- Linux-stable-mirror - lists.linaro.org

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.4 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit dc45cafe612ec6960fe728f3260a0b751c73f4aa: Linux 4.4.136 (2018-06-06 16:46:24 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.4-20062018 for you to fetch changes up to 340dc6e834545e08109b42402fe692c097446c90: net/sonic: Use dma_mapping_error() (2018-06-07 15:40:15 -0400) - ---------------------------------------------------------------- for-greg-4.4-20062018 - ---------------------------------------------------------------- Eric Dumazet (1): xfrm6: avoid potential infinite loop in _decode_session6() Finn Thain (1): net/sonic: Use dma_mapping_error() Ivan Bornyakov (1): atm: zatm: fix memcmp casting Josh Hill (1): net: qmi_wwan: Add Netgear Aircard 779S Julian Anastasov (1): ipvs: fix buffer overflow with sync daemon and service Paolo Abeni (1): netfilter: ebtables: handle string from userspace with care drivers/atm/zatm.c | 4 ++-- drivers/net/ethernet/natsemi/sonic.c | 2 +- drivers/net/usb/qmi_wwan.c | 1 + net/bridge/netfilter/ebtables.c | 3 ++- net/ipv6/xfrm6_policy.c | 2 +- net/netfilter/ipvs/ip_vs_ctl.c | 21 +++++++++++++++------ 6 files changed, 22 insertions(+), 11 deletions(-) -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlsrD2AACgkQ3qZv95d3 LNxa4hAAsH8GdIusq8gBegjlwklVZiCo2zvrWbwohM7Sc1TpuAjLWSVh9iuFRPKn fAAuQYlY3oTDpq/bnje4c+JTnNsjcikDETycZ3diWCiG28c9DjKatsJt/fH9yP/V vAzCboTy38kbizNpXBam6KniZ48qEvFZt2zsYpFL5HzlgHTlBOcOup7iL3P04i1S +v/QCS+OApv0VZR84Nq4mx5ofYILO7ty2xzLCTHHqzLWCEyaX3SbJXBKF5lf3Cu2 WU35HQsnTxKaM3fa7+nSsZu2xkqwNit/xAeAdf0e3ymgBc1G+DezZTJFk/+BbD1N /zWs7AN757Ae6p5HB4eV5KGM5hO8bhqtNuGv6T0eAbqi4MwNclY+J0VCTVbtDrjT bPyJHdfjNc175M2wZDw0HJWWYIHUroQ1Qcao6V9DchVPKtsLd3ICj9sXNNhp1VMo zNLfj9hRcOY/cZtj8tNC6QyoOZX1QBiTGKxDvQbQvmWsrKWQCDOCPHOJh/AycH9a jQYl4+DPMYMFh0ahrrDNBkbmI10Jcg170vQ4CEppRP1zkwbSNtHzfMlp8t2kXXTV uc2rxh/MY2DwBoXqGs6HrxH1Z/A2gcwcu8xqNAGJhaleWQEae2qFQx6eEUKekjhm +EfJIG7v2blVcMLpp06kaAwlIUK4hV2F/Tn9BoQajbBA5Lq9whI= =0hTA -----END PGP SIGNATURE-----

7 years, 2 months

2
2
0 0

[PATCH 4.9] mlxsw: spectrum: Forbid linking of VLAN devices to devices that have uppers

by Ido Schimmel

commit 25cc72a33835ed8a6f53180a822cadab855852ac upstream. Jiri Slaby noticed that the backport of upstream commit 25cc72a33835 ("mlxsw: spectrum: Forbid linking to devices that have uppers") to kernel 4.9.y introduced the same check twice in the same function instead of in two different places. Fix this by relocating one of the checks to its intended place, thus preventing unsupported configurations as described in the original commit. Fixes: 73ee5a73e75f ("mlxsw: spectrum: Forbid linking to devices that have uppers") Signed-off-by: Ido Schimmel <idosch(a)mellanox.com> Reported-by: Jiri Slaby <jslaby(a)suse.cz> --- Greg, I read Documentation/stable_kernel_rules.txt, so I hope the patch is fine. Please let me know if v2 is required. Thanks --- drivers/net/ethernet/mellanox/mlxsw/spectrum.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/drivers/net/ethernet/mellanox/mlxsw/spectrum.c b/drivers/net/ethernet/mellanox/mlxsw/spectrum.c index d50350c7adc4..22a5916e477e 100644 --- a/drivers/net/ethernet/mellanox/mlxsw/spectrum.c +++ b/drivers/net/ethernet/mellanox/mlxsw/spectrum.c @@ -4187,10 +4187,6 @@ static int mlxsw_sp_netdevice_port_upper_event(struct net_device *dev, if (netif_is_lag_port(dev) && is_vlan_dev(upper_dev) && !netif_is_lag_master(vlan_dev_real_dev(upper_dev))) return -EINVAL; - if (!info->linking) - break; - if (netdev_has_any_upper_dev(upper_dev)) - return -EINVAL; break; case NETDEV_CHANGEUPPER: upper_dev = info->upper_dev; @@ -4566,6 +4562,8 @@ static int mlxsw_sp_netdevice_vport_event(struct net_device *dev, return -EINVAL; if (!info->linking) break; + if (netdev_has_any_upper_dev(upper_dev)) + return -EINVAL; /* We can't have multiple VLAN interfaces configured on * the same port and being members in the same bridge. */ -- 2.14.4

7 years, 2 months

2
4
0 0

FAILED: patch "[PATCH] x86/mce: Fix incorrect "Machine check from unknown source"" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 40c36e2741d7fe1e66d6ec55477ba5fd19c9c5d2 Mon Sep 17 00:00:00 2001 From: Tony Luck <tony.luck(a)intel.com> Date: Fri, 22 Jun 2018 11:54:23 +0200 Subject: [PATCH] x86/mce: Fix incorrect "Machine check from unknown source" message Some injection testing resulted in the following console log: mce: [Hardware Error]: CPU 22: Machine Check Exception: f Bank 1: bd80000000100134 mce: [Hardware Error]: RIP 10:<ffffffffc05292dd> {pmem_do_bvec+0x11d/0x330 [nd_pmem]} mce: [Hardware Error]: TSC c51a63035d52 ADDR 3234bc4000 MISC 88 mce: [Hardware Error]: PROCESSOR 0:50654 TIME 1526502199 SOCKET 0 APIC 38 microcode 2000043 mce: [Hardware Error]: Run the above through 'mcelog --ascii' Kernel panic - not syncing: Machine check from unknown source This confused everybody because the first line quite clearly shows that we found a logged error in "Bank 1", while the last line says "unknown source". The problem is that the Linux code doesn't do the right thing for a local machine check that results in a fatal error. It turns out that we know very early in the handler whether the machine check is fatal. The call to mce_no_way_out() has checked all the banks for the CPU that took the local machine check. If it says we must crash, we can do so right away with the right messages. We do scan all the banks again. This means that we might initially not see a problem, but during the second scan find something fatal. If this happens we print a slightly different message (so I can see if it actually every happens). [ bp: Remove unneeded severity assignment. ] Signed-off-by: Tony Luck <tony.luck(a)intel.com> Signed-off-by: Borislav Petkov <bp(a)suse.de> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: Ashok Raj <ashok.raj(a)intel.com> Cc: Dan Williams <dan.j.williams(a)intel.com> Cc: Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> Cc: linux-edac <linux-edac(a)vger.kernel.org> Cc: stable(a)vger.kernel.org # 4.2 Link: http://lkml.kernel.org/r/52e049a497e86fd0b71c529651def8871c804df0.152728389… diff --git a/arch/x86/kernel/cpu/mcheck/mce.c b/arch/x86/kernel/cpu/mcheck/mce.c index 7e6f51a9d917..e93670d736a6 100644 --- a/arch/x86/kernel/cpu/mcheck/mce.c +++ b/arch/x86/kernel/cpu/mcheck/mce.c @@ -1207,13 +1207,18 @@ void do_machine_check(struct pt_regs *regs, long error_code) lmce = m.mcgstatus & MCG_STATUS_LMCES; /* + * Local machine check may already know that we have to panic. + * Broadcast machine check begins rendezvous in mce_start() * Go through all banks in exclusion of the other CPUs. This way we * don't report duplicated events on shared banks because the first one - * to see it will clear it. If this is a Local MCE, then no need to - * perform rendezvous. + * to see it will clear it. */ - if (!lmce) + if (lmce) { + if (no_way_out) + mce_panic("Fatal local machine check", &m, msg); + } else { order = mce_start(&no_way_out); + } for (i = 0; i < cfg->banks; i++) { __clear_bit(i, toclear); @@ -1289,12 +1294,17 @@ void do_machine_check(struct pt_regs *regs, long error_code) no_way_out = worst >= MCE_PANIC_SEVERITY; } else { /* - * Local MCE skipped calling mce_reign() - * If we found a fatal error, we need to panic here. + * If there was a fatal machine check we should have + * already called mce_panic earlier in this function. + * Since we re-read the banks, we might have found + * something new. Check again to see if we found a + * fatal error. We call "mce_severity()" again to + * make sure we have the right "msg". */ - if (worst >= MCE_PANIC_SEVERITY && mca_cfg.tolerant < 3) - mce_panic("Machine check from unknown source", - NULL, NULL); + if (worst >= MCE_PANIC_SEVERITY && mca_cfg.tolerant < 3) { + mce_severity(&m, cfg->tolerant, &msg, true); + mce_panic("Local fatal machine check!", &m, msg); + } } /*

7 years, 2 months

3
4
0 0

[GIT PULL] commits for Linux 3.18

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 3.18 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit b0b357c20ca6171b8ac698351f5202402b7ad7d5: Linux 3.18.112 (2018-05-30 22:08:04 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-3.18-20062018 for you to fetch changes up to b73b55ee0dd09bb24fa6a4fee94b21d97dbc51ba: net/sonic: Use dma_mapping_error() (2018-06-07 15:40:45 -0400) - ---------------------------------------------------------------- for-greg-3.18-20062018 - ---------------------------------------------------------------- Finn Thain (1): net/sonic: Use dma_mapping_error() Ivan Bornyakov (1): atm: zatm: fix memcmp casting Josh Hill (1): net: qmi_wwan: Add Netgear Aircard 779S Paolo Abeni (1): netfilter: ebtables: handle string from userspace with care drivers/atm/zatm.c | 4 ++-- drivers/net/ethernet/natsemi/sonic.c | 2 +- drivers/net/usb/qmi_wwan.c | 1 + net/bridge/netfilter/ebtables.c | 3 ++- 4 files changed, 6 insertions(+), 4 deletions(-) -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlsrD34ACgkQ3qZv95d3 LNxyQA//Td2TjwiNv4O7a5DTBTY11L1m/4aM/Sg9AR3yUtykiIfatVi5rAwdKzXl ZBhutqVj7eK7STEyNfvqT0p/qwzoXWQUMSq0BpaH+D6Vfcvo3WNfXSdwODVsYy7D d8N814Libu3zUHj4x+KXp2og8SCKqAYNgyBhd45bnrRUVbq/UQPcZsXqDSUIX6WK RHkGU96VogA/4VEdD8Tiv9wX86L4PTQwve+GpYdxRc6Cc5rAuu3tS1BQgl50nfSU MSgorHcL+RO9wWu/Ij6L1SDOgNfxrk9b9DPt9Jahm5NeF+et5t/vLuJ804osJRYE dbXk6NQ+8EMQmgCOdDKUZhiHjN6ztk2NMsqmQb1z9hsPB+5gmmPMP2vZVA0BUyjl UZVQcRwYC1+s/bOb/uqhvBD4DH5pj76hMMkz10rR8pAvVRCvoBGFU9uwtSlu3gZo 24xHREUUSrpecc61tUq3QyomzlUZUQgyvkU8GnqD+2vhiJfsuyZ33AfjVmwEl+Vn 37qgenBJLBKhXzDxOMqg+xg0mUGo63CQeIx2ERSp3DiTHOElOWJINu5MVZQYKC8w rxSBacxj+5w24IM/OxNpWZ3PAoUSlAAvmkPiQJ5Aavw0StpqvNHN+DElmLf6eVrl 2Q5ZnkFhUOB2xSRkCYpkRhq9GZWGLkWjn4ePToil4z1+X13T6Zs= =mpuV -----END PGP SIGNATURE-----

7 years, 2 months

2
1
0 0

[GIT PULL] commits for Linux 4.14

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.14 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 2c6025ebc7fd8e0a8ca785d778dc6ae25225744b: Linux 4.14.48 (2018-06-05 11:42:00 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.14-20062018 for you to fetch changes up to 5cca1f6fec1180fca1be5bc6f5068b96832646db: net: usb: cdc_mbim: add flag FLAG_SEND_ZLP (2018-06-06 23:16:01 -0400) - ---------------------------------------------------------------- for-greg-4.14-20062018 - ---------------------------------------------------------------- Alexander Duyck (1): net-sysfs: Fix memory leak in XPS configuration Damien ThÃ©bault (1): net: dsa: b53: Add BCM5389 support Daniele Palmas (1): net: usb: cdc_mbim: add flag FLAG_SEND_ZLP Darrick J. Wong (1): fs: clear writeback errors in inode_init_always David Howells (1): afs: Fix directory permissions check Eric Dumazet (1): xfrm6: avoid potential infinite loop in _decode_session6() Finn Thain (1): net/sonic: Use dma_mapping_error() Hao Wei Tee (1): iwlwifi: pcie: compare with number of IRQs requested for, not number of CPUs Ivan Bornyakov (1): atm: zatm: fix memcmp casting Josh Hill (1): net: qmi_wwan: Add Netgear Aircard 779S JoÃ£o Paulo Rechi Vita (1): platform/x86: asus-wmi: Fix NULL pointer dereference Julian Anastasov (1): ipvs: fix buffer overflow with sync daemon and service Kirill Tkhai (1): kcm: Fix use-after-free caused by clonned sockets Mathieu Xhonneux (1): ipv6: sr: fix memory OOB access in seg6_do_srh_encap/inline Pablo Neira Ayuso (1): netfilter: nft_limit: fix packet ratelimiting Paolo Abeni (1): netfilter: ebtables: handle string from userspace with care Paul Burton (1): sched/core: Require cpu_active() in select_task_rq(), for user tasks Peter Zijlstra (1): sched/core: Fix rules for running on online && !active CPUs Sebastian Ott (1): s390/dasd: use blk_mq_rq_from_pdu for per request data Suresh Reddy (1): be2net: Fix error detection logic for BE3 Taehee Yoo (3): netfilter: nf_tables: fix NULL pointer dereference on nft_ct_helper_obj_dump() netfilter: nft_meta: fix wrong value dereference in nft_meta_set_eval netfilter: nf_tables: increase nft_counters_enabled in nft_chain_stats_replace() Thomas Richter (1): perf test: "Session topology" dumps core on s390 YueHaibing (1): perf bpf: Fix NULL return handling in bpf__prepare_load() Documentation/devicetree/bindings/net/dsa/b53.txt | 1 + drivers/atm/zatm.c | 4 +- drivers/net/dsa/b53/b53_common.c | 13 +++++++ drivers/net/dsa/b53/b53_mdio.c | 5 ++- drivers/net/dsa/b53/b53_priv.h | 1 + drivers/net/ethernet/emulex/benet/be_main.c | 4 +- drivers/net/ethernet/natsemi/sonic.c | 2 +- drivers/net/usb/cdc_mbim.c | 2 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/wireless/intel/iwlwifi/pcie/trans.c | 10 ++--- drivers/platform/x86/asus-wmi.c | 23 +++++++----- drivers/s390/block/dasd.c | 7 +++- fs/afs/security.c | 10 ++--- fs/inode.c | 1 + kernel/sched/core.c | 45 ++++++++++++++++------- net/bridge/netfilter/ebtables.c | 3 +- net/core/net-sysfs.c | 6 +-- net/ipv6/seg6_iptunnel.c | 4 +- net/ipv6/xfrm6_policy.c | 2 +- net/kcm/kcmsock.c | 2 +- net/netfilter/ipvs/ip_vs_ctl.c | 21 ++++++++--- net/netfilter/nf_tables_api.c | 4 +- net/netfilter/nft_ct.c | 20 ++++++---- net/netfilter/nft_limit.c | 38 ++++++++++++------- net/netfilter/nft_meta.c | 14 ++++--- tools/perf/tests/topology.c | 30 ++++++++++++--- tools/perf/util/bpf-loader.c | 6 +-- 27 files changed, 183 insertions(+), 96 deletions(-) -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlsrD0EACgkQ3qZv95d3 LNykIRAAuOxrTFNkFNHbmF4ETHaQC1RA65ebzaxqTVO1HQUylrdU6XtGijfFfl2Q mLhFk1Om1AYOanQgOO3fPVohS+6lu4M/ld4/gfoVFOOE/Bjc2JsMO9I9OiZ5LCZQ AzToRfu7jjnvmdMhTgM+ek3/OJfDOtD4KskNZV1rjVTnYQbjblk/QonYibTgVsOm BFc5VQyKkUVrnDa+0Zcdbc2OfHSrGYoCsEIus7stBnbjGOR84qIDUTL9vMkDX0Vf 6o6QiwDkcY5sYGf5ob9BL7Bix3axAccA3Rp7Yq1GXglFFB4dwl6HBfAC6+liHTqF 2GvMDLktkZ1d4SGdabAdJahh04LFCQjgg1m7ZR61tzKzxBpu8D7eTiRQ/EPH0qrV Nob6oBoBIy4qk6KnAhPtY04TjDtK9/J6wUbG+rwYj9V5QAknrvT5zVdGsZTeVuEa R2pG6BJU7hAHv+Ndzey6c0ZxBH9fKdz7h/7ioeQGWPbmVGsebJoi+b4f5pOA31Wv 56Ne1IkhWGfCsBZMieBmWVrQrDVLoUk4DqjJW6TNXx5LvdxIDxP//oMy1plQUhS5 Mq7Ln3HKtNAnKSHgHd4RNWcE4kzvbviBxQHvVgdWTIpNTWEHrnz7L6Sh7HE6SWHJ qz2AtGJKCJL8KvmdQgbhtcYor5oOfZLDe1pZzetWLZ4yQnjJCdM= =Fakc -----END PGP SIGNATURE-----

7 years, 2 months

2
1
0 0

[GIT PULL] commits for Linux 4.9

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.9 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 3c3d05fc6e6653bdf9f7fb3fb6922b199c7ba3ec: Linux 4.9.107 (2018-06-06 16:44:39 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.9-20062018 for you to fetch changes up to e957f7485f14affccc5f60f19dcce3a4f674cc0d: net: usb: cdc_mbim: add flag FLAG_SEND_ZLP (2018-06-07 15:39:36 -0400) - ---------------------------------------------------------------- for-greg-4.9-20062018 - ---------------------------------------------------------------- Damien ThÃ©bault (1): net: dsa: b53: Add BCM5389 support Daniele Palmas (1): net: usb: cdc_mbim: add flag FLAG_SEND_ZLP Eric Dumazet (1): xfrm6: avoid potential infinite loop in _decode_session6() Finn Thain (1): net/sonic: Use dma_mapping_error() Hao Wei Tee (1): iwlwifi: pcie: compare with number of IRQs requested for, not number of CPUs Ivan Bornyakov (1): atm: zatm: fix memcmp casting Josh Hill (1): net: qmi_wwan: Add Netgear Aircard 779S JoÃ£o Paulo Rechi Vita (1): platform/x86: asus-wmi: Fix NULL pointer dereference Julian Anastasov (1): ipvs: fix buffer overflow with sync daemon and service Kirill Tkhai (1): kcm: Fix use-after-free caused by clonned sockets Paolo Abeni (1): netfilter: ebtables: handle string from userspace with care Documentation/devicetree/bindings/net/dsa/b53.txt | 1 + drivers/atm/zatm.c | 4 ++-- drivers/net/dsa/b53/b53_common.c | 13 +++++++++++++ drivers/net/dsa/b53/b53_mdio.c | 5 ++++- drivers/net/dsa/b53/b53_priv.h | 1 + drivers/net/ethernet/natsemi/sonic.c | 2 +- drivers/net/usb/cdc_mbim.c | 2 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/wireless/intel/iwlwifi/pcie/trans.c | 10 +++++----- drivers/platform/x86/asus-wmi.c | 23 +++++++++++++---------- net/bridge/netfilter/ebtables.c | 3 ++- net/ipv6/xfrm6_policy.c | 2 +- net/kcm/kcmsock.c | 2 +- net/netfilter/ipvs/ip_vs_ctl.c | 21 +++++++++++++++------ 14 files changed, 61 insertions(+), 29 deletions(-) -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlsrD08ACgkQ3qZv95d3 LNz7JhAAlyrbs4NT1tU0ZjZYQ78hQbojWTDyMBQSz1+SIKwey/6Mp7HFizAXghY/ 3f4KECTu8a/5P35Jo7euTy7C3RDKOnHtP2yQENuu4AGe/pivIfqqVsIANmdy+sAi BY2iXJllGYeV8777nE0lm3cQrXnAMWhTsMmwKbJk6gHHx9ueaSRns7tajiD4lXm0 Z+F07jReymaOEvi3bNAKZTSU0swprprXTG9GfKPDyfPdB7fu4J7t+HkWI071mTj+ L1gJdcW5XOPuB1Tmu0ES5rRrFsDYdeUEwFoJBq0TplmOEKSNZO+xLWgTLfRZZ3T2 W6YIM+jOs44MfI4Sy5PDmM1jHwnvyUplOxApfx570F7CiSwU8xyuDwpQZIsNrBPn FrsDIy8X7uLLCN0MG0HMO/0P8RhL2tHKwG9gN/xRPo0fOLhVprABj8fTi3FCQhTU /BYAdmj4s58BuEEPND9swFYx96UTNuVVb47HB0+3FasPmCnGdhiVXb+HSSY6tW1a GNQqpcsUUtVoe4sFgb4s2pqZjnXfepvd4EhsI8cGU4KoTQ/vbwK4OVJS+MrSehoB yi169EwX0jL6ILtLNDBm2SVVcw7ukAEq4aDJRjko+X6xWFZxhnGTnFsZldkOEjld DVDGFhcTyUiGE7wVsnZGANMhHhT2LjtyeGDKpQiFn6lMagp0IM4= =gZsz -----END PGP SIGNATURE-----

7 years, 2 months

2
1
0 0

FAILED: patch "[PATCH] ubi: fastmap: Correctly handle interrupted erasures in EBA" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 781932375ffc6411713ee0926ccae8596ed0261c Mon Sep 17 00:00:00 2001 From: Richard Weinberger <richard(a)nod.at> Date: Mon, 28 May 2018 22:04:32 +0200 Subject: [PATCH] ubi: fastmap: Correctly handle interrupted erasures in EBA Fastmap cannot track the LEB unmap operation, therefore it can happen that after an interrupted erasure the mapping still looks good from Fastmap's point of view, while reading from the PEB will cause an ECC error and confuses the upper layer. Instead of teaching users of UBI how to deal with that, we read back the VID header and check for errors. If the PEB is empty or shows ECC errors we fixup the mapping and schedule the PEB for erasure. Fixes: dbb7d2a88d2a ("UBI: Add fastmap core") Cc: <stable(a)vger.kernel.org> Reported-by: martin bayern <Martinbayern(a)outlook.com> Signed-off-by: Richard Weinberger <richard(a)nod.at> diff --git a/drivers/mtd/ubi/eba.c b/drivers/mtd/ubi/eba.c index 250e30fac61b..593a4f9d97e3 100644 --- a/drivers/mtd/ubi/eba.c +++ b/drivers/mtd/ubi/eba.c @@ -490,6 +490,82 @@ int ubi_eba_unmap_leb(struct ubi_device *ubi, struct ubi_volume *vol, return err; } +#ifdef CONFIG_MTD_UBI_FASTMAP +/** + * check_mapping - check and fixup a mapping + * @ubi: UBI device description object + * @vol: volume description object + * @lnum: logical eraseblock number + * @pnum: physical eraseblock number + * + * Checks whether a given mapping is valid. Fastmap cannot track LEB unmap + * operations, if such an operation is interrupted the mapping still looks + * good, but upon first read an ECC is reported to the upper layer. + * Normaly during the full-scan at attach time this is fixed, for Fastmap + * we have to deal with it while reading. + * If the PEB behind a LEB shows this symthom we change the mapping to + * %UBI_LEB_UNMAPPED and schedule the PEB for erasure. + * + * Returns 0 on success, negative error code in case of failure. + */ +static int check_mapping(struct ubi_device *ubi, struct ubi_volume *vol, int lnum, + int *pnum) +{ + int err; + struct ubi_vid_io_buf *vidb; + + if (!ubi->fast_attach) + return 0; + + vidb = ubi_alloc_vid_buf(ubi, GFP_NOFS); + if (!vidb) + return -ENOMEM; + + err = ubi_io_read_vid_hdr(ubi, *pnum, vidb, 0); + if (err > 0 && err != UBI_IO_BITFLIPS) { + int torture = 0; + + switch (err) { + case UBI_IO_FF: + case UBI_IO_FF_BITFLIPS: + case UBI_IO_BAD_HDR: + case UBI_IO_BAD_HDR_EBADMSG: + break; + default: + ubi_assert(0); + } + + if (err == UBI_IO_BAD_HDR_EBADMSG || err == UBI_IO_FF_BITFLIPS) + torture = 1; + + down_read(&ubi->fm_eba_sem); + vol->eba_tbl->entries[lnum].pnum = UBI_LEB_UNMAPPED; + up_read(&ubi->fm_eba_sem); + ubi_wl_put_peb(ubi, vol->vol_id, lnum, *pnum, torture); + + *pnum = UBI_LEB_UNMAPPED; + } else if (err < 0) { + ubi_err(ubi, "unable to read VID header back from PEB %i: %i", + *pnum, err); + + goto out_free; + } + + err = 0; + +out_free: + ubi_free_vid_buf(vidb); + + return err; +} +#else +static int check_mapping(struct ubi_device *ubi, struct ubi_volume *vol, int lnum, + int *pnum) +{ + return 0; +} +#endif + /** * ubi_eba_read_leb - read data. * @ubi: UBI device description object @@ -522,7 +598,13 @@ int ubi_eba_read_leb(struct ubi_device *ubi, struct ubi_volume *vol, int lnum, return err; pnum = vol->eba_tbl->entries[lnum].pnum; - if (pnum < 0) { + if (pnum >= 0) { + err = check_mapping(ubi, vol, lnum, &pnum); + if (err < 0) + goto out_unlock; + } + + if (pnum == UBI_LEB_UNMAPPED) { /* * The logical eraseblock is not mapped, fill the whole buffer * with 0xFF bytes. The exception is static volumes for which @@ -930,6 +1012,12 @@ int ubi_eba_write_leb(struct ubi_device *ubi, struct ubi_volume *vol, int lnum, return err; pnum = vol->eba_tbl->entries[lnum].pnum; + if (pnum >= 0) { + err = check_mapping(ubi, vol, lnum, &pnum); + if (err < 0) + goto out; + } + if (pnum >= 0) { dbg_eba("write %d bytes at offset %d of LEB %d:%d, PEB %d", len, offset, vol_id, lnum, pnum);

7 years, 2 months

3
2
0 0

FAILED: patch "[PATCH] ubi: fastmap: Correctly handle interrupted erasures in EBA" failed to apply to 3.18-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 3.18-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 781932375ffc6411713ee0926ccae8596ed0261c Mon Sep 17 00:00:00 2001 From: Richard Weinberger <richard(a)nod.at> Date: Mon, 28 May 2018 22:04:32 +0200 Subject: [PATCH] ubi: fastmap: Correctly handle interrupted erasures in EBA Fastmap cannot track the LEB unmap operation, therefore it can happen that after an interrupted erasure the mapping still looks good from Fastmap's point of view, while reading from the PEB will cause an ECC error and confuses the upper layer. Instead of teaching users of UBI how to deal with that, we read back the VID header and check for errors. If the PEB is empty or shows ECC errors we fixup the mapping and schedule the PEB for erasure. Fixes: dbb7d2a88d2a ("UBI: Add fastmap core") Cc: <stable(a)vger.kernel.org> Reported-by: martin bayern <Martinbayern(a)outlook.com> Signed-off-by: Richard Weinberger <richard(a)nod.at> diff --git a/drivers/mtd/ubi/eba.c b/drivers/mtd/ubi/eba.c index 250e30fac61b..593a4f9d97e3 100644 --- a/drivers/mtd/ubi/eba.c +++ b/drivers/mtd/ubi/eba.c @@ -490,6 +490,82 @@ int ubi_eba_unmap_leb(struct ubi_device *ubi, struct ubi_volume *vol, return err; } +#ifdef CONFIG_MTD_UBI_FASTMAP +/** + * check_mapping - check and fixup a mapping + * @ubi: UBI device description object + * @vol: volume description object + * @lnum: logical eraseblock number + * @pnum: physical eraseblock number + * + * Checks whether a given mapping is valid. Fastmap cannot track LEB unmap + * operations, if such an operation is interrupted the mapping still looks + * good, but upon first read an ECC is reported to the upper layer. + * Normaly during the full-scan at attach time this is fixed, for Fastmap + * we have to deal with it while reading. + * If the PEB behind a LEB shows this symthom we change the mapping to + * %UBI_LEB_UNMAPPED and schedule the PEB for erasure. + * + * Returns 0 on success, negative error code in case of failure. + */ +static int check_mapping(struct ubi_device *ubi, struct ubi_volume *vol, int lnum, + int *pnum) +{ + int err; + struct ubi_vid_io_buf *vidb; + + if (!ubi->fast_attach) + return 0; + + vidb = ubi_alloc_vid_buf(ubi, GFP_NOFS); + if (!vidb) + return -ENOMEM; + + err = ubi_io_read_vid_hdr(ubi, *pnum, vidb, 0); + if (err > 0 && err != UBI_IO_BITFLIPS) { + int torture = 0; + + switch (err) { + case UBI_IO_FF: + case UBI_IO_FF_BITFLIPS: + case UBI_IO_BAD_HDR: + case UBI_IO_BAD_HDR_EBADMSG: + break; + default: + ubi_assert(0); + } + + if (err == UBI_IO_BAD_HDR_EBADMSG || err == UBI_IO_FF_BITFLIPS) + torture = 1; + + down_read(&ubi->fm_eba_sem); + vol->eba_tbl->entries[lnum].pnum = UBI_LEB_UNMAPPED; + up_read(&ubi->fm_eba_sem); + ubi_wl_put_peb(ubi, vol->vol_id, lnum, *pnum, torture); + + *pnum = UBI_LEB_UNMAPPED; + } else if (err < 0) { + ubi_err(ubi, "unable to read VID header back from PEB %i: %i", + *pnum, err); + + goto out_free; + } + + err = 0; + +out_free: + ubi_free_vid_buf(vidb); + + return err; +} +#else +static int check_mapping(struct ubi_device *ubi, struct ubi_volume *vol, int lnum, + int *pnum) +{ + return 0; +} +#endif + /** * ubi_eba_read_leb - read data. * @ubi: UBI device description object @@ -522,7 +598,13 @@ int ubi_eba_read_leb(struct ubi_device *ubi, struct ubi_volume *vol, int lnum, return err; pnum = vol->eba_tbl->entries[lnum].pnum; - if (pnum < 0) { + if (pnum >= 0) { + err = check_mapping(ubi, vol, lnum, &pnum); + if (err < 0) + goto out_unlock; + } + + if (pnum == UBI_LEB_UNMAPPED) { /* * The logical eraseblock is not mapped, fill the whole buffer * with 0xFF bytes. The exception is static volumes for which @@ -930,6 +1012,12 @@ int ubi_eba_write_leb(struct ubi_device *ubi, struct ubi_volume *vol, int lnum, return err; pnum = vol->eba_tbl->entries[lnum].pnum; + if (pnum >= 0) { + err = check_mapping(ubi, vol, lnum, &pnum); + if (err < 0) + goto out; + } + if (pnum >= 0) { dbg_eba("write %d bytes at offset %d of LEB %d:%d, PEB %d", len, offset, vol_id, lnum, pnum);

7 years, 2 months

3
2
0 0

Please apply to stable 4.9 kernel

by Juergen Gross

Hi Greg, please apply the attched backported patch to the 4.9 stable tree. Juergen

7 years, 2 months

2
2
0 0

[BACKPORT PATCH] mtd: nand: fix return value check for bad block status

by Abhishek Sahu

commit e9893e6fa932f42c90c4ac5849fa9aa0f0f00a34 upstream. Positive return value from read_oob() is making false BAD blocks. For some of the NAND controllers, OOB bytes will be protected with ECC and read_oob() will return number of bitflips. If there is any bitflip in ECC protected OOB bytes for BAD block status page, then that block is getting treated as BAD. Fixes: c120e75e0e7d ("mtd: nand: use read_oob() instead of cmdfunc() for bad block check") Cc: <stable(a)vger.kernel.org> Signed-off-by: Abhishek Sahu <absahu(a)codeaurora.org> Reviewed-by: Miquel Raynal <miquel.raynal(a)bootlin.com> Signed-off-by: Boris Brezillon <boris.brezillon(a)bootlin.com> [backported to 4.14.y] Signed-off-by: Abhishek Sahu <absahu(a)codeaurora.org> --- This is backported patch for failed patch mentioned in https://www.spinics.net/lists/stable/msg245833.html The failure happened due to file rename. drivers/mtd/nand/nand_base.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/mtd/nand/nand_base.c b/drivers/mtd/nand/nand_base.c index 528e04f..d410de3 100644 --- a/drivers/mtd/nand/nand_base.c +++ b/drivers/mtd/nand/nand_base.c @@ -440,7 +440,7 @@ static int nand_block_bad(struct mtd_info *mtd, loff_t ofs) for (; page < page_end; page++) { res = chip->ecc.read_oob(mtd, chip, page); - if (res) + if (res < 0) return res; bad = chip->oob_poi[chip->badblockpos]; -- QUALCOMM INDIA, on behalf of Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum, hosted by The Linux Foundation

7 years, 2 months

2
2
0 0

Please apply to stable 4.9 kernel

by Juergen Gross

Hi Greg, please apply the attched backported patch to the 4.9 stable tree. It is needed to boot Xen PV guests (broken since commit c43b4ff972a986c85bdd8dc1aa05fe23b29ef99c which I didn't realize due to my kernel parameters when testing). Juergen

7 years, 2 months

2
1
0 0

stable request for v4.17.x, v4.14.x, v4.9.x, v4.4.x: ARM: dts: imx6q: Use correct SDMA script for SPI5 core

by Sean Nyekjær

Hi Greg, subject "ARM: dts: imx6q: Use correct SDMA script for SPI5 core" commit df07101e1c4a29e820df02f9989a066988b160e6 upstream. Please apply to v4.17.x, v4.14.x, v4.9.x, v4.4.x. I forgot to write CC: <stable(a)vger.kernel.org> in the commit msg. I hope this can go in the stable trees. Please let me know if the commit was in the queue already and I had done everything correctly. :-) BR /Sean

7 years, 2 months

2
1
0 0

Backport request: bfe72442578b to 4.9.y

by Dan Rue

Hi Greg - Please apply bfe72442578b ("net: phy: micrel: fix crash when statistic requested for KSZ9031 phy") to 4.9.y. Since at least 4.9.95 (this was discussed during 4.9.95 release cycle), 'ethtool --phy-statistics eth0' causes a system crash on micrel systems. This is still happening, and this patch fixes the issue. Thanks! Dan

7 years, 2 months

2
1
0 0

[PATCH] cifs: Fix slab-out-of-bounds in send_set_info() on SMB2 ACE setting

by Stefano Brivio

A "small" CIFS buffer is not big enough in general to hold a setacl request for SMB2, and we end up overflowing the buffer in send_set_info(). For instance: # mount.cifs //127.0.0.1/test /mnt/test -o username=test,password=test,nounix,cifsacl # touch /mnt/test/acltest # getcifsacl /mnt/test/acltest REVISION:0x1 CONTROL:0x9004 OWNER:S-1-5-21-2926364953-924364008-418108241-1000 GROUP:S-1-22-2-1001 ACL:S-1-5-21-2926364953-924364008-418108241-1000:ALLOWED/0x0/0x1e01ff ACL:S-1-22-2-1001:ALLOWED/0x0/R ACL:S-1-22-2-1001:ALLOWED/0x0/R ACL:S-1-5-21-2926364953-924364008-418108241-1000:ALLOWED/0x0/0x1e01ff ACL:S-1-1-0:ALLOWED/0x0/R # setcifsacl -a "ACL:S-1-22-2-1004:ALLOWED/0x0/R" /mnt/test/acltest this setacl will cause the following KASAN splat: [ 330.777927] BUG: KASAN: slab-out-of-bounds in send_set_info+0x4dd/0xc20 [cifs] [ 330.779696] Write of size 696 at addr ffff88010d5e2860 by task setcifsacl/1012 [ 330.781882] CPU: 1 PID: 1012 Comm: setcifsacl Not tainted 4.18.0-rc2+ #2 [ 330.783140] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014 [ 330.784395] Call Trace: [ 330.784789] dump_stack+0xc2/0x16b [ 330.786777] print_address_description+0x6a/0x270 [ 330.787520] kasan_report+0x258/0x380 [ 330.788845] memcpy+0x34/0x50 [ 330.789369] send_set_info+0x4dd/0xc20 [cifs] [ 330.799511] SMB2_set_acl+0x76/0xa0 [cifs] [ 330.801395] set_smb2_acl+0x7ac/0xf30 [cifs] [ 330.830888] cifs_xattr_set+0x963/0xe40 [cifs] [ 330.840367] __vfs_setxattr+0x84/0xb0 [ 330.842060] __vfs_setxattr_noperm+0xe6/0x370 [ 330.843848] vfs_setxattr+0xc2/0xd0 [ 330.845519] setxattr+0x258/0x320 [ 330.859211] path_setxattr+0x15b/0x1b0 [ 330.864392] __x64_sys_setxattr+0xc0/0x160 [ 330.866133] do_syscall_64+0x14e/0x4b0 [ 330.876631] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 330.878503] RIP: 0033:0x7ff2e507db0a [ 330.880151] Code: 48 8b 0d 89 93 2c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 bc 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 56 93 2c 00 f7 d8 64 89 01 48 [ 330.885358] RSP: 002b:00007ffdc4903c18 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc [ 330.887733] RAX: ffffffffffffffda RBX: 000055d1170de140 RCX: 00007ff2e507db0a [ 330.890067] RDX: 000055d1170de7d0 RSI: 000055d115b39184 RDI: 00007ffdc4904818 [ 330.892410] RBP: 0000000000000001 R08: 0000000000000000 R09: 000055d1170de7e4 [ 330.894785] R10: 00000000000002b8 R11: 0000000000000246 R12: 0000000000000007 [ 330.897148] R13: 000055d1170de0c0 R14: 0000000000000008 R15: 000055d1170de550 [ 330.901057] Allocated by task 1012: [ 330.902888] kasan_kmalloc+0xa0/0xd0 [ 330.904714] kmem_cache_alloc+0xc8/0x1d0 [ 330.906615] mempool_alloc+0x11e/0x380 [ 330.908496] cifs_small_buf_get+0x35/0x60 [cifs] [ 330.910510] smb2_plain_req_init+0x4a/0xd60 [cifs] [ 330.912551] send_set_info+0x198/0xc20 [cifs] [ 330.914535] SMB2_set_acl+0x76/0xa0 [cifs] [ 330.916465] set_smb2_acl+0x7ac/0xf30 [cifs] [ 330.918453] cifs_xattr_set+0x963/0xe40 [cifs] [ 330.920426] __vfs_setxattr+0x84/0xb0 [ 330.922284] __vfs_setxattr_noperm+0xe6/0x370 [ 330.924213] vfs_setxattr+0xc2/0xd0 [ 330.926008] setxattr+0x258/0x320 [ 330.927762] path_setxattr+0x15b/0x1b0 [ 330.929592] __x64_sys_setxattr+0xc0/0x160 [ 330.931459] do_syscall_64+0x14e/0x4b0 [ 330.933314] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 330.936843] Freed by task 0: [ 330.938588] (stack is not available) [ 330.941886] The buggy address belongs to the object at ffff88010d5e2800 which belongs to the cache cifs_small_rq of size 448 [ 330.946362] The buggy address is located 96 bytes inside of 448-byte region [ffff88010d5e2800, ffff88010d5e29c0) [ 330.950722] The buggy address belongs to the page: [ 330.952789] page:ffffea0004357880 count:1 mapcount:0 mapping:ffff880108fdca80 index:0x0 compound_mapcount: 0 [ 330.955665] flags: 0x17ffffc0008100(slab|head) [ 330.957760] raw: 0017ffffc0008100 dead000000000100 dead000000000200 ffff880108fdca80 [ 330.960356] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 330.963005] page dumped because: kasan: bad access detected [ 330.967039] Memory state around the buggy address: [ 330.969255] ffff88010d5e2880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 330.971833] ffff88010d5e2900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 330.974397] >ffff88010d5e2980: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 330.976956] ^ [ 330.979226] ffff88010d5e2a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 330.981755] ffff88010d5e2a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 330.984225] ================================================================== Fix this by allocating a regular CIFS buffer in smb2_plain_req_init() if the request command is SMB2_SET_INFO. Reported-by: Jianhong Yin <jiyin(a)redhat.com> Fixes: 366ed846df60 ("cifs: Use smb 2 - 3 and cifsacl mount options setacl function") Signed-off-by: Stefano Brivio <sbrivio(a)redhat.com> --- fs/cifs/smb2pdu.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c index 7608c241b1ef..b2fa834da210 100644 --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c @@ -340,7 +340,10 @@ smb2_plain_req_init(__le16 smb2_command, struct cifs_tcon *tcon, return rc; /* BB eventually switch this to SMB2 specific small buf size */ - *request_buf = cifs_small_buf_get(); + if (smb2_command == SMB2_SET_INFO) + *request_buf = cifs_buf_get(); + else + *request_buf = cifs_small_buf_get(); if (*request_buf == NULL) { /* BB should we add a retry in here if not a writepage? */ return -ENOMEM; @@ -3720,7 +3723,7 @@ send_set_info(const unsigned int xid, struct cifs_tcon *tcon, rc = cifs_send_recv(xid, ses, &rqst, &resp_buftype, flags, &rsp_iov); - cifs_small_buf_release(req); + cifs_buf_release(req); rsp = (struct smb2_set_info_rsp *)rsp_iov.iov_base; if (rc != 0) { -- 2.15.1

7 years, 2 months

3
7
0 0

[PATCH v4 2/3] ioremap: Update pgtable free interfaces with addr

by Toshi Kani

From: Chintan Pandya <cpandya(a)codeaurora.org> The following kernel panic was observed on ARM64 platform due to a stale TLB entry. 1. ioremap with 4K size, a valid pte page table is set. 2. iounmap it, its pte entry is set to 0. 3. ioremap the same address with 2M size, update its pmd entry with a new value. 4. CPU may hit an exception because the old pmd entry is still in TLB, which leads to a kernel panic. Commit b6bdb7517c3d ("mm/vmalloc: add interfaces to free unmapped page table") has addressed this panic by falling to pte mappings in the above case on ARM64. To support pmd mappings in all cases, TLB purge needs to be performed in this case on ARM64. Add a new arg, 'addr', to pud_free_pmd_page() and pmd_free_pte_page() so that TLB purge can be added later in seprate patches. [toshi.kani(a)hpe.com: merge changes, rewrite patch description] Fixes: 28ee90fe6048 ("x86/mm: implement free pmd/pte page interfaces") Signed-off-by: Chintan Pandya <cpandya(a)codeaurora.org> Signed-off-by: Toshi Kani <toshi.kani(a)hpe.com> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: Will Deacon <will.deacon(a)arm.com> Cc: Joerg Roedel <joro(a)8bytes.org> Cc: <stable(a)vger.kernel.org> --- arch/arm64/mm/mmu.c | 4 ++-- arch/x86/mm/pgtable.c | 12 +++++++----- include/asm-generic/pgtable.h | 8 ++++---- lib/ioremap.c | 4 ++-- 4 files changed, 15 insertions(+), 13 deletions(-) diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c index 493ff75670ff..8ae5d7ae4af3 100644 --- a/arch/arm64/mm/mmu.c +++ b/arch/arm64/mm/mmu.c @@ -977,12 +977,12 @@ int pmd_clear_huge(pmd_t *pmdp) return 1; } -int pud_free_pmd_page(pud_t *pud) +int pud_free_pmd_page(pud_t *pud, unsigned long addr) { return pud_none(*pud); } -int pmd_free_pte_page(pmd_t *pmd) +int pmd_free_pte_page(pmd_t *pmd, unsigned long addr) { return pmd_none(*pmd); } diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c index 1aeb7a5dbce5..fbd14e506758 100644 --- a/arch/x86/mm/pgtable.c +++ b/arch/x86/mm/pgtable.c @@ -723,11 +723,12 @@ int pmd_clear_huge(pmd_t *pmd) /** * pud_free_pmd_page - Clear pud entry and free pmd page. * @pud: Pointer to a PUD. + * @addr: Virtual address associated with pud. * * Context: The pud range has been unmaped and TLB purged. * Return: 1 if clearing the entry succeeded. 0 otherwise. */ -int pud_free_pmd_page(pud_t *pud) +int pud_free_pmd_page(pud_t *pud, unsigned long addr) { pmd_t *pmd; int i; @@ -738,7 +739,7 @@ int pud_free_pmd_page(pud_t *pud) pmd = (pmd_t *)pud_page_vaddr(*pud); for (i = 0; i < PTRS_PER_PMD; i++) - if (!pmd_free_pte_page(&pmd[i])) + if (!pmd_free_pte_page(&pmd[i], addr + (i * PMD_SIZE))) return 0; pud_clear(pud); @@ -750,11 +751,12 @@ int pud_free_pmd_page(pud_t *pud) /** * pmd_free_pte_page - Clear pmd entry and free pte page. * @pmd: Pointer to a PMD. + * @addr: Virtual address associated with pmd. * * Context: The pmd range has been unmaped and TLB purged. * Return: 1 if clearing the entry succeeded. 0 otherwise. */ -int pmd_free_pte_page(pmd_t *pmd) +int pmd_free_pte_page(pmd_t *pmd, unsigned long addr) { pte_t *pte; @@ -770,7 +772,7 @@ int pmd_free_pte_page(pmd_t *pmd) #else /* !CONFIG_X86_64 */ -int pud_free_pmd_page(pud_t *pud) +int pud_free_pmd_page(pud_t *pud, unsigned long addr) { return pud_none(*pud); } @@ -779,7 +781,7 @@ int pud_free_pmd_page(pud_t *pud) * Disable free page handling on x86-PAE. This assures that ioremap() * does not update sync'd pmd entries. See vmalloc_sync_one(). */ -int pmd_free_pte_page(pmd_t *pmd) +int pmd_free_pte_page(pmd_t *pmd, unsigned long addr) { return pmd_none(*pmd); } diff --git a/include/asm-generic/pgtable.h b/include/asm-generic/pgtable.h index f59639afaa39..b081794ba135 100644 --- a/include/asm-generic/pgtable.h +++ b/include/asm-generic/pgtable.h @@ -1019,8 +1019,8 @@ int pud_set_huge(pud_t *pud, phys_addr_t addr, pgprot_t prot); int pmd_set_huge(pmd_t *pmd, phys_addr_t addr, pgprot_t prot); int pud_clear_huge(pud_t *pud); int pmd_clear_huge(pmd_t *pmd); -int pud_free_pmd_page(pud_t *pud); -int pmd_free_pte_page(pmd_t *pmd); +int pud_free_pmd_page(pud_t *pud, unsigned long addr); +int pmd_free_pte_page(pmd_t *pmd, unsigned long addr); #else /* !CONFIG_HAVE_ARCH_HUGE_VMAP */ static inline int p4d_set_huge(p4d_t *p4d, phys_addr_t addr, pgprot_t prot) { @@ -1046,11 +1046,11 @@ static inline int pmd_clear_huge(pmd_t *pmd) { return 0; } -static inline int pud_free_pmd_page(pud_t *pud) +static inline int pud_free_pmd_page(pud_t *pud, unsigned long addr) { return 0; } -static inline int pmd_free_pte_page(pmd_t *pmd) +static inline int pmd_free_pte_page(pmd_t *pmd, unsigned long addr) { return 0; } diff --git a/lib/ioremap.c b/lib/ioremap.c index 54e5bbaa3200..517f5853ffed 100644 --- a/lib/ioremap.c +++ b/lib/ioremap.c @@ -92,7 +92,7 @@ static inline int ioremap_pmd_range(pud_t *pud, unsigned long addr, if (ioremap_pmd_enabled() && ((next - addr) == PMD_SIZE) && IS_ALIGNED(phys_addr + addr, PMD_SIZE) && - pmd_free_pte_page(pmd)) { + pmd_free_pte_page(pmd, addr)) { if (pmd_set_huge(pmd, phys_addr + addr, prot)) continue; } @@ -119,7 +119,7 @@ static inline int ioremap_pud_range(p4d_t *p4d, unsigned long addr, if (ioremap_pud_enabled() && ((next - addr) == PUD_SIZE) && IS_ALIGNED(phys_addr + addr, PUD_SIZE) && - pud_free_pmd_page(pud)) { + pud_free_pmd_page(pud, addr)) { if (pud_set_huge(pud, phys_addr + addr, prot)) continue; }

7 years, 2 months

5
9
0 0

[PATCH] cifs: Fix infinite loop when using hard mount option

by Paulo Alcantara

For every request we send, whether it is SMB1 or SMB2+, we attempt to reconnect tcon (cifs_reconnect_tcon or smb2_reconnect) before carrying out the request. So, while server->tcpStatus != CifsNeedReconnect, we wait for the reconnection to succeed on wait_event_interruptible_timeout(). If it returns, that means that either the condition was evaluated to true, or timeout elapsed, or it was interrupted by a signal. Since we're not handling the case where the process woke up due to a received signal (-ERESTARTSYS), the next call to wait_event_interruptible_timeout() will _always_ fail and we end up looping forever inside either cifs_reconnect_tcon() or smb2_reconnect(). Here's an example of how to trigger that: $ mount.cifs //foo/share /mnt/test -o username=foo,password=foo,vers=1.0,hard (break connection to server before executing bellow cmd) $ stat -f /mnt/test & sleep 140 [1] 2511 $ ps -aux -q 2511 USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 2511 0.0 0.0 12892 1008 pts/0 S 12:24 0:00 stat -f /mnt/test $ kill -9 2511 (wait for a while; process is stuck in the kernel) $ ps -aux -q 2511 USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 2511 83.2 0.0 12892 1008 pts/0 R 12:24 30:01 stat -f /mnt/test By using 'hard' mount point means that cifs.ko will keep retrying indefinitely, however we must allow the process to be killed otherwise it would hang the system. Signed-off-by: Paulo Alcantara <palcantara(a)suse.de> Cc: stable(a)vger.kernel.org --- fs/cifs/cifssmb.c | 10 ++++++++-- fs/cifs/smb2pdu.c | 18 ++++++++++++------ 2 files changed, 20 insertions(+), 8 deletions(-) diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c index d352da325de3..93408eab92e7 100644 --- a/fs/cifs/cifssmb.c +++ b/fs/cifs/cifssmb.c @@ -157,8 +157,14 @@ cifs_reconnect_tcon(struct cifs_tcon *tcon, int smb_command) * greater than cifs socket timeout which is 7 seconds */ while (server->tcpStatus == CifsNeedReconnect) { - wait_event_interruptible_timeout(server->response_q, - (server->tcpStatus != CifsNeedReconnect), 10 * HZ); + rc = wait_event_interruptible_timeout(server->response_q, + (server->tcpStatus != CifsNeedReconnect), + 10 * HZ); + if (rc < 0) { + cifs_dbg(FYI, "%s: aborting reconnect due to a received" + " signal by the process\n", __func__); + return -ERESTARTSYS; + } /* are we still trying to reconnect? */ if (server->tcpStatus != CifsNeedReconnect) diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c index 810b85787c91..086629b0d59c 100644 --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c @@ -155,7 +155,7 @@ smb2_hdr_assemble(struct smb2_sync_hdr *shdr, __le16 smb2_cmd, static int smb2_reconnect(__le16 smb2_command, struct cifs_tcon *tcon) { - int rc = 0; + int rc; struct nls_table *nls_codepage; struct cifs_ses *ses; struct TCP_Server_Info *server; @@ -166,10 +166,10 @@ smb2_reconnect(__le16 smb2_command, struct cifs_tcon *tcon) * for those three - in the calling routine. */ if (tcon == NULL) - return rc; + return 0; if (smb2_command == SMB2_TREE_CONNECT) - return rc; + return 0; if (tcon->tidStatus == CifsExiting) { /* @@ -212,8 +212,14 @@ smb2_reconnect(__le16 smb2_command, struct cifs_tcon *tcon) return -EAGAIN; } - wait_event_interruptible_timeout(server->response_q, - (server->tcpStatus != CifsNeedReconnect), 10 * HZ); + rc = wait_event_interruptible_timeout(server->response_q, + (server->tcpStatus != CifsNeedReconnect), + 10 * HZ); + if (rc < 0) { + cifs_dbg(FYI, "%s: aborting reconnect due to a received" + " signal by the process\n", __func__); + return -ERESTARTSYS; + } /* are we still trying to reconnect? */ if (server->tcpStatus != CifsNeedReconnect) @@ -231,7 +237,7 @@ smb2_reconnect(__le16 smb2_command, struct cifs_tcon *tcon) } if (!tcon->ses->need_reconnect && !tcon->need_reconnect) - return rc; + return 0; nls_codepage = load_nls_default(); -- 2.18.0

7 years, 2 months

2
1
0 0

Re: [PATCH] ARM64: dts: meson-gxl-s905x-p212: Add phy-supply for usb0

by Neil Armstrong

Hi Stable Maintainers, On 05/06/2018 10:52, Neil Armstrong wrote: > Like LibreTech-CC, the USB0 needs the 5V regulator to be enabled to power the > devices on the P212 Reference Design based boards. > > Fixes: b9f07cb4f41f ("ARM64: dts: meson-gxl-s905x-p212: enable the USB controller") > Signed-off-by: Neil Armstrong <narmstrong(a)baylibre.com> > --- This commit hit Linus master with commit sha d511b3e4087eedbe11c7496c396432b8b7c2d7d9 Can this fix be applied to 4.17 stable kernel ? Thanks, Neil > arch/arm64/boot/dts/amlogic/meson-gxl-s905x-p212.dtsi | 7 +++++++ > 1 file changed, 7 insertions(+) > > diff --git a/arch/arm64/boot/dts/amlogic/meson-gxl-s905x-p212.dtsi b/arch/arm64/boot/dts/amlogic/meson-gxl-s905x-p212.dtsi > index 0cfd701..a1b3101 100644 > --- a/arch/arm64/boot/dts/amlogic/meson-gxl-s905x-p212.dtsi > +++ b/arch/arm64/boot/dts/amlogic/meson-gxl-s905x-p212.dtsi > @@ -189,3 +189,10 @@ > &usb0 { > status = "okay"; > }; > + > +&usb2_phy0 { > + /* > + * HDMI_5V is also used as supply for the USB VBUS. > + */ > + phy-supply = <&hdmi_5v>; > +}; >

7 years, 2 months

2
1
0 0

stable request: Revert "sit: reload iphdr in ipip6_rcv"

by Luca Boccassi

Hello, Please consider backporting to 4.9.y the following commit from DaveM [CC'ed]: f4eb17e1efe538d4da7d574bedb00a8dafcc26b7 ("Revert "sit: reload iphdr in ipip6_rcv"") It cherry-picks cleanly and builds fine. The original commit was introduced and reverted in v4.12-rc5, but only the original made its way into the 4.9 stable release (v4.9.94). It causes a regression: pings to v6 hosts over a SIT tunnel do not work anymore, and the following error appears in dmesg: kernel: sit: non-ECT from 0.0.0.0 with TOS=0xd This was also reported and reverted downstream by Ubuntu: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1772775 Thanks! -- Kind regards, Luca Boccassi

7 years, 2 months

2
1
0 0

897366537f("genhd: Fix use after free in __blkdev_get()")

by Zubin Mithra

Hello, Syzkaller has reported a crash here[1] for a UAF in disk_unblock_events. Could the following patches be applied in order to 4.14? 517bf3c30("block: don't look at the struct device dev_t in disk_devt") 8ddcd653("block: introduce GENHD_FL_HIDDEN") f0fba398fe("block: avoid null pointer dereference on null disk") d52987b5("genhd: Fix leaked module reference for NVME devices") 9df6c2991("genhd: Add helper put_disk_and_module()") 89736653("genhd: Fix use after free in __blkdev_get()") [1] https://syzkaller.appspot.com/bug?id=d932bb61fb530dc6816b87b4649f3b6925f510… Thanks, Zubin

7 years, 2 months

2
1
0 0

stable request: don't set F_IFACE on ipv6 fib lookups and followup fix

by Florian Westphal

Hi. Please consider applying 47b7e7f82802 ("netfilter: don't set F_IFACE on ipv6 fib lookups") and its followup commit: cede24d1b21d ("netfilter: ip6t_rpfilter: provide input interface for route lookup") to 4.14.y. For 4.16.y and 4.17.y, please consider applying cede24d1b21d ("netfilter: ip6t_rpfilter: provide input interface for route lookup") For 4.17.y, consider fc6ddbecce44 ("netfilter: xt_connmark: fix list corruption on rmmod"). For all maintained trees, consider following candiate: adc972c5b88829d3 ("netfilter: nf_tables: use WARN_ON_ONCE instead of BUG_ON in nft_do_chain()") Thanks, Florian

7 years, 2 months

2
1
0 0

[PATCH 4.14.y] netfilter: nf_tables: fix NULL-ptr in nf_tables_dump_obj()

by Florian Westphal

From: Taehee Yoo <ap420073(a)gmail.com> commit 360cc79d9d299ce297b205508276285ceffc5fa8 upstream. The table field in nft_obj_filter is not an array. In order to check tablename, we should check if the pointer is set. Test commands: %nft add table ip filter %nft add counter ip filter ct1 %nft reset counters Splat looks like: [ 306.510504] kasan: CONFIG_KASAN_INLINE enabled [ 306.516184] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 306.524775] general protection fault: 0000 [#1] SMP DEBUG_PAGEALLOC KASAN PTI [ 306.528284] Modules linked in: nft_objref nft_counter nf_tables nfnetlink ip_tables x_tables [ 306.528284] CPU: 0 PID: 1488 Comm: nft Not tainted 4.17.0-rc4+ #17 [ 306.528284] Hardware name: To be filled by O.E.M. To be filled by O.E.M./Aptio CRB, BIOS 5.6.5 07/08/2015 [ 306.528284] RIP: 0010:nf_tables_dump_obj+0x52c/0xa70 [nf_tables] [ 306.528284] RSP: 0018:ffff8800b6cb7520 EFLAGS: 00010246 [ 306.528284] RAX: 0000000000000000 RBX: ffff8800b6c49820 RCX: 0000000000000000 [ 306.528284] RDX: 0000000000000000 RSI: dffffc0000000000 RDI: ffffed0016d96e9a [ 306.528284] RBP: ffff8800b6cb75c0 R08: ffffed00236fce7c R09: ffffed00236fce7b [ 306.528284] R10: ffffffff9f6241e8 R11: ffffed00236fce7c R12: ffff880111365108 [ 306.528284] R13: 0000000000000000 R14: ffff8800b6c49860 R15: ffff8800b6c49860 [ 306.528284] FS: 00007f838b007700(0000) GS:ffff88011b600000(0000) knlGS:0000000000000000 [ 306.528284] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 306.528284] CR2: 00007ffeafabcf78 CR3: 00000000b6cbe000 CR4: 00000000001006f0 [ 306.528284] Call Trace: [ 306.528284] netlink_dump+0x470/0xa20 [ 306.528284] __netlink_dump_start+0x5ae/0x690 [ 306.528284] ? nf_tables_getobj+0x1b3/0x740 [nf_tables] [ 306.528284] nf_tables_getobj+0x2f5/0x740 [nf_tables] [ 306.528284] ? nft_obj_notify+0x100/0x100 [nf_tables] [ 306.528284] ? nf_tables_getobj+0x740/0x740 [nf_tables] [ 306.528284] ? nf_tables_dump_flowtable_done+0x70/0x70 [nf_tables] [ 306.528284] ? nft_obj_notify+0x100/0x100 [nf_tables] [ 306.528284] nfnetlink_rcv_msg+0x8ff/0x932 [nfnetlink] [ 306.528284] ? nfnetlink_rcv_msg+0x216/0x932 [nfnetlink] [ 306.528284] netlink_rcv_skb+0x1c9/0x2f0 [ 306.528284] ? nfnetlink_bind+0x1d0/0x1d0 [nfnetlink] [ 306.528284] ? debug_check_no_locks_freed+0x270/0x270 [ 306.528284] ? netlink_ack+0x7a0/0x7a0 [ 306.528284] ? ns_capable_common+0x6e/0x110 [ ... ] Fixes: e46abbcc05aa8 ("netfilter: nf_tables: Allow table names of up to 255 chars") Signed-off-by: Taehee Yoo <ap420073(a)gmail.com> Acked-by: Florian Westphal <fw(a)strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo(a)netfilter.org> Signed-off-by: Florian Westphal <fw(a)strlen.de> --- net/netfilter/nf_tables_api.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index 60936bca3181..85b549e84104 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -4614,7 +4614,7 @@ static int nf_tables_dump_obj(struct sk_buff *skb, struct netlink_callback *cb) if (idx > s_idx) memset(&cb->args[1], 0, sizeof(cb->args) - sizeof(cb->args[0])); - if (filter && filter->table[0] && + if (filter && filter->table && strcmp(filter->table, table->name)) goto cont; if (filter && -- 2.16.4

7 years, 2 months

2
1
0 0

Re: [PATCHES] Networking

by Jiri Slaby

On 09/15/2017, 06:57 AM, David Miller wrote: > Please queue up the following networking bug fixes for v4.9, v4.12, and > v4.13 -stable, respectively. Hi, while walking through some fixes, I wonder, whether backports of 25cc72a33835 (mlxsw: spectrum: Forbid linking to devices that have uppers) to 4.9 and 4.12 are correct. Part of the original commit: --- a/drivers/net/ethernet/mellanox/mlxsw/spectrum.c +++ b/drivers/net/ethernet/mellanox/mlxsw/spectrum.c @@ -4139,6 +4139,8 @@ static int mlxsw_sp_netdevice_port_upper_event(struct net_device *lower_dev, return -EINVAL; if (!info->linking) break; + if (netdev_has_any_upper_dev(upper_dev)) + return -EINVAL; if (netif_is_lag_master(upper_dev) && !mlxsw_sp_master_lag_check(mlxsw_sp, upper_dev, info->upper_info)) @@ -4258,6 +4260,10 @@ static int mlxsw_sp_netdevice_port_vlan_event(struct net_device *vlan_dev, upper_dev = info->upper_dev; if (!netif_is_bridge_master(upper_dev)) return -EINVAL; + if (!info->linking) + break; + if (netdev_has_any_upper_dev(upper_dev)) + return -EINVAL; break; case NETDEV_CHANGEUPPER: upper_dev = info->upper_dev; It changes mlxsw_sp_netdevice_port_upper_event and mlxsw_sp_netdevice_port_vlan_event. 4.9 backport (73ee5a73e75): --- a/drivers/net/ethernet/mellanox/mlxsw/spectrum.c +++ b/drivers/net/ethernet/mellanox/mlxsw/spectrum.c @@ -4172,6 +4172,8 @@ static int mlxsw_sp_netdevice_port_upper_event(struct net_device *dev, return -EINVAL; if (!info->linking) break; + if (netdev_has_any_upper_dev(upper_dev)) + return -EINVAL; /* HW limitation forbids to put ports to multiple bridges. */ if (netif_is_bridge_master(upper_dev) && !mlxsw_sp_master_bridge_check(mlxsw_sp, upper_dev)) @@ -4185,6 +4187,10 @@ static int mlxsw_sp_netdevice_port_upper_event(struct net_device *dev, if (netif_is_lag_port(dev) && is_vlan_dev(upper_dev) && !netif_is_lag_master(vlan_dev_real_dev(upper_dev))) return -EINVAL; + if (!info->linking) + break; + if (netdev_has_any_upper_dev(upper_dev)) + return -EINVAL; break; case NETDEV_CHANGEUPPER: upper_dev = info->upper_dev; It changes mlxsw_sp_netdevice_port_upper_event *twice* instead of mlxsw_sp_netdevice_port_vlan_event, which was named mlxsw_sp_netdevice_vport_event in 4.9 yet. 4.12 backport (2f4232ba8001): --- a/drivers/net/ethernet/mellanox/mlxsw/spectrum.c +++ b/drivers/net/ethernet/mellanox/mlxsw/spectrum.c @@ -4110,6 +4110,8 @@ static int mlxsw_sp_netdevice_port_upper_event(struct net_device *dev, return -EINVAL; if (!info->linking) break; + if (netdev_has_any_upper_dev(upper_dev)) + return -EINVAL; /* HW limitation forbids to put ports to multiple bridges. */ if (netif_is_bridge_master(upper_dev) && !mlxsw_sp_master_bridge_check(mlxsw_sp, upper_dev)) @@ -4274,6 +4276,10 @@ static int mlxsw_sp_netdevice_bridge_event(struct net_device *br_dev, if (is_vlan_dev(upper_dev) && br_dev != mlxsw_sp->master_bridge.dev) return -EINVAL; + if (!info->linking) + break; + if (netdev_has_any_upper_dev(upper_dev)) + return -EINVAL; break; case NETDEV_CHANGEUPPER: upper_dev = info->upper_dev; It changes mlxsw_sp_netdevice_port_upper_event (OK) and mlxsw_sp_netdevice_bridge_event (not OK) instead of mlxsw_sp_netdevice_vport_event. Did I miss something or is this a mistake? thanks, -- js suse labs

7 years, 2 months

3
5
0 0

netfilter stable requests for 4.14, 4.16

by Florian Westphal

Hello, Here is a list of netfilter bug fixes that I'd like to see in 4.16 and 4.14. I've cherry-picked these and with one exception (noted below) all pick cleanly. Patches are listed in top-down order. For v4.16.y and v4.14.y: b8e9dc1c75714ceb53615743e1036f76e00f5a17 ("netfilter: nf_tables: nft_compat: fix refcount leak on xt module") 8bdf164744b2c7f63561846c01cff3db597f282d ("netfilter: nft_compat: prepare for indirect info storage") Necessary to make the fix (next patch below) apply. 732a8049f365f514d0607e03938491bf6cb0d620 ("netfilter: nft_compat: fix handling of large matchinfo size") Without it, some iptables -A will fail when using iptables via nfnetlink (notably the cgroup match). 009240940e84c1c089af88b454f7e804a4c5bd1b ("netfilter: nf_tables: don't assume chain stats are set when jumplabel is set") Fixes null-ptr deref. bb7b40aecbf778c0c83a5bd62b0f03ca9f49a618 ("netfilter: nf_tables: bogus EBUSY in chain deletions") Fixes erroneous reject of some valid rulesets. 97a0549b15a0b466c47f6a0143a490a082c64b4e ("netfilter: nft_meta: fix wrong value dereference in nft_meta_set_eval") This fixes a bug where 'nft ... meta nftrace set 0' may set a nonzero value instead. ad9d9e85072b668731f356be0a3750a3ba22a607 ("netfilter: nf_tables: disable preemption in nft_update_chain_stats()") 360cc79d9d299ce297b205508276285ceffc5fa8 ("netfilter: nf_tables: fix NULL-ptr in nf_tables_dump_obj()"), bug added in v4.14-rc1 Applies cleanly to 4.16 but in 4.14 tjis fails as the 2nd location that is patched (nf_tables_dump_flowtable) doesn't exist. So in 4.14 this is a one-line change: - if (filter && filter->table[0] && + if (filter && filter->table && bbb8c61f97e3a2dd91b30d3e57b7964a67569d11 ("netfilter: nf_tables: increase nft_counters_enabled in nft_chain_stats_replace()" This fixes underflow of the static_key used for the base chain counters. f0dfd7a2b35b02030949100247d851b793cb275f ("netfilter: nf_tables: fix memory leak on error exit return"), since 4.12 additional change for v4.14.y (its already in 4.16): 467697d289e7e6e1b15910d99096c0da08c56d5b ("netfilter: nf_tables: add missing netlink attrs to policies") If you'd like me to handle such larger requests differently please let me know your preferenced way to handle this. Thanks, Florian

7 years, 2 months

2
2
0 0

[PATCH 4.4 00/56] 4.4.132-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.4.132 release. There are 56 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed May 16 06:47:39 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.132-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.4.132-rc1 Peter Zijlstra <peterz(a)infradead.org> perf/x86: Fix possible Spectre-v1 indexing for x86_pmu::event_map() Peter Zijlstra <peterz(a)infradead.org> perf/core: Fix possible Spectre-v1 indexing for ->aux_pages[] Peter Zijlstra <peterz(a)infradead.org> perf/x86/msr: Fix possible Spectre-v1 indexing in the MSR driver Peter Zijlstra <peterz(a)infradead.org> perf/x86/cstate: Fix possible Spectre-v1 indexing for pkg_msr Peter Zijlstra <peterz(a)infradead.org> perf/x86: Fix possible Spectre-v1 indexing for hw_perf_event cache_* Masami Hiramatsu <mhiramat(a)kernel.org> tracing/uprobe_event: Fix strncpy corner case Hans de Goede <hdegoede(a)redhat.com> Revert "Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174" Gustavo A. R. Silva <gustavo(a)embeddedor.com> atm: zatm: Fix potential Spectre v1 Gustavo A. R. Silva <gustavo(a)embeddedor.com> net: atm: Fix potential Spectre v1 Jimmy Assarsson <extja(a)kvaser.com> can: kvaser_usb: Increase correct stats counter in kvaser_usb_rx_can_msg() Steven Rostedt (VMware) <rostedt(a)goodmis.org> tracing: Fix regex_match_front() to not over compare the test string Hans de Goede <hdegoede(a)redhat.com> libata: Apply NOLPM quirk for SanDisk SD7UB3Q*G1001 SSDs Johan Hovold <johan(a)kernel.org> rfkill: gpio: fix memory leak in probe error path Yi Zhao <yi.zhao(a)windriver.com> xfrm_user: fix return value from xfrm_user_rcv_msg Wei Fang <fangwei1(a)huawei.com> f2fs: fix a dead loop in f2fs_fiemap() Jan Kara <jack(a)suse.cz> bdi: Fix oops in wb_workfn() Eric Dumazet <edumazet(a)google.com> tcp: fix TCP_REPAIR_QUEUE bound checking Jiri Olsa <jolsa(a)kernel.org> perf: Remove superfluous allocation error check Eric Dumazet <edumazet(a)google.com> soreuseport: initialise timewait reuseport field Eric Dumazet <edumazet(a)google.com> dccp: initialize ireq->ir_mark Eric Dumazet <edumazet(a)google.com> net: fix uninit-value in __hw_addr_add_ex() Eric Dumazet <edumazet(a)google.com> net: initialize skb->peeked when cloning Eric Dumazet <edumazet(a)google.com> net: fix rtnh_ok() Eric Dumazet <edumazet(a)google.com> netlink: fix uninit-value in netlink_sendmsg Eric Dumazet <edumazet(a)google.com> crypto: af_alg - fix possible uninit-value in alg_bind() Julian Anastasov <ja(a)ssi.bg> ipvs: fix rtnl_lock lockups caused by start_sync_thread Bin Liu <b-liu(a)ti.com> usb: musb: host: fix potential NULL pointer dereference SZ Lin (林上智) <sz.lin(a)moxa.com> USB: serial: option: adding support for ublox R410M Johan Hovold <johan(a)kernel.org> USB: serial: option: reimplement interface masking Alan Stern <stern(a)rowland.harvard.edu> USB: Accept bulk endpoints with 1024-byte maxpacket Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> USB: serial: visor: handle potential invalid device configuration Ben Hutchings <ben.hutchings(a)codethink.co.uk> test_firmware: fix setting old custom fw path back on exit, second try Thomas Hellstrom <thellstrom(a)vmware.com> drm/vmwgfx: Fix a buffer object leak Danit Goldberg <danitg(a)mellanox.com> IB/mlx5: Use unlimited rate when static rate is not supported SZ Lin (林上智) <sz.lin(a)moxa.com> NET: usb: qmi_wwan: add support for ublox R410M PID 0x90b2 Leon Romanovsky <leonro(a)mellanox.com> RDMA/mlx5: Protect from shift operand overflow Roland Dreier <roland(a)purestorage.com> RDMA/ucma: Allow resolving address w/o specifying source address Darrick J. Wong <darrick.wong(a)oracle.com> xfs: prevent creating negative-sized file via INSERT_RANGE Vittorio Gambaletta (VittGam) <linuxbugs(a)vittgam.net> Input: atmel_mxt_ts - add touchpad button mapping for Samsung Chromebook Pro Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: leds - fix out of bound access Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> tracepoint: Do not warn on ENOMEM Takashi Iwai <tiwai(a)suse.de> ALSA: aloop: Add missing cable lock to ctl API callbacks Robert Rosengren <robert.rosengren(a)axis.com> ALSA: aloop: Mark paused device as inactive Takashi Iwai <tiwai(a)suse.de> ALSA: seq: Fix races at MIDI encoding in snd_virmidi_output_trigger() Takashi Iwai <tiwai(a)suse.de> ALSA: pcm: Check PCM state at xfern compat ioctl Kristian Evensen <kristian.evensen(a)gmail.com> USB: serial: option: Add support for Quectel EP06 Markus Pargmann <mpa(a)pengutronix.de> gpmi-nand: Handle ECC Errors in erased pages Vasanthakumar Thiagarajan <vthiagar(a)qti.qualcomm.com> ath10k: rebuild crypto header in rx data frames Vasanthakumar Thiagarajan <vthiagar(a)qti.qualcomm.com> ath10k: fix rfc1042 header retrieval in QCA4019 with eth decap mode David Spinadel <david.spinadel(a)intel.com> mac80211: Add RX flag to indicate ICV stripped Sara Sharon <sara.sharon(a)intel.com> mac80211: allow same PN for AMSDU sub-frames Sara Sharon <sara.sharon(a)intel.com> mac80211: allow not sending MIC up from driver for HW crypto Tejun Heo <tj(a)kernel.org> percpu: include linux/sched.h for cond_resched() Alexander Yarygin <yarygin(a)linux.vnet.ibm.com> KVM: s390: Enable all facility bits that are known good for passthrough Teng Qin <qinteng(a)fb.com> bpf: map_get_next_key to return first key on NULL Tan Xiaojun <tanxiaojun(a)huawei.com> perf/core: Fix the perf_cpu_time_max_percent check ------------- Diffstat: Makefile | 4 +- arch/s390/kvm/kvm-s390.c | 4 +- arch/x86/kernel/cpu/perf_event.c | 8 +- arch/x86/kernel/cpu/perf_event_intel_cstate.c | 2 + arch/x86/kernel/cpu/perf_event_msr.c | 9 +- crypto/af_alg.c | 8 +- drivers/ata/libata-core.c | 3 + drivers/atm/zatm.c | 3 + drivers/bluetooth/btusb.c | 2 +- drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 1 + drivers/infiniband/core/ucma.c | 2 +- drivers/infiniband/hw/mlx5/qp.c | 22 +- drivers/input/input-leds.c | 8 +- drivers/input/touchscreen/atmel_mxt_ts.c | 9 + drivers/mtd/nand/gpmi-nand/gpmi-nand.c | 78 +++- drivers/net/can/usb/kvaser_usb.c | 2 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/wireless/ath/ath10k/core.c | 8 + drivers/net/wireless/ath/ath10k/core.h | 4 + drivers/net/wireless/ath/ath10k/htt_rx.c | 100 ++++- drivers/net/wireless/ath/wcn36xx/txrx.c | 2 +- drivers/usb/core/config.c | 4 +- drivers/usb/musb/musb_host.c | 4 +- drivers/usb/serial/option.c | 448 ++++++++-------------- drivers/usb/serial/visor.c | 69 ++-- fs/f2fs/data.c | 2 +- fs/fs-writeback.c | 2 +- fs/xfs/xfs_file.c | 14 +- include/net/inet_timewait_sock.h | 1 + include/net/mac80211.h | 14 +- include/net/nexthop.h | 2 +- kernel/bpf/arraymap.c | 2 +- kernel/bpf/hashtab.c | 9 +- kernel/bpf/syscall.c | 20 +- kernel/events/callchain.c | 10 +- kernel/events/core.c | 2 +- kernel/events/ring_buffer.c | 7 +- kernel/trace/trace_events_filter.c | 3 + kernel/trace/trace_uprobe.c | 2 + kernel/tracepoint.c | 4 +- mm/percpu.c | 1 + net/atm/lec.c | 9 +- net/core/dev_addr_lists.c | 4 +- net/core/skbuff.c | 1 + net/dccp/ipv4.c | 1 + net/dccp/ipv6.c | 1 + net/ipv4/inet_timewait_sock.c | 1 + net/ipv4/tcp.c | 2 +- net/mac80211/util.c | 5 +- net/mac80211/wep.c | 3 +- net/mac80211/wpa.c | 45 ++- net/netfilter/ipvs/ip_vs_ctl.c | 8 - net/netfilter/ipvs/ip_vs_sync.c | 155 ++++---- net/netlink/af_netlink.c | 2 + net/rfkill/rfkill-gpio.c | 7 +- net/xfrm/xfrm_user.c | 2 +- sound/core/pcm_compat.c | 2 + sound/core/seq/seq_virmidi.c | 4 +- sound/drivers/aloop.c | 29 +- tools/testing/selftests/firmware/fw_filesystem.sh | 6 +- 60 files changed, 656 insertions(+), 531 deletions(-)

7 years, 2 months

7
62
0 0

[PATCH 4.4 00/24] 4.4.138-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.4.138 release. There are 24 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat Jun 16 13:27:15 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.138-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.4.138-rc1 Michael Ellerman <mpe(a)ellerman.id.au> crypto: vmx - Remove overly verbose printk from AES init routines Johannes Wienke <languitar(a)semipol.de> Input: elan_i2c - add ELAN0612 (Lenovo v330 14IKB) ACPI ID Ethan Lee <flibitijibibo(a)gmail.com> Input: goodix - add new ACPI id for GPD Win 2 touch screen Paolo Bonzini <pbonzini(a)redhat.com> kvm: x86: use correct privilege level for sgdt/sidt/fxsave/fxrstor access Gil Kupfer <gilkup(a)gmail.com> vmw_balloon: fixing double free when batching mode is off Marek Szyprowski <m.szyprowski(a)samsung.com> serial: samsung: fix maxburst parameter for DMA transactions Paolo Bonzini <pbonzini(a)redhat.com> KVM: x86: pass kvm_vcpu to kvm_read_guest_virt and kvm_write_guest_virt_system Paolo Bonzini <pbonzini(a)redhat.com> KVM: x86: introduce linear_{read,write}_system Linus Torvalds <torvalds(a)linux-foundation.org> Clarify (and fix) MAX_LFS_FILESIZE macros Linus Walleij <linus.walleij(a)linaro.org> gpio: No NULL owner Andy Lutomirski <luto(a)kernel.org> x86/crypto, x86/fpu: Remove X86_FEATURE_EAGER_FPU #ifdef from the crc32c code Kevin Easton <kevin(a)guarana.org> af_key: Always verify length of provided sadb_key Andy Lutomirski <luto(a)kernel.org> x86/fpu: Fix math emulation in eager fpu mode Andy Lutomirski <luto(a)kernel.org> x86/fpu: Fix FNSAVE usage in eagerfpu mode Andy Lutomirski <luto(a)kernel.org> x86/fpu: Hard-disable lazy FPU mode Borislav Petkov <bp(a)alien8.de> x86/fpu: Fix eager-FPU handling on legacy FPU machines Yu-cheng Yu <yu-cheng.yu(a)intel.com> x86/fpu: Revert ("x86/fpu: Disable AVX when eagerfpu is off") Andy Lutomirski <luto(a)kernel.org> x86/fpu: Fix 'no387' regression Andy Lutomirski <luto(a)kernel.org> x86/fpu: Default eagerfpu=on on all CPUs yu-cheng yu <yu-cheng.yu(a)intel.com> x86/fpu: Disable AVX when eagerfpu is off yu-cheng yu <yu-cheng.yu(a)intel.com> x86/fpu: Disable MPX when eagerfpu is off Borislav Petkov <bp(a)suse.de> x86/cpufeature: Remove unused and seldomly used cpu_has_xx macros Juergen Gross <jgross(a)suse.com> x86: Remove unused function cpu_has_ht_siblings() yu-cheng yu <yu-cheng.yu(a)intel.com> x86/fpu: Fix early FPU command-line parsing ------------- Diffstat: Makefile | 4 +- arch/x86/crypto/chacha20_glue.c | 2 +- arch/x86/crypto/crc32c-intel_glue.c | 7 +- arch/x86/include/asm/cmpxchg_32.h | 2 +- arch/x86/include/asm/cmpxchg_64.h | 2 +- arch/x86/include/asm/cpufeature.h | 39 +------ arch/x86/include/asm/fpu/internal.h | 6 +- arch/x86/include/asm/fpu/xstate.h | 2 +- arch/x86/include/asm/kvm_emulate.h | 6 +- arch/x86/include/asm/smp.h | 9 -- arch/x86/include/asm/xor_32.h | 2 +- arch/x86/kernel/cpu/amd.c | 4 +- arch/x86/kernel/cpu/common.c | 4 +- arch/x86/kernel/cpu/intel.c | 3 +- arch/x86/kernel/cpu/intel_cacheinfo.c | 6 +- arch/x86/kernel/cpu/mtrr/generic.c | 2 +- arch/x86/kernel/cpu/mtrr/main.c | 2 +- arch/x86/kernel/cpu/perf_event_amd.c | 4 +- arch/x86/kernel/cpu/perf_event_amd_uncore.c | 11 +- arch/x86/kernel/fpu/core.c | 24 +++- arch/x86/kernel/fpu/init.c | 169 +++++++--------------------- arch/x86/kernel/fpu/xstate.c | 3 +- arch/x86/kernel/hw_breakpoint.c | 6 +- arch/x86/kernel/smpboot.c | 2 +- arch/x86/kernel/traps.c | 1 - arch/x86/kernel/vm86_32.c | 4 +- arch/x86/kvm/emulate.c | 72 ++++++------ arch/x86/kvm/vmx.c | 23 ++-- arch/x86/kvm/x86.c | 51 ++++++--- arch/x86/kvm/x86.h | 4 +- arch/x86/mm/setup_nx.c | 4 +- drivers/char/hw_random/via-rng.c | 5 +- drivers/crypto/padlock-aes.c | 2 +- drivers/crypto/padlock-sha.c | 2 +- drivers/crypto/vmx/aes.c | 2 - drivers/crypto/vmx/aes_cbc.c | 2 - drivers/crypto/vmx/aes_ctr.c | 2 - drivers/crypto/vmx/ghash.c | 2 - drivers/gpio/gpiolib.c | 9 +- drivers/input/mouse/elan_i2c_core.c | 1 + drivers/input/touchscreen/goodix.c | 1 + drivers/iommu/intel_irq_remapping.c | 2 +- drivers/misc/vmw_balloon.c | 23 ++-- drivers/tty/serial/samsung.c | 7 +- fs/btrfs/disk-io.c | 2 +- include/linux/fs.h | 4 +- net/key/af_key.c | 45 ++++++-- 47 files changed, 259 insertions(+), 332 deletions(-)

7 years, 2 months

8
38
0 0

FAILED: patch "[PATCH] n_tty: Access echo_* variables carefully." failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From ebec3f8f5271139df618ebdf8427e24ba102ba94 Mon Sep 17 00:00:00 2001 From: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Date: Sat, 26 May 2018 09:53:14 +0900 Subject: [PATCH] n_tty: Access echo_* variables carefully. syzbot is reporting stalls at __process_echoes() [1]. This is because since ldata->echo_commit < ldata->echo_tail becomes true for some reason, the discard loop is serving as almost infinite loop. This patch tries to avoid falling into ldata->echo_commit < ldata->echo_tail situation by making access to echo_* variables more carefully. Since reset_buffer_flags() is called without output_lock held, it should not touch echo_* variables. And omit a call to reset_buffer_flags() from n_tty_open() by using vzalloc(). Since add_echo_byte() is called without output_lock held, it needs memory barrier between storing into echo_buf[] and incrementing echo_head counter. echo_buf() needs corresponding memory barrier before reading echo_buf[]. Lack of handling the possibility of not-yet-stored multi-byte operation might be the reason of falling into ldata->echo_commit < ldata->echo_tail situation, for if I do WARN_ON(ldata->echo_commit == tail + 1) prior to echo_buf(ldata, tail + 1), the WARN_ON() fires. Also, explicitly masking with buffer for the former "while" loop, and use ldata->echo_commit > tail for the latter "while" loop. [1] https://syzkaller.appspot.com/bug?id=17f23b094cd80df750e5b0f8982c521ee6bcbf… Signed-off-by: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Reported-by: syzbot <syzbot+108696293d7a21ab688f(a)syzkaller.appspotmail.com> Cc: Peter Hurley <peter(a)hurleysoftware.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c index b279f8730e04..431742201709 100644 --- a/drivers/tty/n_tty.c +++ b/drivers/tty/n_tty.c @@ -143,6 +143,7 @@ static inline unsigned char *read_buf_addr(struct n_tty_data *ldata, size_t i) static inline unsigned char echo_buf(struct n_tty_data *ldata, size_t i) { + smp_rmb(); /* Matches smp_wmb() in add_echo_byte(). */ return ldata->echo_buf[i & (N_TTY_BUF_SIZE - 1)]; } @@ -318,9 +319,7 @@ static inline void put_tty_queue(unsigned char c, struct n_tty_data *ldata) static void reset_buffer_flags(struct n_tty_data *ldata) { ldata->read_head = ldata->canon_head = ldata->read_tail = 0; - ldata->echo_head = ldata->echo_tail = ldata->echo_commit = 0; ldata->commit_head = 0; - ldata->echo_mark = 0; ldata->line_start = 0; ldata->erasing = 0; @@ -619,12 +618,19 @@ static size_t __process_echoes(struct tty_struct *tty) old_space = space = tty_write_room(tty); tail = ldata->echo_tail; - while (ldata->echo_commit != tail) { + while (MASK(ldata->echo_commit) != MASK(tail)) { c = echo_buf(ldata, tail); if (c == ECHO_OP_START) { unsigned char op; int no_space_left = 0; + /* + * Since add_echo_byte() is called without holding + * output_lock, we might see only portion of multi-byte + * operation. + */ + if (MASK(ldata->echo_commit) == MASK(tail + 1)) + goto not_yet_stored; /* * If the buffer byte is the start of a multi-byte * operation, get the next byte, which is either the @@ -636,6 +642,8 @@ static size_t __process_echoes(struct tty_struct *tty) unsigned int num_chars, num_bs; case ECHO_OP_ERASE_TAB: + if (MASK(ldata->echo_commit) == MASK(tail + 2)) + goto not_yet_stored; num_chars = echo_buf(ldata, tail + 2); /* @@ -730,7 +738,8 @@ static size_t __process_echoes(struct tty_struct *tty) /* If the echo buffer is nearly full (so that the possibility exists * of echo overrun before the next commit), then discard enough * data at the tail to prevent a subsequent overrun */ - while (ldata->echo_commit - tail >= ECHO_DISCARD_WATERMARK) { + while (ldata->echo_commit > tail && + ldata->echo_commit - tail >= ECHO_DISCARD_WATERMARK) { if (echo_buf(ldata, tail) == ECHO_OP_START) { if (echo_buf(ldata, tail + 1) == ECHO_OP_ERASE_TAB) tail += 3; @@ -740,6 +749,7 @@ static size_t __process_echoes(struct tty_struct *tty) tail++; } + not_yet_stored: ldata->echo_tail = tail; return old_space - space; } @@ -750,6 +760,7 @@ static void commit_echoes(struct tty_struct *tty) size_t nr, old, echoed; size_t head; + mutex_lock(&ldata->output_lock); head = ldata->echo_head; ldata->echo_mark = head; old = ldata->echo_commit - ldata->echo_tail; @@ -758,10 +769,12 @@ static void commit_echoes(struct tty_struct *tty) * is over the threshold (and try again each time another * block is accumulated) */ nr = head - ldata->echo_tail; - if (nr < ECHO_COMMIT_WATERMARK || (nr % ECHO_BLOCK > old % ECHO_BLOCK)) + if (nr < ECHO_COMMIT_WATERMARK || + (nr % ECHO_BLOCK > old % ECHO_BLOCK)) { + mutex_unlock(&ldata->output_lock); return; + } - mutex_lock(&ldata->output_lock); ldata->echo_commit = head; echoed = __process_echoes(tty); mutex_unlock(&ldata->output_lock); @@ -812,7 +825,9 @@ static void flush_echoes(struct tty_struct *tty) static inline void add_echo_byte(unsigned char c, struct n_tty_data *ldata) { - *echo_buf_addr(ldata, ldata->echo_head++) = c; + *echo_buf_addr(ldata, ldata->echo_head) = c; + smp_wmb(); /* Matches smp_rmb() in echo_buf(). */ + ldata->echo_head++; } /** @@ -1881,30 +1896,21 @@ static int n_tty_open(struct tty_struct *tty) struct n_tty_data *ldata; /* Currently a malloc failure here can panic */ - ldata = vmalloc(sizeof(*ldata)); + ldata = vzalloc(sizeof(*ldata)); if (!ldata) - goto err; + return -ENOMEM; ldata->overrun_time = jiffies; mutex_init(&ldata->atomic_read_lock); mutex_init(&ldata->output_lock); tty->disc_data = ldata; - reset_buffer_flags(tty->disc_data); - ldata->column = 0; - ldata->canon_column = 0; - ldata->num_overrun = 0; - ldata->no_room = 0; - ldata->lnext = 0; tty->closing = 0; /* indicate buffer work may resume */ clear_bit(TTY_LDISC_HALTED, &tty->flags); n_tty_set_termios(tty, NULL); tty_unthrottle(tty); - return 0; -err: - return -ENOMEM; } static inline int input_available_p(struct tty_struct *tty, int poll)

7 years, 2 months

3
2
0 0

FAILED: patch "[PATCH] drm/i915/gen9: Add WaClearHIZ_WM_CHICKEN3 for bxt and glk" failed to apply to 4.17-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.17-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 0c79f9cb77eae28d48a4f9fc1b3341aacbbd260c Mon Sep 17 00:00:00 2001 From: Michel Thierry <michel.thierry(a)intel.com> Date: Thu, 10 May 2018 13:07:08 -0700 Subject: [PATCH] drm/i915/gen9: Add WaClearHIZ_WM_CHICKEN3 for bxt and glk Factor in clear values wherever required while updating destination min/max. References: HSDES#1604444184 Signed-off-by: Michel Thierry <michel.thierry(a)intel.com> Cc: mesa-dev(a)lists.freedesktop.org Cc: Mika Kuoppala <mika.kuoppala(a)linux.intel.com> Cc: Oscar Mateo <oscar.mateo(a)intel.com> Reviewed-by: Mika Kuoppala <mika.kuoppala(a)linux.intel.com> Signed-off-by: Chris Wilson <chris(a)chris-wilson.co.uk> Link: https://patchwork.freedesktop.org/patch/msgid/20180510200708.18097-1-michel… Cc: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/i915/i915_reg.h b/drivers/gpu/drm/i915/i915_reg.h index 14491782aa9e..f11bb213ec07 100644 --- a/drivers/gpu/drm/i915/i915_reg.h +++ b/drivers/gpu/drm/i915/i915_reg.h @@ -7259,6 +7259,9 @@ enum { #define SLICE_ECO_CHICKEN0 _MMIO(0x7308) #define PIXEL_MASK_CAMMING_DISABLE (1 << 14) +#define GEN9_WM_CHICKEN3 _MMIO(0x5588) +#define GEN9_FACTOR_IN_CLR_VAL_HIZ (1 << 9) + /* WaCatErrorRejectionIssue */ #define GEN7_SQ_CHICKEN_MBCUNIT_CONFIG _MMIO(0x9030) #define GEN7_SQ_CHICKEN_MBCUNIT_SQINTMOB (1<<11) diff --git a/drivers/gpu/drm/i915/intel_workarounds.c b/drivers/gpu/drm/i915/intel_workarounds.c index 5eec4ce965a5..2df3538ceba5 100644 --- a/drivers/gpu/drm/i915/intel_workarounds.c +++ b/drivers/gpu/drm/i915/intel_workarounds.c @@ -270,6 +270,10 @@ static int gen9_ctx_workarounds_init(struct drm_i915_private *dev_priv) GEN9_PREEMPT_GPGPU_LEVEL_MASK, GEN9_PREEMPT_GPGPU_COMMAND_LEVEL); + /* WaClearHIZ_WM_CHICKEN3:bxt,glk */ + if (IS_GEN9_LP(dev_priv)) + WA_SET_BIT_MASKED(GEN9_WM_CHICKEN3, GEN9_FACTOR_IN_CLR_VAL_HIZ); + return 0; }

7 years, 2 months

3
2
0 0

FAILED: patch "[PATCH] drm/atmel-hlcdc: check stride values in the first plane" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 9fcf2b3c1c0276650fea537c71b513d27d929b05 Mon Sep 17 00:00:00 2001 From: Stefan Agner <stefan(a)agner.ch> Date: Sun, 17 Jun 2018 10:48:22 +0200 Subject: [PATCH] drm/atmel-hlcdc: check stride values in the first plane The statement always evaluates to true since the struct fields are arrays. This has shown up as a warning when compiling with clang: warning: address of array 'desc->layout.xstride' will always evaluate to 'true' [-Wpointer-bool-conversion] Check for values in the first plane instead. Fixes: 1a396789f65a ("drm: add Atmel HLCDC Display Controller support") Cc: <stable(a)vger.kernel.org> Signed-off-by: Stefan Agner <stefan(a)agner.ch> Signed-off-by: Boris Brezillon <boris.brezillon(a)bootlin.com> Link: https://patchwork.freedesktop.org/patch/msgid/20180617084826.31885-1-stefan… diff --git a/drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_plane.c b/drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_plane.c index e18800ed7cd1..7b8191eae68a 100644 --- a/drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_plane.c +++ b/drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_plane.c @@ -875,7 +875,7 @@ static int atmel_hlcdc_plane_init_properties(struct atmel_hlcdc_plane *plane, drm_object_attach_property(&plane->base.base, props->alpha, 255); - if (desc->layout.xstride && desc->layout.pstride) { + if (desc->layout.xstride[0] && desc->layout.pstride[0]) { int ret; ret = drm_plane_create_rotation_property(&plane->base,

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] drm/atmel-hlcdc: check stride values in the first plane" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 9fcf2b3c1c0276650fea537c71b513d27d929b05 Mon Sep 17 00:00:00 2001 From: Stefan Agner <stefan(a)agner.ch> Date: Sun, 17 Jun 2018 10:48:22 +0200 Subject: [PATCH] drm/atmel-hlcdc: check stride values in the first plane The statement always evaluates to true since the struct fields are arrays. This has shown up as a warning when compiling with clang: warning: address of array 'desc->layout.xstride' will always evaluate to 'true' [-Wpointer-bool-conversion] Check for values in the first plane instead. Fixes: 1a396789f65a ("drm: add Atmel HLCDC Display Controller support") Cc: <stable(a)vger.kernel.org> Signed-off-by: Stefan Agner <stefan(a)agner.ch> Signed-off-by: Boris Brezillon <boris.brezillon(a)bootlin.com> Link: https://patchwork.freedesktop.org/patch/msgid/20180617084826.31885-1-stefan… diff --git a/drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_plane.c b/drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_plane.c index e18800ed7cd1..7b8191eae68a 100644 --- a/drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_plane.c +++ b/drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_plane.c @@ -875,7 +875,7 @@ static int atmel_hlcdc_plane_init_properties(struct atmel_hlcdc_plane *plane, drm_object_attach_property(&plane->base.base, props->alpha, 255); - if (desc->layout.xstride && desc->layout.pstride) { + if (desc->layout.xstride[0] && desc->layout.pstride[0]) { int ret; ret = drm_plane_create_rotation_property(&plane->base,

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] drm/amd/pp: initialize result to before or'ing in data" failed to apply to 4.17-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.17-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From c4ff91dd40e2253ab6dd028011469c2c694e1e19 Mon Sep 17 00:00:00 2001 From: Colin Ian King <colin.king(a)canonical.com> Date: Wed, 6 Jun 2018 13:18:31 +0100 Subject: [PATCH] drm/amd/pp: initialize result to before or'ing in data The current use of result is or'ing in values and checking for a non-zero result, however, result is not initialized to zero so it potentially contains garbage to start with. Fix this by initializing it to the first return from the call to vega10_program_didt_config_registers. Detected by cppcheck: "(error) Uninitialized variable: result" Fixes: 9b7b8154cdb8 ("drm/amd/powerplay: added didt support for vega10") Signed-off-by: Colin Ian King <colin.king(a)canonical.com> Acked-by: Huang Rui <ray.huang(a)amd.com> [Fix the subject as Colin's comment] Signed-off-by: Huang Rui <ray.huang(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/powerplay/hwmgr/vega10_powertune.c b/drivers/gpu/drm/amd/powerplay/hwmgr/vega10_powertune.c index a9efd8554fbc..dbe4b1f66784 100644 --- a/drivers/gpu/drm/amd/powerplay/hwmgr/vega10_powertune.c +++ b/drivers/gpu/drm/amd/powerplay/hwmgr/vega10_powertune.c @@ -1104,7 +1104,7 @@ static int vega10_enable_psm_gc_edc_config(struct pp_hwmgr *hwmgr) for (count = 0; count < num_se; count++) { data = GRBM_GFX_INDEX__INSTANCE_BROADCAST_WRITES_MASK | GRBM_GFX_INDEX__SH_BROADCAST_WRITES_MASK | ( count << GRBM_GFX_INDEX__SE_INDEX__SHIFT); WREG32_SOC15(GC, 0, mmGRBM_GFX_INDEX, data); - result |= vega10_program_didt_config_registers(hwmgr, PSMSEEDCStallPatternConfig_Vega10, VEGA10_CONFIGREG_DIDT); + result = vega10_program_didt_config_registers(hwmgr, PSMSEEDCStallPatternConfig_Vega10, VEGA10_CONFIGREG_DIDT); result |= vega10_program_didt_config_registers(hwmgr, PSMSEEDCStallDelayConfig_Vega10, VEGA10_CONFIGREG_DIDT); result |= vega10_program_didt_config_registers(hwmgr, PSMSEEDCCtrlResetConfig_Vega10, VEGA10_CONFIGREG_DIDT); result |= vega10_program_didt_config_registers(hwmgr, PSMSEEDCCtrlConfig_Vega10, VEGA10_CONFIGREG_DIDT);

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] Revert "drm/i915/edp: Allow alternate fixed mode for eDP if" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 368b554d63948133aca05e63ff8f5f4fbc2804d4 Mon Sep 17 00:00:00 2001 From: Jani Nikula <jani.nikula(a)intel.com> Date: Wed, 16 May 2018 11:01:10 +0300 Subject: [PATCH] Revert "drm/i915/edp: Allow alternate fixed mode for eDP if available." This reverts commit dc911f5bd8aacfcf8aabd5c26c88e04c837a938e. Per the report, no matter what display mode you select with xrandr, the i915 driver will always select the alternate fixed mode. For the reporter this means that the display will always run at 40Hz which is quite annoying. This may be due to the mode comparison. But there are some other potential issues. The choice of alt_fixed_mode seems dubious. It's the first non-preferred mode, but there are no guarantees that the only difference would be refresh rate. Similarly, there may be more than one preferred mode in the probed modes list, and the commit changes the preferred mode selection to choose the last one on the list instead of the first. (Note that the probed modes list is the raw, unfiltered, unsorted list of modes from drm_add_edid_modes(), not the pretty result after a drm_helper_probe_single_connector_modes() call.) Finally, we already have eerily similar code in place to find the downclock mode for DRRS that seems like could be reused here. Back to the drawing board. Note: This is a hand-crafted revert due to conflicts. If it fails to backport, please just try reverting the original commit directly. Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=105469 Reported-by: Rune Petersen <rune(a)megahurts.dk> Reported-by: Mark Spencer <n7u4722r35(a)ynzlx.anonbox.net> Fixes: dc911f5bd8aa ("drm/i915/edp: Allow alternate fixed mode for eDP if available.") Cc: Clint Taylor <clinton.a.taylor(a)intel.com> Cc: David Weinehall <david.weinehall(a)linux.intel.com> Cc: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Cc: Paulo Zanoni <paulo.r.zanoni(a)intel.com> Cc: Jani Nikula <jani.nikula(a)intel.com> Cc: Chris Wilson <chris(a)chris-wilson.co.uk> Cc: Jim Bride <jim.bride(a)linux.intel.com> Cc: Jani Nikula <jani.nikula(a)linux.intel.com> Cc: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> Cc: intel-gfx(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v4.14+ Signed-off-by: Jani Nikula <jani.nikula(a)intel.com> Reviewed-by: Dhinakaran Pandiyan <dhinakaran.pandiyan(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20180516080110.22770-1-jani.n… (cherry picked from commit d93fa1b47b8fcd149b5091f18385304f402a8e15) Signed-off-by: Jani Nikula <jani.nikula(a)intel.com> diff --git a/drivers/gpu/drm/i915/intel_dp.c b/drivers/gpu/drm/i915/intel_dp.c index dde92e4af5d3..8320f0e8e3be 100644 --- a/drivers/gpu/drm/i915/intel_dp.c +++ b/drivers/gpu/drm/i915/intel_dp.c @@ -1679,23 +1679,6 @@ static int intel_dp_compute_bpp(struct intel_dp *intel_dp, return bpp; } -static bool intel_edp_compare_alt_mode(struct drm_display_mode *m1, - struct drm_display_mode *m2) -{ - bool bres = false; - - if (m1 && m2) - bres = (m1->hdisplay == m2->hdisplay && - m1->hsync_start == m2->hsync_start && - m1->hsync_end == m2->hsync_end && - m1->htotal == m2->htotal && - m1->vdisplay == m2->vdisplay && - m1->vsync_start == m2->vsync_start && - m1->vsync_end == m2->vsync_end && - m1->vtotal == m2->vtotal); - return bres; -} - /* Adjust link config limits based on compliance test requests. */ static void intel_dp_adjust_compliance_config(struct intel_dp *intel_dp, @@ -1860,16 +1843,8 @@ intel_dp_compute_config(struct intel_encoder *encoder, pipe_config->has_audio = intel_conn_state->force_audio == HDMI_AUDIO_ON; if (intel_dp_is_edp(intel_dp) && intel_connector->panel.fixed_mode) { - struct drm_display_mode *panel_mode = - intel_connector->panel.alt_fixed_mode; - struct drm_display_mode *req_mode = &pipe_config->base.mode; - - if (!intel_edp_compare_alt_mode(req_mode, panel_mode)) - panel_mode = intel_connector->panel.fixed_mode; - - drm_mode_debug_printmodeline(panel_mode); - - intel_fixed_panel_mode(panel_mode, adjusted_mode); + intel_fixed_panel_mode(intel_connector->panel.fixed_mode, + adjusted_mode); if (INTEL_GEN(dev_priv) >= 9) { int ret; @@ -6159,7 +6134,6 @@ static bool intel_edp_init_connector(struct intel_dp *intel_dp, struct drm_i915_private *dev_priv = to_i915(dev); struct drm_connector *connector = &intel_connector->base; struct drm_display_mode *fixed_mode = NULL; - struct drm_display_mode *alt_fixed_mode = NULL; struct drm_display_mode *downclock_mode = NULL; bool has_dpcd; struct drm_display_mode *scan; @@ -6214,14 +6188,13 @@ static bool intel_edp_init_connector(struct intel_dp *intel_dp, } intel_connector->edid = edid; - /* prefer fixed mode from EDID if available, save an alt mode also */ + /* prefer fixed mode from EDID if available */ list_for_each_entry(scan, &connector->probed_modes, head) { if ((scan->type & DRM_MODE_TYPE_PREFERRED)) { fixed_mode = drm_mode_duplicate(dev, scan); downclock_mode = intel_dp_drrs_init( intel_connector, fixed_mode); - } else if (!alt_fixed_mode) { - alt_fixed_mode = drm_mode_duplicate(dev, scan); + break; } } @@ -6258,8 +6231,7 @@ static bool intel_edp_init_connector(struct intel_dp *intel_dp, pipe_name(pipe)); } - intel_panel_init(&intel_connector->panel, fixed_mode, alt_fixed_mode, - downclock_mode); + intel_panel_init(&intel_connector->panel, fixed_mode, downclock_mode); intel_connector->panel.backlight.power = intel_edp_backlight_power; intel_panel_setup_backlight(connector, pipe); diff --git a/drivers/gpu/drm/i915/intel_drv.h b/drivers/gpu/drm/i915/intel_drv.h index d7dbca1aabff..0361130500a6 100644 --- a/drivers/gpu/drm/i915/intel_drv.h +++ b/drivers/gpu/drm/i915/intel_drv.h @@ -277,7 +277,6 @@ struct intel_encoder { struct intel_panel { struct drm_display_mode *fixed_mode; - struct drm_display_mode *alt_fixed_mode; struct drm_display_mode *downclock_mode; /* backlight */ @@ -1850,7 +1849,6 @@ void intel_overlay_reset(struct drm_i915_private *dev_priv); /* intel_panel.c */ int intel_panel_init(struct intel_panel *panel, struct drm_display_mode *fixed_mode, - struct drm_display_mode *alt_fixed_mode, struct drm_display_mode *downclock_mode); void intel_panel_fini(struct intel_panel *panel); void intel_fixed_panel_mode(const struct drm_display_mode *fixed_mode, diff --git a/drivers/gpu/drm/i915/intel_dsi.c b/drivers/gpu/drm/i915/intel_dsi.c index 51a1d6868b1e..cf39ca90d887 100644 --- a/drivers/gpu/drm/i915/intel_dsi.c +++ b/drivers/gpu/drm/i915/intel_dsi.c @@ -1846,7 +1846,7 @@ void intel_dsi_init(struct drm_i915_private *dev_priv) connector->display_info.width_mm = fixed_mode->width_mm; connector->display_info.height_mm = fixed_mode->height_mm; - intel_panel_init(&intel_connector->panel, fixed_mode, NULL, NULL); + intel_panel_init(&intel_connector->panel, fixed_mode, NULL); intel_panel_setup_backlight(connector, INVALID_PIPE); intel_dsi_add_properties(intel_connector); diff --git a/drivers/gpu/drm/i915/intel_dvo.c b/drivers/gpu/drm/i915/intel_dvo.c index eb0c559b2715..a70d767313aa 100644 --- a/drivers/gpu/drm/i915/intel_dvo.c +++ b/drivers/gpu/drm/i915/intel_dvo.c @@ -536,7 +536,7 @@ void intel_dvo_init(struct drm_i915_private *dev_priv) */ intel_panel_init(&intel_connector->panel, intel_dvo_get_current_mode(intel_encoder), - NULL, NULL); + NULL); intel_dvo->panel_wants_dither = true; } diff --git a/drivers/gpu/drm/i915/intel_lvds.c b/drivers/gpu/drm/i915/intel_lvds.c index 8691c86f579c..d8ece907ff54 100644 --- a/drivers/gpu/drm/i915/intel_lvds.c +++ b/drivers/gpu/drm/i915/intel_lvds.c @@ -1140,8 +1140,7 @@ void intel_lvds_init(struct drm_i915_private *dev_priv) out: mutex_unlock(&dev->mode_config.mutex); - intel_panel_init(&intel_connector->panel, fixed_mode, NULL, - downclock_mode); + intel_panel_init(&intel_connector->panel, fixed_mode, downclock_mode); intel_panel_setup_backlight(connector, INVALID_PIPE); lvds_encoder->is_dual_link = compute_is_dual_link_lvds(lvds_encoder); diff --git a/drivers/gpu/drm/i915/intel_panel.c b/drivers/gpu/drm/i915/intel_panel.c index 41d00b1603e3..b443278e569c 100644 --- a/drivers/gpu/drm/i915/intel_panel.c +++ b/drivers/gpu/drm/i915/intel_panel.c @@ -1928,13 +1928,11 @@ intel_panel_init_backlight_funcs(struct intel_panel *panel) int intel_panel_init(struct intel_panel *panel, struct drm_display_mode *fixed_mode, - struct drm_display_mode *alt_fixed_mode, struct drm_display_mode *downclock_mode) { intel_panel_init_backlight_funcs(panel); panel->fixed_mode = fixed_mode; - panel->alt_fixed_mode = alt_fixed_mode; panel->downclock_mode = downclock_mode; return 0; @@ -1948,10 +1946,6 @@ void intel_panel_fini(struct intel_panel *panel) if (panel->fixed_mode) drm_mode_destroy(intel_connector->base.dev, panel->fixed_mode); - if (panel->alt_fixed_mode) - drm_mode_destroy(intel_connector->base.dev, - panel->alt_fixed_mode); - if (panel->downclock_mode) drm_mode_destroy(intel_connector->base.dev, panel->downclock_mode);

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] Revert "drm/i915/edp: Allow alternate fixed mode for eDP if" failed to apply to 4.17-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.17-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 368b554d63948133aca05e63ff8f5f4fbc2804d4 Mon Sep 17 00:00:00 2001 From: Jani Nikula <jani.nikula(a)intel.com> Date: Wed, 16 May 2018 11:01:10 +0300 Subject: [PATCH] Revert "drm/i915/edp: Allow alternate fixed mode for eDP if available." This reverts commit dc911f5bd8aacfcf8aabd5c26c88e04c837a938e. Per the report, no matter what display mode you select with xrandr, the i915 driver will always select the alternate fixed mode. For the reporter this means that the display will always run at 40Hz which is quite annoying. This may be due to the mode comparison. But there are some other potential issues. The choice of alt_fixed_mode seems dubious. It's the first non-preferred mode, but there are no guarantees that the only difference would be refresh rate. Similarly, there may be more than one preferred mode in the probed modes list, and the commit changes the preferred mode selection to choose the last one on the list instead of the first. (Note that the probed modes list is the raw, unfiltered, unsorted list of modes from drm_add_edid_modes(), not the pretty result after a drm_helper_probe_single_connector_modes() call.) Finally, we already have eerily similar code in place to find the downclock mode for DRRS that seems like could be reused here. Back to the drawing board. Note: This is a hand-crafted revert due to conflicts. If it fails to backport, please just try reverting the original commit directly. Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=105469 Reported-by: Rune Petersen <rune(a)megahurts.dk> Reported-by: Mark Spencer <n7u4722r35(a)ynzlx.anonbox.net> Fixes: dc911f5bd8aa ("drm/i915/edp: Allow alternate fixed mode for eDP if available.") Cc: Clint Taylor <clinton.a.taylor(a)intel.com> Cc: David Weinehall <david.weinehall(a)linux.intel.com> Cc: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Cc: Paulo Zanoni <paulo.r.zanoni(a)intel.com> Cc: Jani Nikula <jani.nikula(a)intel.com> Cc: Chris Wilson <chris(a)chris-wilson.co.uk> Cc: Jim Bride <jim.bride(a)linux.intel.com> Cc: Jani Nikula <jani.nikula(a)linux.intel.com> Cc: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> Cc: intel-gfx(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v4.14+ Signed-off-by: Jani Nikula <jani.nikula(a)intel.com> Reviewed-by: Dhinakaran Pandiyan <dhinakaran.pandiyan(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20180516080110.22770-1-jani.n… (cherry picked from commit d93fa1b47b8fcd149b5091f18385304f402a8e15) Signed-off-by: Jani Nikula <jani.nikula(a)intel.com> diff --git a/drivers/gpu/drm/i915/intel_dp.c b/drivers/gpu/drm/i915/intel_dp.c index dde92e4af5d3..8320f0e8e3be 100644 --- a/drivers/gpu/drm/i915/intel_dp.c +++ b/drivers/gpu/drm/i915/intel_dp.c @@ -1679,23 +1679,6 @@ static int intel_dp_compute_bpp(struct intel_dp *intel_dp, return bpp; } -static bool intel_edp_compare_alt_mode(struct drm_display_mode *m1, - struct drm_display_mode *m2) -{ - bool bres = false; - - if (m1 && m2) - bres = (m1->hdisplay == m2->hdisplay && - m1->hsync_start == m2->hsync_start && - m1->hsync_end == m2->hsync_end && - m1->htotal == m2->htotal && - m1->vdisplay == m2->vdisplay && - m1->vsync_start == m2->vsync_start && - m1->vsync_end == m2->vsync_end && - m1->vtotal == m2->vtotal); - return bres; -} - /* Adjust link config limits based on compliance test requests. */ static void intel_dp_adjust_compliance_config(struct intel_dp *intel_dp, @@ -1860,16 +1843,8 @@ intel_dp_compute_config(struct intel_encoder *encoder, pipe_config->has_audio = intel_conn_state->force_audio == HDMI_AUDIO_ON; if (intel_dp_is_edp(intel_dp) && intel_connector->panel.fixed_mode) { - struct drm_display_mode *panel_mode = - intel_connector->panel.alt_fixed_mode; - struct drm_display_mode *req_mode = &pipe_config->base.mode; - - if (!intel_edp_compare_alt_mode(req_mode, panel_mode)) - panel_mode = intel_connector->panel.fixed_mode; - - drm_mode_debug_printmodeline(panel_mode); - - intel_fixed_panel_mode(panel_mode, adjusted_mode); + intel_fixed_panel_mode(intel_connector->panel.fixed_mode, + adjusted_mode); if (INTEL_GEN(dev_priv) >= 9) { int ret; @@ -6159,7 +6134,6 @@ static bool intel_edp_init_connector(struct intel_dp *intel_dp, struct drm_i915_private *dev_priv = to_i915(dev); struct drm_connector *connector = &intel_connector->base; struct drm_display_mode *fixed_mode = NULL; - struct drm_display_mode *alt_fixed_mode = NULL; struct drm_display_mode *downclock_mode = NULL; bool has_dpcd; struct drm_display_mode *scan; @@ -6214,14 +6188,13 @@ static bool intel_edp_init_connector(struct intel_dp *intel_dp, } intel_connector->edid = edid; - /* prefer fixed mode from EDID if available, save an alt mode also */ + /* prefer fixed mode from EDID if available */ list_for_each_entry(scan, &connector->probed_modes, head) { if ((scan->type & DRM_MODE_TYPE_PREFERRED)) { fixed_mode = drm_mode_duplicate(dev, scan); downclock_mode = intel_dp_drrs_init( intel_connector, fixed_mode); - } else if (!alt_fixed_mode) { - alt_fixed_mode = drm_mode_duplicate(dev, scan); + break; } } @@ -6258,8 +6231,7 @@ static bool intel_edp_init_connector(struct intel_dp *intel_dp, pipe_name(pipe)); } - intel_panel_init(&intel_connector->panel, fixed_mode, alt_fixed_mode, - downclock_mode); + intel_panel_init(&intel_connector->panel, fixed_mode, downclock_mode); intel_connector->panel.backlight.power = intel_edp_backlight_power; intel_panel_setup_backlight(connector, pipe); diff --git a/drivers/gpu/drm/i915/intel_drv.h b/drivers/gpu/drm/i915/intel_drv.h index d7dbca1aabff..0361130500a6 100644 --- a/drivers/gpu/drm/i915/intel_drv.h +++ b/drivers/gpu/drm/i915/intel_drv.h @@ -277,7 +277,6 @@ struct intel_encoder { struct intel_panel { struct drm_display_mode *fixed_mode; - struct drm_display_mode *alt_fixed_mode; struct drm_display_mode *downclock_mode; /* backlight */ @@ -1850,7 +1849,6 @@ void intel_overlay_reset(struct drm_i915_private *dev_priv); /* intel_panel.c */ int intel_panel_init(struct intel_panel *panel, struct drm_display_mode *fixed_mode, - struct drm_display_mode *alt_fixed_mode, struct drm_display_mode *downclock_mode); void intel_panel_fini(struct intel_panel *panel); void intel_fixed_panel_mode(const struct drm_display_mode *fixed_mode, diff --git a/drivers/gpu/drm/i915/intel_dsi.c b/drivers/gpu/drm/i915/intel_dsi.c index 51a1d6868b1e..cf39ca90d887 100644 --- a/drivers/gpu/drm/i915/intel_dsi.c +++ b/drivers/gpu/drm/i915/intel_dsi.c @@ -1846,7 +1846,7 @@ void intel_dsi_init(struct drm_i915_private *dev_priv) connector->display_info.width_mm = fixed_mode->width_mm; connector->display_info.height_mm = fixed_mode->height_mm; - intel_panel_init(&intel_connector->panel, fixed_mode, NULL, NULL); + intel_panel_init(&intel_connector->panel, fixed_mode, NULL); intel_panel_setup_backlight(connector, INVALID_PIPE); intel_dsi_add_properties(intel_connector); diff --git a/drivers/gpu/drm/i915/intel_dvo.c b/drivers/gpu/drm/i915/intel_dvo.c index eb0c559b2715..a70d767313aa 100644 --- a/drivers/gpu/drm/i915/intel_dvo.c +++ b/drivers/gpu/drm/i915/intel_dvo.c @@ -536,7 +536,7 @@ void intel_dvo_init(struct drm_i915_private *dev_priv) */ intel_panel_init(&intel_connector->panel, intel_dvo_get_current_mode(intel_encoder), - NULL, NULL); + NULL); intel_dvo->panel_wants_dither = true; } diff --git a/drivers/gpu/drm/i915/intel_lvds.c b/drivers/gpu/drm/i915/intel_lvds.c index 8691c86f579c..d8ece907ff54 100644 --- a/drivers/gpu/drm/i915/intel_lvds.c +++ b/drivers/gpu/drm/i915/intel_lvds.c @@ -1140,8 +1140,7 @@ void intel_lvds_init(struct drm_i915_private *dev_priv) out: mutex_unlock(&dev->mode_config.mutex); - intel_panel_init(&intel_connector->panel, fixed_mode, NULL, - downclock_mode); + intel_panel_init(&intel_connector->panel, fixed_mode, downclock_mode); intel_panel_setup_backlight(connector, INVALID_PIPE); lvds_encoder->is_dual_link = compute_is_dual_link_lvds(lvds_encoder); diff --git a/drivers/gpu/drm/i915/intel_panel.c b/drivers/gpu/drm/i915/intel_panel.c index 41d00b1603e3..b443278e569c 100644 --- a/drivers/gpu/drm/i915/intel_panel.c +++ b/drivers/gpu/drm/i915/intel_panel.c @@ -1928,13 +1928,11 @@ intel_panel_init_backlight_funcs(struct intel_panel *panel) int intel_panel_init(struct intel_panel *panel, struct drm_display_mode *fixed_mode, - struct drm_display_mode *alt_fixed_mode, struct drm_display_mode *downclock_mode) { intel_panel_init_backlight_funcs(panel); panel->fixed_mode = fixed_mode; - panel->alt_fixed_mode = alt_fixed_mode; panel->downclock_mode = downclock_mode; return 0; @@ -1948,10 +1946,6 @@ void intel_panel_fini(struct intel_panel *panel) if (panel->fixed_mode) drm_mode_destroy(intel_connector->base.dev, panel->fixed_mode); - if (panel->alt_fixed_mode) - drm_mode_destroy(intel_connector->base.dev, - panel->alt_fixed_mode); - if (panel->downclock_mode) drm_mode_destroy(intel_connector->base.dev, panel->downclock_mode);

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] drm/i915/psr: Chase psr.enabled only under the psr.lock" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From daeb725e919c0d2d4b628aeaa1fa053125f888b2 Mon Sep 17 00:00:00 2001 From: Chris Wilson <chris(a)chris-wilson.co.uk> Date: Thu, 5 Apr 2018 12:49:15 +0100 Subject: [PATCH] drm/i915/psr: Chase psr.enabled only under the psr.lock Inside the psr work function, we want to wait for PSR to idle first and wish to do so without blocking the normal modeset path, so we do so without holding the PSR lock. However, we first have to find which pipe PSR was enabled on, which requires chasing into the PSR struct and requires locking to prevent intel_psr_disable() from concurrently setting our pointer to NULL. Fixes: 995d30477496 ("drm/i915: VLV/CHV PSR Software timer mode") Signed-off-by: Chris Wilson <chris(a)chris-wilson.co.uk> Cc: Durgadoss R <durgadoss.r(a)intel.com> Cc: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Cc: <stable(a)vger.kernel.org> # v4.0+ Reviewed-by: Jose Roberto de Souza <jose.souza(a)intel.com> Acked-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20180405114915.29609-1-chris@… diff --git a/drivers/gpu/drm/i915/intel_psr.c b/drivers/gpu/drm/i915/intel_psr.c index 2d53f7398a6d..69a5b276f4d8 100644 --- a/drivers/gpu/drm/i915/intel_psr.c +++ b/drivers/gpu/drm/i915/intel_psr.c @@ -775,53 +775,59 @@ void intel_psr_disable(struct intel_dp *intel_dp, cancel_delayed_work_sync(&dev_priv->psr.work); } -static void intel_psr_work(struct work_struct *work) +static bool psr_wait_for_idle(struct drm_i915_private *dev_priv) { - struct drm_i915_private *dev_priv = - container_of(work, typeof(*dev_priv), psr.work.work); - struct intel_dp *intel_dp = dev_priv->psr.enabled; - struct drm_crtc *crtc = dp_to_dig_port(intel_dp)->base.base.crtc; - enum pipe pipe = to_intel_crtc(crtc)->pipe; + struct intel_dp *intel_dp; + i915_reg_t reg; + u32 mask; + int err; + + intel_dp = dev_priv->psr.enabled; + if (!intel_dp) + return false; - /* We have to make sure PSR is ready for re-enable - * otherwise it keeps disabled until next full enable/disable cycle. - * PSR might take some time to get fully disabled - * and be ready for re-enable. - */ if (HAS_DDI(dev_priv)) { if (dev_priv->psr.psr2_enabled) { - if (intel_wait_for_register(dev_priv, - EDP_PSR2_STATUS, - EDP_PSR2_STATUS_STATE_MASK, - 0, - 50)) { - DRM_ERROR("Timed out waiting for PSR2 Idle for re-enable\n"); - return; - } + reg = EDP_PSR2_STATUS; + mask = EDP_PSR2_STATUS_STATE_MASK; } else { - if (intel_wait_for_register(dev_priv, - EDP_PSR_STATUS, - EDP_PSR_STATUS_STATE_MASK, - 0, - 50)) { - DRM_ERROR("Timed out waiting for PSR Idle for re-enable\n"); - return; - } + reg = EDP_PSR_STATUS; + mask = EDP_PSR_STATUS_STATE_MASK; } } else { - if (intel_wait_for_register(dev_priv, - VLV_PSRSTAT(pipe), - VLV_EDP_PSR_IN_TRANS, - 0, - 1)) { - DRM_ERROR("Timed out waiting for PSR Idle for re-enable\n"); - return; - } + struct drm_crtc *crtc = + dp_to_dig_port(intel_dp)->base.base.crtc; + enum pipe pipe = to_intel_crtc(crtc)->pipe; + + reg = VLV_PSRSTAT(pipe); + mask = VLV_EDP_PSR_IN_TRANS; } + + mutex_unlock(&dev_priv->psr.lock); + + err = intel_wait_for_register(dev_priv, reg, mask, 0, 50); + if (err) + DRM_ERROR("Timed out waiting for PSR Idle for re-enable\n"); + + /* After the unlocked wait, verify that PSR is still wanted! */ mutex_lock(&dev_priv->psr.lock); - intel_dp = dev_priv->psr.enabled; + return err == 0 && dev_priv->psr.enabled; +} - if (!intel_dp) +static void intel_psr_work(struct work_struct *work) +{ + struct drm_i915_private *dev_priv = + container_of(work, typeof(*dev_priv), psr.work.work); + + mutex_lock(&dev_priv->psr.lock); + + /* + * We have to make sure PSR is ready for re-enable + * otherwise it keeps disabled until next full enable/disable cycle. + * PSR might take some time to get fully disabled + * and be ready for re-enable. + */ + if (!psr_wait_for_idle(dev_priv)) goto unlock; /* @@ -832,7 +838,7 @@ static void intel_psr_work(struct work_struct *work) if (dev_priv->psr.busy_frontbuffer_bits) goto unlock; - intel_psr_activate(intel_dp); + intel_psr_activate(dev_priv->psr.enabled); unlock: mutex_unlock(&dev_priv->psr.lock); }

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] drm/i915/psr: Chase psr.enabled only under the psr.lock" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From daeb725e919c0d2d4b628aeaa1fa053125f888b2 Mon Sep 17 00:00:00 2001 From: Chris Wilson <chris(a)chris-wilson.co.uk> Date: Thu, 5 Apr 2018 12:49:15 +0100 Subject: [PATCH] drm/i915/psr: Chase psr.enabled only under the psr.lock Inside the psr work function, we want to wait for PSR to idle first and wish to do so without blocking the normal modeset path, so we do so without holding the PSR lock. However, we first have to find which pipe PSR was enabled on, which requires chasing into the PSR struct and requires locking to prevent intel_psr_disable() from concurrently setting our pointer to NULL. Fixes: 995d30477496 ("drm/i915: VLV/CHV PSR Software timer mode") Signed-off-by: Chris Wilson <chris(a)chris-wilson.co.uk> Cc: Durgadoss R <durgadoss.r(a)intel.com> Cc: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Cc: <stable(a)vger.kernel.org> # v4.0+ Reviewed-by: Jose Roberto de Souza <jose.souza(a)intel.com> Acked-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20180405114915.29609-1-chris@… diff --git a/drivers/gpu/drm/i915/intel_psr.c b/drivers/gpu/drm/i915/intel_psr.c index 2d53f7398a6d..69a5b276f4d8 100644 --- a/drivers/gpu/drm/i915/intel_psr.c +++ b/drivers/gpu/drm/i915/intel_psr.c @@ -775,53 +775,59 @@ void intel_psr_disable(struct intel_dp *intel_dp, cancel_delayed_work_sync(&dev_priv->psr.work); } -static void intel_psr_work(struct work_struct *work) +static bool psr_wait_for_idle(struct drm_i915_private *dev_priv) { - struct drm_i915_private *dev_priv = - container_of(work, typeof(*dev_priv), psr.work.work); - struct intel_dp *intel_dp = dev_priv->psr.enabled; - struct drm_crtc *crtc = dp_to_dig_port(intel_dp)->base.base.crtc; - enum pipe pipe = to_intel_crtc(crtc)->pipe; + struct intel_dp *intel_dp; + i915_reg_t reg; + u32 mask; + int err; + + intel_dp = dev_priv->psr.enabled; + if (!intel_dp) + return false; - /* We have to make sure PSR is ready for re-enable - * otherwise it keeps disabled until next full enable/disable cycle. - * PSR might take some time to get fully disabled - * and be ready for re-enable. - */ if (HAS_DDI(dev_priv)) { if (dev_priv->psr.psr2_enabled) { - if (intel_wait_for_register(dev_priv, - EDP_PSR2_STATUS, - EDP_PSR2_STATUS_STATE_MASK, - 0, - 50)) { - DRM_ERROR("Timed out waiting for PSR2 Idle for re-enable\n"); - return; - } + reg = EDP_PSR2_STATUS; + mask = EDP_PSR2_STATUS_STATE_MASK; } else { - if (intel_wait_for_register(dev_priv, - EDP_PSR_STATUS, - EDP_PSR_STATUS_STATE_MASK, - 0, - 50)) { - DRM_ERROR("Timed out waiting for PSR Idle for re-enable\n"); - return; - } + reg = EDP_PSR_STATUS; + mask = EDP_PSR_STATUS_STATE_MASK; } } else { - if (intel_wait_for_register(dev_priv, - VLV_PSRSTAT(pipe), - VLV_EDP_PSR_IN_TRANS, - 0, - 1)) { - DRM_ERROR("Timed out waiting for PSR Idle for re-enable\n"); - return; - } + struct drm_crtc *crtc = + dp_to_dig_port(intel_dp)->base.base.crtc; + enum pipe pipe = to_intel_crtc(crtc)->pipe; + + reg = VLV_PSRSTAT(pipe); + mask = VLV_EDP_PSR_IN_TRANS; } + + mutex_unlock(&dev_priv->psr.lock); + + err = intel_wait_for_register(dev_priv, reg, mask, 0, 50); + if (err) + DRM_ERROR("Timed out waiting for PSR Idle for re-enable\n"); + + /* After the unlocked wait, verify that PSR is still wanted! */ mutex_lock(&dev_priv->psr.lock); - intel_dp = dev_priv->psr.enabled; + return err == 0 && dev_priv->psr.enabled; +} - if (!intel_dp) +static void intel_psr_work(struct work_struct *work) +{ + struct drm_i915_private *dev_priv = + container_of(work, typeof(*dev_priv), psr.work.work); + + mutex_lock(&dev_priv->psr.lock); + + /* + * We have to make sure PSR is ready for re-enable + * otherwise it keeps disabled until next full enable/disable cycle. + * PSR might take some time to get fully disabled + * and be ready for re-enable. + */ + if (!psr_wait_for_idle(dev_priv)) goto unlock; /* @@ -832,7 +838,7 @@ static void intel_psr_work(struct work_struct *work) if (dev_priv->psr.busy_frontbuffer_bits) goto unlock; - intel_psr_activate(intel_dp); + intel_psr_activate(dev_priv->psr.enabled); unlock: mutex_unlock(&dev_priv->psr.lock); }

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] drm/i915/psr: Chase psr.enabled only under the psr.lock" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From daeb725e919c0d2d4b628aeaa1fa053125f888b2 Mon Sep 17 00:00:00 2001 From: Chris Wilson <chris(a)chris-wilson.co.uk> Date: Thu, 5 Apr 2018 12:49:15 +0100 Subject: [PATCH] drm/i915/psr: Chase psr.enabled only under the psr.lock Inside the psr work function, we want to wait for PSR to idle first and wish to do so without blocking the normal modeset path, so we do so without holding the PSR lock. However, we first have to find which pipe PSR was enabled on, which requires chasing into the PSR struct and requires locking to prevent intel_psr_disable() from concurrently setting our pointer to NULL. Fixes: 995d30477496 ("drm/i915: VLV/CHV PSR Software timer mode") Signed-off-by: Chris Wilson <chris(a)chris-wilson.co.uk> Cc: Durgadoss R <durgadoss.r(a)intel.com> Cc: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Cc: <stable(a)vger.kernel.org> # v4.0+ Reviewed-by: Jose Roberto de Souza <jose.souza(a)intel.com> Acked-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20180405114915.29609-1-chris@… diff --git a/drivers/gpu/drm/i915/intel_psr.c b/drivers/gpu/drm/i915/intel_psr.c index 2d53f7398a6d..69a5b276f4d8 100644 --- a/drivers/gpu/drm/i915/intel_psr.c +++ b/drivers/gpu/drm/i915/intel_psr.c @@ -775,53 +775,59 @@ void intel_psr_disable(struct intel_dp *intel_dp, cancel_delayed_work_sync(&dev_priv->psr.work); } -static void intel_psr_work(struct work_struct *work) +static bool psr_wait_for_idle(struct drm_i915_private *dev_priv) { - struct drm_i915_private *dev_priv = - container_of(work, typeof(*dev_priv), psr.work.work); - struct intel_dp *intel_dp = dev_priv->psr.enabled; - struct drm_crtc *crtc = dp_to_dig_port(intel_dp)->base.base.crtc; - enum pipe pipe = to_intel_crtc(crtc)->pipe; + struct intel_dp *intel_dp; + i915_reg_t reg; + u32 mask; + int err; + + intel_dp = dev_priv->psr.enabled; + if (!intel_dp) + return false; - /* We have to make sure PSR is ready for re-enable - * otherwise it keeps disabled until next full enable/disable cycle. - * PSR might take some time to get fully disabled - * and be ready for re-enable. - */ if (HAS_DDI(dev_priv)) { if (dev_priv->psr.psr2_enabled) { - if (intel_wait_for_register(dev_priv, - EDP_PSR2_STATUS, - EDP_PSR2_STATUS_STATE_MASK, - 0, - 50)) { - DRM_ERROR("Timed out waiting for PSR2 Idle for re-enable\n"); - return; - } + reg = EDP_PSR2_STATUS; + mask = EDP_PSR2_STATUS_STATE_MASK; } else { - if (intel_wait_for_register(dev_priv, - EDP_PSR_STATUS, - EDP_PSR_STATUS_STATE_MASK, - 0, - 50)) { - DRM_ERROR("Timed out waiting for PSR Idle for re-enable\n"); - return; - } + reg = EDP_PSR_STATUS; + mask = EDP_PSR_STATUS_STATE_MASK; } } else { - if (intel_wait_for_register(dev_priv, - VLV_PSRSTAT(pipe), - VLV_EDP_PSR_IN_TRANS, - 0, - 1)) { - DRM_ERROR("Timed out waiting for PSR Idle for re-enable\n"); - return; - } + struct drm_crtc *crtc = + dp_to_dig_port(intel_dp)->base.base.crtc; + enum pipe pipe = to_intel_crtc(crtc)->pipe; + + reg = VLV_PSRSTAT(pipe); + mask = VLV_EDP_PSR_IN_TRANS; } + + mutex_unlock(&dev_priv->psr.lock); + + err = intel_wait_for_register(dev_priv, reg, mask, 0, 50); + if (err) + DRM_ERROR("Timed out waiting for PSR Idle for re-enable\n"); + + /* After the unlocked wait, verify that PSR is still wanted! */ mutex_lock(&dev_priv->psr.lock); - intel_dp = dev_priv->psr.enabled; + return err == 0 && dev_priv->psr.enabled; +} - if (!intel_dp) +static void intel_psr_work(struct work_struct *work) +{ + struct drm_i915_private *dev_priv = + container_of(work, typeof(*dev_priv), psr.work.work); + + mutex_lock(&dev_priv->psr.lock); + + /* + * We have to make sure PSR is ready for re-enable + * otherwise it keeps disabled until next full enable/disable cycle. + * PSR might take some time to get fully disabled + * and be ready for re-enable. + */ + if (!psr_wait_for_idle(dev_priv)) goto unlock; /* @@ -832,7 +838,7 @@ static void intel_psr_work(struct work_struct *work) if (dev_priv->psr.busy_frontbuffer_bits) goto unlock; - intel_psr_activate(intel_dp); + intel_psr_activate(dev_priv->psr.enabled); unlock: mutex_unlock(&dev_priv->psr.lock); }

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] drm/i915/psr: Chase psr.enabled only under the psr.lock" failed to apply to 4.17-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.17-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From daeb725e919c0d2d4b628aeaa1fa053125f888b2 Mon Sep 17 00:00:00 2001 From: Chris Wilson <chris(a)chris-wilson.co.uk> Date: Thu, 5 Apr 2018 12:49:15 +0100 Subject: [PATCH] drm/i915/psr: Chase psr.enabled only under the psr.lock Inside the psr work function, we want to wait for PSR to idle first and wish to do so without blocking the normal modeset path, so we do so without holding the PSR lock. However, we first have to find which pipe PSR was enabled on, which requires chasing into the PSR struct and requires locking to prevent intel_psr_disable() from concurrently setting our pointer to NULL. Fixes: 995d30477496 ("drm/i915: VLV/CHV PSR Software timer mode") Signed-off-by: Chris Wilson <chris(a)chris-wilson.co.uk> Cc: Durgadoss R <durgadoss.r(a)intel.com> Cc: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Cc: <stable(a)vger.kernel.org> # v4.0+ Reviewed-by: Jose Roberto de Souza <jose.souza(a)intel.com> Acked-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20180405114915.29609-1-chris@… diff --git a/drivers/gpu/drm/i915/intel_psr.c b/drivers/gpu/drm/i915/intel_psr.c index 2d53f7398a6d..69a5b276f4d8 100644 --- a/drivers/gpu/drm/i915/intel_psr.c +++ b/drivers/gpu/drm/i915/intel_psr.c @@ -775,53 +775,59 @@ void intel_psr_disable(struct intel_dp *intel_dp, cancel_delayed_work_sync(&dev_priv->psr.work); } -static void intel_psr_work(struct work_struct *work) +static bool psr_wait_for_idle(struct drm_i915_private *dev_priv) { - struct drm_i915_private *dev_priv = - container_of(work, typeof(*dev_priv), psr.work.work); - struct intel_dp *intel_dp = dev_priv->psr.enabled; - struct drm_crtc *crtc = dp_to_dig_port(intel_dp)->base.base.crtc; - enum pipe pipe = to_intel_crtc(crtc)->pipe; + struct intel_dp *intel_dp; + i915_reg_t reg; + u32 mask; + int err; + + intel_dp = dev_priv->psr.enabled; + if (!intel_dp) + return false; - /* We have to make sure PSR is ready for re-enable - * otherwise it keeps disabled until next full enable/disable cycle. - * PSR might take some time to get fully disabled - * and be ready for re-enable. - */ if (HAS_DDI(dev_priv)) { if (dev_priv->psr.psr2_enabled) { - if (intel_wait_for_register(dev_priv, - EDP_PSR2_STATUS, - EDP_PSR2_STATUS_STATE_MASK, - 0, - 50)) { - DRM_ERROR("Timed out waiting for PSR2 Idle for re-enable\n"); - return; - } + reg = EDP_PSR2_STATUS; + mask = EDP_PSR2_STATUS_STATE_MASK; } else { - if (intel_wait_for_register(dev_priv, - EDP_PSR_STATUS, - EDP_PSR_STATUS_STATE_MASK, - 0, - 50)) { - DRM_ERROR("Timed out waiting for PSR Idle for re-enable\n"); - return; - } + reg = EDP_PSR_STATUS; + mask = EDP_PSR_STATUS_STATE_MASK; } } else { - if (intel_wait_for_register(dev_priv, - VLV_PSRSTAT(pipe), - VLV_EDP_PSR_IN_TRANS, - 0, - 1)) { - DRM_ERROR("Timed out waiting for PSR Idle for re-enable\n"); - return; - } + struct drm_crtc *crtc = + dp_to_dig_port(intel_dp)->base.base.crtc; + enum pipe pipe = to_intel_crtc(crtc)->pipe; + + reg = VLV_PSRSTAT(pipe); + mask = VLV_EDP_PSR_IN_TRANS; } + + mutex_unlock(&dev_priv->psr.lock); + + err = intel_wait_for_register(dev_priv, reg, mask, 0, 50); + if (err) + DRM_ERROR("Timed out waiting for PSR Idle for re-enable\n"); + + /* After the unlocked wait, verify that PSR is still wanted! */ mutex_lock(&dev_priv->psr.lock); - intel_dp = dev_priv->psr.enabled; + return err == 0 && dev_priv->psr.enabled; +} - if (!intel_dp) +static void intel_psr_work(struct work_struct *work) +{ + struct drm_i915_private *dev_priv = + container_of(work, typeof(*dev_priv), psr.work.work); + + mutex_lock(&dev_priv->psr.lock); + + /* + * We have to make sure PSR is ready for re-enable + * otherwise it keeps disabled until next full enable/disable cycle. + * PSR might take some time to get fully disabled + * and be ready for re-enable. + */ + if (!psr_wait_for_idle(dev_priv)) goto unlock; /* @@ -832,7 +838,7 @@ static void intel_psr_work(struct work_struct *work) if (dev_priv->psr.busy_frontbuffer_bits) goto unlock; - intel_psr_activate(intel_dp); + intel_psr_activate(dev_priv->psr.enabled); unlock: mutex_unlock(&dev_priv->psr.lock); }

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] Revert "drm/amd/display: fix dereferencing possible" failed to apply to 4.17-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.17-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 642ad57058baaa2c105925a75c153bb486877513 Mon Sep 17 00:00:00 2001 From: Harry Wentland <harry.wentland(a)amd.com> Date: Thu, 12 Apr 2018 10:51:51 -0400 Subject: [PATCH] Revert "drm/amd/display: fix dereferencing possible ERR_PTR()" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This reverts commit cd2d6c92a8e39d7e50a5af9fcc67d07e6a89e91d. Cc: Shirish S <shirish.s(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Michel Dänzer <michel.daenzer(a)amd.com> Signed-off-by: Harry Wentland <harry.wentland(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c index 265f0166f688..0c29f3b97398 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c @@ -4941,9 +4941,6 @@ static int dm_atomic_check_plane_state_fb(struct drm_atomic_state *state, return -EDEADLK; crtc_state = drm_atomic_get_crtc_state(plane_state->state, crtc); - if (IS_ERR(crtc_state)) - return PTR_ERR(crtc_state); - if (crtc->primary == plane && crtc_state->active) { if (!plane_state->fb) return -EINVAL;

7 years, 2 months

1
0
0 0

4.17.2 -> 4.17.3 iwlwifi regression

by Yan, Zheng

I started to get following warning and unstable connection after upgrading kernel to 4.17.3 (from 4.17.2). iwlwifi 0000:04:00.0: loaded firmware version 38.c0e03d94.0 op_mode iwlmvm iwlwifi 0000:04:00.0: Detected Intel(R) Dual Band Wireless AC 9260, REV=0x324 audit: type=1130 audit(1529640588.009:69): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=systemd-rfkill comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' iwlwifi 0000:04:00.0: base HW address: 74:e5:f9:a6:bb:52 … WARNING: CPU: 1 PID: 0 at drivers/net/wireless/intel/iwlwifi/mvm/tx.c:710 iwl_mvm_tx_tso_segment+0x28a/0x2a0 [iwlmvm] Modules linked in: joydev(E) xt_nat(E) it87(OE) netconsole(E) rmd160(E) ip_vti(E) ip_tunnel(E) af_key(E) ah6(E) ah4(E) esp6(E) esp4(E) xfrm4_mode_beet(E) xfrm4_tunnel(E) tunnel4(E) xfrm4_mode_tunnel(E) xfrm4_mode_transport(E) xfrm6_mode_transport(E) xfrm6_mode_ro(E) xfrm6_mode_beet(E) xfrm6_mode_tunnel(E) ipcomp(E) ipcomp6(E) xfrm6_tunnel(E) xfrm_ipcomp(E) tunnel6(E) sha1_ssse3(E) salsa20_x86_64(E) salsa20_generic(E) poly1305_x86_64(E) poly1305_generic(E) des3_ede_x86_64(E) chacha20_x86_64(E) chacha20_generic(E) chacha20poly1305(E) camellia_generic(E) camellia_aesni_avx2(E) camellia_aesni_avx_x86_64(E) camellia_x86_64(E) cast6_avx_x86_64(E) cast6_generic(E) cast5_avx_x86_64(E) cast5_generic(E) cast_common(E) serpent_avx2(E) serpent_avx_x86_64(E) serpent_sse2_x86_64(E) serpent_generic(E) blowfish_generic(E) blowfish_x86_64(E) blowfish_common(E) twofish_generic(E) twofish_avx_x86_64(E) twofish_x86_64_3way(E) twofish_x86_64(E) twofish_common(E) xcbc(E) sha256_mb(E) sha256_ssse3(E) sha512_mb(E) mcryptd(E) sha512_ssse3(E) sha512_generic(E) des_generic(E) xt_CHECKSUM(E) ipt_MASQUERADE(E) nf_nat_masquerade_ipv4(E) tun(E) ccm(E) nf_conntrack_netbios_ns(E) nf_conntrack_broadcast(E) xt_CT(E) ip6t_rpfilter(E) ip6t_REJECT(E) nf_reject_ipv6(E) xt_conntrack(E) ip_set(E) nfnetlink(E) ebtable_nat(E) ebtable_broute(E) bridge(E) stp(E) llc(E) ip6table_nat(E) nf_conntrack_ipv6(E) nf_defrag_ipv6(E) nf_nat_ipv6(E) ip6table_mangle(E) ip6table_raw(E) ip6table_security(E) iptable_nat(E) nf_conntrack_ipv4(E) nf_defrag_ipv4(E) nf_nat_ipv4(E) nf_nat(E) nf_conntrack(E) iptable_mangle(E) iptable_raw(E) iptable_security(E) ebtable_filter(E) ebtables(E) ip6table_filter(E) ip6_tables(E) cmac(E) bnep(E) hwmon_vid(E) ib_isert(E) iscsi_target_mod(E) ib_srpt(E) target_core_mod(E) ib_srp(E) scsi_transport_srp(E) vfat(E) fat(E) xfs(E) libcrc32c(E) ib_ucm(E) arc4(E) rpcrdma(E) sunrpc(E) iwlmvm(E) mac80211(E) rdma_ucm(E) ib_uverbs(E) ib_iser(E) snd_hda_codec_realtek(E) rdma_cm(E) btusb(E) snd_hda_codec_generic(E) snd_hda_codec_hdmi(E) iw_cm(E) btrtl(E) snd_hda_intel(E) btbcm(E) btintel(E) snd_hda_codec(E) bluetooth(E) snd_hda_core(E) ib_umad(E) edac_mce_amd(E) snd_hwdep(E) ib_ipoib(E) libiscsi(E) scsi_transport_iscsi(E) iwlwifi(E) snd_seq(E) snd_seq_device(E) kvm_amd(E) ib_cm(E) mlx4_ib(E) ib_core(E) kvm(E) snd_pcm(E) snd_timer(E) sp5100_tco(E) snd(E) i2c_piix4(E) soundcore(E) gpio_amdpt(E) gpio_generic(E) ecdh_generic(E) cfg80211(E) irqbypass(E) mxm_wmi(E) rfkill(E) wmi_bmof(E) crct10dif_pclmul(E) crc32_pclmul(E) wmi(E) ghash_clmulni_intel(E) k10temp(E) ccp(E) pinctrl_amd(E) shpchp(E) pcspkr(E) acpi_cpufreq(E) mlx4_en(E) amdkfd(E) amd_iommu_v2(E) amdgpu(E) chash(E) gpu_sched(E) drm_kms_helper(E) ttm(E) crc32c_intel(E) mlx4_core(E) igb(E) devlink(E) drm(E) ptp(E) pps_core(E) dca(E) i2c_algo_bit(E) nvme(E) nvme_core(E) tcp_bbr(E) CPU: 1 PID: 0 Comm: swapper/1 Tainted: G OE 4.17.2 #4 Hardware name: System manufacturer System Product Name/PRIME X370-PRO, BIOS 3803 01/22/2018 RIP: 0010:iwl_mvm_tx_tso_segment+0x28a/0x2a0 [iwlmvm] RSP: 0018:ffff961e1ec437c0 EFLAGS: 00010202 RAX: 00000000000002c0 RBX: fffffffffffffff4 RCX: ffff961c38339c64 RDX: ffff961c38339c00 RSI: 0000000000000000 RDI: ffff961c38339c64 RBP: ffff961e1ec43850 R08: ffff9618f295b700 R09: fffffffffffffff4 R10: 0000000000000000 R11: 0000000000000000 R12: 000000000000dc6f R13: 0000000000000008 R14: 0000000000000000 R15: 00000000000005a8 FS: 0000000000000000(0000) GS:ffff961e1ec40000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000559b4fc3e240 CR3: 000000063c20a000 CR4: 00000000003406e0 Call Trace: <IRQ> ? iwl_mvm_tx_mpdu+0x1a2/0x5b0 [iwlmvm] iwl_mvm_tx_skb+0x3f0/0x440 [iwlmvm] iwl_mvm_mac_tx+0xb5/0x1b0 [iwlmvm] ieee80211_tx_frags+0x14c/0x220 [mac80211] ieee80211_xmit_fast+0x7ea/0x8b0 [mac80211] ? sched_clock+0x5/0x10 ? sched_clock_cpu+0xc/0xb0 __ieee80211_subif_start_xmit+0xa9/0x1e0 [mac80211] ieee80211_subif_start_xmit+0x44/0x2d0 [mac80211] dev_hard_start_xmit+0xa5/0x210 sch_direct_xmit+0x158/0x340 __dev_queue_xmit+0x53b/0x7e0 ? xfrm_lookup+0x2f2/0x930 ip_finish_output2+0x29c/0x3b0 ip_output+0x6c/0xe0 ? ip_append_data.part.50+0xc0/0xc0 ip_forward+0x396/0x450 ? ip_defrag.cold.17+0x22/0x22 ip_rcv+0x26e/0x3a6 ? inet_add_protocol.cold.1+0x1e/0x1e __netif_receive_skb_core+0x4fb/0xb30 ? mlx4_en_process_rx_cq+0x9b5/0xc60 [mlx4_en] ? ktime_get_with_offset+0x4d/0xc0 netif_receive_skb_internal+0x42/0xf0 napi_gro_flush+0x50/0x70 napi_complete_done+0x39/0xf0 mlx4_en_poll_rx_cq+0xa4/0xf0 [mlx4_en] net_rx_action+0x149/0x3a0 __do_softirq+0xe3/0x2d4 irq_exit+0xe8/0xf0 do_IRQ+0x7d/0xc0 common_interrupt+0xf/0xf </IRQ> RIP: 0010:native_safe_halt+0x2/0x10 RSP: 0018:ffffaeb84323be40 EFLAGS: 00000246 ORIG_RAX: ffffffffffffffda RAX: 0000000080000000 RBX: ffff961dfa98dc00 RCX: ffff961e1ec40000 RDX: 4ec4ec4ec4ec4ec5 RSI: 0000000000000034 RDI: ffff961dfa98dc64 RBP: ffff961dfa98dc64 R08: 00002b4f757437c4 R09: 0000000000000249 R10: 000000000000024b R11: ffff961e1ec5fae8 R12: 0000000000000001 R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000000 acpi_safe_halt+0x1b/0x30 acpi_idle_enter+0xf3/0x2b0 cpuidle_enter_state+0x70/0x2a0 do_idle+0x21d/0x260 cpu_startup_entry+0x6f/0x80 start_secondary+0x1a4/0x1f0 secondary_startup_64+0xa5/0xb0 Code: 00 48 03 bb d0 00 00 00 44 89 44 24 14 48 89 74 24 08 48 89 0c 24 e8 76 ba 94 ea 44 8b 44 24 14 48 8b 74 24 08 48 8b 0c 24 eb aa <0f> 0b b8 ea ff ff ff e9 78 ff ff ff e8 45 19 22 ea 0f 1f 44 00

7 years, 2 months

3
3
0 0

[PATCH] arm64: dts: marvell: fix CP110 ICU node size

by Miquel Raynal

commit 2f872ddcdb1e8e2186162616cea4581b8403849d upstream. ICU size in CP110 is not 0x10 but at least 0x440 bytes long (from the specification). Fixes: 6ef84a827c37 ("arm64: dts: marvell: enable GICP and ICU on Armada 7K/8K") Cc: stable(a)vger.kernel.org # 4.14.x Signed-off-by: Miquel Raynal <miquel.raynal(a)bootlin.com> Reviewed-by: Thomas Petazzoni <thomas.petazzoni(a)bootlin.com> Signed-off-by: Gregory CLEMENT <gregory.clement(a)bootlin.com> --- Backport to 4.14 stable tree: the original patch did not applied because of the effort of DT de-duplication that merged two files in one. arch/arm64/boot/dts/marvell/armada-cp110-master.dtsi | 2 +- arch/arm64/boot/dts/marvell/armada-cp110-slave.dtsi | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/arm64/boot/dts/marvell/armada-cp110-master.dtsi b/arch/arm64/boot/dts/marvell/armada-cp110-master.dtsi index 9a7b63cd63a3..7c19f32d0f44 100644 --- a/arch/arm64/boot/dts/marvell/armada-cp110-master.dtsi +++ b/arch/arm64/boot/dts/marvell/armada-cp110-master.dtsi @@ -169,7 +169,7 @@ cpm_icu: interrupt-controller@1e0000 { compatible = "marvell,cp110-icu"; - reg = <0x1e0000 0x10>; + reg = <0x1e0000 0x440>; #interrupt-cells = <3>; interrupt-controller; msi-parent = <&gicp>; diff --git a/arch/arm64/boot/dts/marvell/armada-cp110-slave.dtsi b/arch/arm64/boot/dts/marvell/armada-cp110-slave.dtsi index faf28633a309..150e97a1dfea 100644 --- a/arch/arm64/boot/dts/marvell/armada-cp110-slave.dtsi +++ b/arch/arm64/boot/dts/marvell/armada-cp110-slave.dtsi @@ -169,7 +169,7 @@ cps_icu: interrupt-controller@1e0000 { compatible = "marvell,cp110-icu"; - reg = <0x1e0000 0x10>; + reg = <0x1e0000 0x440>; #interrupt-cells = <3>; interrupt-controller; msi-parent = <&gicp>; -- 2.14.1

7 years, 2 months

2
2
0 0

[PATCH] HID: debug: check length before copy_to_user()

by Daniel Rosenberg

If our length is greater than the size of the buffer, we overflow the buffer Signed-off-by: Daniel Rosenberg <drosen(a)google.com> Cc: stable(a)vger.kernel.org --- drivers/hid/hid-debug.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/drivers/hid/hid-debug.c b/drivers/hid/hid-debug.c index 8469b6964ff64..b48100236df89 100644 --- a/drivers/hid/hid-debug.c +++ b/drivers/hid/hid-debug.c @@ -1154,6 +1154,8 @@ static ssize_t hid_debug_events_read(struct file *file, char __user *buffer, goto out; if (list->tail > list->head) { len = list->tail - list->head; + if (len > count) + len = count; if (copy_to_user(buffer + ret, &list->hid_debug_buf[list->head], len)) { ret = -EFAULT; @@ -1163,6 +1165,8 @@ static ssize_t hid_debug_events_read(struct file *file, char __user *buffer, list->head += len; } else { len = HID_DEBUG_BUFSIZE - list->head; + if (len > count) + len = count; if (copy_to_user(buffer, &list->hid_debug_buf[list->head], len)) { ret = -EFAULT; @@ -1170,7 +1174,9 @@ static ssize_t hid_debug_events_read(struct file *file, char __user *buffer, } list->head = 0; ret += len; - goto copy_rest; + count -= len; + if (count > 0) + goto copy_rest; } } -- 2.18.0.399.gad0ab374a1-goog

7 years, 2 months

4
3
0 0

[PATCH v4 3/3] x86/mm: add TLB purge to free pmd/pte page interfaces

by Toshi Kani

ioremap() calls pud_free_pmd_page() / pmd_free_pte_page() when it creates a pud / pmd map. The following preconditions are met at their entry. - All pte entries for a target pud/pmd address range have been cleared. - System-wide TLB purges have been peformed for a target pud/pmd address range. The preconditions assure that there is no stale TLB entry for the range. Speculation may not cache TLB entries since it requires all levels of page entries, including ptes, to have P & A-bits set for an associated address. However, speculation may cache pud/pmd entries (paging-structure caches) when they have P-bit set. Add a system-wide TLB purge (INVLPG) to a single page after clearing pud/pmd entry's P-bit. SDM 4.10.4.1, Operation that Invalidate TLBs and Paging-Structure Caches, states that: INVLPG invalidates all paging-structure caches associated with the current PCID regardless of the liner addresses to which they correspond. Fixes: 28ee90fe6048 ("x86/mm: implement free pmd/pte page interfaces") Signed-off-by: Toshi Kani <toshi.kani(a)hpe.com> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: Joerg Roedel <joro(a)8bytes.org> Cc: <stable(a)vger.kernel.org> --- arch/x86/mm/pgtable.c | 36 ++++++++++++++++++++++++++++++------ 1 file changed, 30 insertions(+), 6 deletions(-) diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c index fbd14e506758..e3deefb891da 100644 --- a/arch/x86/mm/pgtable.c +++ b/arch/x86/mm/pgtable.c @@ -725,24 +725,44 @@ int pmd_clear_huge(pmd_t *pmd) * @pud: Pointer to a PUD. * @addr: Virtual address associated with pud. * - * Context: The pud range has been unmaped and TLB purged. + * Context: The pud range has been unmapped and TLB purged. * Return: 1 if clearing the entry succeeded. 0 otherwise. + * + * NOTE: Callers must allow a single page allocation. */ int pud_free_pmd_page(pud_t *pud, unsigned long addr) { - pmd_t *pmd; + pmd_t *pmd, *pmd_sv; + pte_t *pte; int i; if (pud_none(*pud)) return 1; pmd = (pmd_t *)pud_page_vaddr(*pud); + pmd_sv = (pmd_t *)__get_free_page(GFP_KERNEL); + if (!pmd_sv) + return 0; - for (i = 0; i < PTRS_PER_PMD; i++) - if (!pmd_free_pte_page(&pmd[i], addr + (i * PMD_SIZE))) - return 0; + for (i = 0; i < PTRS_PER_PMD; i++) { + pmd_sv[i] = pmd[i]; + if (!pmd_none(pmd[i])) + pmd_clear(&pmd[i]); + } pud_clear(pud); + + /* INVLPG to clear all paging-structure caches */ + flush_tlb_kernel_range(addr, addr + PAGE_SIZE-1); + + for (i = 0; i < PTRS_PER_PMD; i++) { + if (!pmd_none(pmd_sv[i])) { + pte = (pte_t *)pmd_page_vaddr(pmd_sv[i]); + free_page((unsigned long)pte); + } + } + + free_page((unsigned long)pmd_sv); free_page((unsigned long)pmd); return 1; @@ -753,7 +773,7 @@ int pud_free_pmd_page(pud_t *pud, unsigned long addr) * @pmd: Pointer to a PMD. * @addr: Virtual address associated with pmd. * - * Context: The pmd range has been unmaped and TLB purged. + * Context: The pmd range has been unmapped and TLB purged. * Return: 1 if clearing the entry succeeded. 0 otherwise. */ int pmd_free_pte_page(pmd_t *pmd, unsigned long addr) @@ -765,6 +785,10 @@ int pmd_free_pte_page(pmd_t *pmd, unsigned long addr) pte = (pte_t *)pmd_page_vaddr(*pmd); pmd_clear(pmd); + + /* INVLPG to clear all paging-structure caches */ + flush_tlb_kernel_range(addr, addr + PAGE_SIZE-1); + free_page((unsigned long)pte); return 1;

7 years, 2 months

2
1
0 0

[PATCH v4 1/3] x86/mm: disable ioremap free page handling on x86-PAE

by Toshi Kani

ioremap() supports pmd mappings on x86-PAE. However, kernel's pmd tables are not shared among processes on x86-PAE. Therefore, any update to sync'd pmd entries need re-syncing. Freeing a pte page also leads to a vmalloc fault and hits the BUG_ON in vmalloc_sync_one(). Disable free page handling on x86-PAE. pud_free_pmd_page() and pmd_free_pte_page() simply return 0 if a given pud/pmd entry is present. This assures that ioremap() does not update sync'd pmd entries at the cost of falling back to pte mappings. Fixes: 28ee90fe6048 ("x86/mm: implement free pmd/pte page interfaces") Reported-by: Joerg Roedel <joro(a)8bytes.org> Signed-off-by: Toshi Kani <toshi.kani(a)hpe.com> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: Joerg Roedel <joro(a)8bytes.org> Cc: <stable(a)vger.kernel.org> --- arch/x86/mm/pgtable.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c index 47b5951e592b..1aeb7a5dbce5 100644 --- a/arch/x86/mm/pgtable.c +++ b/arch/x86/mm/pgtable.c @@ -719,6 +719,7 @@ int pmd_clear_huge(pmd_t *pmd) return 0; } +#ifdef CONFIG_X86_64 /** * pud_free_pmd_page - Clear pud entry and free pmd page. * @pud: Pointer to a PUD. @@ -766,4 +767,22 @@ int pmd_free_pte_page(pmd_t *pmd) return 1; } + +#else /* !CONFIG_X86_64 */ + +int pud_free_pmd_page(pud_t *pud) +{ + return pud_none(*pud); +} + +/* + * Disable free page handling on x86-PAE. This assures that ioremap() + * does not update sync'd pmd entries. See vmalloc_sync_one(). + */ +int pmd_free_pte_page(pmd_t *pmd) +{ + return pmd_none(*pmd); +} + +#endif /* CONFIG_X86_64 */ #endif /* CONFIG_HAVE_ARCH_HUGE_VMAP */

7 years, 2 months

2
1
0 0

[PATCH] cifs: Fix memory leak in smb2_set_ea()

by Paulo Alcantara

This patch fixes a memory leak when doing a setxattr(2) in SMB2+. Signed-off-by: Paulo Alcantara <palcantara(a)suse.de> Cc: stable(a)vger.kernel.org --- fs/cifs/smb2ops.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c index 0356b5559c71..957ea2a5cf1d 100644 --- a/fs/cifs/smb2ops.c +++ b/fs/cifs/smb2ops.c @@ -855,6 +855,8 @@ smb2_set_ea(const unsigned int xid, struct cifs_tcon *tcon, rc = SMB2_set_ea(xid, tcon, fid.persistent_fid, fid.volatile_fid, ea, len); + kfree(ea); + SMB2_close(xid, tcon, fid.persistent_fid, fid.volatile_fid); return rc; -- 2.18.0

7 years, 2 months

1
0
0 0

[PATCH 1/4] USB: serial: keyspan_pda: fix modem-status error handling

by Johan Hovold

Fix broken modem-status error handling which could lead to bits of slab data leaking to user space. Fixes: 3b36a8fd6777 ("usb: fix uninitialized variable warning in keyspan_pda") Cc: stable <stable(a)vger.kernel.org> # 2.6.27 Cc: Benny Halevy <bhalevy(a)panasas.com> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/usb/serial/keyspan_pda.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/usb/serial/keyspan_pda.c b/drivers/usb/serial/keyspan_pda.c index 5169624d8b11..38d43c4b7ce5 100644 --- a/drivers/usb/serial/keyspan_pda.c +++ b/drivers/usb/serial/keyspan_pda.c @@ -369,8 +369,10 @@ static int keyspan_pda_get_modem_info(struct usb_serial *serial, 3, /* get pins */ USB_TYPE_VENDOR|USB_RECIP_INTERFACE|USB_DIR_IN, 0, 0, data, 1, 2000); - if (rc >= 0) + if (rc == 1) *value = *data; + else if (rc >= 0) + rc = -EIO; kfree(data); return rc; -- 2.18.0

7 years, 2 months

1
1
0 0

[PATCH v3] block: don't use blocking queue entered for recursive bio submits

by Alexandru Moise

From: Jens Axboe <axboe(a)kernel.dk> commit cd4a4ae4683dc2e09380118e205e057896dcda2b upstream If we end up splitting a bio and the queue goes away between the initial submission and the later split submission, then we can block forever in blk_queue_enter() waiting for the reference to drop to zero. This will never happen, since we already hold a reference. Mark a split bio as already having entered the queue, so we can just use the live non-blocking queue enter variant. Thanks to Tetsuo Handa for the analysis. We're running fio tests and the tasks get stuck in a D state forever when systemd-udevd tries to read the partition table. This patch solves it. Please apply to 4.17 stable. Reported-by: syzbot+c4f9cebf9d651f6e54de(a)syzkaller.appspotmail.com Signed-off-by: Jens Axboe <axboe(a)kernel.dk> Signed-off-by: Alexandru Moise <00moses.alexander00(a)gmail.com> --- v2: Fixed "From:" v3: Added "From: Jens Axboe" above commit sha block/blk-core.c | 4 +++- block/blk-merge.c | 10 ++++++++++ include/linux/blk_types.h | 2 ++ 3 files changed, 15 insertions(+), 1 deletion(-) diff --git a/block/blk-core.c b/block/blk-core.c index b559b9d4f1a2..47ab2d9d02d9 100644 --- a/block/blk-core.c +++ b/block/blk-core.c @@ -2392,7 +2392,9 @@ blk_qc_t generic_make_request(struct bio *bio) if (bio->bi_opf & REQ_NOWAIT) flags = BLK_MQ_REQ_NOWAIT; - if (blk_queue_enter(q, flags) < 0) { + if (bio_flagged(bio, BIO_QUEUE_ENTERED)) + blk_queue_enter_live(q); + else if (blk_queue_enter(q, flags) < 0) { if (!blk_queue_dying(q) && (bio->bi_opf & REQ_NOWAIT)) bio_wouldblock_error(bio); else diff --git a/block/blk-merge.c b/block/blk-merge.c index 782940c65d8a..481dc02668f9 100644 --- a/block/blk-merge.c +++ b/block/blk-merge.c @@ -210,6 +210,16 @@ void blk_queue_split(struct request_queue *q, struct bio **bio) /* there isn't chance to merge the splitted bio */ split->bi_opf |= REQ_NOMERGE; + /* + * Since we're recursing into make_request here, ensure + * that we mark this bio as already having entered the queue. + * If not, and the queue is going away, we can get stuck + * forever on waiting for the queue reference to drop. But + * that will never happen, as we're already holding a + * reference to it. + */ + bio_set_flag(*bio, BIO_QUEUE_ENTERED); + bio_chain(split, *bio); trace_block_split(q, split, (*bio)->bi_iter.bi_sector); generic_make_request(*bio); diff --git a/include/linux/blk_types.h b/include/linux/blk_types.h index 17b18b91ebac..1602bf4ab4cd 100644 --- a/include/linux/blk_types.h +++ b/include/linux/blk_types.h @@ -186,6 +186,8 @@ struct bio { * throttling rules. Don't do it again. */ #define BIO_TRACE_COMPLETION 10 /* bio_endio() should trace the final completion * of this bio. */ +#define BIO_QUEUE_ENTERED 11 /* can use blk_queue_enter_live() */ + /* See BVEC_POOL_OFFSET below before adding new flags */ /* -- 2.18.0

7 years, 2 months

2
1
0 0

[PATCH v2] ARM: dts: armada-38x: use the new thermal binding

by Baruch Siach

Commit 2f28e4c24b10e (thermal: armada: Clarify control registers accesses) introduced the new thermal binding. The new binding extends the second registers field size to 8. Switch to the new binding to fix thermal reading values. Without this change the fix for errata #132698 introduced in commit 8c0b888f661 (thermal: armada: Change sensors trim default value) has no effect. Cc: stable(a)vger.kernel.org # v4.16+ Reviewed-by: Miquel Raynal <miquel.raynal(a)bootlin.com> Signed-off-by: Baruch Siach <baruch(a)tkos.co.il> --- v2: * Typo fixes (Andreas Färber) * Add Miquel's review tag * Minor wording changes * Cc stable --- arch/arm/boot/dts/armada-38x.dtsi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm/boot/dts/armada-38x.dtsi b/arch/arm/boot/dts/armada-38x.dtsi index 18edc9bc7927..929459c42760 100644 --- a/arch/arm/boot/dts/armada-38x.dtsi +++ b/arch/arm/boot/dts/armada-38x.dtsi @@ -547,7 +547,7 @@ thermal: thermal@e8078 { compatible = "marvell,armada380-thermal"; - reg = <0xe4078 0x4>, <0xe4074 0x4>; + reg = <0xe4078 0x4>, <0xe4070 0x8>; status = "okay"; }; -- 2.18.0

7 years, 2 months

2
1
0 0

[PATCH v2] block: don't use blocking queue entered for recursive bio submits

by Alexandru Moise

commit cd4a4ae4683dc2e09380118e205e057896dcda2b upstream. If we end up splitting a bio and the queue goes away between the initial submission and the later split submission, then we can block forever in blk_queue_enter() waiting for the reference to drop to zero. This will never happen, since we already hold a reference. Mark a split bio as already having entered the queue, so we can just use the live non-blocking queue enter variant. Thanks to Tetsuo Handa for the analysis. We're running fio tests and the tasks get stuck in a D state forever when systemd-udevd tries to read the partition table. This patch solves it. Please apply to 4.17 stable. Reported-by: syzbot+c4f9cebf9d651f6e54de(a)syzkaller.appspotmail.com Signed-off-by: Jens Axboe <axboe(a)kernel.dk> Signed-off-by: Alexandru Moise <00moses.alexander00(a)gmail.com> --- v2: Changed "From:" The email sent as being from Jens instead of me, sorry again Jens. block/blk-core.c | 4 +++- block/blk-merge.c | 10 ++++++++++ include/linux/blk_types.h | 2 ++ 3 files changed, 15 insertions(+), 1 deletion(-) diff --git a/block/blk-core.c b/block/blk-core.c index b559b9d4f1a2..47ab2d9d02d9 100644 --- a/block/blk-core.c +++ b/block/blk-core.c @@ -2392,7 +2392,9 @@ blk_qc_t generic_make_request(struct bio *bio) if (bio->bi_opf & REQ_NOWAIT) flags = BLK_MQ_REQ_NOWAIT; - if (blk_queue_enter(q, flags) < 0) { + if (bio_flagged(bio, BIO_QUEUE_ENTERED)) + blk_queue_enter_live(q); + else if (blk_queue_enter(q, flags) < 0) { if (!blk_queue_dying(q) && (bio->bi_opf & REQ_NOWAIT)) bio_wouldblock_error(bio); else diff --git a/block/blk-merge.c b/block/blk-merge.c index 782940c65d8a..481dc02668f9 100644 --- a/block/blk-merge.c +++ b/block/blk-merge.c @@ -210,6 +210,16 @@ void blk_queue_split(struct request_queue *q, struct bio **bio) /* there isn't chance to merge the splitted bio */ split->bi_opf |= REQ_NOMERGE; + /* + * Since we're recursing into make_request here, ensure + * that we mark this bio as already having entered the queue. + * If not, and the queue is going away, we can get stuck + * forever on waiting for the queue reference to drop. But + * that will never happen, as we're already holding a + * reference to it. + */ + bio_set_flag(*bio, BIO_QUEUE_ENTERED); + bio_chain(split, *bio); trace_block_split(q, split, (*bio)->bi_iter.bi_sector); generic_make_request(*bio); diff --git a/include/linux/blk_types.h b/include/linux/blk_types.h index 17b18b91ebac..1602bf4ab4cd 100644 --- a/include/linux/blk_types.h +++ b/include/linux/blk_types.h @@ -186,6 +186,8 @@ struct bio { * throttling rules. Don't do it again. */ #define BIO_TRACE_COMPLETION 10 /* bio_endio() should trace the final completion * of this bio. */ +#define BIO_QUEUE_ENTERED 11 /* can use blk_queue_enter_live() */ + /* See BVEC_POOL_OFFSET below before adding new flags */ /* -- 2.18.0

7 years, 2 months

3
6
0 0

[PATCH] ubifs: log: Don't leak kernel memory to the MTD

by Richard Weinberger

ubifs_log_start_commit() allocates a buffer with kmalloc(), this buffer is used to build UBIFS CS and REF nodes, all structure attributes get set, except for the padding field in the ubifs_ref_node. That way we leak 28 bytes of kernel memory to the MTD. Fix it by using kzalloc(). Cc: stable(a)vger.kernel.org Fixes: 1e51764a3c2a ("UBIFS: add new flash file system") Signed-off-by: Richard Weinberger <richard(a)nod.at> --- fs/ubifs/log.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/ubifs/log.c b/fs/ubifs/log.c index 7cffa120a750..60d49c6dd470 100644 --- a/fs/ubifs/log.c +++ b/fs/ubifs/log.c @@ -369,7 +369,7 @@ int ubifs_log_start_commit(struct ubifs_info *c, int *ltail_lnum) max_len = UBIFS_CS_NODE_SZ + c->jhead_cnt * UBIFS_REF_NODE_SZ; max_len = ALIGN(max_len, c->min_io_size); - buf = cs = kmalloc(max_len, GFP_NOFS); + buf = cs = kzalloc(max_len, GFP_NOFS); if (!buf) return -ENOMEM; -- 2.18.0

7 years, 2 months

1
0
0 0

[PATCH 2/4] rtc: omap: fix resource leak in registration error path

by Johan Hovold

Make sure to deregister the pin controller in case rtc registration fails. Fixes: 57072758623f ("rtc: omap: switch to rtc_register_device") Cc: stable <stable(a)vger.kernel.org> # 4.14 Cc: Alexandre Belloni <alexandre.belloni(a)free-electrons.com> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/rtc/rtc-omap.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/rtc/rtc-omap.c b/drivers/rtc/rtc-omap.c index c214b69a8787..6a7b804c3074 100644 --- a/drivers/rtc/rtc-omap.c +++ b/drivers/rtc/rtc-omap.c @@ -873,7 +873,7 @@ static int omap_rtc_probe(struct platform_device *pdev) ret = rtc_register_device(rtc->rtc); if (ret) - goto err; + goto err_deregister_pinctrl; rtc_nvmem_register(rtc->rtc, &omap_rtc_nvmem_config); @@ -886,6 +886,8 @@ static int omap_rtc_probe(struct platform_device *pdev) return 0; +err_deregister_pinctrl: + pinctrl_unregister(rtc->pctldev); err: clk_disable_unprepare(rtc->clk); device_init_wakeup(&pdev->dev, false); -- 2.18.0

7 years, 2 months

1
0
0 0

Offerte

by Firma

Sehr geehrte Damen und Herren, ich habe bemerkt, dass Sie Ihr Angebot zum größten Teil an Firmen richten und deswegen möchte ich Ihnen ein Produkt anbieten, welches zur Erhöhung der Anzahl Ihrer Kunden erheblich beitragen wird. Die Datenbanken der Firmen sind in für Sie interessante und relevante Zielgruppen untergliedert. Der neue Katalog enthält 187.764 schweizerische Firmen und stellt solche Daten zur Verfügung wie: Namen der Firma, Firmenanschrift, Kontaktdaten des Firmeninhabers oder des Managers, E-Mail-Adresse, Telefonummer, Faxnummer, Branche usw. http://www.topadressen-ch.net/?page=catalog *** 1. Schweiz 2018 ( 187 764 ) - 149 EUR ( bis zum 04.07.2018 ) *** Die Verwendungsmöglichkeiten der Datenbanken sind praktisch unbegrenzt und Sie können durch Verwendung der von uns entwickelten Programme des personalisierten Versendens von Angeboten u.ä. mittels E-mailing bzw. Fax effektive und sichere Werbekampagnen damit durchführen. Bitte informieren Sie sich über die weiteren Details einmal unverbindlich auf unseren Webseite: http://www.topadressen-ch.net/?page=catalog MfG GL-Team

7 years, 2 months

1
0
0 0

[PATCH] drm/amdgpu: Reserve fence slots for command submission

by Junwei Zhang

From: Michel Dänzer <michel.daenzer(a)amd.com> Without this, there could not be enough slots, which could trigger the BUG_ON in reservation_object_add_shared_fence. v2: * Jump to the error label instead of returning directly (Jerry Zhang) v3: * Reserve slots for command submission after VM updates (Christian König) Cc: stable(a)vger.kernel.org Bugzilla: https://bugs.freedesktop.org/106418 Reported-by: mikhail.v.gavrilov(a)gmail.com Signed-off-by: Michel Dänzer <michel.daenzer(a)amd.com> Signed-off-by: Junwei Zhang <Jerry.Zhang(a)amd.com> --- drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c index 7a625f3..1bc0281 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c @@ -928,6 +928,10 @@ static int amdgpu_cs_ib_vm_chunk(struct amdgpu_device *adev, r = amdgpu_bo_vm_update_pte(p); if (r) return r; + + r = reservation_object_reserve_shared(vm->root.base.bo->tbo.resv); + if (r) + return r; } return amdgpu_cs_sync_rings(p); -- 1.9.1

7 years, 2 months

3
2
0 0

v4.14.53 build: 0 failures 0 warnings (v4.14.53)

by Build bot for Mark Brown

Tree/Branch: v4.14.53 Git describe: v4.14.53 Commit: fa745a1bd9 Linux 4.14.53 Build Time: 98 min 43 sec Passed: 11 / 11 (100.00 %) Failed: 0 / 11 ( 0.00 %) Errors: 0 Warnings: 0 Section Mismatches: 0 ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): ------------------------------------------------------------------------------- =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches: arm64-allnoconfig arm64-allmodconfig arm-multi_v5_defconfig arm-multi_v7_defconfig x86_64-defconfig arm-allmodconfig arm-allnoconfig x86_64-allnoconfig arm-multi_v4t_defconfig x86_64-allmodconfig arm64-defconfig close failed in file object destructor: sys.excepthook is missing lost sys.stderr

7 years, 2 months

1
0
0 0

v3.18.114 build: 0 failures 1 warnings (v3.18.114)

by Build bot for Mark Brown

Tree/Branch: v3.18.114 Git describe: v3.18.114 Commit: e903eb4a70 Linux 3.18.114 Build Time: 45 min 20 sec Passed: 10 / 10 (100.00 %) Failed: 0 / 10 ( 0.00 %) Errors: 0 Warnings: 1 Section Mismatches: 0 ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): 7 warnings 0 mismatches : x86_64-allmodconfig 2 warnings 0 mismatches : x86_64-defconfig ------------------------------------------------------------------------------- Warnings Summary: 1 9 ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- x86_64-allmodconfig : PASS, 0 errors, 7 warnings, 0 section mismatches Warnings: ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ------------------------------------------------------------------------------- x86_64-defconfig : PASS, 0 errors, 2 warnings, 0 section mismatches Warnings: ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches: arm64-allnoconfig arm64-allmodconfig arm-multi_v5_defconfig arm-multi_v7_defconfig arm-allmodconfig arm-allnoconfig x86_64-allnoconfig arm64-defconfig

7 years, 2 months

1
0
0 0

[patch 5/5] mm: teach dump_page() to correctly output poisoned struct pages

by akpm＠linux-foundation.org

From: Pavel Tatashin <pasha.tatashin(a)oracle.com> Subject: mm: teach dump_page() to correctly output poisoned struct pages If struct page is poisoned, and uninitialized access is detected via PF_POISONED_CHECK(page) dump_page() is called to output the page. But, the dump_page() itself accesses struct page to determine how to print it, and therefore gets into a recursive loop. For example: dump_page() __dump_page() PageSlab(page) PF_POISONED_CHECK(page) VM_BUG_ON_PGFLAGS(PagePoisoned(page), page) dump_page() recursion loop. Link: http://lkml.kernel.org/r/20180702180536.2552-1-pasha.tatashin@oracle.com Fixes: f165b378bbdf ("mm: uninitialized struct page poisoning sanity checking") Signed-off-by: Pavel Tatashin <pasha.tatashin(a)oracle.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/debug.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff -puN mm/debug.c~mm-teach-dump_page-to-correctly-output-poisoned-struct-pages mm/debug.c --- a/mm/debug.c~mm-teach-dump_page-to-correctly-output-poisoned-struct-pages +++ a/mm/debug.c @@ -43,12 +43,25 @@ const struct trace_print_flags vmaflag_n void __dump_page(struct page *page, const char *reason) { + bool page_poisoned = PagePoisoned(page); + int mapcount; + + /* + * If struct page is poisoned don't access Page*() functions as that + * leads to recursive loop. Page*() check for poisoned pages, and calls + * dump_page() when detected. + */ + if (page_poisoned) { + pr_emerg("page:%px is uninitialized and poisoned", page); + goto hex_only; + } + /* * Avoid VM_BUG_ON() in page_mapcount(). * page->_mapcount space in struct page is used by sl[aou]b pages to * encode own info. */ - int mapcount = PageSlab(page) ? 0 : page_mapcount(page); + mapcount = PageSlab(page) ? 0 : page_mapcount(page); pr_emerg("page:%px count:%d mapcount:%d mapping:%px index:%#lx", page, page_ref_count(page), mapcount, @@ -60,6 +73,7 @@ void __dump_page(struct page *page, cons pr_emerg("flags: %#lx(%pGp)\n", page->flags, &page->flags); +hex_only: print_hex_dump(KERN_ALERT, "raw: ", DUMP_PREFIX_NONE, 32, sizeof(unsigned long), page, sizeof(struct page), false); @@ -68,7 +82,7 @@ void __dump_page(struct page *page, cons pr_alert("page dumped because: %s\n", reason); #ifdef CONFIG_MEMCG - if (page->mem_cgroup) + if (!page_poisoned && page->mem_cgroup) pr_alert("page->mem_cgroup:%px\n", page->mem_cgroup); #endif } _

7 years, 2 months

1
0
0 0

[patch 2/5] mm: hugetlb: yield when prepping struct pages

by akpm＠linux-foundation.org

From: Cannon Matthews <cannonmatthews(a)google.com> Subject: mm: hugetlb: yield when prepping struct pages When booting with very large numbers of gigantic (i.e. 1G) pages, the operations in the loop of gather_bootmem_prealloc, and specifically prep_compound_gigantic_page, takes a very long time, and can cause a softlockup if enough pages are requested at boot. For example booting with 3844 1G pages requires prepping (set_compound_head, init the count) over 1 billion 4K tail pages, which takes considerable time. Add a cond_resched() to the outer loop in gather_bootmem_prealloc() to prevent this lockup. Tested: Booted with softlockup_panic=1 hugepagesz=1G hugepages=3844 and no softlockup is reported, and the hugepages are reported as successfully setup. Link: http://lkml.kernel.org/r/20180627214447.260804-1-cannonmatthews@google.com Signed-off-by: Cannon Matthews <cannonmatthews(a)google.com> Reviewed-by: Andrew Morton <akpm(a)linux-foundation.org> Reviewed-by: Mike Kravetz <mike.kravetz(a)oracle.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Cc: Andres Lagar-Cavilla <andreslc(a)google.com> Cc: Peter Feiner <pfeiner(a)google.com> Cc: Greg Thelen <gthelen(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/hugetlb.c | 1 + 1 file changed, 1 insertion(+) diff -puN mm/hugetlb.c~mm-hugetlb-yield-when-prepping-struct-pages mm/hugetlb.c --- a/mm/hugetlb.c~mm-hugetlb-yield-when-prepping-struct-pages +++ a/mm/hugetlb.c @@ -2163,6 +2163,7 @@ static void __init gather_bootmem_preall */ if (hstate_is_gigantic(h)) adjust_managed_page_count(page, 1 << h->order); + cond_resched(); } } _

7 years, 2 months

1
0
0 0

[patch 1/5] userfaultfd: hugetlbfs: fix userfaultfd_huge_must_wait() pte access

by akpm＠linux-foundation.org

From: Janosch Frank <frankja(a)linux.ibm.com> Subject: userfaultfd: hugetlbfs: fix userfaultfd_huge_must_wait() pte access Use huge_ptep_get() to translate huge ptes to normal ptes so we can check them with the huge_pte_* functions. Otherwise some architectures will check the wrong values and will not wait for userspace to bring in the memory. Link: http://lkml.kernel.org/r/20180626132421.78084-1-frankja@linux.ibm.com Fixes: 369cd2121be4 ("userfaultfd: hugetlbfs: userfaultfd_huge_must_wait for hugepmd ranges") Signed-off-by: Janosch Frank <frankja(a)linux.ibm.com> Reviewed-by: David Hildenbrand <david(a)redhat.com> Reviewed-by: Mike Kravetz <mike.kravetz(a)oracle.com> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/userfaultfd.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff -puN fs/userfaultfd.c~userfaultfd-hugetlbfs-fix-userfaultfd_huge_must_wait-pte-access fs/userfaultfd.c --- a/fs/userfaultfd.c~userfaultfd-hugetlbfs-fix-userfaultfd_huge_must_wait-pte-access +++ a/fs/userfaultfd.c @@ -222,24 +222,26 @@ static inline bool userfaultfd_huge_must unsigned long reason) { struct mm_struct *mm = ctx->mm; - pte_t *pte; + pte_t *ptep, pte; bool ret = true; VM_BUG_ON(!rwsem_is_locked(&mm->mmap_sem)); - pte = huge_pte_offset(mm, address, vma_mmu_pagesize(vma)); - if (!pte) + ptep = huge_pte_offset(mm, address, vma_mmu_pagesize(vma)); + + if (!ptep) goto out; ret = false; + pte = huge_ptep_get(ptep); /* * Lockless access: we're in a wait_event so it's ok if it * changes under us. */ - if (huge_pte_none(*pte)) + if (huge_pte_none(pte)) ret = true; - if (!huge_pte_write(*pte) && (reason & VM_UFFD_WP)) + if (!huge_pte_write(pte) && (reason & VM_UFFD_WP)) ret = true; out: return ret; _

7 years, 2 months

1
0
0 0

+ mm-fix-locked-field-in-proc-pid-smaps.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: fs/proc/task_mmu.c: fix Locked field in /proc/pid/smaps* has been added to the -mm tree. Its filename is mm-fix-locked-field-in-proc-pid-smaps.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/mm-fix-locked-field-in-proc-pid-sm… and later at http://ozlabs.org/~akpm/mmotm/broken-out/mm-fix-locked-field-in-proc-pid-sm… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Vlastimil Babka <vbabka(a)suse.cz> Subject: fs/proc/task_mmu.c: fix Locked field in /proc/pid/smaps* Thomas reports: : While looking around in /proc on my v4.14.52 system I noticed that : all processes got a lot of "Locked" memory in /proc/*/smaps. A lot : more memory than a regular user can usually lock with mlock(). : : commit 493b0e9d945fa9dfe96be93ae41b4ca4b6fdb317 (v4.14-rc1) seems : to have changed the behavior of "Locked". : : Before that commit the code was like this. Notice the VM_LOCKED : check. : : (vma->vm_flags & VM_LOCKED) ? : (unsigned long)(mss.pss >> (10 + PSS_SHIFT)) : 0); : : After that commit Locked is now the same as Pss. This looks like a : mistake. : : (unsigned long)(mss->pss >> (10 + PSS_SHIFT))); Indeed, the commit has added mss->pss_locked with the correct value that depends on VM_LOCKED, but forgot to actually use it. Fix it. Link: http://lkml.kernel.org/r/ebf6c7fb-fec3-6a26-544f-710ed193c154@suse.cz Fixes: 493b0e9d945f ("mm: add /proc/pid/smaps_rollup") Signed-off-by: Vlastimil Babka <vbabka(a)suse.cz> Reported-by: Thomas Lindroth <thomas.lindroth(a)gmail.com> Cc: Alexey Dobriyan <adobriyan(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/proc/task_mmu.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff -puN fs/proc/task_mmu.c~mm-fix-locked-field-in-proc-pid-smaps fs/proc/task_mmu.c --- a/fs/proc/task_mmu.c~mm-fix-locked-field-in-proc-pid-smaps +++ a/fs/proc/task_mmu.c @@ -831,7 +831,8 @@ static int show_smap(struct seq_file *m, SEQ_PUT_DEC(" kB\nSwap: ", mss->swap); SEQ_PUT_DEC(" kB\nSwapPss: ", mss->swap_pss >> PSS_SHIFT); - SEQ_PUT_DEC(" kB\nLocked: ", mss->pss >> PSS_SHIFT); + SEQ_PUT_DEC(" kB\nLocked: ", + mss->pss_locked >> PSS_SHIFT); seq_puts(m, " kB\n"); } if (!rollup_mode) { _ Patches currently in -mm which might be from vbabka(a)suse.cz are mm-page_alloc-actually-ignore-mempolicies-for-high-priority-allocations.patch mm-fix-locked-field-in-proc-pid-smaps.patch

7 years, 2 months

1
0
0 0

v4.9.111 build: 0 failures 0 warnings (v4.9.111)

by Build bot for Mark Brown

Tree/Branch: v4.9.111 Git describe: v4.9.111 Commit: e692f66fab Linux 4.9.111 Build Time: 83 min 48 sec Passed: 11 / 11 (100.00 %) Failed: 0 / 11 ( 0.00 %) Errors: 0 Warnings: 0 Section Mismatches: 0 ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): ------------------------------------------------------------------------------- =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches: arm64-allnoconfig arm64-allmodconfig arm-multi_v5_defconfig arm-multi_v7_defconfig x86_64-defconfig arm-allmodconfig arm-allnoconfig x86_64-allnoconfig arm-multi_v4t_defconfig x86_64-allmodconfig arm64-defconfig close failed in file object destructor: sys.excepthook is missing lost sys.stderr

7 years, 2 months

1
0
0 0

[PATCH 2/2] drm/nouveau: Fix runtime PM leak in nv50_disp_atomic_commit()

by Lyude Paul

A CRTC being enabled doesn't mean it's on! It doesn't even necessarily mean it's being used. This fixes runtime PM leaks on the P50 I've got next to me. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/nouveau/dispnv50/disp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/nouveau/dispnv50/disp.c b/drivers/gpu/drm/nouveau/dispnv50/disp.c index d9da69c83ae7..9bae4db84cfb 100644 --- a/drivers/gpu/drm/nouveau/dispnv50/disp.c +++ b/drivers/gpu/drm/nouveau/dispnv50/disp.c @@ -1878,7 +1878,7 @@ nv50_disp_atomic_commit(struct drm_device *dev, nv50_disp_atomic_commit_tail(state); drm_for_each_crtc(crtc, dev) { - if (crtc->state->enable) { + if (crtc->state->active) { if (!drm->have_disp_power_ref) { drm->have_disp_power_ref = true; return 0; -- 2.17.1

7 years, 2 months

1
0
0 0

[PATCH 1/2] drm/nouveau: Fix runtime PM leak in drm_open()

by Lyude Paul

Noticed this as I was skimming through, if we fail to allocate memory for cli we'll end up returning without dropping the runtime PM ref we got. Additionally, we'll even return the wrong return code! (ret most likely will == 0 here, we want -ENOMEM). Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/nouveau/nouveau_drm.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/nouveau/nouveau_drm.c b/drivers/gpu/drm/nouveau/nouveau_drm.c index 0452b18d36b9..0f668e275ee1 100644 --- a/drivers/gpu/drm/nouveau/nouveau_drm.c +++ b/drivers/gpu/drm/nouveau/nouveau_drm.c @@ -919,8 +919,10 @@ nouveau_drm_open(struct drm_device *dev, struct drm_file *fpriv) get_task_comm(tmpname, current); snprintf(name, sizeof(name), "%s[%d]", tmpname, pid_nr(fpriv->pid)); - if (!(cli = kzalloc(sizeof(*cli), GFP_KERNEL))) - return ret; + if (!(cli = kzalloc(sizeof(*cli), GFP_KERNEL))) { + ret = -ENOMEM; + goto done; + } ret = nouveau_cli_init(drm, name, cli); if (ret) -- 2.17.1

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] f2fs: truncate preallocated blocks in error case" failed to apply to 4.16-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.16-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From dc7a10ddee0c56c6d891dd18de5c4ee9869545e0 Mon Sep 17 00:00:00 2001 From: Jaegeuk Kim <jaegeuk(a)kernel.org> Date: Fri, 30 Mar 2018 17:58:13 -0700 Subject: [PATCH] f2fs: truncate preallocated blocks in error case If write is failed, we must deallocate the blocks that we couldn't write. Cc: stable(a)vger.kernel.org Reviewed-by: Chao Yu <yuchao0(a)huawei.com> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c index 8068b015ece5..6b94f19b3fa8 100644 --- a/fs/f2fs/file.c +++ b/fs/f2fs/file.c @@ -2911,6 +2911,8 @@ static ssize_t f2fs_file_write_iter(struct kiocb *iocb, struct iov_iter *from) ret = generic_write_checks(iocb, from); if (ret > 0) { + bool preallocated = false; + size_t target_size = 0; int err; if (iov_iter_fault_in_readable(from, iov_iter_count(from))) @@ -2927,6 +2929,9 @@ static ssize_t f2fs_file_write_iter(struct kiocb *iocb, struct iov_iter *from) } } else { + preallocated = true; + target_size = iocb->ki_pos + iov_iter_count(from); + err = f2fs_preallocate_blocks(iocb, from); if (err) { clear_inode_flag(inode, FI_NO_PREALLOC); @@ -2939,6 +2944,10 @@ static ssize_t f2fs_file_write_iter(struct kiocb *iocb, struct iov_iter *from) blk_finish_plug(&plug); clear_inode_flag(inode, FI_NO_PREALLOC); + /* if we couldn't write data, we should deallocate blocks. */ + if (preallocated && i_size_read(inode) < target_size) + f2fs_truncate(inode); + if (ret > 0) f2fs_update_iostat(F2FS_I_SB(inode), APP_WRITE_IO, ret); }

7 years, 2 months

2
1
0 0

[PATCH v3] stop_machine: Disable preemption when waking two stopper threads

by Isaac J. Manjarres

When cpu_stop_queue_two_works() begins to wake the stopper threads, it does so without preemption disabled, which leads to the following race condition: The source CPU calls cpu_stop_queue_two_works(), with cpu1 as the source CPU, and cpu2 as the destination CPU. When adding the stopper threads to the wake queue used in this function, the source CPU stopper thread is added first, and the destination CPU stopper thread is added last. When wake_up_q() is invoked to wake the stopper threads, the threads are woken up in the order that they are queued in, so the source CPU's stopper thread is woken up first, and it preempts the thread running on the source CPU. The stopper thread will then execute on the source CPU, disable preemption, and begin executing multi_cpu_stop(), and wait for an ack from the destination CPU's stopper thread, with preemption still disabled. Since the worker thread that woke up the stopper thread on the source CPU is affine to the source CPU, and preemption is disabled on the source CPU, that thread will never run to dequeue the destination CPU's stopper thread from the wake queue, and thus, the destination CPU's stopper thread will never run, causing the source CPU's stopper thread to wait forever, and stall. Disable preemption when waking the stopper threads in cpu_stop_queue_two_works(). Fixes: 0b26351b910f ("stop_machine, sched: Fix migrate_swap() vs. active_balance() deadlock") Co-Developed-by: Prasad Sodagudi <psodagud(a)codeaurora.org> Co-Developed-by: Pavankumar Kondeti <pkondeti(a)codeaurora.org> Signed-off-by: Isaac J. Manjarres <isaacm(a)codeaurora.org> Signed-off-by: Prasad Sodagudi <psodagud(a)codeaurora.org> Signed-off-by: Pavankumar Kondeti <pkondeti(a)codeaurora.org> Cc: stable(a)vger.kernel.org --- kernel/stop_machine.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/kernel/stop_machine.c b/kernel/stop_machine.c index f89014a..1ff523d 100644 --- a/kernel/stop_machine.c +++ b/kernel/stop_machine.c @@ -270,7 +270,11 @@ static int cpu_stop_queue_two_works(int cpu1, struct cpu_stop_work *work1, goto retry; } - wake_up_q(&wakeq); + if (!err) { + preempt_disable(); + wake_up_q(&wakeq); + preempt_enable(); + } return err; } -- The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum, a Linux Foundation Collaborative Project

7 years, 2 months

1
0
0 0

[v4.17-stable 0/5] Fix DM DAX handling

by Ross Zwisler

This is a v4.17-stable backport of my "Fix DM DAX handling" series which had backport collisions. Greg, please let me know if I need to adjust anything in my backport formatting. Darrick J. Wong (1): fs: allow per-device dax status checking for filesystems Dave Jiang (1): dax: change bdev_dax_supported() to support boolean returns Ross Zwisler (3): pmem: only set QUEUE_FLAG_DAX for fsdax mode dax: bdev_dax_supported() check for QUEUE_FLAG_DAX dm: prevent DAX mounts if not supported drivers/dax/super.c | 48 ++++++++++++++++++++++++++++-------------------- drivers/md/dm-table.c | 7 ++++--- drivers/md/dm.c | 3 +-- drivers/nvdimm/pmem.c | 3 ++- fs/ext2/super.c | 3 +-- fs/ext4/super.c | 3 +-- fs/xfs/xfs_ioctl.c | 3 ++- fs/xfs/xfs_iops.c | 30 +++++++++++++++++++++++++----- fs/xfs/xfs_super.c | 10 ++++++++-- include/linux/dax.h | 11 ++++++----- 10 files changed, 78 insertions(+), 43 deletions(-) -- 2.14.4

7 years, 2 months

1
6
0 0

[PATCH] block: don't use blocking queue entered for recursive bio submits

by Jens Axboe

commit cd4a4ae4683dc2e09380118e205e057896dcda2b upstream. If we end up splitting a bio and the queue goes away between the initial submission and the later split submission, then we can block forever in blk_queue_enter() waiting for the reference to drop to zero. This will never happen, since we already hold a reference. Mark a split bio as already having entered the queue, so we can just use the live non-blocking queue enter variant. Thanks to Tetsuo Handa for the analysis. We're running fio tests and the tasks get stuck in a D state forever when systemd-udevd tries to read the partition table. This patch solves it. Please apply to 4.17 stable. Reported-by: syzbot+c4f9cebf9d651f6e54de(a)syzkaller.appspotmail.com Signed-off-by: Jens Axboe <axboe(a)kernel.dk> Signed-off-by: Alexandru Moise <00moses.alexander00(a)gmail.com> --- block/blk-core.c | 4 +++- block/blk-merge.c | 10 ++++++++++ include/linux/blk_types.h | 2 ++ 3 files changed, 15 insertions(+), 1 deletion(-) diff --git a/block/blk-core.c b/block/blk-core.c index b559b9d4f1a2..47ab2d9d02d9 100644 --- a/block/blk-core.c +++ b/block/blk-core.c @@ -2392,7 +2392,9 @@ blk_qc_t generic_make_request(struct bio *bio) if (bio->bi_opf & REQ_NOWAIT) flags = BLK_MQ_REQ_NOWAIT; - if (blk_queue_enter(q, flags) < 0) { + if (bio_flagged(bio, BIO_QUEUE_ENTERED)) + blk_queue_enter_live(q); + else if (blk_queue_enter(q, flags) < 0) { if (!blk_queue_dying(q) && (bio->bi_opf & REQ_NOWAIT)) bio_wouldblock_error(bio); else diff --git a/block/blk-merge.c b/block/blk-merge.c index 782940c65d8a..481dc02668f9 100644 --- a/block/blk-merge.c +++ b/block/blk-merge.c @@ -210,6 +210,16 @@ void blk_queue_split(struct request_queue *q, struct bio **bio) /* there isn't chance to merge the splitted bio */ split->bi_opf |= REQ_NOMERGE; + /* + * Since we're recursing into make_request here, ensure + * that we mark this bio as already having entered the queue. + * If not, and the queue is going away, we can get stuck + * forever on waiting for the queue reference to drop. But + * that will never happen, as we're already holding a + * reference to it. + */ + bio_set_flag(*bio, BIO_QUEUE_ENTERED); + bio_chain(split, *bio); trace_block_split(q, split, (*bio)->bi_iter.bi_sector); generic_make_request(*bio); diff --git a/include/linux/blk_types.h b/include/linux/blk_types.h index 17b18b91ebac..1602bf4ab4cd 100644 --- a/include/linux/blk_types.h +++ b/include/linux/blk_types.h @@ -186,6 +186,8 @@ struct bio { * throttling rules. Don't do it again. */ #define BIO_TRACE_COMPLETION 10 /* bio_endio() should trace the final completion * of this bio. */ +#define BIO_QUEUE_ENTERED 11 /* can use blk_queue_enter_live() */ + /* See BVEC_POOL_OFFSET below before adding new flags */ /* -- 2.18.0

7 years, 2 months

3
2
0 0

[PATCH] drm/nouveau: Set DRIVER_ATOMIC cap earlier to fix debugfs

by Lyude Paul

Currently nouveau doesn't actually expose the state debugfs file that's usually provided for any modesetting driver that supports atomic, even if nouveau is loaded with atomic=1. This is due to the fact that the standard debugfs files that DRM creates for atomic drivers is called when drm_get_pci_dev() is called from nouveau_drm.c. This happens well before we've initialized the display core, which is currently responsible for setting the DRIVER_ATOMIC cap. So, move the atomic option into nouveau_drm.c and just add the DRIVER_ATOMIC cap whenever it's enabled on the kernel commandline. This shouldn't cause any actual issues, as the atomic ioctl will still fail as expected even if the display core doesn't disable it until later in the init sequence. This also provides the added benefit of being able to use the state debugfs file to check the current display state even if clients aren't allowed to modify it through anything other than the legacy ioctls. Additionally, disable the DRIVER_ATOMIC cap in nv04's display core, as this was already disabled there previously. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/nouveau/dispnv04/disp.c | 3 +++ drivers/gpu/drm/nouveau/dispnv50/disp.c | 6 ------ drivers/gpu/drm/nouveau/nouveau_drm.c | 7 +++++++ 3 files changed, 10 insertions(+), 6 deletions(-) diff --git a/drivers/gpu/drm/nouveau/dispnv04/disp.c b/drivers/gpu/drm/nouveau/dispnv04/disp.c index 501d2d290e9c..70dce544984e 100644 --- a/drivers/gpu/drm/nouveau/dispnv04/disp.c +++ b/drivers/gpu/drm/nouveau/dispnv04/disp.c @@ -55,6 +55,9 @@ nv04_display_create(struct drm_device *dev) nouveau_display(dev)->init = nv04_display_init; nouveau_display(dev)->fini = nv04_display_fini; + /* Pre-nv50 doesn't support atomic, so don't expose the ioctls */ + dev->driver->driver_features &= ~DRIVER_ATOMIC; + nouveau_hw_save_vga_fonts(dev, 1); nv04_crtc_create(dev, 0); diff --git a/drivers/gpu/drm/nouveau/dispnv50/disp.c b/drivers/gpu/drm/nouveau/dispnv50/disp.c index 9382e99a0bc7..d9da69c83ae7 100644 --- a/drivers/gpu/drm/nouveau/dispnv50/disp.c +++ b/drivers/gpu/drm/nouveau/dispnv50/disp.c @@ -2126,10 +2126,6 @@ nv50_display_destroy(struct drm_device *dev) kfree(disp); } -MODULE_PARM_DESC(atomic, "Expose atomic ioctl (default: disabled)"); -static int nouveau_atomic = 0; -module_param_named(atomic, nouveau_atomic, int, 0400); - int nv50_display_create(struct drm_device *dev) { @@ -2154,8 +2150,6 @@ nv50_display_create(struct drm_device *dev) disp->disp = &nouveau_display(dev)->disp; dev->mode_config.funcs = &nv50_disp_func; dev->driver->driver_features |= DRIVER_PREFER_XBGR_30BPP; - if (nouveau_atomic) - dev->driver->driver_features |= DRIVER_ATOMIC; /* small shared memory area we use for notifiers and semaphores */ ret = nouveau_bo_new(&drm->client, 4096, 0x1000, TTM_PL_FLAG_VRAM, diff --git a/drivers/gpu/drm/nouveau/nouveau_drm.c b/drivers/gpu/drm/nouveau/nouveau_drm.c index 775443c9af94..0452b18d36b9 100644 --- a/drivers/gpu/drm/nouveau/nouveau_drm.c +++ b/drivers/gpu/drm/nouveau/nouveau_drm.c @@ -81,6 +81,10 @@ MODULE_PARM_DESC(modeset, "enable driver (default: auto, " int nouveau_modeset = -1; module_param_named(modeset, nouveau_modeset, int, 0400); +MODULE_PARM_DESC(atomic, "Expose atomic ioctl (default: disabled)"); +static int nouveau_atomic = 0; +module_param_named(atomic, nouveau_atomic, int, 0400); + MODULE_PARM_DESC(runpm, "disable (0), force enable (1), optimus only default (-1)"); static int nouveau_runtime_pm = -1; module_param_named(runpm, nouveau_runtime_pm, int, 0400); @@ -509,6 +513,9 @@ static int nouveau_drm_probe(struct pci_dev *pdev, pci_set_master(pdev); + if (nouveau_atomic) + driver_pci.driver_features |= DRIVER_ATOMIC; + ret = drm_get_pci_dev(pdev, pent, &driver_pci); if (ret) { nvkm_device_del(&device); -- 2.17.1

7 years, 2 months

1
0
0 0

[PATCH] ib_srpt: Fix a use-after-free in __srpt_close_all_ch()

by Bart Van Assche

BUG: KASAN: use-after-free in srpt_set_enabled+0x1a9/0x1e0 [ib_srpt] Read of size 4 at addr ffff8801269d23f8 by task check/29726 CPU: 4 PID: 29726 Comm: check Not tainted 4.18.0-rc2-dbg+ #4 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.0.0-prebuilt.qemu-project.org 04/01/2014 Call Trace: dump_stack+0xa4/0xf5 print_address_description+0x6f/0x270 kasan_report+0x241/0x360 __asan_load4+0x78/0x80 srpt_set_enabled+0x1a9/0x1e0 [ib_srpt] srpt_tpg_enable_store+0xb8/0x120 [ib_srpt] configfs_write_file+0x14e/0x1d0 [configfs] __vfs_write+0xd2/0x3b0 vfs_write+0x101/0x270 ksys_write+0xab/0x120 __x64_sys_write+0x43/0x50 do_syscall_64+0x77/0x230 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f235cfe6154 Fixes: aaf45bd83eba ("IB/srpt: Detect session shutdown reliably") Signed-off-by: Bart Van Assche <bart.vanassche(a)wdc.com> Cc: <stable(a)vger.kernel.org> --- drivers/infiniband/ulp/srpt/ib_srpt.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/infiniband/ulp/srpt/ib_srpt.c b/drivers/infiniband/ulp/srpt/ib_srpt.c index 36d9fab7c998..3acb0c16b7ac 100644 --- a/drivers/infiniband/ulp/srpt/ib_srpt.c +++ b/drivers/infiniband/ulp/srpt/ib_srpt.c @@ -1941,8 +1941,8 @@ static void __srpt_close_all_ch(struct srpt_port *sport) list_for_each_entry(nexus, &sport->nexus_list, entry) { list_for_each_entry(ch, &nexus->ch_list, list) { if (srpt_disconnect_ch(ch) >= 0) - pr_info("Closing channel %s-%d because target %s_%d has been disabled\n", - ch->sess_name, ch->qp->qp_num, + pr_info("Closing channel %s because target %s_%d has been disabled\n", + ch->sess_name, sport->sdev->device->name, sport->port); srpt_close_ch(ch); } -- 2.18.0

7 years, 2 months

2
1
0 0

[PATCH] ib_srpt: Fix a use-after-free in srpt_close_ch()

by Bart Van Assche

Avoid that KASAN reports the following: BUG: KASAN: use-after-free in srpt_close_ch+0x4f/0x1b0 [ib_srpt] Read of size 4 at addr ffff880151180cb8 by task check/4681 CPU: 15 PID: 4681 Comm: check Not tainted 4.18.0-rc2-dbg+ #4 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.0.0-prebuilt.qemu-project.org 04/01/2014 Call Trace: dump_stack+0xa4/0xf5 print_address_description+0x6f/0x270 kasan_report+0x241/0x360 __asan_load4+0x78/0x80 srpt_close_ch+0x4f/0x1b0 [ib_srpt] srpt_set_enabled+0xf7/0x1e0 [ib_srpt] srpt_tpg_enable_store+0xb8/0x120 [ib_srpt] configfs_write_file+0x14e/0x1d0 [configfs] __vfs_write+0xd2/0x3b0 vfs_write+0x101/0x270 ksys_write+0xab/0x120 __x64_sys_write+0x43/0x50 do_syscall_64+0x77/0x230 entry_SYSCALL_64_after_hwframe+0x49/0xbe Fixes: aaf45bd83eba ("IB/srpt: Detect session shutdown reliably") Signed-off-by: Bart Van Assche <bart.vanassche(a)wdc.com> Cc: <stable(a)vger.kernel.org> --- drivers/infiniband/ulp/srpt/ib_srpt.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/infiniband/ulp/srpt/ib_srpt.c b/drivers/infiniband/ulp/srpt/ib_srpt.c index 3acb0c16b7ac..e42eec20c631 100644 --- a/drivers/infiniband/ulp/srpt/ib_srpt.c +++ b/drivers/infiniband/ulp/srpt/ib_srpt.c @@ -1834,8 +1834,7 @@ static bool srpt_close_ch(struct srpt_rdma_ch *ch) int ret; if (!srpt_set_ch_state(ch, CH_DRAINING)) { - pr_debug("%s-%d: already closed\n", ch->sess_name, - ch->qp->qp_num); + pr_debug("%s: already closed\n", ch->sess_name); return false; } -- 2.18.0

7 years, 2 months

2
1
0 0

patch "Drivers: hv: vmbus: Fix the offer_in_progress in" added to char-misc-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled Drivers: hv: vmbus: Fix the offer_in_progress in to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. >From 50229128727f7e11840ca1b2b501f880818d56b6 Mon Sep 17 00:00:00 2001 From: Dexuan Cui <decui(a)microsoft.com> Date: Tue, 5 Jun 2018 13:37:52 -0700 Subject: Drivers: hv: vmbus: Fix the offer_in_progress in vmbus_process_offer() I didn't really hit a real bug, but just happened to spot the bug: we have decreased the counter at the beginning of vmbus_process_offer(), so we mustn't decrease it again. Fixes: 6f3d791f3006 ("Drivers: hv: vmbus: Fix rescind handling issues") Signed-off-by: Dexuan Cui <decui(a)microsoft.com> Cc: stable(a)vger.kernel.org Cc: Stephen Hemminger <sthemmin(a)microsoft.com> Cc: K. Y. Srinivasan <kys(a)microsoft.com> Cc: Stable <stable(a)vger.kernel.org> # 4.14 and above Signed-off-by: K. Y. Srinivasan <kys(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/hv/channel_mgmt.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/drivers/hv/channel_mgmt.c b/drivers/hv/channel_mgmt.c index ecc2bd275a73..f3b551a50653 100644 --- a/drivers/hv/channel_mgmt.c +++ b/drivers/hv/channel_mgmt.c @@ -527,10 +527,8 @@ static void vmbus_process_offer(struct vmbus_channel *newchannel) struct hv_device *dev = newchannel->primary_channel->device_obj; - if (vmbus_add_channel_kobj(dev, newchannel)) { - atomic_dec(&vmbus_connection.offer_in_progress); + if (vmbus_add_channel_kobj(dev, newchannel)) goto err_free_chan; - } if (channel->sc_creation_callback != NULL) channel->sc_creation_callback(newchannel); -- 2.18.0

7 years, 2 months

1
0
0 0

Linux 3.18.114

by Philip Müller

Hi Greg, for this kernel there are now patches generated on kernel.org homepage. Best, Philip

7 years, 2 months

2
3
0 0

+ mm-do-not-drop-unused-pages-when-userfaultd-is-running.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm: do not drop unused pages when userfaultd is running has been added to the -mm tree. Its filename is mm-do-not-drop-unused-pages-when-userfaultd-is-running.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/mm-do-not-drop-unused-pages-when-u… and later at http://ozlabs.org/~akpm/mmotm/broken-out/mm-do-not-drop-unused-pages-when-u… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Christian Borntraeger <borntraeger(a)de.ibm.com> Subject: mm: do not drop unused pages when userfaultd is running KVM guests on s390 can notify the host of unused pages. This can result in pte_unused callbacks to be true for KVM guest memory. If a page is unused (checked with pte_unused) we might drop this page instead of paging it. This can have side-effects on userfaultd, when the page in question was already migrated: The next access of that page will trigger a fault and a user fault instead of faulting in a new and empty zero page. As QEMU does not expect a userfault on an already migrated page this migration will fail. The most straightforward solution is to ignore the pte_unused hint if a userfault context is active for this VMA. Link: http://lkml.kernel.org/r/20180703171854.63981-1-borntraeger@de.ibm.com Signed-off-by: Christian Borntraeger <borntraeger(a)de.ibm.com> Cc: Martin Schwidefsky <schwidefsky(a)de.ibm.com> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: Mike Rapoport <rppt(a)linux.vnet.ibm.com> Cc: Janosch Frank <frankja(a)linux.ibm.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Cornelia Huck <cohuck(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/rmap.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff -puN mm/rmap.c~mm-do-not-drop-unused-pages-when-userfaultd-is-running mm/rmap.c --- a/mm/rmap.c~mm-do-not-drop-unused-pages-when-userfaultd-is-running +++ a/mm/rmap.c @@ -64,6 +64,7 @@ #include <linux/backing-dev.h> #include <linux/page_idle.h> #include <linux/memremap.h> +#include <linux/userfaultfd_k.h> #include <asm/tlbflush.h> @@ -1481,11 +1482,16 @@ static bool try_to_unmap_one(struct page set_pte_at(mm, address, pvmw.pte, pteval); } - } else if (pte_unused(pteval)) { + } else if (pte_unused(pteval) && !userfaultfd_armed(vma)) { /* * The guest indicated that the page content is of no * interest anymore. Simply discard the pte, vmscan * will take care of the rest. + * A future reference will then fault in a new zero + * page. When userfaultfd is active, we must not drop + * this page though, as its main user (postcopy + * migration) will not expect userfaults on already + * copied pages. */ dec_mm_counter(mm, mm_counter(page)); /* We have to invalidate as we cleared the pte */ _ Patches currently in -mm which might be from borntraeger(a)de.ibm.com are mm-do-not-drop-unused-pages-when-userfaultd-is-running.patch

7 years, 2 months

1
0
0 0

v4.4.139 build: 0 failures 31 warnings (v4.4.139)

by Build bot for Mark Brown

Tree/Branch: v4.4.139 Git describe: v4.4.139 Commit: 16af098616 Linux 4.4.139 Build Time: 63 min 11 sec Passed: 10 / 10 (100.00 %) Failed: 0 / 10 ( 0.00 %) Errors: 0 Warnings: 31 Section Mismatches: 0 ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): 19 warnings 0 mismatches : arm64-allmodconfig 17 warnings 0 mismatches : x86_64-allmodconfig ------------------------------------------------------------------------------- Warnings Summary: 31 3 warning: (IMA) selects TCG_CRB which has unmet direct dependencies (TCG_TPM && X86 && ACPI) 2 ../drivers/media/dvb-frontends/stv090x.c:4250:1: warning: the frame size of 4832 bytes is larger than 2048 bytes [-Wframe-larger-than=] 2 ../drivers/media/dvb-frontends/stv090x.c:1211:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=] 2 ../drivers/media/dvb-frontends/stv090x.c:1168:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/net/ethernet/rocker/rocker.c:2172:1: warning: the frame size of 2752 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/net/ethernet/rocker/rocker.c:2172:1: warning: the frame size of 2720 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:4759:1: warning: the frame size of 2056 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:4565:1: warning: the frame size of 2096 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:4565:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:3436:1: warning: the frame size of 6784 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:3436:1: warning: the frame size of 5280 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:3095:1: warning: the frame size of 5864 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:3095:1: warning: the frame size of 5840 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:2513:1: warning: the frame size of 2304 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:2513:1: warning: the frame size of 2288 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:2141:1: warning: the frame size of 2104 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:2141:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:2073:1: warning: the frame size of 2552 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:2073:1: warning: the frame size of 2544 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:1956:1: warning: the frame size of 3264 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:1956:1: warning: the frame size of 3248 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:1858:1: warning: the frame size of 3008 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:1858:1: warning: the frame size of 2992 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:1599:1: warning: the frame size of 5296 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:1599:1: warning: the frame size of 5280 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv0367.c:3147:1: warning: the frame size of 4144 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv0367.c:2490:1: warning: the frame size of 3424 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/cxd2841er.c:2401:1: warning: the frame size of 2984 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/cxd2841er.c:2401:1: warning: the frame size of 2976 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/cxd2841er.c:2282:1: warning: the frame size of 4336 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/cxd2841er.c:2282:1: warning: the frame size of 4328 bytes is larger than 2048 bytes [-Wframe-larger-than=] =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- arm64-allmodconfig : PASS, 0 errors, 19 warnings, 0 section mismatches Warnings: warning: (IMA) selects TCG_CRB which has unmet direct dependencies (TCG_TPM && X86 && ACPI) warning: (IMA) selects TCG_CRB which has unmet direct dependencies (TCG_TPM && X86 && ACPI) warning: (IMA) selects TCG_CRB which has unmet direct dependencies (TCG_TPM && X86 && ACPI) ../drivers/media/dvb-frontends/stv090x.c:1858:1: warning: the frame size of 2992 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:2141:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:2513:1: warning: the frame size of 2288 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:4565:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:1956:1: warning: the frame size of 3248 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:1599:1: warning: the frame size of 5280 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:1211:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:4250:1: warning: the frame size of 4832 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:1168:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:2073:1: warning: the frame size of 2544 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:3095:1: warning: the frame size of 5840 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:3436:1: warning: the frame size of 6784 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv0367.c:2490:1: warning: the frame size of 3424 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/cxd2841er.c:2401:1: warning: the frame size of 2976 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/cxd2841er.c:2282:1: warning: the frame size of 4336 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/net/ethernet/rocker/rocker.c:2172:1: warning: the frame size of 2720 bytes is larger than 2048 bytes [-Wframe-larger-than=] ------------------------------------------------------------------------------- x86_64-allmodconfig : PASS, 0 errors, 17 warnings, 0 section mismatches Warnings: ../drivers/media/dvb-frontends/stv090x.c:1858:1: warning: the frame size of 3008 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:2141:1: warning: the frame size of 2104 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:2513:1: warning: the frame size of 2304 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:4565:1: warning: the frame size of 2096 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:1956:1: warning: the frame size of 3264 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:1599:1: warning: the frame size of 5296 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:1211:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:4250:1: warning: the frame size of 4832 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:4759:1: warning: the frame size of 2056 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:1168:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:2073:1: warning: the frame size of 2552 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:3095:1: warning: the frame size of 5864 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:3436:1: warning: the frame size of 5280 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv0367.c:3147:1: warning: the frame size of 4144 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/cxd2841er.c:2401:1: warning: the frame size of 2984 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/cxd2841er.c:2282:1: warning: the frame size of 4328 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/net/ethernet/rocker/rocker.c:2172:1: warning: the frame size of 2752 bytes is larger than 2048 bytes [-Wframe-larger-than=] ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches: arm64-allnoconfig arm-multi_v5_defconfig arm-multi_v7_defconfig x86_64-defconfig arm-allmodconfig arm-allnoconfig x86_64-allnoconfig arm64-defconfig

7 years, 2 months

1
0
0 0

[PATCH 1/9] dm-integrity: change the variable suspending from bool to int

by Mikulas Patocka

The early alpha processors can't write a byte or short atomically - they read 8 bytes, modify the byte or two bytes in registers and write back 8 bytes. The modification of the variable "suspending" may race with modification of the variable "failed". This patch changes suspending to an int. Signed-off-by: Mikulas Patocka <mpatocka(a)redhat.com> Cc: stable(a)vger.kernel.org --- drivers/md/dm-integrity.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) Index: linux-2.6/drivers/md/dm-integrity.c =================================================================== --- linux-2.6.orig/drivers/md/dm-integrity.c 2018-06-29 23:13:54.990000000 +0200 +++ linux-2.6/drivers/md/dm-integrity.c 2018-06-29 23:13:54.980000000 +0200 @@ -178,7 +178,7 @@ struct dm_integrity_c { __u8 sectors_per_block; unsigned char mode; - bool suspending; + int suspending; int failed; @@ -2214,7 +2214,7 @@ static void dm_integrity_postsuspend(str del_timer_sync(&ic->autocommit_timer); - ic->suspending = true; + WRITE_ONCE(ic->suspending, 1); queue_work(ic->commit_wq, &ic->commit_work); drain_workqueue(ic->commit_wq); @@ -2224,7 +2224,7 @@ static void dm_integrity_postsuspend(str dm_integrity_flush_buffers(ic); } - ic->suspending = false; + WRITE_ONCE(ic->suspending, 0); BUG_ON(!RB_EMPTY_ROOT(&ic->in_progress));

7 years, 2 months

1
0
0 0

linux-4.14.y build: 0 failures 0 warnings (v4.14.52-158-gfa745a1bd983)

by Build bot for Mark Brown

Tree/Branch: linux-4.14.y Git describe: v4.14.52-158-gfa745a1bd983 Commit: fa745a1bd9 Linux 4.14.53 Build Time: 98 min 39 sec Passed: 11 / 11 (100.00 %) Failed: 0 / 11 ( 0.00 %) Errors: 0 Warnings: 0 Section Mismatches: 0 ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): ------------------------------------------------------------------------------- =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches: arm64-allnoconfig arm64-allmodconfig arm-multi_v5_defconfig arm-multi_v7_defconfig x86_64-defconfig arm-allmodconfig arm-allnoconfig x86_64-allnoconfig arm-multi_v4t_defconfig x86_64-allmodconfig arm64-defconfig close failed in file object destructor: sys.excepthook is missing lost sys.stderr

7 years, 2 months

1
0
0 0

[PATCH 1/4] drm/i915: Fix PIPESTATE irq ack on i965/g4x

by Ville Syrjala

From: Ville Syrjälä <ville.syrjala(a)linux.intel.com> On i965/g4x IIR is edge triggered. So in order for IIR to notice that there is still a pending interrupt we have to force and edge in ISR. For the ISR/IIR pipe event bits we can do that by temporarily clearing all the PIPESTAT enable bits when we ack the status bits. This will force the ISR pipe event bit low, and it can then go back high when we restore the PIPESTAT enable bits. This avoids the following race: 1. stat = read(PIPESTAT) 2. an enabled PIPESTAT status bit goes high 3. write(PIPESTAT, enable|stat); 4. write(IIR, PIPE_EVENT) The end result is IIR==0 and ISR!=0. This can lead to nasty vblank wait/flip_done timeouts if another interrupt source doesn't trick us into looking at the PIPESTAT status bits despite the IIR PIPE_EVENT bit being low. Before i965 IIR was level triggered so this problem can't actually happen there. And curiously VLV/CHV went back to the level triggered scheme as well. But for simplicity we'll use the same i965/g4x compatible code for all platforms. Cc: stable(a)vger.kernel.org Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=106033 Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=105225 Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=106030 Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> --- drivers/gpu/drm/i915/i915_irq.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/i915/i915_irq.c b/drivers/gpu/drm/i915/i915_irq.c index 2fd92a886789..364e1c85315e 100644 --- a/drivers/gpu/drm/i915/i915_irq.c +++ b/drivers/gpu/drm/i915/i915_irq.c @@ -1893,9 +1893,17 @@ static void i9xx_pipestat_irq_ack(struct drm_i915_private *dev_priv, /* * Clear the PIPE*STAT regs before the IIR + * + * Toggle the enable bits to make sure we get an + * edge in the ISR pipe event bit if we don't clear + * all the enabled status bits. Otherwise the edge + * triggered IIR on i965/g4x wouldn't notice that + * an interrupt is still pending. */ - if (pipe_stats[pipe]) - I915_WRITE(reg, enable_mask | pipe_stats[pipe]); + if (pipe_stats[pipe]) { + I915_WRITE(reg, pipe_stats[pipe]); + I915_WRITE(reg, enable_mask); + } } spin_unlock(&dev_priv->irq_lock); } -- 2.16.4

7 years, 2 months

4
9
0 0

Linux 4.17.4

by Greg KH

I'm announcing the release of the 4.17.4 kernel. All users of the 4.17 kernel series must upgrade. The updated 4.17.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.17.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/ABI/testing/sysfs-class-cxl | 4 Documentation/core-api/printk-formats.rst | 3 Makefile | 2 arch/arm/boot/dts/mt7623.dtsi | 3 arch/arm/boot/dts/mt7623n-bananapi-bpi-r2.dts | 1 arch/arm/boot/dts/mt7623n-rfb.dtsi | 1 arch/arm/boot/dts/socfpga.dtsi | 4 arch/arm/boot/dts/socfpga_arria10.dtsi | 5 arch/arm/boot/dts/sun8i-h3-libretech-all-h3-cc.dts | 8 arch/arm/include/asm/kgdb.h | 2 arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi | 6 arch/arm64/boot/dts/amlogic/meson-gx.dtsi | 6 arch/arm64/boot/dts/amlogic/meson-gxl-s905x-libretech-cc.dts | 3 arch/arm64/boot/dts/amlogic/meson-gxl.dtsi | 8 arch/arm64/boot/dts/marvell/armada-cp110.dtsi | 2 arch/arm64/crypto/aes-glue.c | 2 arch/arm64/kernel/cpufeature.c | 2 arch/arm64/kernel/signal.c | 5 arch/arm64/mm/proc.S | 5 arch/m68k/mac/config.c | 2 arch/m68k/mm/kmap.c | 3 arch/mips/ath79/mach-pb44.c | 2 arch/mips/bcm47xx/setup.c | 6 arch/mips/include/asm/io.h | 2 arch/mips/include/asm/mipsregs.h | 3 arch/mips/kernel/mcount.S | 27 +- arch/powerpc/Makefile | 1 arch/powerpc/kernel/dt_cpu_ftrs.c | 3 arch/powerpc/kernel/entry_64.S | 1 arch/powerpc/kernel/fadump.c | 3 arch/powerpc/kernel/hw_breakpoint.c | 4 arch/powerpc/kernel/ptrace.c | 1 arch/powerpc/mm/pkeys.c | 4 arch/powerpc/mm/tlb-radix.c | 2 arch/powerpc/perf/imc-pmu.c | 4 arch/powerpc/platforms/powernv/copy-paste.h | 3 arch/powerpc/platforms/powernv/idle.c | 4 arch/powerpc/platforms/powernv/pci-ioda.c | 1 arch/um/drivers/vector_kern.c | 20 + arch/x86/entry/entry_64_compat.S | 16 - arch/x86/include/asm/barrier.h | 2 arch/x86/kernel/apic/x2apic_uv_x.c | 60 +++++ arch/x86/kernel/cpu/mcheck/mce-severity.c | 5 arch/x86/kernel/cpu/mcheck/mce.c | 44 ++- arch/x86/kernel/e820.c | 15 + arch/x86/kernel/quirks.c | 11 arch/x86/kernel/traps.c | 14 - arch/x86/mm/init.c | 4 arch/x86/mm/init_64.c | 20 + arch/x86/platform/efi/efi_64.c | 4 arch/x86/xen/smp_pv.c | 5 arch/xtensa/kernel/traps.c | 2 block/blk-core.c | 4 crypto/asymmetric_keys/x509_cert_parser.c | 9 drivers/acpi/acpi_lpss.c | 20 + drivers/auxdisplay/Kconfig | 10 drivers/base/core.c | 15 - drivers/base/power/domain.c | 3 drivers/block/rbd.c | 2 drivers/bluetooth/hci_qca.c | 6 drivers/char/hw_random/core.c | 11 drivers/char/ipmi/ipmi_bt_sm.c | 3 drivers/char/tpm/tpm-dev-common.c | 40 +-- drivers/char/tpm/tpm-dev.h | 2 drivers/char/tpm/tpm2-space.c | 3 drivers/clk/at91/clk-pll.c | 13 - drivers/clk/clk-aspeed.c | 4 drivers/clk/meson/meson8b.c | 7 drivers/clk/renesas/renesas-cpg-mssr.c | 9 drivers/cpufreq/intel_pstate.c | 27 +- drivers/cpuidle/cpuidle-powernv.c | 32 ++ drivers/firmware/efi/libstub/tpm.c | 2 drivers/hwmon/k10temp.c | 5 drivers/i2c/algos/i2c-algo-bit.c | 5 drivers/i2c/busses/i2c-gpio.c | 4 drivers/iio/accel/sca3000.c | 9 drivers/iio/adc/ad7791.c | 49 ---- drivers/infiniband/core/umem.c | 11 drivers/infiniband/core/uverbs_main.c | 14 - drivers/infiniband/core/verbs.c | 14 - drivers/infiniband/hw/hfi1/chip.c | 8 drivers/infiniband/hw/hfi1/debugfs.c | 8 drivers/infiniband/hw/hfi1/file_ops.c | 4 drivers/infiniband/hw/hfi1/hfi.h | 1 drivers/infiniband/hw/hfi1/init.c | 22 + drivers/infiniband/hw/hfi1/pio.c | 44 +++ drivers/infiniband/hw/mlx4/mad.c | 1 drivers/infiniband/hw/mlx4/mr.c | 50 +++- drivers/infiniband/hw/mlx5/cq.c | 15 + drivers/infiniband/hw/qib/qib.h | 4 drivers/infiniband/hw/qib/qib_file_ops.c | 10 drivers/infiniband/hw/qib/qib_init.c | 13 + drivers/infiniband/hw/qib/qib_user_pages.c | 20 + drivers/infiniband/sw/rdmavt/cq.c | 31 +- drivers/infiniband/ulp/isert/ib_isert.c | 28 +- drivers/input/joystick/xpad.c | 2 drivers/input/mouse/elan_i2c.h | 2 drivers/input/mouse/elan_i2c_core.c | 3 drivers/input/mouse/elan_i2c_smbus.c | 10 drivers/input/mouse/elantech.c | 11 drivers/input/mouse/psmouse-base.c | 12 - drivers/input/touchscreen/silead.c | 1 drivers/iommu/Kconfig | 1 drivers/iommu/amd_iommu.c | 68 ++++-- drivers/irqchip/irq-gic-v3-its.c | 9 drivers/md/dm-thin.c | 11 drivers/md/dm-zoned-target.c | 2 drivers/md/dm.c | 5 drivers/md/md.c | 4 drivers/media/dvb-core/dvb_frontend.c | 23 +- drivers/media/platform/vsp1/vsp1_video.c | 21 + drivers/media/rc/ir-mce_kbd-decoder.c | 2 drivers/media/usb/cx231xx/cx231xx-cards.c | 3 drivers/media/usb/cx231xx/cx231xx-dvb.c | 2 drivers/media/usb/uvc/uvc_video.c | 24 +- drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 2 drivers/mfd/intel-lpss-pci.c | 25 +- drivers/mfd/intel-lpss.c | 4 drivers/mfd/twl-core.c | 2 drivers/misc/cxl/pci.c | 4 drivers/misc/cxl/sysfs.c | 16 + drivers/mmc/host/renesas_sdhi_core.c | 5 drivers/mmc/host/renesas_sdhi_internal_dmac.c | 1 drivers/mmc/host/renesas_sdhi_sys_dmac.c | 3 drivers/mtd/chips/cfi_cmdset_0002.c | 21 + drivers/mtd/nand/raw/denali_dt.c | 6 drivers/mtd/nand/raw/mxc_nand.c | 5 drivers/mtd/nand/raw/nand_base.c | 29 -- drivers/mtd/nand/raw/nand_macronix.c | 48 +++- drivers/mtd/nand/raw/nand_micron.c | 2 drivers/mtd/spi-nor/intel-spi.c | 76 +++++- drivers/mtd/ubi/build.c | 3 drivers/mtd/ubi/eba.c | 90 +++++++- drivers/mtd/ubi/wl.c | 4 drivers/net/ethernet/ti/davinci_emac.c | 15 + drivers/nvdimm/bus.c | 14 - drivers/nvdimm/pmem.c | 10 drivers/nvdimm/region_devs.c | 3 drivers/of/platform.c | 5 drivers/of/resolver.c | 5 drivers/of/unittest.c | 8 drivers/opp/core.c | 2 drivers/pci/host/pci-hyperv.c | 11 drivers/pci/hotplug/pciehp.h | 2 drivers/pci/hotplug/pciehp_core.c | 2 drivers/pci/hotplug/pciehp_hpc.c | 13 + drivers/pci/pci-driver.c | 5 drivers/pci/probe.c | 15 + drivers/pci/quirks.c | 20 + drivers/pinctrl/devicetree.c | 7 drivers/pinctrl/mvebu/pinctrl-armada-37xx.c | 3 drivers/pinctrl/samsung/pinctrl-exynos-arm.c | 4 drivers/platform/chrome/cros_ec_lpc.c | 13 - drivers/pwm/pwm-lpss-platform.c | 5 drivers/pwm/pwm-lpss.c | 30 ++ drivers/pwm/pwm-lpss.h | 2 drivers/remoteproc/qcom_q6v5_pil.c | 10 drivers/rpmsg/qcom_smd.c | 18 - drivers/rtc/rtc-sun6i.c | 4 drivers/s390/scsi/zfcp_dbf.c | 40 +++ drivers/s390/scsi/zfcp_erp.c | 123 ++++++++--- drivers/s390/scsi/zfcp_ext.h | 5 drivers/s390/scsi/zfcp_scsi.c | 18 + drivers/scsi/hpsa.c | 10 drivers/scsi/qla2xxx/qla_gs.c | 4 drivers/scsi/qla2xxx/qla_init.c | 3 drivers/scsi/qla2xxx/qla_isr.c | 8 drivers/scsi/qla2xxx/qla_target.c | 7 drivers/scsi/scsi_debug.c | 2 drivers/soc/rockchip/pm_domains.c | 2 drivers/thermal/broadcom/bcm2835_thermal.c | 4 drivers/tty/serial/sh-sci.c | 8 drivers/usb/core/hub.c | 4 drivers/video/backlight/as3711_bl.c | 33 ++ drivers/video/backlight/max8925_bl.c | 4 drivers/video/backlight/tps65217_bl.c | 4 drivers/video/fbdev/uvesafb.c | 3 drivers/virt/vboxguest/vboxguest_linux.c | 4 drivers/w1/w1.c | 2 drivers/xen/events/events_base.c | 2 fs/btrfs/inode.c | 4 fs/f2fs/checkpoint.c | 4 fs/f2fs/inode.c | 4 fs/f2fs/segment.c | 3 fs/f2fs/segment.h | 1 fs/fuse/control.c | 13 - fs/fuse/dev.c | 3 fs/fuse/dir.c | 13 + fs/fuse/inode.c | 1 fs/nfs/callback_proc.c | 7 fs/nfs/nfs4idmap.c | 5 fs/nfs/nfs4proc.c | 2 fs/nfsd/nfs4xdr.c | 5 fs/ubifs/journal.c | 5 fs/udf/directory.c | 3 include/dt-bindings/clock/aspeed-clock.h | 2 include/linux/blkdev.h | 4 include/linux/compiler.h | 2 include/linux/memory.h | 1 include/linux/slub_def.h | 4 include/rdma/ib_verbs.h | 27 +- include/rdma/rdma_vt.h | 2 kernel/locking/rwsem.c | 1 kernel/printk/printk_safe.c | 5 kernel/softirq.c | 6 kernel/time/time.c | 6 kernel/trace/trace_events_filter.c | 10 lib/Kconfig.kasan | 1 lib/vsprintf.c | 3 mm/gup.c | 36 ++- mm/ksm.c | 14 - mm/slab_common.c | 4 mm/slub.c | 7 net/sunrpc/xprtrdma/rpc_rdma.c | 2 security/selinux/selinuxfs.c | 78 ++---- sound/core/timer.c | 2 sound/pci/hda/hda_codec.c | 5 sound/pci/hda/hda_codec.h | 1 sound/pci/hda/patch_hdmi.c | 5 sound/pci/hda/patch_realtek.c | 20 + sound/soc/cirrus/edb93xx.c | 2 sound/soc/cirrus/ep93xx-i2s.c | 26 +- sound/soc/cirrus/snappercl15.c | 2 sound/soc/codecs/cs35l35.c | 1 sound/soc/mediatek/common/mtk-afe-platform-driver.c | 4 sound/soc/soc-dapm.c | 2 tools/perf/util/dso.c | 2 tools/perf/util/intel-pt-decoder/intel-pt-decoder.c | 23 +- tools/perf/util/intel-pt-decoder/intel-pt-decoder.h | 9 tools/perf/util/intel-pt-decoder/intel-pt-pkt-decoder.c | 2 tools/perf/util/intel-pt.c | 5 tools/testing/selftests/ftrace/test.d/functions | 21 + 232 files changed, 1705 insertions(+), 755 deletions(-) ??? (1): Input: elantech - fix V4 report decoding for module with middle key Aaron Ma (1): Input: elantech - enable middle button of touchpads on ThinkPad P52 Abhishek Sahu (1): mtd: rawnand: fix return value check for bad block status Adrian Hunter (6): perf tools: Fix symbol and object code resolution for vdso32 and vdsox32 perf intel-pt: Fix sync_switch INTEL_PT_SS_NOT_TRACING perf intel-pt: Fix decoding to accept CBR between FUP and corresponding TIP perf intel-pt: Fix MTC timing after overflow perf intel-pt: Fix "Unexpected indirect branch" error perf intel-pt: Fix packet decoding of CYC packets Akshay Adiga (1): powerpc/powernv/cpuidle: Init all present cpus for deep states Alex Estrin (2): IB/{hfi1, qib}: Add handling of kernel restart IB/isert: Fix for lib/dma_debug check_sync warning Alex Williamson (1): PCI: Add ACS quirk for Intel 7th & 8th Gen mobile Alexander Sverdlin (2): ASoC: cirrus: i2s: Fix LRCLK configuration ASoC: cirrus: i2s: Fix {TX|RX}LinCtrlData setup Alexandr Savca (1): Input: elan_i2c - add ELAN0618 (Lenovo v330 15IKB) ACPI ID Alexandru Ardelean (1): iio: adc: ad7791: remove sample freq sysfs attributes Alexey Kardashevskiy (1): powerpc/powernv/ioda2: Remove redundant free of TCE pages Amit Pundir (1): Bluetooth: hci_qca: Avoid missing rampatch failure with userspace fw loader Andy Lutomirski (1): x86/entry/64/compat: Fix "x86/entry/64/compat: Preserve r8-r11 in int $0x80" Andy Shevchenko (1): mfd: intel-lpss: Program REMAP register in PIO mode Aneesh Kumar K.V (1): powerpc/mm/hash: Add missing isync prior to kernel stack SLB switch Anil Gurumurthy (1): scsi: qla2xxx: Mask off Scope bits in retry delay Anju T Sudhakar (1): powerpc/perf: Fix memory allocation for core-imc based on num_possible_cpus() Anton Ivanov (2): um: Fix initialization of vector queues um: Fix raw interface options Bart Van Assche (2): block: Fix cloning of requests with a special payload dm zoned: avoid triggering reclaim from inside dmz_map() Bartosz Golaszewski (1): net: ethernet: fix suspend/resume in davinci_emac Ben Hutchings (1): Input: elan_i2c_smbus - fix more potential stack buffer overflows Bharat Potnuri (1): RDMA/core: Save kernel caller name when creating CQ using ib_create_cq() Boris Brezillon (1): mtd: rawnand: Do not check FAIL bit when executing a SET_FEATURES op Boris Ostrovsky (1): xen: Remove unnecessary BUG_ON from __unbind_from_irq() Borislav Petkov (1): x86/mce: Do not overwrite MCi_STATUS in mce_no_way_out() Brad Love (1): media: cx231xx: Ignore an i2c mux adapter Chao Yu (1): f2fs: don't use GFP_ZERO for page caches Chen-Yu Tsai (1): ARM: dts: sun8i: h3: fix ALL-H3-CC H3 ver VCC-1V2 regulator voltage Chris Packham (1): mtd: rawnand: micron: add ONFI_FEATURE_ON_DIE_ECC to supported features Christophe JAILLET (1): iio: sca3000: Fix an error handling path in 'sca3000_probe()' Chuck Lever (1): xprtrdma: Return -ENOBUFS when no pages are available Corey Minyard (1): ipmi:bt: Set the timeout before doing a capabilities check Dan Williams (3): x86/spectre_v1: Disable compiler optimizations over array_index_mask_nospec() mm: fix __gup_device_huge vs unmap mm: fix devmem_is_allowed() for sub-page System RAM intersections Daniel Wagner (1): serial: sh-sci: Use spin_{try}lock_irqsave instead of open coding version Dave Martin (1): arm64: Fix syscall restarting around signal suppressed by tracer Dave Wysochanski (1): NFSv4: Fix possible 1-byte stack overflow in nfs_idmap_read_and_verify_message David Rivshin (1): ARM: 8764/1: kgdb: fix NUMREGBYTES so that gdb_regs[] is the correct size Dinh Nguyen (1): ARM: dts: socfpga: Fix NAND controller node compatible for Arria10 Dmitry Torokhov (2): platform/chrome: cros_ec_lpc: do not try DMI match when ACPI device found Input: psmouse - fix button reporting for basic protocols Dongsheng Yang (1): rbd: flush rbd_dev->watch_dwork after watch is unregistered Enno Boland (1): Input: xpad - fix GPD Win 2 controller name Erez Shitrit (1): IB/mlx5: Fetch soft WQE's on fatal error state Eric W. Biederman (1): signal/xtensa: Consistenly use SIGBUS in do_unaligned_user Fabio Estevam (1): pinctrl: devicetree: Fix pctldev pointer overwrite Filipe Manana (1): Btrfs: fix return value on rename exchange failure Finley Xiao (1): soc: rockchip: power-domain: Fix wrong value when power up pd with writemask Finn Thain (1): m68k/mac: Fix SWIM memory resource end address Frank Rowand (1): of: overlay: validate offset from property fixups Gautham R. Shenoy (1): cpuidle: powernv: Fix promotion from snooze if next state disabled Geert Uytterhoeven (4): thermal: bcm2835: Stop using printk format %pCr clk: renesas: cpg-mssr: Stop using printk format %pCr lib/vsprintf: Remove atomic-unsafe support for %pCr time: Make sure jiffies_to_msecs() preserves non-zero time periods Greg Kroah-Hartman (1): Linux 4.17.4 Guenter Roeck (1): hwmon: (k10temp) Add support for Stoney Ridge and Bristol Ridge CPUs Hans de Goede (4): efi/libstub/tpm: Initialize efi_physical_addr_t vars to zero for mixed mode ACPI / LPSS: Add missing prv_offset setting for byt/cht PWM devices Input: silead - add MSSL0002 ACPI HID pwm: lpss: platform: Save/restore the ctrl register over a suspend/resume Haren Myneni (1): powerpc/powernv: copy/paste - Mask SO bit in CR Himanshu Madhani (1): scsi: qla2xxx: Fix setting lower transfer speed if GPSC fails Huacai Chen (1): MIPS: io: Add barrier after register read in inX() Hui Wang (1): ALSA: hda/realtek - Fix the problem of two front mics on more machines Icenowy Zheng (1): ARM: dts: sun8i: h3: fix ALL-H3-CC H3 ver VDD-CPUX voltage Ingo Flaschberger (1): 1wire: family module autoload fails because of upper/lower case mismatch. Jack Morgenstein (2): IB/mlx4: Mark user MR as writable if actual virtual memory is writable IB/core: Make testing MR flags for writability a static inline function Jae Hyun Yoo (1): clk:aspeed: Fix reset bits for PCI/VGA and PECI Jan Kara (1): udf: Detect incorrect directory size Jann Horn (1): selinux: move user accesses in selinuxfs out of locked regions Jarkko Nikula (1): mfd: intel-lpss: Fix Intel Cannon Lake LPSS I2C input clock Jason A. Donenfeld (1): kasan: depend on CONFIG_SLUB_DEBUG Jason Gunthorpe (1): IB/uverbs: Fix ordering of ucontext check in ib_uverbs_write Jerome Brunet (1): ARM64: dts: meson: disable sd-uhs modes on the libretech-cc Jia He (2): crypto: arm64/aes-blk - fix and move skcipher_walk_done out of kernel_neon_begin, _end mm/ksm.c: ignore STABLE_FLAG of rmap_item->address in rmap_walk_ksm() Joakim Tjernlund (4): mtd: cfi_cmdset_0002: Use right chip in do_ppb_xxlock() mtd: cfi_cmdset_0002: fix SEGV unlocking multiple chips mtd: cfi_cmdset_0002: Fix unlocking requests crossing a chip boudary mtd: cfi_cmdset_0002: Avoid walking all chips when unlocking. Joel Fernandes (Google) (1): softirq: Reorder trace_softirqs_on to prevent lockdep splat Johan Hovold (3): backlight: as3711_bl: Fix Device Tree node lookup backlight: max8925_bl: Fix Device Tree node lookup backlight: tps65217_bl: Fix Device Tree node lookup Juergen Gross (1): x86/xen: Add call of speculative_store_bypass_ht_init() to PV paths Kai Chieh Chuang (1): ASoC: mediatek: preallocate pages use platform device Kai-Heng Feng (1): media: cx231xx: Add support for AverMedia DVD EZMaker 7 Kees Cook (1): video: uvesafb: Fix integer overflow in allocation Keith Busch (1): block: Fix transfer when chunk sectors exceeds max Kevin Hilman (1): ARM64: dts: meson-gx: fix ATF reserved memory region Kieran Bingham (1): media: vsp1: Release buffers for each video node Kirill A. Shutemov (1): x86/efi: Fix efi_call_phys_epilog() with CONFIG_X86_5LEVEL=y Leon Romanovsky (1): RDMA/mlx4: Discard unknown SQP work requests Linus Torvalds (1): Revert "iommu/amd_iommu: Use CONFIG_DMA_DIRECT_OPS=y and dma_direct_{alloc,free}()" Linus Walleij (1): MIPS: pb44: Fix i2c-gpio GPIO descriptor table Luis Henriques (1): scsi: scsi_debug: Fix memory leak on module unload Maciej S. Szmigiero (1): X.509: unpack RSA signatureValue field from BIT STRING Mahesh Salgaonkar (1): powerpc/fadump: Unregister fadump on kexec down path. Marcin Ziemianowicz (1): clk: at91: PLL recalc_rate() now using cached MUL and DIV values Marek Vasut (2): ARM: dts: socfpga: Fix NAND controller node compatible ARM: dts: socfpga: Fix NAND controller clock supply Martin Blumenstingl (1): clk: meson: meson8b: mark fclk_div2 gate clocks as CLK_IS_CRITICAL Martin Kaiser (1): mtd: rawnand: mxc: set spare area size register explicitly Masahiro Yamada (1): mtd: rawnand: denali_dt: set clk_x_rate to 200 MHz unconditionally Mason Yang (1): mtd: rawnand: All AC chips have a broken GET_FEATURES(TIMINGS). Matthias Schiffer (1): mips: ftrace: fix static function graph tracing Mauro Carvalho Chehab (2): media: v4l2-compat-ioctl32: prevent go past max size media: dvb_frontend: fix locking issues at dvb_frontend_get_event() Max Gurtovoy (1): IB/isert: fix T10-pi check mask setting Maxim Moseychuk (1): usb: do not reset if a low-speed or full-speed device timed out Michael Buesch (1): hwrng: core - Always drop the RNG in hwrng_unregister() Michael Ellerman (1): powerpc/64s: Fix DT CPU features Power9 DD2.1 logic Michael J. Ruhl (1): IB/hfi1: Reorder incorrect send context disable Michael Jeanson (1): powerpc/e500mc: Set assembler machine type to e500mc Michael Neuling (2): powerpc/ptrace: Fix setting 512B aligned breakpoints with PTRACE_SET_DEBUGREG powerpc/ptrace: Fix enforcement of DAWR constraints Michael Schmitz (1): m68k/mm: Adjust VM area to be unmapped by gap size for __iounmap() Michael Trimarchi (1): rtc: sun6i: Fix bit_idx value for clk_register_gate Mika Westerberg (4): mtd: spi-nor: intel-spi: Fix atomic sequence handling PCI: Add ACS quirk for Intel 300 series PCI: pciehp: Clear Presence Detect and Data Link Layer Status Changed on resume PCI: Account for all bridges on bus when distributing bus numbers Mike Marciniszyn (3): IB/qib: Fix DMA api warning with debug kernel IB/hfi1: Fix fault injection init/exit issues IB/hfi1: Fix user context tail allocation for DMA_RTAIL Mike Snitzer (2): dm: use bio_split() when splitting out the already processed bio dm thin: handle running out of data space vs concurrent discard Mikhail Malygin (1): scsi: qla2xxx: Spinlock recursion in qla_target Miklos Szeredi (2): fuse: atomic_o_trunc should truncate pagecache fuse: fix control dir setup and teardown Mikulas Patocka (2): branch-check: fix long->int truncation when profiling branches slub: fix failure when we delete and create a slab cache Miquel Raynal (1): arm64: dts: marvell: fix CP110 ICU node size Naoya Horiguchi (1): x86/e820: put !E820_TYPE_RAM regions into memblock.reserved NeilBrown (1): md: fix two problems with setting the "re-add" device state. Nicholas Piggin (1): powerpc/64s/radix: Fix radix_kvm_prefetch_workaround paca access of not possible CPU Paul Handrigan (1): ASoC: cs35l35: Add use_single_rw to regmap config Paweł Chmiel (1): pinctrl: samsung: Correct EINTG banks order Peter Ujfalusi (1): mfd: twl-core: Fix clock initialization Quinn Tran (1): scsi: qla2xxx: Delete session for nport id change Rafael J. Wysocki (3): PCI / PM: Do not clear state_saved for devices that remain suspended ACPI / LPSS: Avoid PM quirks on suspend and resume from S3 PM / core: Fix supplier device runtime PM usage counter imbalance Ram Pai (1): powerpc/pkeys: Detach execute_only key on !PROT_EXEC Randy Dunlap (1): auxdisplay: fix broken menu Richard Weinberger (2): ubi: fastmap: Cancel work upon detach ubi: fastmap: Correctly handle interrupted erasures in EBA Robert Elliott (1): linvdimm, pmem: Preserve read-only setting for pmem devices Ross Zwisler (3): libnvdimm, pmem: Do not flush power-fail protected CPU caches libnvdimm, pmem: Unconditionally deep flush on *sync pmem: only set QUEUE_FLAG_DAX for fsdax mode Scott Mayhew (1): nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir Sean Wang (1): arm: dts: mt7623: fix invalid memory node being generated Sean Young (1): media: rc: mce_kbd decoder: fix stuck keys Sebastian Sanchez (1): IB/hfi1: Optimize kthread pointer locking when queuing CQ entries Siarhei Liakh (1): x86: Call fixup_exception() before notify_die() in math_error() Sibi Sankar (1): remoteproc: Prevent incorrect rproc state on xfer mem ownership failure Silvio Cesare (1): UBIFS: Fix potential integer overflow in allocation Sinan Kaya (1): scsi: hpsa: disable device during shutdown Sridhar Pitchai (1): PCI: hv: Make sure the bus domain is really unique Srinivas Kandagatla (3): ASoC: dapm: delete dapm_kcontrol_data paths list before freeing it of: platform: stop accessing invalid dev in of_platform_device_destroy rpmsg: smd: do not use mananged resources for endpoints and channels Srinivas Pandruvada (1): cpufreq: intel_pstate: Fix scaling max/min limits with Turbo 3.0 Stefan M Schaeckeler (1): of: unittest: for strings, account for trailing \0 in property length field Steffen Maier (7): scsi: zfcp: fix missing SCSI trace for result of eh_host_reset_handler scsi: zfcp: fix missing SCSI trace for retry of abort / scsi_eh TMF scsi: zfcp: fix misleading REC trigger trace where erp_action setup failed scsi: zfcp: fix missing REC trigger trace on terminate_rport_io early return scsi: zfcp: fix missing REC trigger trace on terminate_rport_io for ERP_FAILED scsi: zfcp: fix missing REC trigger trace for all objects in ERP_FAILED scsi: zfcp: fix missing REC trigger trace on enqueue without ERP thread Steven Rostedt (VMware) (2): ftrace/selftest: Have the reset_trigger code be a bit more careful tracing: Check for no filter when processing event filters Tadeusz Struk (2): tpm: fix use after free in tpm2_load_context() tpm: fix race condition in tpm_common_write() Takashi Iwai (4): ALSA: timer: Fix UBSAN warning at SNDRV_TIMER_IOCTL_NEXT_DEVICE ioctl ALSA: hda - Force to link down at runtime suspend on ATI/AMD HDMI ALSA: hda/realtek - Fix pop noise on Lenovo P50 & co ALSA: hda/realtek - Add a quirk for FSC ESPRIMO U9210 Tejun Heo (1): fuse: fix congested state leak on aborted connections Terry Zhou (1): pinctrl: armada-37xx: Fix spurious irq management Tetsuo Handa (2): printk: fix possible reuse of va_list variable fuse: don't keep dead fuse_conn at fuse_fill_super(). Thor Thayer (2): ARM: dts: Fix SPI node for Arria10 arm64: dts: stratix10: Fix SPI nodes for Stratix10 Tokunori Ikegami (2): mtd: cfi_cmdset_0002: Change write buffer to check correct value MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum Tony Luck (3): x86/mce: Improve error message when kernel cannot recover x86/mce: Check for alternate indication of machine check recovery on Skylake x86/mce: Fix incorrect "Machine check from unknown source" message Trond Myklebust (2): NFSv4: Revert commit 5f83d86cf531d ("NFSv4.x: Fix wraparound issues..") NFSv4: Fix a typo in nfs41_sequence_process Ulf Hansson (1): PM / Domains: Fix error path during attach in genpd Vaibhav Jain (2): cxl: Configure PSL to not use APC virtual machines cxl: Disable prefault_mode in Radix mode Waiman Long (1): locking/rwsem: Fix up_read_non_owner() warning with DEBUG_RWSEMS Waldemar Rymarkiewicz (1): PM / OPP: Update voltage in case freq == old_freq Wenwen Wang (1): virt: vbox: Only copy_from_user the request-header once Will Deacon (2): arm64: kpti: Use early_param for kpti= command-line option arm64: mm: Ensure writes to swapper are ordered wrt subsequent cache maintenance Wolfram Sang (3): mmc: renesas_sdhi: really fix WP logic regressions Revert "i2c: algo-bit: init the bus to a known state" i2c: gpio: initialize SCL to HIGH again Yang Yingliang (1): irqchip/gic-v3-its: Don't bind LPI to unavailable NUMA node mike.travis(a)hpe.com (3): x86/platform/UV: Add adjustable set memory block size function x86/platform/UV: Use new set memory block size function x86/platform/UV: Add kernel parameter to set memory block size ming_qian (1): media: uvcvideo: Support realtek's UVC 1.5 device

7 years, 2 months

1
1
0 0

Linux 4.14.53

by Greg KH

I'm announcing the release of the 4.14.53 kernel. All users of the 4.14 kernel series must upgrade. The updated 4.14.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.14.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/ABI/testing/sysfs-class-cxl | 4 Documentation/printk-formats.txt | 3 Makefile | 2 arch/arm/boot/dts/mt7623.dtsi | 3 arch/arm/boot/dts/mt7623n-bananapi-bpi-r2.dts | 1 arch/arm/boot/dts/mt7623n-rfb.dtsi | 1 arch/arm/boot/dts/socfpga.dtsi | 4 arch/arm/boot/dts/socfpga_arria10.dtsi | 5 arch/arm/include/asm/kgdb.h | 2 arch/arm64/boot/dts/amlogic/meson-gxl-s905x-libretech-cc.dts | 3 arch/arm64/kernel/cpufeature.c | 2 arch/arm64/kernel/signal.c | 5 arch/arm64/mm/proc.S | 5 arch/m68k/mac/config.c | 2 arch/m68k/mm/kmap.c | 3 arch/mips/bcm47xx/setup.c | 6 arch/mips/include/asm/io.h | 2 arch/mips/include/asm/mipsregs.h | 3 arch/mips/kernel/mcount.S | 27 arch/powerpc/kernel/entry_64.S | 1 arch/powerpc/kernel/fadump.c | 3 arch/powerpc/kernel/hw_breakpoint.c | 4 arch/powerpc/kernel/ptrace.c | 1 arch/powerpc/perf/imc-pmu.c | 4 arch/powerpc/platforms/powernv/copy-paste.h | 3 arch/powerpc/platforms/powernv/idle.c | 4 arch/powerpc/platforms/powernv/pci-ioda.c | 1 arch/x86/events/intel/uncore_snbep.c | 8 arch/x86/include/asm/barrier.h | 2 arch/x86/kernel/cpu/mcheck/mce-severity.c | 5 arch/x86/kernel/cpu/mcheck/mce.c | 44 arch/x86/kernel/quirks.c | 11 arch/x86/kernel/traps.c | 14 arch/x86/mm/init.c | 4 arch/x86/platform/efi/efi_64.c | 4 arch/x86/xen/smp_pv.c | 5 arch/xtensa/kernel/traps.c | 2 block/blk-core.c | 4 crypto/asymmetric_keys/x509_cert_parser.c | 9 drivers/acpi/acpi_lpss.c | 2 drivers/auxdisplay/Kconfig | 10 drivers/base/core.c | 15 drivers/base/power/domain.c | 3 drivers/base/power/opp/core.c | 2 drivers/block/rbd.c | 2 drivers/bluetooth/hci_qca.c | 6 drivers/char/ipmi/ipmi_bt_sm.c | 3 drivers/char/tpm/tpm-dev-common.c | 40 drivers/char/tpm/tpm-dev.h | 2 drivers/char/tpm/tpm2-space.c | 3 drivers/clk/at91/clk-pll.c | 13 drivers/clk/renesas/renesas-cpg-mssr.c | 9 drivers/cpufreq/intel_pstate.c | 27 drivers/cpuidle/cpuidle-powernv.c | 32 drivers/iio/accel/sca3000.c | 9 drivers/iio/adc/ad7791.c | 49 drivers/infiniband/core/umem.c | 11 drivers/infiniband/hw/hfi1/chip.c | 8 drivers/infiniband/hw/hfi1/debugfs.c | 8 drivers/infiniband/hw/hfi1/file_ops.c | 4 drivers/infiniband/hw/hfi1/hfi.h | 1 drivers/infiniband/hw/hfi1/init.c | 22 drivers/infiniband/hw/hfi1/pio.c | 44 drivers/infiniband/hw/mlx4/mad.c | 1 drivers/infiniband/hw/mlx4/mr.c | 50 drivers/infiniband/hw/mlx5/cq.c | 15 drivers/infiniband/hw/qib/qib.h | 4 drivers/infiniband/hw/qib/qib_file_ops.c | 10 drivers/infiniband/hw/qib/qib_init.c | 13 drivers/infiniband/hw/qib/qib_user_pages.c | 20 drivers/infiniband/sw/rdmavt/cq.c | 31 drivers/infiniband/ulp/isert/ib_isert.c | 28 drivers/input/joystick/xpad.c | 2 drivers/input/mouse/elan_i2c.h | 2 drivers/input/mouse/elan_i2c_core.c | 3 drivers/input/mouse/elan_i2c_smbus.c | 10 drivers/input/mouse/elantech.c | 11 drivers/irqchip/irq-gic-v3-its.c | 9 drivers/md/dm-thin.c | 11 drivers/md/dm-zoned-target.c | 2 drivers/md/md.c | 4 drivers/media/dvb-core/dvb_frontend.c | 23 drivers/media/platform/vsp1/vsp1_video.c | 21 drivers/media/usb/cx231xx/cx231xx-cards.c | 3 drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 2 drivers/mfd/intel-lpss-pci.c | 25 drivers/mfd/intel-lpss.c | 4 drivers/misc/cxl/sysfs.c | 16 drivers/mtd/chips/cfi_cmdset_0002.c | 21 drivers/mtd/ubi/build.c | 3 drivers/mtd/ubi/eba.c | 90 drivers/mtd/ubi/wl.c | 4 drivers/nvdimm/bus.c | 14 drivers/of/platform.c | 5 drivers/of/resolver.c | 5 drivers/of/unittest.c | 8 drivers/pci/host/pci-hyperv.c | 11 drivers/pci/hotplug/pciehp.h | 2 drivers/pci/hotplug/pciehp_core.c | 2 drivers/pci/hotplug/pciehp_hpc.c | 13 drivers/pci/quirks.c | 20 drivers/pinctrl/devicetree.c | 7 drivers/pinctrl/samsung/pinctrl-exynos-arm.c | 4 drivers/pwm/pwm-lpss-platform.c | 5 drivers/pwm/pwm-lpss.c | 30 drivers/pwm/pwm-lpss.h | 2 drivers/rpmsg/qcom_smd.c | 18 drivers/rtc/rtc-sun6i.c | 4 drivers/s390/scsi/zfcp_dbf.c | 40 drivers/s390/scsi/zfcp_erp.c | 123 drivers/s390/scsi/zfcp_ext.h | 5 drivers/s390/scsi/zfcp_scsi.c | 18 drivers/scsi/hpsa.c | 10 drivers/scsi/qla2xxx/qla_init.c | 3 drivers/scsi/qla2xxx/qla_isr.c | 8 drivers/soc/rockchip/pm_domains.c | 2 drivers/thermal/broadcom/bcm2835_thermal.c | 4 drivers/tty/serial/sh-sci.c | 8 drivers/usb/core/hub.c | 4 drivers/usb/host/xhci.c | 1 drivers/video/backlight/as3711_bl.c | 33 drivers/video/backlight/max8925_bl.c | 4 drivers/video/backlight/tps65217_bl.c | 4 drivers/video/fbdev/uvesafb.c | 3 drivers/w1/w1.c | 2 drivers/xen/events/events_base.c | 2 fs/btrfs/inode.c | 4 fs/fuse/control.c | 13 fs/fuse/dev.c | 3 fs/fuse/dir.c | 13 fs/fuse/inode.c | 1 fs/nfs/callback_proc.c | 7 fs/nfs/nfs4idmap.c | 5 fs/nfs/nfs4proc.c | 2 fs/nfsd/nfs4xdr.c | 5 fs/ubifs/journal.c | 5 fs/udf/directory.c | 3 include/linux/blkdev.h | 4 include/linux/compiler.h | 2 include/linux/slub_def.h | 4 include/rdma/ib_verbs.h | 14 include/rdma/rdma_vt.h | 2 kernel/printk/printk_safe.c | 5 kernel/time/time.c | 6 lib/vsprintf.c | 3 mm/gup.c | 36 mm/ksm.c | 14 mm/slab_common.c | 4 mm/slub.c | 7 net/sunrpc/xprtrdma/rpc_rdma.c | 2 sound/core/timer.c | 2 sound/pci/hda/patch_realtek.c | 20 sound/soc/cirrus/edb93xx.c | 2 sound/soc/cirrus/ep93xx-i2s.c | 26 sound/soc/cirrus/snappercl15.c | 2 sound/soc/codecs/cs35l35.c | 1 sound/soc/soc-dapm.c | 2 tools/perf/pmu-events/arch/x86/goldmontplus/cache.json | 1453 ++++++++++ tools/perf/pmu-events/arch/x86/goldmontplus/frontend.json | 62 tools/perf/pmu-events/arch/x86/goldmontplus/memory.json | 38 tools/perf/pmu-events/arch/x86/goldmontplus/other.json | 98 tools/perf/pmu-events/arch/x86/goldmontplus/pipeline.json | 544 +++ tools/perf/pmu-events/arch/x86/goldmontplus/virtual-memory.json | 218 + tools/perf/pmu-events/arch/x86/mapfile.csv | 1 tools/perf/util/dso.c | 2 tools/perf/util/intel-pt-decoder/intel-pt-decoder.c | 23 tools/perf/util/intel-pt-decoder/intel-pt-decoder.h | 9 tools/perf/util/intel-pt-decoder/intel-pt-pkt-decoder.c | 2 tools/perf/util/intel-pt.c | 5 tools/testing/selftests/ftrace/test.d/functions | 21 170 files changed, 3594 insertions(+), 504 deletions(-) ??? (1): Input: elantech - fix V4 report decoding for module with middle key Aaron Ma (1): Input: elantech - enable middle button of touchpads on ThinkPad P52 Adrian Hunter (6): perf tools: Fix symbol and object code resolution for vdso32 and vdsox32 perf intel-pt: Fix sync_switch INTEL_PT_SS_NOT_TRACING perf intel-pt: Fix decoding to accept CBR between FUP and corresponding TIP perf intel-pt: Fix MTC timing after overflow perf intel-pt: Fix "Unexpected indirect branch" error perf intel-pt: Fix packet decoding of CYC packets Akshay Adiga (1): powerpc/powernv/cpuidle: Init all present cpus for deep states Alex Estrin (2): IB/{hfi1, qib}: Add handling of kernel restart IB/isert: Fix for lib/dma_debug check_sync warning Alex Williamson (1): PCI: Add ACS quirk for Intel 7th & 8th Gen mobile Alexander Sverdlin (2): ASoC: cirrus: i2s: Fix LRCLK configuration ASoC: cirrus: i2s: Fix {TX|RX}LinCtrlData setup Alexandr Savca (1): Input: elan_i2c - add ELAN0618 (Lenovo v330 15IKB) ACPI ID Alexandru Ardelean (1): iio: adc: ad7791: remove sample freq sysfs attributes Alexey Kardashevskiy (1): powerpc/powernv/ioda2: Remove redundant free of TCE pages Amit Pundir (1): Bluetooth: hci_qca: Avoid missing rampatch failure with userspace fw loader Andy Shevchenko (1): mfd: intel-lpss: Program REMAP register in PIO mode Aneesh Kumar K.V (1): powerpc/mm/hash: Add missing isync prior to kernel stack SLB switch Anil Gurumurthy (1): scsi: qla2xxx: Mask off Scope bits in retry delay Anju T Sudhakar (1): powerpc/perf: Fix memory allocation for core-imc based on num_possible_cpus() Bart Van Assche (2): block: Fix cloning of requests with a special payload dm zoned: avoid triggering reclaim from inside dmz_map() Ben Hutchings (1): Input: elan_i2c_smbus - fix more potential stack buffer overflows Boris Ostrovsky (1): xen: Remove unnecessary BUG_ON from __unbind_from_irq() Borislav Petkov (1): x86/mce: Do not overwrite MCi_STATUS in mce_no_way_out() Christophe JAILLET (1): iio: sca3000: Fix an error handling path in 'sca3000_probe()' Chuck Lever (1): xprtrdma: Return -ENOBUFS when no pages are available Corey Minyard (1): ipmi:bt: Set the timeout before doing a capabilities check Dan Williams (3): x86/spectre_v1: Disable compiler optimizations over array_index_mask_nospec() mm: fix __gup_device_huge vs unmap mm: fix devmem_is_allowed() for sub-page System RAM intersections Daniel Wagner (1): serial: sh-sci: Use spin_{try}lock_irqsave instead of open coding version Dave Martin (1): arm64: Fix syscall restarting around signal suppressed by tracer Dave Wysochanski (1): NFSv4: Fix possible 1-byte stack overflow in nfs_idmap_read_and_verify_message David Rivshin (1): ARM: 8764/1: kgdb: fix NUMREGBYTES so that gdb_regs[] is the correct size Dinh Nguyen (1): ARM: dts: socfpga: Fix NAND controller node compatible for Arria10 Dongsheng Yang (1): rbd: flush rbd_dev->watch_dwork after watch is unregistered Enno Boland (1): Input: xpad - fix GPD Win 2 controller name Erez Shitrit (1): IB/mlx5: Fetch soft WQE's on fatal error state Eric W. Biederman (1): signal/xtensa: Consistenly use SIGBUS in do_unaligned_user Fabio Estevam (1): pinctrl: devicetree: Fix pctldev pointer overwrite Filipe Manana (1): Btrfs: fix return value on rename exchange failure Finley Xiao (1): soc: rockchip: power-domain: Fix wrong value when power up pd with writemask Finn Thain (1): m68k/mac: Fix SWIM memory resource end address Frank Rowand (1): of: overlay: validate offset from property fixups Gautham R. Shenoy (1): cpuidle: powernv: Fix promotion from snooze if next state disabled Geert Uytterhoeven (4): thermal: bcm2835: Stop using printk format %pCr clk: renesas: cpg-mssr: Stop using printk format %pCr lib/vsprintf: Remove atomic-unsafe support for %pCr time: Make sure jiffies_to_msecs() preserves non-zero time periods Greg Kroah-Hartman (1): Linux 4.14.53 Hans de Goede (2): ACPI / LPSS: Add missing prv_offset setting for byt/cht PWM devices pwm: lpss: platform: Save/restore the ctrl register over a suspend/resume Haren Myneni (1): powerpc/powernv: copy/paste - Mask SO bit in CR Himanshu Madhani (1): scsi: qla2xxx: Fix setting lower transfer speed if GPSC fails Huacai Chen (1): MIPS: io: Add barrier after register read in inX() Hui Wang (1): ALSA: hda/realtek - Fix the problem of two front mics on more machines Ingo Flaschberger (1): 1wire: family module autoload fails because of upper/lower case mismatch. Jack Morgenstein (2): IB/mlx4: Mark user MR as writable if actual virtual memory is writable IB/core: Make testing MR flags for writability a static inline function Jan Kara (1): udf: Detect incorrect directory size Jarkko Nikula (1): mfd: intel-lpss: Fix Intel Cannon Lake LPSS I2C input clock Jerome Brunet (1): ARM64: dts: meson: disable sd-uhs modes on the libretech-cc Jia He (1): mm/ksm.c: ignore STABLE_FLAG of rmap_item->address in rmap_walk_ksm() Joakim Tjernlund (4): mtd: cfi_cmdset_0002: Use right chip in do_ppb_xxlock() mtd: cfi_cmdset_0002: fix SEGV unlocking multiple chips mtd: cfi_cmdset_0002: Fix unlocking requests crossing a chip boudary mtd: cfi_cmdset_0002: Avoid walking all chips when unlocking. Johan Hovold (3): backlight: as3711_bl: Fix Device Tree node lookup backlight: max8925_bl: Fix Device Tree node lookup backlight: tps65217_bl: Fix Device Tree node lookup Juergen Gross (1): x86/xen: Add call of speculative_store_bypass_ht_init() to PV paths Kai-Heng Feng (1): media: cx231xx: Add support for AverMedia DVD EZMaker 7 Kan Liang (2): perf vendor events: Add Goldmont Plus V1 event file perf/x86/intel/uncore: Add event constraint for BDX PCU Kees Cook (1): video: uvesafb: Fix integer overflow in allocation Keith Busch (1): block: Fix transfer when chunk sectors exceeds max Kieran Bingham (1): media: vsp1: Release buffers for each video node Kirill A. Shutemov (1): x86/efi: Fix efi_call_phys_epilog() with CONFIG_X86_5LEVEL=y Leon Romanovsky (1): RDMA/mlx4: Discard unknown SQP work requests Maciej S. Szmigiero (1): X.509: unpack RSA signatureValue field from BIT STRING Mahesh Salgaonkar (1): powerpc/fadump: Unregister fadump on kexec down path. Marcin Ziemianowicz (1): clk: at91: PLL recalc_rate() now using cached MUL and DIV values Marek Vasut (2): ARM: dts: socfpga: Fix NAND controller node compatible ARM: dts: socfpga: Fix NAND controller clock supply Mathias Nyman (1): xhci: Fix use-after-free in xhci_free_virt_device Matthias Schiffer (1): mips: ftrace: fix static function graph tracing Mauro Carvalho Chehab (2): media: v4l2-compat-ioctl32: prevent go past max size media: dvb_frontend: fix locking issues at dvb_frontend_get_event() Max Gurtovoy (1): IB/isert: fix T10-pi check mask setting Maxim Moseychuk (1): usb: do not reset if a low-speed or full-speed device timed out Michael J. Ruhl (1): IB/hfi1: Reorder incorrect send context disable Michael Neuling (2): powerpc/ptrace: Fix setting 512B aligned breakpoints with PTRACE_SET_DEBUGREG powerpc/ptrace: Fix enforcement of DAWR constraints Michael Schmitz (1): m68k/mm: Adjust VM area to be unmapped by gap size for __iounmap() Michael Trimarchi (1): rtc: sun6i: Fix bit_idx value for clk_register_gate Mika Westerberg (2): PCI: Add ACS quirk for Intel 300 series PCI: pciehp: Clear Presence Detect and Data Link Layer Status Changed on resume Mike Marciniszyn (3): IB/qib: Fix DMA api warning with debug kernel IB/hfi1: Fix fault injection init/exit issues IB/hfi1: Fix user context tail allocation for DMA_RTAIL Mike Snitzer (1): dm thin: handle running out of data space vs concurrent discard Miklos Szeredi (2): fuse: atomic_o_trunc should truncate pagecache fuse: fix control dir setup and teardown Mikulas Patocka (2): branch-check: fix long->int truncation when profiling branches slub: fix failure when we delete and create a slab cache NeilBrown (1): md: fix two problems with setting the "re-add" device state. Paul Handrigan (1): ASoC: cs35l35: Add use_single_rw to regmap config Paweł Chmiel (1): pinctrl: samsung: Correct EINTG banks order Rafael J. Wysocki (1): PM / core: Fix supplier device runtime PM usage counter imbalance Randy Dunlap (1): auxdisplay: fix broken menu Richard Weinberger (2): ubi: fastmap: Cancel work upon detach ubi: fastmap: Correctly handle interrupted erasures in EBA Robert Elliott (1): linvdimm, pmem: Preserve read-only setting for pmem devices Scott Mayhew (1): nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir Sean Wang (1): arm: dts: mt7623: fix invalid memory node being generated Sebastian Sanchez (1): IB/hfi1: Optimize kthread pointer locking when queuing CQ entries Siarhei Liakh (1): x86: Call fixup_exception() before notify_die() in math_error() Silvio Cesare (1): UBIFS: Fix potential integer overflow in allocation Sinan Kaya (1): scsi: hpsa: disable device during shutdown Sridhar Pitchai (1): PCI: hv: Make sure the bus domain is really unique Srinivas Kandagatla (3): ASoC: dapm: delete dapm_kcontrol_data paths list before freeing it of: platform: stop accessing invalid dev in of_platform_device_destroy rpmsg: smd: do not use mananged resources for endpoints and channels Srinivas Pandruvada (1): cpufreq: intel_pstate: Fix scaling max/min limits with Turbo 3.0 Stefan M Schaeckeler (1): of: unittest: for strings, account for trailing \0 in property length field Steffen Maier (7): scsi: zfcp: fix missing SCSI trace for result of eh_host_reset_handler scsi: zfcp: fix missing SCSI trace for retry of abort / scsi_eh TMF scsi: zfcp: fix misleading REC trigger trace where erp_action setup failed scsi: zfcp: fix missing REC trigger trace on terminate_rport_io early return scsi: zfcp: fix missing REC trigger trace on terminate_rport_io for ERP_FAILED scsi: zfcp: fix missing REC trigger trace for all objects in ERP_FAILED scsi: zfcp: fix missing REC trigger trace on enqueue without ERP thread Steven Rostedt (VMware) (1): ftrace/selftest: Have the reset_trigger code be a bit more careful Tadeusz Struk (2): tpm: fix use after free in tpm2_load_context() tpm: fix race condition in tpm_common_write() Takashi Iwai (3): ALSA: timer: Fix UBSAN warning at SNDRV_TIMER_IOCTL_NEXT_DEVICE ioctl ALSA: hda/realtek - Fix pop noise on Lenovo P50 & co ALSA: hda/realtek - Add a quirk for FSC ESPRIMO U9210 Tejun Heo (1): fuse: fix congested state leak on aborted connections Tetsuo Handa (2): printk: fix possible reuse of va_list variable fuse: don't keep dead fuse_conn at fuse_fill_super(). Thor Thayer (1): ARM: dts: Fix SPI node for Arria10 Tokunori Ikegami (2): mtd: cfi_cmdset_0002: Change write buffer to check correct value MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum Tony Luck (3): x86/mce: Improve error message when kernel cannot recover x86/mce: Check for alternate indication of machine check recovery on Skylake x86/mce: Fix incorrect "Machine check from unknown source" message Trond Myklebust (2): NFSv4: Revert commit 5f83d86cf531d ("NFSv4.x: Fix wraparound issues..") NFSv4: Fix a typo in nfs41_sequence_process Ulf Hansson (1): PM / Domains: Fix error path during attach in genpd Vaibhav Jain (1): cxl: Disable prefault_mode in Radix mode Waldemar Rymarkiewicz (1): PM / OPP: Update voltage in case freq == old_freq Will Deacon (2): arm64: kpti: Use early_param for kpti= command-line option arm64: mm: Ensure writes to swapper are ordered wrt subsequent cache maintenance Yang Yingliang (1): irqchip/gic-v3-its: Don't bind LPI to unavailable NUMA node

7 years, 2 months

1
1
0 0

Linux 4.9.111

by Greg KH

I'm announcing the release of the 4.9.111 kernel. All users of the 4.9 kernel series must upgrade. The updated 4.9.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.9.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/printk-formats.txt | 3 Makefile | 2 arch/arm/include/asm/kgdb.h | 2 arch/arm64/kernel/cpufeature.c | 2 arch/arm64/mm/proc.S | 5 arch/m68k/mm/kmap.c | 3 arch/mips/bcm47xx/setup.c | 6 arch/mips/include/asm/io.h | 2 arch/mips/include/asm/mipsregs.h | 3 arch/mips/kernel/mcount.S | 27 +-- arch/powerpc/kernel/entry_64.S | 1 arch/powerpc/kernel/fadump.c | 3 arch/powerpc/kernel/hw_breakpoint.c | 4 arch/powerpc/kernel/ptrace.c | 1 arch/powerpc/platforms/powernv/pci-ioda.c | 1 arch/x86/include/asm/barrier.h | 2 arch/x86/kernel/cpu/mcheck/mce-severity.c | 5 arch/x86/kernel/cpu/mcheck/mce.c | 44 +++-- arch/x86/kernel/quirks.c | 11 + arch/x86/kernel/traps.c | 14 + arch/x86/mm/init.c | 4 arch/xtensa/kernel/traps.c | 2 crypto/asymmetric_keys/x509_cert_parser.c | 9 + drivers/block/rbd.c | 2 drivers/bluetooth/hci_qca.c | 6 drivers/char/ipmi/ipmi_bt_sm.c | 3 drivers/clk/at91/clk-pll.c | 13 - drivers/clk/renesas/renesas-cpg-mssr.c | 9 - drivers/cpuidle/cpuidle-powernv.c | 32 +++- drivers/iio/buffer/kfifo_buf.c | 4 drivers/infiniband/hw/hfi1/hfi.h | 1 drivers/infiniband/hw/hfi1/init.c | 13 + drivers/infiniband/hw/mlx4/mad.c | 1 drivers/infiniband/hw/mlx5/cq.c | 15 + drivers/infiniband/hw/qib/qib.h | 4 drivers/infiniband/hw/qib/qib_file_ops.c | 10 - drivers/infiniband/hw/qib/qib_init.c | 13 + drivers/infiniband/hw/qib/qib_user_pages.c | 20 +- drivers/infiniband/ulp/isert/ib_isert.c | 28 ++- drivers/input/mouse/elan_i2c.h | 2 drivers/input/mouse/elan_i2c_core.c | 3 drivers/input/mouse/elan_i2c_smbus.c | 10 + drivers/input/mouse/elantech.c | 11 + drivers/md/dm-thin.c | 11 + drivers/md/md.c | 4 drivers/media/dvb-core/dvb_frontend.c | 23 +- drivers/media/usb/cx231xx/cx231xx-cards.c | 3 drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 2 drivers/mfd/intel-lpss.c | 4 drivers/mtd/chips/cfi_cmdset_0002.c | 21 +- drivers/mtd/ubi/build.c | 3 drivers/mtd/ubi/eba.c | 90 +++++++++++ drivers/mtd/ubi/wl.c | 4 drivers/net/usb/cdc_ncm.c | 4 drivers/nvdimm/bus.c | 14 + drivers/of/unittest.c | 8 - drivers/pci/hotplug/pciehp.h | 2 drivers/pci/hotplug/pciehp_core.c | 2 drivers/pci/hotplug/pciehp_hpc.c | 13 + drivers/pci/quirks.c | 20 ++ drivers/pwm/pwm-lpss-platform.c | 5 drivers/pwm/pwm-lpss.c | 30 +++ drivers/pwm/pwm-lpss.h | 2 drivers/rpmsg/qcom_smd.c | 18 +- drivers/s390/scsi/zfcp_dbf.c | 40 +++++ drivers/s390/scsi/zfcp_erp.c | 123 ++++++++++++---- drivers/s390/scsi/zfcp_ext.h | 5 drivers/s390/scsi/zfcp_scsi.c | 18 +- drivers/scsi/qla2xxx/qla_init.c | 3 drivers/tty/serial/sh-sci.c | 8 - drivers/usb/core/hub.c | 4 drivers/video/backlight/as3711_bl.c | 33 ++-- drivers/video/backlight/max8925_bl.c | 4 drivers/video/backlight/tps65217_bl.c | 4 drivers/video/fbdev/uvesafb.c | 3 drivers/w1/w1.c | 2 drivers/xen/events/events_base.c | 2 fs/btrfs/inode.c | 37 ++++ fs/fuse/control.c | 13 + fs/fuse/dir.c | 13 + fs/fuse/inode.c | 1 fs/nfs/callback_proc.c | 7 fs/nfs/nfs4idmap.c | 5 fs/nfsd/nfs4xdr.c | 5 fs/ubifs/journal.c | 2 fs/udf/directory.c | 3 include/linux/blkdev.h | 4 include/linux/compiler.h | 2 include/linux/iio/buffer.h | 6 kernel/printk/nmi.c | 5 kernel/time/time.c | 6 lib/vsprintf.c | 3 sound/pci/hda/patch_realtek.c | 11 + sound/soc/cirrus/edb93xx.c | 2 sound/soc/cirrus/ep93xx-i2s.c | 26 +-- sound/soc/cirrus/snappercl15.c | 2 sound/soc/soc-dapm.c | 2 tools/perf/util/dso.c | 2 tools/perf/util/intel-pt-decoder/intel-pt-decoder.c | 23 ++ tools/perf/util/intel-pt-decoder/intel-pt-decoder.h | 9 + tools/perf/util/intel-pt-decoder/intel-pt-pkt-decoder.c | 2 tools/perf/util/intel-pt.c | 5 102 files changed, 816 insertions(+), 268 deletions(-) ??? (1): Input: elantech - fix V4 report decoding for module with middle key Aaron Ma (1): Input: elantech - enable middle button of touchpads on ThinkPad P52 Adrian Hunter (6): perf tools: Fix symbol and object code resolution for vdso32 and vdsox32 perf intel-pt: Fix sync_switch INTEL_PT_SS_NOT_TRACING perf intel-pt: Fix decoding to accept CBR between FUP and corresponding TIP perf intel-pt: Fix MTC timing after overflow perf intel-pt: Fix "Unexpected indirect branch" error perf intel-pt: Fix packet decoding of CYC packets Alex Estrin (2): IB/{hfi1, qib}: Add handling of kernel restart IB/isert: Fix for lib/dma_debug check_sync warning Alex Williamson (1): PCI: Add ACS quirk for Intel 7th & 8th Gen mobile Alexander Sverdlin (2): ASoC: cirrus: i2s: Fix LRCLK configuration ASoC: cirrus: i2s: Fix {TX|RX}LinCtrlData setup Alexandr Savca (1): Input: elan_i2c - add ELAN0618 (Lenovo v330 15IKB) ACPI ID Alexey Kardashevskiy (1): powerpc/powernv/ioda2: Remove redundant free of TCE pages Amit Pundir (1): Bluetooth: hci_qca: Avoid missing rampatch failure with userspace fw loader Andy Shevchenko (1): mfd: intel-lpss: Program REMAP register in PIO mode Aneesh Kumar K.V (1): powerpc/mm/hash: Add missing isync prior to kernel stack SLB switch Ben Hutchings (1): Input: elan_i2c_smbus - fix more potential stack buffer overflows Bjørn Mork (1): cdc_ncm: avoid padding beyond end of skb Boris Ostrovsky (1): xen: Remove unnecessary BUG_ON from __unbind_from_irq() Borislav Petkov (1): x86/mce: Do not overwrite MCi_STATUS in mce_no_way_out() Corey Minyard (1): ipmi:bt: Set the timeout before doing a capabilities check Dan Williams (2): x86/spectre_v1: Disable compiler optimizations over array_index_mask_nospec() mm: fix devmem_is_allowed() for sub-page System RAM intersections Daniel Wagner (1): serial: sh-sci: Use spin_{try}lock_irqsave instead of open coding version Dave Wysochanski (1): NFSv4: Fix possible 1-byte stack overflow in nfs_idmap_read_and_verify_message David Rivshin (1): ARM: 8764/1: kgdb: fix NUMREGBYTES so that gdb_regs[] is the correct size Dongsheng Yang (1): rbd: flush rbd_dev->watch_dwork after watch is unregistered Erez Shitrit (1): IB/mlx5: Fetch soft WQE's on fatal error state Eric W. Biederman (1): signal/xtensa: Consistenly use SIGBUS in do_unaligned_user Filipe Manana (1): Btrfs: fix return value on rename exchange failure Gautham R. Shenoy (1): cpuidle: powernv: Fix promotion from snooze if next state disabled Geert Uytterhoeven (3): clk: renesas: cpg-mssr: Stop using printk format %pCr lib/vsprintf: Remove atomic-unsafe support for %pCr time: Make sure jiffies_to_msecs() preserves non-zero time periods Greg Kroah-Hartman (1): Linux 4.9.111 Hans de Goede (1): pwm: lpss: platform: Save/restore the ctrl register over a suspend/resume Himanshu Madhani (1): scsi: qla2xxx: Fix setting lower transfer speed if GPSC fails Huacai Chen (1): MIPS: io: Add barrier after register read in inX() Ingo Flaschberger (1): 1wire: family module autoload fails because of upper/lower case mismatch. Jan Kara (1): udf: Detect incorrect directory size Joakim Tjernlund (4): mtd: cfi_cmdset_0002: Use right chip in do_ppb_xxlock() mtd: cfi_cmdset_0002: fix SEGV unlocking multiple chips mtd: cfi_cmdset_0002: Fix unlocking requests crossing a chip boudary mtd: cfi_cmdset_0002: Avoid walking all chips when unlocking. Johan Hovold (3): backlight: as3711_bl: Fix Device Tree node lookup backlight: max8925_bl: Fix Device Tree node lookup backlight: tps65217_bl: Fix Device Tree node lookup Kai-Heng Feng (1): media: cx231xx: Add support for AverMedia DVD EZMaker 7 Kees Cook (1): video: uvesafb: Fix integer overflow in allocation Keith Busch (1): block: Fix transfer when chunk sectors exceeds max Leon Romanovsky (1): RDMA/mlx4: Discard unknown SQP work requests Liu Bo (1): Btrfs: fix unexpected cow in run_delalloc_nocow Maciej S. Szmigiero (1): X.509: unpack RSA signatureValue field from BIT STRING Mahesh Salgaonkar (1): powerpc/fadump: Unregister fadump on kexec down path. Marcin Ziemianowicz (1): clk: at91: PLL recalc_rate() now using cached MUL and DIV values Martin Kelly (1): iio:buffer: make length types match kfifo types Matthias Schiffer (1): mips: ftrace: fix static function graph tracing Mauro Carvalho Chehab (2): media: v4l2-compat-ioctl32: prevent go past max size media: dvb_frontend: fix locking issues at dvb_frontend_get_event() Max Gurtovoy (1): IB/isert: fix T10-pi check mask setting Maxim Moseychuk (1): usb: do not reset if a low-speed or full-speed device timed out Michael Neuling (2): powerpc/ptrace: Fix setting 512B aligned breakpoints with PTRACE_SET_DEBUGREG powerpc/ptrace: Fix enforcement of DAWR constraints Michael Schmitz (1): m68k/mm: Adjust VM area to be unmapped by gap size for __iounmap() Mika Westerberg (2): PCI: Add ACS quirk for Intel 300 series PCI: pciehp: Clear Presence Detect and Data Link Layer Status Changed on resume Mike Marciniszyn (1): IB/qib: Fix DMA api warning with debug kernel Mike Snitzer (1): dm thin: handle running out of data space vs concurrent discard Miklos Szeredi (2): fuse: atomic_o_trunc should truncate pagecache fuse: fix control dir setup and teardown Mikulas Patocka (1): branch-check: fix long->int truncation when profiling branches NeilBrown (1): md: fix two problems with setting the "re-add" device state. Richard Weinberger (2): ubi: fastmap: Cancel work upon detach ubi: fastmap: Correctly handle interrupted erasures in EBA Robert Elliott (1): linvdimm, pmem: Preserve read-only setting for pmem devices Scott Mayhew (1): nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir Siarhei Liakh (1): x86: Call fixup_exception() before notify_die() in math_error() Silvio Cesare (1): UBIFS: Fix potential integer overflow in allocation Srinivas Kandagatla (2): ASoC: dapm: delete dapm_kcontrol_data paths list before freeing it rpmsg: smd: do not use mananged resources for endpoints and channels Stefan M Schaeckeler (1): of: unittest: for strings, account for trailing \0 in property length field Steffen Maier (7): scsi: zfcp: fix missing SCSI trace for result of eh_host_reset_handler scsi: zfcp: fix missing SCSI trace for retry of abort / scsi_eh TMF scsi: zfcp: fix misleading REC trigger trace where erp_action setup failed scsi: zfcp: fix missing REC trigger trace on terminate_rport_io early return scsi: zfcp: fix missing REC trigger trace on terminate_rport_io for ERP_FAILED scsi: zfcp: fix missing REC trigger trace for all objects in ERP_FAILED scsi: zfcp: fix missing REC trigger trace on enqueue without ERP thread Takashi Iwai (2): ALSA: hda/realtek - Fix pop noise on Lenovo P50 & co ALSA: hda/realtek - Add a quirk for FSC ESPRIMO U9210 Tetsuo Handa (2): fuse: don't keep dead fuse_conn at fuse_fill_super(). printk: fix possible reuse of va_list variable Tokunori Ikegami (2): mtd: cfi_cmdset_0002: Change write buffer to check correct value MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum Tony Luck (3): x86/mce: Improve error message when kernel cannot recover x86/mce: Check for alternate indication of machine check recovery on Skylake x86/mce: Fix incorrect "Machine check from unknown source" message Trond Myklebust (1): NFSv4: Revert commit 5f83d86cf531d ("NFSv4.x: Fix wraparound issues..") Will Deacon (2): arm64: kpti: Use early_param for kpti= command-line option arm64: mm: Ensure writes to swapper are ordered wrt subsequent cache maintenance

7 years, 2 months

1
1
0 0

Linux 4.4.139

by Greg KH

I'm announcing the release of the 4.4.139 kernel. All users of the 4.4 kernel series must upgrade. The updated 4.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.4.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/printk-formats.txt | 3 Makefile | 2 arch/arm/include/asm/kgdb.h | 2 arch/m68k/mm/kmap.c | 3 arch/mips/bcm47xx/setup.c | 6 arch/mips/include/asm/io.h | 2 arch/mips/include/asm/mipsregs.h | 3 arch/mips/kernel/mcount.S | 27 +-- arch/powerpc/kernel/entry_64.S | 1 arch/powerpc/kernel/fadump.c | 3 arch/powerpc/kernel/hw_breakpoint.c | 4 arch/powerpc/kernel/ptrace.c | 1 arch/x86/include/asm/barrier.h | 2 arch/xtensa/kernel/traps.c | 2 drivers/ata/libata-core.c | 3 drivers/ata/libata-zpodd.c | 4 drivers/atm/zatm.c | 4 drivers/base/core.c | 14 + drivers/bluetooth/hci_qca.c | 6 drivers/char/ipmi/ipmi_bt_sm.c | 3 drivers/cpufreq/cpufreq.c | 2 drivers/cpuidle/cpuidle-powernv.c | 32 +++- drivers/iio/buffer/kfifo_buf.c | 4 drivers/infiniband/hw/mlx4/mad.c | 1 drivers/infiniband/hw/qib/qib.h | 3 drivers/infiniband/hw/qib/qib_file_ops.c | 10 - drivers/infiniband/hw/qib/qib_user_pages.c | 20 +- drivers/input/mouse/elan_i2c.h | 2 drivers/input/mouse/elan_i2c_core.c | 3 drivers/input/mouse/elan_i2c_smbus.c | 10 + drivers/input/mouse/elantech.c | 11 + drivers/md/dm-thin.c | 11 + drivers/md/md.c | 4 drivers/media/dvb-core/dvb_frontend.c | 23 +- drivers/media/usb/cx231xx/cx231xx-cards.c | 3 drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 2 drivers/mfd/intel-lpss.c | 4 drivers/mtd/chips/cfi_cmdset_0002.c | 21 +- drivers/mtd/ubi/build.c | 3 drivers/mtd/ubi/wl.c | 4 drivers/net/bonding/bond_options.c | 1 drivers/net/ethernet/natsemi/sonic.c | 2 drivers/net/usb/cdc_ncm.c | 4 drivers/net/usb/qmi_wwan.c | 1 drivers/nvdimm/bus.c | 14 + drivers/of/unittest.c | 8 - drivers/pci/hotplug/pciehp.h | 2 drivers/pci/hotplug/pciehp_core.c | 2 drivers/pci/hotplug/pciehp_hpc.c | 13 + drivers/s390/scsi/zfcp_dbf.c | 40 +++++ drivers/s390/scsi/zfcp_erp.c | 123 ++++++++++++---- drivers/s390/scsi/zfcp_ext.h | 5 drivers/s390/scsi/zfcp_scsi.c | 18 +- drivers/scsi/qla2xxx/qla_init.c | 3 drivers/spi/spi.c | 10 + drivers/tty/serial/sh-sci.c | 8 - drivers/usb/core/hub.c | 4 drivers/usb/musb/musb_host.c | 5 drivers/usb/musb/musb_host.h | 7 drivers/usb/musb/musb_virthub.c | 25 +-- drivers/video/backlight/as3711_bl.c | 33 ++-- drivers/video/backlight/max8925_bl.c | 4 drivers/video/backlight/tps65217_bl.c | 4 drivers/video/fbdev/uvesafb.c | 3 drivers/w1/masters/mxc_w1.c | 20 +- drivers/w1/w1.c | 2 drivers/xen/events/events_base.c | 2 fs/binfmt_misc.c | 12 + fs/btrfs/inode.c | 33 +++- fs/btrfs/ioctl.c | 12 - fs/btrfs/scrub.c | 2 fs/ext4/inode.c | 36 ++-- fs/ext4/resize.c | 2 fs/fuse/control.c | 13 + fs/fuse/dir.c | 13 + fs/fuse/inode.c | 1 fs/nfs/nfs4idmap.c | 5 fs/nfsd/nfs4xdr.c | 5 fs/ubifs/journal.c | 2 fs/udf/directory.c | 3 include/linux/blkdev.h | 4 include/linux/compiler.h | 2 include/linux/iio/buffer.h | 6 include/net/bluetooth/hci_core.h | 2 kernel/time/time.c | 6 lib/vsprintf.c | 3 net/bluetooth/hci_conn.c | 27 ++- net/bluetooth/hci_event.c | 15 + net/bridge/netfilter/ebtables.c | 3 net/ipv4/tcp_input.c | 2 net/ipv4/tcp_ipv4.c | 4 net/ipv6/tcp_ipv6.c | 4 net/ipv6/xfrm6_policy.c | 2 net/netfilter/ipvs/ip_vs_ctl.c | 21 +- net/xfrm/xfrm_policy.c | 5 sound/pci/hda/hda_controller.c | 4 sound/pci/hda/patch_conexant.c | 2 sound/pci/hda/patch_realtek.c | 1 sound/soc/cirrus/edb93xx.c | 2 sound/soc/cirrus/ep93xx-i2s.c | 26 +-- sound/soc/cirrus/snappercl15.c | 2 sound/soc/soc-dapm.c | 2 tools/perf/util/dso.c | 2 tools/perf/util/intel-pt-decoder/intel-pt-decoder.c | 23 ++ tools/perf/util/intel-pt-decoder/intel-pt-decoder.h | 9 + tools/perf/util/intel-pt-decoder/intel-pt-pkt-decoder.c | 2 tools/perf/util/intel-pt.c | 5 107 files changed, 684 insertions(+), 272 deletions(-) ??? (1): Input: elantech - fix V4 report decoding for module with middle key Aaron Ma (1): Input: elantech - enable middle button of touchpads on ThinkPad P52 Adrian Hunter (6): perf tools: Fix symbol and object code resolution for vdso32 and vdsox32 perf intel-pt: Fix sync_switch INTEL_PT_SS_NOT_TRACING perf intel-pt: Fix decoding to accept CBR between FUP and corresponding TIP perf intel-pt: Fix MTC timing after overflow perf intel-pt: Fix "Unexpected indirect branch" error perf intel-pt: Fix packet decoding of CYC packets Alexander Sverdlin (2): ASoC: cirrus: i2s: Fix LRCLK configuration ASoC: cirrus: i2s: Fix {TX|RX}LinCtrlData setup Alexandr Savca (1): Input: elan_i2c - add ELAN0618 (Lenovo v330 15IKB) ACPI ID Amit Pundir (1): Bluetooth: hci_qca: Avoid missing rampatch failure with userspace fw loader Andy Shevchenko (1): mfd: intel-lpss: Program REMAP register in PIO mode Aneesh Kumar K.V (1): powerpc/mm/hash: Add missing isync prior to kernel stack SLB switch Ben Hutchings (1): Input: elan_i2c_smbus - fix more potential stack buffer overflows Bjørn Mork (1): cdc_ncm: avoid padding beyond end of skb Bo Chen (1): ALSA: hda - Handle kzalloc() failure in snd_hda_attach_pcm_stream() Boris Ostrovsky (1): xen: Remove unnecessary BUG_ON from __unbind_from_irq() Colin Ian King (1): libata: zpodd: make arrays cdb static, reduces object code size Corey Minyard (1): ipmi:bt: Set the timeout before doing a capabilities check Dan Carpenter (1): libata: zpodd: small read overflow in eject_tray() Dan Williams (1): x86/spectre_v1: Disable compiler optimizations over array_index_mask_nospec() Daniel Glöckner (1): usb: musb: fix remote wakeup racing with suspend Daniel Wagner (1): serial: sh-sci: Use spin_{try}lock_irqsave instead of open coding version Dave Wysochanski (1): NFSv4: Fix possible 1-byte stack overflow in nfs_idmap_read_and_verify_message David Rivshin (1): ARM: 8764/1: kgdb: fix NUMREGBYTES so that gdb_regs[] is the correct size Dennis Wassenberg (2): ALSA: hda: add dock and led support for HP EliteBook 830 G5 ALSA: hda: add dock and led support for HP ProBook 640 G4 Eric Dumazet (2): xfrm6: avoid potential infinite loop in _decode_session6() tcp: do not overshoot window_clamp in tcp_rcv_space_adjust() Eric W. Biederman (1): signal/xtensa: Consistenly use SIGBUS in do_unaligned_user Finn Thain (1): net/sonic: Use dma_mapping_error() Florian Westphal (1): xfrm: skip policies marked as dead while rehashing Frank van der Linden (1): tcp: verify the checksum of the first data segment in a new connection Gautham R. Shenoy (1): cpuidle: powernv: Fix promotion from snooze if next state disabled Geert Uytterhoeven (2): lib/vsprintf: Remove atomic-unsafe support for %pCr time: Make sure jiffies_to_msecs() preserves non-zero time periods Greg Kroah-Hartman (1): Linux 4.4.139 Hans de Goede (1): libata: Drop SanDisk SD7UB3Q*G1001 NOLPM quirk Himanshu Madhani (1): scsi: qla2xxx: Fix setting lower transfer speed if GPSC fails Huacai Chen (1): MIPS: io: Add barrier after register read in inX() Ingo Flaschberger (1): 1wire: family module autoload fails because of upper/lower case mismatch. Ivan Bornyakov (1): atm: zatm: fix memcmp casting Jan Kara (2): ext4: fix fencepost error in check for inode count overflow during resize udf: Detect incorrect directory size Joakim Tjernlund (4): mtd: cfi_cmdset_0002: Use right chip in do_ppb_xxlock() mtd: cfi_cmdset_0002: fix SEGV unlocking multiple chips mtd: cfi_cmdset_0002: Fix unlocking requests crossing a chip boudary mtd: cfi_cmdset_0002: Avoid walking all chips when unlocking. Johan Hovold (3): backlight: as3711_bl: Fix Device Tree node lookup backlight: max8925_bl: Fix Device Tree node lookup backlight: tps65217_bl: Fix Device Tree node lookup Josh Hill (1): net: qmi_wwan: Add Netgear Aircard 779S Julian Anastasov (1): ipvs: fix buffer overflow with sync daemon and service Kai-Heng Feng (1): media: cx231xx: Add support for AverMedia DVD EZMaker 7 Kees Cook (1): video: uvesafb: Fix integer overflow in allocation Keith Busch (1): block: Fix transfer when chunk sectors exceeds max Leon Romanovsky (1): RDMA/mlx4: Discard unknown SQP work requests Liu Bo (2): Btrfs: make raid6 rebuild retry more Btrfs: fix unexpected cow in run_delalloc_nocow Lukas Czerner (1): ext4: update mtime in ext4_punch_hole even if no blocks are released Mahesh Salgaonkar (1): powerpc/fadump: Unregister fadump on kexec down path. Martin Kelly (1): iio:buffer: make length types match kfifo types Matthias Schiffer (1): mips: ftrace: fix static function graph tracing Mauro Carvalho Chehab (2): media: v4l2-compat-ioctl32: prevent go past max size media: dvb_frontend: fix locking issues at dvb_frontend_get_event() Maxim Moseychuk (1): usb: do not reset if a low-speed or full-speed device timed out Maxime Chevallier (1): spi: Fix scatterlist elements size in spi_map_buf Michael Neuling (2): powerpc/ptrace: Fix setting 512B aligned breakpoints with PTRACE_SET_DEBUGREG powerpc/ptrace: Fix enforcement of DAWR constraints Michael Schmitz (1): m68k/mm: Adjust VM area to be unmapped by gap size for __iounmap() Mika Westerberg (1): PCI: pciehp: Clear Presence Detect and Data Link Layer Status Changed on resume Mike Marciniszyn (1): IB/qib: Fix DMA api warning with debug kernel Mike Snitzer (1): dm thin: handle running out of data space vs concurrent discard Miklos Szeredi (2): fuse: atomic_o_trunc should truncate pagecache fuse: fix control dir setup and teardown Mikulas Patocka (1): branch-check: fix long->int truncation when profiling branches NeilBrown (1): md: fix two problems with setting the "re-add" device state. Omar Sandoval (1): Btrfs: fix clone vs chattr NODATASUM race Paolo Abeni (1): netfilter: ebtables: handle string from userspace with care Qu Wenruo (1): btrfs: scrub: Don't use inode pages for device replace Richard Weinberger (1): ubi: fastmap: Cancel work upon detach Robert Elliott (1): linvdimm, pmem: Preserve read-only setting for pmem devices Sasha Levin (1): Revert "Btrfs: fix scrub to repair raid6 corruption" Scott Mayhew (1): nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir Silvio Cesare (1): UBIFS: Fix potential integer overflow in allocation Srinivas Kandagatla (1): ASoC: dapm: delete dapm_kcontrol_data paths list before freeing it Stefan M Schaeckeler (1): of: unittest: for strings, account for trailing \0 in property length field Stefan Potyra (1): w1: mxc_w1: Enable clock before calling clk_get_rate() on it Steffen Maier (7): scsi: zfcp: fix missing SCSI trace for result of eh_host_reset_handler scsi: zfcp: fix missing SCSI trace for retry of abort / scsi_eh TMF scsi: zfcp: fix misleading REC trigger trace where erp_action setup failed scsi: zfcp: fix missing REC trigger trace on terminate_rport_io early return scsi: zfcp: fix missing REC trigger trace on terminate_rport_io for ERP_FAILED scsi: zfcp: fix missing REC trigger trace for all objects in ERP_FAILED scsi: zfcp: fix missing REC trigger trace on enqueue without ERP thread Szymon Janc (1): Bluetooth: Fix connection if directed advertising and privacy is used Takashi Iwai (1): ALSA: hda/realtek - Add a quirk for FSC ESPRIMO U9210 Tao Wang (1): cpufreq: Fix new policy initialization during limits updates via sysfs Tetsuo Handa (2): driver core: Don't ignore class_dir_create_and_add() failure. fuse: don't keep dead fuse_conn at fuse_fill_super(). Thadeu Lima de Souza Cascardo (1): fs/binfmt_misc.c: do not allow offset overflow Tobias Brunner (1): xfrm: Ignore socket policies when rebuilding hash tables Tokunori Ikegami (2): mtd: cfi_cmdset_0002: Change write buffer to check correct value MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum Xiangning Yu (1): bonding: re-evaluate force_primary when the primary slave name changes

7 years, 2 months

1
1
0 0

Linux 3.18.114

by Greg KH

I'm announcing the release of the 3.18.114 kernel. All users of the 3.18 kernel series must upgrade. The updated 3.18.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-3.18.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 7 - arch/arm/boot/compressed/head.S | 16 +-- arch/arm/include/asm/kgdb.h | 2 arch/arm/mach-davinci/board-dm355-evm.c | 6 + arch/arm/mach-davinci/board-dm646x-evm.c | 3 arch/arm/mach-keystone/pm_domain.c | 1 arch/arm64/kernel/ptrace.c | 6 - arch/hexagon/include/asm/io.h | 6 + arch/hexagon/lib/checksum.c | 1 arch/m68k/mm/kmap.c | 3 arch/mips/bcm47xx/setup.c | 6 + arch/mips/include/asm/io.h | 4 arch/mips/include/asm/mipsregs.h | 3 arch/mips/kernel/mcount.S | 27 ++---- arch/parisc/kernel/time.c | 2 arch/powerpc/kernel/entry_64.S | 1 arch/powerpc/kernel/fadump.c | 3 arch/powerpc/kernel/hw_breakpoint.c | 4 arch/powerpc/kernel/ptrace.c | 1 arch/x86/kernel/cpu/intel.c | 3 arch/xtensa/kernel/traps.c | 2 drivers/ata/libata-core.c | 3 drivers/ata/libata-eh.c | 4 drivers/ata/libata-zpodd.c | 4 drivers/char/agp/uninorth-agp.c | 4 drivers/char/ipmi/ipmi_bt_sm.c | 3 drivers/gpu/drm/msm/msm_gem.c | 20 ++-- drivers/gpu/drm/omapdrm/omap_dmm_tiler.c | 6 + drivers/i2c/busses/i2c-pmcmsp.c | 4 drivers/i2c/busses/i2c-viperboard.c | 2 drivers/md/dm-thin.c | 11 ++ drivers/media/dvb-core/dvb_frontend.c | 23 +++-- drivers/media/usb/cx231xx/cx231xx-cards.c | 3 drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 2 drivers/mtd/chips/cfi_cmdset_0002.c | 21 ++-- drivers/net/can/dev.c | 2 drivers/net/phy/marvell.c | 9 ++ drivers/pci/hotplug/pciehp.h | 2 drivers/pci/hotplug/pciehp_core.c | 2 drivers/pci/hotplug/pciehp_hpc.c | 13 ++ drivers/s390/net/smsgiucv.c | 2 drivers/scsi/isci/port_config.c | 3 drivers/scsi/qla2xxx/qla_init.c | 3 drivers/scsi/scsi_transport_iscsi.c | 29 ++++-- drivers/scsi/vmw_pvscsi.c | 2 drivers/usb/core/hub.c | 4 drivers/usb/musb/musb_host.c | 5 - drivers/usb/musb/musb_host.h | 7 + drivers/usb/musb/musb_virthub.c | 25 +++-- drivers/video/backlight/as3711_bl.c | 33 +++++-- drivers/video/backlight/max8925_bl.c | 4 drivers/video/backlight/tps65217_bl.c | 4 drivers/video/fbdev/uvesafb.c | 3 drivers/w1/masters/mxc_w1.c | 20 ++-- drivers/xen/events/events_base.c | 2 fs/binfmt_misc.c | 12 ++ fs/btrfs/scrub.c | 2 fs/ext4/inode.c | 36 ++++---- fs/ext4/resize.c | 2 fs/fuse/dir.c | 13 ++ fs/fuse/inode.c | 1 fs/isofs/inode.c | 3 fs/nfsd/nfs4xdr.c | 5 - fs/notify/fsnotify.c | 25 ++--- fs/ubifs/journal.c | 2 fs/udf/directory.c | 3 include/linux/blkdev.h | 4 include/linux/compiler.h | 2 kernel/kthread.c | 7 - kernel/time/time.c | 6 - net/ipv4/tcp_input.c | 2 net/key/af_key.c | 45 +++++++--- net/mac80211/mlme.c | 25 ++++- net/rds/ib_cm.c | 3 sound/pci/hda/hda_controller.c | 4 sound/soc/cirrus/edb93xx.c | 2 sound/soc/cirrus/ep93xx-i2s.c | 26 +++-- sound/soc/cirrus/snappercl15.c | 2 sound/soc/soc-dapm.c | 2 tools/Makefile | 20 +++- tools/net/bpf_dbg.c | 7 + tools/testing/selftests/ftrace/test.d/trigger/inter-event/trigger-multi-actions-accept.tc | 44 +++++++++ 82 files changed, 466 insertions(+), 230 deletions(-) Alexander Sverdlin (2): ASoC: cirrus: i2s: Fix LRCLK configuration ASoC: cirrus: i2s: Fix {TX|RX}LinCtrlData setup Amir Goldstein (1): fsnotify: fix ignore mask logic in send_to_group() Aneesh Kumar K.V (1): powerpc/mm/hash: Add missing isync prior to kernel stack SLB switch Arnd Bergmann (2): hexagon: add memset_io() helper hexagon: export csum_partial_copy_nocheck Baolin Wang (1): parisc: time: Convert read_persistent_clock() to read_persistent_clock64() Ben Hutchings (1): drm/msm: Fix possible null dereference on failure of get_pages() Bo Chen (1): ALSA: hda - Handle kzalloc() failure in snd_hda_attach_pcm_stream() Boris Ostrovsky (1): xen: Remove unnecessary BUG_ON from __unbind_from_irq() Chengguang Xu (1): isofs: fix potential memory leak in mount option parsing Chris Leech (1): scsi: iscsi: respond to netlink with unicast when appropriate Colin Ian King (2): scsi: isci: Fix infinite loop in while loop libata: zpodd: make arrays cdb static, reduces object code size Corey Minyard (1): ipmi:bt: Set the timeout before doing a capabilities check Dag Moxnes (1): rds: ib: Fix missing call to rds_ib_dev_put in rds_ib_setup_qp Dan Carpenter (1): libata: zpodd: small read overflow in eject_tray() Daniel Glöckner (1): usb: musb: fix remote wakeup racing with suspend David Rivshin (1): ARM: 8764/1: kgdb: fix NUMREGBYTES so that gdb_regs[] is the correct size Eric Dumazet (1): tcp: do not overshoot window_clamp in tcp_rcv_space_adjust() Eric W. Biederman (1): signal/xtensa: Consistenly use SIGBUS in do_unaligned_user Geert Uytterhoeven (1): time: Make sure jiffies_to_msecs() preserves non-zero time periods Greg Kroah-Hartman (1): Linux 3.18.114 Hans de Goede (1): libata: Drop SanDisk SD7UB3Q*G1001 NOLPM quirk Himanshu Madhani (1): scsi: qla2xxx: Fix setting lower transfer speed if GPSC fails Huacai Chen (1): MIPS: io: Add barrier after register read in inX() Ilan Peer (1): mac80211: Adjust SAE authentication timeout Jakob Unterwurzacher (1): can: dev: increase bus-off message severity Jan Kara (2): ext4: fix fencepost error in check for inode count overflow during resize udf: Detect incorrect directory size Jim Gill (1): scsi: vmw-pvscsi: return DID_BUS_BUSY for adapter-initated aborts Jingju Hou (1): net: phy: marvell: clear wol event before setting it Jiri Olsa (2): tools build: No need to make libapi for perf explicitly tools build: Fix Makefile(s) to properly invoke tools build Joakim Tjernlund (4): mtd: cfi_cmdset_0002: Use right chip in do_ppb_xxlock() mtd: cfi_cmdset_0002: fix SEGV unlocking multiple chips mtd: cfi_cmdset_0002: Fix unlocking requests crossing a chip boudary mtd: cfi_cmdset_0002: Avoid walking all chips when unlocking. Johan Hovold (3): backlight: as3711_bl: Fix Device Tree node lookup backlight: max8925_bl: Fix Device Tree node lookup backlight: tps65217_bl: Fix Device Tree node lookup John Fastabend (1): bpf: fix uninitialized variable in bpf tools Kai-Heng Feng (1): media: cx231xx: Add support for AverMedia DVD EZMaker 7 Kees Cook (1): video: uvesafb: Fix integer overflow in allocation Keith Busch (1): block: Fix transfer when chunk sectors exceeds max Kevin Easton (1): af_key: Always verify length of provided sadb_key Lukas Czerner (1): ext4: update mtime in ext4_punch_hole even if no blocks are released Mahesh Salgaonkar (1): powerpc/fadump: Unregister fadump on kexec down path. Mark Rutland (1): arm64: ptrace: remove addr_limit manipulation Martin Schwidefsky (1): s390/smsgiucv: disable SMSG on module unload Masami Hiramatsu (1): selftests: ftrace: Add a testcase for multiple actions on trigger Mathieu Malaterre (2): driver core: add __printf verification to __ata_ehi_pushv_desc agp: uninorth: make two functions static Matthias Schiffer (1): mips: ftrace: fix static function graph tracing Mauro Carvalho Chehab (2): media: v4l2-compat-ioctl32: prevent go past max size media: dvb_frontend: fix locking issues at dvb_frontend_get_event() Maxim Moseychuk (1): usb: do not reset if a low-speed or full-speed device timed out Michael Neuling (2): powerpc/ptrace: Fix setting 512B aligned breakpoints with PTRACE_SET_DEBUGREG powerpc/ptrace: Fix enforcement of DAWR constraints Michael Schmitz (1): m68k/mm: Adjust VM area to be unmapped by gap size for __iounmap() Mika Westerberg (1): PCI: pciehp: Clear Presence Detect and Data Link Layer Status Changed on resume Mike Snitzer (1): dm thin: handle running out of data space vs concurrent discard Miklos Szeredi (1): fuse: atomic_o_trunc should truncate pagecache Mikulas Patocka (1): branch-check: fix long->int truncation when profiling branches Peter Rosin (3): i2c: pmcmsp: return message count on master_xfer success i2c: pmcmsp: fix error return from master_xfer i2c: viperboard: return message count on master_xfer success Peter Zijlstra (1): kthread, sched/wait: Fix kthread_parkme() wait-loop Qu Wenruo (1): btrfs: scrub: Don't use inode pages for device replace Russell King (1): ARM: keystone: fix platform_domain_notifier array overrun Scott Mayhew (1): nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir Sekhar Nori (2): ARM: davinci: board-dm355-evm: fix broken networking ARM: davinci: board-dm646x-evm: set VPIF capture card name Silvio Cesare (1): UBIFS: Fix potential integer overflow in allocation Sinan Kaya (1): MIPS: io: Add barrier after register read in readX() Srinivas Kandagatla (1): ASoC: dapm: delete dapm_kcontrol_data paths list before freeing it Stefan Potyra (1): w1: mxc_w1: Enable clock before calling clk_get_rate() on it Tetsuo Handa (1): fuse: don't keep dead fuse_conn at fuse_fill_super(). Thadeu Lima de Souza Cascardo (1): fs/binfmt_misc.c: do not allow offset overflow Tokunori Ikegami (2): mtd: cfi_cmdset_0002: Change write buffer to check correct value MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum Tomi Valkeinen (1): drm/omap: fix possible NULL ref issue in tiler_reserve_2d jacek.tomaka(a)poczta.fm (1): x86/cpu/intel: Add missing TLB cpuid values Łukasz Stelmach (1): ARM: 8753/1: decompressor: add a missing parameter to the addruart macro

7 years, 2 months

1
1
0 0

patch "mei: discard messages from not connected client during power down." added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled mei: discard messages from not connected client during power down. to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From b7a020bff31318fc8785e6f96b1d38c1625cf1fb Mon Sep 17 00:00:00 2001 From: Alexander Usyskin <alexander.usyskin(a)intel.com> Date: Thu, 7 Jun 2018 00:31:48 +0300 Subject: mei: discard messages from not connected client during power down. This fixes regression introduced by commit 8d52af6795c0 ("mei: speed up the power down flow") In power down or suspend flow a message can still be received from the FW because the clients fake disconnection. In normal case we interpret messages w/o destination as corrupted and link reset is performed in order to clean the channel, but during power down link reset is already in progress resulting in endless loop. To resolve the issue under power down flow we discard messages silently. Cc: <stable(a)vger.kernel.org> 4.16+ Fixes: 8d52af6795c0 ("mei: speed up the power down flow") Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=199541 Signed-off-by: Alexander Usyskin <alexander.usyskin(a)intel.com> Signed-off-by: Tomas Winkler <tomas.winkler(a)intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/misc/mei/interrupt.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/misc/mei/interrupt.c b/drivers/misc/mei/interrupt.c index b0b8f18a85e3..6649f0d56d2f 100644 --- a/drivers/misc/mei/interrupt.c +++ b/drivers/misc/mei/interrupt.c @@ -310,8 +310,11 @@ int mei_irq_read_handler(struct mei_device *dev, if (&cl->link == &dev->file_list) { /* A message for not connected fixed address clients * should be silently discarded + * On power down client may be force cleaned, + * silently discard such messages */ - if (hdr_is_fixed(mei_hdr)) { + if (hdr_is_fixed(mei_hdr) || + dev->dev_state == MEI_DEV_POWER_DOWN) { mei_irq_discard_msg(dev, mei_hdr); ret = 0; goto reset_slots; -- 2.18.0

7 years, 2 months

1
0
0 0

patch "Drivers: hv: vmbus: Fix the offer_in_progress in" added to char-misc-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled Drivers: hv: vmbus: Fix the offer_in_progress in to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the char-misc-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. >From 50229128727f7e11840ca1b2b501f880818d56b6 Mon Sep 17 00:00:00 2001 From: Dexuan Cui <decui(a)microsoft.com> Date: Tue, 5 Jun 2018 13:37:52 -0700 Subject: Drivers: hv: vmbus: Fix the offer_in_progress in vmbus_process_offer() I didn't really hit a real bug, but just happened to spot the bug: we have decreased the counter at the beginning of vmbus_process_offer(), so we mustn't decrease it again. Fixes: 6f3d791f3006 ("Drivers: hv: vmbus: Fix rescind handling issues") Signed-off-by: Dexuan Cui <decui(a)microsoft.com> Cc: stable(a)vger.kernel.org Cc: Stephen Hemminger <sthemmin(a)microsoft.com> Cc: K. Y. Srinivasan <kys(a)microsoft.com> Cc: Stable <stable(a)vger.kernel.org> # 4.14 and above Signed-off-by: K. Y. Srinivasan <kys(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/hv/channel_mgmt.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/drivers/hv/channel_mgmt.c b/drivers/hv/channel_mgmt.c index ecc2bd275a73..f3b551a50653 100644 --- a/drivers/hv/channel_mgmt.c +++ b/drivers/hv/channel_mgmt.c @@ -527,10 +527,8 @@ static void vmbus_process_offer(struct vmbus_channel *newchannel) struct hv_device *dev = newchannel->primary_channel->device_obj; - if (vmbus_add_channel_kobj(dev, newchannel)) { - atomic_dec(&vmbus_connection.offer_in_progress); + if (vmbus_add_channel_kobj(dev, newchannel)) goto err_free_chan; - } if (channel->sc_creation_callback != NULL) channel->sc_creation_callback(newchannel); -- 2.18.0

7 years, 2 months

1
0
0 0

patch "staging: rtl8723bs: Prevent an underflow in rtw_check_beacon_data()." added to staging-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled staging: rtl8723bs: Prevent an underflow in rtw_check_beacon_data(). to my staging git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git in the staging-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 920c92448839bd4f8eb87a92b08cad56d449caff Mon Sep 17 00:00:00 2001 From: Murray McAllister <murray.mcallister(a)insomniasec.com> Date: Mon, 2 Jul 2018 13:07:28 +1200 Subject: staging: rtl8723bs: Prevent an underflow in rtw_check_beacon_data(). Dan Carpenter reported an integer underflow issue in the rtl8188eu driver. This is also needed for the length (signed integer) in rtl8723bs, as it is later converted to an unsigned integer and used in a memcpy operation. Original issue is at https://patchwork.kernel.org/patch/9796371/ Reported-by: Dan Carpenter <dan.carpenter(a)oracle.com> Signed-off-by: Murray McAllister <murray.mcallister(a)insomniasec.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/staging/rtl8723bs/core/rtw_ap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/staging/rtl8723bs/core/rtw_ap.c b/drivers/staging/rtl8723bs/core/rtw_ap.c index 45c05527a57a..faf4b4158cfa 100644 --- a/drivers/staging/rtl8723bs/core/rtw_ap.c +++ b/drivers/staging/rtl8723bs/core/rtw_ap.c @@ -1051,7 +1051,7 @@ int rtw_check_beacon_data(struct adapter *padapter, u8 *pbuf, int len) return _FAIL; - if (len > MAX_IE_SZ) + if (len < 0 || len > MAX_IE_SZ) return _FAIL; pbss_network->IELength = len; -- 2.18.0

7 years, 2 months

3
2
0 0

[PATCH v5 0/7] powerpc/pseries: Machien check handler improvements.

by Mahesh J Salgaonkar

This patch series includes some improvement to Machine check handler for pseries. Patch 1 fixes a buffer overrun issue if rtas extended error log size is greater than RTAS_ERROR_LOG_MAX. Patch 2 fixes an issue where machine check handler crashes kernel while accessing vmalloc-ed buffer while in nmi context. Patch 3 fixes endain bug while restoring of r3 in MCE handler. Patch 5 implements a real mode mce handler and flushes the SLBs on SLB error. Patch 6 display's the MCE error details on console. Patch 7 saves and dumps the SLB contents on SLB MCE errors to improve the debugability. Change in V5: - Use min_t instead of max_t. - Fix an issue reported by kbuild test robot and addressed review comments. Change in V4: - Flush the SLBs in real mode mce handler to handle SLB errors for entry 0. - Allocate buffers per cpu to hold rtas error log and old slb contents. - Defer the logging of rtas error log to irq work queue. Change in V3: - Moved patch 5 to patch 2 Change in V2: - patch 3: Display additional info (NIP and task info) in MCE error details. - patch 5: Fix endain bug while restoring of r3 in MCE handler. --- Mahesh Salgaonkar (7): powerpc/pseries: Avoid using the size greater than powerpc/pseries: Defer the logging of rtas error to irq work queue. powerpc/pseries: Fix endainness while restoring of r3 in MCE handler. powerpc/pseries: Define MCE error event section. powerpc/pseries: flush SLB contents on SLB MCE errors. powerpc/pseries: Display machine check error details. powerpc/pseries: Dump the SLB contents on SLB MCE errors. arch/powerpc/include/asm/book3s/64/mmu-hash.h | 8 + arch/powerpc/include/asm/machdep.h | 1 arch/powerpc/include/asm/paca.h | 4 arch/powerpc/include/asm/rtas.h | 116 ++++++++++++ arch/powerpc/kernel/exceptions-64s.S | 42 ++++ arch/powerpc/kernel/mce.c | 16 +- arch/powerpc/mm/slb.c | 63 +++++++ arch/powerpc/platforms/powernv/opal.c | 1 arch/powerpc/platforms/pseries/pseries.h | 1 arch/powerpc/platforms/pseries/ras.c | 241 +++++++++++++++++++++++-- arch/powerpc/platforms/pseries/setup.c | 27 +++ 11 files changed, 499 insertions(+), 21 deletions(-) -- Signature

7 years, 2 months

3
4
0 0

[PATCH 1/2] misc: sram: fix resource leaks in probe error path

by Johan Hovold

Make sure to disable clocks and deregister any exported partitions before returning on late probe errors. Note that since commit ee895ccdf776 ("misc: sram: fix enabled clock leak on error path"), partitions are deliberately exported before enabling the clock so we stick to that logic here. A follow up patch will address this. Fixes: 2ae2e28852f2 ("misc: sram: add Atmel securam support") Cc: stable <stable(a)vger.kernel.org> # 4.9 Cc: Alexandre Belloni <alexandre.belloni(a)free-electrons.com> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/misc/sram.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/drivers/misc/sram.c b/drivers/misc/sram.c index c5dc6095686a..679647713e36 100644 --- a/drivers/misc/sram.c +++ b/drivers/misc/sram.c @@ -407,13 +407,20 @@ static int sram_probe(struct platform_device *pdev) if (init_func) { ret = init_func(); if (ret) - return ret; + goto err_disable_clk; } dev_dbg(sram->dev, "SRAM pool: %zu KiB @ 0x%p\n", gen_pool_size(sram->pool) / 1024, sram->virt_base); return 0; + +err_disable_clk: + if (sram->clk) + clk_disable_unprepare(sram->clk); + sram_free_partitions(sram); + + return ret; } static int sram_remove(struct platform_device *pdev) -- 2.18.0

7 years, 2 months

1
0
0 0

[PATCH 3.18 00/85] 3.18.114-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 3.18.114 release. There are 85 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Tue Jul 3 15:31:04 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v3.x/stable-review/patch-3.18.114-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-3.18.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 3.18.114-rc1 Mike Snitzer <snitzer(a)redhat.com> dm thin: handle running out of data space vs concurrent discard Keith Busch <keith.busch(a)intel.com> block: Fix transfer when chunk sectors exceeds max Jan Kara <jack(a)suse.cz> udf: Detect incorrect directory size Boris Ostrovsky <boris.ostrovsky(a)oracle.com> xen: Remove unnecessary BUG_ON from __unbind_from_irq() Kees Cook <keescook(a)chromium.org> video: uvesafb: Fix integer overflow in allocation Scott Mayhew <smayhew(a)redhat.com> nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir Mauro Carvalho Chehab <mchehab(a)s-opensource.com> media: dvb_frontend: fix locking issues at dvb_frontend_get_event() Kai-Heng Feng <kai.heng.feng(a)canonical.com> media: cx231xx: Add support for AverMedia DVD EZMaker 7 Mauro Carvalho Chehab <mchehab(a)s-opensource.com> media: v4l2-compat-ioctl32: prevent go past max size Johan Hovold <johan(a)kernel.org> backlight: tps65217_bl: Fix Device Tree node lookup Johan Hovold <johan(a)kernel.org> backlight: max8925_bl: Fix Device Tree node lookup Johan Hovold <johan(a)kernel.org> backlight: as3711_bl: Fix Device Tree node lookup Silvio Cesare <silvio.cesare(a)gmail.com> UBIFS: Fix potential integer overflow in allocation Himanshu Madhani <himanshu.madhani(a)cavium.com> scsi: qla2xxx: Fix setting lower transfer speed if GPSC fails Geert Uytterhoeven <geert(a)linux-m68k.org> time: Make sure jiffies_to_msecs() preserves non-zero time periods Huacai Chen <chenhc(a)lemote.com> MIPS: io: Add barrier after register read in inX() Mika Westerberg <mika.westerberg(a)linux.intel.com> PCI: pciehp: Clear Presence Detect and Data Link Layer Status Changed on resume Tokunori Ikegami <ikegami(a)allied-telesis.co.jp> MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum Joakim Tjernlund <joakim.tjernlund(a)infinera.com> mtd: cfi_cmdset_0002: Avoid walking all chips when unlocking. Joakim Tjernlund <joakim.tjernlund(a)infinera.com> mtd: cfi_cmdset_0002: Fix unlocking requests crossing a chip boudary Joakim Tjernlund <joakim.tjernlund(a)infinera.com> mtd: cfi_cmdset_0002: fix SEGV unlocking multiple chips Joakim Tjernlund <joakim.tjernlund(a)infinera.com> mtd: cfi_cmdset_0002: Use right chip in do_ppb_xxlock() Tokunori Ikegami <ikegami(a)allied-telesis.co.jp> mtd: cfi_cmdset_0002: Change write buffer to check correct value David Rivshin <DRivshin(a)allworx.com> ARM: 8764/1: kgdb: fix NUMREGBYTES so that gdb_regs[] is the correct size Mahesh Salgaonkar <mahesh(a)linux.vnet.ibm.com> powerpc/fadump: Unregister fadump on kexec down path. Michael Neuling <mikey(a)neuling.org> powerpc/ptrace: Fix enforcement of DAWR constraints Michael Neuling <mikey(a)neuling.org> powerpc/ptrace: Fix setting 512B aligned breakpoints with PTRACE_SET_DEBUGREG Aneesh Kumar K.V <aneesh.kumar(a)linux.ibm.com> powerpc/mm/hash: Add missing isync prior to kernel stack SLB switch Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> fuse: don't keep dead fuse_conn at fuse_fill_super(). Miklos Szeredi <mszeredi(a)redhat.com> fuse: atomic_o_trunc should truncate pagecache Corey Minyard <cminyard(a)mvista.com> ipmi:bt: Set the timeout before doing a capabilities check Mikulas Patocka <mpatocka(a)redhat.com> branch-check: fix long->int truncation when profiling branches Matthias Schiffer <mschiffer(a)universe-factory.net> mips: ftrace: fix static function graph tracing Alexander Sverdlin <alexander.sverdlin(a)gmail.com> ASoC: cirrus: i2s: Fix {TX|RX}LinCtrlData setup Alexander Sverdlin <alexander.sverdlin(a)gmail.com> ASoC: cirrus: i2s: Fix LRCLK configuration Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: dapm: delete dapm_kcontrol_data paths list before freeing it Maxim Moseychuk <franchesko.salias.hudro.pedros(a)gmail.com> usb: do not reset if a low-speed or full-speed device timed out Eric W. Biederman <ebiederm(a)xmission.com> signal/xtensa: Consistenly use SIGBUS in do_unaligned_user Michael Schmitz <schmitzmic(a)gmail.com> m68k/mm: Adjust VM area to be unmapped by gap size for __iounmap() Thadeu Lima de Souza Cascardo <cascardo(a)canonical.com> fs/binfmt_misc.c: do not allow offset overflow Stefan Potyra <Stefan.Potyra(a)elektrobit.com> w1: mxc_w1: Enable clock before calling clk_get_rate() on it Hans de Goede <hdegoede(a)redhat.com> libata: Drop SanDisk SD7UB3Q*G1001 NOLPM quirk Dan Carpenter <dan.carpenter(a)oracle.com> libata: zpodd: small read overflow in eject_tray() Colin Ian King <colin.king(a)canonical.com> libata: zpodd: make arrays cdb static, reduces object code size Bo Chen <chenbo(a)pdx.edu> ALSA: hda - Handle kzalloc() failure in snd_hda_attach_pcm_stream() Qu Wenruo <wqu(a)suse.com> btrfs: scrub: Don't use inode pages for device replace Jan Kara <jack(a)suse.cz> ext4: fix fencepost error in check for inode count overflow during resize Lukas Czerner <lczerner(a)redhat.com> ext4: update mtime in ext4_punch_hole even if no blocks are released Eric Dumazet <edumazet(a)google.com> tcp: do not overshoot window_clamp in tcp_rcv_space_adjust() Łukasz Stelmach <l.stelmach(a)samsung.com> ARM: 8753/1: decompressor: add a missing parameter to the addruart macro Helge Deller <deller(a)gmx.de> parisc: Move setup_profiling_timer() out of init section Sekhar Nori <nsekhar(a)ti.com> ARM: davinci: board-dm646x-evm: set VPIF capture card name Peter Rosin <peda(a)axentia.se> i2c: viperboard: return message count on master_xfer success Peter Rosin <peda(a)axentia.se> i2c: pmcmsp: fix error return from master_xfer Peter Rosin <peda(a)axentia.se> i2c: pmcmsp: return message count on master_xfer success Russell King <rmk+kernel(a)armlinux.org.uk> ARM: keystone: fix platform_domain_notifier array overrun Daniel Glöckner <dg(a)emlix.com> usb: musb: fix remote wakeup racing with suspend Mathieu Malaterre <malat(a)debian.org> agp: uninorth: make two functions static Jakob Unterwurzacher <jakob.unterwurzacher(a)theobroma-systems.com> can: dev: increase bus-off message severity Mathieu Malaterre <malat(a)debian.org> driver core: add __printf verification to __ata_ehi_pushv_desc Tomi Valkeinen <tomi.valkeinen(a)ti.com> drm/omap: fix possible NULL ref issue in tiler_reserve_2d Ilan Peer <ilan.peer(a)intel.com> mac80211: Adjust SAE authentication timeout Peter Zijlstra <peterz(a)infradead.org> kthread, sched/wait: Fix kthread_parkme() wait-loop Helge Deller <deller(a)gmx.de> parisc: drivers.c: Fix section mismatches Jim Gill <jgill(a)vmware.com> scsi: vmw-pvscsi: return DID_BUS_BUSY for adapter-initated aborts Arnd Bergmann <arnd(a)arndb.de> hexagon: export csum_partial_copy_nocheck Arnd Bergmann <arnd(a)arndb.de> hexagon: add memset_io() helper Sekhar Nori <nsekhar(a)ti.com> ARM: davinci: board-dm355-evm: fix broken networking John Fastabend <john.fastabend(a)gmail.com> bpf: fix uninitialized variable in bpf tools jacek.tomaka(a)poczta.fm <jacek.tomaka(a)poczta.fm> x86/cpu/intel: Add missing TLB cpuid values Dag Moxnes <dag.moxnes(a)oracle.com> rds: ib: Fix missing call to rds_ib_dev_put in rds_ib_setup_qp Masami Hiramatsu <mhiramat(a)kernel.org> selftests: ftrace: Add a testcase for multiple actions on trigger Mark Rutland <mark.rutland(a)arm.com> arm64: ptrace: remove addr_limit manipulation Jingju Hou <Jingju.Hou(a)synaptics.com> net: phy: marvell: clear wol event before setting it Colin Ian King <colin.king(a)canonical.com> scsi: isci: Fix infinite loop in while loop Baolin Wang <baolin.wang(a)linaro.org> parisc: time: Convert read_persistent_clock() to read_persistent_clock64() Ben Hutchings <ben.hutchings(a)codethink.co.uk> drm/msm: Fix possible null dereference on failure of get_pages() Chris Leech <cleech(a)redhat.com> scsi: iscsi: respond to netlink with unicast when appropriate Chengguang Xu <cgxu519(a)gmx.com> isofs: fix potential memory leak in mount option parsing Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390/smsgiucv: disable SMSG on module unload Sinan Kaya <okaya(a)codeaurora.org> MIPS: io: Add barrier after register read in readX() Amir Goldstein <amir73il(a)gmail.com> fsnotify: fix ignore mask logic in send_to_group() Kevin Easton <kevin(a)guarana.org> af_key: Always verify length of provided sadb_key Jiri Olsa <jolsa(a)kernel.org> tools build: Fix Makefile(s) to properly invoke tools build Jiri Olsa <jolsa(a)kernel.org> tools build: No need to make libapi for perf explicitly ------------- Diffstat: Makefile | 9 ++--- arch/arm/boot/compressed/head.S | 16 ++++---- arch/arm/include/asm/kgdb.h | 2 +- arch/arm/mach-davinci/board-dm355-evm.c | 6 +++ arch/arm/mach-davinci/board-dm646x-evm.c | 3 +- arch/arm/mach-keystone/pm_domain.c | 1 + arch/arm64/kernel/ptrace.c | 6 --- arch/hexagon/include/asm/io.h | 6 +++ arch/hexagon/lib/checksum.c | 1 + arch/m68k/mm/kmap.c | 3 +- arch/mips/bcm47xx/setup.c | 6 +++ arch/mips/include/asm/io.h | 4 ++ arch/mips/include/asm/mipsregs.h | 3 ++ arch/mips/kernel/mcount.S | 27 ++++++------- arch/parisc/kernel/drivers.c | 7 ++-- arch/parisc/kernel/smp.c | 3 +- arch/parisc/kernel/time.c | 2 +- arch/powerpc/kernel/entry_64.S | 1 + arch/powerpc/kernel/fadump.c | 3 ++ arch/powerpc/kernel/hw_breakpoint.c | 4 +- arch/powerpc/kernel/ptrace.c | 1 + arch/x86/kernel/cpu/intel.c | 3 ++ arch/xtensa/kernel/traps.c | 2 +- drivers/ata/libata-core.c | 3 -- drivers/ata/libata-eh.c | 4 +- drivers/ata/libata-zpodd.c | 4 +- drivers/char/agp/uninorth-agp.c | 4 +- drivers/char/ipmi/ipmi_bt_sm.c | 3 +- drivers/gpu/drm/msm/msm_gem.c | 20 +++++----- drivers/gpu/drm/omapdrm/omap_dmm_tiler.c | 6 ++- drivers/i2c/busses/i2c-pmcmsp.c | 4 +- drivers/i2c/busses/i2c-viperboard.c | 2 +- drivers/md/dm-thin.c | 11 +++++- drivers/media/dvb-core/dvb_frontend.c | 23 +++++++---- drivers/media/usb/cx231xx/cx231xx-cards.c | 3 ++ drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 2 +- drivers/mtd/chips/cfi_cmdset_0002.c | 21 +++++----- drivers/net/can/dev.c | 2 +- drivers/net/phy/marvell.c | 9 +++++ drivers/pci/hotplug/pciehp.h | 2 +- drivers/pci/hotplug/pciehp_core.c | 2 +- drivers/pci/hotplug/pciehp_hpc.c | 13 ++++++- drivers/s390/net/smsgiucv.c | 2 +- drivers/scsi/isci/port_config.c | 3 +- drivers/scsi/qla2xxx/qla_init.c | 3 +- drivers/scsi/scsi_transport_iscsi.c | 29 ++++++++------ drivers/scsi/vmw_pvscsi.c | 2 +- drivers/usb/core/hub.c | 4 +- drivers/usb/musb/musb_host.c | 5 ++- drivers/usb/musb/musb_host.h | 7 +++- drivers/usb/musb/musb_virthub.c | 25 +++++++----- drivers/video/backlight/as3711_bl.c | 33 +++++++++++----- drivers/video/backlight/max8925_bl.c | 4 +- drivers/video/backlight/tps65217_bl.c | 4 +- drivers/video/fbdev/uvesafb.c | 3 +- drivers/w1/masters/mxc_w1.c | 20 ++++++---- drivers/xen/events/events_base.c | 2 - fs/binfmt_misc.c | 12 ++++-- fs/btrfs/scrub.c | 2 +- fs/ext4/inode.c | 36 ++++++++--------- fs/ext4/resize.c | 2 +- fs/fuse/dir.c | 13 ++++++- fs/fuse/inode.c | 1 + fs/isofs/inode.c | 3 ++ fs/nfsd/nfs4xdr.c | 5 ++- fs/notify/fsnotify.c | 25 ++++++------ fs/ubifs/journal.c | 2 +- fs/udf/directory.c | 3 ++ include/linux/blkdev.h | 4 +- include/linux/compiler.h | 2 +- kernel/kthread.c | 7 ++-- kernel/time/time.c | 6 ++- net/ipv4/tcp_input.c | 2 +- net/key/af_key.c | 45 +++++++++++++++++----- net/mac80211/mlme.c | 25 ++++++++---- net/rds/ib_cm.c | 3 +- sound/pci/hda/hda_controller.c | 4 +- sound/soc/cirrus/edb93xx.c | 2 +- sound/soc/cirrus/ep93xx-i2s.c | 26 +++++++------ sound/soc/cirrus/snappercl15.c | 2 +- sound/soc/soc-dapm.c | 2 + tools/Makefile | 20 +++++++--- tools/net/bpf_dbg.c | 7 +++- .../inter-event/trigger-multi-actions-accept.tc | 44 +++++++++++++++++++++ 84 files changed, 472 insertions(+), 236 deletions(-)

7 years, 2 months

5
83
0 0

[PATCH V3] ARM: dts: omap3: Fix am3517 mdio and emac clock references

by Adam Ford

A previous patch removed OMAP clock aliases that were perceived to be unnecessary. Unfortunately, it broke the ethernet on the am3517-evm. This patch enables the MDIO clock and EMAC clock. Fixes: 0ed266d7ae5e ("clk: ti: omap3: cleanup unnecessary clock aliases") Cc: stable(a)vger.kernel.org #4.16+ Signed-off-by: Adam Ford <aford173(a)gmail.com> --- V3: Fix subject heading since we're no longer modifying the clk driver V2: Instead of modifying clk-3xxx.c, this patch modifie the device tree to work like the original patch intended. diff --git a/arch/arm/boot/dts/am3517.dtsi b/arch/arm/boot/dts/am3517.dtsi index ca294914bbb1..4b6062b631b1 100644 --- a/arch/arm/boot/dts/am3517.dtsi +++ b/arch/arm/boot/dts/am3517.dtsi @@ -39,6 +39,8 @@ ti,davinci-ctrl-ram-size = <0x2000>; ti,davinci-rmii-en = /bits/ 8 <1>; local-mac-address = [ 00 00 00 00 00 00 ]; + clocks = <&emac_ick>; + clock-names = "ick"; }; davinci_mdio: ethernet@5c030000 { @@ -49,6 +51,8 @@ bus_freq = <1000000>; #address-cells = <1>; #size-cells = <0>; + clocks = <&emac_fck>; + clock-names = "fck"; }; uart4: serial@4809e000 { -- 2.17.1

7 years, 2 months

3
2
0 0

[PATCH 4.17 000/220] 4.17.4-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.17.4 release. There are 220 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Tue Jul 3 16:08:27 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.17.4-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.17.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.17.4-rc1 Wenwen Wang <wang6495(a)umn.edu> virt: vbox: Only copy_from_user the request-header once Mike Snitzer <snitzer(a)redhat.com> dm thin: handle running out of data space vs concurrent discard Bart Van Assche <bart.vanassche(a)wdc.com> dm zoned: avoid triggering reclaim from inside dmz_map() Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> x86/efi: Fix efi_call_phys_epilog() with CONFIG_X86_5LEVEL=y Andy Lutomirski <luto(a)kernel.org> x86/entry/64/compat: Fix "x86/entry/64/compat: Preserve r8-r11 in int $0x80" Jann Horn <jannh(a)google.com> selinux: move user accesses in selinuxfs out of locked regions Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> x86/e820: put !E820_TYPE_RAM regions into memblock.reserved Bart Van Assche <bart.vanassche(a)wdc.com> block: Fix cloning of requests with a special payload Keith Busch <keith.busch(a)intel.com> block: Fix transfer when chunk sectors exceeds max Ross Zwisler <ross.zwisler(a)linux.intel.com> pmem: only set QUEUE_FLAG_DAX for fsdax mode Mike Snitzer <snitzer(a)redhat.com> dm: use bio_split() when splitting out the already processed bio Jason A. Donenfeld <Jason(a)zx2c4.com> kasan: depend on CONFIG_SLUB_DEBUG Mikulas Patocka <mpatocka(a)redhat.com> slub: fix failure when we delete and create a slab cache Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: gpio: initialize SCL to HIGH again Wolfram Sang <wsa+renesas(a)sang-engineering.com> Revert "i2c: algo-bit: init the bus to a known state" Hui Wang <hui.wang(a)canonical.com> ALSA: hda/realtek - Fix the problem of two front mics on more machines Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek - Add a quirk for FSC ESPRIMO U9210 Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek - Fix pop noise on Lenovo P50 & co Takashi Iwai <tiwai(a)suse.de> ALSA: hda - Force to link down at runtime suspend on ATI/AMD HDMI Takashi Iwai <tiwai(a)suse.de> ALSA: timer: Fix UBSAN warning at SNDRV_TIMER_IOCTL_NEXT_DEVICE ioctl ??? <kt.liao(a)emc.com.tw> Input: elantech - fix V4 report decoding for module with middle key Aaron Ma <aaron.ma(a)canonical.com> Input: elantech - enable middle button of touchpads on ThinkPad P52 Ben Hutchings <ben.hutchings(a)codethink.co.uk> Input: elan_i2c_smbus - fix more potential stack buffer overflows Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: psmouse - fix button reporting for basic protocols Enno Boland <gottox(a)voidlinux.eu> Input: xpad - fix GPD Win 2 controller name Jan Kara <jack(a)suse.cz> udf: Detect incorrect directory size Bartosz Golaszewski <bgolaszewski(a)baylibre.com> net: ethernet: fix suspend/resume in davinci_emac Boris Ostrovsky <boris.ostrovsky(a)oracle.com> xen: Remove unnecessary BUG_ON from __unbind_from_irq() Steven Rostedt (VMware) <rostedt(a)goodmis.org> tracing: Check for no filter when processing event filters Dan Williams <dan.j.williams(a)intel.com> mm: fix devmem_is_allowed() for sub-page System RAM intersections Jia He <jia.he(a)hxt-semitech.com> mm/ksm.c: ignore STABLE_FLAG of rmap_item->address in rmap_walk_ksm() Dongsheng Yang <dongsheng.yang(a)easystack.cn> rbd: flush rbd_dev->watch_dwork after watch is unregistered Hans de Goede <hdegoede(a)redhat.com> pwm: lpss: platform: Save/restore the ctrl register over a suspend/resume Alexandr Savca <alexandr.savca(a)saltedge.com> Input: elan_i2c - add ELAN0618 (Lenovo v330 15IKB) ACPI ID Hans de Goede <hdegoede(a)redhat.com> Input: silead - add MSSL0002 ACPI HID Hans de Goede <hdegoede(a)redhat.com> ACPI / LPSS: Add missing prv_offset setting for byt/cht PWM devices Kees Cook <keescook(a)chromium.org> video: uvesafb: Fix integer overflow in allocation Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Fix a typo in nfs41_sequence_process Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Revert commit 5f83d86cf531d ("NFSv4.x: Fix wraparound issues..") Dave Wysochanski <dwysocha(a)redhat.com> NFSv4: Fix possible 1-byte stack overflow in nfs_idmap_read_and_verify_message Scott Mayhew <smayhew(a)redhat.com> nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir Mauro Carvalho Chehab <mchehab(a)kernel.org> media: dvb_frontend: fix locking issues at dvb_frontend_get_event() Sean Young <sean(a)mess.org> media: rc: mce_kbd decoder: fix stuck keys Kai-Heng Feng <kai.heng.feng(a)canonical.com> media: cx231xx: Add support for AverMedia DVD EZMaker 7 Mauro Carvalho Chehab <mchehab(a)kernel.org> media: v4l2-compat-ioctl32: prevent go past max size Brad Love <brad(a)nextdimension.cc> media: cx231xx: Ignore an i2c mux adapter ming_qian <ming_qian(a)realsil.com.cn> media: uvcvideo: Support realtek's UVC 1.5 device Kieran Bingham <kieran.bingham+renesas(a)ideasonboard.com> media: vsp1: Release buffers for each video node Adrian Hunter <adrian.hunter(a)intel.com> perf intel-pt: Fix packet decoding of CYC packets Adrian Hunter <adrian.hunter(a)intel.com> perf intel-pt: Fix "Unexpected indirect branch" error Adrian Hunter <adrian.hunter(a)intel.com> perf intel-pt: Fix MTC timing after overflow Adrian Hunter <adrian.hunter(a)intel.com> perf intel-pt: Fix decoding to accept CBR between FUP and corresponding TIP Adrian Hunter <adrian.hunter(a)intel.com> perf intel-pt: Fix sync_switch INTEL_PT_SS_NOT_TRACING Adrian Hunter <adrian.hunter(a)intel.com> perf tools: Fix symbol and object code resolution for vdso32 and vdsox32 Sean Wang <sean.wang(a)mediatek.com> arm: dts: mt7623: fix invalid memory node being generated Sibi Sankar <sibis(a)codeaurora.org> remoteproc: Prevent incorrect rproc state on xfer mem ownership failure Jarkko Nikula <jarkko.nikula(a)linux.intel.com> mfd: intel-lpss: Fix Intel Cannon Lake LPSS I2C input clock Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> mfd: intel-lpss: Program REMAP register in PIO mode Peter Ujfalusi <peter.ujfalusi(a)ti.com> mfd: twl-core: Fix clock initialization Anton Ivanov <anton.ivanov(a)cambridgegreys.com> um: Fix raw interface options Anton Ivanov <anton.ivanov(a)cambridgegreys.com> um: Fix initialization of vector queues Chao Yu <yuchao0(a)huawei.com> f2fs: don't use GFP_ZERO for page caches Linus Torvalds <torvalds(a)linux-foundation.org> Revert "iommu/amd_iommu: Use CONFIG_DMA_DIRECT_OPS=y and dma_direct_{alloc,free}()" Johan Hovold <johan(a)kernel.org> backlight: tps65217_bl: Fix Device Tree node lookup Johan Hovold <johan(a)kernel.org> backlight: max8925_bl: Fix Device Tree node lookup Johan Hovold <johan(a)kernel.org> backlight: as3711_bl: Fix Device Tree node lookup Silvio Cesare <silvio.cesare(a)gmail.com> UBIFS: Fix potential integer overflow in allocation Richard Weinberger <richard(a)nod.at> ubi: fastmap: Correctly handle interrupted erasures in EBA Richard Weinberger <richard(a)nod.at> ubi: fastmap: Cancel work upon detach Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> rpmsg: smd: do not use mananged resources for endpoints and channels NeilBrown <neilb(a)suse.com> md: fix two problems with setting the "re-add" device state. Michael Trimarchi <michael(a)amarulasolutions.com> rtc: sun6i: Fix bit_idx value for clk_register_gate Marcin Ziemianowicz <marcin(a)ziemianowicz.com> clk: at91: PLL recalc_rate() now using cached MUL and DIV values Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> clk: meson: meson8b: mark fclk_div2 gate clocks as CLK_IS_CRITICAL Ross Zwisler <ross.zwisler(a)linux.intel.com> libnvdimm, pmem: Unconditionally deep flush on *sync Robert Elliott <elliott(a)hpe.com> linvdimm, pmem: Preserve read-only setting for pmem devices Steffen Maier <maier(a)linux.ibm.com> scsi: zfcp: fix missing REC trigger trace on enqueue without ERP thread Steffen Maier <maier(a)linux.ibm.com> scsi: zfcp: fix missing REC trigger trace for all objects in ERP_FAILED Steffen Maier <maier(a)linux.ibm.com> scsi: zfcp: fix missing REC trigger trace on terminate_rport_io for ERP_FAILED Steffen Maier <maier(a)linux.ibm.com> scsi: zfcp: fix missing REC trigger trace on terminate_rport_io early return Steffen Maier <maier(a)linux.ibm.com> scsi: zfcp: fix misleading REC trigger trace where erp_action setup failed Steffen Maier <maier(a)linux.ibm.com> scsi: zfcp: fix missing SCSI trace for retry of abort / scsi_eh TMF Steffen Maier <maier(a)linux.ibm.com> scsi: zfcp: fix missing SCSI trace for result of eh_host_reset_handler Mikhail Malygin <m.malygin(a)yadro.com> scsi: qla2xxx: Spinlock recursion in qla_target Anil Gurumurthy <anil.gurumurthy(a)cavium.com> scsi: qla2xxx: Mask off Scope bits in retry delay Himanshu Madhani <himanshu.madhani(a)cavium.com> scsi: qla2xxx: Fix setting lower transfer speed if GPSC fails Quinn Tran <quinn.tran(a)cavium.com> scsi: qla2xxx: Delete session for nport id change Sinan Kaya <okaya(a)codeaurora.org> scsi: hpsa: disable device during shutdown Luis Henriques <lhenriques(a)suse.com> scsi: scsi_debug: Fix memory leak on module unload Dan Williams <dan.j.williams(a)intel.com> mm: fix __gup_device_huge vs unmap Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> iio: sca3000: Fix an error handling path in 'sca3000_probe()' Alexandru Ardelean <alexandru.ardelean(a)analog.com> iio: adc: ad7791: remove sample freq sysfs attributes Filipe Manana <fdmanana(a)suse.com> Btrfs: fix return value on rename exchange failure Maciej S. Szmigiero <mail(a)maciej.szmigiero.name> X.509: unpack RSA signatureValue field from BIT STRING Waiman Long <longman(a)redhat.com> locking/rwsem: Fix up_read_non_owner() warning with DEBUG_RWSEMS Yang Yingliang <yangyingliang(a)huawei.com> irqchip/gic-v3-its: Don't bind LPI to unavailable NUMA node Geert Uytterhoeven <geert(a)linux-m68k.org> time: Make sure jiffies_to_msecs() preserves non-zero time periods Huacai Chen <chenhc(a)lemote.com> MIPS: io: Add barrier after register read in inX() Linus Walleij <linus.walleij(a)linaro.org> MIPS: pb44: Fix i2c-gpio GPIO descriptor table Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> cpufreq: intel_pstate: Fix scaling max/min limits with Turbo 3.0 Fabio Estevam <fabio.estevam(a)nxp.com> pinctrl: devicetree: Fix pctldev pointer overwrite Paweł Chmiel <pawel.mikolaj.chmiel(a)gmail.com> pinctrl: samsung: Correct EINTG banks order Terry Zhou <bjzhou(a)marvell.com> pinctrl: armada-37xx: Fix spurious irq management Randy Dunlap <rdunlap(a)infradead.org> auxdisplay: fix broken menu Mika Westerberg <mika.westerberg(a)linux.intel.com> PCI: Account for all bridges on bus when distributing bus numbers Mika Westerberg <mika.westerberg(a)linux.intel.com> PCI: pciehp: Clear Presence Detect and Data Link Layer Status Changed on resume Mika Westerberg <mika.westerberg(a)linux.intel.com> PCI: Add ACS quirk for Intel 300 series Alex Williamson <alex.williamson(a)redhat.com> PCI: Add ACS quirk for Intel 7th & 8th Gen mobile Sridhar Pitchai <Sridhar.Pitchai(a)microsoft.com> PCI: hv: Make sure the bus domain is really unique Jae Hyun Yoo <jae.hyun.yoo(a)linux.intel.com> clk:aspeed: Fix reset bits for PCI/VGA and PECI Tokunori Ikegami <ikegami(a)allied-telesis.co.jp> MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum Joakim Tjernlund <joakim.tjernlund(a)infinera.com> mtd: cfi_cmdset_0002: Avoid walking all chips when unlocking. Joakim Tjernlund <joakim.tjernlund(a)infinera.com> mtd: cfi_cmdset_0002: Fix unlocking requests crossing a chip boudary Joakim Tjernlund <joakim.tjernlund(a)infinera.com> mtd: cfi_cmdset_0002: fix SEGV unlocking multiple chips Joakim Tjernlund <joakim.tjernlund(a)infinera.com> mtd: cfi_cmdset_0002: Use right chip in do_ppb_xxlock() Mason Yang <masonccyang(a)mxic.com.tw> mtd: rawnand: All AC chips have a broken GET_FEATURES(TIMINGS). Chris Packham <chris.packham(a)alliedtelesis.co.nz> mtd: rawnand: micron: add ONFI_FEATURE_ON_DIE_ECC to supported features Martin Kaiser <martin(a)kaiser.cx> mtd: rawnand: mxc: set spare area size register explicitly Abhishek Sahu <absahu(a)codeaurora.org> mtd: rawnand: fix return value check for bad block status Masahiro Yamada <yamada.masahiro(a)socionext.com> mtd: rawnand: denali_dt: set clk_x_rate to 200 MHz unconditionally Tokunori Ikegami <ikegami(a)allied-telesis.co.jp> mtd: cfi_cmdset_0002: Change write buffer to check correct value Boris Brezillon <boris.brezillon(a)bootlin.com> mtd: rawnand: Do not check FAIL bit when executing a SET_FEATURES op Bharat Potnuri <bharat(a)chelsio.com> RDMA/core: Save kernel caller name when creating CQ using ib_create_cq() Chuck Lever <chuck.lever(a)oracle.com> xprtrdma: Return -ENOBUFS when no pages are available Leon Romanovsky <leon(a)kernel.org> RDMA/mlx4: Discard unknown SQP work requests Jason Gunthorpe <jgg(a)ziepe.ca> IB/uverbs: Fix ordering of ucontext check in ib_uverbs_write Mike Marciniszyn <mike.marciniszyn(a)intel.com> IB/hfi1: Fix user context tail allocation for DMA_RTAIL Sebastian Sanchez <sebastian.sanchez(a)intel.com> IB/hfi1: Optimize kthread pointer locking when queuing CQ entries Michael J. Ruhl <michael.j.ruhl(a)intel.com> IB/hfi1: Reorder incorrect send context disable Mike Marciniszyn <mike.marciniszyn(a)intel.com> IB/hfi1: Fix fault injection init/exit issues Max Gurtovoy <maxg(a)mellanox.com> IB/isert: fix T10-pi check mask setting Alex Estrin <alex.estrin(a)intel.com> IB/isert: Fix for lib/dma_debug check_sync warning Erez Shitrit <erezsh(a)mellanox.com> IB/mlx5: Fetch soft WQE's on fatal error state Jack Morgenstein <jackm(a)dev.mellanox.co.il> IB/core: Make testing MR flags for writability a static inline function Jack Morgenstein <jackm(a)dev.mellanox.co.il> IB/mlx4: Mark user MR as writable if actual virtual memory is writable Alex Estrin <alex.estrin(a)intel.com> IB/{hfi1, qib}: Add handling of kernel restart Mike Marciniszyn <mike.marciniszyn(a)intel.com> IB/qib: Fix DMA api warning with debug kernel Hans de Goede <hdegoede(a)redhat.com> efi/libstub/tpm: Initialize efi_physical_addr_t vars to zero for mixed mode Tadeusz Struk <tadeusz.struk(a)intel.com> tpm: fix race condition in tpm_common_write() Tadeusz Struk <tadeusz.struk(a)intel.com> tpm: fix use after free in tpm2_load_context() Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> of: platform: stop accessing invalid dev in of_platform_device_destroy Stefan M Schaeckeler <sschaeck(a)cisco.com> of: unittest: for strings, account for trailing \0 in property length field Frank Rowand <frank.rowand(a)sony.com> of: overlay: validate offset from property fixups Kevin Hilman <khilman(a)baylibre.com> ARM64: dts: meson-gx: fix ATF reserved memory region Jerome Brunet <jbrunet(a)baylibre.com> ARM64: dts: meson: disable sd-uhs modes on the libretech-cc Thor Thayer <thor.thayer(a)linux.intel.com> arm64: dts: stratix10: Fix SPI nodes for Stratix10 Miquel Raynal <miquel.raynal(a)bootlin.com> arm64: dts: marvell: fix CP110 ICU node size Will Deacon <will.deacon(a)arm.com> arm64: mm: Ensure writes to swapper are ordered wrt subsequent cache maintenance Will Deacon <will.deacon(a)arm.com> arm64: kpti: Use early_param for kpti= command-line option Jia He <hejianet(a)gmail.com> crypto: arm64/aes-blk - fix and move skcipher_walk_done out of kernel_neon_begin, _end Dave Martin <Dave.Martin(a)arm.com> arm64: Fix syscall restarting around signal suppressed by tracer Joel Fernandes (Google) <joel(a)joelfernandes.org> softirq: Reorder trace_softirqs_on to prevent lockdep splat Michael Buesch <m(a)bues.ch> hwrng: core - Always drop the RNG in hwrng_unregister() Dinh Nguyen <dinguyen(a)kernel.org> ARM: dts: socfpga: Fix NAND controller node compatible for Arria10 Marek Vasut <marex(a)denx.de> ARM: dts: socfpga: Fix NAND controller clock supply Marek Vasut <marex(a)denx.de> ARM: dts: socfpga: Fix NAND controller node compatible Thor Thayer <thor.thayer(a)linux.intel.com> ARM: dts: Fix SPI node for Arria10 Chen-Yu Tsai <wens(a)csie.org> ARM: dts: sun8i: h3: fix ALL-H3-CC H3 ver VCC-1V2 regulator voltage Icenowy Zheng <icenowy(a)aosc.io> ARM: dts: sun8i: h3: fix ALL-H3-CC H3 ver VDD-CPUX voltage David Rivshin <DRivshin(a)allworx.com> ARM: 8764/1: kgdb: fix NUMREGBYTES so that gdb_regs[] is the correct size Vaibhav Jain <vaibhav(a)linux.ibm.com> cxl: Disable prefault_mode in Radix mode Vaibhav Jain <vaibhav(a)linux.vnet.ibm.com> cxl: Configure PSL to not use APC virtual machines Michael Ellerman <mpe(a)ellerman.id.au> powerpc/64s: Fix DT CPU features Power9 DD2.1 logic Michael Jeanson <mjeanson(a)efficios.com> powerpc/e500mc: Set assembler machine type to e500mc Nicholas Piggin <npiggin(a)gmail.com> powerpc/64s/radix: Fix radix_kvm_prefetch_workaround paca access of not possible CPU Finley Xiao <finley.xiao(a)rock-chips.com> soc: rockchip: power-domain: Fix wrong value when power up pd with writemask Ross Zwisler <ross.zwisler(a)linux.intel.com> libnvdimm, pmem: Do not flush power-fail protected CPU caches Mahesh Salgaonkar <mahesh(a)linux.vnet.ibm.com> powerpc/fadump: Unregister fadump on kexec down path. Gautham R. Shenoy <ego(a)linux.vnet.ibm.com> cpuidle: powernv: Fix promotion from snooze if next state disabled Akshay Adiga <akshay.adiga(a)linux.vnet.ibm.com> powerpc/powernv/cpuidle: Init all present cpus for deep states Haren Myneni <haren(a)us.ibm.com> powerpc/powernv: copy/paste - Mask SO bit in CR Alexey Kardashevskiy <aik(a)ozlabs.ru> powerpc/powernv/ioda2: Remove redundant free of TCE pages Michael Neuling <mikey(a)neuling.org> powerpc/ptrace: Fix enforcement of DAWR constraints Anju T Sudhakar <anju(a)linux.vnet.ibm.com> powerpc/perf: Fix memory allocation for core-imc based on num_possible_cpus() Michael Neuling <mikey(a)neuling.org> powerpc/ptrace: Fix setting 512B aligned breakpoints with PTRACE_SET_DEBUGREG Ram Pai <linuxram(a)us.ibm.com> powerpc/pkeys: Detach execute_only key on !PROT_EXEC Aneesh Kumar K.V <aneesh.kumar(a)linux.ibm.com> powerpc/mm/hash: Add missing isync prior to kernel stack SLB switch Miklos Szeredi <mszeredi(a)redhat.com> fuse: fix control dir setup and teardown Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> fuse: don't keep dead fuse_conn at fuse_fill_super(). Miklos Szeredi <mszeredi(a)redhat.com> fuse: atomic_o_trunc should truncate pagecache Tejun Heo <tj(a)kernel.org> fuse: fix congested state leak on aborted connections Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> printk: fix possible reuse of va_list variable Amit Pundir <amit.pundir(a)linaro.org> Bluetooth: hci_qca: Avoid missing rampatch failure with userspace fw loader Corey Minyard <cminyard(a)mvista.com> ipmi:bt: Set the timeout before doing a capabilities check Mikulas Patocka <mpatocka(a)redhat.com> branch-check: fix long->int truncation when profiling branches Matthias Schiffer <mschiffer(a)universe-factory.net> mips: ftrace: fix static function graph tracing Steven Rostedt (VMware) <rostedt(a)goodmis.org> ftrace/selftest: Have the reset_trigger code be a bit more careful Geert Uytterhoeven <geert+renesas(a)glider.be> lib/vsprintf: Remove atomic-unsafe support for %pCr Geert Uytterhoeven <geert+renesas(a)glider.be> clk: renesas: cpg-mssr: Stop using printk format %pCr Geert Uytterhoeven <geert+renesas(a)glider.be> thermal: bcm2835: Stop using printk format %pCr Alexander Sverdlin <alexander.sverdlin(a)gmail.com> ASoC: cirrus: i2s: Fix {TX|RX}LinCtrlData setup Alexander Sverdlin <alexander.sverdlin(a)gmail.com> ASoC: cirrus: i2s: Fix LRCLK configuration Kai Chieh Chuang <kaichieh.chuang(a)mediatek.com> ASoC: mediatek: preallocate pages use platform device Paul Handrigan <Paul.Handrigan(a)cirrus.com> ASoC: cs35l35: Add use_single_rw to regmap config Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: dapm: delete dapm_kcontrol_data paths list before freeing it Ingo Flaschberger <ingo.flaschberger(a)gmail.com> 1wire: family module autoload fails because of upper/lower case mismatch. Maxim Moseychuk <franchesko.salias.hudro.pedros(a)gmail.com> usb: do not reset if a low-speed or full-speed device timed out Wolfram Sang <wsa+renesas(a)sang-engineering.com> mmc: renesas_sdhi: really fix WP logic regressions Waldemar Rymarkiewicz <waldemar.rymarkiewicz(a)gmail.com> PM / OPP: Update voltage in case freq == old_freq Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM / core: Fix supplier device runtime PM usage counter imbalance Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> ACPI / LPSS: Avoid PM quirks on suspend and resume from S3 Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PCI / PM: Do not clear state_saved for devices that remain suspended Ulf Hansson <ulf.hansson(a)linaro.org> PM / Domains: Fix error path during attach in genpd Eric W. Biederman <ebiederm(a)xmission.com> signal/xtensa: Consistenly use SIGBUS in do_unaligned_user Daniel Wagner <daniel.wagner(a)siemens.com> serial: sh-sci: Use spin_{try}lock_irqsave instead of open coding version Mika Westerberg <mika.westerberg(a)linux.intel.com> mtd: spi-nor: intel-spi: Fix atomic sequence handling Guenter Roeck <linux(a)roeck-us.net> hwmon: (k10temp) Add support for Stoney Ridge and Bristol Ridge CPUs Dmitry Torokhov <dmitry.torokhov(a)gmail.com> platform/chrome: cros_ec_lpc: do not try DMI match when ACPI device found Finn Thain <fthain(a)telegraphics.com.au> m68k/mac: Fix SWIM memory resource end address Michael Schmitz <schmitzmic(a)gmail.com> m68k/mm: Adjust VM area to be unmapped by gap size for __iounmap() Siarhei Liakh <Siarhei.Liakh(a)concurrent-rt.com> x86: Call fixup_exception() before notify_die() in math_error() Borislav Petkov <bp(a)suse.de> x86/mce: Do not overwrite MCi_STATUS in mce_no_way_out() Tony Luck <tony.luck(a)intel.com> x86/mce: Fix incorrect "Machine check from unknown source" message Tony Luck <tony.luck(a)intel.com> x86/mce: Check for alternate indication of machine check recovery on Skylake Tony Luck <tony.luck(a)intel.com> x86/mce: Improve error message when kernel cannot recover mike.travis(a)hpe.com <mike.travis(a)hpe.com> x86/platform/UV: Add kernel parameter to set memory block size mike.travis(a)hpe.com <mike.travis(a)hpe.com> x86/platform/UV: Use new set memory block size function mike.travis(a)hpe.com <mike.travis(a)hpe.com> x86/platform/UV: Add adjustable set memory block size function Juergen Gross <jgross(a)suse.com> x86/xen: Add call of speculative_store_bypass_ht_init() to PV paths Dan Williams <dan.j.williams(a)intel.com> x86/spectre_v1: Disable compiler optimizations over array_index_mask_nospec() ------------- Diffstat: Documentation/ABI/testing/sysfs-class-cxl | 4 +- Documentation/core-api/printk-formats.rst | 3 +- Makefile | 4 +- arch/arm/boot/dts/mt7623.dtsi | 3 +- arch/arm/boot/dts/mt7623n-bananapi-bpi-r2.dts | 1 + arch/arm/boot/dts/mt7623n-rfb.dtsi | 1 + arch/arm/boot/dts/socfpga.dtsi | 4 +- arch/arm/boot/dts/socfpga_arria10.dtsi | 5 +- arch/arm/boot/dts/sun8i-h3-libretech-all-h3-cc.dts | 8 +- arch/arm/include/asm/kgdb.h | 2 +- arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi | 6 +- arch/arm64/boot/dts/amlogic/meson-gx.dtsi | 6 + .../dts/amlogic/meson-gxl-s905x-libretech-cc.dts | 3 - arch/arm64/boot/dts/amlogic/meson-gxl.dtsi | 8 -- arch/arm64/boot/dts/marvell/armada-cp110.dtsi | 2 +- arch/arm64/crypto/aes-glue.c | 2 +- arch/arm64/kernel/cpufeature.c | 2 +- arch/arm64/kernel/signal.c | 5 +- arch/arm64/mm/proc.S | 5 +- arch/m68k/mac/config.c | 2 +- arch/m68k/mm/kmap.c | 3 +- arch/mips/ath79/mach-pb44.c | 2 +- arch/mips/bcm47xx/setup.c | 6 + arch/mips/include/asm/io.h | 2 + arch/mips/include/asm/mipsregs.h | 3 + arch/mips/kernel/mcount.S | 27 ++--- arch/powerpc/Makefile | 1 + arch/powerpc/kernel/dt_cpu_ftrs.c | 3 +- arch/powerpc/kernel/entry_64.S | 1 + arch/powerpc/kernel/fadump.c | 3 + arch/powerpc/kernel/hw_breakpoint.c | 4 +- arch/powerpc/kernel/ptrace.c | 1 + arch/powerpc/mm/pkeys.c | 4 +- arch/powerpc/mm/tlb-radix.c | 2 + arch/powerpc/perf/imc-pmu.c | 4 +- arch/powerpc/platforms/powernv/copy-paste.h | 3 +- arch/powerpc/platforms/powernv/idle.c | 4 +- arch/powerpc/platforms/powernv/pci-ioda.c | 1 - arch/um/drivers/vector_kern.c | 20 +++- arch/x86/entry/entry_64_compat.S | 16 +-- arch/x86/include/asm/barrier.h | 2 +- arch/x86/kernel/apic/x2apic_uv_x.c | 60 +++++++++- arch/x86/kernel/cpu/mcheck/mce-severity.c | 5 + arch/x86/kernel/cpu/mcheck/mce.c | 44 +++++--- arch/x86/kernel/e820.c | 15 ++- arch/x86/kernel/quirks.c | 11 +- arch/x86/kernel/traps.c | 14 ++- arch/x86/mm/init.c | 4 +- arch/x86/mm/init_64.c | 20 +++- arch/x86/platform/efi/efi_64.c | 4 +- arch/x86/xen/smp_pv.c | 5 + arch/xtensa/kernel/traps.c | 2 +- block/blk-core.c | 4 + crypto/asymmetric_keys/x509_cert_parser.c | 9 ++ drivers/acpi/acpi_lpss.c | 20 ++-- drivers/auxdisplay/Kconfig | 10 +- drivers/base/core.c | 15 ++- drivers/base/power/domain.c | 3 + drivers/block/rbd.c | 2 +- drivers/bluetooth/hci_qca.c | 6 + drivers/char/hw_random/core.c | 11 +- drivers/char/ipmi/ipmi_bt_sm.c | 3 +- drivers/char/tpm/tpm-dev-common.c | 40 +++---- drivers/char/tpm/tpm-dev.h | 2 +- drivers/char/tpm/tpm2-space.c | 3 +- drivers/clk/at91/clk-pll.c | 13 +-- drivers/clk/clk-aspeed.c | 4 +- drivers/clk/meson/meson8b.c | 7 ++ drivers/clk/renesas/renesas-cpg-mssr.c | 9 +- drivers/cpufreq/intel_pstate.c | 27 ++++- drivers/cpuidle/cpuidle-powernv.c | 32 +++++- drivers/firmware/efi/libstub/tpm.c | 2 +- drivers/hwmon/k10temp.c | 5 + drivers/i2c/algos/i2c-algo-bit.c | 5 - drivers/i2c/busses/i2c-gpio.c | 4 +- drivers/iio/accel/sca3000.c | 9 +- drivers/iio/adc/ad7791.c | 49 -------- drivers/infiniband/core/umem.c | 11 +- drivers/infiniband/core/uverbs_main.c | 14 ++- drivers/infiniband/core/verbs.c | 14 ++- drivers/infiniband/hw/hfi1/chip.c | 8 +- drivers/infiniband/hw/hfi1/debugfs.c | 8 +- drivers/infiniband/hw/hfi1/file_ops.c | 4 +- drivers/infiniband/hw/hfi1/hfi.h | 1 + drivers/infiniband/hw/hfi1/init.c | 22 +++- drivers/infiniband/hw/hfi1/pio.c | 44 ++++++-- drivers/infiniband/hw/mlx4/mad.c | 1 - drivers/infiniband/hw/mlx4/mr.c | 50 +++++++-- drivers/infiniband/hw/mlx5/cq.c | 15 ++- drivers/infiniband/hw/qib/qib.h | 4 +- drivers/infiniband/hw/qib/qib_file_ops.c | 10 +- drivers/infiniband/hw/qib/qib_init.c | 13 +++ drivers/infiniband/hw/qib/qib_user_pages.c | 20 ++-- drivers/infiniband/sw/rdmavt/cq.c | 31 ++++-- drivers/infiniband/ulp/isert/ib_isert.c | 28 +++-- drivers/input/joystick/xpad.c | 2 +- drivers/input/mouse/elan_i2c.h | 2 + drivers/input/mouse/elan_i2c_core.c | 3 +- drivers/input/mouse/elan_i2c_smbus.c | 10 +- drivers/input/mouse/elantech.c | 11 +- drivers/input/mouse/psmouse-base.c | 12 +- drivers/input/touchscreen/silead.c | 1 + drivers/iommu/Kconfig | 1 - drivers/iommu/amd_iommu.c | 68 ++++++++---- drivers/irqchip/irq-gic-v3-its.c | 9 +- drivers/md/dm-thin.c | 11 +- drivers/md/dm-zoned-target.c | 2 +- drivers/md/dm.c | 5 +- drivers/md/md.c | 4 +- drivers/media/dvb-core/dvb_frontend.c | 23 ++-- drivers/media/platform/vsp1/vsp1_video.c | 21 ++-- drivers/media/rc/ir-mce_kbd-decoder.c | 2 + drivers/media/usb/cx231xx/cx231xx-cards.c | 3 + drivers/media/usb/cx231xx/cx231xx-dvb.c | 2 +- drivers/media/usb/uvc/uvc_video.c | 24 +++- drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 2 +- drivers/mfd/intel-lpss-pci.c | 25 +++-- drivers/mfd/intel-lpss.c | 4 +- drivers/mfd/twl-core.c | 2 +- drivers/misc/cxl/pci.c | 4 +- drivers/misc/cxl/sysfs.c | 16 ++- drivers/mmc/host/renesas_sdhi_core.c | 5 + drivers/mmc/host/renesas_sdhi_internal_dmac.c | 1 + drivers/mmc/host/renesas_sdhi_sys_dmac.c | 3 + drivers/mtd/chips/cfi_cmdset_0002.c | 21 ++-- drivers/mtd/nand/raw/denali_dt.c | 6 +- drivers/mtd/nand/raw/mxc_nand.c | 5 +- drivers/mtd/nand/raw/nand_base.c | 29 ++--- drivers/mtd/nand/raw/nand_macronix.c | 48 ++++++-- drivers/mtd/nand/raw/nand_micron.c | 2 + drivers/mtd/spi-nor/intel-spi.c | 76 +++++++++++-- drivers/mtd/ubi/build.c | 3 + drivers/mtd/ubi/eba.c | 90 ++++++++++++++- drivers/mtd/ubi/wl.c | 4 +- drivers/net/ethernet/ti/davinci_emac.c | 15 ++- drivers/nvdimm/bus.c | 14 ++- drivers/nvdimm/pmem.c | 10 +- drivers/nvdimm/region_devs.c | 3 +- drivers/of/platform.c | 5 +- drivers/of/resolver.c | 5 + drivers/of/unittest.c | 8 +- drivers/opp/core.c | 2 +- drivers/pci/host/pci-hyperv.c | 11 -- drivers/pci/hotplug/pciehp.h | 2 +- drivers/pci/hotplug/pciehp_core.c | 2 +- drivers/pci/hotplug/pciehp_hpc.c | 13 ++- drivers/pci/pci-driver.c | 5 +- drivers/pci/probe.c | 15 ++- drivers/pci/quirks.c | 20 ++++ drivers/pinctrl/devicetree.c | 7 +- drivers/pinctrl/mvebu/pinctrl-armada-37xx.c | 3 +- drivers/pinctrl/samsung/pinctrl-exynos-arm.c | 4 +- drivers/platform/chrome/cros_ec_lpc.c | 13 ++- drivers/pwm/pwm-lpss-platform.c | 5 + drivers/pwm/pwm-lpss.c | 30 +++++ drivers/pwm/pwm-lpss.h | 2 + drivers/remoteproc/qcom_q6v5_pil.c | 10 +- drivers/rpmsg/qcom_smd.c | 18 +-- drivers/rtc/rtc-sun6i.c | 4 +- drivers/s390/scsi/zfcp_dbf.c | 40 +++++++ drivers/s390/scsi/zfcp_erp.c | 123 ++++++++++++++++----- drivers/s390/scsi/zfcp_ext.h | 5 + drivers/s390/scsi/zfcp_scsi.c | 18 ++- drivers/scsi/hpsa.c | 10 +- drivers/scsi/qla2xxx/qla_gs.c | 4 +- drivers/scsi/qla2xxx/qla_init.c | 3 +- drivers/scsi/qla2xxx/qla_isr.c | 8 +- drivers/scsi/qla2xxx/qla_target.c | 7 +- drivers/scsi/scsi_debug.c | 2 +- drivers/soc/rockchip/pm_domains.c | 2 +- drivers/thermal/broadcom/bcm2835_thermal.c | 4 +- drivers/tty/serial/sh-sci.c | 8 +- drivers/usb/core/hub.c | 4 +- drivers/video/backlight/as3711_bl.c | 33 ++++-- drivers/video/backlight/max8925_bl.c | 4 +- drivers/video/backlight/tps65217_bl.c | 4 +- drivers/video/fbdev/uvesafb.c | 3 +- drivers/virt/vboxguest/vboxguest_linux.c | 4 +- drivers/w1/w1.c | 2 +- drivers/xen/events/events_base.c | 2 - fs/btrfs/inode.c | 4 +- fs/f2fs/checkpoint.c | 4 +- fs/f2fs/inode.c | 4 +- fs/f2fs/segment.c | 3 + fs/f2fs/segment.h | 1 + fs/fuse/control.c | 13 ++- fs/fuse/dev.c | 3 +- fs/fuse/dir.c | 13 ++- fs/fuse/inode.c | 1 + fs/nfs/callback_proc.c | 7 +- fs/nfs/nfs4idmap.c | 5 +- fs/nfs/nfs4proc.c | 2 +- fs/nfsd/nfs4xdr.c | 5 +- fs/ubifs/journal.c | 5 +- fs/udf/directory.c | 3 + include/dt-bindings/clock/aspeed-clock.h | 2 +- include/linux/blkdev.h | 4 +- include/linux/compiler.h | 2 +- include/linux/memory.h | 1 + include/linux/slub_def.h | 4 + include/rdma/ib_verbs.h | 27 ++++- include/rdma/rdma_vt.h | 2 +- kernel/locking/rwsem.c | 1 + kernel/printk/printk_safe.c | 5 +- kernel/softirq.c | 6 +- kernel/time/time.c | 6 +- kernel/trace/trace_events_filter.c | 10 +- lib/Kconfig.kasan | 1 + lib/vsprintf.c | 3 - mm/gup.c | 36 ++++-- mm/ksm.c | 14 ++- mm/slab_common.c | 4 + mm/slub.c | 7 +- net/sunrpc/xprtrdma/rpc_rdma.c | 2 +- security/selinux/selinuxfs.c | 78 ++++++------- sound/core/timer.c | 2 +- sound/pci/hda/hda_codec.c | 5 +- sound/pci/hda/hda_codec.h | 1 + sound/pci/hda/patch_hdmi.c | 5 + sound/pci/hda/patch_realtek.c | 20 +++- sound/soc/cirrus/edb93xx.c | 2 +- sound/soc/cirrus/ep93xx-i2s.c | 26 +++-- sound/soc/cirrus/snappercl15.c | 2 +- sound/soc/codecs/cs35l35.c | 1 + .../soc/mediatek/common/mtk-afe-platform-driver.c | 4 +- sound/soc/soc-dapm.c | 2 + tools/perf/util/dso.c | 2 + .../perf/util/intel-pt-decoder/intel-pt-decoder.c | 23 +++- .../perf/util/intel-pt-decoder/intel-pt-decoder.h | 9 ++ .../util/intel-pt-decoder/intel-pt-pkt-decoder.c | 2 +- tools/perf/util/intel-pt.c | 5 + tools/testing/selftests/ftrace/test.d/functions | 21 +++- 232 files changed, 1706 insertions(+), 756 deletions(-)

7 years, 2 months

4
218
0 0

[PATCH] vmw_balloon: fix inflation with batching

by Nadav Amit

Embarrassingly, the recent fix introduced worse problem than it solved, causing the balloon not to inflate. The VM informed the hypervisor that the pages for lock/unlock are sitting in the wrong address, as it used the page that is used the uninitialized page variable. Fixes: b23220fe054e9 ("vmw_balloon: fixing double free when batching mode is off") Cc: stable(a)vger.kernel.org Reviewed-by: Xavier Deguillard <xdeguillard(a)vmware.com> Signed-off-by: Nadav Amit <namit(a)vmware.com> --- drivers/misc/vmw_balloon.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/misc/vmw_balloon.c b/drivers/misc/vmw_balloon.c index efd733472a35..56c6f79a5c5a 100644 --- a/drivers/misc/vmw_balloon.c +++ b/drivers/misc/vmw_balloon.c @@ -467,7 +467,7 @@ static int vmballoon_send_batched_lock(struct vmballoon *b, unsigned int num_pages, bool is_2m_pages, unsigned int *target) { unsigned long status; - unsigned long pfn = page_to_pfn(b->page); + unsigned long pfn = PHYS_PFN(virt_to_phys(b->batch_page)); STATS_INC(b->stats.lock[is_2m_pages]); @@ -515,7 +515,7 @@ static bool vmballoon_send_batched_unlock(struct vmballoon *b, unsigned int num_pages, bool is_2m_pages, unsigned int *target) { unsigned long status; - unsigned long pfn = page_to_pfn(b->page); + unsigned long pfn = PHYS_PFN(virt_to_phys(b->batch_page)); STATS_INC(b->stats.unlock[is_2m_pages]); -- 2.17.1

7 years, 2 months

1
0
0 0

[PATCH 1/2] Revert "UBIFS: Fix potential integer overflow in allocation"

by Richard Weinberger

This reverts commit 353748a359f1821ee934afc579cf04572406b420. It bypassed the linux-mtd review process and fixes the issue not as it should. Cc: Kees Cook <keescook(a)chromium.org> Cc: Silvio Cesare <silvio.cesare(a)gmail.com> Cc: stable(a)vger.kernel.org Signed-off-by: Richard Weinberger <richard(a)nod.at> --- fs/ubifs/journal.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/fs/ubifs/journal.c b/fs/ubifs/journal.c index 07b4956e0425..da8afdfccaa6 100644 --- a/fs/ubifs/journal.c +++ b/fs/ubifs/journal.c @@ -1282,11 +1282,10 @@ static int truncate_data_node(const struct ubifs_info *c, const struct inode *in int *new_len) { void *buf; - int err, compr_type; - u32 dlen, out_len, old_dlen; + int err, dlen, compr_type, out_len, old_dlen; out_len = le32_to_cpu(dn->size); - buf = kmalloc_array(out_len, WORST_COMPR_FACTOR, GFP_NOFS); + buf = kmalloc(out_len * WORST_COMPR_FACTOR, GFP_NOFS); if (!buf) return -ENOMEM; -- 2.18.0

7 years, 2 months

2
7
0 0

+ mm-teach-dump_page-to-correctly-output-poisoned-struct-pages.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm: teach dump_page() to correctly output poisoned struct pages has been added to the -mm tree. Its filename is mm-teach-dump_page-to-correctly-output-poisoned-struct-pages.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/mm-teach-dump_page-to-correctly-ou… and later at http://ozlabs.org/~akpm/mmotm/broken-out/mm-teach-dump_page-to-correctly-ou… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Pavel Tatashin <pasha.tatashin(a)oracle.com> Subject: mm: teach dump_page() to correctly output poisoned struct pages If struct page is poisoned, and uninitialized access is detected via PF_POISONED_CHECK(page) dump_page() is called to output the page. But, the dump_page() itself accesses struct page to determine how to print it, and therefore gets into a recursive loop. For example: dump_page() __dump_page() PageSlab(page) PF_POISONED_CHECK(page) VM_BUG_ON_PGFLAGS(PagePoisoned(page), page) dump_page() recursion loop. Link: http://lkml.kernel.org/r/20180702180536.2552-1-pasha.tatashin@oracle.com Fixes: f165b378bbdf ("mm: uninitialized struct page poisoning sanity checking") Signed-off-by: Pavel Tatashin <pasha.tatashin(a)oracle.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/debug.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff -puN mm/debug.c~mm-teach-dump_page-to-correctly-output-poisoned-struct-pages mm/debug.c --- a/mm/debug.c~mm-teach-dump_page-to-correctly-output-poisoned-struct-pages +++ a/mm/debug.c @@ -43,12 +43,25 @@ const struct trace_print_flags vmaflag_n void __dump_page(struct page *page, const char *reason) { + bool page_poisoned = PagePoisoned(page); + int mapcount; + + /* + * If struct page is poisoned don't access Page*() functions as that + * leads to recursive loop. Page*() check for poisoned pages, and calls + * dump_page() when detected. + */ + if (page_poisoned) { + pr_emerg("page:%px is uninitialized and poisoned", page); + goto hex_only; + } + /* * Avoid VM_BUG_ON() in page_mapcount(). * page->_mapcount space in struct page is used by sl[aou]b pages to * encode own info. */ - int mapcount = PageSlab(page) ? 0 : page_mapcount(page); + mapcount = PageSlab(page) ? 0 : page_mapcount(page); pr_emerg("page:%px count:%d mapcount:%d mapping:%px index:%#lx", page, page_ref_count(page), mapcount, @@ -60,6 +73,7 @@ void __dump_page(struct page *page, cons pr_emerg("flags: %#lx(%pGp)\n", page->flags, &page->flags); +hex_only: print_hex_dump(KERN_ALERT, "raw: ", DUMP_PREFIX_NONE, 32, sizeof(unsigned long), page, sizeof(struct page), false); @@ -68,7 +82,7 @@ void __dump_page(struct page *page, cons pr_alert("page dumped because: %s\n", reason); #ifdef CONFIG_MEMCG - if (page->mem_cgroup) + if (!page_poisoned && page->mem_cgroup) pr_alert("page->mem_cgroup:%px\n", page->mem_cgroup); #endif } _ Patches currently in -mm which might be from pasha.tatashin(a)oracle.com are mm-teach-dump_page-to-correctly-output-poisoned-struct-pages.patch mm-skip-invalid-pages-block-at-a-time-in-zero_resv_unresv.patch sparc64-ng4-memset-32-bits-overflow.patch

7 years, 2 months

1
0
0 0

[PATCH 4.14 000/157] 4.14.53-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.14.53 release. There are 157 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Tue Jul 3 16:08:21 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.53-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.14.53-rc1 Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Fix use-after-free in xhci_free_virt_device Mike Snitzer <snitzer(a)redhat.com> dm thin: handle running out of data space vs concurrent discard Bart Van Assche <bart.vanassche(a)wdc.com> dm zoned: avoid triggering reclaim from inside dmz_map() Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> x86/efi: Fix efi_call_phys_epilog() with CONFIG_X86_5LEVEL=y Bart Van Assche <bart.vanassche(a)wdc.com> block: Fix cloning of requests with a special payload Keith Busch <keith.busch(a)intel.com> block: Fix transfer when chunk sectors exceeds max Mikulas Patocka <mpatocka(a)redhat.com> slub: fix failure when we delete and create a slab cache Hui Wang <hui.wang(a)canonical.com> ALSA: hda/realtek - Fix the problem of two front mics on more machines Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek - Add a quirk for FSC ESPRIMO U9210 Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek - Fix pop noise on Lenovo P50 & co Takashi Iwai <tiwai(a)suse.de> ALSA: timer: Fix UBSAN warning at SNDRV_TIMER_IOCTL_NEXT_DEVICE ioctl ??? <kt.liao(a)emc.com.tw> Input: elantech - fix V4 report decoding for module with middle key Aaron Ma <aaron.ma(a)canonical.com> Input: elantech - enable middle button of touchpads on ThinkPad P52 Ben Hutchings <ben.hutchings(a)codethink.co.uk> Input: elan_i2c_smbus - fix more potential stack buffer overflows Enno Boland <gottox(a)voidlinux.eu> Input: xpad - fix GPD Win 2 controller name Jan Kara <jack(a)suse.cz> udf: Detect incorrect directory size Boris Ostrovsky <boris.ostrovsky(a)oracle.com> xen: Remove unnecessary BUG_ON from __unbind_from_irq() Dan Williams <dan.j.williams(a)intel.com> mm: fix devmem_is_allowed() for sub-page System RAM intersections Jia He <jia.he(a)hxt-semitech.com> mm/ksm.c: ignore STABLE_FLAG of rmap_item->address in rmap_walk_ksm() Dongsheng Yang <dongsheng.yang(a)easystack.cn> rbd: flush rbd_dev->watch_dwork after watch is unregistered Hans de Goede <hdegoede(a)redhat.com> pwm: lpss: platform: Save/restore the ctrl register over a suspend/resume Alexandr Savca <alexandr.savca(a)saltedge.com> Input: elan_i2c - add ELAN0618 (Lenovo v330 15IKB) ACPI ID Hans de Goede <hdegoede(a)redhat.com> ACPI / LPSS: Add missing prv_offset setting for byt/cht PWM devices Kees Cook <keescook(a)chromium.org> video: uvesafb: Fix integer overflow in allocation Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Fix a typo in nfs41_sequence_process Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Revert commit 5f83d86cf531d ("NFSv4.x: Fix wraparound issues..") Dave Wysochanski <dwysocha(a)redhat.com> NFSv4: Fix possible 1-byte stack overflow in nfs_idmap_read_and_verify_message Scott Mayhew <smayhew(a)redhat.com> nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir Mauro Carvalho Chehab <mchehab(a)kernel.org> media: dvb_frontend: fix locking issues at dvb_frontend_get_event() Kai-Heng Feng <kai.heng.feng(a)canonical.com> media: cx231xx: Add support for AverMedia DVD EZMaker 7 Mauro Carvalho Chehab <mchehab(a)kernel.org> media: v4l2-compat-ioctl32: prevent go past max size Kieran Bingham <kieran.bingham+renesas(a)ideasonboard.com> media: vsp1: Release buffers for each video node Kan Liang <kan.liang(a)intel.com> perf/x86/intel/uncore: Add event constraint for BDX PCU Kan Liang <Kan.liang(a)intel.com> perf vendor events: Add Goldmont Plus V1 event file Adrian Hunter <adrian.hunter(a)intel.com> perf intel-pt: Fix packet decoding of CYC packets Adrian Hunter <adrian.hunter(a)intel.com> perf intel-pt: Fix "Unexpected indirect branch" error Adrian Hunter <adrian.hunter(a)intel.com> perf intel-pt: Fix MTC timing after overflow Adrian Hunter <adrian.hunter(a)intel.com> perf intel-pt: Fix decoding to accept CBR between FUP and corresponding TIP Adrian Hunter <adrian.hunter(a)intel.com> perf intel-pt: Fix sync_switch INTEL_PT_SS_NOT_TRACING Adrian Hunter <adrian.hunter(a)intel.com> perf tools: Fix symbol and object code resolution for vdso32 and vdsox32 Sean Wang <sean.wang(a)mediatek.com> arm: dts: mt7623: fix invalid memory node being generated Jarkko Nikula <jarkko.nikula(a)linux.intel.com> mfd: intel-lpss: Fix Intel Cannon Lake LPSS I2C input clock Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> mfd: intel-lpss: Program REMAP register in PIO mode Johan Hovold <johan(a)kernel.org> backlight: tps65217_bl: Fix Device Tree node lookup Johan Hovold <johan(a)kernel.org> backlight: max8925_bl: Fix Device Tree node lookup Johan Hovold <johan(a)kernel.org> backlight: as3711_bl: Fix Device Tree node lookup Silvio Cesare <silvio.cesare(a)gmail.com> UBIFS: Fix potential integer overflow in allocation Richard Weinberger <richard(a)nod.at> ubi: fastmap: Correctly handle interrupted erasures in EBA Richard Weinberger <richard(a)nod.at> ubi: fastmap: Cancel work upon detach Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> rpmsg: smd: do not use mananged resources for endpoints and channels NeilBrown <neilb(a)suse.com> md: fix two problems with setting the "re-add" device state. Michael Trimarchi <michael(a)amarulasolutions.com> rtc: sun6i: Fix bit_idx value for clk_register_gate Marcin Ziemianowicz <marcin(a)ziemianowicz.com> clk: at91: PLL recalc_rate() now using cached MUL and DIV values Robert Elliott <elliott(a)hpe.com> linvdimm, pmem: Preserve read-only setting for pmem devices Steffen Maier <maier(a)linux.ibm.com> scsi: zfcp: fix missing REC trigger trace on enqueue without ERP thread Steffen Maier <maier(a)linux.ibm.com> scsi: zfcp: fix missing REC trigger trace for all objects in ERP_FAILED Steffen Maier <maier(a)linux.ibm.com> scsi: zfcp: fix missing REC trigger trace on terminate_rport_io for ERP_FAILED Steffen Maier <maier(a)linux.ibm.com> scsi: zfcp: fix missing REC trigger trace on terminate_rport_io early return Steffen Maier <maier(a)linux.ibm.com> scsi: zfcp: fix misleading REC trigger trace where erp_action setup failed Steffen Maier <maier(a)linux.ibm.com> scsi: zfcp: fix missing SCSI trace for retry of abort / scsi_eh TMF Steffen Maier <maier(a)linux.ibm.com> scsi: zfcp: fix missing SCSI trace for result of eh_host_reset_handler Anil Gurumurthy <anil.gurumurthy(a)cavium.com> scsi: qla2xxx: Mask off Scope bits in retry delay Himanshu Madhani <himanshu.madhani(a)cavium.com> scsi: qla2xxx: Fix setting lower transfer speed if GPSC fails Sinan Kaya <okaya(a)codeaurora.org> scsi: hpsa: disable device during shutdown Dan Williams <dan.j.williams(a)intel.com> mm: fix __gup_device_huge vs unmap Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> iio: sca3000: Fix an error handling path in 'sca3000_probe()' Alexandru Ardelean <alexandru.ardelean(a)analog.com> iio: adc: ad7791: remove sample freq sysfs attributes Filipe Manana <fdmanana(a)suse.com> Btrfs: fix return value on rename exchange failure Maciej S. Szmigiero <mail(a)maciej.szmigiero.name> X.509: unpack RSA signatureValue field from BIT STRING Yang Yingliang <yangyingliang(a)huawei.com> irqchip/gic-v3-its: Don't bind LPI to unavailable NUMA node Geert Uytterhoeven <geert(a)linux-m68k.org> time: Make sure jiffies_to_msecs() preserves non-zero time periods Huacai Chen <chenhc(a)lemote.com> MIPS: io: Add barrier after register read in inX() Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> cpufreq: intel_pstate: Fix scaling max/min limits with Turbo 3.0 Fabio Estevam <fabio.estevam(a)nxp.com> pinctrl: devicetree: Fix pctldev pointer overwrite Paweł Chmiel <pawel.mikolaj.chmiel(a)gmail.com> pinctrl: samsung: Correct EINTG banks order Randy Dunlap <rdunlap(a)infradead.org> auxdisplay: fix broken menu Mika Westerberg <mika.westerberg(a)linux.intel.com> PCI: pciehp: Clear Presence Detect and Data Link Layer Status Changed on resume Mika Westerberg <mika.westerberg(a)linux.intel.com> PCI: Add ACS quirk for Intel 300 series Alex Williamson <alex.williamson(a)redhat.com> PCI: Add ACS quirk for Intel 7th & 8th Gen mobile Sridhar Pitchai <Sridhar.Pitchai(a)microsoft.com> PCI: hv: Make sure the bus domain is really unique Tokunori Ikegami <ikegami(a)allied-telesis.co.jp> MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum Joakim Tjernlund <joakim.tjernlund(a)infinera.com> mtd: cfi_cmdset_0002: Avoid walking all chips when unlocking. Joakim Tjernlund <joakim.tjernlund(a)infinera.com> mtd: cfi_cmdset_0002: Fix unlocking requests crossing a chip boudary Joakim Tjernlund <joakim.tjernlund(a)infinera.com> mtd: cfi_cmdset_0002: fix SEGV unlocking multiple chips Joakim Tjernlund <joakim.tjernlund(a)infinera.com> mtd: cfi_cmdset_0002: Use right chip in do_ppb_xxlock() Tokunori Ikegami <ikegami(a)allied-telesis.co.jp> mtd: cfi_cmdset_0002: Change write buffer to check correct value Chuck Lever <chuck.lever(a)oracle.com> xprtrdma: Return -ENOBUFS when no pages are available Leon Romanovsky <leonro(a)mellanox.com> RDMA/mlx4: Discard unknown SQP work requests Mike Marciniszyn <mike.marciniszyn(a)intel.com> IB/hfi1: Fix user context tail allocation for DMA_RTAIL Sebastian Sanchez <sebastian.sanchez(a)intel.com> IB/hfi1: Optimize kthread pointer locking when queuing CQ entries Michael J. Ruhl <michael.j.ruhl(a)intel.com> IB/hfi1: Reorder incorrect send context disable Mike Marciniszyn <mike.marciniszyn(a)intel.com> IB/hfi1: Fix fault injection init/exit issues Max Gurtovoy <maxg(a)mellanox.com> IB/isert: fix T10-pi check mask setting Alex Estrin <alex.estrin(a)intel.com> IB/isert: Fix for lib/dma_debug check_sync warning Erez Shitrit <erezsh(a)mellanox.com> IB/mlx5: Fetch soft WQE's on fatal error state Jack Morgenstein <jackm(a)dev.mellanox.co.il> IB/core: Make testing MR flags for writability a static inline function Jack Morgenstein <jackm(a)dev.mellanox.co.il> IB/mlx4: Mark user MR as writable if actual virtual memory is writable Alex Estrin <alex.estrin(a)intel.com> IB/{hfi1, qib}: Add handling of kernel restart Mike Marciniszyn <mike.marciniszyn(a)intel.com> IB/qib: Fix DMA api warning with debug kernel Tadeusz Struk <tadeusz.struk(a)intel.com> tpm: fix race condition in tpm_common_write() Tadeusz Struk <tadeusz.struk(a)intel.com> tpm: fix use after free in tpm2_load_context() Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> of: platform: stop accessing invalid dev in of_platform_device_destroy Stefan M Schaeckeler <sschaeck(a)cisco.com> of: unittest: for strings, account for trailing \0 in property length field Frank Rowand <frank.rowand(a)sony.com> of: overlay: validate offset from property fixups Jerome Brunet <jbrunet(a)baylibre.com> ARM64: dts: meson: disable sd-uhs modes on the libretech-cc Will Deacon <will.deacon(a)arm.com> arm64: mm: Ensure writes to swapper are ordered wrt subsequent cache maintenance Will Deacon <will.deacon(a)arm.com> arm64: kpti: Use early_param for kpti= command-line option Dave Martin <Dave.Martin(a)arm.com> arm64: Fix syscall restarting around signal suppressed by tracer Dinh Nguyen <dinguyen(a)kernel.org> ARM: dts: socfpga: Fix NAND controller node compatible for Arria10 Marek Vasut <marex(a)denx.de> ARM: dts: socfpga: Fix NAND controller clock supply Marek Vasut <marex(a)denx.de> ARM: dts: socfpga: Fix NAND controller node compatible Thor Thayer <thor.thayer(a)linux.intel.com> ARM: dts: Fix SPI node for Arria10 David Rivshin <DRivshin(a)allworx.com> ARM: 8764/1: kgdb: fix NUMREGBYTES so that gdb_regs[] is the correct size Vaibhav Jain <vaibhav(a)linux.ibm.com> cxl: Disable prefault_mode in Radix mode Finley Xiao <finley.xiao(a)rock-chips.com> soc: rockchip: power-domain: Fix wrong value when power up pd with writemask Mahesh Salgaonkar <mahesh(a)linux.vnet.ibm.com> powerpc/fadump: Unregister fadump on kexec down path. Gautham R. Shenoy <ego(a)linux.vnet.ibm.com> cpuidle: powernv: Fix promotion from snooze if next state disabled Akshay Adiga <akshay.adiga(a)linux.vnet.ibm.com> powerpc/powernv/cpuidle: Init all present cpus for deep states Haren Myneni <haren(a)us.ibm.com> powerpc/powernv: copy/paste - Mask SO bit in CR Alexey Kardashevskiy <aik(a)ozlabs.ru> powerpc/powernv/ioda2: Remove redundant free of TCE pages Michael Neuling <mikey(a)neuling.org> powerpc/ptrace: Fix enforcement of DAWR constraints Anju T Sudhakar <anju(a)linux.vnet.ibm.com> powerpc/perf: Fix memory allocation for core-imc based on num_possible_cpus() Michael Neuling <mikey(a)neuling.org> powerpc/ptrace: Fix setting 512B aligned breakpoints with PTRACE_SET_DEBUGREG Aneesh Kumar K.V <aneesh.kumar(a)linux.ibm.com> powerpc/mm/hash: Add missing isync prior to kernel stack SLB switch Miklos Szeredi <mszeredi(a)redhat.com> fuse: fix control dir setup and teardown Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> fuse: don't keep dead fuse_conn at fuse_fill_super(). Miklos Szeredi <mszeredi(a)redhat.com> fuse: atomic_o_trunc should truncate pagecache Tejun Heo <tj(a)kernel.org> fuse: fix congested state leak on aborted connections Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> printk: fix possible reuse of va_list variable Amit Pundir <amit.pundir(a)linaro.org> Bluetooth: hci_qca: Avoid missing rampatch failure with userspace fw loader Corey Minyard <cminyard(a)mvista.com> ipmi:bt: Set the timeout before doing a capabilities check Mikulas Patocka <mpatocka(a)redhat.com> branch-check: fix long->int truncation when profiling branches Matthias Schiffer <mschiffer(a)universe-factory.net> mips: ftrace: fix static function graph tracing Steven Rostedt (VMware) <rostedt(a)goodmis.org> ftrace/selftest: Have the reset_trigger code be a bit more careful Geert Uytterhoeven <geert+renesas(a)glider.be> lib/vsprintf: Remove atomic-unsafe support for %pCr Geert Uytterhoeven <geert+renesas(a)glider.be> clk: renesas: cpg-mssr: Stop using printk format %pCr Geert Uytterhoeven <geert+renesas(a)glider.be> thermal: bcm2835: Stop using printk format %pCr Alexander Sverdlin <alexander.sverdlin(a)gmail.com> ASoC: cirrus: i2s: Fix {TX|RX}LinCtrlData setup Alexander Sverdlin <alexander.sverdlin(a)gmail.com> ASoC: cirrus: i2s: Fix LRCLK configuration Paul Handrigan <Paul.Handrigan(a)cirrus.com> ASoC: cs35l35: Add use_single_rw to regmap config Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: dapm: delete dapm_kcontrol_data paths list before freeing it Ingo Flaschberger <ingo.flaschberger(a)gmail.com> 1wire: family module autoload fails because of upper/lower case mismatch. Maxim Moseychuk <franchesko.salias.hudro.pedros(a)gmail.com> usb: do not reset if a low-speed or full-speed device timed out Waldemar Rymarkiewicz <waldemar.rymarkiewicz(a)gmail.com> PM / OPP: Update voltage in case freq == old_freq Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM / core: Fix supplier device runtime PM usage counter imbalance Ulf Hansson <ulf.hansson(a)linaro.org> PM / Domains: Fix error path during attach in genpd Eric W. Biederman <ebiederm(a)xmission.com> signal/xtensa: Consistenly use SIGBUS in do_unaligned_user Daniel Wagner <daniel.wagner(a)siemens.com> serial: sh-sci: Use spin_{try}lock_irqsave instead of open coding version Finn Thain <fthain(a)telegraphics.com.au> m68k/mac: Fix SWIM memory resource end address Michael Schmitz <schmitzmic(a)gmail.com> m68k/mm: Adjust VM area to be unmapped by gap size for __iounmap() Siarhei Liakh <Siarhei.Liakh(a)concurrent-rt.com> x86: Call fixup_exception() before notify_die() in math_error() Borislav Petkov <bp(a)suse.de> x86/mce: Do not overwrite MCi_STATUS in mce_no_way_out() Tony Luck <tony.luck(a)intel.com> x86/mce: Fix incorrect "Machine check from unknown source" message Tony Luck <tony.luck(a)intel.com> x86/mce: Check for alternate indication of machine check recovery on Skylake Tony Luck <tony.luck(a)intel.com> x86/mce: Improve error message when kernel cannot recover Juergen Gross <jgross(a)suse.com> x86/xen: Add call of speculative_store_bypass_ht_init() to PV paths Dan Williams <dan.j.williams(a)intel.com> x86/spectre_v1: Disable compiler optimizations over array_index_mask_nospec() ------------- Diffstat: Documentation/ABI/testing/sysfs-class-cxl | 4 +- Documentation/printk-formats.txt | 3 +- Makefile | 4 +- arch/arm/boot/dts/mt7623.dtsi | 3 +- arch/arm/boot/dts/mt7623n-bananapi-bpi-r2.dts | 1 + arch/arm/boot/dts/mt7623n-rfb.dtsi | 1 + arch/arm/boot/dts/socfpga.dtsi | 4 +- arch/arm/boot/dts/socfpga_arria10.dtsi | 5 +- arch/arm/include/asm/kgdb.h | 2 +- .../dts/amlogic/meson-gxl-s905x-libretech-cc.dts | 3 - arch/arm64/kernel/cpufeature.c | 2 +- arch/arm64/kernel/signal.c | 5 +- arch/arm64/mm/proc.S | 5 +- arch/m68k/mac/config.c | 2 +- arch/m68k/mm/kmap.c | 3 +- arch/mips/bcm47xx/setup.c | 6 + arch/mips/include/asm/io.h | 2 + arch/mips/include/asm/mipsregs.h | 3 + arch/mips/kernel/mcount.S | 27 +- arch/powerpc/kernel/entry_64.S | 1 + arch/powerpc/kernel/fadump.c | 3 + arch/powerpc/kernel/hw_breakpoint.c | 4 +- arch/powerpc/kernel/ptrace.c | 1 + arch/powerpc/perf/imc-pmu.c | 4 +- arch/powerpc/platforms/powernv/copy-paste.h | 3 +- arch/powerpc/platforms/powernv/idle.c | 4 +- arch/powerpc/platforms/powernv/pci-ioda.c | 1 - arch/x86/events/intel/uncore_snbep.c | 8 + arch/x86/include/asm/barrier.h | 2 +- arch/x86/kernel/cpu/mcheck/mce-severity.c | 5 + arch/x86/kernel/cpu/mcheck/mce.c | 44 +- arch/x86/kernel/quirks.c | 11 +- arch/x86/kernel/traps.c | 14 +- arch/x86/mm/init.c | 4 +- arch/x86/platform/efi/efi_64.c | 4 +- arch/x86/xen/smp_pv.c | 5 + arch/xtensa/kernel/traps.c | 2 +- block/blk-core.c | 4 + crypto/asymmetric_keys/x509_cert_parser.c | 9 + drivers/acpi/acpi_lpss.c | 2 + drivers/auxdisplay/Kconfig | 10 +- drivers/base/core.c | 15 +- drivers/base/power/domain.c | 3 + drivers/base/power/opp/core.c | 2 +- drivers/block/rbd.c | 2 +- drivers/bluetooth/hci_qca.c | 6 + drivers/char/ipmi/ipmi_bt_sm.c | 3 +- drivers/char/tpm/tpm-dev-common.c | 40 +- drivers/char/tpm/tpm-dev.h | 2 +- drivers/char/tpm/tpm2-space.c | 3 +- drivers/clk/at91/clk-pll.c | 13 +- drivers/clk/renesas/renesas-cpg-mssr.c | 9 +- drivers/cpufreq/intel_pstate.c | 27 +- drivers/cpuidle/cpuidle-powernv.c | 32 +- drivers/iio/accel/sca3000.c | 9 +- drivers/iio/adc/ad7791.c | 49 - drivers/infiniband/core/umem.c | 11 +- drivers/infiniband/hw/hfi1/chip.c | 8 +- drivers/infiniband/hw/hfi1/debugfs.c | 8 +- drivers/infiniband/hw/hfi1/file_ops.c | 4 +- drivers/infiniband/hw/hfi1/hfi.h | 1 + drivers/infiniband/hw/hfi1/init.c | 22 +- drivers/infiniband/hw/hfi1/pio.c | 44 +- drivers/infiniband/hw/mlx4/mad.c | 1 - drivers/infiniband/hw/mlx4/mr.c | 50 +- drivers/infiniband/hw/mlx5/cq.c | 15 +- drivers/infiniband/hw/qib/qib.h | 4 +- drivers/infiniband/hw/qib/qib_file_ops.c | 10 +- drivers/infiniband/hw/qib/qib_init.c | 13 + drivers/infiniband/hw/qib/qib_user_pages.c | 20 +- drivers/infiniband/sw/rdmavt/cq.c | 31 +- drivers/infiniband/ulp/isert/ib_isert.c | 28 +- drivers/input/joystick/xpad.c | 2 +- drivers/input/mouse/elan_i2c.h | 2 + drivers/input/mouse/elan_i2c_core.c | 3 +- drivers/input/mouse/elan_i2c_smbus.c | 10 +- drivers/input/mouse/elantech.c | 11 +- drivers/irqchip/irq-gic-v3-its.c | 9 +- drivers/md/dm-thin.c | 11 +- drivers/md/dm-zoned-target.c | 2 +- drivers/md/md.c | 4 +- drivers/media/dvb-core/dvb_frontend.c | 23 +- drivers/media/platform/vsp1/vsp1_video.c | 21 +- drivers/media/usb/cx231xx/cx231xx-cards.c | 3 + drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 2 +- drivers/mfd/intel-lpss-pci.c | 25 +- drivers/mfd/intel-lpss.c | 4 +- drivers/misc/cxl/sysfs.c | 16 +- drivers/mtd/chips/cfi_cmdset_0002.c | 21 +- drivers/mtd/ubi/build.c | 3 + drivers/mtd/ubi/eba.c | 90 +- drivers/mtd/ubi/wl.c | 4 +- drivers/nvdimm/bus.c | 14 +- drivers/of/platform.c | 5 +- drivers/of/resolver.c | 5 + drivers/of/unittest.c | 8 +- drivers/pci/host/pci-hyperv.c | 11 - drivers/pci/hotplug/pciehp.h | 2 +- drivers/pci/hotplug/pciehp_core.c | 2 +- drivers/pci/hotplug/pciehp_hpc.c | 13 +- drivers/pci/quirks.c | 20 + drivers/pinctrl/devicetree.c | 7 +- drivers/pinctrl/samsung/pinctrl-exynos-arm.c | 4 +- drivers/pwm/pwm-lpss-platform.c | 5 + drivers/pwm/pwm-lpss.c | 30 + drivers/pwm/pwm-lpss.h | 2 + drivers/rpmsg/qcom_smd.c | 18 +- drivers/rtc/rtc-sun6i.c | 4 +- drivers/s390/scsi/zfcp_dbf.c | 40 + drivers/s390/scsi/zfcp_erp.c | 123 +- drivers/s390/scsi/zfcp_ext.h | 5 + drivers/s390/scsi/zfcp_scsi.c | 18 +- drivers/scsi/hpsa.c | 10 +- drivers/scsi/qla2xxx/qla_init.c | 3 +- drivers/scsi/qla2xxx/qla_isr.c | 8 +- drivers/soc/rockchip/pm_domains.c | 2 +- drivers/thermal/broadcom/bcm2835_thermal.c | 4 +- drivers/tty/serial/sh-sci.c | 8 +- drivers/usb/core/hub.c | 4 +- drivers/usb/host/xhci.c | 1 + drivers/video/backlight/as3711_bl.c | 33 +- drivers/video/backlight/max8925_bl.c | 4 +- drivers/video/backlight/tps65217_bl.c | 4 +- drivers/video/fbdev/uvesafb.c | 3 +- drivers/w1/w1.c | 2 +- drivers/xen/events/events_base.c | 2 - fs/btrfs/inode.c | 4 +- fs/fuse/control.c | 13 +- fs/fuse/dev.c | 3 +- fs/fuse/dir.c | 13 +- fs/fuse/inode.c | 1 + fs/nfs/callback_proc.c | 7 +- fs/nfs/nfs4idmap.c | 5 +- fs/nfs/nfs4proc.c | 2 +- fs/nfsd/nfs4xdr.c | 5 +- fs/ubifs/journal.c | 5 +- fs/udf/directory.c | 3 + include/linux/blkdev.h | 4 +- include/linux/compiler.h | 2 +- include/linux/slub_def.h | 4 + include/rdma/ib_verbs.h | 14 + include/rdma/rdma_vt.h | 2 +- kernel/printk/printk_safe.c | 5 +- kernel/time/time.c | 6 +- lib/vsprintf.c | 3 - mm/gup.c | 36 +- mm/ksm.c | 14 +- mm/slab_common.c | 4 + mm/slub.c | 7 +- net/sunrpc/xprtrdma/rpc_rdma.c | 2 +- sound/core/timer.c | 2 +- sound/pci/hda/patch_realtek.c | 20 +- sound/soc/cirrus/edb93xx.c | 2 +- sound/soc/cirrus/ep93xx-i2s.c | 26 +- sound/soc/cirrus/snappercl15.c | 2 +- sound/soc/codecs/cs35l35.c | 1 + sound/soc/soc-dapm.c | 2 + .../pmu-events/arch/x86/goldmontplus/cache.json | 1453 ++++++++++++++++++++ .../pmu-events/arch/x86/goldmontplus/frontend.json | 62 + .../pmu-events/arch/x86/goldmontplus/memory.json | 38 + .../pmu-events/arch/x86/goldmontplus/other.json | 98 ++ .../pmu-events/arch/x86/goldmontplus/pipeline.json | 544 ++++++++ .../arch/x86/goldmontplus/virtual-memory.json | 218 +++ tools/perf/pmu-events/arch/x86/mapfile.csv | 1 + tools/perf/util/dso.c | 2 + .../perf/util/intel-pt-decoder/intel-pt-decoder.c | 23 +- .../perf/util/intel-pt-decoder/intel-pt-decoder.h | 9 + .../util/intel-pt-decoder/intel-pt-pkt-decoder.c | 2 +- tools/perf/util/intel-pt.c | 5 + tools/testing/selftests/ftrace/test.d/functions | 21 +- 170 files changed, 3595 insertions(+), 505 deletions(-)

7 years, 2 months

4
155
0 0

[PATCH] usb/host/pci-quirks: Only reset USB bus on NVIDIA devices

by Paul Menzel

Currently, on the AMD board Asus F2A85-M Pro there is a 100 ms delay as the USB bus of each of the two OHCI PCI devices is reset. As a 50 ms delay is done per the USB specification. Commit c6187597 (OHCI: final fix for NVIDIA problems (I hope)) unconditionally does the bus reset for all chipsets, while it was only doen for NVIDIA chipsets before. As it should not be needed for non-NVIDIA chipsets, only do the reset for Nvidia devices. Tested on Asus F2A85-M PRO and ASRock E350M1. The USB keyboard works and the LUKS passphrase can be e ntered. Signed-off-by: Paul Menzel <pmenzel(a)molgen.mpg.de> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: linux-usb(a)vger.kernel.org Cc: Alan Stern <stern(a)rowland.harvard.edu> Cc: linux-kernel(a)vger.kernel.org Cc: stable(a)vger.kernel.org --- drivers/usb/host/pci-quirks.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/usb/host/pci-quirks.c b/drivers/usb/host/pci-quirks.c index 3625a5c1a41b..f6b1a9bbe301 100644 --- a/drivers/usb/host/pci-quirks.c +++ b/drivers/usb/host/pci-quirks.c @@ -784,7 +784,7 @@ static void quirk_usb_handoff_ohci(struct pci_dev *pdev) writel((u32) ~0, base + OHCI_INTRDISABLE); /* Reset the USB bus, if the controller isn't already in RESET */ - if (control & OHCI_HCFS) { + if ((pdev->vendor == PCI_VENDOR_ID_NVIDIA) && (control & OHCI_HCFS)) { /* Go into RESET, preserving RWC (and possibly IR) */ writel(control & OHCI_CTRL_MASK, base + OHCI_CONTROL); readl(base + OHCI_CONTROL); -- 2.17.1

7 years, 2 months

2
1
0 0

[PATCH] IB/hfi1: Fix user context tail allocation for DMA_RTAIL

by Mike Marciniszyn

commit 1bc0299d976e000ececc6acd76e33b4582646cb7 upstream. The following code fails to allocate a buffer for the tail address that the hardware DMAs into when the user context DMA_RTAIL is set. if (HFI1_CAP_KGET_MASK(rcd->flags, DMA_RTAIL)) { rcd->rcvhdrtail_kvaddr = dma_zalloc_coherent( &dd->pcidev->dev, PAGE_SIZE, &dma_hdrqtail, gfp_flags); if (!rcd->rcvhdrtail_kvaddr) goto bail_free; rcd->rcvhdrqtailaddr_dma = dma_hdrqtail; } So the rcvhdrtail_kvaddr would then be NULL. The mmap logic fails to check for a NULL rcvhdrtail_kvaddr. The fix is to test for both user and kernel DMA_TAIL options during the allocation as well as testing for a NULL rcvhdrtail_kvaddr during the mmap processing. Additionally, all downstream testing of the capmask for DMA_RTAIL have been eliminated in favor of testing rcvhdrtail_kvaddr. The patch had to be adjusted for lack of VNIC and interating contexts differently in the 4.9 code base. Reviewed-by: Michael J. Ruhl <michael.j.ruhl(a)intel.com> Signed-off-by: Mike Marciniszyn <mike.marciniszyn(a)intel.com> Signed-off-by: Dennis Dalessandro <dennis.dalessandro(a)intel.com> Signed-off-by: Jason Gunthorpe <jgg(a)mellanox.com> --- drivers/infiniband/hw/hfi1/chip.c | 8 ++++---- drivers/infiniband/hw/hfi1/file_ops.c | 2 +- drivers/infiniband/hw/hfi1/init.c | 9 ++++----- 3 files changed, 9 insertions(+), 10 deletions(-) diff --git a/drivers/infiniband/hw/hfi1/chip.c b/drivers/infiniband/hw/hfi1/chip.c index 148b313..d30b3b9 100644 --- a/drivers/infiniband/hw/hfi1/chip.c +++ b/drivers/infiniband/hw/hfi1/chip.c @@ -6717,7 +6717,7 @@ static void rxe_kernel_unfreeze(struct hfi1_devdata *dd) for (i = 0; i < dd->n_krcv_queues; i++) { rcvmask = HFI1_RCVCTRL_CTXT_ENB; /* HFI1_RCVCTRL_TAILUPD_[ENB|DIS] needs to be set explicitly */ - rcvmask |= HFI1_CAP_KGET_MASK(dd->rcd[i]->flags, DMA_RTAIL) ? + rcvmask |= dd->rcd[i]->rcvhdrtail_kvaddr ? HFI1_RCVCTRL_TAILUPD_ENB : HFI1_RCVCTRL_TAILUPD_DIS; hfi1_rcvctrl(dd, rcvmask, i); } @@ -8211,7 +8211,7 @@ static inline int check_packet_present(struct hfi1_ctxtdata *rcd) u32 tail; int present; - if (!HFI1_CAP_IS_KSET(DMA_RTAIL)) + if (!rcd->rcvhdrtail_kvaddr) present = (rcd->seq_cnt == rhf_rcv_seq(rhf_to_cpu(get_rhf_addr(rcd)))); else /* is RDMA rtail */ @@ -11550,7 +11550,7 @@ void hfi1_rcvctrl(struct hfi1_devdata *dd, unsigned int op, int ctxt) /* reset the tail and hdr addresses, and sequence count */ write_kctxt_csr(dd, ctxt, RCV_HDR_ADDR, rcd->rcvhdrq_dma); - if (HFI1_CAP_KGET_MASK(rcd->flags, DMA_RTAIL)) + if (rcd->rcvhdrtail_kvaddr) write_kctxt_csr(dd, ctxt, RCV_HDR_TAIL_ADDR, rcd->rcvhdrqtailaddr_dma); rcd->seq_cnt = 1; @@ -11630,7 +11630,7 @@ void hfi1_rcvctrl(struct hfi1_devdata *dd, unsigned int op, int ctxt) rcvctrl |= RCV_CTXT_CTRL_INTR_AVAIL_SMASK; if (op & HFI1_RCVCTRL_INTRAVAIL_DIS) rcvctrl &= ~RCV_CTXT_CTRL_INTR_AVAIL_SMASK; - if (op & HFI1_RCVCTRL_TAILUPD_ENB && rcd->rcvhdrqtailaddr_dma) + if ((op & HFI1_RCVCTRL_TAILUPD_ENB) && rcd->rcvhdrtail_kvaddr) rcvctrl |= RCV_CTXT_CTRL_TAIL_UPD_SMASK; if (op & HFI1_RCVCTRL_TAILUPD_DIS) { /* See comment on RcvCtxtCtrl.TailUpd above */ diff --git a/drivers/infiniband/hw/hfi1/file_ops.c b/drivers/infiniband/hw/hfi1/file_ops.c index bb72976..d612f9d 100644 --- a/drivers/infiniband/hw/hfi1/file_ops.c +++ b/drivers/infiniband/hw/hfi1/file_ops.c @@ -609,7 +609,7 @@ static int hfi1_file_mmap(struct file *fp, struct vm_area_struct *vma) ret = -EINVAL; goto done; } - if (flags & VM_WRITE) { + if ((flags & VM_WRITE) || !uctxt->rcvhdrtail_kvaddr) { ret = -EPERM; goto done; } diff --git a/drivers/infiniband/hw/hfi1/init.c b/drivers/infiniband/hw/hfi1/init.c index ae1f90d..28f4079 100644 --- a/drivers/infiniband/hw/hfi1/init.c +++ b/drivers/infiniband/hw/hfi1/init.c @@ -1605,7 +1605,6 @@ int hfi1_create_rcvhdrq(struct hfi1_devdata *dd, struct hfi1_ctxtdata *rcd) u64 reg; if (!rcd->rcvhdrq) { - dma_addr_t dma_hdrqtail; gfp_t gfp_flags; /* @@ -1628,13 +1627,13 @@ int hfi1_create_rcvhdrq(struct hfi1_devdata *dd, struct hfi1_ctxtdata *rcd) goto bail; } - if (HFI1_CAP_KGET_MASK(rcd->flags, DMA_RTAIL)) { + if (HFI1_CAP_KGET_MASK(rcd->flags, DMA_RTAIL) || + HFI1_CAP_UGET_MASK(rcd->flags, DMA_RTAIL)) { rcd->rcvhdrtail_kvaddr = dma_zalloc_coherent( - &dd->pcidev->dev, PAGE_SIZE, &dma_hdrqtail, - gfp_flags); + &dd->pcidev->dev, PAGE_SIZE, + &rcd->rcvhdrqtailaddr_dma, gfp_flags); if (!rcd->rcvhdrtail_kvaddr) goto bail_free; - rcd->rcvhdrqtailaddr_dma = dma_hdrqtail; } rcd->rcvhdrq_size = amt;

7 years, 2 months

1
0
0 0

[PATCH] sched/nohz: Skip remote tick on idle task entirely

by Frederic Weisbecker

Some people have reported that the warning in sched_tick_remote() occasionally triggers, especially in favour of some RCU-Torture pressure: WARNING: CPU: 11 PID: 906 at kernel/sched/core.c:3138 sched_tick_remote+0xb6/0xc0 Modules linked in: CPU: 11 PID: 906 Comm: kworker/u32:3 Not tainted 4.18.0-rc2+ #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014 Workqueue: events_unbound sched_tick_remote RIP: 0010:sched_tick_remote+0xb6/0xc0 Code: e8 0f 06 b8 00 c6 03 00 fb eb 9d 8b 43 04 85 c0 75 8d 48 8b 83 e0 0a 00 00 48 85 c0 75 81 eb 88 48 89 df e8 bc fe ff ff eb aa <0f> 0b eb +c5 66 0f 1f 44 00 00 bf 17 00 00 00 e8 b6 2e fe ff 0f b6 Call Trace: process_one_work+0x1df/0x3b0 worker_thread+0x44/0x3d0 kthread+0xf3/0x130 ? set_worker_desc+0xb0/0xb0 ? kthread_create_worker_on_cpu+0x70/0x70 ret_from_fork+0x35/0x40 This happens when the remote tick applies on an idle task. Usually the idle_cpu() check avoids that, but it is performed before we lock the runqueue and it is therefore racy. It was intended to be that way in order to prevent from useless runqueue locks since idle task tick callback is a no-op. Now if the racy check slips out of our hands and we end up remotely ticking an idle task, the empty task_tick_idle() is harmless. Still it won't pass the WARN_ON_ONCE() test that ensures rq_clock_task() is not too far from curr->se.exec_start because update_curr_idle() doesn't update the exec_start value like other scheduler policies. Hence the reported false positive. So let's have another check, while the rq is locked, to make sure we don't remote tick on an idle task. The lockless idle_cpu() still applies to avoid unecessary rq lock contention. Reported-by: Jacek Tomaka <jacekt(a)dug.com> Reported-by: Paul E. McKenney <paulmck(a)linux.vnet.ibm.com> Reported-by: Anna-Maria Gleixner <anna-maria(a)linutronix.de> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Ingo Molnar <mingo(a)kernel.org> Cc: stable(a)vger.kernel.org Signed-off-by: Frederic Weisbecker <frederic(a)kernel.org> --- kernel/sched/core.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/kernel/sched/core.c b/kernel/sched/core.c index 78d8fac..da8f121 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c @@ -3127,16 +3127,18 @@ static void sched_tick_remote(struct work_struct *work) u64 delta; rq_lock_irq(rq, &rf); - update_rq_clock(rq); curr = rq->curr; - delta = rq_clock_task(rq) - curr->se.exec_start; + if (!is_idle_task(curr)) { + update_rq_clock(rq); + delta = rq_clock_task(rq) - curr->se.exec_start; - /* - * Make sure the next tick runs within a reasonable - * amount of time. - */ - WARN_ON_ONCE(delta > (u64)NSEC_PER_SEC * 3); - curr->sched_class->task_tick(rq, curr, 0); + /* + * Make sure the next tick runs within a reasonable + * amount of time. + */ + WARN_ON_ONCE(delta > (u64)NSEC_PER_SEC * 3); + curr->sched_class->task_tick(rq, curr, 0); + } rq_unlock_irq(rq, &rf); } -- 2.7.4

7 years, 2 months

3
2
0 0

[PATCH] ahci: Disable LPM on Lenovo 50 series laptops with a too old BIOS

by Hans de Goede

There have been several reports of LPM related hard freezes about once a day on multiple Lenovo 50 series models. Strange enough these reports where not disk model specific as LPM issues usually are and some users with the exact same disk + laptop where seeing them while other users where not seeing these issues. It turns out that enabling LPM triggers a firmware bug somewhere, which has been fixed in later BIOS versions. This commit adds a new ahci_broken_lpm() function and a new ATA_FLAG_NO_LPM for dealing with this. The ahci_broken_lpm() function contains DMI match info for the 4 models which are known to be affected by this and the DMI BIOS date field for known good BIOS versions. If the BIOS date is older then the one in the table LPM will be disabled and a warning will be printed. Note the BIOS dates are for known good versions, some older versions may work too, but we don't know for sure, the table is using dates from BIOS versions for which users have confirmed that upgrading to that version makes the problem go away. Unfortunately I've been unable to get hold of the reporter who reported that BIOS version 2.35 fixed the problems on the W541 for him. I've been able to verify the DMI_SYS_VENDOR and DMI_PRODUCT_VERSION from an older dmidecode, but I don't know the exact BIOS date as reported in the DMI. Lenovo keeps a changelog with dates in their release notes, but the dates there are the release dates not the build dates which are in DMI. So I've chosen to set the date to which we compare to one day past the release date of the 2.34 BIOS. I plan to fix this with a follow up commit once I've the necessary info. Cc: stable(a)vger.kernel.org Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> --- drivers/ata/ahci.c | 59 +++++++++++++++++++++++++++++++++++++++ drivers/ata/libata-core.c | 3 ++ include/linux/libata.h | 1 + 3 files changed, 63 insertions(+) diff --git a/drivers/ata/ahci.c b/drivers/ata/ahci.c index 738fb22978dd..fdeb3b4d0f4a 100644 --- a/drivers/ata/ahci.c +++ b/drivers/ata/ahci.c @@ -1280,6 +1280,59 @@ static bool ahci_broken_suspend(struct pci_dev *pdev) return strcmp(buf, dmi->driver_data) < 0; } +static bool ahci_broken_lpm(struct pci_dev *pdev) +{ + static const struct dmi_system_id sysids[] = { + /* Various Lenovo 50 series have LPM issues with older BIOSen */ + { + .matches = { + DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"), + DMI_MATCH(DMI_PRODUCT_VERSION, "ThinkPad X250"), + }, + .driver_data = "20180406", /* 1.31 */ + }, + { + .matches = { + DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"), + DMI_MATCH(DMI_PRODUCT_VERSION, "ThinkPad L450"), + }, + .driver_data = "20180420", /* 1.28 */ + }, + { + .matches = { + DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"), + DMI_MATCH(DMI_PRODUCT_VERSION, "ThinkPad T450s"), + }, + .driver_data = "20180315", /* 1.33 */ + }, + { + .matches = { + DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"), + DMI_MATCH(DMI_PRODUCT_VERSION, "ThinkPad W541"), + }, + /* + * Note date based on release notes, 2.35 has been + * reported to be good, but I've been unable to get + * a hold of the reporter to get the DMI BIOS date. + * TODO: fix this. + */ + .driver_data = "20180310", /* 2.35 */ + }, + { } /* terminate list */ + }; + const struct dmi_system_id *dmi = dmi_first_match(sysids); + int year, month, date; + char buf[9]; + + if (!dmi) + return false; + + dmi_get_date(DMI_BIOS_DATE, &year, &month, &date); + snprintf(buf, sizeof(buf), "%04d%02d%02d", year, month, date); + + return strcmp(buf, dmi->driver_data) < 0; +} + static bool ahci_broken_online(struct pci_dev *pdev) { #define ENCODE_BUSDEVFN(bus, slot, func) \ @@ -1694,6 +1747,12 @@ static int ahci_init_one(struct pci_dev *pdev, const struct pci_device_id *ent) "quirky BIOS, skipping spindown on poweroff\n"); } + if (ahci_broken_lpm(pdev)) { + pi.flags |= ATA_FLAG_NO_LPM; + dev_warn(&pdev->dev, + "BIOS update required for Link Power Management support\n"); + } + if (ahci_broken_suspend(pdev)) { hpriv->flags |= AHCI_HFLAG_NO_SUSPEND; dev_warn(&pdev->dev, diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c index 27d15ed7fa3d..cc71c63df381 100644 --- a/drivers/ata/libata-core.c +++ b/drivers/ata/libata-core.c @@ -2493,6 +2493,9 @@ int ata_dev_configure(struct ata_device *dev) (id[ATA_ID_SATA_CAPABILITY] & 0xe) == 0x2) dev->horkage |= ATA_HORKAGE_NOLPM; + if (ap->flags & ATA_FLAG_NO_LPM) + dev->horkage |= ATA_HORKAGE_NOLPM; + if (dev->horkage & ATA_HORKAGE_NOLPM) { ata_dev_warn(dev, "LPM support broken, forcing max_power\n"); dev->link->ap->target_lpm_policy = ATA_LPM_MAX_POWER; diff --git a/include/linux/libata.h b/include/linux/libata.h index 8b8946dd63b9..26719233a5b1 100644 --- a/include/linux/libata.h +++ b/include/linux/libata.h @@ -210,6 +210,7 @@ enum { ATA_FLAG_SLAVE_POSS = (1 << 0), /* host supports slave dev */ /* (doesn't imply presence) */ ATA_FLAG_SATA = (1 << 1), + ATA_FLAG_NO_LPM = (1 << 2), /* host not happy with LPM */ ATA_FLAG_NO_LOG_PAGE = (1 << 5), /* do not issue log page read */ ATA_FLAG_NO_ATAPI = (1 << 6), /* No ATAPI support */ ATA_FLAG_PIO_DMA = (1 << 7), /* PIO cmds via DMA */ -- 2.17.1

7 years, 2 months

2
1
0 0

[PATCH v2 0/2] mmc: renesas_sdhi_internal_dmac: fix two issues for error path

by Yoshihiro Shimoda

This patch set is based on the mmc.git / fixes branch. Changes from v1: - Add Reviewed-by Geert-san. - Add a new goto label for error path. Yoshihiro Shimoda (2): mmc: renesas_sdhi_internal_dmac: Fix missing unmap in error patch mmc: renesas_sdhi_internal_dmac: Cannot clear the RX_IN_USE in abort drivers/mmc/host/renesas_sdhi_internal_dmac.c | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) -- 1.9.1

7 years, 2 months

3
5
0 0

[PATCH] spi: spi-fsl-dspi: Fix imprecise abort on VF500 during probe

by Krzysztof Kozlowski

Registers of DSPI should not be accessed before enabling its clock. On Toradex Colibri VF50 on Iris carrier board this could be seen during bootup as imprecise abort: Unhandled fault: imprecise external abort (0x1c06) at 0x00000000 Internal error: : 1c06 [#1] ARM Modules linked in: CPU: 0 PID: 1 Comm: swapper Not tainted 4.14.39-dirty #97 Hardware name: Freescale Vybrid VF5xx/VF6xx (Device Tree) Backtrace: [<804166a8>] (regmap_write) from [<80466b5c>] (dspi_probe+0x1f0/0x8dc) [<8046696c>] (dspi_probe) from [<8040107c>] (platform_drv_probe+0x54/0xb8) [<80401028>] (platform_drv_probe) from [<803ff53c>] (driver_probe_device+0x280/0x2f8) [<803ff2bc>] (driver_probe_device) from [<803ff674>] (__driver_attach+0xc0/0xc4) [<803ff5b4>] (__driver_attach) from [<803fd818>] (bus_for_each_dev+0x70/0xa4) [<803fd7a8>] (bus_for_each_dev) from [<803fee74>] (driver_attach+0x24/0x28) [<803fee50>] (driver_attach) from [<803fe980>] (bus_add_driver+0x1a0/0x218) [<803fe7e0>] (bus_add_driver) from [<803fffe8>] (driver_register+0x80/0x100) [<803fff68>] (driver_register) from [<80400fdc>] (__platform_driver_register+0x48/0x50) [<80400f94>] (__platform_driver_register) from [<8091cf7c>] (fsl_dspi_driver_init+0x1c/0x20) [<8091cf60>] (fsl_dspi_driver_init) from [<8010195c>] (do_one_initcall+0x4c/0x174) [<80101910>] (do_one_initcall) from [<80900e8c>] (kernel_init_freeable+0x144/0x1d8) [<80900d48>] (kernel_init_freeable) from [<805ff6a8>] (kernel_init+0x10/0x114) [<805ff698>] (kernel_init) from [<80107be8>] (ret_from_fork+0x14/0x2c) Cc: <stable(a)vger.kernel.org> Fixes: 5ee67b587a2b ("spi: dspi: clear SPI_SR before enable interrupt") Signed-off-by: Krzysztof Kozlowski <krzk(a)kernel.org> --- drivers/spi/spi-fsl-dspi.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/drivers/spi/spi-fsl-dspi.c b/drivers/spi/spi-fsl-dspi.c index ff7456be9d6d..89a1e7a4fe5d 100644 --- a/drivers/spi/spi-fsl-dspi.c +++ b/drivers/spi/spi-fsl-dspi.c @@ -1071,30 +1071,30 @@ static int dspi_probe(struct platform_device *pdev) } } + dspi->clk = devm_clk_get(&pdev->dev, "dspi"); + if (IS_ERR(dspi->clk)) { + ret = PTR_ERR(dspi->clk); + dev_err(&pdev->dev, "unable to get clock\n"); + goto out_master_put; + } + ret = clk_prepare_enable(dspi->clk); + if (ret) + goto out_master_put; + dspi_init(dspi); dspi->irq = platform_get_irq(pdev, 0); if (dspi->irq < 0) { dev_err(&pdev->dev, "can't get platform irq\n"); ret = dspi->irq; - goto out_master_put; + goto out_clk_put; } ret = devm_request_irq(&pdev->dev, dspi->irq, dspi_interrupt, 0, pdev->name, dspi); if (ret < 0) { dev_err(&pdev->dev, "Unable to attach DSPI interrupt\n"); - goto out_master_put; - } - - dspi->clk = devm_clk_get(&pdev->dev, "dspi"); - if (IS_ERR(dspi->clk)) { - ret = PTR_ERR(dspi->clk); - dev_err(&pdev->dev, "unable to get clock\n"); - goto out_master_put; + goto out_clk_put; } - ret = clk_prepare_enable(dspi->clk); - if (ret) - goto out_master_put; if (dspi->devtype_data->trans_mode == DSPI_DMA_MODE) { ret = dspi_request_dma(dspi, res->start); -- 2.7.4

7 years, 2 months

3
2
0 0

Re: [Xen-devel] [PATCH] xen: setup pv irq ops vector earlier

by Juergen Gross

On 02/07/18 13:18, Jan Beulich wrote: >>>> On 02.07.18 at 12:00, <jgross(a)suse.com> wrote: >> --- a/arch/x86/xen/enlighten_pv.c >> +++ b/arch/x86/xen/enlighten_pv.c >> @@ -1213,6 +1213,7 @@ asmlinkage __visible void __init xen_start_kernel(void) >> pv_info = xen_info; >> pv_init_ops.patch = paravirt_patch_default; >> pv_cpu_ops = xen_cpu_ops; >> + xen_init_irq_ops(); > > Isn't this still too late? xen_setup_machphys_mapping(), for example, > has a WARN_ON(), which implies multiple printk()s. Seems as if it would be a good idea to move calling xen_setup_machphys_mapping() into xen_init_mmu_ops(). There is really no need to do it earlier. Juergen

7 years, 2 months

1
0
0 0

[PATCH 1/5] ARM: dts: dra7: Disable metastability workaround for USB2

by Roger Quadros

Disable the metastability workaround for USB2. The original patch disabled the workaround on the wrong USB port. Fixes: b8c9c6fa2002 ("ARM: dts: dra7: Disable USB metastability workaround for USB2") Cc: <stable(a)vger.kernel.org> [4.16+] Signed-off-by: Roger Quadros <rogerq(a)ti.com> --- arch/arm/boot/dts/dra7.dtsi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm/boot/dts/dra7.dtsi b/arch/arm/boot/dts/dra7.dtsi index f4ddd86..9cace9f 100644 --- a/arch/arm/boot/dts/dra7.dtsi +++ b/arch/arm/boot/dts/dra7.dtsi @@ -1582,7 +1582,6 @@ dr_mode = "otg"; snps,dis_u3_susphy_quirk; snps,dis_u2_susphy_quirk; - snps,dis_metastability_quirk; }; }; @@ -1610,6 +1609,7 @@ dr_mode = "otg"; snps,dis_u3_susphy_quirk; snps,dis_u2_susphy_quirk; + snps,dis_metastability_quirk; }; }; -- cheers, -roger Texas Instruments Finland Oy, Porkkalankatu 22, 00180 Helsinki. Y-tunnus/Business ID: 0615521-4. Kotipaikka/Domicile: Helsinki

7 years, 2 months

2
1
0 0

[PATCH] arm64: Use aarch64elf and aarch64elfb emulation mode variants

by Paul Kocialkowski

The aarch64linux and aarch64linuxb emulation modes are not supported by bare-metal toolchains and Linux using them forbids building the kernel with these toolchains. Since there is apparently no reason to target these emulation modes, the more generic elf modes are used instead, allowing to build on bare-metal toolchains as well as the already-supported ones. Fixes: 3d6a7b99e3fa ("arm64: ensure the kernel is compiled for LP64") Cc: stable(a)vger.kernel.org Signed-off-by: Paul Kocialkowski <contact(a)paulk.fr> --- arch/arm64/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/arm64/Makefile b/arch/arm64/Makefile index 87f7d2f9f17c..3e959ac43b40 100644 --- a/arch/arm64/Makefile +++ b/arch/arm64/Makefile @@ -67,14 +67,14 @@ KBUILD_CPPFLAGS += -mbig-endian CHECKFLAGS += -D__AARCH64EB__ AS += -EB LD += -EB -LDFLAGS += -maarch64linuxb +LDFLAGS += -maarch64elfb UTS_MACHINE := aarch64_be else KBUILD_CPPFLAGS += -mlittle-endian CHECKFLAGS += -D__AARCH64EL__ AS += -EL LD += -EL -LDFLAGS += -maarch64linux +LDFLAGS += -maarch64elf UTS_MACHINE := aarch64 endif -- 2.17.1

7 years, 2 months

2
1
0 0

[PATCH 4.17 v2] x86/mm: Don't free P4D table when it is folded at runtime

by Andrey Ryabinin

commit 0e311d237d7f3022b7dafb639b42541bfb42fe94 upstream. When the P4D page table layer is folded at runtime, the p4d_free() should do nothing, the same as in <asm-generic/pgtable-nop4d.h>. It seems this bug should cause double-free in efi_call_phys_epilog(), but I don't know how to trigger that code path, so I can't confirm that by testing. Signed-off-by: Andrey Ryabinin <aryabinin(a)virtuozzo.com> Reviewed-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org # 4.17 Fixes: 98219dda2ab5 ("x86/mm: Fold p4d page table layer at runtime") Link: http://lkml.kernel.org/r/20180625102427.15015-1-aryabinin@virtuozzo.com Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Signed-off-by: Andrey Ryabinin <aryabinin(a)virtuozzo.com> --- Changes since v1: - Fix wrong "From:" field arch/x86/include/asm/pgalloc.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/x86/include/asm/pgalloc.h b/arch/x86/include/asm/pgalloc.h index 263c142a6a6c..f65e9e1cea4c 100644 --- a/arch/x86/include/asm/pgalloc.h +++ b/arch/x86/include/asm/pgalloc.h @@ -184,6 +184,9 @@ static inline p4d_t *p4d_alloc_one(struct mm_struct *mm, unsigned long addr) static inline void p4d_free(struct mm_struct *mm, p4d_t *p4d) { + if (!pgtable_l5_enabled) + return; + BUG_ON((unsigned long)p4d & (PAGE_SIZE-1)); free_page((unsigned long)p4d); } -- 2.16.4

7 years, 2 months

2
3
0 0

[PATCH 4.17] x86/mm: Don't free P4D table when it is folded at runtime

by Andrey Ryabinin

From: "gregkh(a)linuxfoundation.org" <gregkh(a)linuxfoundation.org> commit 0e311d237d7f3022b7dafb639b42541bfb42fe94 upstream. When the P4D page table layer is folded at runtime, the p4d_free() should do nothing, the same as in <asm-generic/pgtable-nop4d.h>. It seems this bug should cause double-free in efi_call_phys_epilog(), but I don't know how to trigger that code path, so I can't confirm that by testing. Signed-off-by: Andrey Ryabinin <aryabinin(a)virtuozzo.com> Reviewed-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org # 4.17 Fixes: 98219dda2ab5 ("x86/mm: Fold p4d page table layer at runtime") Link: http://lkml.kernel.org/r/20180625102427.15015-1-aryabinin@virtuozzo.com Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Signed-off-by: Andrey Ryabinin <aryabinin(a)virtuozzo.com> --- arch/x86/include/asm/pgalloc.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/x86/include/asm/pgalloc.h b/arch/x86/include/asm/pgalloc.h index 263c142a6a6c..f65e9e1cea4c 100644 --- a/arch/x86/include/asm/pgalloc.h +++ b/arch/x86/include/asm/pgalloc.h @@ -184,6 +184,9 @@ static inline p4d_t *p4d_alloc_one(struct mm_struct *mm, unsigned long addr) static inline void p4d_free(struct mm_struct *mm, p4d_t *p4d) { + if (!pgtable_l5_enabled) + return; + BUG_ON((unsigned long)p4d & (PAGE_SIZE-1)); free_page((unsigned long)p4d); } -- 2.16.4

7 years, 2 months

2
2
0 0

nfp: don't tell FW about the reserved buffer space

by Jakub Kicinski

Hi! Can we get the following backported to the 4.9 branch? commit 9383b33771e566fa547daa2d09c6e0f1aaa298c3 Author: Jakub Kicinski <jakub.kicinski(a)netronome.com> Date: Thu Mar 2 15:26:20 2017 -0800 nfp: don't tell FW about the reserved buffer space Since commit c0f031bc8866 ("nfp_net: use alloc_frag() and build_skb()") we are allocating buffers which have to hold both the data and skb to be created in place by build_skb(). FW should only be told about the buffer space it can DMA to, that is without the build_skb() headroom and tailroom. Note: firmware applications should validate the buffers against both MTU and free list buffer size so oversized packets would not pass through the NIC anyway. Fixes: c0f031bc8866 ("nfp: use alloc_frag() and build_skb()") Signed-off-by: Jakub Kicinski <jakub.kicinski(a)netronome.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Thank you!

7 years, 2 months

2
3
0 0

[PATCH 4/4] mtd: cfi_cmdset_0002: Change erase functions to check chip good only

by Tokunori Ikegami

Currently the functions use to check both chip ready and good. But the chip ready is not enough to check the operation status. So change this to check the chip good instead of this. About the retry functions to make sure the error handling remain it. Signed-off-by: Tokunori Ikegami <ikegami(a)allied-telesis.co.jp> Reviewed-by: Joakim Tjernlund <Joakim.Tjernlund(a)infinera.com> Cc: Chris Packham <chris.packham(a)alliedtelesis.co.nz> Cc: Brian Norris <computersforpeace(a)gmail.com> Cc: David Woodhouse <dwmw2(a)infradead.org> Cc: Boris Brezillon <boris.brezillon(a)free-electrons.com> Cc: Marek Vasut <marek.vasut(a)gmail.com> Cc: Richard Weinberger <richard(a)nod.at> Cc: Cyrille Pitchen <cyrille.pitchen(a)wedev4u.fr> Cc: linux-mtd(a)lists.infradead.org Cc: stable(a)vger.kernel.org Signed-off-by: Boris Brezillon <boris.brezillon(a)bootlin.com> --- drivers/mtd/chips/cfi_cmdset_0002.c | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/drivers/mtd/chips/cfi_cmdset_0002.c b/drivers/mtd/chips/cfi_cmdset_0002.c index 13ce64362db8..2a39dc3a4760 100644 --- a/drivers/mtd/chips/cfi_cmdset_0002.c +++ b/drivers/mtd/chips/cfi_cmdset_0002.c @@ -2296,12 +2296,13 @@ static int __xipram do_erase_chip(struct map_info *map, struct flchip *chip) chip->erase_suspended = 0; } - if (chip_ready(map, adr)) + if (chip_good(map, adr, map_word_ff(map))) break; if (time_after(jiffies, timeo)) { printk(KERN_WARNING "MTD %s(): software timeout\n", __func__ ); + ret = -EIO; break; } @@ -2309,15 +2310,15 @@ static int __xipram do_erase_chip(struct map_info *map, struct flchip *chip) UDELAY(map, chip, adr, 1000000/HZ); } /* Did we succeed? */ - if (!chip_good(map, adr, map_word_ff(map))) { + if (ret) { /* reset on all failures. */ map_write( map, CMD(0xF0), chip->start ); /* FIXME - should have reset delay before continuing */ - if (++retry_cnt <= MAX_RETRIES) + if (++retry_cnt <= MAX_RETRIES) { + ret = 0; goto retry; - - ret = -EIO; + } } chip->state = FL_READY; @@ -2391,7 +2392,7 @@ static int __xipram do_erase_oneblock(struct map_info *map, struct flchip *chip, chip->erase_suspended = 0; } - if (chip_ready(map, adr)) { + if (chip_good(map, adr, map_word_ff(map))) { xip_enable(map, chip, adr); break; } @@ -2400,6 +2401,7 @@ static int __xipram do_erase_oneblock(struct map_info *map, struct flchip *chip, xip_enable(map, chip, adr); printk(KERN_WARNING "MTD %s(): software timeout\n", __func__ ); + ret = -EIO; break; } @@ -2407,15 +2409,15 @@ static int __xipram do_erase_oneblock(struct map_info *map, struct flchip *chip, UDELAY(map, chip, adr, 1000000/HZ); } /* Did we succeed? */ - if (!chip_good(map, adr, map_word_ff(map))) { + if (ret) { /* reset on all failures. */ map_write( map, CMD(0xF0), chip->start ); /* FIXME - should have reset delay before continuing */ - if (++retry_cnt <= MAX_RETRIES) + if (++retry_cnt <= MAX_RETRIES) { + ret = 0; goto retry; - - ret = -EIO; + } } chip->state = FL_READY; -- 2.16.1

7 years, 2 months

1
0
0 0

[PATCH 3/4] mtd: cfi_cmdset_0002: Change erase functions to retry for error

by Tokunori Ikegami

For the word write functions it is retried for error. But it is not implemented to retry for the erase functions. To make sure for the erase functions change to retry as same. This is needed to prevent the flash erase error caused only once. It was caused by the error case of chip_good() in the do_erase_oneblock(). Also it was confirmed on the MACRONIX flash device MX29GL512FHT2I-11G. But the error issue behavior is not able to reproduce at this moment. The flash controller is parallel Flash interface integrated on BCM53003. Signed-off-by: Tokunori Ikegami <ikegami(a)allied-telesis.co.jp> Reviewed-by: Joakim Tjernlund <Joakim.Tjernlund(a)infinera.com> Cc: Chris Packham <chris.packham(a)alliedtelesis.co.nz> Cc: Brian Norris <computersforpeace(a)gmail.com> Cc: David Woodhouse <dwmw2(a)infradead.org> Cc: Boris Brezillon <boris.brezillon(a)free-electrons.com> Cc: Marek Vasut <marek.vasut(a)gmail.com> Cc: Richard Weinberger <richard(a)nod.at> Cc: Cyrille Pitchen <cyrille.pitchen(a)wedev4u.fr> Cc: linux-mtd(a)lists.infradead.org Cc: stable(a)vger.kernel.org Signed-off-by: Boris Brezillon <boris.brezillon(a)bootlin.com> --- drivers/mtd/chips/cfi_cmdset_0002.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/drivers/mtd/chips/cfi_cmdset_0002.c b/drivers/mtd/chips/cfi_cmdset_0002.c index 29913eeac5fb..13ce64362db8 100644 --- a/drivers/mtd/chips/cfi_cmdset_0002.c +++ b/drivers/mtd/chips/cfi_cmdset_0002.c @@ -2241,6 +2241,7 @@ static int __xipram do_erase_chip(struct map_info *map, struct flchip *chip) unsigned long int adr; DECLARE_WAITQUEUE(wait, current); int ret = 0; + int retry_cnt = 0; adr = cfi->addr_unlock1; @@ -2258,6 +2259,7 @@ static int __xipram do_erase_chip(struct map_info *map, struct flchip *chip) ENABLE_VPP(map); xip_disable(map, chip, adr); + retry: cfi_send_gen_cmd(0xAA, cfi->addr_unlock1, chip->start, map, cfi, cfi->device_type, NULL); cfi_send_gen_cmd(0x55, cfi->addr_unlock2, chip->start, map, cfi, cfi->device_type, NULL); cfi_send_gen_cmd(0x80, cfi->addr_unlock1, chip->start, map, cfi, cfi->device_type, NULL); @@ -2312,6 +2314,9 @@ static int __xipram do_erase_chip(struct map_info *map, struct flchip *chip) map_write( map, CMD(0xF0), chip->start ); /* FIXME - should have reset delay before continuing */ + if (++retry_cnt <= MAX_RETRIES) + goto retry; + ret = -EIO; } @@ -2331,6 +2336,7 @@ static int __xipram do_erase_oneblock(struct map_info *map, struct flchip *chip, unsigned long timeo = jiffies + HZ; DECLARE_WAITQUEUE(wait, current); int ret = 0; + int retry_cnt = 0; adr += chip->start; @@ -2348,6 +2354,7 @@ static int __xipram do_erase_oneblock(struct map_info *map, struct flchip *chip, ENABLE_VPP(map); xip_disable(map, chip, adr); + retry: cfi_send_gen_cmd(0xAA, cfi->addr_unlock1, chip->start, map, cfi, cfi->device_type, NULL); cfi_send_gen_cmd(0x55, cfi->addr_unlock2, chip->start, map, cfi, cfi->device_type, NULL); cfi_send_gen_cmd(0x80, cfi->addr_unlock1, chip->start, map, cfi, cfi->device_type, NULL); @@ -2405,6 +2412,9 @@ static int __xipram do_erase_oneblock(struct map_info *map, struct flchip *chip, map_write( map, CMD(0xF0), chip->start ); /* FIXME - should have reset delay before continuing */ + if (++retry_cnt <= MAX_RETRIES) + goto retry; + ret = -EIO; } -- 2.16.1

7 years, 2 months

1
0
0 0

[PATCH 2/4] mtd: cfi_cmdset_0002: Change definition naming to retry write operation

by Tokunori Ikegami

The definition can be used for other program and erase operations also. So change the naming to MAX_RETRIES from MAX_WORD_RETRIES. Signed-off-by: Tokunori Ikegami <ikegami(a)allied-telesis.co.jp> Reviewed-by: Joakim Tjernlund <Joakim.Tjernlund(a)infinera.com> Cc: Chris Packham <chris.packham(a)alliedtelesis.co.nz> Cc: Brian Norris <computersforpeace(a)gmail.com> Cc: David Woodhouse <dwmw2(a)infradead.org> Cc: Boris Brezillon <boris.brezillon(a)free-electrons.com> Cc: Marek Vasut <marek.vasut(a)gmail.com> Cc: Richard Weinberger <richard(a)nod.at> Cc: Cyrille Pitchen <cyrille.pitchen(a)wedev4u.fr> Cc: linux-mtd(a)lists.infradead.org Cc: stable(a)vger.kernel.org Signed-off-by: Boris Brezillon <boris.brezillon(a)bootlin.com> --- drivers/mtd/chips/cfi_cmdset_0002.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/mtd/chips/cfi_cmdset_0002.c b/drivers/mtd/chips/cfi_cmdset_0002.c index 9ab521d25ea2..29913eeac5fb 100644 --- a/drivers/mtd/chips/cfi_cmdset_0002.c +++ b/drivers/mtd/chips/cfi_cmdset_0002.c @@ -42,7 +42,7 @@ #define AMD_BOOTLOC_BUG #define FORCE_WORD_WRITE 0 -#define MAX_WORD_RETRIES 3 +#define MAX_RETRIES 3 #define SST49LF004B 0x0060 #define SST49LF040B 0x0050 @@ -1647,7 +1647,7 @@ static int __xipram do_write_oneword(struct map_info *map, struct flchip *chip, map_write( map, CMD(0xF0), chip->start ); /* FIXME - should have reset delay before continuing */ - if (++retry_cnt <= MAX_WORD_RETRIES) + if (++retry_cnt <= MAX_RETRIES) goto retry; ret = -EIO; @@ -2106,7 +2106,7 @@ static int do_panic_write_oneword(struct map_info *map, struct flchip *chip, map_write(map, CMD(0xF0), chip->start); /* FIXME - should have reset delay before continuing */ - if (++retry_cnt <= MAX_WORD_RETRIES) + if (++retry_cnt <= MAX_RETRIES) goto retry; ret = -EIO; -- 2.16.1

7 years, 2 months

1
0
0 0

virt: vbox: Only copy_from_user the request-header once

by Justin Forbes

I didn't see this one sent to stable, though it probably should be. commit bd23a7269834dc7c1f93e83535d16ebc44b75eba Author: Wenwen Wang <wang6495(a)umn.edu> Date: Tue May 8 08:50:28 2018 -0500 virt: vbox: Only copy_from_user the request-header once Thanks, Justin

7 years, 2 months

2
1
0 0

FAILED: patch "[PATCH] Bluetooth: Fix connection if directed advertising and privacy" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 082f2300cfa1a3d9d5221c38c5eba85d4ab98bd8 Mon Sep 17 00:00:00 2001 From: Szymon Janc <szymon.janc(a)codecoup.pl> Date: Tue, 3 Apr 2018 13:40:06 +0200 Subject: [PATCH] Bluetooth: Fix connection if directed advertising and privacy is used Local random address needs to be updated before creating connection if RPA from LE Direct Advertising Report was resolved in host. Otherwise remote device might ignore connection request due to address mismatch. This was affecting following qualification test cases: GAP/CONN/SCEP/BV-03-C, GAP/CONN/GCEP/BV-05-C, GAP/CONN/DCEP/BV-05-C Before patch: < HCI Command: LE Set Random Address (0x08|0x0005) plen 6 #11350 [hci0] 84680.231216 Address: 56:BC:E8:24:11:68 (Resolvable) Identity type: Random (0x01) Identity: F2:F1:06:3D:9C:42 (Static) > HCI Event: Command Complete (0x0e) plen 4 #11351 [hci0] 84680.246022 LE Set Random Address (0x08|0x0005) ncmd 1 Status: Success (0x00) < HCI Command: LE Set Scan Parameters (0x08|0x000b) plen 7 #11352 [hci0] 84680.246417 Type: Passive (0x00) Interval: 60.000 msec (0x0060) Window: 30.000 msec (0x0030) Own address type: Random (0x01) Filter policy: Accept all advertisement, inc. directed unresolved RPA (0x02) > HCI Event: Command Complete (0x0e) plen 4 #11353 [hci0] 84680.248854 LE Set Scan Parameters (0x08|0x000b) ncmd 1 Status: Success (0x00) < HCI Command: LE Set Scan Enable (0x08|0x000c) plen 2 #11354 [hci0] 84680.249466 Scanning: Enabled (0x01) Filter duplicates: Enabled (0x01) > HCI Event: Command Complete (0x0e) plen 4 #11355 [hci0] 84680.253222 LE Set Scan Enable (0x08|0x000c) ncmd 1 Status: Success (0x00) > HCI Event: LE Meta Event (0x3e) plen 18 #11356 [hci0] 84680.458387 LE Direct Advertising Report (0x0b) Num reports: 1 Event type: Connectable directed - ADV_DIRECT_IND (0x01) Address type: Random (0x01) Address: 53:38:DA:46:8C:45 (Resolvable) Identity type: Public (0x00) Identity: 11:22:33:44:55:66 (OUI 11-22-33) Direct address type: Random (0x01) Direct address: 7C:D6:76:8C:DF:82 (Resolvable) Identity type: Random (0x01) Identity: F2:F1:06:3D:9C:42 (Static) RSSI: -74 dBm (0xb6) < HCI Command: LE Set Scan Enable (0x08|0x000c) plen 2 #11357 [hci0] 84680.458737 Scanning: Disabled (0x00) Filter duplicates: Disabled (0x00) > HCI Event: Command Complete (0x0e) plen 4 #11358 [hci0] 84680.469982 LE Set Scan Enable (0x08|0x000c) ncmd 1 Status: Success (0x00) < HCI Command: LE Create Connection (0x08|0x000d) plen 25 #11359 [hci0] 84680.470444 Scan interval: 60.000 msec (0x0060) Scan window: 60.000 msec (0x0060) Filter policy: White list is not used (0x00) Peer address type: Random (0x01) Peer address: 53:38:DA:46:8C:45 (Resolvable) Identity type: Public (0x00) Identity: 11:22:33:44:55:66 (OUI 11-22-33) Own address type: Random (0x01) Min connection interval: 30.00 msec (0x0018) Max connection interval: 50.00 msec (0x0028) Connection latency: 0 (0x0000) Supervision timeout: 420 msec (0x002a) Min connection length: 0.000 msec (0x0000) Max connection length: 0.000 msec (0x0000) > HCI Event: Command Status (0x0f) plen 4 #11360 [hci0] 84680.474971 LE Create Connection (0x08|0x000d) ncmd 1 Status: Success (0x00) < HCI Command: LE Create Connection Cancel (0x08|0x000e) plen 0 #11361 [hci0] 84682.545385 > HCI Event: Command Complete (0x0e) plen 4 #11362 [hci0] 84682.551014 LE Create Connection Cancel (0x08|0x000e) ncmd 1 Status: Success (0x00) > HCI Event: LE Meta Event (0x3e) plen 19 #11363 [hci0] 84682.551074 LE Connection Complete (0x01) Status: Unknown Connection Identifier (0x02) Handle: 0 Role: Master (0x00) Peer address type: Public (0x00) Peer address: 00:00:00:00:00:00 (OUI 00-00-00) Connection interval: 0.00 msec (0x0000) Connection latency: 0 (0x0000) Supervision timeout: 0 msec (0x0000) Master clock accuracy: 0x00 After patch: < HCI Command: LE Set Scan Parameters (0x08|0x000b) plen 7 #210 [hci0] 667.152459 Type: Passive (0x00) Interval: 60.000 msec (0x0060) Window: 30.000 msec (0x0030) Own address type: Random (0x01) Filter policy: Accept all advertisement, inc. directed unresolved RPA (0x02) > HCI Event: Command Complete (0x0e) plen 4 #211 [hci0] 667.153613 LE Set Scan Parameters (0x08|0x000b) ncmd 1 Status: Success (0x00) < HCI Command: LE Set Scan Enable (0x08|0x000c) plen 2 #212 [hci0] 667.153704 Scanning: Enabled (0x01) Filter duplicates: Enabled (0x01) > HCI Event: Command Complete (0x0e) plen 4 #213 [hci0] 667.154584 LE Set Scan Enable (0x08|0x000c) ncmd 1 Status: Success (0x00) > HCI Event: LE Meta Event (0x3e) plen 18 #214 [hci0] 667.182619 LE Direct Advertising Report (0x0b) Num reports: 1 Event type: Connectable directed - ADV_DIRECT_IND (0x01) Address type: Random (0x01) Address: 50:52:D9:A6:48:A0 (Resolvable) Identity type: Public (0x00) Identity: 11:22:33:44:55:66 (OUI 11-22-33) Direct address type: Random (0x01) Direct address: 7C:C1:57:A5:B7:A8 (Resolvable) Identity type: Random (0x01) Identity: F4:28:73:5D:38:B0 (Static) RSSI: -70 dBm (0xba) < HCI Command: LE Set Scan Enable (0x08|0x000c) plen 2 #215 [hci0] 667.182704 Scanning: Disabled (0x00) Filter duplicates: Disabled (0x00) > HCI Event: Command Complete (0x0e) plen 4 #216 [hci0] 667.183599 LE Set Scan Enable (0x08|0x000c) ncmd 1 Status: Success (0x00) < HCI Command: LE Set Random Address (0x08|0x0005) plen 6 #217 [hci0] 667.183645 Address: 7C:C1:57:A5:B7:A8 (Resolvable) Identity type: Random (0x01) Identity: F4:28:73:5D:38:B0 (Static) > HCI Event: Command Complete (0x0e) plen 4 #218 [hci0] 667.184590 LE Set Random Address (0x08|0x0005) ncmd 1 Status: Success (0x00) < HCI Command: LE Create Connection (0x08|0x000d) plen 25 #219 [hci0] 667.184613 Scan interval: 60.000 msec (0x0060) Scan window: 60.000 msec (0x0060) Filter policy: White list is not used (0x00) Peer address type: Random (0x01) Peer address: 50:52:D9:A6:48:A0 (Resolvable) Identity type: Public (0x00) Identity: 11:22:33:44:55:66 (OUI 11-22-33) Own address type: Random (0x01) Min connection interval: 30.00 msec (0x0018) Max connection interval: 50.00 msec (0x0028) Connection latency: 0 (0x0000) Supervision timeout: 420 msec (0x002a) Min connection length: 0.000 msec (0x0000) Max connection length: 0.000 msec (0x0000) > HCI Event: Command Status (0x0f) plen 4 #220 [hci0] 667.186558 LE Create Connection (0x08|0x000d) ncmd 1 Status: Success (0x00) > HCI Event: LE Meta Event (0x3e) plen 19 #221 [hci0] 667.485824 LE Connection Complete (0x01) Status: Success (0x00) Handle: 0 Role: Master (0x00) Peer address type: Random (0x01) Peer address: 50:52:D9:A6:48:A0 (Resolvable) Identity type: Public (0x00) Identity: 11:22:33:44:55:66 (OUI 11-22-33) Connection interval: 50.00 msec (0x0028) Connection latency: 0 (0x0000) Supervision timeout: 420 msec (0x002a) Master clock accuracy: 0x07 @ MGMT Event: Device Connected (0x000b) plen 13 {0x0002} [hci0] 667.485996 LE Address: 11:22:33:44:55:66 (OUI 11-22-33) Flags: 0x00000000 Data length: 0 Signed-off-by: Szymon Janc <szymon.janc(a)codecoup.pl> Signed-off-by: Marcel Holtmann <marcel(a)holtmann.org> Cc: stable(a)vger.kernel.org diff --git a/include/net/bluetooth/hci_core.h b/include/net/bluetooth/hci_core.h index 95ccc1eef558..b619a190ff12 100644 --- a/include/net/bluetooth/hci_core.h +++ b/include/net/bluetooth/hci_core.h @@ -895,7 +895,7 @@ struct hci_conn *hci_connect_le_scan(struct hci_dev *hdev, bdaddr_t *dst, u16 conn_timeout); struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst, u8 dst_type, u8 sec_level, u16 conn_timeout, - u8 role); + u8 role, bdaddr_t *direct_rpa); struct hci_conn *hci_connect_acl(struct hci_dev *hdev, bdaddr_t *dst, u8 sec_level, u8 auth_type); struct hci_conn *hci_connect_sco(struct hci_dev *hdev, int type, bdaddr_t *dst, diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c index a9682534c377..45ff5dc124cc 100644 --- a/net/bluetooth/hci_conn.c +++ b/net/bluetooth/hci_conn.c @@ -749,18 +749,31 @@ static bool conn_use_rpa(struct hci_conn *conn) } static void hci_req_add_le_create_conn(struct hci_request *req, - struct hci_conn *conn) + struct hci_conn *conn, + bdaddr_t *direct_rpa) { struct hci_cp_le_create_conn cp; struct hci_dev *hdev = conn->hdev; u8 own_addr_type; - /* Update random address, but set require_privacy to false so - * that we never connect with an non-resolvable address. + /* If direct address was provided we use it instead of current + * address. */ - if (hci_update_random_address(req, false, conn_use_rpa(conn), - &own_addr_type)) - return; + if (direct_rpa) { + if (bacmp(&req->hdev->random_addr, direct_rpa)) + hci_req_add(req, HCI_OP_LE_SET_RANDOM_ADDR, 6, + direct_rpa); + + /* direct address is always RPA */ + own_addr_type = ADDR_LE_DEV_RANDOM; + } else { + /* Update random address, but set require_privacy to false so + * that we never connect with an non-resolvable address. + */ + if (hci_update_random_address(req, false, conn_use_rpa(conn), + &own_addr_type)) + return; + } memset(&cp, 0, sizeof(cp)); @@ -825,7 +838,7 @@ static void hci_req_directed_advertising(struct hci_request *req, struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst, u8 dst_type, u8 sec_level, u16 conn_timeout, - u8 role) + u8 role, bdaddr_t *direct_rpa) { struct hci_conn_params *params; struct hci_conn *conn; @@ -940,7 +953,7 @@ struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst, hci_dev_set_flag(hdev, HCI_LE_SCAN_INTERRUPTED); } - hci_req_add_le_create_conn(&req, conn); + hci_req_add_le_create_conn(&req, conn, direct_rpa); create_conn: err = hci_req_run(&req, create_le_conn_complete); diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index cd3bbb766c24..139707cd9d35 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c @@ -4648,7 +4648,8 @@ static void hci_le_conn_update_complete_evt(struct hci_dev *hdev, /* This function requires the caller holds hdev->lock */ static struct hci_conn *check_pending_le_conn(struct hci_dev *hdev, bdaddr_t *addr, - u8 addr_type, u8 adv_type) + u8 addr_type, u8 adv_type, + bdaddr_t *direct_rpa) { struct hci_conn *conn; struct hci_conn_params *params; @@ -4699,7 +4700,8 @@ static struct hci_conn *check_pending_le_conn(struct hci_dev *hdev, } conn = hci_connect_le(hdev, addr, addr_type, BT_SECURITY_LOW, - HCI_LE_AUTOCONN_TIMEOUT, HCI_ROLE_MASTER); + HCI_LE_AUTOCONN_TIMEOUT, HCI_ROLE_MASTER, + direct_rpa); if (!IS_ERR(conn)) { /* If HCI_AUTO_CONN_EXPLICIT is set, conn is already owned * by higher layer that tried to connect, if no then @@ -4808,8 +4810,13 @@ static void process_adv_report(struct hci_dev *hdev, u8 type, bdaddr_t *bdaddr, bdaddr_type = irk->addr_type; } - /* Check if we have been requested to connect to this device */ - conn = check_pending_le_conn(hdev, bdaddr, bdaddr_type, type); + /* Check if we have been requested to connect to this device. + * + * direct_addr is set only for directed advertising reports (it is NULL + * for advertising reports) and is already verified to be RPA above. + */ + conn = check_pending_le_conn(hdev, bdaddr, bdaddr_type, type, + direct_addr); if (conn && type == LE_ADV_IND) { /* Store report for later inclusion by * mgmt_device_connected diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c index fc6615d59165..9b7907ebfa01 100644 --- a/net/bluetooth/l2cap_core.c +++ b/net/bluetooth/l2cap_core.c @@ -7156,7 +7156,7 @@ int l2cap_chan_connect(struct l2cap_chan *chan, __le16 psm, u16 cid, hcon = hci_connect_le(hdev, dst, dst_type, chan->sec_level, HCI_LE_CONN_TIMEOUT, - HCI_ROLE_SLAVE); + HCI_ROLE_SLAVE, NULL); else hcon = hci_connect_le_scan(hdev, dst, dst_type, chan->sec_level,

7 years, 2 months

3
2
0 0

[PATCH stable 4.9 and 4.4] cdc_ncm: avoid padding beyond end of skb

by Bjørn Mork

[ Upstream commit 49c2c3f246e2fc3009039e31a826333dcd0283cd ] Commit 4a0e3e989d66 ("cdc_ncm: Add support for moving NDP to end of NCM frame") added logic to reserve space for the NDP at the end of the NTB/skb. This reservation did not take the final alignment of the NDP into account, causing us to reserve too little space. Additionally the padding prior to NDP addition did not ensure there was enough space for the NDP. The NTB/skb with the NDP appended would then exceed the configured max size. This caused the final padding of the NTB to use a negative count, padding to almost INT_MAX, and resulting in: [60103.825970] BUG: unable to handle kernel paging request at ffff9641f2004000 [60103.825998] IP: __memset+0x24/0x30 [60103.826001] PGD a6a06067 P4D a6a06067 PUD 4f65a063 PMD 72003063 PTE 0 [60103.826013] Oops: 0002 [#1] SMP NOPTI [60103.826018] Modules linked in: (removed( [60103.826158] CPU: 0 PID: 5990 Comm: Chrome_DevTools Tainted: G O 4.14.0-3-amd64 #1 Debian 4.14.17-1 [60103.826162] Hardware name: LENOVO 20081 BIOS 41CN28WW(V2.04) 05/03/2012 [60103.826166] task: ffff964193484fc0 task.stack: ffffb2890137c000 [60103.826171] RIP: 0010:__memset+0x24/0x30 [60103.826174] RSP: 0000:ffff964316c03b68 EFLAGS: 00010216 [60103.826178] RAX: 0000000000000000 RBX: 00000000fffffffd RCX: 000000001ffa5000 [60103.826181] RDX: 0000000000000005 RSI: 0000000000000000 RDI: ffff9641f2003ffc [60103.826184] RBP: ffff964192f6c800 R08: 00000000304d434e R09: ffff9641f1d2c004 [60103.826187] R10: 0000000000000002 R11: 00000000000005ae R12: ffff9642e6957a80 [60103.826190] R13: ffff964282ff2ee8 R14: 000000000000000d R15: ffff9642e4843900 [60103.826194] FS: 00007f395aaf6700(0000) GS:ffff964316c00000(0000) knlGS:0000000000000000 [60103.826197] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [60103.826200] CR2: ffff9641f2004000 CR3: 0000000013b0c000 CR4: 00000000000006f0 [60103.826204] Call Trace: [60103.826212] <IRQ> [60103.826225] cdc_ncm_fill_tx_frame+0x5e3/0x740 [cdc_ncm] [60103.826236] cdc_ncm_tx_fixup+0x57/0x70 [cdc_ncm] [60103.826246] usbnet_start_xmit+0x5d/0x710 [usbnet] [60103.826254] ? netif_skb_features+0x119/0x250 [60103.826259] dev_hard_start_xmit+0xa1/0x200 [60103.826267] sch_direct_xmit+0xf2/0x1b0 [60103.826273] __dev_queue_xmit+0x5e3/0x7c0 [60103.826280] ? ip_finish_output2+0x263/0x3c0 [60103.826284] ip_finish_output2+0x263/0x3c0 [60103.826289] ? ip_output+0x6c/0xe0 [60103.826293] ip_output+0x6c/0xe0 [60103.826298] ? ip_forward_options+0x1a0/0x1a0 [60103.826303] tcp_transmit_skb+0x516/0x9b0 [60103.826309] tcp_write_xmit+0x1aa/0xee0 [60103.826313] ? sch_direct_xmit+0x71/0x1b0 [60103.826318] tcp_tasklet_func+0x177/0x180 [60103.826325] tasklet_action+0x5f/0x110 [60103.826332] __do_softirq+0xde/0x2b3 [60103.826337] irq_exit+0xae/0xb0 [60103.826342] do_IRQ+0x81/0xd0 [60103.826347] common_interrupt+0x98/0x98 [60103.826351] </IRQ> [60103.826355] RIP: 0033:0x7f397bdf2282 [60103.826358] RSP: 002b:00007f395aaf57d8 EFLAGS: 00000206 ORIG_RAX: ffffffffffffff6e [60103.826362] RAX: 0000000000000000 RBX: 00002f07bc6d0900 RCX: 00007f39752d7fe7 [60103.826365] RDX: 0000000000000022 RSI: 0000000000000147 RDI: 00002f07baea02c0 [60103.826368] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [60103.826371] R10: 00000000ffffffff R11: 0000000000000000 R12: 00002f07baea02c0 [60103.826373] R13: 00002f07bba227a0 R14: 00002f07bc6d090c R15: 0000000000000000 [60103.826377] Code: 90 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 <f3> 48 ab 89 d1 f3 aa 4c 89 c8 c3 90 49 89 f9 40 88 f0 48 89 d1 [60103.826442] RIP: __memset+0x24/0x30 RSP: ffff964316c03b68 [60103.826444] CR2: ffff9641f2004000 Commit e1069bbfcf3b ("net: cdc_ncm: Reduce memory use when kernel memory low") made this bug much more likely to trigger by reducing the NTB size under memory pressure. Link: https://bugs.debian.org/893393 Reported-by: Горбешко Богдан <bodqhrohro(a)gmail.com> Reported-and-tested-by: Dennis Wassenberg <dennis.wassenberg(a)secunet.com> Cc: Enrico Mioso <mrkiko.rs(a)gmail.com> Fixes: 4a0e3e989d66 ("cdc_ncm: Add support for moving NDP to end of NCM frame") [ bmork: tx_curr_size => tx_max and context fixup for v4.12 and older ] Signed-off-by: Bjørn Mork <bjorn(a)mork.no> Signed-off-by: David S. Miller <davem(a)davemloft.net> --- This has already been applied to stable 4.14 and newer, but needed two minor changes for anything older than v4.13. The bug is only present in v4.3 and and newer, so there is no need to consider this backport for anything older than stable 4.4. Please apply to 4.4 and 4.9 stable. Thanks, Bjørn drivers/net/usb/cdc_ncm.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/net/usb/cdc_ncm.c b/drivers/net/usb/cdc_ncm.c index feb61eaffe32..3086cae62fdc 100644 --- a/drivers/net/usb/cdc_ncm.c +++ b/drivers/net/usb/cdc_ncm.c @@ -1124,7 +1124,7 @@ cdc_ncm_fill_tx_frame(struct usbnet *dev, struct sk_buff *skb, __le32 sign) * accordingly. Otherwise, we should check here. */ if (ctx->drvflags & CDC_NCM_FLAG_NDP_TO_END) - delayed_ndp_size = ctx->max_ndp_size; + delayed_ndp_size = ALIGN(ctx->max_ndp_size, ctx->tx_ndp_modulus); else delayed_ndp_size = 0; @@ -1257,7 +1257,7 @@ cdc_ncm_fill_tx_frame(struct usbnet *dev, struct sk_buff *skb, __le32 sign) /* If requested, put NDP at end of frame. */ if (ctx->drvflags & CDC_NCM_FLAG_NDP_TO_END) { nth16 = (struct usb_cdc_ncm_nth16 *)skb_out->data; - cdc_ncm_align_tail(skb_out, ctx->tx_ndp_modulus, 0, ctx->tx_max); + cdc_ncm_align_tail(skb_out, ctx->tx_ndp_modulus, 0, ctx->tx_max - ctx->max_ndp_size); nth16->wNdpIndex = cpu_to_le16(skb_out->len); memcpy(skb_put(skb_out, ctx->max_ndp_size), ctx->delayed_ndp16, ctx->max_ndp_size); -- 2.11.0

7 years, 2 months

2
1
0 0

stable request for v4.14.x: xhci: Fix use-after-free in xhci_free_virt_device

by Sudip Mukherjee

Hi Greg, This fix missed the v4.14.x stable tree. The original patch with the bug was added in v4.14.44. The backported patch is attached with this mail, please apply to v4.14.x. -- Regards Sudip

7 years, 2 months

2
1
0 0

FAILED: patch "[PATCH] selinux: move user accesses in selinuxfs out of locked" failed to apply to 3.18-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 3.18-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 0da74120c5341389b97c4ee27487a97224999ee1 Mon Sep 17 00:00:00 2001 From: Jann Horn <jannh(a)google.com> Date: Thu, 28 Jun 2018 20:39:54 -0400 Subject: [PATCH] selinux: move user accesses in selinuxfs out of locked regions If a user is accessing a file in selinuxfs with a pointer to a userspace buffer that is backed by e.g. a userfaultfd, the userspace access can stall indefinitely, which can block fsi->mutex if it is held. For sel_read_policy(), remove the locking, since this method doesn't seem to access anything that requires locking. For sel_read_bool(), move the user access below the locked region. For sel_write_bool() and sel_commit_bools_write(), move the user access up above the locked region. Cc: stable(a)vger.kernel.org Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Jann Horn <jannh(a)google.com> Acked-by: Stephen Smalley <sds(a)tycho.nsa.gov> [PM: removed an unused variable in sel_read_policy()] Signed-off-by: Paul Moore <paul(a)paul-moore.com> diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index c0cadbc5f85c..19e35dd695d7 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -441,22 +441,16 @@ static int sel_release_policy(struct inode *inode, struct file *filp) static ssize_t sel_read_policy(struct file *filp, char __user *buf, size_t count, loff_t *ppos) { - struct selinux_fs_info *fsi = file_inode(filp)->i_sb->s_fs_info; struct policy_load_memory *plm = filp->private_data; int ret; - mutex_lock(&fsi->mutex); - ret = avc_has_perm(&selinux_state, current_sid(), SECINITSID_SECURITY, SECCLASS_SECURITY, SECURITY__READ_POLICY, NULL); if (ret) - goto out; + return ret; - ret = simple_read_from_buffer(buf, count, ppos, plm->data, plm->len); -out: - mutex_unlock(&fsi->mutex); - return ret; + return simple_read_from_buffer(buf, count, ppos, plm->data, plm->len); } static vm_fault_t sel_mmap_policy_fault(struct vm_fault *vmf) @@ -1188,25 +1182,29 @@ static ssize_t sel_read_bool(struct file *filep, char __user *buf, ret = -EINVAL; if (index >= fsi->bool_num || strcmp(name, fsi->bool_pending_names[index])) - goto out; + goto out_unlock; ret = -ENOMEM; page = (char *)get_zeroed_page(GFP_KERNEL); if (!page) - goto out; + goto out_unlock; cur_enforcing = security_get_bool_value(fsi->state, index); if (cur_enforcing < 0) { ret = cur_enforcing; - goto out; + goto out_unlock; } length = scnprintf(page, PAGE_SIZE, "%d %d", cur_enforcing, fsi->bool_pending_values[index]); - ret = simple_read_from_buffer(buf, count, ppos, page, length); -out: mutex_unlock(&fsi->mutex); + ret = simple_read_from_buffer(buf, count, ppos, page, length); +out_free: free_page((unsigned long)page); return ret; + +out_unlock: + mutex_unlock(&fsi->mutex); + goto out_free; } static ssize_t sel_write_bool(struct file *filep, const char __user *buf, @@ -1219,6 +1217,17 @@ static ssize_t sel_write_bool(struct file *filep, const char __user *buf, unsigned index = file_inode(filep)->i_ino & SEL_INO_MASK; const char *name = filep->f_path.dentry->d_name.name; + if (count >= PAGE_SIZE) + return -ENOMEM; + + /* No partial writes. */ + if (*ppos != 0) + return -EINVAL; + + page = memdup_user_nul(buf, count); + if (IS_ERR(page)) + return PTR_ERR(page); + mutex_lock(&fsi->mutex); length = avc_has_perm(&selinux_state, @@ -1233,22 +1242,6 @@ static ssize_t sel_write_bool(struct file *filep, const char __user *buf, fsi->bool_pending_names[index])) goto out; - length = -ENOMEM; - if (count >= PAGE_SIZE) - goto out; - - /* No partial writes. */ - length = -EINVAL; - if (*ppos != 0) - goto out; - - page = memdup_user_nul(buf, count); - if (IS_ERR(page)) { - length = PTR_ERR(page); - page = NULL; - goto out; - } - length = -EINVAL; if (sscanf(page, "%d", &new_value) != 1) goto out; @@ -1280,6 +1273,17 @@ static ssize_t sel_commit_bools_write(struct file *filep, ssize_t length; int new_value; + if (count >= PAGE_SIZE) + return -ENOMEM; + + /* No partial writes. */ + if (*ppos != 0) + return -EINVAL; + + page = memdup_user_nul(buf, count); + if (IS_ERR(page)) + return PTR_ERR(page); + mutex_lock(&fsi->mutex); length = avc_has_perm(&selinux_state, @@ -1289,22 +1293,6 @@ static ssize_t sel_commit_bools_write(struct file *filep, if (length) goto out; - length = -ENOMEM; - if (count >= PAGE_SIZE) - goto out; - - /* No partial writes. */ - length = -EINVAL; - if (*ppos != 0) - goto out; - - page = memdup_user_nul(buf, count); - if (IS_ERR(page)) { - length = PTR_ERR(page); - page = NULL; - goto out; - } - length = -EINVAL; if (sscanf(page, "%d", &new_value) != 1) goto out;

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] selinux: move user accesses in selinuxfs out of locked" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 0da74120c5341389b97c4ee27487a97224999ee1 Mon Sep 17 00:00:00 2001 From: Jann Horn <jannh(a)google.com> Date: Thu, 28 Jun 2018 20:39:54 -0400 Subject: [PATCH] selinux: move user accesses in selinuxfs out of locked regions If a user is accessing a file in selinuxfs with a pointer to a userspace buffer that is backed by e.g. a userfaultfd, the userspace access can stall indefinitely, which can block fsi->mutex if it is held. For sel_read_policy(), remove the locking, since this method doesn't seem to access anything that requires locking. For sel_read_bool(), move the user access below the locked region. For sel_write_bool() and sel_commit_bools_write(), move the user access up above the locked region. Cc: stable(a)vger.kernel.org Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Jann Horn <jannh(a)google.com> Acked-by: Stephen Smalley <sds(a)tycho.nsa.gov> [PM: removed an unused variable in sel_read_policy()] Signed-off-by: Paul Moore <paul(a)paul-moore.com> diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index c0cadbc5f85c..19e35dd695d7 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -441,22 +441,16 @@ static int sel_release_policy(struct inode *inode, struct file *filp) static ssize_t sel_read_policy(struct file *filp, char __user *buf, size_t count, loff_t *ppos) { - struct selinux_fs_info *fsi = file_inode(filp)->i_sb->s_fs_info; struct policy_load_memory *plm = filp->private_data; int ret; - mutex_lock(&fsi->mutex); - ret = avc_has_perm(&selinux_state, current_sid(), SECINITSID_SECURITY, SECCLASS_SECURITY, SECURITY__READ_POLICY, NULL); if (ret) - goto out; + return ret; - ret = simple_read_from_buffer(buf, count, ppos, plm->data, plm->len); -out: - mutex_unlock(&fsi->mutex); - return ret; + return simple_read_from_buffer(buf, count, ppos, plm->data, plm->len); } static vm_fault_t sel_mmap_policy_fault(struct vm_fault *vmf) @@ -1188,25 +1182,29 @@ static ssize_t sel_read_bool(struct file *filep, char __user *buf, ret = -EINVAL; if (index >= fsi->bool_num || strcmp(name, fsi->bool_pending_names[index])) - goto out; + goto out_unlock; ret = -ENOMEM; page = (char *)get_zeroed_page(GFP_KERNEL); if (!page) - goto out; + goto out_unlock; cur_enforcing = security_get_bool_value(fsi->state, index); if (cur_enforcing < 0) { ret = cur_enforcing; - goto out; + goto out_unlock; } length = scnprintf(page, PAGE_SIZE, "%d %d", cur_enforcing, fsi->bool_pending_values[index]); - ret = simple_read_from_buffer(buf, count, ppos, page, length); -out: mutex_unlock(&fsi->mutex); + ret = simple_read_from_buffer(buf, count, ppos, page, length); +out_free: free_page((unsigned long)page); return ret; + +out_unlock: + mutex_unlock(&fsi->mutex); + goto out_free; } static ssize_t sel_write_bool(struct file *filep, const char __user *buf, @@ -1219,6 +1217,17 @@ static ssize_t sel_write_bool(struct file *filep, const char __user *buf, unsigned index = file_inode(filep)->i_ino & SEL_INO_MASK; const char *name = filep->f_path.dentry->d_name.name; + if (count >= PAGE_SIZE) + return -ENOMEM; + + /* No partial writes. */ + if (*ppos != 0) + return -EINVAL; + + page = memdup_user_nul(buf, count); + if (IS_ERR(page)) + return PTR_ERR(page); + mutex_lock(&fsi->mutex); length = avc_has_perm(&selinux_state, @@ -1233,22 +1242,6 @@ static ssize_t sel_write_bool(struct file *filep, const char __user *buf, fsi->bool_pending_names[index])) goto out; - length = -ENOMEM; - if (count >= PAGE_SIZE) - goto out; - - /* No partial writes. */ - length = -EINVAL; - if (*ppos != 0) - goto out; - - page = memdup_user_nul(buf, count); - if (IS_ERR(page)) { - length = PTR_ERR(page); - page = NULL; - goto out; - } - length = -EINVAL; if (sscanf(page, "%d", &new_value) != 1) goto out; @@ -1280,6 +1273,17 @@ static ssize_t sel_commit_bools_write(struct file *filep, ssize_t length; int new_value; + if (count >= PAGE_SIZE) + return -ENOMEM; + + /* No partial writes. */ + if (*ppos != 0) + return -EINVAL; + + page = memdup_user_nul(buf, count); + if (IS_ERR(page)) + return PTR_ERR(page); + mutex_lock(&fsi->mutex); length = avc_has_perm(&selinux_state, @@ -1289,22 +1293,6 @@ static ssize_t sel_commit_bools_write(struct file *filep, if (length) goto out; - length = -ENOMEM; - if (count >= PAGE_SIZE) - goto out; - - /* No partial writes. */ - length = -EINVAL; - if (*ppos != 0) - goto out; - - page = memdup_user_nul(buf, count); - if (IS_ERR(page)) { - length = PTR_ERR(page); - page = NULL; - goto out; - } - length = -EINVAL; if (sscanf(page, "%d", &new_value) != 1) goto out;

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] selinux: move user accesses in selinuxfs out of locked" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 0da74120c5341389b97c4ee27487a97224999ee1 Mon Sep 17 00:00:00 2001 From: Jann Horn <jannh(a)google.com> Date: Thu, 28 Jun 2018 20:39:54 -0400 Subject: [PATCH] selinux: move user accesses in selinuxfs out of locked regions If a user is accessing a file in selinuxfs with a pointer to a userspace buffer that is backed by e.g. a userfaultfd, the userspace access can stall indefinitely, which can block fsi->mutex if it is held. For sel_read_policy(), remove the locking, since this method doesn't seem to access anything that requires locking. For sel_read_bool(), move the user access below the locked region. For sel_write_bool() and sel_commit_bools_write(), move the user access up above the locked region. Cc: stable(a)vger.kernel.org Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Jann Horn <jannh(a)google.com> Acked-by: Stephen Smalley <sds(a)tycho.nsa.gov> [PM: removed an unused variable in sel_read_policy()] Signed-off-by: Paul Moore <paul(a)paul-moore.com> diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index c0cadbc5f85c..19e35dd695d7 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -441,22 +441,16 @@ static int sel_release_policy(struct inode *inode, struct file *filp) static ssize_t sel_read_policy(struct file *filp, char __user *buf, size_t count, loff_t *ppos) { - struct selinux_fs_info *fsi = file_inode(filp)->i_sb->s_fs_info; struct policy_load_memory *plm = filp->private_data; int ret; - mutex_lock(&fsi->mutex); - ret = avc_has_perm(&selinux_state, current_sid(), SECINITSID_SECURITY, SECCLASS_SECURITY, SECURITY__READ_POLICY, NULL); if (ret) - goto out; + return ret; - ret = simple_read_from_buffer(buf, count, ppos, plm->data, plm->len); -out: - mutex_unlock(&fsi->mutex); - return ret; + return simple_read_from_buffer(buf, count, ppos, plm->data, plm->len); } static vm_fault_t sel_mmap_policy_fault(struct vm_fault *vmf) @@ -1188,25 +1182,29 @@ static ssize_t sel_read_bool(struct file *filep, char __user *buf, ret = -EINVAL; if (index >= fsi->bool_num || strcmp(name, fsi->bool_pending_names[index])) - goto out; + goto out_unlock; ret = -ENOMEM; page = (char *)get_zeroed_page(GFP_KERNEL); if (!page) - goto out; + goto out_unlock; cur_enforcing = security_get_bool_value(fsi->state, index); if (cur_enforcing < 0) { ret = cur_enforcing; - goto out; + goto out_unlock; } length = scnprintf(page, PAGE_SIZE, "%d %d", cur_enforcing, fsi->bool_pending_values[index]); - ret = simple_read_from_buffer(buf, count, ppos, page, length); -out: mutex_unlock(&fsi->mutex); + ret = simple_read_from_buffer(buf, count, ppos, page, length); +out_free: free_page((unsigned long)page); return ret; + +out_unlock: + mutex_unlock(&fsi->mutex); + goto out_free; } static ssize_t sel_write_bool(struct file *filep, const char __user *buf, @@ -1219,6 +1217,17 @@ static ssize_t sel_write_bool(struct file *filep, const char __user *buf, unsigned index = file_inode(filep)->i_ino & SEL_INO_MASK; const char *name = filep->f_path.dentry->d_name.name; + if (count >= PAGE_SIZE) + return -ENOMEM; + + /* No partial writes. */ + if (*ppos != 0) + return -EINVAL; + + page = memdup_user_nul(buf, count); + if (IS_ERR(page)) + return PTR_ERR(page); + mutex_lock(&fsi->mutex); length = avc_has_perm(&selinux_state, @@ -1233,22 +1242,6 @@ static ssize_t sel_write_bool(struct file *filep, const char __user *buf, fsi->bool_pending_names[index])) goto out; - length = -ENOMEM; - if (count >= PAGE_SIZE) - goto out; - - /* No partial writes. */ - length = -EINVAL; - if (*ppos != 0) - goto out; - - page = memdup_user_nul(buf, count); - if (IS_ERR(page)) { - length = PTR_ERR(page); - page = NULL; - goto out; - } - length = -EINVAL; if (sscanf(page, "%d", &new_value) != 1) goto out; @@ -1280,6 +1273,17 @@ static ssize_t sel_commit_bools_write(struct file *filep, ssize_t length; int new_value; + if (count >= PAGE_SIZE) + return -ENOMEM; + + /* No partial writes. */ + if (*ppos != 0) + return -EINVAL; + + page = memdup_user_nul(buf, count); + if (IS_ERR(page)) + return PTR_ERR(page); + mutex_lock(&fsi->mutex); length = avc_has_perm(&selinux_state, @@ -1289,22 +1293,6 @@ static ssize_t sel_commit_bools_write(struct file *filep, if (length) goto out; - length = -ENOMEM; - if (count >= PAGE_SIZE) - goto out; - - /* No partial writes. */ - length = -EINVAL; - if (*ppos != 0) - goto out; - - page = memdup_user_nul(buf, count); - if (IS_ERR(page)) { - length = PTR_ERR(page); - page = NULL; - goto out; - } - length = -EINVAL; if (sscanf(page, "%d", &new_value) != 1) goto out;

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] selinux: move user accesses in selinuxfs out of locked" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 0da74120c5341389b97c4ee27487a97224999ee1 Mon Sep 17 00:00:00 2001 From: Jann Horn <jannh(a)google.com> Date: Thu, 28 Jun 2018 20:39:54 -0400 Subject: [PATCH] selinux: move user accesses in selinuxfs out of locked regions If a user is accessing a file in selinuxfs with a pointer to a userspace buffer that is backed by e.g. a userfaultfd, the userspace access can stall indefinitely, which can block fsi->mutex if it is held. For sel_read_policy(), remove the locking, since this method doesn't seem to access anything that requires locking. For sel_read_bool(), move the user access below the locked region. For sel_write_bool() and sel_commit_bools_write(), move the user access up above the locked region. Cc: stable(a)vger.kernel.org Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Jann Horn <jannh(a)google.com> Acked-by: Stephen Smalley <sds(a)tycho.nsa.gov> [PM: removed an unused variable in sel_read_policy()] Signed-off-by: Paul Moore <paul(a)paul-moore.com> diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index c0cadbc5f85c..19e35dd695d7 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -441,22 +441,16 @@ static int sel_release_policy(struct inode *inode, struct file *filp) static ssize_t sel_read_policy(struct file *filp, char __user *buf, size_t count, loff_t *ppos) { - struct selinux_fs_info *fsi = file_inode(filp)->i_sb->s_fs_info; struct policy_load_memory *plm = filp->private_data; int ret; - mutex_lock(&fsi->mutex); - ret = avc_has_perm(&selinux_state, current_sid(), SECINITSID_SECURITY, SECCLASS_SECURITY, SECURITY__READ_POLICY, NULL); if (ret) - goto out; + return ret; - ret = simple_read_from_buffer(buf, count, ppos, plm->data, plm->len); -out: - mutex_unlock(&fsi->mutex); - return ret; + return simple_read_from_buffer(buf, count, ppos, plm->data, plm->len); } static vm_fault_t sel_mmap_policy_fault(struct vm_fault *vmf) @@ -1188,25 +1182,29 @@ static ssize_t sel_read_bool(struct file *filep, char __user *buf, ret = -EINVAL; if (index >= fsi->bool_num || strcmp(name, fsi->bool_pending_names[index])) - goto out; + goto out_unlock; ret = -ENOMEM; page = (char *)get_zeroed_page(GFP_KERNEL); if (!page) - goto out; + goto out_unlock; cur_enforcing = security_get_bool_value(fsi->state, index); if (cur_enforcing < 0) { ret = cur_enforcing; - goto out; + goto out_unlock; } length = scnprintf(page, PAGE_SIZE, "%d %d", cur_enforcing, fsi->bool_pending_values[index]); - ret = simple_read_from_buffer(buf, count, ppos, page, length); -out: mutex_unlock(&fsi->mutex); + ret = simple_read_from_buffer(buf, count, ppos, page, length); +out_free: free_page((unsigned long)page); return ret; + +out_unlock: + mutex_unlock(&fsi->mutex); + goto out_free; } static ssize_t sel_write_bool(struct file *filep, const char __user *buf, @@ -1219,6 +1217,17 @@ static ssize_t sel_write_bool(struct file *filep, const char __user *buf, unsigned index = file_inode(filep)->i_ino & SEL_INO_MASK; const char *name = filep->f_path.dentry->d_name.name; + if (count >= PAGE_SIZE) + return -ENOMEM; + + /* No partial writes. */ + if (*ppos != 0) + return -EINVAL; + + page = memdup_user_nul(buf, count); + if (IS_ERR(page)) + return PTR_ERR(page); + mutex_lock(&fsi->mutex); length = avc_has_perm(&selinux_state, @@ -1233,22 +1242,6 @@ static ssize_t sel_write_bool(struct file *filep, const char __user *buf, fsi->bool_pending_names[index])) goto out; - length = -ENOMEM; - if (count >= PAGE_SIZE) - goto out; - - /* No partial writes. */ - length = -EINVAL; - if (*ppos != 0) - goto out; - - page = memdup_user_nul(buf, count); - if (IS_ERR(page)) { - length = PTR_ERR(page); - page = NULL; - goto out; - } - length = -EINVAL; if (sscanf(page, "%d", &new_value) != 1) goto out; @@ -1280,6 +1273,17 @@ static ssize_t sel_commit_bools_write(struct file *filep, ssize_t length; int new_value; + if (count >= PAGE_SIZE) + return -ENOMEM; + + /* No partial writes. */ + if (*ppos != 0) + return -EINVAL; + + page = memdup_user_nul(buf, count); + if (IS_ERR(page)) + return PTR_ERR(page); + mutex_lock(&fsi->mutex); length = avc_has_perm(&selinux_state, @@ -1289,22 +1293,6 @@ static ssize_t sel_commit_bools_write(struct file *filep, if (length) goto out; - length = -ENOMEM; - if (count >= PAGE_SIZE) - goto out; - - /* No partial writes. */ - length = -EINVAL; - if (*ppos != 0) - goto out; - - page = memdup_user_nul(buf, count); - if (IS_ERR(page)) { - length = PTR_ERR(page); - page = NULL; - goto out; - } - length = -EINVAL; if (sscanf(page, "%d", &new_value) != 1) goto out;

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] dax: check for QUEUE_FLAG_DAX in bdev_dax_supported()" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 15256f6cc4b44f2e70503758150267fd2a53c0d6 Mon Sep 17 00:00:00 2001 From: Ross Zwisler <ross.zwisler(a)linux.intel.com> Date: Tue, 26 Jun 2018 16:30:40 -0600 Subject: [PATCH] dax: check for QUEUE_FLAG_DAX in bdev_dax_supported() Add an explicit check for QUEUE_FLAG_DAX to __bdev_dax_supported(). This is needed for DM configurations where the first element in the dm-linear or dm-stripe target supports DAX, but other elements do not. Without this check __bdev_dax_supported() will pass for such devices, letting a filesystem on that device mount with the DAX option. Signed-off-by: Ross Zwisler <ross.zwisler(a)linux.intel.com> Suggested-by: Mike Snitzer <snitzer(a)redhat.com> Fixes: commit 545ed20e6df6 ("dm: add infrastructure for DAX support") Cc: stable(a)vger.kernel.org Acked-by: Dan Williams <dan.j.williams(a)intel.com> Reviewed-by: Toshi Kani <toshi.kani(a)hpe.com> Signed-off-by: Mike Snitzer <snitzer(a)redhat.com> diff --git a/drivers/dax/super.c b/drivers/dax/super.c index 903d9c473749..45276abf03aa 100644 --- a/drivers/dax/super.c +++ b/drivers/dax/super.c @@ -86,6 +86,7 @@ bool __bdev_dax_supported(struct block_device *bdev, int blocksize) { struct dax_device *dax_dev; bool dax_enabled = false; + struct request_queue *q; pgoff_t pgoff; int err, id; void *kaddr; @@ -99,6 +100,13 @@ bool __bdev_dax_supported(struct block_device *bdev, int blocksize) return false; } + q = bdev_get_queue(bdev); + if (!q || !blk_queue_dax(q)) { + pr_debug("%s: error: request queue doesn't support dax\n", + bdevname(bdev, buf)); + return false; + } + err = bdev_dax_pgoff(bdev, 0, PAGE_SIZE, &pgoff); if (err) { pr_debug("%s: error: unaligned partition for dax\n",

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] dax: check for QUEUE_FLAG_DAX in bdev_dax_supported()" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 15256f6cc4b44f2e70503758150267fd2a53c0d6 Mon Sep 17 00:00:00 2001 From: Ross Zwisler <ross.zwisler(a)linux.intel.com> Date: Tue, 26 Jun 2018 16:30:40 -0600 Subject: [PATCH] dax: check for QUEUE_FLAG_DAX in bdev_dax_supported() Add an explicit check for QUEUE_FLAG_DAX to __bdev_dax_supported(). This is needed for DM configurations where the first element in the dm-linear or dm-stripe target supports DAX, but other elements do not. Without this check __bdev_dax_supported() will pass for such devices, letting a filesystem on that device mount with the DAX option. Signed-off-by: Ross Zwisler <ross.zwisler(a)linux.intel.com> Suggested-by: Mike Snitzer <snitzer(a)redhat.com> Fixes: commit 545ed20e6df6 ("dm: add infrastructure for DAX support") Cc: stable(a)vger.kernel.org Acked-by: Dan Williams <dan.j.williams(a)intel.com> Reviewed-by: Toshi Kani <toshi.kani(a)hpe.com> Signed-off-by: Mike Snitzer <snitzer(a)redhat.com> diff --git a/drivers/dax/super.c b/drivers/dax/super.c index 903d9c473749..45276abf03aa 100644 --- a/drivers/dax/super.c +++ b/drivers/dax/super.c @@ -86,6 +86,7 @@ bool __bdev_dax_supported(struct block_device *bdev, int blocksize) { struct dax_device *dax_dev; bool dax_enabled = false; + struct request_queue *q; pgoff_t pgoff; int err, id; void *kaddr; @@ -99,6 +100,13 @@ bool __bdev_dax_supported(struct block_device *bdev, int blocksize) return false; } + q = bdev_get_queue(bdev); + if (!q || !blk_queue_dax(q)) { + pr_debug("%s: error: request queue doesn't support dax\n", + bdevname(bdev, buf)); + return false; + } + err = bdev_dax_pgoff(bdev, 0, PAGE_SIZE, &pgoff); if (err) { pr_debug("%s: error: unaligned partition for dax\n",

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] dax: check for QUEUE_FLAG_DAX in bdev_dax_supported()" failed to apply to 4.17-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.17-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 15256f6cc4b44f2e70503758150267fd2a53c0d6 Mon Sep 17 00:00:00 2001 From: Ross Zwisler <ross.zwisler(a)linux.intel.com> Date: Tue, 26 Jun 2018 16:30:40 -0600 Subject: [PATCH] dax: check for QUEUE_FLAG_DAX in bdev_dax_supported() Add an explicit check for QUEUE_FLAG_DAX to __bdev_dax_supported(). This is needed for DM configurations where the first element in the dm-linear or dm-stripe target supports DAX, but other elements do not. Without this check __bdev_dax_supported() will pass for such devices, letting a filesystem on that device mount with the DAX option. Signed-off-by: Ross Zwisler <ross.zwisler(a)linux.intel.com> Suggested-by: Mike Snitzer <snitzer(a)redhat.com> Fixes: commit 545ed20e6df6 ("dm: add infrastructure for DAX support") Cc: stable(a)vger.kernel.org Acked-by: Dan Williams <dan.j.williams(a)intel.com> Reviewed-by: Toshi Kani <toshi.kani(a)hpe.com> Signed-off-by: Mike Snitzer <snitzer(a)redhat.com> diff --git a/drivers/dax/super.c b/drivers/dax/super.c index 903d9c473749..45276abf03aa 100644 --- a/drivers/dax/super.c +++ b/drivers/dax/super.c @@ -86,6 +86,7 @@ bool __bdev_dax_supported(struct block_device *bdev, int blocksize) { struct dax_device *dax_dev; bool dax_enabled = false; + struct request_queue *q; pgoff_t pgoff; int err, id; void *kaddr; @@ -99,6 +100,13 @@ bool __bdev_dax_supported(struct block_device *bdev, int blocksize) return false; } + q = bdev_get_queue(bdev); + if (!q || !blk_queue_dax(q)) { + pr_debug("%s: error: request queue doesn't support dax\n", + bdevname(bdev, buf)); + return false; + } + err = bdev_dax_pgoff(bdev, 0, PAGE_SIZE, &pgoff); if (err) { pr_debug("%s: error: unaligned partition for dax\n",

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] dm: use bio_split() when splitting out the already processed" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From f21c601a2bb319ec19eb4562eadc7797d90fd90e Mon Sep 17 00:00:00 2001 From: Mike Snitzer <snitzer(a)redhat.com> Date: Fri, 15 Jun 2018 09:35:33 -0400 Subject: [PATCH] dm: use bio_split() when splitting out the already processed bio Use of bio_clone_bioset() is inefficient if there is no need to clone the original bio's bio_vec array. Best to use the bio_clone_fast() variant. Also, just using bio_advance() is only part of what is needed to properly setup the clone -- it doesn't account for the various bio_integrity() related work that also needs to be performed (see bio_split). Address both of these issues by switching from bio_clone_bioset() to bio_split(). Fixes: 18a25da8 ("dm: ensure bio submission follows a depth-first tree walk") Cc: stable(a)vger.kernel.org # 4.15+, requires removal of '&' before md->queue->bio_split Reported-by: Christoph Hellwig <hch(a)lst.de> Reviewed-by: NeilBrown <neilb(a)suse.com> Signed-off-by: Mike Snitzer <snitzer(a)redhat.com> diff --git a/drivers/md/dm.c b/drivers/md/dm.c index e65429a29c06..a3b103e8e3ce 100644 --- a/drivers/md/dm.c +++ b/drivers/md/dm.c @@ -1606,10 +1606,9 @@ static blk_qc_t __split_and_process_bio(struct mapped_device *md, * the usage of io->orig_bio in dm_remap_zone_report() * won't be affected by this reassignment. */ - struct bio *b = bio_clone_bioset(bio, GFP_NOIO, - &md->queue->bio_split); + struct bio *b = bio_split(bio, bio_sectors(bio) - ci.sector_count, + GFP_NOIO, &md->queue->bio_split); ci.io->orig_bio = b; - bio_advance(bio, (bio_sectors(bio) - ci.sector_count) << 9); bio_chain(b, bio); ret = generic_make_request(bio); break;

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] dm: use bio_split() when splitting out the already processed" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From f21c601a2bb319ec19eb4562eadc7797d90fd90e Mon Sep 17 00:00:00 2001 From: Mike Snitzer <snitzer(a)redhat.com> Date: Fri, 15 Jun 2018 09:35:33 -0400 Subject: [PATCH] dm: use bio_split() when splitting out the already processed bio Use of bio_clone_bioset() is inefficient if there is no need to clone the original bio's bio_vec array. Best to use the bio_clone_fast() variant. Also, just using bio_advance() is only part of what is needed to properly setup the clone -- it doesn't account for the various bio_integrity() related work that also needs to be performed (see bio_split). Address both of these issues by switching from bio_clone_bioset() to bio_split(). Fixes: 18a25da8 ("dm: ensure bio submission follows a depth-first tree walk") Cc: stable(a)vger.kernel.org # 4.15+, requires removal of '&' before md->queue->bio_split Reported-by: Christoph Hellwig <hch(a)lst.de> Reviewed-by: NeilBrown <neilb(a)suse.com> Signed-off-by: Mike Snitzer <snitzer(a)redhat.com> diff --git a/drivers/md/dm.c b/drivers/md/dm.c index e65429a29c06..a3b103e8e3ce 100644 --- a/drivers/md/dm.c +++ b/drivers/md/dm.c @@ -1606,10 +1606,9 @@ static blk_qc_t __split_and_process_bio(struct mapped_device *md, * the usage of io->orig_bio in dm_remap_zone_report() * won't be affected by this reassignment. */ - struct bio *b = bio_clone_bioset(bio, GFP_NOIO, - &md->queue->bio_split); + struct bio *b = bio_split(bio, bio_sectors(bio) - ci.sector_count, + GFP_NOIO, &md->queue->bio_split); ci.io->orig_bio = b; - bio_advance(bio, (bio_sectors(bio) - ci.sector_count) << 9); bio_chain(b, bio); ret = generic_make_request(bio); break;

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] dm: use bio_split() when splitting out the already processed" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From f21c601a2bb319ec19eb4562eadc7797d90fd90e Mon Sep 17 00:00:00 2001 From: Mike Snitzer <snitzer(a)redhat.com> Date: Fri, 15 Jun 2018 09:35:33 -0400 Subject: [PATCH] dm: use bio_split() when splitting out the already processed bio Use of bio_clone_bioset() is inefficient if there is no need to clone the original bio's bio_vec array. Best to use the bio_clone_fast() variant. Also, just using bio_advance() is only part of what is needed to properly setup the clone -- it doesn't account for the various bio_integrity() related work that also needs to be performed (see bio_split). Address both of these issues by switching from bio_clone_bioset() to bio_split(). Fixes: 18a25da8 ("dm: ensure bio submission follows a depth-first tree walk") Cc: stable(a)vger.kernel.org # 4.15+, requires removal of '&' before md->queue->bio_split Reported-by: Christoph Hellwig <hch(a)lst.de> Reviewed-by: NeilBrown <neilb(a)suse.com> Signed-off-by: Mike Snitzer <snitzer(a)redhat.com> diff --git a/drivers/md/dm.c b/drivers/md/dm.c index e65429a29c06..a3b103e8e3ce 100644 --- a/drivers/md/dm.c +++ b/drivers/md/dm.c @@ -1606,10 +1606,9 @@ static blk_qc_t __split_and_process_bio(struct mapped_device *md, * the usage of io->orig_bio in dm_remap_zone_report() * won't be affected by this reassignment. */ - struct bio *b = bio_clone_bioset(bio, GFP_NOIO, - &md->queue->bio_split); + struct bio *b = bio_split(bio, bio_sectors(bio) - ci.sector_count, + GFP_NOIO, &md->queue->bio_split); ci.io->orig_bio = b; - bio_advance(bio, (bio_sectors(bio) - ci.sector_count) << 9); bio_chain(b, bio); ret = generic_make_request(bio); break;

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] dm: prevent DAX mounts if not supported" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From dbc626597c39b24cefce09fbd8e9dea85869a801 Mon Sep 17 00:00:00 2001 From: Ross Zwisler <ross.zwisler(a)linux.intel.com> Date: Tue, 26 Jun 2018 16:30:41 -0600 Subject: [PATCH] dm: prevent DAX mounts if not supported Currently device_supports_dax() just checks to see if the QUEUE_FLAG_DAX flag is set on the device's request queue to decide whether or not the device supports filesystem DAX. Really we should be using bdev_dax_supported() like filesystems do at mount time. This performs other tests like checking to make sure the dax_direct_access() path works. We also explicitly clear QUEUE_FLAG_DAX on the DM device's request queue if any of the underlying devices do not support DAX. This makes the handling of QUEUE_FLAG_DAX consistent with the setting/clearing of most other flags in dm_table_set_restrictions(). Now that bdev_dax_supported() explicitly checks for QUEUE_FLAG_DAX, this will ensure that filesystems built upon DM devices will only be able to mount with DAX if all underlying devices also support DAX. Signed-off-by: Ross Zwisler <ross.zwisler(a)linux.intel.com> Fixes: commit 545ed20e6df6 ("dm: add infrastructure for DAX support") Cc: stable(a)vger.kernel.org Acked-by: Dan Williams <dan.j.williams(a)intel.com> Reviewed-by: Toshi Kani <toshi.kani(a)hpe.com> Signed-off-by: Mike Snitzer <snitzer(a)redhat.com> diff --git a/drivers/md/dm-table.c b/drivers/md/dm-table.c index 938766794c2e..3d0e2c198f06 100644 --- a/drivers/md/dm-table.c +++ b/drivers/md/dm-table.c @@ -885,9 +885,7 @@ EXPORT_SYMBOL_GPL(dm_table_set_type); static int device_supports_dax(struct dm_target *ti, struct dm_dev *dev, sector_t start, sector_t len, void *data) { - struct request_queue *q = bdev_get_queue(dev->bdev); - - return q && blk_queue_dax(q); + return bdev_dax_supported(dev->bdev, PAGE_SIZE); } static bool dm_table_supports_dax(struct dm_table *t) @@ -1907,6 +1905,9 @@ void dm_table_set_restrictions(struct dm_table *t, struct request_queue *q, if (dm_table_supports_dax(t)) blk_queue_flag_set(QUEUE_FLAG_DAX, q); + else + blk_queue_flag_clear(QUEUE_FLAG_DAX, q); + if (dm_table_supports_dax_write_cache(t)) dax_write_cache(t->md->dax_dev, true); diff --git a/drivers/md/dm.c b/drivers/md/dm.c index a3b103e8e3ce..b0dd7027848b 100644 --- a/drivers/md/dm.c +++ b/drivers/md/dm.c @@ -1056,8 +1056,7 @@ static long dm_dax_direct_access(struct dax_device *dax_dev, pgoff_t pgoff, if (len < 1) goto out; nr_pages = min(len, nr_pages); - if (ti->type->direct_access) - ret = ti->type->direct_access(ti, pgoff, nr_pages, kaddr, pfn); + ret = ti->type->direct_access(ti, pgoff, nr_pages, kaddr, pfn); out: dm_put_live_table(md, srcu_idx);

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] spi: Fix scatterlist elements size in spi_map_buf" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From ce99319a182fe766be67f96338386f3ec73e321c Mon Sep 17 00:00:00 2001 From: Maxime Chevallier <maxime.chevallier(a)bootlin.com> Date: Fri, 2 Mar 2018 15:55:09 +0100 Subject: [PATCH] spi: Fix scatterlist elements size in spi_map_buf When SPI transfers can be offloaded using DMA, the SPI core need to build a scatterlist to make sure that the buffer to be transferred is dma-able. This patch fixes the scatterlist entry size computation in the case where the maximum acceptable scatterlist entry supported by the DMA controller is less than PAGE_SIZE, when the buffer is vmalloced. For each entry, the actual size is given by the minimum between the desc_len (which is the max buffer size supported by the DMA controller) and the remaining buffer length until we cross a page boundary. Fixes: 65598c13fd66 ("spi: Fix per-page mapping of unaligned vmalloc-ed buffer") Signed-off-by: Maxime Chevallier <maxime.chevallier(a)bootlin.com> Signed-off-by: Mark Brown <broonie(a)kernel.org> Cc: stable(a)vger.kernel.org diff --git a/drivers/spi/spi.c b/drivers/spi/spi.c index b33a727a0158..4153f959f28c 100644 --- a/drivers/spi/spi.c +++ b/drivers/spi/spi.c @@ -779,8 +779,14 @@ static int spi_map_buf(struct spi_controller *ctlr, struct device *dev, for (i = 0; i < sgs; i++) { if (vmalloced_buf || kmap_buf) { - min = min_t(size_t, - len, desc_len - offset_in_page(buf)); + /* + * Next scatterlist entry size is the minimum between + * the desc_len and the remaining buffer length that + * fits in a page. + */ + min = min_t(size_t, desc_len, + min_t(size_t, len, + PAGE_SIZE - offset_in_page(buf))); if (vmalloced_buf) vm_page = vmalloc_to_page(buf); else

7 years, 2 months

3
2
0 0

FAILED: patch "[PATCH] Btrfs: fix unexpected cow in run_delalloc_nocow" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 5811375325420052fcadd944792a416a43072b7f Mon Sep 17 00:00:00 2001 From: Liu Bo <bo.li.liu(a)oracle.com> Date: Wed, 31 Jan 2018 17:09:13 -0700 Subject: [PATCH] Btrfs: fix unexpected cow in run_delalloc_nocow Fstests generic/475 provides a way to fail metadata reads while checking if checksum exists for the inode inside run_delalloc_nocow(), and csum_exist_in_range() interprets error (-EIO) as inode having checksum and makes its caller enter the cow path. In case of free space inode, this ends up with a warning in cow_file_range(). The same problem applies to btrfs_cross_ref_exist() since it may also read metadata in between. With this, run_delalloc_nocow() bails out when errors occur at the two places. cc: <stable(a)vger.kernel.org> v2.6.28+ Fixes: 17d217fe970d ("Btrfs: fix nodatasum handling in balancing code") Signed-off-by: Liu Bo <bo.li.liu(a)oracle.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index 6504e63b2317..491a7397f6fa 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -1256,6 +1256,8 @@ static noinline int csum_exist_in_range(struct btrfs_fs_info *fs_info, list_del(&sums->list); kfree(sums); } + if (ret < 0) + return ret; return 1; } @@ -1388,10 +1390,23 @@ static noinline int run_delalloc_nocow(struct inode *inode, goto out_check; if (btrfs_extent_readonly(fs_info, disk_bytenr)) goto out_check; - if (btrfs_cross_ref_exist(root, ino, - found_key.offset - - extent_offset, disk_bytenr)) + ret = btrfs_cross_ref_exist(root, ino, + found_key.offset - + extent_offset, disk_bytenr); + if (ret) { + /* + * ret could be -EIO if the above fails to read + * metadata. + */ + if (ret < 0) { + if (cow_start != (u64)-1) + cur_offset = cow_start; + goto error; + } + + WARN_ON_ONCE(nolock); goto out_check; + } disk_bytenr += extent_offset; disk_bytenr += cur_offset - found_key.offset; num_bytes = min(end + 1, extent_end) - cur_offset; @@ -1409,10 +1424,22 @@ static noinline int run_delalloc_nocow(struct inode *inode, * this ensure that csum for a given extent are * either valid or do not exist. */ - if (csum_exist_in_range(fs_info, disk_bytenr, - num_bytes)) { + ret = csum_exist_in_range(fs_info, disk_bytenr, + num_bytes); + if (ret) { if (!nolock) btrfs_end_write_no_snapshotting(root); + + /* + * ret could be -EIO if the above fails to read + * metadata. + */ + if (ret < 0) { + if (cow_start != (u64)-1) + cur_offset = cow_start; + goto error; + } + WARN_ON_ONCE(nolock); goto out_check; } if (!btrfs_inc_nocow_writers(fs_info, disk_bytenr)) {

7 years, 2 months

3
2
0 0

FAILED: patch "[PATCH] ACPI / LPSS: Add missing prv_offset setting for byt/cht PWM" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From fdcb613d49321b5bf5d5a1bd0fba8e7c241dcc70 Mon Sep 17 00:00:00 2001 From: Hans de Goede <hdegoede(a)redhat.com> Date: Thu, 26 Apr 2018 14:10:24 +0200 Subject: [PATCH] ACPI / LPSS: Add missing prv_offset setting for byt/cht PWM devices The LPSS PWM device on on Bay Trail and Cherry Trail devices has a set of private registers at offset 0x800, the current lpss_device_desc for them already sets the LPSS_SAVE_CTX flag to have these saved/restored over device-suspend, but the current lpss_device_desc was not setting the prv_offset field, leading to the regular device registers getting saved/restored instead. This is causing the PWM controller to no longer work, resulting in a black screen, after a suspend/resume on systems where the firmware clears the APB clock and reset bits at offset 0x804. This commit fixes this by properly setting prv_offset to 0x800 for the PWM devices. Cc: stable(a)vger.kernel.org Fixes: e1c748179754 ("ACPI / LPSS: Add Intel BayTrail ACPI mode PWM") Fixes: 1bfbd8eb8a7f ("ACPI / LPSS: Add ACPI IDs for Intel Braswell") Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> Acked-by: Rafael J . Wysocki <rjw(a)rjwysocki.net> Signed-off-by: Thierry Reding <thierry.reding(a)gmail.com> diff --git a/drivers/acpi/acpi_lpss.c b/drivers/acpi/acpi_lpss.c index 2bcffec8dbf0..c4ba9164e582 100644 --- a/drivers/acpi/acpi_lpss.c +++ b/drivers/acpi/acpi_lpss.c @@ -229,11 +229,13 @@ static const struct lpss_device_desc lpt_sdio_dev_desc = { static const struct lpss_device_desc byt_pwm_dev_desc = { .flags = LPSS_SAVE_CTX, + .prv_offset = 0x800, .setup = byt_pwm_setup, }; static const struct lpss_device_desc bsw_pwm_dev_desc = { .flags = LPSS_SAVE_CTX | LPSS_NO_D3_DELAY, + .prv_offset = 0x800, .setup = bsw_pwm_setup, };

7 years, 2 months

1
0
0 0

perf/x86/intel/uncore: Add event constraint for BDX PCU

by Jin, Yao

Subject of the patch: perf/x86/intel/uncore: Add event constraint for BDX PCU Commit id: bb9fbe1b57503f790dbbf9f06e72cb0fb9e60740 Wish to apply to: 4.14 Fix an issue on BDX. Thanks Jin Yao

7 years, 2 months

2
1
0 0

perf vendor events: Add Goldmont Plus V1 event file to

by Jin, Yao

Subject of the patch: perf vendor events: Add Goldmont Plus V1 event file Commit id: 65db92e0965ab56e8031d5c804f26d5be0e47047 Wish to apply to: 4.14, 4.9, 4.4 Wish to support Goldmont Plus event since it's needed for some productions which run with stable kernel. Thanks Jin Yao

7 years, 2 months

2
1
0 0

FAILED: patch "[PATCH] arm: dts: mt7623: fix invalid memory node being generated" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From c0b0d540db1a8bfb041166c4991dd6f624e8de45 Mon Sep 17 00:00:00 2001 From: Sean Wang <sean.wang(a)mediatek.com> Date: Wed, 11 Apr 2018 16:53:56 +0800 Subject: [PATCH] arm: dts: mt7623: fix invalid memory node being generated Below two wrong nodes in existing DTS files would cause a fail boot since in fact the address 0 is not the correct place the memory device locates at. memory { device_type = "memory"; reg = <0x0 0x0 0x0 0x0>; }; memory@80000000 { reg = <0x0 0x80000000 0x0 0x40000000>; }; In order to avoid having a memory node starting at address 0, we can't include file skeleton64.dtsi and instead need to explicitly manually define a few of properties the DTS relies on such as #address-cells and #size-cells in root node and device_type in the node memory@80000000. Cc: stable(a)vger.kernel.org Fixes: 31ac0d69a1d4 ("ARM: dts: mediatek: add MT7623 basic support") Signed-off-by: Sean Wang <sean.wang(a)mediatek.com> Cc: Rob Herring <robh+dt(a)kernel.org> Signed-off-by: Matthias Brugger <matthias.bgg(a)gmail.com> diff --git a/arch/arm/boot/dts/mt7623.dtsi b/arch/arm/boot/dts/mt7623.dtsi index 68e987ddedc7..d4d04c365960 100644 --- a/arch/arm/boot/dts/mt7623.dtsi +++ b/arch/arm/boot/dts/mt7623.dtsi @@ -15,11 +15,12 @@ #include <dt-bindings/phy/phy.h> #include <dt-bindings/reset/mt2701-resets.h> #include <dt-bindings/thermal/thermal.h> -#include "skeleton64.dtsi" / { compatible = "mediatek,mt7623"; interrupt-parent = <&sysirq>; + #address-cells = <2>; + #size-cells = <2>; cpu_opp_table: opp-table { compatible = "operating-points-v2"; diff --git a/arch/arm/boot/dts/mt7623n-bananapi-bpi-r2.dts b/arch/arm/boot/dts/mt7623n-bananapi-bpi-r2.dts index bbf56f855e46..5938e4c79deb 100644 --- a/arch/arm/boot/dts/mt7623n-bananapi-bpi-r2.dts +++ b/arch/arm/boot/dts/mt7623n-bananapi-bpi-r2.dts @@ -109,6 +109,7 @@ }; memory@80000000 { + device_type = "memory"; reg = <0 0x80000000 0 0x40000000>; }; }; diff --git a/arch/arm/boot/dts/mt7623n-rfb.dtsi b/arch/arm/boot/dts/mt7623n-rfb.dtsi index a199ae78dd25..343e8efe5f25 100644 --- a/arch/arm/boot/dts/mt7623n-rfb.dtsi +++ b/arch/arm/boot/dts/mt7623n-rfb.dtsi @@ -40,6 +40,7 @@ }; memory@80000000 { + device_type = "memory"; reg = <0 0x80000000 0 0x40000000>; };

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] f2fs: don't use GFP_ZERO for page caches" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 81114baa835b59ed02d14aa1d67f91ea874077cd Mon Sep 17 00:00:00 2001 From: Chao Yu <yuchao0(a)huawei.com> Date: Mon, 9 Apr 2018 20:25:06 +0800 Subject: [PATCH] f2fs: don't use GFP_ZERO for page caches Related to https://lkml.org/lkml/2018/4/8/661 Sometimes, we need to write meta data to new allocated block address, then we will allocate a zeroed page in inner inode's address space, and fill partial data in it, and leave other place with zero value which means some fields are initial status. There are two inner inodes (meta inode and node inode) setting __GFP_ZERO, I have just checked them, for both of them, we can avoid using __GFP_ZERO, and do initialization by ourselves to avoid unneeded/redundant zeroing from mm. Cc: <stable(a)vger.kernel.org> Signed-off-by: Chao Yu <yuchao0(a)huawei.com> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> diff --git a/fs/f2fs/checkpoint.c b/fs/f2fs/checkpoint.c index 3d3a1f6b21a1..8fc55d42ba25 100644 --- a/fs/f2fs/checkpoint.c +++ b/fs/f2fs/checkpoint.c @@ -100,8 +100,10 @@ repeat: * readonly and make sure do not write checkpoint with non-uptodate * meta page. */ - if (unlikely(!PageUptodate(page))) + if (unlikely(!PageUptodate(page))) { + memset(page_address(page), 0, PAGE_SIZE); f2fs_stop_checkpoint(sbi, false); + } out: return page; } diff --git a/fs/f2fs/inode.c b/fs/f2fs/inode.c index 417c9dcd0269..87535bf63421 100644 --- a/fs/f2fs/inode.c +++ b/fs/f2fs/inode.c @@ -320,10 +320,10 @@ struct inode *f2fs_iget(struct super_block *sb, unsigned long ino) make_now: if (ino == F2FS_NODE_INO(sbi)) { inode->i_mapping->a_ops = &f2fs_node_aops; - mapping_set_gfp_mask(inode->i_mapping, GFP_F2FS_ZERO); + mapping_set_gfp_mask(inode->i_mapping, GFP_NOFS); } else if (ino == F2FS_META_INO(sbi)) { inode->i_mapping->a_ops = &f2fs_meta_aops; - mapping_set_gfp_mask(inode->i_mapping, GFP_F2FS_ZERO); + mapping_set_gfp_mask(inode->i_mapping, GFP_NOFS); } else if (S_ISREG(inode->i_mode)) { inode->i_op = &f2fs_file_inode_operations; inode->i_fop = &f2fs_file_operations; diff --git a/fs/f2fs/segment.c b/fs/f2fs/segment.c index a7ec952093f8..0fb006f591a4 100644 --- a/fs/f2fs/segment.c +++ b/fs/f2fs/segment.c @@ -1979,6 +1979,7 @@ static void write_current_sum_page(struct f2fs_sb_info *sbi, struct f2fs_summary_block *dst; dst = (struct f2fs_summary_block *)page_address(page); + memset(dst, 0, PAGE_SIZE); mutex_lock(&curseg->curseg_mutex); @@ -3133,6 +3134,7 @@ static void write_compacted_summaries(struct f2fs_sb_info *sbi, block_t blkaddr) page = grab_meta_page(sbi, blkaddr++); kaddr = (unsigned char *)page_address(page); + memset(kaddr, 0, PAGE_SIZE); /* Step 1: write nat cache */ seg_i = CURSEG_I(sbi, CURSEG_HOT_DATA); @@ -3157,6 +3159,7 @@ static void write_compacted_summaries(struct f2fs_sb_info *sbi, block_t blkaddr) if (!page) { page = grab_meta_page(sbi, blkaddr++); kaddr = (unsigned char *)page_address(page); + memset(kaddr, 0, PAGE_SIZE); written_size = 0; } summary = (struct f2fs_summary *)(kaddr + written_size); diff --git a/fs/f2fs/segment.h b/fs/f2fs/segment.h index 3325d0769723..492ad0c86fa9 100644 --- a/fs/f2fs/segment.h +++ b/fs/f2fs/segment.h @@ -375,6 +375,7 @@ static inline void seg_info_to_sit_page(struct f2fs_sb_info *sbi, int i; raw_sit = (struct f2fs_sit_block *)page_address(page); + memset(raw_sit, 0, PAGE_SIZE); for (i = 0; i < end - start; i++) { rs = &raw_sit->entries[i]; se = get_seg_entry(sbi, start + i);

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] f2fs: don't use GFP_ZERO for page caches" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 81114baa835b59ed02d14aa1d67f91ea874077cd Mon Sep 17 00:00:00 2001 From: Chao Yu <yuchao0(a)huawei.com> Date: Mon, 9 Apr 2018 20:25:06 +0800 Subject: [PATCH] f2fs: don't use GFP_ZERO for page caches Related to https://lkml.org/lkml/2018/4/8/661 Sometimes, we need to write meta data to new allocated block address, then we will allocate a zeroed page in inner inode's address space, and fill partial data in it, and leave other place with zero value which means some fields are initial status. There are two inner inodes (meta inode and node inode) setting __GFP_ZERO, I have just checked them, for both of them, we can avoid using __GFP_ZERO, and do initialization by ourselves to avoid unneeded/redundant zeroing from mm. Cc: <stable(a)vger.kernel.org> Signed-off-by: Chao Yu <yuchao0(a)huawei.com> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> diff --git a/fs/f2fs/checkpoint.c b/fs/f2fs/checkpoint.c index 3d3a1f6b21a1..8fc55d42ba25 100644 --- a/fs/f2fs/checkpoint.c +++ b/fs/f2fs/checkpoint.c @@ -100,8 +100,10 @@ repeat: * readonly and make sure do not write checkpoint with non-uptodate * meta page. */ - if (unlikely(!PageUptodate(page))) + if (unlikely(!PageUptodate(page))) { + memset(page_address(page), 0, PAGE_SIZE); f2fs_stop_checkpoint(sbi, false); + } out: return page; } diff --git a/fs/f2fs/inode.c b/fs/f2fs/inode.c index 417c9dcd0269..87535bf63421 100644 --- a/fs/f2fs/inode.c +++ b/fs/f2fs/inode.c @@ -320,10 +320,10 @@ struct inode *f2fs_iget(struct super_block *sb, unsigned long ino) make_now: if (ino == F2FS_NODE_INO(sbi)) { inode->i_mapping->a_ops = &f2fs_node_aops; - mapping_set_gfp_mask(inode->i_mapping, GFP_F2FS_ZERO); + mapping_set_gfp_mask(inode->i_mapping, GFP_NOFS); } else if (ino == F2FS_META_INO(sbi)) { inode->i_mapping->a_ops = &f2fs_meta_aops; - mapping_set_gfp_mask(inode->i_mapping, GFP_F2FS_ZERO); + mapping_set_gfp_mask(inode->i_mapping, GFP_NOFS); } else if (S_ISREG(inode->i_mode)) { inode->i_op = &f2fs_file_inode_operations; inode->i_fop = &f2fs_file_operations; diff --git a/fs/f2fs/segment.c b/fs/f2fs/segment.c index a7ec952093f8..0fb006f591a4 100644 --- a/fs/f2fs/segment.c +++ b/fs/f2fs/segment.c @@ -1979,6 +1979,7 @@ static void write_current_sum_page(struct f2fs_sb_info *sbi, struct f2fs_summary_block *dst; dst = (struct f2fs_summary_block *)page_address(page); + memset(dst, 0, PAGE_SIZE); mutex_lock(&curseg->curseg_mutex); @@ -3133,6 +3134,7 @@ static void write_compacted_summaries(struct f2fs_sb_info *sbi, block_t blkaddr) page = grab_meta_page(sbi, blkaddr++); kaddr = (unsigned char *)page_address(page); + memset(kaddr, 0, PAGE_SIZE); /* Step 1: write nat cache */ seg_i = CURSEG_I(sbi, CURSEG_HOT_DATA); @@ -3157,6 +3159,7 @@ static void write_compacted_summaries(struct f2fs_sb_info *sbi, block_t blkaddr) if (!page) { page = grab_meta_page(sbi, blkaddr++); kaddr = (unsigned char *)page_address(page); + memset(kaddr, 0, PAGE_SIZE); written_size = 0; } summary = (struct f2fs_summary *)(kaddr + written_size); diff --git a/fs/f2fs/segment.h b/fs/f2fs/segment.h index 3325d0769723..492ad0c86fa9 100644 --- a/fs/f2fs/segment.h +++ b/fs/f2fs/segment.h @@ -375,6 +375,7 @@ static inline void seg_info_to_sit_page(struct f2fs_sb_info *sbi, int i; raw_sit = (struct f2fs_sit_block *)page_address(page); + memset(raw_sit, 0, PAGE_SIZE); for (i = 0; i < end - start; i++) { rs = &raw_sit->entries[i]; se = get_seg_entry(sbi, start + i);

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] f2fs: don't use GFP_ZERO for page caches" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 81114baa835b59ed02d14aa1d67f91ea874077cd Mon Sep 17 00:00:00 2001 From: Chao Yu <yuchao0(a)huawei.com> Date: Mon, 9 Apr 2018 20:25:06 +0800 Subject: [PATCH] f2fs: don't use GFP_ZERO for page caches Related to https://lkml.org/lkml/2018/4/8/661 Sometimes, we need to write meta data to new allocated block address, then we will allocate a zeroed page in inner inode's address space, and fill partial data in it, and leave other place with zero value which means some fields are initial status. There are two inner inodes (meta inode and node inode) setting __GFP_ZERO, I have just checked them, for both of them, we can avoid using __GFP_ZERO, and do initialization by ourselves to avoid unneeded/redundant zeroing from mm. Cc: <stable(a)vger.kernel.org> Signed-off-by: Chao Yu <yuchao0(a)huawei.com> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> diff --git a/fs/f2fs/checkpoint.c b/fs/f2fs/checkpoint.c index 3d3a1f6b21a1..8fc55d42ba25 100644 --- a/fs/f2fs/checkpoint.c +++ b/fs/f2fs/checkpoint.c @@ -100,8 +100,10 @@ repeat: * readonly and make sure do not write checkpoint with non-uptodate * meta page. */ - if (unlikely(!PageUptodate(page))) + if (unlikely(!PageUptodate(page))) { + memset(page_address(page), 0, PAGE_SIZE); f2fs_stop_checkpoint(sbi, false); + } out: return page; } diff --git a/fs/f2fs/inode.c b/fs/f2fs/inode.c index 417c9dcd0269..87535bf63421 100644 --- a/fs/f2fs/inode.c +++ b/fs/f2fs/inode.c @@ -320,10 +320,10 @@ struct inode *f2fs_iget(struct super_block *sb, unsigned long ino) make_now: if (ino == F2FS_NODE_INO(sbi)) { inode->i_mapping->a_ops = &f2fs_node_aops; - mapping_set_gfp_mask(inode->i_mapping, GFP_F2FS_ZERO); + mapping_set_gfp_mask(inode->i_mapping, GFP_NOFS); } else if (ino == F2FS_META_INO(sbi)) { inode->i_mapping->a_ops = &f2fs_meta_aops; - mapping_set_gfp_mask(inode->i_mapping, GFP_F2FS_ZERO); + mapping_set_gfp_mask(inode->i_mapping, GFP_NOFS); } else if (S_ISREG(inode->i_mode)) { inode->i_op = &f2fs_file_inode_operations; inode->i_fop = &f2fs_file_operations; diff --git a/fs/f2fs/segment.c b/fs/f2fs/segment.c index a7ec952093f8..0fb006f591a4 100644 --- a/fs/f2fs/segment.c +++ b/fs/f2fs/segment.c @@ -1979,6 +1979,7 @@ static void write_current_sum_page(struct f2fs_sb_info *sbi, struct f2fs_summary_block *dst; dst = (struct f2fs_summary_block *)page_address(page); + memset(dst, 0, PAGE_SIZE); mutex_lock(&curseg->curseg_mutex); @@ -3133,6 +3134,7 @@ static void write_compacted_summaries(struct f2fs_sb_info *sbi, block_t blkaddr) page = grab_meta_page(sbi, blkaddr++); kaddr = (unsigned char *)page_address(page); + memset(kaddr, 0, PAGE_SIZE); /* Step 1: write nat cache */ seg_i = CURSEG_I(sbi, CURSEG_HOT_DATA); @@ -3157,6 +3159,7 @@ static void write_compacted_summaries(struct f2fs_sb_info *sbi, block_t blkaddr) if (!page) { page = grab_meta_page(sbi, blkaddr++); kaddr = (unsigned char *)page_address(page); + memset(kaddr, 0, PAGE_SIZE); written_size = 0; } summary = (struct f2fs_summary *)(kaddr + written_size); diff --git a/fs/f2fs/segment.h b/fs/f2fs/segment.h index 3325d0769723..492ad0c86fa9 100644 --- a/fs/f2fs/segment.h +++ b/fs/f2fs/segment.h @@ -375,6 +375,7 @@ static inline void seg_info_to_sit_page(struct f2fs_sb_info *sbi, int i; raw_sit = (struct f2fs_sit_block *)page_address(page); + memset(raw_sit, 0, PAGE_SIZE); for (i = 0; i < end - start; i++) { rs = &raw_sit->entries[i]; se = get_seg_entry(sbi, start + i);

7 years, 2 months

1
0
0 0

862591bf4("xfrm: skip policies marked as dead while rehashing")

by Zubin Mithra

Hello, Syzkaller has reported a crash here[1] for a slab OOB read in xfrm_hash_rebuild. Could the following 2 patches be applied in order to on 4.4.y? 6916fb3b10("xfrm: Ignore socket policies when rebuilding hash tables") 862591bf4f("xfrm: skip policies marked as dead while rehashing") [1] https://syzkaller.appspot.com/bug?id=1c11a638b7d27e871aa297f3b4d5fd5bc90f0c… Thanks, - Zubin

7 years, 2 months

2
1
0 0

FAILED: patch "[PATCH] mm: fix __gup_device_huge vs unmap" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From a9b6de77b1a3ff729f7bfc54b2e17711776a416c Mon Sep 17 00:00:00 2001 From: Dan Williams <dan.j.williams(a)intel.com> Date: Thu, 19 Apr 2018 21:32:19 -0700 Subject: [PATCH] mm: fix __gup_device_huge vs unmap get_user_pages_fast() for device pages is missing the typical validation that all page references have been taken while the mapping was valid. Without this validation truncate operations can not reliably coordinate against new page reference events like O_DIRECT. Cc: <stable(a)vger.kernel.org> Fixes: 3565fce3a659 ("mm, x86: get_user_pages() for dax mappings") Reported-by: Jan Kara <jack(a)suse.cz> Reviewed-by: Jan Kara <jack(a)suse.cz> Signed-off-by: Dan Williams <dan.j.williams(a)intel.com> diff --git a/mm/gup.c b/mm/gup.c index 76af4cfeaf68..84dd2063ca3d 100644 --- a/mm/gup.c +++ b/mm/gup.c @@ -1456,32 +1456,48 @@ static int __gup_device_huge(unsigned long pfn, unsigned long addr, return 1; } -static int __gup_device_huge_pmd(pmd_t pmd, unsigned long addr, +static int __gup_device_huge_pmd(pmd_t orig, pmd_t *pmdp, unsigned long addr, unsigned long end, struct page **pages, int *nr) { unsigned long fault_pfn; + int nr_start = *nr; + + fault_pfn = pmd_pfn(orig) + ((addr & ~PMD_MASK) >> PAGE_SHIFT); + if (!__gup_device_huge(fault_pfn, addr, end, pages, nr)) + return 0; - fault_pfn = pmd_pfn(pmd) + ((addr & ~PMD_MASK) >> PAGE_SHIFT); - return __gup_device_huge(fault_pfn, addr, end, pages, nr); + if (unlikely(pmd_val(orig) != pmd_val(*pmdp))) { + undo_dev_pagemap(nr, nr_start, pages); + return 0; + } + return 1; } -static int __gup_device_huge_pud(pud_t pud, unsigned long addr, +static int __gup_device_huge_pud(pud_t orig, pud_t *pudp, unsigned long addr, unsigned long end, struct page **pages, int *nr) { unsigned long fault_pfn; + int nr_start = *nr; + + fault_pfn = pud_pfn(orig) + ((addr & ~PUD_MASK) >> PAGE_SHIFT); + if (!__gup_device_huge(fault_pfn, addr, end, pages, nr)) + return 0; - fault_pfn = pud_pfn(pud) + ((addr & ~PUD_MASK) >> PAGE_SHIFT); - return __gup_device_huge(fault_pfn, addr, end, pages, nr); + if (unlikely(pud_val(orig) != pud_val(*pudp))) { + undo_dev_pagemap(nr, nr_start, pages); + return 0; + } + return 1; } #else -static int __gup_device_huge_pmd(pmd_t pmd, unsigned long addr, +static int __gup_device_huge_pmd(pmd_t orig, pmd_t *pmdp, unsigned long addr, unsigned long end, struct page **pages, int *nr) { BUILD_BUG(); return 0; } -static int __gup_device_huge_pud(pud_t pud, unsigned long addr, +static int __gup_device_huge_pud(pud_t pud, pud_t *pudp, unsigned long addr, unsigned long end, struct page **pages, int *nr) { BUILD_BUG(); @@ -1499,7 +1515,7 @@ static int gup_huge_pmd(pmd_t orig, pmd_t *pmdp, unsigned long addr, return 0; if (pmd_devmap(orig)) - return __gup_device_huge_pmd(orig, addr, end, pages, nr); + return __gup_device_huge_pmd(orig, pmdp, addr, end, pages, nr); refs = 0; page = pmd_page(orig) + ((addr & ~PMD_MASK) >> PAGE_SHIFT); @@ -1537,7 +1553,7 @@ static int gup_huge_pud(pud_t orig, pud_t *pudp, unsigned long addr, return 0; if (pud_devmap(orig)) - return __gup_device_huge_pud(orig, addr, end, pages, nr); + return __gup_device_huge_pud(orig, pudp, addr, end, pages, nr); refs = 0; page = pud_page(orig) + ((addr & ~PUD_MASK) >> PAGE_SHIFT);

7 years, 2 months

1
0
0 0

[PATCH 4.9] iio:buffer: make length types match kfifo types

by Ben Hutchings

From: Martin Kelly <mkelly(a)xevo.com> commit c043ec1ca5baae63726aae32abbe003192bc6eec upstream. Currently, we use int for buffer length and bytes_per_datum. However, kfifo uses unsigned int for length and size_t for element size. We need to make sure these matches or we will have bugs related to overflow (in the range between INT_MAX and UINT_MAX for length, for example). In addition, set_bytes_per_datum uses size_t while bytes_per_datum is an int, which would cause bugs for large values of bytes_per_datum. Change buffer length to use unsigned int and bytes_per_datum to use size_t. Signed-off-by: Martin Kelly <mkelly(a)xevo.com> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> [bwh: Backported to 4.9: - Drop change to iio_dma_buffer_set_length() - Adjust filename, context] Signed-off-by: Ben Hutchings <ben.hutchings(a)codethink.co.uk> --- drivers/iio/buffer/kfifo_buf.c | 4 ++-- include/linux/iio/buffer.h | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/drivers/iio/buffer/kfifo_buf.c b/drivers/iio/buffer/kfifo_buf.c index 7ef9b13262a8..e44181f9eb36 100644 --- a/drivers/iio/buffer/kfifo_buf.c +++ b/drivers/iio/buffer/kfifo_buf.c @@ -19,7 +19,7 @@ struct iio_kfifo { #define iio_to_kfifo(r) container_of(r, struct iio_kfifo, buffer) static inline int __iio_allocate_kfifo(struct iio_kfifo *buf, - int bytes_per_datum, int length) + size_t bytes_per_datum, unsigned int length) { if ((length == 0) || (bytes_per_datum == 0)) return -EINVAL; @@ -71,7 +71,7 @@ static int iio_set_bytes_per_datum_kfifo(struct iio_buffer *r, size_t bpd) return 0; } -static int iio_set_length_kfifo(struct iio_buffer *r, int length) +static int iio_set_length_kfifo(struct iio_buffer *r, unsigned int length) { /* Avoid an invalid state */ if (length < 2) diff --git a/include/linux/iio/buffer.h b/include/linux/iio/buffer.h index 70a5164f4728..821965c90070 100644 --- a/include/linux/iio/buffer.h +++ b/include/linux/iio/buffer.h @@ -61,7 +61,7 @@ struct iio_buffer_access_funcs { int (*request_update)(struct iio_buffer *buffer); int (*set_bytes_per_datum)(struct iio_buffer *buffer, size_t bpd); - int (*set_length)(struct iio_buffer *buffer, int length); + int (*set_length)(struct iio_buffer *buffer, unsigned int length); int (*enable)(struct iio_buffer *buffer, struct iio_dev *indio_dev); int (*disable)(struct iio_buffer *buffer, struct iio_dev *indio_dev); @@ -96,8 +96,8 @@ struct iio_buffer_access_funcs { * @watermark: [INTERN] number of datums to wait for poll/read. */ struct iio_buffer { - int length; - int bytes_per_datum; + unsigned int length; + size_t bytes_per_datum; struct attribute_group *scan_el_attrs; long *scan_mask; bool scan_timestamp; -- Ben Hutchings, Software Developer Codethink Ltd https://www.codethink.co.uk/ Dale House, 35 Dale Street Manchester, M1 2HF, United Kingdom

7 years, 2 months

2
1
0 0

FAILED: patch "[PATCH] iio: imu: inv_mpu6050: fix possible deadlock between mutex" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From ca4c8fc97e669d7464a95e006d0ca4eadfa4e4bc Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Maneyrol <jmaneyrol(a)invensense.com> Date: Mon, 30 Apr 2018 12:14:09 +0200 Subject: [PATCH] iio: imu: inv_mpu6050: fix possible deadlock between mutex and iio Detected by kernel circular locking dependency checker. We are locking iio mutex (iio_device_claim_direct_mode) after locking our internal mutex. But when the buffer starts, iio first locks its mutex and then we lock our internal one. To avoid possible deadlock, we need to use the same order everwhere. So we change the ordering by locking first iio mutex, then our internal mutex. Fixes: 68cd6e5b206b ("iio: imu: inv_mpu6050: fix lock issues by using our own mutex") Cc: stable(a)vger.kernel.org Signed-off-by: Jean-Baptiste Maneyrol <jmaneyrol(a)invensense.com> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/imu/inv_mpu6050/inv_mpu_core.c b/drivers/iio/imu/inv_mpu6050/inv_mpu_core.c index aafa77766b08..7358935fb391 100644 --- a/drivers/iio/imu/inv_mpu6050/inv_mpu_core.c +++ b/drivers/iio/imu/inv_mpu6050/inv_mpu_core.c @@ -340,12 +340,9 @@ static int inv_mpu6050_read_channel_data(struct iio_dev *indio_dev, int result; int ret; - result = iio_device_claim_direct_mode(indio_dev); - if (result) - return result; result = inv_mpu6050_set_power_itg(st, true); if (result) - goto error_release; + return result; switch (chan->type) { case IIO_ANGL_VEL: @@ -386,14 +383,11 @@ static int inv_mpu6050_read_channel_data(struct iio_dev *indio_dev, result = inv_mpu6050_set_power_itg(st, false); if (result) goto error_power_off; - iio_device_release_direct_mode(indio_dev); return ret; error_power_off: inv_mpu6050_set_power_itg(st, false); -error_release: - iio_device_release_direct_mode(indio_dev); return result; } @@ -407,9 +401,13 @@ inv_mpu6050_read_raw(struct iio_dev *indio_dev, switch (mask) { case IIO_CHAN_INFO_RAW: + ret = iio_device_claim_direct_mode(indio_dev); + if (ret) + return ret; mutex_lock(&st->lock); ret = inv_mpu6050_read_channel_data(indio_dev, chan, val); mutex_unlock(&st->lock); + iio_device_release_direct_mode(indio_dev); return ret; case IIO_CHAN_INFO_SCALE: switch (chan->type) { @@ -532,17 +530,18 @@ static int inv_mpu6050_write_raw(struct iio_dev *indio_dev, struct inv_mpu6050_state *st = iio_priv(indio_dev); int result; - mutex_lock(&st->lock); /* * we should only update scale when the chip is disabled, i.e. * not running */ result = iio_device_claim_direct_mode(indio_dev); if (result) - goto error_write_raw_unlock; + return result; + + mutex_lock(&st->lock); result = inv_mpu6050_set_power_itg(st, true); if (result) - goto error_write_raw_release; + goto error_write_raw_unlock; switch (mask) { case IIO_CHAN_INFO_SCALE: @@ -581,10 +580,9 @@ static int inv_mpu6050_write_raw(struct iio_dev *indio_dev, } result |= inv_mpu6050_set_power_itg(st, false); -error_write_raw_release: - iio_device_release_direct_mode(indio_dev); error_write_raw_unlock: mutex_unlock(&st->lock); + iio_device_release_direct_mode(indio_dev); return result; } @@ -643,17 +641,18 @@ inv_mpu6050_fifo_rate_store(struct device *dev, struct device_attribute *attr, fifo_rate > INV_MPU6050_MAX_FIFO_RATE) return -EINVAL; + result = iio_device_claim_direct_mode(indio_dev); + if (result) + return result; + mutex_lock(&st->lock); if (fifo_rate == st->chip_config.fifo_rate) { result = 0; goto fifo_rate_fail_unlock; } - result = iio_device_claim_direct_mode(indio_dev); - if (result) - goto fifo_rate_fail_unlock; result = inv_mpu6050_set_power_itg(st, true); if (result) - goto fifo_rate_fail_release; + goto fifo_rate_fail_unlock; d = INV_MPU6050_ONE_K_HZ / fifo_rate - 1; result = regmap_write(st->map, st->reg->sample_rate_div, d); @@ -667,10 +666,9 @@ inv_mpu6050_fifo_rate_store(struct device *dev, struct device_attribute *attr, fifo_rate_fail_power_off: result |= inv_mpu6050_set_power_itg(st, false); -fifo_rate_fail_release: - iio_device_release_direct_mode(indio_dev); fifo_rate_fail_unlock: mutex_unlock(&st->lock); + iio_device_release_direct_mode(indio_dev); if (result) return result;

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] iio: imu: inv_mpu6050: fix possible deadlock between mutex" failed to apply to 4.17-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.17-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From ca4c8fc97e669d7464a95e006d0ca4eadfa4e4bc Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Maneyrol <jmaneyrol(a)invensense.com> Date: Mon, 30 Apr 2018 12:14:09 +0200 Subject: [PATCH] iio: imu: inv_mpu6050: fix possible deadlock between mutex and iio Detected by kernel circular locking dependency checker. We are locking iio mutex (iio_device_claim_direct_mode) after locking our internal mutex. But when the buffer starts, iio first locks its mutex and then we lock our internal one. To avoid possible deadlock, we need to use the same order everwhere. So we change the ordering by locking first iio mutex, then our internal mutex. Fixes: 68cd6e5b206b ("iio: imu: inv_mpu6050: fix lock issues by using our own mutex") Cc: stable(a)vger.kernel.org Signed-off-by: Jean-Baptiste Maneyrol <jmaneyrol(a)invensense.com> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/imu/inv_mpu6050/inv_mpu_core.c b/drivers/iio/imu/inv_mpu6050/inv_mpu_core.c index aafa77766b08..7358935fb391 100644 --- a/drivers/iio/imu/inv_mpu6050/inv_mpu_core.c +++ b/drivers/iio/imu/inv_mpu6050/inv_mpu_core.c @@ -340,12 +340,9 @@ static int inv_mpu6050_read_channel_data(struct iio_dev *indio_dev, int result; int ret; - result = iio_device_claim_direct_mode(indio_dev); - if (result) - return result; result = inv_mpu6050_set_power_itg(st, true); if (result) - goto error_release; + return result; switch (chan->type) { case IIO_ANGL_VEL: @@ -386,14 +383,11 @@ static int inv_mpu6050_read_channel_data(struct iio_dev *indio_dev, result = inv_mpu6050_set_power_itg(st, false); if (result) goto error_power_off; - iio_device_release_direct_mode(indio_dev); return ret; error_power_off: inv_mpu6050_set_power_itg(st, false); -error_release: - iio_device_release_direct_mode(indio_dev); return result; } @@ -407,9 +401,13 @@ inv_mpu6050_read_raw(struct iio_dev *indio_dev, switch (mask) { case IIO_CHAN_INFO_RAW: + ret = iio_device_claim_direct_mode(indio_dev); + if (ret) + return ret; mutex_lock(&st->lock); ret = inv_mpu6050_read_channel_data(indio_dev, chan, val); mutex_unlock(&st->lock); + iio_device_release_direct_mode(indio_dev); return ret; case IIO_CHAN_INFO_SCALE: switch (chan->type) { @@ -532,17 +530,18 @@ static int inv_mpu6050_write_raw(struct iio_dev *indio_dev, struct inv_mpu6050_state *st = iio_priv(indio_dev); int result; - mutex_lock(&st->lock); /* * we should only update scale when the chip is disabled, i.e. * not running */ result = iio_device_claim_direct_mode(indio_dev); if (result) - goto error_write_raw_unlock; + return result; + + mutex_lock(&st->lock); result = inv_mpu6050_set_power_itg(st, true); if (result) - goto error_write_raw_release; + goto error_write_raw_unlock; switch (mask) { case IIO_CHAN_INFO_SCALE: @@ -581,10 +580,9 @@ static int inv_mpu6050_write_raw(struct iio_dev *indio_dev, } result |= inv_mpu6050_set_power_itg(st, false); -error_write_raw_release: - iio_device_release_direct_mode(indio_dev); error_write_raw_unlock: mutex_unlock(&st->lock); + iio_device_release_direct_mode(indio_dev); return result; } @@ -643,17 +641,18 @@ inv_mpu6050_fifo_rate_store(struct device *dev, struct device_attribute *attr, fifo_rate > INV_MPU6050_MAX_FIFO_RATE) return -EINVAL; + result = iio_device_claim_direct_mode(indio_dev); + if (result) + return result; + mutex_lock(&st->lock); if (fifo_rate == st->chip_config.fifo_rate) { result = 0; goto fifo_rate_fail_unlock; } - result = iio_device_claim_direct_mode(indio_dev); - if (result) - goto fifo_rate_fail_unlock; result = inv_mpu6050_set_power_itg(st, true); if (result) - goto fifo_rate_fail_release; + goto fifo_rate_fail_unlock; d = INV_MPU6050_ONE_K_HZ / fifo_rate - 1; result = regmap_write(st->map, st->reg->sample_rate_div, d); @@ -667,10 +666,9 @@ inv_mpu6050_fifo_rate_store(struct device *dev, struct device_attribute *attr, fifo_rate_fail_power_off: result |= inv_mpu6050_set_power_itg(st, false); -fifo_rate_fail_release: - iio_device_release_direct_mode(indio_dev); fifo_rate_fail_unlock: mutex_unlock(&st->lock); + iio_device_release_direct_mode(indio_dev); if (result) return result;

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] Btrfs: fix unexpected cow in run_delalloc_nocow" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 5811375325420052fcadd944792a416a43072b7f Mon Sep 17 00:00:00 2001 From: Liu Bo <bo.li.liu(a)oracle.com> Date: Wed, 31 Jan 2018 17:09:13 -0700 Subject: [PATCH] Btrfs: fix unexpected cow in run_delalloc_nocow Fstests generic/475 provides a way to fail metadata reads while checking if checksum exists for the inode inside run_delalloc_nocow(), and csum_exist_in_range() interprets error (-EIO) as inode having checksum and makes its caller enter the cow path. In case of free space inode, this ends up with a warning in cow_file_range(). The same problem applies to btrfs_cross_ref_exist() since it may also read metadata in between. With this, run_delalloc_nocow() bails out when errors occur at the two places. cc: <stable(a)vger.kernel.org> v2.6.28+ Fixes: 17d217fe970d ("Btrfs: fix nodatasum handling in balancing code") Signed-off-by: Liu Bo <bo.li.liu(a)oracle.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index 6504e63b2317..491a7397f6fa 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -1256,6 +1256,8 @@ static noinline int csum_exist_in_range(struct btrfs_fs_info *fs_info, list_del(&sums->list); kfree(sums); } + if (ret < 0) + return ret; return 1; } @@ -1388,10 +1390,23 @@ static noinline int run_delalloc_nocow(struct inode *inode, goto out_check; if (btrfs_extent_readonly(fs_info, disk_bytenr)) goto out_check; - if (btrfs_cross_ref_exist(root, ino, - found_key.offset - - extent_offset, disk_bytenr)) + ret = btrfs_cross_ref_exist(root, ino, + found_key.offset - + extent_offset, disk_bytenr); + if (ret) { + /* + * ret could be -EIO if the above fails to read + * metadata. + */ + if (ret < 0) { + if (cow_start != (u64)-1) + cur_offset = cow_start; + goto error; + } + + WARN_ON_ONCE(nolock); goto out_check; + } disk_bytenr += extent_offset; disk_bytenr += cur_offset - found_key.offset; num_bytes = min(end + 1, extent_end) - cur_offset; @@ -1409,10 +1424,22 @@ static noinline int run_delalloc_nocow(struct inode *inode, * this ensure that csum for a given extent are * either valid or do not exist. */ - if (csum_exist_in_range(fs_info, disk_bytenr, - num_bytes)) { + ret = csum_exist_in_range(fs_info, disk_bytenr, + num_bytes); + if (ret) { if (!nolock) btrfs_end_write_no_snapshotting(root); + + /* + * ret could be -EIO if the above fails to read + * metadata. + */ + if (ret < 0) { + if (cow_start != (u64)-1) + cur_offset = cow_start; + goto error; + } + WARN_ON_ONCE(nolock); goto out_check; } if (!btrfs_inc_nocow_writers(fs_info, disk_bytenr)) {

7 years, 2 months

3
2
0 0

FAILED: patch "[PATCH] Btrfs: fix clone vs chattr NODATASUM race" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From b5c40d598f5408bd0ca22dfffa82f03cd9433f23 Mon Sep 17 00:00:00 2001 From: Omar Sandoval <osandov(a)fb.com> Date: Tue, 22 May 2018 15:02:12 -0700 Subject: [PATCH] Btrfs: fix clone vs chattr NODATASUM race In btrfs_clone_files(), we must check the NODATASUM flag while the inodes are locked. Otherwise, it's possible that btrfs_ioctl_setflags() will change the flags after we check and we can end up with a party checksummed file. The race window is only a few instructions in size, between the if and the locks which is: 3834 if (S_ISDIR(src->i_mode) || S_ISDIR(inode->i_mode)) 3835 return -EISDIR; where the setflags must be run and toggle the NODATASUM flag (provided the file size is 0). The clone will block on the inode lock, segflags takes the inode lock, changes flags, releases log and clone continues. Not impossible but still needs a lot of bad luck to hit unintentionally. Fixes: 0e7b824c4ef9 ("Btrfs: don't make a file partly checksummed through file clone") CC: stable(a)vger.kernel.org # 4.4+ Signed-off-by: Omar Sandoval <osandov(a)fb.com> Reviewed-by: Nikolay Borisov <nborisov(a)suse.com> Reviewed-by: David Sterba <dsterba(a)suse.com> [ update changelog ] Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c index 743c4f1b8001..b9b779a4ab6e 100644 --- a/fs/btrfs/ioctl.c +++ b/fs/btrfs/ioctl.c @@ -3808,11 +3808,6 @@ static noinline int btrfs_clone_files(struct file *file, struct file *file_src, src->i_sb != inode->i_sb) return -EXDEV; - /* don't make the dst file partly checksummed */ - if ((BTRFS_I(src)->flags & BTRFS_INODE_NODATASUM) != - (BTRFS_I(inode)->flags & BTRFS_INODE_NODATASUM)) - return -EINVAL; - if (S_ISDIR(src->i_mode) || S_ISDIR(inode->i_mode)) return -EISDIR; @@ -3822,6 +3817,13 @@ static noinline int btrfs_clone_files(struct file *file, struct file *file_src, inode_lock(src); } + /* don't make the dst file partly checksummed */ + if ((BTRFS_I(src)->flags & BTRFS_INODE_NODATASUM) != + (BTRFS_I(inode)->flags & BTRFS_INODE_NODATASUM)) { + ret = -EINVAL; + goto out_unlock; + } + /* determine range to clone */ ret = -EINVAL; if (off + len > src->i_size || off + len < off)

7 years, 2 months

3
2
0 0

FAILED: patch "[PATCH] cpufreq: intel_pstate: Fix scaling max/min limits with Turbo" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From ff7c9917143b3a6cf2fa61212a32d67cf259bf9c Mon Sep 17 00:00:00 2001 From: Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> Date: Mon, 18 Jun 2018 12:47:45 -0700 Subject: [PATCH] cpufreq: intel_pstate: Fix scaling max/min limits with Turbo 3.0 When scaling max/min settings are changed, internally they are converted to a ratio using the max turbo 1 core turbo frequency. This works fine when 1 core max is same irrespective of the core. But under Turbo 3.0, this will not be the case. For example: Core 0: max turbo pstate: 43 (4.3GHz) Core 1: max turbo pstate: 45 (4.5GHz) In this case 1 core turbo ratio will be maximum of all, so it will be 45 (4.5GHz). Suppose scaling max is set to 4GHz (ratio 40) for all cores ,then on core one it will be = max_state * policy->max / max_freq; = 43 * (4000000/4500000) = 38 (3.8GHz) = 38 which is 200MHz less than the desired. On core2, it will be correctly set to ratio 40 (4GHz). Same holds true for scaling min frequency limit. So this requires usage of correct turbo max frequency for core one, which in this case is 4.3GHz. So we need to adjust per CPU cpu->pstate.turbo_freq using the maximum HWP ratio of that core. This change uses the HWP capability of a core to adjust max turbo frequency. But since Broadwell HWP doesn't use ratios in the HWP capabilities, we have to use legacy max 1 core turbo ratio. This is not a problem as the HWP capabilities don't differ among cores in Broadwell. We need to check for non Broadwell CPU model for applying this change, though. Signed-off-by: Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> Cc: 4.6+ <stable(a)vger.kernel.org> # 4.6+ Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> diff --git a/drivers/cpufreq/intel_pstate.c b/drivers/cpufreq/intel_pstate.c index 1de5ec8d5ea3..ece120da3353 100644 --- a/drivers/cpufreq/intel_pstate.c +++ b/drivers/cpufreq/intel_pstate.c @@ -294,6 +294,7 @@ struct pstate_funcs { static struct pstate_funcs pstate_funcs __read_mostly; static int hwp_active __read_mostly; +static int hwp_mode_bdw __read_mostly; static bool per_cpu_limits __read_mostly; static bool hwp_boost __read_mostly; @@ -1413,7 +1414,15 @@ static void intel_pstate_get_cpu_pstates(struct cpudata *cpu) cpu->pstate.turbo_pstate = pstate_funcs.get_turbo(); cpu->pstate.scaling = pstate_funcs.get_scaling(); cpu->pstate.max_freq = cpu->pstate.max_pstate * cpu->pstate.scaling; - cpu->pstate.turbo_freq = cpu->pstate.turbo_pstate * cpu->pstate.scaling; + + if (hwp_active && !hwp_mode_bdw) { + unsigned int phy_max, current_max; + + intel_pstate_get_hwp_max(cpu->cpu, &phy_max, &current_max); + cpu->pstate.turbo_freq = phy_max * cpu->pstate.scaling; + } else { + cpu->pstate.turbo_freq = cpu->pstate.turbo_pstate * cpu->pstate.scaling; + } if (pstate_funcs.get_aperf_mperf_shift) cpu->aperf_mperf_shift = pstate_funcs.get_aperf_mperf_shift(); @@ -2467,28 +2476,36 @@ static inline bool intel_pstate_has_acpi_ppc(void) { return false; } static inline void intel_pstate_request_control_from_smm(void) {} #endif /* CONFIG_ACPI */ +#define INTEL_PSTATE_HWP_BROADWELL 0x01 + +#define ICPU_HWP(model, hwp_mode) \ + { X86_VENDOR_INTEL, 6, model, X86_FEATURE_HWP, hwp_mode } + static const struct x86_cpu_id hwp_support_ids[] __initconst = { - { X86_VENDOR_INTEL, 6, X86_MODEL_ANY, X86_FEATURE_HWP }, + ICPU_HWP(INTEL_FAM6_BROADWELL_X, INTEL_PSTATE_HWP_BROADWELL), + ICPU_HWP(INTEL_FAM6_BROADWELL_XEON_D, INTEL_PSTATE_HWP_BROADWELL), + ICPU_HWP(X86_MODEL_ANY, 0), {} }; static int __init intel_pstate_init(void) { + const struct x86_cpu_id *id; int rc; if (no_load) return -ENODEV; - if (x86_match_cpu(hwp_support_ids)) { + id = x86_match_cpu(hwp_support_ids); + if (id) { copy_cpu_funcs(&core_funcs); if (!no_hwp) { hwp_active++; + hwp_mode_bdw = id->driver_data; intel_pstate.attr = hwp_cpufreq_attrs; goto hwp_cpu_matched; } } else { - const struct x86_cpu_id *id; - id = x86_match_cpu(intel_pstate_cpu_ids); if (!id) return -ENODEV;

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] pinctrl: mt7622: fix a kernel panic when pio don't work as" failed to apply to 4.17-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.17-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 5f591543a937310e48baf0ee23680be09cdedfb8 Mon Sep 17 00:00:00 2001 From: Sean Wang <sean.wang(a)mediatek.com> Date: Thu, 14 Jun 2018 16:55:49 +0800 Subject: [PATCH] pinctrl: mt7622: fix a kernel panic when pio don't work as EINT controller The function, external interrupt controller, is made as an optional to mt7622 pinctrl. But if we don't want pio behaves as an external interrupt controller, it would lead to hw->eint not be created properly and then will cause 'kernel NULL pointer' issue when gpiochip try to call .to_irq or .set_config. To fix it, check hw->eint before accessing the member. [ 1.339494] Unable to handle kernel NULL pointer dereference at virtual address 00000010 [ 1.347857] Mem abort info: [ 1.350742] ESR = 0x96000005 [ 1.353905] Exception class = DABT (current EL), IL = 32 bits [ 1.360024] SET = 0, FnV = 0 [ 1.363185] EA = 0, S1PTW = 0 [ 1.366431] Data abort info: [ 1.369405] ISV = 0, ISS = 0x00000005 [ 1.373363] CM = 0, WnR = 0 [ 1.376437] [0000000000000010] user address but active_mm is swapper [ 1.383005] Internal error: Oops: 96000005 [#1] PREEMPT SMP [ 1.388748] Modules linked in: [ 1.391897] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.16.0-rc1+ #344 [ 1.398625] Hardware name: MediaTek MT7622 RFB1 board (DT) [ 1.404279] pstate: 80000005 (Nzcv daif -PAN -UAO) [ 1.409221] pc : mtk_eint_find_irq+0x8/0x24 [ 1.413532] lr : mtk_gpio_to_irq+0x20/0x28 [ 1.417749] sp : ffffff800801baf0 [ 1.421161] x29: ffffff800801baf0 x28: ffffff8008792f40 [ 1.426637] x27: ffffff800886b000 x26: ffffff8008615620 [ 1.432113] x25: ffffffc00e4dbdc8 x24: ffffff80087b8000 [ 1.437589] x23: ffffffc00325a000 x22: ffffffc00325a010 [ 1.443066] x21: ffffffc0033dec18 x20: 00000000ffffffea [ 1.448542] x19: ffffffc00e4db800 x18: 0000000000000130 [ 1.454018] x17: 000000000000000e x16: 0000000000000007 [ 1.459494] x15: ffffff80085ee000 x14: 0000000000000001 [ 1.464970] x13: 0000000000000001 x12: 0000000000000010 [ 1.470446] x11: 0101010101010101 x10: 0000000000000880 [ 1.475922] x9 : ffffff800801b990 x8 : ffffffc0030688e0 [ 1.481399] x7 : ffffff80080c0660 x6 : ffffffc00e4dbbb0 [ 1.486875] x5 : 0000000000000000 x4 : 0000000000000000 [ 1.492351] x3 : ffffff80082a92f4 x2 : 00000000fffffffa [ 1.497826] x1 : 0000000000000051 x0 : 0000000000000000 [ 1.503305] Process swapper/0 (pid: 1, stack limit = 0x0000000054e053bd) [ 1.510210] Call trace: [ 1.512727] mtk_eint_find_irq+0x8/0x24 [ 1.516677] mtk_gpio_to_irq+0x20/0x28 [ 1.520539] gpiod_to_irq+0x48/0x60 [ 1.524135] mmc_gpiod_request_cd_irq+0x3c/0xc4 [ 1.528804] mmc_start_host+0x6c/0x8c [ 1.532575] mmc_add_host+0x58/0x7c [ 1.536168] msdc_drv_probe+0x4fc/0x67c [ 1.540121] platform_drv_probe+0x58/0xa4 [ 1.544251] driver_probe_device+0x204/0x44c [ 1.548649] __driver_attach+0x84/0xf8 [ 1.552512] bus_for_each_dev+0x68/0xa0 [ 1.556461] driver_attach+0x20/0x28 [ 1.560142] bus_add_driver+0xec/0x240 [ 1.564002] driver_register+0x98/0xe4 [ 1.567863] __platform_driver_register+0x48/0x50 [ 1.572711] mt_msdc_driver_init+0x18/0x20 [ 1.576932] do_one_initcall+0x98/0x130 [ 1.580886] kernel_init_freeable+0x13c/0x1d4 [ 1.585375] kernel_init+0x10/0xf8 [ 1.588879] ret_from_fork+0x10/0x18 [ 1.592564] Code: a8c67bfd d65f03c0 a9bf7bfd 910003fd (f9400800) [ 1.598849] ---[ end trace 4bbcb7bc30e98492 ]--- [ 1.603677] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b [ 1.603677] cc: Kevin Hilman <khilman(a)baylibre.com> Cc: stable(a)vger.kernel.org Fixes: e6dabd38d8e7 ("pinctrl: mediatek: add EINT support to MT7622 SoC") Signed-off-by: Sean Wang <sean.wang(a)mediatek.com> Signed-off-by: Linus Walleij <linus.walleij(a)linaro.org> diff --git a/drivers/pinctrl/mediatek/pinctrl-mt7622.c b/drivers/pinctrl/mediatek/pinctrl-mt7622.c index ad6da1184c9f..e3f1ab2290fc 100644 --- a/drivers/pinctrl/mediatek/pinctrl-mt7622.c +++ b/drivers/pinctrl/mediatek/pinctrl-mt7622.c @@ -1459,6 +1459,9 @@ static int mtk_gpio_to_irq(struct gpio_chip *chip, unsigned int offset) struct mtk_pinctrl *hw = gpiochip_get_data(chip); unsigned long eint_n; + if (!hw->eint) + return -ENOTSUPP; + eint_n = offset; return mtk_eint_find_irq(hw->eint, eint_n); @@ -1471,7 +1474,8 @@ static int mtk_gpio_set_config(struct gpio_chip *chip, unsigned int offset, unsigned long eint_n; u32 debounce; - if (pinconf_to_config_param(config) != PIN_CONFIG_INPUT_DEBOUNCE) + if (!hw->eint || + pinconf_to_config_param(config) != PIN_CONFIG_INPUT_DEBOUNCE) return -ENOTSUPP; debounce = pinconf_to_config_argument(config);

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] pinctrl: samsung: Correct EINTG banks order" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 5cf9a338db94cfd570aa2607bef1b30996f188e3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pawe=C5=82=20Chmiel?= <pawel.mikolaj.chmiel(a)gmail.com> Date: Mon, 16 Apr 2018 17:52:45 +0200 Subject: [PATCH] pinctrl: samsung: Correct EINTG banks order MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit All banks with GPIO interrupts should be at beginning of bank array and without any other types of banks between them. This order is expected by exynos_eint_gpio_irq, when doing interrupt group to bank translation. Otherwise, kernel NULL pointer dereference would happen when trying to handle interrupt, due to wrong bank being looked up. Observed on s5pv210, when trying to handle gpj0 interrupt, where kernel was mapping it to gpi bank. Cc: stable(a)vger.kernel.org Fixes: 023e06dfa688 ("pinctrl: exynos: add exynos5410 SoC specific data") Fixes: 608a26a7bc04 ("pinctrl: Add s5pv210 support to pinctrl-exynos) Signed-off-by: Paweł Chmiel <pawel.mikolaj.chmiel(a)gmail.com> Reviewed-by: Tomasz Figa <tomasz.figa(a)gmail.com> Signed-off-by: Krzysztof Kozlowski <krzk(a)kernel.org> diff --git a/drivers/pinctrl/samsung/pinctrl-exynos-arm.c b/drivers/pinctrl/samsung/pinctrl-exynos-arm.c index 90c274490181..4f4ae66a0ee3 100644 --- a/drivers/pinctrl/samsung/pinctrl-exynos-arm.c +++ b/drivers/pinctrl/samsung/pinctrl-exynos-arm.c @@ -105,12 +105,12 @@ static const struct samsung_pin_bank_data s5pv210_pin_bank[] __initconst = { EXYNOS_PIN_BANK_EINTG(7, 0x1c0, "gpg1", 0x38), EXYNOS_PIN_BANK_EINTG(7, 0x1e0, "gpg2", 0x3c), EXYNOS_PIN_BANK_EINTG(7, 0x200, "gpg3", 0x40), - EXYNOS_PIN_BANK_EINTN(7, 0x220, "gpi"), EXYNOS_PIN_BANK_EINTG(8, 0x240, "gpj0", 0x44), EXYNOS_PIN_BANK_EINTG(6, 0x260, "gpj1", 0x48), EXYNOS_PIN_BANK_EINTG(8, 0x280, "gpj2", 0x4c), EXYNOS_PIN_BANK_EINTG(8, 0x2a0, "gpj3", 0x50), EXYNOS_PIN_BANK_EINTG(5, 0x2c0, "gpj4", 0x54), + EXYNOS_PIN_BANK_EINTN(7, 0x220, "gpi"), EXYNOS_PIN_BANK_EINTN(8, 0x2e0, "mp01"), EXYNOS_PIN_BANK_EINTN(4, 0x300, "mp02"), EXYNOS_PIN_BANK_EINTN(8, 0x320, "mp03"), @@ -630,7 +630,6 @@ static const struct samsung_pin_bank_data exynos5410_pin_banks0[] __initconst = EXYNOS_PIN_BANK_EINTG(4, 0x100, "gpc3", 0x20), EXYNOS_PIN_BANK_EINTG(7, 0x120, "gpc1", 0x24), EXYNOS_PIN_BANK_EINTG(7, 0x140, "gpc2", 0x28), - EXYNOS_PIN_BANK_EINTN(2, 0x160, "gpm5"), EXYNOS_PIN_BANK_EINTG(8, 0x180, "gpd1", 0x2c), EXYNOS_PIN_BANK_EINTG(8, 0x1A0, "gpe0", 0x30), EXYNOS_PIN_BANK_EINTG(2, 0x1C0, "gpe1", 0x34), @@ -641,6 +640,7 @@ static const struct samsung_pin_bank_data exynos5410_pin_banks0[] __initconst = EXYNOS_PIN_BANK_EINTG(2, 0x260, "gpg2", 0x48), EXYNOS_PIN_BANK_EINTG(4, 0x280, "gph0", 0x4c), EXYNOS_PIN_BANK_EINTG(8, 0x2A0, "gph1", 0x50), + EXYNOS_PIN_BANK_EINTN(2, 0x160, "gpm5"), EXYNOS_PIN_BANK_EINTN(8, 0x2C0, "gpm7"), EXYNOS_PIN_BANK_EINTN(6, 0x2E0, "gpy0"), EXYNOS_PIN_BANK_EINTN(4, 0x300, "gpy1"),

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] printk: fix possible reuse of va_list variable" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 988a35f8da1dec5a8cd2788054d1e717be61bf25 Mon Sep 17 00:00:00 2001 From: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Date: Fri, 11 May 2018 19:54:19 +0900 Subject: [PATCH] printk: fix possible reuse of va_list variable I noticed that there is a possibility that printk_safe_log_store() causes kernel oops because "args" parameter is passed to vsnprintf() again when atomic_cmpxchg() detected that we raced. Fix this by using va_copy(). Link: http://lkml.kernel.org/r/201805112002.GIF21216.OFVHFOMLJtQFSO@I-love.SAKURA… Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Steven Rostedt <rostedt(a)goodmis.org> Cc: dvyukov(a)google.com Cc: syzkaller(a)googlegroups.com Cc: fengguang.wu(a)intel.com Cc: linux-kernel(a)vger.kernel.org Signed-off-by: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Fixes: 42a0bb3f71383b45 ("printk/nmi: generic solution for safe printk in NMI") Cc: 4.7+ <stable(a)vger.kernel.org> # v4.7+ Reviewed-by: Sergey Senozhatsky <sergey.senozhatsky(a)gmail.com> Signed-off-by: Petr Mladek <pmladek(a)suse.com> diff --git a/kernel/printk/printk_safe.c b/kernel/printk/printk_safe.c index 3e3c2004bb23..449d67edfa4b 100644 --- a/kernel/printk/printk_safe.c +++ b/kernel/printk/printk_safe.c @@ -82,6 +82,7 @@ static __printf(2, 0) int printk_safe_log_store(struct printk_safe_seq_buf *s, { int add; size_t len; + va_list ap; again: len = atomic_read(&s->len); @@ -100,7 +101,9 @@ static __printf(2, 0) int printk_safe_log_store(struct printk_safe_seq_buf *s, if (!len) smp_rmb(); - add = vscnprintf(s->buffer + len, sizeof(s->buffer) - len, fmt, args); + va_copy(ap, args); + add = vscnprintf(s->buffer + len, sizeof(s->buffer) - len, fmt, ap); + va_end(ap); if (!add) return 0;

7 years, 2 months

4
3
0 0

FAILED: patch "[PATCH] PCI: dwc: Fix enumeration end when reaching root subordinate" failed to apply to 4.17-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.17-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From c2deae44616dab0112d965a0dc72d053b5727b4b Mon Sep 17 00:00:00 2001 From: Koen Vandeputte <koen.vandeputte(a)ncentric.com> Date: Mon, 15 Jan 2018 10:36:08 +0100 Subject: [PATCH] PCI: dwc: Fix enumeration end when reaching root subordinate The subordinate value indicates the highest bus number which can be reached downstream though a certain device. Commit a20c7f36bd3d ("PCI: Do not allocate more buses than available in parent") ensures that downstream devices cannot assign busnumbers higher than the upstream device subordinate number, which was indeed illogical. By default, dw_pcie_setup_rc() inits the Root Complex subordinate to a value of 0x01. Due to this combined with above commit, enumeration stops digging deeper downstream as soon as bus num 0x01 has been assigned, which is always the case for a bridge device. This results in all devices behind a bridge bus to remain undetected, as these would be connected to bus 0x02 or higher. Fix this by initializing the RC to a subordinate value of 0xff, which is not altering hardware behaviour in any way, but informs probing function pci_scan_bridge() later on which reads this value back from register. Following nasty errors during boot are also fixed by this: [ 0.459145] pci_bus 0000:02: busn_res: can not insert [bus 02-ff] under [bus 01] (conflicts with (null) [bus 01]) ... [ 0.464515] pci_bus 0000:03: [bus 03] partially hidden behind bridge 0000:01 [bus 01] ... [ 0.464892] pci_bus 0000:04: [bus 04] partially hidden behind bridge 0000:01 [bus 01] ... [ 0.466488] pci_bus 0000:05: [bus 05] partially hidden behind bridge 0000:01 [bus 01] [ 0.466506] pci_bus 0000:02: busn_res: [bus 02-ff] end is updated to 05 [ 0.466517] pci_bus 0000:02: busn_res: can not insert [bus 02-05] under [bus 01] (conflicts with (null) [bus 01]) [ 0.466534] pci_bus 0000:02: [bus 02-05] partially hidden behind bridge 0000:01 [bus 01] Fixes: a20c7f36bd3d ("PCI: Do not allocate more buses than available in parent") Tested-by: Niklas Cassel <niklas.cassel(a)axis.com> Tested-by: Fabio Estevam <fabio.estevam(a)nxp.com> Tested-by: Sebastian Reichel <sebastian.reichel(a)collabora.co.uk> Signed-off-by: Koen Vandeputte <koen.vandeputte(a)ncentric.com> Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi(a)arm.com> Reviewed-by: Mika Westerberg <mika.westerberg(a)linux.intel.com> Acked-by: Lucas Stach <l.stach(a)pengutronix.de> Cc: <stable(a)vger.kernel.org> # 4.15 Cc: Binghui Wang <wangbinghui(a)hisilicon.com> Cc: Bjorn Helgaas <bhelgaas(a)google.com> Cc: Jesper Nilsson <jesper.nilsson(a)axis.com> Cc: Jianguo Sun <sunjianguo1(a)huawei.com> Cc: Jingoo Han <jingoohan1(a)gmail.com> Cc: Kishon Vijay Abraham I <kishon(a)ti.com> Cc: Lorenzo Pieralisi <lorenzo.pieralisi(a)arm.com> Cc: Lucas Stach <l.stach(a)pengutronix.de> Cc: Mika Westerberg <mika.westerberg(a)linux.intel.com> Cc: Minghuan Lian <minghuan.Lian(a)freescale.com> Cc: Mingkai Hu <mingkai.hu(a)freescale.com> Cc: Murali Karicheri <m-karicheri2(a)ti.com> Cc: Pratyush Anand <pratyush.anand(a)gmail.com> Cc: Richard Zhu <hongxing.zhu(a)nxp.com> Cc: Roy Zang <tie-fei.zang(a)freescale.com> Cc: Shawn Guo <shawn.guo(a)linaro.org> Cc: Stanimir Varbanov <svarbanov(a)mm-sol.com> Cc: Thomas Petazzoni <thomas.petazzoni(a)free-electrons.com> Cc: Xiaowei Song <songxiaowei(a)hisilicon.com> Cc: Zhou Wang <wangzhou1(a)hisilicon.com> diff --git a/drivers/pci/dwc/pcie-designware-host.c b/drivers/pci/dwc/pcie-designware-host.c index 8de2d5c69b1d..dc9303abda42 100644 --- a/drivers/pci/dwc/pcie-designware-host.c +++ b/drivers/pci/dwc/pcie-designware-host.c @@ -613,7 +613,7 @@ void dw_pcie_setup_rc(struct pcie_port *pp) /* setup bus numbers */ val = dw_pcie_readl_dbi(pci, PCI_PRIMARY_BUS); val &= 0xff000000; - val |= 0x00010100; + val |= 0x00ff0100; dw_pcie_writel_dbi(pci, PCI_PRIMARY_BUS, val); /* setup command register */

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] mtd: rawnand: mxc: set spare area size register explicitly" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 3f77f244d8ec28e3a0a81240ffac7d626390060c Mon Sep 17 00:00:00 2001 From: Martin Kaiser <martin(a)kaiser.cx> Date: Mon, 18 Jun 2018 22:41:03 +0200 Subject: [PATCH] mtd: rawnand: mxc: set spare area size register explicitly The v21 version of the NAND flash controller contains a Spare Area Size Register (SPAS) at offset 0x10. Its setting defaults to the maximum spare area size of 218 bytes. The size that is set in this register is used by the controller when it calculates the ECC bytes internally in hardware. Usually, this register is updated from settings in the IIM fuses when the system is booting from NAND flash. For other boot media, however, the SPAS register remains at the default setting, which may not work for the particular flash chip on the board. The same goes for flash chips whose configuration cannot be set in the IIM fuses (e.g. chips with 2k sector size and 128 bytes spare area size can't be configured in the IIM fuses on imx25 systems). Set the SPAS register explicitly during the preset operation. Derive the register value from mtd->oobsize that was detected during probe by decoding the flash chip's ID bytes. While at it, rename the define for the spare area register's offset to NFC_V21_RSLTSPARE_AREA. The register at offset 0x10 on v1 controllers is different from the register on v21 controllers. Fixes: d484018 ("mtd: mxc_nand: set NFC registers after reset") Cc: stable(a)vger.kernel.org Signed-off-by: Martin Kaiser <martin(a)kaiser.cx> Reviewed-by: Sascha Hauer <s.hauer(a)pengutronix.de> Reviewed-by: Miquel Raynal <miquel.raynal(a)bootlin.com> Signed-off-by: Boris Brezillon <boris.brezillon(a)bootlin.com> diff --git a/drivers/mtd/nand/raw/mxc_nand.c b/drivers/mtd/nand/raw/mxc_nand.c index 45786e707b7b..26cef218bb43 100644 --- a/drivers/mtd/nand/raw/mxc_nand.c +++ b/drivers/mtd/nand/raw/mxc_nand.c @@ -48,7 +48,7 @@ #define NFC_V1_V2_CONFIG (host->regs + 0x0a) #define NFC_V1_V2_ECC_STATUS_RESULT (host->regs + 0x0c) #define NFC_V1_V2_RSLTMAIN_AREA (host->regs + 0x0e) -#define NFC_V1_V2_RSLTSPARE_AREA (host->regs + 0x10) +#define NFC_V21_RSLTSPARE_AREA (host->regs + 0x10) #define NFC_V1_V2_WRPROT (host->regs + 0x12) #define NFC_V1_UNLOCKSTART_BLKADDR (host->regs + 0x14) #define NFC_V1_UNLOCKEND_BLKADDR (host->regs + 0x16) @@ -1274,6 +1274,9 @@ static void preset_v2(struct mtd_info *mtd) writew(config1, NFC_V1_V2_CONFIG1); /* preset operation */ + /* spare area size in 16-bit half-words */ + writew(mtd->oobsize / 2, NFC_V21_RSLTSPARE_AREA); + /* Unlock the internal RAM Buffer */ writew(0x2, NFC_V1_V2_CONFIG);

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] mtd: rawnand: mxc: set spare area size register explicitly" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 3f77f244d8ec28e3a0a81240ffac7d626390060c Mon Sep 17 00:00:00 2001 From: Martin Kaiser <martin(a)kaiser.cx> Date: Mon, 18 Jun 2018 22:41:03 +0200 Subject: [PATCH] mtd: rawnand: mxc: set spare area size register explicitly The v21 version of the NAND flash controller contains a Spare Area Size Register (SPAS) at offset 0x10. Its setting defaults to the maximum spare area size of 218 bytes. The size that is set in this register is used by the controller when it calculates the ECC bytes internally in hardware. Usually, this register is updated from settings in the IIM fuses when the system is booting from NAND flash. For other boot media, however, the SPAS register remains at the default setting, which may not work for the particular flash chip on the board. The same goes for flash chips whose configuration cannot be set in the IIM fuses (e.g. chips with 2k sector size and 128 bytes spare area size can't be configured in the IIM fuses on imx25 systems). Set the SPAS register explicitly during the preset operation. Derive the register value from mtd->oobsize that was detected during probe by decoding the flash chip's ID bytes. While at it, rename the define for the spare area register's offset to NFC_V21_RSLTSPARE_AREA. The register at offset 0x10 on v1 controllers is different from the register on v21 controllers. Fixes: d484018 ("mtd: mxc_nand: set NFC registers after reset") Cc: stable(a)vger.kernel.org Signed-off-by: Martin Kaiser <martin(a)kaiser.cx> Reviewed-by: Sascha Hauer <s.hauer(a)pengutronix.de> Reviewed-by: Miquel Raynal <miquel.raynal(a)bootlin.com> Signed-off-by: Boris Brezillon <boris.brezillon(a)bootlin.com> diff --git a/drivers/mtd/nand/raw/mxc_nand.c b/drivers/mtd/nand/raw/mxc_nand.c index 45786e707b7b..26cef218bb43 100644 --- a/drivers/mtd/nand/raw/mxc_nand.c +++ b/drivers/mtd/nand/raw/mxc_nand.c @@ -48,7 +48,7 @@ #define NFC_V1_V2_CONFIG (host->regs + 0x0a) #define NFC_V1_V2_ECC_STATUS_RESULT (host->regs + 0x0c) #define NFC_V1_V2_RSLTMAIN_AREA (host->regs + 0x0e) -#define NFC_V1_V2_RSLTSPARE_AREA (host->regs + 0x10) +#define NFC_V21_RSLTSPARE_AREA (host->regs + 0x10) #define NFC_V1_V2_WRPROT (host->regs + 0x12) #define NFC_V1_UNLOCKSTART_BLKADDR (host->regs + 0x14) #define NFC_V1_UNLOCKEND_BLKADDR (host->regs + 0x16) @@ -1274,6 +1274,9 @@ static void preset_v2(struct mtd_info *mtd) writew(config1, NFC_V1_V2_CONFIG1); /* preset operation */ + /* spare area size in 16-bit half-words */ + writew(mtd->oobsize / 2, NFC_V21_RSLTSPARE_AREA); + /* Unlock the internal RAM Buffer */ writew(0x2, NFC_V1_V2_CONFIG);

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] mtd: rawnand: fix return value check for bad block status" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From e9893e6fa932f42c90c4ac5849fa9aa0f0f00a34 Mon Sep 17 00:00:00 2001 From: Abhishek Sahu <absahu(a)codeaurora.org> Date: Wed, 13 Jun 2018 14:32:36 +0530 Subject: [PATCH] mtd: rawnand: fix return value check for bad block status Positive return value from read_oob() is making false BAD blocks. For some of the NAND controllers, OOB bytes will be protected with ECC and read_oob() will return number of bitflips. If there is any bitflip in ECC protected OOB bytes for BAD block status page, then that block is getting treated as BAD. Fixes: c120e75e0e7d ("mtd: nand: use read_oob() instead of cmdfunc() for bad block check") Cc: <stable(a)vger.kernel.org> Signed-off-by: Abhishek Sahu <absahu(a)codeaurora.org> Reviewed-by: Miquel Raynal <miquel.raynal(a)bootlin.com> Signed-off-by: Boris Brezillon <boris.brezillon(a)bootlin.com> diff --git a/drivers/mtd/nand/raw/nand_base.c b/drivers/mtd/nand/raw/nand_base.c index 10c4f9919850..b01d15ec4c56 100644 --- a/drivers/mtd/nand/raw/nand_base.c +++ b/drivers/mtd/nand/raw/nand_base.c @@ -440,7 +440,7 @@ static int nand_block_bad(struct mtd_info *mtd, loff_t ofs) for (; page < page_end; page++) { res = chip->ecc.read_oob(mtd, chip, page); - if (res) + if (res < 0) return res; bad = chip->oob_poi[chip->badblockpos];

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] mtd: cfi_cmdset_0002: Change erase functions to check chip" failed to apply to 4.17-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.17-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 79ca484b613041ca223f74b34608bb6f5221724b Mon Sep 17 00:00:00 2001 From: Tokunori Ikegami <ikegami(a)allied-telesis.co.jp> Date: Wed, 30 May 2018 18:32:29 +0900 Subject: [PATCH] mtd: cfi_cmdset_0002: Change erase functions to check chip good only Currently the functions use to check both chip ready and good. But the chip ready is not enough to check the operation status. So change this to check the chip good instead of this. About the retry functions to make sure the error handling remain it. Signed-off-by: Tokunori Ikegami <ikegami(a)allied-telesis.co.jp> Reviewed-by: Joakim Tjernlund <Joakim.Tjernlund(a)infinera.com> Cc: Chris Packham <chris.packham(a)alliedtelesis.co.nz> Cc: Brian Norris <computersforpeace(a)gmail.com> Cc: David Woodhouse <dwmw2(a)infradead.org> Cc: Boris Brezillon <boris.brezillon(a)free-electrons.com> Cc: Marek Vasut <marek.vasut(a)gmail.com> Cc: Richard Weinberger <richard(a)nod.at> Cc: Cyrille Pitchen <cyrille.pitchen(a)wedev4u.fr> Cc: linux-mtd(a)lists.infradead.org Cc: stable(a)vger.kernel.org Signed-off-by: Boris Brezillon <boris.brezillon(a)bootlin.com> diff --git a/drivers/mtd/chips/cfi_cmdset_0002.c b/drivers/mtd/chips/cfi_cmdset_0002.c index 217db661943d..d8e3a737c62f 100644 --- a/drivers/mtd/chips/cfi_cmdset_0002.c +++ b/drivers/mtd/chips/cfi_cmdset_0002.c @@ -2294,12 +2294,13 @@ static int __xipram do_erase_chip(struct map_info *map, struct flchip *chip) chip->erase_suspended = 0; } - if (chip_ready(map, adr)) + if (chip_good(map, adr, map_word_ff(map))) break; if (time_after(jiffies, timeo)) { printk(KERN_WARNING "MTD %s(): software timeout\n", __func__); + ret = -EIO; break; } @@ -2307,15 +2308,15 @@ static int __xipram do_erase_chip(struct map_info *map, struct flchip *chip) UDELAY(map, chip, adr, 1000000/HZ); } /* Did we succeed? */ - if (!chip_good(map, adr, map_word_ff(map))) { + if (ret) { /* reset on all failures. */ map_write(map, CMD(0xF0), chip->start); /* FIXME - should have reset delay before continuing */ - if (++retry_cnt <= MAX_RETRIES) + if (++retry_cnt <= MAX_RETRIES) { + ret = 0; goto retry; - - ret = -EIO; + } } chip->state = FL_READY; @@ -2388,7 +2389,7 @@ static int __xipram do_erase_oneblock(struct map_info *map, struct flchip *chip, chip->erase_suspended = 0; } - if (chip_ready(map, adr)) { + if (chip_good(map, adr, map_word_ff(map))) { xip_enable(map, chip, adr); break; } @@ -2397,6 +2398,7 @@ static int __xipram do_erase_oneblock(struct map_info *map, struct flchip *chip, xip_enable(map, chip, adr); printk(KERN_WARNING "MTD %s(): software timeout\n", __func__); + ret = -EIO; break; } @@ -2404,15 +2406,15 @@ static int __xipram do_erase_oneblock(struct map_info *map, struct flchip *chip, UDELAY(map, chip, adr, 1000000/HZ); } /* Did we succeed? */ - if (!chip_good(map, adr, map_word_ff(map))) { + if (ret) { /* reset on all failures. */ map_write(map, CMD(0xF0), chip->start); /* FIXME - should have reset delay before continuing */ - if (++retry_cnt <= MAX_RETRIES) + if (++retry_cnt <= MAX_RETRIES) { + ret = 0; goto retry; - - ret = -EIO; + } } chip->state = FL_READY;

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] mtd: cfi_cmdset_0002: Change definition naming to retry write" failed to apply to 4.17-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.17-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 85a82e28b023de9b259a86824afbd6ba07bd6475 Mon Sep 17 00:00:00 2001 From: Tokunori Ikegami <ikegami(a)allied-telesis.co.jp> Date: Wed, 30 May 2018 18:32:27 +0900 Subject: [PATCH] mtd: cfi_cmdset_0002: Change definition naming to retry write operation The definition can be used for other program and erase operations also. So change the naming to MAX_RETRIES from MAX_WORD_RETRIES. Signed-off-by: Tokunori Ikegami <ikegami(a)allied-telesis.co.jp> Reviewed-by: Joakim Tjernlund <Joakim.Tjernlund(a)infinera.com> Cc: Chris Packham <chris.packham(a)alliedtelesis.co.nz> Cc: Brian Norris <computersforpeace(a)gmail.com> Cc: David Woodhouse <dwmw2(a)infradead.org> Cc: Boris Brezillon <boris.brezillon(a)free-electrons.com> Cc: Marek Vasut <marek.vasut(a)gmail.com> Cc: Richard Weinberger <richard(a)nod.at> Cc: Cyrille Pitchen <cyrille.pitchen(a)wedev4u.fr> Cc: linux-mtd(a)lists.infradead.org Cc: stable(a)vger.kernel.org Signed-off-by: Boris Brezillon <boris.brezillon(a)bootlin.com> diff --git a/drivers/mtd/chips/cfi_cmdset_0002.c b/drivers/mtd/chips/cfi_cmdset_0002.c index 75d2c16029fd..62ada405fe93 100644 --- a/drivers/mtd/chips/cfi_cmdset_0002.c +++ b/drivers/mtd/chips/cfi_cmdset_0002.c @@ -42,7 +42,7 @@ #define AMD_BOOTLOC_BUG #define FORCE_WORD_WRITE 0 -#define MAX_WORD_RETRIES 3 +#define MAX_RETRIES 3 #define SST49LF004B 0x0060 #define SST49LF040B 0x0050 @@ -1646,7 +1646,7 @@ static int __xipram do_write_oneword(struct map_info *map, struct flchip *chip, map_write(map, CMD(0xF0), chip->start); /* FIXME - should have reset delay before continuing */ - if (++retry_cnt <= MAX_WORD_RETRIES) + if (++retry_cnt <= MAX_RETRIES) goto retry; ret = -EIO; @@ -2105,7 +2105,7 @@ static int do_panic_write_oneword(struct map_info *map, struct flchip *chip, map_write(map, CMD(0xF0), chip->start); /* FIXME - should have reset delay before continuing */ - if (++retry_cnt <= MAX_WORD_RETRIES) + if (++retry_cnt <= MAX_RETRIES) goto retry; ret = -EIO;

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] IB/hfi1: Fix user context tail allocation for DMA_RTAIL" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 1bc0299d976e000ececc6acd76e33b4582646cb7 Mon Sep 17 00:00:00 2001 From: Mike Marciniszyn <mike.marciniszyn(a)intel.com> Date: Thu, 31 May 2018 11:30:09 -0700 Subject: [PATCH] IB/hfi1: Fix user context tail allocation for DMA_RTAIL The following code fails to allocate a buffer for the tail address that the hardware DMAs into when the user context DMA_RTAIL is set. if (HFI1_CAP_KGET_MASK(rcd->flags, DMA_RTAIL)) { rcd->rcvhdrtail_kvaddr = dma_zalloc_coherent( &dd->pcidev->dev, PAGE_SIZE, &dma_hdrqtail, gfp_flags); if (!rcd->rcvhdrtail_kvaddr) goto bail_free; rcd->rcvhdrqtailaddr_dma = dma_hdrqtail; } So the rcvhdrtail_kvaddr would then be NULL. The mmap logic fails to check for a NULL rcvhdrtail_kvaddr. The fix is to test for both user and kernel DMA_TAIL options during the allocation as well as testing for a NULL rcvhdrtail_kvaddr during the mmap processing. Additionally, all downstream testing of the capmask for DMA_RTAIL have been eliminated in favor of testing rcvhdrtail_kvaddr. Cc: <stable(a)vger.kernel.org> # 4.9.x Reviewed-by: Michael J. Ruhl <michael.j.ruhl(a)intel.com> Signed-off-by: Mike Marciniszyn <mike.marciniszyn(a)intel.com> Signed-off-by: Dennis Dalessandro <dennis.dalessandro(a)intel.com> Signed-off-by: Jason Gunthorpe <jgg(a)mellanox.com> diff --git a/drivers/infiniband/hw/hfi1/chip.c b/drivers/infiniband/hw/hfi1/chip.c index 68580cb2ae1e..f75080d63142 100644 --- a/drivers/infiniband/hw/hfi1/chip.c +++ b/drivers/infiniband/hw/hfi1/chip.c @@ -6841,7 +6841,7 @@ static void rxe_kernel_unfreeze(struct hfi1_devdata *dd) } rcvmask = HFI1_RCVCTRL_CTXT_ENB; /* HFI1_RCVCTRL_TAILUPD_[ENB|DIS] needs to be set explicitly */ - rcvmask |= HFI1_CAP_KGET_MASK(rcd->flags, DMA_RTAIL) ? + rcvmask |= rcd->rcvhdrtail_kvaddr ? HFI1_RCVCTRL_TAILUPD_ENB : HFI1_RCVCTRL_TAILUPD_DIS; hfi1_rcvctrl(dd, rcvmask, rcd); hfi1_rcd_put(rcd); @@ -8367,7 +8367,7 @@ static inline int check_packet_present(struct hfi1_ctxtdata *rcd) u32 tail; int present; - if (!HFI1_CAP_IS_KSET(DMA_RTAIL)) + if (!rcd->rcvhdrtail_kvaddr) present = (rcd->seq_cnt == rhf_rcv_seq(rhf_to_cpu(get_rhf_addr(rcd)))); else /* is RDMA rtail */ @@ -11843,7 +11843,7 @@ void hfi1_rcvctrl(struct hfi1_devdata *dd, unsigned int op, /* reset the tail and hdr addresses, and sequence count */ write_kctxt_csr(dd, ctxt, RCV_HDR_ADDR, rcd->rcvhdrq_dma); - if (HFI1_CAP_KGET_MASK(rcd->flags, DMA_RTAIL)) + if (rcd->rcvhdrtail_kvaddr) write_kctxt_csr(dd, ctxt, RCV_HDR_TAIL_ADDR, rcd->rcvhdrqtailaddr_dma); rcd->seq_cnt = 1; @@ -11923,7 +11923,7 @@ void hfi1_rcvctrl(struct hfi1_devdata *dd, unsigned int op, rcvctrl |= RCV_CTXT_CTRL_INTR_AVAIL_SMASK; if (op & HFI1_RCVCTRL_INTRAVAIL_DIS) rcvctrl &= ~RCV_CTXT_CTRL_INTR_AVAIL_SMASK; - if (op & HFI1_RCVCTRL_TAILUPD_ENB && rcd->rcvhdrqtailaddr_dma) + if ((op & HFI1_RCVCTRL_TAILUPD_ENB) && rcd->rcvhdrtail_kvaddr) rcvctrl |= RCV_CTXT_CTRL_TAIL_UPD_SMASK; if (op & HFI1_RCVCTRL_TAILUPD_DIS) { /* See comment on RcvCtxtCtrl.TailUpd above */ diff --git a/drivers/infiniband/hw/hfi1/file_ops.c b/drivers/infiniband/hw/hfi1/file_ops.c index c9d23c37a371..0fc4aa9455c3 100644 --- a/drivers/infiniband/hw/hfi1/file_ops.c +++ b/drivers/infiniband/hw/hfi1/file_ops.c @@ -505,7 +505,7 @@ static int hfi1_file_mmap(struct file *fp, struct vm_area_struct *vma) ret = -EINVAL; goto done; } - if (flags & VM_WRITE) { + if ((flags & VM_WRITE) || !uctxt->rcvhdrtail_kvaddr) { ret = -EPERM; goto done; } diff --git a/drivers/infiniband/hw/hfi1/init.c b/drivers/infiniband/hw/hfi1/init.c index 3feecf926322..4a478ee0a79b 100644 --- a/drivers/infiniband/hw/hfi1/init.c +++ b/drivers/infiniband/hw/hfi1/init.c @@ -1853,7 +1853,6 @@ int hfi1_create_rcvhdrq(struct hfi1_devdata *dd, struct hfi1_ctxtdata *rcd) u64 reg; if (!rcd->rcvhdrq) { - dma_addr_t dma_hdrqtail; gfp_t gfp_flags; /* @@ -1878,13 +1877,13 @@ int hfi1_create_rcvhdrq(struct hfi1_devdata *dd, struct hfi1_ctxtdata *rcd) goto bail; } - if (HFI1_CAP_KGET_MASK(rcd->flags, DMA_RTAIL)) { + if (HFI1_CAP_KGET_MASK(rcd->flags, DMA_RTAIL) || + HFI1_CAP_UGET_MASK(rcd->flags, DMA_RTAIL)) { rcd->rcvhdrtail_kvaddr = dma_zalloc_coherent( - &dd->pcidev->dev, PAGE_SIZE, &dma_hdrqtail, - gfp_flags); + &dd->pcidev->dev, PAGE_SIZE, + &rcd->rcvhdrqtailaddr_dma, gfp_flags); if (!rcd->rcvhdrtail_kvaddr) goto bail_free; - rcd->rcvhdrqtailaddr_dma = dma_hdrqtail; } rcd->rcvhdrq_size = amt;

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] IB/hfi1: Reorder incorrect send context disable" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From a93a0a31111231bb1949f4a83b17238f0fa32d6a Mon Sep 17 00:00:00 2001 From: "Michael J. Ruhl" <michael.j.ruhl(a)intel.com> Date: Wed, 2 May 2018 06:43:07 -0700 Subject: [PATCH] IB/hfi1: Reorder incorrect send context disable User send context integrity bits are cleared before the context is disabled. If the send context is still processing data, any packets that need those integrity bits will cause an error and halt the send context. During the disable handling, the driver waits for the context to drain. If the context is halted, the driver will eventually timeout because the context won't drain and then incorrectly bounce the link. Reorder the bit clearing and the context disable. Examine the software state and send context status as well as the egress status to determine if a send context is in the halted state. Promote the check macros to static functions for consistency with the new check and to follow kernel style. Remove an unused define that refers to the egress timeout. Cc: <stable(a)vger.kernel.org> # 4.9.x Reviewed-by: Mitko Haralanov <mitko.haralanov(a)intel.com> Reviewed-by: Mike Marciniszyn <mike.marciniszyn(a)intel.com> Signed-off-by: Michael J. Ruhl <michael.j.ruhl(a)intel.com> Signed-off-by: Dennis Dalessandro <dennis.dalessandro(a)intel.com> Signed-off-by: Doug Ledford <dledford(a)redhat.com> diff --git a/drivers/infiniband/hw/hfi1/file_ops.c b/drivers/infiniband/hw/hfi1/file_ops.c index 1b778fd16a32..c9d23c37a371 100644 --- a/drivers/infiniband/hw/hfi1/file_ops.c +++ b/drivers/infiniband/hw/hfi1/file_ops.c @@ -689,8 +689,8 @@ static int hfi1_file_close(struct inode *inode, struct file *fp) * checks to default and disable the send context. */ if (uctxt->sc) { - set_pio_integrity(uctxt->sc); sc_disable(uctxt->sc); + set_pio_integrity(uctxt->sc); } hfi1_free_ctxt_rcv_groups(uctxt); diff --git a/drivers/infiniband/hw/hfi1/pio.c b/drivers/infiniband/hw/hfi1/pio.c index 40dac4d16eb8..9cac15d10c4f 100644 --- a/drivers/infiniband/hw/hfi1/pio.c +++ b/drivers/infiniband/hw/hfi1/pio.c @@ -50,8 +50,6 @@ #include "qp.h" #include "trace.h" -#define SC_CTXT_PACKET_EGRESS_TIMEOUT 350 /* in chip cycles */ - #define SC(name) SEND_CTXT_##name /* * Send Context functions @@ -961,15 +959,40 @@ void sc_disable(struct send_context *sc) } /* return SendEgressCtxtStatus.PacketOccupancy */ -#define packet_occupancy(r) \ - (((r) & SEND_EGRESS_CTXT_STATUS_CTXT_EGRESS_PACKET_OCCUPANCY_SMASK)\ - >> SEND_EGRESS_CTXT_STATUS_CTXT_EGRESS_PACKET_OCCUPANCY_SHIFT) +static u64 packet_occupancy(u64 reg) +{ + return (reg & + SEND_EGRESS_CTXT_STATUS_CTXT_EGRESS_PACKET_OCCUPANCY_SMASK) + >> SEND_EGRESS_CTXT_STATUS_CTXT_EGRESS_PACKET_OCCUPANCY_SHIFT; +} /* is egress halted on the context? */ -#define egress_halted(r) \ - ((r) & SEND_EGRESS_CTXT_STATUS_CTXT_EGRESS_HALT_STATUS_SMASK) +static bool egress_halted(u64 reg) +{ + return !!(reg & SEND_EGRESS_CTXT_STATUS_CTXT_EGRESS_HALT_STATUS_SMASK); +} -/* wait for packet egress, optionally pause for credit return */ +/* is the send context halted? */ +static bool is_sc_halted(struct hfi1_devdata *dd, u32 hw_context) +{ + return !!(read_kctxt_csr(dd, hw_context, SC(STATUS)) & + SC(STATUS_CTXT_HALTED_SMASK)); +} + +/** + * sc_wait_for_packet_egress + * @sc: valid send context + * @pause: wait for credit return + * + * Wait for packet egress, optionally pause for credit return + * + * Egress halt and Context halt are not necessarily the same thing, so + * check for both. + * + * NOTE: The context halt bit may not be set immediately. Because of this, + * it is necessary to check the SW SFC_HALTED bit (set in the IRQ) and the HW + * context bit to determine if the context is halted. + */ static void sc_wait_for_packet_egress(struct send_context *sc, int pause) { struct hfi1_devdata *dd = sc->dd; @@ -981,8 +1004,9 @@ static void sc_wait_for_packet_egress(struct send_context *sc, int pause) reg_prev = reg; reg = read_csr(dd, sc->hw_context * 8 + SEND_EGRESS_CTXT_STATUS); - /* done if egress is stopped */ - if (egress_halted(reg)) + /* done if any halt bits, SW or HW are set */ + if (sc->flags & SCF_HALTED || + is_sc_halted(dd, sc->hw_context) || egress_halted(reg)) break; reg = packet_occupancy(reg); if (reg == 0)

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] IB/core: Make testing MR flags for writability a static" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 08bb558ac11ab944e0539e78619d7b4c356278bd Mon Sep 17 00:00:00 2001 From: Jack Morgenstein <jackm(a)dev.mellanox.co.il> Date: Wed, 23 May 2018 15:30:30 +0300 Subject: [PATCH] IB/core: Make testing MR flags for writability a static inline function Make the MR writability flags check, which is performed in umem.c, a static inline function in file ib_verbs.h This allows the function to be used by low-level infiniband drivers. Cc: <stable(a)vger.kernel.org> Signed-off-by: Jason Gunthorpe <jgg(a)mellanox.com> Signed-off-by: Jack Morgenstein <jackm(a)dev.mellanox.co.il> Signed-off-by: Leon Romanovsky <leonro(a)mellanox.com> diff --git a/drivers/infiniband/core/umem.c b/drivers/infiniband/core/umem.c index 2b6c9b516070..d76455edd292 100644 --- a/drivers/infiniband/core/umem.c +++ b/drivers/infiniband/core/umem.c @@ -119,16 +119,7 @@ struct ib_umem *ib_umem_get(struct ib_ucontext *context, unsigned long addr, umem->length = size; umem->address = addr; umem->page_shift = PAGE_SHIFT; - /* - * We ask for writable memory if any of the following - * access flags are set. "Local write" and "remote write" - * obviously require write access. "Remote atomic" can do - * things like fetch and add, which will modify memory, and - * "MW bind" can change permissions by binding a window. - */ - umem->writable = !!(access & - (IB_ACCESS_LOCAL_WRITE | IB_ACCESS_REMOTE_WRITE | - IB_ACCESS_REMOTE_ATOMIC | IB_ACCESS_MW_BIND)); + umem->writable = ib_access_writable(access); if (access & IB_ACCESS_ON_DEMAND) { ret = ib_umem_odp_get(context, umem, access); diff --git a/include/rdma/ib_verbs.h b/include/rdma/ib_verbs.h index 9fc8a825aa28..20fa5c591e81 100644 --- a/include/rdma/ib_verbs.h +++ b/include/rdma/ib_verbs.h @@ -3734,6 +3734,20 @@ static inline int ib_check_mr_access(int flags) return 0; } +static inline bool ib_access_writable(int access_flags) +{ + /* + * We have writable memory backing the MR if any of the following + * access flags are set. "Local write" and "remote write" obviously + * require write access. "Remote atomic" can do things like fetch and + * add, which will modify memory, and "MW bind" can change permissions + * by binding a window. + */ + return access_flags & + (IB_ACCESS_LOCAL_WRITE | IB_ACCESS_REMOTE_WRITE | + IB_ACCESS_REMOTE_ATOMIC | IB_ACCESS_MW_BIND); +} + /** * ib_check_mr_status: lightweight check of MR status. * This routine may provide status checks on a selected

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] tpm: fix race condition in tpm_common_write()" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 3ab2011ea368ec3433ad49e1b9e1c7b70d2e65df Mon Sep 17 00:00:00 2001 From: Tadeusz Struk <tadeusz.struk(a)intel.com> Date: Tue, 22 May 2018 14:37:18 -0700 Subject: [PATCH] tpm: fix race condition in tpm_common_write() There is a race condition in tpm_common_write function allowing two threads on the same /dev/tpm<N>, or two different applications on the same /dev/tpmrm<N> to overwrite each other commands/responses. Fixed this by taking the priv->buffer_mutex early in the function. Also converted the priv->data_pending from atomic to a regular size_t type. There is no need for it to be atomic since it is only touched under the protection of the priv->buffer_mutex. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable(a)vger.kernel.org Signed-off-by: Tadeusz Struk <tadeusz.struk(a)intel.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com> diff --git a/drivers/char/tpm/tpm-dev-common.c b/drivers/char/tpm/tpm-dev-common.c index 230b99288024..e4a04b2d3c32 100644 --- a/drivers/char/tpm/tpm-dev-common.c +++ b/drivers/char/tpm/tpm-dev-common.c @@ -37,7 +37,7 @@ static void timeout_work(struct work_struct *work) struct file_priv *priv = container_of(work, struct file_priv, work); mutex_lock(&priv->buffer_mutex); - atomic_set(&priv->data_pending, 0); + priv->data_pending = 0; memset(priv->data_buffer, 0, sizeof(priv->data_buffer)); mutex_unlock(&priv->buffer_mutex); } @@ -46,7 +46,6 @@ void tpm_common_open(struct file *file, struct tpm_chip *chip, struct file_priv *priv) { priv->chip = chip; - atomic_set(&priv->data_pending, 0); mutex_init(&priv->buffer_mutex); timer_setup(&priv->user_read_timer, user_reader_timeout, 0); INIT_WORK(&priv->work, timeout_work); @@ -58,29 +57,24 @@ ssize_t tpm_common_read(struct file *file, char __user *buf, size_t size, loff_t *off) { struct file_priv *priv = file->private_data; - ssize_t ret_size; - ssize_t orig_ret_size; + ssize_t ret_size = 0; int rc; del_singleshot_timer_sync(&priv->user_read_timer); flush_work(&priv->work); - ret_size = atomic_read(&priv->data_pending); - if (ret_size > 0) { /* relay data */ - orig_ret_size = ret_size; - if (size < ret_size) - ret_size = size; + mutex_lock(&priv->buffer_mutex); - mutex_lock(&priv->buffer_mutex); + if (priv->data_pending) { + ret_size = min_t(ssize_t, size, priv->data_pending); rc = copy_to_user(buf, priv->data_buffer, ret_size); - memset(priv->data_buffer, 0, orig_ret_size); + memset(priv->data_buffer, 0, priv->data_pending); if (rc) ret_size = -EFAULT; - mutex_unlock(&priv->buffer_mutex); + priv->data_pending = 0; } - atomic_set(&priv->data_pending, 0); - + mutex_unlock(&priv->buffer_mutex); return ret_size; } @@ -91,17 +85,19 @@ ssize_t tpm_common_write(struct file *file, const char __user *buf, size_t in_size = size; ssize_t out_size; + if (in_size > TPM_BUFSIZE) + return -E2BIG; + + mutex_lock(&priv->buffer_mutex); + /* Cannot perform a write until the read has cleared either via * tpm_read or a user_read_timer timeout. This also prevents split * buffered writes from blocking here. */ - if (atomic_read(&priv->data_pending) != 0) + if (priv->data_pending != 0) { + mutex_unlock(&priv->buffer_mutex); return -EBUSY; - - if (in_size > TPM_BUFSIZE) - return -E2BIG; - - mutex_lock(&priv->buffer_mutex); + } if (copy_from_user (priv->data_buffer, (void __user *) buf, in_size)) { @@ -132,7 +128,7 @@ ssize_t tpm_common_write(struct file *file, const char __user *buf, return out_size; } - atomic_set(&priv->data_pending, out_size); + priv->data_pending = out_size; mutex_unlock(&priv->buffer_mutex); /* Set a timeout by which the reader must come claim the result */ @@ -149,5 +145,5 @@ void tpm_common_release(struct file *file, struct file_priv *priv) del_singleshot_timer_sync(&priv->user_read_timer); flush_work(&priv->work); file->private_data = NULL; - atomic_set(&priv->data_pending, 0); + priv->data_pending = 0; } diff --git a/drivers/char/tpm/tpm-dev.h b/drivers/char/tpm/tpm-dev.h index ba3b6f9dacf7..b24cfb4d3ee1 100644 --- a/drivers/char/tpm/tpm-dev.h +++ b/drivers/char/tpm/tpm-dev.h @@ -8,7 +8,7 @@ struct file_priv { struct tpm_chip *chip; /* Data passed to and from the tpm via the read/write calls */ - atomic_t data_pending; + size_t data_pending; struct mutex buffer_mutex; struct timer_list user_read_timer; /* user needs to claim result */

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] arm64: dts: stratix10: Fix SPI nodes for Stratix10" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 4595299c5eaebbec0ca5822214ad1925a10b3876 Mon Sep 17 00:00:00 2001 From: Thor Thayer <thor.thayer(a)linux.intel.com> Date: Fri, 22 Jun 2018 13:35:38 -0500 Subject: [PATCH] arm64: dts: stratix10: Fix SPI nodes for Stratix10 Remove the unused bus-num node and change num-chipselect to num-cs to match SPI bindings. Cc: stable(a)vger.kernel.org Fixes: 78cd6a9d8e154 ("arm64: dts: Add base stratix 10 dtsi") Signed-off-by: Thor Thayer <thor.thayer(a)linux.intel.com> Signed-off-by: Dinh Nguyen <dinguyen(a)kernel.org> Signed-off-by: Olof Johansson <olof(a)lixom.net> diff --git a/arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi b/arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi index e6b059378dc0..67dac595dc72 100644 --- a/arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi +++ b/arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi @@ -309,8 +309,7 @@ interrupts = <0 99 4>; resets = <&rst SPIM0_RESET>; reg-io-width = <4>; - num-chipselect = <4>; - bus-num = <0>; + num-cs = <4>; status = "disabled"; }; @@ -322,8 +321,7 @@ interrupts = <0 100 4>; resets = <&rst SPIM1_RESET>; reg-io-width = <4>; - num-chipselect = <4>; - bus-num = <0>; + num-cs = <4>; status = "disabled"; };

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] arm64: dts: stratix10: Fix SPI nodes for Stratix10" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 4595299c5eaebbec0ca5822214ad1925a10b3876 Mon Sep 17 00:00:00 2001 From: Thor Thayer <thor.thayer(a)linux.intel.com> Date: Fri, 22 Jun 2018 13:35:38 -0500 Subject: [PATCH] arm64: dts: stratix10: Fix SPI nodes for Stratix10 Remove the unused bus-num node and change num-chipselect to num-cs to match SPI bindings. Cc: stable(a)vger.kernel.org Fixes: 78cd6a9d8e154 ("arm64: dts: Add base stratix 10 dtsi") Signed-off-by: Thor Thayer <thor.thayer(a)linux.intel.com> Signed-off-by: Dinh Nguyen <dinguyen(a)kernel.org> Signed-off-by: Olof Johansson <olof(a)lixom.net> diff --git a/arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi b/arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi index e6b059378dc0..67dac595dc72 100644 --- a/arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi +++ b/arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi @@ -309,8 +309,7 @@ interrupts = <0 99 4>; resets = <&rst SPIM0_RESET>; reg-io-width = <4>; - num-chipselect = <4>; - bus-num = <0>; + num-cs = <4>; status = "disabled"; }; @@ -322,8 +321,7 @@ interrupts = <0 100 4>; resets = <&rst SPIM1_RESET>; reg-io-width = <4>; - num-chipselect = <4>; - bus-num = <0>; + num-cs = <4>; status = "disabled"; };

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] arm64: dts: stratix10: Fix SPI nodes for Stratix10" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 4595299c5eaebbec0ca5822214ad1925a10b3876 Mon Sep 17 00:00:00 2001 From: Thor Thayer <thor.thayer(a)linux.intel.com> Date: Fri, 22 Jun 2018 13:35:38 -0500 Subject: [PATCH] arm64: dts: stratix10: Fix SPI nodes for Stratix10 Remove the unused bus-num node and change num-chipselect to num-cs to match SPI bindings. Cc: stable(a)vger.kernel.org Fixes: 78cd6a9d8e154 ("arm64: dts: Add base stratix 10 dtsi") Signed-off-by: Thor Thayer <thor.thayer(a)linux.intel.com> Signed-off-by: Dinh Nguyen <dinguyen(a)kernel.org> Signed-off-by: Olof Johansson <olof(a)lixom.net> diff --git a/arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi b/arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi index e6b059378dc0..67dac595dc72 100644 --- a/arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi +++ b/arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi @@ -309,8 +309,7 @@ interrupts = <0 99 4>; resets = <&rst SPIM0_RESET>; reg-io-width = <4>; - num-chipselect = <4>; - bus-num = <0>; + num-cs = <4>; status = "disabled"; }; @@ -322,8 +321,7 @@ interrupts = <0 100 4>; resets = <&rst SPIM1_RESET>; reg-io-width = <4>; - num-chipselect = <4>; - bus-num = <0>; + num-cs = <4>; status = "disabled"; };

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] arm64: dts: marvell: fix CP110 ICU node size" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 2f872ddcdb1e8e2186162616cea4581b8403849d Mon Sep 17 00:00:00 2001 From: Miquel Raynal <miquel.raynal(a)bootlin.com> Date: Tue, 22 May 2018 11:40:28 +0200 Subject: [PATCH] arm64: dts: marvell: fix CP110 ICU node size ICU size in CP110 is not 0x10 but at least 0x440 bytes long (from the specification). Fixes: 6ef84a827c37 ("arm64: dts: marvell: enable GICP and ICU on Armada 7K/8K") Cc: stable(a)vger.kernel.org Signed-off-by: Miquel Raynal <miquel.raynal(a)bootlin.com> Reviewed-by: Thomas Petazzoni <thomas.petazzoni(a)bootlin.com> Signed-off-by: Gregory CLEMENT <gregory.clement(a)bootlin.com> diff --git a/arch/arm64/boot/dts/marvell/armada-cp110.dtsi b/arch/arm64/boot/dts/marvell/armada-cp110.dtsi index ed2f1237ea1e..8259b32f0ced 100644 --- a/arch/arm64/boot/dts/marvell/armada-cp110.dtsi +++ b/arch/arm64/boot/dts/marvell/armada-cp110.dtsi @@ -149,7 +149,7 @@ CP110_LABEL(icu): interrupt-controller@1e0000 { compatible = "marvell,cp110-icu"; - reg = <0x1e0000 0x10>; + reg = <0x1e0000 0x440>; #interrupt-cells = <3>; interrupt-controller; msi-parent = <&gicp>;

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] powerpc/powernv/cpuidle: Init all present cpus for deep" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From ac9816dcbab53c57bcf1d7b15370b08f1e284318 Mon Sep 17 00:00:00 2001 From: Akshay Adiga <akshay.adiga(a)linux.vnet.ibm.com> Date: Wed, 16 May 2018 17:32:14 +0530 Subject: [PATCH] powerpc/powernv/cpuidle: Init all present cpus for deep states Init all present cpus for deep states instead of "all possible" cpus. Init fails if a possible cpu is guarded. Resulting in making only non-deep states available for cpuidle/hotplug. Stewart says, this means that for single threaded workloads, if you guard out a CPU core you'll not get WoF (Workload Optimised Frequency), which means that performance goes down when you wouldn't expect it to. Fixes: 77b54e9f213f ("powernv/powerpc: Add winkle support for offline cpus") Cc: stable(a)vger.kernel.org # v3.19+ Signed-off-by: Akshay Adiga <akshay.adiga(a)linux.vnet.ibm.com> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> diff --git a/arch/powerpc/platforms/powernv/idle.c b/arch/powerpc/platforms/powernv/idle.c index 1f12ab1e6030..1c5d0675b43c 100644 --- a/arch/powerpc/platforms/powernv/idle.c +++ b/arch/powerpc/platforms/powernv/idle.c @@ -79,7 +79,7 @@ static int pnv_save_sprs_for_deep_states(void) uint64_t msr_val = MSR_IDLE; uint64_t psscr_val = pnv_deepest_stop_psscr_val; - for_each_possible_cpu(cpu) { + for_each_present_cpu(cpu) { uint64_t pir = get_hard_smp_processor_id(cpu); uint64_t hsprg0_val = (uint64_t)paca_ptrs[cpu]; @@ -814,7 +814,7 @@ static int __init pnv_init_idle_states(void) int cpu; pr_info("powernv: idle: Saving PACA pointers of all CPUs in their thread sibling PACA\n"); - for_each_possible_cpu(cpu) { + for_each_present_cpu(cpu) { int base_cpu = cpu_first_thread_sibling(cpu); int idx = cpu_thread_in_core(cpu); int i;

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] powerpc/powernv/cpuidle: Init all present cpus for deep" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From ac9816dcbab53c57bcf1d7b15370b08f1e284318 Mon Sep 17 00:00:00 2001 From: Akshay Adiga <akshay.adiga(a)linux.vnet.ibm.com> Date: Wed, 16 May 2018 17:32:14 +0530 Subject: [PATCH] powerpc/powernv/cpuidle: Init all present cpus for deep states Init all present cpus for deep states instead of "all possible" cpus. Init fails if a possible cpu is guarded. Resulting in making only non-deep states available for cpuidle/hotplug. Stewart says, this means that for single threaded workloads, if you guard out a CPU core you'll not get WoF (Workload Optimised Frequency), which means that performance goes down when you wouldn't expect it to. Fixes: 77b54e9f213f ("powernv/powerpc: Add winkle support for offline cpus") Cc: stable(a)vger.kernel.org # v3.19+ Signed-off-by: Akshay Adiga <akshay.adiga(a)linux.vnet.ibm.com> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> diff --git a/arch/powerpc/platforms/powernv/idle.c b/arch/powerpc/platforms/powernv/idle.c index 1f12ab1e6030..1c5d0675b43c 100644 --- a/arch/powerpc/platforms/powernv/idle.c +++ b/arch/powerpc/platforms/powernv/idle.c @@ -79,7 +79,7 @@ static int pnv_save_sprs_for_deep_states(void) uint64_t msr_val = MSR_IDLE; uint64_t psscr_val = pnv_deepest_stop_psscr_val; - for_each_possible_cpu(cpu) { + for_each_present_cpu(cpu) { uint64_t pir = get_hard_smp_processor_id(cpu); uint64_t hsprg0_val = (uint64_t)paca_ptrs[cpu]; @@ -814,7 +814,7 @@ static int __init pnv_init_idle_states(void) int cpu; pr_info("powernv: idle: Saving PACA pointers of all CPUs in their thread sibling PACA\n"); - for_each_possible_cpu(cpu) { + for_each_present_cpu(cpu) { int base_cpu = cpu_first_thread_sibling(cpu); int idx = cpu_thread_in_core(cpu); int i;

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] fuse: fix congested state leak on aborted connections" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 8a301eb16d99983a4961f884690ec97b92e7dcfe Mon Sep 17 00:00:00 2001 From: Tejun Heo <tj(a)kernel.org> Date: Fri, 2 Feb 2018 09:54:14 -0800 Subject: [PATCH] fuse: fix congested state leak on aborted connections If a connection gets aborted while congested, FUSE can leave nr_wb_congested[] stuck until reboot causing wait_iff_congested() to wait spuriously which can lead to severe performance degradation. The leak is caused by gating congestion state clearing with fc->connected test in request_end(). This was added way back in 2009 by 26c3679101db ("fuse: destroy bdi on umount"). While the commit description doesn't explain why the test was added, it most likely was to avoid dereferencing bdi after it got destroyed. Since then, bdi lifetime rules have changed many times and now we're always guaranteed to have access to the bdi while the superblock is alive (fc->sb). Drop fc->connected conditional to avoid leaking congestion states. Signed-off-by: Tejun Heo <tj(a)kernel.org> Reported-by: Joshua Miller <joshmiller(a)fb.com> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: stable(a)vger.kernel.org # v2.6.29+ Acked-by: Jan Kara <jack(a)suse.cz> Signed-off-by: Miklos Szeredi <mszeredi(a)redhat.com> diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c index 686631f12001..e03ca14f40e9 100644 --- a/fs/fuse/dev.c +++ b/fs/fuse/dev.c @@ -385,8 +385,7 @@ static void request_end(struct fuse_conn *fc, struct fuse_req *req) if (!fc->blocked && waitqueue_active(&fc->blocked_waitq)) wake_up(&fc->blocked_waitq); - if (fc->num_background == fc->congestion_threshold && - fc->connected && fc->sb) { + if (fc->num_background == fc->congestion_threshold && fc->sb) { clear_bdi_congested(fc->sb->s_bdi, BLK_RW_SYNC); clear_bdi_congested(fc->sb->s_bdi, BLK_RW_ASYNC); }

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] fuse: fix congested state leak on aborted connections" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 8a301eb16d99983a4961f884690ec97b92e7dcfe Mon Sep 17 00:00:00 2001 From: Tejun Heo <tj(a)kernel.org> Date: Fri, 2 Feb 2018 09:54:14 -0800 Subject: [PATCH] fuse: fix congested state leak on aborted connections If a connection gets aborted while congested, FUSE can leave nr_wb_congested[] stuck until reboot causing wait_iff_congested() to wait spuriously which can lead to severe performance degradation. The leak is caused by gating congestion state clearing with fc->connected test in request_end(). This was added way back in 2009 by 26c3679101db ("fuse: destroy bdi on umount"). While the commit description doesn't explain why the test was added, it most likely was to avoid dereferencing bdi after it got destroyed. Since then, bdi lifetime rules have changed many times and now we're always guaranteed to have access to the bdi while the superblock is alive (fc->sb). Drop fc->connected conditional to avoid leaking congestion states. Signed-off-by: Tejun Heo <tj(a)kernel.org> Reported-by: Joshua Miller <joshmiller(a)fb.com> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: stable(a)vger.kernel.org # v2.6.29+ Acked-by: Jan Kara <jack(a)suse.cz> Signed-off-by: Miklos Szeredi <mszeredi(a)redhat.com> diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c index 686631f12001..e03ca14f40e9 100644 --- a/fs/fuse/dev.c +++ b/fs/fuse/dev.c @@ -385,8 +385,7 @@ static void request_end(struct fuse_conn *fc, struct fuse_req *req) if (!fc->blocked && waitqueue_active(&fc->blocked_waitq)) wake_up(&fc->blocked_waitq); - if (fc->num_background == fc->congestion_threshold && - fc->connected && fc->sb) { + if (fc->num_background == fc->congestion_threshold && fc->sb) { clear_bdi_congested(fc->sb->s_bdi, BLK_RW_SYNC); clear_bdi_congested(fc->sb->s_bdi, BLK_RW_ASYNC); }

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] ftrace/selftest: Have the reset_trigger code be a bit more" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 756b56a9e832e063edc83be7c3889e98c536dd2b Mon Sep 17 00:00:00 2001 From: "Steven Rostedt (VMware)" <rostedt(a)goodmis.org> Date: Mon, 14 May 2018 15:40:29 -0400 Subject: [PATCH] ftrace/selftest: Have the reset_trigger code be a bit more careful The trigger code is picky in how it can be disabled as there may be dependencies between different events and synthetic events. Change the order on how triggers are reset. 1) Reset triggers of all synthetic events first 2) Remove triggers with actions attached to them 3) Remove all other triggers If this order isn't followed, then some triggers will not be reset, and an error may happen because a trigger is busy. Cc: stable(a)vger.kernel.org Fixes: cfa0963dc474f ("kselftests/ftrace : Add event trigger testcases") Reviewed-by: Namhyung Kim <namhyung(a)kernel.org> Acked-by: Masami Hiramatsu <mhiramat(a)kernel.org> Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> diff --git a/tools/testing/selftests/ftrace/test.d/functions b/tools/testing/selftests/ftrace/test.d/functions index 2a4f16fc9819..8393b1c06027 100644 --- a/tools/testing/selftests/ftrace/test.d/functions +++ b/tools/testing/selftests/ftrace/test.d/functions @@ -15,14 +15,29 @@ reset_tracer() { # reset the current tracer echo nop > current_tracer } -reset_trigger() { # reset all current setting triggers - grep -v ^# events/*/*/trigger | +reset_trigger_file() { + # remove action triggers first + grep -H ':on[^:]*(' $@ | + while read line; do + cmd=`echo $line | cut -f2- -d: | cut -f1 -d" "` + file=`echo $line | cut -f1 -d:` + echo "!$cmd" >> $file + done + grep -Hv ^# $@ | while read line; do cmd=`echo $line | cut -f2- -d: | cut -f1 -d" "` - echo "!$cmd" > `echo $line | cut -f1 -d:` + file=`echo $line | cut -f1 -d:` + echo "!$cmd" > $file done } +reset_trigger() { # reset all current setting triggers + if [ -d events/synthetic ]; then + reset_trigger_file events/synthetic/*/trigger + fi + reset_trigger_file events/*/*/trigger +} + reset_events_filter() { # reset all current setting filters grep -v ^none events/*/*/filter | while read line; do

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] PM / OPP: Update voltage in case freq == old_freq" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From c5c2a97b3ac7d1ec19e7cff9e38caca6afefc3de Mon Sep 17 00:00:00 2001 From: Waldemar Rymarkiewicz <waldemar.rymarkiewicz(a)gmail.com> Date: Thu, 14 Jun 2018 15:56:08 +0200 Subject: [PATCH] PM / OPP: Update voltage in case freq == old_freq This commit fixes a rare but possible case when the clk rate is updated without update of the regulator voltage. At boot up, CPUfreq checks if the system is running at the right freq. This is a sanity check in case a bootloader set clk rate that is outside of freq table present with cpufreq core. In such cases system can be unstable so better to change it to a freq that is preset in freq-table. The CPUfreq takes next freq that is >= policy->cur and this is our target_freq that needs to be set now. dev_pm_opp_set_rate(dev, target_freq) checks the target_freq and the old_freq (a current rate). If these are equal it returns early. If not, it searches for OPP (old_opp) that fits best to old_freq (not listed in the table) and updates old_freq (!). Here, we can end up with old_freq = old_opp.rate = target_freq, which is not handled in _generic_set_opp_regulator(). It's supposed to update voltage only when freq > old_freq || freq > old_freq. if (freq > old_freq) { ret = _set_opp_voltage(dev, reg, new_supply); [...] if (freq < old_freq) { ret = _set_opp_voltage(dev, reg, new_supply); if (ret) It results in, no voltage update while clk rate is updated. Example: freq-table = { 1000MHz 1.15V 666MHZ 1.10V 333MHz 1.05V } boot-up-freq = 800MHz # not listed in freq-table freq = target_freq = 1GHz old_freq = 800Mhz old_opp = _find_freq_ceil(opp_table, &old_freq); #(old_freq is modified!) old_freq = 1GHz Fixes: 6a0712f6f199 ("PM / OPP: Add dev_pm_opp_set_rate()") Cc: 4.6+ <stable(a)vger.kernel.org> # v4.6+ Signed-off-by: Waldemar Rymarkiewicz <waldemar.rymarkiewicz(a)gmail.com> Signed-off-by: Viresh Kumar <viresh.kumar(a)linaro.org> diff --git a/drivers/opp/core.c b/drivers/opp/core.c index ab2f3fead6b1..31ff03dbeb83 100644 --- a/drivers/opp/core.c +++ b/drivers/opp/core.c @@ -598,7 +598,7 @@ static int _generic_set_opp_regulator(const struct opp_table *opp_table, } /* Scaling up? Scale voltage before frequency */ - if (freq > old_freq) { + if (freq >= old_freq) { ret = _set_opp_voltage(dev, reg, new_supply); if (ret) goto restore_voltage;

7 years, 2 months

1
0
0 0

[PATCH 4.4] serial: sh-sci: Use spin_{try}lock_irqsave instead of open coding version

by Daniel Wagner

From: Daniel Wagner <daniel.wagner(a)siemens.com> [ Upstream commit 8afb1d2c12163f77777f84616a8e9444d0050ebe ] Commit 40f70c03e33a ("serial: sh-sci: add locking to console write function to avoid SMP lockup") copied the strategy to avoid locking problems in conjuncture with the console from the UART8250 driver. Instead using directly spin_{try}lock_irqsave(), local_irq_save() followed by spin_{try}lock() was used. While this is correct on mainline, for -rt it is a problem. spin_{try}lock() will check if it is running in a valid context. Since the local_irq_save() has already been executed, the context has changed and spin_{try}lock() will complain. The reason why spin_{try}lock() complains is that on -rt the spin locks are turned into mutexes and therefore can sleep. Sleeping with interrupts disabled is not valid. BUG: sleeping function called from invalid context at /home/wagi/work/rt/v4.4-cip-rt/kernel/locking/rtmutex.c:995 in_atomic(): 0, irqs_disabled(): 128, pid: 778, name: irq/76-eth0 CPU: 0 PID: 778 Comm: irq/76-eth0 Not tainted 4.4.126-test-cip22-rt14-00403-gcd03665c8318 #12 Hardware name: Generic RZ/G1 (Flattened Device Tree) Backtrace: [<c00140a0>] (dump_backtrace) from [<c001424c>] (show_stack+0x18/0x1c) r7:c06b01f0 r6:60010193 r5:00000000 r4:c06b01f0 [<c0014234>] (show_stack) from [<c01d3c94>] (dump_stack+0x78/0x94) [<c01d3c1c>] (dump_stack) from [<c004c134>] (___might_sleep+0x134/0x194) r7:60010113 r6:c06d3559 r5:00000000 r4:ffffe000 [<c004c000>] (___might_sleep) from [<c04ded60>] (rt_spin_lock+0x20/0x74) r5:c06f4d60 r4:c06f4d60 [<c04ded40>] (rt_spin_lock) from [<c02577e4>] (serial_console_write+0x100/0x118) r5:c06f4d60 r4:c06f4d60 [<c02576e4>] (serial_console_write) from [<c0061060>] (call_console_drivers.constprop.15+0x10c/0x124) r10:c06d2894 r9:c04e18b0 r8:00000028 r7:00000000 r6:c06d3559 r5:c06d2798 r4:c06b9914 r3:c02576e4 [<c0060f54>] (call_console_drivers.constprop.15) from [<c0062984>] (console_unlock+0x32c/0x430) r10:c06d30d8 r9:00000028 r8:c06dd518 r7:00000005 r6:00000000 r5:c06d2798 r4:c06d2798 r3:00000028 [<c0062658>] (console_unlock) from [<c0062e1c>] (vprintk_emit+0x394/0x4f0) r10:c06d2798 r9:c06d30ee r8:00000006 r7:00000005 r6:c06a78fc r5:00000027 r4:00000003 [<c0062a88>] (vprintk_emit) from [<c0062fa0>] (vprintk+0x28/0x30) r10:c060bd46 r9:00001000 r8:c06b9a90 r7:c06b9a90 r6:c06b994c r5:c06b9a3c r4:c0062fa8 [<c0062f78>] (vprintk) from [<c0062fb8>] (vprintk_default+0x10/0x14) [<c0062fa8>] (vprintk_default) from [<c009cd30>] (printk+0x78/0x84) [<c009ccbc>] (printk) from [<c025afdc>] (credit_entropy_bits+0x17c/0x2cc) r3:00000001 r2:decade60 r1:c061a5ee r0:c061a523 r4:00000006 [<c025ae60>] (credit_entropy_bits) from [<c025bf74>] (add_interrupt_randomness+0x160/0x178) r10:466e7196 r9:1f536000 r8:fffeef74 r7:00000000 r6:c06b9a60 r5:c06b9a3c r4:dfbcf680 [<c025be14>] (add_interrupt_randomness) from [<c006536c>] (irq_thread+0x1e8/0x248) r10:c006537c r9:c06cdf21 r8:c0064fcc r7:df791c24 r6:df791c00 r5:ffffe000 r4:df525180 [<c0065184>] (irq_thread) from [<c003fba4>] (kthread+0x108/0x11c) r10:00000000 r9:00000000 r8:c0065184 r7:df791c00 r6:00000000 r5:df791d00 r4:decac000 [<c003fa9c>] (kthread) from [<c00101b8>] (ret_from_fork+0x14/0x3c) r8:00000000 r7:00000000 r6:00000000 r5:c003fa9c r4:df791d00 Cc: Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> Signed-off-by: Daniel Wagner <daniel.wagner(a)siemens.com> Reviewed-by: Geert Uytterhoeven <geert+renesas(a)glider.be> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> [dw: Backported to 4.4.] Signed-off-by: Daniel Wagner <daniel.wagner(a)siemens.com> --- drivers/tty/serial/sh-sci.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/drivers/tty/serial/sh-sci.c b/drivers/tty/serial/sh-sci.c index 8dd822feb972..b63920481b1d 100644 --- a/drivers/tty/serial/sh-sci.c +++ b/drivers/tty/serial/sh-sci.c @@ -2419,13 +2419,12 @@ static void serial_console_write(struct console *co, const char *s, unsigned long flags; int locked = 1; - local_irq_save(flags); if (port->sysrq) locked = 0; else if (oops_in_progress) - locked = spin_trylock(&port->lock); + locked = spin_trylock_irqsave(&port->lock, flags); else - spin_lock(&port->lock); + spin_lock_irqsave(&port->lock, flags); /* first save the SCSCR then disable the interrupts */ ctrl = serial_port_in(port, SCSCR); @@ -2442,8 +2441,7 @@ static void serial_console_write(struct console *co, const char *s, serial_port_out(port, SCSCR, ctrl); if (locked) - spin_unlock(&port->lock); - local_irq_restore(flags); + spin_unlock_irqrestore(&port->lock, flags); } static int serial_console_setup(struct console *co, char *options) -- 2.14.4

7 years, 2 months

4
7
0 0

FAILED: patch "[PATCH] spi: spi-s3c64xx: Fix system resume support" failed to apply to 4.17-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.17-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From e935dba111621bd6a0c5d48e6511a4d9885103b4 Mon Sep 17 00:00:00 2001 From: Marek Szyprowski <m.szyprowski(a)samsung.com> Date: Wed, 16 May 2018 10:42:39 +0200 Subject: [PATCH] spi: spi-s3c64xx: Fix system resume support Since Linux v4.10 release (commit 1d9174fbc55e "PM / Runtime: Defer resuming of the device in pm_runtime_force_resume()"), pm_runtime_force_resume() function doesn't runtime resume device if it was not runtime active before system suspend. Thus, driver should not do any register access after pm_runtime_force_resume() without checking the runtime status of the device. To fix this issue, simply move s3c64xx_spi_hwinit() call to s3c64xx_spi_runtime_resume() to ensure that hardware is always properly initialized. This fixes Synchronous external abort issue on system suspend/resume cycle on newer Exynos SoCs. Signed-off-by: Marek Szyprowski <m.szyprowski(a)samsung.com> Reviewed-by: Krzysztof Kozlowski <krzk(a)kernel.org> Signed-off-by: Mark Brown <broonie(a)kernel.org> Cc: stable(a)vger.kernel.org diff --git a/drivers/spi/spi-s3c64xx.c b/drivers/spi/spi-s3c64xx.c index f55dc78957ad..7b7151ec14c8 100644 --- a/drivers/spi/spi-s3c64xx.c +++ b/drivers/spi/spi-s3c64xx.c @@ -1292,8 +1292,6 @@ static int s3c64xx_spi_resume(struct device *dev) if (ret < 0) return ret; - s3c64xx_spi_hwinit(sdd); - return spi_master_resume(master); } #endif /* CONFIG_PM_SLEEP */ @@ -1331,6 +1329,8 @@ static int s3c64xx_spi_runtime_resume(struct device *dev) if (ret != 0) goto err_disable_src_clk; + s3c64xx_spi_hwinit(sdd); + return 0; err_disable_src_clk:

7 years, 2 months

1
0
0 0

[PATCH v2 3/6] crypto: ccree: fix iv handling

by Gilad Ben-Yossef

We were copying our last cipher block into the request for use as IV for all modes of operations. Fix this by discerning the behaviour based on the mode of operation used: copy ciphertext for CBC, update counter for CTR. CC: stable(a)vger.kernel.org Fixes: 63ee04c8b491 ("crypto: ccree - add skcipher support") Reported by: Hadar Gat <hadar.gat(a)arm.com> Signed-off-by: Gilad Ben-Yossef <gilad(a)benyossef.com> --- drivers/crypto/ccree/cc_cipher.c | 111 +++++++++++++++++++++++++++++---------- 1 file changed, 84 insertions(+), 27 deletions(-) diff --git a/drivers/crypto/ccree/cc_cipher.c b/drivers/crypto/ccree/cc_cipher.c index d2810c1..958ced3 100644 --- a/drivers/crypto/ccree/cc_cipher.c +++ b/drivers/crypto/ccree/cc_cipher.c @@ -593,34 +593,82 @@ static void cc_setup_cipher_data(struct crypto_tfm *tfm, } } +/* + * Update a CTR-AES 128 bit counter + */ +static void cc_update_ctr(u8 *ctr, unsigned int increment) +{ + if (IS_ENABLED(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) || + IS_ALIGNED((unsigned long)ctr, 8)) { + + __be64 *high_be = (__be64 *)ctr; + __be64 *low_be = high_be + 1; + u64 orig_low = __be64_to_cpu(*low_be); + u64 new_low = orig_low + (u64)increment; + + *low_be = __cpu_to_be64(new_low); + + if (new_low < orig_low) + *high_be = __cpu_to_be64(__be64_to_cpu(*high_be) + 1); + } else { + u8 *pos = (ctr + AES_BLOCK_SIZE); + u8 val; + unsigned int size; + + for (; increment; increment--) + for (size = AES_BLOCK_SIZE; size; size--) { + val = *--pos + 1; + *pos = val; + if (val) + break; + } + } +} + static void cc_cipher_complete(struct device *dev, void *cc_req, int err) { struct skcipher_request *req = (struct skcipher_request *)cc_req; struct scatterlist *dst = req->dst; struct scatterlist *src = req->src; struct cipher_req_ctx *req_ctx = skcipher_request_ctx(req); - struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); - unsigned int ivsize = crypto_skcipher_ivsize(tfm); + struct crypto_skcipher *sk_tfm = crypto_skcipher_reqtfm(req); + struct crypto_tfm *tfm = crypto_skcipher_tfm(sk_tfm); + struct cc_cipher_ctx *ctx_p = crypto_tfm_ctx(tfm); + unsigned int ivsize = crypto_skcipher_ivsize(sk_tfm); + unsigned int len; - cc_unmap_cipher_request(dev, req_ctx, ivsize, src, dst); - kzfree(req_ctx->iv); + switch (ctx_p->cipher_mode) { + case DRV_CIPHER_CBC: + /* + * The crypto API expects us to set the req->iv to the last + * ciphertext block. For encrypt, simply copy from the result. + * For decrypt, we must copy from a saved buffer since this + * could be an in-place decryption operation and the src is + * lost by this point. + */ + if (req_ctx->gen_ctx.op_type == DRV_CRYPTO_DIRECTION_DECRYPT) { + memcpy(req->iv, req_ctx->backup_info, ivsize); + kzfree(req_ctx->backup_info); + } else if (!err) { + len = req->cryptlen - ivsize; + scatterwalk_map_and_copy(req->iv, req->dst, len, + ivsize, 0); + } + break; - /* - * The crypto API expects us to set the req->iv to the last - * ciphertext block. For encrypt, simply copy from the result. - * For decrypt, we must copy from a saved buffer since this - * could be an in-place decryption operation and the src is - * lost by this point. - */ - if (req_ctx->gen_ctx.op_type == DRV_CRYPTO_DIRECTION_DECRYPT) { - memcpy(req->iv, req_ctx->backup_info, ivsize); - kzfree(req_ctx->backup_info); - } else if (!err) { - scatterwalk_map_and_copy(req->iv, req->dst, - (req->cryptlen - ivsize), - ivsize, 0); + case DRV_CIPHER_CTR: + /* Compute the counter of the last block */ + len = ALIGN(req->cryptlen, AES_BLOCK_SIZE) / AES_BLOCK_SIZE; + cc_update_ctr((u8 *)req->iv, len); + break; + + default: + break; } + cc_unmap_cipher_request(dev, req_ctx, ivsize, src, dst); + kzfree(req_ctx->iv); + skcipher_request_complete(req, err); } @@ -752,20 +800,29 @@ static int cc_cipher_encrypt(struct skcipher_request *req) static int cc_cipher_decrypt(struct skcipher_request *req) { struct crypto_skcipher *sk_tfm = crypto_skcipher_reqtfm(req); + struct crypto_tfm *tfm = crypto_skcipher_tfm(sk_tfm); + struct cc_cipher_ctx *ctx_p = crypto_tfm_ctx(tfm); struct cipher_req_ctx *req_ctx = skcipher_request_ctx(req); unsigned int ivsize = crypto_skcipher_ivsize(sk_tfm); gfp_t flags = cc_gfp_flags(&req->base); + unsigned int len; - /* - * Allocate and save the last IV sized bytes of the source, which will - * be lost in case of in-place decryption and might be needed for CTS. - */ - req_ctx->backup_info = kmalloc(ivsize, flags); - if (!req_ctx->backup_info) - return -ENOMEM; + if (ctx_p->cipher_mode == DRV_CIPHER_CBC) { + + /* Allocate and save the last IV sized bytes of the source, + * which will be lost in case of in-place decryption. + */ + req_ctx->backup_info = kzalloc(ivsize, flags); + if (!req_ctx->backup_info) + return -ENOMEM; + + len = req->cryptlen - ivsize; + scatterwalk_map_and_copy(req_ctx->backup_info, req->src, len, + ivsize, 0); + } else { + req_ctx->backup_info = NULL; + } - scatterwalk_map_and_copy(req_ctx->backup_info, req->src, - (req->cryptlen - ivsize), ivsize, 0); req_ctx->is_giv = false; return cc_cipher_process(req, DRV_CRYPTO_DIRECTION_DECRYPT); -- 2.7.4

7 years, 2 months

1
0
0 0

[PATCH v2 1/6] crypto: ccree: fix finup

by Gilad Ben-Yossef

From: Hadar Gat <hadar.gat(a)arm.com> finup() operation was incorrect, padding was missing. Fix by setting the ccree HW to enable padding. Signed-off-by: Hadar Gat <hadar.gat(a)arm.com> [ gilad(a)benyossef.com: refactored for better code sharing ] Signed-off-by: Gilad Ben-Yossef <gilad(a)benyossef.com> Cc: stable(a)vger.kernel.org --- drivers/crypto/ccree/cc_hash.c | 81 +++++++++--------------------------------- 1 file changed, 16 insertions(+), 65 deletions(-) diff --git a/drivers/crypto/ccree/cc_hash.c b/drivers/crypto/ccree/cc_hash.c index 96ff777..e4ebde0 100644 --- a/drivers/crypto/ccree/cc_hash.c +++ b/drivers/crypto/ccree/cc_hash.c @@ -602,66 +602,7 @@ static int cc_hash_update(struct ahash_request *req) return rc; } -static int cc_hash_finup(struct ahash_request *req) -{ - struct ahash_req_ctx *state = ahash_request_ctx(req); - struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); - struct cc_hash_ctx *ctx = crypto_ahash_ctx(tfm); - u32 digestsize = crypto_ahash_digestsize(tfm); - struct scatterlist *src = req->src; - unsigned int nbytes = req->nbytes; - u8 *result = req->result; - struct device *dev = drvdata_to_dev(ctx->drvdata); - bool is_hmac = ctx->is_hmac; - struct cc_crypto_req cc_req = {}; - struct cc_hw_desc desc[CC_MAX_HASH_SEQ_LEN]; - unsigned int idx = 0; - int rc; - gfp_t flags = cc_gfp_flags(&req->base); - - dev_dbg(dev, "===== %s-finup (%d) ====\n", is_hmac ? "hmac" : "hash", - nbytes); - - if (cc_map_req(dev, state, ctx)) { - dev_err(dev, "map_ahash_source() failed\n"); - return -EINVAL; - } - - if (cc_map_hash_request_final(ctx->drvdata, state, src, nbytes, 1, - flags)) { - dev_err(dev, "map_ahash_request_final() failed\n"); - cc_unmap_req(dev, state, ctx); - return -ENOMEM; - } - if (cc_map_result(dev, state, digestsize)) { - dev_err(dev, "map_ahash_digest() failed\n"); - cc_unmap_hash_request(dev, state, src, true); - cc_unmap_req(dev, state, ctx); - return -ENOMEM; - } - - /* Setup request structure */ - cc_req.user_cb = cc_hash_complete; - cc_req.user_arg = req; - - idx = cc_restore_hash(desc, ctx, state, idx); - - if (is_hmac) - idx = cc_fin_hmac(desc, req, idx); - - idx = cc_fin_result(desc, req, idx); - - rc = cc_send_request(ctx->drvdata, &cc_req, desc, idx, &req->base); - if (rc != -EINPROGRESS && rc != -EBUSY) { - dev_err(dev, "send_request() failed (rc=%d)\n", rc); - cc_unmap_hash_request(dev, state, src, true); - cc_unmap_result(dev, state, digestsize, result); - cc_unmap_req(dev, state, ctx); - } - return rc; -} - -static int cc_hash_final(struct ahash_request *req) +static int cc_do_finup(struct ahash_request *req, bool update) { struct ahash_req_ctx *state = ahash_request_ctx(req); struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); @@ -678,21 +619,20 @@ static int cc_hash_final(struct ahash_request *req) int rc; gfp_t flags = cc_gfp_flags(&req->base); - dev_dbg(dev, "===== %s-final (%d) ====\n", is_hmac ? "hmac" : "hash", - nbytes); + dev_dbg(dev, "===== %s-%s (%d) ====\n", is_hmac ? "hmac" : "hash", + update ? "finup" : "final", nbytes); if (cc_map_req(dev, state, ctx)) { dev_err(dev, "map_ahash_source() failed\n"); return -EINVAL; } - if (cc_map_hash_request_final(ctx->drvdata, state, src, nbytes, 0, + if (cc_map_hash_request_final(ctx->drvdata, state, src, nbytes, update, flags)) { dev_err(dev, "map_ahash_request_final() failed\n"); cc_unmap_req(dev, state, ctx); return -ENOMEM; } - if (cc_map_result(dev, state, digestsize)) { dev_err(dev, "map_ahash_digest() failed\n"); cc_unmap_hash_request(dev, state, src, true); @@ -706,7 +646,7 @@ static int cc_hash_final(struct ahash_request *req) idx = cc_restore_hash(desc, ctx, state, idx); - /* "DO-PAD" must be enabled only when writing current length to HW */ + /* Pad the hash */ hw_desc_init(&desc[idx]); set_cipher_do(&desc[idx], DO_PAD); set_cipher_mode(&desc[idx], ctx->hw_mode); @@ -731,6 +671,17 @@ static int cc_hash_final(struct ahash_request *req) return rc; } +static int cc_hash_finup(struct ahash_request *req) +{ + return cc_do_finup(req, true); +} + + +static int cc_hash_final(struct ahash_request *req) +{ + return cc_do_finup(req, false); +} + static int cc_hash_init(struct ahash_request *req) { struct ahash_req_ctx *state = ahash_request_ctx(req); -- 2.7.4

7 years, 2 months

1
0
0 0

[PATCH v3] ARM: dts: imx51-zii-rdu1: fix touchscreen pinctrl

by Nick Dyer

The pinctrl settings were incorrect for the touchscreen interrupt line, causing an interrupt storm. This change has been tested with both the atmel_mxt_ts and RMI4 drivers on the RDU1 units. The value 0x4 comes from the value of register IOMUXC_SW_PAD_CTL_PAD_CSI1_D8 from the old vendor kernel. Signed-off-by: Nick Dyer <nick(a)shmanahar.org> Fixes: ceef0396f367 ("ARM: dts: imx: add ZII RDU1 board") Cc: <stable(a)vger.kernel.org> # 4.15+ --- Changes in v3: - Update commit message to add source of 0x4 value, fixes tag and CC stable Changes in v2: - Use hex, only alter IRQ line config arch/arm/boot/dts/imx51-zii-rdu1.dts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm/boot/dts/imx51-zii-rdu1.dts b/arch/arm/boot/dts/imx51-zii-rdu1.dts index df9eca94d812..8a878687197b 100644 --- a/arch/arm/boot/dts/imx51-zii-rdu1.dts +++ b/arch/arm/boot/dts/imx51-zii-rdu1.dts @@ -770,7 +770,7 @@ pinctrl_ts: tsgrp { fsl,pins = < - MX51_PAD_CSI1_D8__GPIO3_12 0x85 + MX51_PAD_CSI1_D8__GPIO3_12 0x04 MX51_PAD_CSI1_D9__GPIO3_13 0x85 >; }; -- 2.17.1

7 years, 2 months

4
5
0 0

[merged] kasan-depend-on-config_slub_debug.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: kasan: depend on CONFIG_SLUB_DEBUG has been removed from the -mm tree. Its filename was kasan-depend-on-config_slub_debug.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: "Jason A. Donenfeld" <Jason(a)zx2c4.com> Subject: kasan: depend on CONFIG_SLUB_DEBUG KASAN depends on having access to some of the accounting that SLUB_DEBUG does; without it, there are immediate crashes [1]. So, the natural thing to do is to make KASAN select SLUB_DEBUG. [1] http://lkml.kernel.org/r/CAHmME9rtoPwxUSnktxzKso14iuVCWT7BE_-_8PAC=pGw1iJnQ… Link: http://lkml.kernel.org/r/20180622154623.25388-1-Jason@zx2c4.com Fixes: f9e13c0a5a33 ("slab, slub: skip unnecessary kasan_cache_shutdown()") Signed-off-by: Jason A. Donenfeld <Jason(a)zx2c4.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Reviewed-by: Shakeel Butt <shakeelb(a)google.com> Acked-by: Christoph Lameter <cl(a)linux.com> Cc: Shakeel Butt <shakeelb(a)google.com> Cc: David Rientjes <rientjes(a)google.com> Cc: Pekka Enberg <penberg(a)kernel.org> Cc: Joonsoo Kim <iamjoonsoo.kim(a)lge.com> Cc: Andrey Ryabinin <aryabinin(a)virtuozzo.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- diff -puN lib/Kconfig.kasan~kasan-depend-on-config_slub_debug lib/Kconfig.kasan --- a/lib/Kconfig.kasan~kasan-depend-on-config_slub_debug +++ a/lib/Kconfig.kasan @@ -6,6 +6,7 @@ if HAVE_ARCH_KASAN config KASAN bool "KASan: runtime memory debugger" depends on SLUB || (SLAB && !DEBUG_SLAB) + select SLUB_DEBUG if SLUB select CONSTRUCTORS select STACKDEPOT help _ Patches currently in -mm which might be from Jason(a)zx2c4.com are

7 years, 2 months

1
0
0 0

[merged] x86-e820-put-e820_type_ram-regions-into-memblockreserved.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: x86/e820: put !E820_TYPE_RAM regions into memblock.reserved has been removed from the -mm tree. Its filename was x86-e820-put-e820_type_ram-regions-into-memblockreserved.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> Subject: x86/e820: put !E820_TYPE_RAM regions into memblock.reserved There is a kernel panic that is triggered when reading /proc/kpageflags on the kernel booted with kernel parameter 'memmap=nn[KMG]!ss[KMG]': BUG: unable to handle kernel paging request at fffffffffffffffe PGD 9b20e067 P4D 9b20e067 PUD 9b210067 PMD 0 Oops: 0000 [#1] SMP PTI CPU: 2 PID: 1728 Comm: page-types Not tainted 4.17.0-rc6-mm1-v4.17-rc6-180605-0816-00236-g2dfb086ef02c+ #160 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2.fc28 04/01/2014 RIP: 0010:stable_page_flags+0x27/0x3c0 Code: 00 00 00 0f 1f 44 00 00 48 85 ff 0f 84 a0 03 00 00 41 54 55 49 89 fc 53 48 8b 57 08 48 8b 2f 48 8d 42 ff 83 e2 01 48 0f 44 c7 <48> 8b 00 f6 c4 01 0f 84 10 03 00 00 31 db 49 8b 54 24 08 4c 89 e7 RSP: 0018:ffffbbd44111fde0 EFLAGS: 00010202 RAX: fffffffffffffffe RBX: 00007fffffffeff9 RCX: 0000000000000000 RDX: 0000000000000001 RSI: 0000000000000202 RDI: ffffed1182fff5c0 RBP: ffffffffffffffff R08: 0000000000000001 R09: 0000000000000001 R10: ffffbbd44111fed8 R11: 0000000000000000 R12: ffffed1182fff5c0 R13: 00000000000bffd7 R14: 0000000002fff5c0 R15: ffffbbd44111ff10 FS: 00007efc4335a500(0000) GS:ffff93a5bfc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: fffffffffffffffe CR3: 00000000b2a58000 CR4: 00000000001406e0 Call Trace: kpageflags_read+0xc7/0x120 proc_reg_read+0x3c/0x60 __vfs_read+0x36/0x170 vfs_read+0x89/0x130 ksys_pread64+0x71/0x90 do_syscall_64+0x5b/0x160 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7efc42e75e23 Code: 09 00 ba 9f 01 00 00 e8 ab 81 f4 ff 66 2e 0f 1f 84 00 00 00 00 00 90 83 3d 29 0a 2d 00 00 75 13 49 89 ca b8 11 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 34 c3 48 83 ec 08 e8 db d3 01 00 48 89 04 24 According to kernel bisection, this problem became visible due to commit f7f99100d8d9 ("mm: stop zeroing memory during allocation in vmemmap") which changes how struct pages are initialized. Memblock layout affects the pfn ranges covered by node/zone. Consider that we have a VM with 2 NUMA nodes and each node has 4GB memory, and the default (no memmap= given) memblock layout is like below: MEMBLOCK configuration: memory size = 0x00000001fff75c00 reserved size = 0x000000000300c000 memory.cnt = 0x4 memory[0x0] [0x0000000000001000-0x000000000009efff], 0x000000000009e000 bytes on node 0 flags: 0x0 memory[0x1] [0x0000000000100000-0x00000000bffd6fff], 0x00000000bfed7000 bytes on node 0 flags: 0x0 memory[0x2] [0x0000000100000000-0x000000013fffffff], 0x0000000040000000 bytes on node 0 flags: 0x0 memory[0x3] [0x0000000140000000-0x000000023fffffff], 0x0000000100000000 bytes on node 1 flags: 0x0 ... If you give memmap=1G!4G (so it just covers memory[0x2]), the range [0x100000000-0x13fffffff] is gone: MEMBLOCK configuration: memory size = 0x00000001bff75c00 reserved size = 0x000000000300c000 memory.cnt = 0x3 memory[0x0] [0x0000000000001000-0x000000000009efff], 0x000000000009e000 bytes on node 0 flags: 0x0 memory[0x1] [0x0000000000100000-0x00000000bffd6fff], 0x00000000bfed7000 bytes on node 0 flags: 0x0 memory[0x2] [0x0000000140000000-0x000000023fffffff], 0x0000000100000000 bytes on node 1 flags: 0x0 ... This causes shrinking node 0's pfn range because it is calculated by the address range of memblock.memory. So some of struct pages in the gap range are left uninitialized. We have a function zero_resv_unavail() which does zeroing the struct pages within the reserved unavailable range (i.e. memblock.memory && !memblock.reserved). This patch utilizes it to cover all unavailable ranges by putting them into memblock.reserved. Link: http://lkml.kernel.org/r/20180615072947.GB23273@hori1.linux.bs1.fc.nec.co.jp Fixes: f7f99100d8d9 ("mm: stop zeroing memory during allocation in vmemmap") Signed-off-by: Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> Tested-by: Oscar Salvador <osalvador(a)suse.de> Tested-by: "Herton R. Krzesinski" <herton(a)redhat.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Reviewed-by: Pavel Tatashin <pasha.tatashin(a)oracle.com> Cc: Steven Sistare <steven.sistare(a)oracle.com> Cc: Daniel Jordan <daniel.m.jordan(a)oracle.com> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- diff -puN arch/x86/kernel/e820.c~x86-e820-put-e820_type_ram-regions-into-memblockreserved arch/x86/kernel/e820.c --- a/arch/x86/kernel/e820.c~x86-e820-put-e820_type_ram-regions-into-memblockreserved +++ a/arch/x86/kernel/e820.c @@ -1248,6 +1248,7 @@ void __init e820__memblock_setup(void) { int i; u64 end; + u64 addr = 0; /* * The bootstrap memblock region count maximum is 128 entries @@ -1264,13 +1265,21 @@ void __init e820__memblock_setup(void) struct e820_entry *entry = &e820_table->entries[i]; end = entry->addr + entry->size; + if (addr < entry->addr) + memblock_reserve(addr, entry->addr - addr); + addr = end; if (end != (resource_size_t)end) continue; + /* + * all !E820_TYPE_RAM ranges (including gap ranges) are put + * into memblock.reserved to make sure that struct pages in + * such regions are not left uninitialized after bootup. + */ if (entry->type != E820_TYPE_RAM && entry->type != E820_TYPE_RESERVED_KERN) - continue; - - memblock_add(entry->addr, entry->size); + memblock_reserve(entry->addr, entry->size); + else + memblock_add(entry->addr, entry->size); } /* Throw away partial pages: */ _ Patches currently in -mm which might be from n-horiguchi(a)ah.jp.nec.com are

7 years, 2 months

1
0
0 0

[merged] slub-fix-failure-when-we-delete-and-create-a-slab-cache.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: slub: fix failure when we delete and create a slab cache has been removed from the -mm tree. Its filename was slub-fix-failure-when-we-delete-and-create-a-slab-cache.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Mikulas Patocka <mpatocka(a)redhat.com> Subject: slub: fix failure when we delete and create a slab cache In kernel 4.17 I removed some code from dm-bufio that did slab cache merging (21bb13276768) - both slab and slub support merging caches with identical attributes, so dm-bufio now just calls kmem_cache_create and relies on implicit merging. This uncovered a bug in the slub subsystem - if we delete a cache and immediatelly create another cache with the same attributes, it fails because of duplicate filename in /sys/kernel/slab/. The slub subsystem offloads freeing the cache to a workqueue - and if we create the new cache before the workqueue runs, it complains because of duplicate filename in sysfs. This patch fixes the bug by moving the call of kobject_del from sysfs_slab_remove_workfn to shutdown_cache. kobject_del must be called while we hold slab_mutex - so that the sysfs entry is deleted before a cache with the same attributes could be created. Running device-mapper-test-suite with: dmtest run --suite thin-provisioning -n /commit_failure_causes_fallback/ triggers: [ 119.618958] Buffer I/O error on dev dm-0, logical block 1572848, async page read [ 119.686224] device-mapper: thin: 253:1: metadata operation 'dm_pool_alloc_data_block' failed: error = -5 [ 119.695821] device-mapper: thin: 253:1: aborting current metadata transaction [ 119.703255] sysfs: cannot create duplicate filename '/kernel/slab/:a-0000144' [ 119.710394] CPU: 2 PID: 1037 Comm: kworker/u48:1 Not tainted 4.17.0.snitm+ #25 [ 119.717608] Hardware name: Supermicro SYS-1029P-WTR/X11DDW-L, BIOS 2.0a 12/06/2017 [ 119.725177] Workqueue: dm-thin do_worker [dm_thin_pool] [ 119.730401] Call Trace: [ 119.732856] dump_stack+0x5a/0x73 [ 119.736173] sysfs_warn_dup+0x58/0x70 [ 119.739839] sysfs_create_dir_ns+0x77/0x80 [ 119.743939] kobject_add_internal+0xba/0x2e0 [ 119.748210] kobject_init_and_add+0x70/0xb0 [ 119.752399] ? sysfs_slab_add+0x101/0x250 [ 119.756409] sysfs_slab_add+0xb1/0x250 [ 119.760161] __kmem_cache_create+0x116/0x150 [ 119.764436] ? number+0x2fb/0x340 [ 119.767755] ? _cond_resched+0x15/0x30 [ 119.771508] create_cache+0xd9/0x1f0 [ 119.775085] kmem_cache_create_usercopy+0x1c1/0x250 [ 119.779965] kmem_cache_create+0x18/0x20 [ 119.783894] dm_bufio_client_create+0x1ae/0x410 [dm_bufio] [ 119.789380] ? dm_block_manager_alloc_callback+0x20/0x20 [dm_persistent_data] [ 119.796509] ? kmem_cache_alloc_trace+0xae/0x1d0 [ 119.801131] dm_block_manager_create+0x5e/0x90 [dm_persistent_data] [ 119.807397] __create_persistent_data_objects+0x38/0x940 [dm_thin_pool] [ 119.814008] dm_pool_abort_metadata+0x64/0x90 [dm_thin_pool] [ 119.819669] metadata_operation_failed+0x59/0x100 [dm_thin_pool] [ 119.825673] alloc_data_block.isra.53+0x86/0x180 [dm_thin_pool] [ 119.831592] process_cell+0x2a3/0x550 [dm_thin_pool] [ 119.836558] ? mempool_alloc+0x6f/0x180 [ 119.840400] ? u32_swap+0x10/0x10 [ 119.843717] ? sort+0x17b/0x270 [ 119.846863] ? u32_swap+0x10/0x10 [ 119.850181] do_worker+0x28d/0x8f0 [dm_thin_pool] [ 119.854890] ? move_linked_works+0x6f/0xa0 [ 119.858989] process_one_work+0x171/0x370 [ 119.862999] worker_thread+0x49/0x3f0 [ 119.866669] kthread+0xf8/0x130 [ 119.869813] ? max_active_store+0x80/0x80 [ 119.873827] ? kthread_bind+0x10/0x10 [ 119.877493] ret_from_fork+0x35/0x40 [ 119.881076] kobject_add_internal failed for :a-0000144 with -EEXIST, don't try to register things with the same name in the same directory. [ 119.893580] kmem_cache_create(dm_bufio_buffer-16) failed with error -17 Link: http://lkml.kernel.org/r/alpine.LRH.2.02.1806151817130.6333@file01.intranet… Signed-off-by: Mikulas Patocka <mpatocka(a)redhat.com> Reported-by: Mike Snitzer <snitzer(a)redhat.com> Tested-by: Mike Snitzer <snitzer(a)redhat.com> Cc: Christoph Lameter <cl(a)linux.com> Cc: Pekka Enberg <penberg(a)kernel.org> Cc: David Rientjes <rientjes(a)google.com> Cc: Joonsoo Kim <iamjoonsoo.kim(a)lge.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- diff -puN include/linux/slub_def.h~slub-fix-failure-when-we-delete-and-create-a-slab-cache include/linux/slub_def.h --- a/include/linux/slub_def.h~slub-fix-failure-when-we-delete-and-create-a-slab-cache +++ a/include/linux/slub_def.h @@ -155,8 +155,12 @@ struct kmem_cache { #ifdef CONFIG_SYSFS #define SLAB_SUPPORTS_SYSFS +void sysfs_slab_unlink(struct kmem_cache *); void sysfs_slab_release(struct kmem_cache *); #else +static inline void sysfs_slab_unlink(struct kmem_cache *s) +{ +} static inline void sysfs_slab_release(struct kmem_cache *s) { } diff -puN mm/slab_common.c~slub-fix-failure-when-we-delete-and-create-a-slab-cache mm/slab_common.c --- a/mm/slab_common.c~slub-fix-failure-when-we-delete-and-create-a-slab-cache +++ a/mm/slab_common.c @@ -567,10 +567,14 @@ static int shutdown_cache(struct kmem_ca list_del(&s->list); if (s->flags & SLAB_TYPESAFE_BY_RCU) { +#ifdef SLAB_SUPPORTS_SYSFS + sysfs_slab_unlink(s); +#endif list_add_tail(&s->list, &slab_caches_to_rcu_destroy); schedule_work(&slab_caches_to_rcu_destroy_work); } else { #ifdef SLAB_SUPPORTS_SYSFS + sysfs_slab_unlink(s); sysfs_slab_release(s); #else slab_kmem_cache_release(s); diff -puN mm/slub.c~slub-fix-failure-when-we-delete-and-create-a-slab-cache mm/slub.c --- a/mm/slub.c~slub-fix-failure-when-we-delete-and-create-a-slab-cache +++ a/mm/slub.c @@ -5667,7 +5667,6 @@ static void sysfs_slab_remove_workfn(str kset_unregister(s->memcg_kset); #endif kobject_uevent(&s->kobj, KOBJ_REMOVE); - kobject_del(&s->kobj); out: kobject_put(&s->kobj); } @@ -5752,6 +5751,12 @@ static void sysfs_slab_remove(struct kme schedule_work(&s->kobj_remove_work); } +void sysfs_slab_unlink(struct kmem_cache *s) +{ + if (slab_state >= FULL) + kobject_del(&s->kobj); +} + void sysfs_slab_release(struct kmem_cache *s) { if (slab_state >= FULL) _ Patches currently in -mm which might be from mpatocka(a)redhat.com are

7 years, 2 months

1
0
0 0

[PATCH] IB/srpt: Support HCAs with more than two ports

by Bart Van Assche

Since there are adapters that have four ports, increase the size of the srpt_device.port[] array. This patch avoids that the following warning is hit with quad port Chelsio adapters: WARN_ON(sdev->device->phys_port_cnt > ARRAY_SIZE(sdev->port)); Reported-by: Steve Wise <swise(a)opengridcomputing.com> Signed-off-by: Bart Van Assche <bart.vanassche(a)wdc.com> Cc: Steve Wise <swise(a)opengridcomputing.com> Cc: Christoph Hellwig <hch(a)infradead.org> Cc: <stable(a)vger.kernel.org> --- drivers/infiniband/ulp/srpt/ib_srpt.c | 6 +++--- drivers/infiniband/ulp/srpt/ib_srpt.h | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/infiniband/ulp/srpt/ib_srpt.c b/drivers/infiniband/ulp/srpt/ib_srpt.c index 3081c629a7f7..50f4f9806ac6 100644 --- a/drivers/infiniband/ulp/srpt/ib_srpt.c +++ b/drivers/infiniband/ulp/srpt/ib_srpt.c @@ -2969,10 +2969,12 @@ static void srpt_add_one(struct ib_device *device) pr_debug("device = %p\n", device); - sdev = kzalloc(sizeof(*sdev), GFP_KERNEL); + sdev = kzalloc(sizeof(*sdev) + device->phys_port_cnt * + sizeof(*sdev->port), GFP_KERNEL); if (!sdev) goto err; + sdev->port = (void *)(sdev + 1); sdev->device = device; mutex_init(&sdev->sdev_mutex); @@ -3023,8 +3025,6 @@ static void srpt_add_one(struct ib_device *device) srpt_event_handler); ib_register_event_handler(&sdev->event_handler); - WARN_ON(sdev->device->phys_port_cnt > ARRAY_SIZE(sdev->port)); - for (i = 1; i <= sdev->device->phys_port_cnt; i++) { sport = &sdev->port[i - 1]; INIT_LIST_HEAD(&sport->nexus_list); diff --git a/drivers/infiniband/ulp/srpt/ib_srpt.h b/drivers/infiniband/ulp/srpt/ib_srpt.h index 2361483476a0..b20ad6dbf966 100644 --- a/drivers/infiniband/ulp/srpt/ib_srpt.h +++ b/drivers/infiniband/ulp/srpt/ib_srpt.h @@ -410,7 +410,7 @@ struct srpt_device { struct mutex sdev_mutex; bool use_srq; struct srpt_recv_ioctx **ioctx_ring; - struct srpt_port port[2]; + struct srpt_port *port; struct ib_event_handler event_handler; struct list_head list; }; -- 2.17.1

7 years, 2 months

3
5
0 0

[PATCH v2] kvm, mm: account shadow page tables to kmemcg

by Shakeel Butt

The size of kvm's shadow page tables corresponds to the size of the guest virtual machines on the system. Large VMs can spend a significant amount of memory as shadow page tables which can not be left as system memory overhead. So, account shadow page tables to the kmemcg. Signed-off-by: Shakeel Butt <shakeelb(a)google.com> Cc: Michal Hocko <mhocko(a)kernel.org> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Vladimir Davydov <vdavydov.dev(a)gmail.com> Cc: Paolo Bonzini <pbonzini(a)redhat.com> Cc: Greg Thelen <gthelen(a)google.com> Cc: Radim Krčmář <rkrcmar(a)redhat.com> Cc: Peter Feiner <pfeiner(a)google.com> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: stable(a)vger.kernel.org --- Changelog since v1: - replaced (GFP_KERNEL|__GFP_ACCOUNT) with GFP_KERNEL_ACCOUNT arch/x86/kvm/mmu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c index d594690d8b95..6b8f11521c41 100644 --- a/arch/x86/kvm/mmu.c +++ b/arch/x86/kvm/mmu.c @@ -890,7 +890,7 @@ static int mmu_topup_memory_cache_page(struct kvm_mmu_memory_cache *cache, if (cache->nobjs >= min) return 0; while (cache->nobjs < ARRAY_SIZE(cache->objects)) { - page = (void *)__get_free_page(GFP_KERNEL); + page = (void *)__get_free_page(GFP_KERNEL_ACCOUNT); if (!page) return -ENOMEM; cache->objects[cache->nobjs++] = page; -- 2.18.0.rc2.346.g013aa6912e-goog

7 years, 2 months

3
5
0 0

[PATCH v8] tpm: separate cmd_ready/go_idle from runtime_pm

by Tomas Winkler

Fix tpm ptt initialization error: tpm tpm0: A TPM error (378) occurred get tpm pcr allocation. We cannot use go_idle cmd_ready commands via runtime_pm handles as with the introduction of localities this is no longer an optional feature, while runtime pm can be not enabled. Though cmd_ready/go_idle provides a power saving, it's also a part of TPM2 protocol and should be called explicitly. This patch exposes cmd_read/go_idle via tpm class ops and removes runtime pm support as it is not used by any driver. When calling from nested context always use both flags: TPM_TRANSMIT_UNLOCKED and TPM_TRANSMIT_RAW. Both are needed to resolve tpm spaces and locality request recursive calls to tpm_transmit(). TPM_TRANSMIT_RAW should never be used standalone as it will fail on double locking. While TPM_TRANSMIT_UNLOCKED standalone should be called from non-recursive locked contexts. New wrappers are added tpm_cmd_ready() and tpm_go_idle() to streamline tpm_try_transmit code. tpm_crb no longer needs own power saving functions and can drop using tpm_pm_suspend/resume. This patch cannot be really separated from the locality fix. Fixes: 888d867df441 (tpm: cmd_ready command can be issued only after granting locality) Cc: stable(a)vger.kernel.org Fixes: 888d867df441 (tpm: cmd_ready command can be issued only after granting locality) Signed-off-by: Tomas Winkler <tomas.winkler(a)intel.com> --- V2-3:resent V4: 1. Use tpm_pm_suspend/resume in tpm_crb 2. Drop cmd_ready/go_idle around tpm_chip_register, as there is no usage counter like in runtime_pm. V5: 1. add tpm_cmd_ready and tpm_go_idle wrappers. 2. Abuse TPM_TRANSMIT_UNLOCKED flag to resolve tpm space recursion. V6: 1. Add new flags TPM_TRANSMIT_NESTED which implies TPM_TRANSMIT_UNLOCKED and TPM_TRANSMIT_RAW, as not all unlocked flows are recursive i.e. tpm2_unseal_trusted. V7: 1. Add dmesg dump. V8: 1. Remove TPM_TRANSMIT_NESTED. Use two flags TPM_TRANSMIT_UNLOCKED and TPM_TRANSMIT_RAW. drivers/char/tpm/tpm-interface.c | 51 ++++++++++++++++---- drivers/char/tpm/tpm.h | 12 ++++- drivers/char/tpm/tpm2-space.c | 16 ++++--- drivers/char/tpm/tpm_crb.c | 101 +++++++++++---------------------------- include/linux/tpm.h | 2 + 5 files changed, 90 insertions(+), 92 deletions(-) diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c index e32f6e85dc6d..31b86e027f9d 100644 --- a/drivers/char/tpm/tpm-interface.c +++ b/drivers/char/tpm/tpm-interface.c @@ -29,7 +29,6 @@ #include <linux/mutex.h> #include <linux/spinlock.h> #include <linux/freezer.h> -#include <linux/pm_runtime.h> #include <linux/tpm_eventlog.h> #include "tpm.h" @@ -369,10 +368,13 @@ static int tpm_validate_command(struct tpm_chip *chip, return -EINVAL; } -static int tpm_request_locality(struct tpm_chip *chip) +static int tpm_request_locality(struct tpm_chip *chip, unsigned int flags) { int rc; + if (flags & TPM_TRANSMIT_RAW) + return 0; + if (!chip->ops->request_locality) return 0; @@ -385,10 +387,13 @@ static int tpm_request_locality(struct tpm_chip *chip) return 0; } -static void tpm_relinquish_locality(struct tpm_chip *chip) +static void tpm_relinquish_locality(struct tpm_chip *chip, unsigned int flags) { int rc; + if (flags & TPM_TRANSMIT_RAW) + return; + if (!chip->ops->relinquish_locality) return; @@ -399,6 +404,28 @@ static void tpm_relinquish_locality(struct tpm_chip *chip) chip->locality = -1; } +static int tpm_cmd_ready(struct tpm_chip *chip, unsigned int flags) +{ + if (flags & TPM_TRANSMIT_RAW) + return 0; + + if (!chip->ops->cmd_ready) + return 0; + + return chip->ops->cmd_ready(chip); +} + +static int tpm_go_idle(struct tpm_chip *chip, unsigned int flags) +{ + if (flags & TPM_TRANSMIT_RAW) + return 0; + + if (!chip->ops->go_idle) + return 0; + + return chip->ops->go_idle(chip); +} + static ssize_t tpm_try_transmit(struct tpm_chip *chip, struct tpm_space *space, u8 *buf, size_t bufsiz, @@ -449,14 +476,15 @@ static ssize_t tpm_try_transmit(struct tpm_chip *chip, /* Store the decision as chip->locality will be changed. */ need_locality = chip->locality == -1; - if (!(flags & TPM_TRANSMIT_RAW) && need_locality) { - rc = tpm_request_locality(chip); + if (need_locality) { + rc = tpm_request_locality(chip, flags); if (rc < 0) goto out_no_locality; } - if (chip->dev.parent) - pm_runtime_get_sync(chip->dev.parent); + rc = tpm_cmd_ready(chip, flags); + if (rc) + goto out; rc = tpm2_prepare_space(chip, space, ordinal, buf); if (rc) @@ -516,13 +544,16 @@ static ssize_t tpm_try_transmit(struct tpm_chip *chip, } rc = tpm2_commit_space(chip, space, ordinal, buf, &len); + if (rc) + dev_err(&chip->dev, "tpm2_commit_space: error %d\n", rc); out: - if (chip->dev.parent) - pm_runtime_put_sync(chip->dev.parent); + rc = tpm_go_idle(chip, flags); + if (rc) + goto out; if (need_locality) - tpm_relinquish_locality(chip); + tpm_relinquish_locality(chip, flags); out_no_locality: if (chip->ops->clk_enable != NULL) diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h index 4426649e431c..5f02dcd3df97 100644 --- a/drivers/char/tpm/tpm.h +++ b/drivers/char/tpm/tpm.h @@ -511,9 +511,17 @@ extern const struct file_operations tpm_fops; extern const struct file_operations tpmrm_fops; extern struct idr dev_nums_idr; +/** + * enum tpm_transmit_flags + * + * @TPM_TRANSMIT_UNLOCKED: used to lock sequence of tpm_transmit calls. + * @TPM_TRANSMIT_RAW: prevent recursive calls into setup steps + * (go idle, locality,..). Always use with UNLOCKED + * as it will fail on double locking. + */ enum tpm_transmit_flags { - TPM_TRANSMIT_UNLOCKED = BIT(0), - TPM_TRANSMIT_RAW = BIT(1), + TPM_TRANSMIT_UNLOCKED = BIT(0), + TPM_TRANSMIT_RAW = BIT(1), }; ssize_t tpm_transmit(struct tpm_chip *chip, struct tpm_space *space, diff --git a/drivers/char/tpm/tpm2-space.c b/drivers/char/tpm/tpm2-space.c index 6122d3276f72..11c85ed8c113 100644 --- a/drivers/char/tpm/tpm2-space.c +++ b/drivers/char/tpm/tpm2-space.c @@ -39,7 +39,8 @@ static void tpm2_flush_sessions(struct tpm_chip *chip, struct tpm_space *space) for (i = 0; i < ARRAY_SIZE(space->session_tbl); i++) { if (space->session_tbl[i]) tpm2_flush_context_cmd(chip, space->session_tbl[i], - TPM_TRANSMIT_UNLOCKED); + TPM_TRANSMIT_UNLOCKED | + TPM_TRANSMIT_RAW); } } @@ -84,7 +85,7 @@ static int tpm2_load_context(struct tpm_chip *chip, u8 *buf, tpm_buf_append(&tbuf, &buf[*offset], body_size); rc = tpm_transmit_cmd(chip, NULL, tbuf.data, PAGE_SIZE, 4, - TPM_TRANSMIT_UNLOCKED, NULL); + TPM_TRANSMIT_UNLOCKED | TPM_TRANSMIT_RAW, NULL); if (rc < 0) { dev_warn(&chip->dev, "%s: failed with a system error %d\n", __func__, rc); @@ -133,7 +134,7 @@ static int tpm2_save_context(struct tpm_chip *chip, u32 handle, u8 *buf, tpm_buf_append_u32(&tbuf, handle); rc = tpm_transmit_cmd(chip, NULL, tbuf.data, PAGE_SIZE, 0, - TPM_TRANSMIT_UNLOCKED, NULL); + TPM_TRANSMIT_UNLOCKED | TPM_TRANSMIT_RAW, NULL); if (rc < 0) { dev_warn(&chip->dev, "%s: failed with a system error %d\n", __func__, rc); @@ -170,7 +171,8 @@ static void tpm2_flush_space(struct tpm_chip *chip) for (i = 0; i < ARRAY_SIZE(space->context_tbl); i++) if (space->context_tbl[i] && ~space->context_tbl[i]) tpm2_flush_context_cmd(chip, space->context_tbl[i], - TPM_TRANSMIT_UNLOCKED); + TPM_TRANSMIT_UNLOCKED | + TPM_TRANSMIT_RAW); tpm2_flush_sessions(chip, space); } @@ -377,7 +379,8 @@ static int tpm2_map_response_header(struct tpm_chip *chip, u32 cc, u8 *rsp, return 0; out_no_slots: - tpm2_flush_context_cmd(chip, phandle, TPM_TRANSMIT_UNLOCKED); + tpm2_flush_context_cmd(chip, phandle, + TPM_TRANSMIT_UNLOCKED | TPM_TRANSMIT_RAW); dev_warn(&chip->dev, "%s: out of slots for 0x%08X\n", __func__, phandle); return -ENOMEM; @@ -465,7 +468,8 @@ static int tpm2_save_space(struct tpm_chip *chip) return rc; tpm2_flush_context_cmd(chip, space->context_tbl[i], - TPM_TRANSMIT_UNLOCKED); + TPM_TRANSMIT_UNLOCKED | + TPM_TRANSMIT_RAW); space->context_tbl[i] = ~0; } diff --git a/drivers/char/tpm/tpm_crb.c b/drivers/char/tpm/tpm_crb.c index 34fbc6cb097b..36952ef98f90 100644 --- a/drivers/char/tpm/tpm_crb.c +++ b/drivers/char/tpm/tpm_crb.c @@ -132,7 +132,7 @@ static bool crb_wait_for_reg_32(u32 __iomem *reg, u32 mask, u32 value, } /** - * crb_go_idle - request tpm crb device to go the idle state + * __crb_go_idle - request tpm crb device to go the idle state * * @dev: crb device * @priv: crb private data @@ -147,7 +147,7 @@ static bool crb_wait_for_reg_32(u32 __iomem *reg, u32 mask, u32 value, * * Return: 0 always */ -static int crb_go_idle(struct device *dev, struct crb_priv *priv) +static int __crb_go_idle(struct device *dev, struct crb_priv *priv) { if ((priv->sm == ACPI_TPM2_START_METHOD) || (priv->sm == ACPI_TPM2_COMMAND_BUFFER_WITH_START_METHOD) || @@ -163,11 +163,20 @@ static int crb_go_idle(struct device *dev, struct crb_priv *priv) dev_warn(dev, "goIdle timed out\n"); return -ETIME; } + return 0; } +static int crb_go_idle(struct tpm_chip *chip) +{ + struct device *dev = &chip->dev; + struct crb_priv *priv = dev_get_drvdata(dev); + + return __crb_go_idle(dev, priv); +} + /** - * crb_cmd_ready - request tpm crb device to enter ready state + * __crb_cmd_ready - request tpm crb device to enter ready state * * @dev: crb device * @priv: crb private data @@ -181,7 +190,7 @@ static int crb_go_idle(struct device *dev, struct crb_priv *priv) * * Return: 0 on success -ETIME on timeout; */ -static int crb_cmd_ready(struct device *dev, struct crb_priv *priv) +static int __crb_cmd_ready(struct device *dev, struct crb_priv *priv) { if ((priv->sm == ACPI_TPM2_START_METHOD) || (priv->sm == ACPI_TPM2_COMMAND_BUFFER_WITH_START_METHOD) || @@ -200,6 +209,14 @@ static int crb_cmd_ready(struct device *dev, struct crb_priv *priv) return 0; } +static int crb_cmd_ready(struct tpm_chip *chip) +{ + struct device *dev = &chip->dev; + struct crb_priv *priv = dev_get_drvdata(dev); + + return __crb_cmd_ready(dev, priv); +} + static int __crb_request_locality(struct device *dev, struct crb_priv *priv, int loc) { @@ -401,6 +418,8 @@ static const struct tpm_class_ops tpm_crb = { .send = crb_send, .cancel = crb_cancel, .req_canceled = crb_req_canceled, + .go_idle = crb_go_idle, + .cmd_ready = crb_cmd_ready, .request_locality = crb_request_locality, .relinquish_locality = crb_relinquish_locality, .req_complete_mask = CRB_DRV_STS_COMPLETE, @@ -520,7 +539,7 @@ static int crb_map_io(struct acpi_device *device, struct crb_priv *priv, * PTT HW bug w/a: wake up the device to access * possibly not retained registers. */ - ret = crb_cmd_ready(dev, priv); + ret = __crb_cmd_ready(dev, priv); if (ret) goto out_relinquish_locality; @@ -565,7 +584,7 @@ static int crb_map_io(struct acpi_device *device, struct crb_priv *priv, if (!ret) priv->cmd_size = cmd_size; - crb_go_idle(dev, priv); + __crb_go_idle(dev, priv); out_relinquish_locality: @@ -628,32 +647,7 @@ static int crb_acpi_add(struct acpi_device *device) chip->acpi_dev_handle = device->handle; chip->flags = TPM_CHIP_FLAG_TPM2; - rc = __crb_request_locality(dev, priv, 0); - if (rc) - return rc; - - rc = crb_cmd_ready(dev, priv); - if (rc) - goto out; - - pm_runtime_get_noresume(dev); - pm_runtime_set_active(dev); - pm_runtime_enable(dev); - - rc = tpm_chip_register(chip); - if (rc) { - crb_go_idle(dev, priv); - pm_runtime_put_noidle(dev); - pm_runtime_disable(dev); - goto out; - } - - pm_runtime_put_sync(dev); - -out: - __crb_relinquish_locality(dev, priv, 0); - - return rc; + return tpm_chip_register(chip); } static int crb_acpi_remove(struct acpi_device *device) @@ -663,52 +657,11 @@ static int crb_acpi_remove(struct acpi_device *device) tpm_chip_unregister(chip); - pm_runtime_disable(dev); - return 0; } -static int __maybe_unused crb_pm_runtime_suspend(struct device *dev) -{ - struct tpm_chip *chip = dev_get_drvdata(dev); - struct crb_priv *priv = dev_get_drvdata(&chip->dev); - - return crb_go_idle(dev, priv); -} - -static int __maybe_unused crb_pm_runtime_resume(struct device *dev) -{ - struct tpm_chip *chip = dev_get_drvdata(dev); - struct crb_priv *priv = dev_get_drvdata(&chip->dev); - - return crb_cmd_ready(dev, priv); -} - -static int __maybe_unused crb_pm_suspend(struct device *dev) -{ - int ret; - - ret = tpm_pm_suspend(dev); - if (ret) - return ret; - - return crb_pm_runtime_suspend(dev); -} - -static int __maybe_unused crb_pm_resume(struct device *dev) -{ - int ret; - - ret = crb_pm_runtime_resume(dev); - if (ret) - return ret; - - return tpm_pm_resume(dev); -} - static const struct dev_pm_ops crb_pm = { - SET_SYSTEM_SLEEP_PM_OPS(crb_pm_suspend, crb_pm_resume) - SET_RUNTIME_PM_OPS(crb_pm_runtime_suspend, crb_pm_runtime_resume, NULL) + SET_SYSTEM_SLEEP_PM_OPS(tpm_pm_suspend, tpm_pm_resume) }; static const struct acpi_device_id crb_device_ids[] = { diff --git a/include/linux/tpm.h b/include/linux/tpm.h index 06639fb6ab85..8eb5e5ebe136 100644 --- a/include/linux/tpm.h +++ b/include/linux/tpm.h @@ -43,6 +43,8 @@ struct tpm_class_ops { u8 (*status) (struct tpm_chip *chip); bool (*update_timeouts)(struct tpm_chip *chip, unsigned long *timeout_cap); + int (*go_idle)(struct tpm_chip *chip); + int (*cmd_ready)(struct tpm_chip *chip); int (*request_locality)(struct tpm_chip *chip, int loc); int (*relinquish_locality)(struct tpm_chip *chip, int loc); void (*clk_enable)(struct tpm_chip *chip, bool value); -- 2.14.4

7 years, 2 months

2
2
0 0

[PATCH 1/7] pinctrl: mt7622: fix error path on failing at groups building

by sean.wang＠mediatek.com

From: Sean Wang <sean.wang(a)mediatek.com> It should be to return an error code when failing at groups building. Cc: stable(a)vger.kernel.org Fixes: d6ed93551320 ("pinctrl: mediatek: add pinctrl driver for MT7622 SoC") Signed-off-by: Sean Wang <sean.wang(a)mediatek.com> --- drivers/pinctrl/mediatek/pinctrl-mt7622.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/pinctrl/mediatek/pinctrl-mt7622.c b/drivers/pinctrl/mediatek/pinctrl-mt7622.c index e3f1ab2..9ad8cb77 100644 --- a/drivers/pinctrl/mediatek/pinctrl-mt7622.c +++ b/drivers/pinctrl/mediatek/pinctrl-mt7622.c @@ -1703,7 +1703,7 @@ static int mtk_pinctrl_probe(struct platform_device *pdev) err = mtk_build_groups(hw); if (err) { dev_err(&pdev->dev, "Failed to build groups\n"); - return 0; + return err; } /* Setup functions descriptions per SoC types */ -- 2.7.4

7 years, 2 months

2
9
0 0

[PATCH 0/2] mmc: renesas_sdhi_internal_dmac: fix two issues for error path

by Yoshihiro Shimoda

This patch set is based on the mmc.git / fixes branch. Yoshihiro Shimoda (2): mmc: renesas_sdhi_internal_dmac: Fix missing unmap in error patch mmc: renesas_sdhi_internal_dmac: Cannot clear the RX_IN_USE in abort drivers/mmc/host/renesas_sdhi_internal_dmac.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) -- 1.9.1

7 years, 2 months

2
5
0 0

[PATCH 23/37] drm/i915: Fix I915_EXEC_RING_MASK

by Chris Wilson

This was supposed to be a mask of all known rings, but it is being used by execbuffer to filter out invalid rings, and so is instead mapping high unused values onto valid rings. Instead of a mask of all known rings, we need it to be the mask of all possible rings. Fixes: 549f7365820a ("drm/i915: Enable SandyBridge blitter ring") Fixes: de1add360522 ("drm/i915: Decouple execbuf uAPI from internal implementation") Signed-off-by: Chris Wilson <chris(a)chris-wilson.co.uk> Cc: Tvrtko Ursulin <tvrtko.ursulin(a)intel.com> Cc: <stable(a)vger.kernel.org> # v4.6+ --- include/uapi/drm/i915_drm.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/uapi/drm/i915_drm.h b/include/uapi/drm/i915_drm.h index f50065413bfa..b90d31ba913b 100644 --- a/include/uapi/drm/i915_drm.h +++ b/include/uapi/drm/i915_drm.h @@ -962,7 +962,7 @@ struct drm_i915_gem_execbuffer2 { * struct drm_i915_gem_exec_fence *fences. */ __u64 cliprects_ptr; -#define I915_EXEC_RING_MASK (7<<0) +#define I915_EXEC_RING_MASK (0x3f) #define I915_EXEC_DEFAULT (0<<0) #define I915_EXEC_RENDER (1<<0) #define I915_EXEC_BSD (2<<0) -- 2.18.0

7 years, 2 months

1
0
0 0

[PATCH v3] rtlwifi: rtl8821ae: fix firmware is not ready to run

by pkshih＠realtek.com

From: Ping-Ke Shih <pkshih(a)realtek.com> Without this patch, firmware will not run properly on rtl8821ae, and it causes bad user experience. For example, bad connection performance with low rate, higher power consumption, and so on. rtl8821ae uses two kinds of firmwares for normal and WoWlan cases, and each firmware has firmware data buffer and size individually. Original code always overwrite size of normal firmware rtlpriv->rtlhal.fwsize, and this mismatch causes firmware checksum error, then firmware can't start. In this situation, driver gives message "Firmware is not ready to run!". Fixes: fe89707f0afa ("rtlwifi: rtl8821ae: Simplify loading of WOWLAN firmware") Signed-off-by: Ping-Ke Shih <pkshih(a)realtek.com> Cc: Stable <stable(a)vger.kernel.org> # 4.0+ Reviewed-by: Larry Finger <Larry.Finger(a)lwfinger.net> --- V3: Add more commit logs, Cc and Reviewed-by. Thank you, Larry. v2: fix commit log typo. --- drivers/net/wireless/realtek/rtlwifi/core.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/net/wireless/realtek/rtlwifi/core.c b/drivers/net/wireless/realtek/rtlwifi/core.c index a3f46203ee7a..4bf7967590ca 100644 --- a/drivers/net/wireless/realtek/rtlwifi/core.c +++ b/drivers/net/wireless/realtek/rtlwifi/core.c @@ -130,7 +130,6 @@ static void rtl_fw_do_work(const struct firmware *firmware, void *context, firmware->size); rtlpriv->rtlhal.wowlan_fwsize = firmware->size; } - rtlpriv->rtlhal.fwsize = firmware->size; release_firmware(firmware); } -- 2.15.1

7 years, 2 months

2
1
0 0

[PATCH v4 0/6] powerpc/pseries: Machien check handler improvements.

by Mahesh J Salgaonkar

This patch series includes some improvement to Machine check handler for pseries. Patch 1 fixes an issue where machine check handler crashes kernel while accessing vmalloc-ed buffer while in nmi context. Patch 2 fixes endain bug while restoring of r3 in MCE handler. Patch 4 implements a real mode mce handler and flushes the SLBs on SLB error. Patch 5 display's the MCE error details on console. Patch 6 saves and dumps the SLB contents on SLB MCE errors to improve the debugability. Change in V4: - Flush the SLBs in real mode mce handler to handle SLB errors for entry 0. - Allocate buffers per cpu to hold rtas error log and old slb contents. - Defer the logging of rtas error log to irq work queue. Change in V3: - Moved patch 5 to patch 2 Change in V2: - patch 3: Display additional info (NIP and task info) in MCE error details. - patch 5: Fix endain bug while restoring of r3 in MCE handler. --- Mahesh Salgaonkar (6): powerpc/pseries: Defer the logging of rtas error to irq work queue. powerpc/pseries: Fix endainness while restoring of r3 in MCE handler. powerpc/pseries: Define MCE error event section. powerpc/pseries: flush SLB contents on SLB MCE errors. powerpc/pseries: Display machine check error details. powerpc/pseries: Dump the SLB contents on SLB MCE errors. arch/powerpc/include/asm/book3s/64/mmu-hash.h | 8 + arch/powerpc/include/asm/machdep.h | 1 arch/powerpc/include/asm/paca.h | 4 arch/powerpc/include/asm/rtas.h | 116 ++++++++++++ arch/powerpc/kernel/exceptions-64s.S | 42 ++++ arch/powerpc/kernel/mce.c | 16 +- arch/powerpc/mm/slb.c | 63 +++++++ arch/powerpc/platforms/powernv/opal.c | 1 arch/powerpc/platforms/pseries/pseries.h | 1 arch/powerpc/platforms/pseries/ras.c | 236 +++++++++++++++++++++++-- arch/powerpc/platforms/pseries/setup.c | 27 +++ 11 files changed, 497 insertions(+), 18 deletions(-) -- Signature

7 years, 2 months

4
6
0 0

[PATCH] ARC: Fix __swp_offset() implementation

by Alexey Brodkin

We encode offset from swapcache page in __swp_entry() this way, see [1]: | /* Encode swap {type,off} tuple into PTE | * We reserve 13 bits for 5-bit @type, keeping bits 12-5 zero, ensuring that | * PAGE_PRESENT is zero in a PTE holding swap "identifier" | */ | #define __swp_entry(type, off) ((swp_entry_t) { \ | ((type) & 0x1f) | ((off) << 13) }) But decode in __swp_offset() as: | #define __swp_offset(pte_lookalike) ((pte_lookalike).val << 13) which is obviously wrong, we should ">> 13" instead. This basically fixes swap usage on ARC finally. | # mkswap /dev/sda2 | | # swapon -a -e /dev/sda2 | Adding 500728k swap on /dev/sda2. Priority:-2 extents:1 across:500728k | | # free | total used free shared buffers cached | Mem: 765104 13456 751648 4736 8 4736 | -/+ buffers/cache: 8712 756392 | Swap: 500728 0 500728 [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arc… Signed-off-by: Alexey Brodkin <abrodkin(a)synopsys.com> Cc: stable(a)vger.kernel.org --- arch/arc/include/asm/pgtable.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arc/include/asm/pgtable.h b/arch/arc/include/asm/pgtable.h index 08fe33830d4b..77676e18da69 100644 --- a/arch/arc/include/asm/pgtable.h +++ b/arch/arc/include/asm/pgtable.h @@ -379,7 +379,7 @@ void update_mmu_cache(struct vm_area_struct *vma, unsigned long address, /* Decode a PTE containing swap "identifier "into constituents */ #define __swp_type(pte_lookalike) (((pte_lookalike).val) & 0x1f) -#define __swp_offset(pte_lookalike) ((pte_lookalike).val << 13) +#define __swp_offset(pte_lookalike) ((pte_lookalike).val >> 13) /* NOPs, to keep generic kernel happy */ #define __pte_to_swp_entry(pte) ((swp_entry_t) { pte_val(pte) }) -- 2.17.1

7 years, 2 months

2
1
0 0

[PATCH v3 1/3] pmem: only set QUEUE_FLAG_DAX for fsdax mode

by Ross Zwisler

QUEUE_FLAG_DAX is an indication that a given block device supports filesystem DAX and should not be set for PMEM namespaces which are in "raw" or "sector" modes. These namespaces lack struct page and are prevented from participating in filesystem DAX. Signed-off-by: Ross Zwisler <ross.zwisler(a)linux.intel.com> Suggested-by: Mike Snitzer <snitzer(a)redhat.com> Cc: stable(a)vger.kernel.org --- drivers/nvdimm/pmem.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/nvdimm/pmem.c b/drivers/nvdimm/pmem.c index 68940356cad3..8b1fd7f1a224 100644 --- a/drivers/nvdimm/pmem.c +++ b/drivers/nvdimm/pmem.c @@ -414,7 +414,8 @@ static int pmem_attach_disk(struct device *dev, blk_queue_logical_block_size(q, pmem_sector_size(ndns)); blk_queue_max_hw_sectors(q, UINT_MAX); blk_queue_flag_set(QUEUE_FLAG_NONROT, q); - blk_queue_flag_set(QUEUE_FLAG_DAX, q); + if (pmem->pfn_flags & PFN_MAP) + blk_queue_flag_set(QUEUE_FLAG_DAX, q); q->queuedata = pmem; disk = alloc_disk_node(0, nid); -- 2.14.4

7 years, 2 months

4
20
0 0

[PATCH v2 4/4] drm/amdgpu: Dynamically probe for ATIF handle

by Lyude Paul

The other day I was testing one of the HP laptops at my office with an i915/amdgpu hybrid setup and noticed that hotplugging was non-functional on almost all of the display outputs. I eventually discovered that all of the external outputs were connected to the amdgpu device instead of i915, and that the hotplugs weren't being detected so long as the GPU was in runtime suspend. After some talking with folks at AMD, I learned that amdgpu is actually supposed to support hotplug detection in runtime suspend so long as the OEM has implemented it properly in the firmware. On this HP ZBook 15 G4 (the machine in question), amdgpu wasn't managing to find the ATIF handle at all despite the fact that I could see acpi events being sent in response to any hotplugging. After going through dumps of the firmware, I discovered that this machine did in fact support ATIF, but that it's ATIF method lived in an entirely different namespace than this device's handle (the device handle was \_SB_.PCI0.PEG0.PEGP, but ATIF lives in ATPX's handle at \_SB_.PCI0.GFX0). According to AMD, the reason for this appears to be that on laptops with PRIME configurations, the ATIF and other related ACPI handles usually live under the namespace of the intel GPU instead of the AMD GPU. Machines that don't have more then a single GPU have the ATIF handle located in the namespace of the AMD GPU. So, fix this by probing ATPX's ACPI parent's namespace if we can't find ATIF elsewhere, along with storing a pointer to the proper handle to use for ATIF and using that instead of the device's handle. This fixes HPD detection while in runtime suspend for this ZBook! Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c | 80 +++++++++++++++++------- 1 file changed, 59 insertions(+), 21 deletions(-) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c index 22c7e8ec0b9a..b0d7978c475d 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c @@ -65,6 +65,8 @@ struct amdgpu_atif_functions { }; struct amdgpu_atif { + acpi_handle handle; + struct amdgpu_atif_notifications notifications; struct amdgpu_atif_functions functions; struct amdgpu_atif_notification_cfg notification_cfg; @@ -83,8 +85,9 @@ struct amdgpu_atif { * Executes the requested ATIF function (all asics). * Returns a pointer to the acpi output buffer. */ -static union acpi_object *amdgpu_atif_call(acpi_handle handle, int function, - struct acpi_buffer *params) +static union acpi_object *amdgpu_atif_call(struct amdgpu_atif *atif, + int function, + struct acpi_buffer *params) { acpi_status status; union acpi_object atif_arg_elements[2]; @@ -107,7 +110,8 @@ static union acpi_object *amdgpu_atif_call(acpi_handle handle, int function, atif_arg_elements[1].integer.value = 0; } - status = acpi_evaluate_object(handle, "ATIF", &atif_arg, &buffer); + status = acpi_evaluate_object(atif->handle, NULL, &atif_arg, + &buffer); /* Fail only if calling the method fails and ATIF is supported */ if (ACPI_FAILURE(status) && status != AE_NOT_FOUND) { @@ -178,15 +182,14 @@ static void amdgpu_atif_parse_functions(struct amdgpu_atif_functions *f, u32 mas * (all asics). * returns 0 on success, error on failure. */ -static int amdgpu_atif_verify_interface(acpi_handle handle, - struct amdgpu_atif *atif) +static int amdgpu_atif_verify_interface(struct amdgpu_atif *atif) { union acpi_object *info; struct atif_verify_interface output; size_t size; int err = 0; - info = amdgpu_atif_call(handle, ATIF_FUNCTION_VERIFY_INTERFACE, NULL); + info = amdgpu_atif_call(atif, ATIF_FUNCTION_VERIFY_INTERFACE, NULL); if (!info) return -EIO; @@ -213,6 +216,36 @@ static int amdgpu_atif_verify_interface(acpi_handle handle, return err; } +static acpi_handle amdgpu_atif_probe_handle(acpi_handle dhandle) +{ + acpi_handle handle = NULL; + char acpi_method_name[255] = { 0 }; + struct acpi_buffer buffer = { sizeof(acpi_method_name), acpi_method_name }; + acpi_status status; + + /* First check the device handle */ + status = acpi_get_handle(dhandle, "ATIF", &handle); + if (ACPI_SUCCESS(status)) + goto out; + + /* Some vendors stick the ATIF methods in the same namespace as the + * ATPX methods + */ + if (amdgpu_has_atpx()) { + status = acpi_get_handle(amdgpu_atpx_get_dhandle(), "ATIF", + &handle); + if (ACPI_SUCCESS(status)) + goto out; + } + + DRM_DEBUG_DRIVER("No ATIF handle found\n"); + return NULL; +out: + acpi_get_name(handle, ACPI_FULL_PATHNAME, &buffer); + DRM_DEBUG_DRIVER("Found ATIF handle %s\n", acpi_method_name); + return handle; +} + /** * amdgpu_atif_get_notification_params - determine notify configuration * @@ -225,15 +258,16 @@ static int amdgpu_atif_verify_interface(acpi_handle handle, * where n is specified in the result if a notifier is used. * Returns 0 on success, error on failure. */ -static int amdgpu_atif_get_notification_params(acpi_handle handle, - struct amdgpu_atif_notification_cfg *n) +static int amdgpu_atif_get_notification_params(struct amdgpu_atif *atif) { union acpi_object *info; + struct amdgpu_atif_notification_cfg *n = &atif->notification_cfg; struct atif_system_params params; size_t size; int err = 0; - info = amdgpu_atif_call(handle, ATIF_FUNCTION_GET_SYSTEM_PARAMETERS, NULL); + info = amdgpu_atif_call(atif, ATIF_FUNCTION_GET_SYSTEM_PARAMETERS, + NULL); if (!info) { err = -EIO; goto out; @@ -287,14 +321,15 @@ static int amdgpu_atif_get_notification_params(acpi_handle handle, * (all asics). * Returns 0 on success, error on failure. */ -static int amdgpu_atif_get_sbios_requests(acpi_handle handle, - struct atif_sbios_requests *req) +static int amdgpu_atif_get_sbios_requests(struct amdgpu_atif *atif, + struct atif_sbios_requests *req) { union acpi_object *info; size_t size; int count = 0; - info = amdgpu_atif_call(handle, ATIF_FUNCTION_GET_SYSTEM_BIOS_REQUESTS, NULL); + info = amdgpu_atif_call(atif, ATIF_FUNCTION_GET_SYSTEM_BIOS_REQUESTS, + NULL); if (!info) return -EIO; @@ -327,11 +362,10 @@ static int amdgpu_atif_get_sbios_requests(acpi_handle handle, * Returns NOTIFY code */ static int amdgpu_atif_handler(struct amdgpu_device *adev, - struct acpi_bus_event *event) + struct acpi_bus_event *event) { struct amdgpu_atif *atif = adev->atif; struct atif_sbios_requests req; - acpi_handle handle; int count; DRM_DEBUG_DRIVER("event, device_class = %s, type = %#x\n", @@ -347,8 +381,7 @@ static int amdgpu_atif_handler(struct amdgpu_device *adev, return NOTIFY_DONE; /* Check pending SBIOS requests */ - handle = ACPI_HANDLE(&adev->pdev->dev); - count = amdgpu_atif_get_sbios_requests(handle, &req); + count = amdgpu_atif_get_sbios_requests(atif, &req); if (count <= 0) return NOTIFY_DONE; @@ -679,7 +712,7 @@ static int amdgpu_acpi_event(struct notifier_block *nb, */ int amdgpu_acpi_init(struct amdgpu_device *adev) { - acpi_handle handle; + acpi_handle handle, atif_handle; struct amdgpu_atif *atif; struct amdgpu_atcs *atcs = &adev->atcs; int ret; @@ -696,14 +729,20 @@ int amdgpu_acpi_init(struct amdgpu_device *adev) DRM_DEBUG_DRIVER("Call to ATCS verify_interface failed: %d\n", ret); } - /* Call the ATIF method */ + /* Probe for ATIF, and initialize it if found */ + atif_handle = amdgpu_atif_probe_handle(handle); + if (!atif_handle) + goto out; + atif = kzalloc(sizeof(*atif), GFP_KERNEL); if (!atif) { DRM_WARN("Not enough memory to initialize ATIF\n"); goto out; } + atif->handle = atif_handle; - ret = amdgpu_atif_verify_interface(handle, atif); + /* Call the ATIF method */ + ret = amdgpu_atif_verify_interface(atif); if (ret) { DRM_DEBUG_DRIVER("Call to ATIF verify_interface failed: %d\n", ret); kfree(atif); @@ -739,8 +778,7 @@ int amdgpu_acpi_init(struct amdgpu_device *adev) } if (atif->functions.system_params) { - ret = amdgpu_atif_get_notification_params(handle, - &atif->notification_cfg); + ret = amdgpu_atif_get_notification_params(atif); if (ret) { DRM_DEBUG_DRIVER("Call to GET_SYSTEM_PARAMS failed: %d\n", ret); -- 2.17.1

7 years, 2 months

1
0
0 0

[PATCH v2 3/4] drm/amdgpu: Add amdgpu_atpx_get_dhandle()

by Lyude Paul

The handles for ACPI methods like ATPX and ATIF will live under the integrated GPU's namespace on systems with more then one GPU. ATPX is already detected regardless of the namespace it lives in, and it will always be in the same namespace as ATIF. So we can make things easier on ourselves by just adding some functions to retrieve said namespace so it can be searched later for ATIF. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/amd/amdgpu/amdgpu.h | 6 ++++++ drivers/gpu/drm/amd/amdgpu/amdgpu_atpx_handler.c | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu.h b/drivers/gpu/drm/amd/amdgpu/amdgpu.h index 7df5d3d11aff..7dcbac8af9a7 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu.h +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu.h @@ -1858,6 +1858,12 @@ static inline bool amdgpu_atpx_dgpu_req_power_for_displays(void) { return false; static inline bool amdgpu_has_atpx(void) { return false; } #endif +#if defined(CONFIG_VGA_SWITCHEROO) && defined(CONFIG_ACPI) +void *amdgpu_atpx_get_dhandle(void); +#else +static inline void *amdgpu_atpx_get_dhandle(void) { return NULL; } +#endif + /* * KMS */ diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_atpx_handler.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_atpx_handler.c index a3896412a019..b33f1680c9a3 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_atpx_handler.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_atpx_handler.c @@ -90,6 +90,12 @@ bool amdgpu_atpx_dgpu_req_power_for_displays(void) { return amdgpu_atpx_priv.atpx.dgpu_req_power_for_displays; } +#if defined(CONFIG_ACPI) +void *amdgpu_atpx_get_dhandle(void) { + return amdgpu_atpx_priv.dhandle; +} +#endif + /** * amdgpu_atpx_call - call an ATPX method * -- 2.17.1

7 years, 2 months

1
0
0 0

[PATCH v2 1/4] drm/amdgpu: Make struct amdgpu_atif private to amdgpu_acpi.c

by Lyude Paul

Currently, there is nothing in amdgpu that actually uses these structs other than amdgpu_acpi.c. Additionally, since we're about to start saving the correct ACPI handle to use for calling ATIF in this struct this saves us from having to handle making sure that the acpi_handle (and by proxy, the type definition for acpi_handle and all of the other acpi headers) doesn't need to be included within the amdgpu_drv struct itself. This follows the example set by amdgpu_atpx_handler.c. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/amd/amdgpu/amdgpu.h | 40 +----------------- drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c | 54 ++++++++++++++++++++++-- 2 files changed, 53 insertions(+), 41 deletions(-) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu.h b/drivers/gpu/drm/amd/amdgpu/amdgpu.h index a59c07590cee..7df5d3d11aff 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu.h +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu.h @@ -190,6 +190,7 @@ struct amdgpu_job; struct amdgpu_irq_src; struct amdgpu_fpriv; struct amdgpu_bo_va_mapping; +struct amdgpu_atif; enum amdgpu_cp_irq { AMDGPU_CP_IRQ_GFX_EOP = 0, @@ -1269,43 +1270,6 @@ struct amdgpu_vram_scratch { /* * ACPI */ -struct amdgpu_atif_notification_cfg { - bool enabled; - int command_code; -}; - -struct amdgpu_atif_notifications { - bool display_switch; - bool expansion_mode_change; - bool thermal_state; - bool forced_power_state; - bool system_power_state; - bool display_conf_change; - bool px_gfx_switch; - bool brightness_change; - bool dgpu_display_event; -}; - -struct amdgpu_atif_functions { - bool system_params; - bool sbios_requests; - bool select_active_disp; - bool lid_state; - bool get_tv_standard; - bool set_tv_standard; - bool get_panel_expansion_mode; - bool set_panel_expansion_mode; - bool temperature_change; - bool graphics_device_types; -}; - -struct amdgpu_atif { - struct amdgpu_atif_notifications notifications; - struct amdgpu_atif_functions functions; - struct amdgpu_atif_notification_cfg notification_cfg; - struct amdgpu_encoder *encoder_for_bl; -}; - struct amdgpu_atcs_functions { bool get_ext_state; bool pcie_perf_req; @@ -1466,7 +1430,7 @@ struct amdgpu_device { #if defined(CONFIG_DEBUG_FS) struct dentry *debugfs_regs[AMDGPU_DEBUGFS_MAX_COMPONENTS]; #endif - struct amdgpu_atif atif; + struct amdgpu_atif *atif; struct amdgpu_atcs atcs; struct mutex srbm_mutex; /* GRBM index mutex. Protects concurrent access to GRBM index */ diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c index 8fa850a070e0..22c7e8ec0b9a 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c @@ -34,6 +34,43 @@ #include "amd_acpi.h" #include "atom.h" +struct amdgpu_atif_notification_cfg { + bool enabled; + int command_code; +}; + +struct amdgpu_atif_notifications { + bool display_switch; + bool expansion_mode_change; + bool thermal_state; + bool forced_power_state; + bool system_power_state; + bool display_conf_change; + bool px_gfx_switch; + bool brightness_change; + bool dgpu_display_event; +}; + +struct amdgpu_atif_functions { + bool system_params; + bool sbios_requests; + bool select_active_disp; + bool lid_state; + bool get_tv_standard; + bool set_tv_standard; + bool get_panel_expansion_mode; + bool set_panel_expansion_mode; + bool temperature_change; + bool graphics_device_types; +}; + +struct amdgpu_atif { + struct amdgpu_atif_notifications notifications; + struct amdgpu_atif_functions functions; + struct amdgpu_atif_notification_cfg notification_cfg; + struct amdgpu_encoder *encoder_for_bl; +}; + /* Call the ATIF method */ /** @@ -292,7 +329,7 @@ static int amdgpu_atif_get_sbios_requests(acpi_handle handle, static int amdgpu_atif_handler(struct amdgpu_device *adev, struct acpi_bus_event *event) { - struct amdgpu_atif *atif = &adev->atif; + struct amdgpu_atif *atif = adev->atif; struct atif_sbios_requests req; acpi_handle handle; int count; @@ -303,7 +340,8 @@ static int amdgpu_atif_handler(struct amdgpu_device *adev, if (strcmp(event->device_class, ACPI_VIDEO_CLASS) != 0) return NOTIFY_DONE; - if (!atif->notification_cfg.enabled || + if (!atif || + !atif->notification_cfg.enabled || event->type != atif->notification_cfg.command_code) /* Not our event */ return NOTIFY_DONE; @@ -642,7 +680,7 @@ static int amdgpu_acpi_event(struct notifier_block *nb, int amdgpu_acpi_init(struct amdgpu_device *adev) { acpi_handle handle; - struct amdgpu_atif *atif = &adev->atif; + struct amdgpu_atif *atif; struct amdgpu_atcs *atcs = &adev->atcs; int ret; @@ -659,11 +697,19 @@ int amdgpu_acpi_init(struct amdgpu_device *adev) } /* Call the ATIF method */ + atif = kzalloc(sizeof(*atif), GFP_KERNEL); + if (!atif) { + DRM_WARN("Not enough memory to initialize ATIF\n"); + goto out; + } + ret = amdgpu_atif_verify_interface(handle, atif); if (ret) { DRM_DEBUG_DRIVER("Call to ATIF verify_interface failed: %d\n", ret); + kfree(atif); goto out; } + adev->atif = atif; if (atif->notifications.brightness_change) { struct drm_encoder *tmp; @@ -720,4 +766,6 @@ int amdgpu_acpi_init(struct amdgpu_device *adev) void amdgpu_acpi_fini(struct amdgpu_device *adev) { unregister_acpi_notifier(&adev->acpi_nb); + if (adev->atif) + kfree(adev->atif); } -- 2.17.1

7 years, 2 months

1
0
0 0

[PATCH] block: Fix cloning of requests with a special payload

by Bart Van Assche

This patch avoids that removing a path controlled by the dm-mpath driver while mkfs is running triggers the following kernel bug: kernel BUG at block/blk-core.c:3347! invalid opcode: 0000 [#1] PREEMPT SMP KASAN CPU: 20 PID: 24369 Comm: mkfs.ext4 Not tainted 4.18.0-rc1-dbg+ #2 RIP: 0010:blk_end_request_all+0x68/0x70 Call Trace: <IRQ> dm_softirq_done+0x326/0x3d0 [dm_mod] blk_done_softirq+0x19b/0x1e0 __do_softirq+0x128/0x60d irq_exit+0x100/0x110 smp_call_function_single_interrupt+0x90/0x330 call_function_single_interrupt+0xf/0x20 </IRQ> Fixes: f9d03f96b988 ("block: improve handling of the magic discard payload") Signed-off-by: Bart Van Assche <bart.vanassche(a)wdc.com> Cc: Christoph Hellwig <hch(a)lst.de> Cc: Mike Snitzer <snitzer(a)redhat.com> Cc: Ming Lei <ming.lei(a)redhat.com> Cc: Hannes Reinecke <hare(a)suse.com> Cc: Johannes Thumshirn <jthumshirn(a)suse.de> Cc: <stable(a)vger.kernel.org> --- block/blk-core.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/block/blk-core.c b/block/blk-core.c index 118dd17eb71f..f1e07ed1513c 100644 --- a/block/blk-core.c +++ b/block/blk-core.c @@ -3529,6 +3529,10 @@ static void __blk_rq_prep_clone(struct request *dst, struct request *src) dst->cpu = src->cpu; dst->__sector = blk_rq_pos(src); dst->__data_len = blk_rq_bytes(src); + if (src->rq_flags & RQF_SPECIAL_PAYLOAD) { + dst->rq_flags |= RQF_SPECIAL_PAYLOAD; + dst->special_vec = src->special_vec; + } dst->nr_phys_segments = src->nr_phys_segments; dst->ioprio = src->ioprio; dst->extra_len = src->extra_len; -- 2.17.1

7 years, 2 months

6
6
0 0

[PATCH v7] tpm: separate cmd_ready/go_idle from runtime_pm

by Tomas Winkler

Fix tpm ptt initialization error: tpm tpm0: A TPM error (378) occurred get tpm pcr allocation. We cannot use go_idle cmd_ready commands via runtime_pm handles as with the introduction of localities this is no longer an optional feature, while runtime pm can be not enabled. Though cmd_ready/go_idle provides a power saving, it's also a part of TPM2 protocol and should be called explicitly. This patch exposes cmd_read/go_idle via tpm class ops and removes runtime pm support as it is not used by any driver. A new tpm transmit flag is added TPM_TRANSMIT_NESTED, which implies TPM_TRANSMIT_UNLOCKED and TPM_TRANSMIT_RAW. Both are needed to resolve tpm spaces and locality request recursive calls to tpm_transmit(). New wrappers are added tpm_cmd_ready() and tpm_go_idle() to streamline tpm_try_transmit code. tpm_crb no longer needs own power saving functions and can drop using tpm_pm_suspend/resume. This patch cannot be really separated from the locality fix. Fixes: 888d867df441 (tpm: cmd_ready command can be issued only after granting locality) Cc: stable(a)vger.kernel.org Fixes: 888d867df441 (tpm: cmd_ready command can be issued only after granting locality) Signed-off-by: Tomas Winkler <tomas.winkler(a)intel.com> --- V2-3:resent V4: 1. Use tpm_pm_suspend/resume in tpm_crb 2. Drop cmd_ready/go_idle around tpm_chip_register, as there is no usage counter like in runtime_pm. V5: 1. add tpm_cmd_ready and tpm_go_idle wrappers. 2. Abuse TPM_TRANSMIT_UNLOCKED flag to resolve tpm space recursion. V6: 1. Add new flags TPM_TRANSMIT_NESTED which implies TPM_TRANSMIT_UNLOCKED and TPM_TRANSMIT_RAW, as not all unlocked flows are recursive i.e. tpm2_unseal_trusted. V7: 1. Add dmesg dump. drivers/char/tpm/tpm-interface.c | 51 +++++++++++++++---- drivers/char/tpm/tpm.h | 13 ++++- drivers/char/tpm/tpm2-space.c | 12 ++--- drivers/char/tpm/tpm_crb.c | 101 ++++++++++---------------------------- drivers/char/tpm/tpm_vtpm_proxy.c | 2 +- include/linux/tpm.h | 2 + 6 files changed, 88 insertions(+), 93 deletions(-) diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c index e32f6e85dc6d..1abd8261651b 100644 --- a/drivers/char/tpm/tpm-interface.c +++ b/drivers/char/tpm/tpm-interface.c @@ -29,7 +29,6 @@ #include <linux/mutex.h> #include <linux/spinlock.h> #include <linux/freezer.h> -#include <linux/pm_runtime.h> #include <linux/tpm_eventlog.h> #include "tpm.h" @@ -369,10 +368,13 @@ static int tpm_validate_command(struct tpm_chip *chip, return -EINVAL; } -static int tpm_request_locality(struct tpm_chip *chip) +static int tpm_request_locality(struct tpm_chip *chip, unsigned int flags) { int rc; + if (flags & __TPM_TRANSMIT_RAW) + return 0; + if (!chip->ops->request_locality) return 0; @@ -385,10 +387,13 @@ static int tpm_request_locality(struct tpm_chip *chip) return 0; } -static void tpm_relinquish_locality(struct tpm_chip *chip) +static void tpm_relinquish_locality(struct tpm_chip *chip, unsigned int flags) { int rc; + if (flags & __TPM_TRANSMIT_RAW) + return; + if (!chip->ops->relinquish_locality) return; @@ -399,6 +404,28 @@ static void tpm_relinquish_locality(struct tpm_chip *chip) chip->locality = -1; } +static int tpm_cmd_ready(struct tpm_chip *chip, unsigned int flags) +{ + if (flags & __TPM_TRANSMIT_RAW) + return 0; + + if (!chip->ops->cmd_ready) + return 0; + + return chip->ops->cmd_ready(chip); +} + +static int tpm_go_idle(struct tpm_chip *chip, unsigned int flags) +{ + if (flags & __TPM_TRANSMIT_RAW) + return 0; + + if (!chip->ops->go_idle) + return 0; + + return chip->ops->go_idle(chip); +} + static ssize_t tpm_try_transmit(struct tpm_chip *chip, struct tpm_space *space, u8 *buf, size_t bufsiz, @@ -449,14 +476,15 @@ static ssize_t tpm_try_transmit(struct tpm_chip *chip, /* Store the decision as chip->locality will be changed. */ need_locality = chip->locality == -1; - if (!(flags & TPM_TRANSMIT_RAW) && need_locality) { - rc = tpm_request_locality(chip); + if (need_locality) { + rc = tpm_request_locality(chip, flags); if (rc < 0) goto out_no_locality; } - if (chip->dev.parent) - pm_runtime_get_sync(chip->dev.parent); + rc = tpm_cmd_ready(chip, flags); + if (rc) + goto out; rc = tpm2_prepare_space(chip, space, ordinal, buf); if (rc) @@ -516,13 +544,16 @@ static ssize_t tpm_try_transmit(struct tpm_chip *chip, } rc = tpm2_commit_space(chip, space, ordinal, buf, &len); + if (rc) + dev_err(&chip->dev, "tpm2_commit_space: error %d\n", rc); out: - if (chip->dev.parent) - pm_runtime_put_sync(chip->dev.parent); + rc = tpm_go_idle(chip, flags); + if (rc) + goto out; if (need_locality) - tpm_relinquish_locality(chip); + tpm_relinquish_locality(chip, flags); out_no_locality: if (chip->ops->clk_enable != NULL) diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h index 9824cccb2c76..a711901a9cf5 100644 --- a/drivers/char/tpm/tpm.h +++ b/drivers/char/tpm/tpm.h @@ -512,9 +512,18 @@ extern const struct file_operations tpm_fops; extern const struct file_operations tpmrm_fops; extern struct idr dev_nums_idr; +/** + * enum tpm_transmit_flags + * + * @TPM_TRANSMIT_UNLOCKED: used to lock sequence of tpm_transmit calls. + * @__TPM_TRANSMIT_RAW: prevent recursive calls into setup steps + * (go idle, locality,..). Don't use directly. + * @TPM_TRANSMIT_NESTED: Use from nested tpm_transmit calls + */ enum tpm_transmit_flags { - TPM_TRANSMIT_UNLOCKED = BIT(0), - TPM_TRANSMIT_RAW = BIT(1), + TPM_TRANSMIT_UNLOCKED = BIT(0), + __TPM_TRANSMIT_RAW = BIT(1), + TPM_TRANSMIT_NESTED = TPM_TRANSMIT_UNLOCKED | __TPM_TRANSMIT_RAW, }; ssize_t tpm_transmit(struct tpm_chip *chip, struct tpm_space *space, diff --git a/drivers/char/tpm/tpm2-space.c b/drivers/char/tpm/tpm2-space.c index 6122d3276f72..d2e101b32482 100644 --- a/drivers/char/tpm/tpm2-space.c +++ b/drivers/char/tpm/tpm2-space.c @@ -39,7 +39,7 @@ static void tpm2_flush_sessions(struct tpm_chip *chip, struct tpm_space *space) for (i = 0; i < ARRAY_SIZE(space->session_tbl); i++) { if (space->session_tbl[i]) tpm2_flush_context_cmd(chip, space->session_tbl[i], - TPM_TRANSMIT_UNLOCKED); + TPM_TRANSMIT_NESTED); } } @@ -84,7 +84,7 @@ static int tpm2_load_context(struct tpm_chip *chip, u8 *buf, tpm_buf_append(&tbuf, &buf[*offset], body_size); rc = tpm_transmit_cmd(chip, NULL, tbuf.data, PAGE_SIZE, 4, - TPM_TRANSMIT_UNLOCKED, NULL); + TPM_TRANSMIT_NESTED, NULL); if (rc < 0) { dev_warn(&chip->dev, "%s: failed with a system error %d\n", __func__, rc); @@ -133,7 +133,7 @@ static int tpm2_save_context(struct tpm_chip *chip, u32 handle, u8 *buf, tpm_buf_append_u32(&tbuf, handle); rc = tpm_transmit_cmd(chip, NULL, tbuf.data, PAGE_SIZE, 0, - TPM_TRANSMIT_UNLOCKED, NULL); + TPM_TRANSMIT_NESTED, NULL); if (rc < 0) { dev_warn(&chip->dev, "%s: failed with a system error %d\n", __func__, rc); @@ -170,7 +170,7 @@ static void tpm2_flush_space(struct tpm_chip *chip) for (i = 0; i < ARRAY_SIZE(space->context_tbl); i++) if (space->context_tbl[i] && ~space->context_tbl[i]) tpm2_flush_context_cmd(chip, space->context_tbl[i], - TPM_TRANSMIT_UNLOCKED); + TPM_TRANSMIT_NESTED); tpm2_flush_sessions(chip, space); } @@ -377,7 +377,7 @@ static int tpm2_map_response_header(struct tpm_chip *chip, u32 cc, u8 *rsp, return 0; out_no_slots: - tpm2_flush_context_cmd(chip, phandle, TPM_TRANSMIT_UNLOCKED); + tpm2_flush_context_cmd(chip, phandle, TPM_TRANSMIT_NESTED); dev_warn(&chip->dev, "%s: out of slots for 0x%08X\n", __func__, phandle); return -ENOMEM; @@ -465,7 +465,7 @@ static int tpm2_save_space(struct tpm_chip *chip) return rc; tpm2_flush_context_cmd(chip, space->context_tbl[i], - TPM_TRANSMIT_UNLOCKED); + TPM_TRANSMIT_NESTED); space->context_tbl[i] = ~0; } diff --git a/drivers/char/tpm/tpm_crb.c b/drivers/char/tpm/tpm_crb.c index 34fbc6cb097b..36952ef98f90 100644 --- a/drivers/char/tpm/tpm_crb.c +++ b/drivers/char/tpm/tpm_crb.c @@ -132,7 +132,7 @@ static bool crb_wait_for_reg_32(u32 __iomem *reg, u32 mask, u32 value, } /** - * crb_go_idle - request tpm crb device to go the idle state + * __crb_go_idle - request tpm crb device to go the idle state * * @dev: crb device * @priv: crb private data @@ -147,7 +147,7 @@ static bool crb_wait_for_reg_32(u32 __iomem *reg, u32 mask, u32 value, * * Return: 0 always */ -static int crb_go_idle(struct device *dev, struct crb_priv *priv) +static int __crb_go_idle(struct device *dev, struct crb_priv *priv) { if ((priv->sm == ACPI_TPM2_START_METHOD) || (priv->sm == ACPI_TPM2_COMMAND_BUFFER_WITH_START_METHOD) || @@ -163,11 +163,20 @@ static int crb_go_idle(struct device *dev, struct crb_priv *priv) dev_warn(dev, "goIdle timed out\n"); return -ETIME; } + return 0; } +static int crb_go_idle(struct tpm_chip *chip) +{ + struct device *dev = &chip->dev; + struct crb_priv *priv = dev_get_drvdata(dev); + + return __crb_go_idle(dev, priv); +} + /** - * crb_cmd_ready - request tpm crb device to enter ready state + * __crb_cmd_ready - request tpm crb device to enter ready state * * @dev: crb device * @priv: crb private data @@ -181,7 +190,7 @@ static int crb_go_idle(struct device *dev, struct crb_priv *priv) * * Return: 0 on success -ETIME on timeout; */ -static int crb_cmd_ready(struct device *dev, struct crb_priv *priv) +static int __crb_cmd_ready(struct device *dev, struct crb_priv *priv) { if ((priv->sm == ACPI_TPM2_START_METHOD) || (priv->sm == ACPI_TPM2_COMMAND_BUFFER_WITH_START_METHOD) || @@ -200,6 +209,14 @@ static int crb_cmd_ready(struct device *dev, struct crb_priv *priv) return 0; } +static int crb_cmd_ready(struct tpm_chip *chip) +{ + struct device *dev = &chip->dev; + struct crb_priv *priv = dev_get_drvdata(dev); + + return __crb_cmd_ready(dev, priv); +} + static int __crb_request_locality(struct device *dev, struct crb_priv *priv, int loc) { @@ -401,6 +418,8 @@ static const struct tpm_class_ops tpm_crb = { .send = crb_send, .cancel = crb_cancel, .req_canceled = crb_req_canceled, + .go_idle = crb_go_idle, + .cmd_ready = crb_cmd_ready, .request_locality = crb_request_locality, .relinquish_locality = crb_relinquish_locality, .req_complete_mask = CRB_DRV_STS_COMPLETE, @@ -520,7 +539,7 @@ static int crb_map_io(struct acpi_device *device, struct crb_priv *priv, * PTT HW bug w/a: wake up the device to access * possibly not retained registers. */ - ret = crb_cmd_ready(dev, priv); + ret = __crb_cmd_ready(dev, priv); if (ret) goto out_relinquish_locality; @@ -565,7 +584,7 @@ static int crb_map_io(struct acpi_device *device, struct crb_priv *priv, if (!ret) priv->cmd_size = cmd_size; - crb_go_idle(dev, priv); + __crb_go_idle(dev, priv); out_relinquish_locality: @@ -628,32 +647,7 @@ static int crb_acpi_add(struct acpi_device *device) chip->acpi_dev_handle = device->handle; chip->flags = TPM_CHIP_FLAG_TPM2; - rc = __crb_request_locality(dev, priv, 0); - if (rc) - return rc; - - rc = crb_cmd_ready(dev, priv); - if (rc) - goto out; - - pm_runtime_get_noresume(dev); - pm_runtime_set_active(dev); - pm_runtime_enable(dev); - - rc = tpm_chip_register(chip); - if (rc) { - crb_go_idle(dev, priv); - pm_runtime_put_noidle(dev); - pm_runtime_disable(dev); - goto out; - } - - pm_runtime_put_sync(dev); - -out: - __crb_relinquish_locality(dev, priv, 0); - - return rc; + return tpm_chip_register(chip); } static int crb_acpi_remove(struct acpi_device *device) @@ -663,52 +657,11 @@ static int crb_acpi_remove(struct acpi_device *device) tpm_chip_unregister(chip); - pm_runtime_disable(dev); - return 0; } -static int __maybe_unused crb_pm_runtime_suspend(struct device *dev) -{ - struct tpm_chip *chip = dev_get_drvdata(dev); - struct crb_priv *priv = dev_get_drvdata(&chip->dev); - - return crb_go_idle(dev, priv); -} - -static int __maybe_unused crb_pm_runtime_resume(struct device *dev) -{ - struct tpm_chip *chip = dev_get_drvdata(dev); - struct crb_priv *priv = dev_get_drvdata(&chip->dev); - - return crb_cmd_ready(dev, priv); -} - -static int __maybe_unused crb_pm_suspend(struct device *dev) -{ - int ret; - - ret = tpm_pm_suspend(dev); - if (ret) - return ret; - - return crb_pm_runtime_suspend(dev); -} - -static int __maybe_unused crb_pm_resume(struct device *dev) -{ - int ret; - - ret = crb_pm_runtime_resume(dev); - if (ret) - return ret; - - return tpm_pm_resume(dev); -} - static const struct dev_pm_ops crb_pm = { - SET_SYSTEM_SLEEP_PM_OPS(crb_pm_suspend, crb_pm_resume) - SET_RUNTIME_PM_OPS(crb_pm_runtime_suspend, crb_pm_runtime_resume, NULL) + SET_SYSTEM_SLEEP_PM_OPS(tpm_pm_suspend, tpm_pm_resume) }; static const struct acpi_device_id crb_device_ids[] = { diff --git a/drivers/char/tpm/tpm_vtpm_proxy.c b/drivers/char/tpm/tpm_vtpm_proxy.c index e4f79f920450..87a0ce47f201 100644 --- a/drivers/char/tpm/tpm_vtpm_proxy.c +++ b/drivers/char/tpm/tpm_vtpm_proxy.c @@ -418,7 +418,7 @@ static int vtpm_proxy_request_locality(struct tpm_chip *chip, int locality) proxy_dev->state |= STATE_DRIVER_COMMAND; rc = tpm_transmit_cmd(chip, NULL, buf.data, tpm_buf_length(&buf), 0, - TPM_TRANSMIT_UNLOCKED | TPM_TRANSMIT_RAW, + TPM_TRANSMIT_NESTED, "attempting to set locality"); proxy_dev->state &= ~STATE_DRIVER_COMMAND; diff --git a/include/linux/tpm.h b/include/linux/tpm.h index 06639fb6ab85..8eb5e5ebe136 100644 --- a/include/linux/tpm.h +++ b/include/linux/tpm.h @@ -43,6 +43,8 @@ struct tpm_class_ops { u8 (*status) (struct tpm_chip *chip); bool (*update_timeouts)(struct tpm_chip *chip, unsigned long *timeout_cap); + int (*go_idle)(struct tpm_chip *chip); + int (*cmd_ready)(struct tpm_chip *chip); int (*request_locality)(struct tpm_chip *chip, int loc); int (*relinquish_locality)(struct tpm_chip *chip, int loc); void (*clk_enable)(struct tpm_chip *chip, bool value); -- 2.14.4

7 years, 2 months

3
9
0 0

Re: Patch "x86/platform/UV: Use new set memory block size function" has been added to the 4.14-stable tree

by Mike Travis

Until the original patch that adds the set_memory_block_size_order() function is added, then the following two patches should also not be applied. In fact I'm surprised it built with that function undefined. Thanks, Mike On 6/27/2018 7:08 PM, gregkh(a)linuxfoundation.org wrote: > > This is a note to let you know that I've just added the patch titled > > x86/platform/UV: Use new set memory block size function > > to the 4.14-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > x86-platform-uv-use-new-set-memory-block-size-function.patch > and it can be found in the queue-4.14 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > > From bbbd2b51a2aa0d76b3676271e216cf3647773397 Mon Sep 17 00:00:00 2001 > From: "mike.travis(a)hpe.com" <mike.travis(a)hpe.com> > Date: Thu, 24 May 2018 15:17:13 -0500 > Subject: x86/platform/UV: Use new set memory block size function > > From: mike.travis(a)hpe.com <mike.travis(a)hpe.com> > > commit bbbd2b51a2aa0d76b3676271e216cf3647773397 upstream. > > Add a call to the new function to "adjust" the current fixed UV memory > block size of 2GB so it can be changed to a different physical boundary. > This accommodates changes in the Intel BIOS, and therefore UV BIOS, > which now can align boundaries different than the previous UV standard > of 2GB. It also flags any UV Global Address boundaries from BIOS that > cause a change in the mem block size (boundary). > > The current boundary of 2GB has been used on UV since the first system > release in 2009 with Linux 2.6 and has worked fine. But the new NVDIMM > persistent memory modules (PMEM), along with the Intel BIOS changes to > support these modules caused the memory block size boundary to be set > to a lower limit. Intel only guarantees that this minimum boundary at > 64MB though the current Linux limit is 128MB. > > Note that the default remains 2GB if no changes occur. > > Signed-off-by: Mike Travis <mike.travis(a)hpe.com> > Reviewed-by: Andrew Banman <andrew.banman(a)hpe.com> > Cc: Andrew Morton <akpm(a)linux-foundation.org> > Cc: Dimitri Sivanich <dimitri.sivanich(a)hpe.com> > Cc: Linus Torvalds <torvalds(a)linux-foundation.org> > Cc: Peter Zijlstra <peterz(a)infradead.org> > Cc: Russ Anderson <russ.anderson(a)hpe.com> > Cc: Thomas Gleixner <tglx(a)linutronix.de> > Cc: dan.j.williams(a)intel.com > Cc: jgross(a)suse.com > Cc: kirill.shutemov(a)linux.intel.com > Cc: mhocko(a)suse.com > Cc: stable(a)vger.kernel.org > Link: https://lkml.kernel.org/lkml/20180524201711.732785782@stormcage.americas.sg… > Signed-off-by: Ingo Molnar <mingo(a)kernel.org> > Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> > > --- > arch/x86/kernel/apic/x2apic_uv_x.c | 49 ++++++++++++++++++++++++++++++++++--- > 1 file changed, 46 insertions(+), 3 deletions(-) > > --- a/arch/x86/kernel/apic/x2apic_uv_x.c > +++ b/arch/x86/kernel/apic/x2apic_uv_x.c > @@ -26,6 +26,7 @@ > #include <linux/delay.h> > #include <linux/crash_dump.h> > #include <linux/reboot.h> > +#include <linux/memory.h> > > #include <asm/uv/uv_mmrs.h> > #include <asm/uv/uv_hub.h> > @@ -346,6 +347,40 @@ extern int uv_hub_info_version(void) > } > EXPORT_SYMBOL(uv_hub_info_version); > > +/* Default UV memory block size is 2GB */ > +static unsigned long mem_block_size = (2UL << 30); > + > +static __init int adj_blksize(u32 lgre) > +{ > + unsigned long base = (unsigned long)lgre << UV_GAM_RANGE_SHFT; > + unsigned long size; > + > + for (size = mem_block_size; size > MIN_MEMORY_BLOCK_SIZE; size >>= 1) > + if (IS_ALIGNED(base, size)) > + break; > + > + if (size >= mem_block_size) > + return 0; > + > + mem_block_size = size; > + return 1; > +} > + > +static __init void set_block_size(void) > +{ > + unsigned int order = ffs(mem_block_size); > + > + if (order) { > + /* adjust for ffs return of 1..64 */ > + set_memory_block_size_order(order - 1); > + pr_info("UV: mem_block_size set to 0x%lx\n", mem_block_size); > + } else { > + /* bad or zero value, default to 1UL << 31 (2GB) */ > + pr_err("UV: mem_block_size error with 0x%lx\n", mem_block_size); > + set_memory_block_size_order(31); > + } > +} > + > /* Build GAM range lookup table: */ > static __init void build_uv_gr_table(void) > { > @@ -1144,23 +1179,30 @@ static void __init decode_gam_rng_tbl(un > << UV_GAM_RANGE_SHFT); > int order = 0; > char suffix[] = " KMGTPE"; > + int flag = ' '; > > while (size > 9999 && order < sizeof(suffix)) { > size /= 1024; > order++; > } > > + /* adjust max block size to current range start */ > + if (gre->type == 1 || gre->type == 2) > + if (adj_blksize(lgre)) > + flag = '*'; > + > if (!index) { > pr_info("UV: GAM Range Table...\n"); > - pr_info("UV: # %20s %14s %5s %4s %5s %3s %2s\n", "Range", "", "Size", "Type", "NASID", "SID", "PN"); > + pr_info("UV: # %20s %14s %6s %4s %5s %3s %2s\n", "Range", "", "Size", "Type", "NASID", "SID", "PN"); > } > - pr_info("UV: %2d: 0x%014lx-0x%014lx %5lu%c %3d %04x %02x %02x\n", > + pr_info("UV: %2d: 0x%014lx-0x%014lx%c %5lu%c %3d %04x %02x %02x\n", > index++, > (unsigned long)lgre << UV_GAM_RANGE_SHFT, > (unsigned long)gre->limit << UV_GAM_RANGE_SHFT, > - size, suffix[order], > + flag, size, suffix[order], > gre->type, gre->nasid, gre->sockid, gre->pnode); > > + /* update to next range start */ > lgre = gre->limit; > if (sock_min > gre->sockid) > sock_min = gre->sockid; > @@ -1391,6 +1433,7 @@ static void __init uv_system_init_hub(vo > > build_socket_tables(); > build_uv_gr_table(); > + set_block_size(); > uv_init_hub_info(&hub_info); > uv_possible_blades = num_possible_nodes(); > if (!_node_to_pnode) > > > Patches currently in stable-queue which might be from mike.travis(a)hpe.com are > > queue-4.14/x86-platform-uv-add-kernel-parameter-to-set-memory-block-size.patch > queue-4.14/x86-platform-uv-use-new-set-memory-block-size-function.patch >

7 years, 2 months

2
1
0 0

patch "serdev: fix memleak on module unload" added to tty-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled serdev: fix memleak on module unload to my tty git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git in the tty-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From bc6cf3669d22371f573ab0305b3abf13887c0786 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan(a)kernel.org> Date: Wed, 13 Jun 2018 17:08:59 +0200 Subject: serdev: fix memleak on module unload Make sure to free all resources associated with the ida on module exit. Fixes: cd6484e1830b ("serdev: Introduce new bus for serial attached devices") Cc: stable <stable(a)vger.kernel.org> # 4.11 Signed-off-by: Johan Hovold <johan(a)kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/tty/serdev/core.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/tty/serdev/core.c b/drivers/tty/serdev/core.c index df93b727e984..9e59f4788589 100644 --- a/drivers/tty/serdev/core.c +++ b/drivers/tty/serdev/core.c @@ -617,6 +617,7 @@ EXPORT_SYMBOL_GPL(__serdev_device_driver_register); static void __exit serdev_exit(void) { bus_unregister(&serdev_bus_type); + ida_destroy(&ctrl_ida); } module_exit(serdev_exit); -- 2.18.0

7 years, 2 months

1
0
0 0

patch "vt: prevent leaking uninitialized data to userspace via /dev/vcs*" added to tty-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled vt: prevent leaking uninitialized data to userspace via /dev/vcs* to my tty git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git in the tty-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 21eff69aaaa0e766ca0ce445b477698dc6a9f55a Mon Sep 17 00:00:00 2001 From: Alexander Potapenko <glider(a)google.com> Date: Thu, 14 Jun 2018 12:23:09 +0200 Subject: vt: prevent leaking uninitialized data to userspace via /dev/vcs* KMSAN reported an infoleak when reading from /dev/vcs*: BUG: KMSAN: kernel-infoleak in vcs_read+0x18ba/0x1cc0 Call Trace: ... kmsan_copy_to_user+0x7a/0x160 mm/kmsan/kmsan.c:1253 copy_to_user ./include/linux/uaccess.h:184 vcs_read+0x18ba/0x1cc0 drivers/tty/vt/vc_screen.c:352 __vfs_read+0x1b2/0x9d0 fs/read_write.c:416 vfs_read+0x36c/0x6b0 fs/read_write.c:452 ... Uninit was created at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:279 kmsan_internal_poison_shadow+0xb8/0x1b0 mm/kmsan/kmsan.c:189 kmsan_kmalloc+0x94/0x100 mm/kmsan/kmsan.c:315 __kmalloc+0x13a/0x350 mm/slub.c:3818 kmalloc ./include/linux/slab.h:517 vc_allocate+0x438/0x800 drivers/tty/vt/vt.c:787 con_install+0x8c/0x640 drivers/tty/vt/vt.c:2880 tty_driver_install_tty drivers/tty/tty_io.c:1224 tty_init_dev+0x1b5/0x1020 drivers/tty/tty_io.c:1324 tty_open_by_driver drivers/tty/tty_io.c:1959 tty_open+0x17b4/0x2ed0 drivers/tty/tty_io.c:2007 chrdev_open+0xc25/0xd90 fs/char_dev.c:417 do_dentry_open+0xccc/0x1440 fs/open.c:794 vfs_open+0x1b6/0x2f0 fs/open.c:908 ... Bytes 0-79 of 240 are uninitialized Consistently allocating |vc_screenbuf| with kzalloc() fixes the problem Reported-by: syzbot+17a8efdf800000(a)syzkaller.appspotmail.com Signed-off-by: Alexander Potapenko <glider(a)google.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/tty/vt/vt.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/tty/vt/vt.c b/drivers/tty/vt/vt.c index 1eb1a376a041..15eb6c829d39 100644 --- a/drivers/tty/vt/vt.c +++ b/drivers/tty/vt/vt.c @@ -784,7 +784,7 @@ int vc_allocate(unsigned int currcons) /* return 0 on success */ if (!*vc->vc_uni_pagedir_loc) con_set_default_unimap(vc); - vc->vc_screenbuf = kmalloc(vc->vc_screenbuf_size, GFP_KERNEL); + vc->vc_screenbuf = kzalloc(vc->vc_screenbuf_size, GFP_KERNEL); if (!vc->vc_screenbuf) goto err_free; @@ -871,7 +871,7 @@ static int vc_do_resize(struct tty_struct *tty, struct vc_data *vc, if (new_screen_size > (4 << 20)) return -EINVAL; - newscreen = kmalloc(new_screen_size, GFP_USER); + newscreen = kzalloc(new_screen_size, GFP_USER); if (!newscreen) return -ENOMEM; -- 2.18.0

7 years, 2 months

1
0
0 0

patch "serial: 8250_pci: Remove stalled entries in blacklist" added to tty-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled serial: 8250_pci: Remove stalled entries in blacklist to my tty git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git in the tty-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 20dcff436e9fcd2e106b0ccc48a52206bc176d70 Mon Sep 17 00:00:00 2001 From: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Date: Wed, 6 Jun 2018 21:00:41 +0300 Subject: serial: 8250_pci: Remove stalled entries in blacklist After the commit 7d8905d06405 ("serial: 8250_pci: Enable device after we check black list") pure serial multi-port cards, such as CH355, got blacklisted and thus not being enumerated anymore. Previously, it seems, blacklisting them was on purpose to shut up pciserial_init_one() about record duplication. So, remove the entries from blacklist in order to get cards enumerated. Fixes: 7d8905d06405 ("serial: 8250_pci: Enable device after we check black list") Reported-by: Matt Turner <mattst88(a)gmail.com> Cc: Sergej Pupykin <ml(a)sergej.pp.ru> Cc: Alexandr Petrenko <petrenkoas83(a)gmail.com> Signed-off-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Reviewed-and-Tested-by: Matt Turner <mattst88(a)gmail.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/tty/serial/8250/8250_pci.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/drivers/tty/serial/8250/8250_pci.c b/drivers/tty/serial/8250/8250_pci.c index 3296a05cda2d..f80a300b5d68 100644 --- a/drivers/tty/serial/8250/8250_pci.c +++ b/drivers/tty/serial/8250/8250_pci.c @@ -3339,9 +3339,7 @@ static const struct pci_device_id blacklist[] = { /* multi-io cards handled by parport_serial */ { PCI_DEVICE(0x4348, 0x7053), }, /* WCH CH353 2S1P */ { PCI_DEVICE(0x4348, 0x5053), }, /* WCH CH353 1S1P */ - { PCI_DEVICE(0x4348, 0x7173), }, /* WCH CH355 4S */ { PCI_DEVICE(0x1c00, 0x3250), }, /* WCH CH382 2S1P */ - { PCI_DEVICE(0x1c00, 0x3470), }, /* WCH CH384 4S */ /* Moxa Smartio MUE boards handled by 8250_moxa */ { PCI_VDEVICE(MOXA, 0x1024), }, -- 2.18.0

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] x86/platform/UV: Add adjustable set memory block size" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From f642fb5864a6e3645edce6f85ffe7b44d5e9b990 Mon Sep 17 00:00:00 2001 From: "mike.travis(a)hpe.com" <mike.travis(a)hpe.com> Date: Thu, 24 May 2018 15:17:12 -0500 Subject: [PATCH] x86/platform/UV: Add adjustable set memory block size function Add a new function to "adjust" the current fixed UV memory block size of 2GB so it can be changed to a different physical boundary. This is out of necessity so arch dependent code can accommodate specific BIOS requirements which can align these new PMEM modules at less than the default boundaries. A "set order" type of function was used to insure that the memory block size will be a power of two value without requiring a validity check. 64GB was chosen as the upper limit for memory block size values to accommodate upcoming 4PB systems which have 6 more bits of physical address space (46 becoming 52). Signed-off-by: Mike Travis <mike.travis(a)hpe.com> Reviewed-by: Andrew Banman <andrew.banman(a)hpe.com> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Dimitri Sivanich <dimitri.sivanich(a)hpe.com> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Russ Anderson <russ.anderson(a)hpe.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: dan.j.williams(a)intel.com Cc: jgross(a)suse.com Cc: kirill.shutemov(a)linux.intel.com Cc: mhocko(a)suse.com Cc: stable(a)vger.kernel.org Link: https://lkml.kernel.org/lkml/20180524201711.609546602@stormcage.americas.sg… Signed-off-by: Ingo Molnar <mingo(a)kernel.org> diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c index 0a400606dea0..20d8bf5fbceb 100644 --- a/arch/x86/mm/init_64.c +++ b/arch/x86/mm/init_64.c @@ -1350,16 +1350,28 @@ int kern_addr_valid(unsigned long addr) /* Amount of ram needed to start using large blocks */ #define MEM_SIZE_FOR_LARGE_BLOCK (64UL << 30) +/* Adjustable memory block size */ +static unsigned long set_memory_block_size; +int __init set_memory_block_size_order(unsigned int order) +{ + unsigned long size = 1UL << order; + + if (size > MEM_SIZE_FOR_LARGE_BLOCK || size < MIN_MEMORY_BLOCK_SIZE) + return -EINVAL; + + set_memory_block_size = size; + return 0; +} + static unsigned long probe_memory_block_size(void) { unsigned long boot_mem_end = max_pfn << PAGE_SHIFT; unsigned long bz; - /* If this is UV system, always set 2G block size */ - if (is_uv_system()) { - bz = MAX_BLOCK_SIZE; + /* If memory block size has been set, then use it */ + bz = set_memory_block_size; + if (bz) goto done; - } /* Use regular block if RAM is smaller than MEM_SIZE_FOR_LARGE_BLOCK */ if (boot_mem_end < MEM_SIZE_FOR_LARGE_BLOCK) { diff --git a/include/linux/memory.h b/include/linux/memory.h index 31ca3e28b0eb..a6ddefc60517 100644 --- a/include/linux/memory.h +++ b/include/linux/memory.h @@ -38,6 +38,7 @@ struct memory_block { int arch_get_memory_phys_device(unsigned long start_pfn); unsigned long memory_block_size_bytes(void); +int set_memory_block_size_order(unsigned int order); /* These states are exposed to userspace as text strings in sysfs */ #define MEM_ONLINE (1<<0) /* exposed to userspace */

7 years, 2 months

2
1
0 0

FAILED: patch "[PATCH] mm, page_alloc: do not break __GFP_THISNODE by zonelist reset" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 7810e6781e0fcbca78b91cf65053f895bf59e85f Mon Sep 17 00:00:00 2001 From: Vlastimil Babka <vbabka(a)suse.cz> Date: Thu, 7 Jun 2018 17:09:29 -0700 Subject: [PATCH] mm, page_alloc: do not break __GFP_THISNODE by zonelist reset In __alloc_pages_slowpath() we reset zonelist and preferred_zoneref for allocations that can ignore memory policies. The zonelist is obtained from current CPU's node. This is a problem for __GFP_THISNODE allocations that want to allocate on a different node, e.g. because the allocating thread has been migrated to a different CPU. This has been observed to break SLAB in our 4.4-based kernel, because there it relies on __GFP_THISNODE working as intended. If a slab page is put on wrong node's list, then further list manipulations may corrupt the list because page_to_nid() is used to determine which node's list_lock should be locked and thus we may take a wrong lock and race. Current SLAB implementation seems to be immune by luck thanks to commit 511e3a058812 ("mm/slab: make cache_grow() handle the page allocated on arbitrary node") but there may be others assuming that __GFP_THISNODE works as promised. We can fix it by simply removing the zonelist reset completely. There is actually no reason to reset it, because memory policies and cpusets don't affect the zonelist choice in the first place. This was different when commit 183f6371aac2 ("mm: ignore mempolicies when using ALLOC_NO_WATERMARK") introduced the code, as mempolicies provided their own restricted zonelists. We might consider this for 4.17 although I don't know if there's anything currently broken. SLAB is currently not affected, but in kernels older than 4.7 that don't yet have 511e3a058812 ("mm/slab: make cache_grow() handle the page allocated on arbitrary node") it is. That's at least 4.4 LTS. Older ones I'll have to check. So stable backports should be more important, but will have to be reviewed carefully, as the code went through many changes. BTW I think that also the ac->preferred_zoneref reset is currently useless if we don't also reset ac->nodemask from a mempolicy to NULL first (which we probably should for the OOM victims etc?), but I would leave that for a separate patch. Link: http://lkml.kernel.org/r/20180525130853.13915-1-vbabka@suse.cz Signed-off-by: Vlastimil Babka <vbabka(a)suse.cz> Fixes: 183f6371aac2 ("mm: ignore mempolicies when using ALLOC_NO_WATERMARK") Acked-by: Mel Gorman <mgorman(a)techsingularity.net> Cc: Michal Hocko <mhocko(a)kernel.org> Cc: David Rientjes <rientjes(a)google.com> Cc: Joonsoo Kim <iamjoonsoo.kim(a)lge.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> diff --git a/mm/page_alloc.c b/mm/page_alloc.c index ef1811531999..07b3c23762ad 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -4169,7 +4169,6 @@ __alloc_pages_slowpath(gfp_t gfp_mask, unsigned int order, * orientated. */ if (!(alloc_flags & ALLOC_CPUSET) || reserve_flags) { - ac->zonelist = node_zonelist(numa_node_id(), gfp_mask); ac->preferred_zoneref = first_zones_zonelist(ac->zonelist, ac->high_zoneidx, ac->nodemask); }

7 years, 2 months

2
1
0 0

patch "n_tty: Access echo_* variables carefully." added to tty-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled n_tty: Access echo_* variables carefully. to my tty git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git in the tty-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From ebec3f8f5271139df618ebdf8427e24ba102ba94 Mon Sep 17 00:00:00 2001 From: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Date: Sat, 26 May 2018 09:53:14 +0900 Subject: n_tty: Access echo_* variables carefully. syzbot is reporting stalls at __process_echoes() [1]. This is because since ldata->echo_commit < ldata->echo_tail becomes true for some reason, the discard loop is serving as almost infinite loop. This patch tries to avoid falling into ldata->echo_commit < ldata->echo_tail situation by making access to echo_* variables more carefully. Since reset_buffer_flags() is called without output_lock held, it should not touch echo_* variables. And omit a call to reset_buffer_flags() from n_tty_open() by using vzalloc(). Since add_echo_byte() is called without output_lock held, it needs memory barrier between storing into echo_buf[] and incrementing echo_head counter. echo_buf() needs corresponding memory barrier before reading echo_buf[]. Lack of handling the possibility of not-yet-stored multi-byte operation might be the reason of falling into ldata->echo_commit < ldata->echo_tail situation, for if I do WARN_ON(ldata->echo_commit == tail + 1) prior to echo_buf(ldata, tail + 1), the WARN_ON() fires. Also, explicitly masking with buffer for the former "while" loop, and use ldata->echo_commit > tail for the latter "while" loop. [1] https://syzkaller.appspot.com/bug?id=17f23b094cd80df750e5b0f8982c521ee6bcbf… Signed-off-by: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Reported-by: syzbot <syzbot+108696293d7a21ab688f(a)syzkaller.appspotmail.com> Cc: Peter Hurley <peter(a)hurleysoftware.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/tty/n_tty.c | 42 ++++++++++++++++++++++++------------------ 1 file changed, 24 insertions(+), 18 deletions(-) diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c index b279f8730e04..431742201709 100644 --- a/drivers/tty/n_tty.c +++ b/drivers/tty/n_tty.c @@ -143,6 +143,7 @@ static inline unsigned char *read_buf_addr(struct n_tty_data *ldata, size_t i) static inline unsigned char echo_buf(struct n_tty_data *ldata, size_t i) { + smp_rmb(); /* Matches smp_wmb() in add_echo_byte(). */ return ldata->echo_buf[i & (N_TTY_BUF_SIZE - 1)]; } @@ -318,9 +319,7 @@ static inline void put_tty_queue(unsigned char c, struct n_tty_data *ldata) static void reset_buffer_flags(struct n_tty_data *ldata) { ldata->read_head = ldata->canon_head = ldata->read_tail = 0; - ldata->echo_head = ldata->echo_tail = ldata->echo_commit = 0; ldata->commit_head = 0; - ldata->echo_mark = 0; ldata->line_start = 0; ldata->erasing = 0; @@ -619,12 +618,19 @@ static size_t __process_echoes(struct tty_struct *tty) old_space = space = tty_write_room(tty); tail = ldata->echo_tail; - while (ldata->echo_commit != tail) { + while (MASK(ldata->echo_commit) != MASK(tail)) { c = echo_buf(ldata, tail); if (c == ECHO_OP_START) { unsigned char op; int no_space_left = 0; + /* + * Since add_echo_byte() is called without holding + * output_lock, we might see only portion of multi-byte + * operation. + */ + if (MASK(ldata->echo_commit) == MASK(tail + 1)) + goto not_yet_stored; /* * If the buffer byte is the start of a multi-byte * operation, get the next byte, which is either the @@ -636,6 +642,8 @@ static size_t __process_echoes(struct tty_struct *tty) unsigned int num_chars, num_bs; case ECHO_OP_ERASE_TAB: + if (MASK(ldata->echo_commit) == MASK(tail + 2)) + goto not_yet_stored; num_chars = echo_buf(ldata, tail + 2); /* @@ -730,7 +738,8 @@ static size_t __process_echoes(struct tty_struct *tty) /* If the echo buffer is nearly full (so that the possibility exists * of echo overrun before the next commit), then discard enough * data at the tail to prevent a subsequent overrun */ - while (ldata->echo_commit - tail >= ECHO_DISCARD_WATERMARK) { + while (ldata->echo_commit > tail && + ldata->echo_commit - tail >= ECHO_DISCARD_WATERMARK) { if (echo_buf(ldata, tail) == ECHO_OP_START) { if (echo_buf(ldata, tail + 1) == ECHO_OP_ERASE_TAB) tail += 3; @@ -740,6 +749,7 @@ static size_t __process_echoes(struct tty_struct *tty) tail++; } + not_yet_stored: ldata->echo_tail = tail; return old_space - space; } @@ -750,6 +760,7 @@ static void commit_echoes(struct tty_struct *tty) size_t nr, old, echoed; size_t head; + mutex_lock(&ldata->output_lock); head = ldata->echo_head; ldata->echo_mark = head; old = ldata->echo_commit - ldata->echo_tail; @@ -758,10 +769,12 @@ static void commit_echoes(struct tty_struct *tty) * is over the threshold (and try again each time another * block is accumulated) */ nr = head - ldata->echo_tail; - if (nr < ECHO_COMMIT_WATERMARK || (nr % ECHO_BLOCK > old % ECHO_BLOCK)) + if (nr < ECHO_COMMIT_WATERMARK || + (nr % ECHO_BLOCK > old % ECHO_BLOCK)) { + mutex_unlock(&ldata->output_lock); return; + } - mutex_lock(&ldata->output_lock); ldata->echo_commit = head; echoed = __process_echoes(tty); mutex_unlock(&ldata->output_lock); @@ -812,7 +825,9 @@ static void flush_echoes(struct tty_struct *tty) static inline void add_echo_byte(unsigned char c, struct n_tty_data *ldata) { - *echo_buf_addr(ldata, ldata->echo_head++) = c; + *echo_buf_addr(ldata, ldata->echo_head) = c; + smp_wmb(); /* Matches smp_rmb() in echo_buf(). */ + ldata->echo_head++; } /** @@ -1881,30 +1896,21 @@ static int n_tty_open(struct tty_struct *tty) struct n_tty_data *ldata; /* Currently a malloc failure here can panic */ - ldata = vmalloc(sizeof(*ldata)); + ldata = vzalloc(sizeof(*ldata)); if (!ldata) - goto err; + return -ENOMEM; ldata->overrun_time = jiffies; mutex_init(&ldata->atomic_read_lock); mutex_init(&ldata->output_lock); tty->disc_data = ldata; - reset_buffer_flags(tty->disc_data); - ldata->column = 0; - ldata->canon_column = 0; - ldata->num_overrun = 0; - ldata->no_room = 0; - ldata->lnext = 0; tty->closing = 0; /* indicate buffer work may resume */ clear_bit(TTY_LDISC_HALTED, &tty->flags); n_tty_set_termios(tty, NULL); tty_unthrottle(tty); - return 0; -err: - return -ENOMEM; } static inline int input_available_p(struct tty_struct *tty, int poll) -- 2.18.0

7 years, 2 months

1
0
0 0

patch "n_tty: Fix stall at n_tty_receive_char_special()." added to tty-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled n_tty: Fix stall at n_tty_receive_char_special(). to my tty git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git in the tty-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 3d63b7e4ae0dc5e02d28ddd2fa1f945defc68d81 Mon Sep 17 00:00:00 2001 From: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Date: Sat, 26 May 2018 09:53:13 +0900 Subject: n_tty: Fix stall at n_tty_receive_char_special(). syzbot is reporting stalls at n_tty_receive_char_special() [1]. This is because comparison is not working as expected since ldata->read_head can change at any moment. Mitigate this by explicitly masking with buffer size when checking condition for "while" loops. [1] https://syzkaller.appspot.com/bug?id=3d7481a346958d9469bebbeb0537d5f056bdd6… Signed-off-by: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Reported-by: syzbot <syzbot+18df353d7540aa6b5467(a)syzkaller.appspotmail.com> Fixes: bc5a5e3f45d04784 ("n_tty: Don't wrap input buffer indices at buffer size") Cc: stable <stable(a)vger.kernel.org> Cc: Peter Hurley <peter(a)hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/tty/n_tty.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c index cbe98bc2b998..b279f8730e04 100644 --- a/drivers/tty/n_tty.c +++ b/drivers/tty/n_tty.c @@ -124,6 +124,8 @@ struct n_tty_data { struct mutex output_lock; }; +#define MASK(x) ((x) & (N_TTY_BUF_SIZE - 1)) + static inline size_t read_cnt(struct n_tty_data *ldata) { return ldata->read_head - ldata->read_tail; @@ -978,14 +980,15 @@ static void eraser(unsigned char c, struct tty_struct *tty) } seen_alnums = 0; - while (ldata->read_head != ldata->canon_head) { + while (MASK(ldata->read_head) != MASK(ldata->canon_head)) { head = ldata->read_head; /* erase a single possibly multibyte character */ do { head--; c = read_buf(ldata, head); - } while (is_continuation(c, tty) && head != ldata->canon_head); + } while (is_continuation(c, tty) && + MASK(head) != MASK(ldata->canon_head)); /* do not partially erase */ if (is_continuation(c, tty)) @@ -1027,7 +1030,7 @@ static void eraser(unsigned char c, struct tty_struct *tty) * This info is used to go back the correct * number of columns. */ - while (tail != ldata->canon_head) { + while (MASK(tail) != MASK(ldata->canon_head)) { tail--; c = read_buf(ldata, tail); if (c == '\t') { @@ -1302,7 +1305,7 @@ n_tty_receive_char_special(struct tty_struct *tty, unsigned char c) finish_erasing(ldata); echo_char(c, tty); echo_char_raw('\n', ldata); - while (tail != ldata->read_head) { + while (MASK(tail) != MASK(ldata->read_head)) { echo_char(read_buf(ldata, tail), tty); tail++; } @@ -2411,7 +2414,7 @@ static unsigned long inq_canon(struct n_tty_data *ldata) tail = ldata->read_tail; nr = head - tail; /* Skip EOF-chars.. */ - while (head != tail) { + while (MASK(head) != MASK(tail)) { if (test_bit(tail & (N_TTY_BUF_SIZE - 1), ldata->read_flags) && read_buf(ldata, tail) == __DISABLED_CHAR) nr--; -- 2.18.0

7 years, 2 months

1
0
0 0

[git:media_tree/master] media: Revert "[media] tvp5150: fix pad format frame height"

by Mauro Carvalho Chehab

This is an automatic generated email to let you know that the following patch were queued: Subject: media: Revert "[media] tvp5150: fix pad format frame height" Author: Javier Martinez Canillas <javierm(a)redhat.com> Date: Sun Jun 10 16:43:02 2018 -0400 This reverts commit 0866df8dffd514185bfab0d205db76e4c02cf1e4. The v4l uAPI documentation [0] makes clear that in the case of interlaced video (i.e: field is V4L2_FIELD_ALTERNATE) the height refers to the number of lines in the field and not the number of lines in the full frame (which is twice the field height for interlaced formats). So the original height calculation was correct, and it shouldn't had been changed by the mentioned commit. [0]:https://linuxtv.org/downloads/v4l-dvb-apis/uapi/v4l/subdev-formats.html Fixes: 0866df8dffd5 ("[media] tvp5150: fix pad format frame height") Signed-off-by: Javier Martinez Canillas <javierm(a)redhat.com> Cc: <stable(a)vger.kernel.org> # for v4.12 and up Signed-off-by: Hans Verkuil <hans.verkuil(a)cisco.com> Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> drivers/media/i2c/tvp5150.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- diff --git a/drivers/media/i2c/tvp5150.c b/drivers/media/i2c/tvp5150.c index b162c2fe62c3..76e6bed5a1da 100644 --- a/drivers/media/i2c/tvp5150.c +++ b/drivers/media/i2c/tvp5150.c @@ -872,7 +872,7 @@ static int tvp5150_fill_fmt(struct v4l2_subdev *sd, f = &format->format; f->width = decoder->rect.width; - f->height = decoder->rect.height; + f->height = decoder->rect.height / 2; f->code = MEDIA_BUS_FMT_UYVY8_2X8; f->field = V4L2_FIELD_ALTERNATE;

7 years, 2 months

1
0
0 0

Applied "spi: pxa2xx: Add support for Intel Ice Lake" to the spi tree

by Mark Brown

The patch spi: pxa2xx: Add support for Intel Ice Lake has been applied to the spi tree at https://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi.git All being well this means that it will be integrated into the linux-next tree (usually sometime in the next 24 hours) and sent to Linus during the next merge window (or sooner if it is a bug fix), however if problems are discovered then the patch may be dropped or reverted. You may get further e-mails resulting from automated or manual testing and review of the tree, please engage with people reporting problems and send followup patches addressing any issues that are reported if needed. If any updates are required or you are submitting further changes they should be sent as incremental updates against current git, existing patches will not be replaced. Please add any relevant lists and maintainers to the CCs when replying to this mail. Thanks, Mark >From 22d71a5097ec7059b6cbbee678a4f88484695941 Mon Sep 17 00:00:00 2001 From: Mika Westerberg <mika.westerberg(a)linux.intel.com> Date: Thu, 28 Jun 2018 13:52:23 +0300 Subject: [PATCH] spi: pxa2xx: Add support for Intel Ice Lake Intel Ice Lake SPI host controller follows the Intel Cannon Lake but the PCI IDs are different. Add the new PCI IDs to the driver supported devices list. Signed-off-by: Mika Westerberg <mika.westerberg(a)linux.intel.com> Signed-off-by: Jarkko Nikula <jarkko.nikula(a)linux.intel.com> Signed-off-by: Mark Brown <broonie(a)kernel.org> Cc: stable(a)vger.kernel.org --- drivers/spi/spi-pxa2xx.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/spi/spi-pxa2xx.c b/drivers/spi/spi-pxa2xx.c index 0b2d60d30f69..14f4ea59caff 100644 --- a/drivers/spi/spi-pxa2xx.c +++ b/drivers/spi/spi-pxa2xx.c @@ -1391,6 +1391,10 @@ static const struct pci_device_id pxa2xx_spi_pci_compound_match[] = { { PCI_VDEVICE(INTEL, 0x31c2), LPSS_BXT_SSP }, { PCI_VDEVICE(INTEL, 0x31c4), LPSS_BXT_SSP }, { PCI_VDEVICE(INTEL, 0x31c6), LPSS_BXT_SSP }, + /* ICL-LP */ + { PCI_VDEVICE(INTEL, 0x34aa), LPSS_CNL_SSP }, + { PCI_VDEVICE(INTEL, 0x34ab), LPSS_CNL_SSP }, + { PCI_VDEVICE(INTEL, 0x34fb), LPSS_CNL_SSP }, /* APL */ { PCI_VDEVICE(INTEL, 0x5ac2), LPSS_BXT_SSP }, { PCI_VDEVICE(INTEL, 0x5ac4), LPSS_BXT_SSP }, -- 2.18.0.rc2

7 years, 2 months

1
0
0 0

[PATCH 3/4] crypto: ccree: fix iv handling

by Gilad Ben-Yossef

We were copying our last cipher block into the request for use as IV for all modes of operations. Fix this by discerning the behaviour based on the mode of operation used: copy ciphertext for CBC, update counter for CTR. CC: stable(a)vger.kernel.org Fixes: 63ee04c8b491 ("crypto: ccree - add skcipher support") Reported by: Hadar Gat <hadar.gat(a)arm.com> Signed-off-by: Gilad Ben-Yossef <gilad(a)benyossef.com> --- drivers/crypto/ccree/cc_cipher.c | 111 +++++++++++++++++++++++++++++---------- 1 file changed, 84 insertions(+), 27 deletions(-) diff --git a/drivers/crypto/ccree/cc_cipher.c b/drivers/crypto/ccree/cc_cipher.c index d2810c1..3af44a5 100644 --- a/drivers/crypto/ccree/cc_cipher.c +++ b/drivers/crypto/ccree/cc_cipher.c @@ -593,34 +593,82 @@ static void cc_setup_cipher_data(struct crypto_tfm *tfm, } } +/* + * Update a CTR-AES 128 bit counter + */ +void cc_update_ctr(u8 *ctr, unsigned int increment) +{ + if (IS_ENABLED(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) || + IS_ALIGNED((unsigned long)ctr, 8)) { + + __be64 *high_be = (__be64 *)ctr; + __be64 *low_be = high_be + 1; + u64 orig_low = __be64_to_cpu(*low_be); + u64 new_low = orig_low + (u64)increment; + + *low_be = __cpu_to_be64(new_low); + + if (new_low < orig_low) + *high_be = __cpu_to_be64(__be64_to_cpu(*high_be) + 1); + } else { + u8 *pos = (ctr + AES_BLOCK_SIZE); + u8 val; + unsigned int size; + + for (; increment; increment--) + for (size = AES_BLOCK_SIZE; size; size--) { + val = *--pos + 1; + *pos = val; + if (val) + break; + } + } +} + static void cc_cipher_complete(struct device *dev, void *cc_req, int err) { struct skcipher_request *req = (struct skcipher_request *)cc_req; struct scatterlist *dst = req->dst; struct scatterlist *src = req->src; struct cipher_req_ctx *req_ctx = skcipher_request_ctx(req); - struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); - unsigned int ivsize = crypto_skcipher_ivsize(tfm); + struct crypto_skcipher *sk_tfm = crypto_skcipher_reqtfm(req); + struct crypto_tfm *tfm = crypto_skcipher_tfm(sk_tfm); + struct cc_cipher_ctx *ctx_p = crypto_tfm_ctx(tfm); + unsigned int ivsize = crypto_skcipher_ivsize(sk_tfm); + unsigned int len; - cc_unmap_cipher_request(dev, req_ctx, ivsize, src, dst); - kzfree(req_ctx->iv); + switch (ctx_p->cipher_mode) { + case DRV_CIPHER_CBC: + /* + * The crypto API expects us to set the req->iv to the last + * ciphertext block. For encrypt, simply copy from the result. + * For decrypt, we must copy from a saved buffer since this + * could be an in-place decryption operation and the src is + * lost by this point. + */ + if (req_ctx->gen_ctx.op_type == DRV_CRYPTO_DIRECTION_DECRYPT) { + memcpy(req->iv, req_ctx->backup_info, ivsize); + kzfree(req_ctx->backup_info); + } else if (!err) { + len = req->cryptlen - ivsize; + scatterwalk_map_and_copy(req->iv, req->dst, len, + ivsize, 0); + } + break; - /* - * The crypto API expects us to set the req->iv to the last - * ciphertext block. For encrypt, simply copy from the result. - * For decrypt, we must copy from a saved buffer since this - * could be an in-place decryption operation and the src is - * lost by this point. - */ - if (req_ctx->gen_ctx.op_type == DRV_CRYPTO_DIRECTION_DECRYPT) { - memcpy(req->iv, req_ctx->backup_info, ivsize); - kzfree(req_ctx->backup_info); - } else if (!err) { - scatterwalk_map_and_copy(req->iv, req->dst, - (req->cryptlen - ivsize), - ivsize, 0); + case DRV_CIPHER_CTR: + /* Compute the counter of the last block */ + len = ALIGN(req->cryptlen, AES_BLOCK_SIZE) / AES_BLOCK_SIZE; + cc_update_ctr((u8 *)req->iv, len); + break; + + default: + break; } + cc_unmap_cipher_request(dev, req_ctx, ivsize, src, dst); + kzfree(req_ctx->iv); + skcipher_request_complete(req, err); } @@ -752,20 +800,29 @@ static int cc_cipher_encrypt(struct skcipher_request *req) static int cc_cipher_decrypt(struct skcipher_request *req) { struct crypto_skcipher *sk_tfm = crypto_skcipher_reqtfm(req); + struct crypto_tfm *tfm = crypto_skcipher_tfm(sk_tfm); + struct cc_cipher_ctx *ctx_p = crypto_tfm_ctx(tfm); struct cipher_req_ctx *req_ctx = skcipher_request_ctx(req); unsigned int ivsize = crypto_skcipher_ivsize(sk_tfm); gfp_t flags = cc_gfp_flags(&req->base); + unsigned int len; - /* - * Allocate and save the last IV sized bytes of the source, which will - * be lost in case of in-place decryption and might be needed for CTS. - */ - req_ctx->backup_info = kmalloc(ivsize, flags); - if (!req_ctx->backup_info) - return -ENOMEM; + if (ctx_p->cipher_mode == DRV_CIPHER_CBC) { + + /* Allocate and save the last IV sized bytes of the source, + * which will be lost in case of in-place decryption. + */ + req_ctx->backup_info = kzalloc(ivsize, flags); + if (!req_ctx->backup_info) + return -ENOMEM; + + len = req->cryptlen - ivsize; + scatterwalk_map_and_copy(req_ctx->backup_info, req->src, len, + ivsize, 0); + } else { + req_ctx->backup_info = NULL; + } - scatterwalk_map_and_copy(req_ctx->backup_info, req->src, - (req->cryptlen - ivsize), ivsize, 0); req_ctx->is_giv = false; return cc_cipher_process(req, DRV_CRYPTO_DIRECTION_DECRYPT); -- 2.7.4

7 years, 2 months

3
2
0 0

Applied "ASoC: dpcm: don't merge format from invalid codec dai" to the asoc tree

by Mark Brown

The patch ASoC: dpcm: don't merge format from invalid codec dai has been applied to the asoc tree at https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound.git All being well this means that it will be integrated into the linux-next tree (usually sometime in the next 24 hours) and sent to Linus during the next merge window (or sooner if it is a bug fix), however if problems are discovered then the patch may be dropped or reverted. You may get further e-mails resulting from automated or manual testing and review of the tree, please engage with people reporting problems and send followup patches addressing any issues that are reported if needed. If any updates are required or you are submitting further changes they should be sent as incremental updates against current git, existing patches will not be replaced. Please add any relevant lists and maintainers to the CCs when replying to this mail. Thanks, Mark >From 4febced15ac8ddb9cf3e603edb111842e4863d9a Mon Sep 17 00:00:00 2001 From: Jerome Brunet <jbrunet(a)baylibre.com> Date: Wed, 27 Jun 2018 17:36:38 +0200 Subject: [PATCH] ASoC: dpcm: don't merge format from invalid codec dai When merging codec formats, dpcm_runtime_base_format() should skip the codecs which are not supporting the current stream direction. At the moment, if a BE link has more than one codec, and only one of these codecs has no capture DAI, it becomes impossible to start a capture stream because the merged format would be 0. Skipping invalid codec DAI solves the problem. Fixes: b073ed4e2126 ("ASoC: soc-pcm: DPCM cares BE format") Signed-off-by: Jerome Brunet <jbrunet(a)baylibre.com> Signed-off-by: Mark Brown <broonie(a)kernel.org> Cc: stable(a)vger.kernel.org --- sound/soc/soc-pcm.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/sound/soc/soc-pcm.c b/sound/soc/soc-pcm.c index 5e7ae47a9658..5feae9666822 100644 --- a/sound/soc/soc-pcm.c +++ b/sound/soc/soc-pcm.c @@ -1694,6 +1694,14 @@ static u64 dpcm_runtime_base_format(struct snd_pcm_substream *substream) int i; for (i = 0; i < be->num_codecs; i++) { + /* + * Skip CODECs which don't support the current stream + * type. See soc_pcm_init_runtime_hw() for more details + */ + if (!snd_soc_dai_stream_valid(be->codec_dais[i], + stream)) + continue; + codec_dai_drv = be->codec_dais[i]->driver; if (stream == SNDRV_PCM_STREAM_PLAYBACK) codec_stream = &codec_dai_drv->playback; -- 2.18.0.rc2

7 years, 2 months

1
0
0 0

patch "USB: serial: cp210x: add CESINEL device ids" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled USB: serial: cp210x: add CESINEL device ids to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 24160628a34af962ac99f2f58e547ac3c4cbd26f Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan(a)kernel.org> Date: Mon, 18 Jun 2018 10:24:03 +0200 Subject: USB: serial: cp210x: add CESINEL device ids Add device ids for CESINEL products. Reported-by: Carlos Barcala Lara <cabl(a)cesinel.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/usb/serial/cp210x.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/drivers/usb/serial/cp210x.c b/drivers/usb/serial/cp210x.c index 14cf657247b6..ee0cc1d90b51 100644 --- a/drivers/usb/serial/cp210x.c +++ b/drivers/usb/serial/cp210x.c @@ -95,6 +95,9 @@ static const struct usb_device_id id_table[] = { { USB_DEVICE(0x10C4, 0x8156) }, /* B&G H3000 link cable */ { USB_DEVICE(0x10C4, 0x815E) }, /* Helicomm IP-Link 1220-DVM */ { USB_DEVICE(0x10C4, 0x815F) }, /* Timewave HamLinkUSB */ + { USB_DEVICE(0x10C4, 0x817C) }, /* CESINEL MEDCAL N Power Quality Monitor */ + { USB_DEVICE(0x10C4, 0x817D) }, /* CESINEL MEDCAL NT Power Quality Monitor */ + { USB_DEVICE(0x10C4, 0x817E) }, /* CESINEL MEDCAL S Power Quality Monitor */ { USB_DEVICE(0x10C4, 0x818B) }, /* AVIT Research USB to TTL */ { USB_DEVICE(0x10C4, 0x819F) }, /* MJS USB Toslink Switcher */ { USB_DEVICE(0x10C4, 0x81A6) }, /* ThinkOptics WavIt */ @@ -112,6 +115,9 @@ static const struct usb_device_id id_table[] = { { USB_DEVICE(0x10C4, 0x826B) }, /* Cygnal Integrated Products, Inc., Fasttrax GPS demonstration module */ { USB_DEVICE(0x10C4, 0x8281) }, /* Nanotec Plug & Drive */ { USB_DEVICE(0x10C4, 0x8293) }, /* Telegesis ETRX2USB */ + { USB_DEVICE(0x10C4, 0x82EF) }, /* CESINEL FALCO 6105 AC Power Supply */ + { USB_DEVICE(0x10C4, 0x82F1) }, /* CESINEL MEDCAL EFD Earth Fault Detector */ + { USB_DEVICE(0x10C4, 0x82F2) }, /* CESINEL MEDCAL ST Network Analyzer */ { USB_DEVICE(0x10C4, 0x82F4) }, /* Starizona MicroTouch */ { USB_DEVICE(0x10C4, 0x82F9) }, /* Procyon AVS */ { USB_DEVICE(0x10C4, 0x8341) }, /* Siemens MC35PU GPRS Modem */ @@ -124,7 +130,9 @@ static const struct usb_device_id id_table[] = { { USB_DEVICE(0x10C4, 0x8470) }, /* Juniper Networks BX Series System Console */ { USB_DEVICE(0x10C4, 0x8477) }, /* Balluff RFID */ { USB_DEVICE(0x10C4, 0x84B6) }, /* Starizona Hyperion */ + { USB_DEVICE(0x10C4, 0x851E) }, /* CESINEL MEDCAL PT Network Analyzer */ { USB_DEVICE(0x10C4, 0x85A7) }, /* LifeScan OneTouch Verio IQ */ + { USB_DEVICE(0x10C4, 0x85B8) }, /* CESINEL ReCon T Energy Logger */ { USB_DEVICE(0x10C4, 0x85EA) }, /* AC-Services IBUS-IF */ { USB_DEVICE(0x10C4, 0x85EB) }, /* AC-Services CIS-IBUS */ { USB_DEVICE(0x10C4, 0x85F8) }, /* Virtenio Preon32 */ @@ -134,10 +142,13 @@ static const struct usb_device_id id_table[] = { { USB_DEVICE(0x10C4, 0x8857) }, /* CEL EM357 ZigBee USB Stick */ { USB_DEVICE(0x10C4, 0x88A4) }, /* MMB Networks ZigBee USB Device */ { USB_DEVICE(0x10C4, 0x88A5) }, /* Planet Innovation Ingeni ZigBee USB Device */ + { USB_DEVICE(0x10C4, 0x88FB) }, /* CESINEL MEDCAL STII Network Analyzer */ + { USB_DEVICE(0x10C4, 0x8938) }, /* CESINEL MEDCAL S II Network Analyzer */ { USB_DEVICE(0x10C4, 0x8946) }, /* Ketra N1 Wireless Interface */ { USB_DEVICE(0x10C4, 0x8962) }, /* Brim Brothers charging dock */ { USB_DEVICE(0x10C4, 0x8977) }, /* CEL MeshWorks DevKit Device */ { USB_DEVICE(0x10C4, 0x8998) }, /* KCF Technologies PRN */ + { USB_DEVICE(0x10C4, 0x89A4) }, /* CESINEL FTBC Flexible Thyristor Bridge Controller */ { USB_DEVICE(0x10C4, 0x8A2A) }, /* HubZ dual ZigBee and Z-Wave dongle */ { USB_DEVICE(0x10C4, 0x8A5E) }, /* CEL EM3588 ZigBee USB Stick Long Range */ { USB_DEVICE(0x10C4, 0x8B34) }, /* Qivicon ZigBee USB Radio Stick */ -- 2.18.0

7 years, 2 months

1
0
0 0

patch "USB: serial: cp210x: add Silicon Labs IDs for Windows Update" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled USB: serial: cp210x: add Silicon Labs IDs for Windows Update to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 2f839823382748664b643daa73f41ee0cc01ced6 Mon Sep 17 00:00:00 2001 From: Karoly Pados <pados(a)pados.hu> Date: Sat, 9 Jun 2018 13:26:08 +0200 Subject: USB: serial: cp210x: add Silicon Labs IDs for Windows Update Silicon Labs defines alternative VID/PID pairs for some chips that when used will automatically install drivers for Windows users without manual intervention. Unfortunately, these IDs are not recognized by the Linux module, so using these IDs improves user experience on one platform but degrades it on Linux. This patch addresses this problem. Signed-off-by: Karoly Pados <pados(a)pados.hu> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/usb/serial/cp210x.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/usb/serial/cp210x.c b/drivers/usb/serial/cp210x.c index eb6c26cbe579..14cf657247b6 100644 --- a/drivers/usb/serial/cp210x.c +++ b/drivers/usb/serial/cp210x.c @@ -143,8 +143,11 @@ static const struct usb_device_id id_table[] = { { USB_DEVICE(0x10C4, 0x8B34) }, /* Qivicon ZigBee USB Radio Stick */ { USB_DEVICE(0x10C4, 0xEA60) }, /* Silicon Labs factory default */ { USB_DEVICE(0x10C4, 0xEA61) }, /* Silicon Labs factory default */ + { USB_DEVICE(0x10C4, 0xEA63) }, /* Silicon Labs Windows Update (CP2101-4/CP2102N) */ { USB_DEVICE(0x10C4, 0xEA70) }, /* Silicon Labs factory default */ { USB_DEVICE(0x10C4, 0xEA71) }, /* Infinity GPS-MIC-1 Radio Monophone */ + { USB_DEVICE(0x10C4, 0xEA7A) }, /* Silicon Labs Windows Update (CP2105) */ + { USB_DEVICE(0x10C4, 0xEA7B) }, /* Silicon Labs Windows Update (CP2108) */ { USB_DEVICE(0x10C4, 0xF001) }, /* Elan Digital Systems USBscope50 */ { USB_DEVICE(0x10C4, 0xF002) }, /* Elan Digital Systems USBwave12 */ { USB_DEVICE(0x10C4, 0xF003) }, /* Elan Digital Systems USBpulse100 */ -- 2.18.0

7 years, 2 months

1
0
0 0

[PATCH v2] cifs: Fix use after free of a mid_q_entry

by Lars Persson

With protocol version 2.0 mounts we have seen crashes with corrupt mid entries. Either the server->pending_mid_q list becomes corrupt with a cyclic reference in one element or a mid object fetched by the demultiplexer thread becomes overwritten during use. Code review identified a race between the demultiplexer thread and the request issuing thread. The demultiplexer thread seems to be written with the assumption that it is the sole user of the mid object until it calls the mid callback which either wakes the issuer task or deletes the mid. This assumption is not true because the issuer task can be woken up earlier by a signal. If the demultiplexer thread has proceeded as far as setting the mid_state to MID_RESPONSE_RECEIVED then the issuer thread will happily end up calling cifs_delete_mid while the demultiplexer thread still is using the mid object. Inserting a delay in the cifs demultiplexer thread widens the race window and makes reproduction of the race very easy: if (server->large_buf) buf = server->bigbuf; + usleep_range(500, 4000); server->lstrp = jiffies; To resolve this I think the proper solution involves putting a reference count on the mid object. This patch makes sure that the demultiplexer thread holds a reference until it has finished processing the transaction. Cc: stable(a)vger.kernel.org Signed-off-by: Lars Persson <larper(a)axis.com> --- Patch changelog: V2: Fixed possible use of an uninitialized mid_entry in cifs_demultiplex_thread. --- fs/cifs/cifsglob.h | 1 + fs/cifs/cifsproto.h | 1 + fs/cifs/connect.c | 8 +++++++- fs/cifs/smb1ops.c | 1 + fs/cifs/smb2ops.c | 1 + fs/cifs/smb2transport.c | 1 + fs/cifs/transport.c | 18 +++++++++++++++++- 7 files changed, 29 insertions(+), 2 deletions(-) diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h index 0543187fe707..0c0b062de2ec 100644 --- a/fs/cifs/cifsglob.h +++ b/fs/cifs/cifsglob.h @@ -1416,6 +1416,7 @@ typedef int (mid_handle_t)(struct TCP_Server_Info *server, /* one of these for every pending CIFS request to the server */ struct mid_q_entry { struct list_head qhead; /* mids waiting on reply from this server */ + struct kref refcount; struct TCP_Server_Info *server; /* server corresponding to this mid */ __u64 mid; /* multiplex id */ __u32 pid; /* process id */ diff --git a/fs/cifs/cifsproto.h b/fs/cifs/cifsproto.h index e23eec5372df..7ead1a9ac6fb 100644 --- a/fs/cifs/cifsproto.h +++ b/fs/cifs/cifsproto.h @@ -82,6 +82,7 @@ extern struct mid_q_entry *AllocMidQEntry(const struct smb_hdr *smb_buffer, struct TCP_Server_Info *server); extern void DeleteMidQEntry(struct mid_q_entry *midEntry); extern void cifs_delete_mid(struct mid_q_entry *mid); +extern void cifs_mid_q_entry_release(struct mid_q_entry *midEntry); extern void cifs_wake_up_task(struct mid_q_entry *mid); extern int cifs_handle_standard(struct TCP_Server_Info *server, struct mid_q_entry *mid); diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index 73496ec316b6..842f45859968 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c @@ -924,6 +924,7 @@ cifs_demultiplex_thread(void *p) server->pdu_size = next_offset; } + mid_entry = NULL; if (server->ops->is_transform_hdr && server->ops->receive_transform && server->ops->is_transform_hdr(buf)) { @@ -938,8 +939,11 @@ cifs_demultiplex_thread(void *p) length = mid_entry->receive(server, mid_entry); } - if (length < 0) + if (length < 0) { + if (mid_entry) + cifs_mid_q_entry_release(mid_entry); continue; + } if (server->large_buf) buf = server->bigbuf; @@ -956,6 +960,8 @@ cifs_demultiplex_thread(void *p) if (!mid_entry->multiRsp || mid_entry->multiEnd) mid_entry->callback(mid_entry); + + cifs_mid_q_entry_release(mid_entry); } else if (server->ops->is_oplock_break && server->ops->is_oplock_break(buf, server)) { cifs_dbg(FYI, "Received oplock break\n"); diff --git a/fs/cifs/smb1ops.c b/fs/cifs/smb1ops.c index aff8ce8ba34d..646dcd149de1 100644 --- a/fs/cifs/smb1ops.c +++ b/fs/cifs/smb1ops.c @@ -107,6 +107,7 @@ cifs_find_mid(struct TCP_Server_Info *server, char *buffer) if (compare_mid(mid->mid, buf) && mid->mid_state == MID_REQUEST_SUBMITTED && le16_to_cpu(mid->command) == buf->Command) { + kref_get(&mid->refcount); spin_unlock(&GlobalMid_Lock); return mid; } diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c index 22b6449e983d..b7b8ec7df9b1 100644 --- a/fs/cifs/smb2ops.c +++ b/fs/cifs/smb2ops.c @@ -203,6 +203,7 @@ smb2_find_mid(struct TCP_Server_Info *server, char *buf) if ((mid->mid == wire_mid) && (mid->mid_state == MID_REQUEST_SUBMITTED) && (mid->command == shdr->Command)) { + kref_get(&mid->refcount); spin_unlock(&GlobalMid_Lock); return mid; } diff --git a/fs/cifs/smb2transport.c b/fs/cifs/smb2transport.c index 4fe06dbc395d..719d55e63d88 100644 --- a/fs/cifs/smb2transport.c +++ b/fs/cifs/smb2transport.c @@ -587,6 +587,7 @@ smb2_mid_entry_alloc(const struct smb2_sync_hdr *shdr, temp = mempool_alloc(cifs_mid_poolp, GFP_NOFS); memset(temp, 0, sizeof(struct mid_q_entry)); + kref_init(&temp->refcount); temp->mid = le64_to_cpu(shdr->MessageId); temp->pid = current->pid; temp->command = shdr->Command; /* Always LE */ diff --git a/fs/cifs/transport.c b/fs/cifs/transport.c index fb57dfbfb749..208ecb830466 100644 --- a/fs/cifs/transport.c +++ b/fs/cifs/transport.c @@ -61,6 +61,7 @@ AllocMidQEntry(const struct smb_hdr *smb_buffer, struct TCP_Server_Info *server) temp = mempool_alloc(cifs_mid_poolp, GFP_NOFS); memset(temp, 0, sizeof(struct mid_q_entry)); + kref_init(&temp->refcount); temp->mid = get_mid(smb_buffer); temp->pid = current->pid; temp->command = cpu_to_le16(smb_buffer->Command); @@ -82,6 +83,21 @@ AllocMidQEntry(const struct smb_hdr *smb_buffer, struct TCP_Server_Info *server) return temp; } +static void _cifs_mid_q_entry_release(struct kref *refcount) +{ + struct mid_q_entry *mid = container_of(refcount, struct mid_q_entry, + refcount); + + mempool_free(mid, cifs_mid_poolp); +} + +void cifs_mid_q_entry_release(struct mid_q_entry *midEntry) +{ + spin_lock(&GlobalMid_Lock); + kref_put(&midEntry->refcount, _cifs_mid_q_entry_release); + spin_unlock(&GlobalMid_Lock); +} + void DeleteMidQEntry(struct mid_q_entry *midEntry) { @@ -110,7 +126,7 @@ DeleteMidQEntry(struct mid_q_entry *midEntry) } } #endif - mempool_free(midEntry, cifs_mid_poolp); + cifs_mid_q_entry_release(midEntry); } void -- 2.17.1

7 years, 2 months

2
1
0 0

[PATCH 1/4] crypto: ccree: fix finup

by Gilad Ben-Yossef

From: Hadar Gat <hadar.gat(a)arm.com> finup() operation was incorrect, padding was missing. Fix by setting the ccree HW to enable padding. Signed-off-by: Hadar Gat <hadar.gat(a)arm.com> [ gilad(a)benyossef.com: refactored for better code sharing ] Signed-off-by: Gilad Ben-Yossef <gilad(a)benyossef.com> Cc: stable(a)vger.kernel.org --- drivers/crypto/ccree/cc_hash.c | 81 +++++++++--------------------------------- 1 file changed, 16 insertions(+), 65 deletions(-) diff --git a/drivers/crypto/ccree/cc_hash.c b/drivers/crypto/ccree/cc_hash.c index 96ff777..e4ebde0 100644 --- a/drivers/crypto/ccree/cc_hash.c +++ b/drivers/crypto/ccree/cc_hash.c @@ -602,66 +602,7 @@ static int cc_hash_update(struct ahash_request *req) return rc; } -static int cc_hash_finup(struct ahash_request *req) -{ - struct ahash_req_ctx *state = ahash_request_ctx(req); - struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); - struct cc_hash_ctx *ctx = crypto_ahash_ctx(tfm); - u32 digestsize = crypto_ahash_digestsize(tfm); - struct scatterlist *src = req->src; - unsigned int nbytes = req->nbytes; - u8 *result = req->result; - struct device *dev = drvdata_to_dev(ctx->drvdata); - bool is_hmac = ctx->is_hmac; - struct cc_crypto_req cc_req = {}; - struct cc_hw_desc desc[CC_MAX_HASH_SEQ_LEN]; - unsigned int idx = 0; - int rc; - gfp_t flags = cc_gfp_flags(&req->base); - - dev_dbg(dev, "===== %s-finup (%d) ====\n", is_hmac ? "hmac" : "hash", - nbytes); - - if (cc_map_req(dev, state, ctx)) { - dev_err(dev, "map_ahash_source() failed\n"); - return -EINVAL; - } - - if (cc_map_hash_request_final(ctx->drvdata, state, src, nbytes, 1, - flags)) { - dev_err(dev, "map_ahash_request_final() failed\n"); - cc_unmap_req(dev, state, ctx); - return -ENOMEM; - } - if (cc_map_result(dev, state, digestsize)) { - dev_err(dev, "map_ahash_digest() failed\n"); - cc_unmap_hash_request(dev, state, src, true); - cc_unmap_req(dev, state, ctx); - return -ENOMEM; - } - - /* Setup request structure */ - cc_req.user_cb = cc_hash_complete; - cc_req.user_arg = req; - - idx = cc_restore_hash(desc, ctx, state, idx); - - if (is_hmac) - idx = cc_fin_hmac(desc, req, idx); - - idx = cc_fin_result(desc, req, idx); - - rc = cc_send_request(ctx->drvdata, &cc_req, desc, idx, &req->base); - if (rc != -EINPROGRESS && rc != -EBUSY) { - dev_err(dev, "send_request() failed (rc=%d)\n", rc); - cc_unmap_hash_request(dev, state, src, true); - cc_unmap_result(dev, state, digestsize, result); - cc_unmap_req(dev, state, ctx); - } - return rc; -} - -static int cc_hash_final(struct ahash_request *req) +static int cc_do_finup(struct ahash_request *req, bool update) { struct ahash_req_ctx *state = ahash_request_ctx(req); struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); @@ -678,21 +619,20 @@ static int cc_hash_final(struct ahash_request *req) int rc; gfp_t flags = cc_gfp_flags(&req->base); - dev_dbg(dev, "===== %s-final (%d) ====\n", is_hmac ? "hmac" : "hash", - nbytes); + dev_dbg(dev, "===== %s-%s (%d) ====\n", is_hmac ? "hmac" : "hash", + update ? "finup" : "final", nbytes); if (cc_map_req(dev, state, ctx)) { dev_err(dev, "map_ahash_source() failed\n"); return -EINVAL; } - if (cc_map_hash_request_final(ctx->drvdata, state, src, nbytes, 0, + if (cc_map_hash_request_final(ctx->drvdata, state, src, nbytes, update, flags)) { dev_err(dev, "map_ahash_request_final() failed\n"); cc_unmap_req(dev, state, ctx); return -ENOMEM; } - if (cc_map_result(dev, state, digestsize)) { dev_err(dev, "map_ahash_digest() failed\n"); cc_unmap_hash_request(dev, state, src, true); @@ -706,7 +646,7 @@ static int cc_hash_final(struct ahash_request *req) idx = cc_restore_hash(desc, ctx, state, idx); - /* "DO-PAD" must be enabled only when writing current length to HW */ + /* Pad the hash */ hw_desc_init(&desc[idx]); set_cipher_do(&desc[idx], DO_PAD); set_cipher_mode(&desc[idx], ctx->hw_mode); @@ -731,6 +671,17 @@ static int cc_hash_final(struct ahash_request *req) return rc; } +static int cc_hash_finup(struct ahash_request *req) +{ + return cc_do_finup(req, true); +} + + +static int cc_hash_final(struct ahash_request *req) +{ + return cc_do_finup(req, false); +} + static int cc_hash_init(struct ahash_request *req) { struct ahash_req_ctx *state = ahash_request_ctx(req); -- 2.7.4

7 years, 2 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror