassche(a)wdc.com> IB/srp: Fix completion vector assignment algorithm Bart Van Assche <bart.vanassche(a)wdc.com> IB/srp: Fix srp_abort() Takashi Iwai <tiwai(a)suse.de> ALSA: pcm: Fix UAF at PCM release via PCM timer access Bart Van Assche <bart.vanassche(a)wdc.com> RDMA/rxe: Fix an out-of-bounds read Roland Dreier <roland(a)purestorage.com> RDMA/ucma: Don't allow setting RDMA_OPTION_IB_PATH without an RDMA device Theodore Ts'o <tytso(a)mit.edu> ext4: fail ext4_iget for root directory if unallocated Theodore Ts'o <tytso(a)mit.edu> ext4: add validity checks for bitmap block numbers Eryu Guan <guaneryu(a)gmail.com> ext4: protect i_disksize update by i_data_sem in direct write path Theodore Ts'o <tytso(a)mit.edu> ext4: don't update checksum of new initialized bitmaps Theodore Ts'o <tytso(a)mit.edu> jbd2: if the journal is aborted then don't allow update of the log tail Theodore Ts'o <tytso(a)mit.edu> random: use a tighter cap in credit_entropy_bits_safe() Aniruddha Banerjee <aniruddhab(a)nvidia.com> irqchip/gic: Take lock when updating irq type Mika Westerberg <mika.westerberg(a)linux.intel.com> thunderbolt: Resume control channel after hibernation image is created James Kelly <jamespeterkelly(a)gmail.com> ASoC: ssm2602: Replace reg_default_raw with reg_default Aaron Ma <aaron.ma(a)canonical.com> HID: core: Fix size as type u32 Aaron Ma <aaron.ma(a)canonical.com> HID: Fix hid_report_len usage Nicholas Piggin <npiggin(a)gmail.com> powerpc/powernv: Fix OPAL NVRAM driver OPAL_BUSY loops Nicholas Piggin <npiggin(a)gmail.com> powerpc/64: Fix smp_wmb barrier definition use use lwsync consistently Nicholas Piggin <npiggin(a)gmail.com> powerpc/powernv: Handle unknown OPAL errors in opal_nvram_write() Aaron Ma <aaron.ma(a)canonical.com> HID: i2c-hid: fix size check and type usage Steve French <stfrench(a)microsoft.com> smb3: Fix root directory when server returns inode number of zero Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: pci: Properly cleanup resource Zhengjun Xing <zhengjun.xing(a)linux.intel.com> USB:fix USB3 devices behind USB3 hubs not resuming at hibernate thaw Yavuz, Tuba <tuba(a)ece.ufl.edu> USB: gadget: f_midi: fixing a possible double-free in f_midi Mika Westerberg <mika.westerberg(a)linux.intel.com> ACPI / hotplug / PCI: Check presence of slot itself in get_slot_status() Hans de Goede <hdegoede(a)redhat.com> ACPI / video: Add quirk to force acpi-video backlight on Samsung 670Z5E Dan Carpenter <dan.carpenter(a)oracle.com> regmap: Fix reversed bounds check in regmap_raw_write() Jason Andryuk <jandryuk(a)gmail.com> xen-netfront: Fix hang on device removal Maxime Chevallier <maxime.chevallier(a)bootlin.com> spi: Fix scatterlist elements size in spi_map_buf Santiago Esteban <Santiago.Esteban(a)microchip.com> ARM: dts: at91: sama5d4: fix pinctrl compatible string Marek Szyprowski <m.szyprowski(a)samsung.com> ARM: dts: exynos: Fix IOMMU support for GScaler devices on Exynos5250 Nicolas Ferre <nicolas.ferre(a)microchip.com> ARM: dts: at91: at91sam9g25: fix mux-mask pinctrl property Felipe Balbi <felipe.balbi(a)linux.intel.com> usb: gadget: udc: core: update usb_ep_queue() documentation Heinrich Schuchardt <xypron.glpk(a)gmx.de> usb: musb: gadget: misplaced out of bounds check Vlastimil Babka <vbabka(a)suse.cz> mm, slab: reschedule cache_reap() on the same CPU Eric Biggers <ebiggers(a)google.com> ipc/shm: fix use-after-free of shm file via remap_file_pages() Takashi Iwai <tiwai(a)suse.de> resource: fix integer overflow at reallocation Andrew Morton <akpm(a)linux-foundation.org> fs/reiserfs/journal.c: add missing resierfs_warning() arg Richard Weinberger <richard(a)nod.at> ubi: Reject MLC NAND Romain Izard <romain.izard.pro(a)gmail.com> ubi: Fix error for write access Richard Weinberger <richard(a)nod.at> ubi: fastmap: Don't flush fastmap work on detach Richard Weinberger <richard(a)nod.at> ubifs: Check ubifs_wbuf_sync() return code Tejun Heo <tj(a)kernel.org> tty: make n_tty_read() always abort if hangup is in progress ------------- Diffstat: Makefile | 4 +- arch/arm/boot/dts/at91sam9g25.dtsi | 2 +- arch/arm/boot/dts/exynos5250.dtsi | 8 +- arch/arm/boot/dts/sama5d4.dtsi | 2 +- arch/mips/include/asm/uaccess.h | 11 +- arch/mips/lib/memset.S | 11 +- arch/powerpc/include/asm/barrier.h | 3 +- arch/powerpc/include/asm/synch.h | 4 - arch/powerpc/kernel/eeh_pe.c | 3 +- arch/powerpc/lib/feature-fixups.c | 2 +- arch/powerpc/platforms/powernv/opal-nvram.c | 11 +- arch/s390/hypfs/inode.c | 2 +- arch/um/os-Linux/file.c | 1 + arch/um/os-Linux/signal.c | 3 +- arch/x86/um/stub_segv.c | 3 +- block/blk-mq.c | 4 +- drivers/acpi/nfit/core.c | 5 +- drivers/acpi/video_detect.c | 9 ++ drivers/base/regmap/regmap.c | 2 +- drivers/char/random.c | 75 +++++---- drivers/clk/bcm/clk-bcm2835.c | 8 +- drivers/clk/mvebu/armada-38x.c | 15 +- drivers/clk/renesas/clk-sh73a0.c | 6 +- drivers/dma/at_xdmac.c | 4 +- drivers/gpu/drm/amd/amdgpu/amdgpu_atpx_handler.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_bo_list.c | 6 +- drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 2 +- drivers/gpu/drm/amd/amdgpu/si_dpm.c | 4 +- drivers/gpu/drm/radeon/si_dpm.c | 4 +- drivers/gpu/drm/rockchip/rockchip_drm_vop.c | 23 +-- drivers/hid/hid-core.c | 10 +- drivers/hid/hid-input.c | 3 +- drivers/hid/hid-multitouch.c | 5 +- drivers/hid/hid-rmi.c | 4 +- drivers/hid/hidraw.c | 5 + drivers/hid/i2c-hid/i2c-hid.c | 13 +- drivers/hid/wacom_sys.c | 2 +- drivers/infiniband/core/ucma.c | 3 + drivers/infiniband/sw/rxe/rxe_verbs.c | 5 +- drivers/infiniband/ulp/srp/ib_srp.c | 18 +-- drivers/iommu/intel-svm.c | 1 + drivers/irqchip/irq-gic-common.c | 9 +- drivers/mmc/host/jz4740_mmc.c | 2 +- drivers/mtd/ubi/block.c | 2 +- drivers/mtd/ubi/build.c | 11 ++ drivers/mtd/ubi/fastmap-wl.c | 1 - drivers/net/xen-netfront.c | 7 +- drivers/nvdimm/namespace_devs.c | 4 +- drivers/pci/hotplug/acpiphp_glue.c | 23 ++- drivers/pwm/pwm-rcar.c | 8 +- drivers/spi/spi.c | 10 +- drivers/thermal/imx_thermal.c | 6 +- drivers/thunderbolt/nhi.c | 1 + drivers/tty/n_tty.c | 6 + drivers/tty/tty_io.c | 9 ++ drivers/usb/core/generic.c | 9 +- drivers/usb/dwc3/dwc3-pci.c | 2 +- drivers/usb/gadget/function/f_midi.c | 3 +- drivers/usb/gadget/u_f.h | 2 + drivers/usb/gadget/udc/core.c | 3 + drivers/usb/musb/musb_gadget_ep0.c | 14 +- drivers/vfio/pci/vfio_pci_config.c | 29 +++- drivers/watchdog/f71808e_wdt.c | 2 +- fs/autofs4/root.c | 2 +- fs/cifs/cifsglob.h | 1 + fs/cifs/inode.c | 33 ++++ fs/ext4/balloc.c | 19 ++- fs/ext4/ialloc.c | 54 ++----- fs/ext4/inode.c | 11 +- fs/ext4/super.c | 6 + fs/fs-writeback.c | 7 +- fs/jbd2/journal.c | 5 +- fs/jffs2/super.c | 2 +- fs/namespace.c | 3 +- fs/notify/fanotify/fanotify.c | 34 ++--- fs/orangefs/super.c | 5 + fs/reiserfs/journal.c | 2 +- fs/ubifs/super.c | 14 +- fs/udf/unicode.c | 6 + include/dt-bindings/clock/mt2701-clk.h | 3 +- include/linux/backing-dev-defs.h | 5 + include/linux/backing-dev.h | 30 ++-- include/linux/hid.h | 6 +- include/linux/tty.h | 1 + include/sound/pcm_oss.h | 1 + include/uapi/linux/random.h | 3 + ipc/shm.c | 23 ++- kernel/resource.c | 3 +- mm/filemap.c | 9 +- mm/page-writeback.c | 18 +-- mm/slab.c | 3 +- net/sunrpc/rpc_pipe.c | 1 + sound/core/oss/pcm_oss.c | 186 ++++++++++++++++++----- sound/core/pcm.c | 8 +- sound/core/rawmidi_compat.c | 18 ++- sound/pci/hda/hda_intel.c | 3 +- sound/soc/codecs/ssm2602.c | 19 ++- sound/usb/line6/midi.c | 2 +- 98 files changed, 694 insertions(+), 322 deletions(-)

7 years, 2 months

12
117
0 0

Please apply commit 821cdad5c46c to v4.9.y

by Sinan Kaya

Hi Greg, Upstream commit 821cdad5c46c ("PCI: Wait up to 60 seconds for device to become ready after FLR") fixes a virtualization issue for Intel 750 NVMe drive and potentially other PCIe devices taking longer to recover from functional resets. problem description below from the commit: 'Sporadic reset issues have been observed with an Intel 750 NVMe drive while assigning the physical function to the guest machine. The sequence of events observed is as follows: - perform a Function Level Reset (FLR) - sleep up to 1000ms total - read ~0 from PCI_COMMAND (CRS completion for config read) - warn that the device didn't return from FLR - touch the device before it's ready - device drops config writes when we restore register settings (there's no mechanism for software to learn about CRS completions for writes) - incomplete register restore leaves device in inconsistent state - device probe fails because device is in inconsistent state After reset, an endpoint may respond to config requests with Configuration Request Retry Status (CRS) to indicate that it is not ready to accept new requests. See PCIe r3.1, sec 2.3.1 and 6.6.2.' Please apply commit 821cdad5c46c to fix the resulting regression. Thanks, Sinan -- Sinan Kaya Qualcomm Datacenter Technologies, Inc. as an affiliate of Qualcomm Technologies, Inc. Qualcomm Technologies, Inc. is a member of the Code Aurora Forum, a Linux Foundation Collaborative Project.

7 years, 2 months

2
1
0 0

[PATCH] mm: sections are not offlined during memory hotremove

by Pavel Tatashin

Memory hotplug, and hotremove operate with per-block granularity. If machine has large amount of memory (more than 64G), the size of memory block can span multiple sections. By mistake, during hotremove we set only the first section to offline state. The bug was discovered because kernel selftest started to fail: https://lkml.kernel.org/r/20180423011247.GK5563@yexl-desktop After commit, "mm/memory_hotplug: optimize probe routine". But, the bug is older than this commit. In this optimization we also added a check for sections to be in a proper state during hotplug operation. Fixes: 2d070eab2e82 ("mm: consider zone which is not fully populated to have holes") Signed-off-by: Pavel Tatashin <pasha.tatashin(a)oracle.com> Acked-by: Michal Hocko <mhocko(a)suse.com> --- mm/sparse.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mm/sparse.c b/mm/sparse.c index 62eef264a7bd..73dc2fcc0eab 100644 --- a/mm/sparse.c +++ b/mm/sparse.c @@ -629,7 +629,7 @@ void offline_mem_sections(unsigned long start_pfn, unsigned long end_pfn) unsigned long pfn; for (pfn = start_pfn; pfn < end_pfn; pfn += PAGES_PER_SECTION) { - unsigned long section_nr = pfn_to_section_nr(start_pfn); + unsigned long section_nr = pfn_to_section_nr(pfn); struct mem_section *ms; /* -- 2.17.0

7 years, 2 months

2
1
0 0

[PATCH v2][for 4.17-rc3] cpufreq / CPPC: Set platform specific transition_delay_us

by Prashanth Prakash

Add support to specify platform specific transition_delay_us instead of using the transition delay derived from PCC. With commit "3d41386d556d: cpufreq: CPPC: Use transition_delay_us depending transition_latency" we are setting transition_delay_us directly and not applying the LATENCY_MULTIPLIER. With this on Qualcomm Centriq we can end up with a very high rate of frequency change requests when using schedutil governor (default rate_limit_us=10 compared to an earlier value of 10000). The PCC subspace describes the rate at which the platform can accept commands on the CPPC's PCC channel. This includes read and write command on the PCC channel that can be used for reasons other than frequency transitions. Moreover the same PCC subspace can be used by multiple freq domains and deriving transition_delay_us from it as we do now can be sub-optimal. Moreover if a platform does not use PCC for desired_perf register then there is no way to compute the transition latency or the delay_us. CPPC does not have a standard defined mechanism to get the transition rate or the latency at the moment. Given the above limitations, it is simpler to have a platform specific transition_delay_us and rely on PCC derived value only if a platform specific value is not available. Signed-off-by: Prashanth Prakash <pprakash(a)codeaurora.org> Cc: Viresh Kumar <viresh.kumar(a)linaro.org> Cc: Rafael J. Wysocki <rjw(a)rjwysocki.net> Cc: 4.14+ <stable(a)vger.kernel.org> Fixes: 3d41386d556d ("cpufreq: CPPC: Use transition_delay_us depending transition_latency) --- v2: * Return final delay_us from cppc_cpufreq_get_transition_delay_us (Viresh) --- drivers/cpufreq/cppc_cpufreq.c | 43 ++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 41 insertions(+), 2 deletions(-) diff --git a/drivers/cpufreq/cppc_cpufreq.c b/drivers/cpufreq/cppc_cpufreq.c index bc5fc16..b1e32ad 100644 --- a/drivers/cpufreq/cppc_cpufreq.c +++ b/drivers/cpufreq/cppc_cpufreq.c @@ -126,6 +126,46 @@ static void cppc_cpufreq_stop_cpu(struct cpufreq_policy *policy) cpu->perf_caps.lowest_perf, cpu_num, ret); } +/* + * The PCC subspace describes the rate at which platform can accept commands + * on the shared PCC channel (including READs which do not count towards freq + * trasition requests), so ideally we need to use the PCC values as a fallback + * if we don't have a platform specific transition_delay_us + */ +#if defined(CONFIG_ARM64) +#include <asm/cputype.h> + +static unsigned int cppc_cpufreq_get_transition_delay_us(int cpu) +{ + unsigned long implementor = read_cpuid_implementor(); + unsigned long part_num = read_cpuid_part_number(); + unsigned int delay_us = 0; + + switch (implementor) { + case ARM_CPU_IMP_QCOM: + switch (part_num) { + case QCOM_CPU_PART_FALKOR_V1: + case QCOM_CPU_PART_FALKOR: + delay_us = 10000; + break; + } + break; + } + + if (!delay_us) + delay_us = cppc_get_transition_latency(cpu) / NSEC_PER_USEC; + + return delay_us; +} + +#else + +static unsigned int cppc_cpufreq_get_transition_delay_us(int cpu) +{ + return cppc_get_transition_latency(cpu) / NSEC_PER_USEC; +} +#endif + static int cppc_cpufreq_cpu_init(struct cpufreq_policy *policy) { struct cppc_cpudata *cpu; @@ -162,8 +202,7 @@ static int cppc_cpufreq_cpu_init(struct cpufreq_policy *policy) cpu->perf_caps.highest_perf; policy->cpuinfo.max_freq = cppc_dmi_max_khz; - policy->transition_delay_us = cppc_get_transition_latency(cpu_num) / - NSEC_PER_USEC; + policy->transition_delay_us = cppc_cpufreq_get_transition_delay_us(cpu_num); policy->shared_type = cpu->shared_type; if (policy->shared_type == CPUFREQ_SHARED_TYPE_ANY) { -- Qualcomm Datacenter Technologies on behalf of Qualcomm Technologies, Inc. Qualcomm Technologies, Inc. is a member of the Code Aurora Forum, a Linux Foundation Collaborative Project.

7 years, 2 months

3
4
0 0

[PATCH v2 1/2] pinctrl/samsung: Correct EINTG banks order

by Paweł Chmiel

All banks with GPIO interrupts should be at beginning of bank array and without any other types of banks between them. This order is expected by exynos_eint_gpio_irq, when doing interrupt group to bank translation. Otherwise, kernel NULL pointer dereference would happen when trying to handle interrupt, due to wrong bank being looked up. Observed on s5pv210, when trying to handle gpj0 interrupt, where kernel was mapping it to gpi bank. Cc: stable(a)vger.kernel.org Fixes: 023e06dfa6882f500b9c86fd61f0b1913aa07f36 ("pinctrl: exynos: add exynos5410 SoC specific data") Fixes: 608a26a7bc04a39cfd7041f31ca2b2100113d14e ("pinctrl: Add s5pv210 support to pinctrl-exynos) Signed-off-by: Paweł Chmiel <pawel.mikolaj.chmiel(a)gmail.com> --- Changes from v1: - Limit changes to s5pv210 and Exynos5410. Exynos3250 will be handled later. - Added cc stable - Added fixes tag --- drivers/pinctrl/samsung/pinctrl-exynos-arm.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/pinctrl/samsung/pinctrl-exynos-arm.c b/drivers/pinctrl/samsung/pinctrl-exynos-arm.c index 90c2744..4f4ae66 100644 --- a/drivers/pinctrl/samsung/pinctrl-exynos-arm.c +++ b/drivers/pinctrl/samsung/pinctrl-exynos-arm.c @@ -105,12 +105,12 @@ static const struct samsung_pin_bank_data s5pv210_pin_bank[] __initconst = { EXYNOS_PIN_BANK_EINTG(7, 0x1c0, "gpg1", 0x38), EXYNOS_PIN_BANK_EINTG(7, 0x1e0, "gpg2", 0x3c), EXYNOS_PIN_BANK_EINTG(7, 0x200, "gpg3", 0x40), - EXYNOS_PIN_BANK_EINTN(7, 0x220, "gpi"), EXYNOS_PIN_BANK_EINTG(8, 0x240, "gpj0", 0x44), EXYNOS_PIN_BANK_EINTG(6, 0x260, "gpj1", 0x48), EXYNOS_PIN_BANK_EINTG(8, 0x280, "gpj2", 0x4c), EXYNOS_PIN_BANK_EINTG(8, 0x2a0, "gpj3", 0x50), EXYNOS_PIN_BANK_EINTG(5, 0x2c0, "gpj4", 0x54), + EXYNOS_PIN_BANK_EINTN(7, 0x220, "gpi"), EXYNOS_PIN_BANK_EINTN(8, 0x2e0, "mp01"), EXYNOS_PIN_BANK_EINTN(4, 0x300, "mp02"), EXYNOS_PIN_BANK_EINTN(8, 0x320, "mp03"), @@ -630,7 +630,6 @@ static const struct samsung_pin_bank_data exynos5410_pin_banks0[] __initconst = EXYNOS_PIN_BANK_EINTG(4, 0x100, "gpc3", 0x20), EXYNOS_PIN_BANK_EINTG(7, 0x120, "gpc1", 0x24), EXYNOS_PIN_BANK_EINTG(7, 0x140, "gpc2", 0x28), - EXYNOS_PIN_BANK_EINTN(2, 0x160, "gpm5"), EXYNOS_PIN_BANK_EINTG(8, 0x180, "gpd1", 0x2c), EXYNOS_PIN_BANK_EINTG(8, 0x1A0, "gpe0", 0x30), EXYNOS_PIN_BANK_EINTG(2, 0x1C0, "gpe1", 0x34), @@ -641,6 +640,7 @@ static const struct samsung_pin_bank_data exynos5410_pin_banks0[] __initconst = EXYNOS_PIN_BANK_EINTG(2, 0x260, "gpg2", 0x48), EXYNOS_PIN_BANK_EINTG(4, 0x280, "gph0", 0x4c), EXYNOS_PIN_BANK_EINTG(8, 0x2A0, "gph1", 0x50), + EXYNOS_PIN_BANK_EINTN(2, 0x160, "gpm5"), EXYNOS_PIN_BANK_EINTN(8, 0x2C0, "gpm7"), EXYNOS_PIN_BANK_EINTN(6, 0x2E0, "gpy0"), EXYNOS_PIN_BANK_EINTN(4, 0x300, "gpy1"), -- 2.7.4

7 years, 2 months

4
3
0 0

[PATCH] libata: Apply NOLPM quirk for SanDisk SD7UB3Q*G1001 SSDs

by Hans de Goede

Richard Jones has reported that using med_power_with_dipm on a T450s with a Sandisk SD7UB3Q256G1001 SSD (firmware version X2180501) is causing the machine to hang. Switching the LPM to max_performance fixes this, so it seems that this Sandisk SSD does not handle LPM well. Note in the past there have been bug-reports about the following Sandisk models not working with min_power, so we may need to extend the quirk list in the future: name - firmware Sandisk SD6SB2M512G1022I - X210400 Sandisk SD6PP4M-256G-1006 - A200906 Cc: stable(a)vger.kernel.org Cc: Richard W.M. Jones <rjones(a)redhat.com> Reported-and-tested-by: Richard W.M. Jones <rjones(a)redhat.com> Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> --- drivers/ata/libata-core.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c index 6e400ff2b5db..68596bd4cf06 100644 --- a/drivers/ata/libata-core.c +++ b/drivers/ata/libata-core.c @@ -4552,6 +4552,9 @@ static const struct ata_blacklist_entry ata_device_blacklist [] = { /* This specific Samsung model/firmware-rev does not handle LPM well */ { "SAMSUNG MZMPC128HBFU-000MV", "CXM14M1Q", ATA_HORKAGE_NOLPM, }, + /* Sandisk devices which are known to not handle LPM well */ + { "SanDisk SD7UB3Q*G1001", NULL, ATA_HORKAGE_NOLPM, }, + /* devices that don't properly handle queued TRIM commands */ { "Micron_M500_*", NULL, ATA_HORKAGE_NO_NCQ_TRIM | ATA_HORKAGE_ZERO_AFTER_TRIM, }, -- 2.17.0

7 years, 2 months

2
1
0 0

Linux 4.14.36

by Greg KH

I'm announcing the release of the 4.14.36 kernel. All users of the 4.14 kernel series must upgrade. The updated 4.14.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.14.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/boot/dts/at91sam9g25.dtsi | 2 arch/arm/boot/dts/da850-lego-ev3.dts | 4 arch/arm/boot/dts/exynos5250.dtsi | 8 arch/arm/boot/dts/mt7623n-bananapi-bpi-r2.dts | 24 + arch/arm/boot/dts/sama5d4.dtsi | 2 arch/arm/mach-exynos/pm.c | 6 arch/arm64/boot/dts/amlogic/meson-gxbb-odroidc2.dts | 2 arch/mips/include/asm/uaccess.h | 11 arch/mips/lib/memset.S | 11 arch/powerpc/include/asm/barrier.h | 3 arch/powerpc/include/asm/opal.h | 3 arch/powerpc/include/asm/synch.h | 4 arch/powerpc/kernel/dt_cpu_ftrs.c | 12 arch/powerpc/kernel/eeh_pe.c | 3 arch/powerpc/kernel/kprobes.c | 30 +- arch/powerpc/kernel/machine_kexec_file_64.c | 2 arch/powerpc/lib/feature-fixups.c | 2 arch/powerpc/mm/hash_utils_64.c | 6 arch/powerpc/platforms/powernv/opal-nvram.c | 11 arch/powerpc/platforms/pseries/lpar.c | 8 arch/powerpc/sysdev/xive/native.c | 4 arch/s390/hypfs/inode.c | 2 arch/um/os-Linux/file.c | 1 arch/um/os-Linux/signal.c | 3 arch/x86/um/stub_segv.c | 3 arch/x86/xen/enlighten_pv.c | 8 drivers/acpi/nfit/core.c | 18 - drivers/acpi/video_detect.c | 9 drivers/base/regmap/regmap.c | 2 drivers/char/random.c | 84 +++++- drivers/char/tpm/tpm-interface.c | 4 drivers/clk/bcm/clk-bcm2835.c | 8 drivers/clk/mediatek/clk-mt2701.c | 15 - drivers/clk/mvebu/armada-38x.c | 14 - drivers/clk/renesas/clk-sh73a0.c | 6 drivers/cpufreq/cppc_cpufreq.c | 3 drivers/dma/at_xdmac.c | 4 drivers/extcon/extcon-intel-cht-wc.c | 11 drivers/gpu/drm/amd/amdgpu/amdgpu_atpx_handler.c | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_bo_list.c | 6 drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 2 drivers/gpu/drm/amd/amdgpu/cik_sdma.c | 2 drivers/gpu/drm/amd/amdgpu/sdma_v2_4.c | 2 drivers/gpu/drm/amd/amdgpu/sdma_v3_0.c | 2 drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c | 2 drivers/gpu/drm/amd/amdgpu/si.c | 67 ++++ drivers/gpu/drm/amd/amdgpu/si_dpm.c | 4 drivers/gpu/drm/i915/i915_reg.h | 10 drivers/gpu/drm/i915/intel_sprite.c | 81 ++++- drivers/gpu/drm/radeon/radeon_device.c | 4 drivers/gpu/drm/radeon/si_dpm.c | 4 drivers/gpu/drm/rockchip/rockchip_drm_vop.c | 23 - drivers/hid/hid-core.c | 10 drivers/hid/hid-input.c | 27 + drivers/hid/hid-multitouch.c | 5 drivers/hid/hid-rmi.c | 4 drivers/hid/hidraw.c | 5 drivers/hid/i2c-hid/i2c-hid.c | 13 drivers/hid/wacom_sys.c | 4 drivers/hid/wacom_wac.c | 76 +++-- drivers/i2c/busses/i2c-i801.c | 16 + drivers/infiniband/core/ucma.c | 3 drivers/infiniband/hw/mlx5/mr.c | 2 drivers/infiniband/sw/rxe/rxe_verbs.c | 5 drivers/infiniband/ulp/srp/ib_srp.c | 18 - drivers/iommu/intel-svm.c | 1 drivers/irqchip/irq-gic-common.c | 9 drivers/md/dm-crypt.c | 66 ++++ drivers/media/platform/vivid/vivid-vid-common.c | 3 drivers/media/platform/vsp1/vsp1_wpf.c | 2 drivers/misc/cxl/cxllib.c | 85 +++--- drivers/mmc/host/jz4740_mmc.c | 2 drivers/mmc/host/sdhci-pci-core.c | 25 + drivers/mmc/host/tmio_mmc_core.c | 2 drivers/mtd/ubi/block.c | 2 drivers/mtd/ubi/build.c | 11 drivers/mtd/ubi/fastmap-wl.c | 1 drivers/net/wireless/intel/iwlwifi/cfg/9000.c | 62 ++++ drivers/net/wireless/intel/iwlwifi/fw/file.h | 1 drivers/net/wireless/intel/iwlwifi/iwl-config.h | 5 drivers/net/wireless/intel/iwlwifi/mvm/fw.c | 4 drivers/net/wireless/intel/iwlwifi/pcie/drv.c | 195 ++++++++++++-- drivers/net/xen-netfront.c | 7 drivers/nvdimm/dimm.c | 8 drivers/nvdimm/namespace_devs.c | 4 drivers/pci/hotplug/acpiphp_glue.c | 23 + drivers/pci/quirks.c | 4 drivers/phy/allwinner/phy-sun4i-usb.c | 10 drivers/pwm/pwm-rcar.c | 8 drivers/soc/mediatek/mtk-scpsys.c | 2 drivers/spi/spi-atmel.c | 8 drivers/spi/spi.c | 19 - drivers/staging/media/atomisp/pci/atomisp2/atomisp_fops.c | 6 drivers/staging/media/lirc/lirc_zilog.c | 9 drivers/thermal/imx_thermal.c | 6 drivers/thunderbolt/icm.c | 10 drivers/thunderbolt/nhi.c | 1 drivers/thunderbolt/switch.c | 9 drivers/tty/n_tty.c | 6 drivers/tty/tty_io.c | 9 drivers/usb/core/generic.c | 9 drivers/usb/dwc3/core.c | 3 drivers/usb/dwc3/dwc3-pci.c | 2 drivers/usb/dwc3/gadget.c | 43 +-- drivers/usb/gadget/function/f_midi.c | 3 drivers/usb/gadget/u_f.h | 2 drivers/usb/gadget/udc/core.c | 3 drivers/usb/musb/musb_gadget_ep0.c | 14 - drivers/vfio/pci/vfio_pci_config.c | 29 +- drivers/watchdog/f71808e_wdt.c | 2 fs/autofs4/root.c | 2 fs/cifs/Kconfig | 1 fs/cifs/cifsencrypt.c | 85 +----- fs/cifs/cifsfs.c | 1 fs/cifs/cifsglob.h | 3 fs/cifs/cifsproto.h | 5 fs/cifs/inode.c | 33 ++ fs/cifs/link.c | 27 - fs/cifs/misc.c | 54 +++ fs/cifs/smb2ops.c | 15 - fs/cifs/smb2pdu.c | 8 fs/cifs/smb2proto.h | 3 fs/cifs/smb2transport.c | 97 ++---- fs/cifs/smbencrypt.c | 27 - fs/ext4/balloc.c | 3 fs/ext4/ext4_jbd2.c | 7 fs/ext4/ialloc.c | 47 --- fs/ext4/inode.c | 11 fs/ext4/ioctl.c | 8 fs/ext4/super.c | 21 - fs/ext4/xattr.c | 121 ++++---- fs/ext4/xattr.h | 11 fs/fs-writeback.c | 7 fs/jbd2/journal.c | 30 +- fs/jffs2/super.c | 2 fs/namespace.c | 3 fs/notify/fanotify/fanotify.c | 34 +- fs/orangefs/super.c | 5 fs/reiserfs/journal.c | 2 fs/ubifs/super.c | 14 - fs/udf/unicode.c | 6 include/dt-bindings/clock/mt2701-clk.h | 3 include/linux/backing-dev-defs.h | 5 include/linux/backing-dev.h | 30 +- include/linux/blk_types.h | 5 include/linux/compiler-clang.h | 3 include/linux/compiler-gcc.h | 12 include/linux/hid.h | 15 - include/linux/hmm.h | 9 include/linux/tty.h | 1 include/sound/pcm_oss.h | 1 include/uapi/linux/random.h | 3 ipc/shm.c | 23 + kernel/resource.c | 3 kernel/trace/ring_buffer.c | 5 mm/filemap.c | 9 mm/hmm.c | 3 mm/ksm.c | 7 mm/page-writeback.c | 18 - mm/slab.c | 3 net/dsa/tag_brcm.c | 3 net/dsa/tag_dsa.c | 3 net/dsa/tag_edsa.c | 3 net/dsa/tag_ksz.c | 3 net/dsa/tag_lan9303.c | 3 net/dsa/tag_mtk.c | 3 net/dsa/tag_qca.c | 3 net/dsa/tag_trailer.c | 3 net/sunrpc/rpc_pipe.c | 1 sound/core/oss/pcm_oss.c | 186 ++++++++++--- sound/core/pcm.c | 8 sound/core/rawmidi_compat.c | 18 - sound/pci/hda/hda_intel.c | 3 sound/pci/hda/patch_realtek.c | 3 sound/soc/codecs/ssm2602.c | 19 - sound/soc/soc-topology.c | 23 + sound/usb/line6/midi.c | 2 virt/kvm/arm/vgic/vgic-its.c | 15 - 179 files changed, 1840 insertions(+), 801 deletions(-) Aaron Armstrong Skomra (1): HID: wacom: bluetooth: send exit report for recent Bluetooth devices Aaron Ma (3): HID: i2c-hid: fix size check and type usage HID: Fix hid_report_len usage HID: core: Fix size as type u32 Al Viro (5): jffs2_kill_sb(): deal with failed allocations hypfs_kill_super(): deal with failed allocations orangefs_kill_sb(): deal with allocation failures rpc_pipefs: fix double-dput() Don't leak MNT_INTERNAL away from internal mounts Alex Deucher (4): drm/amdgpu: Add an ATPX quirk for hybrid laptop drm/amdgpu/sdma: fix mask in emit_pipeline_sync drm/amdgpu: Fix PCIe lane width calculation drm/amdgpu/si: implement get/set pcie_lanes asic callback Alex Smith (1): mmc: jz4740: Fix race condition in IRQ mask update Alex Williamson (1): vfio/pci: Virtualize Maximum Read Request Size Amir Goldstein (1): fanotify: fix logic of events on child Andrew Lunn (1): net: dsa: Discard frames from unused ports Andrew Morton (1): fs/reiserfs/journal.c: add missing resierfs_warning() arg Aniruddha Banerjee (1): irqchip/gic: Take lock when updating irq type Arnd Bergmann (1): clk: fix false-positive Wmaybe-uninitialized warning Aurelien Aptel (2): CIFS: refactor crypto shash/sdesc allocation&free CIFS: add sha512 secmech Bart Van Assche (3): RDMA/rxe: Fix an out-of-bounds read IB/srp: Fix srp_abort() IB/srp: Fix completion vector assignment algorithm Bas Nieuwenhuizen (1): drm/amdgpu: Fix always_valid bos multiple LRU insertions. Benjamin Herrenschmidt (1): powerpc/xive: Fix trying to "push" an already active pool VP Boris Brezillon (1): clk: bcm2835: De-assert/assert PLL reset signal when appropriate Chen-Yu Tsai (1): phy: allwinner: sun4i-usb: poll vbus changes on A23/A33 when driving VBUS Chris Chiu (1): tpm: self test failure should not cause suspend to fail Claudio Imbrenda (1): mm/ksm.c: fix inconsistent accounting of zero pages Dan Carpenter (1): regmap: Fix reversed bounds check in regmap_raw_write() Dan Williams (4): libnvdimm, dimm: fix dpa reservation vs uninitialized label area libnvdimm, namespace: use a safe lookup for dimm device name nfit, address-range-scrub: fix scrub in-progress reporting nfit: skip region registration for incomplete control regions Daniel Kurtz (1): mmc: sdhci-pci: Only do AMD tuning for HS200 David Lechner (1): ARM: dts: da850-lego-ev3: Fix battery voltage gpio David Wang (1): ALSA: hda - New VIA controller suppor no-snoop path Dmitry Torokhov (1): HID: input: fix battery level reporting on BT mice Eric Biggers (2): ipc/shm: fix use-after-free of shm file via remap_file_pages() ext4: limit xattr size to INT_MAX Eryu Guan (1): ext4: protect i_disksize update by i_data_sem in direct write path Eugen Hristev (1): spi: atmel: init FIFOs before spi enable Fabián Inostroza (1): ALSA: line6: Use correct endpoint type for midi output Felipe Balbi (2): usb: gadget: udc: core: update usb_ep_queue() documentation usb: dwc3: gadget: never call ->complete() from ->ep_queue() Frederic Barrat (1): cxl: Fix possible deadlock when processing page faults from cxllib George Cherian (1): cpufreq: CPPC: Use transition_delay_us depending transition_latency Greg Kroah-Hartman (1): Linux 4.14.36 Greg Thelen (1): writeback: safer lock nesting Gustavo A. R. Silva (1): CIFS: fix sha512 check in cifs_crypto_secmech_release Hans Verkuil (2): media: atomisp_fops.c: disable atomisp_compat_ioctl32 media: vivid: check if the cec_adapter is valid Hans de Goede (2): ACPI / video: Add quirk to force acpi-video backlight on Samsung 670Z5E extcon: intel-cht-wc: Set direction and drv flags for V5 boost GPIO Heinrich Schuchardt (1): usb: musb: gadget: misplaced out of bounds check Hui Wang (2): ALSA: hda/realtek - set PINCFG_HEADSET_MIC to parse_flags ALSA: hda/realtek - adjust the location of one mic Ian Kent (1): autofs: mount point create should honour passed in mode Igor Pylypiv (1): watchdog: f71808e_wdt: Fix WD_EN register read James Kelly (1): ASoC: ssm2602: Replace reg_default_raw with reg_default Jan Kara (1): udf: Fix leak of UTF-16 surrogates into encoded strings Jarkko Nikula (1): spi: Fix unregistration of controller with fixed SPI bus number Jason A. Donenfeld (1): um: Compile with modern headers Jason Andryuk (2): x86/xen: Delay get_cpu_cap until stack canary is established xen-netfront: Fix hang on device removal Jean Delvare (2): i2c: i801: Save register SMBSLVCMD value only once i2c: i801: Restore configuration at shutdown Jerome Brunet (1): ARM64: dts: meson: reduce odroid-c2 eMMC maximum rate Jérôme Glisse (2): mm/hmm: fix header file if/else/endif maze mm/hmm: hmm_pfns_bad() was accessing wrong struct Kees Cook (1): task_struct: only use anon struct under randstruct plugin Kieran Bingham (1): media: vsp1: Fix BRx conditional path in WPF Krzysztof Mazur (1): um: Use POSIX ucontext_t instead of struct ucontext Leon Romanovsky (1): RDMA/mlx5: Protect from NULL pointer derefence Liam Girdwood (1): ASoC: topology: Fix kcontrol name string handling Lu Baolu (1): iommu/vt-d: Fix a potential memory leak Luca Coelho (2): iwlwifi: add shared clock PHY config flag for some devices iwlwifi: add a bunch of new 9000 PCI IDs Marc Zyngier (2): KVM: arm/arm64: vgic-its: Fix potential overrun in vgic_copy_lpi_list drm/rockchip: Clear all interrupts before requesting the IRQ Marek Szyprowski (2): ARM: EXYNOS: Fix coupled CPU idle freeze on Exynos4210 ARM: dts: exynos: Fix IOMMU support for GScaler devices on Exynos5250 Masaharu Hayakawa (1): mmc: tmio: Fix error handling when issuing CMD23 Matt Redfearn (4): MIPS: uaccess: Add micromips clobbers to bzero invocation MIPS: memset.S: EVA & fault support for small_memset MIPS: memset.S: Fix return of __clear_user from Lpartial_fixup MIPS: memset.S: Fix clobber of v1 in last_fixup Matthew Wilcox (1): mm/filemap.c: fix NULL pointer in page_cache_tree_insert() Maxime Chevallier (1): spi: Fix scatterlist elements size in spi_map_buf Maxime Jayat (1): dmaengine: at_xdmac: fix rare residue corruption Michael Ellerman (1): powerpc/lib: Fix off-by-one in alternate feature patching Michael Neuling (1): powerpc/eeh: Fix enabling bridge MMIO windows Mika Westerberg (5): ACPI / hotplug / PCI: Check presence of slot itself in get_slot_status() thunderbolt: Wait a bit longer for ICM to authenticate the active NVM thunderbolt: Serialize PCIe tunnel creation with PCI rescan thunderbolt: Resume control channel after hibernation image is created thunderbolt: Prevent crash when ICM firmware is not running Mikhail Lappo (1): thermal: imx: Fix race condition in imx_thermal_probe() Mikulas Patocka (2): block: use 32-bit blk_status_t on Alpha dm crypt: limit the number of allocated pages Naveen N. Rao (1): powerpc/kprobes: Fix call trace due to incorrect preempt count Nicholas Piggin (5): powerpc/powernv: Handle unknown OPAL errors in opal_nvram_write() powerpc/64s: Fix dt_cpu_ftrs to have restore_cpu clear unwanted LPCR bits powerpc/64: Fix smp_wmb barrier definition use use lwsync consistently powerpc/powernv: define a standard delay for OPAL_BUSY type retry loops powerpc/powernv: Fix OPAL NVRAM driver OPAL_BUSY loops Nico Sneck (1): drm/radeon: add PX quirk for Asus K73TK Nicolas Ferre (1): ARM: dts: at91: at91sam9g25: fix mux-mask pinctrl property Paul Mackerras (1): powerpc/64: Call H_REGISTER_PROC_TBL when running as a HPT guest on POWER9 Paul Parsons (1): drm/radeon: Fix PCIe lane width calculation Richard Genoud (1): clk: mvebu: armada-38x: add support for missing clocks Richard Weinberger (3): ubifs: Check ubifs_wbuf_sync() return code ubi: fastmap: Don't flush fastmap work on detach ubi: Reject MLC NAND Rodrigo Rivas Costa (1): HID: hidraw: Fix crash on HIDIOCGFEATURE with a destroyed device Roger Quadros (1): usb: dwc3: prevent setting PRTCAP to OTG from debugfs Roland Dreier (1): RDMA/ucma: Don't allow setting RDMA_OPTION_IB_PATH without an RDMA device Romain Izard (1): ubi: Fix error for write access Ronnie Sahlberg (2): cifs: fix memory leak in SMB2_open() fix smb3-encryption breakage when CONFIG_DEBUG_SG=y Ryo Kodama (1): pwm: rcar: Fix a condition to prevent mismatch value setting to duty Santiago Esteban (1): ARM: dts: at91: sama5d4: fix pinctrl compatible string Sean Wang (4): arm: dts: mt7623: fix USB initialization fails on bananapi-r2 soc: mediatek: fix the mistaken pointer accessed when subdomains are added clk: mediatek: fix PWM clock source by adding a fixed-factor clock dt-bindings: clock: mediatek: add binding for fixed-factor clock axisel_d4 Sean Young (2): Revert "media: lirc_zilog: driver only sends LIRCCODE" media: staging: lirc_zilog: incorrect reference counting Sinan Kaya (1): PCI: Mark Broadcom HT1100 and HT2000 Root Port Extended Tags as broken Steve French (1): smb3: Fix root directory when server returns inode number of zero Steven Rostedt (VMware) (1): ring-buffer: Check if memory is available before allocation Takashi Iwai (8): resource: fix integer overflow at reallocation ALSA: pcm: Fix UAF at PCM release via PCM timer access ALSA: pcm: Use ERESTARTSYS instead of EINTR in OSS emulation ALSA: pcm: Avoid potential races between OSS ioctls and read/write ALSA: pcm: Return -EBUSY for OSS ioctls changing busy streams ALSA: pcm: Fix mutex unbalance in OSS emulation ioctls ALSA: pcm: Fix endless loop for XRUN recovery in OSS emulation ALSA: rawmidi: Fix missing input substream checks in compat ioctls Tejun Heo (1): tty: make n_tty_read() always abort if hangup is in progress Theodore Ts'o (16): random: use a tighter cap in credit_entropy_bits_safe() jbd2: if the journal is aborted then don't allow update of the log tail ext4: shutdown should not prevent get_write_access ext4: eliminate sleep from shutdown ioctl ext4: pass -ESHUTDOWN code to jbd2 layer ext4: don't update checksum of new initialized bitmaps ext4: fail ext4_iget for root directory if unallocated ext4: always initialize the crc32c checksum driver ext4: don't allow r/w mounts if metadata blocks overlap the superblock ext4: move call to ext4_error() into ext4_xattr_check_block() ext4: add bounds checking to ext4_xattr_find_entry() ext4: add extra checks to ext4_xattr_block_get() random: fix crng_ready() test random: use a different mixing algorithm for add_device_randomness() random: crng_reseed() should lock the crng instance that it is modifying random: add new ioctl RNDRESEEDCRNG Thiago Jung Bauermann (1): powerpc/kexec_file: Fix error code when trying to load kdump kernel Thinh Nguyen (1): usb: dwc3: pci: Properly cleanup resource Ville Syrjälä (1): drm/i915: Correctly handle limited range YCbCr data on VLV/CHV Vlastimil Babka (1): mm, slab: reschedule cache_reap() on the same CPU Yavuz, Tuba (1): USB: gadget: f_midi: fixing a possible double-free in f_midi Zhengjun Xing (1): USB:fix USB3 devices behind USB3 hubs not resuming at hibernate thaw

7 years, 2 months

4
19
0 0

console: Drop added "static" for newport_con

by Dmitry Shmidt

Please add this patch to stable 4.14 commit f54450ad1942287cc76b38021c0441fc4901d2de Author: Kees Cook <keescook(a)chromium.org> Date: Tue Feb 27 13:11:21 2018 -0800 console: Drop added "static" for newport_con Commit 4fe505119778 ("console: Expand dummy functions for CFI") accidentally added "static" to newport_con instance of struct consw, while trying to normalize the declarations. This, however, needed to stay non-static as it has an extern. Reported-by: kbuild test robot <fengguang.wu(a)intel.com> Fixes: 4fe505119778 ("console: Expand dummy functions for CFI") Signed-off-by: Kees Cook <keescook(a)chromium.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>

7 years, 2 months

2
4
0 0

[PATCHES] Networking

by David Miller

Please queue up the following networking bug fixes for v4.14 and v4.16 -stable, respectively. Thank you.

7 years, 2 months

2
1
0 0

[GIT PULL] commits for Linux 3.18

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 3.18 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 9764536dc592144beee43c987fef45d2e91ca55c: Linux 3.18.102 (2018-03-24 10:57:35 +0100) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-3.18-15042018 for you to fetch changes up to 75df115d69ca70bd7ebd8e0db11c2411abe3dce1: irqchip/gic-v3: Change pr_debug message to pr_devel (2018-04-15 11:02:31 -0400) - ---------------------------------------------------------------- for-greg-3.18-15042018 - ---------------------------------------------------------------- Alex Estrin (1): IB/ipoib: Fix for potential no-carrier state Alex Williamson (1): PCI: Add function 1 DMA alias quirk for Marvell 9128 Alexey Dobriyan (1): proc: fix /proc/*/map_files lookup Alexey Khoroshilov (1): vmlfb: Fix error handling in cr_pll_init() Anna-Maria Gleixner (1): tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into account Arnd Bergmann (4): xen: avoid type warning in xchg_xen_ulong scsi: fas216: fix sense buffer initialization x86/power: Fix swsusp_arch_resume prototype cifs: silence compiler warnings showing up with gcc-8.0.0 Benoît Thébaudeau (1): mmc: sdhci-esdhc: Add SDHCI_QUIRK_32BIT_DMA_ADDR Bjorn Helgaas (2): PCI: Correct PCI_STD_RESOURCE_END usage PCI: Enable ECRC only if device supports it Bob Moore (1): ACPICA: Disassembler: Abort on an invalid/unknown AML opcode Chen Yu (1): ACPI: processor_perflib: Do not send _PPC change notification if not ready Chris Packham (1): mtd: handle partitioning on devices with 0 erasesize Chris Wilson (1): e1000e: Undo e1000e_pm_freeze if __e1000_shutdown fails Christian Lamparter (1): net: emac: fix reset timeout with AR8035 phy Christoph Hellwig (1): PCI: Protect pci_error_handlers->reset_notify() usage with device_lock() Coly Li (1): bcache: properly set task state in bch_writeback_thread() Dan Carpenter (5): x86/nmi: Fix timeout test in test_nmi_ipi() scsi: bnx2i: missing error code in bnx2i_ep_connect() libertas: Fix lbs_prb_rsp_limit_set() ASoC: au1x: Fix timeout tests in au1xac97c_ac97_read() HID: roccat: prevent an out of bounds read in kovaplus_profile_activated() Dave Martin (3): arm64: ptrace: Fix VFP register dumping in compat coredumps arm64: ptrace: Avoid setting compat FP[SC]R to garbage if get_user fails arm64: ptrace: Fix incorrect get_user() use in compat_vfp_set() Eric Biggers (1): KEYS: put keyring if install_session_keyring_to_cred() fails Guenter Roeck (1): watchdog: sp5100_tco: Fix watchdog disable bit Hari Bathini (1): powerpc/fadump: avoid duplicates in crash memory ranges Hector Martin (1): firewire-ohci: work around oversized DMA reads on JMicron controllers Jacob Keller (1): ixgbe: avoid permanent lock of *_PTP_TX_IN_PROGRESS Jag Raman (1): sparc64: ldc abort during vds iso boot Jake Daryll Obina (1): jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path James Smart (2): scsi: lpfc: Fix return value of board_mode store routine in case of online failure scsi: lpfc: Fix crash after firmware flash when IO is running. Jan Chochol (1): nfs: Do not convert nfs_idmap_cache_timeout to jiffies Jan Höppner (1): s390/dasd: Display read-only attribute correctly Jean Delvare (2): firmware: dmi_scan: Check DMI structure length firmware: dmi_scan: Fix handling of empty DMI strings Jia-Ju Bai (1): scsi: megaraid: Fix a sleep-in-atomic bug Johan Hovold (1): scsi: sun_esp: fix device reference leaks João Paulo Rechi Vita (1): platform/x86: acer-wmi: Detect RF Button capability Kees Cook (1): scsi: csiostor: Avoid content leaks and casts Kirill A. Shutemov (1): asm-generic: provide generic_pmdp_establish() Leon Romanovsky (1): RDMA/mlx5: Avoid memory leak in case of XRCD dealloc failure Liu Bo (1): Btrfs: skip commit transaction if we don't have enough pinned bytes Liwei Song (1): i2c: ismt: fix wrong device address when unmap the data buffer Lorenzo Bianconi (1): iio: magnetometer: st_magn_spi: fix spi_device_id table Luc Van Oostenryck (2): arm64: pass machine size to sparse arm64: pass endianness info to sparse Luis R. Rodriguez (1): fs: warn in case userspace lied about modprobe return Lv Zheng (2): ACPICA: Events: Add runtime stub support for event APIs ACPI: EC: Fix EC command visibility for dynamic debug Marcel Holtmann (1): Bluetooth: Send HCI Set Event Mask Page 2 command only when needed Marcelo Ricardo Leitner (1): sctp: adjust ssthresh when transport is idle Marcin Nowakowski (2): MIPS: mm: fixed mappings: correct initialisation MIPS: kprobes: flush_insn_slot should flush only if probe initialised Mark Salter (1): irqchip/gic-v3: Change pr_debug message to pr_devel Mateusz Jurczyk (1): caif: Add sockaddr length check before accessing sa_family in connect handler Mathieu Larouche (1): drm/mgag200: Fix to always set HiPri for G200e4 V2 Matt Redfearn (1): MIPS: TXx9: use IS_BUILTIN() for CONFIG_LEDS_CLASS Mel Gorman (1): mm: pin address_space before dereferencing it while isolating an LRU page Michael Neuling (1): powerpc: Fix /proc/cpuinfo revision for POWER9 DD2 Mintz, Yuval (1): bnx2x: Allow vfs to disable txvlan offload Namhyung Kim (1): perf tests: Decompress kernel module before objdump Nikolay Borisov (1): btrfs: Fix out of bounds access in btrfs_search_slot Paolo Bonzini (1): kvm: x86: fix KVM_XEN_HVM_CONFIG ioctl Paul Burton (2): MIPS: CPS: Prevent multi-core with dcache aliasing MIPS: Handle tlbex-tlbp race condition Peter Zijlstra (1): perf/core: Correct event creation with PERF_FORMAT_GROUP Roopa Prabhu (1): vxlan: dont migrate permanent fdb entries during learn Ross Lagerwall (1): xen/grant-table: Use put_page instead of free_page Serhey Popovych (2): fib_rules: Resolve goto rules target on delete veth: Be more robust on network device creation when no attributes Steven Rostedt (VMware) (1): tools lib traceevent: Fix get_field_str() for dynamic strings Sujith Pandel (1): PCI: Add domain number check to find_smbios_instance_string() Suzuki K Poulose (1): irqchip/gic-v3: Honor forced affinity setting Tahsin Erdogan (1): ext4: change fast symlink test to not rely on i_blocks Takashi Iwai (1): ALSA: timer: Wrap with spinlock for queue access Tang Junhui (3): bcache: fix for allocator and register thread race bcache: fix for data collapse after re-attaching an attached device bcache: return attach error when no cache set exist Ulf Magnusson (3): kconfig: Don't leak main menus during parsing kconfig: Fix automatic menu creation mem leak kconfig: Fix expr_free() E_NOT leak Vlad Yasevich (1): macvlan: Do not return error when setting the same mac address WANG Cong (1): net_sched: move tcf_lock down after gen_replace_estimator() Xin Long (2): sctp: fix recursive locking warning in sctp_do_peeloff dccp: call inet_add_protocol after register_pernet_subsys in dccp_v4_init Xose Vazquez Perez (1): scsi: devinfo: fix format of the device list Yisheng Xie (2): mm/mempolicy: fix the check of nodemask from user mm/mempolicy: add nodes_empty check in SYSC_migrate_pages Yuyang Du (2): usb: usbip tool: Check the return of get_nports() usb: usbip tool: Fix refresh_imported_device_list() hayeswang (1): r8152: add byte_enable for ocp_read_word function mulhern (1): dm thin: fix documentation relative to low water mark threshold piaojun (2): ocfs2: return -EROFS to mount.ocfs2 if inode block is invalid ocfs2/acl: use 'ip_xattr_sem' to protect getting extended attribute Documentation/device-mapper/thin-provisioning.txt | 8 ++-- arch/arm/include/asm/xen/events.h | 2 +- arch/arm64/Makefile | 4 +- arch/arm64/kernel/ptrace.c | 25 ++++++++----- arch/mips/include/asm/kprobes.h | 3 +- arch/mips/kernel/smp-cps.c | 8 ++-- arch/mips/mm/pgtable-32.c | 6 +-- arch/mips/mm/tlbex.c | 38 ++++++++++++++++++- arch/mips/txx9/rbtx4939/setup.c | 4 +- arch/powerpc/kernel/fadump.c | 15 +++++++- arch/powerpc/kernel/setup-common.c | 4 ++ arch/sparc/kernel/ldc.c | 7 +++- arch/x86/kernel/nmi_selftest.c | 2 +- arch/x86/kvm/x86.c | 7 ++-- arch/x86/power/hibernate_32.c | 2 +- arch/x86/power/hibernate_64.c | 2 +- drivers/acpi/acpica/evxfevnt.c | 18 +++++++++ drivers/acpi/acpica/psobject.c | 14 +++++++ drivers/acpi/ec.c | 2 +- drivers/acpi/processor_perflib.c | 2 +- drivers/firewire/ohci.c | 8 +++- drivers/firmware/dmi_scan.c | 45 +++++++++++++---------- drivers/gpu/drm/mgag200/mgag200_mode.c | 9 ++++- drivers/hid/hid-roccat-kovaplus.c | 2 + drivers/i2c/busses/i2c-ismt.c | 2 +- drivers/iio/magnetometer/st_magn_spi.c | 2 - drivers/infiniband/hw/mlx5/qp.c | 5 +-- drivers/infiniband/ulp/ipoib/ipoib_main.c | 3 ++ drivers/irqchip/irq-gic-v3.c | 9 ++++- drivers/md/bcache/alloc.c | 4 +- drivers/md/bcache/bcache.h | 2 +- drivers/md/bcache/btree.c | 9 +++-- drivers/md/bcache/super.c | 23 +++++++++--- drivers/md/bcache/sysfs.c | 11 ++++-- drivers/md/bcache/writeback.c | 7 +++- drivers/mmc/host/sdhci-esdhc.h | 1 + drivers/mtd/mtdpart.c | 26 ++++++++----- drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 19 ++++++++-- drivers/net/ethernet/ibm/emac/core.c | 26 +++++++++++-- drivers/net/ethernet/intel/e1000e/netdev.c | 7 +++- drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 20 +++++++--- drivers/net/macvlan.c | 4 ++ drivers/net/usb/r8152.c | 4 +- drivers/net/veth.c | 4 +- drivers/net/vxlan.c | 2 +- drivers/net/wireless/libertas/mesh.c | 5 ++- drivers/pci/pci-label.c | 7 +++- drivers/pci/pci.c | 26 +++++++++---- drivers/pci/probe.c | 5 +++ drivers/pci/quirks.c | 4 +- drivers/platform/x86/acer-wmi.c | 7 ++++ drivers/s390/block/dasd_devmap.c | 19 +++++++--- drivers/scsi/arm/fas216.c | 2 +- drivers/scsi/bnx2i/bnx2i_iscsi.c | 3 +- drivers/scsi/csiostor/csio_lnode.c | 43 +++++++++++++--------- drivers/scsi/lpfc/lpfc_attr.c | 2 + drivers/scsi/lpfc/lpfc_sli.c | 2 +- drivers/scsi/megaraid/megaraid_mm.c | 2 +- drivers/scsi/scsi_devinfo.c | 7 ++-- drivers/scsi/sun_esp.c | 9 ++++- drivers/video/fbdev/vermilion/cr_pll.c | 1 + drivers/watchdog/sp5100_tco.h | 2 +- drivers/xen/grant-table.c | 4 +- fs/btrfs/ctree.c | 12 ++++-- fs/btrfs/extent-tree.c | 2 +- fs/cifs/cifssmb.c | 4 +- fs/ext4/inode.c | 20 ++++++---- fs/filesystems.c | 4 +- fs/jffs2/fs.c | 1 - fs/nfs/nfs4sysctl.c | 2 +- fs/ocfs2/acl.c | 6 +++ fs/ocfs2/super.c | 5 +-- fs/ocfs2/xattr.c | 2 + fs/proc/base.c | 29 ++++++++++++++- include/asm-generic/pgtable.h | 15 ++++++++ include/linux/suspend.h | 2 + include/trace/events/timer.h | 20 ++++++++-- kernel/events/core.c | 15 +++++--- kernel/power/power.h | 3 -- mm/mempolicy.c | 33 ++++++++++++++--- mm/vmscan.c | 14 ++++++- net/bluetooth/hci_core.c | 17 ++++++++- net/caif/caif_socket.c | 4 ++ net/core/fib_rules.c | 21 +++++++---- net/dccp/ipv4.c | 17 +++++---- net/sched/act_police.c | 8 ++-- net/sctp/socket.c | 4 +- net/sctp/transport.c | 2 + scripts/kconfig/expr.c | 2 +- scripts/kconfig/menu.c | 1 + scripts/kconfig/zconf.y | 33 ++++++++++++----- security/keys/process_keys.c | 7 ++-- sound/core/timer.c | 4 ++ sound/soc/au1x/ac97c.c | 6 +-- tools/lib/traceevent/parse-filter.c | 10 ++++- tools/perf/tests/code-reading.c | 20 +++++++++- tools/usb/usbip/libsrc/vhci_driver.c | 36 ++++++++++++++---- 97 files changed, 712 insertions(+), 246 deletions(-) -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlrTxkkACgkQ3qZv95d3 LNyfOg/+Ic6vtNSD5e34LVX9jQWJUG1rJNUoROLI+2ETel16nT2z3hNV2zgeOXeM z1bDWVnk3hctBzOujNThLI5Y2L9cYl/AeysI5GWwAVVXjdZhEpJNvNuVwuJTEcEF iwnx7ufyTqDboJaDDB3EfrVd1gadLQ7joTFxWFgNf2cgbeHUPpXIfdXeHEUfJNPf WOYYYh5He6KN/SobsU9HD1lMycY9FdGxpGfN3gQyRFiWvL4GfZA1ObNk9Gr50JZT +6SeyuoAFOwWTjmrTFIl1kFm9xCQlsKV+JRTD2ghqwRkT1NgtX9l+qXnKBOEFhrq KnWn0wKihLDKrQWF2JXP6O2I1MOw/oFyjzQ/PWUkYrSKRYmIsrB83N8QG038CT4l lapt6HVKZIRMPNfM0vRo8ZoNagA7T9O3zQp7fA0aLlvyQQOibPH4e1dQ6nXo+cnT aP8s3nZsJZtrR0hR3/1TG3gH4EBEhNdFL/Z2CshsjA4EROEOrzk+nFBu1pcOD+2M giPI6xkjZykm5ARJzX7Osf9AttunxKvptH6S5ZxP4vD/mm/TS8bSGmlm0DZo9tbU CFxeJiEP1ZevRfJa7HzpCX3dMqJAmF/zzFzjDZWegktvhB3m5wSDPMvsUX+gUPvm RCaINjNzHljDI7IW4GvW8843Aj4Ssvhgu+eTjFXp+HQxPpnWf+I= =AqXj -----END PGP SIGNATURE-----

7 years, 2 months

3
3
0 0

Cherry-pick 55cc11da6989 for 4.16.y?

by Takashi Iwai

Hi Greg, could you cherry-pick the commit 55cc11da6989 Revert "ath10k: send (re)assoc peer command when NSS changed" for 4.16.y? We've got a regression report on openSUSE Tumbleweed, and this upstream commit was confirmed to fix the issue: http://bugzilla.suse.com/show_bug.cgi?id=1090458 Thanks! Takashi

7 years, 2 months

2
1
0 0

Please apply commit 028daf801173 to v4.14.y

by Sinan Kaya

Hi Greg, Upstream commit 028daf801173 ("i40e: Fix attach VF to VM issue") fixes a virtualization issue for i40e based adapters. problem description below from the commit: 'Fix for "Resource temporarily unavailable" problem when virsh is trying to attach a device to VM. When the VF driver is loaded on host and virsh is trying to attach it to the VM and set a MAC address, it ends with a race condition between i40e_reset_vf and i40e_ndo_set_vf_mac functions. The bug is fixed by adding polling in i40e_ndo_set_vf_mac function For when the VF is in Reset mode.' Please apply commit 028daf801173 to fix the resulting regression. Thanks, Sinan -- Sinan Kaya Qualcomm Datacenter Technologies, Inc. as an affiliate of Qualcomm Technologies, Inc. Qualcomm Technologies, Inc. is a member of the Code Aurora Forum, a Linux Foundation Collaborative Project.

7 years, 2 months

2
2
0 0

[PATCH stable] drm: bridge: dw-hdmi: Fix overflow workaround for Amlogic Meson GX SoCs

by Neil Armstrong

commit 9c305eb442f3b371fc722ade827bbf673514123e upstream The Amlogic Meson GX SoCs, embedded the v2.01a controller, has been also identified needing this workaround. This patch adds the corresponding version to enable a single iteration for this specific version. Fixes: be41fc55f1aa ("drm: bridge: dw-hdmi: Handle overflow workaround based on device version") Acked-by: Archit Taneja <architt(a)codeaurora.org> [narmstrong: s/identifies/identified and rebased against Jernej's change] Signed-off-by: Neil Armstrong <narmstrong(a)baylibre.com> Link: https://patchwork.freedesktop.org/patch/msgid/1519386277-25902-1-git-send-e… [narmstrong: v4.14 to v4.16 backport] Cc: <stable(a)vger.kernel.org> # 4.14.x --- drivers/gpu/drm/bridge/synopsys/dw-hdmi.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/gpu/drm/bridge/synopsys/dw-hdmi.c b/drivers/gpu/drm/bridge/synopsys/dw-hdmi.c index bf14214..4db31b8 100644 --- a/drivers/gpu/drm/bridge/synopsys/dw-hdmi.c +++ b/drivers/gpu/drm/bridge/synopsys/dw-hdmi.c @@ -1634,6 +1634,8 @@ static void dw_hdmi_clear_overflow(struct dw_hdmi *hdmi) * (and possibly on the platform). So far only i.MX6Q (v1.30a) and * i.MX6DL (v1.31a) have been identified as needing the workaround, with * 4 and 1 iterations respectively. + * The Amlogic Meson GX SoCs (v2.01a) have been identified as needing + * the workaround with a single iteration. */ switch (hdmi->version) { @@ -1641,6 +1643,7 @@ static void dw_hdmi_clear_overflow(struct dw_hdmi *hdmi) count = 4; break; case 0x131a: + case 0x201a: count = 1; break; default: -- 2.7.4

7 years, 2 months

2
1
0 0

FAILED: patch "[PATCH] s390: add support for IBM z14 Model ZR1" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 451239eb3d397bd197a79cc3aab943da41ba0905 Mon Sep 17 00:00:00 2001 From: Heiko Carstens <heiko.carstens(a)de.ibm.com> Date: Fri, 13 Apr 2018 14:04:24 +0200 Subject: [PATCH] s390: add support for IBM z14 Model ZR1 Just add the new machine type number to the two places that matter. Cc: <stable(a)vger.kernel.org> # v4.14+ Signed-off-by: Heiko Carstens <heiko.carstens(a)de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky(a)de.ibm.com> diff --git a/arch/s390/Kconfig b/arch/s390/Kconfig index beccb58a82e5..199ac3e4da1d 100644 --- a/arch/s390/Kconfig +++ b/arch/s390/Kconfig @@ -286,12 +286,12 @@ config MARCH_Z13 older machines. config MARCH_Z14 - bool "IBM z14" + bool "IBM z14 ZR1 and z14" select HAVE_MARCH_Z14_FEATURES help - Select this to enable optimizations for IBM z14 (3906 series). - The kernel will be slightly faster but will not work on older - machines. + Select this to enable optimizations for IBM z14 ZR1 and z14 (3907 + and 3906 series). The kernel will be slightly faster but will not + work on older machines. endchoice diff --git a/arch/s390/kernel/perf_cpum_cf_events.c b/arch/s390/kernel/perf_cpum_cf_events.c index c5bc3f209652..5ee27dc9a10c 100644 --- a/arch/s390/kernel/perf_cpum_cf_events.c +++ b/arch/s390/kernel/perf_cpum_cf_events.c @@ -583,6 +583,7 @@ __init const struct attribute_group **cpumf_cf_event_group(void) model = cpumcf_z13_pmu_event_attr; break; case 0x3906: + case 0x3907: model = cpumcf_z14_pmu_event_attr; break; default: diff --git a/arch/s390/kernel/setup.c b/arch/s390/kernel/setup.c index fc3b4aa185cc..d82a9ec64ea9 100644 --- a/arch/s390/kernel/setup.c +++ b/arch/s390/kernel/setup.c @@ -821,6 +821,7 @@ static int __init setup_hwcaps(void) strcpy(elf_platform, "z13"); break; case 0x3906: + case 0x3907: strcpy(elf_platform, "z14"); break; }

7 years, 2 months

4
3
0 0

patch "USB: serial: ftdi_sio: use jtag quirk for Arrow USB Blaster" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled USB: serial: ftdi_sio: use jtag quirk for Arrow USB Blaster to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 470b5d6f0cf4674be2d1ec94e54283a1770b6a1a Mon Sep 17 00:00:00 2001 From: Vasyl Vavrychuk <vvavrychuk(a)gmail.com> Date: Wed, 11 Apr 2018 17:05:13 +0300 Subject: USB: serial: ftdi_sio: use jtag quirk for Arrow USB Blaster Arrow USB Blaster integrated on MAX1000 board uses the same vendor ID (0x0403) and product ID (0x6010) as the "original" FTDI device. This patch avoids picking up by ftdi_sio of the first interface of this USB device. After that this device can be used by Arrow user-space JTAG driver. Signed-off-by: Vasyl Vavrychuk <vvavrychuk(a)gmail.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/usb/serial/ftdi_sio.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/usb/serial/ftdi_sio.c b/drivers/usb/serial/ftdi_sio.c index 87202ad5a50d..7ea221d42dba 100644 --- a/drivers/usb/serial/ftdi_sio.c +++ b/drivers/usb/serial/ftdi_sio.c @@ -1898,7 +1898,8 @@ static int ftdi_8u2232c_probe(struct usb_serial *serial) return ftdi_jtag_probe(serial); if (udev->product && - (!strcmp(udev->product, "BeagleBone/XDS100V2") || + (!strcmp(udev->product, "Arrow USB Blaster") || + !strcmp(udev->product, "BeagleBone/XDS100V2") || !strcmp(udev->product, "SNAP Connect E10"))) return ftdi_jtag_probe(serial); -- 2.17.0

7 years, 2 months

1
0
0 0

patch "USB: serial: cp210x: add ID for NI USB serial console" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled USB: serial: cp210x: add ID for NI USB serial console to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 1e23aace21515a8f7615a1de016c0ea8d4e0cc6e Mon Sep 17 00:00:00 2001 From: Kyle Roeschley <kyle.roeschley(a)ni.com> Date: Mon, 9 Apr 2018 10:23:55 -0500 Subject: USB: serial: cp210x: add ID for NI USB serial console Added the USB VID and PID for the USB serial console on some National Instruments devices. Signed-off-by: Kyle Roeschley <kyle.roeschley(a)ni.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/usb/serial/cp210x.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/usb/serial/cp210x.c b/drivers/usb/serial/cp210x.c index de1e759dd512..eb6c26cbe579 100644 --- a/drivers/usb/serial/cp210x.c +++ b/drivers/usb/serial/cp210x.c @@ -214,6 +214,7 @@ static const struct usb_device_id id_table[] = { { USB_DEVICE(0x3195, 0xF190) }, /* Link Instruments MSO-19 */ { USB_DEVICE(0x3195, 0xF280) }, /* Link Instruments MSO-28 */ { USB_DEVICE(0x3195, 0xF281) }, /* Link Instruments MSO-28 */ + { USB_DEVICE(0x3923, 0x7A0B) }, /* National Instruments USB Serial Console */ { USB_DEVICE(0x413C, 0x9500) }, /* DW700 GPS USB interface */ { } /* Terminating Entry */ }; -- 2.17.0

7 years, 2 months

1
0
0 0

patch "USB: serial: simple: add libtransistor console" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled USB: serial: simple: add libtransistor console to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From fe710508b6ba9d28730f3021fed70e7043433b2e Mon Sep 17 00:00:00 2001 From: Collin May <collin(a)collinswebsite.com> Date: Sat, 7 Apr 2018 14:32:48 -0700 Subject: USB: serial: simple: add libtransistor console Add simple driver for libtransistor USB console. This device is implemented in software: https://github.com/reswitched/libtransistor/blob/development/lib/usb_serial… Signed-off-by: Collin May <collin(a)collinswebsite.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/usb/serial/Kconfig | 1 + drivers/usb/serial/usb-serial-simple.c | 7 +++++++ 2 files changed, 8 insertions(+) diff --git a/drivers/usb/serial/Kconfig b/drivers/usb/serial/Kconfig index a646820f5a78..533f127c30ad 100644 --- a/drivers/usb/serial/Kconfig +++ b/drivers/usb/serial/Kconfig @@ -62,6 +62,7 @@ config USB_SERIAL_SIMPLE - Fundamental Software dongle. - Google USB serial devices - HP4x calculators + - Libtransistor USB console - a number of Motorola phones - Motorola Tetra devices - Novatel Wireless GPS receivers diff --git a/drivers/usb/serial/usb-serial-simple.c b/drivers/usb/serial/usb-serial-simple.c index 4ef79e29cb26..40864c2bd9dc 100644 --- a/drivers/usb/serial/usb-serial-simple.c +++ b/drivers/usb/serial/usb-serial-simple.c @@ -63,6 +63,11 @@ DEVICE(flashloader, FLASHLOADER_IDS); 0x01) } DEVICE(google, GOOGLE_IDS); +/* Libtransistor USB console */ +#define LIBTRANSISTOR_IDS() \ + { USB_DEVICE(0x1209, 0x8b00) } +DEVICE(libtransistor, LIBTRANSISTOR_IDS); + /* ViVOpay USB Serial Driver */ #define VIVOPAY_IDS() \ { USB_DEVICE(0x1d5f, 0x1004) } /* ViVOpay 8800 */ @@ -110,6 +115,7 @@ static struct usb_serial_driver * const serial_drivers[] = { &funsoft_device, &flashloader_device, &google_device, + &libtransistor_device, &vivopay_device, &moto_modem_device, &motorola_tetra_device, @@ -126,6 +132,7 @@ static const struct usb_device_id id_table[] = { FUNSOFT_IDS(), FLASHLOADER_IDS(), GOOGLE_IDS(), + LIBTRANSISTOR_IDS(), VIVOPAY_IDS(), MOTO_IDS(), MOTOROLA_TETRA_IDS(), -- 2.17.0

7 years, 2 months

1
0
0 0

[PATCH 7/7] tracing: Fix missing tab for hwlat_detector print format

by Steven Rostedt

From: Peter Xu <peterx(a)redhat.com> It's been missing for a while but no one is touching that up. Fix it. Link: http://lkml.kernel.org/r/20180315060639.9578-1-peterx@redhat.com CC: Ingo Molnar <mingo(a)kernel.org> Cc:stable@vger.kernel.org Fixes: 7b2c86250122d ("tracing: Add NMI tracing in hwlat detector") Signed-off-by: Peter Xu <peterx(a)redhat.com> Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> --- kernel/trace/trace_entries.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/trace/trace_entries.h b/kernel/trace/trace_entries.h index e954ae3d82c0..e3a658bac10f 100644 --- a/kernel/trace/trace_entries.h +++ b/kernel/trace/trace_entries.h @@ -356,7 +356,7 @@ FTRACE_ENTRY(hwlat, hwlat_entry, __field( unsigned int, seqnum ) ), - F_printk("cnt:%u\tts:%010llu.%010lu\tinner:%llu\touter:%llunmi-ts:%llu\tnmi-count:%u\n", + F_printk("cnt:%u\tts:%010llu.%010lu\tinner:%llu\touter:%llu\tnmi-ts:%llu\tnmi-count:%u\n", __entry->seqnum, __entry->tv_sec, __entry->tv_nsec, -- 2.16.3

7 years, 2 months

1
0
0 0

[PATCH 4/7] kprobes: Fix random address output of blacklist file

by Steven Rostedt

From: Thomas Richter <tmricht(a)linux.ibm.com> File /sys/kernel/debug/kprobes/blacklist displays random addresses: [root@s8360046 linux]# cat /sys/kernel/debug/kprobes/blacklist 0x0000000047149a90-0x00000000bfcb099a print_type_x8 .... This breaks 'perf probe' which uses the blacklist file to prohibit probes on certain functions by checking the address range. Fix this by printing the correct (unhashed) address. The file mode is read all but this is not an issue as the file hierarchy points out: # ls -ld /sys/ /sys/kernel/ /sys/kernel/debug/ /sys/kernel/debug/kprobes/ /sys/kernel/debug/kprobes/blacklist dr-xr-xr-x 12 root root 0 Apr 19 07:56 /sys/ drwxr-xr-x 8 root root 0 Apr 19 07:56 /sys/kernel/ drwx------ 16 root root 0 Apr 19 06:56 /sys/kernel/debug/ drwxr-xr-x 2 root root 0 Apr 19 06:56 /sys/kernel/debug/kprobes/ -r--r--r-- 1 root root 0 Apr 19 06:56 /sys/kernel/debug/kprobes/blacklist Everything in and below /sys/kernel/debug is rwx to root only, no group or others have access. Background: Directory /sys/kernel/debug/kprobes is created by debugfs_create_dir() which sets the mode bits to rwxr-xr-x. Maybe change that to use the parent's directory mode bits instead? Link: http://lkml.kernel.org/r/20180419105556.86664-1-tmricht@linux.ibm.com Fixes: ad67b74d2469 ("printk: hash addresses printed with %p") Cc: stable(a)vger.kernel.org Cc: <stable(a)vger.kernel.org> # v4.15+ Cc: Ananth N Mavinakayanahalli <ananth(a)linux.vnet.ibm.com> Cc: Anil S Keshavamurthy <anil.s.keshavamurthy(a)intel.com> Cc: David S Miller <davem(a)davemloft.net> Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: acme(a)kernel.org Signed-off-by: Thomas Richter <tmricht(a)linux.ibm.com> Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> --- kernel/kprobes.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/kprobes.c b/kernel/kprobes.c index 102160ff5c66..ea619021d901 100644 --- a/kernel/kprobes.c +++ b/kernel/kprobes.c @@ -2428,7 +2428,7 @@ static int kprobe_blacklist_seq_show(struct seq_file *m, void *v) struct kprobe_blacklist_entry *ent = list_entry(v, struct kprobe_blacklist_entry, list); - seq_printf(m, "0x%p-0x%p\t%ps\n", (void *)ent->start_addr, + seq_printf(m, "0x%px-0x%px\t%ps\n", (void *)ent->start_addr, (void *)ent->end_addr, (void *)ent->start_addr); return 0; } -- 2.16.3

7 years, 2 months

1
0
0 0

[PATCH v2] mtd: rawnand: marvell: fix the chip-select DT parsing logic

by Miquel Raynal

The block responsible of parsing the DT for the number of chip-select lines uses an 'if/else if/else if' block. The content of the second and third 'else if' conditions are: 1/ the actual condition to enter the sub-block and 2/ the operation to do in this sub-block. [...] else if (condition1_to_enter && action1() == failed) raise_error(); else if (condition2_to_enter && action2() == failed) raise_error(); [...] In case of failure, the sub-block is entered and an error raised. Otherwise, in case of success, the code would continue erroneously in the next 'else if' statement because it did not failed (and did not enter the first 'else if' sub-block). The first 'else if' refers to legacy bindings while the second 'else if' refers to new bindings. The second 'else if', which is entered erroneously, checks for the 'reg' property, which, for old bindings, does not mean anything because it would not be the number of CS available, but the regular register map of almost any DT node. This being said, the content of the 'reg' property being the register map offset and length, it has '2' values, so the number of CS in this situation is assumed to be '2'. When running nand_scan_ident() with 2 CS, the core will check for an array of chips. It will first issue a RESET and then a READ_ID. Of course this will trigger two timeouts because there is no chip in front of the second CS: [ 1.367460] marvell-nfc f2720000.nand: Timeout on CMDD (NDSR: 0x00000080) [ 1.474292] marvell-nfc f2720000.nand: Timeout on CMDD (NDSR: 0x00000280) Indeed, this is harmless and the core will then assume there is only one valid CS. Fix the logic in the whole block by entering each sub-block just on the 'is legacy' condition, doing the action inside the sub-block. This way, when the action succeeds, the whole block is left. Furthermore, for both the old bindings and the new bindings the same logic was applied to retrieve the number of CS lines: using of_get_property() to get a size in bytes, converted in the actual number of lines by dividing it per sizeof(u32) (4 bytes). This is fine for the 'reg' property which is a list of the CS IDs but not for the 'num-cs' property which is directly the value of the number of CS. Anyway, no existing DT uses another value than 'num-cs = <1>' and no other value has ever been supported by the old driver (pxa3xx_nand.c). Remove this condition and apply a number of 1 CS anyway, as already described in the bindings. Finally, the 'reg' property of a 'nand' node (with the new bindings) gives the IDs of each CS line in use. marvell_nand.c driver first look at the number of CS lines that are present in this property. Better use of_property_count_elems_of_size() than dividing by 4 the size of the number of bytes returned by of_get_property(). Fixes: 02f26ecf8c772 ("mtd: nand: add reworked Marvell NAND controller driver") Cc: stable(a)vger.kernel.org Signed-off-by: Miquel Raynal <miquel.raynal(a)bootlin.com> --- Initially in three different patches, these changes touch the same section of code and are linked to each other, so they have been squashed for being queued in the fixes branch. drivers/mtd/nand/raw/marvell_nand.c | 25 ++++++++----------------- 1 file changed, 8 insertions(+), 17 deletions(-) diff --git a/drivers/mtd/nand/raw/marvell_nand.c b/drivers/mtd/nand/raw/marvell_nand.c index 10e953218948..1d779a35ac8e 100644 --- a/drivers/mtd/nand/raw/marvell_nand.c +++ b/drivers/mtd/nand/raw/marvell_nand.c @@ -2299,29 +2299,20 @@ static int marvell_nand_chip_init(struct device *dev, struct marvell_nfc *nfc, /* * The legacy "num-cs" property indicates the number of CS on the only * chip connected to the controller (legacy bindings does not support - * more than one chip). CS are only incremented one by one while the RB - * pin is always the #0. + * more than one chip). The CS and RB pins are always the #0. * * When not using legacy bindings, a couple of "reg" and "nand-rb" * properties must be filled. For each chip, expressed as a subnode, * "reg" points to the CS lines and "nand-rb" to the RB line. */ - if (pdata) { + if (pdata || nfc->caps->legacy_of_bindings) { nsels = 1; - } else if (nfc->caps->legacy_of_bindings && - !of_get_property(np, "num-cs", &nsels)) { - dev_err(dev, "missing num-cs property\n"); - return -EINVAL; - } else if (!of_get_property(np, "reg", &nsels)) { - dev_err(dev, "missing reg property\n"); - return -EINVAL; - } - - if (!pdata) - nsels /= sizeof(u32); - if (!nsels) { - dev_err(dev, "invalid reg property size\n"); - return -EINVAL; + } else { + nsels = of_property_count_elems_of_size(np, "reg", sizeof(u32)); + if (nsels <= 0) { + dev_err(dev, "missing/invalid reg property\n"); + return -EINVAL; + } } /* Alloc the nand chip structure */ -- 2.14.1

7 years, 2 months

3
2
0 0

[PATCH] gpioib: do not free unrequested descriptors

by Timur Tabi

If the main loop in linehandle_create() encounters an error, it unwinds completely by freeing all previously requested GPIO descriptors. However, if the error occurs in the beginning of the loop before that GPIO is requested, then the exit code attempts to free a null descriptor. If extrachecks is enabled, gpiod_free() triggers a WARN_ON. Instead, keep a separate count of legitimate GPIOs so that only those are freed. Cc: stable(a)vger.kernel.org Fixes: d7c51b47ac11 ("gpio: userspace ABI for reading/writing GPIO lines") Signed-off-by: Timur Tabi <timur(a)codeaurora.org> --- drivers/gpio/gpiolib.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/gpio/gpiolib.c b/drivers/gpio/gpiolib.c index 43aeb07343ec..d07771797707 100644 --- a/drivers/gpio/gpiolib.c +++ b/drivers/gpio/gpiolib.c @@ -497,7 +497,7 @@ static int linehandle_create(struct gpio_device *gdev, void __user *ip) struct gpiohandle_request handlereq; struct linehandle_state *lh; struct file *file; - int fd, i, ret; + int fd, i, count = 0, ret; u32 lflags; if (copy_from_user(&handlereq, ip, sizeof(handlereq))) @@ -558,6 +558,7 @@ static int linehandle_create(struct gpio_device *gdev, void __user *ip) if (ret) goto out_free_descs; lh->descs[i] = desc; + count = i; if (lflags & GPIOHANDLE_REQUEST_ACTIVE_LOW) set_bit(FLAG_ACTIVE_LOW, &desc->flags); @@ -628,7 +629,7 @@ static int linehandle_create(struct gpio_device *gdev, void __user *ip) out_put_unused_fd: put_unused_fd(fd); out_free_descs: - for (; i >= 0; i--) + for (i = 0; i < count; i++) gpiod_free(lh->descs[i]); kfree(lh->label); out_free_lh: -- Qualcomm Datacenter Technologies, Inc. as an affiliate of Qualcomm Technologies, Inc. Qualcomm Technologies, Inc. is a member of the Code Aurora Forum, a Linux Foundation Collaborative Project.

7 years, 2 months

3
4
0 0

[PATCH v3][for 4.17-rc3] cpufreq / CPPC: Set platform specific transition_delay_us

by Prashanth Prakash

Add support to specify platform specific transition_delay_us instead of using the transition delay derived from PCC. With commit "3d41386d556d: cpufreq: CPPC: Use transition_delay_us depending transition_latency" we are setting transition_delay_us directly and not applying the LATENCY_MULTIPLIER. With this on Qualcomm Centriq we can end up with a very high rate of frequency change requests when using schedutil governor (default rate_limit_us=10 compared to an earlier value of 10000). The PCC subspace describes the rate at which the platform can accept commands on the CPPC's PCC channel. This includes read and write command on the PCC channel that can be used for reasons other than frequency transitions. Moreover the same PCC subspace can be used by multiple freq domains and deriving transition_delay_us from it as we do now can be sub-optimal. Moreover if a platform does not use PCC for desired_perf register then there is no way to compute the transition latency or the delay_us. CPPC does not have a standard defined mechanism to get the transition rate or the latency at the moment. Given the above limitations, it is simpler to have a platform specific transition_delay_us and rely on PCC derived value only if a platform specific value is not available. Signed-off-by: Prashanth Prakash <pprakash(a)codeaurora.org> Cc: Viresh Kumar <viresh.kumar(a)linaro.org> Cc: Rafael J. Wysocki <rjw(a)rjwysocki.net> Cc: 4.14+ <stable(a)vger.kernel.org> Fixes: 3d41386d556d ("cpufreq: CPPC: Use transition_delay_us depending transition_latency) --- v2: * Return final delay_us from cppc_cpufreq_get_transition_delay_us (Viresh) v3: * Changed #if defined() to #ifdef (Viresh) --- drivers/cpufreq/cppc_cpufreq.c | 43 ++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 41 insertions(+), 2 deletions(-) diff --git a/drivers/cpufreq/cppc_cpufreq.c b/drivers/cpufreq/cppc_cpufreq.c index bc5fc16..1934637 100644 --- a/drivers/cpufreq/cppc_cpufreq.c +++ b/drivers/cpufreq/cppc_cpufreq.c @@ -126,6 +126,46 @@ static void cppc_cpufreq_stop_cpu(struct cpufreq_policy *policy) cpu->perf_caps.lowest_perf, cpu_num, ret); } +/* + * The PCC subspace describes the rate at which platform can accept commands + * on the shared PCC channel (including READs which do not count towards freq + * trasition requests), so ideally we need to use the PCC values as a fallback + * if we don't have a platform specific transition_delay_us + */ +#ifdef CONFIG_ARM64 +#include <asm/cputype.h> + +static unsigned int cppc_cpufreq_get_transition_delay_us(int cpu) +{ + unsigned long implementor = read_cpuid_implementor(); + unsigned long part_num = read_cpuid_part_number(); + unsigned int delay_us = 0; + + switch (implementor) { + case ARM_CPU_IMP_QCOM: + switch (part_num) { + case QCOM_CPU_PART_FALKOR_V1: + case QCOM_CPU_PART_FALKOR: + delay_us = 10000; + break; + } + break; + } + + if (!delay_us) + delay_us = cppc_get_transition_latency(cpu) / NSEC_PER_USEC; + + return delay_us; +} + +#else + +static unsigned int cppc_cpufreq_get_transition_delay_us(int cpu) +{ + return cppc_get_transition_latency(cpu) / NSEC_PER_USEC; +} +#endif + static int cppc_cpufreq_cpu_init(struct cpufreq_policy *policy) { struct cppc_cpudata *cpu; @@ -162,8 +202,7 @@ static int cppc_cpufreq_cpu_init(struct cpufreq_policy *policy) cpu->perf_caps.highest_perf; policy->cpuinfo.max_freq = cppc_dmi_max_khz; - policy->transition_delay_us = cppc_get_transition_latency(cpu_num) / - NSEC_PER_USEC; + policy->transition_delay_us = cppc_cpufreq_get_transition_delay_us(cpu_num); policy->shared_type = cpu->shared_type; if (policy->shared_type == CPUFREQ_SHARED_TYPE_ANY) { -- Qualcomm Datacenter Technologies on behalf of Qualcomm Technologies, Inc. Qualcomm Technologies, Inc. is a member of the Code Aurora Forum, a Linux Foundation Collaborative Project.

7 years, 2 months

1
0
0 0

Revert f5a26acf0162 ("pinctrl: intel: Initialize GPIO properly when used through irqchip") from stable trees

by Mika Westerberg

Hi, It seems that commit f5a26acf0162 ("pinctrl: intel: Initialize GPIO properly when used through irqchip") can cause problems on some Skylake systems with Sunrisepoint PCH-H. Namely on certain systems it may turn the backlight PWM pin from native mode to GPIO which makes the screen blank during boot. There is more information here: https://bugzilla.redhat.com/show_bug.cgi?id=1543769 The actual reason is that GPIO numbering used in BIOS is using "Windows" numbers meaning that they don't match the hardware 1:1 and because of this a wrong pin (backlight PWM) is picked and switched to GPIO mode. There is a proper fix for this but since it has quite many dependencies on commits that cannot be considered stable material, I suggest we revert commit f5a26acf0162 from stable trees 4.9, 4.14 and 4.15 to prevent the backlight issue. Thanks!

7 years, 2 months

2
3
0 0

[PATCH] ARM: dts: Fix NAS4220B pin config

by Linus Walleij

The DTS file for the NAS4220B had the pin config for the ethernet interface set to the pins in the SL3512 SoC while this system is using SL3516. Fix it by referencing the right SL3516 pins instead of the SL3512 pins. Cc: stable(a)vger.kernel.org Cc: Hans Ulli Kroll <ulli.kroll(a)googlemail.com> Reported-by: Andreas Fiedler <andreas.fiedler(a)gmx.net> Reported-by: Roman Yeryomin <roman(a)advem.lv> Signed-off-by: Linus Walleij <linus.walleij(a)linaro.org> --- Hi ARM SoC folks: if this gets a Tested-by or similar from someone with the NAS4220B please apply it directly to the ARM SoC tree for fixes. --- arch/arm/boot/dts/gemini-nas4220b.dts | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/arch/arm/boot/dts/gemini-nas4220b.dts b/arch/arm/boot/dts/gemini-nas4220b.dts index 8bbb6f85d161..4785fbcc41ed 100644 --- a/arch/arm/boot/dts/gemini-nas4220b.dts +++ b/arch/arm/boot/dts/gemini-nas4220b.dts @@ -134,37 +134,37 @@ function = "gmii"; groups = "gmii_gmac0_grp"; }; - /* Settings come from OpenWRT */ + /* Settings come from OpenWRT, pins on SL3516 */ conf0 { - pins = "R8 GMAC0 RXDV", "U11 GMAC1 RXDV"; + pins = "V8 GMAC0 RXDV", "T10 GMAC1 RXDV"; skew-delay = <0>; }; conf1 { - pins = "T8 GMAC0 RXC", "T11 GMAC1 RXC"; + pins = "Y7 GMAC0 RXC", "Y11 GMAC1 RXC"; skew-delay = <15>; }; conf2 { - pins = "P8 GMAC0 TXEN", "V11 GMAC1 TXEN"; + pins = "T8 GMAC0 TXEN", "W11 GMAC1 TXEN"; skew-delay = <7>; }; conf3 { - pins = "V7 GMAC0 TXC"; + pins = "U8 GMAC0 TXC"; skew-delay = <11>; }; conf4 { - pins = "P10 GMAC1 TXC"; + pins = "V11 GMAC1 TXC"; skew-delay = <10>; }; conf5 { /* The data lines all have default skew */ - pins = "U8 GMAC0 RXD0", "V8 GMAC0 RXD1", - "P9 GMAC0 RXD2", "R9 GMAC0 RXD3", - "U7 GMAC0 TXD0", "T7 GMAC0 TXD1", - "R7 GMAC0 TXD2", "P7 GMAC0 TXD3", - "R11 GMAC1 RXD0", "P11 GMAC1 RXD1", - "V12 GMAC1 RXD2", "U12 GMAC1 RXD3", - "R10 GMAC1 TXD0", "T10 GMAC1 TXD1", - "U10 GMAC1 TXD2", "V10 GMAC1 TXD3"; + pins = "W8 GMAC0 RXD0", "V9 GMAC0 RXD1", + "Y8 GMAC0 RXD2", "U9 GMAC0 RXD3", + "T7 GMAC0 TXD0", "U6 GMAC0 TXD1", + "V7 GMAC0 TXD2", "U7 GMAC0 TXD3", + "Y12 GMAC1 RXD0", "V12 GMAC1 RXD1", + "T11 GMAC1 RXD2", "W12 GMAC1 RXD3", + "U10 GMAC1 TXD0", "Y10 GMAC1 TXD1", + "W10 GMAC1 TXD2", "T9 GMAC1 TXD3"; skew-delay = <7>; }; /* Set up drive strength on GMAC0 to 16 mA */ -- 2.14.3

7 years, 2 months

3
3
0 0

v4.14.37 build: 0 failures 1 warnings (v4.14.37)

by Build bot for Mark Brown

Tree/Branch: v4.14.37 Git describe: v4.14.37 Commit: 753be7e83b Linux 4.14.37 Build Time: 98 min 6 sec Passed: 11 / 11 (100.00 %) Failed: 0 / 11 ( 0.00 %) Errors: 0 Warnings: 1 Section Mismatches: 0 ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): 1 warnings 0 mismatches : x86_64-allmodconfig ------------------------------------------------------------------------------- Warnings Summary: 1 1 drivers/target/iscsi/.tmp_iscsi_target.o: warning: objtool: iscsit_handle_task_mgt_cmd()+0x78f: sibling call from callable instruction with modified stack frame =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- x86_64-allmodconfig : PASS, 0 errors, 1 warnings, 0 section mismatches Warnings: drivers/target/iscsi/.tmp_iscsi_target.o: warning: objtool: iscsit_handle_task_mgt_cmd()+0x78f: sibling call from callable instruction with modified stack frame ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches: arm64-allnoconfig arm64-allmodconfig arm-multi_v5_defconfig arm-multi_v7_defconfig x86_64-defconfig arm-allmodconfig arm-allnoconfig x86_64-allnoconfig arm-multi_v4t_defconfig arm64-defconfig

7 years, 2 months

1
0
0 0

[PATCH] ALSA: dice: fix error path to destroy initialized stream data

by Takashi Sakamoto

In error path of snd_dice_stream_init_duplex(), stream data for incoming packet can be left to be initialized. This commit fixes it. Fixes: 436b5abe2224 ('ALSA: dice: handle whole available isochronous streams') Cc: <stable(a)vger.kernel.org> # v4.6+ Signed-off-by: Takashi Sakamoto <o-takashi(a)sakamocchi.jp> --- sound/firewire/dice/dice-stream.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sound/firewire/dice/dice-stream.c b/sound/firewire/dice/dice-stream.c index 8573289c381e..928a255bfc35 100644 --- a/sound/firewire/dice/dice-stream.c +++ b/sound/firewire/dice/dice-stream.c @@ -435,7 +435,7 @@ int snd_dice_stream_init_duplex(struct snd_dice *dice) err = init_stream(dice, AMDTP_IN_STREAM, i); if (err < 0) { for (; i >= 0; i--) - destroy_stream(dice, AMDTP_OUT_STREAM, i); + destroy_stream(dice, AMDTP_IN_STREAM, i); goto end; } } -- 2.14.1

7 years, 2 months

2
1
0 0

Linux 4.14.37

by Greg KH

I'm announcing the release of the 4.14.37 kernel. All users of the 4.14 kernel series must upgrade. The updated 4.14.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.14.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/device-mapper/thin-provisioning.txt | 8 Documentation/virtual/kvm/api.txt | 1 Makefile | 2 arch/arm64/include/asm/spinlock.h | 4 arch/mips/boot/compressed/Makefile | 6 arch/mips/generic/irq.c | 18 arch/mips/txx9/rbtx4939/setup.c | 4 arch/powerpc/include/asm/book3s/64/pgalloc.h | 10 arch/powerpc/include/uapi/asm/kvm.h | 2 arch/powerpc/kernel/traps.c | 2 arch/powerpc/kvm/book3s_64_mmu_hv.c | 8 arch/powerpc/kvm/book3s_hv.c | 8 arch/powerpc/kvm/powerpc.c | 2 arch/powerpc/mm/numa.c | 78 arch/powerpc/platforms/powernv/opal-imc.c | 6 arch/s390/include/asm/eadm.h | 2 arch/s390/kvm/kvm-s390.c | 4 arch/s390/kvm/vsie.c | 50 arch/sparc/include/asm/pgtable_64.h | 2 arch/sparc/mm/tlb.c | 23 arch/x86/hyperv/hv_init.c | 9 arch/x86/hyperv/mmu.c | 12 arch/x86/include/asm/i8259.h | 5 arch/x86/kernel/acpi/boot.c | 4 arch/x86/kernel/apic/x2apic_uv_x.c | 15 arch/x86/kernel/dumpstack.c | 2 arch/x86/kernel/tsc.c | 20 arch/x86/kvm/mmu.c | 2 arch/x86/kvm/vmx.c | 16 arch/x86/kvm/x86.c | 10 arch/x86/mm/init_64.c | 3 arch/x86/power/hibernate_32.c | 2 arch/x86/power/hibernate_64.c | 2 block/bio.c | 2 block/blk-core.c | 2 block/blk-merge.c | 29 block/blk-mq-debugfs.c | 6 block/blk-mq.c | 22 drivers/acpi/acpi_lpss.c | 2 drivers/acpi/bus.c | 6 drivers/acpi/ec.c | 6 drivers/acpi/processor_perflib.c | 2 drivers/acpi/scan.c | 20 drivers/base/power/domain.c | 76 drivers/base/power/wakeirq.c | 6 drivers/char/ipmi/ipmi_powernv.c | 5 drivers/clocksource/timer-imx-tpm.c | 2 drivers/cpufreq/intel_pstate.c | 5 drivers/crypto/Kconfig | 1 drivers/firewire/ohci.c | 8 drivers/firmware/dmi_scan.c | 22 drivers/gpu/drm/drm_dp_dual_mode_helper.c | 39 drivers/gpu/drm/i915/gvt/kvmgt.c | 2 drivers/gpu/drm/i915/i915_drv.h | 6 drivers/gpu/drm/i915/i915_gem_execbuffer.c | 2 drivers/gpu/drm/i915/intel_audio.c | 2 drivers/gpu/drm/i915/intel_cdclk.c | 22 drivers/gpu/drm/i915/intel_pm.c | 6 drivers/gpu/drm/nouveau/nvkm/subdev/pmu/fuc/gf100.fuc3.h | 746 +++---- drivers/gpu/drm/nouveau/nvkm/subdev/pmu/fuc/gk208.fuc5.h | 802 +++---- drivers/gpu/drm/nouveau/nvkm/subdev/pmu/fuc/gt215.fuc3.h | 1006 +++++----- drivers/gpu/drm/nouveau/nvkm/subdev/pmu/fuc/memx.fuc | 30 drivers/gpu/drm/vc4/vc4_bo.c | 2 drivers/gpu/drm/vc4/vc4_validate_shaders.c | 1 drivers/hid/hid-roccat-kovaplus.c | 2 drivers/infiniband/core/cma.c | 8 drivers/infiniband/core/cq.c | 30 drivers/infiniband/core/uverbs_ioctl.c | 19 drivers/infiniband/hw/hfi1/chip.c | 18 drivers/infiniband/hw/hfi1/file_ops.c | 4 drivers/infiniband/hw/hfi1/hfi.h | 1 drivers/infiniband/hw/hfi1/init.c | 4 drivers/infiniband/hw/i40iw/i40iw_puda.c | 3 drivers/infiniband/hw/i40iw/i40iw_puda.h | 1 drivers/infiniband/hw/i40iw/i40iw_verbs.c | 2 drivers/infiniband/hw/mlx5/qp.c | 8 drivers/infiniband/ulp/ipoib/ipoib_main.c | 3 drivers/input/mouse/psmouse-base.c | 34 drivers/input/mouse/synaptics.c | 10 drivers/input/touchscreen/stmfts.c | 11 drivers/iommu/exynos-iommu.c | 7 drivers/iommu/intel-iommu.c | 3 drivers/irqchip/irq-gic-v3-its-pci-msi.c | 2 drivers/irqchip/irq-gic-v3-its-platform-msi.c | 2 drivers/irqchip/irq-gic-v3-its.c | 2 drivers/irqchip/irq-gic-v3.c | 2 drivers/md/bcache/alloc.c | 4 drivers/md/bcache/bcache.h | 2 drivers/md/bcache/btree.c | 9 drivers/md/bcache/super.c | 23 drivers/md/bcache/sysfs.c | 11 drivers/md/bcache/writeback.c | 7 drivers/md/dm-mpath.c | 14 drivers/net/ethernet/freescale/gianfar.c | 9 drivers/net/ethernet/intel/fm10k/fm10k_netdev.c | 14 drivers/net/ethernet/intel/i40e/i40e_ethtool.c | 18 drivers/net/ethernet/intel/i40e/i40e_main.c | 3 drivers/net/ethernet/intel/i40evf/i40evf.h | 1 drivers/net/ethernet/intel/i40evf/i40evf_main.c | 9 drivers/net/ethernet/intel/i40evf/i40evf_virtchnl.c | 35 drivers/net/ethernet/intel/igb/igb_main.c | 42 drivers/net/ethernet/intel/igb/igb_ptp.c | 9 drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 8 drivers/net/ethernet/netronome/nfp/nfp_main.c | 1 drivers/net/ethernet/stmicro/stmmac/dwmac-meson8b.c | 6 drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 6 drivers/net/wireless/mac80211_hwsim.c | 11 drivers/net/xen-netfront.c | 46 drivers/ntb/ntb_transport.c | 3 drivers/pci/quirks.c | 2 drivers/platform/x86/dell-laptop.c | 24 drivers/platform/x86/thinkpad_acpi.c | 10 drivers/scsi/arm/fas216.c | 2 drivers/scsi/qla2xxx/qla_init.c | 4 drivers/scsi/scsi_devinfo.c | 7 drivers/spi/spi-armada-3700.c | 5 drivers/staging/fsl-mc/bus/irq-gic-v3-its-fsl-mc-msi.c | 2 drivers/tty/serial/8250/8250_exar.c | 34 drivers/tty/serial/8250/8250_port.c | 26 drivers/usb/musb/musb_core.c | 7 drivers/watchdog/sp5100_tco.h | 2 drivers/xen/grant-table.c | 4 fs/btrfs/ctree.c | 12 fs/btrfs/disk-io.c | 6 fs/btrfs/file.c | 9 fs/btrfs/inode.c | 37 fs/btrfs/raid56.c | 55 fs/btrfs/volumes.c | 9 fs/cifs/cifssmb.c | 4 fs/cifs/dir.c | 9 fs/dax.c | 2 fs/f2fs/gc.c | 7 fs/jffs2/fs.c | 1 fs/nfs/nfs4proc.c | 12 fs/nfs/nfs4state.c | 5 fs/nfs/nfs4sysctl.c | 2 fs/ocfs2/acl.c | 6 fs/ocfs2/journal.c | 23 fs/ocfs2/super.c | 5 fs/ocfs2/xattr.c | 2 fs/proc/base.c | 29 fs/proc/kcore.c | 4 fs/ubifs/tnc.c | 21 include/asm-generic/pgtable.h | 15 include/linux/cpumask.h | 2 include/linux/etherdevice.h | 2 include/linux/kcore.h | 1 include/linux/netfilter/x_tables.h | 3 include/linux/pci.h | 7 include/linux/property.h | 10 include/linux/suspend.h | 2 include/rdma/ib_verbs.h | 23 include/trace/events/timer.h | 20 kernel/bpf/sockmap.c | 19 kernel/events/callchain.c | 21 kernel/events/core.c | 4 kernel/locking/qspinlock.c | 8 kernel/power/power.h | 3 kernel/time/alarmtimer.c | 34 lib/test_bpf.c | 31 mm/fadvise.c | 10 mm/khugepaged.c | 12 mm/mempolicy.c | 33 mm/vmscan.c | 14 net/bridge/netfilter/ebtables.c | 10 net/ipv4/netfilter/arp_tables.c | 12 net/ipv4/netfilter/ip_tables.c | 10 net/ipv4/tcp_nv.c | 2 net/ipv6/netfilter/ip6_tables.c | 12 net/ipv6/netfilter/nf_conntrack_reasm.c | 16 net/netfilter/x_tables.c | 51 net/netfilter/xt_IDLETIMER.c | 1 net/netfilter/xt_LED.c | 1 net/netfilter/xt_limit.c | 3 net/netfilter/xt_nfacct.c | 1 net/netfilter/xt_statistic.c | 1 net/openvswitch/conntrack.c | 34 net/rds/ib.c | 3 net/rxrpc/conn_event.c | 1 net/rxrpc/rxkad.c | 92 net/sunrpc/xprtrdma/backchannel.c | 12 net/sunrpc/xprtrdma/svc_rdma_rw.c | 12 net/sunrpc/xprtrdma/verbs.c | 32 net/sunrpc/xprtrdma/xprt_rdma.h | 2 net/sunrpc/xprtsock.c | 4 samples/bpf/Makefile | 5 scripts/kconfig/expr.c | 2 scripts/kconfig/menu.c | 1 scripts/kconfig/zconf.y | 33 sound/pci/hda/Kconfig | 1 sound/pci/hda/patch_realtek.c | 5 sound/soc/au1x/ac97c.c | 6 sound/soc/rockchip/rk3399_gru_sound.c | 19 tools/lib/bpf/Makefile | 2 tools/lib/bpf/libbpf.c | 26 tools/lib/traceevent/event-parse.c | 17 tools/lib/traceevent/parse-filter.c | 10 tools/perf/arch/x86/util/header.c | 2 tools/perf/builtin-c2c.c | 5 tools/perf/builtin-record.c | 3 tools/perf/builtin-report.c | 5 tools/perf/builtin-script.c | 5 tools/perf/perf.h | 1 tools/perf/tests/dwarf-unwind.c | 1 tools/perf/tests/shell/trace+probe_libc_inet_pton.sh | 21 tools/perf/util/callchain.c | 10 tools/perf/util/callchain.h | 2 tools/perf/util/evsel.c | 21 tools/perf/util/unwind-libunwind-local.c | 9 tools/testing/selftests/bpf/test_maps.c | 16 tools/testing/selftests/ftrace/test.d/ftrace/func-filter-glob.tc | 6 tools/testing/selftests/ftrace/test.d/kprobe/multiple_kprobes.tc | 4 tools/testing/selftests/net/reuseport_bpf.c | 21 virt/kvm/kvm_main.c | 7 214 files changed, 2981 insertions(+), 1957 deletions(-) Aaron Sierra (1): tty: serial: exar: Relocate sleep wake-up handling Alan Brady (1): i40evf: ignore link up if not running Alex Estrin (2): IB/hfi1: Fix for potential refcount leak in hfi1_open_file() IB/ipoib: Fix for potential no-carrier state Alex Williamson (1): PCI: Add function 1 DMA alias quirk for Marvell 9128 Alexey Dobriyan (1): proc: fix /proc/*/map_files lookup Anand Jain (1): btrfs: fail mount when sb flag is not in BTRFS_SUPER_FLAG_SUPP Andi Shyti (1): Input: stmfts - set IRQ_NOAUTOEN to the irq flag Andreas Kemnade (1): usb: musb: fix enumeration after resume Andy Shevchenko (1): device property: Define type of PROPERTY_ENRTY_*() macros Andy Spencer (1): gianfar: prevent integer wrapping in the rx handler Aneesh Kumar K.V (1): powerpc/mm/hash64: Zero PGD pages on allocation Anna-Maria Gleixner (1): tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into account Anson Huang (1): clocksource/imx-tpm: Correct -ETIME return condition check Arnaldo Carvalho de Melo (2): perf unwind: Do not look just at the global callchain_param.record_mode perf callchain: Fix attr.sample_max_stack setting Arnd Bergmann (4): scsi: fas216: fix sense buffer initialization x86/power: Fix swsusp_arch_resume prototype x86/dumpstack: Avoid uninitlized variable cifs: silence compiler warnings showing up with gcc-8.0.0 Avinash Dayanand (1): i40evf: Don't schedule reset_task when device is being removed Benjamin Beichler (1): mac80211_hwsim: fix use-after-free bug in hwsim_exit_net Chen Yu (2): ACPI: processor_perflib: Do not send _PPC change notification if not ready cpufreq: intel_pstate: Enable HWP during system resume on CPU0 Christian Borntraeger (1): KVM: s390: use created_vcpus in more places Chuck Lever (2): xprtrdma: Fix backchannel allocation of extra rpcrdma_reps svcrdma: Fix Read chunk round-up Coly Li (1): bcache: properly set task state in bch_writeback_thread() Corentin LABBE (1): crypto: artpec6 - remove select on non-existing CRYPTO_SHA384 Corinna Vinschen (1): igb: Allow to remove administratively set MAC on VFs Dan Carpenter (2): ASoC: au1x: Fix timeout tests in au1xac97c_ac97_read() HID: roccat: prevent an out of bounds read in kovaplus_profile_activated() Daniel Borkmann (1): bpf: fix rlimit in reuseport net selftest Daniel Hua (1): igb: Clear TXSTMP when ptp_tx_work() is timeout Daniel J Blueman (1): drm/vc4: Fix memory leak during BO teardown David Herrmann (1): platform/x86: thinkpad_acpi: suppress warning about palm detection David Hildenbrand (1): KVM: s390: vsie: use READ_ONCE to access some SCB fields David Howells (1): rxrpc: Don't put crypto buffers on the stack David Sterba (1): btrfs: fix unaligned access in readdir Dmitry Torokhov (1): Input: psmouse - fix Synaptics detection when protocol is disabled Dmitry Vyukov (1): netfilter: x_tables: fix pointer leaks to userspace Don Hiatt (1): IB/core: Map iWarp AH type to undefined in rdma_ah_find_type Dou Liyang (1): x86/acpi: Prevent X2APIC id 0xffffffff from being accounted Ed Swierk (1): openvswitch: Remove padding from packet before L3+ conntrack processing Emil Tantilov (1): ixgbe: don't set RXDCTL.RLPML for 82599 Eryu Guan (1): blk-mq-debugfs: don't allow write on attributes with seq_operations set Florian Westphal (5): netfilter: x_tables: cap allocations at 512 mbyte netfilter: x_tables: add counters allocation wrapper netfilter: compat: prepare xt_compat_init_offsets to return errors netfilter: compat: reject huge allocation requests netfilter: x_tables: limit allocation requests for blob rule heads Gaurav K Singh (1): drm/i915/audio: Fix audio detection issue on GLK Geert Uytterhoeven (1): ubifs: Fix uninitialized variable in search_dh_cookie() Gerd Hoffmann (1): drm/i915/gvt: throw error on unhandled vfio ioctls Goldwyn Rodrigues (1): block: Set BIO_TRACE_COMPLETION on new bio during split Greg Kroah-Hartman (1): Linux 4.14.37 Guanglei Li (1): RDS: IB: Fix null pointer issue Guenter Roeck (1): watchdog: sp5100_tco: Fix watchdog disable bit Gustavo A. R. Silva (1): tcp_nv: fix potential integer overflow in tcpnv_acked Hans de Goede (4): ACPI / LPSS: Do not instiate platform_dev for devs without MMIO resources platform/x86: dell-laptop: Filter out spurious keyboard backlight change events ACPI / bus: Do not call _STA on battery devices with unmet dependencies ACPI / scan: Use acpi_bus_get_status() to initialize ACPI_TYPE_DEVICE devs Hector Martin (1): firewire-ohci: work around oversized DMA reads on JMicron controllers Imre Deak (2): drm/i915: Fix LSPCON TMDS output buffer enabling from low-power state drm/i915/bxt, glk: Increase PCODE timeouts during CDCLK freq changing Jacob Keller (2): i40e: program fragmented IPv4 filter input set i40e: fix reported mask for ntuple filters Jake Daryll Obina (1): jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path James Hogan (1): MIPS: Fix clean of vmlinuz.{32,ecoff,bin,srec} Jan Chochol (1): nfs: Do not convert nfs_idmap_cache_timeout to jiffies Jan H. Schönherr (1): fs/dax.c: release PMD lock even when there is no PMD support in DAX Jason Gunthorpe (1): RDMA/uverbs: Use an unambiguous errno for method not supported Jean Delvare (1): firmware: dmi_scan: Fix handling of empty DMI strings Jeffy Chen (1): ASoC: rockchip: Use dummy_dai for rt5514 dsp dailink Jens Axboe (1): blk-mq: fix discard merge with scheduler attached Jesper Dangaard Brouer (2): libbpf: Makefile set specified permission mode tools/libbpf: handle issues with bpf ELF objects containing .eh_frames Jia Zhang (1): vfs/proc/kcore, x86/mm/kcore: Fix SMAP fault when dumping vsyscall user page Jiri Olsa (4): perf record: Fix period option handling perf evsel: Fix period/freq terms setup perf: Fix sample_max_stack maximum check perf: Return proper values for user stack errors John Fastabend (1): bpf: sockmap, fix leaking maps with attached but not detached progs KarimAllah Ahmed (1): kvm: Map PFN-type memory regions as writable (if possible) Karol Herbst (1): drm/nouveau/pmu/fuc: don't use movw directly anymore Kirill A. Shutemov (1): asm-generic: provide generic_pmdp_establish() Leon Romanovsky (2): RDMA/mlx5: Avoid memory leak in case of XRCD dealloc failure RDMA/mlx5: Fix NULL dereference while accessing XRC_TGT QPs Liu Bo (4): Btrfs: set plug for fsync Btrfs: fix scrub to repair raid6 corruption Btrfs: fix unexpected EEXIST from btrfs_get_extent Btrfs: raid56: fix race between merge_bio and rbio_orig_end_io Logan Gunthorpe (1): ntb_transport: Fix bug with max_mw_size parameter Mark Salter (1): irqchip/gic-v3: Change pr_debug message to pr_devel Martin Blumenstingl (2): net: stmmac: dwmac-meson8b: fix setting the RGMII TX clock on Meson8b net: stmmac: dwmac-meson8b: propagate rate changes to the parent clock Masami Hiramatsu (1): selftest: ftrace: Fix to pick text symbols for kprobes Mathieu Malaterre (1): net: Extra '_get' in declaration of arch_get_platform_mac_address Matt Redfearn (2): MIPS: TXx9: use IS_BUILTIN() for CONFIG_LEDS_CLASS MIPS: Generic: Support GIC in EIC mode Max Gurtovoy (1): RDMA/core: Reduce poll batch for direct cq polling Maxime Chevallier (1): spi: a3700: Clear DATA_OUT when performing a read Mel Gorman (1): mm: pin address_space before dereferencing it while isolating an LRU page Merlijn Wajer (2): usb: musb: call pm_runtime_{get,put}_sync before reading vbus registers usb: musb: Fix external abort in musb_remove on omap2430 Michael Bringmann (2): powerpc/numa: Use ibm,max-associativity-domains to discover possible nodes powerpc/numa: Ensure nodes initialized for hotplug Michael J. Ruhl (1): IB/hfi1: Re-order IRQ cleanup to address driver cleanup race Michael Kelley (1): cpumask: Make for_each_cpu_wrap() available on UP as well Mickaël Salaün (1): samples/bpf: Partially fixes the bpf.o build Ming Lei (2): dm mpath: return DM_MAPIO_REQUEUE on blk-mq rq allocation failure blk-mq: turn WARN_ON in __blk_mq_run_hw_queue into printk Mustafa Ismail (1): i40iw: Free IEQ resources NeilBrown (1): NFSv4: always set NFS_LOCK_LOST when a lock is lost. Ngai-Mint Kwan (1): fm10k: fix "failed to kill vid" message for VF Nicholas Piggin (2): powerpc: System reset avoid interleaving oops using die synchronisation powerpc/powernv: IMC fix out of bounds memory access at shutdown Niklas Cassel (2): PCI: Add dummy pci_irqd_intx_xlate() for CONFIG_PCI=n build net: stmmac: discard disabled flags in interrupt status register Nikolay Borisov (1): btrfs: Fix out of bounds access in btrfs_search_slot Nitin Gupta (1): sparc64: update pmdp_invalidate() to return old pmd value Paolo Bonzini (1): kvm: x86: fix KVM_XEN_HVM_CONFIG ioctl Parav Pandit (2): RDMA/core: Clarify rdma_ah_find_type RDMA/cma: Check existence of netdevice during port validation Paul Mackerras (2): KVM: PPC: Book3S HV: Enable migration of decrementer register KVM: PPC: Book3S HV: Fix handling of secondary HPTEG in HPT resizing code Peter Hutterer (1): Input: synaptics - reset the ABS_X/Y fuzz after initializing MT axes Peter Xu (1): iommu/vt-d: Use domain instead of cache fetching Peter Zijlstra (1): x86/tsc: Allow TSC calibration without PIT Prashant Bhole (1): bpf: test_maps: cleanup sockmaps when test ends Rafael J. Wysocki (1): ACPI / EC: Restore polling during noirq suspend/resume phases Robin Murphy (1): iommu/exynos: Don't unconditionally steal bus ops Ross Lagerwall (2): xen-netfront: Fix race between device setup and open xen/grant-table: Use put_page instead of free_page Sagi Grimberg (1): IB/cq: Don't force IB_POLL_DIRECT poll context for ib_process_cq_direct Sean Christopherson (1): Revert "KVM: X86: Fix SMRAM accessing even if VM is shutdown" Sebastian Ott (1): s390/eadm: fix CONFIG_BLOCK include dependency Sheng Yong (1): f2fs: avoid hungtask when GC encrypted block if io_bits is set Shiraz Saleem (1): i40iw: Zero-out consumer key on allocate stag for FMR Stephen Boyd (1): irqchip/gic-v3: Ignore disabled ITS nodes Steve French (1): cifs: do not allow creating sockets except with SMB1 posix exensions Steven Rostedt (VMware) (3): tools lib traceevent: Simplify pointer print logic and fix %pF tools lib traceevent: Fix get_field_str() for dynamic strings selftests/ftrace: Add some missing glob checks Subash Abhinov Kasiviswanathan (2): netfilter: ipv6: nf_defrag: Pass on packets to stack per RFC2460 netfilter: ipv6: nf_defrag: Kill frag queue on RFC2460 failure Takashi Iwai (1): ALSA: hda - Use IS_REACHABLE() for dependency on input Tang Junhui (3): bcache: fix for allocator and register thread race bcache: fix for data collapse after re-attaching an attached device bcache: return attach error when no cache set exist Thomas Gleixner (1): alarmtimer: Init nanosleep alarm timer on stack Thomas Richter (2): perf record: Fix failed memory allocation for get_cpuid_str perf test: Fix test trace+probe_libc_inet_pton.sh for s390x Tony Lindgren (1): PM / wakeirq: Fix unbalanced IRQ enable for wakeirq Trond Myklebust (1): SUNRPC: Don't call __UDPX_INC_STATS() from a preemptible context Ulf Hansson (1): PM / domains: Fix up domain-idle-states OF parsing Ulf Magnusson (3): kconfig: Don't leak main menus during parsing kconfig: Fix automatic menu creation mem leak kconfig: Fix expr_free() E_NOT leak Vitaly Kuznetsov (3): x86/hyperv: Stop suppressing X86_FEATURE_PCID x86/hyperv: Check for required priviliges in hyperv_init() x86/kvm/vmx: do not use vm-exit instruction length for fast MMIO when running nested Wei Yongjun (2): ipmi/powernv: Fix error return code in ipmi_powernv_probe() nfp: fix error return code in nfp_pci_probe() Will Deacon (2): arm64: spinlock: Fix theoretical trylock() A-B-A with LSE atomics locking/qspinlock: Ensure node->count is updated before initialising node Xiaoming Gao (1): x86/tsc: Prevent 32bit truncation in calc_hpet_ref() Xidong Wang (1): drm/i915: Do no use kfree() to free a kmem_cache_alloc() return value Xose Vazquez Perez (1): scsi: devinfo: fix format of the device list Yang Shi (1): mm: thp: use down_read_trylock() in khugepaged to avoid long block Yisheng Xie (2): mm/mempolicy: fix the check of nodemask from user mm/mempolicy: add nodes_empty check in SYSC_migrate_pages Yonghong Song (1): bpf: fix selftests/bpf test_kmod.sh failure when CONFIG_BPF_JIT_ALWAYS_ON=y himanshu.madhani(a)cavium.com (1): scsi: qla2xxx: Fix warning in qla2x00_async_iocb_timeout() mike.travis(a)hpe.com (1): x86/platform/UV: Fix GAM Range Table entries less than 1GB mulhern (1): dm thin: fix documentation relative to low water mark threshold piaojun (3): ocfs2: return -EROFS to mount.ocfs2 if inode block is invalid ocfs2/acl: use 'ip_xattr_sem' to protect getting extended attribute ocfs2: return error when we attempt to access a dirty bh in jbd2 shidao.ytt (1): mm/fadvise: discard partial page if endbyte is also EOF weiyongjun (A) (1): mac80211_hwsim: fix possible memory leak in hwsim_new_radio_nl()

7 years, 2 months

1
1
0 0

Linux 4.16.5

by Greg KH

I'm announcing the release of the 4.16.5 kernel. All users of the 4.16 kernel series must upgrade. The updated 4.16.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.16.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 - arch/x86/kernel/acpi/boot.c | 4 ++ arch/x86/kernel/tsc.c | 2 - arch/x86/kvm/mmu.c | 2 - drivers/clocksource/timer-imx-tpm.c | 2 - drivers/gpu/drm/drm_dp_dual_mode_helper.c | 39 ++++++++++++++++++---- drivers/gpu/drm/i915/gvt/dmabuf.c | 1 drivers/gpu/drm/i915/gvt/kvmgt.c | 2 - drivers/gpu/drm/i915/i915_gem_execbuffer.c | 2 - drivers/gpu/drm/i915/intel_audio.c | 2 - drivers/gpu/drm/i915/intel_bios.c | 13 +++++-- drivers/gpu/drm/vc4/vc4_bo.c | 2 + drivers/gpu/drm/vc4/vc4_validate_shaders.c | 1 drivers/infiniband/hw/mlx5/qp.c | 3 + drivers/net/wireless/mac80211_hwsim.c | 7 ++- fs/btrfs/delayed-ref.c | 19 +++++++--- fs/btrfs/delayed-ref.h | 1 fs/btrfs/extent-tree.c | 16 ++++++--- fs/btrfs/inode.c | 20 ++++++----- fs/cifs/dir.c | 9 ++--- fs/cifs/smbdirect.c | 2 + fs/super.c | 9 ++--- include/linux/netfilter/x_tables.h | 3 + include/linux/shrinker.h | 7 ++- kernel/events/callchain.c | 21 ++++++----- kernel/events/core.c | 4 +- kernel/time/alarmtimer.c | 34 ++++++++++++++----- kernel/time/posix-cpu-timers.c | 4 +- mm/vmscan.c | 21 +++++++++++ net/bridge/netfilter/ebtables.c | 10 ++++- net/ipv4/netfilter/arp_tables.c | 12 ++++-- net/ipv4/netfilter/ip_tables.c | 10 +++-- net/ipv6/netfilter/ip6_tables.c | 12 ++++-- net/netfilter/x_tables.c | 51 +++++++++++++++++++++++------ 34 files changed, 254 insertions(+), 95 deletions(-) Anson Huang (1): clocksource/imx-tpm: Correct -ETIME return condition check Benjamin Beichler (1): mac80211_hwsim: fix use-after-free bug in hwsim_exit_net Daniel J Blueman (1): drm/vc4: Fix memory leak during BO teardown David Sterba (1): btrfs: fix unaligned access in readdir Dou Liyang (1): x86/acpi: Prevent X2APIC id 0xffffffff from being accounted Florian Westphal (5): netfilter: x_tables: cap allocations at 512 mbyte netfilter: x_tables: add counters allocation wrapper netfilter: compat: prepare xt_compat_init_offsets to return errors netfilter: compat: reject huge allocation requests netfilter: x_tables: limit allocation requests for blob rule heads Gaurav K Singh (1): drm/i915/audio: Fix audio detection issue on GLK Gerd Hoffmann (1): drm/i915/gvt: throw error on unhandled vfio ioctls Greg Kroah-Hartman (1): Linux 4.16.5 Imre Deak (1): drm/i915: Fix LSPCON TMDS output buffer enabling from low-power state Jani Nikula (1): drm/i915/bios: filter out invalid DDC pins from VBT child devices Jiri Olsa (2): perf: Fix sample_max_stack maximum check perf: Return proper values for user stack errors Laura Abbott (1): posix-cpu-timers: Ensure set_process_cpu_timer is always evaluated Leon Romanovsky (1): RDMA/mlx5: Fix NULL dereference while accessing XRC_TGT QPs Long Li (1): cifs: smbd: Check for iov length on sending the last iov Nikolay Borisov (1): btrfs: Fix race condition between delayed refs and blockgroup removal Sean Christopherson (1): Revert "KVM: X86: Fix SMRAM accessing even if VM is shutdown" Steve French (1): cifs: do not allow creating sockets except with SMB1 posix exensions Tetsuo Handa (1): mm,vmscan: Allow preallocating memory for register_shrinker(). Thomas Gleixner (1): alarmtimer: Init nanosleep alarm timer on stack Tina Zhang (1): drm/i915/gvt: Add drm_format_mod update Xiaoming Gao (1): x86/tsc: Prevent 32bit truncation in calc_hpet_ref() Xidong Wang (1): drm/i915: Do no use kfree() to free a kmem_cache_alloc() return value

7 years, 2 months

1
1
0 0

Re: [PATCH] drm: bridge: dw-hdmi: Fix overflow workaround for Amlogic Meson GX SoCs

by Neil Armstrong

Hi Greg, On 23/02/2018 12:44, Neil Armstrong wrote: > The Amlogic Meson GX SoCs, embedded the v2.01a controller, has been also > identified needing this workaround. > This patch adds the corresponding version to enable a single iteration for > this specific version. > > Fixes: be41fc55f1aa ("drm: bridge: dw-hdmi: Handle overflow workaround based on device version") > Signed-off-by: Neil Armstrong <narmstrong(a)baylibre.com> This patch is now present in linux master as commit 9c305eb442f3b371fc722ade827bbf673514123e Could it be selected for 4.14 ? The patch has been reworked to apply for 4.17 as indicated in the commit log, but the original patch will apply over 4.14. Thanks, Neil > --- > drivers/gpu/drm/bridge/synopsys/dw-hdmi.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/drivers/gpu/drm/bridge/synopsys/dw-hdmi.c b/drivers/gpu/drm/bridge/synopsys/dw-hdmi.c > index a38db40..f5018f9 100644 > --- a/drivers/gpu/drm/bridge/synopsys/dw-hdmi.c > +++ b/drivers/gpu/drm/bridge/synopsys/dw-hdmi.c > @@ -1637,6 +1637,8 @@ static void dw_hdmi_clear_overflow(struct dw_hdmi *hdmi) > * (and possibly on the platform). So far only i.MX6Q (v1.30a) and > * i.MX6DL (v1.31a) have been identified as needing the workaround, with > * 4 and 1 iterations respectively. > + * The Amlogic Meson GX SoCs (v2.01a) have been identifies as needing > + * the workaround with a single iteration. > */ > > switch (hdmi->version) { > @@ -1644,6 +1646,7 @@ static void dw_hdmi_clear_overflow(struct dw_hdmi *hdmi) > count = 4; > break; > case 0x131a: > + case 0x201a: > count = 1; > break; > default: >

7 years, 2 months

2
3
0 0

[PATCH 01/11] PM / Domains: Fix error path during attach in genpd

by Ulf Hansson

In case the PM domain fails to be powered on in genpd_dev_pm_attach(), it returns -EPROBE_DEFER, but keeping the device attached to its PM domain. This leads to problems when the next attempt to attach is re-tried. More precisely, in that situation an -EEXIST error code is returned, because the device already has its PM domain pointer assigned, from the first attempt. Now, because of the sloppy error handling by the existing callers of dev_pm_domain_attach(), probing is allowed to continue when -EEXIST is returned. However, in such case there are no guarantees that the PM domain is powered on by genpd, which may lead to hangs when buses/drivers tried to access their devices. Let's fix this behaviour, simply by detaching the device when powering on fails in genpd_dev_pm_attach(). Cc: <stable(a)vger.kernel.org> # v4.11+ Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> --- drivers/base/power/domain.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/base/power/domain.c b/drivers/base/power/domain.c index 1ea0e25..ef6cf3d5 100644 --- a/drivers/base/power/domain.c +++ b/drivers/base/power/domain.c @@ -2246,6 +2246,9 @@ int genpd_dev_pm_attach(struct device *dev) genpd_lock(pd); ret = genpd_power_on(pd, 0); genpd_unlock(pd); + + if (ret) + genpd_remove_device(pd, dev); out: return ret ? -EPROBE_DEFER : 0; } -- 2.7.4

7 years, 2 months

1
0
0 0

patch "ARM: amba: Fix race condition with driver_override" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ARM: amba: Fix race condition with driver_override to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 6a7228d90d42bcacfe38786756ba62762b91c20a Mon Sep 17 00:00:00 2001 From: Geert Uytterhoeven <geert+renesas(a)glider.be> Date: Tue, 10 Apr 2018 15:21:44 +0200 Subject: ARM: amba: Fix race condition with driver_override The driver_override implementation is susceptible to a race condition when different threads are reading vs storing a different driver override. Add locking to avoid this race condition. Cfr. commits 6265539776a0810b ("driver core: platform: fix race condition with driver_override") and 9561475db680f714 ("PCI: Fix race condition with driver_override"). Fixes: 3cf385713460eb2b ("ARM: 8256/1: driver coamba: add device binding path 'driver_override'") Signed-off-by: Geert Uytterhoeven <geert+renesas(a)glider.be> Reviewed-by: Todd Kjos <tkjos(a)google.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/amba/bus.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/drivers/amba/bus.c b/drivers/amba/bus.c index f8c01fbef64d..4a3ac31c07d0 100644 --- a/drivers/amba/bus.c +++ b/drivers/amba/bus.c @@ -69,8 +69,12 @@ static ssize_t driver_override_show(struct device *_dev, struct device_attribute *attr, char *buf) { struct amba_device *dev = to_amba_device(_dev); + ssize_t len; - return sprintf(buf, "%s\n", dev->driver_override); + device_lock(_dev); + len = sprintf(buf, "%s\n", dev->driver_override); + device_unlock(_dev); + return len; } static ssize_t driver_override_store(struct device *_dev, @@ -78,7 +82,7 @@ static ssize_t driver_override_store(struct device *_dev, const char *buf, size_t count) { struct amba_device *dev = to_amba_device(_dev); - char *driver_override, *old = dev->driver_override, *cp; + char *driver_override, *old, *cp; /* We need to keep extra room for a newline */ if (count >= (PAGE_SIZE - 1)) @@ -92,12 +96,15 @@ static ssize_t driver_override_store(struct device *_dev, if (cp) *cp = '\0'; + device_lock(_dev); + old = dev->driver_override; if (strlen(driver_override)) { dev->driver_override = driver_override; } else { kfree(driver_override); dev->driver_override = NULL; } + device_unlock(_dev); kfree(old); -- 2.17.0

7 years, 2 months

1
0
0 0

patch "Revert "ARM: amba: Fix race condition with driver_override"" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled Revert "ARM: amba: Fix race condition with driver_override" to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 2891d4feae7c2cf0a56d84bf38519aae6c5060b5 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Date: Thu, 26 Apr 2018 10:29:57 +0200 Subject: Revert "ARM: amba: Fix race condition with driver_override" This reverts commit 6b614a87f3f477571e319281e84dba11e0ea0a76. My backport was incorrect, as Geert pointed out :( Reported-by: Geert Uytterhoeven <geert(a)linux-m68k.org> Cc: Todd Kjos <tkjos(a)google.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/amba/bus.c | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/drivers/amba/bus.c b/drivers/amba/bus.c index 8e6ac3031662..fac8e36de11e 100644 --- a/drivers/amba/bus.c +++ b/drivers/amba/bus.c @@ -69,15 +69,11 @@ static ssize_t driver_override_show(struct device *_dev, struct device_attribute *attr, char *buf) { struct amba_device *dev = to_amba_device(_dev); - ssize_t len; if (!dev->driver_override) return 0; - device_lock(_dev); - len = sprintf(buf, "%s\n", dev->driver_override); - device_unlock(_dev); - return len; + return sprintf(buf, "%s\n", dev->driver_override); } static ssize_t driver_override_store(struct device *_dev, @@ -85,7 +81,7 @@ static ssize_t driver_override_store(struct device *_dev, const char *buf, size_t count) { struct amba_device *dev = to_amba_device(_dev); - char *driver_override, *old, *cp; + char *driver_override, *old = dev->driver_override, *cp; /* We need to keep extra room for a newline */ if (count >= (PAGE_SIZE - 1)) @@ -99,15 +95,12 @@ static ssize_t driver_override_store(struct device *_dev, if (cp) *cp = '\0'; - device_lock(_dev); - old = dev->driver_override; if (strlen(driver_override)) { dev->driver_override = driver_override; } else { kfree(driver_override); dev->driver_override = NULL; } - device_unlock(_dev); kfree(old); -- 2.17.0

7 years, 2 months

1
0
0 0

patch "ARM: amba: Make driver_override output consistent with other buses" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ARM: amba: Make driver_override output consistent with other buses to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 5f53624662eaac89598641cee6cd54fc192572d9 Mon Sep 17 00:00:00 2001 From: Geert Uytterhoeven <geert+renesas(a)glider.be> Date: Tue, 10 Apr 2018 15:21:43 +0200 Subject: ARM: amba: Make driver_override output consistent with other buses For AMBA devices with unconfigured driver override, the "driver_override" sysfs virtual file is empty, while it contains "(null)" for platform and PCI devices. Make AMBA consistent with other buses by dropping the test for a NULL pointer. Note that contrary to popular belief, sprintf() handles NULL pointers fine; they are printed as "(null)". Signed-off-by: Geert Uytterhoeven <geert+renesas(a)glider.be> Cc: stable <stable(a)vger.kernel.org> Reviewed-by: Todd Kjos <tkjos(a)google.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/amba/bus.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/drivers/amba/bus.c b/drivers/amba/bus.c index fac8e36de11e..f8c01fbef64d 100644 --- a/drivers/amba/bus.c +++ b/drivers/amba/bus.c @@ -70,9 +70,6 @@ static ssize_t driver_override_show(struct device *_dev, { struct amba_device *dev = to_amba_device(_dev); - if (!dev->driver_override) - return 0; - return sprintf(buf, "%s\n", dev->driver_override); } -- 2.17.0

7 years, 2 months

1
0
0 0

[PATCH 2/2] drm/vmwgfx: Fix a buffer object leak

by Thomas Hellstrom

A buffer object leak was introduced when fixing a premature buffer object release. Fix this. Cc: <stable(a)vger.kernel.org> Fixes: 73a88250b709 ("Fix a destoy-while-held mutex problem.") Signed-off-by: Thomas Hellstrom <thellstrom(a)vmware.com> Reviewed-by: Deepak Rawat <drawat(a)vmware.com> Reviewed-by: Sinclair Yeh <syeh(a)vmware.com> --- drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c index aacc9307ab0b..96fd7a03d2f8 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c @@ -2595,6 +2595,7 @@ void vmw_kms_helper_resource_finish(struct vmw_validation_ctx *ctx, vmw_kms_helper_buffer_finish(res->dev_priv, NULL, ctx->buf, out_fence, NULL); + vmw_dmabuf_unreference(&ctx->buf); vmw_resource_unreserve(res, false, NULL, 0); mutex_unlock(&res->dev_priv->cmdbuf_mutex); } -- 2.14.3

7 years, 2 months

1
0
0 0

[PATCH] net: rfkill: gpio: fix memory leak in probe error path

by Johan Hovold

Make sure to free the rfkill device in case registration fails during probe. Fixes: 5e7ca3937fbe ("net: rfkill: gpio: convert to resource managed allocation") Cc: stable <stable(a)vger.kernel.org> # 3.13 Cc: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- net/rfkill/rfkill-gpio.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/net/rfkill/rfkill-gpio.c b/net/rfkill/rfkill-gpio.c index 41bd496531d4..00192a996be0 100644 --- a/net/rfkill/rfkill-gpio.c +++ b/net/rfkill/rfkill-gpio.c @@ -137,13 +137,18 @@ static int rfkill_gpio_probe(struct platform_device *pdev) ret = rfkill_register(rfkill->rfkill_dev); if (ret < 0) - return ret; + goto err_destroy; platform_set_drvdata(pdev, rfkill); dev_info(&pdev->dev, "%s device registered.\n", rfkill->name); return 0; + +err_destroy: + rfkill_destroy(rfkill->rfkill_dev); + + return ret; } static int rfkill_gpio_remove(struct platform_device *pdev) -- 2.17.0

7 years, 2 months

2
1
0 0

[PATCH] kprobes: Fix random address output of blacklist file

by Thomas Richter

File /sys/kernel/debug/kprobes/blacklist displays random addresses: [root@s8360046 linux]# cat /sys/kernel/debug/kprobes/blacklist 0x0000000047149a90-0x00000000bfcb099a print_type_x8 .... This breaks 'perf probe' which uses the blacklist file to prohibit probes on certain functions by checking the address range. Fix this by printing the correct (unhashed) address. The file mode is read all but this is not an issue as the file hierarchy points out: # ls -ld /sys/ /sys/kernel/ /sys/kernel/debug/ /sys/kernel/debug/kprobes/ /sys/kernel/debug/kprobes/blacklist dr-xr-xr-x 12 root root 0 Apr 19 07:56 /sys/ drwxr-xr-x 8 root root 0 Apr 19 07:56 /sys/kernel/ drwx------ 16 root root 0 Apr 19 06:56 /sys/kernel/debug/ drwxr-xr-x 2 root root 0 Apr 19 06:56 /sys/kernel/debug/kprobes/ -r--r--r-- 1 root root 0 Apr 19 06:56 /sys/kernel/debug/kprobes/blacklist Everything in and below /sys/kernel/debug is rwx to root only, no group or others have access. Background: Directory /sys/kernel/debug/kprobes is created by debugfs_create_dir() which sets the mode bits to rwxr-xr-x. Maybe change that to use the parent's directory mode bits instead? Fixes: ad67b74d2469 ("printk: hash addresses printed with %p") Cc: <stable(a)vger.kernel.org> # v4.15+ Cc: <linux-kernel(a)vger.kernel.org> To: Ananth N Mavinakayanahalli <ananth(a)linux.vnet.ibm.com> To: Anil S Keshavamurthy <anil.s.keshavamurthy(a)intel.com> To: David S Miller <davem(a)davemloft.net> To: Masami Hiramatsu <mhiramat(a)kernel.org> To: Andrew Morton <akpm(a)linux-foundation.org> To: acme(a)kernel.org To: Steven Rostedt <rostedt(a)goodmis.org> Signed-off-by: Thomas Richter <tmricht(a)linux.ibm.com> --- kernel/kprobes.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/kprobes.c b/kernel/kprobes.c index 102160ff5c66..ea619021d901 100644 --- a/kernel/kprobes.c +++ b/kernel/kprobes.c @@ -2428,7 +2428,7 @@ static int kprobe_blacklist_seq_show(struct seq_file *m, void *v) struct kprobe_blacklist_entry *ent = list_entry(v, struct kprobe_blacklist_entry, list); - seq_printf(m, "0x%p-0x%p\t%ps\n", (void *)ent->start_addr, + seq_printf(m, "0x%px-0x%px\t%ps\n", (void *)ent->start_addr, (void *)ent->end_addr, (void *)ent->start_addr); return 0; } -- 2.14.3

7 years, 2 months

2
1
0 0

patch "ARM: amba: Fix race condition with driver_override" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ARM: amba: Fix race condition with driver_override to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 6b614a87f3f477571e319281e84dba11e0ea0a76 Mon Sep 17 00:00:00 2001 From: Geert Uytterhoeven <geert+renesas(a)glider.be> Date: Tue, 10 Apr 2018 15:21:44 +0200 Subject: ARM: amba: Fix race condition with driver_override The driver_override implementation is susceptible to a race condition when different threads are reading vs storing a different driver override. Add locking to avoid this race condition. Cfr. commits 6265539776a0810b ("driver core: platform: fix race condition with driver_override") and 9561475db680f714 ("PCI: Fix race condition with driver_override"). Fixes: 3cf385713460eb2b ("ARM: 8256/1: driver coamba: add device binding path 'driver_override'") Signed-off-by: Geert Uytterhoeven <geert+renesas(a)glider.be> Reviewed-by: Todd Kjos <tkjos(a)google.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/amba/bus.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/drivers/amba/bus.c b/drivers/amba/bus.c index 594c228d2f02..c77eb6e65646 100644 --- a/drivers/amba/bus.c +++ b/drivers/amba/bus.c @@ -69,11 +69,15 @@ static ssize_t driver_override_show(struct device *_dev, struct device_attribute *attr, char *buf) { struct amba_device *dev = to_amba_device(_dev); + ssize_t len; if (!dev->driver_override) return 0; - return sprintf(buf, "%s\n", dev->driver_override); + device_lock(_dev); + len = sprintf(buf, "%s\n", dev->driver_override); + device_unlock(_dev); + return len; } static ssize_t driver_override_store(struct device *_dev, @@ -81,7 +85,7 @@ static ssize_t driver_override_store(struct device *_dev, const char *buf, size_t count) { struct amba_device *dev = to_amba_device(_dev); - char *driver_override, *old = dev->driver_override, *cp; + char *driver_override, *old, *cp; if (count > PATH_MAX) return -EINVAL; @@ -94,12 +98,15 @@ static ssize_t driver_override_store(struct device *_dev, if (cp) *cp = '\0'; + device_lock(_dev); + old = dev->driver_override; if (strlen(driver_override)) { dev->driver_override = driver_override; } else { kfree(driver_override); dev->driver_override = NULL; } + device_unlock(_dev); kfree(old); -- 2.17.0

7 years, 2 months

2
1
0 0

patch "usb: do not reset if a low-speed or full-speed device timed out" added to usb-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: do not reset if a low-speed or full-speed device timed out to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. >From 6e01827ed93947895680fbdad68c072a0f4e2450 Mon Sep 17 00:00:00 2001 From: Maxim Moseychuk <franchesko.salias.hudro.pedros(a)gmail.com> Date: Thu, 4 Jan 2018 21:43:03 +0300 Subject: usb: do not reset if a low-speed or full-speed device timed out Some low-speed and full-speed devices (for example, bluetooth) do not have time to initialize. For them, ETIMEDOUT is a valid error. We need to give them another try. Otherwise, they will never be initialized correctly and in dmesg will be messages "Bluetooth: hci0 command 0x1002 tx timeout" or similars. Fixes: 264904ccc33c ("usb: retry reset if a device times out") Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Maxim Moseychuk <franchesko.salias.hudro.pedros(a)gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/core/hub.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c index 92378594a86e..a86591772352 100644 --- a/drivers/usb/core/hub.c +++ b/drivers/usb/core/hub.c @@ -4555,7 +4555,9 @@ hub_port_init(struct usb_hub *hub, struct usb_device *udev, int port1, * reset. But only on the first attempt, * lest we get into a time out/reset loop */ - if (r == 0 || (r == -ETIMEDOUT && retries == 0)) + if (r == 0 || (r == -ETIMEDOUT && + retries == 0 && + udev->speed > USB_SPEED_FULL)) break; } udev->descriptor.bMaxPacketSize0 = -- 2.17.0

7 years, 2 months

1
0
0 0

[PATCH 4.14 000/183] 4.14.37-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.14.37 release. There are 183 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri Apr 27 10:32:04 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.37-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.14.37-rc1 Benjamin Beichler <benjamin.beichler(a)uni-rostock.de> mac80211_hwsim: fix use-after-free bug in hwsim_exit_net Sean Christopherson <sean.j.christopherson(a)intel.com> Revert "KVM: X86: Fix SMRAM accessing even if VM is shutdown" Leon Romanovsky <leonro(a)mellanox.com> RDMA/mlx5: Fix NULL dereference while accessing XRC_TGT QPs Jiri Olsa <jolsa(a)kernel.org> perf: Return proper values for user stack errors Jiri Olsa <jolsa(a)kernel.org> perf: Fix sample_max_stack maximum check Florian Westphal <fw(a)strlen.de> netfilter: x_tables: limit allocation requests for blob rule heads Florian Westphal <fw(a)strlen.de> netfilter: compat: reject huge allocation requests Florian Westphal <fw(a)strlen.de> netfilter: compat: prepare xt_compat_init_offsets to return errors Florian Westphal <fw(a)strlen.de> netfilter: x_tables: add counters allocation wrapper Florian Westphal <fw(a)strlen.de> netfilter: x_tables: cap allocations at 512 mbyte Thomas Gleixner <tglx(a)linutronix.de> alarmtimer: Init nanosleep alarm timer on stack Max Gurtovoy <maxg(a)mellanox.com> RDMA/core: Reduce poll batch for direct cq polling Mark Salter <msalter(a)redhat.com> irqchip/gic-v3: Change pr_debug message to pr_devel Michael Kelley <mhkelley(a)outlook.com> cpumask: Make for_each_cpu_wrap() available on UP as well Stephen Boyd <sboyd(a)codeaurora.org> irqchip/gic-v3: Ignore disabled ITS nodes Thomas Richter <tmricht(a)linux.vnet.ibm.com> perf test: Fix test trace+probe_libc_inet_pton.sh for s390x Nicholas Piggin <npiggin(a)gmail.com> powerpc/powernv: IMC fix out of bounds memory access at shutdown Will Deacon <will.deacon(a)arm.com> locking/qspinlock: Ensure node->count is updated before initialising node mike.travis(a)hpe.com <mike.travis(a)hpe.com> x86/platform/UV: Fix GAM Range Table entries less than 1GB Aneesh Kumar K.V <aneesh.kumar(a)linux.vnet.ibm.com> powerpc/mm/hash64: Zero PGD pages on allocation Jia Zhang <zhang.jia(a)linux.alibaba.com> vfs/proc/kcore, x86/mm/kcore: Fix SMAP fault when dumping vsyscall user page Tony Lindgren <tony(a)atomide.com> PM / wakeirq: Fix unbalanced IRQ enable for wakeirq Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> ACPI / EC: Restore polling during noirq suspend/resume phases Daniel Borkmann <daniel(a)iogearbox.net> bpf: fix rlimit in reuseport net selftest Niklas Cassel <niklas.cassel(a)axis.com> net: stmmac: discard disabled flags in interrupt status register Trond Myklebust <trond.myklebust(a)primarydata.com> SUNRPC: Don't call __UDPX_INC_STATS() from a preemptible context Paul Mackerras <paulus(a)ozlabs.org> KVM: PPC: Book3S HV: Fix handling of secondary HPTEG in HPT resizing code Jesper Dangaard Brouer <brouer(a)redhat.com> tools/libbpf: handle issues with bpf ELF objects containing .eh_frames Mathieu Malaterre <malat(a)debian.org> net: Extra '_get' in declaration of arch_get_platform_mac_address Chuck Lever <chuck.lever(a)oracle.com> svcrdma: Fix Read chunk round-up David Howells <dhowells(a)redhat.com> rxrpc: Don't put crypto buffers on the stack Steven Rostedt (VMware) <rostedt(a)goodmis.org> selftests/ftrace: Add some missing glob checks Chen Yu <yu.c.chen(a)intel.com> cpufreq: intel_pstate: Enable HWP during system resume on CPU0 Tang Junhui <tang.junhui(a)zte.com.cn> bcache: return attach error when no cache set exist Tang Junhui <tang.junhui(a)zte.com.cn> bcache: fix for data collapse after re-attaching an attached device Tang Junhui <tang.junhui(a)zte.com.cn> bcache: fix for allocator and register thread race Coly Li <colyli(a)suse.de> bcache: properly set task state in bch_writeback_thread() Arnd Bergmann <arnd(a)arndb.de> cifs: silence compiler warnings showing up with gcc-8.0.0 Ulf Hansson <ulf.hansson(a)linaro.org> PM / domains: Fix up domain-idle-states OF parsing Alexey Dobriyan <adobriyan(a)gmail.com> proc: fix /proc/*/map_files lookup Will Deacon <will.deacon(a)arm.com> arm64: spinlock: Fix theoretical trylock() A-B-A with LSE atomics Guanglei Li <guanglei.li(a)oracle.com> RDS: IB: Fix null pointer issue John Fastabend <john.fastabend(a)gmail.com> bpf: sockmap, fix leaking maps with attached but not detached progs Ross Lagerwall <ross.lagerwall(a)citrix.com> xen/grant-table: Use put_page instead of free_page Ross Lagerwall <ross.lagerwall(a)citrix.com> xen-netfront: Fix race between device setup and open Jiri Olsa <jolsa(a)kernel.org> perf evsel: Fix period/freq terms setup Matt Redfearn <matt.redfearn(a)mips.com> MIPS: Generic: Support GIC in EIC mode Jiri Olsa <jolsa(a)kernel.org> perf record: Fix period option handling Matt Redfearn <matt.redfearn(a)mips.com> MIPS: TXx9: use IS_BUILTIN() for CONFIG_LEDS_CLASS James Hogan <jhogan(a)kernel.org> MIPS: generic: Fix machine compatible matching Yonghong Song <yhs(a)fb.com> bpf: fix selftests/bpf test_kmod.sh failure when CONFIG_BPF_JIT_ALWAYS_ON=y Hans de Goede <hdegoede(a)redhat.com> ACPI / scan: Use acpi_bus_get_status() to initialize ACPI_TYPE_DEVICE devs Hans de Goede <hdegoede(a)redhat.com> ACPI / bus: Do not call _STA on battery devices with unmet dependencies Chen Yu <yu.c.chen(a)intel.com> ACPI: processor_perflib: Do not send _PPC change notification if not ready Jean Delvare <jdelvare(a)suse.de> firmware: dmi_scan: Fix handling of empty DMI strings Arnd Bergmann <arnd(a)arndb.de> x86/dumpstack: Avoid uninitlized variable Arnd Bergmann <arnd(a)arndb.de> x86/power: Fix swsusp_arch_resume prototype Subash Abhinov Kasiviswanathan <subashab(a)codeaurora.org> netfilter: ipv6: nf_defrag: Kill frag queue on RFC2460 failure Sebastian Ott <sebott(a)linux.vnet.ibm.com> s390/eadm: fix CONFIG_BLOCK include dependency Karol Herbst <kherbst(a)redhat.com> drm/nouveau/pmu/fuc: don't use movw directly anymore Don Hiatt <don.hiatt(a)intel.com> IB/core: Map iWarp AH type to undefined in rdma_ah_find_type Alex Estrin <alex.estrin(a)intel.com> IB/ipoib: Fix for potential no-carrier state Alex Estrin <alex.estrin(a)intel.com> IB/hfi1: Fix for potential refcount leak in hfi1_open_file() Michael J. Ruhl <michael.j.ruhl(a)intel.com> IB/hfi1: Re-order IRQ cleanup to address driver cleanup race Jens Axboe <axboe(a)kernel.dk> blk-mq: fix discard merge with scheduler attached Ed Swierk <eswierk(a)skyportsystems.com> openvswitch: Remove padding from packet before L3+ conntrack processing shidao.ytt <shidao.ytt(a)alibaba-inc.com> mm/fadvise: discard partial page if endbyte is also EOF Mel Gorman <mgorman(a)techsingularity.net> mm: pin address_space before dereferencing it while isolating an LRU page Yang Shi <yang.s(a)alibaba-inc.com> mm: thp: use down_read_trylock() in khugepaged to avoid long block Nitin Gupta <nitin.m.gupta(a)oracle.com> sparc64: update pmdp_invalidate() to return old pmd value Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> asm-generic: provide generic_pmdp_establish() Yisheng Xie <xieyisheng1(a)huawei.com> mm/mempolicy: add nodes_empty check in SYSC_migrate_pages Yisheng Xie <xieyisheng1(a)huawei.com> mm/mempolicy: fix the check of nodemask from user piaojun <piaojun(a)huawei.com> ocfs2: return error when we attempt to access a dirty bh in jbd2 piaojun <piaojun(a)huawei.com> ocfs2/acl: use 'ip_xattr_sem' to protect getting extended attribute piaojun <piaojun(a)huawei.com> ocfs2: return -EROFS to mount.ocfs2 if inode block is invalid Jan H. Schönherr <jschoenh(a)amazon.de> fs/dax.c: release PMD lock even when there is no PMD support in DAX Vitaly Kuznetsov <vkuznets(a)redhat.com> x86/kvm/vmx: do not use vm-exit instruction length for fast MMIO when running nested KarimAllah Ahmed <karahmed(a)amazon.de> kvm: Map PFN-type memory regions as writable (if possible) Gustavo A. R. Silva <gustavo(a)embeddedor.com> tcp_nv: fix potential integer overflow in tcpnv_acked Dmitry Vyukov <dvyukov(a)google.com> netfilter: x_tables: fix pointer leaks to userspace Vitaly Kuznetsov <vkuznets(a)redhat.com> x86/hyperv: Check for required priviliges in hyperv_init() Andy Spencer <aspencer(a)spacex.com> gianfar: prevent integer wrapping in the rx handler Logan Gunthorpe <logang(a)deltatee.com> ntb_transport: Fix bug with max_mw_size parameter Leon Romanovsky <leonro(a)mellanox.com> RDMA/mlx5: Avoid memory leak in case of XRCD dealloc failure Michael Bringmann <mwb(a)linux.vnet.ibm.com> powerpc/numa: Ensure nodes initialized for hotplug Michael Bringmann <mwb(a)linux.vnet.ibm.com> powerpc/numa: Use ibm,max-associativity-domains to discover possible nodes Mickaël Salaün <mic(a)digikod.net> samples/bpf: Partially fixes the bpf.o build Jacob Keller <jacob.e.keller(a)intel.com> i40e: fix reported mask for ntuple filters Jacob Keller <jacob.e.keller(a)intel.com> i40e: program fragmented IPv4 filter input set Emil Tantilov <emil.s.tantilov(a)intel.com> ixgbe: don't set RXDCTL.RLPML for 82599 Jake Daryll Obina <jake.obina(a)gmail.com> jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path Jason Gunthorpe <jgg(a)mellanox.com> RDMA/uverbs: Use an unambiguous errno for method not supported Corentin LABBE <clabbe.montjoie(a)gmail.com> crypto: artpec6 - remove select on non-existing CRYPTO_SHA384 Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> device property: Define type of PROPERTY_ENRTY_*() macros Aaron Sierra <asierra(a)xes-inc.com> tty: serial: exar: Relocate sleep wake-up handling Vitaly Kuznetsov <vkuznets(a)redhat.com> x86/hyperv: Stop suppressing X86_FEATURE_PCID Ngai-Mint Kwan <ngai-mint.kwan(a)intel.com> fm10k: fix "failed to kill vid" message for VF Daniel Hua <daniel.hua(a)ni.com> igb: Clear TXSTMP when ptp_tx_work() is timeout Corinna Vinschen <vinschen(a)redhat.com> igb: Allow to remove administratively set MAC on VFs Jeffy Chen <jeffy.chen(a)rock-chips.com> ASoC: rockchip: Use dummy_dai for rt5514 dsp dailink Eryu Guan <eguan(a)redhat.com> blk-mq-debugfs: don't allow write on attributes with seq_operations set David Hildenbrand <david(a)redhat.com> KVM: s390: vsie: use READ_ONCE to access some SCB fields David Herrmann <dh.herrmann(a)gmail.com> platform/x86: thinkpad_acpi: suppress warning about palm detection Alan Brady <alan.brady(a)intel.com> i40evf: ignore link up if not running Avinash Dayanand <avinash.dayanand(a)intel.com> i40evf: Don't schedule reset_task when device is being removed Prashant Bhole <bhole_prashant_q7(a)lab.ntt.co.jp> bpf: test_maps: cleanup sockmaps when test ends Goldwyn Rodrigues <rgoldwyn(a)suse.com> block: Set BIO_TRACE_COMPLETION on new bio during split Wei Yongjun <weiyongjun1(a)huawei.com> nfp: fix error return code in nfp_pci_probe() Dan Carpenter <dan.carpenter(a)oracle.com> HID: roccat: prevent an out of bounds read in kovaplus_profile_activated() Andi Shyti <andi.shyti(a)samsung.com> Input: stmfts - set IRQ_NOAUTOEN to the irq flag Arnd Bergmann <arnd(a)arndb.de> scsi: fas216: fix sense buffer initialization Xose Vazquez Perez <xose.vazquez(a)gmail.com> scsi: devinfo: fix format of the device list Sheng Yong <shengyong1(a)huawei.com> f2fs: avoid hungtask when GC encrypted block if io_bits is set Parav Pandit <parav(a)mellanox.com> RDMA/cma: Check existence of netdevice during port validation Liu Bo <bo.li.liu(a)oracle.com> Btrfs: raid56: fix race between merge_bio and rbio_orig_end_io Liu Bo <bo.li.liu(a)oracle.com> Btrfs: fix unexpected EEXIST from btrfs_get_extent Anand Jain <Anand.Jain(a)oracle.com> btrfs: fail mount when sb flag is not in BTRFS_SUPER_FLAG_SUPP Liu Bo <bo.li.liu(a)oracle.com> Btrfs: fix scrub to repair raid6 corruption Nikolay Borisov <nborisov(a)suse.com> btrfs: Fix out of bounds access in btrfs_search_slot Liu Bo <bo.li.liu(a)oracle.com> Btrfs: set plug for fsync Wei Yongjun <weiyongjun1(a)huawei.com> ipmi/powernv: Fix error return code in ipmi_powernv_probe() weiyongjun (A) <weiyongjun1(a)huawei.com> mac80211_hwsim: fix possible memory leak in hwsim_new_radio_nl() Ulf Magnusson <ulfalizer(a)gmail.com> kconfig: Fix expr_free() E_NOT leak Ulf Magnusson <ulfalizer(a)gmail.com> kconfig: Fix automatic menu creation mem leak Ulf Magnusson <ulfalizer(a)gmail.com> kconfig: Don't leak main menus during parsing Guenter Roeck <linux(a)roeck-us.net> watchdog: sp5100_tco: Fix watchdog disable bit Niklas Cassel <niklas.cassel(a)axis.com> PCI: Add dummy pci_irqd_intx_xlate() for CONFIG_PCI=n build James Hogan <jhogan(a)kernel.org> MIPS: Fix clean of vmlinuz.{32,ecoff,bin,srec} Jan Chochol <jan(a)chochol.info> nfs: Do not convert nfs_idmap_cache_timeout to jiffies Sagi Grimberg <sagi(a)grimberg.me> IB/cq: Don't force IB_POLL_DIRECT poll context for ib_process_cq_direct Maxime Chevallier <maxime.chevallier(a)smile.fr> spi: a3700: Clear DATA_OUT when performing a read Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> net: stmmac: dwmac-meson8b: propagate rate changes to the parent clock Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> net: stmmac: dwmac-meson8b: fix setting the RGMII TX clock on Meson8b Geert Uytterhoeven <geert(a)linux-m68k.org> ubifs: Fix uninitialized variable in search_dh_cookie() Ming Lei <ming.lei(a)redhat.com> blk-mq: turn WARN_ON in __blk_mq_run_hw_queue into printk Ming Lei <ming.lei(a)redhat.com> dm mpath: return DM_MAPIO_REQUEUE on blk-mq rq allocation failure mulhern <amulhern(a)redhat.com> dm thin: fix documentation relative to low water mark threshold Peter Xu <peterx(a)redhat.com> iommu/vt-d: Use domain instead of cache fetching Nicholas Piggin <npiggin(a)gmail.com> powerpc: System reset avoid interleaving oops using die synchronisation Robin Murphy <robin.murphy(a)arm.com> iommu/exynos: Don't unconditionally steal bus ops Thomas Richter <tmricht(a)linux.vnet.ibm.com> perf record: Fix failed memory allocation for get_cpuid_str Steven Rostedt (VMware) <rostedt(a)goodmis.org> tools lib traceevent: Fix get_field_str() for dynamic strings Arnaldo Carvalho de Melo <acme(a)redhat.com> perf callchain: Fix attr.sample_max_stack setting Steven Rostedt (VMware) <rostedt(a)goodmis.org> tools lib traceevent: Simplify pointer print logic and fix %pF Arnaldo Carvalho de Melo <acme(a)redhat.com> perf unwind: Do not look just at the global callchain_param.record_mode himanshu.madhani(a)cavium.com <himanshu.madhani(a)cavium.com> scsi: qla2xxx: Fix warning in qla2x00_async_iocb_timeout() Shiraz Saleem <shiraz.saleem(a)intel.com> i40iw: Zero-out consumer key on allocate stag for FMR Mustafa Ismail <mustafa.ismail(a)intel.com> i40iw: Free IEQ resources Peter Hutterer <peter.hutterer(a)who-t.net> Input: synaptics - reset the ABS_X/Y fuzz after initializing MT axes Jesper Dangaard Brouer <brouer(a)redhat.com> libbpf: Makefile set specified permission mode Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: psmouse - fix Synaptics detection when protocol is disabled Alex Williamson <alex.williamson(a)redhat.com> PCI: Add function 1 DMA alias quirk for Marvell 9128 Masami Hiramatsu <mhiramat(a)kernel.org> selftest: ftrace: Fix to pick text symbols for kprobes Chuck Lever <chuck.lever(a)oracle.com> xprtrdma: Fix backchannel allocation of extra rpcrdma_reps Hans de Goede <hdegoede(a)redhat.com> platform/x86: dell-laptop: Filter out spurious keyboard backlight change events Christian Borntraeger <borntraeger(a)de.ibm.com> KVM: s390: use created_vcpus in more places Anna-Maria Gleixner <anna-maria(a)linutronix.de> tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into account Subash Abhinov Kasiviswanathan <subashab(a)codeaurora.org> netfilter: ipv6: nf_defrag: Pass on packets to stack per RFC2460 Paul Mackerras <paulus(a)ozlabs.org> KVM: PPC: Book3S HV: Enable migration of decrementer register Parav Pandit <parav(a)mellanox.com> RDMA/core: Clarify rdma_ah_find_type Paolo Bonzini <pbonzini(a)redhat.com> kvm: x86: fix KVM_XEN_HVM_CONFIG ioctl Dan Carpenter <dan.carpenter(a)oracle.com> ASoC: au1x: Fix timeout tests in au1xac97c_ac97_read() Takashi Iwai <tiwai(a)suse.de> ALSA: hda - Use IS_REACHABLE() for dependency on input Hans de Goede <hdegoede(a)redhat.com> ACPI / LPSS: Do not instiate platform_dev for devs without MMIO resources NeilBrown <neilb(a)suse.com> NFSv4: always set NFS_LOCK_LOST when a lock is lost. Peter Zijlstra <peterz(a)infradead.org> x86/tsc: Allow TSC calibration without PIT Hector Martin <marcan(a)marcan.st> firewire-ohci: work around oversized DMA reads on JMicron controllers Michael Neuling <mikey(a)neuling.org> powerpc/eeh: Fix race with driver un/bind Merlijn Wajer <merlijn(a)wizzup.org> usb: musb: Fix external abort in musb_remove on omap2430 Merlijn Wajer <merlijn(a)wizzup.org> usb: musb: call pm_runtime_{get,put}_sync before reading vbus registers Andreas Kemnade <andreas(a)kemnade.info> usb: musb: fix enumeration after resume Imre Deak <imre.deak(a)intel.com> drm/i915/bxt, glk: Increase PCODE timeouts during CDCLK freq changing Imre Deak <imre.deak(a)intel.com> drm/i915: Fix LSPCON TMDS output buffer enabling from low-power state Xidong Wang <wangxidong_97(a)163.com> drm/i915: Do no use kfree() to free a kmem_cache_alloc() return value Gaurav K Singh <gaurav.k.singh(a)intel.com> drm/i915/audio: Fix audio detection issue on GLK Gerd Hoffmann <kraxel(a)redhat.com> drm/i915/gvt: throw error on unhandled vfio ioctls Daniel J Blueman <daniel(a)quora.org> drm/vc4: Fix memory leak during BO teardown Xiaoming Gao <gxm.linux.kernel(a)gmail.com> x86/tsc: Prevent 32bit truncation in calc_hpet_ref() Anson Huang <Anson.Huang(a)nxp.com> clocksource/imx-tpm: Correct -ETIME return condition check Dou Liyang <douly.fnst(a)cn.fujitsu.com> x86/acpi: Prevent X2APIC id 0xffffffff from being accounted David Sterba <dsterba(a)suse.com> btrfs: fix unaligned access in readdir Steve French <smfrench(a)gmail.com> cifs: do not allow creating sockets except with SMB1 posix exensions ------------- Diffstat: Documentation/device-mapper/thin-provisioning.txt | 8 +- Documentation/virtual/kvm/api.txt | 1 + Makefile | 4 +- arch/arm64/include/asm/spinlock.h | 4 +- arch/mips/boot/compressed/Makefile | 6 +- arch/mips/generic/irq.c | 18 +- arch/mips/include/asm/machine.h | 2 +- arch/mips/txx9/rbtx4939/setup.c | 4 +- arch/powerpc/include/asm/book3s/64/pgalloc.h | 10 +- arch/powerpc/include/uapi/asm/kvm.h | 2 + arch/powerpc/kernel/eeh_driver.c | 65 +- arch/powerpc/kernel/traps.c | 2 +- arch/powerpc/kvm/book3s_64_mmu_hv.c | 8 +- arch/powerpc/kvm/book3s_hv.c | 8 + arch/powerpc/kvm/powerpc.c | 2 +- arch/powerpc/mm/numa.c | 78 +- arch/powerpc/platforms/powernv/opal-imc.c | 6 +- arch/s390/include/asm/eadm.h | 2 +- arch/s390/kvm/kvm-s390.c | 4 +- arch/s390/kvm/vsie.c | 50 +- arch/sparc/include/asm/pgtable_64.h | 2 +- arch/sparc/mm/tlb.c | 23 +- arch/x86/hyperv/hv_init.c | 9 +- arch/x86/hyperv/mmu.c | 12 +- arch/x86/include/asm/i8259.h | 5 + arch/x86/kernel/acpi/boot.c | 4 + arch/x86/kernel/apic/x2apic_uv_x.c | 15 +- arch/x86/kernel/dumpstack.c | 2 +- arch/x86/kernel/tsc.c | 20 +- arch/x86/kvm/mmu.c | 2 +- arch/x86/kvm/vmx.c | 16 +- arch/x86/kvm/x86.c | 10 +- arch/x86/mm/init_64.c | 3 +- arch/x86/power/hibernate_32.c | 2 +- arch/x86/power/hibernate_64.c | 2 +- block/bio.c | 2 +- block/blk-core.c | 2 + block/blk-merge.c | 29 +- block/blk-mq-debugfs.c | 6 +- block/blk-mq.c | 22 +- drivers/acpi/acpi_lpss.c | 2 + drivers/acpi/bus.c | 6 + drivers/acpi/ec.c | 6 + drivers/acpi/processor_perflib.c | 2 +- drivers/acpi/scan.c | 20 +- drivers/base/power/domain.c | 76 +- drivers/base/power/wakeirq.c | 6 +- drivers/char/ipmi/ipmi_powernv.c | 5 +- drivers/clocksource/timer-imx-tpm.c | 2 +- drivers/cpufreq/intel_pstate.c | 5 + drivers/crypto/Kconfig | 1 - drivers/firewire/ohci.c | 8 +- drivers/firmware/dmi_scan.c | 22 +- drivers/gpu/drm/drm_dp_dual_mode_helper.c | 39 +- drivers/gpu/drm/i915/gvt/kvmgt.c | 2 +- drivers/gpu/drm/i915/i915_drv.h | 6 +- drivers/gpu/drm/i915/i915_gem_execbuffer.c | 2 +- drivers/gpu/drm/i915/intel_audio.c | 2 +- drivers/gpu/drm/i915/intel_cdclk.c | 22 +- drivers/gpu/drm/i915/intel_pm.c | 6 +- .../drm/nouveau/nvkm/subdev/pmu/fuc/gf100.fuc3.h | 746 +++++++-------- .../drm/nouveau/nvkm/subdev/pmu/fuc/gk208.fuc5.h | 802 ++++++++-------- .../drm/nouveau/nvkm/subdev/pmu/fuc/gt215.fuc3.h | 1006 ++++++++++---------- .../gpu/drm/nouveau/nvkm/subdev/pmu/fuc/memx.fuc | 30 +- drivers/gpu/drm/vc4/vc4_bo.c | 2 + drivers/gpu/drm/vc4/vc4_validate_shaders.c | 1 + drivers/hid/hid-roccat-kovaplus.c | 2 + drivers/infiniband/core/cma.c | 8 +- drivers/infiniband/core/cq.c | 30 +- drivers/infiniband/core/uverbs_ioctl.c | 19 +- drivers/infiniband/hw/hfi1/chip.c | 18 +- drivers/infiniband/hw/hfi1/file_ops.c | 4 +- drivers/infiniband/hw/hfi1/hfi.h | 1 + drivers/infiniband/hw/hfi1/init.c | 4 +- drivers/infiniband/hw/i40iw/i40iw_puda.c | 3 +- drivers/infiniband/hw/i40iw/i40iw_puda.h | 1 + drivers/infiniband/hw/i40iw/i40iw_verbs.c | 2 + drivers/infiniband/hw/mlx5/qp.c | 8 +- drivers/infiniband/ulp/ipoib/ipoib_main.c | 3 + drivers/input/mouse/psmouse-base.c | 34 +- drivers/input/mouse/synaptics.c | 10 + drivers/input/touchscreen/stmfts.c | 11 +- drivers/iommu/exynos-iommu.c | 7 + drivers/iommu/intel-iommu.c | 3 +- drivers/irqchip/irq-gic-v3-its-pci-msi.c | 2 + drivers/irqchip/irq-gic-v3-its-platform-msi.c | 2 + drivers/irqchip/irq-gic-v3-its.c | 2 + drivers/irqchip/irq-gic-v3.c | 2 +- drivers/md/bcache/alloc.c | 4 +- drivers/md/bcache/bcache.h | 2 +- drivers/md/bcache/btree.c | 9 +- drivers/md/bcache/super.c | 23 +- drivers/md/bcache/sysfs.c | 11 +- drivers/md/bcache/writeback.c | 7 +- drivers/md/dm-mpath.c | 14 +- drivers/net/ethernet/freescale/gianfar.c | 9 +- drivers/net/ethernet/intel/fm10k/fm10k_netdev.c | 14 +- drivers/net/ethernet/intel/i40e/i40e_ethtool.c | 18 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 3 + drivers/net/ethernet/intel/i40evf/i40evf.h | 1 + drivers/net/ethernet/intel/i40evf/i40evf_main.c | 9 +- .../net/ethernet/intel/i40evf/i40evf_virtchnl.c | 35 +- drivers/net/ethernet/intel/igb/igb_main.c | 42 +- drivers/net/ethernet/intel/igb/igb_ptp.c | 9 + drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 8 +- drivers/net/ethernet/netronome/nfp/nfp_main.c | 1 + .../net/ethernet/stmicro/stmmac/dwmac-meson8b.c | 6 +- drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 6 +- drivers/net/wireless/mac80211_hwsim.c | 11 +- drivers/net/xen-netfront.c | 46 +- drivers/ntb/ntb_transport.c | 3 + drivers/pci/quirks.c | 2 + drivers/platform/x86/dell-laptop.c | 24 +- drivers/platform/x86/thinkpad_acpi.c | 10 + drivers/scsi/arm/fas216.c | 2 +- drivers/scsi/qla2xxx/qla_init.c | 4 + drivers/scsi/scsi_devinfo.c | 7 +- drivers/spi/spi-armada-3700.c | 5 + .../staging/fsl-mc/bus/irq-gic-v3-its-fsl-mc-msi.c | 2 + drivers/tty/serial/8250/8250_exar.c | 34 +- drivers/tty/serial/8250/8250_port.c | 26 - drivers/usb/musb/musb_core.c | 7 +- drivers/watchdog/sp5100_tco.h | 2 +- drivers/xen/grant-table.c | 4 +- fs/btrfs/ctree.c | 12 +- fs/btrfs/disk-io.c | 6 +- fs/btrfs/file.c | 9 + fs/btrfs/inode.c | 37 +- fs/btrfs/raid56.c | 55 +- fs/btrfs/volumes.c | 9 +- fs/cifs/cifssmb.c | 4 +- fs/cifs/dir.c | 9 +- fs/dax.c | 2 +- fs/f2fs/gc.c | 7 +- fs/jffs2/fs.c | 1 - fs/nfs/nfs4proc.c | 12 +- fs/nfs/nfs4state.c | 5 +- fs/nfs/nfs4sysctl.c | 2 +- fs/ocfs2/acl.c | 6 + fs/ocfs2/journal.c | 23 +- fs/ocfs2/super.c | 5 +- fs/ocfs2/xattr.c | 2 + fs/proc/base.c | 29 +- fs/proc/kcore.c | 4 + fs/ubifs/tnc.c | 21 +- include/asm-generic/pgtable.h | 15 + include/linux/cpumask.h | 2 + include/linux/etherdevice.h | 2 +- include/linux/kcore.h | 1 + include/linux/netfilter/x_tables.h | 3 +- include/linux/pci.h | 7 + include/linux/property.h | 10 +- include/linux/suspend.h | 2 + include/rdma/ib_verbs.h | 23 +- include/trace/events/timer.h | 20 +- kernel/bpf/sockmap.c | 19 +- kernel/events/callchain.c | 21 +- kernel/events/core.c | 4 +- kernel/locking/qspinlock.c | 8 + kernel/power/power.h | 3 - kernel/time/alarmtimer.c | 34 +- lib/test_bpf.c | 31 +- mm/fadvise.c | 10 +- mm/khugepaged.c | 12 +- mm/mempolicy.c | 33 +- mm/vmscan.c | 14 +- net/bridge/netfilter/ebtables.c | 10 +- net/ipv4/netfilter/arp_tables.c | 12 +- net/ipv4/netfilter/ip_tables.c | 10 +- net/ipv4/tcp_nv.c | 2 +- net/ipv6/netfilter/ip6_tables.c | 12 +- net/ipv6/netfilter/nf_conntrack_reasm.c | 16 +- net/netfilter/x_tables.c | 51 +- net/netfilter/xt_IDLETIMER.c | 1 + net/netfilter/xt_LED.c | 1 + net/netfilter/xt_limit.c | 3 +- net/netfilter/xt_nfacct.c | 1 + net/netfilter/xt_statistic.c | 1 + net/openvswitch/conntrack.c | 34 + net/rds/ib.c | 3 +- net/rxrpc/conn_event.c | 1 + net/rxrpc/rxkad.c | 92 +- net/sunrpc/xprtrdma/backchannel.c | 12 +- net/sunrpc/xprtrdma/svc_rdma_rw.c | 12 +- net/sunrpc/xprtrdma/verbs.c | 32 +- net/sunrpc/xprtrdma/xprt_rdma.h | 2 +- net/sunrpc/xprtsock.c | 4 +- samples/bpf/Makefile | 5 +- scripts/kconfig/expr.c | 2 +- scripts/kconfig/menu.c | 1 + scripts/kconfig/zconf.y | 33 +- sound/pci/hda/Kconfig | 1 - sound/pci/hda/patch_realtek.c | 5 + sound/soc/au1x/ac97c.c | 6 +- sound/soc/rockchip/rk3399_gru_sound.c | 19 +- tools/lib/bpf/Makefile | 2 +- tools/lib/bpf/libbpf.c | 26 + tools/lib/traceevent/event-parse.c | 17 +- tools/lib/traceevent/parse-filter.c | 10 +- tools/perf/arch/x86/util/header.c | 2 +- tools/perf/builtin-c2c.c | 5 +- tools/perf/builtin-record.c | 3 +- tools/perf/builtin-report.c | 5 +- tools/perf/builtin-script.c | 5 +- tools/perf/perf.h | 1 + tools/perf/tests/dwarf-unwind.c | 1 + .../perf/tests/shell/trace+probe_libc_inet_pton.sh | 21 +- tools/perf/util/callchain.c | 10 + tools/perf/util/callchain.h | 2 + tools/perf/util/evsel.c | 21 +- tools/perf/util/unwind-libunwind-local.c | 9 +- tools/testing/selftests/bpf/test_maps.c | 16 +- .../ftrace/test.d/ftrace/func-filter-glob.tc | 6 + .../ftrace/test.d/kprobe/multiple_kprobes.tc | 4 +- tools/testing/selftests/net/reuseport_bpf.c | 21 +- virt/kvm/kvm_main.c | 7 +- 216 files changed, 3025 insertions(+), 1982 deletions(-)

7 years, 2 months

5
174
0 0

[PATCH 4.16 00/26] 4.16.5-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.16.5 release. There are 26 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri Apr 27 10:33:04 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.16.5-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.16.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.16.5-rc1 Sean Christopherson <sean.j.christopherson(a)intel.com> Revert "KVM: X86: Fix SMRAM accessing even if VM is shutdown" Leon Romanovsky <leonro(a)mellanox.com> RDMA/mlx5: Fix NULL dereference while accessing XRC_TGT QPs Jiri Olsa <jolsa(a)kernel.org> perf: Return proper values for user stack errors Jiri Olsa <jolsa(a)kernel.org> perf: Fix sample_max_stack maximum check Florian Westphal <fw(a)strlen.de> netfilter: x_tables: limit allocation requests for blob rule heads Florian Westphal <fw(a)strlen.de> netfilter: compat: reject huge allocation requests Florian Westphal <fw(a)strlen.de> netfilter: compat: prepare xt_compat_init_offsets to return errors Florian Westphal <fw(a)strlen.de> netfilter: x_tables: add counters allocation wrapper Florian Westphal <fw(a)strlen.de> netfilter: x_tables: cap allocations at 512 mbyte Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> mm,vmscan: Allow preallocating memory for register_shrinker(). Thomas Gleixner <tglx(a)linutronix.de> alarmtimer: Init nanosleep alarm timer on stack Imre Deak <imre.deak(a)intel.com> drm/i915: Fix LSPCON TMDS output buffer enabling from low-power state Xidong Wang <wangxidong_97(a)163.com> drm/i915: Do no use kfree() to free a kmem_cache_alloc() return value Gaurav K Singh <gaurav.k.singh(a)intel.com> drm/i915/audio: Fix audio detection issue on GLK Jani Nikula <jani.nikula(a)intel.com> drm/i915/bios: filter out invalid DDC pins from VBT child devices Tina Zhang <tina.zhang(a)intel.com> drm/i915/gvt: Add drm_format_mod update Gerd Hoffmann <kraxel(a)redhat.com> drm/i915/gvt: throw error on unhandled vfio ioctls Daniel J Blueman <daniel(a)quora.org> drm/vc4: Fix memory leak during BO teardown Xiaoming Gao <gxm.linux.kernel(a)gmail.com> x86/tsc: Prevent 32bit truncation in calc_hpet_ref() Laura Abbott <labbott(a)redhat.com> posix-cpu-timers: Ensure set_process_cpu_timer is always evaluated Anson Huang <Anson.Huang(a)nxp.com> clocksource/imx-tpm: Correct -ETIME return condition check Dou Liyang <douly.fnst(a)cn.fujitsu.com> x86/acpi: Prevent X2APIC id 0xffffffff from being accounted Nikolay Borisov <nborisov(a)suse.com> btrfs: Fix race condition between delayed refs and blockgroup removal David Sterba <dsterba(a)suse.com> btrfs: fix unaligned access in readdir Steve French <smfrench(a)gmail.com> cifs: do not allow creating sockets except with SMB1 posix exensions Long Li <longli(a)microsoft.com> cifs: smbd: Check for iov length on sending the last iov ------------- Diffstat: Makefile | 4 +-- arch/x86/kernel/acpi/boot.c | 4 +++ arch/x86/kernel/tsc.c | 2 +- arch/x86/kvm/mmu.c | 2 +- drivers/clocksource/timer-imx-tpm.c | 2 +- drivers/gpu/drm/drm_dp_dual_mode_helper.c | 39 +++++++++++++++++++---- drivers/gpu/drm/i915/gvt/dmabuf.c | 1 + drivers/gpu/drm/i915/gvt/kvmgt.c | 2 +- drivers/gpu/drm/i915/i915_gem_execbuffer.c | 2 +- drivers/gpu/drm/i915/intel_audio.c | 2 +- drivers/gpu/drm/i915/intel_bios.c | 13 +++++--- drivers/gpu/drm/vc4/vc4_bo.c | 2 ++ drivers/gpu/drm/vc4/vc4_validate_shaders.c | 1 + drivers/infiniband/hw/mlx5/qp.c | 3 +- fs/btrfs/delayed-ref.c | 19 ++++++++--- fs/btrfs/delayed-ref.h | 1 + fs/btrfs/extent-tree.c | 16 +++++++--- fs/btrfs/inode.c | 20 +++++++----- fs/cifs/dir.c | 9 +++--- fs/cifs/smbdirect.c | 2 ++ fs/super.c | 9 +++--- include/linux/netfilter/x_tables.h | 3 +- include/linux/shrinker.h | 7 ++-- kernel/events/callchain.c | 21 ++++++------ kernel/events/core.c | 4 +-- kernel/time/alarmtimer.c | 34 +++++++++++++++----- kernel/time/posix-cpu-timers.c | 4 ++- mm/vmscan.c | 21 +++++++++++- net/bridge/netfilter/ebtables.c | 10 ++++-- net/ipv4/netfilter/arp_tables.c | 12 ++++--- net/ipv4/netfilter/ip_tables.c | 10 ++++-- net/ipv6/netfilter/ip6_tables.c | 12 ++++--- net/netfilter/x_tables.c | 51 ++++++++++++++++++++++++------ 33 files changed, 250 insertions(+), 94 deletions(-)

7 years, 2 months

4
29
0 0

[PATCH] x86/spectre_v2: Don't check microcode versions when running under hypervisors

by Yi Sun

From: Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> commit 36268223c1e9981d6cfc33aff8520b3bde4b8114 upstream. As: 1) It's known that hypervisors lie about the environment anyhow (host mismatch) 2) Even if the hypervisor (Xen, KVM, VMWare, etc) provided a valid "correct" value, it all gets to be very murky when migration happens (do you provide the "new" microcode of the machine?). And in reality the cloud vendors are the ones that should make sure that the microcode that is running is correct and we should just sing lalalala and trust them. Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Reviewed-by: Paolo Bonzini <pbonzini(a)redhat.com> Cc: Wanpeng Li <kernellwp(a)gmail.com> Cc: kvm <kvm(a)vger.kernel.org> Cc: Krčmář <rkrcmar(a)redhat.com> Cc: Borislav Petkov <bp(a)alien8.de> CC: "H. Peter Anvin" <hpa(a)zytor.com> CC: stable(a)vger.kernel.org Link: https://lkml.kernel.org/r/20180226213019.GE9497@char.us.oracle.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> [Yi Sun: cherry pick to 4.4] Signed-off-by: Yi Sun <yi.y.sun(a)linux.intel.com> --- arch/x86/kernel/cpu/intel.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c index af28610..221c030 100644 --- a/arch/x86/kernel/cpu/intel.c +++ b/arch/x86/kernel/cpu/intel.c @@ -71,6 +71,13 @@ static bool bad_spectre_microcode(struct cpuinfo_x86 *c) { int i; + /* + * We know that the hypervisor lie to us on the microcode version so + * we may as well hope that it is running the correct version. + */ + if (cpu_has(c, X86_FEATURE_HYPERVISOR)) + return false; + for (i = 0; i < ARRAY_SIZE(spectre_bad_microcodes); i++) { if (c->x86_model == spectre_bad_microcodes[i].model && c->x86_mask == spectre_bad_microcodes[i].stepping) -- 1.9.1

7 years, 2 months

1
1
0 0

[PATCH v2] input/touchscreen: atmel_mxt_ts: Add correct touchpad button mapping for the Caroline Chromebook.

by Vittorio Gambaletta (VittGam)

This patch adds the correct platform data information for the Caroline Chromebook, so that the mouse button does not get stuck in pressed state after the first click. The Samus button keymap and platform data definition are the correct ones for Caroline, so they have been reused here. v2: updated patch offset after 20180409 changes. Cc: stable(a)vger.kernel.org Signed-off-by: Vittorio Gambaletta <linuxbugs(a)vittgam.net> Signed-off-by: Salvatore Bellizzi <lkml(a)seppia.net> --- --- a/drivers/input/touchscreen/atmel_mxt_ts.c +++ b/drivers/input/touchscreen/atmel_mxt_ts.c @@ -3035,6 +3035,15 @@ .driver_data = samus_platform_data, }, { + /* Samsung Chromebook Pro */ + .ident = "Samsung Chromebook Pro", + .matches = { + DMI_MATCH(DMI_SYS_VENDOR, "GOOGLE"), + DMI_MATCH(DMI_PRODUCT_NAME, "Caroline"), + }, + .driver_data = samus_platform_data, + }, + { /* Other Google Chromebooks */ .ident = "Chromebook", .matches = {

7 years, 2 months

2
3
0 0

Re: Linux messages full of `random: get_random_u32 called from`

by Theodore Y. Ts'o

> Hi, > > I've just booted Linux 4.16.4 and I am getting approximately 1900 > `random: get_random_u32 called from` messages at boot time. I can apply > the patch to rate limit them, but thought you may be interested in the > system I am running on, since I saw your message to Paul Menzel on lkml > (I'm not subscribed to lkml so can't simply reply to your message). Thanks for the report. It's become clear to me that we need to have the rate limiting patch backported to stable series ASAP. I'll be pushing the patch to mainline shortly. - Ted

7 years, 2 months

1
0
0 0

patch "ARM: amba: Don't read past the end of sysfs "driver_override" buffer" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ARM: amba: Don't read past the end of sysfs "driver_override" buffer to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From d2ffed5185df9d8d9ccd150e4340e3b6f96a8381 Mon Sep 17 00:00:00 2001 From: Geert Uytterhoeven <geert+renesas(a)glider.be> Date: Tue, 10 Apr 2018 15:21:45 +0200 Subject: ARM: amba: Don't read past the end of sysfs "driver_override" buffer When printing the driver_override parameter when it is 4095 and 4094 bytes long, the printing code would access invalid memory because we need count + 1 bytes for printing. Cfr. commits 4efe874aace57dba ("PCI: Don't read past the end of sysfs "driver_override" buffer") and bf563b01c2895a4b ("driver core: platform: Don't read past the end of "driver_override" buffer"). Fixes: 3cf385713460eb2b ("ARM: 8256/1: driver coamba: add device binding path 'driver_override'") Signed-off-by: Geert Uytterhoeven <geert+renesas(a)glider.be> Reviewed-by: Todd Kjos <tkjos(a)google.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/amba/bus.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/amba/bus.c b/drivers/amba/bus.c index c77eb6e65646..8e6ac3031662 100644 --- a/drivers/amba/bus.c +++ b/drivers/amba/bus.c @@ -87,7 +87,8 @@ static ssize_t driver_override_store(struct device *_dev, struct amba_device *dev = to_amba_device(_dev); char *driver_override, *old, *cp; - if (count > PATH_MAX) + /* We need to keep extra room for a newline */ + if (count >= (PAGE_SIZE - 1)) return -EINVAL; driver_override = kstrndup(buf, count, GFP_KERNEL); -- 2.17.0

7 years, 2 months

1
0
0 0

[PATCH 00/24] Backport Speculation Control support for 4.4

by Youquan Song

Detail please refer to the email threads and discussion listed: [STABLE 4.9.y PATCH 0/9] Backport of KVM Speculation Control support https://lkml.org/lkml/2018/2/6/546 https://lkml.org/lkml/2018/2/6/739 https://lkml.org/lkml/2018/1/29/855 This patchset is backporting for v4.4 and against latest v4.4.128

7 years, 2 months

3
33
0 0

commit 7dac4a1726a9 ("ext4: add validity checks for bitmap block numbers") for stable

by Guenter Roeck

Hi Greg, I see that commit 7dac4a1726a9 ("ext4: add validity checks for bitmap block numbers") is marked for stable, but I don't see it queued for any stable branches. Other ext4 patches from the same time frame (end of March) already made their way into stable. Did this patch get lost, or is it still in your queue ? Thanks, Guenter

7 years, 2 months

2
2
0 0

[PATCH] net: wireless: ti: wlcore: sdio: allow pm to handle sdio power

by Eyal Reizer

pm_runtime handles sdio power on and power off transitions. An old workaround for trying to control the power explicitly from the driver was in fact causing failures on suspend/resume as the mmc layer already power the module on resume. In case of resume pm_runtime_get sync returns a positive device's usage count causing the driver to try an re-initialize an already initialized device. This was causing sdio bus failure on resume. Remove this manual power on/off sequence as it is in-fact not needed. Signed-off-by: Eyal Reizer <eyalr(a)ti.com> Cc: stable(a)vger.kernel.org --- drivers/net/wireless/ti/wlcore/sdio.c | 27 ++++++--------------------- 1 file changed, 6 insertions(+), 21 deletions(-) diff --git a/drivers/net/wireless/ti/wlcore/sdio.c b/drivers/net/wireless/ti/wlcore/sdio.c index 1f727ba..6dbe61d 100644 --- a/drivers/net/wireless/ti/wlcore/sdio.c +++ b/drivers/net/wireless/ti/wlcore/sdio.c @@ -155,17 +155,11 @@ static int wl12xx_sdio_power_on(struct wl12xx_sdio_glue *glue) struct mmc_card *card = func->card; ret = pm_runtime_get_sync(&card->dev); - if (ret) { - /* - * Runtime PM might be temporarily disabled, or the device - * might have a positive reference counter. Make sure it is - * really powered on. - */ - ret = mmc_power_restore_host(card->host); - if (ret < 0) { - pm_runtime_put_sync(&card->dev); - goto out; - } + if (ret < 0) { + pm_runtime_put_noidle(&card->dev); + dev_err(glue->dev, "%s: failed to get_sync(%d)\n", + __func__, ret); + goto out; } sdio_claim_host(func); @@ -178,7 +172,6 @@ static int wl12xx_sdio_power_on(struct wl12xx_sdio_glue *glue) static int wl12xx_sdio_power_off(struct wl12xx_sdio_glue *glue) { - int ret; struct sdio_func *func = dev_to_sdio_func(glue->dev); struct mmc_card *card = func->card; @@ -186,16 +179,8 @@ static int wl12xx_sdio_power_off(struct wl12xx_sdio_glue *glue) sdio_disable_func(func); sdio_release_host(func); - /* Power off the card manually in case it wasn't powered off above */ - ret = mmc_power_save_host(card->host); - if (ret < 0) - goto out; - /* Let runtime PM know the card is powered off */ - pm_runtime_put_sync(&card->dev); - -out: - return ret; + return pm_runtime_put_sync(&card->dev); } static int wl12xx_sdio_set_power(struct device *child, bool enable) -- 2.7.4

7 years, 2 months

2
1
0 0

[PATCH] net: wireless: ti: wlcore: sdio: allow pm to handle sdio power

by Eyal Reizer

pm_runtime handles sdio power on and power off transitions. An old workaround for trying to control the power explicitly from the driver was in fact causing failures on suspend/resume as the mmc layer already power the module on resume. In case of resume pm_runtime_get sync returns a positive device's usage count causing the driver to try an re-initialize an already initialized device. This was causing sdio bus failure on resume. Remove this manual power on/off sequence as it is in-fact not needed. Signed-off-by: Eyal Reizer <eyalr(a)ti.com> Cc: stable(a)vger.kernel.org --- drivers/net/wireless/ti/wlcore/sdio.c | 27 ++++++--------------------- 1 file changed, 6 insertions(+), 21 deletions(-) diff --git a/drivers/net/wireless/ti/wlcore/sdio.c b/drivers/net/wireless/ti/wlcore/sdio.c index 1f727ba..6dbe61d 100644 --- a/drivers/net/wireless/ti/wlcore/sdio.c +++ b/drivers/net/wireless/ti/wlcore/sdio.c @@ -155,17 +155,11 @@ static int wl12xx_sdio_power_on(struct wl12xx_sdio_glue *glue) struct mmc_card *card = func->card; ret = pm_runtime_get_sync(&card->dev); - if (ret) { - /* - * Runtime PM might be temporarily disabled, or the device - * might have a positive reference counter. Make sure it is - * really powered on. - */ - ret = mmc_power_restore_host(card->host); - if (ret < 0) { - pm_runtime_put_sync(&card->dev); - goto out; - } + if (ret < 0) { + pm_runtime_put_noidle(&card->dev); + dev_err(glue->dev, "%s: failed to get_sync(%d)\n", + __func__, ret); + goto out; } sdio_claim_host(func); @@ -178,7 +172,6 @@ static int wl12xx_sdio_power_on(struct wl12xx_sdio_glue *glue) static int wl12xx_sdio_power_off(struct wl12xx_sdio_glue *glue) { - int ret; struct sdio_func *func = dev_to_sdio_func(glue->dev); struct mmc_card *card = func->card; @@ -186,16 +179,8 @@ static int wl12xx_sdio_power_off(struct wl12xx_sdio_glue *glue) sdio_disable_func(func); sdio_release_host(func); - /* Power off the card manually in case it wasn't powered off above */ - ret = mmc_power_save_host(card->host); - if (ret < 0) - goto out; - /* Let runtime PM know the card is powered off */ - pm_runtime_put_sync(&card->dev); - -out: - return ret; + return pm_runtime_put_sync(&card->dev); } static int wl12xx_sdio_set_power(struct device *child, bool enable) -- 2.7.4

7 years, 2 months

1
0
0 0

patch "tty: Use __GFP_NOFAIL for tty_ldisc_get()" added to tty-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled tty: Use __GFP_NOFAIL for tty_ldisc_get() to my tty git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git in the tty-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From bcdd0ca8cb8730573afebcaae4138f8f4c8eaa20 Mon Sep 17 00:00:00 2001 From: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Date: Wed, 25 Apr 2018 20:12:31 +0900 Subject: tty: Use __GFP_NOFAIL for tty_ldisc_get() syzbot is reporting crashes triggered by memory allocation fault injection at tty_ldisc_get() [1]. As an attempt to handle OOM in a graceful way, we have tried commit 5362544bebe85071 ("tty: don't panic on OOM in tty_set_ldisc()"). But we reverted that attempt by commit a8983d01f9b7d600 ("Revert "tty: don't panic on OOM in tty_set_ldisc()"") due to reproducible crash. We should spend resource for finding and fixing race condition bugs rather than complicate error paths for 2 * sizeof(void *) bytes allocation failure. [1] https://syzkaller.appspot.com/bug?id=489d33fa386453859ead58ff5171d43772b13a… Signed-off-by: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Reported-by: syzbot <syzbot+40b7287c2dc987c48c81(a)syzkaller.appspotmail.com> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Vegard Nossum <vegard.nossum(a)gmail.com> Cc: Dmitry Vyukov <dvyukov(a)google.com> Cc: Jiri Slaby <jslaby(a)suse.com> Cc: Peter Hurley <peter(a)hurleysoftware.com> Cc: One Thousand Gnomes <gnomes(a)lxorguk.ukuu.org.uk> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/tty/tty_ldisc.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/drivers/tty/tty_ldisc.c b/drivers/tty/tty_ldisc.c index 8a88a7787cfe..fb7329ab2b37 100644 --- a/drivers/tty/tty_ldisc.c +++ b/drivers/tty/tty_ldisc.c @@ -176,12 +176,11 @@ static struct tty_ldisc *tty_ldisc_get(struct tty_struct *tty, int disc) return ERR_CAST(ldops); } - ld = kmalloc(sizeof(struct tty_ldisc), GFP_KERNEL); - if (ld == NULL) { - put_ldops(ldops); - return ERR_PTR(-ENOMEM); - } - + /* + * There is no way to handle allocation failure of only 16 bytes. + * Let's simplify error handling and save more memory. + */ + ld = kmalloc(sizeof(struct tty_ldisc), GFP_KERNEL | __GFP_NOFAIL); ld->ops = ldops; ld->tty = tty; -- 2.17.0

7 years, 2 months

1
0
0 0

[PATCH] mac80211_hwsim: fix use-after-free bug in hwsim_exit_net

by Benjamin Beichler

commit 8cfd36a0b53aeb4ec21d81eb79706697b84dfc3d upstream. When destroying a net namespace, all hwsim interfaces, which are not created in default namespace are deleted. But the async deletion of the interfaces could last longer than the actual destruction of the namespace, which results to an use after free bug. Therefore use synchronous deletion in this case. Fixes: 100cb9ff40e0 ("mac80211_hwsim: Allow managing radios from non-initial namespaces") Reported-by: syzbot+70ce058e01259de7bb1d(a)syzkaller.appspotmail.com Signed-off-by: Benjamin Beichler <benjamin.beichler(a)uni-rostock.de> Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> --- This patch is prepared for linux-4.16.y branch drivers/net/wireless/mac80211_hwsim.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/drivers/net/wireless/mac80211_hwsim.c b/drivers/net/wireless/mac80211_hwsim.c index 35b21f8152bb..20af54378cc0 100644 --- a/drivers/net/wireless/mac80211_hwsim.c +++ b/drivers/net/wireless/mac80211_hwsim.c @@ -3484,8 +3484,11 @@ static void __net_exit hwsim_exit_net(struct net *net) list_del(&data->list); rhashtable_remove_fast(&hwsim_radios_rht, &data->rht, hwsim_rht_params); - INIT_WORK(&data->destroy_work, destroy_radio); - queue_work(hwsim_wq, &data->destroy_work); + spin_unlock_bh(&hwsim_radio_lock); + mac80211_hwsim_del_radio(data, + wiphy_name(data->hw->wiphy), + NULL); + spin_lock_bh(&hwsim_radio_lock); } spin_unlock_bh(&hwsim_radio_lock); } -- 2.17.0

7 years, 2 months

2
1
0 0

[PATCH 2/3] mtd: rawnand: marvell: fix CS pin count with old bindings

by Miquel Raynal

For both the old bindings and the new bindings the same logic was applied to retrieve the number of CS lines: using of_get_property() to get a size in bytes, converted in the actual number of lines by dividing it per sizeof(u32) (4 bytes). This is fine for the 'reg' property which is a list of the CS IDs but not for the 'num-cs' property which is directly the value of the number of CS. Anyway, no existing DT uses another value than 'num-cs = <1>' and no other value has ever been supported by the old driver (pxa3xx_nand.c). Remove this condition and apply a number of 1 CS anyway, as already described in the bindings. Fixes: 02f26ecf8c772 ("mtd: nand: add reworked Marvell NAND controller driver") Cc: stable(a)vger.kernel.org Signed-off-by: Miquel Raynal <miquel.raynal(a)bootlin.com> --- drivers/mtd/nand/raw/marvell_nand.c | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/drivers/mtd/nand/raw/marvell_nand.c b/drivers/mtd/nand/raw/marvell_nand.c index 2a467c72bbfb..c33ebc2cc024 100644 --- a/drivers/mtd/nand/raw/marvell_nand.c +++ b/drivers/mtd/nand/raw/marvell_nand.c @@ -2299,29 +2299,23 @@ static int marvell_nand_chip_init(struct device *dev, struct marvell_nfc *nfc, /* * The legacy "num-cs" property indicates the number of CS on the only * chip connected to the controller (legacy bindings does not support - * more than one chip). CS are only incremented one by one while the RB - * pin is always the #0. + * more than one chip). The CS and RB pins are always the #0. * * When not using legacy bindings, a couple of "reg" and "nand-rb" * properties must be filled. For each chip, expressed as a subnode, * "reg" points to the CS lines and "nand-rb" to the RB line. */ - if (pdata) { + if (pdata || nfc->caps->legacy_of_bindings) { nsels = 1; - } else if (nfc->caps->legacy_of_bindings) { - if (!of_get_property(np, "num-cs", &nsels)) { - dev_err(dev, "missing num-cs property\n"); - return -EINVAL; - } } else { if (!of_get_property(np, "reg", &nsels)) { dev_err(dev, "missing reg property\n"); return -EINVAL; } - } - if (!pdata) nsels /= sizeof(u32); + } + if (!nsels) { dev_err(dev, "invalid reg property size\n"); return -EINVAL; -- 2.14.1

7 years, 2 months

1
0
0 0

[PATCH 1/3] mtd: rawnand: marvell: fix the chip-select DT parsing logic

by Miquel Raynal

The block responsible of parsing the DT for the number of chip-select lines uses an 'if/else if/else if' block. The content of the second and third 'else if' conditions are: 1/ the actual condition to enter the sub-block and 2/ the operation to do in this sub-block. [...] else if (condition1_to_enter && action1() == failed) raise_error(); else if (condition2_to_enter && action2() == failed) raise_error(); [...] In case of failure, the sub-block is entered and an error raised. Otherwise, in case of success, the code would continue erroneously in the next 'else if' statement because it did not failed (and did not enter the first 'else if' sub-block). The first 'else if' refers to legacy bindings while the second 'else if' refers to new bindings. The second 'else if', which is entered erroneously, checks for the 'reg' property, which, for old bindings, does not mean anything because it would not be the number of CS available, but the regular register map of almost any DT node. This being said, the content of the 'reg' property being the register map offset and length, it has '2' values, so the number of CS in this situation is assumed to be '2'. When running nand_scan_ident() with 2 CS, the core will check for an array of chips. It will first issue a RESET and then a READ_ID. Of course this will trigger two timeouts because there is no chip in front of the second CS: [ 1.367460] marvell-nfc f2720000.nand: Timeout on CMDD (NDSR: 0x00000080) [ 1.474292] marvell-nfc f2720000.nand: Timeout on CMDD (NDSR: 0x00000280) Indeed, this is harmless and the core will then assume there is only one valid CS. Fix the logic in the whole block by entering each sub-block just on the 'is legacy' condition, doing the action inside the sub-block. This way, when the action succeeds, the whole block is left. Fixes: 02f26ecf8c772 ("mtd: nand: add reworked Marvell NAND controller driver") Cc: stable(a)vger.kernel.org Signed-off-by: Miquel Raynal <miquel.raynal(a)bootlin.com> --- drivers/mtd/nand/raw/marvell_nand.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/drivers/mtd/nand/raw/marvell_nand.c b/drivers/mtd/nand/raw/marvell_nand.c index 10e953218948..2a467c72bbfb 100644 --- a/drivers/mtd/nand/raw/marvell_nand.c +++ b/drivers/mtd/nand/raw/marvell_nand.c @@ -2308,13 +2308,16 @@ static int marvell_nand_chip_init(struct device *dev, struct marvell_nfc *nfc, */ if (pdata) { nsels = 1; - } else if (nfc->caps->legacy_of_bindings && - !of_get_property(np, "num-cs", &nsels)) { - dev_err(dev, "missing num-cs property\n"); - return -EINVAL; - } else if (!of_get_property(np, "reg", &nsels)) { - dev_err(dev, "missing reg property\n"); - return -EINVAL; + } else if (nfc->caps->legacy_of_bindings) { + if (!of_get_property(np, "num-cs", &nsels)) { + dev_err(dev, "missing num-cs property\n"); + return -EINVAL; + } + } else { + if (!of_get_property(np, "reg", &nsels)) { + dev_err(dev, "missing reg property\n"); + return -EINVAL; + } } if (!pdata) -- 2.14.1

7 years, 2 months

1
0
0 0

[PATCH] serial: 8250_early: Setup divider when uartclk is passed

by Michal Simek

device->baud is always non zero value because it is checked already in early_serial8250_setup() before init_port is called. Fixes: 0ff3ab701963 ("serial: 8250_early: Only set divisor if valid clk & baud") Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Michal Simek <michal.simek(a)xilinx.com> --- drivers/tty/serial/8250/8250_early.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/tty/serial/8250/8250_early.c b/drivers/tty/serial/8250/8250_early.c index ae6a256524d8..5cd8c36c8fcc 100644 --- a/drivers/tty/serial/8250/8250_early.c +++ b/drivers/tty/serial/8250/8250_early.c @@ -122,7 +122,7 @@ static void __init init_port(struct earlycon_device *device) serial8250_early_out(port, UART_FCR, 0); /* no fifo */ serial8250_early_out(port, UART_MCR, 0x3); /* DTR + RTS */ - if (port->uartclk && device->baud) { + if (port->uartclk) { divisor = DIV_ROUND_CLOSEST(port->uartclk, 16 * device->baud); c = serial8250_early_in(port, UART_LCR); serial8250_early_out(port, UART_LCR, c | UART_LCR_DLAB); -- 2.17.0

7 years, 2 months

3
3
0 0

patch "usb: do not reset if a low-speed or full-speed device timed out" added to usb-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: do not reset if a low-speed or full-speed device timed out to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the usb-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. >From 6e01827ed93947895680fbdad68c072a0f4e2450 Mon Sep 17 00:00:00 2001 From: Maxim Moseychuk <franchesko.salias.hudro.pedros(a)gmail.com> Date: Thu, 4 Jan 2018 21:43:03 +0300 Subject: usb: do not reset if a low-speed or full-speed device timed out Some low-speed and full-speed devices (for example, bluetooth) do not have time to initialize. For them, ETIMEDOUT is a valid error. We need to give them another try. Otherwise, they will never be initialized correctly and in dmesg will be messages "Bluetooth: hci0 command 0x1002 tx timeout" or similars. Fixes: 264904ccc33c ("usb: retry reset if a device times out") Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Maxim Moseychuk <franchesko.salias.hudro.pedros(a)gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/core/hub.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c index 92378594a86e..a86591772352 100644 --- a/drivers/usb/core/hub.c +++ b/drivers/usb/core/hub.c @@ -4555,7 +4555,9 @@ hub_port_init(struct usb_hub *hub, struct usb_device *udev, int port1, * reset. But only on the first attempt, * lest we get into a time out/reset loop */ - if (r == 0 || (r == -ETIMEDOUT && retries == 0)) + if (r == 0 || (r == -ETIMEDOUT && + retries == 0 && + udev->speed > USB_SPEED_FULL)) break; } udev->descriptor.bMaxPacketSize0 = -- 2.17.0

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] tpm: self test failure should not cause suspend to fail" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 0803d7befa15cab5717d667a97a66214d2a4c083 Mon Sep 17 00:00:00 2001 From: Chris Chiu <chiu(a)endlessm.com> Date: Tue, 20 Mar 2018 15:36:40 +0800 Subject: [PATCH] tpm: self test failure should not cause suspend to fail The Acer Acer Veriton X4110G has a TPM device detected as: tpm_tis 00:0b: 1.2 TPM (device-id 0xFE, rev-id 71) After the first S3 suspend, the following error appears during resume: tpm tpm0: A TPM error(38) occurred continue selftest Any following S3 suspend attempts will now fail with this error: tpm tpm0: Error (38) sending savestate before suspend PM: Device 00:0b failed to suspend: error 38 Error 38 is TPM_ERR_INVALID_POSTINIT which means the TPM is not in the correct state. This indicates that the platform BIOS is not sending the usual TPM_Startup command during S3 resume. >From this point onwards, all TPM commands will fail. The same issue was previously reported on Foxconn 6150BK8MC and Sony Vaio TX3. The platform behaviour seems broken here, but we should not break suspend/resume because of this. When the unexpected TPM state is encountered, set a flag to skip the affected TPM_SaveState command on later suspends. Cc: stable(a)vger.kernel.org Signed-off-by: Chris Chiu <chiu(a)endlessm.com> Signed-off-by: Daniel Drake <drake(a)endlessm.com> Link: http://lkml.kernel.org/r/CAB4CAwfSCvj1cudi+MWaB5g2Z67d9DwY1o475YOZD64ma23Ui… Link: https://lkml.org/lkml/2011/3/28/192 Link: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=591031 Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com> diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c index 47aacecdc85c..22288ff70a0b 100644 --- a/drivers/char/tpm/tpm-interface.c +++ b/drivers/char/tpm/tpm-interface.c @@ -1002,6 +1002,10 @@ int tpm_do_selftest(struct tpm_chip *chip) loops = jiffies_to_msecs(duration) / delay_msec; rc = tpm_continue_selftest(chip); + if (rc == TPM_ERR_INVALID_POSTINIT) { + chip->flags |= TPM_CHIP_FLAG_ALWAYS_POWERED; + dev_info(&chip->dev, "TPM not ready (%d)\n", rc); + } /* This may fail if there was no TPM driver during a suspend/resume * cycle; some may return 10 (BAD_ORDINAL), others 28 (FAILEDSELFTEST) */

7 years, 2 months

2
1
0 0

[PATCH] random: fix possible sleeping allocation from irq context

by Theodore Ts'o

We can do a sleeping allocation from an irq context when CONFIG_NUMA is enabled. Fix this by initializing the NUMA crng instances in a workqueue. Reported-by: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Reported-by: syzbot+9de458f6a5e713ee8c1a(a)syzkaller.appspotmail.com Fixes: 8ef35c866f8862df ("random: set up the NUMA crng instances...") Cc: stable(a)vger.kernel.org Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> --- drivers/char/random.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/drivers/char/random.c b/drivers/char/random.c index 3cd3aae24d6d..e182cca7e6cd 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -789,7 +789,7 @@ static void crng_initialize(struct crng_state *crng) } #ifdef CONFIG_NUMA -static void numa_crng_init(void) +static void do_numa_crng_init(struct work_struct *work) { int i; struct crng_state *crng; @@ -810,6 +810,13 @@ static void numa_crng_init(void) kfree(pool); } } + +DECLARE_WORK(numa_crng_init_work, do_numa_crng_init); + +static void numa_crng_init(void) +{ + schedule_work(&numa_crng_init_work); +} #else static void numa_crng_init(void) {} #endif -- 2.16.1.72.g5be1f00a9a

7 years, 2 months

3
3
0 0

[PATCH V2] cpufreq: powernv: Fix the hardlockup by synchronus smp_call in timer interrupt

by Shilpasri G Bhat

gpstate_timer_handler() uses synchronous smp_call to set the pstate on the requested core. This causes the below hard lockup: [c000003fe566b320] [c0000000001d5340] smp_call_function_single+0x110/0x180 (unreliable) [c000003fe566b390] [c0000000001d55e0] smp_call_function_any+0x180/0x250 [c000003fe566b3f0] [c000000000acd3e8] gpstate_timer_handler+0x1e8/0x580 [c000003fe566b4a0] [c0000000001b46b0] call_timer_fn+0x50/0x1c0 [c000003fe566b520] [c0000000001b4958] expire_timers+0x138/0x1f0 [c000003fe566b590] [c0000000001b4bf8] run_timer_softirq+0x1e8/0x270 [c000003fe566b630] [c000000000d0d6c8] __do_softirq+0x158/0x3e4 [c000003fe566b710] [c000000000114be8] irq_exit+0xe8/0x120 [c000003fe566b730] [c000000000024d0c] timer_interrupt+0x9c/0xe0 [c000003fe566b760] [c000000000009014] decrementer_common+0x114/0x120 -- interrupt: 901 at doorbell_global_ipi+0x34/0x50 LR = arch_send_call_function_ipi_mask+0x120/0x130 [c000003fe566ba50] [c00000000004876c] arch_send_call_function_ipi_mask+0x4c/0x130 [c000003fe566ba90] [c0000000001d59f0] smp_call_function_many+0x340/0x450 [c000003fe566bb00] [c000000000075f18] pmdp_invalidate+0x98/0xe0 [c000003fe566bb30] [c0000000003a1120] change_huge_pmd+0xe0/0x270 [c000003fe566bba0] [c000000000349278] change_protection_range+0xb88/0xe40 [c000003fe566bcf0] [c0000000003496c0] mprotect_fixup+0x140/0x340 [c000003fe566bdb0] [c000000000349a74] SyS_mprotect+0x1b4/0x350 [c000003fe566be30] [c00000000000b184] system_call+0x58/0x6c One way to avoid this is removing the smp-call. We can ensure that the timer always runs on one of the policy-cpus. If the timer gets migrated to a cpu outside the policy then re-queue it back on the policy->cpus. This way we can get rid of the smp-call which was being used to set the pstate on the policy->cpus. Fixes: 7bc54b652f13 (timers, cpufreq/powernv: Initialize the gpstate timer as pinned) Cc: <stable(a)vger.kernel.org> [4.8+] Reported-by: Nicholas Piggin <npiggin(a)gmail.com> Reported-by: Pridhiviraj Paidipeddi <ppaidipe(a)linux.vnet.ibm.com> Signed-off-by: Shilpasri G Bhat <shilpa.bhat(a)linux.vnet.ibm.com> --- Changes from V1: - Remove smp_call in the pstate handler. drivers/cpufreq/powernv-cpufreq.c | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/drivers/cpufreq/powernv-cpufreq.c b/drivers/cpufreq/powernv-cpufreq.c index 71f8682..dc8ffb5 100644 --- a/drivers/cpufreq/powernv-cpufreq.c +++ b/drivers/cpufreq/powernv-cpufreq.c @@ -679,6 +679,25 @@ void gpstate_timer_handler(struct timer_list *t) if (!spin_trylock(&gpstates->gpstate_lock)) return; + /* + * If the timer has migrated to the different cpu then bring + * it back to one of the policy->cpus + */ + if (!cpumask_test_cpu(raw_smp_processor_id(), policy->cpus)) { + /* + * Timer should be deleted if policy is inactive. + * If policy is active then re-queue on one of the + * policy->cpus. + */ + if (!cpumask_empty(policy->cpus)) { + gpstates->timer.expires = jiffies + + msecs_to_jiffies(1); + add_timer_on(&gpstates->timer, + cpumask_first(policy->cpus)); + } + spin_unlock(&gpstates->gpstate_lock); + return; + } /* * If PMCR was last updated was using fast_swtich then @@ -718,10 +737,8 @@ void gpstate_timer_handler(struct timer_list *t) if (gpstate_idx != gpstates->last_lpstate_idx) queue_gpstate_timer(gpstates); + set_pstate(&freq_data); spin_unlock(&gpstates->gpstate_lock); - - /* Timer may get migrated to a different cpu on cpu hot unplug */ - smp_call_function_any(policy->cpus, set_pstate, &freq_data, 1); } /* -- 1.8.3.1

7 years, 2 months

2
3
0 0

FAILED: patch "[PATCH] drm/radeon: insist on 32-bit DMA for Cedar on PPC64/PPC64LE" failed to apply to 4.16-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.16-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From bcb0b981c5571744ac446a6c906aa05a28d21446 Mon Sep 17 00:00:00 2001 From: Ben Crocker <bcrocker(a)redhat.com> Date: Thu, 22 Feb 2018 17:52:19 -0500 Subject: [PATCH] drm/radeon: insist on 32-bit DMA for Cedar on PPC64/PPC64LE In radeon_device_init, set the need_dma32 flag for Cedar chips (e.g. FirePro 2270). This fixes, or at least works around, a bug on PowerPC exposed by last year's commits 8e3f1b1d8255105f31556aacf8aeb6071b00d469 (Russell Currey) and 253fd51e2f533552ae35a0c661705da6c4842c1b (Alistair Popple) which enabled the 64-bit DMA iommu bypass. This caused the device to freeze, in some cases unrecoverably, and is the subject of several bug reports internal to Red Hat. Signed-off-by: Ben Crocker <bcrocker(a)redhat.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/radeon/radeon_device.c b/drivers/gpu/drm/radeon/radeon_device.c index 7f40c6f7c4dd..e415d2c097a7 100644 --- a/drivers/gpu/drm/radeon/radeon_device.c +++ b/drivers/gpu/drm/radeon/radeon_device.c @@ -1366,6 +1366,10 @@ int radeon_device_init(struct radeon_device *rdev, if ((rdev->flags & RADEON_IS_PCI) && (rdev->family <= CHIP_RS740)) rdev->need_dma32 = true; +#ifdef CONFIG_PPC64 + if (rdev->family == CHIP_CEDAR) + rdev->need_dma32 = true; +#endif dma_bits = rdev->need_dma32 ? 32 : 40; r = pci_set_dma_mask(rdev->pdev, DMA_BIT_MASK(dma_bits));

7 years, 2 months

3
3
0 0

Re: [PATCH] ACPI / video: Only default only_lcd to true on Win8-ready _desktops_

by James Hogan

On Tue, Apr 24, 2018 at 11:13:25PM +0200, Hans de Goede wrote: > FWIW this has gotten into 4.15 without it having a Cc: stable or a > Fixes: tag, I think it was picked up by the new magic scripts scripts > which try to find commits which should have a Cc: stable but are lacking > one. > > In this case I deliberately did not add a Cc: stable as what gets fixed > is not that important, whereas the possible regression this might cause > (and actually seems to be causing) is sorta bad. This isn't the first time I've seen patches backported that simply don't need to be, or shouldn't be. In one case a few years back the patch had a fixes tag, but it still wasn't important to backport, which is why I left off the Cc stable, and in fact it broke something. TBH its a bit distracting having to review such patches, which I've already looked at before, determined there's no need for a backport, and subsequently paged out of my head. Stable folk: is there already (and should there be) a defined mechanism to record that a given patch is: 1) not suitable/worthwhile to backport (e.g. even though it might have a Fixes tag or use the word "fix"). 2) OR it would require a bit more human effort to backport (perhaps it applies cleanly but would be expected not to build/work) and probably shouldn't be attempted automatically. 3) OR it probably isn't worth backporting and is risky to do so, and so should only be carefully attempted if somebody actually complains. other than simply stating it in prose in the commit message? Cheers James

7 years, 2 months

2
1
0 0

[PATCH 2/2] ata: ahci: mvebu: override ahci_stop_engine for mvebu AHCI

by xswang＠marvell.com

From: Evan Wang <xswang(a)marvell.com> There is an issue(Errata Ref#226) that the SATA can not be detected via SATA Port-MultiPlayer(PMP) with following error log: ata1.15: PMP product ID mismatch ata1.15: SATA link up 6.0 Gbps (SStatus 133 SControl 300) ata1.15: Port Multiplier vendor mismatch '0x1b4b'!='0x0' ata1.15: PMP revalidation failed (errno=-19) After debugging, the reason is found that the value Port-x FIS-based Switching Control(PxFBS@0x40) become wrong. According to design, the bits[11:8, 0] of register PxFBS are cleared when Port Command and Status (0x18) bit[0] changes its value from 1 to 0, i.e. falling edge of Port Command and Status bit[0] sends PULSE that resets PxFBS bits[11:8; 0]. So it needs a mvebu SATA WA to save the port PxFBS register before PxCMD ST write and restore it afterwards. This patch implements the WA in a separate function of ahci_mvebu_stop_engine to override ahci_stop_gngine. Signed-off-by: Evan Wang <xswang(a)marvell.com> Suggested-by: Ofer Heifetz <oferh(a)marvell.com> Cc: Tejun Heo <tj(a)kernel.org> Cc: Thomas Petazzoni <thomas.petazzoni(a)bootlin.com> Cc: stable(a)vger.kernel.org --- drivers/ata/ahci_mvebu.c | 56 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) diff --git a/drivers/ata/ahci_mvebu.c b/drivers/ata/ahci_mvebu.c index de7128d..0045dac 100644 --- a/drivers/ata/ahci_mvebu.c +++ b/drivers/ata/ahci_mvebu.c @@ -62,6 +62,60 @@ static void ahci_mvebu_regret_option(struct ahci_host_priv *hpriv) writel(0x80, hpriv->mmio + AHCI_VENDOR_SPECIFIC_0_DATA); } +/** + * ahci_mvebu_stop_engine + * + * @ap: Target ata port + * + * Errata Ref#226 - SATA Disk HOT swap issue when connected through + * Port Multiplier in FIS-based Switching mode. + * + * To avoid the issue, according to design, the bits[11:8, 0] of + * register PxFBS are cleared when Port Command and Status (0x18) bit[0] + * changes its value from 1 to 0, i.e. falling edge of Port + * Command and Status bit[0] sends PULSE that resets PxFBS + * bits[11:8; 0]. + * + * This function is used to override function of "ahci_stop_engine" + * from libahci.c by adding the mvebu work around(WA) to save PxFBS + * value before the PxCMD ST write of 0, then restore PxFBS value. + * + * Return: 0 on success; Error code otherwise. + */ +int ahci_mvebu_stop_engine(struct ata_port *ap) +{ + void __iomem *port_mmio = ahci_port_base(ap); + u32 tmp, port_fbs; + + tmp = readl(port_mmio + PORT_CMD); + + /* check if the HBA is idle */ + if ((tmp & (PORT_CMD_START | PORT_CMD_LIST_ON)) == 0) + return 0; + + /* save the port PxFBS register for later restore */ + port_fbs = readl(port_mmio + PORT_FBS); + + /* setting HBA to idle */ + tmp &= ~PORT_CMD_START; + writel(tmp, port_mmio + PORT_CMD); + + /* + * bit #15 PxCMD signal doesn't clear PxFBS, + * restore the PxFBS register right after clearing the PxCMD ST, + * no need to wait for the PxCMD bit #15. + */ + writel(port_fbs, port_mmio + PORT_FBS); + + /* wait for engine to stop. This could be as long as 500 msec */ + tmp = ata_wait_register(ap, port_mmio + PORT_CMD, + PORT_CMD_LIST_ON, PORT_CMD_LIST_ON, 1, 500); + if (tmp & PORT_CMD_LIST_ON) + return -EIO; + + return 0; +} + #ifdef CONFIG_PM_SLEEP static int ahci_mvebu_suspend(struct platform_device *pdev, pm_message_t state) { @@ -112,6 +166,8 @@ static int ahci_mvebu_probe(struct platform_device *pdev) if (rc) return rc; + hpriv->stop_engine = ahci_mvebu_stop_engine; + if (of_device_is_compatible(pdev->dev.of_node, "marvell,armada-380-ahci")) { dram = mv_mbus_dram_info(); -- 1.9.1

7 years, 2 months

1
0
0 0

[PATCH 1/2] libahci: Allow drivers to override stop_engine

by xswang＠marvell.com

From: Evan Wang <xswang(a)marvell.com> Marvell armada37xx, armada7k and armada8k share the same AHCI sata controller IP, and currently there is an issue (Errata Ref#226)that the SATA can not be detected via SATA Port-MultiPlayer(PMP). After debugging, the reason is found that the value of Port-x FIS-based Switching Control (PxFBS@0x40) became wrong. According to design, the bits[11:8, 0] of register PxFBS are cleared when Port Command and Status (0x18) bit[0] changes its value from 1 to 0, i.e. falling edge of Port Command and Status bit[0] sends PULSE that resets PxFBS bits[11:8; 0]. So it needs save the port PxFBS register before PxCMD ST write and restore the port PxFBS register afterwards in ahci_stop_engine(). This commit allows drivers to override ahci_stop_engine behavior for use by the Marvell AHCI driver(and potentially other drivers in the future). Signed-off-by: Evan Wang <xswang(a)marvell.com> Suggested-by: Ofer Heifetz <oferh(a)marvell.com> Cc: Tejun Heo <tj(a)kernel.org> Cc: Thomas Petazzoni <thomas.petazzoni(a)bootlin.com> Cc: stable(a)vger.kernel.org --- drivers/ata/ahci.c | 6 +++--- drivers/ata/ahci.h | 7 +++++++ drivers/ata/ahci_qoriq.c | 2 +- drivers/ata/ahci_xgene.c | 4 ++-- drivers/ata/libahci.c | 20 ++++++++++++-------- drivers/ata/sata_highbank.c | 2 +- 6 files changed, 26 insertions(+), 15 deletions(-) diff --git a/drivers/ata/ahci.c b/drivers/ata/ahci.c index 1ff1779..6389c88 100644 --- a/drivers/ata/ahci.c +++ b/drivers/ata/ahci.c @@ -698,7 +698,7 @@ static int ahci_vt8251_hardreset(struct ata_link *link, unsigned int *class, DPRINTK("ENTER\n"); - ahci_stop_engine(ap); + hpriv->stop_engine(ap); rc = sata_link_hardreset(link, sata_ehc_deb_timing(&link->eh_context), deadline, &online, NULL); @@ -724,7 +724,7 @@ static int ahci_p5wdh_hardreset(struct ata_link *link, unsigned int *class, bool online; int rc; - ahci_stop_engine(ap); + hpriv->stop_engine(ap); /* clear D2H reception area to properly wait for D2H FIS */ ata_tf_init(link->device, &tf); @@ -788,7 +788,7 @@ static int ahci_avn_hardreset(struct ata_link *link, unsigned int *class, DPRINTK("ENTER\n"); - ahci_stop_engine(ap); + hpriv->stop_engine(ap); for (i = 0; i < 2; i++) { u16 val; diff --git a/drivers/ata/ahci.h b/drivers/ata/ahci.h index 4356ef1..7d88ede 100644 --- a/drivers/ata/ahci.h +++ b/drivers/ata/ahci.h @@ -366,6 +366,13 @@ struct ahci_host_priv { * be overridden anytime before the host is activated. */ void (*start_engine)(struct ata_port *ap); + /* + * Optional ahci_stop_engine override, if not set this gets set to the + * default ahci_stop_engine during ahci_save_initial_config, this can + * be overridden anytime before the host is activated. + */ + int (*stop_engine)(struct ata_port *ap); + irqreturn_t (*irq_handler)(int irq, void *dev_instance); /* only required for per-port MSI(-X) support */ diff --git a/drivers/ata/ahci_qoriq.c b/drivers/ata/ahci_qoriq.c index 2685f28..cfdef4d 100644 --- a/drivers/ata/ahci_qoriq.c +++ b/drivers/ata/ahci_qoriq.c @@ -96,7 +96,7 @@ static int ahci_qoriq_hardreset(struct ata_link *link, unsigned int *class, DPRINTK("ENTER\n"); - ahci_stop_engine(ap); + hpriv->stop_engine(ap); /* * There is a errata on ls1021a Rev1.0 and Rev2.0 which is: diff --git a/drivers/ata/ahci_xgene.c b/drivers/ata/ahci_xgene.c index c2b5941..ad58da7 100644 --- a/drivers/ata/ahci_xgene.c +++ b/drivers/ata/ahci_xgene.c @@ -165,7 +165,7 @@ static int xgene_ahci_restart_engine(struct ata_port *ap) PORT_CMD_ISSUE, 0x0, 1, 100)) return -EBUSY; - ahci_stop_engine(ap); + hpriv->stop_engine(ap); ahci_start_fis_rx(ap); /* @@ -421,7 +421,7 @@ static int xgene_ahci_hardreset(struct ata_link *link, unsigned int *class, portrxfis_saved = readl(port_mmio + PORT_FIS_ADDR); portrxfishi_saved = readl(port_mmio + PORT_FIS_ADDR_HI); - ahci_stop_engine(ap); + hpriv->stop_engine(ap); rc = xgene_ahci_do_hardreset(link, deadline, &online); diff --git a/drivers/ata/libahci.c b/drivers/ata/libahci.c index 7adcf3c..e5d9097 100644 --- a/drivers/ata/libahci.c +++ b/drivers/ata/libahci.c @@ -560,6 +560,9 @@ void ahci_save_initial_config(struct device *dev, struct ahci_host_priv *hpriv) if (!hpriv->start_engine) hpriv->start_engine = ahci_start_engine; + if (!hpriv->stop_engine) + hpriv->stop_engine = ahci_stop_engine; + if (!hpriv->irq_handler) hpriv->irq_handler = ahci_single_level_irq_intr; } @@ -897,9 +900,10 @@ static void ahci_start_port(struct ata_port *ap) static int ahci_deinit_port(struct ata_port *ap, const char **emsg) { int rc; + struct ahci_host_priv *hpriv = ap->host->private_data; /* disable DMA */ - rc = ahci_stop_engine(ap); + rc = hpriv->stop_engine(ap); if (rc) { *emsg = "failed to stop engine"; return rc; @@ -1310,7 +1314,7 @@ int ahci_kick_engine(struct ata_port *ap) int busy, rc; /* stop engine */ - rc = ahci_stop_engine(ap); + rc = hpriv->stop_engine(ap); if (rc) goto out_restart; @@ -1549,7 +1553,7 @@ int ahci_do_hardreset(struct ata_link *link, unsigned int *class, DPRINTK("ENTER\n"); - ahci_stop_engine(ap); + hpriv->stop_engine(ap); /* clear D2H reception area to properly wait for D2H FIS */ ata_tf_init(link->device, &tf); @@ -2075,14 +2079,14 @@ void ahci_error_handler(struct ata_port *ap) if (!(ap->pflags & ATA_PFLAG_FROZEN)) { /* restart engine */ - ahci_stop_engine(ap); + hpriv->stop_engine(ap); hpriv->start_engine(ap); } sata_pmp_error_handler(ap); if (!ata_dev_enabled(ap->link.device)) - ahci_stop_engine(ap); + hpriv->stop_engine(ap); } EXPORT_SYMBOL_GPL(ahci_error_handler); @@ -2129,7 +2133,7 @@ static void ahci_set_aggressive_devslp(struct ata_port *ap, bool sleep) return; /* set DITO, MDAT, DETO and enable DevSlp, need to stop engine first */ - rc = ahci_stop_engine(ap); + rc = hpriv->stop_engine(ap); if (rc) return; @@ -2189,7 +2193,7 @@ static void ahci_enable_fbs(struct ata_port *ap) return; } - rc = ahci_stop_engine(ap); + rc = hpriv->stop_engine(ap); if (rc) return; @@ -2222,7 +2226,7 @@ static void ahci_disable_fbs(struct ata_port *ap) return; } - rc = ahci_stop_engine(ap); + rc = hpriv->stop_engine(ap); if (rc) return; diff --git a/drivers/ata/sata_highbank.c b/drivers/ata/sata_highbank.c index aafb8cc..e67815b 100644 --- a/drivers/ata/sata_highbank.c +++ b/drivers/ata/sata_highbank.c @@ -410,7 +410,7 @@ static int ahci_highbank_hardreset(struct ata_link *link, unsigned int *class, int rc; int retry = 100; - ahci_stop_engine(ap); + hpriv->stop_engine(ap); /* clear D2H reception area to properly wait for D2H FIS */ ata_tf_init(link->device, &tf); -- 1.9.1

7 years, 2 months

1
0
0 0

v4.14.36 build: 0 failures 1 warnings (v4.14.36)

by Build bot for Mark Brown

Tree/Branch: v4.14.36 Git describe: v4.14.36 Commit: d6949f4809 Linux 4.14.36 Build Time: 98 min 14 sec Passed: 11 / 11 (100.00 %) Failed: 0 / 11 ( 0.00 %) Errors: 0 Warnings: 1 Section Mismatches: 0 ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): 1 warnings 0 mismatches : x86_64-allmodconfig ------------------------------------------------------------------------------- Warnings Summary: 1 1 drivers/target/iscsi/.tmp_iscsi_target.o: warning: objtool: iscsit_handle_task_mgt_cmd()+0x78f: sibling call from callable instruction with modified stack frame =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- x86_64-allmodconfig : PASS, 0 errors, 1 warnings, 0 section mismatches Warnings: drivers/target/iscsi/.tmp_iscsi_target.o: warning: objtool: iscsit_handle_task_mgt_cmd()+0x78f: sibling call from callable instruction with modified stack frame ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches: arm64-allnoconfig arm64-allmodconfig arm-multi_v5_defconfig arm-multi_v7_defconfig x86_64-defconfig arm-allmodconfig arm-allnoconfig x86_64-allnoconfig arm-multi_v4t_defconfig arm64-defconfig close failed in file object destructor: sys.excepthook is missing lost sys.stderr

7 years, 2 months

1
0
0 0

[PATCH] [v2] x86: ipc: fix x32 version of shmid64_ds and msqid64_ds

by Arnd Bergmann

A bugfix broke the x32 shmid64_ds and msqid64_ds data structure layout (as seen from user space) a few years ago: Originally, __BITS_PER_LONG was defined as 64 on x32, so we did not have padding after the 64-bit __kernel_time_t fields, After __BITS_PER_LONG got changed to 32, applications would observe extra padding. In other parts of the uapi headers we seem to have a mix of those expecting either 32 or 64 on x32 applications, so we can't easily revert the path that broke these two structures. Instead, this patch decouples x32 from the other architectures and moves it back into arch specific headers, partially reverting the even older commit 73a2d096fdf2 ("x86: remove all now-duplicate header files"). It's not clear whether this ever made any difference, since at least glibc carries its own (correct) copy of both of these header files, so possibly no application has ever observed the definitions here. Based on a suggestion from H.J. Lu, I tried out the tool from https://github.com/hjl-tools/linux-header to find other such bugs, which pointed out the same bug in statfs(), which also has a separate (correct) copy in glibc. Fixes: f4b4aae18288 ("x86/headers/uapi: Fix __BITS_PER_LONG value for x32 builds") Cc: stable(a)vger.kernel.org Cc: H.J. Lu <hjl.tools(a)gmail.com> Cc: Jeffrey Walton <noloader(a)gmail.com> Signed-off-by: Arnd Bergmann <arnd(a)arndb.de> --- This came out of the y2038 ipc syscall series but can be applied and backported independently. v2: fix typos. --- arch/x86/include/uapi/asm/msgbuf.h | 31 ++++++++++++++++++++++++++++ arch/x86/include/uapi/asm/shmbuf.h | 42 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 73 insertions(+) diff --git a/arch/x86/include/uapi/asm/msgbuf.h b/arch/x86/include/uapi/asm/msgbuf.h index 809134c644a6..90ab9a795b49 100644 --- a/arch/x86/include/uapi/asm/msgbuf.h +++ b/arch/x86/include/uapi/asm/msgbuf.h @@ -1 +1,32 @@ +/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ +#ifndef __ASM_X64_MSGBUF_H +#define __ASM_X64_MSGBUF_H + +#if !defined(__x86_64__) || !defined(__ILP32__) #include <asm-generic/msgbuf.h> +#else +/* + * The msqid64_ds structure for x86 architecture with x32 ABI. + * + * On x86-32 and x86-64 we can just use the generic definition, but + * x32 uses the same binary layout as x86_64, which is differnet + * from other 32-bit architectures. + */ + +struct msqid64_ds { + struct ipc64_perm msg_perm; + __kernel_time_t msg_stime; /* last msgsnd time */ + __kernel_time_t msg_rtime; /* last msgrcv time */ + __kernel_time_t msg_ctime; /* last change time */ + __kernel_ulong_t msg_cbytes; /* current number of bytes on queue */ + __kernel_ulong_t msg_qnum; /* number of messages in queue */ + __kernel_ulong_t msg_qbytes; /* max number of bytes on queue */ + __kernel_pid_t msg_lspid; /* pid of last msgsnd */ + __kernel_pid_t msg_lrpid; /* last receive pid */ + __kernel_ulong_t __unused4; + __kernel_ulong_t __unused5; +}; + +#endif + +#endif /* __ASM_GENERIC_MSGBUF_H */ diff --git a/arch/x86/include/uapi/asm/shmbuf.h b/arch/x86/include/uapi/asm/shmbuf.h index 83c05fc2de38..644421f3823b 100644 --- a/arch/x86/include/uapi/asm/shmbuf.h +++ b/arch/x86/include/uapi/asm/shmbuf.h @@ -1 +1,43 @@ +/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ +#ifndef __ASM_X86_SHMBUF_H +#define __ASM_X86_SHMBUF_H + +#if !defined(__x86_64__) || !defined(__ILP32__) #include <asm-generic/shmbuf.h> +#else +/* + * The shmid64_ds structure for x86 architecture with x32 ABI. + * + * On x86-32 and x86-64 we can just use the generic definition, but + * x32 uses the same binary layout as x86_64, which is differnet + * from other 32-bit architectures. + */ + +struct shmid64_ds { + struct ipc64_perm shm_perm; /* operation perms */ + size_t shm_segsz; /* size of segment (bytes) */ + __kernel_time_t shm_atime; /* last attach time */ + __kernel_time_t shm_dtime; /* last detach time */ + __kernel_time_t shm_ctime; /* last change time */ + __kernel_pid_t shm_cpid; /* pid of creator */ + __kernel_pid_t shm_lpid; /* pid of last operator */ + __kernel_ulong_t shm_nattch; /* no. of current attaches */ + __kernel_ulong_t __unused4; + __kernel_ulong_t __unused5; +}; + +struct shminfo64 { + __kernel_ulong_t shmmax; + __kernel_ulong_t shmmin; + __kernel_ulong_t shmmni; + __kernel_ulong_t shmseg; + __kernel_ulong_t shmall; + __kernel_ulong_t __unused1; + __kernel_ulong_t __unused2; + __kernel_ulong_t __unused3; + __kernel_ulong_t __unused4; +}; + +#endif + +#endif /* __ASM_X86_SHMBUF_H */ -- 2.9.0

7 years, 2 months

1
0
0 0

[PATCH] mac80211_hwsim: fix use-after-free bug in hwsim_exit_net

by Benjamin Beichler

commit 8cfd36a0b53aeb4ec21d81eb79706697b84dfc3d upstream. When destroying a net namespace, all hwsim interfaces, which are not created in default namespace are deleted. But the async deletion of the interfaces could last longer than the actual destruction of the namespace, which results to an use after free bug. Therefore use synchronous deletion in this case. Fixes: 100cb9ff40e0 ("mac80211_hwsim: Allow managing radios from non-initial namespaces") Reported-by: syzbot+70ce058e01259de7bb1d(a)syzkaller.appspotmail.com Signed-off-by: Benjamin Beichler <benjamin.beichler(a)uni-rostock.de> Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> --- drivers/net/wireless/mac80211_hwsim.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/drivers/net/wireless/mac80211_hwsim.c b/drivers/net/wireless/mac80211_hwsim.c index 4182c3775a72..2681b5339810 100644 --- a/drivers/net/wireless/mac80211_hwsim.c +++ b/drivers/net/wireless/mac80211_hwsim.c @@ -3346,8 +3346,11 @@ static void __net_exit hwsim_exit_net(struct net *net) continue; list_del(&data->list); - INIT_WORK(&data->destroy_work, destroy_radio); - schedule_work(&data->destroy_work); + spin_unlock_bh(&hwsim_radio_lock); + mac80211_hwsim_del_radio(data, wiphy_name(data->hw->wiphy), + NULL); + spin_lock_bh(&hwsim_radio_lock); + } spin_unlock_bh(&hwsim_radio_lock); } -- 2.17.0

7 years, 2 months

1
0
0 0

v3.18.106 build: 0 failures 1 warnings (v3.18.106)

by Build bot for Mark Brown

Tree/Branch: v3.18.106 Git describe: v3.18.106 Commit: 915b8f498b Linux 3.18.106 Build Time: 45 min 10 sec Passed: 10 / 10 (100.00 %) Failed: 0 / 10 ( 0.00 %) Errors: 0 Warnings: 1 Section Mismatches: 0 ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): 7 warnings 0 mismatches : x86_64-allmodconfig 2 warnings 0 mismatches : x86_64-defconfig ------------------------------------------------------------------------------- Warnings Summary: 1 9 ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- x86_64-allmodconfig : PASS, 0 errors, 7 warnings, 0 section mismatches Warnings: ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ------------------------------------------------------------------------------- x86_64-defconfig : PASS, 0 errors, 2 warnings, 0 section mismatches Warnings: ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches: arm64-allnoconfig arm64-allmodconfig arm-multi_v5_defconfig arm-multi_v7_defconfig arm-allmodconfig arm-allnoconfig x86_64-allnoconfig arm64-defconfig close failed in file object destructor: sys.excepthook is missing lost sys.stderr

7 years, 2 months

1
0
0 0

[GIT PULL] commits for Linux 4.15

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.15 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit ae0a11b2bd3317491d88d809dea044b4a7fa12a8: Linux 4.15.15 (2018-03-31 18:05:46 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.15-15042018 for you to fetch changes up to 13ea41f6164d93112af4969e300fa91122e6ae90: RDMA/core: Reduce poll batch for direct cq polling (2018-04-15 10:45:27 -0400) - ---------------------------------------------------------------- for-greg-4.15-15042018 - ---------------------------------------------------------------- Aaron Sierra (1): tty: serial: exar: Relocate sleep wake-up handling Alan Brady (1): i40evf: ignore link up if not running Alex Estrin (3): IB/hfi1: Fix for early release of sdma context IB/hfi1: Fix for potential refcount leak in hfi1_open_file() IB/ipoib: Fix for potential no-carrier state Alex Williamson (1): PCI: Add function 1 DMA alias quirk for Marvell 9128 Alexei Starovoitov (1): selftests/bpf: fix test_dev_cgroup Alexey Dobriyan (1): proc: fix /proc/*/map_files lookup Amritha Nambiar (1): i40e: Fix channel addition in reset flow Anand Jain (1): btrfs: fail mount when sb flag is not in BTRFS_SUPER_FLAG_SUPP Andi Shyti (1): Input: stmfts - set IRQ_NOAUTOEN to the irq flag Andy Shevchenko (1): device property: Define type of PROPERTY_ENRTY_*() macros Andy Spencer (1): gianfar: prevent integer wrapping in the rx handler Aneesh Kumar K.V (1): powerpc/mm/hash64: Zero PGD pages on allocation Anna-Maria Gleixner (1): tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into account Arnaldo Carvalho de Melo (2): perf unwind: Do not look just at the global callchain_param.record_mode perf callchain: Fix attr.sample_max_stack setting Arnd Bergmann (4): scsi: fas216: fix sense buffer initialization x86/power: Fix swsusp_arch_resume prototype x86/dumpstack: Avoid uninitlized variable cifs: silence compiler warnings showing up with gcc-8.0.0 Avinash Dayanand (1): i40evf: Don't schedule reset_task when device is being removed Chao Yu (1): f2fs: fix to update last_disk_size correctly Chen Yu (2): ACPI: processor_perflib: Do not send _PPC change notification if not ready cpufreq: intel_pstate: Enable HWP during system resume on CPU0 Christian Borntraeger (1): KVM: s390: use created_vcpus in more places Christoph Hellwig (1): riscv: disable SUM in the exception handler Chuck Lever (3): xprtrdma: Fix backchannel allocation of extra rpcrdma_reps xprtrdma: Eliminate unnecessary lock cycle in xprt_rdma_send_request svcrdma: Fix Read chunk round-up Coly Li (1): bcache: properly set task state in bch_writeback_thread() Corentin LABBE (1): crypto: artpec6 - remove select on non-existing CRYPTO_SHA384 Corinna Vinschen (1): igb: Allow to remove administratively set MAC on VFs Dan Carpenter (2): ASoC: au1x: Fix timeout tests in au1xac97c_ac97_read() HID: roccat: prevent an out of bounds read in kovaplus_profile_activated() Daniel Borkmann (1): bpf: fix rlimit in reuseport net selftest Daniel Hua (1): igb: Clear TXSTMP when ptp_tx_work() is timeout David Herrmann (1): platform/x86: thinkpad_acpi: suppress warning about palm detection David Hildenbrand (2): KVM: s390: vsie: use READ_ONCE to access some SCB fields KVM: s390: vsie: store guest addresses of satellite blocks in vsie_page David Howells (2): rxrpc: Fix received abort handling rxrpc: Don't put crypto buffers on the stack Desnes Augusto Nunes do Rosario (1): ibmvnic: fix firmware version when no firmware level has been provided by the VIOS server Dmitry Torokhov (2): Input: psmouse - fix Synaptics detection when protocol is disabled Input: edt-ft5x06 - fix error handling for factory mode on non-M06 Dmitry Vyukov (1): netfilter: x_tables: fix pointer leaks to userspace Don Hiatt (1): IB/core: Map iWarp AH type to undefined in rdma_ah_find_type Doug Meyer (1): NTB: ntb_hw_switchtec: Fix peer BAR bug in switchtec_ntb_init_shared_mw Ed Swierk (1): openvswitch: Remove padding from packet before L3+ conntrack processing Emil Tantilov (1): ixgbe: don't set RXDCTL.RLPML for 82599 Eryu Guan (1): blk-mq-debugfs: don't allow write on attributes with seq_operations set Geert Uytterhoeven (1): ubifs: Fix uninitialized variable in search_dh_cookie() Goldwyn Rodrigues (1): block: Set BIO_TRACE_COMPLETION on new bio during split Guanglei Li (1): RDS: IB: Fix null pointer issue Guenter Roeck (1): watchdog: sp5100_tco: Fix watchdog disable bit Gustavo A. R. Silva (1): tcp_nv: fix potential integer overflow in tcpnv_acked Gustavo Romero (1): powerpc/tm: Fix endianness flip on trap Hans de Goede (4): ACPI / LPSS: Do not instiate platform_dev for devs without MMIO resources platform/x86: dell-laptop: Filter out spurious keyboard backlight change events ACPI / bus: Do not call _STA on battery devices with unmet dependencies ACPI / scan: Use acpi_bus_get_status() to initialize ACPI_TYPE_DEVICE devs Hector Martin (1): firewire-ohci: work around oversized DMA reads on JMicron controllers Hoang Le (1): tipc: fix skb truesize/datasize ratio control Ivan Delalande (1): lkdtm: fix handle_irq_event symbol for INT_HW_IRQ_EN Jacob Keller (2): i40e: program fragmented IPv4 filter input set i40e: fix reported mask for ntuple filters Jake Daryll Obina (1): jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path James Hogan (2): MIPS: Fix clean of vmlinuz.{32,ecoff,bin,srec} MIPS: generic: Fix machine compatible matching James Smart (1): nvme-fc: fix rogue admin cmds stalling teardown Jan Chochol (1): nfs: Do not convert nfs_idmap_cache_timeout to jiffies Jan H. SchÃ¶nherr (1): fs/dax.c: release PMD lock even when there is no PMD support in DAX Jason Gunthorpe (1): RDMA/uverbs: Use an unambiguous errno for method not supported Jean Delvare (1): firmware: dmi_scan: Fix handling of empty DMI strings Jeffy Chen (1): ASoC: rockchip: Use dummy_dai for rt5514 dsp dailink Jens Axboe (1): blk-mq: fix discard merge with scheduler attached Jesper Dangaard Brouer (2): libbpf: Makefile set specified permission mode tools/libbpf: handle issues with bpf ELF objects containing .eh_frames Jia Zhang (1): vfs/proc/kcore, x86/mm/kcore: Fix SMAP fault when dumping vsyscall user page Jiri Olsa (2): perf record: Fix period option handling perf evsel: Fix period/freq terms setup John Fastabend (1): bpf: sockmap, fix leaking maps with attached but not detached progs Jon Maloy (1): tipc: fix a potental access after delete in tipc_sk_join() KarimAllah Ahmed (1): kvm: Map PFN-type memory regions as writable (if possible) Karol Herbst (1): drm/nouveau/pmu/fuc: don't use movw directly anymore Kirill A. Shutemov (1): asm-generic: provide generic_pmdp_establish() Leon Romanovsky (1): RDMA/mlx5: Avoid memory leak in case of XRCD dealloc failure Liu Bo (4): Btrfs: set plug for fsync Btrfs: fix scrub to repair raid6 corruption Btrfs: fix unexpected EEXIST from btrfs_get_extent Btrfs: raid56: fix race between merge_bio and rbio_orig_end_io Logan Gunthorpe (2): ntb_transport: Fix bug with max_mw_size parameter ntb_hw_switchtec: Check for alignment of the buffer in mw_set_trans() Marek Szyprowski (1): hwmon: (ina2xx) Fix access to uninitialized mutex Mark Salter (1): irqchip/gic-v3: Change pr_debug message to pr_devel Martin Blumenstingl (2): net: stmmac: dwmac-meson8b: fix setting the RGMII TX clock on Meson8b net: stmmac: dwmac-meson8b: propagate rate changes to the parent clock Masami Hiramatsu (1): selftest: ftrace: Fix to pick text symbols for kprobes Mathieu Malaterre (1): net: Extra '_get' in declaration of arch_get_platform_mac_address Matt Redfearn (2): MIPS: TXx9: use IS_BUILTIN() for CONFIG_LEDS_CLASS MIPS: Generic: Support GIC in EIC mode Max Gurtovoy (1): RDMA/core: Reduce poll batch for direct cq polling Maxime Chevallier (1): spi: a3700: Clear DATA_OUT when performing a read Md. Islam (1): sch_netem: Bug fixing in calculating Netem interval Mel Gorman (1): mm: pin address_space before dereferencing it while isolating an LRU page Michael Bringmann (2): powerpc/numa: Use ibm,max-associativity-domains to discover possible nodes powerpc/numa: Ensure nodes initialized for hotplug Michael J. Ruhl (1): IB/hfi1: Re-order IRQ cleanup to address driver cleanup race Michael Kelley (1): cpumask: Make for_each_cpu_wrap() available on UP as well Michal Hocko (1): netfilter: x_tables: make allocation less aggressive MickaÃ«l SalaÃ¼n (1): samples/bpf: Partially fixes the bpf.o build Ming Lei (2): dm mpath: return DM_MAPIO_REQUEUE on blk-mq rq allocation failure blk-mq: turn WARN_ON in __blk_mq_run_hw_queue into printk Mitko Haralanov (1): IB/hfi1: Show fault stats in both TX and RX directions Mustafa Ismail (1): i40iw: Free IEQ resources NeilBrown (1): NFSv4: always set NFS_LOCK_LOST when a lock is lost. Ngai-Mint Kwan (1): fm10k: fix "failed to kill vid" message for VF Nicholas Piggin (3): powerpc: System reset avoid interleaving oops using die synchronisation powerpc/pseries, ps3: panic flush kernel messages before halting system powerpc/powernv: IMC fix out of bounds memory access at shutdown Niklas Cassel (2): PCI: Add dummy pci_irqd_intx_xlate() for CONFIG_PCI=n build net: stmmac: discard disabled flags in interrupt status register Nikolay Borisov (2): btrfs: Fix out of bounds access in btrfs_search_slot btrfs: Ignore errors from btrfs_qgroup_trace_extent_post Nitin Gupta (1): sparc64: update pmdp_invalidate() to return old pmd value Paolo Bonzini (1): kvm: x86: fix KVM_XEN_HVM_CONFIG ioctl Parav Pandit (2): RDMA/core: Clarify rdma_ah_find_type RDMA/cma: Check existence of netdevice during port validation Paul Mackerras (2): KVM: PPC: Book3S HV: Enable migration of decrementer register KVM: PPC: Book3S HV: Fix handling of secondary HPTEG in HPT resizing code Peter Hutterer (1): Input: synaptics - reset the ABS_X/Y fuzz after initializing MT axes Peter Xu (1): iommu/vt-d: Use domain instead of cache fetching Peter Zijlstra (1): x86/tsc: Allow TSC calibration without PIT Prashant Bhole (1): bpf: test_maps: cleanup sockmaps when test ends Rafael J. Wysocki (1): ACPI / EC: Restore polling during noirq suspend/resume phases Robin Murphy (1): iommu/exynos: Don't unconditionally steal bus ops Ross Lagerwall (2): xen-netfront: Fix race between device setup and open xen/grant-table: Use put_page instead of free_page Roy Shterman (1): nvme: host delete_work and reset_work on separate workqueues Sagi Grimberg (1): IB/cq: Don't force IB_POLL_DIRECT poll context for ib_process_cq_direct Sebastian Ott (1): s390/eadm: fix CONFIG_BLOCK include dependency Sheng Yong (1): f2fs: avoid hungtask when GC encrypted block if io_bits is set Shiraz Saleem (1): i40iw: Zero-out consumer key on allocate stag for FMR Stephen Boyd (1): irqchip/gic-v3: Ignore disabled ITS nodes Steven Rostedt (VMware) (3): tools lib traceevent: Simplify pointer print logic and fix %pF tools lib traceevent: Fix get_field_str() for dynamic strings selftests/ftrace: Add some missing glob checks Subash Abhinov Kasiviswanathan (2): netfilter: ipv6: nf_defrag: Pass on packets to stack per RFC2460 netfilter: ipv6: nf_defrag: Kill frag queue on RFC2460 failure Takashi Iwai (1): ALSA: hda - Use IS_REACHABLE() for dependency on input Tang Junhui (3): bcache: fix for allocator and register thread race bcache: fix for data collapse after re-attaching an attached device bcache: return attach error when no cache set exist Thomas Falcon (2): ibmvnic: Wait for device response when changing MAC ibmvnic: Reset long term map ID counter Thomas Richter (2): perf record: Fix failed memory allocation for get_cpuid_str perf test: Fix test trace+probe_libc_inet_pton.sh for s390x Tony Lindgren (1): PM / wakeirq: Fix unbalanced IRQ enable for wakeirq Trond Myklebust (1): SUNRPC: Don't call __UDPX_INC_STATS() from a preemptible context Ulf Hansson (1): PM / domains: Fix up domain-idle-states OF parsing Ulf Magnusson (3): kconfig: Don't leak main menus during parsing kconfig: Fix automatic menu creation mem leak kconfig: Fix expr_free() E_NOT leak Vitaly Kuznetsov (3): x86/hyperv: Stop suppressing X86_FEATURE_PCID x86/hyperv: Check for required priviliges in hyperv_init() x86/kvm/vmx: do not use vm-exit instruction length for fast MMIO when running nested Vladimir Murzin (2): ARM: 8738/1: Disable CONFIG_DEBUG_VIRTUAL for NOMMU ARM: 8740/1: NOMMU: Make sure we do not hold stale data in mem[] array Wei Yongjun (2): ipmi/powernv: Fix error return code in ipmi_powernv_probe() nfp: fix error return code in nfp_pci_probe() Will Deacon (2): arm64: spinlock: Fix theoretical trylock() A-B-A with LSE atomics locking/qspinlock: Ensure node->count is updated before initialising node Xose Vazquez Perez (1): scsi: devinfo: fix format of the device list Yang Shi (1): mm: thp: use down_read_trylock() in khugepaged to avoid long block Yisheng Xie (2): mm/mempolicy: fix the check of nodemask from user mm/mempolicy: add nodes_empty check in SYSC_migrate_pages Yonghong Song (1): bpf: fix selftests/bpf test_kmod.sh failure when CONFIG_BPF_JIT_ALWAYS_ON=y himanshu.madhani(a)cavium.com (1): scsi: qla2xxx: Fix warning in qla2x00_async_iocb_timeout() mike.travis(a)hpe.com (1): x86/platform/UV: Fix GAM Range Table entries less than 1GB mulhern (1): dm thin: fix documentation relative to low water mark threshold piaojun (3): ocfs2: return -EROFS to mount.ocfs2 if inode block is invalid ocfs2/acl: use 'ip_xattr_sem' to protect getting extended attribute ocfs2: return error when we attempt to access a dirty bh in jbd2 shidao.ytt (1): mm/fadvise: discard partial page if endbyte is also EOF weiyongjun (A) (1): mac80211_hwsim: fix possible memory leak in hwsim_new_radio_nl() Documentation/device-mapper/thin-provisioning.txt | 8 +- Documentation/virtual/kvm/api.txt | 1 + arch/arm/Kconfig | 2 +- arch/arm/mm/pmsa-v7.c | 2 + arch/arm64/include/asm/spinlock.h | 4 +- arch/mips/boot/compressed/Makefile | 6 +- arch/mips/generic/irq.c | 18 +- arch/mips/include/asm/machine.h | 2 +- arch/mips/txx9/rbtx4939/setup.c | 4 +- arch/powerpc/include/asm/book3s/64/pgalloc.h | 10 +- arch/powerpc/include/asm/bug.h | 3 +- arch/powerpc/include/uapi/asm/kvm.h | 2 + arch/powerpc/kernel/signal_64.c | 8 +- arch/powerpc/kernel/traps.c | 26 +- arch/powerpc/kvm/book3s_64_mmu_hv.c | 8 +- arch/powerpc/kvm/book3s_hv.c | 8 + arch/powerpc/kvm/powerpc.c | 2 +- arch/powerpc/mm/numa.c | 78 +- arch/powerpc/platforms/powernv/opal-imc.c | 6 +- arch/powerpc/platforms/powernv/opal.c | 18 +- arch/powerpc/platforms/ps3/setup.c | 1 + arch/powerpc/platforms/pseries/setup.c | 8 +- arch/riscv/kernel/entry.S | 9 +- arch/s390/include/asm/eadm.h | 2 +- arch/s390/kvm/kvm-s390.c | 4 +- arch/s390/kvm/vsie.c | 87 +- arch/sparc/include/asm/pgtable_64.h | 2 +- arch/sparc/mm/tlb.c | 23 +- arch/x86/hyperv/hv_init.c | 9 +- arch/x86/hyperv/mmu.c | 12 +- arch/x86/include/asm/i8259.h | 5 + arch/x86/kernel/apic/x2apic_uv_x.c | 15 +- arch/x86/kernel/dumpstack.c | 2 +- arch/x86/kernel/tsc.c | 18 + arch/x86/kvm/vmx.c | 16 +- arch/x86/kvm/x86.c | 10 +- arch/x86/mm/init_64.c | 3 +- arch/x86/power/hibernate_32.c | 2 +- arch/x86/power/hibernate_64.c | 2 +- block/bio.c | 2 +- block/blk-core.c | 2 + block/blk-merge.c | 29 +- block/blk-mq-debugfs.c | 6 +- block/blk-mq.c | 22 +- drivers/acpi/acpi_lpss.c | 2 + drivers/acpi/bus.c | 6 + drivers/acpi/ec.c | 6 + drivers/acpi/processor_perflib.c | 2 +- drivers/acpi/scan.c | 20 +- drivers/base/power/domain.c | 76 +- drivers/base/power/wakeirq.c | 6 +- drivers/char/ipmi/ipmi_powernv.c | 5 +- drivers/cpufreq/intel_pstate.c | 5 + drivers/crypto/Kconfig | 1 - drivers/firewire/ohci.c | 8 +- drivers/firmware/dmi_scan.c | 22 +- .../drm/nouveau/nvkm/subdev/pmu/fuc/gf100.fuc3.h | 746 +++++++-------- .../drm/nouveau/nvkm/subdev/pmu/fuc/gk208.fuc5.h | 802 ++++++++-------- .../drm/nouveau/nvkm/subdev/pmu/fuc/gt215.fuc3.h | 1006 ++++++++++---------- .../gpu/drm/nouveau/nvkm/subdev/pmu/fuc/memx.fuc | 30 +- drivers/hid/hid-roccat-kovaplus.c | 2 + drivers/hwmon/ina2xx.c | 3 +- drivers/infiniband/core/cma.c | 8 +- drivers/infiniband/core/cq.c | 30 +- drivers/infiniband/core/uverbs_ioctl.c | 19 +- drivers/infiniband/hw/hfi1/chip.c | 18 +- drivers/infiniband/hw/hfi1/debugfs.c | 9 +- drivers/infiniband/hw/hfi1/file_ops.c | 4 +- drivers/infiniband/hw/hfi1/hfi.h | 1 + drivers/infiniband/hw/hfi1/init.c | 5 +- drivers/infiniband/hw/hfi1/sdma.c | 13 +- drivers/infiniband/hw/hfi1/sdma.h | 1 + drivers/infiniband/hw/i40iw/i40iw_puda.c | 3 +- drivers/infiniband/hw/i40iw/i40iw_puda.h | 1 + drivers/infiniband/hw/i40iw/i40iw_verbs.c | 2 + drivers/infiniband/hw/mlx5/qp.c | 5 +- drivers/infiniband/ulp/ipoib/ipoib_main.c | 3 + drivers/input/mouse/psmouse-base.c | 34 +- drivers/input/mouse/synaptics.c | 10 + drivers/input/touchscreen/edt-ft5x06.c | 14 +- drivers/input/touchscreen/stmfts.c | 11 +- drivers/iommu/exynos-iommu.c | 7 + drivers/iommu/intel-iommu.c | 3 +- drivers/irqchip/irq-gic-v3-its-pci-msi.c | 2 + drivers/irqchip/irq-gic-v3-its-platform-msi.c | 2 + drivers/irqchip/irq-gic-v3-its.c | 2 + drivers/irqchip/irq-gic-v3.c | 2 +- drivers/md/bcache/alloc.c | 4 +- drivers/md/bcache/bcache.h | 2 +- drivers/md/bcache/btree.c | 9 +- drivers/md/bcache/super.c | 23 +- drivers/md/bcache/sysfs.c | 11 +- drivers/md/bcache/writeback.c | 7 +- drivers/md/dm-mpath.c | 14 +- drivers/misc/lkdtm_core.c | 2 +- drivers/net/ethernet/freescale/gianfar.c | 9 +- drivers/net/ethernet/ibm/ibmvnic.c | 28 +- drivers/net/ethernet/intel/fm10k/fm10k_netdev.c | 14 +- drivers/net/ethernet/intel/i40e/i40e_ethtool.c | 18 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 14 + drivers/net/ethernet/intel/i40evf/i40evf.h | 1 + drivers/net/ethernet/intel/i40evf/i40evf_main.c | 9 +- .../net/ethernet/intel/i40evf/i40evf_virtchnl.c | 35 +- drivers/net/ethernet/intel/igb/igb_main.c | 42 +- drivers/net/ethernet/intel/igb/igb_ptp.c | 9 + drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 8 +- drivers/net/ethernet/netronome/nfp/nfp_main.c | 1 + .../net/ethernet/stmicro/stmmac/dwmac-meson8b.c | 6 +- drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 6 +- drivers/net/wireless/mac80211_hwsim.c | 4 +- drivers/net/xen-netfront.c | 46 +- drivers/ntb/hw/mscc/ntb_hw_switchtec.c | 22 +- drivers/ntb/ntb_transport.c | 3 + drivers/nvme/host/core.c | 44 +- drivers/nvme/host/fc.c | 3 + drivers/nvme/host/nvme.h | 2 + drivers/nvme/host/rdma.c | 2 +- drivers/nvme/target/loop.c | 2 +- drivers/pci/quirks.c | 2 + drivers/platform/x86/dell-laptop.c | 24 +- drivers/platform/x86/thinkpad_acpi.c | 10 + drivers/scsi/arm/fas216.c | 2 +- drivers/scsi/qla2xxx/qla_init.c | 4 + drivers/scsi/scsi_devinfo.c | 7 +- drivers/spi/spi-armada-3700.c | 5 + .../staging/fsl-mc/bus/irq-gic-v3-its-fsl-mc-msi.c | 2 + drivers/tty/serial/8250/8250_exar.c | 34 +- drivers/tty/serial/8250/8250_port.c | 26 - drivers/watchdog/sp5100_tco.h | 2 +- drivers/xen/grant-table.c | 4 +- fs/btrfs/ctree.c | 12 +- fs/btrfs/delayed-ref.c | 3 +- fs/btrfs/disk-io.c | 6 +- fs/btrfs/file.c | 9 + fs/btrfs/inode.c | 17 +- fs/btrfs/qgroup.c | 9 +- fs/btrfs/raid56.c | 55 +- fs/btrfs/volumes.c | 9 +- fs/cifs/cifssmb.c | 4 +- fs/dax.c | 2 +- fs/f2fs/data.c | 12 +- fs/f2fs/gc.c | 7 +- fs/jffs2/fs.c | 1 - fs/nfs/nfs4proc.c | 12 +- fs/nfs/nfs4state.c | 5 +- fs/nfs/nfs4sysctl.c | 2 +- fs/ocfs2/acl.c | 6 + fs/ocfs2/journal.c | 23 +- fs/ocfs2/super.c | 5 +- fs/ocfs2/xattr.c | 2 + fs/proc/base.c | 29 +- fs/proc/kcore.c | 4 + fs/ubifs/tnc.c | 21 +- include/asm-generic/pgtable.h | 15 + include/linux/cpumask.h | 2 + include/linux/etherdevice.h | 2 +- include/linux/kcore.h | 1 + include/linux/pci.h | 7 + include/linux/property.h | 10 +- include/linux/suspend.h | 2 + include/rdma/ib_verbs.h | 23 +- include/trace/events/timer.h | 20 +- kernel/bpf/sockmap.c | 19 +- kernel/locking/qspinlock.c | 8 + kernel/power/power.h | 3 - lib/test_bpf.c | 31 +- mm/fadvise.c | 10 +- mm/khugepaged.c | 12 +- mm/mempolicy.c | 33 +- mm/vmscan.c | 14 +- net/ipv4/tcp_nv.c | 2 +- net/ipv6/netfilter/nf_conntrack_reasm.c | 16 +- net/netfilter/x_tables.c | 7 +- net/netfilter/xt_IDLETIMER.c | 1 + net/netfilter/xt_LED.c | 1 + net/netfilter/xt_limit.c | 3 +- net/netfilter/xt_nfacct.c | 1 + net/netfilter/xt_statistic.c | 1 + net/openvswitch/conntrack.c | 34 + net/rds/ib.c | 3 +- net/rxrpc/conn_client.c | 3 +- net/rxrpc/conn_event.c | 1 + net/rxrpc/conn_object.c | 16 +- net/rxrpc/rxkad.c | 92 +- net/sched/sch_netem.c | 2 +- net/sunrpc/xprtrdma/backchannel.c | 12 +- net/sunrpc/xprtrdma/svc_rdma_rw.c | 12 +- net/sunrpc/xprtrdma/transport.c | 2 +- net/sunrpc/xprtrdma/verbs.c | 32 +- net/sunrpc/xprtrdma/xprt_rdma.h | 2 +- net/sunrpc/xprtsock.c | 4 +- net/tipc/msg.c | 4 +- net/tipc/socket.c | 1 + samples/bpf/Makefile | 5 +- scripts/kconfig/expr.c | 2 +- scripts/kconfig/menu.c | 1 + scripts/kconfig/zconf.y | 33 +- sound/pci/hda/Kconfig | 1 - sound/pci/hda/patch_realtek.c | 5 + sound/soc/au1x/ac97c.c | 6 +- sound/soc/rockchip/rk3399_gru_sound.c | 19 +- tools/lib/bpf/Makefile | 2 +- tools/lib/bpf/libbpf.c | 26 + tools/lib/traceevent/event-parse.c | 17 +- tools/lib/traceevent/parse-filter.c | 10 +- tools/perf/arch/x86/util/header.c | 2 +- tools/perf/builtin-c2c.c | 5 +- tools/perf/builtin-record.c | 3 +- tools/perf/builtin-report.c | 5 +- tools/perf/builtin-script.c | 5 +- tools/perf/perf.h | 1 + tools/perf/tests/dwarf-unwind.c | 1 + .../perf/tests/shell/trace+probe_libc_inet_pton.sh | 23 +- tools/perf/util/callchain.c | 10 + tools/perf/util/callchain.h | 2 + tools/perf/util/evsel.c | 21 +- tools/perf/util/unwind-libunwind-local.c | 9 +- tools/testing/selftests/bpf/test_dev_cgroup.c | 2 +- tools/testing/selftests/bpf/test_maps.c | 16 +- .../ftrace/test.d/ftrace/func-filter-glob.tc | 6 + .../ftrace/test.d/kprobe/multiple_kprobes.tc | 4 +- tools/testing/selftests/net/reuseport_bpf.c | 21 +- virt/kvm/kvm_main.c | 7 +- 223 files changed, 3008 insertions(+), 1967 deletions(-) -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlrTxiQACgkQ3qZv95d3 LNyZAQ/+Mv/na96NO6D2EXUka3ltw7+THNp7Mp41NP7OVa2tlkNAQ8v8lGhrKFbH RVeXwO2V9srafidzQr7sobyq0nsws11pvJMVIrZ8ABqfC6Y5EMnEIsyw2lQ4lwuf 032B8nDAyWwLIHEuiQtBr65/6mvXURUswN+QACtNEah69Ujave4n5RsNP3GNkz0y 2G8h7UpemJUGJkiHndz+Yqu2XTyrlz9tG2W0MaFLfEHSdZFnu6fp9fGnS/5BDNFI RAyWKQYiksMpWNlr2J+1hH6+phtM4Of98490mbQixlYeszXIMJmc18n7e4tNffmg ult/dzbnSM/ZbE4Up+MU6ZHvKPqLLMOt0BNl2Mm/daUjZPueiZE28QmtJmneYBsa XdkM6XPWO/9z9PP+MmNcbU5iNV7Ha4WUUOAsO+pcyuRHybnVzshq0nBv/wmpEYFh bE4/cGP77Tyh9rXoKC4hzl7IDE9oqo/LKk8Fodv2BIQV9zDN7bQxKzcOjpdv75Sr vWL2UG7AVUfXzEHz3DIB9Au/kenGu6FsT661mD+5dZoMKvxrvS9R2/0EDgstAbdv 6vEvkIXzNQoY6zR0mAU7ltxqqZ5FqiooQVhkw3JBc7UDdd1fEiOBaFJ1hO9WTxM1 GY0V0ZcaVP9jLWl/3MpYU8+VoA8m5+PXIxFZVUj+VHjqHqOB/B8= =V4pE -----END PGP SIGNATURE-----

7 years, 2 months

2
1
0 0

[GIT PULL] commits for Linux 4.4

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.4 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 8ff8cb8ec27effc5a0b04fee2c383b231a19f691: Linux 4.4.126 (2018-03-31 18:12:35 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.4-15042018 for you to fetch changes up to 84aff9e3d20833c9a71d96c3d8128ae6b8479c68: irqchip/gic-v3: Change pr_debug message to pr_devel (2018-04-15 11:02:45 -0400) - ---------------------------------------------------------------- for-greg-4.4-15042018 - ---------------------------------------------------------------- Adrian Hunter (1): perf intel-pt: Do not use TSC packets for calculating CPU cycles to TSC Alex Estrin (1): IB/ipoib: Fix for potential no-carrier state Alex Williamson (1): PCI: Add function 1 DMA alias quirk for Marvell 9128 Alexey Dobriyan (1): proc: fix /proc/*/map_files lookup Alexey Khoroshilov (1): vmlfb: Fix error handling in cr_pll_init() Anna-Maria Gleixner (1): tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into account Arnaldo Carvalho de Melo (1): perf callchain: Fix attr.sample_max_stack setting Arnd Bergmann (4): xen: avoid type warning in xchg_xen_ulong scsi: fas216: fix sense buffer initialization x86/power: Fix swsusp_arch_resume prototype cifs: silence compiler warnings showing up with gcc-8.0.0 BenoÃ®t ThÃ©baudeau (1): mmc: sdhci-esdhc: Add SDHCI_QUIRK_32BIT_DMA_ADDR Bjorn Helgaas (2): PCI: Correct PCI_STD_RESOURCE_END usage PCI: Enable ECRC only if device supports it Bob Moore (1): ACPICA: Disassembler: Abort on an invalid/unknown AML opcode Boris Brezillon (1): drm/vc4: Send a VBLANK event when disabling a CRTC Chen Yu (1): ACPI: processor_perflib: Do not send _PPC change notification if not ready Chris Packham (1): mtd: handle partitioning on devices with 0 erasesize Chris Wilson (1): e1000e: Undo e1000e_pm_freeze if __e1000_shutdown fails Christian Lamparter (1): net: emac: fix reset timeout with AR8035 phy Christoph Hellwig (1): PCI: Protect pci_error_handlers->reset_notify() usage with device_lock() Christophe Jaillet (1): cpuidle: dt: Add missing 'of_node_put()' Chuck Lever (1): sunrpc: Disable splice for krb5i Coly Li (1): bcache: properly set task state in bch_writeback_thread() Dan Carpenter (5): x86/nmi: Fix timeout test in test_nmi_ipi() scsi: bnx2i: missing error code in bnx2i_ep_connect() libertas: Fix lbs_prb_rsp_limit_set() ASoC: au1x: Fix timeout tests in au1xac97c_ac97_read() HID: roccat: prevent an out of bounds read in kovaplus_profile_activated() Dave Martin (3): arm64: ptrace: Fix VFP register dumping in compat coredumps arm64: ptrace: Avoid setting compat FP[SC]R to garbage if get_user fails arm64: ptrace: Fix incorrect get_user() use in compat_vfp_set() Dinh Nguyen (1): clk: socfpga: Fix the smplsel on Arria10 and Stratix10 Edward Cree (1): sfc: remove duplicate up_write on VF filter_sem Eric Biggers (1): KEYS: put keyring if install_session_keyring_to_cred() fails Eric Ren (1): ocfs2: fix deadlock caused by recursive locking in xattr Gal Pressman (1): net/mlx5: Fix driver load error flow when firmware is stuck Goran Ferenc (3): MIPS: VDSO: Fix conversions in do_monotonic()/do_monotonic_coarse() MIPS: VDSO: Add implementation of clock_gettime() fallback MIPS: VDSO: Add implementation of gettimeofday() fallback Guanglei Li (1): RDS: IB: Fix null pointer issue Guenter Roeck (1): watchdog: sp5100_tco: Fix watchdog disable bit Haishuang Yan (1): ip_tunnel: fix potential issue in ip_tunnel_rcv Hari Bathini (1): powerpc/fadump: avoid duplicates in crash memory ranges Hector Martin (1): firewire-ohci: work around oversized DMA reads on JMicron controllers Jacob Keller (1): ixgbe: avoid permanent lock of *_PTP_TX_IN_PROGRESS Jag Raman (1): sparc64: ldc abort during vds iso boot Jake Daryll Obina (1): jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path James Smart (2): scsi: lpfc: Fix return value of board_mode store routine in case of online failure scsi: lpfc: Fix crash after firmware flash when IO is running. James Wang (1): Fix loop device flush before configure v3 Jan Chochol (1): nfs: Do not convert nfs_idmap_cache_timeout to jiffies Jan HÃ¶ppner (1): s390/dasd: Display read-only attribute correctly Jean Delvare (3): firmware: dmi_scan: Look for SMBIOS 3 entry point first firmware: dmi_scan: Check DMI structure length firmware: dmi_scan: Fix handling of empty DMI strings Jeff Mahoney (1): ixgbe: pci_set_drvdata must be called before register_netdev Jesper Dangaard Brouer (1): tools/libbpf: handle issues with bpf ELF objects containing .eh_frames Jia-Ju Bai (1): scsi: megaraid: Fix a sleep-in-atomic bug Johan Hovold (2): NFC: nfcmrvl_uart: fix device-node leak during probe scsi: sun_esp: fix device reference leaks Jonas Gorski (1): leds: bcm6328: fix signal source assignment for leds 4 to 7 JoÃ£o Paulo Rechi Vita (1): platform/x86: acer-wmi: Detect RF Button capability Kai Heng Feng (1): platform/x86: dell-laptop: Fix bogus keyboard backlight sysfs interface Kees Cook (2): scsi: csiostor: Avoid content leaks and casts seccomp: Adjust selftests to avoid double-join Kirill A. Shutemov (1): asm-generic: provide generic_pmdp_establish() Leon Romanovsky (1): RDMA/mlx5: Avoid memory leak in case of XRCD dealloc failure Liu Bo (4): Btrfs: skip commit transaction if we don't have enough pinned bytes Btrfs: tolerate errors if we have retried successfully Btrfs: set plug for fsync Btrfs: fix scrub to repair raid6 corruption Liwei Song (1): i2c: ismt: fix wrong device address when unmap the data buffer Logan Gunthorpe (1): ntb_transport: Fix bug with max_mw_size parameter Lorenzo Bianconi (1): iio: magnetometer: st_magn_spi: fix spi_device_id table Luc Van Oostenryck (2): arm64: pass machine size to sparse arm64: pass endianness info to sparse Luis R. Rodriguez (1): fs: warn in case userspace lied about modprobe return Lv Zheng (2): ACPICA: Events: Add runtime stub support for event APIs ACPI: EC: Fix EC command visibility for dynamic debug Marcel Holtmann (1): Bluetooth: Send HCI Set Event Mask Page 2 command only when needed Marcelo Ricardo Leitner (1): sctp: adjust ssthresh when transport is idle Marcin Nowakowski (2): MIPS: mm: fixed mappings: correct initialisation MIPS: kprobes: flush_insn_slot should flush only if probe initialised Mark Salter (1): irqchip/gic-v3: Change pr_debug message to pr_devel Mateusz Jurczyk (2): caif: Add sockaddr length check before accessing sa_family in connect handler af_iucv: Move sockaddr length checks to before accessing sa_family in bind and connect handlers Mathieu Larouche (1): drm/mgag200: Fix to always set HiPri for G200e4 V2 Matt Redfearn (1): MIPS: TXx9: use IS_BUILTIN() for CONFIG_LEDS_CLASS Matt Weber (1): i2c: cadance: fix ctrl/addr reg write order Mel Gorman (1): mm: pin address_space before dereferencing it while isolating an LRU page Michael Bringmann (2): powerpc/numa: Use ibm,max-associativity-domains to discover possible nodes powerpc/numa: Ensure nodes initialized for hotplug Michael Grzeschik (1): arcnet: change irq handler to lock irqsave Michael Neuling (1): powerpc: Fix /proc/cpuinfo revision for POWER9 DD2 Michail Georgios Etairidis (1): i2c: imx: Use correct function to write to register Mintz, Yuval (1): bnx2x: Allow vfs to disable txvlan offload Miroslav Lichvar (1): kselftests: timers: Fix inconsistency-check to not ignore first timestamp Namhyung Kim (1): perf tests: Decompress kernel module before objdump NeilBrown (1): NFSv4: always set NFS_LOCK_LOST when a lock is lost. Nikolay Aleksandrov (1): bridge: allow ext learned entries to change ports Nikolay Borisov (1): btrfs: Fix out of bounds access in btrfs_search_slot Omar Sandoval (1): Btrfs: always account pinned bytes when dropping a tree block ref Paolo Bonzini (1): kvm: x86: fix KVM_XEN_HVM_CONFIG ioctl Paul Burton (2): MIPS: CPS: Prevent multi-core with dcache aliasing MIPS: Handle tlbex-tlbp race condition Paul E. McKenney (1): rcu: Make synchronize_rcu_mult() check for duplicates Peter Xu (1): iommu/vt-d: Use domain instead of cache fetching Peter Zijlstra (1): perf/core: Correct event creation with PERF_FORMAT_GROUP Phong LE (1): mmc: mediatek: Fixed size in dma_free_coherent Ping-Ke Shih (1): rtlwifi: btcoex: rtl8723be: fix ant_sel not work Robin Murphy (1): irqchip/gic-v3-its: Fix MSI alias accounting Roopa Prabhu (1): vxlan: dont migrate permanent fdb entries during learn Ross Lagerwall (2): xen-netfront: Fix race between device setup and open xen/grant-table: Use put_page instead of free_page Sebastian Ott (2): s390/pci: improve error handling during interrupt deregistration s390/pci: improve unreg_ioat error handling Serhey Popovych (2): fib_rules: Resolve goto rules target on delete veth: Be more robust on network device creation when no attributes Stefan Haberland (1): s390/dasd: fix hanging safe offline Steven Rostedt (VMware) (2): tools lib traceevent: Simplify pointer print logic and fix %pF tools lib traceevent: Fix get_field_str() for dynamic strings Sujith Pandel (1): PCI: Add domain number check to find_smbios_instance_string() Suzuki K Poulose (3): irqchip/gic-v2: Report failures in gic_irq_domain_alloc irqchip/gic-v3: Report failures in gic_irq_domain_alloc irqchip/gic-v3: Honor forced affinity setting Tahsin Erdogan (1): ext4: change fast symlink test to not rely on i_blocks Takashi Iwai (3): ALSA: timer: Wrap with spinlock for queue access ALSA: hda: Fix potential race at unregistration and unsol events ALSA: hda - Use IS_REACHABLE() for dependency on input Tang Junhui (3): bcache: fix for allocator and register thread race bcache: fix for data collapse after re-attaching an attached device bcache: return attach error when no cache set exist Thiago Jung Bauermann (2): powerpc/perf/hv-24x7: Fix passing of catalog version number powerpc/perf/hv-24x7: Fix off-by-one error in request_buffer check Ulf Magnusson (3): kconfig: Don't leak main menus during parsing kconfig: Fix automatic menu creation mem leak kconfig: Fix expr_free() E_NOT leak Vlad Yasevich (1): macvlan: Do not return error when setting the same mac address WANG Cong (1): net_sched: move tcf_lock down after gen_replace_estimator() Wei Yongjun (1): ipmi/powernv: Fix error return code in ipmi_powernv_probe() Will Deacon (2): arm64: spinlock: Fix theoretical trylock() A-B-A with LSE atomics locking/qspinlock: Ensure node->count is updated before initialising node Xin Long (2): sctp: fix recursive locking warning in sctp_do_peeloff dccp: call inet_add_protocol after register_pernet_subsys in dccp_v4_init Xose Vazquez Perez (1): scsi: devinfo: fix format of the device list Yazen Ghannam (1): x86/mce: Don't disable MCA banks when offlining a CPU on AMD Yisheng Xie (2): mm/mempolicy: fix the check of nodemask from user mm/mempolicy: add nodes_empty check in SYSC_migrate_pages Yonghong Song (1): bpf: fix selftests/bpf test_kmod.sh failure when CONFIG_BPF_JIT_ALWAYS_ON=y Yuyang Du (2): usb: usbip tool: Check the return of get_nports() usb: usbip tool: Fix refresh_imported_device_list() hayeswang (1): r8152: add byte_enable for ocp_read_word function mulhern (1): dm thin: fix documentation relative to low water mark threshold piaojun (3): ocfs2: return -EROFS to mount.ocfs2 if inode block is invalid ocfs2/acl: use 'ip_xattr_sem' to protect getting extended attribute ocfs2: return error when we attempt to access a dirty bh in jbd2 weiyongjun (A) (1): mac80211_hwsim: fix possible memory leak in hwsim_new_radio_nl() Documentation/device-mapper/thin-provisioning.txt | 8 ++- arch/arm/include/asm/xen/events.h | 2 +- arch/arm64/Makefile | 4 +- arch/arm64/include/asm/spinlock.h | 4 +- arch/arm64/kernel/ptrace.c | 25 ++++--- arch/mips/include/asm/kprobes.h | 3 +- arch/mips/include/asm/vdso.h | 4 +- arch/mips/kernel/smp-cps.c | 8 ++- arch/mips/mm/pgtable-32.c | 6 +- arch/mips/mm/tlbex.c | 38 ++++++++++- arch/mips/txx9/rbtx4939/setup.c | 4 +- arch/mips/vdso/gettimeofday.c | 57 +++++++++++++--- arch/powerpc/kernel/fadump.c | 15 ++++- arch/powerpc/kernel/setup-common.c | 4 ++ arch/powerpc/mm/numa.c | 78 +++++++++++++++++++--- arch/powerpc/perf/hv-24x7.c | 16 +++-- arch/s390/include/asm/pci_insn.h | 2 +- arch/s390/pci/pci.c | 48 ++++++++----- arch/s390/pci/pci_dma.c | 4 +- arch/s390/pci/pci_insn.c | 10 +-- arch/sparc/kernel/ldc.c | 7 +- arch/x86/kernel/cpu/mcheck/mce.c | 5 +- arch/x86/kernel/nmi_selftest.c | 2 +- arch/x86/kvm/x86.c | 7 +- arch/x86/power/hibernate_32.c | 2 +- arch/x86/power/hibernate_64.c | 2 +- drivers/acpi/acpica/evxfevnt.c | 18 +++++ drivers/acpi/acpica/psobject.c | 14 ++++ drivers/acpi/ec.c | 2 +- drivers/acpi/processor_perflib.c | 2 +- drivers/block/loop.c | 3 + drivers/char/ipmi/ipmi_powernv.c | 5 +- drivers/clk/socfpga/clk-gate-a10.c | 2 +- drivers/clk/socfpga/clk.h | 3 + drivers/cpuidle/dt_idle_states.c | 4 +- drivers/firewire/ohci.c | 8 ++- drivers/firmware/dmi_scan.c | 62 +++++++++++------ drivers/gpu/drm/mgag200/mgag200_mode.c | 9 ++- drivers/gpu/drm/vc4/vc4_crtc.c | 13 ++++ drivers/hid/hid-roccat-kovaplus.c | 2 + drivers/i2c/busses/i2c-cadence.c | 6 +- drivers/i2c/busses/i2c-imx.c | 8 +-- drivers/i2c/busses/i2c-ismt.c | 2 +- drivers/iio/magnetometer/st_magn_spi.c | 2 - drivers/infiniband/hw/mlx5/qp.c | 5 +- drivers/infiniband/ulp/ipoib/ipoib_main.c | 3 + drivers/iommu/intel-iommu.c | 3 +- drivers/irqchip/irq-gic-v3-its-pci-msi.c | 35 +++++----- drivers/irqchip/irq-gic-v3.c | 16 +++-- drivers/irqchip/irq-gic.c | 7 +- drivers/leds/leds-bcm6328.c | 4 +- drivers/md/bcache/alloc.c | 4 +- drivers/md/bcache/bcache.h | 2 +- drivers/md/bcache/btree.c | 9 ++- drivers/md/bcache/super.c | 23 +++++-- drivers/md/bcache/sysfs.c | 11 +-- drivers/md/bcache/writeback.c | 7 +- drivers/mmc/host/mtk-sd.c | 2 +- drivers/mmc/host/sdhci-esdhc.h | 1 + drivers/mtd/mtdpart.c | 26 +++++--- drivers/net/arcnet/arcnet.c | 7 +- drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 19 ++++-- drivers/net/ethernet/ibm/emac/core.c | 26 ++++++-- drivers/net/ethernet/intel/e1000e/netdev.c | 7 +- drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 22 ++++-- drivers/net/ethernet/mellanox/mlx5/core/main.c | 2 +- drivers/net/ethernet/sfc/ef10_sriov.c | 2 - drivers/net/macvlan.c | 4 ++ drivers/net/usb/r8152.c | 4 +- drivers/net/veth.c | 4 +- drivers/net/vxlan.c | 2 +- drivers/net/wireless/libertas/mesh.c | 5 +- drivers/net/wireless/mac80211_hwsim.c | 4 +- .../net/wireless/realtek/rtlwifi/rtl8723be/hw.c | 3 + drivers/net/wireless/realtek/rtlwifi/wifi.h | 1 + drivers/net/xen-netfront.c | 46 +++++++------ drivers/nfc/nfcmrvl/uart.c | 3 + drivers/ntb/ntb_transport.c | 3 + drivers/pci/pci-label.c | 7 +- drivers/pci/pci.c | 26 +++++--- drivers/pci/probe.c | 5 ++ drivers/pci/quirks.c | 4 +- drivers/platform/x86/acer-wmi.c | 7 ++ drivers/platform/x86/dell-laptop.c | 6 +- drivers/s390/block/dasd.c | 8 ++- drivers/s390/block/dasd_devmap.c | 19 ++++-- drivers/scsi/arm/fas216.c | 2 +- drivers/scsi/bnx2i/bnx2i_iscsi.c | 3 +- drivers/scsi/csiostor/csio_lnode.c | 43 +++++++----- drivers/scsi/lpfc/lpfc_attr.c | 2 + drivers/scsi/lpfc/lpfc_sli.c | 2 +- drivers/scsi/megaraid/megaraid_mm.c | 2 +- drivers/scsi/scsi_devinfo.c | 7 +- drivers/scsi/sun_esp.c | 9 ++- drivers/video/fbdev/vermilion/cr_pll.c | 1 + drivers/watchdog/sp5100_tco.h | 2 +- drivers/xen/grant-table.c | 4 +- fs/btrfs/ctree.c | 12 +++- fs/btrfs/extent-tree.c | 19 +++--- fs/btrfs/file.c | 9 +++ fs/btrfs/inode.c | 5 +- fs/btrfs/raid56.c | 18 +++-- fs/btrfs/volumes.c | 9 ++- fs/cifs/cifssmb.c | 4 +- fs/ext4/inode.c | 20 ++++-- fs/filesystems.c | 4 +- fs/jffs2/fs.c | 1 - fs/nfs/nfs4proc.c | 12 ++-- fs/nfs/nfs4state.c | 5 +- fs/nfs/nfs4sysctl.c | 2 +- fs/ocfs2/acl.c | 6 ++ fs/ocfs2/dlmglue.c | 4 ++ fs/ocfs2/journal.c | 23 ++++--- fs/ocfs2/super.c | 5 +- fs/ocfs2/xattr.c | 25 ++++--- fs/proc/base.c | 29 +++++++- include/asm-generic/pgtable.h | 15 +++++ include/linux/suspend.h | 2 + include/trace/events/timer.h | 20 ++++-- kernel/events/core.c | 15 +++-- kernel/locking/qspinlock.c | 8 +++ kernel/power/power.h | 3 - kernel/rcu/update.c | 13 +++- lib/test_bpf.c | 31 +++++++-- mm/mempolicy.c | 33 +++++++-- mm/vmscan.c | 14 +++- net/bluetooth/hci_core.c | 17 ++++- net/bridge/br_fdb.c | 28 +++++--- net/caif/caif_socket.c | 4 ++ net/core/fib_rules.c | 21 ++++-- net/dccp/ipv4.c | 17 ++--- net/ipv4/ip_tunnel.c | 2 + net/iucv/af_iucv.c | 8 +-- net/rds/ib.c | 3 +- net/sched/act_police.c | 8 +-- net/sctp/socket.c | 4 +- net/sctp/transport.c | 2 + net/sunrpc/auth_gss/svcauth_gss.c | 8 +++ net/sunrpc/svc.c | 2 +- scripts/kconfig/expr.c | 2 +- scripts/kconfig/menu.c | 1 + scripts/kconfig/zconf.y | 33 ++++++--- security/keys/process_keys.c | 7 +- sound/core/timer.c | 4 ++ sound/hda/hdac_bus.c | 1 + sound/hda/hdac_device.c | 1 + sound/pci/hda/Kconfig | 1 - sound/pci/hda/patch_realtek.c | 5 ++ sound/soc/au1x/ac97c.c | 6 +- tools/lib/bpf/libbpf.c | 26 ++++++++ tools/lib/traceevent/event-parse.c | 17 ++--- tools/lib/traceevent/parse-filter.c | 10 ++- tools/perf/tests/code-reading.c | 20 +++++- tools/perf/util/evsel.c | 8 +-- .../perf/util/intel-pt-decoder/intel-pt-decoder.c | 14 ++++ tools/testing/selftests/seccomp/seccomp_bpf.c | 51 +++++++++----- .../testing/selftests/timers/inconsistency-check.c | 4 +- tools/usb/usbip/libsrc/vhci_driver.c | 36 ++++++++-- 158 files changed, 1283 insertions(+), 465 deletions(-) -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlrTxjwACgkQ3qZv95d3 LNy3Pw/6Ayf3h+PAR/UEbwLstRAmJiuftJPYwc7y5ll/RhAFpG16a4A/fJzP+0T5 WRc9P5frTG1lSqPMbkIjs76vpZDE/oVQ9zhjstpMXbdioUZE00W7sGWgrBnC4/zd 25ICrFNuQ+RkO3iDJbPBABh//EsYtfE0sNrYf1Zf6exBvcqeg9yRfj20Iq+vyuaf y2vlSTl6JleCxPEIhygntV9iNrvveEvy8CkkBuUC9YDPIYZHJYIKaXnGLDpTF4Uz Y+NOJsvRtvXJYTgvYvzEzK/SP/VZPQc/2/bw9jhft6mZrrP/jETQzbAb/lNI9viZ ZAdJQlraSwj7e+bqw6kVx0qea2soi3VsM2Qr3LWVGlS4UTRF8TnRPnUsaW5HQctr wYG3OuVT47r2lGUSDRcAqh+FoZ8pQcDaC7K5z05vQZ/PcR0wNnyE9Zf1uzHP6EJd p6l57/uIREB31PVYXVYmw2dv8fSTIQR6jNJgsDbHnDpDUUnvA9FBoowGQQBmemY2 rBeId++SvxEPIY2WVmOe0REVQ6o7iv3tFTOPuDyBByy+/db/q84WHuRBUe2ysIBQ 858njbvzDr9twPX24foKLG1pFGFRklJ38c1svpVT+lgN435ezuxy2bFznjbJCzye sTNZQha8i4jmVVtFkqnxWZ9aihXm+nW6suLqtC9OfnPdyuS/3Qg= =o9dM -----END PGP SIGNATURE-----

7 years, 2 months

2
1
0 0

[PATCH] drm/i915/bxt, glk: Increase PCODE timeouts during CDCLK freq changing

by Imre Deak

commit 5e1df40f40ee45a97bb1066c3d71f0ae920a9672 upstream. Currently we see sporadic timeouts during CDCLK changing both on BXT and GLK as reported by the Bugzilla: ticket. It's easy to reproduce this by changing the frequency in a tight loop after blanking the display. The upper bound for the completion time is 800us based on my tests, so increase it from the current 500us to 2ms; with that I couldn't trigger the problem either on BXT or GLK. Note that timeouts happened during both the change notification and the voltage level setting PCODE request. (For the latter one BSpec doesn't require us to wait for completion before further HW programming.) This issue is similar to commit 2c7d0602c815 ("drm/i915/gen9: Fix PCODE polling during CDCLK change notification") but there the PCODE request does complete (as shown by the mbox busy flag), only the reply we get from PCODE indicates a failure. So there we keep resending the request until a success reply, here we just have to increase the timeout for the one PCODE request we send. v2: - s/snb_pcode_request/sandybridge_pcode_write_timeout/ (Ville) Cc: Chris Wilson <chris(a)chris-wilson.co.uk> Cc: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> # v4.9 Acked-by: Chris Wilson <chris(a)chris-wilson.co.uk> (v1) Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=103326 Reviewed-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Signed-off-by: Imre Deak <imre.deak(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20180130142939.17983-1-imre.d… (cherry picked from commit e76019a81921e87a4d9e7b3d86102bc708a6c227) Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> (Rebased for v4.9 stable tree due to upstream intel_cdclk.c, cdclk_state and pcu_lock change) Signed-off-by: Imre Deak <imre.deak(a)intel.com> --- drivers/gpu/drm/i915/i915_drv.h | 6 +++++- drivers/gpu/drm/i915/intel_display.c | 9 +++++---- drivers/gpu/drm/i915/intel_pm.c | 6 +++--- 3 files changed, 13 insertions(+), 8 deletions(-) diff --git a/drivers/gpu/drm/i915/i915_drv.h b/drivers/gpu/drm/i915/i915_drv.h index 36a665f0e5c9..e23748cca0c0 100644 --- a/drivers/gpu/drm/i915/i915_drv.h +++ b/drivers/gpu/drm/i915/i915_drv.h @@ -3681,7 +3681,11 @@ extern void intel_display_print_error_state(struct drm_i915_error_state_buf *e, struct intel_display_error_state *error); int sandybridge_pcode_read(struct drm_i915_private *dev_priv, u32 mbox, u32 *val); -int sandybridge_pcode_write(struct drm_i915_private *dev_priv, u32 mbox, u32 val); +int sandybridge_pcode_write_timeout(struct drm_i915_private *dev_priv, u32 mbox, + u32 val, int timeout_us); +#define sandybridge_pcode_write(dev_priv, mbox, val) \ + sandybridge_pcode_write_timeout(dev_priv, mbox, val, 500) + int skl_pcode_request(struct drm_i915_private *dev_priv, u32 mbox, u32 request, u32 reply_mask, u32 reply, int timeout_base_ms); diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c index ce32303b3013..c185625d67f2 100644 --- a/drivers/gpu/drm/i915/intel_display.c +++ b/drivers/gpu/drm/i915/intel_display.c @@ -6012,8 +6012,8 @@ static void bxt_set_cdclk(struct drm_i915_private *dev_priv, int cdclk) /* Inform power controller of upcoming frequency change */ mutex_lock(&dev_priv->rps.hw_lock); - ret = sandybridge_pcode_write(dev_priv, HSW_PCODE_DE_WRITE_FREQ_REQ, - 0x80000000); + ret = sandybridge_pcode_write_timeout(dev_priv, HSW_PCODE_DE_WRITE_FREQ_REQ, + 0x80000000, 2000); mutex_unlock(&dev_priv->rps.hw_lock); if (ret) { @@ -6044,8 +6044,9 @@ static void bxt_set_cdclk(struct drm_i915_private *dev_priv, int cdclk) I915_WRITE(CDCLK_CTL, val); mutex_lock(&dev_priv->rps.hw_lock); - ret = sandybridge_pcode_write(dev_priv, HSW_PCODE_DE_WRITE_FREQ_REQ, - DIV_ROUND_UP(cdclk, 25000)); + ret = sandybridge_pcode_write_timeout(dev_priv, + HSW_PCODE_DE_WRITE_FREQ_REQ, + DIV_ROUND_UP(cdclk, 25000), 2000); mutex_unlock(&dev_priv->rps.hw_lock); if (ret) { diff --git a/drivers/gpu/drm/i915/intel_pm.c b/drivers/gpu/drm/i915/intel_pm.c index 49de4760cc16..05427d292457 100644 --- a/drivers/gpu/drm/i915/intel_pm.c +++ b/drivers/gpu/drm/i915/intel_pm.c @@ -7913,8 +7913,8 @@ int sandybridge_pcode_read(struct drm_i915_private *dev_priv, u32 mbox, u32 *val return 0; } -int sandybridge_pcode_write(struct drm_i915_private *dev_priv, - u32 mbox, u32 val) +int sandybridge_pcode_write_timeout(struct drm_i915_private *dev_priv, + u32 mbox, u32 val, int timeout_us) { int status; @@ -7935,7 +7935,7 @@ int sandybridge_pcode_write(struct drm_i915_private *dev_priv, if (intel_wait_for_register_fw(dev_priv, GEN6_PCODE_MAILBOX, GEN6_PCODE_READY, 0, - 500)) { + timeout_us)) { DRM_ERROR("timeout waiting for pcode write (%d) to finish\n", mbox); return -ETIMEDOUT; } -- 2.13.2

7 years, 2 months

2
1
0 0

[PATCHv3] mtd: spi-nor: Fix Cadence QSPI page fault kernel panic

by thor.thayer＠linux.intel.com

From: Thor Thayer <thor.thayer(a)linux.intel.com> The current Cadence QSPI driver caused a kernel panic when loading a Root Filesystem from QSPI. The problem was caused by reading more bytes than needed because the QSPI operated on 4 bytes at a time. <snip> [ 7.947754] spi_nor_read[1048]:from 0x037cad74, len 1 [bfe07fff] [ 7.956247] cqspi_read[910]:offset 0x58502516, buffer=bfe07fff [ 7.956247] [ 7.966046] Unable to handle kernel paging request at virtual address bfe08002 [ 7.973239] pgd = eebfc000 [ 7.975931] [bfe08002] *pgd=2fffb811, *pte=00000000, *ppte=00000000 </snip> Notice above how only 1 byte needed to be read but by reading 4 bytes into the end of a mapped page, an unrecoverable page fault occurred. This patch uses a temporary buffer to hold the 4 bytes read and then copies only the bytes required into the buffer. A min() function is used to limit the length to prevent buffer overflows. Request testing of this patch on other platforms. This was tested on the Intel Arria10 SoCFPGA DevKit. Fixes: 0cf1725676a97fc8 ("mtd: spi-nor: cqspi: Fix build on arches missing readsl/writesl") Signed-off-by: Thor Thayer <thor.thayer(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> Reviewed-by: Marek Vasut <marek.vasut(a)gmail.com> --- v2 Changes to only write dangling bytes at end of transfer since previous patch may have multiple dangling byte transfers. Remove write patch since no errors reported and write timeout needs more investigation. v3 Add Fixes tag Cc-stable tag. --- drivers/mtd/spi-nor/cadence-quadspi.c | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/drivers/mtd/spi-nor/cadence-quadspi.c b/drivers/mtd/spi-nor/cadence-quadspi.c index 2f3a4d4232b3..c3f7aaa5d18f 100644 --- a/drivers/mtd/spi-nor/cadence-quadspi.c +++ b/drivers/mtd/spi-nor/cadence-quadspi.c @@ -507,7 +507,9 @@ static int cqspi_indirect_read_execute(struct spi_nor *nor, u8 *rxbuf, void __iomem *reg_base = cqspi->iobase; void __iomem *ahb_base = cqspi->ahb_base; unsigned int remaining = n_rx; + unsigned int mod_bytes = n_rx % 4; unsigned int bytes_to_read = 0; + u8 *rxbuf_end = rxbuf + n_rx; int ret = 0; writel(from_addr, reg_base + CQSPI_REG_INDIRECTRDSTARTADDR); @@ -536,11 +538,24 @@ static int cqspi_indirect_read_execute(struct spi_nor *nor, u8 *rxbuf, } while (bytes_to_read != 0) { + unsigned int word_remain = round_down(remaining, 4); + bytes_to_read *= cqspi->fifo_width; bytes_to_read = bytes_to_read > remaining ? remaining : bytes_to_read; - ioread32_rep(ahb_base, rxbuf, - DIV_ROUND_UP(bytes_to_read, 4)); + bytes_to_read = round_down(bytes_to_read, 4); + /* Read 4 byte word chunks then single bytes */ + if (bytes_to_read) { + ioread32_rep(ahb_base, rxbuf, + (bytes_to_read / 4)); + } else if (!word_remain && mod_bytes) { + unsigned int temp = ioread32(ahb_base); + + bytes_to_read = mod_bytes; + memcpy(rxbuf, &temp, min((unsigned int) + (rxbuf_end - rxbuf), + bytes_to_read)); + } rxbuf += bytes_to_read; remaining -= bytes_to_read; bytes_to_read = cqspi_get_rd_sram_level(cqspi); -- 2.7.4

7 years, 2 months

2
1
0 0

[PATCH 1/3] cfi_cmdset_0001: Do not allow read/write to suspend erase block.

by Joakim Tjernlund

From: Joakim Tjernlund <joakim.tjernlund(a)transmode.se> Currently it is possible to read and/or write to suspend EB's. Writing /dev/mtdX or /dev/mtdblockX from several processes may break the flash state machine. Signed-off-by: Joakim Tjernlund <joakim.tjernlund(a)infinera.com> Cc: <stable(a)vger.kernel.org> --- drivers/mtd/chips/cfi_cmdset_0001.c | 16 +++++++++++----- include/linux/mtd/flashchip.h | 1 + 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/drivers/mtd/chips/cfi_cmdset_0001.c b/drivers/mtd/chips/cfi_cmdset_0001.c index 60d5d19e347f..b59872304ae7 100644 --- a/drivers/mtd/chips/cfi_cmdset_0001.c +++ b/drivers/mtd/chips/cfi_cmdset_0001.c @@ -849,21 +849,25 @@ static int chip_ready (struct map_info *map, struct flchip *chip, unsigned long (mode == FL_WRITING && (cfip->SuspendCmdSupport & 1)))) goto sleep; + /* Do not allow suspend iff read/write to EB address */ + if ((adr & chip->in_progress_block_mask) == + chip->in_progress_block_addr) + goto sleep; /* Erase suspend */ - map_write(map, CMD(0xB0), adr); + map_write(map, CMD(0xB0), chip->in_progress_block_addr); /* If the flash has finished erasing, then 'erase suspend' * appears to make some (28F320) flash devices switch to * 'read' mode. Make sure that we switch to 'read status' * mode so we get the right data. --rmk */ - map_write(map, CMD(0x70), adr); + map_write(map, CMD(0x70), chip->in_progress_block_addr); chip->oldstate = FL_ERASING; chip->state = FL_ERASE_SUSPENDING; chip->erase_suspended = 1; for (;;) { - status = map_read(map, adr); + status = map_read(map, chip->in_progress_block_addr); if (map_word_andequal(map, status, status_OK, status_OK)) break; @@ -1059,8 +1063,8 @@ static void put_chip(struct map_info *map, struct flchip *chip, unsigned long ad sending the 0x70 (Read Status) command to an erasing chip and expecting it to be ignored, that's what we do. */ - map_write(map, CMD(0xd0), adr); - map_write(map, CMD(0x70), adr); + map_write(map, CMD(0xd0), chip->in_progress_block_addr); + map_write(map, CMD(0x70), chip->in_progress_block_addr); chip->oldstate = FL_READY; chip->state = FL_ERASING; break; @@ -1951,6 +1955,8 @@ static int __xipram do_erase_oneblock(struct map_info *map, struct flchip *chip, map_write(map, CMD(0xD0), adr); chip->state = FL_ERASING; chip->erase_suspended = 0; + chip->in_progress_block_addr = adr; + chip->in_progress_block_mask = ~(len - 1); ret = INVAL_CACHE_AND_WAIT(map, chip, adr, adr, len, diff --git a/include/linux/mtd/flashchip.h b/include/linux/mtd/flashchip.h index b63fa457febd..3529683f691e 100644 --- a/include/linux/mtd/flashchip.h +++ b/include/linux/mtd/flashchip.h @@ -85,6 +85,7 @@ struct flchip { unsigned int write_suspended:1; unsigned int erase_suspended:1; unsigned long in_progress_block_addr; + unsigned long in_progress_block_mask; struct mutex mutex; wait_queue_head_t wq; /* Wait on here when we're waiting for the chip -- 2.13.6

7 years, 2 months

4
3
0 0

v4.9.96 build: 0 failures 2 warnings (v4.9.96)

by Build bot for Mark Brown

Tree/Branch: v4.9.96 Git describe: v4.9.96 Commit: 5cd35f3eb5 Linux 4.9.96 Build Time: 83 min 35 sec Passed: 11 / 11 (100.00 %) Failed: 0 / 11 ( 0.00 %) Errors: 0 Warnings: 2 Section Mismatches: 0 ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): 1 warnings 0 mismatches : arm64-allmodconfig 1 warnings 0 mismatches : x86_64-allmodconfig ------------------------------------------------------------------------------- Warnings Summary: 2 1 drivers/target/iscsi/iscsi_target.o: warning: objtool: iscsit_handle_task_mgt_cmd()+0x78b: sibling call from callable instruction with changed frame pointer 1 ../include/linux/sched.h:2349:56: warning: 'noio_flag' may be used uninitialized in this function [-Wmaybe-uninitialized] =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- arm64-allmodconfig : PASS, 0 errors, 1 warnings, 0 section mismatches Warnings: ../include/linux/sched.h:2349:56: warning: 'noio_flag' may be used uninitialized in this function [-Wmaybe-uninitialized] ------------------------------------------------------------------------------- x86_64-allmodconfig : PASS, 0 errors, 1 warnings, 0 section mismatches Warnings: drivers/target/iscsi/iscsi_target.o: warning: objtool: iscsit_handle_task_mgt_cmd()+0x78b: sibling call from callable instruction with changed frame pointer ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches: arm64-allnoconfig arm-multi_v5_defconfig arm-multi_v7_defconfig x86_64-defconfig arm-allmodconfig arm-allnoconfig x86_64-allnoconfig arm-multi_v4t_defconfig arm64-defconfig

7 years, 2 months

1
0
0 0

[GIT PULL] commits for Linux 4.14

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.14 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 9a2e216d9e892249b63d10603c75495749202df9: Linux 4.14.32 (2018-03-31 18:10:43 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.14-15042018 for you to fetch changes up to e2397164e55e7ea0328b556363a7b362429916eb: RDMA/core: Reduce poll batch for direct cq polling (2018-04-15 10:45:12 -0400) - ---------------------------------------------------------------- for-greg-4.14-15042018 - ---------------------------------------------------------------- Aaron Sierra (1): tty: serial: exar: Relocate sleep wake-up handling Alan Brady (1): i40evf: ignore link up if not running Alex Estrin (2): IB/hfi1: Fix for potential refcount leak in hfi1_open_file() IB/ipoib: Fix for potential no-carrier state Alex Williamson (1): PCI: Add function 1 DMA alias quirk for Marvell 9128 Alexey Dobriyan (1): proc: fix /proc/*/map_files lookup Anand Jain (1): btrfs: fail mount when sb flag is not in BTRFS_SUPER_FLAG_SUPP Andi Shyti (1): Input: stmfts - set IRQ_NOAUTOEN to the irq flag Andy Shevchenko (1): device property: Define type of PROPERTY_ENRTY_*() macros Andy Spencer (1): gianfar: prevent integer wrapping in the rx handler Aneesh Kumar K.V (1): powerpc/mm/hash64: Zero PGD pages on allocation Anna-Maria Gleixner (1): tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into account Arnaldo Carvalho de Melo (2): perf unwind: Do not look just at the global callchain_param.record_mode perf callchain: Fix attr.sample_max_stack setting Arnd Bergmann (4): scsi: fas216: fix sense buffer initialization x86/power: Fix swsusp_arch_resume prototype x86/dumpstack: Avoid uninitlized variable cifs: silence compiler warnings showing up with gcc-8.0.0 Avinash Dayanand (1): i40evf: Don't schedule reset_task when device is being removed Chen Yu (2): ACPI: processor_perflib: Do not send _PPC change notification if not ready cpufreq: intel_pstate: Enable HWP during system resume on CPU0 Christian Borntraeger (1): KVM: s390: use created_vcpus in more places Chuck Lever (2): xprtrdma: Fix backchannel allocation of extra rpcrdma_reps svcrdma: Fix Read chunk round-up Coly Li (1): bcache: properly set task state in bch_writeback_thread() Corentin LABBE (1): crypto: artpec6 - remove select on non-existing CRYPTO_SHA384 Corinna Vinschen (1): igb: Allow to remove administratively set MAC on VFs Dan Carpenter (2): ASoC: au1x: Fix timeout tests in au1xac97c_ac97_read() HID: roccat: prevent an out of bounds read in kovaplus_profile_activated() Daniel Borkmann (1): bpf: fix rlimit in reuseport net selftest Daniel Hua (1): igb: Clear TXSTMP when ptp_tx_work() is timeout David Herrmann (1): platform/x86: thinkpad_acpi: suppress warning about palm detection David Hildenbrand (1): KVM: s390: vsie: use READ_ONCE to access some SCB fields David Howells (1): rxrpc: Don't put crypto buffers on the stack Dmitry Torokhov (1): Input: psmouse - fix Synaptics detection when protocol is disabled Dmitry Vyukov (1): netfilter: x_tables: fix pointer leaks to userspace Don Hiatt (1): IB/core: Map iWarp AH type to undefined in rdma_ah_find_type Ed Swierk (1): openvswitch: Remove padding from packet before L3+ conntrack processing Emil Tantilov (1): ixgbe: don't set RXDCTL.RLPML for 82599 Eryu Guan (1): blk-mq-debugfs: don't allow write on attributes with seq_operations set Geert Uytterhoeven (1): ubifs: Fix uninitialized variable in search_dh_cookie() Goldwyn Rodrigues (1): block: Set BIO_TRACE_COMPLETION on new bio during split Guanglei Li (1): RDS: IB: Fix null pointer issue Guenter Roeck (1): watchdog: sp5100_tco: Fix watchdog disable bit Gustavo A. R. Silva (1): tcp_nv: fix potential integer overflow in tcpnv_acked Hans de Goede (4): ACPI / LPSS: Do not instiate platform_dev for devs without MMIO resources platform/x86: dell-laptop: Filter out spurious keyboard backlight change events ACPI / bus: Do not call _STA on battery devices with unmet dependencies ACPI / scan: Use acpi_bus_get_status() to initialize ACPI_TYPE_DEVICE devs Hector Martin (1): firewire-ohci: work around oversized DMA reads on JMicron controllers Jacob Keller (2): i40e: program fragmented IPv4 filter input set i40e: fix reported mask for ntuple filters Jake Daryll Obina (1): jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path James Hogan (2): MIPS: Fix clean of vmlinuz.{32,ecoff,bin,srec} MIPS: generic: Fix machine compatible matching Jan Chochol (1): nfs: Do not convert nfs_idmap_cache_timeout to jiffies Jan H. SchÃ¶nherr (1): fs/dax.c: release PMD lock even when there is no PMD support in DAX Jason Gunthorpe (1): RDMA/uverbs: Use an unambiguous errno for method not supported Jean Delvare (1): firmware: dmi_scan: Fix handling of empty DMI strings Jeffy Chen (1): ASoC: rockchip: Use dummy_dai for rt5514 dsp dailink Jens Axboe (1): blk-mq: fix discard merge with scheduler attached Jesper Dangaard Brouer (2): libbpf: Makefile set specified permission mode tools/libbpf: handle issues with bpf ELF objects containing .eh_frames Jia Zhang (1): vfs/proc/kcore, x86/mm/kcore: Fix SMAP fault when dumping vsyscall user page Jiri Olsa (2): perf record: Fix period option handling perf evsel: Fix period/freq terms setup John Fastabend (1): bpf: sockmap, fix leaking maps with attached but not detached progs KarimAllah Ahmed (1): kvm: Map PFN-type memory regions as writable (if possible) Karol Herbst (1): drm/nouveau/pmu/fuc: don't use movw directly anymore Kirill A. Shutemov (1): asm-generic: provide generic_pmdp_establish() Leon Romanovsky (1): RDMA/mlx5: Avoid memory leak in case of XRCD dealloc failure Liu Bo (4): Btrfs: set plug for fsync Btrfs: fix scrub to repair raid6 corruption Btrfs: fix unexpected EEXIST from btrfs_get_extent Btrfs: raid56: fix race between merge_bio and rbio_orig_end_io Logan Gunthorpe (1): ntb_transport: Fix bug with max_mw_size parameter Mark Salter (1): irqchip/gic-v3: Change pr_debug message to pr_devel Martin Blumenstingl (2): net: stmmac: dwmac-meson8b: fix setting the RGMII TX clock on Meson8b net: stmmac: dwmac-meson8b: propagate rate changes to the parent clock Masami Hiramatsu (1): selftest: ftrace: Fix to pick text symbols for kprobes Mathieu Malaterre (1): net: Extra '_get' in declaration of arch_get_platform_mac_address Matt Redfearn (2): MIPS: TXx9: use IS_BUILTIN() for CONFIG_LEDS_CLASS MIPS: Generic: Support GIC in EIC mode Max Gurtovoy (1): RDMA/core: Reduce poll batch for direct cq polling Maxime Chevallier (1): spi: a3700: Clear DATA_OUT when performing a read Mel Gorman (1): mm: pin address_space before dereferencing it while isolating an LRU page Michael Bringmann (2): powerpc/numa: Use ibm,max-associativity-domains to discover possible nodes powerpc/numa: Ensure nodes initialized for hotplug Michael J. Ruhl (1): IB/hfi1: Re-order IRQ cleanup to address driver cleanup race Michael Kelley (1): cpumask: Make for_each_cpu_wrap() available on UP as well Michal Hocko (1): netfilter: x_tables: make allocation less aggressive MickaÃ«l SalaÃ¼n (1): samples/bpf: Partially fixes the bpf.o build Ming Lei (2): dm mpath: return DM_MAPIO_REQUEUE on blk-mq rq allocation failure blk-mq: turn WARN_ON in __blk_mq_run_hw_queue into printk Mustafa Ismail (1): i40iw: Free IEQ resources NeilBrown (1): NFSv4: always set NFS_LOCK_LOST when a lock is lost. Ngai-Mint Kwan (1): fm10k: fix "failed to kill vid" message for VF Nicholas Piggin (2): powerpc: System reset avoid interleaving oops using die synchronisation powerpc/powernv: IMC fix out of bounds memory access at shutdown Niklas Cassel (2): PCI: Add dummy pci_irqd_intx_xlate() for CONFIG_PCI=n build net: stmmac: discard disabled flags in interrupt status register Nikolay Borisov (1): btrfs: Fix out of bounds access in btrfs_search_slot Nitin Gupta (1): sparc64: update pmdp_invalidate() to return old pmd value Paolo Bonzini (1): kvm: x86: fix KVM_XEN_HVM_CONFIG ioctl Parav Pandit (2): RDMA/core: Clarify rdma_ah_find_type RDMA/cma: Check existence of netdevice during port validation Paul Mackerras (2): KVM: PPC: Book3S HV: Enable migration of decrementer register KVM: PPC: Book3S HV: Fix handling of secondary HPTEG in HPT resizing code Peter Hutterer (1): Input: synaptics - reset the ABS_X/Y fuzz after initializing MT axes Peter Xu (1): iommu/vt-d: Use domain instead of cache fetching Peter Zijlstra (1): x86/tsc: Allow TSC calibration without PIT Prashant Bhole (1): bpf: test_maps: cleanup sockmaps when test ends Rafael J. Wysocki (1): ACPI / EC: Restore polling during noirq suspend/resume phases Robin Murphy (1): iommu/exynos: Don't unconditionally steal bus ops Ross Lagerwall (2): xen-netfront: Fix race between device setup and open xen/grant-table: Use put_page instead of free_page Sagi Grimberg (1): IB/cq: Don't force IB_POLL_DIRECT poll context for ib_process_cq_direct Sebastian Ott (1): s390/eadm: fix CONFIG_BLOCK include dependency Sheng Yong (1): f2fs: avoid hungtask when GC encrypted block if io_bits is set Shiraz Saleem (1): i40iw: Zero-out consumer key on allocate stag for FMR Stephen Boyd (1): irqchip/gic-v3: Ignore disabled ITS nodes Steven Rostedt (VMware) (3): tools lib traceevent: Simplify pointer print logic and fix %pF tools lib traceevent: Fix get_field_str() for dynamic strings selftests/ftrace: Add some missing glob checks Subash Abhinov Kasiviswanathan (2): netfilter: ipv6: nf_defrag: Pass on packets to stack per RFC2460 netfilter: ipv6: nf_defrag: Kill frag queue on RFC2460 failure Takashi Iwai (1): ALSA: hda - Use IS_REACHABLE() for dependency on input Tang Junhui (3): bcache: fix for allocator and register thread race bcache: fix for data collapse after re-attaching an attached device bcache: return attach error when no cache set exist Thomas Richter (2): perf record: Fix failed memory allocation for get_cpuid_str perf test: Fix test trace+probe_libc_inet_pton.sh for s390x Tony Lindgren (1): PM / wakeirq: Fix unbalanced IRQ enable for wakeirq Trond Myklebust (1): SUNRPC: Don't call __UDPX_INC_STATS() from a preemptible context Ulf Hansson (1): PM / domains: Fix up domain-idle-states OF parsing Ulf Magnusson (3): kconfig: Don't leak main menus during parsing kconfig: Fix automatic menu creation mem leak kconfig: Fix expr_free() E_NOT leak Vitaly Kuznetsov (3): x86/hyperv: Stop suppressing X86_FEATURE_PCID x86/hyperv: Check for required priviliges in hyperv_init() x86/kvm/vmx: do not use vm-exit instruction length for fast MMIO when running nested Wei Yongjun (2): ipmi/powernv: Fix error return code in ipmi_powernv_probe() nfp: fix error return code in nfp_pci_probe() Will Deacon (2): arm64: spinlock: Fix theoretical trylock() A-B-A with LSE atomics locking/qspinlock: Ensure node->count is updated before initialising node Xose Vazquez Perez (1): scsi: devinfo: fix format of the device list Yang Shi (1): mm: thp: use down_read_trylock() in khugepaged to avoid long block Yisheng Xie (2): mm/mempolicy: fix the check of nodemask from user mm/mempolicy: add nodes_empty check in SYSC_migrate_pages Yonghong Song (1): bpf: fix selftests/bpf test_kmod.sh failure when CONFIG_BPF_JIT_ALWAYS_ON=y himanshu.madhani(a)cavium.com (1): scsi: qla2xxx: Fix warning in qla2x00_async_iocb_timeout() mike.travis(a)hpe.com (1): x86/platform/UV: Fix GAM Range Table entries less than 1GB mulhern (1): dm thin: fix documentation relative to low water mark threshold piaojun (3): ocfs2: return -EROFS to mount.ocfs2 if inode block is invalid ocfs2/acl: use 'ip_xattr_sem' to protect getting extended attribute ocfs2: return error when we attempt to access a dirty bh in jbd2 shidao.ytt (1): mm/fadvise: discard partial page if endbyte is also EOF weiyongjun (A) (1): mac80211_hwsim: fix possible memory leak in hwsim_new_radio_nl() Documentation/device-mapper/thin-provisioning.txt | 8 +- Documentation/virtual/kvm/api.txt | 1 + arch/arm64/include/asm/spinlock.h | 4 +- arch/mips/boot/compressed/Makefile | 6 +- arch/mips/generic/irq.c | 18 +- arch/mips/include/asm/machine.h | 2 +- arch/mips/txx9/rbtx4939/setup.c | 4 +- arch/powerpc/include/asm/book3s/64/pgalloc.h | 10 +- arch/powerpc/include/uapi/asm/kvm.h | 2 + arch/powerpc/kernel/traps.c | 2 +- arch/powerpc/kvm/book3s_64_mmu_hv.c | 8 +- arch/powerpc/kvm/book3s_hv.c | 8 + arch/powerpc/kvm/powerpc.c | 2 +- arch/powerpc/mm/numa.c | 78 +- arch/powerpc/platforms/powernv/opal-imc.c | 6 +- arch/s390/include/asm/eadm.h | 2 +- arch/s390/kvm/kvm-s390.c | 4 +- arch/s390/kvm/vsie.c | 50 +- arch/sparc/include/asm/pgtable_64.h | 2 +- arch/sparc/mm/tlb.c | 23 +- arch/x86/hyperv/hv_init.c | 9 +- arch/x86/hyperv/mmu.c | 12 +- arch/x86/include/asm/i8259.h | 5 + arch/x86/kernel/apic/x2apic_uv_x.c | 15 +- arch/x86/kernel/dumpstack.c | 2 +- arch/x86/kernel/tsc.c | 18 + arch/x86/kvm/vmx.c | 16 +- arch/x86/kvm/x86.c | 10 +- arch/x86/mm/init_64.c | 3 +- arch/x86/power/hibernate_32.c | 2 +- arch/x86/power/hibernate_64.c | 2 +- block/bio.c | 2 +- block/blk-core.c | 2 + block/blk-merge.c | 29 +- block/blk-mq-debugfs.c | 6 +- block/blk-mq.c | 22 +- drivers/acpi/acpi_lpss.c | 2 + drivers/acpi/bus.c | 6 + drivers/acpi/ec.c | 6 + drivers/acpi/processor_perflib.c | 2 +- drivers/acpi/scan.c | 20 +- drivers/base/power/domain.c | 76 +- drivers/base/power/wakeirq.c | 6 +- drivers/char/ipmi/ipmi_powernv.c | 5 +- drivers/cpufreq/intel_pstate.c | 5 + drivers/crypto/Kconfig | 1 - drivers/firewire/ohci.c | 8 +- drivers/firmware/dmi_scan.c | 22 +- .../drm/nouveau/nvkm/subdev/pmu/fuc/gf100.fuc3.h | 746 +++++++-------- .../drm/nouveau/nvkm/subdev/pmu/fuc/gk208.fuc5.h | 802 ++++++++-------- .../drm/nouveau/nvkm/subdev/pmu/fuc/gt215.fuc3.h | 1006 ++++++++++---------- .../gpu/drm/nouveau/nvkm/subdev/pmu/fuc/memx.fuc | 30 +- drivers/hid/hid-roccat-kovaplus.c | 2 + drivers/infiniband/core/cma.c | 8 +- drivers/infiniband/core/cq.c | 30 +- drivers/infiniband/core/uverbs_ioctl.c | 19 +- drivers/infiniband/hw/hfi1/chip.c | 18 +- drivers/infiniband/hw/hfi1/file_ops.c | 4 +- drivers/infiniband/hw/hfi1/hfi.h | 1 + drivers/infiniband/hw/hfi1/init.c | 4 +- drivers/infiniband/hw/i40iw/i40iw_puda.c | 3 +- drivers/infiniband/hw/i40iw/i40iw_puda.h | 1 + drivers/infiniband/hw/i40iw/i40iw_verbs.c | 2 + drivers/infiniband/hw/mlx5/qp.c | 5 +- drivers/infiniband/ulp/ipoib/ipoib_main.c | 3 + drivers/input/mouse/psmouse-base.c | 34 +- drivers/input/mouse/synaptics.c | 10 + drivers/input/touchscreen/stmfts.c | 11 +- drivers/iommu/exynos-iommu.c | 7 + drivers/iommu/intel-iommu.c | 3 +- drivers/irqchip/irq-gic-v3-its-pci-msi.c | 2 + drivers/irqchip/irq-gic-v3-its-platform-msi.c | 2 + drivers/irqchip/irq-gic-v3-its.c | 2 + drivers/irqchip/irq-gic-v3.c | 2 +- drivers/md/bcache/alloc.c | 4 +- drivers/md/bcache/bcache.h | 2 +- drivers/md/bcache/btree.c | 9 +- drivers/md/bcache/super.c | 23 +- drivers/md/bcache/sysfs.c | 11 +- drivers/md/bcache/writeback.c | 7 +- drivers/md/dm-mpath.c | 14 +- drivers/net/ethernet/freescale/gianfar.c | 9 +- drivers/net/ethernet/intel/fm10k/fm10k_netdev.c | 14 +- drivers/net/ethernet/intel/i40e/i40e_ethtool.c | 18 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 3 + drivers/net/ethernet/intel/i40evf/i40evf.h | 1 + drivers/net/ethernet/intel/i40evf/i40evf_main.c | 9 +- .../net/ethernet/intel/i40evf/i40evf_virtchnl.c | 35 +- drivers/net/ethernet/intel/igb/igb_main.c | 42 +- drivers/net/ethernet/intel/igb/igb_ptp.c | 9 + drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 8 +- drivers/net/ethernet/netronome/nfp/nfp_main.c | 1 + .../net/ethernet/stmicro/stmmac/dwmac-meson8b.c | 6 +- drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 6 +- drivers/net/wireless/mac80211_hwsim.c | 4 +- drivers/net/xen-netfront.c | 46 +- drivers/ntb/ntb_transport.c | 3 + drivers/pci/quirks.c | 2 + drivers/platform/x86/dell-laptop.c | 24 +- drivers/platform/x86/thinkpad_acpi.c | 10 + drivers/scsi/arm/fas216.c | 2 +- drivers/scsi/qla2xxx/qla_init.c | 4 + drivers/scsi/scsi_devinfo.c | 7 +- drivers/spi/spi-armada-3700.c | 5 + .../staging/fsl-mc/bus/irq-gic-v3-its-fsl-mc-msi.c | 2 + drivers/tty/serial/8250/8250_exar.c | 34 +- drivers/tty/serial/8250/8250_port.c | 26 - drivers/watchdog/sp5100_tco.h | 2 +- drivers/xen/grant-table.c | 4 +- fs/btrfs/ctree.c | 12 +- fs/btrfs/disk-io.c | 6 +- fs/btrfs/file.c | 9 + fs/btrfs/inode.c | 17 +- fs/btrfs/raid56.c | 55 +- fs/btrfs/volumes.c | 9 +- fs/cifs/cifssmb.c | 4 +- fs/dax.c | 2 +- fs/f2fs/gc.c | 7 +- fs/jffs2/fs.c | 1 - fs/nfs/nfs4proc.c | 12 +- fs/nfs/nfs4state.c | 5 +- fs/nfs/nfs4sysctl.c | 2 +- fs/ocfs2/acl.c | 6 + fs/ocfs2/journal.c | 23 +- fs/ocfs2/super.c | 5 +- fs/ocfs2/xattr.c | 2 + fs/proc/base.c | 29 +- fs/proc/kcore.c | 4 + fs/ubifs/tnc.c | 21 +- include/asm-generic/pgtable.h | 15 + include/linux/cpumask.h | 2 + include/linux/etherdevice.h | 2 +- include/linux/kcore.h | 1 + include/linux/pci.h | 7 + include/linux/property.h | 10 +- include/linux/suspend.h | 2 + include/rdma/ib_verbs.h | 23 +- include/trace/events/timer.h | 20 +- kernel/bpf/sockmap.c | 19 +- kernel/locking/qspinlock.c | 8 + kernel/power/power.h | 3 - lib/test_bpf.c | 31 +- mm/fadvise.c | 10 +- mm/khugepaged.c | 12 +- mm/mempolicy.c | 33 +- mm/vmscan.c | 14 +- net/ipv4/tcp_nv.c | 2 +- net/ipv6/netfilter/nf_conntrack_reasm.c | 16 +- net/netfilter/x_tables.c | 7 +- net/netfilter/xt_IDLETIMER.c | 1 + net/netfilter/xt_LED.c | 1 + net/netfilter/xt_limit.c | 3 +- net/netfilter/xt_nfacct.c | 1 + net/netfilter/xt_statistic.c | 1 + net/openvswitch/conntrack.c | 34 + net/rds/ib.c | 3 +- net/rxrpc/conn_event.c | 1 + net/rxrpc/rxkad.c | 92 +- net/sunrpc/xprtrdma/backchannel.c | 12 +- net/sunrpc/xprtrdma/svc_rdma_rw.c | 12 +- net/sunrpc/xprtrdma/verbs.c | 32 +- net/sunrpc/xprtrdma/xprt_rdma.h | 2 +- net/sunrpc/xprtsock.c | 4 +- samples/bpf/Makefile | 5 +- scripts/kconfig/expr.c | 2 +- scripts/kconfig/menu.c | 1 + scripts/kconfig/zconf.y | 33 +- sound/pci/hda/Kconfig | 1 - sound/pci/hda/patch_realtek.c | 5 + sound/soc/au1x/ac97c.c | 6 +- sound/soc/rockchip/rk3399_gru_sound.c | 19 +- tools/lib/bpf/Makefile | 2 +- tools/lib/bpf/libbpf.c | 26 + tools/lib/traceevent/event-parse.c | 17 +- tools/lib/traceevent/parse-filter.c | 10 +- tools/perf/arch/x86/util/header.c | 2 +- tools/perf/builtin-c2c.c | 5 +- tools/perf/builtin-record.c | 3 +- tools/perf/builtin-report.c | 5 +- tools/perf/builtin-script.c | 5 +- tools/perf/perf.h | 1 + tools/perf/tests/dwarf-unwind.c | 1 + .../perf/tests/shell/trace+probe_libc_inet_pton.sh | 21 +- tools/perf/util/callchain.c | 10 + tools/perf/util/callchain.h | 2 + tools/perf/util/evsel.c | 21 +- tools/perf/util/unwind-libunwind-local.c | 9 +- tools/testing/selftests/bpf/test_maps.c | 16 +- .../ftrace/test.d/ftrace/func-filter-glob.tc | 6 + .../ftrace/test.d/kprobe/multiple_kprobes.tc | 4 +- tools/testing/selftests/net/reuseport_bpf.c | 21 +- virt/kvm/kvm_main.c | 7 +- 192 files changed, 2774 insertions(+), 1876 deletions(-) -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlrTxiwACgkQ3qZv95d3 LNxkBA//Rw0JqNQC93MzSLs1nutC4zGqVAN2ioYSclFvM1hlOIXALUjcqFSdv/VE d3U4zevf4gayuyaWq8T9Y7bpTz1QYZAvyw4fjJrYhhb/89OKH7mEtL+XLv84aywB AnMqcD1nIU/Nzk994WKu9gRaev5QiY1c6dRQObmHg3O7SYwPhP4TpJyj2IkKAASu mRsDrIHibuDM92ytC08wvXVjEO6bSzZwv8LXB6MkVk2QruXkEN9SFlDYHho9LG4B gLZI3yvJB4C+PcTJLnzHozHuscdwrpPfPSTe8ckOMVEfclvOy4vSUYdLA4wt3J7l rDBcUZuKscHMKi+H4oyMVRjwonB15tLaPYFVHvow76W2kUzs2mFkhkxiTCJkdMpq gQiWdUr/rXMGbFouAQ57GLlmJUunSmNIx9/BB0vJXWMj4krCn53MK93EhTrG+8vm A2BaLHdloKr0tR1VFcKUC9tlOJl+srnkXN6ONZTo57tjK/uImrJ7XYdDR08yYOpU iGgHPabdvWoYsR0qmKbJ+uHK8zsiqeIjjwcBT17h0kI86X6YvDeyqM2MW9/4/x6E /A4WGP1INyWyKveyTmBlvcJzpzrrift/6yoMGXD7xlNtE1Y/XGG9dDXvl89h0yS+ L7OOK+/YeBREP50UZ+CKEkgZ7GBkQRp9rUVZ7fghLAa2vn/y4gc= =1sHf -----END PGP SIGNATURE-----

7 years, 2 months

2
1
0 0

[PATCH 3.18.y 0/5] Backports for 3.18.y

by Harsh Shandilya

A few more patches that were Cc'd stable but failed to apply to 3.18, backported with the 4.4 queue variants as reference wherever required. Matthew Wilcox (1): mm/filemap.c: fix NULL pointer in page_cache_tree_insert() Michal Hocko (1): mm: allow GFP_{FS,IO} for page_cache_read page cache allocation Theodore Ts'o (2): ext4: fix deadlock between inline_data and ext4_expand_extra_isize_ea() ext4: don't update checksum of new initialized bitmaps wangguang (1): ext4: bugfix for mmaped pages in mpage_release_unused_pages() fs/ext4/balloc.c | 3 +-- fs/ext4/ialloc.c | 43 +++--------------------------- fs/ext4/inline.c | 66 +++++++++++++++++++++------------------------- fs/ext4/inode.c | 2 ++ fs/ext4/xattr.c | 30 +++++++++------------ fs/ext4/xattr.h | 32 ++++++++++++++++++++++ include/linux/mm.h | 4 +++ mm/filemap.c | 12 ++++----- mm/memory.c | 17 ++++++++++++ 9 files changed, 107 insertions(+), 102 deletions(-) -- 2.15.0.2308.g658a28aa74af

7 years, 2 months

3
13
0 0

FAILED: patch "[PATCH] drm/amdgpu/dce: Don't turn off DP sink when disconnected" failed to apply to 4.16-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.16-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From daf8809626c0ee7a152f9c34058fc3b43385dd51 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michel=20D=C3=A4nzer?= <michel.daenzer(a)amd.com> Date: Fri, 9 Mar 2018 18:26:18 +0100 Subject: [PATCH] drm/amdgpu/dce: Don't turn off DP sink when disconnected MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Turning off the sink in this case causes various issues, because userspace expects it to stay on until it turns it off explicitly. Instead, turn the sink off and back on when a display is connected again. This dance seems necessary for link training to work correctly. Bugzilla: https://bugs.freedesktop.org/105308 Cc: stable(a)vger.kernel.org Reviewed-by: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: Michel Dänzer <michel.daenzer(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c index ffc1f6f46913..9da8d5802980 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c @@ -69,25 +69,18 @@ void amdgpu_connector_hotplug(struct drm_connector *connector) /* don't do anything if sink is not display port, i.e., * passive dp->(dvi|hdmi) adaptor */ - if (dig_connector->dp_sink_type == CONNECTOR_OBJECT_ID_DISPLAYPORT) { - int saved_dpms = connector->dpms; - /* Only turn off the display if it's physically disconnected */ - if (!amdgpu_display_hpd_sense(adev, amdgpu_connector->hpd.hpd)) { - drm_helper_connector_dpms(connector, DRM_MODE_DPMS_OFF); - } else if (amdgpu_atombios_dp_needs_link_train(amdgpu_connector)) { - /* Don't try to start link training before we - * have the dpcd */ - if (amdgpu_atombios_dp_get_dpcd(amdgpu_connector)) - return; - - /* set it to OFF so that drm_helper_connector_dpms() - * won't return immediately since the current state - * is ON at this point. - */ - connector->dpms = DRM_MODE_DPMS_OFF; - drm_helper_connector_dpms(connector, DRM_MODE_DPMS_ON); - } - connector->dpms = saved_dpms; + if (dig_connector->dp_sink_type == CONNECTOR_OBJECT_ID_DISPLAYPORT && + amdgpu_display_hpd_sense(adev, amdgpu_connector->hpd.hpd) && + amdgpu_atombios_dp_needs_link_train(amdgpu_connector)) { + /* Don't start link training before we have the DPCD */ + if (amdgpu_atombios_dp_get_dpcd(amdgpu_connector)) + return; + + /* Turn the connector off and back on immediately, which + * will trigger link training + */ + drm_helper_connector_dpms(connector, DRM_MODE_DPMS_OFF); + drm_helper_connector_dpms(connector, DRM_MODE_DPMS_ON); } } }

7 years, 2 months

3
3
0 0

[PATCH 0/4] Backports for 3.18.y

by Harsh Shandilya

A few more patches that were Cc'd stable but failed to apply to 3.18, backported with the 4.4 queue variants as reference wherever required. Patch series respun based off 3.18.106 with Michal Hocko's feedback integrated. [0] https://www.spinics.net/lists/stable/msg236795.html Matthew Wilcox (1): mm/filemap.c: fix NULL pointer in page_cache_tree_insert() Theodore Ts'o (2): ext4: fix deadlock between inline_data and ext4_expand_extra_isize_ea() ext4: don't update checksum of new initialized bitmaps wangguang (1): ext4: bugfix for mmaped pages in mpage_release_unused_pages() fs/ext4/balloc.c | 3 +-- fs/ext4/ialloc.c | 43 +++---------------------------- fs/ext4/inline.c | 66 ++++++++++++++++++++++-------------------------- fs/ext4/inode.c | 4 ++- fs/ext4/xattr.c | 30 +++++++++------------- fs/ext4/xattr.h | 32 +++++++++++++++++++++++ mm/filemap.c | 4 +-- 7 files changed, 83 insertions(+), 99 deletions(-) -- 2.15.0.2308.g658a28aa74af

7 years, 2 months

2
5
0 0

FAILED: patch "[PATCH] mm, vmscan: Allow preallocating memory for" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 8e04944f0ea8b838399049bdcda920ab36ae3b04 Mon Sep 17 00:00:00 2001 From: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Date: Wed, 4 Apr 2018 19:53:07 +0900 Subject: [PATCH] mm,vmscan: Allow preallocating memory for register_shrinker(). syzbot is catching so many bugs triggered by commit 9ee332d99e4d5a97 ("sget(): handle failures of register_shrinker()"). That commit expected that calling kill_sb() from deactivate_locked_super() without successful fill_super() is safe, but the reality was different; some callers assign attributes which are needed for kill_sb() after sget() succeeds. For example, [1] is a report where sb->s_mode (which seems to be either FMODE_READ | FMODE_EXCL | FMODE_WRITE or FMODE_READ | FMODE_EXCL) is not assigned unless sget() succeeds. But it does not worth complicate sget() so that register_shrinker() failure path can safely call kill_block_super() via kill_sb(). Making alloc_super() fail if memory allocation for register_shrinker() failed is much simpler. Let's avoid calling deactivate_locked_super() from sget_userns() by preallocating memory for the shrinker and making register_shrinker() in sget_userns() never fail. [1] https://syzkaller.appspot.com/bug?id=588996a25a2587be2e3a54e8646728fb9cae44… Signed-off-by: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Reported-by: syzbot <syzbot+5a170e19c963a2e0df79(a)syzkaller.appspotmail.com> Cc: Al Viro <viro(a)zeniv.linux.org.uk> Cc: Michal Hocko <mhocko(a)suse.com> Signed-off-by: Al Viro <viro(a)zeniv.linux.org.uk> diff --git a/fs/super.c b/fs/super.c index 5fa9a8d8d865..122c402049a2 100644 --- a/fs/super.c +++ b/fs/super.c @@ -167,6 +167,7 @@ static void destroy_unused_super(struct super_block *s) security_sb_free(s); put_user_ns(s->s_user_ns); kfree(s->s_subtype); + free_prealloced_shrinker(&s->s_shrink); /* no delays needed */ destroy_super_work(&s->destroy_work); } @@ -252,6 +253,8 @@ static struct super_block *alloc_super(struct file_system_type *type, int flags, s->s_shrink.count_objects = super_cache_count; s->s_shrink.batch = 1024; s->s_shrink.flags = SHRINKER_NUMA_AWARE | SHRINKER_MEMCG_AWARE; + if (prealloc_shrinker(&s->s_shrink)) + goto fail; return s; fail: @@ -518,11 +521,7 @@ struct super_block *sget_userns(struct file_system_type *type, hlist_add_head(&s->s_instances, &type->fs_supers); spin_unlock(&sb_lock); get_filesystem(type); - err = register_shrinker(&s->s_shrink); - if (err) { - deactivate_locked_super(s); - s = ERR_PTR(err); - } + register_shrinker_prepared(&s->s_shrink); return s; } diff --git a/include/linux/shrinker.h b/include/linux/shrinker.h index 388ff2936a87..6794490f25b2 100644 --- a/include/linux/shrinker.h +++ b/include/linux/shrinker.h @@ -75,6 +75,9 @@ struct shrinker { #define SHRINKER_NUMA_AWARE (1 << 0) #define SHRINKER_MEMCG_AWARE (1 << 1) -extern int register_shrinker(struct shrinker *); -extern void unregister_shrinker(struct shrinker *); +extern int prealloc_shrinker(struct shrinker *shrinker); +extern void register_shrinker_prepared(struct shrinker *shrinker); +extern int register_shrinker(struct shrinker *shrinker); +extern void unregister_shrinker(struct shrinker *shrinker); +extern void free_prealloced_shrinker(struct shrinker *shrinker); #endif diff --git a/mm/vmscan.c b/mm/vmscan.c index 8b920ce3ae02..9b697323a88c 100644 --- a/mm/vmscan.c +++ b/mm/vmscan.c @@ -303,7 +303,7 @@ unsigned long lruvec_lru_size(struct lruvec *lruvec, enum lru_list lru, int zone /* * Add a shrinker callback to be called from the vm. */ -int register_shrinker(struct shrinker *shrinker) +int prealloc_shrinker(struct shrinker *shrinker) { size_t size = sizeof(*shrinker->nr_deferred); @@ -313,10 +313,29 @@ int register_shrinker(struct shrinker *shrinker) shrinker->nr_deferred = kzalloc(size, GFP_KERNEL); if (!shrinker->nr_deferred) return -ENOMEM; + return 0; +} + +void free_prealloced_shrinker(struct shrinker *shrinker) +{ + kfree(shrinker->nr_deferred); + shrinker->nr_deferred = NULL; +} +void register_shrinker_prepared(struct shrinker *shrinker) +{ down_write(&shrinker_rwsem); list_add_tail(&shrinker->list, &shrinker_list); up_write(&shrinker_rwsem); +} + +int register_shrinker(struct shrinker *shrinker) +{ + int err = prealloc_shrinker(shrinker); + + if (err) + return err; + register_shrinker_prepared(shrinker); return 0; } EXPORT_SYMBOL(register_shrinker);

7 years, 2 months

3
2
0 0

[PATCH 0/2] usb: typec: fixes

by Heikki Krogerus

Hi, I got two separate fixes here. First one will fix an issue with ucsi where the driver may timeout if EC is under heavy load, and the second an issue with tps6598x when used with plain I2C adapters. Thanks, Heikki Krogerus (2): usb: typec: tps6598x: handle block reads separately with plain-I2C adapters usb: typec: ucsi: Increase command completion timeout value drivers/usb/typec/tps6598x.c | 42 +++++++++++++++++++++++++++++------ drivers/usb/typec/ucsi/ucsi.c | 2 +- 2 files changed, 36 insertions(+), 8 deletions(-) -- 2.17.0

7 years, 2 months

3
9
0 0

FAILED: patch "[PATCH] mm, vmscan: Allow preallocating memory for" failed to apply to 3.18-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 3.18-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 8e04944f0ea8b838399049bdcda920ab36ae3b04 Mon Sep 17 00:00:00 2001 From: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Date: Wed, 4 Apr 2018 19:53:07 +0900 Subject: [PATCH] mm,vmscan: Allow preallocating memory for register_shrinker(). syzbot is catching so many bugs triggered by commit 9ee332d99e4d5a97 ("sget(): handle failures of register_shrinker()"). That commit expected that calling kill_sb() from deactivate_locked_super() without successful fill_super() is safe, but the reality was different; some callers assign attributes which are needed for kill_sb() after sget() succeeds. For example, [1] is a report where sb->s_mode (which seems to be either FMODE_READ | FMODE_EXCL | FMODE_WRITE or FMODE_READ | FMODE_EXCL) is not assigned unless sget() succeeds. But it does not worth complicate sget() so that register_shrinker() failure path can safely call kill_block_super() via kill_sb(). Making alloc_super() fail if memory allocation for register_shrinker() failed is much simpler. Let's avoid calling deactivate_locked_super() from sget_userns() by preallocating memory for the shrinker and making register_shrinker() in sget_userns() never fail. [1] https://syzkaller.appspot.com/bug?id=588996a25a2587be2e3a54e8646728fb9cae44… Signed-off-by: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Reported-by: syzbot <syzbot+5a170e19c963a2e0df79(a)syzkaller.appspotmail.com> Cc: Al Viro <viro(a)zeniv.linux.org.uk> Cc: Michal Hocko <mhocko(a)suse.com> Signed-off-by: Al Viro <viro(a)zeniv.linux.org.uk> diff --git a/fs/super.c b/fs/super.c index 5fa9a8d8d865..122c402049a2 100644 --- a/fs/super.c +++ b/fs/super.c @@ -167,6 +167,7 @@ static void destroy_unused_super(struct super_block *s) security_sb_free(s); put_user_ns(s->s_user_ns); kfree(s->s_subtype); + free_prealloced_shrinker(&s->s_shrink); /* no delays needed */ destroy_super_work(&s->destroy_work); } @@ -252,6 +253,8 @@ static struct super_block *alloc_super(struct file_system_type *type, int flags, s->s_shrink.count_objects = super_cache_count; s->s_shrink.batch = 1024; s->s_shrink.flags = SHRINKER_NUMA_AWARE | SHRINKER_MEMCG_AWARE; + if (prealloc_shrinker(&s->s_shrink)) + goto fail; return s; fail: @@ -518,11 +521,7 @@ struct super_block *sget_userns(struct file_system_type *type, hlist_add_head(&s->s_instances, &type->fs_supers); spin_unlock(&sb_lock); get_filesystem(type); - err = register_shrinker(&s->s_shrink); - if (err) { - deactivate_locked_super(s); - s = ERR_PTR(err); - } + register_shrinker_prepared(&s->s_shrink); return s; } diff --git a/include/linux/shrinker.h b/include/linux/shrinker.h index 388ff2936a87..6794490f25b2 100644 --- a/include/linux/shrinker.h +++ b/include/linux/shrinker.h @@ -75,6 +75,9 @@ struct shrinker { #define SHRINKER_NUMA_AWARE (1 << 0) #define SHRINKER_MEMCG_AWARE (1 << 1) -extern int register_shrinker(struct shrinker *); -extern void unregister_shrinker(struct shrinker *); +extern int prealloc_shrinker(struct shrinker *shrinker); +extern void register_shrinker_prepared(struct shrinker *shrinker); +extern int register_shrinker(struct shrinker *shrinker); +extern void unregister_shrinker(struct shrinker *shrinker); +extern void free_prealloced_shrinker(struct shrinker *shrinker); #endif diff --git a/mm/vmscan.c b/mm/vmscan.c index 8b920ce3ae02..9b697323a88c 100644 --- a/mm/vmscan.c +++ b/mm/vmscan.c @@ -303,7 +303,7 @@ unsigned long lruvec_lru_size(struct lruvec *lruvec, enum lru_list lru, int zone /* * Add a shrinker callback to be called from the vm. */ -int register_shrinker(struct shrinker *shrinker) +int prealloc_shrinker(struct shrinker *shrinker) { size_t size = sizeof(*shrinker->nr_deferred); @@ -313,10 +313,29 @@ int register_shrinker(struct shrinker *shrinker) shrinker->nr_deferred = kzalloc(size, GFP_KERNEL); if (!shrinker->nr_deferred) return -ENOMEM; + return 0; +} + +void free_prealloced_shrinker(struct shrinker *shrinker) +{ + kfree(shrinker->nr_deferred); + shrinker->nr_deferred = NULL; +} +void register_shrinker_prepared(struct shrinker *shrinker) +{ down_write(&shrinker_rwsem); list_add_tail(&shrinker->list, &shrinker_list); up_write(&shrinker_rwsem); +} + +int register_shrinker(struct shrinker *shrinker) +{ + int err = prealloc_shrinker(shrinker); + + if (err) + return err; + register_shrinker_prepared(shrinker); return 0; } EXPORT_SYMBOL(register_shrinker);

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] mm, vmscan: Allow preallocating memory for" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 8e04944f0ea8b838399049bdcda920ab36ae3b04 Mon Sep 17 00:00:00 2001 From: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Date: Wed, 4 Apr 2018 19:53:07 +0900 Subject: [PATCH] mm,vmscan: Allow preallocating memory for register_shrinker(). syzbot is catching so many bugs triggered by commit 9ee332d99e4d5a97 ("sget(): handle failures of register_shrinker()"). That commit expected that calling kill_sb() from deactivate_locked_super() without successful fill_super() is safe, but the reality was different; some callers assign attributes which are needed for kill_sb() after sget() succeeds. For example, [1] is a report where sb->s_mode (which seems to be either FMODE_READ | FMODE_EXCL | FMODE_WRITE or FMODE_READ | FMODE_EXCL) is not assigned unless sget() succeeds. But it does not worth complicate sget() so that register_shrinker() failure path can safely call kill_block_super() via kill_sb(). Making alloc_super() fail if memory allocation for register_shrinker() failed is much simpler. Let's avoid calling deactivate_locked_super() from sget_userns() by preallocating memory for the shrinker and making register_shrinker() in sget_userns() never fail. [1] https://syzkaller.appspot.com/bug?id=588996a25a2587be2e3a54e8646728fb9cae44… Signed-off-by: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Reported-by: syzbot <syzbot+5a170e19c963a2e0df79(a)syzkaller.appspotmail.com> Cc: Al Viro <viro(a)zeniv.linux.org.uk> Cc: Michal Hocko <mhocko(a)suse.com> Signed-off-by: Al Viro <viro(a)zeniv.linux.org.uk> diff --git a/fs/super.c b/fs/super.c index 5fa9a8d8d865..122c402049a2 100644 --- a/fs/super.c +++ b/fs/super.c @@ -167,6 +167,7 @@ static void destroy_unused_super(struct super_block *s) security_sb_free(s); put_user_ns(s->s_user_ns); kfree(s->s_subtype); + free_prealloced_shrinker(&s->s_shrink); /* no delays needed */ destroy_super_work(&s->destroy_work); } @@ -252,6 +253,8 @@ static struct super_block *alloc_super(struct file_system_type *type, int flags, s->s_shrink.count_objects = super_cache_count; s->s_shrink.batch = 1024; s->s_shrink.flags = SHRINKER_NUMA_AWARE | SHRINKER_MEMCG_AWARE; + if (prealloc_shrinker(&s->s_shrink)) + goto fail; return s; fail: @@ -518,11 +521,7 @@ struct super_block *sget_userns(struct file_system_type *type, hlist_add_head(&s->s_instances, &type->fs_supers); spin_unlock(&sb_lock); get_filesystem(type); - err = register_shrinker(&s->s_shrink); - if (err) { - deactivate_locked_super(s); - s = ERR_PTR(err); - } + register_shrinker_prepared(&s->s_shrink); return s; } diff --git a/include/linux/shrinker.h b/include/linux/shrinker.h index 388ff2936a87..6794490f25b2 100644 --- a/include/linux/shrinker.h +++ b/include/linux/shrinker.h @@ -75,6 +75,9 @@ struct shrinker { #define SHRINKER_NUMA_AWARE (1 << 0) #define SHRINKER_MEMCG_AWARE (1 << 1) -extern int register_shrinker(struct shrinker *); -extern void unregister_shrinker(struct shrinker *); +extern int prealloc_shrinker(struct shrinker *shrinker); +extern void register_shrinker_prepared(struct shrinker *shrinker); +extern int register_shrinker(struct shrinker *shrinker); +extern void unregister_shrinker(struct shrinker *shrinker); +extern void free_prealloced_shrinker(struct shrinker *shrinker); #endif diff --git a/mm/vmscan.c b/mm/vmscan.c index 8b920ce3ae02..9b697323a88c 100644 --- a/mm/vmscan.c +++ b/mm/vmscan.c @@ -303,7 +303,7 @@ unsigned long lruvec_lru_size(struct lruvec *lruvec, enum lru_list lru, int zone /* * Add a shrinker callback to be called from the vm. */ -int register_shrinker(struct shrinker *shrinker) +int prealloc_shrinker(struct shrinker *shrinker) { size_t size = sizeof(*shrinker->nr_deferred); @@ -313,10 +313,29 @@ int register_shrinker(struct shrinker *shrinker) shrinker->nr_deferred = kzalloc(size, GFP_KERNEL); if (!shrinker->nr_deferred) return -ENOMEM; + return 0; +} + +void free_prealloced_shrinker(struct shrinker *shrinker) +{ + kfree(shrinker->nr_deferred); + shrinker->nr_deferred = NULL; +} +void register_shrinker_prepared(struct shrinker *shrinker) +{ down_write(&shrinker_rwsem); list_add_tail(&shrinker->list, &shrinker_list); up_write(&shrinker_rwsem); +} + +int register_shrinker(struct shrinker *shrinker) +{ + int err = prealloc_shrinker(shrinker); + + if (err) + return err; + register_shrinker_prepared(shrinker); return 0; } EXPORT_SYMBOL(register_shrinker);

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] mm, vmscan: Allow preallocating memory for" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 8e04944f0ea8b838399049bdcda920ab36ae3b04 Mon Sep 17 00:00:00 2001 From: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Date: Wed, 4 Apr 2018 19:53:07 +0900 Subject: [PATCH] mm,vmscan: Allow preallocating memory for register_shrinker(). syzbot is catching so many bugs triggered by commit 9ee332d99e4d5a97 ("sget(): handle failures of register_shrinker()"). That commit expected that calling kill_sb() from deactivate_locked_super() without successful fill_super() is safe, but the reality was different; some callers assign attributes which are needed for kill_sb() after sget() succeeds. For example, [1] is a report where sb->s_mode (which seems to be either FMODE_READ | FMODE_EXCL | FMODE_WRITE or FMODE_READ | FMODE_EXCL) is not assigned unless sget() succeeds. But it does not worth complicate sget() so that register_shrinker() failure path can safely call kill_block_super() via kill_sb(). Making alloc_super() fail if memory allocation for register_shrinker() failed is much simpler. Let's avoid calling deactivate_locked_super() from sget_userns() by preallocating memory for the shrinker and making register_shrinker() in sget_userns() never fail. [1] https://syzkaller.appspot.com/bug?id=588996a25a2587be2e3a54e8646728fb9cae44… Signed-off-by: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Reported-by: syzbot <syzbot+5a170e19c963a2e0df79(a)syzkaller.appspotmail.com> Cc: Al Viro <viro(a)zeniv.linux.org.uk> Cc: Michal Hocko <mhocko(a)suse.com> Signed-off-by: Al Viro <viro(a)zeniv.linux.org.uk> diff --git a/fs/super.c b/fs/super.c index 5fa9a8d8d865..122c402049a2 100644 --- a/fs/super.c +++ b/fs/super.c @@ -167,6 +167,7 @@ static void destroy_unused_super(struct super_block *s) security_sb_free(s); put_user_ns(s->s_user_ns); kfree(s->s_subtype); + free_prealloced_shrinker(&s->s_shrink); /* no delays needed */ destroy_super_work(&s->destroy_work); } @@ -252,6 +253,8 @@ static struct super_block *alloc_super(struct file_system_type *type, int flags, s->s_shrink.count_objects = super_cache_count; s->s_shrink.batch = 1024; s->s_shrink.flags = SHRINKER_NUMA_AWARE | SHRINKER_MEMCG_AWARE; + if (prealloc_shrinker(&s->s_shrink)) + goto fail; return s; fail: @@ -518,11 +521,7 @@ struct super_block *sget_userns(struct file_system_type *type, hlist_add_head(&s->s_instances, &type->fs_supers); spin_unlock(&sb_lock); get_filesystem(type); - err = register_shrinker(&s->s_shrink); - if (err) { - deactivate_locked_super(s); - s = ERR_PTR(err); - } + register_shrinker_prepared(&s->s_shrink); return s; } diff --git a/include/linux/shrinker.h b/include/linux/shrinker.h index 388ff2936a87..6794490f25b2 100644 --- a/include/linux/shrinker.h +++ b/include/linux/shrinker.h @@ -75,6 +75,9 @@ struct shrinker { #define SHRINKER_NUMA_AWARE (1 << 0) #define SHRINKER_MEMCG_AWARE (1 << 1) -extern int register_shrinker(struct shrinker *); -extern void unregister_shrinker(struct shrinker *); +extern int prealloc_shrinker(struct shrinker *shrinker); +extern void register_shrinker_prepared(struct shrinker *shrinker); +extern int register_shrinker(struct shrinker *shrinker); +extern void unregister_shrinker(struct shrinker *shrinker); +extern void free_prealloced_shrinker(struct shrinker *shrinker); #endif diff --git a/mm/vmscan.c b/mm/vmscan.c index 8b920ce3ae02..9b697323a88c 100644 --- a/mm/vmscan.c +++ b/mm/vmscan.c @@ -303,7 +303,7 @@ unsigned long lruvec_lru_size(struct lruvec *lruvec, enum lru_list lru, int zone /* * Add a shrinker callback to be called from the vm. */ -int register_shrinker(struct shrinker *shrinker) +int prealloc_shrinker(struct shrinker *shrinker) { size_t size = sizeof(*shrinker->nr_deferred); @@ -313,10 +313,29 @@ int register_shrinker(struct shrinker *shrinker) shrinker->nr_deferred = kzalloc(size, GFP_KERNEL); if (!shrinker->nr_deferred) return -ENOMEM; + return 0; +} + +void free_prealloced_shrinker(struct shrinker *shrinker) +{ + kfree(shrinker->nr_deferred); + shrinker->nr_deferred = NULL; +} +void register_shrinker_prepared(struct shrinker *shrinker) +{ down_write(&shrinker_rwsem); list_add_tail(&shrinker->list, &shrinker_list); up_write(&shrinker_rwsem); +} + +int register_shrinker(struct shrinker *shrinker) +{ + int err = prealloc_shrinker(shrinker); + + if (err) + return err; + register_shrinker_prepared(shrinker); return 0; } EXPORT_SYMBOL(register_shrinker);

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] mac80211_hwsim: fix use-after-free bug in hwsim_exit_net" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 8cfd36a0b53aeb4ec21d81eb79706697b84dfc3d Mon Sep 17 00:00:00 2001 From: Benjamin Beichler <benjamin.beichler(a)uni-rostock.de> Date: Wed, 7 Mar 2018 18:11:07 +0100 Subject: [PATCH] mac80211_hwsim: fix use-after-free bug in hwsim_exit_net When destroying a net namespace, all hwsim interfaces, which are not created in default namespace are deleted. But the async deletion of the interfaces could last longer than the actual destruction of the namespace, which results to an use after free bug. Therefore use synchronous deletion in this case. Fixes: 100cb9ff40e0 ("mac80211_hwsim: Allow managing radios from non-initial namespaces") Reported-by: syzbot+70ce058e01259de7bb1d(a)syzkaller.appspotmail.com Signed-off-by: Benjamin Beichler <benjamin.beichler(a)uni-rostock.de> Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> diff --git a/drivers/net/wireless/mac80211_hwsim.c b/drivers/net/wireless/mac80211_hwsim.c index 930ddef91093..d9527c7b50d4 100644 --- a/drivers/net/wireless/mac80211_hwsim.c +++ b/drivers/net/wireless/mac80211_hwsim.c @@ -3528,8 +3528,12 @@ static void __net_exit hwsim_exit_net(struct net *net) list_del(&data->list); rhashtable_remove_fast(&hwsim_radios_rht, &data->rht, hwsim_rht_params); - INIT_WORK(&data->destroy_work, destroy_radio); - queue_work(hwsim_wq, &data->destroy_work); + hwsim_radios_generation++; + spin_unlock_bh(&hwsim_radio_lock); + mac80211_hwsim_del_radio(data, + wiphy_name(data->hw->wiphy), + NULL); + spin_lock_bh(&hwsim_radio_lock); } spin_unlock_bh(&hwsim_radio_lock);

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] mac80211_hwsim: fix use-after-free bug in hwsim_exit_net" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 8cfd36a0b53aeb4ec21d81eb79706697b84dfc3d Mon Sep 17 00:00:00 2001 From: Benjamin Beichler <benjamin.beichler(a)uni-rostock.de> Date: Wed, 7 Mar 2018 18:11:07 +0100 Subject: [PATCH] mac80211_hwsim: fix use-after-free bug in hwsim_exit_net When destroying a net namespace, all hwsim interfaces, which are not created in default namespace are deleted. But the async deletion of the interfaces could last longer than the actual destruction of the namespace, which results to an use after free bug. Therefore use synchronous deletion in this case. Fixes: 100cb9ff40e0 ("mac80211_hwsim: Allow managing radios from non-initial namespaces") Reported-by: syzbot+70ce058e01259de7bb1d(a)syzkaller.appspotmail.com Signed-off-by: Benjamin Beichler <benjamin.beichler(a)uni-rostock.de> Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> diff --git a/drivers/net/wireless/mac80211_hwsim.c b/drivers/net/wireless/mac80211_hwsim.c index 930ddef91093..d9527c7b50d4 100644 --- a/drivers/net/wireless/mac80211_hwsim.c +++ b/drivers/net/wireless/mac80211_hwsim.c @@ -3528,8 +3528,12 @@ static void __net_exit hwsim_exit_net(struct net *net) list_del(&data->list); rhashtable_remove_fast(&hwsim_radios_rht, &data->rht, hwsim_rht_params); - INIT_WORK(&data->destroy_work, destroy_radio); - queue_work(hwsim_wq, &data->destroy_work); + hwsim_radios_generation++; + spin_unlock_bh(&hwsim_radio_lock); + mac80211_hwsim_del_radio(data, + wiphy_name(data->hw->wiphy), + NULL); + spin_lock_bh(&hwsim_radio_lock); } spin_unlock_bh(&hwsim_radio_lock);

7 years, 2 months

1
0
0 0

[PATCH 03/20] drm/amd/display: Disallow enabling CRTC without primary plane with FB

by Harry Wentland

The below commit "drm/atomic: Try to preserve the crtc enabled state in drm_atomic_remove_fb, v2" introduces a slight behavioral change to rmfb. Instead of disabling a crtc when the primary plane is disabled, it now preserves it. Since DC is currently not equipped to handle this we need to fail such a commit, otherwise we might see a corrupted screen. This is based on Shirish's previous approach but avoids adding all planes to the new atomic state which leads to a full update in DC for any commit, and is not what we intend. Theoretically DM should be able to deal with states with fully populated planes, even for simple updates, such as cursor updates. This should still be addressed in the future. Signed-off-by: Harry Wentland <harry.wentland(a)amd.com> Tested-by: Michel Dänzer <michel.daenzer(a)amd.com> Reviewed-by: Tony Cheng <Tony.Cheng(a)amd.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c index 72968958e2b1..75fe04692172 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c @@ -4671,6 +4671,7 @@ static int dm_update_crtcs_state(struct amdgpu_display_manager *dm, struct amdgpu_dm_connector *aconnector = NULL; struct drm_connector_state *new_con_state = NULL; struct dm_connector_state *dm_conn_state = NULL; + struct drm_plane_state *new_plane_state = NULL; new_stream = NULL; @@ -4678,6 +4679,13 @@ static int dm_update_crtcs_state(struct amdgpu_display_manager *dm, dm_new_crtc_state = to_dm_crtc_state(new_crtc_state); acrtc = to_amdgpu_crtc(crtc); + new_plane_state = drm_atomic_get_new_plane_state(state, new_crtc_state->crtc->primary); + + if (new_crtc_state->enable && new_plane_state && !new_plane_state->fb) { + ret = -EINVAL; + goto fail; + } + aconnector = amdgpu_dm_find_first_crtc_matching_connector(state, crtc); /* TODO This hack should go away */ @@ -4882,7 +4890,7 @@ static int dm_update_planes_state(struct dc *dc, if (!dm_old_crtc_state->stream) continue; - DRM_DEBUG_DRIVER("Disabling DRM plane: %d on DRM crtc %d\n", + DRM_DEBUG_ATOMIC("Disabling DRM plane: %d on DRM crtc %d\n", plane->base.id, old_plane_crtc->base.id); if (!dc_remove_plane_from_context( -- 2.17.0

7 years, 2 months

1
0
0 0

[PATCH] arm64: export tishift functions to modules

by Jason A. Donenfeld

Otherwise modules that use these arithmetic operations will fail to link. We accomplish this with EXPORT_SYMBOL in the .S file, but because of symbol versioning, we actually need to have a declaration of these too in C. So, we introduce asm-prototypes.h, which is the same file name and technique used for similar reasons in the m68k arch tree. While we're at it, we also fix this up to use SPDX, and I personally choose to relicense this as GPL2||BSD so that these symbols don't need to be export_symbol_gpl, so all modules can use the routines, since these are important general purpose compiler-generated function calls. Signed-off-by: Jason A. Donenfeld <Jason(a)zx2c4.com> Reported-by: PaX Team <pageexec(a)freemail.hu> Cc: stable(a)vger.kernel.org --- arch/arm64/include/asm/asm-prototypes.h | 11 +++++++++++ arch/arm64/lib/tishift.S | 19 ++++++------------- 2 files changed, 17 insertions(+), 13 deletions(-) create mode 100644 arch/arm64/include/asm/asm-prototypes.h diff --git a/arch/arm64/include/asm/asm-prototypes.h b/arch/arm64/include/asm/asm-prototypes.h new file mode 100644 index 000000000000..8f1919e44f51 --- /dev/null +++ b/arch/arm64/include/asm/asm-prototypes.h @@ -0,0 +1,11 @@ +/* SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause) + * + * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason(a)zx2c4.com>. All Rights Reserved. + */ + +/* These functions are defined in lib/tishift.S, but need to be declared + * here so that symbol versioning picks them up. + */ +extern long long __ashlti3(long long a, int b); +extern long long __ashrti3(long long a, int b); +extern long long __lshrti3(long long a, int b); diff --git a/arch/arm64/lib/tishift.S b/arch/arm64/lib/tishift.S index d3db9b2cd479..3bca433973cb 100644 --- a/arch/arm64/lib/tishift.S +++ b/arch/arm64/lib/tishift.S @@ -1,20 +1,10 @@ -/* - * Copyright (C) 2017 Jason A. Donenfeld <Jason(a)zx2c4.com>. All Rights Reserved. +/* SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause) * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as - * published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. + * Copyright (C) 2017-2018 Jason A. Donenfeld <Jason(a)zx2c4.com>. All Rights Reserved. */ #include <linux/linkage.h> +#include <asm-generic/export.h> ENTRY(__ashlti3) cbz x2, 1f @@ -36,6 +26,7 @@ ENTRY(__ashlti3) mov x0, x2 ret ENDPROC(__ashlti3) +EXPORT_SYMBOL(__ashlti3) ENTRY(__ashrti3) cbz x2, 1f @@ -57,6 +48,7 @@ ENTRY(__ashrti3) mov x1, x2 ret ENDPROC(__ashrti3) +EXPORT_SYMBOL(__ashrti3) ENTRY(__lshrti3) cbz x2, 1f @@ -78,3 +70,4 @@ ENTRY(__lshrti3) mov x1, x2 ret ENDPROC(__lshrti3) +EXPORT_SYMBOL(__lshrti3) -- 2.17.0

7 years, 2 months

2
1
0 0

[GIT PULL] commits for Linux 4.9

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.9 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit f080bba272b1e3f9bbf0b6c1acef3efaf16b631d: Linux 4.9.92 (2018-03-31 18:11:36 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.9-15042018 for you to fetch changes up to ea63a9c35234ba149e7595523e11400ddbd5a9c8: irqchip/gic-v3: Change pr_debug message to pr_devel (2018-04-15 11:03:00 -0400) - ---------------------------------------------------------------- for-greg-4.9-15042018 - ---------------------------------------------------------------- Adam Lessnau (1): powercap/RAPL: prevent overridding bits outside of the mask Adrian Hunter (1): perf intel-pt: Do not use TSC packets for calculating CPU cycles to TSC Alex Estrin (1): IB/ipoib: Fix for potential no-carrier state Alex Williamson (1): PCI: Add function 1 DMA alias quirk for Marvell 9128 Alexey Dobriyan (1): proc: fix /proc/*/map_files lookup Alexey Khoroshilov (1): vmlfb: Fix error handling in cr_pll_init() Anand Jain (1): btrfs: fail mount when sb flag is not in BTRFS_SUPER_FLAG_SUPP Andrew Duggan (1): Input: synaptics-rmi4 - only read the F54 query registers which are used Andy Shevchenko (1): device property: Define type of PROPERTY_ENRTY_*() macros Andy Spencer (1): gianfar: prevent integer wrapping in the rx handler Anna-Maria Gleixner (1): tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into account Arnaldo Carvalho de Melo (3): perf evsel: Fix probing of precise_ip level for default cycles event perf evsel: Set attr.exclude_kernel when probing max attr.precise_ip perf callchain: Fix attr.sample_max_stack setting Arnd Bergmann (4): xen: avoid type warning in xchg_xen_ulong scsi: fas216: fix sense buffer initialization x86/power: Fix swsusp_arch_resume prototype cifs: silence compiler warnings showing up with gcc-8.0.0 BenoÃ®t ThÃ©baudeau (2): mmc: sdhci-esdhc-imx: Fix DAT line software reset mmc: sdhci-esdhc: Add SDHCI_QUIRK_32BIT_DMA_ADDR Bjorn Helgaas (3): efi/fb: Correct PCI_STD_RESOURCE_END usage PCI: Correct PCI_STD_RESOURCE_END usage PCI: Enable ECRC only if device supports it Bob Moore (1): ACPICA: Disassembler: Abort on an invalid/unknown AML opcode Boris Brezillon (1): drm/vc4: Send a VBLANK event when disabling a CRTC Chao Yu (1): f2fs: fix to avoid panic when encountering corrupt node Chen Yu (1): ACPI: processor_perflib: Do not send _PPC change notification if not ready Chris Packham (1): mtd: handle partitioning on devices with 0 erasesize Chris Wilson (1): e1000e: Undo e1000e_pm_freeze if __e1000_shutdown fails Christian Lamparter (1): net: emac: fix reset timeout with AR8035 phy Christoph Hellwig (1): PCI: Protect pci_error_handlers->reset_notify() usage with device_lock() Christophe JAILLET (1): drm/vc4: Fix resource leak in 'vc4_get_hang_state_ioctl()' in error handling path Christophe Jaillet (1): cpuidle: dt: Add missing 'of_node_put()' Chuck Lever (1): sunrpc: Disable splice for krb5i Coly Li (1): bcache: properly set task state in bch_writeback_thread() Dan Carpenter (6): X.509: Fix error code in x509_cert_parse() x86/nmi: Fix timeout test in test_nmi_ipi() scsi: bnx2i: missing error code in bnx2i_ep_connect() libertas: Fix lbs_prb_rsp_limit_set() ASoC: au1x: Fix timeout tests in au1xac97c_ac97_read() HID: roccat: prevent an out of bounds read in kovaplus_profile_activated() Dan Williams (1): libnvdimm, pmem: fix persistence warning Daniel Axtens (1): sched/fair: WARN() and refuse to set buddy when !se->on_rq Daniel Borkmann (1): bpf: fix rlimit in reuseport net selftest Daniel Bristot de Oliveira (1): sched/deadline: Use the revised wakeup rule for suspending constrained dl tasks Daniel Scheller (1): media: dvb-frontends/cxd2841er: require STATE_ACTIVE_* for agc readout Dave Martin (4): arm64: ptrace: Flush user-RW TLS reg to thread_struct before reading arm64: ptrace: Fix VFP register dumping in compat coredumps arm64: ptrace: Avoid setting compat FP[SC]R to garbage if get_user fails arm64: ptrace: Fix incorrect get_user() use in compat_vfp_set() David Daney (1): MIPS: Give __secure_computing() access to syscall arguments. Dinh Nguyen (1): clk: socfpga: Fix the smplsel on Arria10 and Stratix10 Dmitry Monakhov (1): block: guard bvec iteration logic Dmitry Osipenko (1): drm/tegra: dc: Avoid reset asserts on Tegra20 Dmitry Safonov (1): ARM: 8683/1: ARM32: Support mremap() for sigpage/vDSO Dmitry Torokhov (1): Input: psmouse - fix Synaptics detection when protocol is disabled Doug Berger (1): libata: Add the AHCI_HFLAG_YES_ALPM flag Ed Swierk (1): openvswitch: Remove padding from packet before L3+ conntrack processing Edward Cree (1): sfc: remove duplicate up_write on VF filter_sem Emmanuel Grumbach (3): iwlwifi: mvm: reset the fw_dump_desc pointer after ASSERT iwlwifi: mvm: don't send fetch the TID from a non-QoS packet in TSO iwlwifi: mvm: don't mess the SNAP header in TSO for non-QoS packets Eric Biggers (2): KEYS: put keyring if install_session_keyring_to_cred() fails ext4: require key for truncate(2) of encrypted file Eric Ren (1): ocfs2: fix deadlock caused by recursive locking in xattr Fabio Estevam (1): net: fec: Add a fec_enet_clear_ethtool_stats() stub for CONFIG_M5272 Filipe Manana (1): Btrfs: send, fix invalid path after renaming and linking file Gal Pressman (1): net/mlx5: Fix driver load error flow when firmware is stuck Ganesh Goudar (1): cxgb4: fix a NULL dereference Geert Uytterhoeven (2): ARM: dts: armadillo800eva: Split LCD mux and gpio of: Provide dummy of_device_compatible_match() for compile-testing Girish Moodalbail (1): geneve: add missing rx stats accounting Goran Ferenc (3): MIPS: VDSO: Fix conversions in do_monotonic()/do_monotonic_coarse() MIPS: VDSO: Add implementation of clock_gettime() fallback MIPS: VDSO: Add implementation of gettimeofday() fallback Guanglei Li (1): RDS: IB: Fix null pointer issue Guenter Roeck (1): watchdog: sp5100_tco: Fix watchdog disable bit Gustavo A. R. Silva (1): tcp_nv: fix potential integer overflow in tcpnv_acked Haishuang Yan (3): ip_tunnel: fix potential issue in ip_tunnel_rcv ip6_tunnel: fix potential issue in __ip6_tnl_rcv ip6_tunnel: Correct tos value in collect_md mode Haiyang Zhang (1): hv_netvsc: Fix the carrier state error when data path is off Hans de Goede (3): brcmfmac: Use separate firmware for revision 0 of the brcm43430 chip Bluetooth: hci_bcm: Add active_low irq polarity quirk for Asus T100CHI ACPI / scan: Use acpi_bus_get_status() to initialize ACPI_TYPE_DEVICE devs Hari Bathini (1): powerpc/fadump: avoid duplicates in crash memory ranges Hector Martin (1): firewire-ohci: work around oversized DMA reads on JMicron controllers Heiner Kallweit (1): pinctrl: meson-gxbb: remove non-existing pin GPIOX_22 Jacob Keller (3): ixgbe: fix race condition with PTP_TX_IN_PROGRESS bits ixgbe: avoid permanent lock of *_PTP_TX_IN_PROGRESS i40evf: assign num_active_queues inside i40evf_alloc_queues Jag Raman (1): sparc64: ldc abort during vds iso boot Jake Daryll Obina (1): jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path James Hogan (1): MIPS: generic: Fix machine compatible matching James Smart (2): scsi: lpfc: Fix return value of board_mode store routine in case of online failure scsi: lpfc: Fix crash after firmware flash when IO is running. James Wang (1): Fix loop device flush before configure v3 Jan Chochol (1): nfs: Do not convert nfs_idmap_cache_timeout to jiffies Jan HÃ¶ppner (1): s390/dasd: Display read-only attribute correctly Jason Gunthorpe (1): tpm_tis: Fix IRQ autoprobing when using platform_device Jean Delvare (3): firmware: dmi_scan: Look for SMBIOS 3 entry point first firmware: dmi_scan: Check DMI structure length firmware: dmi_scan: Fix handling of empty DMI strings Jean-Baptiste Maneyrol (1): iio: imu: inv_mpu6050: test whoami first and against all known values Jeff Mahoney (1): ixgbe: pci_set_drvdata must be called before register_netdev Jeffy Chen (1): spi: rockchip: Disable Runtime PM when chip select is asserted Jerome Brunet (1): clk: scpi: error when clock fails to register Jesper Dangaard Brouer (1): tools/libbpf: handle issues with bpf ELF objects containing .eh_frames Jia Zhang (1): vfs/proc/kcore, x86/mm/kcore: Fix SMAP fault when dumping vsyscall user page Jia-Ju Bai (1): scsi: megaraid: Fix a sleep-in-atomic bug Jim Mattson (1): KVM: nVMX: Update vmcs12->guest_linear_address on nested VM-exit Jiri Olsa (1): perf unwind: Do not fail due to missing unwind support Johan Hovold (2): NFC: nfcmrvl_uart: fix device-node leak during probe scsi: sun_esp: fix device reference leaks Johannes Berg (6): iwlwifi: mvm: track and report IBSS manager status to mac80211 iwlwifi: mvm: use scnprintf() instead of snprintf() iwlwifi: mvm: don't warn in queue sync on RF-kill iwlwifi: pcie: fix command completion name debug iwlwifi: mvm: unconditionally stop device after init iwlwifi: mvm: fix deduplication start logic John Hsu (1): ASoC: nau8825: fix jack type detection issue after resume Jonas Gorski (1): leds: bcm6328: fix signal source assignment for leds 4 to 7 Jonathan Corbet (1): Docs: Include the Latex "ifthen" package JoÃ£o Paulo Rechi Vita (1): platform/x86: acer-wmi: Detect RF Button capability Kai Heng Feng (1): platform/x86: dell-laptop: Fix bogus keyboard backlight sysfs interface Karicheri, Muralidharan (1): hsr: fix incorrect warning KarimAllah Ahmed (1): kvm: Map PFN-type memory regions as writable (if possible) Karol Herbst (1): drm/nouveau/pmu/fuc: don't use movw directly anymore Kees Cook (2): scsi: csiostor: Avoid content leaks and casts seccomp: Adjust selftests to avoid double-join Kevin Barnett (1): scsi: smartpqi: correct bdma hw bug Kirill A. Shutemov (1): asm-generic: provide generic_pmdp_establish() Kishon Vijay Abraham I (1): ARM: dts: am57xx-beagle-x15-revb1: Fix supply name used for MMC1 IO lines Krzysztof Kozlowski (1): clk: samsung: audss: Fix silent hang on Exynos4412 due to disabled EPLL Leon Romanovsky (1): RDMA/mlx5: Avoid memory leak in case of XRCD dealloc failure Lin Yun Sheng (1): net/hns:bugfix of ethtool -t phy self_test Liping Zhang (1): netfilter: ebt_nflog: fix unexpected truncated packet Liu Bo (4): Btrfs: skip commit transaction if we don't have enough pinned bytes Btrfs: tolerate errors if we have retried successfully Btrfs: set plug for fsync Btrfs: fix scrub to repair raid6 corruption Liwei Song (1): i2c: ismt: fix wrong device address when unmap the data buffer Logan Gunthorpe (1): ntb_transport: Fix bug with max_mw_size parameter Lorenzo Bianconi (1): iio: magnetometer: st_magn_spi: fix spi_device_id table Luc Van Oostenryck (2): arm64: pass machine size to sparse arm64: pass endianness info to sparse Luis R. Rodriguez (1): fs: warn in case userspace lied about modprobe return Lv Zheng (5): ACPICA: OSL: Add support to exclude stdarg.h ACPICA: Events: Add runtime stub support for event APIs ACPI: EC: Fix an EC event IRQ storming issue ACPI: EC: Fix EC command visibility for dynamic debug ACPI / EC: Add support to skip boot stage DSDT probe Marcel Holtmann (1): Bluetooth: Send HCI Set Event Mask Page 2 command only when needed Marcelo Ricardo Leitner (1): sctp: adjust ssthresh when transport is idle Marcin Nowakowski (2): MIPS: mm: fixed mappings: correct initialisation MIPS: kprobes: flush_insn_slot should flush only if probe initialised Mario Molitor (1): stmmac: fix ptp header for GMAC3 hw timestamp Mark Salter (1): irqchip/gic-v3: Change pr_debug message to pr_devel Martin Blumenstingl (3): clk: meson: meson8b: add compatibles for Meson8 and Meson8m2 net: stmmac: dwmac-meson8b: fix setting the RGMII TX clock on Meson8b net: stmmac: dwmac-meson8b: propagate rate changes to the parent clock Mateusz Jurczyk (2): caif: Add sockaddr length check before accessing sa_family in connect handler af_iucv: Move sockaddr length checks to before accessing sa_family in bind and connect handlers Mathieu Larouche (1): drm/mgag200: Fix to always set HiPri for G200e4 V2 Mathieu Malaterre (1): net: Extra '_get' in declaration of arch_get_platform_mac_address Matt Redfearn (1): MIPS: TXx9: use IS_BUILTIN() for CONFIG_LEDS_CLASS Matt Weber (1): i2c: cadance: fix ctrl/addr reg write order Mauro Carvalho Chehab (1): Docs: Fix breakage with Sphinx 1.5 and upper Mel Gorman (1): mm: pin address_space before dereferencing it while isolating an LRU page Michael Bringmann (2): powerpc/numa: Use ibm,max-associativity-domains to discover possible nodes powerpc/numa: Ensure nodes initialized for hotplug Michael Grzeschik (1): arcnet: change irq handler to lock irqsave Michael Kelley (1): cpumask: Make for_each_cpu_wrap() available on UP as well Michael Neuling (1): powerpc: Fix /proc/cpuinfo revision for POWER9 DD2 Michail Georgios Etairidis (1): i2c: imx: Use correct function to write to register MickaÃ«l SalaÃ¼n (1): selftests: kselftest_harness: Fix compile warning Mike Snitzer (1): Revert "dm mirror: use all available legs on multiple failures" Ming Lei (1): nvme: fix hang in remove path Mintz, Yuval (2): bnx2x: Allow vfs to disable txvlan offload bnx2x: Don't log mc removal needlessly Miroslav Lichvar (1): kselftests: timers: Fix inconsistency-check to not ignore first timestamp Namhyung Kim (3): perf annotate: Fix symbolic link of build-id cache perf tools: Decompress kernel module when reading DSO data perf tests: Decompress kernel module before objdump Naveen N. Rao (1): powerpc64/elfv1: Only dereference function descriptor for non-text symbols NeilBrown (1): NFSv4: always set NFS_LOCK_LOST when a lock is lost. Netanel Belgazal (5): net: ena: fix rare uncompleted admin command false alarm net: ena: fix race condition between submit and completion admin command net: ena: add missing return when ena_com_get_io_handlers() fails net: ena: add missing unmap bars on device removal net: ena: disable admin msix while working in polling mode Ngai-Mint Kwan (1): fm10k: fix "failed to kill vid" message for VF Nikolay Aleksandrov (1): bridge: allow ext learned entries to change ports Nikolay Borisov (1): btrfs: Fix out of bounds access in btrfs_search_slot Nitin Gupta (2): sparc64: Fix gup_huge_pmd sparc64: update pmdp_invalidate() to return old pmd value Omar Sandoval (1): Btrfs: always account pinned bytes when dropping a tree block ref Paolo Bonzini (1): kvm: x86: fix KVM_XEN_HVM_CONFIG ioctl Paul Burton (6): MIPS: module: Ensure we always clean up r_mips_hi16_list MIPS: SEAD-3: Set interrupt-parent per-device, not at root node MIPS: CPS: Prevent multi-core with dcache aliasing MIPS: CPS: Handle spurious VP starts more gracefully MIPS: CPS: Handle cores not powering down more gracefully MIPS: Handle tlbex-tlbp race condition Paul E. McKenney (1): rcu: Make synchronize_rcu_mult() check for duplicates Peter Xu (1): iommu/vt-d: Use domain instead of cache fetching Peter Zijlstra (2): perf/core: Correct event creation with PERF_FORMAT_GROUP x86/tsc: Allow TSC calibration without PIT Phil Reid (2): iio: buffer-dma: Add missing header buffer_impl.h iio: buffer-dmaengine: Add missing header buffer_impl.h Phong LE (1): mmc: mediatek: Fixed size in dma_free_coherent Ping-Ke Shih (1): rtlwifi: btcoex: rtl8723be: fix ant_sel not work Priyalee Kushwaha (1): platform/x86: intel_telemetry_debugfs: fix oops when load/unload module Rafael J. Wysocki (1): PCI/PM: Avoid using device_may_wakeup() for runtime PM Raju Rangoju (1): rdma/cxgb4: Fix memory leaks during module exit Rakesh Pandit (1): nvme-pci: fix multiple ctrl removal scheduling Robin Murphy (2): coresight: tmc: Configure DMA mask appropriately irqchip/gic-v3-its: Fix MSI alias accounting Roopa Prabhu (1): vxlan: dont migrate permanent fdb entries during learn Ross Lagerwall (2): xen-netfront: Fix race between device setup and open xen/grant-table: Use put_page instead of free_page Sean Wang (1): net: ethernet: mediatek: fixed deadlock captured by lockdep Sebastian Andrzej Siewior (1): fs/dcache: init in_lookup_hashtable Sebastian Ott (2): s390/pci: improve error handling during interrupt deregistration s390/pci: improve unreg_ioat error handling Serhey Popovych (2): fib_rules: Resolve goto rules target on delete veth: Be more robust on network device creation when no attributes Shiraz Saleem (1): i40iw: Zero-out consumer key on allocate stag for FMR Sinan Kaya (1): dmaengine: qcom_hidma: correct API violation for submit Sowmini Varadhan (1): rds: tcp: Set linger when rejecting an incoming conn in rds_tcp_accept_one Stefan Haberland (1): s390/dasd: fix hanging safe offline Stephen Boyd (1): irqchip/gic-v3: Ignore disabled ITS nodes Steven Rostedt (VMware) (2): tools lib traceevent: Simplify pointer print logic and fix %pF tools lib traceevent: Fix get_field_str() for dynamic strings Subash Abhinov Kasiviswanathan (2): netfilter: ipv6: nf_defrag: Pass on packets to stack per RFC2460 netfilter: ipv6: nf_defrag: Kill frag queue on RFC2460 failure Sujith Pandel (1): PCI: Add domain number check to find_smbios_instance_string() Sunil Goutham (1): iommu/arm-smmu-v3: Increase CMDQ drain timeout value Suzuki K Poulose (4): coresight: Fix reference count for software sources irqchip/gic-v2: Report failures in gic_irq_domain_alloc irqchip/gic-v3: Report failures in gic_irq_domain_alloc irqchip/gic-v3: Honor forced affinity setting Tahsin Erdogan (1): ext4: change fast symlink test to not rely on i_blocks Takashi Iwai (3): ALSA: timer: Wrap with spinlock for queue access ALSA: hda: Fix potential race at unregistration and unsol events ALSA: hda - Use IS_REACHABLE() for dependency on input Tang Junhui (3): bcache: fix for allocator and register thread race bcache: fix for data collapse after re-attaching an attached device bcache: return attach error when no cache set exist Tayar, Tomer (1): qed: fix dump of context data Tero Kristo (2): crypto: omap-sham - buffer handling fixes for hashing later crypto: omap-sham - fix closing of hash with separate finalize call Thiago Jung Bauermann (2): powerpc/perf/hv-24x7: Fix passing of catalog version number powerpc/perf/hv-24x7: Fix off-by-one error in request_buffer check Thomas Petazzoni (1): irqchip/armada-370-xp: Re-enable per-CPU interrupts at resume time Thomas Richter (1): perf record: Fix failed memory allocation for get_cpuid_str Tonghao Zhang (1): datapath: Avoid using stack larger than 1024. Tore Anderson (1): net: cdc_mbim: apply "NDP to end" quirk to HP lt4132 Ulf Magnusson (3): kconfig: Don't leak main menus during parsing kconfig: Fix automatic menu creation mem leak kconfig: Fix expr_free() E_NOT leak Vignesh R (1): serial: 8250: 8250_omap: Fix race b/w dma completion and RX timeout Vlad Yasevich (1): macvlan: Do not return error when setting the same mac address Vladimir Murzin (2): dma: Take into account dma_pfn_offset drivers: dma-coherent: Account dma_pfn_offset when used with device tree WANG Cong (1): net_sched: move tcf_lock down after gen_replace_estimator() Wang Nan (1): perf test llvm: Avoid error when PROFILE_ALL_BRANCHES is set Wei Yongjun (1): ipmi/powernv: Fix error return code in ipmi_powernv_probe() Will Deacon (2): arm64: spinlock: Fix theoretical trylock() A-B-A with LSE atomics locking/qspinlock: Ensure node->count is updated before initialising node Wolfram Sang (1): i2c: rcar: use correct length when unmapping DMA Xin Long (3): sctp: fix recursive locking warning in sctp_do_peeloff dccp: call inet_add_protocol after register_pernet_subsys in dccp_v4_init sctp: uncork the old asoc before changing to the new one Xose Vazquez Perez (1): scsi: devinfo: fix format of the device list Yang Shi (1): mm: thp: use down_read_trylock() in khugepaged to avoid long block Yazen Ghannam (1): x86/mce: Don't disable MCA banks when offlining a CPU on AMD Yisheng Xie (2): mm/mempolicy: fix the check of nodemask from user mm/mempolicy: add nodes_empty check in SYSC_migrate_pages Yonghong Song (1): bpf: fix selftests/bpf test_kmod.sh failure when CONFIG_BPF_JIT_ALWAYS_ON=y Yuyang Du (2): usb: usbip tool: Check the return of get_nports() usb: usbip tool: Fix refresh_imported_device_list() hayeswang (1): r8152: add byte_enable for ocp_read_word function mulhern (1): dm thin: fix documentation relative to low water mark threshold piaojun (3): ocfs2: return -EROFS to mount.ocfs2 if inode block is invalid ocfs2/acl: use 'ip_xattr_sem' to protect getting extended attribute ocfs2: return error when we attempt to access a dirty bh in jbd2 shidao.ytt (1): mm/fadvise: discard partial page if endbyte is also EOF weiyongjun (A) (1): mac80211_hwsim: fix possible memory leak in hwsim_new_radio_nl() Documentation/conf.py | 9 +- Documentation/device-mapper/thin-provisioning.txt | 8 +- .../bindings/clock/amlogic,meson8b-clkc.txt | 11 +- arch/arm/boot/dts/am57xx-beagle-x15-revb1.dts | 2 +- arch/arm/boot/dts/r8a7740-armadillo800eva.dts | 2 + arch/arm/include/asm/xen/events.h | 2 +- arch/arm/kernel/process.c | 8 + arch/arm/kernel/vdso.c | 18 + arch/arm64/Makefile | 4 +- arch/arm64/include/asm/processor.h | 3 + arch/arm64/include/asm/spinlock.h | 4 +- arch/arm64/kernel/process.c | 8 +- arch/arm64/kernel/ptrace.c | 29 +- arch/mips/boot/dts/mti/sead3.dts | 5 +- arch/mips/generic/board-sead3.c | 26 +- arch/mips/include/asm/kprobes.h | 3 +- arch/mips/include/asm/machine.h | 2 +- arch/mips/include/asm/vdso.h | 4 +- arch/mips/kernel/cps-vec.S | 7 +- arch/mips/kernel/module.c | 28 +- arch/mips/kernel/ptrace.c | 22 +- arch/mips/kernel/smp-cps.c | 35 +- arch/mips/mm/pgtable-32.c | 6 +- arch/mips/mm/tlbex.c | 38 +- arch/mips/txx9/rbtx4939/setup.c | 4 +- arch/mips/vdso/gettimeofday.c | 57 +- arch/powerpc/include/asm/code-patching.h | 10 +- arch/powerpc/kernel/fadump.c | 15 +- arch/powerpc/kernel/setup-common.c | 4 + arch/powerpc/mm/numa.c | 78 +- arch/powerpc/perf/hv-24x7.c | 16 +- arch/s390/include/asm/pci_insn.h | 2 +- arch/s390/pci/pci.c | 48 +- arch/s390/pci/pci_dma.c | 4 +- arch/s390/pci/pci_insn.c | 10 +- arch/sparc/include/asm/pgtable_64.h | 2 +- arch/sparc/kernel/ldc.c | 7 +- arch/sparc/mm/gup.c | 4 +- arch/sparc/mm/tlb.c | 23 +- arch/x86/entry/vdso/vma.c | 3 - arch/x86/include/asm/i8259.h | 5 + arch/x86/kernel/cpu/mcheck/mce.c | 5 +- arch/x86/kernel/nmi_selftest.c | 2 +- arch/x86/kernel/tsc.c | 18 + arch/x86/kvm/vmx.c | 3 +- arch/x86/kvm/x86.c | 7 +- arch/x86/mm/init_64.c | 3 +- arch/x86/power/hibernate_32.c | 2 +- arch/x86/power/hibernate_64.c | 2 +- crypto/asymmetric_keys/x509_cert_parser.c | 1 + drivers/acpi/acpica/evxfevnt.c | 18 + drivers/acpi/acpica/psobject.c | 14 + drivers/acpi/ec.c | 27 +- drivers/acpi/processor_perflib.c | 2 +- drivers/acpi/scan.c | 20 +- drivers/ata/ahci.h | 1 + drivers/ata/libahci.c | 5 + drivers/base/dma-coherent.c | 15 +- drivers/block/loop.c | 3 + drivers/bluetooth/hci_bcm.c | 9 + drivers/char/ipmi/ipmi_powernv.c | 5 +- drivers/char/tpm/tpm_tis.c | 2 +- drivers/clk/clk-scpi.c | 8 +- drivers/clk/meson/Kconfig | 6 +- drivers/clk/meson/meson8b.c | 5 +- drivers/clk/samsung/clk-exynos-audss.c | 1 + drivers/clk/socfpga/clk-gate-a10.c | 2 +- drivers/clk/socfpga/clk.h | 3 + drivers/cpuidle/dt_idle_states.c | 4 +- drivers/crypto/omap-sham.c | 31 +- drivers/dma/qcom/hidma.c | 15 +- drivers/dma/qcom/hidma.h | 1 + drivers/firewire/ohci.c | 8 +- drivers/firmware/dmi_scan.c | 62 +- drivers/gpu/drm/mgag200/mgag200_mode.c | 9 +- .../drm/nouveau/nvkm/subdev/pmu/fuc/gf100.fuc3.h | 746 +++++++-------- .../drm/nouveau/nvkm/subdev/pmu/fuc/gk208.fuc5.h | 802 ++++++++-------- .../drm/nouveau/nvkm/subdev/pmu/fuc/gt215.fuc3.h | 1006 ++++++++++---------- .../gpu/drm/nouveau/nvkm/subdev/pmu/fuc/memx.fuc | 30 +- drivers/gpu/drm/tegra/dc.c | 30 +- drivers/gpu/drm/vc4/vc4_crtc.c | 13 + drivers/gpu/drm/vc4/vc4_gem.c | 13 +- drivers/hid/hid-roccat-kovaplus.c | 2 + drivers/hwtracing/coresight/coresight-tmc.c | 7 + drivers/hwtracing/coresight/coresight.c | 15 +- drivers/i2c/busses/i2c-cadence.c | 6 +- drivers/i2c/busses/i2c-imx.c | 8 +- drivers/i2c/busses/i2c-ismt.c | 2 +- drivers/i2c/busses/i2c-rcar.c | 2 +- drivers/iio/buffer/industrialio-buffer-dma.c | 1 + drivers/iio/buffer/industrialio-buffer-dmaengine.c | 1 + drivers/iio/imu/inv_mpu6050/inv_mpu_core.c | 33 +- drivers/iio/magnetometer/st_magn_spi.c | 2 - drivers/infiniband/hw/cxgb4/device.c | 10 +- drivers/infiniband/hw/i40iw/i40iw_verbs.c | 1 + drivers/infiniband/hw/mlx5/qp.c | 5 +- drivers/infiniband/ulp/ipoib/ipoib_main.c | 3 + drivers/input/mouse/psmouse-base.c | 34 +- drivers/input/rmi4/rmi_f54.c | 17 +- drivers/iommu/arm-smmu-v3.c | 12 +- drivers/iommu/intel-iommu.c | 3 +- drivers/irqchip/irq-armada-370-xp.c | 46 +- drivers/irqchip/irq-gic-v3-its-pci-msi.c | 37 +- drivers/irqchip/irq-gic-v3-its-platform-msi.c | 2 + drivers/irqchip/irq-gic-v3-its.c | 2 + drivers/irqchip/irq-gic-v3.c | 16 +- drivers/irqchip/irq-gic.c | 7 +- drivers/leds/leds-bcm6328.c | 4 +- drivers/md/bcache/alloc.c | 4 +- drivers/md/bcache/bcache.h | 2 +- drivers/md/bcache/btree.c | 9 +- drivers/md/bcache/super.c | 23 +- drivers/md/bcache/sysfs.c | 11 +- drivers/md/bcache/writeback.c | 7 +- drivers/md/dm-raid1.c | 21 +- drivers/media/dvb-frontends/cxd2841er.c | 5 +- drivers/mmc/host/mtk-sd.c | 2 +- drivers/mmc/host/sdhci-esdhc-imx.c | 59 +- drivers/mmc/host/sdhci-esdhc.h | 1 + drivers/mtd/mtdpart.c | 26 +- drivers/net/arcnet/arcnet.c | 7 +- drivers/net/ethernet/amazon/ena/ena_com.c | 35 +- drivers/net/ethernet/amazon/ena/ena_netdev.c | 17 +- drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 19 +- drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 2 +- drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 5 +- drivers/net/ethernet/freescale/fec_main.c | 4 + drivers/net/ethernet/freescale/gianfar.c | 9 +- drivers/net/ethernet/hisilicon/hns/hns_ethtool.c | 16 +- drivers/net/ethernet/ibm/emac/core.c | 26 +- drivers/net/ethernet/intel/e1000e/netdev.c | 7 +- drivers/net/ethernet/intel/fm10k/fm10k_netdev.c | 14 +- drivers/net/ethernet/intel/i40evf/i40evf_main.c | 18 +- drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 22 +- drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c | 15 +- drivers/net/ethernet/mediatek/mtk_eth_soc.c | 8 +- drivers/net/ethernet/mellanox/mlx5/core/main.c | 2 +- drivers/net/ethernet/qlogic/qed/qed_debug.c | 2 +- drivers/net/ethernet/sfc/ef10_sriov.c | 2 - .../net/ethernet/stmicro/stmmac/dwmac-meson8b.c | 6 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 15 +- drivers/net/ethernet/stmicro/stmmac/stmmac_ptp.h | 3 +- drivers/net/geneve.c | 36 +- drivers/net/hyperv/hyperv_net.h | 2 + drivers/net/hyperv/netvsc.c | 2 + drivers/net/hyperv/netvsc_drv.c | 8 +- drivers/net/macvlan.c | 4 + drivers/net/usb/cdc_mbim.c | 7 + drivers/net/usb/r8152.c | 4 +- drivers/net/veth.c | 4 +- drivers/net/vxlan.c | 2 +- .../wireless/broadcom/brcm80211/brcmfmac/sdio.c | 7 +- .../net/wireless/intel/iwlwifi/mvm/debugfs-vif.c | 22 +- drivers/net/wireless/intel/iwlwifi/mvm/fw-dbg.c | 6 +- drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c | 1 + drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 17 +- drivers/net/wireless/intel/iwlwifi/mvm/mvm.h | 3 + drivers/net/wireless/intel/iwlwifi/mvm/ops.c | 16 +- drivers/net/wireless/intel/iwlwifi/mvm/sta.c | 17 +- drivers/net/wireless/intel/iwlwifi/mvm/tx.c | 20 +- drivers/net/wireless/intel/iwlwifi/pcie/tx.c | 3 +- drivers/net/wireless/mac80211_hwsim.c | 4 +- drivers/net/wireless/marvell/libertas/mesh.c | 5 +- .../net/wireless/realtek/rtlwifi/rtl8723be/hw.c | 3 + drivers/net/wireless/realtek/rtlwifi/wifi.h | 1 + drivers/net/xen-netfront.c | 46 +- drivers/nfc/nfcmrvl/uart.c | 3 + drivers/ntb/ntb_transport.c | 3 + drivers/nvdimm/blk.c | 3 +- drivers/nvdimm/btt.c | 3 +- drivers/nvdimm/region_devs.c | 5 +- drivers/nvme/host/core.c | 4 + drivers/nvme/host/pci.c | 13 +- drivers/pci/pci-label.c | 7 +- drivers/pci/pci.c | 48 +- drivers/pci/probe.c | 5 + drivers/pci/quirks.c | 4 +- drivers/pinctrl/meson/pinctrl-meson-gxbb.c | 1 - drivers/platform/x86/acer-wmi.c | 7 + drivers/platform/x86/dell-laptop.c | 6 +- drivers/platform/x86/intel_telemetry_debugfs.c | 16 +- drivers/powercap/intel_rapl.c | 4 +- drivers/s390/block/dasd.c | 8 +- drivers/s390/block/dasd_devmap.c | 19 +- drivers/scsi/arm/fas216.c | 2 +- drivers/scsi/bnx2i/bnx2i_iscsi.c | 3 +- drivers/scsi/csiostor/csio_lnode.c | 43 +- drivers/scsi/lpfc/lpfc_attr.c | 2 + drivers/scsi/lpfc/lpfc_sli.c | 2 +- drivers/scsi/megaraid/megaraid_mm.c | 2 +- drivers/scsi/scsi_devinfo.c | 7 +- drivers/scsi/smartpqi/smartpqi_init.c | 7 +- drivers/scsi/sun_esp.c | 9 +- drivers/spi/spi-rockchip.c | 51 +- .../staging/fsl-mc/bus/irq-gic-v3-its-fsl-mc-msi.c | 2 + drivers/tty/serial/8250/8250_omap.c | 23 +- drivers/video/fbdev/efifb.c | 2 +- drivers/video/fbdev/vermilion/cr_pll.c | 1 + drivers/watchdog/sp5100_tco.h | 2 +- drivers/xen/grant-table.c | 4 +- fs/btrfs/ctree.c | 12 +- fs/btrfs/disk-io.c | 6 +- fs/btrfs/extent-tree.c | 19 +- fs/btrfs/file.c | 9 + fs/btrfs/inode.c | 5 +- fs/btrfs/raid56.c | 18 +- fs/btrfs/send.c | 35 +- fs/btrfs/volumes.c | 9 +- fs/cifs/cifssmb.c | 4 +- fs/dcache.c | 5 + fs/ext4/inode.c | 28 +- fs/f2fs/node.c | 14 +- fs/filesystems.c | 4 +- fs/jffs2/fs.c | 1 - fs/nfs/nfs4proc.c | 12 +- fs/nfs/nfs4state.c | 5 +- fs/nfs/nfs4sysctl.c | 2 +- fs/ocfs2/acl.c | 6 + fs/ocfs2/dlmglue.c | 4 + fs/ocfs2/journal.c | 23 +- fs/ocfs2/super.c | 5 +- fs/ocfs2/xattr.c | 25 +- fs/proc/base.c | 29 +- fs/proc/kcore.c | 4 + include/acpi/platform/acgcc.h | 10 + include/acpi/platform/acintel.h | 2 + include/asm-generic/pgtable.h | 15 + include/linux/bio.h | 4 +- include/linux/bvec.h | 14 +- include/linux/cpumask.h | 2 + include/linux/etherdevice.h | 2 +- include/linux/kcore.h | 1 + include/linux/of.h | 6 + include/linux/property.h | 10 +- include/linux/sched.h | 1 + include/linux/suspend.h | 2 + include/trace/events/timer.h | 20 +- kernel/events/core.c | 15 +- kernel/locking/qspinlock.c | 8 + kernel/power/power.h | 3 - kernel/rcu/update.c | 13 +- kernel/sched/core.c | 2 + kernel/sched/deadline.c | 98 +- kernel/sched/fair.c | 10 +- lib/dma-noop.c | 9 +- lib/test_bpf.c | 31 +- mm/fadvise.c | 10 +- mm/khugepaged.c | 12 +- mm/mempolicy.c | 33 +- mm/mmap.c | 4 + mm/vmscan.c | 14 +- net/bluetooth/hci_core.c | 17 +- net/bridge/br_fdb.c | 28 +- net/bridge/netfilter/ebt_nflog.c | 1 + net/caif/caif_socket.c | 4 + net/core/fib_rules.c | 21 +- net/dccp/ipv4.c | 17 +- net/hsr/hsr_forward.c | 3 +- net/hsr/hsr_framereg.c | 9 +- net/hsr/hsr_framereg.h | 2 +- net/ipv4/ip_tunnel.c | 2 + net/ipv4/tcp_nv.c | 2 +- net/ipv6/ip6_tunnel.c | 6 +- net/ipv6/netfilter/nf_conntrack_reasm.c | 16 +- net/iucv/af_iucv.c | 8 +- net/openvswitch/conntrack.c | 34 + net/openvswitch/datapath.c | 81 +- net/rds/ib.c | 3 +- net/rds/tcp_listen.c | 19 +- net/sched/act_police.c | 8 +- net/sctp/sm_sideeffect.c | 4 + net/sctp/socket.c | 4 +- net/sctp/transport.c | 2 + net/sunrpc/auth_gss/svcauth_gss.c | 8 + net/sunrpc/svc.c | 2 +- scripts/kconfig/expr.c | 2 +- scripts/kconfig/menu.c | 1 + scripts/kconfig/zconf.y | 33 +- security/keys/process_keys.c | 7 +- sound/core/timer.c | 4 + sound/hda/hdac_bus.c | 1 + sound/hda/hdac_device.c | 1 + sound/pci/hda/Kconfig | 1 - sound/pci/hda/patch_realtek.c | 5 + sound/soc/au1x/ac97c.c | 6 +- sound/soc/codecs/nau8825.c | 17 +- tools/lib/bpf/libbpf.c | 26 + tools/lib/traceevent/event-parse.c | 17 +- tools/lib/traceevent/parse-filter.c | 10 +- tools/perf/arch/x86/util/header.c | 2 +- tools/perf/tests/bpf-script-test-prologue.c | 9 + tools/perf/tests/code-reading.c | 20 +- tools/perf/tests/task-exit.c | 2 +- tools/perf/util/annotate.c | 10 +- tools/perf/util/dso.c | 16 + tools/perf/util/evsel.c | 21 +- .../perf/util/intel-pt-decoder/intel-pt-decoder.c | 14 + tools/perf/util/unwind-libunwind.c | 2 +- tools/testing/selftests/net/reuseport_bpf.c | 21 +- tools/testing/selftests/seccomp/seccomp_bpf.c | 53 +- .../testing/selftests/timers/inconsistency-check.c | 4 +- tools/usb/usbip/libsrc/vhci_driver.c | 36 +- virt/kvm/kvm_main.c | 7 +- 303 files changed, 3910 insertions(+), 2172 deletions(-) -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlrTxjQACgkQ3qZv95d3 LNzkbA//Sr5wLao5qsRJ7EKLdO5KVA+beDFs7hKuN/bJ/cy6Hd+0K5tBtFv6/phZ WVz/OaKwQmJk7YxRA2Fs+fzGfHcDhdg35dlPemWotvyoYTj/GxgKFPHW83X40cpf e2vBK1NZT7lJk06X424zk6DxSXA089K1be6CXqudG2vAo9WaHSkAx+hY9Nvr0jWV W7NYeqRoBL6RASC2bGLHgU4LZROI9pM9xb45nLl8c6W3OpBxS331usYRqQfQ4WY0 etkSfBceNJRPksdh6wsBl7/OczN67yZp4OxSrcdBlbZ3jLsrn5Xz7++ZNJP4JmII n3HT3Eaerx2w2yDCvhgwnd0LdVGCJwhkPc3UqWtuuM9bqrD3OS6fPBftsAYCQja3 6Ys4HbcCb2vDEeXqqSk4UNtD2FUOe9r0tY0uJkxmAqLYctu4XPKblkqOl5FxBMiB s6NnGydUU5uMAKagjLyPqZSjFnAp2MNFiJFcTg5Dh3zVlVNsxbi6keCSrEbxyx5D Qfuf9Wc0WZA96mWp9ZUiUeGTdP+exWCZwTb6H4FmO/WADTGIhZfvz8LXXXu3Bwxp S8pyiPr+CjungOYGmKF6qNgHtieJ1sxmeZjZWi/FAvj34xSuT4R57bL+vHDMgZDa kL4vuS8g+VZULI3gHmUm0CaKRI/JFZUxx6r6I2L9FAf1ggtFc2g= =y7vw -----END PGP SIGNATURE-----

7 years, 2 months

2
1
0 0

Re: [PATCH] [SCSI] mpt3sas: Fix secure erase premature termination (v2)

by Steffen Maier

On 11/04/2016 05:35 PM, Martin K. Petersen wrote: >>>>>> "Hannes" == Hannes Reinecke <hare(a)suse.de> writes: > > Hannes> Checking with SAT-3 (section 6.2.4: Commands the SATL queues > Hannes> internally) the implemented behaviour is standards conformant, > Hannes> although the standard also allows for returning 'TASK SET FULL' > Hannes> or 'BUSY' in these cases. Doing so would nicely solve this > Hannes> issue. > > I agree with Hannes that it would be appropriate for the SATL to report > busy when it makes an non-queued command queueable. Wouldn't this potentially still cause problems if the secure erase takes longer than max_retries * scmd_tmo. I.e. the command timing out by default after 180 seconds as in https://www.spinics.net/lists/linux-block/msg24837.html ? The fix approach here seems to also handle this gracefully. -- Mit freundlichen Grüßen / Kind regards Steffen Maier Linux on z Systems Development IBM Deutschland Research & Development GmbH Vorsitzende des Aufsichtsrats: Martina Koederitz Geschaeftsfuehrung: Dirk Wittkopp Sitz der Gesellschaft: Boeblingen Registergericht: Amtsgericht Stuttgart, HRB 243294

7 years, 2 months

2
1
0 0

[PATCH 0/3] musb fixes backport to v4.9+

by Bin Liu

Hi, Here are several patches backported to v4.9+ to fix runtime PM problems in musb drivers. Regards, -Bin. ---- Andreas Kemnade (1): usb: musb: fix enumeration after resume Merlijn Wajer (2): usb: musb: call pm_runtime_{get,put}_sync before reading vbus registers usb: musb: Fix external abort in musb_remove on omap2430 drivers/usb/musb/musb_core.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) -- 1.9.1

7 years, 2 months

2
4
0 0

[PATCH 1/7] ARM: dts: sun8i: h3: fix ALL-H3-CC H3 ver VCC-1V2 regulator voltage

by Chen-Yu Tsai

The voltage of the VCC-1V2 regulator on the ALL-H3-CC H3 ver. should be 1.2V, not the 3.3V currently defined in the device tree. Fix the voltage in the device tree. Fixes: 6ca358645d4d ("ARM: dts: sun8i: h3: Add dts file for Libre Computer Board ALL-H3-CC H3 ver.") Cc: <stable(a)vger.kernel.org> # 4.16.x Signed-off-by: Chen-Yu Tsai <wens(a)csie.org> --- arch/arm/boot/dts/sun8i-h3-libretech-all-h3-cc.dts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/arm/boot/dts/sun8i-h3-libretech-all-h3-cc.dts b/arch/arm/boot/dts/sun8i-h3-libretech-all-h3-cc.dts index 5971b8b0b768..db6b35bb65ff 100644 --- a/arch/arm/boot/dts/sun8i-h3-libretech-all-h3-cc.dts +++ b/arch/arm/boot/dts/sun8i-h3-libretech-all-h3-cc.dts @@ -62,8 +62,8 @@ reg_vcc1v2: vcc1v2 { compatible = "regulator-fixed"; regulator-name = "vcc1v2"; - regulator-min-microvolt = <3300000>; - regulator-max-microvolt = <3300000>; + regulator-min-microvolt = <1200000>; + regulator-max-microvolt = <1200000>; regulator-always-on; regulator-boot-on; vin-supply = <&reg_vcc5v0>; -- 2.17.0

7 years, 2 months

2
1
0 0

[PATCH] ALSA: dice: fix OUI for TC group

by Takashi Sakamoto

OUI for TC Electronic is 0x000166, for TC GROUP A/S. 0x001486 is for Echo Digital Audio Corporation. Fixes: 7cafc65b3aa1 ('ALSA: dice: force to add two pcm devices for listed models') Cc: <stable(a)vger.kernel.org> # v4.6+ Reference: http://standards-oui.ieee.org/oui/oui.txt Signed-off-by: Takashi Sakamoto <o-takashi(a)sakamocchi.jp> --- sound/firewire/dice/dice.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sound/firewire/dice/dice.c b/sound/firewire/dice/dice.c index 4ddb4cdd054b..96bb01b6b751 100644 --- a/sound/firewire/dice/dice.c +++ b/sound/firewire/dice/dice.c @@ -14,7 +14,7 @@ MODULE_LICENSE("GPL v2"); #define OUI_WEISS 0x001c6a #define OUI_LOUD 0x000ff2 #define OUI_FOCUSRITE 0x00130e -#define OUI_TCELECTRONIC 0x001486 +#define OUI_TCELECTRONIC 0x000166 #define DICE_CATEGORY_ID 0x04 #define WEISS_CATEGORY_ID 0x00 -- 2.14.1

7 years, 2 months

2
1
0 0

[PATCH] drm/i915/bxt, glk: Increase PCODE timeouts during CDCLK freq changing

by Imre Deak

commit 5e1df40f40ee45a97bb1066c3d71f0ae920a9672 upstream. Currently we see sporadic timeouts during CDCLK changing both on BXT and GLK as reported by the Bugzilla: ticket. It's easy to reproduce this by changing the frequency in a tight loop after blanking the display. The upper bound for the completion time is 800us based on my tests, so increase it from the current 500us to 2ms; with that I couldn't trigger the problem either on BXT or GLK. Note that timeouts happened during both the change notification and the voltage level setting PCODE request. (For the latter one BSpec doesn't require us to wait for completion before further HW programming.) This issue is similar to commit 2c7d0602c815 ("drm/i915/gen9: Fix PCODE polling during CDCLK change notification") but there the PCODE request does complete (as shown by the mbox busy flag), only the reply we get from PCODE indicates a failure. So there we keep resending the request until a success reply, here we just have to increase the timeout for the one PCODE request we send. v2: - s/snb_pcode_request/sandybridge_pcode_write_timeout/ (Ville) Cc: Chris Wilson <chris(a)chris-wilson.co.uk> Cc: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> # v4.14 Acked-by: Chris Wilson <chris(a)chris-wilson.co.uk> (v1) Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=103326 Reviewed-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Signed-off-by: Imre Deak <imre.deak(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20180130142939.17983-1-imre.d… (cherry picked from commit e76019a81921e87a4d9e7b3d86102bc708a6c227) Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> (Rebased for v4.14 stable tree due to upstream cdclk_state and pcu_lock change) Signed-off-by: Imre Deak <imre.deak(a)intel.com> --- drivers/gpu/drm/i915/i915_drv.h | 6 +++++- drivers/gpu/drm/i915/intel_cdclk.c | 22 +++++++++++++++++----- drivers/gpu/drm/i915/intel_pm.c | 6 +++--- 3 files changed, 25 insertions(+), 9 deletions(-) diff --git a/drivers/gpu/drm/i915/i915_drv.h b/drivers/gpu/drm/i915/i915_drv.h index 3f818412765c..51411894d2cd 100644 --- a/drivers/gpu/drm/i915/i915_drv.h +++ b/drivers/gpu/drm/i915/i915_drv.h @@ -3995,7 +3995,11 @@ extern void intel_display_print_error_state(struct drm_i915_error_state_buf *e, struct intel_display_error_state *error); int sandybridge_pcode_read(struct drm_i915_private *dev_priv, u32 mbox, u32 *val); -int sandybridge_pcode_write(struct drm_i915_private *dev_priv, u32 mbox, u32 val); +int sandybridge_pcode_write_timeout(struct drm_i915_private *dev_priv, u32 mbox, + u32 val, int timeout_us); +#define sandybridge_pcode_write(dev_priv, mbox, val) \ + sandybridge_pcode_write_timeout(dev_priv, mbox, val, 500) + int skl_pcode_request(struct drm_i915_private *dev_priv, u32 mbox, u32 request, u32 reply_mask, u32 reply, int timeout_base_ms); diff --git a/drivers/gpu/drm/i915/intel_cdclk.c b/drivers/gpu/drm/i915/intel_cdclk.c index 26a8dcd2c549..47ad24229c78 100644 --- a/drivers/gpu/drm/i915/intel_cdclk.c +++ b/drivers/gpu/drm/i915/intel_cdclk.c @@ -1289,10 +1289,15 @@ static void bxt_set_cdclk(struct drm_i915_private *dev_priv, break; } - /* Inform power controller of upcoming frequency change */ mutex_lock(&dev_priv->rps.hw_lock); - ret = sandybridge_pcode_write(dev_priv, HSW_PCODE_DE_WRITE_FREQ_REQ, - 0x80000000); + /* + * Inform power controller of upcoming frequency change. BSpec + * requires us to wait up to 150usec, but that leads to timeouts; + * the 2ms used here is based on experiment. + */ + ret = sandybridge_pcode_write_timeout(dev_priv, + HSW_PCODE_DE_WRITE_FREQ_REQ, + 0x80000000, 2000); mutex_unlock(&dev_priv->rps.hw_lock); if (ret) { @@ -1323,8 +1328,15 @@ static void bxt_set_cdclk(struct drm_i915_private *dev_priv, I915_WRITE(CDCLK_CTL, val); mutex_lock(&dev_priv->rps.hw_lock); - ret = sandybridge_pcode_write(dev_priv, HSW_PCODE_DE_WRITE_FREQ_REQ, - DIV_ROUND_UP(cdclk, 25000)); + /* + * The timeout isn't specified, the 2ms used here is based on + * experiment. + * FIXME: Waiting for the request completion could be delayed until + * the next PCODE request based on BSpec. + */ + ret = sandybridge_pcode_write_timeout(dev_priv, + HSW_PCODE_DE_WRITE_FREQ_REQ, + DIV_ROUND_UP(cdclk, 25000), 2000); mutex_unlock(&dev_priv->rps.hw_lock); if (ret) { diff --git a/drivers/gpu/drm/i915/intel_pm.c b/drivers/gpu/drm/i915/intel_pm.c index 014e5c08571a..87cccb5f8c5d 100644 --- a/drivers/gpu/drm/i915/intel_pm.c +++ b/drivers/gpu/drm/i915/intel_pm.c @@ -8941,8 +8941,8 @@ int sandybridge_pcode_read(struct drm_i915_private *dev_priv, u32 mbox, u32 *val return 0; } -int sandybridge_pcode_write(struct drm_i915_private *dev_priv, - u32 mbox, u32 val) +int sandybridge_pcode_write_timeout(struct drm_i915_private *dev_priv, + u32 mbox, u32 val, int timeout_us) { int status; @@ -8965,7 +8965,7 @@ int sandybridge_pcode_write(struct drm_i915_private *dev_priv, if (__intel_wait_for_register_fw(dev_priv, GEN6_PCODE_MAILBOX, GEN6_PCODE_READY, 0, - 500, 0, NULL)) { + timeout_us, 0, NULL)) { DRM_ERROR("timeout waiting for pcode write of 0x%08x to mbox %x to finish for %ps\n", val, mbox, __builtin_return_address(0)); return -ETIMEDOUT; -- 2.13.2

7 years, 2 months

2
1
0 0

[PULL 1/1] vfio: ccw: fix cleanup if cp_prefetch fails

by Cornelia Huck

From: Halil Pasic <pasic(a)linux.vnet.ibm.com> If the translation of a channel program fails, we may end up attempting to clean up (free, unpin) stuff that never got translated (and allocated, pinned) in the first place. By adjusting the lengths of the chains accordingly (so the element that failed, and all subsequent elements are excluded) cleanup activities based on false assumptions can be avoided. Let's make sure cp_free works properly after cp_prefetch returns with an error by setting ch_len of a ccw chain to the number of the translated CCWs on that chain. Cc: stable(a)vger.kernel.org #v4.12+ Acked-by: Pierre Morel <pmorel(a)linux.vnet.ibm.com> Reviewed-by: Dong Jia Shi <bjsdjshi(a)linux.vnet.ibm.com> Signed-off-by: Halil Pasic <pasic(a)linux.vnet.ibm.com> Signed-off-by: Dong Jia Shi <bjsdjshi(a)linux.vnet.ibm.com> Message-Id: <20180423110113.59385-2-bjsdjshi(a)linux.vnet.ibm.com> [CH: fixed typos] Signed-off-by: Cornelia Huck <cohuck(a)redhat.com> --- drivers/s390/cio/vfio_ccw_cp.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/drivers/s390/cio/vfio_ccw_cp.c b/drivers/s390/cio/vfio_ccw_cp.c index 2c7550797ec2..dce92b2a895d 100644 --- a/drivers/s390/cio/vfio_ccw_cp.c +++ b/drivers/s390/cio/vfio_ccw_cp.c @@ -715,6 +715,10 @@ void cp_free(struct channel_program *cp) * and stores the result to ccwchain list. @cp must have been * initialized by a previous call with cp_init(). Otherwise, undefined * behavior occurs. + * For each chain composing the channel program: + * - On entry ch_len holds the count of CCWs to be translated. + * - On exit ch_len is adjusted to the count of successfully translated CCWs. + * This allows cp_free to find in ch_len the count of CCWs to free in a chain. * * The S/390 CCW Translation APIS (prefixed by 'cp_') are introduced * as helpers to do ccw chain translation inside the kernel. Basically @@ -749,11 +753,18 @@ int cp_prefetch(struct channel_program *cp) for (idx = 0; idx < len; idx++) { ret = ccwchain_fetch_one(chain, idx, cp); if (ret) - return ret; + goto out_err; } } return 0; +out_err: + /* Only cleanup the chain elements that were actually translated. */ + chain->ch_len = idx; + list_for_each_entry_continue(chain, &cp->ccwchain_list, next) { + chain->ch_len = 0; + } + return ret; } /** -- 2.14.3

7 years, 2 months

1
0
0 0

v4.4.129 build: 0 failures 0 warnings (v4.4.129)

by Build bot for Mark Brown

Tree/Branch: v4.4.129 Git describe: v4.4.129 Commit: 8e2def054b Linux 4.4.129 Build Time: 60 min 23 sec Passed: 10 / 10 (100.00 %) Failed: 0 / 10 ( 0.00 %) Errors: 0 Warnings: 0 Section Mismatches: 0 ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): ------------------------------------------------------------------------------- =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches: arm64-allnoconfig arm64-allmodconfig arm-multi_v5_defconfig arm-multi_v7_defconfig x86_64-defconfig arm-allmodconfig arm-allnoconfig x86_64-allnoconfig x86_64-allmodconfig arm64-defconfig close failed in file object destructor: sys.excepthook is missing lost sys.stderr

7 years, 2 months

1
0
0 0

[PATCH v2] cpufreq: armada-37xx: driver relies on cpufreq-dt

by Miquel Raynal

Armada-37xx driver registers a cpufreq-dt driver. Not having CONFIG_CPUFREQ_DT selected leads to a silent abort during the probe. Prevent that situation by having the former depending on the latter. Fixes: 92ce45fb875d7 ("cpufreq: Add DVFS support for Armada 37xx") Cc: stable(a)vger.kernel.org Signed-off-by: Miquel Raynal <miquel.raynal(a)bootlin.com> --- Changes since v1 ================ * Changed 'select' by 'depends on' * Added Fixes + Cc: stable tags drivers/cpufreq/Kconfig.arm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/cpufreq/Kconfig.arm b/drivers/cpufreq/Kconfig.arm index 7f56fe5183f2..2c64ee68ea8b 100644 --- a/drivers/cpufreq/Kconfig.arm +++ b/drivers/cpufreq/Kconfig.arm @@ -20,7 +20,7 @@ config ACPI_CPPC_CPUFREQ config ARM_ARMADA_37XX_CPUFREQ tristate "Armada 37xx CPUFreq support" - depends on ARCH_MVEBU + depends on ARCH_MVEBU && CPUFREQ_DT help This adds the CPUFreq driver support for Marvell Armada 37xx SoCs. The Armada 37xx PMU supports 4 frequency and VDD levels. -- 2.14.1

7 years, 2 months

2
1
0 0

[PATCH v2] rtlwifi: cleanup 8723be ant_sel definition

by pkshih＠realtek.com

From: Ping-Ke Shih <pkshih(a)realtek.com> The module parameter ant_sel is used to control antenna number and path. There is an existing enum ANT_{X2,X1} defined the antenna number, so add a new enum ANT_{MAIN,AUX} to make it readable. After this work, incorrect given values depend on ant_sel were exposed, so refill values according following definition: ant_sel ant_num ant_path print_label 1 ANT_X1 ANT_AUX #2 2 ANT_X2 ANT_MAIN #1 Then, a workaround resulted from the incorrect values in halbtcoutsrc.c was removed. These is a existing bug in the workaround while ant_sel=2, but the case is rare use so user is hard to observe this bug. The experimental results with single antenna connected to specific path are in following: ant_sel ANT_MAIN(#1) ANT_AUX(#2) 0 -8 -62 1 -62 -10 2 -6 -60 Signed-off-by: Ping-Ke Shih <pkshih(a)realtek.com> Cc: Stable <stable(a)vger.kernel.org> # 4.7+ Reviewed-by: Larry Finger <Larry.Finger(a)lwfinger.net> --- v2: Add more description about fixed bugs in end of first paragraph. --- .../net/wireless/realtek/rtlwifi/btcoexist/halbtcoutsrc.c | 15 --------------- drivers/net/wireless/realtek/rtlwifi/rtl8723be/hw.c | 11 +++++++---- drivers/net/wireless/realtek/rtlwifi/wifi.h | 5 +++++ 3 files changed, 12 insertions(+), 19 deletions(-) diff --git a/drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtcoutsrc.c b/drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtcoutsrc.c index e0f9985582f9..738a7ea7dc4a 100644 --- a/drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtcoutsrc.c +++ b/drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtcoutsrc.c @@ -158,16 +158,6 @@ static u8 halbtc_get_wifi_central_chnl(struct btc_coexist *btcoexist) static u8 rtl_get_hwpg_single_ant_path(struct rtl_priv *rtlpriv) { - struct rtl_mod_params *mod_params = rtlpriv->cfg->mod_params; - - /* override ant_num / ant_path */ - if (mod_params->ant_sel) { - rtlpriv->btcoexist.btc_info.ant_num = - (mod_params->ant_sel == 1 ? ANT_X2 : ANT_X1); - - rtlpriv->btcoexist.btc_info.single_ant_path = - (mod_params->ant_sel == 1 ? 0 : 1); - } return rtlpriv->btcoexist.btc_info.single_ant_path; } @@ -178,7 +168,6 @@ static u8 rtl_get_hwpg_bt_type(struct rtl_priv *rtlpriv) static u8 rtl_get_hwpg_ant_num(struct rtl_priv *rtlpriv) { - struct rtl_mod_params *mod_params = rtlpriv->cfg->mod_params; u8 num; if (rtlpriv->btcoexist.btc_info.ant_num == ANT_X2) @@ -186,10 +175,6 @@ static u8 rtl_get_hwpg_ant_num(struct rtl_priv *rtlpriv) else num = 1; - /* override ant_num / ant_path */ - if (mod_params->ant_sel) - num = (mod_params->ant_sel == 1 ? ANT_X2 : ANT_X1) + 1; - return num; } diff --git a/drivers/net/wireless/realtek/rtlwifi/rtl8723be/hw.c b/drivers/net/wireless/realtek/rtlwifi/rtl8723be/hw.c index e7bbbc95cdb1..b4f3f91b590e 100644 --- a/drivers/net/wireless/realtek/rtlwifi/rtl8723be/hw.c +++ b/drivers/net/wireless/realtek/rtlwifi/rtl8723be/hw.c @@ -848,6 +848,9 @@ static bool _rtl8723be_init_mac(struct ieee80211_hw *hw) return false; } + if (rtlpriv->cfg->ops->get_btc_status()) + rtlpriv->btcoexist.btc_ops->btc_power_on_setting(rtlpriv); + bytetmp = rtl_read_byte(rtlpriv, REG_MULTI_FUNC_CTRL); rtl_write_byte(rtlpriv, REG_MULTI_FUNC_CTRL, bytetmp | BIT(3)); @@ -2696,21 +2699,21 @@ void rtl8723be_read_bt_coexist_info_from_hwpg(struct ieee80211_hw *hw, rtlpriv->btcoexist.btc_info.bt_type = BT_RTL8723B; rtlpriv->btcoexist.btc_info.ant_num = (value & 0x1); rtlpriv->btcoexist.btc_info.single_ant_path = - (value & 0x40); /*0xc3[6]*/ + (value & 0x40 ? ANT_AUX : ANT_MAIN); /*0xc3[6]*/ } else { rtlpriv->btcoexist.btc_info.btcoexist = 0; rtlpriv->btcoexist.btc_info.bt_type = BT_RTL8723B; rtlpriv->btcoexist.btc_info.ant_num = ANT_X2; - rtlpriv->btcoexist.btc_info.single_ant_path = 0; + rtlpriv->btcoexist.btc_info.single_ant_path = ANT_MAIN; } /* override ant_num / ant_path */ if (mod_params->ant_sel) { rtlpriv->btcoexist.btc_info.ant_num = - (mod_params->ant_sel == 1 ? ANT_X2 : ANT_X1); + (mod_params->ant_sel == 1 ? ANT_X1 : ANT_X2); rtlpriv->btcoexist.btc_info.single_ant_path = - (mod_params->ant_sel == 1 ? 0 : 1); + (mod_params->ant_sel == 1 ? ANT_AUX : ANT_MAIN); } } diff --git a/drivers/net/wireless/realtek/rtlwifi/wifi.h b/drivers/net/wireless/realtek/rtlwifi/wifi.h index c32985cfe48d..ab32a62ead81 100644 --- a/drivers/net/wireless/realtek/rtlwifi/wifi.h +++ b/drivers/net/wireless/realtek/rtlwifi/wifi.h @@ -2882,6 +2882,11 @@ enum bt_ant_num { ANT_X1 = 1, }; +enum bt_ant_path { + ANT_MAIN = 0, + ANT_AUX = 1, +}; + enum bt_co_type { BT_2WIRE = 0, BT_ISSC_3WIRE = 1, -- 2.15.1

7 years, 2 months

4
6
0 0

FAILED: patch "[PATCH] drm/amd/display: Don't program bypass on linear regamma LUT" failed to apply to 4.16-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.16-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From d78fd7255881645fc645e23145d469385227170d Mon Sep 17 00:00:00 2001 From: Harry Wentland <harry.wentland(a)amd.com> Date: Thu, 12 Apr 2018 16:37:09 -0400 Subject: [PATCH] drm/amd/display: Don't program bypass on linear regamma LUT Even though this is required for degamma since DCE HW only supports a couple predefined LUTs we can just program the LUT directly for regamma. This fixes dark screens which occurs when we program regamma to bypass while degamma is using srgb LUT. Signed-off-by: Harry Wentland <harry.wentland(a)amd.com> Reviewed-by: Leo Li <sunpeng.li(a)amd.com> Cc: stable(a)vger.kernel.org Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_color.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_color.c index f6cb502c303f..25f064c01038 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_color.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_color.c @@ -138,13 +138,6 @@ int amdgpu_dm_set_regamma_lut(struct dm_crtc_state *crtc) lut = (struct drm_color_lut *)blob->data; lut_size = blob->length / sizeof(struct drm_color_lut); - if (__is_lut_linear(lut, lut_size)) { - /* Set to bypass if lut is set to linear */ - stream->out_transfer_func->type = TF_TYPE_BYPASS; - stream->out_transfer_func->tf = TRANSFER_FUNCTION_LINEAR; - return 0; - } - gamma = dc_create_gamma(); if (!gamma) return -ENOMEM;

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] x86/mm: Prevent kernel Oops in PTDUMP code with HIGHPTE=y" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From d6ef1f194b7569af8b8397876dc9ab07649d63cb Mon Sep 17 00:00:00 2001 From: Joerg Roedel <jroedel(a)suse.de> Date: Tue, 17 Apr 2018 15:27:16 +0200 Subject: [PATCH] x86/mm: Prevent kernel Oops in PTDUMP code with HIGHPTE=y The walk_pte_level() function just uses __va to get the virtual address of the PTE page, but that breaks when the PTE page is not in the direct mapping with HIGHPTE=y. The result is an unhandled kernel paging request at some random address when accessing the current_kernel or current_user file. Use the correct API to access PTE pages. Fixes: fe770bf0310d ('x86: clean up the page table dumper and add 32-bit support') Signed-off-by: Joerg Roedel <jroedel(a)suse.de> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org Cc: jgross(a)suse.com Cc: JBeulich(a)suse.com Cc: hpa(a)zytor.com Cc: aryabinin(a)virtuozzo.com Cc: kirill.shutemov(a)linux.intel.com Link: https://lkml.kernel.org/r/1523971636-4137-1-git-send-email-joro@8bytes.org diff --git a/arch/x86/mm/dump_pagetables.c b/arch/x86/mm/dump_pagetables.c index 62a7e9f65dec..cc7ff5957194 100644 --- a/arch/x86/mm/dump_pagetables.c +++ b/arch/x86/mm/dump_pagetables.c @@ -18,6 +18,7 @@ #include <linux/init.h> #include <linux/sched.h> #include <linux/seq_file.h> +#include <linux/highmem.h> #include <asm/pgtable.h> @@ -334,16 +335,16 @@ static void walk_pte_level(struct seq_file *m, struct pg_state *st, pmd_t addr, pgprotval_t eff_in, unsigned long P) { int i; - pte_t *start; + pte_t *pte; pgprotval_t prot, eff; - start = (pte_t *)pmd_page_vaddr(addr); for (i = 0; i < PTRS_PER_PTE; i++) { - prot = pte_flags(*start); - eff = effective_prot(eff_in, prot); st->current_address = normalize_addr(P + i * PTE_LEVEL_MULT); + pte = pte_offset_map(&addr, st->current_address); + prot = pte_flags(*pte); + eff = effective_prot(eff_in, prot); note_page(m, st, __pgprot(prot), eff, 5); - start++; + pte_unmap(pte); } } #ifdef CONFIG_KASAN

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] x86/mm: Prevent kernel Oops in PTDUMP code with HIGHPTE=y" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From d6ef1f194b7569af8b8397876dc9ab07649d63cb Mon Sep 17 00:00:00 2001 From: Joerg Roedel <jroedel(a)suse.de> Date: Tue, 17 Apr 2018 15:27:16 +0200 Subject: [PATCH] x86/mm: Prevent kernel Oops in PTDUMP code with HIGHPTE=y The walk_pte_level() function just uses __va to get the virtual address of the PTE page, but that breaks when the PTE page is not in the direct mapping with HIGHPTE=y. The result is an unhandled kernel paging request at some random address when accessing the current_kernel or current_user file. Use the correct API to access PTE pages. Fixes: fe770bf0310d ('x86: clean up the page table dumper and add 32-bit support') Signed-off-by: Joerg Roedel <jroedel(a)suse.de> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org Cc: jgross(a)suse.com Cc: JBeulich(a)suse.com Cc: hpa(a)zytor.com Cc: aryabinin(a)virtuozzo.com Cc: kirill.shutemov(a)linux.intel.com Link: https://lkml.kernel.org/r/1523971636-4137-1-git-send-email-joro@8bytes.org diff --git a/arch/x86/mm/dump_pagetables.c b/arch/x86/mm/dump_pagetables.c index 62a7e9f65dec..cc7ff5957194 100644 --- a/arch/x86/mm/dump_pagetables.c +++ b/arch/x86/mm/dump_pagetables.c @@ -18,6 +18,7 @@ #include <linux/init.h> #include <linux/sched.h> #include <linux/seq_file.h> +#include <linux/highmem.h> #include <asm/pgtable.h> @@ -334,16 +335,16 @@ static void walk_pte_level(struct seq_file *m, struct pg_state *st, pmd_t addr, pgprotval_t eff_in, unsigned long P) { int i; - pte_t *start; + pte_t *pte; pgprotval_t prot, eff; - start = (pte_t *)pmd_page_vaddr(addr); for (i = 0; i < PTRS_PER_PTE; i++) { - prot = pte_flags(*start); - eff = effective_prot(eff_in, prot); st->current_address = normalize_addr(P + i * PTE_LEVEL_MULT); + pte = pte_offset_map(&addr, st->current_address); + prot = pte_flags(*pte); + eff = effective_prot(eff_in, prot); note_page(m, st, __pgprot(prot), eff, 5); - start++; + pte_unmap(pte); } } #ifdef CONFIG_KASAN

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] x86/mm: Prevent kernel Oops in PTDUMP code with HIGHPTE=y" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From d6ef1f194b7569af8b8397876dc9ab07649d63cb Mon Sep 17 00:00:00 2001 From: Joerg Roedel <jroedel(a)suse.de> Date: Tue, 17 Apr 2018 15:27:16 +0200 Subject: [PATCH] x86/mm: Prevent kernel Oops in PTDUMP code with HIGHPTE=y The walk_pte_level() function just uses __va to get the virtual address of the PTE page, but that breaks when the PTE page is not in the direct mapping with HIGHPTE=y. The result is an unhandled kernel paging request at some random address when accessing the current_kernel or current_user file. Use the correct API to access PTE pages. Fixes: fe770bf0310d ('x86: clean up the page table dumper and add 32-bit support') Signed-off-by: Joerg Roedel <jroedel(a)suse.de> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org Cc: jgross(a)suse.com Cc: JBeulich(a)suse.com Cc: hpa(a)zytor.com Cc: aryabinin(a)virtuozzo.com Cc: kirill.shutemov(a)linux.intel.com Link: https://lkml.kernel.org/r/1523971636-4137-1-git-send-email-joro@8bytes.org diff --git a/arch/x86/mm/dump_pagetables.c b/arch/x86/mm/dump_pagetables.c index 62a7e9f65dec..cc7ff5957194 100644 --- a/arch/x86/mm/dump_pagetables.c +++ b/arch/x86/mm/dump_pagetables.c @@ -18,6 +18,7 @@ #include <linux/init.h> #include <linux/sched.h> #include <linux/seq_file.h> +#include <linux/highmem.h> #include <asm/pgtable.h> @@ -334,16 +335,16 @@ static void walk_pte_level(struct seq_file *m, struct pg_state *st, pmd_t addr, pgprotval_t eff_in, unsigned long P) { int i; - pte_t *start; + pte_t *pte; pgprotval_t prot, eff; - start = (pte_t *)pmd_page_vaddr(addr); for (i = 0; i < PTRS_PER_PTE; i++) { - prot = pte_flags(*start); - eff = effective_prot(eff_in, prot); st->current_address = normalize_addr(P + i * PTE_LEVEL_MULT); + pte = pte_offset_map(&addr, st->current_address); + prot = pte_flags(*pte); + eff = effective_prot(eff_in, prot); note_page(m, st, __pgprot(prot), eff, 5); - start++; + pte_unmap(pte); } } #ifdef CONFIG_KASAN

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] x86/mm: Prevent kernel Oops in PTDUMP code with HIGHPTE=y" failed to apply to 4.16-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.16-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From d6ef1f194b7569af8b8397876dc9ab07649d63cb Mon Sep 17 00:00:00 2001 From: Joerg Roedel <jroedel(a)suse.de> Date: Tue, 17 Apr 2018 15:27:16 +0200 Subject: [PATCH] x86/mm: Prevent kernel Oops in PTDUMP code with HIGHPTE=y The walk_pte_level() function just uses __va to get the virtual address of the PTE page, but that breaks when the PTE page is not in the direct mapping with HIGHPTE=y. The result is an unhandled kernel paging request at some random address when accessing the current_kernel or current_user file. Use the correct API to access PTE pages. Fixes: fe770bf0310d ('x86: clean up the page table dumper and add 32-bit support') Signed-off-by: Joerg Roedel <jroedel(a)suse.de> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org Cc: jgross(a)suse.com Cc: JBeulich(a)suse.com Cc: hpa(a)zytor.com Cc: aryabinin(a)virtuozzo.com Cc: kirill.shutemov(a)linux.intel.com Link: https://lkml.kernel.org/r/1523971636-4137-1-git-send-email-joro@8bytes.org diff --git a/arch/x86/mm/dump_pagetables.c b/arch/x86/mm/dump_pagetables.c index 62a7e9f65dec..cc7ff5957194 100644 --- a/arch/x86/mm/dump_pagetables.c +++ b/arch/x86/mm/dump_pagetables.c @@ -18,6 +18,7 @@ #include <linux/init.h> #include <linux/sched.h> #include <linux/seq_file.h> +#include <linux/highmem.h> #include <asm/pgtable.h> @@ -334,16 +335,16 @@ static void walk_pte_level(struct seq_file *m, struct pg_state *st, pmd_t addr, pgprotval_t eff_in, unsigned long P) { int i; - pte_t *start; + pte_t *pte; pgprotval_t prot, eff; - start = (pte_t *)pmd_page_vaddr(addr); for (i = 0; i < PTRS_PER_PTE; i++) { - prot = pte_flags(*start); - eff = effective_prot(eff_in, prot); st->current_address = normalize_addr(P + i * PTE_LEVEL_MULT); + pte = pte_offset_map(&addr, st->current_address); + prot = pte_flags(*pte); + eff = effective_prot(eff_in, prot); note_page(m, st, __pgprot(prot), eff, 5); - start++; + pte_unmap(pte); } } #ifdef CONFIG_KASAN

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: Fix race condition between delayed refs and blockgroup" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 5e388e95815408c27f3612190d089afc0774b870 Mon Sep 17 00:00:00 2001 From: Nikolay Borisov <nborisov(a)suse.com> Date: Wed, 18 Apr 2018 09:41:54 +0300 Subject: [PATCH] btrfs: Fix race condition between delayed refs and blockgroup removal When the delayed refs for a head are all run, eventually cleanup_ref_head is called which (in case of deletion) obtains a reference for the relevant btrfs_space_info struct by querying the bg for the range. This is problematic because when the last extent of a bg is deleted a race window emerges between removal of that bg and the subsequent invocation of cleanup_ref_head. This can result in cache being null and either a null pointer dereference or assertion failure. task: ffff8d04d31ed080 task.stack: ffff9e5dc10cc000 RIP: 0010:assfail.constprop.78+0x18/0x1a [btrfs] RSP: 0018:ffff9e5dc10cfbe8 EFLAGS: 00010292 RAX: 0000000000000044 RBX: 0000000000000000 RCX: 0000000000000000 RDX: ffff8d04ffc1f868 RSI: ffff8d04ffc178c8 RDI: ffff8d04ffc178c8 RBP: ffff8d04d29e5ea0 R08: 00000000000001f0 R09: 0000000000000001 R10: ffff9e5dc0507d58 R11: 0000000000000001 R12: ffff8d04d29e5ea0 R13: ffff8d04d29e5f08 R14: ffff8d04efe29b40 R15: ffff8d04efe203e0 FS: 00007fbf58ead500(0000) GS:ffff8d04ffc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fe6c6975648 CR3: 0000000013b2a000 CR4: 00000000000006f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __btrfs_run_delayed_refs+0x10e7/0x12c0 [btrfs] btrfs_run_delayed_refs+0x68/0x250 [btrfs] btrfs_should_end_transaction+0x42/0x60 [btrfs] btrfs_truncate_inode_items+0xaac/0xfc0 [btrfs] btrfs_evict_inode+0x4c6/0x5c0 [btrfs] evict+0xc6/0x190 do_unlinkat+0x19c/0x300 do_syscall_64+0x74/0x140 entry_SYSCALL_64_after_hwframe+0x3d/0xa2 RIP: 0033:0x7fbf589c57a7 To fix this, introduce a new flag "is_system" to head_ref structs, which is populated at insertion time. This allows to decouple the querying for the spaceinfo from querying the possibly deleted bg. Fixes: d7eae3403f46 ("Btrfs: rework delayed ref total_bytes_pinned accounting") CC: stable(a)vger.kernel.org # 4.14+ Suggested-by: Omar Sandoval <osandov(a)osandov.com> Signed-off-by: Nikolay Borisov <nborisov(a)suse.com> Reviewed-by: Omar Sandoval <osandov(a)fb.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/delayed-ref.c b/fs/btrfs/delayed-ref.c index 9e98295de7ce..e1b0651686f7 100644 --- a/fs/btrfs/delayed-ref.c +++ b/fs/btrfs/delayed-ref.c @@ -540,8 +540,10 @@ add_delayed_ref_head(struct btrfs_fs_info *fs_info, struct btrfs_delayed_ref_head *head_ref, struct btrfs_qgroup_extent_record *qrecord, u64 bytenr, u64 num_bytes, u64 ref_root, u64 reserved, - int action, int is_data, int *qrecord_inserted_ret, + int action, int is_data, int is_system, + int *qrecord_inserted_ret, int *old_ref_mod, int *new_ref_mod) + { struct btrfs_delayed_ref_head *existing; struct btrfs_delayed_ref_root *delayed_refs; @@ -585,6 +587,7 @@ add_delayed_ref_head(struct btrfs_fs_info *fs_info, head_ref->ref_mod = count_mod; head_ref->must_insert_reserved = must_insert_reserved; head_ref->is_data = is_data; + head_ref->is_system = is_system; head_ref->ref_tree = RB_ROOT; INIT_LIST_HEAD(&head_ref->ref_add_list); RB_CLEAR_NODE(&head_ref->href_node); @@ -772,6 +775,7 @@ int btrfs_add_delayed_tree_ref(struct btrfs_fs_info *fs_info, struct btrfs_delayed_ref_root *delayed_refs; struct btrfs_qgroup_extent_record *record = NULL; int qrecord_inserted; + int is_system = (ref_root == BTRFS_CHUNK_TREE_OBJECTID); BUG_ON(extent_op && extent_op->is_data); ref = kmem_cache_alloc(btrfs_delayed_tree_ref_cachep, GFP_NOFS); @@ -800,8 +804,8 @@ int btrfs_add_delayed_tree_ref(struct btrfs_fs_info *fs_info, */ head_ref = add_delayed_ref_head(fs_info, trans, head_ref, record, bytenr, num_bytes, 0, 0, action, 0, - &qrecord_inserted, old_ref_mod, - new_ref_mod); + is_system, &qrecord_inserted, + old_ref_mod, new_ref_mod); add_delayed_tree_ref(fs_info, trans, head_ref, &ref->node, bytenr, num_bytes, parent, ref_root, level, action); @@ -868,7 +872,7 @@ int btrfs_add_delayed_data_ref(struct btrfs_fs_info *fs_info, */ head_ref = add_delayed_ref_head(fs_info, trans, head_ref, record, bytenr, num_bytes, ref_root, reserved, - action, 1, &qrecord_inserted, + action, 1, 0, &qrecord_inserted, old_ref_mod, new_ref_mod); add_delayed_data_ref(fs_info, trans, head_ref, &ref->node, bytenr, @@ -898,9 +902,14 @@ int btrfs_add_delayed_extent_op(struct btrfs_fs_info *fs_info, delayed_refs = &trans->transaction->delayed_refs; spin_lock(&delayed_refs->lock); + /* + * extent_ops just modify the flags of an extent and they don't result + * in ref count changes, hence it's safe to pass false/0 for is_system + * argument + */ add_delayed_ref_head(fs_info, trans, head_ref, NULL, bytenr, num_bytes, 0, 0, BTRFS_UPDATE_DELAYED_HEAD, - extent_op->is_data, NULL, NULL, NULL); + extent_op->is_data, 0, NULL, NULL, NULL); spin_unlock(&delayed_refs->lock); return 0; diff --git a/fs/btrfs/delayed-ref.h b/fs/btrfs/delayed-ref.h index 741869dbc316..7f00db50bd24 100644 --- a/fs/btrfs/delayed-ref.h +++ b/fs/btrfs/delayed-ref.h @@ -127,6 +127,7 @@ struct btrfs_delayed_ref_head { */ unsigned int must_insert_reserved:1; unsigned int is_data:1; + unsigned int is_system:1; unsigned int processing:1; }; diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c index 055494ddcace..f99102063366 100644 --- a/fs/btrfs/extent-tree.c +++ b/fs/btrfs/extent-tree.c @@ -2601,13 +2601,19 @@ static int cleanup_ref_head(struct btrfs_trans_handle *trans, trace_run_delayed_ref_head(fs_info, head, 0); if (head->total_ref_mod < 0) { - struct btrfs_block_group_cache *cache; + struct btrfs_space_info *space_info; + u64 flags; - cache = btrfs_lookup_block_group(fs_info, head->bytenr); - ASSERT(cache); - percpu_counter_add(&cache->space_info->total_bytes_pinned, + if (head->is_data) + flags = BTRFS_BLOCK_GROUP_DATA; + else if (head->is_system) + flags = BTRFS_BLOCK_GROUP_SYSTEM; + else + flags = BTRFS_BLOCK_GROUP_METADATA; + space_info = __find_space_info(fs_info, flags); + ASSERT(space_info); + percpu_counter_add(&space_info->total_bytes_pinned, -head->num_bytes); - btrfs_put_block_group(cache); if (head->is_data) { spin_lock(&delayed_refs->lock);

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] cifs: smbd: Dump SMB packet when configured" failed to apply to 4.16-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.16-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From ff30b89e0ab71115cbad6ae10a58bd83fe18b41f Mon Sep 17 00:00:00 2001 From: Long Li <longli(a)microsoft.com> Date: Tue, 17 Apr 2018 12:17:10 -0700 Subject: [PATCH] cifs: smbd: Dump SMB packet when configured When sending through SMB Direct, also dump the packet in SMB send path. Also fixed a typo in debug message. Signed-off-by: Long Li <longli(a)microsoft.com> Cc: stable(a)vger.kernel.org Signed-off-by: Steve French <smfrench(a)gmail.com> Reviewed-by: Ronnie Sahlberg <lsahlber(a)redhat.com> diff --git a/fs/cifs/smbdirect.c b/fs/cifs/smbdirect.c index d611ed0537fd..87817ddcc096 100644 --- a/fs/cifs/smbdirect.c +++ b/fs/cifs/smbdirect.c @@ -1028,7 +1028,7 @@ static int smbd_post_send(struct smbd_connection *info, for (i = 0; i < request->num_sge; i++) { log_rdma_send(INFO, "rdma_request sge[%d] addr=%llu length=%u\n", - i, request->sge[0].addr, request->sge[0].length); + i, request->sge[i].addr, request->sge[i].length); ib_dma_sync_single_for_device( info->id->device, request->sge[i].addr, @@ -2139,6 +2139,10 @@ int smbd_send(struct smbd_connection *info, struct smb_rqst *rqst) goto done; } + cifs_dbg(FYI, "Sending smb (RDMA): smb_len=%u\n", buflen); + for (i = 0; i < rqst->rq_nvec-1; i++) + dump_smb(iov[i].iov_base, iov[i].iov_len); + remaining_data_length = buflen; log_write(INFO, "rqst->rq_nvec=%d rqst->rq_npages=%d rq_pagesz=%d "

7 years, 2 months

1
0
0 0

Linux 3.18.106

by Greg KH

I'm announcing the release of the 3.18.106 kernel. All users of the 3.18 kernel series must upgrade. The updated 3.18.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-3.18.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/boot/dts/at91sam9g25.dtsi | 2 arch/mips/lib/memset.S | 11 + arch/parisc/kernel/drivers.c | 4 arch/powerpc/include/asm/barrier.h | 3 arch/powerpc/include/asm/opal.h | 3 arch/powerpc/include/asm/synch.h | 4 arch/powerpc/lib/feature-fixups.c | 2 arch/powerpc/platforms/powernv/opal-nvram.c | 11 + arch/s390/hypfs/inode.c | 2 arch/s390/kernel/ipl.c | 1 drivers/char/random.c | 2 drivers/clk/mvebu/armada-38x.c | 15 +- drivers/gpu/drm/radeon/si_dpm.c | 4 drivers/hid/hidraw.c | 5 drivers/hid/i2c-hid/i2c-hid.c | 13 - drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 4 drivers/mmc/host/jz4740_mmc.c | 2 drivers/mtd/ubi/block.c | 2 drivers/mtd/ubi/build.c | 11 + drivers/net/slip/slhc.c | 5 drivers/net/xen-netfront.c | 7 drivers/pci/hotplug/acpiphp_glue.c | 23 ++- drivers/s390/cio/qdio_main.c | 42 +++-- drivers/thermal/imx_thermal.c | 6 drivers/thunderbolt/nhi.c | 1 drivers/usb/core/generic.c | 9 - drivers/usb/dwc3/dwc3-pci.c | 2 drivers/usb/musb/musb_gadget_ep0.c | 14 + drivers/watchdog/f71808e_wdt.c | 2 fs/autofs4/root.c | 2 fs/ext4/inode.c | 6 fs/ext4/super.c | 6 fs/jbd2/journal.c | 5 fs/jffs2/super.c | 2 fs/namespace.c | 3 fs/notify/fanotify/fanotify.c | 34 ++-- fs/reiserfs/journal.c | 2 fs/ubifs/super.c | 14 + include/net/slhc_vj.h | 1 include/sound/pcm_oss.h | 1 kernel/resource.c | 3 net/sunrpc/rpc_pipe.c | 1 sound/core/oss/pcm_oss.c | 189 ++++++++++++++++++++------ sound/core/rawmidi_compat.c | 18 +- sound/soc/codecs/ssm2602.c | 19 +- 46 files changed, 369 insertions(+), 151 deletions(-) Aaron Ma (1): HID: i2c-hid: fix size check and type usage Al Viro (4): jffs2_kill_sb(): deal with failed allocations hypfs_kill_super(): deal with failed allocations rpc_pipefs: fix double-dput() Don't leak MNT_INTERNAL away from internal mounts Alex Smith (1): mmc: jz4740: Fix race condition in IRQ mask update Amir Goldstein (1): fanotify: fix logic of events on child Andrew Morton (1): fs/reiserfs/journal.c: add missing resierfs_warning() arg Greg Kroah-Hartman (1): Linux 3.18.106 Heinrich Schuchardt (1): usb: musb: gadget: misplaced out of bounds check Helge Deller (1): parisc: Fix out of array access in match_pci_device() Ian Kent (1): autofs: mount point create should honour passed in mode Igor Pylypiv (1): watchdog: f71808e_wdt: Fix WD_EN register read James Kelly (1): ASoC: ssm2602: Replace reg_default_raw with reg_default Jason Andryuk (1): xen-netfront: Fix hang on device removal Julian Wiedmann (2): s390/qdio: don't retry EQBS after CCQ 96 s390/qdio: don't merge ERROR output buffers Matt Redfearn (3): MIPS: memset.S: EVA & fault support for small_memset MIPS: memset.S: Fix return of __clear_user from Lpartial_fixup MIPS: memset.S: Fix clobber of v1 in last_fixup Mauro Carvalho Chehab (1): media: v4l2-compat-ioctl32: don't oops on overlay Michael Ellerman (1): powerpc/lib: Fix off-by-one in alternate feature patching Mika Westerberg (2): ACPI / hotplug / PCI: Check presence of slot itself in get_slot_status() thunderbolt: Resume control channel after hibernation image is created Mikhail Lappo (1): thermal: imx: Fix race condition in imx_thermal_probe() Nicholas Mc Guire (1): ALSA: oss: consolidate kmalloc/memset 0 call to kzalloc Nicholas Piggin (4): powerpc/powernv: Handle unknown OPAL errors in opal_nvram_write() powerpc/64: Fix smp_wmb barrier definition use use lwsync consistently powerpc/powernv: define a standard delay for OPAL_BUSY type retry loops powerpc/powernv: Fix OPAL NVRAM driver OPAL_BUSY loops Nicolas Ferre (1): ARM: dts: at91: at91sam9g25: fix mux-mask pinctrl property Paul Parsons (1): drm/radeon: Fix PCIe lane width calculation Ralph Sennhauser (1): clk: mvebu: armada-38x: add support for 1866MHz variants Richard Genoud (1): clk: mvebu: armada-38x: add support for missing clocks Richard Weinberger (2): ubifs: Check ubifs_wbuf_sync() return code ubi: Reject MLC NAND Rodrigo Rivas Costa (1): HID: hidraw: Fix crash on HIDIOCGFEATURE with a destroyed device Romain Izard (1): ubi: Fix error for write access Takashi Iwai (7): resource: fix integer overflow at reallocation ALSA: pcm: Use ERESTARTSYS instead of EINTR in OSS emulation ALSA: pcm: Avoid potential races between OSS ioctls and read/write ALSA: pcm: Return -EBUSY for OSS ioctls changing busy streams ALSA: pcm: Fix mutex unbalance in OSS emulation ioctls ALSA: pcm: Fix endless loop for XRUN recovery in OSS emulation ALSA: rawmidi: Fix missing input substream checks in compat ioctls Tejaswi Tanikella (1): slip: Check if rstate is initialized before uncompressing Theodore Ts'o (4): random: use a tighter cap in credit_entropy_bits_safe() jbd2: if the journal is aborted then don't allow update of the log tail ext4: fail ext4_iget for root directory if unallocated ext4: don't allow r/w mounts if metadata blocks overlap the superblock Thinh Nguyen (1): usb: dwc3: pci: Properly cleanup resource Vasily Gorbik (1): s390/ipl: ensure loadparm valid flag is set Zhengjun Xing (1): USB:fix USB3 devices behind USB3 hubs not resuming at hibernate thaw

7 years, 2 months

2
3
0 0

Linux 4.16.4

by Greg KH

I'm announcing the release of the 4.16.4 kernel. All users of the 4.16 kernel series must upgrade. The updated 4.16.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.16.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/boot/dts/at91sam9g25.dtsi | 2 arch/arm/boot/dts/exynos5250.dtsi | 8 arch/arm/boot/dts/mt7623n-bananapi-bpi-r2.dts | 24 + arch/arm/boot/dts/sama5d4.dtsi | 2 arch/arm/mach-exynos/pm.c | 6 arch/arm64/boot/dts/amlogic/meson-gxbb-odroidc2.dts | 2 arch/mips/include/asm/uaccess.h | 11 arch/mips/lib/memset.S | 11 arch/powerpc/include/asm/barrier.h | 3 arch/powerpc/include/asm/opal.h | 3 arch/powerpc/include/asm/synch.h | 4 arch/powerpc/kernel/dt_cpu_ftrs.c | 19 + arch/powerpc/kernel/eeh_driver.c | 68 ++-- arch/powerpc/kernel/eeh_pe.c | 3 arch/powerpc/kernel/kprobes.c | 30 +- arch/powerpc/kernel/machine_kexec_file_64.c | 2 arch/powerpc/lib/feature-fixups.c | 2 arch/powerpc/mm/hash_utils_64.c | 6 arch/powerpc/mm/tlb-radix.c | 5 arch/powerpc/platforms/powernv/opal-nvram.c | 11 arch/powerpc/platforms/pseries/lpar.c | 8 arch/powerpc/sysdev/xive/native.c | 4 arch/s390/Kconfig | 8 arch/s390/hypfs/inode.c | 2 arch/s390/kernel/perf_cpum_cf_events.c | 1 arch/s390/kernel/setup.c | 1 arch/um/os-Linux/file.c | 1 arch/um/os-Linux/signal.c | 3 arch/x86/um/stub_segv.c | 3 arch/x86/xen/enlighten_pv.c | 8 drivers/acpi/nfit/core.c | 59 ++- drivers/acpi/nfit/nfit.h | 5 drivers/acpi/video_detect.c | 9 drivers/base/regmap/regmap.c | 2 drivers/bluetooth/hci_bcm.c | 20 + drivers/char/random.c | 84 ++++- drivers/char/tpm/tpm-interface.c | 4 drivers/clk/bcm/clk-bcm2835.c | 8 drivers/clk/mediatek/clk-mt2701.c | 15 - drivers/clk/mvebu/armada-38x.c | 14 drivers/clk/renesas/clk-sh73a0.c | 6 drivers/clk/tegra/clk-emc.c | 2 drivers/clk/tegra/clk-tegra-periph.c | 2 drivers/clk/tegra/clk-tegra-super-gen4.c | 8 drivers/clk/tegra/clk-tegra114.c | 3 drivers/clk/tegra/clk-tegra124.c | 7 drivers/clk/tegra/clk-tegra20.c | 23 - drivers/clk/tegra/clk-tegra210.c | 3 drivers/clk/tegra/clk-tegra30.c | 14 drivers/cpufreq/armada-37xx-cpufreq.c | 2 drivers/cpufreq/cppc_cpufreq.c | 3 drivers/dax/device.c | 2 drivers/dma/at_xdmac.c | 4 drivers/extcon/extcon-intel-cht-wc.c | 11 drivers/gpu/drm/amd/amdgpu/amdgpu_atpx_handler.c | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_bo_list.c | 6 drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 2 drivers/gpu/drm/amd/amdgpu/cik_sdma.c | 2 drivers/gpu/drm/amd/amdgpu/sdma_v2_4.c | 2 drivers/gpu/drm/amd/amdgpu/sdma_v3_0.c | 2 drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c | 2 drivers/gpu/drm/amd/amdgpu/si.c | 67 ++++ drivers/gpu/drm/amd/amdgpu/si_dpm.c | 4 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 31 -- drivers/gpu/drm/amd/display/dc/dce/dce_stream_encoder.c | 2 drivers/gpu/drm/i915/gvt/gvt.h | 5 drivers/gpu/drm/i915/gvt/mmio_context.c | 210 ++++++++++++-- drivers/gpu/drm/i915/gvt/mmio_context.h | 5 drivers/gpu/drm/i915/gvt/scheduler.c | 5 drivers/gpu/drm/i915/i915_drv.c | 22 - drivers/gpu/drm/i915/i915_drv.h | 2 drivers/gpu/drm/i915/i915_reg.h | 10 drivers/gpu/drm/i915/intel_sprite.c | 81 ++++- drivers/gpu/drm/radeon/radeon_device.c | 4 drivers/gpu/drm/radeon/si_dpm.c | 4 drivers/gpu/drm/rockchip/rockchip_drm_vop.c | 23 - drivers/hid/hid-core.c | 10 drivers/hid/hid-ids.h | 3 drivers/hid/hid-input.c | 27 + drivers/hid/hid-multitouch.c | 5 drivers/hid/hid-rmi.c | 4 drivers/hid/hidraw.c | 5 drivers/hid/i2c-hid/i2c-hid.c | 26 + drivers/hid/wacom_sys.c | 4 drivers/hid/wacom_wac.c | 76 +++-- drivers/i2c/busses/i2c-i801.c | 16 - drivers/infiniband/core/ucma.c | 3 drivers/infiniband/core/verbs.c | 12 drivers/infiniband/hw/mlx5/mr.c | 2 drivers/infiniband/sw/rxe/rxe_verbs.c | 5 drivers/infiniband/ulp/srp/ib_srp.c | 18 - drivers/infiniband/ulp/srpt/ib_srpt.c | 16 - drivers/iommu/intel-svm.c | 1 drivers/irqchip/irq-gic-common.c | 9 drivers/md/dm-crypt.c | 66 ++++ drivers/md/dm-raid.c | 3 drivers/md/dm.c | 30 +- drivers/media/common/videobuf2/videobuf2-core.c | 9 drivers/media/platform/vivid/vivid-vid-common.c | 3 drivers/media/platform/vsp1/vsp1_wpf.c | 2 drivers/media/rc/rc-main.c | 6 drivers/misc/cxl/cxllib.c | 85 +++-- drivers/mmc/core/block.c | 1 drivers/mmc/host/jz4740_mmc.c | 2 drivers/mmc/host/sdhci-pci-core.c | 25 + drivers/mmc/host/tmio_mmc_core.c | 2 drivers/mtd/ubi/block.c | 2 drivers/mtd/ubi/build.c | 11 drivers/mtd/ubi/fastmap-wl.c | 1 drivers/nvdimm/dimm.c | 8 drivers/nvdimm/dimm_devs.c | 22 - drivers/nvdimm/namespace_devs.c | 4 drivers/pci/hotplug/acpiphp_glue.c | 23 + drivers/pci/quirks.c | 4 drivers/phy/allwinner/phy-sun4i-usb.c | 10 drivers/pwm/pwm-mediatek.c | 35 ++ drivers/pwm/pwm-rcar.c | 8 drivers/soc/mediatek/mtk-scpsys.c | 2 drivers/spi/spi-atmel.c | 8 drivers/spi/spi.c | 19 - drivers/staging/media/atomisp/pci/atomisp2/atomisp_fops.c | 6 drivers/thermal/imx_thermal.c | 6 drivers/thunderbolt/icm.c | 36 +- drivers/thunderbolt/nhi.c | 1 drivers/thunderbolt/switch.c | 9 drivers/usb/core/generic.c | 9 drivers/usb/dwc3/core.c | 3 drivers/usb/dwc3/dwc3-pci.c | 2 drivers/usb/dwc3/gadget.c | 43 +- drivers/usb/gadget/function/f_midi.c | 3 drivers/usb/gadget/u_f.h | 2 drivers/usb/gadget/udc/core.c | 3 drivers/usb/musb/musb_gadget_ep0.c | 14 drivers/watchdog/f71808e_wdt.c | 2 fs/autofs4/root.c | 2 fs/ceph/inode.c | 10 fs/cifs/Kconfig | 1 fs/cifs/cifsencrypt.c | 85 ----- fs/cifs/cifsfs.c | 1 fs/cifs/cifsglob.h | 8 fs/cifs/cifsproto.h | 5 fs/cifs/inode.c | 33 ++ fs/cifs/link.c | 27 - fs/cifs/misc.c | 54 +++ fs/cifs/smb2misc.c | 64 ++++ fs/cifs/smb2ops.c | 15 - fs/cifs/smb2pdu.c | 38 ++ fs/cifs/smb2pdu.h | 1 fs/cifs/smb2proto.h | 5 fs/cifs/smb2transport.c | 97 ++---- fs/cifs/smbdirect.c | 19 - fs/cifs/smbencrypt.c | 27 - fs/cifs/transport.c | 17 + fs/ext4/balloc.c | 3 fs/ext4/dir.c | 8 fs/ext4/ext4_jbd2.c | 7 fs/ext4/ialloc.c | 47 --- fs/ext4/inode.c | 13 fs/ext4/ioctl.c | 8 fs/ext4/super.c | 21 - fs/ext4/xattr.c | 121 ++++---- fs/ext4/xattr.h | 11 fs/fs-writeback.c | 7 fs/jbd2/journal.c | 30 +- fs/jffs2/super.c | 2 fs/namespace.c | 3 fs/notify/fanotify/fanotify.c | 34 +- fs/orangefs/super.c | 5 fs/reiserfs/journal.c | 2 fs/ubifs/super.c | 14 fs/udf/unicode.c | 6 include/dt-bindings/clock/mt2701-clk.h | 3 include/linux/backing-dev-defs.h | 5 include/linux/backing-dev.h | 30 +- include/linux/blk_types.h | 5 include/linux/compiler-clang.h | 3 include/linux/compiler-gcc.h | 12 include/linux/hid.h | 15 - include/linux/hmm.h | 9 include/linux/mm.h | 1 include/sound/pcm_oss.h | 1 include/uapi/linux/random.h | 3 ipc/shm.c | 23 + kernel/resource.c | 3 kernel/trace/ring_buffer.c | 5 kernel/trace/trace_uprobe.c | 2 lib/swiotlb.c | 2 lib/vsprintf.c | 4 mm/filemap.c | 9 mm/hmm.c | 3 mm/ksm.c | 7 mm/memory-failure.c | 16 + mm/page-writeback.c | 18 - mm/slab.c | 3 net/sunrpc/rpc_pipe.c | 1 net/sunrpc/xprtrdma/rpc_rdma.c | 2 net/sunrpc/xprtrdma/transport.c | 2 net/sunrpc/xprtrdma/verbs.c | 13 net/sunrpc/xprtrdma/xprt_rdma.h | 1 sound/core/oss/pcm_oss.c | 186 ++++++++++-- sound/core/pcm.c | 8 sound/core/rawmidi_compat.c | 18 - sound/pci/hda/hda_intel.c | 3 sound/pci/hda/patch_realtek.c | 3 sound/soc/codecs/ssm2602.c | 19 - sound/soc/soc-topology.c | 23 + sound/usb/line6/midi.c | 2 virt/kvm/arm/vgic/vgic-its.c | 15 - 209 files changed, 2167 insertions(+), 999 deletions(-) Aaron Armstrong Skomra (1): HID: wacom: bluetooth: send exit report for recent Bluetooth devices Aaron Ma (4): HID: i2c-hid: fix size check and type usage HID: Fix hid_report_len usage HID: core: Fix size as type u32 HID: i2c-hid: Fix resume issue on Raydium touchscreen device Al Viro (5): jffs2_kill_sb(): deal with failed allocations hypfs_kill_super(): deal with failed allocations orangefs_kill_sb(): deal with allocation failures rpc_pipefs: fix double-dput() Don't leak MNT_INTERNAL away from internal mounts Alex Deucher (4): drm/amdgpu: Add an ATPX quirk for hybrid laptop drm/amdgpu/sdma: fix mask in emit_pipeline_sync drm/amdgpu: Fix PCIe lane width calculation drm/amdgpu/si: implement get/set pcie_lanes asic callback Alex Smith (1): mmc: jz4740: Fix race condition in IRQ mask update Alexander Kappner (1): mmc: core: Prevent bus reference leak in mmc_blk_init() Amir Goldstein (1): fanotify: fix logic of events on child Andrew Morton (3): fs/reiserfs/journal.c: add missing resierfs_warning() arg drivers/infiniband/core/verbs.c: fix build with gcc-4.4.4 drivers/infiniband/ulp/srpt/ib_srpt.c: fix build with gcc-4.4.4 Aniruddha Banerjee (1): irqchip/gic: Take lock when updating irq type Arnd Bergmann (1): clk: fix false-positive Wmaybe-uninitialized warning Aurelien Aptel (3): CIFS: refactor crypto shash/sdesc allocation&free CIFS: add sha512 secmech CIFS: implement v3.11 preauth integrity Bart Van Assche (5): RDMA/rxe: Fix an out-of-bounds read RDMA/core: Avoid that ib_drain_qp() triggers an out-of-bounds stack access IB/srp: Fix srp_abort() IB/srp: Fix completion vector assignment algorithm IB/srpt: Fix an out-of-bounds stack access in srpt_zerolength_write() Bas Nieuwenhuizen (1): drm/amdgpu: Fix always_valid bos multiple LRU insertions. Benjamin Herrenschmidt (1): powerpc/xive: Fix trying to "push" an already active pool VP Boris Brezillon (1): clk: bcm2835: De-assert/assert PLL reset signal when appropriate Charlene Liu (1): drm/amd/display: HDMI has no sound after Panel power off/on Chen-Yu Tsai (1): phy: allwinner: sun4i-usb: poll vbus changes on A23/A33 when driving VBUS Chris Chiu (1): tpm: self test failure should not cause suspend to fail Chuck Lever (2): xprtrdma: Fix latency regression on NUMA NFS/RDMA clients xprtrdma: Fix corner cases when handling device removal Claudio Imbrenda (1): mm/ksm.c: fix inconsistent accounting of zero pages Dan Carpenter (1): regmap: Fix reversed bounds check in regmap_raw_write() Dan Williams (6): acpi, nfit: rework NVDIMM leaf method detection libnvdimm, dimm: fix dpa reservation vs uninitialized label area libnvdimm, namespace: use a safe lookup for dimm device name nfit, address-range-scrub: fix scrub in-progress reporting nfit: skip region registration for incomplete control regions libnvdimm, dimm: handle EACCES failures from label reads Daniel Kurtz (1): mmc: sdhci-pci: Only do AMD tuning for HS200 Dave Jiang (1): device-dax: allow MAP_SYNC to succeed David Wang (1): ALSA: hda - New VIA controller suppor no-snoop path Dmitry Osipenko (1): clk: tegra: Mark HCLK, SCLK and EMC as critical Dmitry Torokhov (1): HID: input: fix battery level reporting on BT mice Eric Biggers (2): ipc/shm: fix use-after-free of shm file via remap_file_pages() ext4: limit xattr size to INT_MAX Eryu Guan (1): ext4: protect i_disksize update by i_data_sem in direct write path Eugen Hristev (1): spi: atmel: init FIFOs before spi enable Fabián Inostroza (1): ALSA: line6: Use correct endpoint type for midi output Felipe Balbi (2): usb: gadget: udc: core: update usb_ep_queue() documentation usb: dwc3: gadget: never call ->complete() from ->ep_queue() Frederic Barrat (1): cxl: Fix possible deadlock when processing page faults from cxllib George Cherian (1): cpufreq: CPPC: Use transition_delay_us depending transition_latency Greg Kroah-Hartman (1): Linux 4.16.4 Greg Thelen (1): writeback: safer lock nesting Gregory CLEMENT (1): cpufreq: armada-37xx: Fix clock leak Gustavo A. R. Silva (1): CIFS: fix sha512 check in cifs_crypto_secmech_release Hans Verkuil (2): media: atomisp_fops.c: disable atomisp_compat_ioctl32 media: vivid: check if the cec_adapter is valid Hans de Goede (3): Bluetooth: hci_bcm: Add irq_polarity module option ACPI / video: Add quirk to force acpi-video backlight on Samsung 670Z5E extcon: intel-cht-wc: Set direction and drv flags for V5 boost GPIO Harry Wentland (2): Revert "drm/amd/display: fix dereferencing possible ERR_PTR()" Revert "drm/amd/display: disable CRTCs with NULL FB on their primary plane (V2)" Heiko Carstens (1): s390: add support for IBM z14 Model ZR1 Heinrich Schuchardt (1): usb: musb: gadget: misplaced out of bounds check Heinz Mauelshagen (1): dm raid: fix nosync status Hui Wang (2): ALSA: hda/realtek - set PINCFG_HEADSET_MIC to parse_flags ALSA: hda/realtek - adjust the location of one mic Ian Kent (1): autofs: mount point create should honour passed in mode Igor Pylypiv (1): watchdog: f71808e_wdt: Fix WD_EN register read Imre Deak (1): drm/i915: Fix hibernation with ACPI S0 target state James Kelly (1): ASoC: ssm2602: Replace reg_default_raw with reg_default Jan Kara (1): udf: Fix leak of UTF-16 surrogates into encoded strings Jarkko Nikula (1): spi: Fix unregistration of controller with fixed SPI bus number Jason A. Donenfeld (1): um: Compile with modern headers Jason Andryuk (1): x86/xen: Delay get_cpu_cap until stack canary is established Jean Delvare (2): i2c: i801: Save register SMBSLVCMD value only once i2c: i801: Restore configuration at shutdown Jerome Brunet (1): ARM64: dts: meson: reduce odroid-c2 eMMC maximum rate Jiri Kosina (1): HID: i2c-hid: fix inverted return value from i2c_hid_command() Jiri Slaby (1): ext4: fix offset overflow on 32-bit archs in ext4_iomap_begin() Jérôme Glisse (2): mm/hmm: fix header file if/else/endif maze mm/hmm: hmm_pfns_bad() was accessing wrong struct Kees Cook (1): task_struct: only use anon struct under randstruct plugin Kieran Bingham (1): media: vsp1: Fix BRx conditional path in WPF Krzysztof Mazur (1): um: Use POSIX ucontext_t instead of struct ucontext Leon Romanovsky (1): RDMA/mlx5: Protect from NULL pointer derefence Liam Girdwood (1): ASoC: topology: Fix kcontrol name string handling Long Li (2): cifs: smbd: avoid reconnect lockup cifs: smbd: disconnect transport on RDMA errors Lu Baolu (1): iommu/vt-d: Fix a potential memory leak Marc Zyngier (2): KVM: arm/arm64: vgic-its: Fix potential overrun in vgic_copy_lpi_list drm/rockchip: Clear all interrupts before requesting the IRQ Marek Szyprowski (2): ARM: EXYNOS: Fix coupled CPU idle freeze on Exynos4210 ARM: dts: exynos: Fix IOMMU support for GScaler devices on Exynos5250 Masaharu Hayakawa (1): mmc: tmio: Fix error handling when issuing CMD23 Matt Redfearn (4): MIPS: uaccess: Add micromips clobbers to bzero invocation MIPS: memset.S: EVA & fault support for small_memset MIPS: memset.S: Fix return of __clear_user from Lpartial_fixup MIPS: memset.S: Fix clobber of v1 in last_fixup Matthew Wilcox (1): mm/filemap.c: fix NULL pointer in page_cache_tree_insert() Maxime Chevallier (1): spi: Fix scatterlist elements size in spi_map_buf Maxime Jayat (1): dmaengine: at_xdmac: fix rare residue corruption Michael Ellerman (2): powerpc/mm/radix: Fix checkstops caused by invalid tlbiel powerpc/lib: Fix off-by-one in alternate feature patching Michael Neuling (2): powerpc/eeh: Fix race with driver un/bind powerpc/eeh: Fix enabling bridge MMIO windows Mika Westerberg (6): ACPI / hotplug / PCI: Check presence of slot itself in get_slot_status() thunderbolt: Wait a bit longer for ICM to authenticate the active NVM thunderbolt: Serialize PCIe tunnel creation with PCI rescan thunderbolt: Resume control channel after hibernation image is created thunderbolt: Handle connecting device in place of host properly thunderbolt: Prevent crash when ICM firmware is not running Mike Snitzer (1): dm: backfill abnormal IO support to non-splitting IO submission Mikhail Lappo (1): thermal: imx: Fix race condition in imx_thermal_probe() Mikulas Patocka (2): block: use 32-bit blk_status_t on Alpha dm crypt: limit the number of allocated pages Naoya Horiguchi (1): mm: hwpoison: disable memory error handling on 1GB hugepage Naveen N. Rao (1): powerpc/kprobes: Fix call trace due to incorrect preempt count Nicholas Piggin (6): powerpc/64s: Fix pkey support in dt_cpu_ftrs, add CPU_FTR_PKEY bit powerpc/powernv: Handle unknown OPAL errors in opal_nvram_write() powerpc/64s: Fix dt_cpu_ftrs to have restore_cpu clear unwanted LPCR bits powerpc/64: Fix smp_wmb barrier definition use use lwsync consistently powerpc/powernv: define a standard delay for OPAL_BUSY type retry loops powerpc/powernv: Fix OPAL NVRAM driver OPAL_BUSY loops Nico Sneck (1): drm/radeon: add PX quirk for Asus K73TK Nicolas Ferre (1): ARM: dts: at91: at91sam9g25: fix mux-mask pinctrl property Paul Mackerras (1): powerpc/64: Call H_REGISTER_PROC_TBL when running as a HPT guest on POWER9 Paul Parsons (1): drm/radeon: Fix PCIe lane width calculation Ravi Bangoria (1): trace_uprobe: Use %lx to display offset Richard Genoud (1): clk: mvebu: armada-38x: add support for missing clocks Richard Weinberger (3): ubifs: Check ubifs_wbuf_sync() return code ubi: fastmap: Don't flush fastmap work on detach ubi: Reject MLC NAND Rodrigo Rivas Costa (1): HID: hidraw: Fix crash on HIDIOCGFEATURE with a destroyed device Roger Quadros (1): usb: dwc3: prevent setting PRTCAP to OTG from debugfs Roland Dreier (1): RDMA/ucma: Don't allow setting RDMA_OPTION_IB_PATH without an RDMA device Romain Izard (1): ubi: Fix error for write access Ronnie Sahlberg (2): cifs: fix memory leak in SMB2_open() fix smb3-encryption breakage when CONFIG_DEBUG_SG=y Ryo Kodama (1): pwm: rcar: Fix a condition to prevent mismatch value setting to duty Sakari Ailus (1): media: vb2: core: Finish buffers at the end of the stream Santiago Esteban (1): ARM: dts: at91: sama5d4: fix pinctrl compatible string Sean Wang (6): arm: dts: mt7623: fix USB initialization fails on bananapi-r2 soc: mediatek: fix the mistaken pointer accessed when subdomains are added clk: mediatek: fix PWM clock source by adding a fixed-factor clock pwm: mediatek: Fix up PWM4 and PWM5 malfunction on MT7623 pwm: mediatek: Improve precision in rate calculation dt-bindings: clock: mediatek: add binding for fixed-factor clock axisel_d4 Sean Young (1): media: rc: oops in ir_timer_keyup after device unplug Sinan Kaya (1): PCI: Mark Broadcom HT1100 and HT2000 Root Port Extended Tags as broken Steve French (2): Tree connect for SMB3.1.1 must be signed for non-encrypted shares smb3: Fix root directory when server returns inode number of zero Steven Rostedt (VMware) (2): vsprintf: Do not preprocess non-dereferenced pointers for bprintf (%px and %pK) ring-buffer: Check if memory is available before allocation Takashi Iwai (8): resource: fix integer overflow at reallocation swiotlb: fix unexpected swiotlb_alloc_coherent failures ALSA: pcm: Avoid potential races between OSS ioctls and read/write ALSA: pcm: Return -EBUSY for OSS ioctls changing busy streams ALSA: pcm: Fix mutex unbalance in OSS emulation ioctls ALSA: pcm: Fix UAF at PCM release via PCM timer access ALSA: pcm: Fix endless loop for XRUN recovery in OSS emulation ALSA: rawmidi: Fix missing input substream checks in compat ioctls Theodore Ts'o (17): random: use a tighter cap in credit_entropy_bits_safe() jbd2: if the journal is aborted then don't allow update of the log tail ext4: shutdown should not prevent get_write_access ext4: eliminate sleep from shutdown ioctl ext4: pass -ESHUTDOWN code to jbd2 layer ext4: don't update checksum of new initialized bitmaps ext4: fail ext4_iget for root directory if unallocated ext4: always initialize the crc32c checksum driver ext4: don't allow r/w mounts if metadata blocks overlap the superblock ext4: move call to ext4_error() into ext4_xattr_check_block() ext4: add bounds checking to ext4_xattr_find_entry() ext4: add extra checks to ext4_xattr_block_get() ext4: force revalidation of directory pointer after seekdir(2) random: fix crng_ready() test random: use a different mixing algorithm for add_device_randomness() random: crng_reseed() should lock the crng instance that it is modifying random: add new ioctl RNDRESEEDCRNG Thiago Jung Bauermann (1): powerpc/kexec_file: Fix error code when trying to load kdump kernel Thinh Nguyen (1): usb: dwc3: pci: Properly cleanup resource Ville Syrjälä (1): drm/i915: Correctly handle limited range YCbCr data on VLV/CHV Vlastimil Babka (1): mm, slab: reschedule cache_reap() on the same CPU Weinan Li (1): drm/i915/gvt: init mmio by lri command in vgpu inhibit context Yan, Zheng (1): ceph: always update atime/mtime/ctime for new inode Yavuz, Tuba (1): USB: gadget: f_midi: fixing a possible double-free in f_midi Zhengjun Xing (1): USB:fix USB3 devices behind USB3 hubs not resuming at hibernate thaw

7 years, 2 months

1
1
0 0

Linux 4.9.96

by Greg KH

I'm announcing the release of the 4.9.96 kernel. All users of the 4.9 kernel series must upgrade. The updated 4.9.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.9.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/boot/dts/at91sam9g25.dtsi | 2 arch/arm/boot/dts/exynos5250.dtsi | 8 arch/arm/boot/dts/sama5d4.dtsi | 2 arch/mips/include/asm/uaccess.h | 11 + arch/mips/lib/memset.S | 11 - arch/powerpc/include/asm/barrier.h | 3 arch/powerpc/include/asm/opal.h | 3 arch/powerpc/include/asm/synch.h | 4 arch/powerpc/kernel/eeh_pe.c | 3 arch/powerpc/lib/feature-fixups.c | 2 arch/powerpc/platforms/powernv/opal-nvram.c | 11 + arch/s390/hypfs/inode.c | 2 arch/um/os-Linux/file.c | 1 arch/um/os-Linux/signal.c | 3 arch/x86/um/stub_segv.c | 3 block/blk-mq.c | 4 drivers/acpi/nfit/core.c | 5 drivers/acpi/video_detect.c | 9 + drivers/base/regmap/regmap.c | 2 drivers/char/random.c | 29 ++- drivers/clk/bcm/clk-bcm2835.c | 8 drivers/clk/mvebu/armada-38x.c | 15 - drivers/clk/renesas/clk-sh73a0.c | 6 drivers/dma/at_xdmac.c | 4 drivers/gpu/drm/amd/amdgpu/amdgpu_atpx_handler.c | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_bo_list.c | 6 drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 2 drivers/gpu/drm/amd/amdgpu/si_dpm.c | 4 drivers/gpu/drm/radeon/si_dpm.c | 4 drivers/gpu/drm/rockchip/rockchip_drm_vop.c | 23 +- drivers/hid/hid-core.c | 10 - drivers/hid/hid-input.c | 3 drivers/hid/hid-multitouch.c | 5 drivers/hid/hid-rmi.c | 4 drivers/hid/hidraw.c | 5 drivers/hid/i2c-hid/i2c-hid.c | 13 - drivers/hid/wacom_sys.c | 2 drivers/infiniband/core/ucma.c | 3 drivers/infiniband/sw/rxe/rxe_verbs.c | 5 drivers/infiniband/ulp/srp/ib_srp.c | 18 +- drivers/iommu/intel-svm.c | 1 drivers/irqchip/irq-gic-common.c | 9 - drivers/mmc/host/jz4740_mmc.c | 2 drivers/mtd/ubi/block.c | 2 drivers/mtd/ubi/build.c | 11 + drivers/mtd/ubi/fastmap-wl.c | 1 drivers/net/xen-netfront.c | 7 drivers/nvdimm/namespace_devs.c | 4 drivers/pci/hotplug/acpiphp_glue.c | 23 +- drivers/pwm/pwm-rcar.c | 8 drivers/spi/spi.c | 10 - drivers/thermal/imx_thermal.c | 6 drivers/thunderbolt/nhi.c | 1 drivers/tty/n_tty.c | 6 drivers/tty/tty_io.c | 9 + drivers/usb/core/generic.c | 9 - drivers/usb/dwc3/dwc3-pci.c | 2 drivers/usb/gadget/function/f_midi.c | 3 drivers/usb/gadget/u_f.h | 2 drivers/usb/gadget/udc/core.c | 3 drivers/usb/musb/musb_gadget_ep0.c | 14 + drivers/vfio/pci/vfio_pci_config.c | 29 +++ drivers/watchdog/f71808e_wdt.c | 2 fs/autofs4/root.c | 2 fs/cifs/cifsglob.h | 1 fs/cifs/inode.c | 33 ++++ fs/ext4/balloc.c | 3 fs/ext4/ialloc.c | 47 ----- fs/ext4/inode.c | 11 - fs/ext4/super.c | 6 fs/fs-writeback.c | 7 fs/jbd2/journal.c | 5 fs/jffs2/super.c | 2 fs/namespace.c | 3 fs/notify/fanotify/fanotify.c | 34 +--- fs/orangefs/super.c | 5 fs/reiserfs/journal.c | 2 fs/ubifs/super.c | 14 + fs/udf/unicode.c | 6 include/dt-bindings/clock/mt2701-clk.h | 3 include/linux/backing-dev-defs.h | 5 include/linux/backing-dev.h | 30 +-- include/linux/hid.h | 6 include/linux/tty.h | 1 include/sound/pcm_oss.h | 1 include/uapi/linux/random.h | 3 ipc/shm.c | 23 ++ kernel/resource.c | 3 mm/filemap.c | 9 - mm/page-writeback.c | 18 +- mm/slab.c | 3 net/sunrpc/rpc_pipe.c | 1 sound/core/oss/pcm_oss.c | 186 ++++++++++++++++++----- sound/core/pcm.c | 8 sound/core/rawmidi_compat.c | 18 +- sound/pci/hda/hda_intel.c | 3 sound/soc/codecs/ssm2602.c | 19 +- sound/usb/line6/midi.c | 2 99 files changed, 648 insertions(+), 300 deletions(-) Aaron Ma (3): HID: i2c-hid: fix size check and type usage HID: Fix hid_report_len usage HID: core: Fix size as type u32 Al Viro (5): jffs2_kill_sb(): deal with failed allocations hypfs_kill_super(): deal with failed allocations orangefs_kill_sb(): deal with allocation failures rpc_pipefs: fix double-dput() Don't leak MNT_INTERNAL away from internal mounts Alex Deucher (2): drm/amdgpu: Add an ATPX quirk for hybrid laptop drm/amdgpu: Fix PCIe lane width calculation Alex Smith (1): mmc: jz4740: Fix race condition in IRQ mask update Alex Williamson (1): vfio/pci: Virtualize Maximum Read Request Size Amir Goldstein (1): fanotify: fix logic of events on child Andrew Morton (1): fs/reiserfs/journal.c: add missing resierfs_warning() arg Aniruddha Banerjee (1): irqchip/gic: Take lock when updating irq type Arnd Bergmann (1): clk: fix false-positive Wmaybe-uninitialized warning Bart Van Assche (3): RDMA/rxe: Fix an out-of-bounds read IB/srp: Fix srp_abort() IB/srp: Fix completion vector assignment algorithm Bas Nieuwenhuizen (1): drm/amdgpu: Fix always_valid bos multiple LRU insertions. Boris Brezillon (1): clk: bcm2835: De-assert/assert PLL reset signal when appropriate Dan Carpenter (1): regmap: Fix reversed bounds check in regmap_raw_write() Dan Williams (2): libnvdimm, namespace: use a safe lookup for dimm device name nfit, address-range-scrub: fix scrub in-progress reporting David Wang (1): ALSA: hda - New VIA controller suppor no-snoop path Eric Biggers (1): ipc/shm: fix use-after-free of shm file via remap_file_pages() Eryu Guan (1): ext4: protect i_disksize update by i_data_sem in direct write path Fabián Inostroza (1): ALSA: line6: Use correct endpoint type for midi output Felipe Balbi (1): usb: gadget: udc: core: update usb_ep_queue() documentation Greg Kroah-Hartman (1): Linux 4.9.96 Greg Thelen (1): writeback: safer lock nesting Hans de Goede (1): ACPI / video: Add quirk to force acpi-video backlight on Samsung 670Z5E Heinrich Schuchardt (1): usb: musb: gadget: misplaced out of bounds check Ian Kent (1): autofs: mount point create should honour passed in mode Igor Pylypiv (1): watchdog: f71808e_wdt: Fix WD_EN register read James Kelly (1): ASoC: ssm2602: Replace reg_default_raw with reg_default Jan Kara (1): udf: Fix leak of UTF-16 surrogates into encoded strings Jason A. Donenfeld (1): um: Compile with modern headers Jason Andryuk (1): xen-netfront: Fix hang on device removal Krzysztof Mazur (1): um: Use POSIX ucontext_t instead of struct ucontext Lu Baolu (1): iommu/vt-d: Fix a potential memory leak Marc Zyngier (1): drm/rockchip: Clear all interrupts before requesting the IRQ Marek Szyprowski (1): ARM: dts: exynos: Fix IOMMU support for GScaler devices on Exynos5250 Matt Redfearn (4): MIPS: uaccess: Add micromips clobbers to bzero invocation MIPS: memset.S: EVA & fault support for small_memset MIPS: memset.S: Fix return of __clear_user from Lpartial_fixup MIPS: memset.S: Fix clobber of v1 in last_fixup Matthew Wilcox (1): mm/filemap.c: fix NULL pointer in page_cache_tree_insert() Maxime Chevallier (1): spi: Fix scatterlist elements size in spi_map_buf Maxime Jayat (1): dmaengine: at_xdmac: fix rare residue corruption Michael Ellerman (1): powerpc/lib: Fix off-by-one in alternate feature patching Michael Neuling (1): powerpc/eeh: Fix enabling bridge MMIO windows Mika Westerberg (2): ACPI / hotplug / PCI: Check presence of slot itself in get_slot_status() thunderbolt: Resume control channel after hibernation image is created Mikhail Lappo (1): thermal: imx: Fix race condition in imx_thermal_probe() Nicholas Piggin (4): powerpc/powernv: Handle unknown OPAL errors in opal_nvram_write() powerpc/64: Fix smp_wmb barrier definition use use lwsync consistently powerpc/powernv: define a standard delay for OPAL_BUSY type retry loops powerpc/powernv: Fix OPAL NVRAM driver OPAL_BUSY loops Nicolas Ferre (1): ARM: dts: at91: at91sam9g25: fix mux-mask pinctrl property Paul Parsons (1): drm/radeon: Fix PCIe lane width calculation Ralph Sennhauser (1): clk: mvebu: armada-38x: add support for 1866MHz variants Richard Genoud (1): clk: mvebu: armada-38x: add support for missing clocks Richard Weinberger (3): ubifs: Check ubifs_wbuf_sync() return code ubi: fastmap: Don't flush fastmap work on detach ubi: Reject MLC NAND Rodrigo Rivas Costa (1): HID: hidraw: Fix crash on HIDIOCGFEATURE with a destroyed device Roland Dreier (1): RDMA/ucma: Don't allow setting RDMA_OPTION_IB_PATH without an RDMA device Romain Izard (1): ubi: Fix error for write access Ryo Kodama (1): pwm: rcar: Fix a condition to prevent mismatch value setting to duty Santiago Esteban (1): ARM: dts: at91: sama5d4: fix pinctrl compatible string Sean Wang (1): dt-bindings: clock: mediatek: add binding for fixed-factor clock axisel_d4 Steve French (1): smb3: Fix root directory when server returns inode number of zero Takashi Iwai (8): resource: fix integer overflow at reallocation ALSA: pcm: Fix UAF at PCM release via PCM timer access ALSA: pcm: Use ERESTARTSYS instead of EINTR in OSS emulation ALSA: pcm: Avoid potential races between OSS ioctls and read/write ALSA: pcm: Return -EBUSY for OSS ioctls changing busy streams ALSA: pcm: Fix mutex unbalance in OSS emulation ioctls ALSA: pcm: Fix endless loop for XRUN recovery in OSS emulation ALSA: rawmidi: Fix missing input substream checks in compat ioctls Tejun Heo (1): tty: make n_tty_read() always abort if hangup is in progress Theodore Ts'o (8): random: use a tighter cap in credit_entropy_bits_safe() jbd2: if the journal is aborted then don't allow update of the log tail ext4: don't update checksum of new initialized bitmaps ext4: fail ext4_iget for root directory if unallocated ext4: don't allow r/w mounts if metadata blocks overlap the superblock random: fix crng_ready() test random: crng_reseed() should lock the crng instance that it is modifying random: add new ioctl RNDRESEEDCRNG Thinh Nguyen (1): usb: dwc3: pci: Properly cleanup resource Vlastimil Babka (1): mm, slab: reschedule cache_reap() on the same CPU Wanpeng Li (1): block/mq: fix potential deadlock during cpu hotplug Yavuz, Tuba (1): USB: gadget: f_midi: fixing a possible double-free in f_midi Zhengjun Xing (1): USB:fix USB3 devices behind USB3 hubs not resuming at hibernate thaw

7 years, 2 months

1
1
0 0

Linux 4.4.129

by Greg KH

I'm announcing the release of the 4.4.129 kernel. All users of the 4.4 kernel series must upgrade. The updated 4.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.4.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/boot/dts/at91sam9g25.dtsi | 2 arch/arm/boot/dts/sama5d4.dtsi | 2 arch/mips/include/asm/uaccess.h | 11 - arch/mips/lib/memset.S | 11 - arch/parisc/kernel/drivers.c | 4 arch/powerpc/include/asm/barrier.h | 3 arch/powerpc/include/asm/opal.h | 3 arch/powerpc/include/asm/synch.h | 4 arch/powerpc/kernel/eeh_pe.c | 3 arch/powerpc/lib/feature-fixups.c | 2 arch/powerpc/platforms/powernv/opal-nvram.c | 11 + arch/s390/hypfs/inode.c | 2 arch/s390/kernel/ipl.c | 1 arch/um/os-Linux/signal.c | 2 arch/x86/Kconfig | 5 arch/x86/include/asm/arch_hweight.h | 24 +- arch/x86/kernel/i386_ksyms_32.c | 2 arch/x86/kernel/x8664_ksyms_64.c | 3 arch/x86/lib/Makefile | 2 arch/x86/lib/hweight.S | 79 ++++++++ arch/x86/um/stub_segv.c | 2 drivers/acpi/video_detect.c | 9 drivers/base/regmap/regmap.c | 2 drivers/block/loop.c | 12 - drivers/char/random.c | 2 drivers/clk/bcm/clk-bcm2835.c | 8 drivers/clk/mvebu/armada-38x.c | 15 - drivers/dma/at_xdmac.c | 4 drivers/gpu/drm/radeon/radeon_object.c | 3 drivers/gpu/drm/radeon/si_dpm.c | 4 drivers/hid/hid-core.c | 10 - drivers/hid/hid-input.c | 3 drivers/hid/hid-multitouch.c | 5 drivers/hid/hid-rmi.c | 4 drivers/hid/hidraw.c | 5 drivers/hid/i2c-hid/i2c-hid.c | 13 - drivers/hwmon/ina2xx.c | 3 drivers/infiniband/core/ucma.c | 3 drivers/infiniband/ulp/srp/ib_srp.c | 18 - drivers/iommu/intel-svm.c | 1 drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 4 drivers/mmc/host/jz4740_mmc.c | 2 drivers/mtd/ubi/block.c | 2 drivers/mtd/ubi/build.c | 11 + drivers/mtd/ubi/fastmap-wl.c | 1 drivers/net/slip/slhc.c | 5 drivers/net/usb/cdc_ether.c | 6 drivers/net/usb/lan78xx.c | 3 drivers/net/wireless/realtek/rtl818x/rtl8187/dev.c | 2 drivers/net/xen-netfront.c | 7 drivers/pci/hotplug/acpiphp_glue.c | 23 +- drivers/s390/cio/qdio_main.c | 42 ++-- drivers/thermal/imx_thermal.c | 6 drivers/thunderbolt/nhi.c | 1 drivers/tty/n_tty.c | 6 drivers/tty/tty_io.c | 9 drivers/usb/core/generic.c | 9 drivers/usb/dwc3/dwc3-pci.c | 2 drivers/usb/musb/musb_gadget_ep0.c | 14 - drivers/vfio/pci/vfio_pci_config.c | 107 ++++++++++- drivers/watchdog/f71808e_wdt.c | 2 fs/autofs4/root.c | 2 fs/ext4/balloc.c | 3 fs/ext4/ialloc.c | 47 ---- fs/ext4/inline.c | 66 +++--- fs/ext4/inode.c | 48 ++--- fs/ext4/super.c | 6 fs/ext4/xattr.c | 30 +-- fs/ext4/xattr.h | 32 +++ fs/fs-writeback.c | 7 fs/jbd2/journal.c | 5 fs/jffs2/super.c | 2 fs/namei.c | 3 fs/namespace.c | 3 fs/notify/fanotify/fanotify.c | 34 +-- fs/reiserfs/journal.c | 2 fs/ubifs/super.c | 14 + include/linux/backing-dev-defs.h | 5 include/linux/backing-dev.h | 31 +-- include/linux/hid.h | 6 include/linux/mm.h | 4 include/linux/tty.h | 1 include/net/slhc_vj.h | 1 include/sound/pcm_oss.h | 1 ipc/shm.c | 23 ++ kernel/resource.c | 3 lib/Makefile | 2 lib/hweight.c | 4 mm/filemap.c | 16 - mm/memory.c | 17 + mm/page-writeback.c | 18 - mm/slab.c | 3 net/sunrpc/rpc_pipe.c | 1 sound/core/oss/pcm_oss.c | 189 +++++++++++++++----- sound/core/pcm.c | 8 sound/core/rawmidi_compat.c | 18 + sound/pci/hda/hda_intel.c | 3 sound/soc/codecs/ssm2602.c | 19 +- sound/usb/line6/midi.c | 2 tools/perf/tests/code-reading.c | 20 -- tools/perf/util/intel-pt-decoder/intel-pt-decoder.c | 64 +++--- tools/perf/util/intel-pt-decoder/intel-pt-decoder.h | 2 tools/perf/util/intel-pt.c | 37 +++ 104 files changed, 924 insertions(+), 446 deletions(-) Aaron Ma (3): HID: i2c-hid: fix size check and type usage HID: Fix hid_report_len usage HID: core: Fix size as type u32 Adrian Hunter (4): perf intel-pt: Fix overlap detection to identify consecutive buffers correctly perf intel-pt: Fix sync_switch perf intel-pt: Fix error recovery from missing TIP packet perf intel-pt: Fix timestamp following overflow Al Viro (5): getname_kernel() needs to make sure that ->name != ->iname in long case jffs2_kill_sb(): deal with failed allocations hypfs_kill_super(): deal with failed allocations rpc_pipefs: fix double-dput() Don't leak MNT_INTERNAL away from internal mounts Alex Smith (1): mmc: jz4740: Fix race condition in IRQ mask update Alex Williamson (3): vfio-pci: Virtualize PCIe & AF FLR vfio/pci: Virtualize Maximum Payload Size vfio/pci: Virtualize Maximum Read Request Size Amir Goldstein (1): fanotify: fix logic of events on child Andrew Morton (1): fs/reiserfs/journal.c: add missing resierfs_warning() arg Arnd Bergmann (1): radeon: hide pointless #warning when compile testing Bart Van Assche (2): IB/srp: Fix srp_abort() IB/srp: Fix completion vector assignment algorithm Bassem Boubaker (1): cdc_ether: flag the Cinterion AHS8 modem by gemalto as WWAN Boris Brezillon (1): clk: bcm2835: De-assert/assert PLL reset signal when appropriate Borislav Petkov (1): x86/hweight: Get rid of the special calling convention Dan Carpenter (1): regmap: Fix reversed bounds check in regmap_raw_write() David Wang (1): ALSA: hda - New VIA controller suppor no-snoop path Eric Biggers (1): ipc/shm: fix use-after-free of shm file via remap_file_pages() Fabián Inostroza (1): ALSA: line6: Use correct endpoint type for midi output Greg Kroah-Hartman (2): Revert "perf tests: Decompress kernel module before objdump" Linux 4.4.129 Greg Thelen (1): writeback: safer lock nesting Hans de Goede (1): ACPI / video: Add quirk to force acpi-video backlight on Samsung 670Z5E Heinrich Schuchardt (1): usb: musb: gadget: misplaced out of bounds check Helge Deller (1): parisc: Fix out of array access in match_pci_device() Ian Kent (1): autofs: mount point create should honour passed in mode Igor Pylypiv (1): watchdog: f71808e_wdt: Fix WD_EN register read James Kelly (1): ASoC: ssm2602: Replace reg_default_raw with reg_default Jan Kara (1): ext4: fix crashes in dioread_nolock mode Jason Andryuk (1): xen-netfront: Fix hang on device removal Julian Wiedmann (2): s390/qdio: don't retry EQBS after CCQ 96 s390/qdio: don't merge ERROR output buffers Krzysztof Mazur (1): um: Use POSIX ucontext_t instead of struct ucontext Lu Baolu (1): iommu/vt-d: Fix a potential memory leak Marek Szyprowski (1): hwmon: (ina2xx) Fix access to uninitialized mutex Matt Redfearn (4): MIPS: uaccess: Add micromips clobbers to bzero invocation MIPS: memset.S: EVA & fault support for small_memset MIPS: memset.S: Fix return of __clear_user from Lpartial_fixup MIPS: memset.S: Fix clobber of v1 in last_fixup Matthew Wilcox (1): mm/filemap.c: fix NULL pointer in page_cache_tree_insert() Mauro Carvalho Chehab (1): media: v4l2-compat-ioctl32: don't oops on overlay Maxime Jayat (1): dmaengine: at_xdmac: fix rare residue corruption Michael Ellerman (1): powerpc/lib: Fix off-by-one in alternate feature patching Michael Neuling (1): powerpc/eeh: Fix enabling bridge MMIO windows Michal Hocko (1): mm: allow GFP_{FS,IO} for page_cache_read page cache allocation Mika Westerberg (2): ACPI / hotplug / PCI: Check presence of slot itself in get_slot_status() thunderbolt: Resume control channel after hibernation image is created Mikhail Lappo (1): thermal: imx: Fix race condition in imx_thermal_probe() Nicholas Mc Guire (1): ALSA: oss: consolidate kmalloc/memset 0 call to kzalloc Nicholas Piggin (4): powerpc/powernv: Handle unknown OPAL errors in opal_nvram_write() powerpc/64: Fix smp_wmb barrier definition use use lwsync consistently powerpc/powernv: define a standard delay for OPAL_BUSY type retry loops powerpc/powernv: Fix OPAL NVRAM driver OPAL_BUSY loops Nicolas Ferre (1): ARM: dts: at91: at91sam9g25: fix mux-mask pinctrl property Paul Parsons (1): drm/radeon: Fix PCIe lane width calculation Phil Elwell (1): lan78xx: Correctly indicate invalid OTP Ralph Sennhauser (1): clk: mvebu: armada-38x: add support for 1866MHz variants Richard Genoud (1): clk: mvebu: armada-38x: add support for missing clocks Richard Weinberger (3): ubifs: Check ubifs_wbuf_sync() return code ubi: fastmap: Don't flush fastmap work on detach ubi: Reject MLC NAND Rodrigo Rivas Costa (1): HID: hidraw: Fix crash on HIDIOCGFEATURE with a destroyed device Roland Dreier (1): RDMA/ucma: Don't allow setting RDMA_OPTION_IB_PATH without an RDMA device Romain Izard (1): ubi: Fix error for write access Santiago Esteban (1): ARM: dts: at91: sama5d4: fix pinctrl compatible string Sudhir Sreedharan (1): rtl8187: Fix NULL pointer dereference in priv->conf_mutex Takashi Iwai (8): resource: fix integer overflow at reallocation ALSA: pcm: Fix UAF at PCM release via PCM timer access ALSA: pcm: Use ERESTARTSYS instead of EINTR in OSS emulation ALSA: pcm: Avoid potential races between OSS ioctls and read/write ALSA: pcm: Return -EBUSY for OSS ioctls changing busy streams ALSA: pcm: Fix mutex unbalance in OSS emulation ioctls ALSA: pcm: Fix endless loop for XRUN recovery in OSS emulation ALSA: rawmidi: Fix missing input substream checks in compat ioctls Tejaswi Tanikella (1): slip: Check if rstate is initialized before uncompressing Tejun Heo (1): tty: make n_tty_read() always abort if hangup is in progress Tetsuo Handa (1): block/loop: fix deadlock after loop_set_status Theodore Ts'o (6): random: use a tighter cap in credit_entropy_bits_safe() jbd2: if the journal is aborted then don't allow update of the log tail ext4: don't update checksum of new initialized bitmaps ext4: fail ext4_iget for root directory if unallocated ext4: don't allow r/w mounts if metadata blocks overlap the superblock ext4: fix deadlock between inline_data and ext4_expand_extra_isize_ea() Thinh Nguyen (1): usb: dwc3: pci: Properly cleanup resource Vasily Gorbik (1): s390/ipl: ensure loadparm valid flag is set Ville Syrjälä (1): x86/hweight: Don't clobber %rdi Vlastimil Babka (1): mm, slab: reschedule cache_reap() on the same CPU Zhengjun Xing (1): USB:fix USB3 devices behind USB3 hubs not resuming at hibernate thaw wangguang (1): ext4: bugfix for mmaped pages in mpage_release_unused_pages()

7 years, 2 months

1
1
0 0

Re: [GIT PULL] commits for Linux 4.14

by Sasha Levin

Ping on these? Also, at this point I seem to be building these trees faster than we deal with them (so for example, 4.15 has about 600 patches that didn't make it in before it went EOL). I also have about 600+ outstanding patches for 4.14 queued up. Would you be ok with making these batches bigger? On Sun, Apr 15, 2018 at 05:37:48PM -0400, alexander.levin(a)microsoft.com wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA512 > >Hi Greg, > >Pleae pull commits for Linux 4.14 . > >I've sent a review request for all commits over a week ago and all >comments were addressed. > > >Thanks, >Sasha > >===== > > >The following changes since commit 9a2e216d9e892249b63d10603c75495749202df9: > > Linux 4.14.32 (2018-03-31 18:10:43 +0200) > >are available in the Git repository at: > > git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.14-15042018 > >for you to fetch changes up to e2397164e55e7ea0328b556363a7b362429916eb: > > RDMA/core: Reduce poll batch for direct cq polling (2018-04-15 10:45:12 -0400) > >- ---------------------------------------------------------------- >for-greg-4.14-15042018 > >- ---------------------------------------------------------------- >Aaron Sierra (1): > tty: serial: exar: Relocate sleep wake-up handling > >Alan Brady (1): > i40evf: ignore link up if not running > >Alex Estrin (2): > IB/hfi1: Fix for potential refcount leak in hfi1_open_file() > IB/ipoib: Fix for potential no-carrier state > >Alex Williamson (1): > PCI: Add function 1 DMA alias quirk for Marvell 9128 > >Alexey Dobriyan (1): > proc: fix /proc/*/map_files lookup > >Anand Jain (1): > btrfs: fail mount when sb flag is not in BTRFS_SUPER_FLAG_SUPP > >Andi Shyti (1): > Input: stmfts - set IRQ_NOAUTOEN to the irq flag > >Andy Shevchenko (1): > device property: Define type of PROPERTY_ENRTY_*() macros > >Andy Spencer (1): > gianfar: prevent integer wrapping in the rx handler > >Aneesh Kumar K.V (1): > powerpc/mm/hash64: Zero PGD pages on allocation > >Anna-Maria Gleixner (1): > tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into account > >Arnaldo Carvalho de Melo (2): > perf unwind: Do not look just at the global callchain_param.record_mode > perf callchain: Fix attr.sample_max_stack setting > >Arnd Bergmann (4): > scsi: fas216: fix sense buffer initialization > x86/power: Fix swsusp_arch_resume prototype > x86/dumpstack: Avoid uninitlized variable > cifs: silence compiler warnings showing up with gcc-8.0.0 > >Avinash Dayanand (1): > i40evf: Don't schedule reset_task when device is being removed > >Chen Yu (2): > ACPI: processor_perflib: Do not send _PPC change notification if not ready > cpufreq: intel_pstate: Enable HWP during system resume on CPU0 > >Christian Borntraeger (1): > KVM: s390: use created_vcpus in more places > >Chuck Lever (2): > xprtrdma: Fix backchannel allocation of extra rpcrdma_reps > svcrdma: Fix Read chunk round-up > >Coly Li (1): > bcache: properly set task state in bch_writeback_thread() > >Corentin LABBE (1): > crypto: artpec6 - remove select on non-existing CRYPTO_SHA384 > >Corinna Vinschen (1): > igb: Allow to remove administratively set MAC on VFs > >Dan Carpenter (2): > ASoC: au1x: Fix timeout tests in au1xac97c_ac97_read() > HID: roccat: prevent an out of bounds read in kovaplus_profile_activated() > >Daniel Borkmann (1): > bpf: fix rlimit in reuseport net selftest > >Daniel Hua (1): > igb: Clear TXSTMP when ptp_tx_work() is timeout > >David Herrmann (1): > platform/x86: thinkpad_acpi: suppress warning about palm detection > >David Hildenbrand (1): > KVM: s390: vsie: use READ_ONCE to access some SCB fields > >David Howells (1): > rxrpc: Don't put crypto buffers on the stack > >Dmitry Torokhov (1): > Input: psmouse - fix Synaptics detection when protocol is disabled > >Dmitry Vyukov (1): > netfilter: x_tables: fix pointer leaks to userspace > >Don Hiatt (1): > IB/core: Map iWarp AH type to undefined in rdma_ah_find_type > >Ed Swierk (1): > openvswitch: Remove padding from packet before L3+ conntrack processing > >Emil Tantilov (1): > ixgbe: don't set RXDCTL.RLPML for 82599 > >Eryu Guan (1): > blk-mq-debugfs: don't allow write on attributes with seq_operations set > >Geert Uytterhoeven (1): > ubifs: Fix uninitialized variable in search_dh_cookie() > >Goldwyn Rodrigues (1): > block: Set BIO_TRACE_COMPLETION on new bio during split > >Guanglei Li (1): > RDS: IB: Fix null pointer issue > >Guenter Roeck (1): > watchdog: sp5100_tco: Fix watchdog disable bit > >Gustavo A. R. Silva (1): > tcp_nv: fix potential integer overflow in tcpnv_acked > >Hans de Goede (4): > ACPI / LPSS: Do not instiate platform_dev for devs without MMIO resources > platform/x86: dell-laptop: Filter out spurious keyboard backlight change events > ACPI / bus: Do not call _STA on battery devices with unmet dependencies > ACPI / scan: Use acpi_bus_get_status() to initialize ACPI_TYPE_DEVICE devs > >Hector Martin (1): > firewire-ohci: work around oversized DMA reads on JMicron controllers > >Jacob Keller (2): > i40e: program fragmented IPv4 filter input set > i40e: fix reported mask for ntuple filters > >Jake Daryll Obina (1): > jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path > >James Hogan (2): > MIPS: Fix clean of vmlinuz.{32,ecoff,bin,srec} > MIPS: generic: Fix machine compatible matching > >Jan Chochol (1): > nfs: Do not convert nfs_idmap_cache_timeout to jiffies > >Jan H. Sch??nherr (1): > fs/dax.c: release PMD lock even when there is no PMD support in DAX > >Jason Gunthorpe (1): > RDMA/uverbs: Use an unambiguous errno for method not supported > >Jean Delvare (1): > firmware: dmi_scan: Fix handling of empty DMI strings > >Jeffy Chen (1): > ASoC: rockchip: Use dummy_dai for rt5514 dsp dailink > >Jens Axboe (1): > blk-mq: fix discard merge with scheduler attached > >Jesper Dangaard Brouer (2): > libbpf: Makefile set specified permission mode > tools/libbpf: handle issues with bpf ELF objects containing .eh_frames > >Jia Zhang (1): > vfs/proc/kcore, x86/mm/kcore: Fix SMAP fault when dumping vsyscall user page > >Jiri Olsa (2): > perf record: Fix period option handling > perf evsel: Fix period/freq terms setup > >John Fastabend (1): > bpf: sockmap, fix leaking maps with attached but not detached progs > >KarimAllah Ahmed (1): > kvm: Map PFN-type memory regions as writable (if possible) > >Karol Herbst (1): > drm/nouveau/pmu/fuc: don't use movw directly anymore > >Kirill A. Shutemov (1): > asm-generic: provide generic_pmdp_establish() > >Leon Romanovsky (1): > RDMA/mlx5: Avoid memory leak in case of XRCD dealloc failure > >Liu Bo (4): > Btrfs: set plug for fsync > Btrfs: fix scrub to repair raid6 corruption > Btrfs: fix unexpected EEXIST from btrfs_get_extent > Btrfs: raid56: fix race between merge_bio and rbio_orig_end_io > >Logan Gunthorpe (1): > ntb_transport: Fix bug with max_mw_size parameter > >Mark Salter (1): > irqchip/gic-v3: Change pr_debug message to pr_devel > >Martin Blumenstingl (2): > net: stmmac: dwmac-meson8b: fix setting the RGMII TX clock on Meson8b > net: stmmac: dwmac-meson8b: propagate rate changes to the parent clock > >Masami Hiramatsu (1): > selftest: ftrace: Fix to pick text symbols for kprobes > >Mathieu Malaterre (1): > net: Extra '_get' in declaration of arch_get_platform_mac_address > >Matt Redfearn (2): > MIPS: TXx9: use IS_BUILTIN() for CONFIG_LEDS_CLASS > MIPS: Generic: Support GIC in EIC mode > >Max Gurtovoy (1): > RDMA/core: Reduce poll batch for direct cq polling > >Maxime Chevallier (1): > spi: a3700: Clear DATA_OUT when performing a read > >Mel Gorman (1): > mm: pin address_space before dereferencing it while isolating an LRU page > >Michael Bringmann (2): > powerpc/numa: Use ibm,max-associativity-domains to discover possible nodes > powerpc/numa: Ensure nodes initialized for hotplug > >Michael J. Ruhl (1): > IB/hfi1: Re-order IRQ cleanup to address driver cleanup race > >Michael Kelley (1): > cpumask: Make for_each_cpu_wrap() available on UP as well > >Michal Hocko (1): > netfilter: x_tables: make allocation less aggressive > >Micka??l Sala??n (1): > samples/bpf: Partially fixes the bpf.o build > >Ming Lei (2): > dm mpath: return DM_MAPIO_REQUEUE on blk-mq rq allocation failure > blk-mq: turn WARN_ON in __blk_mq_run_hw_queue into printk > >Mustafa Ismail (1): > i40iw: Free IEQ resources > >NeilBrown (1): > NFSv4: always set NFS_LOCK_LOST when a lock is lost. > >Ngai-Mint Kwan (1): > fm10k: fix "failed to kill vid" message for VF > >Nicholas Piggin (2): > powerpc: System reset avoid interleaving oops using die synchronisation > powerpc/powernv: IMC fix out of bounds memory access at shutdown > >Niklas Cassel (2): > PCI: Add dummy pci_irqd_intx_xlate() for CONFIG_PCI=n build > net: stmmac: discard disabled flags in interrupt status register > >Nikolay Borisov (1): > btrfs: Fix out of bounds access in btrfs_search_slot > >Nitin Gupta (1): > sparc64: update pmdp_invalidate() to return old pmd value > >Paolo Bonzini (1): > kvm: x86: fix KVM_XEN_HVM_CONFIG ioctl > >Parav Pandit (2): > RDMA/core: Clarify rdma_ah_find_type > RDMA/cma: Check existence of netdevice during port validation > >Paul Mackerras (2): > KVM: PPC: Book3S HV: Enable migration of decrementer register > KVM: PPC: Book3S HV: Fix handling of secondary HPTEG in HPT resizing code > >Peter Hutterer (1): > Input: synaptics - reset the ABS_X/Y fuzz after initializing MT axes > >Peter Xu (1): > iommu/vt-d: Use domain instead of cache fetching > >Peter Zijlstra (1): > x86/tsc: Allow TSC calibration without PIT > >Prashant Bhole (1): > bpf: test_maps: cleanup sockmaps when test ends > >Rafael J. Wysocki (1): > ACPI / EC: Restore polling during noirq suspend/resume phases > >Robin Murphy (1): > iommu/exynos: Don't unconditionally steal bus ops > >Ross Lagerwall (2): > xen-netfront: Fix race between device setup and open > xen/grant-table: Use put_page instead of free_page > >Sagi Grimberg (1): > IB/cq: Don't force IB_POLL_DIRECT poll context for ib_process_cq_direct > >Sebastian Ott (1): > s390/eadm: fix CONFIG_BLOCK include dependency > >Sheng Yong (1): > f2fs: avoid hungtask when GC encrypted block if io_bits is set > >Shiraz Saleem (1): > i40iw: Zero-out consumer key on allocate stag for FMR > >Stephen Boyd (1): > irqchip/gic-v3: Ignore disabled ITS nodes > >Steven Rostedt (VMware) (3): > tools lib traceevent: Simplify pointer print logic and fix %pF > tools lib traceevent: Fix get_field_str() for dynamic strings > selftests/ftrace: Add some missing glob checks > >Subash Abhinov Kasiviswanathan (2): > netfilter: ipv6: nf_defrag: Pass on packets to stack per RFC2460 > netfilter: ipv6: nf_defrag: Kill frag queue on RFC2460 failure > >Takashi Iwai (1): > ALSA: hda - Use IS_REACHABLE() for dependency on input > >Tang Junhui (3): > bcache: fix for allocator and register thread race > bcache: fix for data collapse after re-attaching an attached device > bcache: return attach error when no cache set exist > >Thomas Richter (2): > perf record: Fix failed memory allocation for get_cpuid_str > perf test: Fix test trace+probe_libc_inet_pton.sh for s390x > >Tony Lindgren (1): > PM / wakeirq: Fix unbalanced IRQ enable for wakeirq > >Trond Myklebust (1): > SUNRPC: Don't call __UDPX_INC_STATS() from a preemptible context > >Ulf Hansson (1): > PM / domains: Fix up domain-idle-states OF parsing > >Ulf Magnusson (3): > kconfig: Don't leak main menus during parsing > kconfig: Fix automatic menu creation mem leak > kconfig: Fix expr_free() E_NOT leak > >Vitaly Kuznetsov (3): > x86/hyperv: Stop suppressing X86_FEATURE_PCID > x86/hyperv: Check for required priviliges in hyperv_init() > x86/kvm/vmx: do not use vm-exit instruction length for fast MMIO when running nested > >Wei Yongjun (2): > ipmi/powernv: Fix error return code in ipmi_powernv_probe() > nfp: fix error return code in nfp_pci_probe() > >Will Deacon (2): > arm64: spinlock: Fix theoretical trylock() A-B-A with LSE atomics > locking/qspinlock: Ensure node->count is updated before initialising node > >Xose Vazquez Perez (1): > scsi: devinfo: fix format of the device list > >Yang Shi (1): > mm: thp: use down_read_trylock() in khugepaged to avoid long block > >Yisheng Xie (2): > mm/mempolicy: fix the check of nodemask from user > mm/mempolicy: add nodes_empty check in SYSC_migrate_pages > >Yonghong Song (1): > bpf: fix selftests/bpf test_kmod.sh failure when CONFIG_BPF_JIT_ALWAYS_ON=y > >himanshu.madhani(a)cavium.com (1): > scsi: qla2xxx: Fix warning in qla2x00_async_iocb_timeout() > >mike.travis(a)hpe.com (1): > x86/platform/UV: Fix GAM Range Table entries less than 1GB > >mulhern (1): > dm thin: fix documentation relative to low water mark threshold > >piaojun (3): > ocfs2: return -EROFS to mount.ocfs2 if inode block is invalid > ocfs2/acl: use 'ip_xattr_sem' to protect getting extended attribute > ocfs2: return error when we attempt to access a dirty bh in jbd2 > >shidao.ytt (1): > mm/fadvise: discard partial page if endbyte is also EOF > >weiyongjun (A) (1): > mac80211_hwsim: fix possible memory leak in hwsim_new_radio_nl() > > Documentation/device-mapper/thin-provisioning.txt | 8 +- > Documentation/virtual/kvm/api.txt | 1 + > arch/arm64/include/asm/spinlock.h | 4 +- > arch/mips/boot/compressed/Makefile | 6 +- > arch/mips/generic/irq.c | 18 +- > arch/mips/include/asm/machine.h | 2 +- > arch/mips/txx9/rbtx4939/setup.c | 4 +- > arch/powerpc/include/asm/book3s/64/pgalloc.h | 10 +- > arch/powerpc/include/uapi/asm/kvm.h | 2 + > arch/powerpc/kernel/traps.c | 2 +- > arch/powerpc/kvm/book3s_64_mmu_hv.c | 8 +- > arch/powerpc/kvm/book3s_hv.c | 8 + > arch/powerpc/kvm/powerpc.c | 2 +- > arch/powerpc/mm/numa.c | 78 +- > arch/powerpc/platforms/powernv/opal-imc.c | 6 +- > arch/s390/include/asm/eadm.h | 2 +- > arch/s390/kvm/kvm-s390.c | 4 +- > arch/s390/kvm/vsie.c | 50 +- > arch/sparc/include/asm/pgtable_64.h | 2 +- > arch/sparc/mm/tlb.c | 23 +- > arch/x86/hyperv/hv_init.c | 9 +- > arch/x86/hyperv/mmu.c | 12 +- > arch/x86/include/asm/i8259.h | 5 + > arch/x86/kernel/apic/x2apic_uv_x.c | 15 +- > arch/x86/kernel/dumpstack.c | 2 +- > arch/x86/kernel/tsc.c | 18 + > arch/x86/kvm/vmx.c | 16 +- > arch/x86/kvm/x86.c | 10 +- > arch/x86/mm/init_64.c | 3 +- > arch/x86/power/hibernate_32.c | 2 +- > arch/x86/power/hibernate_64.c | 2 +- > block/bio.c | 2 +- > block/blk-core.c | 2 + > block/blk-merge.c | 29 +- > block/blk-mq-debugfs.c | 6 +- > block/blk-mq.c | 22 +- > drivers/acpi/acpi_lpss.c | 2 + > drivers/acpi/bus.c | 6 + > drivers/acpi/ec.c | 6 + > drivers/acpi/processor_perflib.c | 2 +- > drivers/acpi/scan.c | 20 +- > drivers/base/power/domain.c | 76 +- > drivers/base/power/wakeirq.c | 6 +- > drivers/char/ipmi/ipmi_powernv.c | 5 +- > drivers/cpufreq/intel_pstate.c | 5 + > drivers/crypto/Kconfig | 1 - > drivers/firewire/ohci.c | 8 +- > drivers/firmware/dmi_scan.c | 22 +- > .../drm/nouveau/nvkm/subdev/pmu/fuc/gf100.fuc3.h | 746 +++++++-------- > .../drm/nouveau/nvkm/subdev/pmu/fuc/gk208.fuc5.h | 802 ++++++++-------- > .../drm/nouveau/nvkm/subdev/pmu/fuc/gt215.fuc3.h | 1006 ++++++++++---------- > .../gpu/drm/nouveau/nvkm/subdev/pmu/fuc/memx.fuc | 30 +- > drivers/hid/hid-roccat-kovaplus.c | 2 + > drivers/infiniband/core/cma.c | 8 +- > drivers/infiniband/core/cq.c | 30 +- > drivers/infiniband/core/uverbs_ioctl.c | 19 +- > drivers/infiniband/hw/hfi1/chip.c | 18 +- > drivers/infiniband/hw/hfi1/file_ops.c | 4 +- > drivers/infiniband/hw/hfi1/hfi.h | 1 + > drivers/infiniband/hw/hfi1/init.c | 4 +- > drivers/infiniband/hw/i40iw/i40iw_puda.c | 3 +- > drivers/infiniband/hw/i40iw/i40iw_puda.h | 1 + > drivers/infiniband/hw/i40iw/i40iw_verbs.c | 2 + > drivers/infiniband/hw/mlx5/qp.c | 5 +- > drivers/infiniband/ulp/ipoib/ipoib_main.c | 3 + > drivers/input/mouse/psmouse-base.c | 34 +- > drivers/input/mouse/synaptics.c | 10 + > drivers/input/touchscreen/stmfts.c | 11 +- > drivers/iommu/exynos-iommu.c | 7 + > drivers/iommu/intel-iommu.c | 3 +- > drivers/irqchip/irq-gic-v3-its-pci-msi.c | 2 + > drivers/irqchip/irq-gic-v3-its-platform-msi.c | 2 + > drivers/irqchip/irq-gic-v3-its.c | 2 + > drivers/irqchip/irq-gic-v3.c | 2 +- > drivers/md/bcache/alloc.c | 4 +- > drivers/md/bcache/bcache.h | 2 +- > drivers/md/bcache/btree.c | 9 +- > drivers/md/bcache/super.c | 23 +- > drivers/md/bcache/sysfs.c | 11 +- > drivers/md/bcache/writeback.c | 7 +- > drivers/md/dm-mpath.c | 14 +- > drivers/net/ethernet/freescale/gianfar.c | 9 +- > drivers/net/ethernet/intel/fm10k/fm10k_netdev.c | 14 +- > drivers/net/ethernet/intel/i40e/i40e_ethtool.c | 18 +- > drivers/net/ethernet/intel/i40e/i40e_main.c | 3 + > drivers/net/ethernet/intel/i40evf/i40evf.h | 1 + > drivers/net/ethernet/intel/i40evf/i40evf_main.c | 9 +- > .../net/ethernet/intel/i40evf/i40evf_virtchnl.c | 35 +- > drivers/net/ethernet/intel/igb/igb_main.c | 42 +- > drivers/net/ethernet/intel/igb/igb_ptp.c | 9 + > drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 8 +- > drivers/net/ethernet/netronome/nfp/nfp_main.c | 1 + > .../net/ethernet/stmicro/stmmac/dwmac-meson8b.c | 6 +- > drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 6 +- > drivers/net/wireless/mac80211_hwsim.c | 4 +- > drivers/net/xen-netfront.c | 46 +- > drivers/ntb/ntb_transport.c | 3 + > drivers/pci/quirks.c | 2 + > drivers/platform/x86/dell-laptop.c | 24 +- > drivers/platform/x86/thinkpad_acpi.c | 10 + > drivers/scsi/arm/fas216.c | 2 +- > drivers/scsi/qla2xxx/qla_init.c | 4 + > drivers/scsi/scsi_devinfo.c | 7 +- > drivers/spi/spi-armada-3700.c | 5 + > .../staging/fsl-mc/bus/irq-gic-v3-its-fsl-mc-msi.c | 2 + > drivers/tty/serial/8250/8250_exar.c | 34 +- > drivers/tty/serial/8250/8250_port.c | 26 - > drivers/watchdog/sp5100_tco.h | 2 +- > drivers/xen/grant-table.c | 4 +- > fs/btrfs/ctree.c | 12 +- > fs/btrfs/disk-io.c | 6 +- > fs/btrfs/file.c | 9 + > fs/btrfs/inode.c | 17 +- > fs/btrfs/raid56.c | 55 +- > fs/btrfs/volumes.c | 9 +- > fs/cifs/cifssmb.c | 4 +- > fs/dax.c | 2 +- > fs/f2fs/gc.c | 7 +- > fs/jffs2/fs.c | 1 - > fs/nfs/nfs4proc.c | 12 +- > fs/nfs/nfs4state.c | 5 +- > fs/nfs/nfs4sysctl.c | 2 +- > fs/ocfs2/acl.c | 6 + > fs/ocfs2/journal.c | 23 +- > fs/ocfs2/super.c | 5 +- > fs/ocfs2/xattr.c | 2 + > fs/proc/base.c | 29 +- > fs/proc/kcore.c | 4 + > fs/ubifs/tnc.c | 21 +- > include/asm-generic/pgtable.h | 15 + > include/linux/cpumask.h | 2 + > include/linux/etherdevice.h | 2 +- > include/linux/kcore.h | 1 + > include/linux/pci.h | 7 + > include/linux/property.h | 10 +- > include/linux/suspend.h | 2 + > include/rdma/ib_verbs.h | 23 +- > include/trace/events/timer.h | 20 +- > kernel/bpf/sockmap.c | 19 +- > kernel/locking/qspinlock.c | 8 + > kernel/power/power.h | 3 - > lib/test_bpf.c | 31 +- > mm/fadvise.c | 10 +- > mm/khugepaged.c | 12 +- > mm/mempolicy.c | 33 +- > mm/vmscan.c | 14 +- > net/ipv4/tcp_nv.c | 2 +- > net/ipv6/netfilter/nf_conntrack_reasm.c | 16 +- > net/netfilter/x_tables.c | 7 +- > net/netfilter/xt_IDLETIMER.c | 1 + > net/netfilter/xt_LED.c | 1 + > net/netfilter/xt_limit.c | 3 +- > net/netfilter/xt_nfacct.c | 1 + > net/netfilter/xt_statistic.c | 1 + > net/openvswitch/conntrack.c | 34 + > net/rds/ib.c | 3 +- > net/rxrpc/conn_event.c | 1 + > net/rxrpc/rxkad.c | 92 +- > net/sunrpc/xprtrdma/backchannel.c | 12 +- > net/sunrpc/xprtrdma/svc_rdma_rw.c | 12 +- > net/sunrpc/xprtrdma/verbs.c | 32 +- > net/sunrpc/xprtrdma/xprt_rdma.h | 2 +- > net/sunrpc/xprtsock.c | 4 +- > samples/bpf/Makefile | 5 +- > scripts/kconfig/expr.c | 2 +- > scripts/kconfig/menu.c | 1 + > scripts/kconfig/zconf.y | 33 +- > sound/pci/hda/Kconfig | 1 - > sound/pci/hda/patch_realtek.c | 5 + > sound/soc/au1x/ac97c.c | 6 +- > sound/soc/rockchip/rk3399_gru_sound.c | 19 +- > tools/lib/bpf/Makefile | 2 +- > tools/lib/bpf/libbpf.c | 26 + > tools/lib/traceevent/event-parse.c | 17 +- > tools/lib/traceevent/parse-filter.c | 10 +- > tools/perf/arch/x86/util/header.c | 2 +- > tools/perf/builtin-c2c.c | 5 +- > tools/perf/builtin-record.c | 3 +- > tools/perf/builtin-report.c | 5 +- > tools/perf/builtin-script.c | 5 +- > tools/perf/perf.h | 1 + > tools/perf/tests/dwarf-unwind.c | 1 + > .../perf/tests/shell/trace+probe_libc_inet_pton.sh | 21 +- > tools/perf/util/callchain.c | 10 + > tools/perf/util/callchain.h | 2 + > tools/perf/util/evsel.c | 21 +- > tools/perf/util/unwind-libunwind-local.c | 9 +- > tools/testing/selftests/bpf/test_maps.c | 16 +- > .../ftrace/test.d/ftrace/func-filter-glob.tc | 6 + > .../ftrace/test.d/kprobe/multiple_kprobes.tc | 4 +- > tools/testing/selftests/net/reuseport_bpf.c | 21 +- > virt/kvm/kvm_main.c | 7 +- > 192 files changed, 2774 insertions(+), 1876 deletions(-) >-----BEGIN PGP SIGNATURE----- > >iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlrTxiwACgkQ3qZv95d3 >LNxkBA//Rw0JqNQC93MzSLs1nutC4zGqVAN2ioYSclFvM1hlOIXALUjcqFSdv/VE >d3U4zevf4gayuyaWq8T9Y7bpTz1QYZAvyw4fjJrYhhb/89OKH7mEtL+XLv84aywB >AnMqcD1nIU/Nzk994WKu9gRaev5QiY1c6dRQObmHg3O7SYwPhP4TpJyj2IkKAASu >mRsDrIHibuDM92ytC08wvXVjEO6bSzZwv8LXB6MkVk2QruXkEN9SFlDYHho9LG4B >gLZI3yvJB4C+PcTJLnzHozHuscdwrpPfPSTe8ckOMVEfclvOy4vSUYdLA4wt3J7l >rDBcUZuKscHMKi+H4oyMVRjwonB15tLaPYFVHvow76W2kUzs2mFkhkxiTCJkdMpq >gQiWdUr/rXMGbFouAQ57GLlmJUunSmNIx9/BB0vJXWMj4krCn53MK93EhTrG+8vm >A2BaLHdloKr0tR1VFcKUC9tlOJl+srnkXN6ONZTo57tjK/uImrJ7XYdDR08yYOpU >iGgHPabdvWoYsR0qmKbJ+uHK8zsiqeIjjwcBT17h0kI86X6YvDeyqM2MW9/4/x6E >/A4WGP1INyWyKveyTmBlvcJzpzrrift/6yoMGXD7xlNtE1Y/XGG9dDXvl89h0yS+ >L7OOK+/YeBREP50UZ+CKEkgZ7GBkQRp9rUVZ7fghLAa2vn/y4gc= >=1sHf >-----END PGP SIGNATURE-----

7 years, 2 months

2
1
0 0

[PATCH 4.14 000/164] 4.14.36-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.14.36 release. There are 164 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Tue Apr 24 13:51:05 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.36-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.14.36-rc1 Greg Thelen <gthelen(a)google.com> writeback: safer lock nesting Sean Young <sean(a)mess.org> media: staging: lirc_zilog: incorrect reference counting Sean Young <sean(a)mess.org> Revert "media: lirc_zilog: driver only sends LIRCCODE" Luca Coelho <luciano.coelho(a)intel.com> iwlwifi: add a bunch of new 9000 PCI IDs Luca Coelho <luciano.coelho(a)intel.com> iwlwifi: add shared clock PHY config flag for some devices Andrew Lunn <andrew(a)lunn.ch> net: dsa: Discard frames from unused ports Matthew Wilcox <mawilcox(a)microsoft.com> mm/filemap.c: fix NULL pointer in page_cache_tree_insert() Ian Kent <raven(a)themaw.net> autofs: mount point create should honour passed in mode Al Viro <viro(a)zeniv.linux.org.uk> Don't leak MNT_INTERNAL away from internal mounts Al Viro <viro(a)zeniv.linux.org.uk> rpc_pipefs: fix double-dput() Al Viro <viro(a)zeniv.linux.org.uk> orangefs_kill_sb(): deal with allocation failures Al Viro <viro(a)zeniv.linux.org.uk> hypfs_kill_super(): deal with failed allocations Al Viro <viro(a)zeniv.linux.org.uk> jffs2_kill_sb(): deal with failed allocations Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Correctly handle limited range YCbCr data on VLV/CHV Daniel Kurtz <djkurtz(a)chromium.org> mmc: sdhci-pci: Only do AMD tuning for HS200 Amir Goldstein <amir73il(a)gmail.com> fanotify: fix logic of events on child Jan Kara <jack(a)suse.cz> udf: Fix leak of UTF-16 surrogates into encoded strings Michael Ellerman <mpe(a)ellerman.id.au> powerpc/lib: Fix off-by-one in alternate feature patching Benjamin Herrenschmidt <benh(a)kernel.crashing.org> powerpc/xive: Fix trying to "push" an already active pool VP Michael Neuling <mikey(a)neuling.org> powerpc/eeh: Fix enabling bridge MMIO windows Matt Redfearn <matt.redfearn(a)mips.com> MIPS: memset.S: Fix clobber of v1 in last_fixup Matt Redfearn <matt.redfearn(a)mips.com> MIPS: memset.S: Fix return of __clear_user from Lpartial_fixup Matt Redfearn <matt.redfearn(a)mips.com> MIPS: memset.S: EVA & fault support for small_memset Matt Redfearn <matt.redfearn(a)mips.com> MIPS: uaccess: Add micromips clobbers to bzero invocation Aaron Armstrong Skomra <skomra(a)gmail.com> HID: wacom: bluetooth: send exit report for recent Bluetooth devices Rodrigo Rivas Costa <rodrigorivascosta(a)gmail.com> HID: hidraw: Fix crash on HIDIOCGFEATURE with a destroyed device Dmitry Torokhov <dmitry.torokhov(a)gmail.com> HID: input: fix battery level reporting on BT mice Theodore Ts'o <tytso(a)mit.edu> random: add new ioctl RNDRESEEDCRNG Theodore Ts'o <tytso(a)mit.edu> random: crng_reseed() should lock the crng instance that it is modifying Theodore Ts'o <tytso(a)mit.edu> random: set up the NUMA crng instances after the CRNG is fully initialized Theodore Ts'o <tytso(a)mit.edu> random: use a different mixing algorithm for add_device_randomness() Theodore Ts'o <tytso(a)mit.edu> random: fix crng_ready() test Hui Wang <hui.wang(a)canonical.com> ALSA: hda/realtek - adjust the location of one mic Hui Wang <hui.wang(a)canonical.com> ALSA: hda/realtek - set PINCFG_HEADSET_MIC to parse_flags David Wang <davidwang(a)zhaoxin.com> ALSA: hda - New VIA controller suppor no-snoop path Takashi Iwai <tiwai(a)suse.de> ALSA: rawmidi: Fix missing input substream checks in compat ioctls Fabián Inostroza <soulsonceonfire(a)gmail.com> ALSA: line6: Use correct endpoint type for midi output Paul Parsons <lost.distance(a)yahoo.com> drm/radeon: Fix PCIe lane width calculation Nico Sneck <nicosneck(a)hotmail.com> drm/radeon: add PX quirk for Asus K73TK Marc Zyngier <marc.zyngier(a)arm.com> drm/rockchip: Clear all interrupts before requesting the IRQ Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/si: implement get/set pcie_lanes asic callback Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: Fix PCIe lane width calculation Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/sdma: fix mask in emit_pipeline_sync Bas Nieuwenhuizen <basni(a)chromium.org> drm/amdgpu: Fix always_valid bos multiple LRU insertions. Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: Add an ATPX quirk for hybrid laptop Takashi Iwai <tiwai(a)suse.de> ALSA: pcm: Fix endless loop for XRUN recovery in OSS emulation Takashi Iwai <tiwai(a)suse.de> ALSA: pcm: Fix mutex unbalance in OSS emulation ioctls Takashi Iwai <tiwai(a)suse.de> ALSA: pcm: Return -EBUSY for OSS ioctls changing busy streams Takashi Iwai <tiwai(a)suse.de> ALSA: pcm: Avoid potential races between OSS ioctls and read/write Takashi Iwai <tiwai(a)suse.de> ALSA: pcm: Use ERESTARTSYS instead of EINTR in OSS emulation Alex Williamson <alex.williamson(a)redhat.com> vfio/pci: Virtualize Maximum Read Request Size Igor Pylypiv <igor.pylypiv(a)gmail.com> watchdog: f71808e_wdt: Fix WD_EN register read Sean Wang <sean.wang(a)mediatek.com> dt-bindings: clock: mediatek: add binding for fixed-factor clock axisel_d4 Mikhail Lappo <mikhail.lappo(a)esrlabs.com> thermal: imx: Fix race condition in imx_thermal_probe() Ryo Kodama <ryo.kodama.vz(a)renesas.com> pwm: rcar: Fix a condition to prevent mismatch value setting to duty Boris Brezillon <boris.brezillon(a)bootlin.com> clk: bcm2835: De-assert/assert PLL reset signal when appropriate Sean Wang <sean.wang(a)mediatek.com> clk: mediatek: fix PWM clock source by adding a fixed-factor clock Arnd Bergmann <arnd(a)arndb.de> clk: fix false-positive Wmaybe-uninitialized warning Richard Genoud <richard.genoud(a)gmail.com> clk: mvebu: armada-38x: add support for missing clocks Sinan Kaya <okaya(a)codeaurora.org> PCI: Mark Broadcom HT1100 and HT2000 Root Port Extended Tags as broken Masaharu Hayakawa <masaharu.hayakawa.ry(a)renesas.com> mmc: tmio: Fix error handling when issuing CMD23 Alex Smith <alex.smith(a)imgtec.com> mmc: jz4740: Fix race condition in IRQ mask update Lu Baolu <baolu.lu(a)linux.intel.com> iommu/vt-d: Fix a potential memory leak Krzysztof Mazur <krzysiek(a)podlesie.net> um: Use POSIX ucontext_t instead of struct ucontext Jason A. Donenfeld <Jason(a)zx2c4.com> um: Compile with modern headers Steven Rostedt (VMware) <rostedt(a)goodmis.org> ring-buffer: Check if memory is available before allocation Dan Williams <dan.j.williams(a)intel.com> nfit: skip region registration for incomplete control regions Dan Williams <dan.j.williams(a)intel.com> nfit, address-range-scrub: fix scrub in-progress reporting Dan Williams <dan.j.williams(a)intel.com> libnvdimm, namespace: use a safe lookup for dimm device name Dan Williams <dan.j.williams(a)intel.com> libnvdimm, dimm: fix dpa reservation vs uninitialized label area Chris Chiu <chiu(a)endlessm.com> tpm: self test failure should not cause suspend to fail Frederic Barrat <fbarrat(a)linux.vnet.ibm.com> cxl: Fix possible deadlock when processing page faults from cxllib Maxime Jayat <maxime.jayat(a)mobile-devices.fr> dmaengine: at_xdmac: fix rare residue corruption Bart Van Assche <bart.vanassche(a)wdc.com> IB/srp: Fix completion vector assignment algorithm Bart Van Assche <bart.vanassche(a)wdc.com> IB/srp: Fix srp_abort() Takashi Iwai <tiwai(a)suse.de> ALSA: pcm: Fix UAF at PCM release via PCM timer access Bart Van Assche <bart.vanassche(a)wdc.com> RDMA/rxe: Fix an out-of-bounds read Leon Romanovsky <leonro(a)mellanox.com> RDMA/mlx5: Protect from NULL pointer derefence Roland Dreier <roland(a)purestorage.com> RDMA/ucma: Don't allow setting RDMA_OPTION_IB_PATH without an RDMA device Mikulas Patocka <mpatocka(a)redhat.com> dm crypt: limit the number of allocated pages Theodore Ts'o <tytso(a)mit.edu> ext4: add extra checks to ext4_xattr_block_get() Theodore Ts'o <tytso(a)mit.edu> ext4: add bounds checking to ext4_xattr_find_entry() Theodore Ts'o <tytso(a)mit.edu> ext4: move call to ext4_error() into ext4_xattr_check_block() Theodore Ts'o <tytso(a)mit.edu> ext4: don't allow r/w mounts if metadata blocks overlap the superblock Theodore Ts'o <tytso(a)mit.edu> ext4: always initialize the crc32c checksum driver Theodore Ts'o <tytso(a)mit.edu> ext4: fail ext4_iget for root directory if unallocated Eric Biggers <ebiggers(a)google.com> ext4: limit xattr size to INT_MAX Theodore Ts'o <tytso(a)mit.edu> ext4: add validity checks for bitmap block numbers Eryu Guan <guaneryu(a)gmail.com> ext4: protect i_disksize update by i_data_sem in direct write path Theodore Ts'o <tytso(a)mit.edu> ext4: don't update checksum of new initialized bitmaps Theodore Ts'o <tytso(a)mit.edu> ext4: pass -ESHUTDOWN code to jbd2 layer Theodore Ts'o <tytso(a)mit.edu> ext4: eliminate sleep from shutdown ioctl Theodore Ts'o <tytso(a)mit.edu> ext4: shutdown should not prevent get_write_access Theodore Ts'o <tytso(a)mit.edu> jbd2: if the journal is aborted then don't allow update of the log tail Mikulas Patocka <mpatocka(a)redhat.com> block: use 32-bit blk_status_t on Alpha Hans de Goede <hdegoede(a)redhat.com> extcon: intel-cht-wc: Set direction and drv flags for V5 boost GPIO Theodore Ts'o <tytso(a)mit.edu> random: use a tighter cap in credit_entropy_bits_safe() Aniruddha Banerjee <aniruddhab(a)nvidia.com> irqchip/gic: Take lock when updating irq type Mika Westerberg <mika.westerberg(a)linux.intel.com> thunderbolt: Prevent crash when ICM firmware is not running Mika Westerberg <mika.westerberg(a)linux.intel.com> thunderbolt: Resume control channel after hibernation image is created Mika Westerberg <mika.westerberg(a)linux.intel.com> thunderbolt: Serialize PCIe tunnel creation with PCI rescan Mika Westerberg <mika.westerberg(a)linux.intel.com> thunderbolt: Wait a bit longer for ICM to authenticate the active NVM Liam Girdwood <liam.r.girdwood(a)linux.intel.com> ASoC: topology: Fix kcontrol name string handling James Kelly <jamespeterkelly(a)gmail.com> ASoC: ssm2602: Replace reg_default_raw with reg_default Sean Wang <sean.wang(a)mediatek.com> soc: mediatek: fix the mistaken pointer accessed when subdomains are added Aaron Ma <aaron.ma(a)canonical.com> HID: core: Fix size as type u32 Aaron Ma <aaron.ma(a)canonical.com> HID: Fix hid_report_len usage Nicholas Piggin <npiggin(a)gmail.com> powerpc/powernv: Fix OPAL NVRAM driver OPAL_BUSY loops Thiago Jung Bauermann <bauerman(a)linux.vnet.ibm.com> powerpc/kexec_file: Fix error code when trying to load kdump kernel Naveen N. Rao <naveen.n.rao(a)linux.vnet.ibm.com> powerpc/kprobes: Fix call trace due to incorrect preempt count Nicholas Piggin <npiggin(a)gmail.com> powerpc/64: Fix smp_wmb barrier definition use use lwsync consistently Paul Mackerras <paulus(a)ozlabs.org> powerpc/64: Call H_REGISTER_PROC_TBL when running as a HPT guest on POWER9 Nicholas Piggin <npiggin(a)gmail.com> powerpc/64s: Fix dt_cpu_ftrs to have restore_cpu clear unwanted LPCR bits Nicholas Piggin <npiggin(a)gmail.com> powerpc/powernv: Handle unknown OPAL errors in opal_nvram_write() Gustavo A. R. Silva <gustavo(a)embeddedor.com> CIFS: fix sha512 check in cifs_crypto_secmech_release Aurelien Aptel <aaptel(a)suse.com> CIFS: add sha512 secmech Aurelien Aptel <aaptel(a)suse.com> CIFS: refactor crypto shash/sdesc allocation&free Jean Delvare <jdelvare(a)suse.de> i2c: i801: Restore configuration at shutdown Jean Delvare <jdelvare(a)suse.de> i2c: i801: Save register SMBSLVCMD value only once Aaron Ma <aaron.ma(a)canonical.com> HID: i2c-hid: fix size check and type usage Steve French <stfrench(a)microsoft.com> smb3: Fix root directory when server returns inode number of zero Ronnie Sahlberg <lsahlber(a)redhat.com> fix smb3-encryption breakage when CONFIG_DEBUG_SG=y Ronnie Sahlberg <lsahlber(a)redhat.com> cifs: fix memory leak in SMB2_open() Felipe Balbi <felipe.balbi(a)linux.intel.com> usb: dwc3: gadget: never call ->complete() from ->ep_queue() Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: pci: Properly cleanup resource Roger Quadros <rogerq(a)ti.com> usb: dwc3: prevent setting PRTCAP to OTG from debugfs Zhengjun Xing <zhengjun.xing(a)linux.intel.com> USB:fix USB3 devices behind USB3 hubs not resuming at hibernate thaw Yavuz, Tuba <tuba(a)ece.ufl.edu> USB: gadget: f_midi: fixing a possible double-free in f_midi Mika Westerberg <mika.westerberg(a)linux.intel.com> ACPI / hotplug / PCI: Check presence of slot itself in get_slot_status() Hans de Goede <hdegoede(a)redhat.com> ACPI / video: Add quirk to force acpi-video backlight on Samsung 670Z5E Dan Carpenter <dan.carpenter(a)oracle.com> regmap: Fix reversed bounds check in regmap_raw_write() Jason Andryuk <jandryuk(a)gmail.com> xen-netfront: Fix hang on device removal Jason Andryuk <jandryuk(a)gmail.com> x86/xen: Delay get_cpu_cap until stack canary is established Kieran Bingham <kieran.bingham(a)ideasonboard.com> media: vsp1: Fix BRx conditional path in WPF Hans Verkuil <hverkuil(a)xs4all.nl> media: vivid: check if the cec_adapter is valid Hans Verkuil <hverkuil(a)xs4all.nl> media: atomisp_fops.c: disable atomisp_compat_ioctl32 Jarkko Nikula <jarkko.nikula(a)linux.intel.com> spi: Fix unregistration of controller with fixed SPI bus number Maxime Chevallier <maxime.chevallier(a)bootlin.com> spi: Fix scatterlist elements size in spi_map_buf Eugen Hristev <eugen.hristev(a)microchip.com> spi: atmel: init FIFOs before spi enable Santiago Esteban <Santiago.Esteban(a)microchip.com> ARM: dts: at91: sama5d4: fix pinctrl compatible string Marek Szyprowski <m.szyprowski(a)samsung.com> ARM: dts: exynos: Fix IOMMU support for GScaler devices on Exynos5250 Nicolas Ferre <nicolas.ferre(a)microchip.com> ARM: dts: at91: at91sam9g25: fix mux-mask pinctrl property Sean Wang <sean.wang(a)mediatek.com> arm: dts: mt7623: fix USB initialization fails on bananapi-r2 Marek Szyprowski <m.szyprowski(a)samsung.com> ARM: EXYNOS: Fix coupled CPU idle freeze on Exynos4210 David Lechner <david(a)lechnology.com> ARM: dts: da850-lego-ev3: Fix battery voltage gpio Marc Zyngier <marc.zyngier(a)arm.com> KVM: arm/arm64: vgic-its: Fix potential overrun in vgic_copy_lpi_list Jerome Brunet <jbrunet(a)baylibre.com> ARM64: dts: meson: reduce odroid-c2 eMMC maximum rate Felipe Balbi <felipe.balbi(a)linux.intel.com> usb: gadget: udc: core: update usb_ep_queue() documentation Chen-Yu Tsai <wens(a)csie.org> phy: allwinner: sun4i-usb: poll vbus changes on A23/A33 when driving VBUS Heinrich Schuchardt <xypron.glpk(a)gmx.de> usb: musb: gadget: misplaced out of bounds check Vlastimil Babka <vbabka(a)suse.cz> mm, slab: reschedule cache_reap() on the same CPU Eric Biggers <ebiggers(a)google.com> ipc/shm: fix use-after-free of shm file via remap_file_pages() Takashi Iwai <tiwai(a)suse.de> resource: fix integer overflow at reallocation Andrew Morton <akpm(a)linux-foundation.org> fs/reiserfs/journal.c: add missing resierfs_warning() arg Kees Cook <keescook(a)chromium.org> task_struct: only use anon struct under randstruct plugin Jérôme Glisse <jglisse(a)redhat.com> mm/hmm: hmm_pfns_bad() was accessing wrong struct Jérôme Glisse <jglisse(a)redhat.com> mm/hmm: fix header file if/else/endif maze Claudio Imbrenda <imbrenda(a)linux.vnet.ibm.com> mm/ksm.c: fix inconsistent accounting of zero pages Richard Weinberger <richard(a)nod.at> ubi: Reject MLC NAND Romain Izard <romain.izard.pro(a)gmail.com> ubi: Fix error for write access Richard Weinberger <richard(a)nod.at> ubi: fastmap: Don't flush fastmap work on detach Richard Weinberger <richard(a)nod.at> ubifs: Check ubifs_wbuf_sync() return code George Cherian <george.cherian(a)cavium.com> cpufreq: CPPC: Use transition_delay_us depending transition_latency Tejun Heo <tj(a)kernel.org> tty: make n_tty_read() always abort if hangup is in progress ------------- Diffstat: Makefile | 4 +- arch/arm/boot/dts/at91sam9g25.dtsi | 2 +- arch/arm/boot/dts/da850-lego-ev3.dts | 4 +- arch/arm/boot/dts/exynos5250.dtsi | 8 +- arch/arm/boot/dts/mt7623n-bananapi-bpi-r2.dts | 24 ++- arch/arm/boot/dts/sama5d4.dtsi | 2 +- arch/arm/mach-exynos/pm.c | 6 +- .../arm64/boot/dts/amlogic/meson-gxbb-odroidc2.dts | 2 +- arch/mips/include/asm/uaccess.h | 11 +- arch/mips/lib/memset.S | 11 +- arch/powerpc/include/asm/barrier.h | 3 +- arch/powerpc/include/asm/synch.h | 4 - arch/powerpc/kernel/dt_cpu_ftrs.c | 12 +- arch/powerpc/kernel/eeh_pe.c | 3 +- arch/powerpc/kernel/kprobes.c | 30 ++-- arch/powerpc/kernel/machine_kexec_file_64.c | 2 +- arch/powerpc/lib/feature-fixups.c | 2 +- arch/powerpc/mm/hash_utils_64.c | 6 + arch/powerpc/platforms/powernv/opal-nvram.c | 11 +- arch/powerpc/platforms/pseries/lpar.c | 8 +- arch/powerpc/sysdev/xive/native.c | 4 + arch/s390/hypfs/inode.c | 2 +- arch/um/os-Linux/file.c | 1 + arch/um/os-Linux/signal.c | 3 +- arch/x86/um/stub_segv.c | 3 +- arch/x86/xen/enlighten_pv.c | 8 +- drivers/acpi/nfit/core.c | 18 +- drivers/acpi/video_detect.c | 9 + drivers/base/regmap/regmap.c | 2 +- drivers/char/random.c | 130 ++++++++++---- drivers/char/tpm/tpm-interface.c | 4 + drivers/clk/bcm/clk-bcm2835.c | 8 +- drivers/clk/mediatek/clk-mt2701.c | 15 +- drivers/clk/mvebu/armada-38x.c | 14 +- drivers/clk/renesas/clk-sh73a0.c | 6 +- drivers/cpufreq/cppc_cpufreq.c | 3 + drivers/dma/at_xdmac.c | 4 +- drivers/extcon/extcon-intel-cht-wc.c | 11 +- drivers/gpu/drm/amd/amdgpu/amdgpu_atpx_handler.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_bo_list.c | 6 +- drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 2 +- drivers/gpu/drm/amd/amdgpu/cik_sdma.c | 2 +- drivers/gpu/drm/amd/amdgpu/sdma_v2_4.c | 2 +- drivers/gpu/drm/amd/amdgpu/sdma_v3_0.c | 2 +- drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c | 2 +- drivers/gpu/drm/amd/amdgpu/si.c | 67 +++++++ drivers/gpu/drm/amd/amdgpu/si_dpm.c | 4 +- drivers/gpu/drm/i915/i915_reg.h | 10 ++ drivers/gpu/drm/i915/intel_sprite.c | 81 +++++++-- drivers/gpu/drm/radeon/radeon_device.c | 4 + drivers/gpu/drm/radeon/si_dpm.c | 4 +- drivers/gpu/drm/rockchip/rockchip_drm_vop.c | 23 +-- drivers/hid/hid-core.c | 10 +- drivers/hid/hid-input.c | 27 ++- drivers/hid/hid-multitouch.c | 5 +- drivers/hid/hid-rmi.c | 4 +- drivers/hid/hidraw.c | 5 + drivers/hid/i2c-hid/i2c-hid.c | 13 +- drivers/hid/wacom_sys.c | 4 +- drivers/hid/wacom_wac.c | 76 ++++---- drivers/i2c/busses/i2c-i801.c | 16 +- drivers/infiniband/core/ucma.c | 3 + drivers/infiniband/hw/mlx5/mr.c | 2 + drivers/infiniband/sw/rxe/rxe_verbs.c | 5 +- drivers/infiniband/ulp/srp/ib_srp.c | 18 +- drivers/iommu/intel-svm.c | 1 + drivers/irqchip/irq-gic-common.c | 9 +- drivers/md/dm-crypt.c | 66 ++++++- drivers/media/platform/vivid/vivid-vid-common.c | 3 +- drivers/media/platform/vsp1/vsp1_wpf.c | 2 +- drivers/misc/cxl/cxllib.c | 85 +++++---- drivers/mmc/host/jz4740_mmc.c | 2 +- drivers/mmc/host/sdhci-pci-core.c | 25 ++- drivers/mmc/host/tmio_mmc_core.c | 2 +- drivers/mtd/ubi/block.c | 2 +- drivers/mtd/ubi/build.c | 11 ++ drivers/mtd/ubi/fastmap-wl.c | 1 - drivers/net/wireless/intel/iwlwifi/cfg/9000.c | 62 +++++++ drivers/net/wireless/intel/iwlwifi/fw/file.h | 1 + drivers/net/wireless/intel/iwlwifi/iwl-config.h | 5 + drivers/net/wireless/intel/iwlwifi/mvm/fw.c | 4 + drivers/net/wireless/intel/iwlwifi/pcie/drv.c | 195 ++++++++++++++++++--- drivers/net/xen-netfront.c | 7 +- drivers/nvdimm/dimm.c | 8 +- drivers/nvdimm/namespace_devs.c | 4 +- drivers/pci/hotplug/acpiphp_glue.c | 23 ++- drivers/pci/quirks.c | 4 + drivers/phy/allwinner/phy-sun4i-usb.c | 10 +- drivers/pwm/pwm-rcar.c | 8 +- drivers/soc/mediatek/mtk-scpsys.c | 2 +- drivers/spi/spi-atmel.c | 8 +- drivers/spi/spi.c | 19 +- .../media/atomisp/pci/atomisp2/atomisp_fops.c | 6 + drivers/staging/media/lirc/lirc_zilog.c | 9 +- drivers/thermal/imx_thermal.c | 6 +- drivers/thunderbolt/icm.c | 10 +- drivers/thunderbolt/nhi.c | 1 + drivers/thunderbolt/switch.c | 9 + drivers/tty/n_tty.c | 6 + drivers/tty/tty_io.c | 9 + drivers/usb/core/generic.c | 9 +- drivers/usb/dwc3/core.c | 3 + drivers/usb/dwc3/dwc3-pci.c | 2 +- drivers/usb/dwc3/gadget.c | 43 +++-- drivers/usb/gadget/function/f_midi.c | 3 +- drivers/usb/gadget/u_f.h | 2 + drivers/usb/gadget/udc/core.c | 3 + drivers/usb/musb/musb_gadget_ep0.c | 14 +- drivers/vfio/pci/vfio_pci_config.c | 29 ++- drivers/watchdog/f71808e_wdt.c | 2 +- fs/autofs4/root.c | 2 +- fs/cifs/Kconfig | 1 + fs/cifs/cifsencrypt.c | 85 ++------- fs/cifs/cifsfs.c | 1 + fs/cifs/cifsglob.h | 3 + fs/cifs/cifsproto.h | 5 + fs/cifs/inode.c | 33 ++++ fs/cifs/link.c | 27 +-- fs/cifs/misc.c | 54 ++++++ fs/cifs/smb2ops.c | 15 +- fs/cifs/smb2pdu.c | 8 +- fs/cifs/smb2proto.h | 3 + fs/cifs/smb2transport.c | 97 +++++----- fs/cifs/smbencrypt.c | 27 +-- fs/ext4/balloc.c | 19 +- fs/ext4/ext4_jbd2.c | 7 - fs/ext4/ialloc.c | 54 ++---- fs/ext4/inode.c | 11 +- fs/ext4/ioctl.c | 8 +- fs/ext4/super.c | 21 ++- fs/ext4/xattr.c | 121 +++++++------ fs/ext4/xattr.h | 11 ++ fs/fs-writeback.c | 7 +- fs/jbd2/journal.c | 30 +++- fs/jffs2/super.c | 2 +- fs/namespace.c | 3 +- fs/notify/fanotify/fanotify.c | 34 ++-- fs/orangefs/super.c | 5 + fs/reiserfs/journal.c | 2 +- fs/ubifs/super.c | 14 +- fs/udf/unicode.c | 6 + include/dt-bindings/clock/mt2701-clk.h | 3 +- include/linux/backing-dev-defs.h | 5 + include/linux/backing-dev.h | 30 ++-- include/linux/blk_types.h | 5 + include/linux/compiler-clang.h | 3 - include/linux/compiler-gcc.h | 12 +- include/linux/hid.h | 15 +- include/linux/hmm.h | 9 +- include/linux/tty.h | 1 + include/sound/pcm_oss.h | 1 + include/uapi/linux/random.h | 3 + ipc/shm.c | 23 ++- kernel/resource.c | 3 +- kernel/trace/ring_buffer.c | 5 + mm/filemap.c | 9 +- mm/hmm.c | 3 +- mm/ksm.c | 7 + mm/page-writeback.c | 18 +- mm/slab.c | 3 +- net/dsa/tag_brcm.c | 3 + net/dsa/tag_dsa.c | 3 + net/dsa/tag_edsa.c | 3 + net/dsa/tag_ksz.c | 3 + net/dsa/tag_lan9303.c | 3 + net/dsa/tag_mtk.c | 3 + net/dsa/tag_qca.c | 3 + net/dsa/tag_trailer.c | 3 + net/sunrpc/rpc_pipe.c | 1 + sound/core/oss/pcm_oss.c | 186 ++++++++++++++++---- sound/core/pcm.c | 8 +- sound/core/rawmidi_compat.c | 18 +- sound/pci/hda/hda_intel.c | 3 +- sound/pci/hda/patch_realtek.c | 3 + sound/soc/codecs/ssm2602.c | 19 +- sound/soc/soc-topology.c | 23 ++- sound/usb/line6/midi.c | 2 +- virt/kvm/arm/vgic/vgic-its.c | 15 +- 178 files changed, 1886 insertions(+), 823 deletions(-)

7 years, 2 months

4
160
0 0

RE: [PATCH] [SCSI] mpt3sas: Fix secure erase premature termination (v4)

by Igor Rybak

Hi, We are running kernel 4.4.0-22 and the patch below does not seem to be present in the mpt3sas driver. Can you please confirm? As a reminder the patch was related to a Security Erase ATA command that requires a very long timeout like 100 minutes or more and the drive retains a busy status. And the driver should not try to send other commands or reset the drive. Thanks, Igor Rybak CTO MediaClone Inc 6900 Canby Ave Ste 107 Reseda, CA 91335 USA +1-818-654-6286 ________________________________________ From: Sreekanth Reddy [sreekanth.reddy(a)broadcom.com] Sent: Thursday, November 10, 2016 8:38 PM To: Andrey Grodzovsky Cc: PDL-MPT-FUSIONLINUX; Igor Rybak; Ezra Kohavi; linux-scsi(a)vger.kernel.org; Sathya Prakash; Chaitra P B; Suganath Prabu Subramani; Hannes Reinecke; stable(a)vger.kernel.org Subject: Re: [PATCH] [SCSI] mpt3sas: Fix secure erase premature termination (v4) On Thu, Nov 10, 2016 at 8:05 PM, Andrey Grodzovsky <andrey2805(a)gmail.com> wrote: > Problem: > This is a work around for a bug with LSI Fusion MPT SAS2 when > pefroming secure erase. Due to the very long time the operation > takes commands issued during the erase will time out and will trigger > execution of abort hook. Even though the abort hook is called for > the specific command which timed out this leads to entire device halt > (scsi_state terminated) and premature termination of the secured erase. > > Fix: > Set device state to busy while erase in progress to reject any incoming > commands until the erase is done. The device is blocked any way during > this time and cannot execute any other command. > More data and logs can be found here - > https://drive.google.com/file/d/0B9ocOHYHbbS1Q3VMdkkzeWFkTjg/view > > v2: Update according to example patch by Hannes Reinecke to apply > the blocking logic to any ATA 12/16 command. > > v3: Use SCSI commands opcodes definitions instead of value and > correct identation. > > v4: Fix checkpath errors and warning. > > Signed-off-by: Andrey Grodzovsky <andrey2805(a)gmail.com> > Cc: <linux-scsi(a)vger.kernel.org> > Cc: Sathya Prakash <sathya.prakash(a)broadcom.com> > Cc: Chaitra P B <chaitra.basappa(a)broadcom.com> > Cc: Suganath Prabu Subramani <suganath-prabu.subramani(a)broadcom.com> > Cc: Sreekanth Reddy <Sreekanth.Reddy(a)broadcom.com> > Cc: Hannes Reinecke <hare(a)suse.de> > Cc: <stable(a)vger.kernel.org> Acked-by: Sreekanth Reddy <Sreekanth.Reddy(a)broadcom.com> > --- > drivers/scsi/mpt3sas/mpt3sas_scsih.c | 16 ++++++++++++++++ > 1 file changed, 16 insertions(+) > > diff --git a/drivers/scsi/mpt3sas/mpt3sas_scsih.c b/drivers/scsi/mpt3sas/mpt3sas_scsih.c > index 5a97e32..c032319 100644 > --- a/drivers/scsi/mpt3sas/mpt3sas_scsih.c > +++ b/drivers/scsi/mpt3sas/mpt3sas_scsih.c > @@ -3500,6 +3500,10 @@ _scsih_eedp_error_handling(struct scsi_cmnd *scmd, u16 ioc_status) > SAM_STAT_CHECK_CONDITION; > } > > +static inline bool ata_12_16_cmd(struct scsi_cmnd *scmd) > +{ > + return (scmd->cmnd[0] == ATA_12 || scmd->cmnd[0] == ATA_16); > +} > > /** > * _scsih_qcmd - main scsi request entry point > @@ -3528,6 +3532,14 @@ _scsih_qcmd(struct Scsi_Host *shost, struct scsi_cmnd *scmd) > scsi_print_command(scmd); > #endif > > + /** > + * Lock the device for any subsequent command until > + * command is done. > + */ > + if (ata_12_16_cmd(scmd)) > + scsi_internal_device_block(scmd->device); > + > + > sas_device_priv_data = scmd->device->hostdata; > if (!sas_device_priv_data || !sas_device_priv_data->sas_target) { > scmd->result = DID_NO_CONNECT << 16; > @@ -4062,6 +4074,10 @@ _scsih_io_done(struct MPT3SAS_ADAPTER *ioc, u16 smid, u8 msix_index, u32 reply) > if (scmd == NULL) > return 1; > > + if (ata_12_16_cmd(scmd)) > + scsi_internal_device_unblock(scmd->device, SDEV_RUNNING); > + > + > mpi_request = mpt3sas_base_get_msg_frame(ioc, smid); > > if (mpi_reply == NULL) { > -- > 2.1.4 >

7 years, 2 months

2
1
0 0

[PATCH 0/2] Allow drivers to override stop_engine

by xswang＠marvell.com

From: Evan Wang <xswang(a)marvell.com> There maybe some special operations needed when stop engine for AHCI IP of different vendors, so it is necessary to override ahci_stop_engine() when stop the engine like overriding start_engine(). Evan Wang (2): libahci: Allow drivers to override stop_engine ata: ahci: mvebu: override ahci_stop_engine for mvebu AHCI drivers/ata/ahci.c | 6 ++--- drivers/ata/ahci.h | 7 ++++++ drivers/ata/ahci_mvebu.c | 56 +++++++++++++++++++++++++++++++++++++++++++++ drivers/ata/ahci_qoriq.c | 2 +- drivers/ata/ahci_xgene.c | 4 ++-- drivers/ata/libahci.c | 20 +++++++++------- drivers/ata/sata_highbank.c | 2 +- 7 files changed, 82 insertions(+), 15 deletions(-) -- 1.9.1

7 years, 2 months

2
4
0 0

FAILED: patch "[PATCH] PCI: hv: Serialize the present and eject work items" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 021ad274d7dc31611d4f47f7dd4ac7a224526f30 Mon Sep 17 00:00:00 2001 From: Dexuan Cui <decui(a)microsoft.com> Date: Thu, 15 Mar 2018 14:20:53 +0000 Subject: [PATCH] PCI: hv: Serialize the present and eject work items When we hot-remove the device, we first receive a PCI_EJECT message and then receive a PCI_BUS_RELATIONS message with bus_rel->device_count == 0. The first message is offloaded to hv_eject_device_work(), and the second is offloaded to pci_devices_present_work(). Both the paths can be running list_del(&hpdev->list_entry), causing general protection fault, because system_wq can run them concurrently. The patch eliminates the race condition. Since access to present/eject work items is serialized, we do not need the hbus->enum_sem anymore, so remove it. Fixes: 4daace0d8ce8 ("PCI: hv: Add paravirtual PCI front-end for Microsoft Hyper-V VMs") Link: https://lkml.kernel.org/r/KL1P15301MB00064DA6B4D221123B5241CFBFD70@KL1P1530… Tested-by: Adrian Suhov <v-adsuho(a)microsoft.com> Tested-by: Chris Valean <v-chvale(a)microsoft.com> Signed-off-by: Dexuan Cui <decui(a)microsoft.com> [lorenzo.pieralisi(a)arm.com: squashed semaphore removal patch] Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi(a)arm.com> Reviewed-by: Michael Kelley <mikelley(a)microsoft.com> Acked-by: Haiyang Zhang <haiyangz(a)microsoft.com> Cc: <stable(a)vger.kernel.org> # v4.6+ Cc: Vitaly Kuznetsov <vkuznets(a)redhat.com> Cc: Jack Morgenstein <jackm(a)mellanox.com> Cc: Stephen Hemminger <sthemmin(a)microsoft.com> Cc: K. Y. Srinivasan <kys(a)microsoft.com> diff --git a/drivers/pci/host/pci-hyperv.c b/drivers/pci/host/pci-hyperv.c index 2faf38eab785..b7fd5c157d73 100644 --- a/drivers/pci/host/pci-hyperv.c +++ b/drivers/pci/host/pci-hyperv.c @@ -447,7 +447,6 @@ struct hv_pcibus_device { spinlock_t device_list_lock; /* Protect lists below */ void __iomem *cfg_addr; - struct semaphore enum_sem; struct list_head resources_for_children; struct list_head children; @@ -461,6 +460,8 @@ struct hv_pcibus_device { struct retarget_msi_interrupt retarget_msi_interrupt_params; spinlock_t retarget_msi_interrupt_lock; + + struct workqueue_struct *wq; }; /* @@ -1590,12 +1591,8 @@ static struct hv_pci_dev *get_pcichild_wslot(struct hv_pcibus_device *hbus, * It must also treat the omission of a previously observed device as * notification that the device no longer exists. * - * Note that this function is a work item, and it may not be - * invoked in the order that it was queued. Back to back - * updates of the list of present devices may involve queuing - * multiple work items, and this one may run before ones that - * were sent later. As such, this function only does something - * if is the last one in the queue. + * Note that this function is serialized with hv_eject_device_work(), + * because both are pushed to the ordered workqueue hbus->wq. */ static void pci_devices_present_work(struct work_struct *work) { @@ -1616,11 +1613,6 @@ static void pci_devices_present_work(struct work_struct *work) INIT_LIST_HEAD(&removed); - if (down_interruptible(&hbus->enum_sem)) { - put_hvpcibus(hbus); - return; - } - /* Pull this off the queue and process it if it was the last one. */ spin_lock_irqsave(&hbus->device_list_lock, flags); while (!list_empty(&hbus->dr_list)) { @@ -1637,7 +1629,6 @@ static void pci_devices_present_work(struct work_struct *work) spin_unlock_irqrestore(&hbus->device_list_lock, flags); if (!dr) { - up(&hbus->enum_sem); put_hvpcibus(hbus); return; } @@ -1724,7 +1715,6 @@ static void pci_devices_present_work(struct work_struct *work) break; } - up(&hbus->enum_sem); put_hvpcibus(hbus); kfree(dr); } @@ -1770,7 +1760,7 @@ static void hv_pci_devices_present(struct hv_pcibus_device *hbus, spin_unlock_irqrestore(&hbus->device_list_lock, flags); get_hvpcibus(hbus); - schedule_work(&dr_wrk->wrk); + queue_work(hbus->wq, &dr_wrk->wrk); } /** @@ -1848,7 +1838,7 @@ static void hv_pci_eject_device(struct hv_pci_dev *hpdev) get_pcichild(hpdev, hv_pcidev_ref_pnp); INIT_WORK(&hpdev->wrk, hv_eject_device_work); get_hvpcibus(hpdev->hbus); - schedule_work(&hpdev->wrk); + queue_work(hpdev->hbus->wq, &hpdev->wrk); } /** @@ -2461,13 +2451,18 @@ static int hv_pci_probe(struct hv_device *hdev, spin_lock_init(&hbus->config_lock); spin_lock_init(&hbus->device_list_lock); spin_lock_init(&hbus->retarget_msi_interrupt_lock); - sema_init(&hbus->enum_sem, 1); init_completion(&hbus->remove_event); + hbus->wq = alloc_ordered_workqueue("hv_pci_%x", 0, + hbus->sysdata.domain); + if (!hbus->wq) { + ret = -ENOMEM; + goto free_bus; + } ret = vmbus_open(hdev->channel, pci_ring_size, pci_ring_size, NULL, 0, hv_pci_onchannelcallback, hbus); if (ret) - goto free_bus; + goto destroy_wq; hv_set_drvdata(hdev, hbus); @@ -2536,6 +2531,8 @@ static int hv_pci_probe(struct hv_device *hdev, hv_free_config_window(hbus); close: vmbus_close(hdev->channel); +destroy_wq: + destroy_workqueue(hbus->wq); free_bus: free_page((unsigned long)hbus); return ret; @@ -2615,6 +2612,7 @@ static int hv_pci_remove(struct hv_device *hdev) irq_domain_free_fwnode(hbus->sysdata.fwnode); put_hvpcibus(hbus); wait_for_completion(&hbus->remove_event); + destroy_workqueue(hbus->wq); free_page((unsigned long)hbus); return 0; }

7 years, 2 months

3
7
0 0

[RHEL7.6 PATCH 22/37] Drivers: hv: vmbus: Fix a rescind issue

by Mohammed Gamal

The current rescind processing code will not correctly handle the case where the host immediately rescinds a channel that has been offerred. In this case, we could be blocked in the open call and since the channel is rescinded, the host will not respond and we could be blocked forever in the vmbus open call.i Fix this problem. Signed-off-by: K. Y. Srinivasan <kys(a)microsoft.com> Cc: stable(a)vger.kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> (cherry picked from commit 7fa32e5ec28b1609abc0b797b58267f725fc3964) Signed-off-by: Mohammed Gamal <mgamal(a)redhat.com> --- drivers/hv/channel.c | 10 ++++++++-- drivers/hv/channel_mgmt.c | 7 ++++--- include/linux/hyperv.h | 1 + 3 files changed, 13 insertions(+), 5 deletions(-) diff --git a/drivers/hv/channel.c b/drivers/hv/channel.c index 1c967f5..1d58986 100644 --- a/drivers/hv/channel.c +++ b/drivers/hv/channel.c @@ -659,22 +659,28 @@ void vmbus_close(struct vmbus_channel *channel) */ return; } - mutex_lock(&vmbus_connection.channel_mutex); /* * Close all the sub-channels first and then close the * primary channel. */ list_for_each_safe(cur, tmp, &channel->sc_list) { cur_channel = list_entry(cur, struct vmbus_channel, sc_list); - vmbus_close_internal(cur_channel); if (cur_channel->rescind) { + wait_for_completion(&cur_channel->rescind_event); + mutex_lock(&vmbus_connection.channel_mutex); + vmbus_close_internal(cur_channel); hv_process_channel_removal( cur_channel->offermsg.child_relid); + } else { + mutex_lock(&vmbus_connection.channel_mutex); + vmbus_close_internal(cur_channel); } + mutex_unlock(&vmbus_connection.channel_mutex); } /* * Now close the primary. */ + mutex_lock(&vmbus_connection.channel_mutex); vmbus_close_internal(channel); mutex_unlock(&vmbus_connection.channel_mutex); } diff --git a/drivers/hv/channel_mgmt.c b/drivers/hv/channel_mgmt.c index ec5454f..c21020b 100644 --- a/drivers/hv/channel_mgmt.c +++ b/drivers/hv/channel_mgmt.c @@ -333,6 +333,7 @@ static struct vmbus_channel *alloc_channel(void) return NULL; spin_lock_init(&channel->lock); + init_completion(&channel->rescind_event); INIT_LIST_HEAD(&channel->sc_list); INIT_LIST_HEAD(&channel->percpu_list); @@ -898,6 +899,7 @@ static void vmbus_onoffer_rescind(struct vmbus_channel_message_header *hdr) /* * Now wait for offer handling to complete. */ + vmbus_rescind_cleanup(channel); while (READ_ONCE(channel->probe_done) == false) { /* * We wait here until any channel offer is currently @@ -913,7 +915,6 @@ static void vmbus_onoffer_rescind(struct vmbus_channel_message_header *hdr) if (channel->device_obj) { if (channel->chn_rescind_callback) { channel->chn_rescind_callback(channel); - vmbus_rescind_cleanup(channel); return; } /* @@ -922,7 +923,6 @@ static void vmbus_onoffer_rescind(struct vmbus_channel_message_header *hdr) */ dev = get_device(&channel->device_obj->device); if (dev) { - vmbus_rescind_cleanup(channel); vmbus_device_unregister(channel->device_obj); put_device(dev); } @@ -936,13 +936,14 @@ static void vmbus_onoffer_rescind(struct vmbus_channel_message_header *hdr) * 2. Then close the primary channel. */ mutex_lock(&vmbus_connection.channel_mutex); - vmbus_rescind_cleanup(channel); if (channel->state == CHANNEL_OPEN_STATE) { /* * The channel is currently not open; * it is safe for us to cleanup the channel. */ hv_process_channel_removal(rescind->child_relid); + } else { + complete(&channel->rescind_event); } mutex_unlock(&vmbus_connection.channel_mutex); } diff --git a/include/linux/hyperv.h b/include/linux/hyperv.h index 1552a5f..465d5db 100644 --- a/include/linux/hyperv.h +++ b/include/linux/hyperv.h @@ -724,6 +724,7 @@ struct vmbus_channel { u8 monitor_bit; bool rescind; /* got rescind msg */ + struct completion rescind_event; u32 ringbuffer_gpadlhandle; -- 1.8.3.1

7 years, 2 months

2
1
0 0

[PATCH 3.18 00/52] 3.18.106-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 3.18.106 release. There are 52 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Tue Apr 24 13:53:02 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v3.x/stable-review/patch-3.18.106-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-3.18.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 3.18.106-rc1 Amir Goldstein <amir73il(a)gmail.com> fanotify: fix logic of events on child Ian Kent <raven(a)themaw.net> autofs: mount point create should honour passed in mode Al Viro <viro(a)zeniv.linux.org.uk> Don't leak MNT_INTERNAL away from internal mounts Al Viro <viro(a)zeniv.linux.org.uk> rpc_pipefs: fix double-dput() Al Viro <viro(a)zeniv.linux.org.uk> hypfs_kill_super(): deal with failed allocations Al Viro <viro(a)zeniv.linux.org.uk> jffs2_kill_sb(): deal with failed allocations Michael Ellerman <mpe(a)ellerman.id.au> powerpc/lib: Fix off-by-one in alternate feature patching Matt Redfearn <matt.redfearn(a)mips.com> MIPS: memset.S: Fix clobber of v1 in last_fixup Matt Redfearn <matt.redfearn(a)mips.com> MIPS: memset.S: Fix return of __clear_user from Lpartial_fixup Matt Redfearn <matt.redfearn(a)mips.com> MIPS: memset.S: EVA & fault support for small_memset Rodrigo Rivas Costa <rodrigorivascosta(a)gmail.com> HID: hidraw: Fix crash on HIDIOCGFEATURE with a destroyed device Takashi Iwai <tiwai(a)suse.de> ALSA: rawmidi: Fix missing input substream checks in compat ioctls Paul Parsons <lost.distance(a)yahoo.com> drm/radeon: Fix PCIe lane width calculation Theodore Ts'o <tytso(a)mit.edu> ext4: don't allow r/w mounts if metadata blocks overlap the superblock Theodore Ts'o <tytso(a)mit.edu> ext4: fail ext4_iget for root directory if unallocated Theodore Ts'o <tytso(a)mit.edu> ext4: add validity checks for bitmap block numbers Takashi Iwai <tiwai(a)suse.de> ALSA: pcm: Fix endless loop for XRUN recovery in OSS emulation Takashi Iwai <tiwai(a)suse.de> ALSA: pcm: Fix mutex unbalance in OSS emulation ioctls Takashi Iwai <tiwai(a)suse.de> ALSA: pcm: Return -EBUSY for OSS ioctls changing busy streams Takashi Iwai <tiwai(a)suse.de> ALSA: pcm: Avoid potential races between OSS ioctls and read/write Takashi Iwai <tiwai(a)suse.de> ALSA: pcm: Use ERESTARTSYS instead of EINTR in OSS emulation Nicholas Mc Guire <hofrat(a)osadl.org> ALSA: oss: consolidate kmalloc/memset 0 call to kzalloc Igor Pylypiv <igor.pylypiv(a)gmail.com> watchdog: f71808e_wdt: Fix WD_EN register read Mikhail Lappo <mikhail.lappo(a)esrlabs.com> thermal: imx: Fix race condition in imx_thermal_probe() Richard Genoud <richard.genoud(a)gmail.com> clk: mvebu: armada-38x: add support for missing clocks Ralph Sennhauser <ralph.sennhauser(a)gmail.com> clk: mvebu: armada-38x: add support for 1866MHz variants Alex Smith <alex.smith(a)imgtec.com> mmc: jz4740: Fix race condition in IRQ mask update Theodore Ts'o <tytso(a)mit.edu> jbd2: if the journal is aborted then don't allow update of the log tail Theodore Ts'o <tytso(a)mit.edu> random: use a tighter cap in credit_entropy_bits_safe() Mika Westerberg <mika.westerberg(a)linux.intel.com> thunderbolt: Resume control channel after hibernation image is created James Kelly <jamespeterkelly(a)gmail.com> ASoC: ssm2602: Replace reg_default_raw with reg_default Nicholas Piggin <npiggin(a)gmail.com> powerpc/powernv: Fix OPAL NVRAM driver OPAL_BUSY loops Nicholas Piggin <npiggin(a)gmail.com> powerpc/64: Fix smp_wmb barrier definition use use lwsync consistently Nicholas Piggin <npiggin(a)gmail.com> powerpc/powernv: Handle unknown OPAL errors in opal_nvram_write() Aaron Ma <aaron.ma(a)canonical.com> HID: i2c-hid: fix size check and type usage Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: pci: Properly cleanup resource Zhengjun Xing <zhengjun.xing(a)linux.intel.com> USB:fix USB3 devices behind USB3 hubs not resuming at hibernate thaw Mika Westerberg <mika.westerberg(a)linux.intel.com> ACPI / hotplug / PCI: Check presence of slot itself in get_slot_status() Jason Andryuk <jandryuk(a)gmail.com> xen-netfront: Fix hang on device removal Nicolas Ferre <nicolas.ferre(a)microchip.com> ARM: dts: at91: at91sam9g25: fix mux-mask pinctrl property Heinrich Schuchardt <xypron.glpk(a)gmx.de> usb: musb: gadget: misplaced out of bounds check Takashi Iwai <tiwai(a)suse.de> resource: fix integer overflow at reallocation Andrew Morton <akpm(a)linux-foundation.org> fs/reiserfs/journal.c: add missing resierfs_warning() arg Richard Weinberger <richard(a)nod.at> ubi: Reject MLC NAND Romain Izard <romain.izard.pro(a)gmail.com> ubi: Fix error for write access Richard Weinberger <richard(a)nod.at> ubifs: Check ubifs_wbuf_sync() return code Tejaswi Tanikella <tejaswit(a)codeaurora.org> slip: Check if rstate is initialized before uncompressing Vasily Gorbik <gor(a)linux.ibm.com> s390/ipl: ensure loadparm valid flag is set Julian Wiedmann <jwi(a)linux.vnet.ibm.com> s390/qdio: don't merge ERROR output buffers Julian Wiedmann <jwi(a)linux.vnet.ibm.com> s390/qdio: don't retry EQBS after CCQ 96 Helge Deller <deller(a)gmx.de> parisc: Fix out of array access in match_pci_device() Mauro Carvalho Chehab <mchehab(a)s-opensource.com> media: v4l2-compat-ioctl32: don't oops on overlay ------------- Diffstat: Makefile | 4 +- arch/arm/boot/dts/at91sam9g25.dtsi | 2 +- arch/mips/lib/memset.S | 11 +- arch/parisc/kernel/drivers.c | 4 + arch/powerpc/include/asm/barrier.h | 3 +- arch/powerpc/include/asm/synch.h | 4 - arch/powerpc/lib/feature-fixups.c | 2 +- arch/powerpc/platforms/powernv/opal-nvram.c | 11 +- arch/s390/hypfs/inode.c | 2 +- arch/s390/kernel/ipl.c | 1 + drivers/char/random.c | 2 +- drivers/clk/mvebu/armada-38x.c | 15 +- drivers/gpu/drm/radeon/si_dpm.c | 4 +- drivers/hid/hidraw.c | 5 + drivers/hid/i2c-hid/i2c-hid.c | 13 +- drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 4 +- drivers/mmc/host/jz4740_mmc.c | 2 +- drivers/mtd/ubi/block.c | 2 +- drivers/mtd/ubi/build.c | 11 ++ drivers/net/slip/slhc.c | 5 + drivers/net/xen-netfront.c | 7 +- drivers/pci/hotplug/acpiphp_glue.c | 23 +++- drivers/s390/cio/qdio_main.c | 42 +++--- drivers/thermal/imx_thermal.c | 6 +- drivers/thunderbolt/nhi.c | 1 + drivers/usb/core/generic.c | 9 +- drivers/usb/dwc3/dwc3-pci.c | 2 +- drivers/usb/musb/musb_gadget_ep0.c | 14 +- drivers/watchdog/f71808e_wdt.c | 2 +- fs/autofs4/root.c | 2 +- fs/ext4/balloc.c | 16 ++- fs/ext4/ialloc.c | 8 +- fs/ext4/inode.c | 6 + fs/ext4/super.c | 6 + fs/jbd2/journal.c | 5 +- fs/jffs2/super.c | 2 +- fs/namespace.c | 3 +- fs/notify/fanotify/fanotify.c | 34 ++--- fs/reiserfs/journal.c | 2 +- fs/ubifs/super.c | 14 +- include/net/slhc_vj.h | 1 + include/sound/pcm_oss.h | 1 + kernel/resource.c | 3 +- net/sunrpc/rpc_pipe.c | 1 + sound/core/oss/pcm_oss.c | 189 ++++++++++++++++++++------ sound/core/rawmidi_compat.c | 18 ++- sound/soc/codecs/ssm2602.c | 19 ++- 47 files changed, 388 insertions(+), 155 deletions(-)

7 years, 2 months

6
57
0 0

[Patch v2 1/6] cifs: smbd: Check for iov length on sending the last iov

by Long Li

From: Long Li <longli(a)microsoft.com> When sending the last iov that breaks into smaller buffers to fit the transfer size, it's necessary to check if this is the last iov. If this is the latest iov, stop and proceed to send pages. Signed-off-by: Long Li <longli(a)microsoft.com> Cc: stable(a)vger.kernel.org --- fs/cifs/smbdirect.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/cifs/smbdirect.c b/fs/cifs/smbdirect.c index 90e673c..b5c6c0d 100644 --- a/fs/cifs/smbdirect.c +++ b/fs/cifs/smbdirect.c @@ -2197,6 +2197,8 @@ int smbd_send(struct smbd_connection *info, struct smb_rqst *rqst) goto done; } i++; + if (i == rqst->rq_nvec) + break; } start = i; buflen = 0; -- 2.7.4

7 years, 2 months

5
12
0 0

[PATCH] mtd: spi-nor: Fix Cadence QSPI page fault kernel panic

by thor.thayer＠linux.intel.com

From: Thor Thayer <thor.thayer(a)linux.intel.com> The current Cadence QSPI driver caused a kernel panic when loading a Root Filesystem from QSPI. The problem was caused by reading more bytes than needed because the QSPI operated on 4 bytes at a time. <snip> [ 7.947754] spi_nor_read[1048]:from 0x037cad74, len 1 [bfe07fff] [ 7.956247] cqspi_read[910]:offset 0x58502516, buffer=bfe07fff [ 7.956247] [ 7.966046] Unable to handle kernel paging request at virtual address bfe08002 [ 7.973239] pgd = eebfc000 [ 7.975931] [bfe08002] *pgd=2fffb811, *pte=00000000, *ppte=00000000 </snip> Notice above how only 1 byte needed to be read but by reading 4 bytes into the end of a mapped page, an unrecoverable page fault occurred. This patch uses a temporary buffer to hold the 4 bytes read and then copies only the bytes required into the buffer. A min() function is used to limit the length to prevent buffer overflows. Request testing of this patch on other platforms. This was tested on the Intel Arria10 SoCFPGA DevKit. Fixes: 0cf1725676a97fc8 ("mtd: spi-nor: cqspi: Fix build on arches missing readsl/writesl") Signed-off-by: Thor Thayer <thor.thayer(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> Reviewed-by: Marek Vasut <marek.vasut(a)gmail.com> --- v2 Changes to only write dangling bytes at end of transfer since previous patch may have multiple dangling byte transfers. Remove write patch since no errors reported and write timeout needs more investigation. v3 Add Fixes tag Cc-stable tag. --- drivers/mtd/spi-nor/cadence-quadspi.c | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/drivers/mtd/spi-nor/cadence-quadspi.c b/drivers/mtd/spi-nor/cadence-quadspi.c index 2f3a4d4232b3..c3f7aaa5d18f 100644 --- a/drivers/mtd/spi-nor/cadence-quadspi.c +++ b/drivers/mtd/spi-nor/cadence-quadspi.c @@ -507,7 +507,9 @@ static int cqspi_indirect_read_execute(struct spi_nor *nor, u8 *rxbuf, void __iomem *reg_base = cqspi->iobase; void __iomem *ahb_base = cqspi->ahb_base; unsigned int remaining = n_rx; + unsigned int mod_bytes = n_rx % 4; unsigned int bytes_to_read = 0; + u8 *rxbuf_end = rxbuf + n_rx; int ret = 0; writel(from_addr, reg_base + CQSPI_REG_INDIRECTRDSTARTADDR); @@ -536,11 +538,24 @@ static int cqspi_indirect_read_execute(struct spi_nor *nor, u8 *rxbuf, } while (bytes_to_read != 0) { + unsigned int word_remain = round_down(remaining, 4); + bytes_to_read *= cqspi->fifo_width; bytes_to_read = bytes_to_read > remaining ? remaining : bytes_to_read; - ioread32_rep(ahb_base, rxbuf, - DIV_ROUND_UP(bytes_to_read, 4)); + bytes_to_read = round_down(bytes_to_read, 4); + /* Read 4 byte word chunks then single bytes */ + if (bytes_to_read) { + ioread32_rep(ahb_base, rxbuf, + (bytes_to_read / 4)); + } else if (!word_remain && mod_bytes) { + unsigned int temp = ioread32(ahb_base); + + bytes_to_read = mod_bytes; + memcpy(rxbuf, &temp, min((unsigned int) + (rxbuf_end - rxbuf), + bytes_to_read)); + } rxbuf += bytes_to_read; remaining -= bytes_to_read; bytes_to_read = cqspi_get_rd_sram_level(cqspi); -- 2.7.4

7 years, 2 months

2
1
0 0

[PATCH] RDMA/cxgb4: release hw resources on device removal

by Raju Rangoju

The c4iw_rdev_close() logic was not releasing all the hw resources (PBL and RQT memory) during the device removal event (driver unload / system reboot). This can cause panic in gen_pool_destroy(). The module remove function will wait for all the hw resources to be released during the device removal event. Fixes c12a67fe(iw_cxgb4: free EQ queue memory on last deref) Signed-off-by: Raju Rangoju <rajur(a)chelsio.com> Reviewed-by: Steve Wise <swise(a)opengridcomputing.com> Cc: stable(a)vger.kernel.org --- drivers/infiniband/hw/cxgb4/device.c | 9 ++++++++- drivers/infiniband/hw/cxgb4/iw_cxgb4.h | 4 ++++ drivers/infiniband/hw/cxgb4/resource.c | 26 ++++++++++++++++++++++++-- 3 files changed, 36 insertions(+), 3 deletions(-) diff --git a/drivers/infiniband/hw/cxgb4/device.c b/drivers/infiniband/hw/cxgb4/device.c index feeb8ee6f4a2..44161ca4d2a8 100644 --- a/drivers/infiniband/hw/cxgb4/device.c +++ b/drivers/infiniband/hw/cxgb4/device.c @@ -875,6 +875,11 @@ static int c4iw_rdev_open(struct c4iw_rdev *rdev) rdev->status_page->db_off = 0; + init_completion(&rdev->rqt_compl); + init_completion(&rdev->pbl_compl); + kref_init(&rdev->rqt_kref); + kref_init(&rdev->pbl_kref); + return 0; err_free_status_page_and_wr_log: if (c4iw_wr_log && rdev->wr_log) @@ -893,13 +898,15 @@ static int c4iw_rdev_open(struct c4iw_rdev *rdev) static void c4iw_rdev_close(struct c4iw_rdev *rdev) { - destroy_workqueue(rdev->free_workq); kfree(rdev->wr_log); c4iw_release_dev_ucontext(rdev, &rdev->uctx); free_page((unsigned long)rdev->status_page); c4iw_pblpool_destroy(rdev); c4iw_rqtpool_destroy(rdev); + wait_for_completion(&rdev->pbl_compl); + wait_for_completion(&rdev->rqt_compl); c4iw_ocqp_pool_destroy(rdev); + destroy_workqueue(rdev->free_workq); c4iw_destroy_resource(&rdev->resource); } diff --git a/drivers/infiniband/hw/cxgb4/iw_cxgb4.h b/drivers/infiniband/hw/cxgb4/iw_cxgb4.h index cc929002c05e..a60def23e9ef 100644 --- a/drivers/infiniband/hw/cxgb4/iw_cxgb4.h +++ b/drivers/infiniband/hw/cxgb4/iw_cxgb4.h @@ -185,6 +185,10 @@ struct c4iw_rdev { struct wr_log_entry *wr_log; int wr_log_size; struct workqueue_struct *free_workq; + struct completion rqt_compl; + struct completion pbl_compl; + struct kref rqt_kref; + struct kref pbl_kref; }; static inline int c4iw_fatal_error(struct c4iw_rdev *rdev) diff --git a/drivers/infiniband/hw/cxgb4/resource.c b/drivers/infiniband/hw/cxgb4/resource.c index 3cf25997ed2b..0ef25ae05e6f 100644 --- a/drivers/infiniband/hw/cxgb4/resource.c +++ b/drivers/infiniband/hw/cxgb4/resource.c @@ -260,12 +260,22 @@ u32 c4iw_pblpool_alloc(struct c4iw_rdev *rdev, int size) rdev->stats.pbl.cur += roundup(size, 1 << MIN_PBL_SHIFT); if (rdev->stats.pbl.cur > rdev->stats.pbl.max) rdev->stats.pbl.max = rdev->stats.pbl.cur; + kref_get(&rdev->pbl_kref); } else rdev->stats.pbl.fail++; mutex_unlock(&rdev->stats.lock); return (u32)addr; } +static void destroy_pblpool(struct kref *kref) +{ + struct c4iw_rdev *rdev; + + rdev = container_of(kref, struct c4iw_rdev, pbl_kref); + gen_pool_destroy(rdev->pbl_pool); + complete(&rdev->pbl_compl); +} + void c4iw_pblpool_free(struct c4iw_rdev *rdev, u32 addr, int size) { pr_debug("addr 0x%x size %d\n", addr, size); @@ -273,6 +283,7 @@ void c4iw_pblpool_free(struct c4iw_rdev *rdev, u32 addr, int size) rdev->stats.pbl.cur -= roundup(size, 1 << MIN_PBL_SHIFT); mutex_unlock(&rdev->stats.lock); gen_pool_free(rdev->pbl_pool, (unsigned long)addr, size); + kref_put(&rdev->pbl_kref, destroy_pblpool); } int c4iw_pblpool_create(struct c4iw_rdev *rdev) @@ -310,7 +321,7 @@ int c4iw_pblpool_create(struct c4iw_rdev *rdev) void c4iw_pblpool_destroy(struct c4iw_rdev *rdev) { - gen_pool_destroy(rdev->pbl_pool); + kref_put(&rdev->pbl_kref, destroy_pblpool); } /* @@ -331,12 +342,22 @@ u32 c4iw_rqtpool_alloc(struct c4iw_rdev *rdev, int size) rdev->stats.rqt.cur += roundup(size << 6, 1 << MIN_RQT_SHIFT); if (rdev->stats.rqt.cur > rdev->stats.rqt.max) rdev->stats.rqt.max = rdev->stats.rqt.cur; + kref_get(&rdev->rqt_kref); } else rdev->stats.rqt.fail++; mutex_unlock(&rdev->stats.lock); return (u32)addr; } +static void destroy_rqtpool(struct kref *kref) +{ + struct c4iw_rdev *rdev; + + rdev = container_of(kref, struct c4iw_rdev, rqt_kref); + gen_pool_destroy(rdev->rqt_pool); + complete(&rdev->rqt_compl); +} + void c4iw_rqtpool_free(struct c4iw_rdev *rdev, u32 addr, int size) { pr_debug("addr 0x%x size %d\n", addr, size << 6); @@ -344,6 +365,7 @@ void c4iw_rqtpool_free(struct c4iw_rdev *rdev, u32 addr, int size) rdev->stats.rqt.cur -= roundup(size << 6, 1 << MIN_RQT_SHIFT); mutex_unlock(&rdev->stats.lock); gen_pool_free(rdev->rqt_pool, (unsigned long)addr, size << 6); + kref_put(&rdev->rqt_kref, destroy_rqtpool); } int c4iw_rqtpool_create(struct c4iw_rdev *rdev) @@ -380,7 +402,7 @@ int c4iw_rqtpool_create(struct c4iw_rdev *rdev) void c4iw_rqtpool_destroy(struct c4iw_rdev *rdev) { - gen_pool_destroy(rdev->rqt_pool); + kref_put(&rdev->rqt_kref, destroy_rqtpool); } /* -- 2.12.0

7 years, 2 months

1
0
0 0

[PATCH 4.14/4.16 v2] writeback: safer lock nesting

by Nathan Chancellor

From: Greg Thelen <gthelen(a)google.com> commit 2e898e4c0a3897ccd434adac5abb8330194f527b upstream. lock_page_memcg()/unlock_page_memcg() use spin_lock_irqsave/restore() if the page's memcg is undergoing move accounting, which occurs when a process leaves its memcg for a new one that has memory.move_charge_at_immigrate set. unlocked_inode_to_wb_begin,end() use spin_lock_irq/spin_unlock_irq() if the given inode is switching writeback domains. Switches occur when enough writes are issued from a new domain. This existing pattern is thus suspicious: lock_page_memcg(page); unlocked_inode_to_wb_begin(inode, &locked); ... unlocked_inode_to_wb_end(inode, locked); unlock_page_memcg(page); If both inode switch and process memcg migration are both in-flight then unlocked_inode_to_wb_end() will unconditionally enable interrupts while still holding the lock_page_memcg() irq spinlock. This suggests the possibility of deadlock if an interrupt occurs before unlock_page_memcg(). truncate __cancel_dirty_page lock_page_memcg unlocked_inode_to_wb_begin unlocked_inode_to_wb_end <interrupts mistakenly enabled> <interrupt> end_page_writeback test_clear_page_writeback lock_page_memcg <deadlock> unlock_page_memcg Due to configuration limitations this deadlock is not currently possible because we don't mix cgroup writeback (a cgroupv2 feature) and memory.move_charge_at_immigrate (a cgroupv1 feature). If the kernel is hacked to always claim inode switching and memcg moving_account, then this script triggers lockup in less than a minute: cd /mnt/cgroup/memory mkdir a b echo 1 > a/memory.move_charge_at_immigrate echo 1 > b/memory.move_charge_at_immigrate ( echo $BASHPID > a/cgroup.procs while true; do dd if=/dev/zero of=/mnt/big bs=1M count=256 done ) & while true; do sync done & sleep 1h & SLEEP=$! while true; do echo $SLEEP > a/cgroup.procs echo $SLEEP > b/cgroup.procs done The deadlock does not seem possible, so it's debatable if there's any reason to modify the kernel. I suggest we should to prevent future surprises. And Wang Long said "this deadlock occurs three times in our environment", so there's more reason to apply this, even to stable. Stable 4.4 has minor conflicts applying this patch. For a clean 4.4 patch see "[PATCH for-4.4] writeback: safer lock nesting" https://lkml.org/lkml/2018/4/11/146 Wang Long said "this deadlock occurs three times in our environment" [gthelen(a)google.com: v4] Link: http://lkml.kernel.org/r/20180411084653.254724-1-gthelen@google.com [akpm(a)linux-foundation.org: comment tweaks, struct initialization simplification] Change-Id: Ibb773e8045852978f6207074491d262f1b3fb613 Link: http://lkml.kernel.org/r/20180410005908.167976-1-gthelen@google.com Fixes: 682aa8e1a6a1 ("writeback: implement unlocked_inode_to_wb transaction and use it for stat updates") Signed-off-by: Greg Thelen <gthelen(a)google.com> Reported-by: Wang Long <wanglong19(a)meituan.com> Acked-by: Wang Long <wanglong19(a)meituan.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Reviewed-by: Andrew Morton <akpm(a)linux-foundation.org> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Tejun Heo <tj(a)kernel.org> Cc: Nicholas Piggin <npiggin(a)gmail.com> Cc: <stable(a)vger.kernel.org> [v4.2+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> [natechancellor: Adjust context due to lack of b93b016313b3b] Signed-off-by: Nathan Chancellor <natechancellor(a)gmail.com> --- fs/fs-writeback.c | 7 ++++--- include/linux/backing-dev-defs.h | 5 +++++ include/linux/backing-dev.h | 30 ++++++++++++++++-------------- mm/page-writeback.c | 18 +++++++++--------- 4 files changed, 34 insertions(+), 26 deletions(-) diff --git a/fs/fs-writeback.c b/fs/fs-writeback.c index d4d04fee568a..40c34a0ef58a 100644 --- a/fs/fs-writeback.c +++ b/fs/fs-writeback.c @@ -745,11 +745,12 @@ int inode_congested(struct inode *inode, int cong_bits) */ if (inode && inode_to_wb_is_valid(inode)) { struct bdi_writeback *wb; - bool locked, congested; + struct wb_lock_cookie lock_cookie = {}; + bool congested; - wb = unlocked_inode_to_wb_begin(inode, &locked); + wb = unlocked_inode_to_wb_begin(inode, &lock_cookie); congested = wb_congested(wb, cong_bits); - unlocked_inode_to_wb_end(inode, locked); + unlocked_inode_to_wb_end(inode, &lock_cookie); return congested; } diff --git a/include/linux/backing-dev-defs.h b/include/linux/backing-dev-defs.h index bfe86b54f6c1..0bd432a4d7bd 100644 --- a/include/linux/backing-dev-defs.h +++ b/include/linux/backing-dev-defs.h @@ -223,6 +223,11 @@ static inline void set_bdi_congested(struct backing_dev_info *bdi, int sync) set_wb_congested(bdi->wb.congested, sync); } +struct wb_lock_cookie { + bool locked; + unsigned long flags; +}; + #ifdef CONFIG_CGROUP_WRITEBACK /** diff --git a/include/linux/backing-dev.h b/include/linux/backing-dev.h index 3e4ce54d84ab..82e8b73117d1 100644 --- a/include/linux/backing-dev.h +++ b/include/linux/backing-dev.h @@ -346,7 +346,7 @@ static inline struct bdi_writeback *inode_to_wb(const struct inode *inode) /** * unlocked_inode_to_wb_begin - begin unlocked inode wb access transaction * @inode: target inode - * @lockedp: temp bool output param, to be passed to the end function + * @cookie: output param, to be passed to the end function * * The caller wants to access the wb associated with @inode but isn't * holding inode->i_lock, mapping->tree_lock or wb->list_lock. This @@ -354,12 +354,12 @@ static inline struct bdi_writeback *inode_to_wb(const struct inode *inode) * association doesn't change until the transaction is finished with * unlocked_inode_to_wb_end(). * - * The caller must call unlocked_inode_to_wb_end() with *@lockdep - * afterwards and can't sleep during transaction. IRQ may or may not be - * disabled on return. + * The caller must call unlocked_inode_to_wb_end() with *@cookie afterwards and + * can't sleep during the transaction. IRQs may or may not be disabled on + * return. */ static inline struct bdi_writeback * -unlocked_inode_to_wb_begin(struct inode *inode, bool *lockedp) +unlocked_inode_to_wb_begin(struct inode *inode, struct wb_lock_cookie *cookie) { rcu_read_lock(); @@ -367,10 +367,10 @@ unlocked_inode_to_wb_begin(struct inode *inode, bool *lockedp) * Paired with store_release in inode_switch_wb_work_fn() and * ensures that we see the new wb if we see cleared I_WB_SWITCH. */ - *lockedp = smp_load_acquire(&inode->i_state) & I_WB_SWITCH; + cookie->locked = smp_load_acquire(&inode->i_state) & I_WB_SWITCH; - if (unlikely(*lockedp)) - spin_lock_irq(&inode->i_mapping->tree_lock); + if (unlikely(cookie->locked)) + spin_lock_irqsave(&inode->i_mapping->tree_lock, cookie->flags); /* * Protected by either !I_WB_SWITCH + rcu_read_lock() or tree_lock. @@ -382,12 +382,13 @@ unlocked_inode_to_wb_begin(struct inode *inode, bool *lockedp) /** * unlocked_inode_to_wb_end - end inode wb access transaction * @inode: target inode - * @locked: *@lockedp from unlocked_inode_to_wb_begin() + * @cookie: @cookie from unlocked_inode_to_wb_begin() */ -static inline void unlocked_inode_to_wb_end(struct inode *inode, bool locked) +static inline void unlocked_inode_to_wb_end(struct inode *inode, + struct wb_lock_cookie *cookie) { - if (unlikely(locked)) - spin_unlock_irq(&inode->i_mapping->tree_lock); + if (unlikely(cookie->locked)) + spin_unlock_irqrestore(&inode->i_mapping->tree_lock, cookie->flags); rcu_read_unlock(); } @@ -434,12 +435,13 @@ static inline struct bdi_writeback *inode_to_wb(struct inode *inode) } static inline struct bdi_writeback * -unlocked_inode_to_wb_begin(struct inode *inode, bool *lockedp) +unlocked_inode_to_wb_begin(struct inode *inode, struct wb_lock_cookie *cookie) { return inode_to_wb(inode); } -static inline void unlocked_inode_to_wb_end(struct inode *inode, bool locked) +static inline void unlocked_inode_to_wb_end(struct inode *inode, + struct wb_lock_cookie *cookie) { } diff --git a/mm/page-writeback.c b/mm/page-writeback.c index 586f31261c83..8369572e1f7d 100644 --- a/mm/page-writeback.c +++ b/mm/page-writeback.c @@ -2501,13 +2501,13 @@ void account_page_redirty(struct page *page) if (mapping && mapping_cap_account_dirty(mapping)) { struct inode *inode = mapping->host; struct bdi_writeback *wb; - bool locked; + struct wb_lock_cookie cookie = {}; - wb = unlocked_inode_to_wb_begin(inode, &locked); + wb = unlocked_inode_to_wb_begin(inode, &cookie); current->nr_dirtied--; dec_node_page_state(page, NR_DIRTIED); dec_wb_stat(wb, WB_DIRTIED); - unlocked_inode_to_wb_end(inode, locked); + unlocked_inode_to_wb_end(inode, &cookie); } } EXPORT_SYMBOL(account_page_redirty); @@ -2613,15 +2613,15 @@ void __cancel_dirty_page(struct page *page) if (mapping_cap_account_dirty(mapping)) { struct inode *inode = mapping->host; struct bdi_writeback *wb; - bool locked; + struct wb_lock_cookie cookie = {}; lock_page_memcg(page); - wb = unlocked_inode_to_wb_begin(inode, &locked); + wb = unlocked_inode_to_wb_begin(inode, &cookie); if (TestClearPageDirty(page)) account_page_cleaned(page, mapping, wb); - unlocked_inode_to_wb_end(inode, locked); + unlocked_inode_to_wb_end(inode, &cookie); unlock_page_memcg(page); } else { ClearPageDirty(page); @@ -2653,7 +2653,7 @@ int clear_page_dirty_for_io(struct page *page) if (mapping && mapping_cap_account_dirty(mapping)) { struct inode *inode = mapping->host; struct bdi_writeback *wb; - bool locked; + struct wb_lock_cookie cookie = {}; /* * Yes, Virginia, this is indeed insane. @@ -2690,14 +2690,14 @@ int clear_page_dirty_for_io(struct page *page) * always locked coming in here, so we get the desired * exclusion. */ - wb = unlocked_inode_to_wb_begin(inode, &locked); + wb = unlocked_inode_to_wb_begin(inode, &cookie); if (TestClearPageDirty(page)) { dec_lruvec_page_state(page, NR_FILE_DIRTY); dec_zone_page_state(page, NR_ZONE_WRITE_PENDING); dec_wb_stat(wb, WB_RECLAIMABLE); ret = 1; } - unlocked_inode_to_wb_end(inode, locked); + unlocked_inode_to_wb_end(inode, &cookie); return ret; } return TestClearPageDirty(page); -- 2.17.0

7 years, 2 months

4
5
0 0

Re: [4.4, 50/97] ext4: add validity checks for bitmap block numbers -- regression?

by Ilya Dryomov

Hi Greg, Commit 7dac4a1726a9 ("ext4: add validity checks for bitmap block numbers") seems to be the cause of the regression reported here: https://marc.info/?l=linux-ext4&m=152416385122029&w=2 ext4 folks are probably busy at LSF, so no reply yet. Should this commit be held until we get word from Ted? Please excuse broken threading. Thanks, Ilya

7 years, 2 months

2
1
0 0

[PATCH] net/core/skbuff.c fix skb_expand_head off logic error!

by web_czom＠yeah.net

fix logic error! --- linux/net/core/skbuff.c.orig 2018-04-23 20:55:37.747731000 +0800 +++ linux/net/core/skbuff.c 2018-04-23 20:56:30.782520000 +0800 @@ -1492,7 +1492,7 @@ int pskb_expand_head(struct sk_buff *skb } else { skb_free_head(skb); } - off = (data + nhead) - skb->head; + off = (skb->data - skb->head) + nhead; skb->head = data; skb->head_frag = 0;

7 years, 2 months

2
1
0 0

[PATCH] drm/i915/bxt, glk: Increase PCODE timeouts during CDCLK freq changing

by Imre Deak

commit 5e1df40f40ee45a97bb1066c3d71f0ae920a9672 upstream. Currently we see sporadic timeouts during CDCLK changing both on BXT and GLK as reported by the Bugzilla: ticket. It's easy to reproduce this by changing the frequency in a tight loop after blanking the display. The upper bound for the completion time is 800us based on my tests, so increase it from the current 500us to 2ms; with that I couldn't trigger the problem either on BXT or GLK. Note that timeouts happened during both the change notification and the voltage level setting PCODE request. (For the latter one BSpec doesn't require us to wait for completion before further HW programming.) This issue is similar to commit 2c7d0602c815 ("drm/i915/gen9: Fix PCODE polling during CDCLK change notification") but there the PCODE request does complete (as shown by the mbox busy flag), only the reply we get from PCODE indicates a failure. So there we keep resending the request until a success reply, here we just have to increase the timeout for the one PCODE request we send. v2: - s/snb_pcode_request/sandybridge_pcode_write_timeout/ (Ville) Cc: Chris Wilson <chris(a)chris-wilson.co.uk> Cc: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> # v4.15 Acked-by: Chris Wilson <chris(a)chris-wilson.co.uk> (v1) Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=103326 Reviewed-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Signed-off-by: Imre Deak <imre.deak(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20180130142939.17983-1-imre.d… (cherry picked from commit e76019a81921e87a4d9e7b3d86102bc708a6c227) Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> (Rebased for v4.15 stable tree due to upstream s/DIV_ROUND_UP(cdclk, 25000)/cdclk_state->voltage_level/ change ) Signed-off-by: Imre Deak <imre.deak(a)intel.com> --- drivers/gpu/drm/i915/i915_drv.h | 6 +++++- drivers/gpu/drm/i915/intel_cdclk.c | 22 +++++++++++++++++----- drivers/gpu/drm/i915/intel_pm.c | 6 +++--- 3 files changed, 25 insertions(+), 9 deletions(-) diff --git a/drivers/gpu/drm/i915/i915_drv.h b/drivers/gpu/drm/i915/i915_drv.h index e143004e66d5..ffc75271bf7e 100644 --- a/drivers/gpu/drm/i915/i915_drv.h +++ b/drivers/gpu/drm/i915/i915_drv.h @@ -4140,7 +4140,11 @@ extern void intel_display_print_error_state(struct drm_i915_error_state_buf *e, struct intel_display_error_state *error); int sandybridge_pcode_read(struct drm_i915_private *dev_priv, u32 mbox, u32 *val); -int sandybridge_pcode_write(struct drm_i915_private *dev_priv, u32 mbox, u32 val); +int sandybridge_pcode_write_timeout(struct drm_i915_private *dev_priv, u32 mbox, + u32 val, int timeout_us); +#define sandybridge_pcode_write(dev_priv, mbox, val) \ + sandybridge_pcode_write_timeout(dev_priv, mbox, val, 500) + int skl_pcode_request(struct drm_i915_private *dev_priv, u32 mbox, u32 request, u32 reply_mask, u32 reply, int timeout_base_ms); diff --git a/drivers/gpu/drm/i915/intel_cdclk.c b/drivers/gpu/drm/i915/intel_cdclk.c index 60cf4e58389a..658f681eb927 100644 --- a/drivers/gpu/drm/i915/intel_cdclk.c +++ b/drivers/gpu/drm/i915/intel_cdclk.c @@ -1284,10 +1284,15 @@ static void bxt_set_cdclk(struct drm_i915_private *dev_priv, break; } - /* Inform power controller of upcoming frequency change */ + /* + * Inform power controller of upcoming frequency change. BSpec + * requires us to wait up to 150usec, but that leads to timeouts; + * the 2ms used here is based on experiment. + */ mutex_lock(&dev_priv->pcu_lock); - ret = sandybridge_pcode_write(dev_priv, HSW_PCODE_DE_WRITE_FREQ_REQ, - 0x80000000); + ret = sandybridge_pcode_write_timeout(dev_priv, + HSW_PCODE_DE_WRITE_FREQ_REQ, + 0x80000000, 2000); mutex_unlock(&dev_priv->pcu_lock); if (ret) { @@ -1318,8 +1323,15 @@ static void bxt_set_cdclk(struct drm_i915_private *dev_priv, I915_WRITE(CDCLK_CTL, val); mutex_lock(&dev_priv->pcu_lock); - ret = sandybridge_pcode_write(dev_priv, HSW_PCODE_DE_WRITE_FREQ_REQ, - DIV_ROUND_UP(cdclk, 25000)); + /* + * The timeout isn't specified, the 2ms used here is based on + * experiment. + * FIXME: Waiting for the request completion could be delayed until + * the next PCODE request based on BSpec. + */ + ret = sandybridge_pcode_write_timeout(dev_priv, + HSW_PCODE_DE_WRITE_FREQ_REQ, + DIV_ROUND_UP(cdclk, 25000), 2000); mutex_unlock(&dev_priv->pcu_lock); if (ret) { diff --git a/drivers/gpu/drm/i915/intel_pm.c b/drivers/gpu/drm/i915/intel_pm.c index f0d0dbab4150..c4e5db551fc2 100644 --- a/drivers/gpu/drm/i915/intel_pm.c +++ b/drivers/gpu/drm/i915/intel_pm.c @@ -9227,8 +9227,8 @@ int sandybridge_pcode_read(struct drm_i915_private *dev_priv, u32 mbox, u32 *val return 0; } -int sandybridge_pcode_write(struct drm_i915_private *dev_priv, - u32 mbox, u32 val) +int sandybridge_pcode_write_timeout(struct drm_i915_private *dev_priv, + u32 mbox, u32 val, int timeout_us) { int status; @@ -9251,7 +9251,7 @@ int sandybridge_pcode_write(struct drm_i915_private *dev_priv, if (__intel_wait_for_register_fw(dev_priv, GEN6_PCODE_MAILBOX, GEN6_PCODE_READY, 0, - 500, 0, NULL)) { + timeout_us, 0, NULL)) { DRM_ERROR("timeout waiting for pcode write of 0x%08x to mbox %x to finish for %ps\n", val, mbox, __builtin_return_address(0)); return -ETIMEDOUT; -- 2.13.2

7 years, 2 months

2
1
0 0

[PATCH stable v4.15 1/3] media: staging: lirc_zilog: broken reference counting

by Sean Young

commit 615cd3fe6ccc ("[media] media: lirc_dev: make better use of file->private_data") removed the reference get from open, so on the first close the reference count hits zero and the lirc device is freed. BUG: unable to handle kernel NULL pointer dereference at 0000000000000040 IP: lirc_thread+0x94/0x520 [lirc_zilog] PGD 22d69c067 P4D 22d69c067 PUD 22d69d067 PMD 0 Oops: 0000 [#1] SMP NOPTI CPU: 2 PID: 701 Comm: zilog-rx-i2c-7 Tainted: P C OE 4.15.14-300.fc27.x86_64 #1 Hardware name: Gigabyte Technology Co., Ltd. GA-MA790FXT-UD5P/GA-MA790FXT-UD5P, BIOS F6 08/06/2009 RIP: 0010:lirc_thread+0x94/0x520 [lirc_zilog] RSP: 0018:ffffb482c131be98 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff8fdabf056000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000246 RDI: 0000000000000246 RBP: ffff8fdab740af00 R08: ffff8fdacfd214a0 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000040 R12: ffffb482c10dba48 R13: ffff8fdabea89e00 R14: ffff8fdab740af00 R15: ffffffffc0b5e500 FS: 0000000000000000(0000) GS:ffff8fdacfd00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000040 CR3: 00000002124c0000 CR4: 00000000000006e0 Call Trace: ? __schedule+0x247/0x880 ? get_ir_tx+0x40/0x40 [lirc_zilog] kthread+0x113/0x130 ? kthread_create_worker_on_cpu+0x70/0x70 ? do_syscall_64+0x74/0x180 ? SyS_exit_group+0x10/0x10 ret_from_fork+0x22/0x40 Code: 20 8b 85 80 00 00 00 85 c0 0f 84 a6 00 00 00 bf 04 01 00 00 e8 ee 34 d4 d7 e8 69 88 56 d7 84 c0 75 69 48 8b 45 18 c6 44 24 37 00 <48> 8b 58 40 4c 8d 6b 18 4c 89 ef e8 fc 4d d4 d7 4c 89 ef 48 89 RIP: lirc_thread+0x94/0x520 [lirc_zilog] RSP: ffffb482c131be98 CR2: 0000000000000040 This code has been replaced completely in kernel v4.16 by a new driver, see commit acaa34bf06e9 ("media: rc: implement zilog transmitter"), and commit f95367a7b758 ("media: staging: remove lirc_zilog driver"). Fixes: 615cd3fe6ccc ("[media] media: lirc_dev: make better use of file->private_data") Cc: stable(a)vger.kernel.org # v4.15 Reported-by: Warren Sturm <warren.sturm(a)gmail.com> Tested-by: Warren Sturm <warren.sturm(a)gmail.com> Signed-off-by: Sean Young <sean(a)mess.org> --- drivers/staging/media/lirc/lirc_zilog.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/staging/media/lirc/lirc_zilog.c b/drivers/staging/media/lirc/lirc_zilog.c index 6bd0717bf76e..bf6869e48a0f 100644 --- a/drivers/staging/media/lirc/lirc_zilog.c +++ b/drivers/staging/media/lirc/lirc_zilog.c @@ -1291,6 +1291,7 @@ static int open(struct inode *node, struct file *filep) lirc_init_pdata(node, filep); ir = lirc_get_pdata(filep); + get_ir_device(ir, false); atomic_inc(&ir->open_count); -- 2.14.3

7 years, 2 months

3
8
0 0

[PATCH] MIPS: io: Add barrier after register read in inX()

by Huacai Chen

While a barrier is present in the outX() functions before the register write, a similar barrier is missing in the inX() functions after the register read. This could allow memory accesses following inX() to observe stale data. This patch is very similar to commit a1cc7034e33d12dc1 ("MIPS: io: Add barrier after register read in readX()"). Because war_io_reorder_wmb() is both used by writeX() and outX(), if readX() need a barrier then so does inX(). Cc: stable(a)vger.kernel.org Signed-off-by: Huacai Chen <chenhc(a)lemote.com> --- arch/mips/include/asm/io.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/mips/include/asm/io.h b/arch/mips/include/asm/io.h index a7d0b83..cea8ad8 100644 --- a/arch/mips/include/asm/io.h +++ b/arch/mips/include/asm/io.h @@ -414,6 +414,8 @@ static inline type pfx##in##bwlq##p(unsigned long port) \ __val = *__addr; \ slow; \ \ + /* prevent prefetching of coherent DMA data prematurely */ \ + rmb(); \ return pfx##ioswab##bwlq(__addr, __val); \ } -- 2.7.0

7 years, 2 months

2
3
0 0

patch "slimbus: Fix out-of-bounds access in slim_slicesize()" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled slimbus: Fix out-of-bounds access in slim_slicesize() to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From e33bbe69149b802c0c77bfb822685772f85388ca Mon Sep 17 00:00:00 2001 From: Geert Uytterhoeven <geert(a)linux-m68k.org> Date: Sun, 8 Apr 2018 11:02:34 +0200 Subject: slimbus: Fix out-of-bounds access in slim_slicesize() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit With gcc-4.1.2: slimbus/messaging.c: In function ‘slim_slicesize’: slimbus/messaging.c:186: warning: statement with no effect Indeed, clamp() is a macro not operating in-place, but returning the clamped value. Hence the value is not clamped at all, which may lead to an out-of-bounds access. Fix this by assigning the clamped value. Fixes: afbdcc7c384b0d44 ("slimbus: Add messaging APIs to slimbus framework") Signed-off-by: Geert Uytterhoeven <geert(a)linux-m68k.org> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/slimbus/messaging.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/slimbus/messaging.c b/drivers/slimbus/messaging.c index 884419c37e84..457ea1f8db30 100644 --- a/drivers/slimbus/messaging.c +++ b/drivers/slimbus/messaging.c @@ -183,7 +183,7 @@ static u16 slim_slicesize(int code) 0, 1, 2, 3, 3, 4, 4, 5, 5, 5, 5, 6, 6, 6, 6, 7 }; - clamp(code, 1, (int)ARRAY_SIZE(sizetocode)); + code = clamp(code, 1, (int)ARRAY_SIZE(sizetocode)); return sizetocode[code - 1]; } -- 2.17.0

7 years, 2 months

1
0
0 0

patch "fpga-manager: altera-ps-spi: preserve nCONFIG state" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled fpga-manager: altera-ps-spi: preserve nCONFIG state to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 881c93c0fb73328845898344208fa0bf0d62cac6 Mon Sep 17 00:00:00 2001 From: Anatolij Gustschin <agust(a)denx.de> Date: Sun, 15 Apr 2018 11:33:08 -0700 Subject: fpga-manager: altera-ps-spi: preserve nCONFIG state If the driver module is loaded when FPGA is configured, the FPGA is reset because nconfig is pulled low (low-active gpio inited with GPIOD_OUT_HIGH activates the signal which means setting its value to low). Init nconfig with GPIOD_OUT_LOW to prevent this. Signed-off-by: Anatolij Gustschin <agust(a)denx.de> Acked-by: Alan Tull <atull(a)kernel.org> Signed-off-by: Moritz Fischer <mdf(a)kernel.org> Cc: stable <stable(a)vger.kernel.org> # 4.14+ Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/fpga/altera-ps-spi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/fpga/altera-ps-spi.c b/drivers/fpga/altera-ps-spi.c index 14f14efdf0d5..06d212a3d49d 100644 --- a/drivers/fpga/altera-ps-spi.c +++ b/drivers/fpga/altera-ps-spi.c @@ -249,7 +249,7 @@ static int altera_ps_probe(struct spi_device *spi) conf->data = of_id->data; conf->spi = spi; - conf->config = devm_gpiod_get(&spi->dev, "nconfig", GPIOD_OUT_HIGH); + conf->config = devm_gpiod_get(&spi->dev, "nconfig", GPIOD_OUT_LOW); if (IS_ERR(conf->config)) { dev_err(&spi->dev, "Failed to get config gpio: %ld\n", PTR_ERR(conf->config)); -- 2.17.0

7 years, 2 months

1
0
0 0

patch "kobject: don't use WARN for registration failures" added to driver-core-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled kobject: don't use WARN for registration failures to my driver-core git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core.git in the driver-core-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 3e14c6abbfb5c94506edda9d8e2c145d79375798 Mon Sep 17 00:00:00 2001 From: Dmitry Vyukov <dvyukov(a)google.com> Date: Wed, 11 Apr 2018 17:22:43 +0200 Subject: kobject: don't use WARN for registration failures This WARNING proved to be noisy. The function still returns an error and callers should handle it. That's how most of kernel code works. Downgrade the WARNING to pr_err() and leave WARNINGs for kernel bugs. Signed-off-by: Dmitry Vyukov <dvyukov(a)google.com> Reported-by: syzbot+209c0f67f99fec8eb14b(a)syzkaller.appspotmail.com Reported-by: syzbot+7fb6d9525a4528104e05(a)syzkaller.appspotmail.com Reported-by: syzbot+2e63711063e2d8f9ea27(a)syzkaller.appspotmail.com Reported-by: syzbot+de73361ee4971b6e6f75(a)syzkaller.appspotmail.com Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- lib/kobject.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/lib/kobject.c b/lib/kobject.c index e1d1f290bf35..18989b5b3b56 100644 --- a/lib/kobject.c +++ b/lib/kobject.c @@ -233,13 +233,12 @@ static int kobject_add_internal(struct kobject *kobj) /* be noisy on error issues */ if (error == -EEXIST) - WARN(1, - "%s failed for %s with -EEXIST, don't try to register things with the same name in the same directory.\n", - __func__, kobject_name(kobj)); + pr_err("%s failed for %s with -EEXIST, don't try to register things with the same name in the same directory.\n", + __func__, kobject_name(kobj)); else - WARN(1, "%s failed for %s (error: %d parent: %s)\n", - __func__, kobject_name(kobj), error, - parent ? kobject_name(parent) : "'none'"); + pr_err("%s failed for %s (error: %d parent: %s)\n", + __func__, kobject_name(kobj), error, + parent ? kobject_name(parent) : "'none'"); } else kobj->state_in_sysfs = 1; -- 2.17.0

7 years, 2 months

1
0
0 0

patch "test_firmware: fix setting old custom fw path back on exit, second" added to driver-core-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled test_firmware: fix setting old custom fw path back on exit, second to my driver-core git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core.git in the driver-core-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From e538409257d0217a9bc715686100a5328db75a15 Mon Sep 17 00:00:00 2001 From: Ben Hutchings <ben.hutchings(a)codethink.co.uk> Date: Wed, 4 Apr 2018 22:38:49 +0200 Subject: test_firmware: fix setting old custom fw path back on exit, second try Commit 65c79230576 tried to clear the custom firmware path on exit by writing a single space to the firmware_class.path parameter. This doesn't work because nothing strips this space from the value stored and fw_get_filesystem_firmware() only ignores zero-length paths. Instead, write a null byte. Fixes: 0a8adf58475 ("test: add firmware_class loader test") Fixes: 65c79230576 ("test_firmware: fix setting old custom fw path back on exit") Signed-off-by: Ben Hutchings <ben.hutchings(a)codethink.co.uk> Acked-by: Luis R. Rodriguez <mcgrof(a)kernel.org> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- tools/testing/selftests/firmware/fw_lib.sh | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/tools/testing/selftests/firmware/fw_lib.sh b/tools/testing/selftests/firmware/fw_lib.sh index 9ea31b57d71a..962d7f4ac627 100755 --- a/tools/testing/selftests/firmware/fw_lib.sh +++ b/tools/testing/selftests/firmware/fw_lib.sh @@ -154,11 +154,13 @@ test_finish() if [ "$HAS_FW_LOADER_USER_HELPER" = "yes" ]; then echo "$OLD_TIMEOUT" >/sys/class/firmware/timeout fi - if [ "$OLD_FWPATH" = "" ]; then - OLD_FWPATH=" " - fi if [ "$TEST_REQS_FW_SET_CUSTOM_PATH" = "yes" ]; then - echo -n "$OLD_FWPATH" >/sys/module/firmware_class/parameters/path + if [ "$OLD_FWPATH" = "" ]; then + # A zero-length write won't work; write a null byte + printf '\000' >/sys/module/firmware_class/parameters/path + else + echo -n "$OLD_FWPATH" >/sys/module/firmware_class/parameters/path + fi fi if [ -f $FW ]; then rm -f "$FW" -- 2.17.0

7 years, 2 months

1
0
0 0

patch "ANDROID: binder: prevent transactions into own process." added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ANDROID: binder: prevent transactions into own process. to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 7aa135fcf26377f92dc0680a57566b4c7f3e281b Mon Sep 17 00:00:00 2001 From: Martijn Coenen <maco(a)android.com> Date: Wed, 28 Mar 2018 11:14:50 +0200 Subject: ANDROID: binder: prevent transactions into own process. This can't happen with normal nodes (because you can't get a ref to a node you own), but it could happen with the context manager; to make the behavior consistent with regular nodes, reject transactions into the context manager by the process owning it. Reported-by: syzbot+09e05aba06723a94d43d(a)syzkaller.appspotmail.com Signed-off-by: Martijn Coenen <maco(a)android.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/android/binder.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 764b63a5aade..e578eee31589 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -2839,6 +2839,14 @@ static void binder_transaction(struct binder_proc *proc, else return_error = BR_DEAD_REPLY; mutex_unlock(&context->context_mgr_node_lock); + if (target_node && target_proc == proc) { + binder_user_error("%d:%d got transaction to context manager from process owning it\n", + proc->pid, thread->pid); + return_error = BR_FAILED_REPLY; + return_error_param = -EINVAL; + return_error_line = __LINE__; + goto err_invalid_target_handle; + } } if (!target_node) { /* -- 2.17.0

7 years, 2 months

1
0
0 0

patch "tty: Avoid possible error pointer dereference at tty_ldisc_restore()." added to tty-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled tty: Avoid possible error pointer dereference at tty_ldisc_restore(). to my tty git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git in the tty-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 598c2d41ff44889dd8eced4f117403e472158d85 Mon Sep 17 00:00:00 2001 From: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Date: Mon, 16 Apr 2018 20:06:34 +0900 Subject: tty: Avoid possible error pointer dereference at tty_ldisc_restore(). syzbot is reporting crashes [1] triggered by memory allocation failure at tty_ldisc_get() from tty_ldisc_restore(). While syzbot stops at WARN_ON() due to panic_on_warn == true, panic_on_warn == false will after all trigger an OOPS by dereferencing old->ops->num if IS_ERR(old) == true. We can simplify tty_ldisc_restore() as three calls (old->ops->num, N_TTY, N_NULL) to tty_ldisc_failto() in addition to avoiding possible error pointer dereference. If someone reports kernel panic triggered by forcing all memory allocations for tty_ldisc_restore() to fail, we can consider adding __GFP_NOFAIL for tty_ldisc_restore() case. [1] https://syzkaller.appspot.com/bug?id=6ac359c61e71d22e06db7f8f88243feb11d927… Reported-by: syzbot+40b7287c2dc987c48c81(a)syzkaller.appspotmail.com Signed-off-by: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Jiri Slaby <jslaby(a)suse.com> Cc: Dmitry Vyukov <dvyukov(a)google.com> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Alan Cox <alan(a)llwyncelyn.cymru> Cc: Christoph Hellwig <hch(a)lst.de> Cc: Michal Hocko <mhocko(a)suse.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/tty/tty_ldisc.c | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/drivers/tty/tty_ldisc.c b/drivers/tty/tty_ldisc.c index 050f4d650891..c1cf6cb83185 100644 --- a/drivers/tty/tty_ldisc.c +++ b/drivers/tty/tty_ldisc.c @@ -527,19 +527,16 @@ static int tty_ldisc_failto(struct tty_struct *tty, int ld) static void tty_ldisc_restore(struct tty_struct *tty, struct tty_ldisc *old) { /* There is an outstanding reference here so this is safe */ - old = tty_ldisc_get(tty, old->ops->num); - WARN_ON(IS_ERR(old)); - tty->ldisc = old; - tty_set_termios_ldisc(tty, old->ops->num); - if (tty_ldisc_open(tty, old) < 0) { - tty_ldisc_put(old); + if (tty_ldisc_failto(tty, old->ops->num) < 0) { + const char *name = tty_name(tty); + + pr_warn("Falling back ldisc for %s.\n", name); /* The traditional behaviour is to fall back to N_TTY, we want to avoid falling back to N_NULL unless we have no choice to avoid the risk of breaking anything */ if (tty_ldisc_failto(tty, N_TTY) < 0 && tty_ldisc_failto(tty, N_NULL) < 0) - panic("Couldn't open N_NULL ldisc for %s.", - tty_name(tty)); + panic("Couldn't open N_NULL ldisc for %s.", name); } } -- 2.17.0

7 years, 2 months

1
0
0 0

patch "tty: Don't call panic() at tty_ldisc_init()" added to tty-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled tty: Don't call panic() at tty_ldisc_init() to my tty git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git in the tty-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 903f9db10f18f735e62ba447147b6c434b6af003 Mon Sep 17 00:00:00 2001 From: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Date: Thu, 5 Apr 2018 19:40:16 +0900 Subject: tty: Don't call panic() at tty_ldisc_init() syzbot is reporting kernel panic [1] triggered by memory allocation failure at tty_ldisc_get() from tty_ldisc_init(). But since both tty_ldisc_get() and caller of tty_ldisc_init() can cleanly handle errors, tty_ldisc_init() does not need to call panic() when tty_ldisc_get() failed. [1] https://syzkaller.appspot.com/bug?id=883431818e036ae6a9981156a64b821110f391… Signed-off-by: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Reported-by: syzbot <syzkaller(a)googlegroups.com> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Jiri Slaby <jslaby(a)suse.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/tty/tty_io.c | 5 ++++- drivers/tty/tty_ldisc.c | 5 +++-- include/linux/tty.h | 2 +- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c index 63114ea35ec1..7c838b90a31d 100644 --- a/drivers/tty/tty_io.c +++ b/drivers/tty/tty_io.c @@ -2816,7 +2816,10 @@ struct tty_struct *alloc_tty_struct(struct tty_driver *driver, int idx) kref_init(&tty->kref); tty->magic = TTY_MAGIC; - tty_ldisc_init(tty); + if (tty_ldisc_init(tty)) { + kfree(tty); + return NULL; + } tty->session = NULL; tty->pgrp = NULL; mutex_init(&tty->legacy_mutex); diff --git a/drivers/tty/tty_ldisc.c b/drivers/tty/tty_ldisc.c index c1cf6cb83185..8a88a7787cfe 100644 --- a/drivers/tty/tty_ldisc.c +++ b/drivers/tty/tty_ldisc.c @@ -821,12 +821,13 @@ EXPORT_SYMBOL_GPL(tty_ldisc_release); * the tty structure is not completely set up when this call is made. */ -void tty_ldisc_init(struct tty_struct *tty) +int tty_ldisc_init(struct tty_struct *tty) { struct tty_ldisc *ld = tty_ldisc_get(tty, N_TTY); if (IS_ERR(ld)) - panic("n_tty: init_tty"); + return PTR_ERR(ld); tty->ldisc = ld; + return 0; } /** diff --git a/include/linux/tty.h b/include/linux/tty.h index 47f8af22f216..1dd587ba6d88 100644 --- a/include/linux/tty.h +++ b/include/linux/tty.h @@ -701,7 +701,7 @@ extern int tty_unregister_ldisc(int disc); extern int tty_set_ldisc(struct tty_struct *tty, int disc); extern int tty_ldisc_setup(struct tty_struct *tty, struct tty_struct *o_tty); extern void tty_ldisc_release(struct tty_struct *tty); -extern void tty_ldisc_init(struct tty_struct *tty); +extern int __must_check tty_ldisc_init(struct tty_struct *tty); extern void tty_ldisc_deinit(struct tty_struct *tty); extern int tty_ldisc_receive_buf(struct tty_ldisc *ld, const unsigned char *p, char *f, int count); -- 2.17.0

7 years, 2 months

1
0
0 0

[PATCH] blk-mq: start request gstate with gen 1

by Jianchao Wang

rq->gstate and rq->aborted_gstate both are zero before rqs are allocated. If we have a small timeout, when the timer fires, there could be rqs that are never allocated, and also there could be rq that has been allocated but not initialized and started. At the moment, the rq->gstate and rq->aborted_gstate both are 0, thus the blk_mq_terminate_expired will identify the rq is timed out and invoke .timeout early. For scsi, this will cause scsi_times_out to be invoked before the scsi_cmnd is not initialized, scsi_cmnd->device is still NULL at the moment, then we will get crash. Cc: Bart Van Assche <bart.vanassche(a)wdc.com> Cc: Tejun Heo <tj(a)kernel.org> Cc: Ming Lei <ming.lei(a)redhat.com> Cc: Martin Steigerwald <Martin(a)Lichtvoll.de> Cc: stable(a)vger.kernel.org Signed-off-by: Jianchao Wang <jianchao.w.wang(a)oracle.com> --- block/blk-core.c | 4 ++++ block/blk-mq.c | 7 +++++++ 2 files changed, 11 insertions(+) diff --git a/block/blk-core.c b/block/blk-core.c index abcb868..ce62681 100644 --- a/block/blk-core.c +++ b/block/blk-core.c @@ -201,6 +201,10 @@ void blk_rq_init(struct request_queue *q, struct request *rq) rq->part = NULL; seqcount_init(&rq->gstate_seq); u64_stats_init(&rq->aborted_gstate_sync); + /* + * See comment of blk_mq_init_request + */ + WRITE_ONCE(rq->gstate, MQ_RQ_GEN_INC); } EXPORT_SYMBOL(blk_rq_init); diff --git a/block/blk-mq.c b/block/blk-mq.c index f5c7dbc..d62030a 100644 --- a/block/blk-mq.c +++ b/block/blk-mq.c @@ -2069,6 +2069,13 @@ static int blk_mq_init_request(struct blk_mq_tag_set *set, struct request *rq, seqcount_init(&rq->gstate_seq); u64_stats_init(&rq->aborted_gstate_sync); + /* + * start gstate with gen 1 instead of 0, otherwise it will be equal + * to aborted_gstate, and be identified timed out by + * blk_mq_terminate_expired. + */ + WRITE_ONCE(rq->gstate, MQ_RQ_GEN_INC); + return 0; } -- 2.7.4

7 years, 2 months

5
6
0 0

patch "earlycon: Use a pointer table to fix __earlycon_table stride" added to tty-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled earlycon: Use a pointer table to fix __earlycon_table stride to my tty git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git in the tty-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From dd709e72cb934eefd44de8d9969097173fbf45dc Mon Sep 17 00:00:00 2001 From: Daniel Kurtz <djkurtz(a)chromium.org> Date: Fri, 6 Apr 2018 17:21:53 -0600 Subject: earlycon: Use a pointer table to fix __earlycon_table stride Commit 99492c39f39f ("earlycon: Fix __earlycon_table stride") tried to fix __earlycon_table stride by forcing the earlycon_id struct alignment to 32 and asking the linker to 32-byte align the __earlycon_table symbol. This fix was based on commit 07fca0e57fca92 ("tracing: Properly align linker defined symbols") which tried a similar fix for the tracing subsystem. However, this fix doesn't quite work because there is no guarantee that gcc will place structures packed into an array format. In fact, gcc 4.9 chooses to 64-byte align these structs by inserting additional padding between the entries because it has no clue that they are supposed to be in an array. If we are unlucky, the linker will assign symbol "__earlycon_table" to a 32-byte aligned address which does not correspond to the 64-byte aligned contents of section "__earlycon_table". To address this same problem, the fix to the tracing system was subsequently re-implemented using a more robust table of pointers approach by commits: 3d56e331b653 ("tracing: Replace syscall_meta_data struct array with pointer array") 654986462939 ("tracepoints: Fix section alignment using pointer array") e4a9ea5ee7c8 ("tracing: Replace trace_event struct array with pointer array") Let's use this same "array of pointers to structs" approach for EARLYCON_TABLE. Fixes: 99492c39f39f ("earlycon: Fix __earlycon_table stride") Signed-off-by: Daniel Kurtz <djkurtz(a)chromium.org> Suggested-by: Aaron Durbin <adurbin(a)chromium.org> Reviewed-by: Rob Herring <robh(a)kernel.org> Tested-by: Guenter Roeck <groeck(a)chromium.org> Reviewed-by: Guenter Roeck <groeck(a)chromium.org> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/of/fdt.c | 7 +++++-- drivers/tty/serial/earlycon.c | 6 ++++-- include/asm-generic/vmlinux.lds.h | 2 +- include/linux/serial_core.h | 21 ++++++++++++++------- 4 files changed, 24 insertions(+), 12 deletions(-) diff --git a/drivers/of/fdt.c b/drivers/of/fdt.c index 84aa9d676375..6da20b9688f7 100644 --- a/drivers/of/fdt.c +++ b/drivers/of/fdt.c @@ -942,7 +942,7 @@ int __init early_init_dt_scan_chosen_stdout(void) int offset; const char *p, *q, *options = NULL; int l; - const struct earlycon_id *match; + const struct earlycon_id **p_match; const void *fdt = initial_boot_params; offset = fdt_path_offset(fdt, "/chosen"); @@ -969,7 +969,10 @@ int __init early_init_dt_scan_chosen_stdout(void) return 0; } - for (match = __earlycon_table; match < __earlycon_table_end; match++) { + for (p_match = __earlycon_table; p_match < __earlycon_table_end; + p_match++) { + const struct earlycon_id *match = *p_match; + if (!match->compatible[0]) continue; diff --git a/drivers/tty/serial/earlycon.c b/drivers/tty/serial/earlycon.c index a24278380fec..22683393a0f2 100644 --- a/drivers/tty/serial/earlycon.c +++ b/drivers/tty/serial/earlycon.c @@ -169,7 +169,7 @@ static int __init register_earlycon(char *buf, const struct earlycon_id *match) */ int __init setup_earlycon(char *buf) { - const struct earlycon_id *match; + const struct earlycon_id **p_match; if (!buf || !buf[0]) return -EINVAL; @@ -177,7 +177,9 @@ int __init setup_earlycon(char *buf) if (early_con.flags & CON_ENABLED) return -EALREADY; - for (match = __earlycon_table; match < __earlycon_table_end; match++) { + for (p_match = __earlycon_table; p_match < __earlycon_table_end; + p_match++) { + const struct earlycon_id *match = *p_match; size_t len = strlen(match->name); if (strncmp(buf, match->name, len)) diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h index 278841c75b97..af240573e482 100644 --- a/include/asm-generic/vmlinux.lds.h +++ b/include/asm-generic/vmlinux.lds.h @@ -188,7 +188,7 @@ #endif #ifdef CONFIG_SERIAL_EARLYCON -#define EARLYCON_TABLE() STRUCT_ALIGN(); \ +#define EARLYCON_TABLE() . = ALIGN(8); \ VMLINUX_SYMBOL(__earlycon_table) = .; \ KEEP(*(__earlycon_table)) \ VMLINUX_SYMBOL(__earlycon_table_end) = .; diff --git a/include/linux/serial_core.h b/include/linux/serial_core.h index 1d356105f25a..b4c9fda9d833 100644 --- a/include/linux/serial_core.h +++ b/include/linux/serial_core.h @@ -351,10 +351,10 @@ struct earlycon_id { char name[16]; char compatible[128]; int (*setup)(struct earlycon_device *, const char *options); -} __aligned(32); +}; -extern const struct earlycon_id __earlycon_table[]; -extern const struct earlycon_id __earlycon_table_end[]; +extern const struct earlycon_id *__earlycon_table[]; +extern const struct earlycon_id *__earlycon_table_end[]; #if defined(CONFIG_SERIAL_EARLYCON) && !defined(MODULE) #define EARLYCON_USED_OR_UNUSED __used @@ -362,12 +362,19 @@ extern const struct earlycon_id __earlycon_table_end[]; #define EARLYCON_USED_OR_UNUSED __maybe_unused #endif -#define OF_EARLYCON_DECLARE(_name, compat, fn) \ - static const struct earlycon_id __UNIQUE_ID(__earlycon_##_name) \ - EARLYCON_USED_OR_UNUSED __section(__earlycon_table) \ +#define _OF_EARLYCON_DECLARE(_name, compat, fn, unique_id) \ + static const struct earlycon_id unique_id \ + EARLYCON_USED_OR_UNUSED __initconst \ = { .name = __stringify(_name), \ .compatible = compat, \ - .setup = fn } + .setup = fn }; \ + static const struct earlycon_id EARLYCON_USED_OR_UNUSED \ + __section(__earlycon_table) \ + * const __PASTE(__p, unique_id) = &unique_id + +#define OF_EARLYCON_DECLARE(_name, compat, fn) \ + _OF_EARLYCON_DECLARE(_name, compat, fn, \ + __UNIQUE_ID(__earlycon_##_name)) #define EARLYCON_DECLARE(_name, fn) OF_EARLYCON_DECLARE(_name, "", fn) -- 2.17.0

7 years, 2 months

1
0
0 0

Ceramic tile & Natural stone Database

by Ken

Hi, We would like to know if you are interested in newly updated Ceramic tile & Natural stone Database which includes complete contact details and verified email addresses of - . Distributors . Retailers . Contractors/Installers . Fabricators . Architects/Designers . Builders/Remodelersand many more across USA, UK, Canada, Australia, Europe and most of the world. If your target audience is not mentioned above, kindly let me know. Please send me your target audience and geographical area, so that I can send few sample records, which will be at no cost. Target Industry: _____________ ; Target Geography :______________ ; Target Job Title: _________________ Looking forward to your response. Best Regards, Ken Barone Online Marketing Manager If you do not wish to receive future emails from us, please reply as 'leave out'

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] rapidio: fix rio_dma_transfer error handling" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From c5157b76869ba98c3a99a1982396437464e131a6 Mon Sep 17 00:00:00 2001 From: Ioan Nicu <ioan.nicu.ext(a)nokia.com> Date: Fri, 20 Apr 2018 14:55:49 -0700 Subject: [PATCH] rapidio: fix rio_dma_transfer error handling Some of the mport_dma_req structure members were initialized late inside the do_dma_request() function, just before submitting the request to the dma engine. But we have some error branches before that. In case of such an error, the code would return on the error path and trigger the calling of dma_req_free() with a req structure which is not completely initialized. This causes a NULL pointer dereference in dma_req_free(). This patch fixes these error branches by making sure that all necessary mport_dma_req structure members are initialized in rio_dma_transfer() immediately after the request structure gets allocated. Link: http://lkml.kernel.org/r/20180412150605.GA31409@nokia.com Fixes: bbd876adb8c72 ("rapidio: use a reference count for struct mport_dma_req") Signed-off-by: Ioan Nicu <ioan.nicu.ext(a)nokia.com> Tested-by: Alexander Sverdlin <alexander.sverdlin(a)nokia.com> Acked-by: Alexandre Bounine <alex.bou9(a)gmail.com> Cc: Barry Wood <barry.wood(a)idt.com> Cc: Matt Porter <mporter(a)kernel.crashing.org> Cc: Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> Cc: Logan Gunthorpe <logang(a)deltatee.com> Cc: Chris Wilson <chris(a)chris-wilson.co.uk> Cc: Tvrtko Ursulin <tvrtko.ursulin(a)intel.com> Cc: Frank Kunz <frank.kunz(a)nokia.com> Cc: <stable(a)vger.kernel.org> [4.6+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> diff --git a/drivers/rapidio/devices/rio_mport_cdev.c b/drivers/rapidio/devices/rio_mport_cdev.c index 9d27016c899e..0434ab7b6497 100644 --- a/drivers/rapidio/devices/rio_mport_cdev.c +++ b/drivers/rapidio/devices/rio_mport_cdev.c @@ -740,10 +740,7 @@ static int do_dma_request(struct mport_dma_req *req, tx->callback = dma_xfer_callback; tx->callback_param = req; - req->dmach = chan; - req->sync = sync; req->status = DMA_IN_PROGRESS; - init_completion(&req->req_comp); kref_get(&req->refcount); cookie = dmaengine_submit(tx); @@ -831,13 +828,20 @@ rio_dma_transfer(struct file *filp, u32 transfer_mode, if (!req) return -ENOMEM; - kref_init(&req->refcount); - ret = get_dma_channel(priv); if (ret) { kfree(req); return ret; } + chan = priv->dmach; + + kref_init(&req->refcount); + init_completion(&req->req_comp); + req->dir = dir; + req->filp = filp; + req->priv = priv; + req->dmach = chan; + req->sync = sync; /* * If parameter loc_addr != NULL, we are transferring data from/to @@ -925,11 +929,6 @@ rio_dma_transfer(struct file *filp, u32 transfer_mode, xfer->offset, xfer->length); } - req->dir = dir; - req->filp = filp; - req->priv = priv; - chan = priv->dmach; - nents = dma_map_sg(chan->device->dev, req->sgt.sgl, req->sgt.nents, dir); if (nents == 0) {

7 years, 2 months

2
1
0 0

[PATCH] drm/virtio: fix vq wait_event condition

by Gerd Hoffmann

Wait until we have enough space in the virt queue to actually queue up our request. Avoids the guest spinning in case we have a non-zero amount of free entries but not enough for the request. Cc: stable(a)vger.kernel.org Reported-by: Alain Magloire <amagloire(a)blackberry.com> Signed-off-by: Gerd Hoffmann <kraxel(a)redhat.com> --- drivers/gpu/drm/virtio/virtgpu_vq.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/virtio/virtgpu_vq.c b/drivers/gpu/drm/virtio/virtgpu_vq.c index 48e4f1df6e..020070d483 100644 --- a/drivers/gpu/drm/virtio/virtgpu_vq.c +++ b/drivers/gpu/drm/virtio/virtgpu_vq.c @@ -293,7 +293,7 @@ static int virtio_gpu_queue_ctrl_buffer_locked(struct virtio_gpu_device *vgdev, ret = virtqueue_add_sgs(vq, sgs, outcnt, incnt, vbuf, GFP_ATOMIC); if (ret == -ENOSPC) { spin_unlock(&vgdev->ctrlq.qlock); - wait_event(vgdev->ctrlq.ack_queue, vq->num_free); + wait_event(vgdev->ctrlq.ack_queue, vq->num_free >= outcnt + incnt); spin_lock(&vgdev->ctrlq.qlock); goto retry; } else { @@ -368,7 +368,7 @@ static int virtio_gpu_queue_cursor(struct virtio_gpu_device *vgdev, ret = virtqueue_add_sgs(vq, sgs, outcnt, 0, vbuf, GFP_ATOMIC); if (ret == -ENOSPC) { spin_unlock(&vgdev->cursorq.qlock); - wait_event(vgdev->cursorq.ack_queue, vq->num_free); + wait_event(vgdev->cursorq.ack_queue, vq->num_free >= outcnt); spin_lock(&vgdev->cursorq.qlock); goto retry; } else { -- 2.9.3

7 years, 2 months

3
3
0 0

[PATCH] x86: ipc: fix x32 version of shmid64_ds and msqid64_ds

by Arnd Bergmann

A bugfix broke the x32 shmid64_ds and msqid64_ds data structure layout (as seen from user space) a few years ago: Originally, __BITS_PER_LONG was defined as 64 on x32, so we did not have padding after the 64-bit __kernel_time_t fields, After __BITS_PER_LONG got changed to 32, applications would observe extra padding. In other parts of the uapi headers we seem to have a mix of those expecting either 32 or 64 on x32 applications, so we can't easily revert the path that broke these two structures. Instead, this patch decouples x32 from the other architectures and moves it back into arch specific headers, partially reverting the even older commit 73a2d096fdf2 ("x86: remove all now-duplicate header files"). It's not clear whether this ever made any difference, since at least glibc carries its own (correct) copy of both of these header files, so possibly no application has ever observed the definitions here. There are other UAPI interfaces that depend on __BITS_PER_LONG and that might suffer from the same problem on x32, but I have not tried to analyse them in enough detail to be sure. If anyone still cares about x32, that may be a useful thing to do. Fixes: f4b4aae18288 ("x86/headers/uapi: Fix __BITS_PER_LONG value for x32 builds") Cc: stable(a)vger.kernel.org Signed-off-by: Arnd Bergmann <arnd(a)arndb.de> --- This came out of the y2038 ipc syscall series but can be applied and backported independently. --- arch/x86/include/uapi/asm/msgbuf.h | 29 +++++++++++++++++++++++++++ arch/x86/include/uapi/asm/shmbuf.h | 40 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 69 insertions(+) diff --git a/arch/x86/include/uapi/asm/msgbuf.h b/arch/x86/include/uapi/asm/msgbuf.h index 809134c644a6..5f1604961e6d 100644 --- a/arch/x86/include/uapi/asm/msgbuf.h +++ b/arch/x86/include/uapi/asm/msgbuf.h @@ -1 +1,30 @@ +/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ +#ifndef __ASM_X64_MSGBUF_H +#define __ASM_X64_MSGBUF_H + +#if !defined(__x86_64__) || !defined(__ilp32__) #include <asm-generic/msgbuf.h> +#else +/* + * The msqid64_ds structure for x86 architecture with x32 ABI. + * + * On x86-32 and x86-64 we can just use the generic definition, but + * x32 uses the same binary layout as x86_64, which is differnet + * from other 32-bit architectures. + */ + +struct msqid64_ds { + struct ipc64_perm msg_perm; + __kernel_time_t msg_stime; /* last msgsnd time */ + __kernel_time_t msg_rtime; /* last msgrcv time */ + __kernel_time_t msg_ctime; /* last change time */ + __kernel_ulong_t msg_cbytes; /* current number of bytes on queue */ + __kernel_ulong_t msg_qnum; /* number of messages in queue */ + __kernel_ulong_t msg_qbytes; /* max number of bytes on queue */ + __kernel_pid_t msg_lspid; /* pid of last msgsnd */ + __kernel_pid_t msg_lrpid; /* last receive pid */ + __kernel_ulong_t __unused4; + __kernel_ulong_t __unused5; +}; + +#endif /* __ASM_GENERIC_MSGBUF_H */ diff --git a/arch/x86/include/uapi/asm/shmbuf.h b/arch/x86/include/uapi/asm/shmbuf.h index 83c05fc2de38..cdd7eec878fa 100644 --- a/arch/x86/include/uapi/asm/shmbuf.h +++ b/arch/x86/include/uapi/asm/shmbuf.h @@ -1 +1,41 @@ +/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ +#ifndef __ASM_X86_SHMBUF_H +#define __ASM_X86_SHMBUF_H + +#if !defined(__x86_64__) || !defined(__ilp32__) #include <asm-generic/shmbuf.h> +#else +/* + * The shmid64_ds structure for x86 architecture with x32 ABI. + * + * On x86-32 and x86-64 we can just use the generic definition, but + * x32 uses the same binary layout as x86_64, which is differnet + * from other 32-bit architectures. + */ + +struct shmid64_ds { + struct ipc64_perm shm_perm; /* operation perms */ + size_t shm_segsz; /* size of segment (bytes) */ + __kernel_time_t shm_atime; /* last attach time */ + __kernel_time_t shm_dtime; /* last detach time */ + __kernel_time_t shm_ctime; /* last change time */ + __kernel_pid_t shm_cpid; /* pid of creator */ + __kernel_pid_t shm_lpid; /* pid of last operator */ + __kernel_ulong_t shm_nattch; /* no. of current attaches */ + __kernel_ulong_t __unused4; + __kernel_ulong_t __unused5; +}; + +struct shminfo64 { + __kernel_ulong_t shmmax; + __kernel_ulong_t shmmin; + __kernel_ulong_t shmmni; + __kernel_ulong_t shmseg; + __kernel_ulong_t shmall; + __kernel_ulong_t __unused1; + __kernel_ulong_t __unused2; + __kernel_ulong_t __unused3; + __kernel_ulong_t __unused4; +}; + +#endif /* __ASM_X86_SHMBUF_H */ -- 2.9.0

7 years, 2 months

3
4
0 0

patch "tty: n_gsm: Fix long delays with control frame timeouts in ADM mode" added to tty-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled tty: n_gsm: Fix long delays with control frame timeouts in ADM mode to my tty git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git in the tty-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From e9ec22547986dd32c5c70da78107ce35dbff1344 Mon Sep 17 00:00:00 2001 From: Tony Lindgren <tony(a)atomide.com> Date: Sat, 7 Apr 2018 10:19:50 -0700 Subject: tty: n_gsm: Fix long delays with control frame timeouts in ADM mode Commit ea3d8465ab9b ("tty: n_gsm: Allow ADM response in addition to UA for control dlci") added support for DLCI to stay in Asynchronous Disconnected Mode (ADM). But we still get long delays waiting for commands to other DLCI to complete: --> 5) C: SABM(P) Q> 0) C: UIH(F) Q> 0) C: UIH(F) Q> 0) C: UIH(F) ... This happens because gsm_control_send() sets cretries timer to T2 that is by default set to 34. This will cause resend for T2 times for the control frame. In ADM mode, we will never get a response so the control frame, so retries are just delaying all the commands. Let's fix the issue by setting DLCI_MODE_ADM flag after detecting the ADM mode for the control DLCI. Then we can use that in gsm_control_send() to set retries to 1. This means the control frame will be sent once allowing the other end at an opportunity to switch from ADM to ABM mode. Note that retries will be decremented in gsm_control_retransmit() so we don't want to set it to 0 here. Fixes: ea3d8465ab9b ("tty: n_gsm: Allow ADM response in addition to UA for control dlci") Cc: linux-serial(a)vger.kernel.org Cc: Alan Cox <alan(a)llwyncelyn.cymru> Cc: Dan Williams <dcbw(a)redhat.com> Cc: Jiri Prchal <jiri.prchal(a)aksignal.cz> Cc: Jiri Slaby <jslaby(a)suse.cz> Cc: Marcel Partap <mpartap(a)gmx.net> Cc: Merlijn Wajer <merlijn(a)wizzup.org> Cc: Michael Nazzareno Trimarchi <michael(a)amarulasolutions.com> Cc: Michael Scott <michael.scott(a)linaro.org> Cc: Pavel Machek <pavel(a)ucw.cz> Cc: Peter Hurley <peter(a)hurleysoftware.com> Cc: Russ Gorby <russ.gorby(a)intel.com> Cc: Sascha Hauer <s.hauer(a)pengutronix.de> Cc: Sebastian Reichel <sre(a)kernel.org> Signed-off-by: Tony Lindgren <tony(a)atomide.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/tty/n_gsm.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/drivers/tty/n_gsm.c b/drivers/tty/n_gsm.c index 3b3e1f6632d7..7b1f8636f8e9 100644 --- a/drivers/tty/n_gsm.c +++ b/drivers/tty/n_gsm.c @@ -121,6 +121,9 @@ struct gsm_dlci { struct mutex mutex; /* Link layer */ + int mode; +#define DLCI_MODE_ABM 0 /* Normal Asynchronous Balanced Mode */ +#define DLCI_MODE_ADM 1 /* Asynchronous Disconnected Mode */ spinlock_t lock; /* Protects the internal state */ struct timer_list t1; /* Retransmit timer for SABM and UA */ int retries; @@ -1364,7 +1367,13 @@ static struct gsm_control *gsm_control_send(struct gsm_mux *gsm, ctrl->data = data; ctrl->len = clen; gsm->pending_cmd = ctrl; - gsm->cretries = gsm->n2; + + /* If DLCI0 is in ADM mode skip retries, it won't respond */ + if (gsm->dlci[0]->mode == DLCI_MODE_ADM) + gsm->cretries = 1; + else + gsm->cretries = gsm->n2; + mod_timer(&gsm->t2_timer, jiffies + gsm->t2 * HZ / 100); gsm_control_transmit(gsm, ctrl); spin_unlock_irqrestore(&gsm->control_lock, flags); @@ -1472,6 +1481,7 @@ static void gsm_dlci_t1(struct timer_list *t) if (debug & 8) pr_info("DLCI %d opening in ADM mode.\n", dlci->addr); + dlci->mode = DLCI_MODE_ADM; gsm_dlci_open(dlci); } else { gsm_dlci_close(dlci); -- 2.17.0

7 years, 2 months

1
0
0 0

patch "tty: n_gsm: Fix DLCI handling for ADM mode if debug & 2 is not set" added to tty-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled tty: n_gsm: Fix DLCI handling for ADM mode if debug & 2 is not set to my tty git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git in the tty-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From b2d89ad9c9682e795ed6eeb9ed455789ad6cedf1 Mon Sep 17 00:00:00 2001 From: Tony Lindgren <tony(a)atomide.com> Date: Sat, 7 Apr 2018 10:19:51 -0700 Subject: tty: n_gsm: Fix DLCI handling for ADM mode if debug & 2 is not set At least on droid 4 with control channel in ADM mode, there is no response to Modem Status Command (MSC). Currently gsmtty_modem_update() expects to have data in dlci->modem_rx unless debug & 2 is set. This means that on droid 4, things only work if debug & 2 is set. Let's fix the issue by ignoring empty dlci->modem_rx for ADM mode. In the AMD mode, CMD_MSC will never respond and gsm_process_modem() won't get called to set dlci->modem_rx. And according to ts_127010v140000p.pdf, MSC is only relevant if basic option is chosen, so let's test for that too. Fixes: ea3d8465ab9b ("tty: n_gsm: Allow ADM response in addition to UA for control dlci") Cc: linux-serial(a)vger.kernel.org Cc: Alan Cox <alan(a)llwyncelyn.cymru> Cc: Dan Williams <dcbw(a)redhat.com> Cc: Jiri Prchal <jiri.prchal(a)aksignal.cz> Cc: Jiri Slaby <jslaby(a)suse.cz> Cc: Marcel Partap <mpartap(a)gmx.net> Cc: Merlijn Wajer <merlijn(a)wizzup.org> Cc: Michael Nazzareno Trimarchi <michael(a)amarulasolutions.com> Cc: Michael Scott <michael.scott(a)linaro.org> Cc: Pavel Machek <pavel(a)ucw.cz> Cc: Peter Hurley <peter(a)hurleysoftware.com> Cc: Russ Gorby <russ.gorby(a)intel.com> Cc: Sascha Hauer <s.hauer(a)pengutronix.de> Cc: Sebastian Reichel <sre(a)kernel.org> Signed-off-by: Tony Lindgren <tony(a)atomide.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/tty/n_gsm.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/drivers/tty/n_gsm.c b/drivers/tty/n_gsm.c index 7b1f8636f8e9..1dbe27c9946c 100644 --- a/drivers/tty/n_gsm.c +++ b/drivers/tty/n_gsm.c @@ -2871,11 +2871,22 @@ static int gsmtty_modem_update(struct gsm_dlci *dlci, u8 brk) static int gsm_carrier_raised(struct tty_port *port) { struct gsm_dlci *dlci = container_of(port, struct gsm_dlci, port); + struct gsm_mux *gsm = dlci->gsm; + /* Not yet open so no carrier info */ if (dlci->state != DLCI_OPEN) return 0; if (debug & 2) return 1; + + /* + * Basic mode with control channel in ADM mode may not respond + * to CMD_MSC at all and modem_rx is empty. + */ + if (gsm->encoding == 0 && gsm->dlci[0]->mode == DLCI_MODE_ADM && + !dlci->modem_rx) + return 1; + return dlci->modem_rx & TIOCM_CD; } -- 2.17.0

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] mm/filemap.c: fix NULL pointer in page_cache_tree_insert()" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From abc1be13fd113ddef5e2d807a466286b864caed3 Mon Sep 17 00:00:00 2001 From: Matthew Wilcox <mawilcox(a)microsoft.com> Date: Fri, 20 Apr 2018 14:56:20 -0700 Subject: [PATCH] mm/filemap.c: fix NULL pointer in page_cache_tree_insert() f2fs specifies the __GFP_ZERO flag for allocating some of its pages. Unfortunately, the page cache also uses the mapping's GFP flags for allocating radix tree nodes. It always masked off the __GFP_HIGHMEM flag, and masks off __GFP_ZERO in some paths, but not all. That causes radix tree nodes to be allocated with a NULL list_head, which causes backtraces like: __list_del_entry+0x30/0xd0 list_lru_del+0xac/0x1ac page_cache_tree_insert+0xd8/0x110 The __GFP_DMA and __GFP_DMA32 flags would also be able to sneak through if they are ever used. Fix them all by using GFP_RECLAIM_MASK at the innermost location, and remove it from earlier in the callchain. Link: http://lkml.kernel.org/r/20180411060320.14458-2-willy@infradead.org Fixes: 449dd6984d0e ("mm: keep page cache radix tree nodes in check") Signed-off-by: Matthew Wilcox <mawilcox(a)microsoft.com> Reported-by: Chris Fries <cfries(a)google.com> Debugged-by: Minchan Kim <minchan(a)kernel.org> Acked-by: Johannes Weiner <hannes(a)cmpxchg.org> Acked-by: Michal Hocko <mhocko(a)suse.com> Reviewed-by: Jan Kara <jack(a)suse.cz> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> diff --git a/mm/filemap.c b/mm/filemap.c index 9276bdb2343c..0604cb02e6f3 100644 --- a/mm/filemap.c +++ b/mm/filemap.c @@ -786,7 +786,7 @@ int replace_page_cache_page(struct page *old, struct page *new, gfp_t gfp_mask) VM_BUG_ON_PAGE(!PageLocked(new), new); VM_BUG_ON_PAGE(new->mapping, new); - error = radix_tree_preload(gfp_mask & ~__GFP_HIGHMEM); + error = radix_tree_preload(gfp_mask & GFP_RECLAIM_MASK); if (!error) { struct address_space *mapping = old->mapping; void (*freepage)(struct page *); @@ -842,7 +842,7 @@ static int __add_to_page_cache_locked(struct page *page, return error; } - error = radix_tree_maybe_preload(gfp_mask & ~__GFP_HIGHMEM); + error = radix_tree_maybe_preload(gfp_mask & GFP_RECLAIM_MASK); if (error) { if (!huge) mem_cgroup_cancel_charge(page, memcg, false); @@ -1585,8 +1585,7 @@ struct page *pagecache_get_page(struct address_space *mapping, pgoff_t offset, if (fgp_flags & FGP_ACCESSED) __SetPageReferenced(page); - err = add_to_page_cache_lru(page, mapping, offset, - gfp_mask & GFP_RECLAIM_MASK); + err = add_to_page_cache_lru(page, mapping, offset, gfp_mask); if (unlikely(err)) { put_page(page); page = NULL; @@ -2387,7 +2386,7 @@ static int page_cache_read(struct file *file, pgoff_t offset, gfp_t gfp_mask) if (!page) return -ENOMEM; - ret = add_to_page_cache_lru(page, mapping, offset, gfp_mask & GFP_KERNEL); + ret = add_to_page_cache_lru(page, mapping, offset, gfp_mask); if (ret == 0) ret = mapping->a_ops->readpage(file, page); else if (ret == -EEXIST)

7 years, 2 months

5
5
0 0

patch "xhci: Fix Kernel oops in xhci dbgtty" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled xhci: Fix Kernel oops in xhci dbgtty to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 7fc65d4c2ba9e5006c629669146c6876b65aa233 Mon Sep 17 00:00:00 2001 From: Zhengjun Xing <zhengjun.xing(a)linux.intel.com> Date: Fri, 13 Apr 2018 15:55:34 +0300 Subject: xhci: Fix Kernel oops in xhci dbgtty tty_unregister_driver may be called more than 1 time in some hotplug cases,it will cause the kernel oops. This patch checked dbc_tty_driver to make sure it is unregistered only 1 time. [ 175.741404] BUG: unable to handle kernel NULL pointer dereference at 0000000000000034 [ 175.742309] IP: tty_unregister_driver+0x9/0x70 [ 175.743148] PGD 0 P4D 0 [ 175.743981] Oops: 0000 [#1] SMP PTI [ 175.753904] RIP: 0010:tty_unregister_driver+0x9/0x70 [ 175.754817] RSP: 0018:ffffa8ff831d3bb0 EFLAGS: 00010246 [ 175.755753] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 175.756685] RDX: ffff92089c616000 RSI: ffffe64fe1b26080 RDI: 0000000000000000 [ 175.757608] RBP: ffff92086c988230 R08: 000000006c982701 R09: 00000001801e0016 [ 175.758533] R10: ffffa8ff831d3b48 R11: ffff92086c982100 R12: ffff92086c98827c [ 175.759462] R13: ffff92086c988398 R14: 0000000000000060 R15: ffff92089c5e9b40 [ 175.760401] FS: 0000000000000000(0000) GS:ffff9208a0100000(0000) knlGS:0000000000000000 [ 175.761334] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 175.762270] CR2: 0000000000000034 CR3: 000000011800a003 CR4: 00000000003606e0 [ 175.763225] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 175.764164] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 175.765091] Call Trace: [ 175.766014] xhci_dbc_tty_unregister_driver+0x11/0x30 [ 175.766960] xhci_dbc_exit+0x2a/0x40 [ 175.767889] xhci_stop+0x57/0x1c0 [ 175.768824] usb_remove_hcd+0x100/0x250 [ 175.769708] usb_hcd_pci_remove+0x68/0x130 [ 175.770574] pci_device_remove+0x3b/0xc0 [ 175.771435] device_release_driver_internal+0x157/0x230 [ 175.772343] pci_stop_bus_device+0x74/0xa0 [ 175.773205] pci_stop_bus_device+0x2b/0xa0 [ 175.774061] pci_stop_bus_device+0x2b/0xa0 [ 175.774907] pci_stop_bus_device+0x2b/0xa0 [ 175.775741] pci_stop_bus_device+0x2b/0xa0 [ 175.776618] pci_stop_bus_device+0x2b/0xa0 [ 175.777452] pci_stop_bus_device+0x2b/0xa0 [ 175.778273] pci_stop_bus_device+0x2b/0xa0 [ 175.779092] pci_stop_bus_device+0x2b/0xa0 [ 175.779908] pci_stop_bus_device+0x2b/0xa0 [ 175.780750] pci_stop_bus_device+0x2b/0xa0 [ 175.781543] pci_stop_and_remove_bus_device+0xe/0x20 [ 175.782338] pciehp_unconfigure_device+0xb8/0x160 [ 175.783128] pciehp_disable_slot+0x4f/0xd0 [ 175.783920] pciehp_power_thread+0x82/0xa0 [ 175.784766] process_one_work+0x147/0x3c0 [ 175.785564] worker_thread+0x4a/0x440 [ 175.786376] kthread+0xf8/0x130 [ 175.787174] ? rescuer_thread+0x360/0x360 [ 175.787964] ? kthread_associate_blkcg+0x90/0x90 [ 175.788798] ret_from_fork+0x35/0x40 Cc: <stable(a)vger.kernel.org> # 4.16 Fixes: dfba2174dc42 ("usb: xhci: Add DbC support in xHCI driver") Signed-off-by: Zhengjun Xing <zhengjun.xing(a)linux.intel.com> Tested-by: Christian Kellner <christian(a)kellner.me> Reviewed-by: Christian Kellner <christian(a)kellner.me> Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/host/xhci-dbgtty.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/drivers/usb/host/xhci-dbgtty.c b/drivers/usb/host/xhci-dbgtty.c index 48779c44c361..eb494ec547e8 100644 --- a/drivers/usb/host/xhci-dbgtty.c +++ b/drivers/usb/host/xhci-dbgtty.c @@ -320,9 +320,11 @@ int xhci_dbc_tty_register_driver(struct xhci_hcd *xhci) void xhci_dbc_tty_unregister_driver(void) { - tty_unregister_driver(dbc_tty_driver); - put_tty_driver(dbc_tty_driver); - dbc_tty_driver = NULL; + if (dbc_tty_driver) { + tty_unregister_driver(dbc_tty_driver); + put_tty_driver(dbc_tty_driver); + dbc_tty_driver = NULL; + } } static void dbc_rx_push(unsigned long _port) -- 2.17.0

7 years, 2 months

1
0
0 0

patch "usb: typec: ucsi: Increase command completion timeout value" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: typec: ucsi: Increase command completion timeout value to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From b1b59e16075f5e5da2943ce8de724ab96bc3c6c2 Mon Sep 17 00:00:00 2001 From: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Date: Wed, 18 Apr 2018 15:34:10 +0300 Subject: usb: typec: ucsi: Increase command completion timeout value On some boards, under heavy load, the EC firmware is unable to complete commands even in one second. Increasing the command completion timeout value to five seconds. Reported-by: Quanxian Wang <quanxian.wang(a)intel.com> Fixes: c1b0bc2dabfa ("usb: typec: Add support for UCSI interface") Cc: <stable(a)vger.kernel.org> Signed-off-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/typec/ucsi/ucsi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/usb/typec/ucsi/ucsi.c b/drivers/usb/typec/ucsi/ucsi.c index bf0977fbd100..bd5cca5632b3 100644 --- a/drivers/usb/typec/ucsi/ucsi.c +++ b/drivers/usb/typec/ucsi/ucsi.c @@ -28,7 +28,7 @@ * difficult to estimate the time it takes for the system to process the command * before it is actually passed to the PPM. */ -#define UCSI_TIMEOUT_MS 1000 +#define UCSI_TIMEOUT_MS 5000 /* * UCSI_SWAP_TIMEOUT_MS - Timeout for role swap requests -- 2.17.0

7 years, 2 months

1
0
0 0

patch "Revert "xhci: plat: Register shutdown for xhci_plat"" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled Revert "xhci: plat: Register shutdown for xhci_plat" to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From c20f53c58261b121d0989e147368803b9773b413 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Date: Sun, 22 Apr 2018 14:31:03 +0200 Subject: Revert "xhci: plat: Register shutdown for xhci_plat" This reverts commit b07c12517f2aed0add8ce18146bb426b14099392 It is incomplete and causes hangs on devices when shutting down. It needs a much more "complete" fix in order to work properly. As that fix has not been merged, revert this patch for now before it causes any more problems. Cc: Greg Hackmann <ghackmann(a)google.com> Cc: Adam Wallis <awallis(a)codeaurora.org> Cc: Mathias Nyman <mathias.nyman(a)intel.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/host/xhci-plat.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/usb/host/xhci-plat.c b/drivers/usb/host/xhci-plat.c index 596e7a71b666..c1b22fc64e38 100644 --- a/drivers/usb/host/xhci-plat.c +++ b/drivers/usb/host/xhci-plat.c @@ -435,7 +435,6 @@ MODULE_DEVICE_TABLE(acpi, usb_xhci_acpi_match); static struct platform_driver usb_xhci_driver = { .probe = xhci_plat_probe, .remove = xhci_plat_remove, - .shutdown = usb_hcd_platform_shutdown, .driver = { .name = "xhci-hcd", .pm = &xhci_plat_pm_ops, -- 2.17.0

7 years, 2 months

1
0
0 0

patch "usb: core: Add quirk for HP v222w 16GB Mini" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: core: Add quirk for HP v222w 16GB Mini to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 3180dabe08e3653bf0a838553905d88f3773f29c Mon Sep 17 00:00:00 2001 From: Kamil Lulko <kamilx.lulko(a)intel.com> Date: Thu, 19 Apr 2018 16:54:02 -0700 Subject: usb: core: Add quirk for HP v222w 16GB Mini Add DELAY_INIT quirk to fix the following problem with HP v222w 16GB Mini: usb 1-3: unable to read config index 0 descriptor/start: -110 usb 1-3: can't read configurations, error -110 usb 1-3: can't set config #1, error -110 Signed-off-by: Kamil Lulko <kamilx.lulko(a)intel.com> Signed-off-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy(a)linux.intel.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/core/quirks.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/usb/core/quirks.c b/drivers/usb/core/quirks.c index 920f48a49a87..c55def2f1320 100644 --- a/drivers/usb/core/quirks.c +++ b/drivers/usb/core/quirks.c @@ -186,6 +186,9 @@ static const struct usb_device_id usb_quirk_list[] = { { USB_DEVICE(0x03f0, 0x0701), .driver_info = USB_QUIRK_STRING_FETCH_255 }, + /* HP v222w 16GB Mini USB Drive */ + { USB_DEVICE(0x03f0, 0x3f40), .driver_info = USB_QUIRK_DELAY_INIT }, + /* Creative SB Audigy 2 NX */ { USB_DEVICE(0x041e, 0x3020), .driver_info = USB_QUIRK_RESET_RESUME }, -- 2.17.0

7 years, 2 months

1
0
0 0

patch "usbip: usbip_event: fix to not print kernel pointer address" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usbip: usbip_event: fix to not print kernel pointer address to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 4c982482341c64f55daf69b6caa5a2bcd9b43824 Mon Sep 17 00:00:00 2001 From: Shuah Khan <shuahkh(a)osg.samsung.com> Date: Thu, 5 Apr 2018 16:29:50 -0600 Subject: usbip: usbip_event: fix to not print kernel pointer address Fix it to not print kernel pointer address. Remove the conditional and debug message as it isn't very useful. Signed-off-by: Shuah Khan <shuahkh(a)osg.samsung.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/usbip/usbip_event.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/drivers/usb/usbip/usbip_event.c b/drivers/usb/usbip/usbip_event.c index 5b4c0864ad92..5d88917c9631 100644 --- a/drivers/usb/usbip/usbip_event.c +++ b/drivers/usb/usbip/usbip_event.c @@ -91,10 +91,6 @@ static void event_handler(struct work_struct *work) unset_event(ud, USBIP_EH_UNUSABLE); } - /* Stop the error handler. */ - if (ud->event & USBIP_EH_BYE) - usbip_dbg_eh("removed %p\n", ud); - wake_up(&ud->eh_waitq); } } -- 2.17.0

7 years, 2 months

1
0
0 0

patch "usbip: vhci_hcd: check rhport before using in vhci_hub_control()" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usbip: vhci_hcd: check rhport before using in vhci_hub_control() to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 5b22f676118ff25049382041da0db8012e57c9e8 Mon Sep 17 00:00:00 2001 From: Shuah Khan <shuahkh(a)osg.samsung.com> Date: Thu, 5 Apr 2018 16:31:49 -0600 Subject: usbip: vhci_hcd: check rhport before using in vhci_hub_control() Validate !rhport < 0 before using it to access port_status array. Signed-off-by: Shuah Khan <shuahkh(a)osg.samsung.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/usbip/vhci_hcd.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/drivers/usb/usbip/vhci_hcd.c b/drivers/usb/usbip/vhci_hcd.c index 20e3d4609583..d11f3f8dad40 100644 --- a/drivers/usb/usbip/vhci_hcd.c +++ b/drivers/usb/usbip/vhci_hcd.c @@ -354,6 +354,8 @@ static int vhci_hub_control(struct usb_hcd *hcd, u16 typeReq, u16 wValue, usbip_dbg_vhci_rh(" ClearHubFeature\n"); break; case ClearPortFeature: + if (rhport < 0) + goto error; switch (wValue) { case USB_PORT_FEAT_SUSPEND: if (hcd->speed == HCD_USB3) { @@ -511,11 +513,16 @@ static int vhci_hub_control(struct usb_hcd *hcd, u16 typeReq, u16 wValue, goto error; } + if (rhport < 0) + goto error; + vhci_hcd->port_status[rhport] |= USB_PORT_STAT_SUSPEND; break; case USB_PORT_FEAT_POWER: usbip_dbg_vhci_rh( " SetPortFeature: USB_PORT_FEAT_POWER\n"); + if (rhport < 0) + goto error; if (hcd->speed == HCD_USB3) vhci_hcd->port_status[rhport] |= USB_SS_PORT_STAT_POWER; else @@ -524,6 +531,8 @@ static int vhci_hub_control(struct usb_hcd *hcd, u16 typeReq, u16 wValue, case USB_PORT_FEAT_BH_PORT_RESET: usbip_dbg_vhci_rh( " SetPortFeature: USB_PORT_FEAT_BH_PORT_RESET\n"); + if (rhport < 0) + goto error; /* Applicable only for USB3.0 hub */ if (hcd->speed != HCD_USB3) { pr_err("USB_PORT_FEAT_BH_PORT_RESET req not " @@ -534,6 +543,8 @@ static int vhci_hub_control(struct usb_hcd *hcd, u16 typeReq, u16 wValue, case USB_PORT_FEAT_RESET: usbip_dbg_vhci_rh( " SetPortFeature: USB_PORT_FEAT_RESET\n"); + if (rhport < 0) + goto error; /* if it's already enabled, disable */ if (hcd->speed == HCD_USB3) { vhci_hcd->port_status[rhport] = 0; @@ -554,6 +565,8 @@ static int vhci_hub_control(struct usb_hcd *hcd, u16 typeReq, u16 wValue, default: usbip_dbg_vhci_rh(" SetPortFeature: default %d\n", wValue); + if (rhport < 0) + goto error; if (hcd->speed == HCD_USB3) { if ((vhci_hcd->port_status[rhport] & USB_SS_PORT_STAT_POWER) != 0) { -- 2.17.0

7 years, 2 months

1
0
0 0

patch "USB: Increment wakeup count on remote wakeup." added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled USB: Increment wakeup count on remote wakeup. to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 83a62c51ba7b3c0bf45150c4eac7aefc6c785e94 Mon Sep 17 00:00:00 2001 From: Ravi Chandra Sadineni <ravisadineni(a)chromium.org> Date: Fri, 20 Apr 2018 11:08:21 -0700 Subject: USB: Increment wakeup count on remote wakeup. On chromebooks we depend on wakeup count to identify the wakeup source. But currently USB devices do not increment the wakeup count when they trigger the remote wake. This patch addresses the same. Resume condition is reported differently on USB 2.0 and USB 3.0 devices. On USB 2.0 devices, a wake capable device, if wake enabled, drives resume signal to indicate a remote wake (USB 2.0 spec section 7.1.7.7). The upstream facing port then sets C_PORT_SUSPEND bit and reports a port change event (USB 2.0 spec section 11.24.2.7.2.3). Thus if a port has resumed before driving the resume signal from the host and C_PORT_SUSPEND is set, then the device attached to the given port might be the reason for the last system wakeup. Increment the wakeup count for the same. On USB 3.0 devices, a function may signal that it wants to exit from device suspend by sending a Function Wake Device Notification to the host (USB3.0 spec section 8.5.6.4) Thus on receiving the Function Wake, increment the wakeup count. Signed-off-by: Ravi Chandra Sadineni <ravisadineni(a)chromium.org> Acked-by: Alan Stern <stern(a)rowland.harvard.edu> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/core/hcd.c | 1 + drivers/usb/core/hub.c | 10 +++++++++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/drivers/usb/core/hcd.c b/drivers/usb/core/hcd.c index 777036ae6367..00bb8417050f 100644 --- a/drivers/usb/core/hcd.c +++ b/drivers/usb/core/hcd.c @@ -2377,6 +2377,7 @@ void usb_hcd_resume_root_hub (struct usb_hcd *hcd) spin_lock_irqsave (&hcd_root_hub_lock, flags); if (hcd->rh_registered) { + pm_wakeup_event(&hcd->self.root_hub->dev, 0); set_bit(HCD_FLAG_WAKEUP_PENDING, &hcd->flags); queue_work(pm_wq, &hcd->wakeup_work); } diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c index f6ea16e9f6bb..aa9968d90a48 100644 --- a/drivers/usb/core/hub.c +++ b/drivers/usb/core/hub.c @@ -653,12 +653,17 @@ void usb_wakeup_notification(struct usb_device *hdev, unsigned int portnum) { struct usb_hub *hub; + struct usb_port *port_dev; if (!hdev) return; hub = usb_hub_to_struct_hub(hdev); if (hub) { + port_dev = hub->ports[portnum - 1]; + if (port_dev && port_dev->child) + pm_wakeup_event(&port_dev->child->dev, 0); + set_bit(portnum, hub->wakeup_bits); kick_hub_wq(hub); } @@ -3434,8 +3439,11 @@ int usb_port_resume(struct usb_device *udev, pm_message_t msg) /* Skip the initial Clear-Suspend step for a remote wakeup */ status = hub_port_status(hub, port1, &portstatus, &portchange); - if (status == 0 && !port_is_suspended(hub, portstatus)) + if (status == 0 && !port_is_suspended(hub, portstatus)) { + if (portchange & USB_PORT_STAT_C_SUSPEND) + pm_wakeup_event(&udev->dev, 0); goto SuspendCleared; + } /* see 7.1.7.7; affects power usage, but not budgeting */ if (hub_is_superspeed(hub->hdev)) -- 2.17.0

7 years, 2 months

1
0
0 0

patch "usbip: vhci_hcd: Fix usb device and sockfd leaks" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usbip: vhci_hcd: Fix usb device and sockfd leaks to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 9020a7efe537856eb3e826ebebdf38a5d07a7857 Mon Sep 17 00:00:00 2001 From: Shuah Khan <shuahkh(a)osg.samsung.com> Date: Mon, 2 Apr 2018 14:52:32 -0600 Subject: usbip: vhci_hcd: Fix usb device and sockfd leaks vhci_hcd fails to do reset to put usb device and sockfd in the module remove/stop paths. Fix the leak. Signed-off-by: Shuah Khan <shuahkh(a)osg.samsung.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/usbip/usbip_common.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/usb/usbip/usbip_common.h b/drivers/usb/usbip/usbip_common.h index 473fb8a87289..bf8afe9b5883 100644 --- a/drivers/usb/usbip/usbip_common.h +++ b/drivers/usb/usbip/usbip_common.h @@ -243,7 +243,7 @@ enum usbip_side { #define VUDC_EVENT_ERROR_USB (USBIP_EH_SHUTDOWN | USBIP_EH_UNUSABLE) #define VUDC_EVENT_ERROR_MALLOC (USBIP_EH_SHUTDOWN | USBIP_EH_UNUSABLE) -#define VDEV_EVENT_REMOVED (USBIP_EH_SHUTDOWN | USBIP_EH_BYE) +#define VDEV_EVENT_REMOVED (USBIP_EH_SHUTDOWN | USBIP_EH_RESET | USBIP_EH_BYE) #define VDEV_EVENT_DOWN (USBIP_EH_SHUTDOWN | USBIP_EH_RESET) #define VDEV_EVENT_ERROR_TCP (USBIP_EH_SHUTDOWN | USBIP_EH_RESET) #define VDEV_EVENT_ERROR_MALLOC (USBIP_EH_SHUTDOWN | USBIP_EH_UNUSABLE) -- 2.17.0

7 years, 2 months

1
0
0 0

patch "usbip: usbip_host: fix to hold parent lock for device_attach() calls" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usbip: usbip_host: fix to hold parent lock for device_attach() calls to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 4bfb141bc01312a817d36627cc47c93f801c216d Mon Sep 17 00:00:00 2001 From: Shuah Khan <shuahkh(a)osg.samsung.com> Date: Thu, 5 Apr 2018 16:29:04 -0600 Subject: usbip: usbip_host: fix to hold parent lock for device_attach() calls usbip_host calls device_attach() without holding dev->parent lock. Fix it. Signed-off-by: Shuah Khan <shuahkh(a)osg.samsung.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/usbip/stub_main.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/usb/usbip/stub_main.c b/drivers/usb/usbip/stub_main.c index c31c8402a0c5..d41d0cdeec0f 100644 --- a/drivers/usb/usbip/stub_main.c +++ b/drivers/usb/usbip/stub_main.c @@ -186,7 +186,12 @@ static ssize_t rebind_store(struct device_driver *dev, const char *buf, if (!bid) return -ENODEV; + /* device_attach() callers should hold parent lock for USB */ + if (bid->udev->dev.parent) + device_lock(bid->udev->dev.parent); ret = device_attach(&bid->udev->dev); + if (bid->udev->dev.parent) + device_unlock(bid->udev->dev.parent); if (ret < 0) { dev_err(&bid->udev->dev, "rebind failed\n"); return ret; -- 2.17.0

7 years, 2 months

1
0
0 0

Backport of 2e898e4c0a38 for 4.4, 4.9, 4.14, and 4.16

by Nathan Chancellor

Hi Greg, As promised, here is the backport of 2e898e4c0a38 ("writeback: safer lock nesting") for 4.4, 4.9, 4.14, and 4.16, all on top of their latest versions upstream. Let me know if there are any issues! Nathan

7 years, 2 months

2
6
0 0

[PATCH 4.4] fanotify: fix logic of events on child

by Nathan Chancellor

From: Amir Goldstein <amir73il(a)gmail.com> commit 54a307ba8d3cd00a3902337ffaae28f436eeb1a4 upstream. When event on child inodes are sent to the parent inode mark and parent inode mark was not marked with FAN_EVENT_ON_CHILD, the event will not be delivered to the listener process. However, if the same process also has a mount mark, the event to the parent inode will be delivered regadless of the mount mark mask. This behavior is incorrect in the case where the mount mark mask does not contain the specific event type. For example, the process adds a mark on a directory with mask FAN_MODIFY (without FAN_EVENT_ON_CHILD) and a mount mark with mask FAN_CLOSE_NOWRITE (without FAN_ONDIR). A modify event on a file inside that directory (and inside that mount) should not create a FAN_MODIFY event, because neither of the marks requested to get that event on the file. Fixes: 1968f5eed54c ("fanotify: use both marks when possible") Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Amir Goldstein <amir73il(a)gmail.com> Signed-off-by: Jan Kara <jack(a)suse.cz> [natechancellor: Fix small conflict due to lack of 3cd5eca8d7a2f] Signed-off-by: Nathan Chancellor <natechancellor(a)gmail.com> --- fs/notify/fanotify/fanotify.c | 34 +++++++++++++++------------------- 1 file changed, 15 insertions(+), 19 deletions(-) diff --git a/fs/notify/fanotify/fanotify.c b/fs/notify/fanotify/fanotify.c index e0e5f7c3c99f..8a459b179183 100644 --- a/fs/notify/fanotify/fanotify.c +++ b/fs/notify/fanotify/fanotify.c @@ -92,7 +92,7 @@ static bool fanotify_should_send_event(struct fsnotify_mark *inode_mark, u32 event_mask, void *data, int data_type) { - __u32 marks_mask, marks_ignored_mask; + __u32 marks_mask = 0, marks_ignored_mask = 0; struct path *path = data; pr_debug("%s: inode_mark=%p vfsmnt_mark=%p mask=%x data=%p" @@ -108,24 +108,20 @@ static bool fanotify_should_send_event(struct fsnotify_mark *inode_mark, !d_can_lookup(path->dentry)) return false; - if (inode_mark && vfsmnt_mark) { - marks_mask = (vfsmnt_mark->mask | inode_mark->mask); - marks_ignored_mask = (vfsmnt_mark->ignored_mask | inode_mark->ignored_mask); - } else if (inode_mark) { - /* - * if the event is for a child and this inode doesn't care about - * events on the child, don't send it! - */ - if ((event_mask & FS_EVENT_ON_CHILD) && - !(inode_mark->mask & FS_EVENT_ON_CHILD)) - return false; - marks_mask = inode_mark->mask; - marks_ignored_mask = inode_mark->ignored_mask; - } else if (vfsmnt_mark) { - marks_mask = vfsmnt_mark->mask; - marks_ignored_mask = vfsmnt_mark->ignored_mask; - } else { - BUG(); + /* + * if the event is for a child and this inode doesn't care about + * events on the child, don't send it! + */ + if (inode_mark && + (!(event_mask & FS_EVENT_ON_CHILD) || + (inode_mark->mask & FS_EVENT_ON_CHILD))) { + marks_mask |= inode_mark->mask; + marks_ignored_mask |= inode_mark->ignored_mask; + } + + if (vfsmnt_mark) { + marks_mask |= vfsmnt_mark->mask; + marks_ignored_mask |= vfsmnt_mark->ignored_mask; } if (d_is_dir(path->dentry) && -- 2.17.0

7 years, 2 months

2
1
0 0

[PATCH 4.4] writeback: safer lock nesting

by Nathan Chancellor

From: Greg Thelen <gthelen(a)google.com> commit 2e898e4c0a3897ccd434adac5abb8330194f527b upstream. lock_page_memcg()/unlock_page_memcg() use spin_lock_irqsave/restore() if the page's memcg is undergoing move accounting, which occurs when a process leaves its memcg for a new one that has memory.move_charge_at_immigrate set. unlocked_inode_to_wb_begin,end() use spin_lock_irq/spin_unlock_irq() if the given inode is switching writeback domains. Switches occur when enough writes are issued from a new domain. This existing pattern is thus suspicious: lock_page_memcg(page); unlocked_inode_to_wb_begin(inode, &locked); ... unlocked_inode_to_wb_end(inode, locked); unlock_page_memcg(page); If both inode switch and process memcg migration are both in-flight then unlocked_inode_to_wb_end() will unconditionally enable interrupts while still holding the lock_page_memcg() irq spinlock. This suggests the possibility of deadlock if an interrupt occurs before unlock_page_memcg(). truncate __cancel_dirty_page lock_page_memcg unlocked_inode_to_wb_begin unlocked_inode_to_wb_end <interrupts mistakenly enabled> <interrupt> end_page_writeback test_clear_page_writeback lock_page_memcg <deadlock> unlock_page_memcg Due to configuration limitations this deadlock is not currently possible because we don't mix cgroup writeback (a cgroupv2 feature) and memory.move_charge_at_immigrate (a cgroupv1 feature). If the kernel is hacked to always claim inode switching and memcg moving_account, then this script triggers lockup in less than a minute: cd /mnt/cgroup/memory mkdir a b echo 1 > a/memory.move_charge_at_immigrate echo 1 > b/memory.move_charge_at_immigrate ( echo $BASHPID > a/cgroup.procs while true; do dd if=/dev/zero of=/mnt/big bs=1M count=256 done ) & while true; do sync done & sleep 1h & SLEEP=$! while true; do echo $SLEEP > a/cgroup.procs echo $SLEEP > b/cgroup.procs done The deadlock does not seem possible, so it's debatable if there's any reason to modify the kernel. I suggest we should to prevent future surprises. And Wang Long said "this deadlock occurs three times in our environment", so there's more reason to apply this, even to stable. Stable 4.4 has minor conflicts applying this patch. For a clean 4.4 patch see "[PATCH for-4.4] writeback: safer lock nesting" https://lkml.org/lkml/2018/4/11/146 Wang Long said "this deadlock occurs three times in our environment" [gthelen(a)google.com: v4] Link: http://lkml.kernel.org/r/20180411084653.254724-1-gthelen@google.com [akpm(a)linux-foundation.org: comment tweaks, struct initialization simplification] Change-Id: Ibb773e8045852978f6207074491d262f1b3fb613 Link: http://lkml.kernel.org/r/20180410005908.167976-1-gthelen@google.com Fixes: 682aa8e1a6a1 ("writeback: implement unlocked_inode_to_wb transaction and use it for stat updates") Signed-off-by: Greg Thelen <gthelen(a)google.com> Reported-by: Wang Long <wanglong19(a)meituan.com> Acked-by: Wang Long <wanglong19(a)meituan.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Reviewed-by: Andrew Morton <akpm(a)linux-foundation.org> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Tejun Heo <tj(a)kernel.org> Cc: Nicholas Piggin <npiggin(a)gmail.com> Cc: <stable(a)vger.kernel.org> [v4.2+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> [natechancellor: Applied to 4.4 based on Greg's backport on lkml.org] Signed-off-by: Nathan Chancellor <natechancellor(a)gmail.com> --- fs/fs-writeback.c | 7 ++++--- include/linux/backing-dev-defs.h | 5 +++++ include/linux/backing-dev.h | 31 +++++++++++++++++-------------- mm/page-writeback.c | 18 +++++++++--------- 4 files changed, 35 insertions(+), 26 deletions(-) diff --git a/fs/fs-writeback.c b/fs/fs-writeback.c index 22b30249fbcb..0fe667875852 100644 --- a/fs/fs-writeback.c +++ b/fs/fs-writeback.c @@ -747,11 +747,12 @@ int inode_congested(struct inode *inode, int cong_bits) */ if (inode && inode_to_wb_is_valid(inode)) { struct bdi_writeback *wb; - bool locked, congested; + struct wb_lock_cookie lock_cookie = {}; + bool congested; - wb = unlocked_inode_to_wb_begin(inode, &locked); + wb = unlocked_inode_to_wb_begin(inode, &lock_cookie); congested = wb_congested(wb, cong_bits); - unlocked_inode_to_wb_end(inode, locked); + unlocked_inode_to_wb_end(inode, &lock_cookie); return congested; } diff --git a/include/linux/backing-dev-defs.h b/include/linux/backing-dev-defs.h index 140c29635069..a307c37c2e6c 100644 --- a/include/linux/backing-dev-defs.h +++ b/include/linux/backing-dev-defs.h @@ -191,6 +191,11 @@ static inline void set_bdi_congested(struct backing_dev_info *bdi, int sync) set_wb_congested(bdi->wb.congested, sync); } +struct wb_lock_cookie { + bool locked; + unsigned long flags; +}; + #ifdef CONFIG_CGROUP_WRITEBACK /** diff --git a/include/linux/backing-dev.h b/include/linux/backing-dev.h index 89d3de3e096b..361274ce5815 100644 --- a/include/linux/backing-dev.h +++ b/include/linux/backing-dev.h @@ -366,7 +366,7 @@ static inline struct bdi_writeback *inode_to_wb(struct inode *inode) /** * unlocked_inode_to_wb_begin - begin unlocked inode wb access transaction * @inode: target inode - * @lockedp: temp bool output param, to be passed to the end function + * @cookie: output param, to be passed to the end function * * The caller wants to access the wb associated with @inode but isn't * holding inode->i_lock, mapping->tree_lock or wb->list_lock. This @@ -374,12 +374,12 @@ static inline struct bdi_writeback *inode_to_wb(struct inode *inode) * association doesn't change until the transaction is finished with * unlocked_inode_to_wb_end(). * - * The caller must call unlocked_inode_to_wb_end() with *@lockdep - * afterwards and can't sleep during transaction. IRQ may or may not be - * disabled on return. + * The caller must call unlocked_inode_to_wb_end() with *@cookie afterwards and + * can't sleep during the transaction. IRQs may or may not be disabled on + * return. */ static inline struct bdi_writeback * -unlocked_inode_to_wb_begin(struct inode *inode, bool *lockedp) +unlocked_inode_to_wb_begin(struct inode *inode, struct wb_lock_cookie *cookie) { rcu_read_lock(); @@ -387,10 +387,10 @@ unlocked_inode_to_wb_begin(struct inode *inode, bool *lockedp) * Paired with store_release in inode_switch_wb_work_fn() and * ensures that we see the new wb if we see cleared I_WB_SWITCH. */ - *lockedp = smp_load_acquire(&inode->i_state) & I_WB_SWITCH; + cookie->locked = smp_load_acquire(&inode->i_state) & I_WB_SWITCH; - if (unlikely(*lockedp)) - spin_lock_irq(&inode->i_mapping->tree_lock); + if (unlikely(cookie->locked)) + spin_lock_irqsave(&inode->i_mapping->tree_lock, cookie->flags); /* * Protected by either !I_WB_SWITCH + rcu_read_lock() or tree_lock. @@ -402,12 +402,14 @@ unlocked_inode_to_wb_begin(struct inode *inode, bool *lockedp) /** * unlocked_inode_to_wb_end - end inode wb access transaction * @inode: target inode - * @locked: *@lockedp from unlocked_inode_to_wb_begin() + * @cookie: @cookie from unlocked_inode_to_wb_begin() */ -static inline void unlocked_inode_to_wb_end(struct inode *inode, bool locked) +static inline void unlocked_inode_to_wb_end(struct inode *inode, + struct wb_lock_cookie *cookie) { - if (unlikely(locked)) - spin_unlock_irq(&inode->i_mapping->tree_lock); + if (unlikely(cookie->locked)) + spin_unlock_irqrestore(&inode->i_mapping->tree_lock, + cookie->flags); rcu_read_unlock(); } @@ -454,12 +456,13 @@ static inline struct bdi_writeback *inode_to_wb(struct inode *inode) } static inline struct bdi_writeback * -unlocked_inode_to_wb_begin(struct inode *inode, bool *lockedp) +unlocked_inode_to_wb_begin(struct inode *inode, struct wb_lock_cookie *cookie) { return inode_to_wb(inode); } -static inline void unlocked_inode_to_wb_end(struct inode *inode, bool locked) +static inline void unlocked_inode_to_wb_end(struct inode *inode, + struct wb_lock_cookie *cookie) { } diff --git a/mm/page-writeback.c b/mm/page-writeback.c index 6d0dbde4503b..3309dbda7ffa 100644 --- a/mm/page-writeback.c +++ b/mm/page-writeback.c @@ -2510,13 +2510,13 @@ void account_page_redirty(struct page *page) if (mapping && mapping_cap_account_dirty(mapping)) { struct inode *inode = mapping->host; struct bdi_writeback *wb; - bool locked; + struct wb_lock_cookie cookie = {}; - wb = unlocked_inode_to_wb_begin(inode, &locked); + wb = unlocked_inode_to_wb_begin(inode, &cookie); current->nr_dirtied--; dec_zone_page_state(page, NR_DIRTIED); dec_wb_stat(wb, WB_DIRTIED); - unlocked_inode_to_wb_end(inode, locked); + unlocked_inode_to_wb_end(inode, &cookie); } } EXPORT_SYMBOL(account_page_redirty); @@ -2622,15 +2622,15 @@ void cancel_dirty_page(struct page *page) struct inode *inode = mapping->host; struct bdi_writeback *wb; struct mem_cgroup *memcg; - bool locked; + struct wb_lock_cookie cookie = {}; memcg = mem_cgroup_begin_page_stat(page); - wb = unlocked_inode_to_wb_begin(inode, &locked); + wb = unlocked_inode_to_wb_begin(inode, &cookie); if (TestClearPageDirty(page)) account_page_cleaned(page, mapping, memcg, wb); - unlocked_inode_to_wb_end(inode, locked); + unlocked_inode_to_wb_end(inode, &cookie); mem_cgroup_end_page_stat(memcg); } else { ClearPageDirty(page); @@ -2663,7 +2663,7 @@ int clear_page_dirty_for_io(struct page *page) struct inode *inode = mapping->host; struct bdi_writeback *wb; struct mem_cgroup *memcg; - bool locked; + struct wb_lock_cookie cookie = {}; /* * Yes, Virginia, this is indeed insane. @@ -2701,14 +2701,14 @@ int clear_page_dirty_for_io(struct page *page) * exclusion. */ memcg = mem_cgroup_begin_page_stat(page); - wb = unlocked_inode_to_wb_begin(inode, &locked); + wb = unlocked_inode_to_wb_begin(inode, &cookie); if (TestClearPageDirty(page)) { mem_cgroup_dec_page_stat(memcg, MEM_CGROUP_STAT_DIRTY); dec_zone_page_state(page, NR_FILE_DIRTY); dec_wb_stat(wb, WB_RECLAIMABLE); ret = 1; } - unlocked_inode_to_wb_end(inode, locked); + unlocked_inode_to_wb_end(inode, &cookie); mem_cgroup_end_page_stat(memcg); return ret; } -- 2.17.0

7 years, 2 months

2
2
0 0

[PATCH 4.4] ext4: bugfix for mmaped pages in mpage_release_unused_pages()

by Nathan Chancellor

From: wangguang <wang.guang55(a)zte.com.cn> commit 4e800c0359d9a53e6bf0ab216954971b2515247f upstream. Pages clear buffers after ext4 delayed block allocation failed, However, it does not clean its pte_dirty flag. if the pages unmap ,in cording to the pte_dirty , unmap_page_range may try to call __set_page_dirty, which may lead to the bugon at mpage_prepare_extent_to_map:head = page_buffers(page);. This patch just call clear_page_dirty_for_io to clean pte_dirty at mpage_release_unused_pages for pages mmaped. Steps to reproduce the bug: （1） mmap a file in ext4 addr = (char *)mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0); memset(addr, 'i', 4096); （2） return EIO at ext4_writepages->mpage_map_and_submit_extent->mpage_map_one_extent which causes this log message to be print: ext4_msg(sb, KERN_CRIT, "Delayed block allocation failed for " "inode %lu at logical offset %llu with" " max blocks %u with error %d", inode->i_ino, (unsigned long long)map->m_lblk, (unsigned)map->m_len, -err); (3）Unmap the addr cause warning at __set_page_dirty:WARN_ON_ONCE(warn && !PageUptodate(page)); (4) wait for a minute,then bugon happen. Cc: stable(a)vger.kernel.org Signed-off-by: wangguang <wangguang03(a)zte.com> Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> [@nathanchance: Resolved conflict from lack of 09cbfeaf1a5a6] Signed-off-by: Nathan Chancellor <natechancellor(a)gmail.com> --- One more bug fix I came across, sorry I forgot to send it with the other two patches! --- fs/ext4/inode.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c index f0cabc8c96cb..3bddd47660d8 100644 --- a/fs/ext4/inode.c +++ b/fs/ext4/inode.c @@ -1515,6 +1515,8 @@ static void mpage_release_unused_pages(struct mpage_da_data *mpd, BUG_ON(!PageLocked(page)); BUG_ON(PageWriteback(page)); if (invalidate) { + if (page_mapped(page)) + clear_page_dirty_for_io(page); block_invalidatepage(page, 0, PAGE_CACHE_SIZE); ClearPageUptodate(page); } -- 2.17.0

7 years, 2 months

2
1
0 0

[PATCH v4.14] net: dsa: Discard frames from unused ports

by Andrew Lunn

[ Upstream commit fc5f33768cca7144f8d793205b229d46740d183b ] The Marvell switches under some conditions will pass a frame to the host with the port being the CPU port. Such frames are invalid, and should be dropped. Not dropping them can result in a crash when incrementing the receive statistics for an invalid port. This has been reworked for 4.14, which does not have the central dsa_master_find_slave() function, so each tag driver needs to check. Reported-by: Chris Healy <cphealy(a)gmail.com> Fixes: 91da11f870f0 ("net: Distributed Switch Architecture protocol support") Signed-off-by: Andrew Lunn <andrew(a)lunn.ch> Reviewed-by: Florian Fainelli <f.fainelli(a)gmail.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> --- net/dsa/tag_brcm.c | 3 +++ net/dsa/tag_dsa.c | 3 +++ net/dsa/tag_edsa.c | 3 +++ net/dsa/tag_ksz.c | 3 +++ net/dsa/tag_lan9303.c | 3 +++ net/dsa/tag_mtk.c | 3 +++ net/dsa/tag_qca.c | 3 +++ net/dsa/tag_trailer.c | 3 +++ 8 files changed, 24 insertions(+) diff --git a/net/dsa/tag_brcm.c b/net/dsa/tag_brcm.c index dbb016434ace..de92fc1fc3be 100644 --- a/net/dsa/tag_brcm.c +++ b/net/dsa/tag_brcm.c @@ -121,6 +121,9 @@ static struct sk_buff *brcm_tag_rcv(struct sk_buff *skb, struct net_device *dev, if (source_port >= ds->num_ports || !ds->ports[source_port].netdev) return NULL; + if (unlikely(ds->cpu_port_mask & BIT(source_port))) + return NULL; + /* Remove Broadcom tag and update checksum */ skb_pull_rcsum(skb, BRCM_TAG_LEN); diff --git a/net/dsa/tag_dsa.c b/net/dsa/tag_dsa.c index fbf9ca954773..b3008a9bacf3 100644 --- a/net/dsa/tag_dsa.c +++ b/net/dsa/tag_dsa.c @@ -107,6 +107,9 @@ static struct sk_buff *dsa_rcv(struct sk_buff *skb, struct net_device *dev, if (source_port >= ds->num_ports || !ds->ports[source_port].netdev) return NULL; + if (unlikely(ds->cpu_port_mask & BIT(source_port))) + return NULL; + /* * Convert the DSA header to an 802.1q header if the 'tagged' * bit in the DSA header is set. If the 'tagged' bit is clear, diff --git a/net/dsa/tag_edsa.c b/net/dsa/tag_edsa.c index 76367ba1b2e2..c86b6d90576d 100644 --- a/net/dsa/tag_edsa.c +++ b/net/dsa/tag_edsa.c @@ -120,6 +120,9 @@ static struct sk_buff *edsa_rcv(struct sk_buff *skb, struct net_device *dev, if (source_port >= ds->num_ports || !ds->ports[source_port].netdev) return NULL; + if (unlikely(ds->cpu_port_mask & BIT(source_port))) + return NULL; + /* * If the 'tagged' bit is set, convert the DSA tag to a 802.1q * tag and delete the ethertype part. If the 'tagged' bit is diff --git a/net/dsa/tag_ksz.c b/net/dsa/tag_ksz.c index 010ca0a336c4..6c894692b9cd 100644 --- a/net/dsa/tag_ksz.c +++ b/net/dsa/tag_ksz.c @@ -92,6 +92,9 @@ static struct sk_buff *ksz_rcv(struct sk_buff *skb, struct net_device *dev, if (source_port >= ds->num_ports || !ds->ports[source_port].netdev) return NULL; + if (unlikely(ds->cpu_port_mask & BIT(source_port))) + return NULL; + pskb_trim_rcsum(skb, skb->len - KSZ_EGRESS_TAG_LEN); skb->dev = ds->ports[source_port].netdev; diff --git a/net/dsa/tag_lan9303.c b/net/dsa/tag_lan9303.c index 0b9826105e42..2d1603009e16 100644 --- a/net/dsa/tag_lan9303.c +++ b/net/dsa/tag_lan9303.c @@ -108,6 +108,9 @@ static struct sk_buff *lan9303_rcv(struct sk_buff *skb, struct net_device *dev, return NULL; } + if (unlikely(ds->cpu_port_mask & BIT(source_port))) + return NULL; + if (!ds->ports[source_port].netdev) { dev_warn_ratelimited(&dev->dev, "Dropping packet due to invalid netdev or device\n"); return NULL; diff --git a/net/dsa/tag_mtk.c b/net/dsa/tag_mtk.c index ec8ee5f43255..5c471854412d 100644 --- a/net/dsa/tag_mtk.c +++ b/net/dsa/tag_mtk.c @@ -81,6 +81,9 @@ static struct sk_buff *mtk_tag_rcv(struct sk_buff *skb, struct net_device *dev, if (!ds->ports[port].netdev) return NULL; + if (unlikely(ds->cpu_port_mask & BIT(port))) + return NULL; + skb->dev = ds->ports[port].netdev; return skb; diff --git a/net/dsa/tag_qca.c b/net/dsa/tag_qca.c index 1d4c70711c0f..b8c05f1cf47d 100644 --- a/net/dsa/tag_qca.c +++ b/net/dsa/tag_qca.c @@ -104,6 +104,9 @@ static struct sk_buff *qca_tag_rcv(struct sk_buff *skb, struct net_device *dev, if (!ds->ports[port].netdev) return NULL; + if (unlikely(ds->cpu_port_mask & BIT(port))) + return NULL; + /* Update skb & forward the frame accordingly */ skb->dev = ds->ports[port].netdev; diff --git a/net/dsa/tag_trailer.c b/net/dsa/tag_trailer.c index d2fd4923aa3e..fcc9aa72877d 100644 --- a/net/dsa/tag_trailer.c +++ b/net/dsa/tag_trailer.c @@ -76,6 +76,9 @@ static struct sk_buff *trailer_rcv(struct sk_buff *skb, struct net_device *dev, if (source_port >= ds->num_ports || !ds->ports[source_port].netdev) return NULL; + if (unlikely(ds->cpu_port_mask & BIT(source_port))) + return NULL; + pskb_trim_rcsum(skb, skb->len - 4); skb->dev = ds->ports[source_port].netdev; -- 2.17.0

7 years, 2 months

3
2
0 0

FAILED: patch "[PATCH] writeback: safer lock nesting" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 2e898e4c0a3897ccd434adac5abb8330194f527b Mon Sep 17 00:00:00 2001 From: Greg Thelen <gthelen(a)google.com> Date: Fri, 20 Apr 2018 14:55:42 -0700 Subject: [PATCH] writeback: safer lock nesting lock_page_memcg()/unlock_page_memcg() use spin_lock_irqsave/restore() if the page's memcg is undergoing move accounting, which occurs when a process leaves its memcg for a new one that has memory.move_charge_at_immigrate set. unlocked_inode_to_wb_begin,end() use spin_lock_irq/spin_unlock_irq() if the given inode is switching writeback domains. Switches occur when enough writes are issued from a new domain. This existing pattern is thus suspicious: lock_page_memcg(page); unlocked_inode_to_wb_begin(inode, &locked); ... unlocked_inode_to_wb_end(inode, locked); unlock_page_memcg(page); If both inode switch and process memcg migration are both in-flight then unlocked_inode_to_wb_end() will unconditionally enable interrupts while still holding the lock_page_memcg() irq spinlock. This suggests the possibility of deadlock if an interrupt occurs before unlock_page_memcg(). truncate __cancel_dirty_page lock_page_memcg unlocked_inode_to_wb_begin unlocked_inode_to_wb_end <interrupts mistakenly enabled> <interrupt> end_page_writeback test_clear_page_writeback lock_page_memcg <deadlock> unlock_page_memcg Due to configuration limitations this deadlock is not currently possible because we don't mix cgroup writeback (a cgroupv2 feature) and memory.move_charge_at_immigrate (a cgroupv1 feature). If the kernel is hacked to always claim inode switching and memcg moving_account, then this script triggers lockup in less than a minute: cd /mnt/cgroup/memory mkdir a b echo 1 > a/memory.move_charge_at_immigrate echo 1 > b/memory.move_charge_at_immigrate ( echo $BASHPID > a/cgroup.procs while true; do dd if=/dev/zero of=/mnt/big bs=1M count=256 done ) & while true; do sync done & sleep 1h & SLEEP=$! while true; do echo $SLEEP > a/cgroup.procs echo $SLEEP > b/cgroup.procs done The deadlock does not seem possible, so it's debatable if there's any reason to modify the kernel. I suggest we should to prevent future surprises. And Wang Long said "this deadlock occurs three times in our environment", so there's more reason to apply this, even to stable. Stable 4.4 has minor conflicts applying this patch. For a clean 4.4 patch see "[PATCH for-4.4] writeback: safer lock nesting" https://lkml.org/lkml/2018/4/11/146 Wang Long said "this deadlock occurs three times in our environment" [gthelen(a)google.com: v4] Link: http://lkml.kernel.org/r/20180411084653.254724-1-gthelen@google.com [akpm(a)linux-foundation.org: comment tweaks, struct initialization simplification] Change-Id: Ibb773e8045852978f6207074491d262f1b3fb613 Link: http://lkml.kernel.org/r/20180410005908.167976-1-gthelen@google.com Fixes: 682aa8e1a6a1 ("writeback: implement unlocked_inode_to_wb transaction and use it for stat updates") Signed-off-by: Greg Thelen <gthelen(a)google.com> Reported-by: Wang Long <wanglong19(a)meituan.com> Acked-by: Wang Long <wanglong19(a)meituan.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Reviewed-by: Andrew Morton <akpm(a)linux-foundation.org> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Tejun Heo <tj(a)kernel.org> Cc: Nicholas Piggin <npiggin(a)gmail.com> Cc: <stable(a)vger.kernel.org> [v4.2+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> diff --git a/fs/fs-writeback.c b/fs/fs-writeback.c index 4b12ba70a895..47d7c151fcba 100644 --- a/fs/fs-writeback.c +++ b/fs/fs-writeback.c @@ -745,11 +745,12 @@ int inode_congested(struct inode *inode, int cong_bits) */ if (inode && inode_to_wb_is_valid(inode)) { struct bdi_writeback *wb; - bool locked, congested; + struct wb_lock_cookie lock_cookie = {}; + bool congested; - wb = unlocked_inode_to_wb_begin(inode, &locked); + wb = unlocked_inode_to_wb_begin(inode, &lock_cookie); congested = wb_congested(wb, cong_bits); - unlocked_inode_to_wb_end(inode, locked); + unlocked_inode_to_wb_end(inode, &lock_cookie); return congested; } diff --git a/include/linux/backing-dev-defs.h b/include/linux/backing-dev-defs.h index bfe86b54f6c1..0bd432a4d7bd 100644 --- a/include/linux/backing-dev-defs.h +++ b/include/linux/backing-dev-defs.h @@ -223,6 +223,11 @@ static inline void set_bdi_congested(struct backing_dev_info *bdi, int sync) set_wb_congested(bdi->wb.congested, sync); } +struct wb_lock_cookie { + bool locked; + unsigned long flags; +}; + #ifdef CONFIG_CGROUP_WRITEBACK /** diff --git a/include/linux/backing-dev.h b/include/linux/backing-dev.h index f6be4b0b6c18..72ca0f3d39f3 100644 --- a/include/linux/backing-dev.h +++ b/include/linux/backing-dev.h @@ -347,7 +347,7 @@ static inline struct bdi_writeback *inode_to_wb(const struct inode *inode) /** * unlocked_inode_to_wb_begin - begin unlocked inode wb access transaction * @inode: target inode - * @lockedp: temp bool output param, to be passed to the end function + * @cookie: output param, to be passed to the end function * * The caller wants to access the wb associated with @inode but isn't * holding inode->i_lock, the i_pages lock or wb->list_lock. This @@ -355,12 +355,12 @@ static inline struct bdi_writeback *inode_to_wb(const struct inode *inode) * association doesn't change until the transaction is finished with * unlocked_inode_to_wb_end(). * - * The caller must call unlocked_inode_to_wb_end() with *@lockdep - * afterwards and can't sleep during transaction. IRQ may or may not be - * disabled on return. + * The caller must call unlocked_inode_to_wb_end() with *@cookie afterwards and + * can't sleep during the transaction. IRQs may or may not be disabled on + * return. */ static inline struct bdi_writeback * -unlocked_inode_to_wb_begin(struct inode *inode, bool *lockedp) +unlocked_inode_to_wb_begin(struct inode *inode, struct wb_lock_cookie *cookie) { rcu_read_lock(); @@ -368,10 +368,10 @@ unlocked_inode_to_wb_begin(struct inode *inode, bool *lockedp) * Paired with store_release in inode_switch_wb_work_fn() and * ensures that we see the new wb if we see cleared I_WB_SWITCH. */ - *lockedp = smp_load_acquire(&inode->i_state) & I_WB_SWITCH; + cookie->locked = smp_load_acquire(&inode->i_state) & I_WB_SWITCH; - if (unlikely(*lockedp)) - xa_lock_irq(&inode->i_mapping->i_pages); + if (unlikely(cookie->locked)) + xa_lock_irqsave(&inode->i_mapping->i_pages, cookie->flags); /* * Protected by either !I_WB_SWITCH + rcu_read_lock() or the i_pages @@ -383,12 +383,13 @@ unlocked_inode_to_wb_begin(struct inode *inode, bool *lockedp) /** * unlocked_inode_to_wb_end - end inode wb access transaction * @inode: target inode - * @locked: *@lockedp from unlocked_inode_to_wb_begin() + * @cookie: @cookie from unlocked_inode_to_wb_begin() */ -static inline void unlocked_inode_to_wb_end(struct inode *inode, bool locked) +static inline void unlocked_inode_to_wb_end(struct inode *inode, + struct wb_lock_cookie *cookie) { - if (unlikely(locked)) - xa_unlock_irq(&inode->i_mapping->i_pages); + if (unlikely(cookie->locked)) + xa_unlock_irqrestore(&inode->i_mapping->i_pages, cookie->flags); rcu_read_unlock(); } @@ -435,12 +436,13 @@ static inline struct bdi_writeback *inode_to_wb(struct inode *inode) } static inline struct bdi_writeback * -unlocked_inode_to_wb_begin(struct inode *inode, bool *lockedp) +unlocked_inode_to_wb_begin(struct inode *inode, struct wb_lock_cookie *cookie) { return inode_to_wb(inode); } -static inline void unlocked_inode_to_wb_end(struct inode *inode, bool locked) +static inline void unlocked_inode_to_wb_end(struct inode *inode, + struct wb_lock_cookie *cookie) { } diff --git a/mm/page-writeback.c b/mm/page-writeback.c index 5c1a3279e63f..337c6afb3345 100644 --- a/mm/page-writeback.c +++ b/mm/page-writeback.c @@ -2502,13 +2502,13 @@ void account_page_redirty(struct page *page) if (mapping && mapping_cap_account_dirty(mapping)) { struct inode *inode = mapping->host; struct bdi_writeback *wb; - bool locked; + struct wb_lock_cookie cookie = {}; - wb = unlocked_inode_to_wb_begin(inode, &locked); + wb = unlocked_inode_to_wb_begin(inode, &cookie); current->nr_dirtied--; dec_node_page_state(page, NR_DIRTIED); dec_wb_stat(wb, WB_DIRTIED); - unlocked_inode_to_wb_end(inode, locked); + unlocked_inode_to_wb_end(inode, &cookie); } } EXPORT_SYMBOL(account_page_redirty); @@ -2614,15 +2614,15 @@ void __cancel_dirty_page(struct page *page) if (mapping_cap_account_dirty(mapping)) { struct inode *inode = mapping->host; struct bdi_writeback *wb; - bool locked; + struct wb_lock_cookie cookie = {}; lock_page_memcg(page); - wb = unlocked_inode_to_wb_begin(inode, &locked); + wb = unlocked_inode_to_wb_begin(inode, &cookie); if (TestClearPageDirty(page)) account_page_cleaned(page, mapping, wb); - unlocked_inode_to_wb_end(inode, locked); + unlocked_inode_to_wb_end(inode, &cookie); unlock_page_memcg(page); } else { ClearPageDirty(page); @@ -2654,7 +2654,7 @@ int clear_page_dirty_for_io(struct page *page) if (mapping && mapping_cap_account_dirty(mapping)) { struct inode *inode = mapping->host; struct bdi_writeback *wb; - bool locked; + struct wb_lock_cookie cookie = {}; /* * Yes, Virginia, this is indeed insane. @@ -2691,14 +2691,14 @@ int clear_page_dirty_for_io(struct page *page) * always locked coming in here, so we get the desired * exclusion. */ - wb = unlocked_inode_to_wb_begin(inode, &locked); + wb = unlocked_inode_to_wb_begin(inode, &cookie); if (TestClearPageDirty(page)) { dec_lruvec_page_state(page, NR_FILE_DIRTY); dec_zone_page_state(page, NR_ZONE_WRITE_PENDING); dec_wb_stat(wb, WB_RECLAIMABLE); ret = 1; } - unlocked_inode_to_wb_end(inode, locked); + unlocked_inode_to_wb_end(inode, &cookie); return ret; } return TestClearPageDirty(page);

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] writeback: safer lock nesting" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 2e898e4c0a3897ccd434adac5abb8330194f527b Mon Sep 17 00:00:00 2001 From: Greg Thelen <gthelen(a)google.com> Date: Fri, 20 Apr 2018 14:55:42 -0700 Subject: [PATCH] writeback: safer lock nesting lock_page_memcg()/unlock_page_memcg() use spin_lock_irqsave/restore() if the page's memcg is undergoing move accounting, which occurs when a process leaves its memcg for a new one that has memory.move_charge_at_immigrate set. unlocked_inode_to_wb_begin,end() use spin_lock_irq/spin_unlock_irq() if the given inode is switching writeback domains. Switches occur when enough writes are issued from a new domain. This existing pattern is thus suspicious: lock_page_memcg(page); unlocked_inode_to_wb_begin(inode, &locked); ... unlocked_inode_to_wb_end(inode, locked); unlock_page_memcg(page); If both inode switch and process memcg migration are both in-flight then unlocked_inode_to_wb_end() will unconditionally enable interrupts while still holding the lock_page_memcg() irq spinlock. This suggests the possibility of deadlock if an interrupt occurs before unlock_page_memcg(). truncate __cancel_dirty_page lock_page_memcg unlocked_inode_to_wb_begin unlocked_inode_to_wb_end <interrupts mistakenly enabled> <interrupt> end_page_writeback test_clear_page_writeback lock_page_memcg <deadlock> unlock_page_memcg Due to configuration limitations this deadlock is not currently possible because we don't mix cgroup writeback (a cgroupv2 feature) and memory.move_charge_at_immigrate (a cgroupv1 feature). If the kernel is hacked to always claim inode switching and memcg moving_account, then this script triggers lockup in less than a minute: cd /mnt/cgroup/memory mkdir a b echo 1 > a/memory.move_charge_at_immigrate echo 1 > b/memory.move_charge_at_immigrate ( echo $BASHPID > a/cgroup.procs while true; do dd if=/dev/zero of=/mnt/big bs=1M count=256 done ) & while true; do sync done & sleep 1h & SLEEP=$! while true; do echo $SLEEP > a/cgroup.procs echo $SLEEP > b/cgroup.procs done The deadlock does not seem possible, so it's debatable if there's any reason to modify the kernel. I suggest we should to prevent future surprises. And Wang Long said "this deadlock occurs three times in our environment", so there's more reason to apply this, even to stable. Stable 4.4 has minor conflicts applying this patch. For a clean 4.4 patch see "[PATCH for-4.4] writeback: safer lock nesting" https://lkml.org/lkml/2018/4/11/146 Wang Long said "this deadlock occurs three times in our environment" [gthelen(a)google.com: v4] Link: http://lkml.kernel.org/r/20180411084653.254724-1-gthelen@google.com [akpm(a)linux-foundation.org: comment tweaks, struct initialization simplification] Change-Id: Ibb773e8045852978f6207074491d262f1b3fb613 Link: http://lkml.kernel.org/r/20180410005908.167976-1-gthelen@google.com Fixes: 682aa8e1a6a1 ("writeback: implement unlocked_inode_to_wb transaction and use it for stat updates") Signed-off-by: Greg Thelen <gthelen(a)google.com> Reported-by: Wang Long <wanglong19(a)meituan.com> Acked-by: Wang Long <wanglong19(a)meituan.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Reviewed-by: Andrew Morton <akpm(a)linux-foundation.org> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Tejun Heo <tj(a)kernel.org> Cc: Nicholas Piggin <npiggin(a)gmail.com> Cc: <stable(a)vger.kernel.org> [v4.2+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> diff --git a/fs/fs-writeback.c b/fs/fs-writeback.c index 4b12ba70a895..47d7c151fcba 100644 --- a/fs/fs-writeback.c +++ b/fs/fs-writeback.c @@ -745,11 +745,12 @@ int inode_congested(struct inode *inode, int cong_bits) */ if (inode && inode_to_wb_is_valid(inode)) { struct bdi_writeback *wb; - bool locked, congested; + struct wb_lock_cookie lock_cookie = {}; + bool congested; - wb = unlocked_inode_to_wb_begin(inode, &locked); + wb = unlocked_inode_to_wb_begin(inode, &lock_cookie); congested = wb_congested(wb, cong_bits); - unlocked_inode_to_wb_end(inode, locked); + unlocked_inode_to_wb_end(inode, &lock_cookie); return congested; } diff --git a/include/linux/backing-dev-defs.h b/include/linux/backing-dev-defs.h index bfe86b54f6c1..0bd432a4d7bd 100644 --- a/include/linux/backing-dev-defs.h +++ b/include/linux/backing-dev-defs.h @@ -223,6 +223,11 @@ static inline void set_bdi_congested(struct backing_dev_info *bdi, int sync) set_wb_congested(bdi->wb.congested, sync); } +struct wb_lock_cookie { + bool locked; + unsigned long flags; +}; + #ifdef CONFIG_CGROUP_WRITEBACK /** diff --git a/include/linux/backing-dev.h b/include/linux/backing-dev.h index f6be4b0b6c18..72ca0f3d39f3 100644 --- a/include/linux/backing-dev.h +++ b/include/linux/backing-dev.h @@ -347,7 +347,7 @@ static inline struct bdi_writeback *inode_to_wb(const struct inode *inode) /** * unlocked_inode_to_wb_begin - begin unlocked inode wb access transaction * @inode: target inode - * @lockedp: temp bool output param, to be passed to the end function + * @cookie: output param, to be passed to the end function * * The caller wants to access the wb associated with @inode but isn't * holding inode->i_lock, the i_pages lock or wb->list_lock. This @@ -355,12 +355,12 @@ static inline struct bdi_writeback *inode_to_wb(const struct inode *inode) * association doesn't change until the transaction is finished with * unlocked_inode_to_wb_end(). * - * The caller must call unlocked_inode_to_wb_end() with *@lockdep - * afterwards and can't sleep during transaction. IRQ may or may not be - * disabled on return. + * The caller must call unlocked_inode_to_wb_end() with *@cookie afterwards and + * can't sleep during the transaction. IRQs may or may not be disabled on + * return. */ static inline struct bdi_writeback * -unlocked_inode_to_wb_begin(struct inode *inode, bool *lockedp) +unlocked_inode_to_wb_begin(struct inode *inode, struct wb_lock_cookie *cookie) { rcu_read_lock(); @@ -368,10 +368,10 @@ unlocked_inode_to_wb_begin(struct inode *inode, bool *lockedp) * Paired with store_release in inode_switch_wb_work_fn() and * ensures that we see the new wb if we see cleared I_WB_SWITCH. */ - *lockedp = smp_load_acquire(&inode->i_state) & I_WB_SWITCH; + cookie->locked = smp_load_acquire(&inode->i_state) & I_WB_SWITCH; - if (unlikely(*lockedp)) - xa_lock_irq(&inode->i_mapping->i_pages); + if (unlikely(cookie->locked)) + xa_lock_irqsave(&inode->i_mapping->i_pages, cookie->flags); /* * Protected by either !I_WB_SWITCH + rcu_read_lock() or the i_pages @@ -383,12 +383,13 @@ unlocked_inode_to_wb_begin(struct inode *inode, bool *lockedp) /** * unlocked_inode_to_wb_end - end inode wb access transaction * @inode: target inode - * @locked: *@lockedp from unlocked_inode_to_wb_begin() + * @cookie: @cookie from unlocked_inode_to_wb_begin() */ -static inline void unlocked_inode_to_wb_end(struct inode *inode, bool locked) +static inline void unlocked_inode_to_wb_end(struct inode *inode, + struct wb_lock_cookie *cookie) { - if (unlikely(locked)) - xa_unlock_irq(&inode->i_mapping->i_pages); + if (unlikely(cookie->locked)) + xa_unlock_irqrestore(&inode->i_mapping->i_pages, cookie->flags); rcu_read_unlock(); } @@ -435,12 +436,13 @@ static inline struct bdi_writeback *inode_to_wb(struct inode *inode) } static inline struct bdi_writeback * -unlocked_inode_to_wb_begin(struct inode *inode, bool *lockedp) +unlocked_inode_to_wb_begin(struct inode *inode, struct wb_lock_cookie *cookie) { return inode_to_wb(inode); } -static inline void unlocked_inode_to_wb_end(struct inode *inode, bool locked) +static inline void unlocked_inode_to_wb_end(struct inode *inode, + struct wb_lock_cookie *cookie) { } diff --git a/mm/page-writeback.c b/mm/page-writeback.c index 5c1a3279e63f..337c6afb3345 100644 --- a/mm/page-writeback.c +++ b/mm/page-writeback.c @@ -2502,13 +2502,13 @@ void account_page_redirty(struct page *page) if (mapping && mapping_cap_account_dirty(mapping)) { struct inode *inode = mapping->host; struct bdi_writeback *wb; - bool locked; + struct wb_lock_cookie cookie = {}; - wb = unlocked_inode_to_wb_begin(inode, &locked); + wb = unlocked_inode_to_wb_begin(inode, &cookie); current->nr_dirtied--; dec_node_page_state(page, NR_DIRTIED); dec_wb_stat(wb, WB_DIRTIED); - unlocked_inode_to_wb_end(inode, locked); + unlocked_inode_to_wb_end(inode, &cookie); } } EXPORT_SYMBOL(account_page_redirty); @@ -2614,15 +2614,15 @@ void __cancel_dirty_page(struct page *page) if (mapping_cap_account_dirty(mapping)) { struct inode *inode = mapping->host; struct bdi_writeback *wb; - bool locked; + struct wb_lock_cookie cookie = {}; lock_page_memcg(page); - wb = unlocked_inode_to_wb_begin(inode, &locked); + wb = unlocked_inode_to_wb_begin(inode, &cookie); if (TestClearPageDirty(page)) account_page_cleaned(page, mapping, wb); - unlocked_inode_to_wb_end(inode, locked); + unlocked_inode_to_wb_end(inode, &cookie); unlock_page_memcg(page); } else { ClearPageDirty(page); @@ -2654,7 +2654,7 @@ int clear_page_dirty_for_io(struct page *page) if (mapping && mapping_cap_account_dirty(mapping)) { struct inode *inode = mapping->host; struct bdi_writeback *wb; - bool locked; + struct wb_lock_cookie cookie = {}; /* * Yes, Virginia, this is indeed insane. @@ -2691,14 +2691,14 @@ int clear_page_dirty_for_io(struct page *page) * always locked coming in here, so we get the desired * exclusion. */ - wb = unlocked_inode_to_wb_begin(inode, &locked); + wb = unlocked_inode_to_wb_begin(inode, &cookie); if (TestClearPageDirty(page)) { dec_lruvec_page_state(page, NR_FILE_DIRTY); dec_zone_page_state(page, NR_ZONE_WRITE_PENDING); dec_wb_stat(wb, WB_RECLAIMABLE); ret = 1; } - unlocked_inode_to_wb_end(inode, locked); + unlocked_inode_to_wb_end(inode, &cookie); return ret; } return TestClearPageDirty(page);

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] writeback: safer lock nesting" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 2e898e4c0a3897ccd434adac5abb8330194f527b Mon Sep 17 00:00:00 2001 From: Greg Thelen <gthelen(a)google.com> Date: Fri, 20 Apr 2018 14:55:42 -0700 Subject: [PATCH] writeback: safer lock nesting lock_page_memcg()/unlock_page_memcg() use spin_lock_irqsave/restore() if the page's memcg is undergoing move accounting, which occurs when a process leaves its memcg for a new one that has memory.move_charge_at_immigrate set. unlocked_inode_to_wb_begin,end() use spin_lock_irq/spin_unlock_irq() if the given inode is switching writeback domains. Switches occur when enough writes are issued from a new domain. This existing pattern is thus suspicious: lock_page_memcg(page); unlocked_inode_to_wb_begin(inode, &locked); ... unlocked_inode_to_wb_end(inode, locked); unlock_page_memcg(page); If both inode switch and process memcg migration are both in-flight then unlocked_inode_to_wb_end() will unconditionally enable interrupts while still holding the lock_page_memcg() irq spinlock. This suggests the possibility of deadlock if an interrupt occurs before unlock_page_memcg(). truncate __cancel_dirty_page lock_page_memcg unlocked_inode_to_wb_begin unlocked_inode_to_wb_end <interrupts mistakenly enabled> <interrupt> end_page_writeback test_clear_page_writeback lock_page_memcg <deadlock> unlock_page_memcg Due to configuration limitations this deadlock is not currently possible because we don't mix cgroup writeback (a cgroupv2 feature) and memory.move_charge_at_immigrate (a cgroupv1 feature). If the kernel is hacked to always claim inode switching and memcg moving_account, then this script triggers lockup in less than a minute: cd /mnt/cgroup/memory mkdir a b echo 1 > a/memory.move_charge_at_immigrate echo 1 > b/memory.move_charge_at_immigrate ( echo $BASHPID > a/cgroup.procs while true; do dd if=/dev/zero of=/mnt/big bs=1M count=256 done ) & while true; do sync done & sleep 1h & SLEEP=$! while true; do echo $SLEEP > a/cgroup.procs echo $SLEEP > b/cgroup.procs done The deadlock does not seem possible, so it's debatable if there's any reason to modify the kernel. I suggest we should to prevent future surprises. And Wang Long said "this deadlock occurs three times in our environment", so there's more reason to apply this, even to stable. Stable 4.4 has minor conflicts applying this patch. For a clean 4.4 patch see "[PATCH for-4.4] writeback: safer lock nesting" https://lkml.org/lkml/2018/4/11/146 Wang Long said "this deadlock occurs three times in our environment" [gthelen(a)google.com: v4] Link: http://lkml.kernel.org/r/20180411084653.254724-1-gthelen@google.com [akpm(a)linux-foundation.org: comment tweaks, struct initialization simplification] Change-Id: Ibb773e8045852978f6207074491d262f1b3fb613 Link: http://lkml.kernel.org/r/20180410005908.167976-1-gthelen@google.com Fixes: 682aa8e1a6a1 ("writeback: implement unlocked_inode_to_wb transaction and use it for stat updates") Signed-off-by: Greg Thelen <gthelen(a)google.com> Reported-by: Wang Long <wanglong19(a)meituan.com> Acked-by: Wang Long <wanglong19(a)meituan.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Reviewed-by: Andrew Morton <akpm(a)linux-foundation.org> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Tejun Heo <tj(a)kernel.org> Cc: Nicholas Piggin <npiggin(a)gmail.com> Cc: <stable(a)vger.kernel.org> [v4.2+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> diff --git a/fs/fs-writeback.c b/fs/fs-writeback.c index 4b12ba70a895..47d7c151fcba 100644 --- a/fs/fs-writeback.c +++ b/fs/fs-writeback.c @@ -745,11 +745,12 @@ int inode_congested(struct inode *inode, int cong_bits) */ if (inode && inode_to_wb_is_valid(inode)) { struct bdi_writeback *wb; - bool locked, congested; + struct wb_lock_cookie lock_cookie = {}; + bool congested; - wb = unlocked_inode_to_wb_begin(inode, &locked); + wb = unlocked_inode_to_wb_begin(inode, &lock_cookie); congested = wb_congested(wb, cong_bits); - unlocked_inode_to_wb_end(inode, locked); + unlocked_inode_to_wb_end(inode, &lock_cookie); return congested; } diff --git a/include/linux/backing-dev-defs.h b/include/linux/backing-dev-defs.h index bfe86b54f6c1..0bd432a4d7bd 100644 --- a/include/linux/backing-dev-defs.h +++ b/include/linux/backing-dev-defs.h @@ -223,6 +223,11 @@ static inline void set_bdi_congested(struct backing_dev_info *bdi, int sync) set_wb_congested(bdi->wb.congested, sync); } +struct wb_lock_cookie { + bool locked; + unsigned long flags; +}; + #ifdef CONFIG_CGROUP_WRITEBACK /** diff --git a/include/linux/backing-dev.h b/include/linux/backing-dev.h index f6be4b0b6c18..72ca0f3d39f3 100644 --- a/include/linux/backing-dev.h +++ b/include/linux/backing-dev.h @@ -347,7 +347,7 @@ static inline struct bdi_writeback *inode_to_wb(const struct inode *inode) /** * unlocked_inode_to_wb_begin - begin unlocked inode wb access transaction * @inode: target inode - * @lockedp: temp bool output param, to be passed to the end function + * @cookie: output param, to be passed to the end function * * The caller wants to access the wb associated with @inode but isn't * holding inode->i_lock, the i_pages lock or wb->list_lock. This @@ -355,12 +355,12 @@ static inline struct bdi_writeback *inode_to_wb(const struct inode *inode) * association doesn't change until the transaction is finished with * unlocked_inode_to_wb_end(). * - * The caller must call unlocked_inode_to_wb_end() with *@lockdep - * afterwards and can't sleep during transaction. IRQ may or may not be - * disabled on return. + * The caller must call unlocked_inode_to_wb_end() with *@cookie afterwards and + * can't sleep during the transaction. IRQs may or may not be disabled on + * return. */ static inline struct bdi_writeback * -unlocked_inode_to_wb_begin(struct inode *inode, bool *lockedp) +unlocked_inode_to_wb_begin(struct inode *inode, struct wb_lock_cookie *cookie) { rcu_read_lock(); @@ -368,10 +368,10 @@ unlocked_inode_to_wb_begin(struct inode *inode, bool *lockedp) * Paired with store_release in inode_switch_wb_work_fn() and * ensures that we see the new wb if we see cleared I_WB_SWITCH. */ - *lockedp = smp_load_acquire(&inode->i_state) & I_WB_SWITCH; + cookie->locked = smp_load_acquire(&inode->i_state) & I_WB_SWITCH; - if (unlikely(*lockedp)) - xa_lock_irq(&inode->i_mapping->i_pages); + if (unlikely(cookie->locked)) + xa_lock_irqsave(&inode->i_mapping->i_pages, cookie->flags); /* * Protected by either !I_WB_SWITCH + rcu_read_lock() or the i_pages @@ -383,12 +383,13 @@ unlocked_inode_to_wb_begin(struct inode *inode, bool *lockedp) /** * unlocked_inode_to_wb_end - end inode wb access transaction * @inode: target inode - * @locked: *@lockedp from unlocked_inode_to_wb_begin() + * @cookie: @cookie from unlocked_inode_to_wb_begin() */ -static inline void unlocked_inode_to_wb_end(struct inode *inode, bool locked) +static inline void unlocked_inode_to_wb_end(struct inode *inode, + struct wb_lock_cookie *cookie) { - if (unlikely(locked)) - xa_unlock_irq(&inode->i_mapping->i_pages); + if (unlikely(cookie->locked)) + xa_unlock_irqrestore(&inode->i_mapping->i_pages, cookie->flags); rcu_read_unlock(); } @@ -435,12 +436,13 @@ static inline struct bdi_writeback *inode_to_wb(struct inode *inode) } static inline struct bdi_writeback * -unlocked_inode_to_wb_begin(struct inode *inode, bool *lockedp) +unlocked_inode_to_wb_begin(struct inode *inode, struct wb_lock_cookie *cookie) { return inode_to_wb(inode); } -static inline void unlocked_inode_to_wb_end(struct inode *inode, bool locked) +static inline void unlocked_inode_to_wb_end(struct inode *inode, + struct wb_lock_cookie *cookie) { } diff --git a/mm/page-writeback.c b/mm/page-writeback.c index 5c1a3279e63f..337c6afb3345 100644 --- a/mm/page-writeback.c +++ b/mm/page-writeback.c @@ -2502,13 +2502,13 @@ void account_page_redirty(struct page *page) if (mapping && mapping_cap_account_dirty(mapping)) { struct inode *inode = mapping->host; struct bdi_writeback *wb; - bool locked; + struct wb_lock_cookie cookie = {}; - wb = unlocked_inode_to_wb_begin(inode, &locked); + wb = unlocked_inode_to_wb_begin(inode, &cookie); current->nr_dirtied--; dec_node_page_state(page, NR_DIRTIED); dec_wb_stat(wb, WB_DIRTIED); - unlocked_inode_to_wb_end(inode, locked); + unlocked_inode_to_wb_end(inode, &cookie); } } EXPORT_SYMBOL(account_page_redirty); @@ -2614,15 +2614,15 @@ void __cancel_dirty_page(struct page *page) if (mapping_cap_account_dirty(mapping)) { struct inode *inode = mapping->host; struct bdi_writeback *wb; - bool locked; + struct wb_lock_cookie cookie = {}; lock_page_memcg(page); - wb = unlocked_inode_to_wb_begin(inode, &locked); + wb = unlocked_inode_to_wb_begin(inode, &cookie); if (TestClearPageDirty(page)) account_page_cleaned(page, mapping, wb); - unlocked_inode_to_wb_end(inode, locked); + unlocked_inode_to_wb_end(inode, &cookie); unlock_page_memcg(page); } else { ClearPageDirty(page); @@ -2654,7 +2654,7 @@ int clear_page_dirty_for_io(struct page *page) if (mapping && mapping_cap_account_dirty(mapping)) { struct inode *inode = mapping->host; struct bdi_writeback *wb; - bool locked; + struct wb_lock_cookie cookie = {}; /* * Yes, Virginia, this is indeed insane. @@ -2691,14 +2691,14 @@ int clear_page_dirty_for_io(struct page *page) * always locked coming in here, so we get the desired * exclusion. */ - wb = unlocked_inode_to_wb_begin(inode, &locked); + wb = unlocked_inode_to_wb_begin(inode, &cookie); if (TestClearPageDirty(page)) { dec_lruvec_page_state(page, NR_FILE_DIRTY); dec_zone_page_state(page, NR_ZONE_WRITE_PENDING); dec_wb_stat(wb, WB_RECLAIMABLE); ret = 1; } - unlocked_inode_to_wb_end(inode, locked); + unlocked_inode_to_wb_end(inode, &cookie); return ret; } return TestClearPageDirty(page);

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] writeback: safer lock nesting" failed to apply to 4.16-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.16-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 2e898e4c0a3897ccd434adac5abb8330194f527b Mon Sep 17 00:00:00 2001 From: Greg Thelen <gthelen(a)google.com> Date: Fri, 20 Apr 2018 14:55:42 -0700 Subject: [PATCH] writeback: safer lock nesting lock_page_memcg()/unlock_page_memcg() use spin_lock_irqsave/restore() if the page's memcg is undergoing move accounting, which occurs when a process leaves its memcg for a new one that has memory.move_charge_at_immigrate set. unlocked_inode_to_wb_begin,end() use spin_lock_irq/spin_unlock_irq() if the given inode is switching writeback domains. Switches occur when enough writes are issued from a new domain. This existing pattern is thus suspicious: lock_page_memcg(page); unlocked_inode_to_wb_begin(inode, &locked); ... unlocked_inode_to_wb_end(inode, locked); unlock_page_memcg(page); If both inode switch and process memcg migration are both in-flight then unlocked_inode_to_wb_end() will unconditionally enable interrupts while still holding the lock_page_memcg() irq spinlock. This suggests the possibility of deadlock if an interrupt occurs before unlock_page_memcg(). truncate __cancel_dirty_page lock_page_memcg unlocked_inode_to_wb_begin unlocked_inode_to_wb_end <interrupts mistakenly enabled> <interrupt> end_page_writeback test_clear_page_writeback lock_page_memcg <deadlock> unlock_page_memcg Due to configuration limitations this deadlock is not currently possible because we don't mix cgroup writeback (a cgroupv2 feature) and memory.move_charge_at_immigrate (a cgroupv1 feature). If the kernel is hacked to always claim inode switching and memcg moving_account, then this script triggers lockup in less than a minute: cd /mnt/cgroup/memory mkdir a b echo 1 > a/memory.move_charge_at_immigrate echo 1 > b/memory.move_charge_at_immigrate ( echo $BASHPID > a/cgroup.procs while true; do dd if=/dev/zero of=/mnt/big bs=1M count=256 done ) & while true; do sync done & sleep 1h & SLEEP=$! while true; do echo $SLEEP > a/cgroup.procs echo $SLEEP > b/cgroup.procs done The deadlock does not seem possible, so it's debatable if there's any reason to modify the kernel. I suggest we should to prevent future surprises. And Wang Long said "this deadlock occurs three times in our environment", so there's more reason to apply this, even to stable. Stable 4.4 has minor conflicts applying this patch. For a clean 4.4 patch see "[PATCH for-4.4] writeback: safer lock nesting" https://lkml.org/lkml/2018/4/11/146 Wang Long said "this deadlock occurs three times in our environment" [gthelen(a)google.com: v4] Link: http://lkml.kernel.org/r/20180411084653.254724-1-gthelen@google.com [akpm(a)linux-foundation.org: comment tweaks, struct initialization simplification] Change-Id: Ibb773e8045852978f6207074491d262f1b3fb613 Link: http://lkml.kernel.org/r/20180410005908.167976-1-gthelen@google.com Fixes: 682aa8e1a6a1 ("writeback: implement unlocked_inode_to_wb transaction and use it for stat updates") Signed-off-by: Greg Thelen <gthelen(a)google.com> Reported-by: Wang Long <wanglong19(a)meituan.com> Acked-by: Wang Long <wanglong19(a)meituan.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Reviewed-by: Andrew Morton <akpm(a)linux-foundation.org> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Tejun Heo <tj(a)kernel.org> Cc: Nicholas Piggin <npiggin(a)gmail.com> Cc: <stable(a)vger.kernel.org> [v4.2+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> diff --git a/fs/fs-writeback.c b/fs/fs-writeback.c index 4b12ba70a895..47d7c151fcba 100644 --- a/fs/fs-writeback.c +++ b/fs/fs-writeback.c @@ -745,11 +745,12 @@ int inode_congested(struct inode *inode, int cong_bits) */ if (inode && inode_to_wb_is_valid(inode)) { struct bdi_writeback *wb; - bool locked, congested; + struct wb_lock_cookie lock_cookie = {}; + bool congested; - wb = unlocked_inode_to_wb_begin(inode, &locked); + wb = unlocked_inode_to_wb_begin(inode, &lock_cookie); congested = wb_congested(wb, cong_bits); - unlocked_inode_to_wb_end(inode, locked); + unlocked_inode_to_wb_end(inode, &lock_cookie); return congested; } diff --git a/include/linux/backing-dev-defs.h b/include/linux/backing-dev-defs.h index bfe86b54f6c1..0bd432a4d7bd 100644 --- a/include/linux/backing-dev-defs.h +++ b/include/linux/backing-dev-defs.h @@ -223,6 +223,11 @@ static inline void set_bdi_congested(struct backing_dev_info *bdi, int sync) set_wb_congested(bdi->wb.congested, sync); } +struct wb_lock_cookie { + bool locked; + unsigned long flags; +}; + #ifdef CONFIG_CGROUP_WRITEBACK /** diff --git a/include/linux/backing-dev.h b/include/linux/backing-dev.h index f6be4b0b6c18..72ca0f3d39f3 100644 --- a/include/linux/backing-dev.h +++ b/include/linux/backing-dev.h @@ -347,7 +347,7 @@ static inline struct bdi_writeback *inode_to_wb(const struct inode *inode) /** * unlocked_inode_to_wb_begin - begin unlocked inode wb access transaction * @inode: target inode - * @lockedp: temp bool output param, to be passed to the end function + * @cookie: output param, to be passed to the end function * * The caller wants to access the wb associated with @inode but isn't * holding inode->i_lock, the i_pages lock or wb->list_lock. This @@ -355,12 +355,12 @@ static inline struct bdi_writeback *inode_to_wb(const struct inode *inode) * association doesn't change until the transaction is finished with * unlocked_inode_to_wb_end(). * - * The caller must call unlocked_inode_to_wb_end() with *@lockdep - * afterwards and can't sleep during transaction. IRQ may or may not be - * disabled on return. + * The caller must call unlocked_inode_to_wb_end() with *@cookie afterwards and + * can't sleep during the transaction. IRQs may or may not be disabled on + * return. */ static inline struct bdi_writeback * -unlocked_inode_to_wb_begin(struct inode *inode, bool *lockedp) +unlocked_inode_to_wb_begin(struct inode *inode, struct wb_lock_cookie *cookie) { rcu_read_lock(); @@ -368,10 +368,10 @@ unlocked_inode_to_wb_begin(struct inode *inode, bool *lockedp) * Paired with store_release in inode_switch_wb_work_fn() and * ensures that we see the new wb if we see cleared I_WB_SWITCH. */ - *lockedp = smp_load_acquire(&inode->i_state) & I_WB_SWITCH; + cookie->locked = smp_load_acquire(&inode->i_state) & I_WB_SWITCH; - if (unlikely(*lockedp)) - xa_lock_irq(&inode->i_mapping->i_pages); + if (unlikely(cookie->locked)) + xa_lock_irqsave(&inode->i_mapping->i_pages, cookie->flags); /* * Protected by either !I_WB_SWITCH + rcu_read_lock() or the i_pages @@ -383,12 +383,13 @@ unlocked_inode_to_wb_begin(struct inode *inode, bool *lockedp) /** * unlocked_inode_to_wb_end - end inode wb access transaction * @inode: target inode - * @locked: *@lockedp from unlocked_inode_to_wb_begin() + * @cookie: @cookie from unlocked_inode_to_wb_begin() */ -static inline void unlocked_inode_to_wb_end(struct inode *inode, bool locked) +static inline void unlocked_inode_to_wb_end(struct inode *inode, + struct wb_lock_cookie *cookie) { - if (unlikely(locked)) - xa_unlock_irq(&inode->i_mapping->i_pages); + if (unlikely(cookie->locked)) + xa_unlock_irqrestore(&inode->i_mapping->i_pages, cookie->flags); rcu_read_unlock(); } @@ -435,12 +436,13 @@ static inline struct bdi_writeback *inode_to_wb(struct inode *inode) } static inline struct bdi_writeback * -unlocked_inode_to_wb_begin(struct inode *inode, bool *lockedp) +unlocked_inode_to_wb_begin(struct inode *inode, struct wb_lock_cookie *cookie) { return inode_to_wb(inode); } -static inline void unlocked_inode_to_wb_end(struct inode *inode, bool locked) +static inline void unlocked_inode_to_wb_end(struct inode *inode, + struct wb_lock_cookie *cookie) { } diff --git a/mm/page-writeback.c b/mm/page-writeback.c index 5c1a3279e63f..337c6afb3345 100644 --- a/mm/page-writeback.c +++ b/mm/page-writeback.c @@ -2502,13 +2502,13 @@ void account_page_redirty(struct page *page) if (mapping && mapping_cap_account_dirty(mapping)) { struct inode *inode = mapping->host; struct bdi_writeback *wb; - bool locked; + struct wb_lock_cookie cookie = {}; - wb = unlocked_inode_to_wb_begin(inode, &locked); + wb = unlocked_inode_to_wb_begin(inode, &cookie); current->nr_dirtied--; dec_node_page_state(page, NR_DIRTIED); dec_wb_stat(wb, WB_DIRTIED); - unlocked_inode_to_wb_end(inode, locked); + unlocked_inode_to_wb_end(inode, &cookie); } } EXPORT_SYMBOL(account_page_redirty); @@ -2614,15 +2614,15 @@ void __cancel_dirty_page(struct page *page) if (mapping_cap_account_dirty(mapping)) { struct inode *inode = mapping->host; struct bdi_writeback *wb; - bool locked; + struct wb_lock_cookie cookie = {}; lock_page_memcg(page); - wb = unlocked_inode_to_wb_begin(inode, &locked); + wb = unlocked_inode_to_wb_begin(inode, &cookie); if (TestClearPageDirty(page)) account_page_cleaned(page, mapping, wb); - unlocked_inode_to_wb_end(inode, locked); + unlocked_inode_to_wb_end(inode, &cookie); unlock_page_memcg(page); } else { ClearPageDirty(page); @@ -2654,7 +2654,7 @@ int clear_page_dirty_for_io(struct page *page) if (mapping && mapping_cap_account_dirty(mapping)) { struct inode *inode = mapping->host; struct bdi_writeback *wb; - bool locked; + struct wb_lock_cookie cookie = {}; /* * Yes, Virginia, this is indeed insane. @@ -2691,14 +2691,14 @@ int clear_page_dirty_for_io(struct page *page) * always locked coming in here, so we get the desired * exclusion. */ - wb = unlocked_inode_to_wb_begin(inode, &locked); + wb = unlocked_inode_to_wb_begin(inode, &cookie); if (TestClearPageDirty(page)) { dec_lruvec_page_state(page, NR_FILE_DIRTY); dec_zone_page_state(page, NR_ZONE_WRITE_PENDING); dec_wb_stat(wb, WB_RECLAIMABLE); ret = 1; } - unlocked_inode_to_wb_end(inode, locked); + unlocked_inode_to_wb_end(inode, &cookie); return ret; } return TestClearPageDirty(page);

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] mm/filemap.c: fix NULL pointer in page_cache_tree_insert()" failed to apply to 3.18-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 3.18-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From abc1be13fd113ddef5e2d807a466286b864caed3 Mon Sep 17 00:00:00 2001 From: Matthew Wilcox <mawilcox(a)microsoft.com> Date: Fri, 20 Apr 2018 14:56:20 -0700 Subject: [PATCH] mm/filemap.c: fix NULL pointer in page_cache_tree_insert() f2fs specifies the __GFP_ZERO flag for allocating some of its pages. Unfortunately, the page cache also uses the mapping's GFP flags for allocating radix tree nodes. It always masked off the __GFP_HIGHMEM flag, and masks off __GFP_ZERO in some paths, but not all. That causes radix tree nodes to be allocated with a NULL list_head, which causes backtraces like: __list_del_entry+0x30/0xd0 list_lru_del+0xac/0x1ac page_cache_tree_insert+0xd8/0x110 The __GFP_DMA and __GFP_DMA32 flags would also be able to sneak through if they are ever used. Fix them all by using GFP_RECLAIM_MASK at the innermost location, and remove it from earlier in the callchain. Link: http://lkml.kernel.org/r/20180411060320.14458-2-willy@infradead.org Fixes: 449dd6984d0e ("mm: keep page cache radix tree nodes in check") Signed-off-by: Matthew Wilcox <mawilcox(a)microsoft.com> Reported-by: Chris Fries <cfries(a)google.com> Debugged-by: Minchan Kim <minchan(a)kernel.org> Acked-by: Johannes Weiner <hannes(a)cmpxchg.org> Acked-by: Michal Hocko <mhocko(a)suse.com> Reviewed-by: Jan Kara <jack(a)suse.cz> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> diff --git a/mm/filemap.c b/mm/filemap.c index 9276bdb2343c..0604cb02e6f3 100644 --- a/mm/filemap.c +++ b/mm/filemap.c @@ -786,7 +786,7 @@ int replace_page_cache_page(struct page *old, struct page *new, gfp_t gfp_mask) VM_BUG_ON_PAGE(!PageLocked(new), new); VM_BUG_ON_PAGE(new->mapping, new); - error = radix_tree_preload(gfp_mask & ~__GFP_HIGHMEM); + error = radix_tree_preload(gfp_mask & GFP_RECLAIM_MASK); if (!error) { struct address_space *mapping = old->mapping; void (*freepage)(struct page *); @@ -842,7 +842,7 @@ static int __add_to_page_cache_locked(struct page *page, return error; } - error = radix_tree_maybe_preload(gfp_mask & ~__GFP_HIGHMEM); + error = radix_tree_maybe_preload(gfp_mask & GFP_RECLAIM_MASK); if (error) { if (!huge) mem_cgroup_cancel_charge(page, memcg, false); @@ -1585,8 +1585,7 @@ struct page *pagecache_get_page(struct address_space *mapping, pgoff_t offset, if (fgp_flags & FGP_ACCESSED) __SetPageReferenced(page); - err = add_to_page_cache_lru(page, mapping, offset, - gfp_mask & GFP_RECLAIM_MASK); + err = add_to_page_cache_lru(page, mapping, offset, gfp_mask); if (unlikely(err)) { put_page(page); page = NULL; @@ -2387,7 +2386,7 @@ static int page_cache_read(struct file *file, pgoff_t offset, gfp_t gfp_mask) if (!page) return -ENOMEM; - ret = add_to_page_cache_lru(page, mapping, offset, gfp_mask & GFP_KERNEL); + ret = add_to_page_cache_lru(page, mapping, offset, gfp_mask); if (ret == 0) ret = mapping->a_ops->readpage(file, page); else if (ret == -EEXIST)

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] rapidio: fix rio_dma_transfer error handling" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From c5157b76869ba98c3a99a1982396437464e131a6 Mon Sep 17 00:00:00 2001 From: Ioan Nicu <ioan.nicu.ext(a)nokia.com> Date: Fri, 20 Apr 2018 14:55:49 -0700 Subject: [PATCH] rapidio: fix rio_dma_transfer error handling Some of the mport_dma_req structure members were initialized late inside the do_dma_request() function, just before submitting the request to the dma engine. But we have some error branches before that. In case of such an error, the code would return on the error path and trigger the calling of dma_req_free() with a req structure which is not completely initialized. This causes a NULL pointer dereference in dma_req_free(). This patch fixes these error branches by making sure that all necessary mport_dma_req structure members are initialized in rio_dma_transfer() immediately after the request structure gets allocated. Link: http://lkml.kernel.org/r/20180412150605.GA31409@nokia.com Fixes: bbd876adb8c72 ("rapidio: use a reference count for struct mport_dma_req") Signed-off-by: Ioan Nicu <ioan.nicu.ext(a)nokia.com> Tested-by: Alexander Sverdlin <alexander.sverdlin(a)nokia.com> Acked-by: Alexandre Bounine <alex.bou9(a)gmail.com> Cc: Barry Wood <barry.wood(a)idt.com> Cc: Matt Porter <mporter(a)kernel.crashing.org> Cc: Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> Cc: Logan Gunthorpe <logang(a)deltatee.com> Cc: Chris Wilson <chris(a)chris-wilson.co.uk> Cc: Tvrtko Ursulin <tvrtko.ursulin(a)intel.com> Cc: Frank Kunz <frank.kunz(a)nokia.com> Cc: <stable(a)vger.kernel.org> [4.6+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> diff --git a/drivers/rapidio/devices/rio_mport_cdev.c b/drivers/rapidio/devices/rio_mport_cdev.c index 9d27016c899e..0434ab7b6497 100644 --- a/drivers/rapidio/devices/rio_mport_cdev.c +++ b/drivers/rapidio/devices/rio_mport_cdev.c @@ -740,10 +740,7 @@ static int do_dma_request(struct mport_dma_req *req, tx->callback = dma_xfer_callback; tx->callback_param = req; - req->dmach = chan; - req->sync = sync; req->status = DMA_IN_PROGRESS; - init_completion(&req->req_comp); kref_get(&req->refcount); cookie = dmaengine_submit(tx); @@ -831,13 +828,20 @@ rio_dma_transfer(struct file *filp, u32 transfer_mode, if (!req) return -ENOMEM; - kref_init(&req->refcount); - ret = get_dma_channel(priv); if (ret) { kfree(req); return ret; } + chan = priv->dmach; + + kref_init(&req->refcount); + init_completion(&req->req_comp); + req->dir = dir; + req->filp = filp; + req->priv = priv; + req->dmach = chan; + req->sync = sync; /* * If parameter loc_addr != NULL, we are transferring data from/to @@ -925,11 +929,6 @@ rio_dma_transfer(struct file *filp, u32 transfer_mode, xfer->offset, xfer->length); } - req->dir = dir; - req->filp = filp; - req->priv = priv; - chan = priv->dmach; - nents = dma_map_sg(chan->device->dev, req->sgt.sgl, req->sgt.nents, dir); if (nents == 0) {

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] rapidio: fix rio_dma_transfer error handling" failed to apply to 4.16-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.16-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From c5157b76869ba98c3a99a1982396437464e131a6 Mon Sep 17 00:00:00 2001 From: Ioan Nicu <ioan.nicu.ext(a)nokia.com> Date: Fri, 20 Apr 2018 14:55:49 -0700 Subject: [PATCH] rapidio: fix rio_dma_transfer error handling Some of the mport_dma_req structure members were initialized late inside the do_dma_request() function, just before submitting the request to the dma engine. But we have some error branches before that. In case of such an error, the code would return on the error path and trigger the calling of dma_req_free() with a req structure which is not completely initialized. This causes a NULL pointer dereference in dma_req_free(). This patch fixes these error branches by making sure that all necessary mport_dma_req structure members are initialized in rio_dma_transfer() immediately after the request structure gets allocated. Link: http://lkml.kernel.org/r/20180412150605.GA31409@nokia.com Fixes: bbd876adb8c72 ("rapidio: use a reference count for struct mport_dma_req") Signed-off-by: Ioan Nicu <ioan.nicu.ext(a)nokia.com> Tested-by: Alexander Sverdlin <alexander.sverdlin(a)nokia.com> Acked-by: Alexandre Bounine <alex.bou9(a)gmail.com> Cc: Barry Wood <barry.wood(a)idt.com> Cc: Matt Porter <mporter(a)kernel.crashing.org> Cc: Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> Cc: Logan Gunthorpe <logang(a)deltatee.com> Cc: Chris Wilson <chris(a)chris-wilson.co.uk> Cc: Tvrtko Ursulin <tvrtko.ursulin(a)intel.com> Cc: Frank Kunz <frank.kunz(a)nokia.com> Cc: <stable(a)vger.kernel.org> [4.6+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> diff --git a/drivers/rapidio/devices/rio_mport_cdev.c b/drivers/rapidio/devices/rio_mport_cdev.c index 9d27016c899e..0434ab7b6497 100644 --- a/drivers/rapidio/devices/rio_mport_cdev.c +++ b/drivers/rapidio/devices/rio_mport_cdev.c @@ -740,10 +740,7 @@ static int do_dma_request(struct mport_dma_req *req, tx->callback = dma_xfer_callback; tx->callback_param = req; - req->dmach = chan; - req->sync = sync; req->status = DMA_IN_PROGRESS; - init_completion(&req->req_comp); kref_get(&req->refcount); cookie = dmaengine_submit(tx); @@ -831,13 +828,20 @@ rio_dma_transfer(struct file *filp, u32 transfer_mode, if (!req) return -ENOMEM; - kref_init(&req->refcount); - ret = get_dma_channel(priv); if (ret) { kfree(req); return ret; } + chan = priv->dmach; + + kref_init(&req->refcount); + init_completion(&req->req_comp); + req->dir = dir; + req->filp = filp; + req->priv = priv; + req->dmach = chan; + req->sync = sync; /* * If parameter loc_addr != NULL, we are transferring data from/to @@ -925,11 +929,6 @@ rio_dma_transfer(struct file *filp, u32 transfer_mode, xfer->offset, xfer->length); } - req->dir = dir; - req->filp = filp; - req->priv = priv; - chan = priv->dmach; - nents = dma_map_sg(chan->device->dev, req->sgt.sgl, req->sgt.nents, dir); if (nents == 0) {

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] drm/i915: Correctly handle limited range YCbCr data on" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 5deae9191130db6b617c94fb261804597cf9b508 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ville=20Syrj=C3=A4l=C3=A4?= <ville.syrjala(a)linux.intel.com> Date: Wed, 14 Feb 2018 21:23:23 +0200 Subject: [PATCH] drm/i915: Correctly handle limited range YCbCr data on VLV/CHV MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Turns out the VLV/CHV fixed function sprite CSC expects full range data as input. We've been feeding it limited range data to it all along. To expand the data out to full range we'll use the color correction registers (brightness, contrast, and saturation). On CHV pipe B we were actually doing the right thing already because we progammed the custom CSC matrix to do expect limited range input. Now that well pre-expand the data out with the color correction unit, we need to change the CSC matrix to operate with full range input instead. This should make the sprite output of the other pipes match the sprite output of pipe B reasonably well. Looking at the resulting pipe CRCs, there can be a slight difference in the output, but as I don't know the formula used by the fixed function CSC of the other pipes, I don't think it's worth the effort to try to match the output exactly. It might not even be possible due to difference in internal precision etc. One slight caveat here is that the color correction registers are single bufferred, so we should really be updating them during vblank, but we still don't have a mechanism for that, so just toss in another FIXME. v2: Rebase v3: s/bri/brightness/ s/con/contrast/ (Shashank) v4: Clarify the constants and math (Shashank) Cc: Harry Wentland <harry.wentland(a)amd.com> Cc: Daniel Vetter <daniel(a)ffwll.ch> Cc: Daniel Stone <daniel(a)fooishbar.org> Cc: Russell King - ARM Linux <linux(a)armlinux.org.uk> Cc: Ilia Mirkin <imirkin(a)alum.mit.edu> Cc: Hans Verkuil <hverkuil(a)xs4all.nl> Cc: Shashank Sharma <shashank.sharma(a)intel.com> Cc: Uma Shankar <uma.shankar(a)intel.com> Cc: Jyri Sarha <jsarha(a)ti.com> Cc: "Tang, Jun" <jun.tang(a)intel.com> Reported-by: "Tang, Jun" <jun.tang(a)intel.com> Cc: stable(a)vger.kernel.org Fixes: 7f1f3851feb0 ("drm/i915: sprite support for ValleyView v4") Reviewed-by: Shashank Sharma <shashank.sharma(a)intel.com> Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20180214192327.3250-5-ville.s… diff --git a/drivers/gpu/drm/i915/i915_reg.h b/drivers/gpu/drm/i915/i915_reg.h index e9c79b560823..aaed94f074f5 100644 --- a/drivers/gpu/drm/i915/i915_reg.h +++ b/drivers/gpu/drm/i915/i915_reg.h @@ -6278,6 +6278,12 @@ enum { #define _SPATILEOFF (VLV_DISPLAY_BASE + 0x721a4) #define _SPACONSTALPHA (VLV_DISPLAY_BASE + 0x721a8) #define SP_CONST_ALPHA_ENABLE (1<<31) +#define _SPACLRC0 (VLV_DISPLAY_BASE + 0x721d0) +#define SP_CONTRAST(x) ((x) << 18) /* u3.6 */ +#define SP_BRIGHTNESS(x) ((x) & 0xff) /* s8 */ +#define _SPACLRC1 (VLV_DISPLAY_BASE + 0x721d4) +#define SP_SH_SIN(x) (((x) & 0x7ff) << 16) /* s4.7 */ +#define SP_SH_COS(x) (x) /* u3.7 */ #define _SPAGAMC (VLV_DISPLAY_BASE + 0x721f4) #define _SPBCNTR (VLV_DISPLAY_BASE + 0x72280) @@ -6291,6 +6297,8 @@ enum { #define _SPBKEYMAXVAL (VLV_DISPLAY_BASE + 0x722a0) #define _SPBTILEOFF (VLV_DISPLAY_BASE + 0x722a4) #define _SPBCONSTALPHA (VLV_DISPLAY_BASE + 0x722a8) +#define _SPBCLRC0 (VLV_DISPLAY_BASE + 0x722d0) +#define _SPBCLRC1 (VLV_DISPLAY_BASE + 0x722d4) #define _SPBGAMC (VLV_DISPLAY_BASE + 0x722f4) #define _MMIO_VLV_SPR(pipe, plane_id, reg_a, reg_b) \ @@ -6307,6 +6315,8 @@ enum { #define SPKEYMAXVAL(pipe, plane_id) _MMIO_VLV_SPR((pipe), (plane_id), _SPAKEYMAXVAL, _SPBKEYMAXVAL) #define SPTILEOFF(pipe, plane_id) _MMIO_VLV_SPR((pipe), (plane_id), _SPATILEOFF, _SPBTILEOFF) #define SPCONSTALPHA(pipe, plane_id) _MMIO_VLV_SPR((pipe), (plane_id), _SPACONSTALPHA, _SPBCONSTALPHA) +#define SPCLRC0(pipe, plane_id) _MMIO_VLV_SPR((pipe), (plane_id), _SPACLRC0, _SPBCLRC0) +#define SPCLRC1(pipe, plane_id) _MMIO_VLV_SPR((pipe), (plane_id), _SPACLRC1, _SPBCLRC1) #define SPGAMC(pipe, plane_id) _MMIO_VLV_SPR((pipe), (plane_id), _SPAGAMC, _SPBGAMC) /* diff --git a/drivers/gpu/drm/i915/intel_sprite.c b/drivers/gpu/drm/i915/intel_sprite.c index 3be22c0fcfb5..9b7171f20549 100644 --- a/drivers/gpu/drm/i915/intel_sprite.c +++ b/drivers/gpu/drm/i915/intel_sprite.c @@ -346,44 +346,87 @@ skl_plane_get_hw_state(struct intel_plane *plane) } static void -chv_update_csc(struct intel_plane *plane, uint32_t format) +chv_update_csc(const struct intel_plane_state *plane_state) { + struct intel_plane *plane = to_intel_plane(plane_state->base.plane); struct drm_i915_private *dev_priv = to_i915(plane->base.dev); + const struct drm_framebuffer *fb = plane_state->base.fb; enum plane_id plane_id = plane->id; /* Seems RGB data bypasses the CSC always */ - if (!format_is_yuv(format)) + if (!format_is_yuv(fb->format->format)) return; /* - * BT.601 limited range YCbCr -> full range RGB + * BT.601 full range YCbCr -> full range RGB * - * |r| | 6537 4769 0| |cr | - * |g| = |-3330 4769 -1605| x |y-64| - * |b| | 0 4769 8263| |cb | + * |r| | 5743 4096 0| |cr| + * |g| = |-2925 4096 -1410| x |y | + * |b| | 0 4096 7258| |cb| * - * Cb and Cr apparently come in as signed already, so no - * need for any offset. For Y we need to remove the offset. + * Cb and Cr apparently come in as signed already, + * and we get full range data in on account of CLRC0/1 */ - I915_WRITE_FW(SPCSCYGOFF(plane_id), SPCSC_OOFF(0) | SPCSC_IOFF(-64)); + I915_WRITE_FW(SPCSCYGOFF(plane_id), SPCSC_OOFF(0) | SPCSC_IOFF(0)); I915_WRITE_FW(SPCSCCBOFF(plane_id), SPCSC_OOFF(0) | SPCSC_IOFF(0)); I915_WRITE_FW(SPCSCCROFF(plane_id), SPCSC_OOFF(0) | SPCSC_IOFF(0)); - I915_WRITE_FW(SPCSCC01(plane_id), SPCSC_C1(4769) | SPCSC_C0(6537)); - I915_WRITE_FW(SPCSCC23(plane_id), SPCSC_C1(-3330) | SPCSC_C0(0)); - I915_WRITE_FW(SPCSCC45(plane_id), SPCSC_C1(-1605) | SPCSC_C0(4769)); - I915_WRITE_FW(SPCSCC67(plane_id), SPCSC_C1(4769) | SPCSC_C0(0)); - I915_WRITE_FW(SPCSCC8(plane_id), SPCSC_C0(8263)); + I915_WRITE_FW(SPCSCC01(plane_id), SPCSC_C1(4096) | SPCSC_C0(5743)); + I915_WRITE_FW(SPCSCC23(plane_id), SPCSC_C1(-2925) | SPCSC_C0(0)); + I915_WRITE_FW(SPCSCC45(plane_id), SPCSC_C1(-1410) | SPCSC_C0(4096)); + I915_WRITE_FW(SPCSCC67(plane_id), SPCSC_C1(4096) | SPCSC_C0(0)); + I915_WRITE_FW(SPCSCC8(plane_id), SPCSC_C0(7258)); - I915_WRITE_FW(SPCSCYGICLAMP(plane_id), SPCSC_IMAX(940) | SPCSC_IMIN(64)); - I915_WRITE_FW(SPCSCCBICLAMP(plane_id), SPCSC_IMAX(448) | SPCSC_IMIN(-448)); - I915_WRITE_FW(SPCSCCRICLAMP(plane_id), SPCSC_IMAX(448) | SPCSC_IMIN(-448)); + I915_WRITE_FW(SPCSCYGICLAMP(plane_id), SPCSC_IMAX(1023) | SPCSC_IMIN(0)); + I915_WRITE_FW(SPCSCCBICLAMP(plane_id), SPCSC_IMAX(512) | SPCSC_IMIN(-512)); + I915_WRITE_FW(SPCSCCRICLAMP(plane_id), SPCSC_IMAX(512) | SPCSC_IMIN(-512)); I915_WRITE_FW(SPCSCYGOCLAMP(plane_id), SPCSC_OMAX(1023) | SPCSC_OMIN(0)); I915_WRITE_FW(SPCSCCBOCLAMP(plane_id), SPCSC_OMAX(1023) | SPCSC_OMIN(0)); I915_WRITE_FW(SPCSCCROCLAMP(plane_id), SPCSC_OMAX(1023) | SPCSC_OMIN(0)); } +#define SIN_0 0 +#define COS_0 1 + +static void +vlv_update_clrc(const struct intel_plane_state *plane_state) +{ + struct intel_plane *plane = to_intel_plane(plane_state->base.plane); + struct drm_i915_private *dev_priv = to_i915(plane->base.dev); + const struct drm_framebuffer *fb = plane_state->base.fb; + enum pipe pipe = plane->pipe; + enum plane_id plane_id = plane->id; + int contrast, brightness, sh_scale, sh_sin, sh_cos; + + if (format_is_yuv(fb->format->format)) { + /* + * Expand limited range to full range: + * Contrast is applied first and is used to expand Y range. + * Brightness is applied second and is used to remove the + * offset from Y. Saturation/hue is used to expand CbCr range. + */ + contrast = DIV_ROUND_CLOSEST(255 << 6, 235 - 16); + brightness = -DIV_ROUND_CLOSEST(16 * 255, 235 - 16); + sh_scale = DIV_ROUND_CLOSEST(128 << 7, 240 - 128); + sh_sin = SIN_0 * sh_scale; + sh_cos = COS_0 * sh_scale; + } else { + /* Pass-through everything. */ + contrast = 1 << 6; + brightness = 0; + sh_scale = 1 << 7; + sh_sin = SIN_0 * sh_scale; + sh_cos = COS_0 * sh_scale; + } + + /* FIXME these register are single buffered :( */ + I915_WRITE_FW(SPCLRC0(pipe, plane_id), + SP_CONTRAST(contrast) | SP_BRIGHTNESS(brightness)); + I915_WRITE_FW(SPCLRC1(pipe, plane_id), + SP_SH_SIN(sh_sin) | SP_SH_COS(sh_cos)); +} + static u32 vlv_sprite_ctl(const struct intel_crtc_state *crtc_state, const struct intel_plane_state *plane_state) { @@ -477,8 +520,10 @@ vlv_update_plane(struct intel_plane *plane, spin_lock_irqsave(&dev_priv->uncore.lock, irqflags); + vlv_update_clrc(plane_state); + if (IS_CHERRYVIEW(dev_priv) && pipe == PIPE_B) - chv_update_csc(plane, fb->format->format); + chv_update_csc(plane_state); if (key->flags) { I915_WRITE_FW(SPKEYMINVAL(pipe, plane_id), key->min_value);

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] drm/i915: Correctly handle limited range YCbCr data on" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 5deae9191130db6b617c94fb261804597cf9b508 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ville=20Syrj=C3=A4l=C3=A4?= <ville.syrjala(a)linux.intel.com> Date: Wed, 14 Feb 2018 21:23:23 +0200 Subject: [PATCH] drm/i915: Correctly handle limited range YCbCr data on VLV/CHV MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Turns out the VLV/CHV fixed function sprite CSC expects full range data as input. We've been feeding it limited range data to it all along. To expand the data out to full range we'll use the color correction registers (brightness, contrast, and saturation). On CHV pipe B we were actually doing the right thing already because we progammed the custom CSC matrix to do expect limited range input. Now that well pre-expand the data out with the color correction unit, we need to change the CSC matrix to operate with full range input instead. This should make the sprite output of the other pipes match the sprite output of pipe B reasonably well. Looking at the resulting pipe CRCs, there can be a slight difference in the output, but as I don't know the formula used by the fixed function CSC of the other pipes, I don't think it's worth the effort to try to match the output exactly. It might not even be possible due to difference in internal precision etc. One slight caveat here is that the color correction registers are single bufferred, so we should really be updating them during vblank, but we still don't have a mechanism for that, so just toss in another FIXME. v2: Rebase v3: s/bri/brightness/ s/con/contrast/ (Shashank) v4: Clarify the constants and math (Shashank) Cc: Harry Wentland <harry.wentland(a)amd.com> Cc: Daniel Vetter <daniel(a)ffwll.ch> Cc: Daniel Stone <daniel(a)fooishbar.org> Cc: Russell King - ARM Linux <linux(a)armlinux.org.uk> Cc: Ilia Mirkin <imirkin(a)alum.mit.edu> Cc: Hans Verkuil <hverkuil(a)xs4all.nl> Cc: Shashank Sharma <shashank.sharma(a)intel.com> Cc: Uma Shankar <uma.shankar(a)intel.com> Cc: Jyri Sarha <jsarha(a)ti.com> Cc: "Tang, Jun" <jun.tang(a)intel.com> Reported-by: "Tang, Jun" <jun.tang(a)intel.com> Cc: stable(a)vger.kernel.org Fixes: 7f1f3851feb0 ("drm/i915: sprite support for ValleyView v4") Reviewed-by: Shashank Sharma <shashank.sharma(a)intel.com> Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20180214192327.3250-5-ville.s… diff --git a/drivers/gpu/drm/i915/i915_reg.h b/drivers/gpu/drm/i915/i915_reg.h index e9c79b560823..aaed94f074f5 100644 --- a/drivers/gpu/drm/i915/i915_reg.h +++ b/drivers/gpu/drm/i915/i915_reg.h @@ -6278,6 +6278,12 @@ enum { #define _SPATILEOFF (VLV_DISPLAY_BASE + 0x721a4) #define _SPACONSTALPHA (VLV_DISPLAY_BASE + 0x721a8) #define SP_CONST_ALPHA_ENABLE (1<<31) +#define _SPACLRC0 (VLV_DISPLAY_BASE + 0x721d0) +#define SP_CONTRAST(x) ((x) << 18) /* u3.6 */ +#define SP_BRIGHTNESS(x) ((x) & 0xff) /* s8 */ +#define _SPACLRC1 (VLV_DISPLAY_BASE + 0x721d4) +#define SP_SH_SIN(x) (((x) & 0x7ff) << 16) /* s4.7 */ +#define SP_SH_COS(x) (x) /* u3.7 */ #define _SPAGAMC (VLV_DISPLAY_BASE + 0x721f4) #define _SPBCNTR (VLV_DISPLAY_BASE + 0x72280) @@ -6291,6 +6297,8 @@ enum { #define _SPBKEYMAXVAL (VLV_DISPLAY_BASE + 0x722a0) #define _SPBTILEOFF (VLV_DISPLAY_BASE + 0x722a4) #define _SPBCONSTALPHA (VLV_DISPLAY_BASE + 0x722a8) +#define _SPBCLRC0 (VLV_DISPLAY_BASE + 0x722d0) +#define _SPBCLRC1 (VLV_DISPLAY_BASE + 0x722d4) #define _SPBGAMC (VLV_DISPLAY_BASE + 0x722f4) #define _MMIO_VLV_SPR(pipe, plane_id, reg_a, reg_b) \ @@ -6307,6 +6315,8 @@ enum { #define SPKEYMAXVAL(pipe, plane_id) _MMIO_VLV_SPR((pipe), (plane_id), _SPAKEYMAXVAL, _SPBKEYMAXVAL) #define SPTILEOFF(pipe, plane_id) _MMIO_VLV_SPR((pipe), (plane_id), _SPATILEOFF, _SPBTILEOFF) #define SPCONSTALPHA(pipe, plane_id) _MMIO_VLV_SPR((pipe), (plane_id), _SPACONSTALPHA, _SPBCONSTALPHA) +#define SPCLRC0(pipe, plane_id) _MMIO_VLV_SPR((pipe), (plane_id), _SPACLRC0, _SPBCLRC0) +#define SPCLRC1(pipe, plane_id) _MMIO_VLV_SPR((pipe), (plane_id), _SPACLRC1, _SPBCLRC1) #define SPGAMC(pipe, plane_id) _MMIO_VLV_SPR((pipe), (plane_id), _SPAGAMC, _SPBGAMC) /* diff --git a/drivers/gpu/drm/i915/intel_sprite.c b/drivers/gpu/drm/i915/intel_sprite.c index 3be22c0fcfb5..9b7171f20549 100644 --- a/drivers/gpu/drm/i915/intel_sprite.c +++ b/drivers/gpu/drm/i915/intel_sprite.c @@ -346,44 +346,87 @@ skl_plane_get_hw_state(struct intel_plane *plane) } static void -chv_update_csc(struct intel_plane *plane, uint32_t format) +chv_update_csc(const struct intel_plane_state *plane_state) { + struct intel_plane *plane = to_intel_plane(plane_state->base.plane); struct drm_i915_private *dev_priv = to_i915(plane->base.dev); + const struct drm_framebuffer *fb = plane_state->base.fb; enum plane_id plane_id = plane->id; /* Seems RGB data bypasses the CSC always */ - if (!format_is_yuv(format)) + if (!format_is_yuv(fb->format->format)) return; /* - * BT.601 limited range YCbCr -> full range RGB + * BT.601 full range YCbCr -> full range RGB * - * |r| | 6537 4769 0| |cr | - * |g| = |-3330 4769 -1605| x |y-64| - * |b| | 0 4769 8263| |cb | + * |r| | 5743 4096 0| |cr| + * |g| = |-2925 4096 -1410| x |y | + * |b| | 0 4096 7258| |cb| * - * Cb and Cr apparently come in as signed already, so no - * need for any offset. For Y we need to remove the offset. + * Cb and Cr apparently come in as signed already, + * and we get full range data in on account of CLRC0/1 */ - I915_WRITE_FW(SPCSCYGOFF(plane_id), SPCSC_OOFF(0) | SPCSC_IOFF(-64)); + I915_WRITE_FW(SPCSCYGOFF(plane_id), SPCSC_OOFF(0) | SPCSC_IOFF(0)); I915_WRITE_FW(SPCSCCBOFF(plane_id), SPCSC_OOFF(0) | SPCSC_IOFF(0)); I915_WRITE_FW(SPCSCCROFF(plane_id), SPCSC_OOFF(0) | SPCSC_IOFF(0)); - I915_WRITE_FW(SPCSCC01(plane_id), SPCSC_C1(4769) | SPCSC_C0(6537)); - I915_WRITE_FW(SPCSCC23(plane_id), SPCSC_C1(-3330) | SPCSC_C0(0)); - I915_WRITE_FW(SPCSCC45(plane_id), SPCSC_C1(-1605) | SPCSC_C0(4769)); - I915_WRITE_FW(SPCSCC67(plane_id), SPCSC_C1(4769) | SPCSC_C0(0)); - I915_WRITE_FW(SPCSCC8(plane_id), SPCSC_C0(8263)); + I915_WRITE_FW(SPCSCC01(plane_id), SPCSC_C1(4096) | SPCSC_C0(5743)); + I915_WRITE_FW(SPCSCC23(plane_id), SPCSC_C1(-2925) | SPCSC_C0(0)); + I915_WRITE_FW(SPCSCC45(plane_id), SPCSC_C1(-1410) | SPCSC_C0(4096)); + I915_WRITE_FW(SPCSCC67(plane_id), SPCSC_C1(4096) | SPCSC_C0(0)); + I915_WRITE_FW(SPCSCC8(plane_id), SPCSC_C0(7258)); - I915_WRITE_FW(SPCSCYGICLAMP(plane_id), SPCSC_IMAX(940) | SPCSC_IMIN(64)); - I915_WRITE_FW(SPCSCCBICLAMP(plane_id), SPCSC_IMAX(448) | SPCSC_IMIN(-448)); - I915_WRITE_FW(SPCSCCRICLAMP(plane_id), SPCSC_IMAX(448) | SPCSC_IMIN(-448)); + I915_WRITE_FW(SPCSCYGICLAMP(plane_id), SPCSC_IMAX(1023) | SPCSC_IMIN(0)); + I915_WRITE_FW(SPCSCCBICLAMP(plane_id), SPCSC_IMAX(512) | SPCSC_IMIN(-512)); + I915_WRITE_FW(SPCSCCRICLAMP(plane_id), SPCSC_IMAX(512) | SPCSC_IMIN(-512)); I915_WRITE_FW(SPCSCYGOCLAMP(plane_id), SPCSC_OMAX(1023) | SPCSC_OMIN(0)); I915_WRITE_FW(SPCSCCBOCLAMP(plane_id), SPCSC_OMAX(1023) | SPCSC_OMIN(0)); I915_WRITE_FW(SPCSCCROCLAMP(plane_id), SPCSC_OMAX(1023) | SPCSC_OMIN(0)); } +#define SIN_0 0 +#define COS_0 1 + +static void +vlv_update_clrc(const struct intel_plane_state *plane_state) +{ + struct intel_plane *plane = to_intel_plane(plane_state->base.plane); + struct drm_i915_private *dev_priv = to_i915(plane->base.dev); + const struct drm_framebuffer *fb = plane_state->base.fb; + enum pipe pipe = plane->pipe; + enum plane_id plane_id = plane->id; + int contrast, brightness, sh_scale, sh_sin, sh_cos; + + if (format_is_yuv(fb->format->format)) { + /* + * Expand limited range to full range: + * Contrast is applied first and is used to expand Y range. + * Brightness is applied second and is used to remove the + * offset from Y. Saturation/hue is used to expand CbCr range. + */ + contrast = DIV_ROUND_CLOSEST(255 << 6, 235 - 16); + brightness = -DIV_ROUND_CLOSEST(16 * 255, 235 - 16); + sh_scale = DIV_ROUND_CLOSEST(128 << 7, 240 - 128); + sh_sin = SIN_0 * sh_scale; + sh_cos = COS_0 * sh_scale; + } else { + /* Pass-through everything. */ + contrast = 1 << 6; + brightness = 0; + sh_scale = 1 << 7; + sh_sin = SIN_0 * sh_scale; + sh_cos = COS_0 * sh_scale; + } + + /* FIXME these register are single buffered :( */ + I915_WRITE_FW(SPCLRC0(pipe, plane_id), + SP_CONTRAST(contrast) | SP_BRIGHTNESS(brightness)); + I915_WRITE_FW(SPCLRC1(pipe, plane_id), + SP_SH_SIN(sh_sin) | SP_SH_COS(sh_cos)); +} + static u32 vlv_sprite_ctl(const struct intel_crtc_state *crtc_state, const struct intel_plane_state *plane_state) { @@ -477,8 +520,10 @@ vlv_update_plane(struct intel_plane *plane, spin_lock_irqsave(&dev_priv->uncore.lock, irqflags); + vlv_update_clrc(plane_state); + if (IS_CHERRYVIEW(dev_priv) && pipe == PIPE_B) - chv_update_csc(plane, fb->format->format); + chv_update_csc(plane_state); if (key->flags) { I915_WRITE_FW(SPKEYMINVAL(pipe, plane_id), key->min_value);

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] drm/i915/dp: Write to SET_POWER dpcd to enable MST hub." failed to apply to 4.16-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.16-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 7a7d58dc2997b6ca5bc1eaa4bd8d019cf7c4a148 Mon Sep 17 00:00:00 2001 From: Dhinakaran Pandiyan <dhinakaran.pandiyan(a)intel.com> Date: Tue, 13 Mar 2018 22:48:25 -0700 Subject: [PATCH] drm/i915/dp: Write to SET_POWER dpcd to enable MST hub. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit If bios sets up an MST output and hardware state readout code sees this is an SST configuration, when disabling the encoder we end up calling ->post_disable_dp() hook instead of the MST version. Consequently, we write to the DP_SET_POWER dpcd to set it D3 state. Further along when we try enable the encoder in MST mode, POWER_UP_PHY transaction fails to power up the MST hub. This results in continuous link training failures which keep the system busy delaying boot. We could identify bios MST boot discrepancy and handle it accordingly but a simple way to solve this is to write to the DP_SET_POWER dpcd for MST too. Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=105470 Cc: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Cc: Jani Nikula <jani.nikula(a)intel.com> Reviewed-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Reported-by: Laura Abbott <labbott(a)redhat.com> Cc: stable(a)vger.kernel.org Fixes: 5ea2355a100a ("drm/i915/mst: Use MST sideband message transactions for dpms control") Tested-by: Laura Abbott <labbott(a)redhat.com> Signed-off-by: Dhinakaran Pandiyan <dhinakaran.pandiyan(a)intel.com> Signed-off-by: Jani Nikula <jani.nikula(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20180314054825.1718-1-dhinaka… (cherry picked from commit ad260ab32a4d94fa974f58262f8000472d34fd5b) Signed-off-by: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> diff --git a/drivers/gpu/drm/i915/intel_ddi.c b/drivers/gpu/drm/i915/intel_ddi.c index dbcf1a0586f9..8c2d778560f0 100644 --- a/drivers/gpu/drm/i915/intel_ddi.c +++ b/drivers/gpu/drm/i915/intel_ddi.c @@ -2205,8 +2205,7 @@ static void intel_ddi_pre_enable_dp(struct intel_encoder *encoder, intel_prepare_dp_ddi_buffers(encoder, crtc_state); intel_ddi_init_dp_buf_reg(encoder); - if (!is_mst) - intel_dp_sink_dpms(intel_dp, DRM_MODE_DPMS_ON); + intel_dp_sink_dpms(intel_dp, DRM_MODE_DPMS_ON); intel_dp_start_link_train(intel_dp); if (port != PORT_A || INTEL_GEN(dev_priv) >= 9) intel_dp_stop_link_train(intel_dp); @@ -2304,14 +2303,12 @@ static void intel_ddi_post_disable_dp(struct intel_encoder *encoder, struct drm_i915_private *dev_priv = to_i915(encoder->base.dev); struct intel_digital_port *dig_port = enc_to_dig_port(&encoder->base); struct intel_dp *intel_dp = &dig_port->dp; - bool is_mst = intel_crtc_has_type(old_crtc_state, INTEL_OUTPUT_DP_MST); /* * Power down sink before disabling the port, otherwise we end * up getting interrupts from the sink on detecting link loss. */ - if (!is_mst) - intel_dp_sink_dpms(intel_dp, DRM_MODE_DPMS_OFF); + intel_dp_sink_dpms(intel_dp, DRM_MODE_DPMS_OFF); intel_disable_ddi_buf(encoder);

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] drm/i915/audio: fix check for av_enc_map overflow" failed to apply to 4.16-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.16-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From cdb3db8542d854bd678d60cd28861b042e191672 Mon Sep 17 00:00:00 2001 From: Jani Nikula <jani.nikula(a)intel.com> Date: Wed, 14 Feb 2018 19:38:40 +0200 Subject: [PATCH] drm/i915/audio: fix check for av_enc_map overflow Turns out -1 >= ARRAY_SIZE() is always true. Move the bounds check where we know pipe >= 0 and next to the array indexing where it makes most sense. Fixes: 9965db26ac05 ("drm/i915: Check for fused or unused pipes") Fixes: 0b7029b7e43f ("drm/i915: Check for fused or unused pipes") Cc: <stable(a)vger.kernel.org> # v4.10+ Cc: Mika Kahola <mika.kahola(a)intel.com> Cc: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Cc: Jani Nikula <jani.nikula(a)linux.intel.com> Cc: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> Cc: intel-gfx(a)lists.freedesktop.org Reviewed-by: Dhinakaran Pandiyan <dhinakaran.pandiyan(a)intel.com> Reviewed-by: Mika Kahola <mika.kahola(a)intel.com> Signed-off-by: Jani Nikula <jani.nikula(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20180214173840.25360-1-jani.n… diff --git a/drivers/gpu/drm/i915/intel_audio.c b/drivers/gpu/drm/i915/intel_audio.c index ff455c724775..709d6ca68074 100644 --- a/drivers/gpu/drm/i915/intel_audio.c +++ b/drivers/gpu/drm/i915/intel_audio.c @@ -779,11 +779,11 @@ static struct intel_encoder *get_saved_enc(struct drm_i915_private *dev_priv, { struct intel_encoder *encoder; - if (WARN_ON(pipe >= ARRAY_SIZE(dev_priv->av_enc_map))) - return NULL; - /* MST */ if (pipe >= 0) { + if (WARN_ON(pipe >= ARRAY_SIZE(dev_priv->av_enc_map))) + return NULL; + encoder = dev_priv->av_enc_map[pipe]; /* * when bootup, audio driver may not know it is

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] drm/i915: Clear the in-use marker on execbuf failure" failed to apply to 4.16-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.16-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From ed2f3532321083cf40e4da4e36234880e0136136 Mon Sep 17 00:00:00 2001 From: Chris Wilson <chris(a)chris-wilson.co.uk> Date: Mon, 19 Feb 2018 14:01:44 +0000 Subject: [PATCH] drm/i915: Clear the in-use marker on execbuf failure If we fail to unbind the vma (due to a signal on an active buffer that needs to be moved for the next execbuf), then we need to clear the persistent tracking state we setup for this execbuf. Fixes: c7c6e46f913b ("drm/i915: Convert execbuf to use struct-of-array packing for critical fields") Testcase: igt/gem_fenced_exec_thrash/no-spare-fences-busy* Signed-off-by: Chris Wilson <chris(a)chris-wilson.co.uk> Cc: Tvrtko Ursulin <tvrtko.ursulin(a)intel.com> Cc: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> # v4.14+ Reviewed-by: Tvrtko Ursulin <tvrtko.ursulin(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20180219140144.24004-1-chris@… diff --git a/drivers/gpu/drm/i915/i915_gem_execbuffer.c b/drivers/gpu/drm/i915/i915_gem_execbuffer.c index 51f3c32c64bf..4eb28e84fda4 100644 --- a/drivers/gpu/drm/i915/i915_gem_execbuffer.c +++ b/drivers/gpu/drm/i915/i915_gem_execbuffer.c @@ -505,6 +505,8 @@ eb_add_vma(struct i915_execbuffer *eb, unsigned int i, struct i915_vma *vma) list_add_tail(&vma->exec_link, &eb->unbound); if (drm_mm_node_allocated(&vma->node)) err = i915_vma_unbind(vma); + if (unlikely(err)) + vma->exec_flags = NULL; } return err; }

7 years, 2 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror