With protocol version 2.0 mounts we have seen crashes with corrupt mid
entries. Either the server->pending_mid_q list becomes corrupt with a
cyclic reference in one element or a mid object fetched by the
demultiplexer thread becomes overwritten during use.
Code review identified a race between the demultiplexer thread and the
request issuing thread. The demultiplexer thread seems to be written
with the assumption that it is the sole user of the mid object until
it calls the mid callback which either wakes the issuer task or
deletes the mid.
This assumption is not true because the issuer task can be woken up
earlier by a signal. If the demultiplexer thread has proceeded as far
as setting the mid_state to MID_RESPONSE_RECEIVED then the issuer
thread will happily end up calling cifs_delete_mid while the
demultiplexer thread still is using the mid object.
Inserting a delay in the cifs demultiplexer thread widens the race
window and makes reproduction of the race very easy:
if (server->large_buf)
buf = server->bigbuf;
+ usleep_range(500, 4000);
server->lstrp = jiffies;
To resolve this I think the proper solution involves putting a
reference count on the mid object. This patch makes sure that the
demultiplexer thread holds a reference until it has finished
processing the transaction.
Cc: stable(a)vger.kernel.org
Signed-off-by: Lars Persson <larper(a)axis.com>
---
Patch changelog:
V2: Fixed possible use of an uninitialized mid_entry in cifs_demultiplex_thread.
---
fs/cifs/cifsglob.h | 1 +
fs/cifs/cifsproto.h | 1 +
fs/cifs/connect.c | 8 +++++++-
fs/cifs/smb1ops.c | 1 +
fs/cifs/smb2ops.c | 1 +
fs/cifs/smb2transport.c | 1 +
fs/cifs/transport.c | 18 +++++++++++++++++-
7 files changed, 29 insertions(+), 2 deletions(-)
diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h
index 0543187fe707..0c0b062de2ec 100644
--- a/fs/cifs/cifsglob.h
+++ b/fs/cifs/cifsglob.h
@@ -1416,6 +1416,7 @@ typedef int (mid_handle_t)(struct TCP_Server_Info *server,
/* one of these for every pending CIFS request to the server */
struct mid_q_entry {
struct list_head qhead; /* mids waiting on reply from this server */
+ struct kref refcount;
struct TCP_Server_Info *server; /* server corresponding to this mid */
__u64 mid; /* multiplex id */
__u32 pid; /* process id */
diff --git a/fs/cifs/cifsproto.h b/fs/cifs/cifsproto.h
index e23eec5372df..7ead1a9ac6fb 100644
--- a/fs/cifs/cifsproto.h
+++ b/fs/cifs/cifsproto.h
@@ -82,6 +82,7 @@ extern struct mid_q_entry *AllocMidQEntry(const struct smb_hdr *smb_buffer,
struct TCP_Server_Info *server);
extern void DeleteMidQEntry(struct mid_q_entry *midEntry);
extern void cifs_delete_mid(struct mid_q_entry *mid);
+extern void cifs_mid_q_entry_release(struct mid_q_entry *midEntry);
extern void cifs_wake_up_task(struct mid_q_entry *mid);
extern int cifs_handle_standard(struct TCP_Server_Info *server,
struct mid_q_entry *mid);
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index 73496ec316b6..842f45859968 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -924,6 +924,7 @@ cifs_demultiplex_thread(void *p)
server->pdu_size = next_offset;
}
+ mid_entry = NULL;
if (server->ops->is_transform_hdr &&
server->ops->receive_transform &&
server->ops->is_transform_hdr(buf)) {
@@ -938,8 +939,11 @@ cifs_demultiplex_thread(void *p)
length = mid_entry->receive(server, mid_entry);
}
- if (length < 0)
+ if (length < 0) {
+ if (mid_entry)
+ cifs_mid_q_entry_release(mid_entry);
continue;
+ }
if (server->large_buf)
buf = server->bigbuf;
@@ -956,6 +960,8 @@ cifs_demultiplex_thread(void *p)
if (!mid_entry->multiRsp || mid_entry->multiEnd)
mid_entry->callback(mid_entry);
+
+ cifs_mid_q_entry_release(mid_entry);
} else if (server->ops->is_oplock_break &&
server->ops->is_oplock_break(buf, server)) {
cifs_dbg(FYI, "Received oplock break\n");
diff --git a/fs/cifs/smb1ops.c b/fs/cifs/smb1ops.c
index aff8ce8ba34d..646dcd149de1 100644
--- a/fs/cifs/smb1ops.c
+++ b/fs/cifs/smb1ops.c
@@ -107,6 +107,7 @@ cifs_find_mid(struct TCP_Server_Info *server, char *buffer)
if (compare_mid(mid->mid, buf) &&
mid->mid_state == MID_REQUEST_SUBMITTED &&
le16_to_cpu(mid->command) == buf->Command) {
+ kref_get(&mid->refcount);
spin_unlock(&GlobalMid_Lock);
return mid;
}
diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c
index 22b6449e983d..b7b8ec7df9b1 100644
--- a/fs/cifs/smb2ops.c
+++ b/fs/cifs/smb2ops.c
@@ -203,6 +203,7 @@ smb2_find_mid(struct TCP_Server_Info *server, char *buf)
if ((mid->mid == wire_mid) &&
(mid->mid_state == MID_REQUEST_SUBMITTED) &&
(mid->command == shdr->Command)) {
+ kref_get(&mid->refcount);
spin_unlock(&GlobalMid_Lock);
return mid;
}
diff --git a/fs/cifs/smb2transport.c b/fs/cifs/smb2transport.c
index 4fe06dbc395d..719d55e63d88 100644
--- a/fs/cifs/smb2transport.c
+++ b/fs/cifs/smb2transport.c
@@ -587,6 +587,7 @@ smb2_mid_entry_alloc(const struct smb2_sync_hdr *shdr,
temp = mempool_alloc(cifs_mid_poolp, GFP_NOFS);
memset(temp, 0, sizeof(struct mid_q_entry));
+ kref_init(&temp->refcount);
temp->mid = le64_to_cpu(shdr->MessageId);
temp->pid = current->pid;
temp->command = shdr->Command; /* Always LE */
diff --git a/fs/cifs/transport.c b/fs/cifs/transport.c
index fb57dfbfb749..208ecb830466 100644
--- a/fs/cifs/transport.c
+++ b/fs/cifs/transport.c
@@ -61,6 +61,7 @@ AllocMidQEntry(const struct smb_hdr *smb_buffer, struct TCP_Server_Info *server)
temp = mempool_alloc(cifs_mid_poolp, GFP_NOFS);
memset(temp, 0, sizeof(struct mid_q_entry));
+ kref_init(&temp->refcount);
temp->mid = get_mid(smb_buffer);
temp->pid = current->pid;
temp->command = cpu_to_le16(smb_buffer->Command);
@@ -82,6 +83,21 @@ AllocMidQEntry(const struct smb_hdr *smb_buffer, struct TCP_Server_Info *server)
return temp;
}
+static void _cifs_mid_q_entry_release(struct kref *refcount)
+{
+ struct mid_q_entry *mid = container_of(refcount, struct mid_q_entry,
+ refcount);
+
+ mempool_free(mid, cifs_mid_poolp);
+}
+
+void cifs_mid_q_entry_release(struct mid_q_entry *midEntry)
+{
+ spin_lock(&GlobalMid_Lock);
+ kref_put(&midEntry->refcount, _cifs_mid_q_entry_release);
+ spin_unlock(&GlobalMid_Lock);
+}
+
void
DeleteMidQEntry(struct mid_q_entry *midEntry)
{
@@ -110,7 +126,7 @@ DeleteMidQEntry(struct mid_q_entry *midEntry)
}
}
#endif
- mempool_free(midEntry, cifs_mid_poolp);
+ cifs_mid_q_entry_release(midEntry);
}
void
--
2.17.1
On 27/06/2018 20:13, Shakeel Butt wrote:
> The size of kvm's shadow page tables corresponds to the size of the
> guest virtual machines on the system. Large VMs can spend a significant
> amount of memory as shadow page tables which can not be left as system
> memory overhead. So, account shadow page tables to the kmemcg.
>
> Signed-off-by: Shakeel Butt <shakeelb(a)google.com>
> ---
> arch/x86/kvm/mmu.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
> index d594690d8b95..c79a398300f5 100644
> --- a/arch/x86/kvm/mmu.c
> +++ b/arch/x86/kvm/mmu.c
> @@ -890,7 +890,7 @@ static int mmu_topup_memory_cache_page(struct kvm_mmu_memory_cache *cache,
> if (cache->nobjs >= min)
> return 0;
> while (cache->nobjs < ARRAY_SIZE(cache->objects)) {
> - page = (void *)__get_free_page(GFP_KERNEL);
> + page = (void *)__get_free_page(GFP_KERNEL|__GFP_ACCOUNT);
> if (!page)
> return -ENOMEM;
> cache->objects[cache->nobjs++] = page;
>
Queued, with
Cc: stable(a)vger.kernel.org
Thanks,
Paolo
From: "Jason A. Donenfeld" <Jason(a)zx2c4.com>
Subject: kasan: depend on CONFIG_SLUB_DEBUG
KASAN depends on having access to some of the accounting that SLUB_DEBUG
does; without it, there are immediate crashes [1]. So, the natural thing
to do is to make KASAN select SLUB_DEBUG.
[1] http://lkml.kernel.org/r/CAHmME9rtoPwxUSnktxzKso14iuVCWT7BE_-_8PAC=pGw1iJnQ…
Link: http://lkml.kernel.org/r/20180622154623.25388-1-Jason@zx2c4.com
Fixes: f9e13c0a5a33 ("slab, slub: skip unnecessary kasan_cache_shutdown()")
Signed-off-by: Jason A. Donenfeld <Jason(a)zx2c4.com>
Acked-by: Michal Hocko <mhocko(a)suse.com>
Reviewed-by: Shakeel Butt <shakeelb(a)google.com>
Acked-by: Christoph Lameter <cl(a)linux.com>
Cc: Shakeel Butt <shakeelb(a)google.com>
Cc: David Rientjes <rientjes(a)google.com>
Cc: Pekka Enberg <penberg(a)kernel.org>
Cc: Joonsoo Kim <iamjoonsoo.kim(a)lge.com>
Cc: Andrey Ryabinin <aryabinin(a)virtuozzo.com>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
diff -puN lib/Kconfig.kasan~kasan-depend-on-config_slub_debug lib/Kconfig.kasan
--- a/lib/Kconfig.kasan~kasan-depend-on-config_slub_debug
+++ a/lib/Kconfig.kasan
@@ -6,6 +6,7 @@ if HAVE_ARCH_KASAN
config KASAN
bool "KASan: runtime memory debugger"
depends on SLUB || (SLAB && !DEBUG_SLAB)
+ select SLUB_DEBUG if SLUB
select CONSTRUCTORS
select STACKDEPOT
help
_
From: Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com>
Subject: x86/e820: put !E820_TYPE_RAM regions into memblock.reserved
There is a kernel panic that is triggered when reading /proc/kpageflags on
the kernel booted with kernel parameter 'memmap=nn[KMG]!ss[KMG]':
BUG: unable to handle kernel paging request at fffffffffffffffe
PGD 9b20e067 P4D 9b20e067 PUD 9b210067 PMD 0
Oops: 0000 [#1] SMP PTI
CPU: 2 PID: 1728 Comm: page-types Not tainted 4.17.0-rc6-mm1-v4.17-rc6-180605-0816-00236-g2dfb086ef02c+ #160
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2.fc28 04/01/2014
RIP: 0010:stable_page_flags+0x27/0x3c0
Code: 00 00 00 0f 1f 44 00 00 48 85 ff 0f 84 a0 03 00 00 41 54 55 49 89 fc 53 48 8b 57 08 48 8b 2f 48 8d 42 ff 83 e2 01 48 0f 44 c7 <48> 8b 00 f6 c4 01 0f 84 10 03 00 00 31 db 49 8b 54 24 08 4c 89 e7
RSP: 0018:ffffbbd44111fde0 EFLAGS: 00010202
RAX: fffffffffffffffe RBX: 00007fffffffeff9 RCX: 0000000000000000
RDX: 0000000000000001 RSI: 0000000000000202 RDI: ffffed1182fff5c0
RBP: ffffffffffffffff R08: 0000000000000001 R09: 0000000000000001
R10: ffffbbd44111fed8 R11: 0000000000000000 R12: ffffed1182fff5c0
R13: 00000000000bffd7 R14: 0000000002fff5c0 R15: ffffbbd44111ff10
FS: 00007efc4335a500(0000) GS:ffff93a5bfc00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: fffffffffffffffe CR3: 00000000b2a58000 CR4: 00000000001406e0
Call Trace:
kpageflags_read+0xc7/0x120
proc_reg_read+0x3c/0x60
__vfs_read+0x36/0x170
vfs_read+0x89/0x130
ksys_pread64+0x71/0x90
do_syscall_64+0x5b/0x160
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7efc42e75e23
Code: 09 00 ba 9f 01 00 00 e8 ab 81 f4 ff 66 2e 0f 1f 84 00 00 00 00 00 90 83 3d 29 0a 2d 00 00 75 13 49 89 ca b8 11 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 34 c3 48 83 ec 08 e8 db d3 01 00 48 89 04 24
According to kernel bisection, this problem became visible due to commit
f7f99100d8d9 ("mm: stop zeroing memory during allocation in vmemmap")
which changes how struct pages are initialized.
Memblock layout affects the pfn ranges covered by node/zone. Consider
that we have a VM with 2 NUMA nodes and each node has 4GB memory, and the
default (no memmap= given) memblock layout is like below:
MEMBLOCK configuration:
memory size = 0x00000001fff75c00 reserved size = 0x000000000300c000
memory.cnt = 0x4
memory[0x0] [0x0000000000001000-0x000000000009efff], 0x000000000009e000 bytes on node 0 flags: 0x0
memory[0x1] [0x0000000000100000-0x00000000bffd6fff], 0x00000000bfed7000 bytes on node 0 flags: 0x0
memory[0x2] [0x0000000100000000-0x000000013fffffff], 0x0000000040000000 bytes on node 0 flags: 0x0
memory[0x3] [0x0000000140000000-0x000000023fffffff], 0x0000000100000000 bytes on node 1 flags: 0x0
...
If you give memmap=1G!4G (so it just covers memory[0x2]),
the range [0x100000000-0x13fffffff] is gone:
MEMBLOCK configuration:
memory size = 0x00000001bff75c00 reserved size = 0x000000000300c000
memory.cnt = 0x3
memory[0x0] [0x0000000000001000-0x000000000009efff], 0x000000000009e000 bytes on node 0 flags: 0x0
memory[0x1] [0x0000000000100000-0x00000000bffd6fff], 0x00000000bfed7000 bytes on node 0 flags: 0x0
memory[0x2] [0x0000000140000000-0x000000023fffffff], 0x0000000100000000 bytes on node 1 flags: 0x0
...
This causes shrinking node 0's pfn range because it is calculated by the
address range of memblock.memory. So some of struct pages in the gap
range are left uninitialized.
We have a function zero_resv_unavail() which does zeroing the struct pages
within the reserved unavailable range (i.e. memblock.memory &&
!memblock.reserved). This patch utilizes it to cover all unavailable
ranges by putting them into memblock.reserved.
Link: http://lkml.kernel.org/r/20180615072947.GB23273@hori1.linux.bs1.fc.nec.co.jp
Fixes: f7f99100d8d9 ("mm: stop zeroing memory during allocation in vmemmap")
Signed-off-by: Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com>
Tested-by: Oscar Salvador <osalvador(a)suse.de>
Tested-by: "Herton R. Krzesinski" <herton(a)redhat.com>
Acked-by: Michal Hocko <mhocko(a)suse.com>
Reviewed-by: Pavel Tatashin <pasha.tatashin(a)oracle.com>
Cc: Steven Sistare <steven.sistare(a)oracle.com>
Cc: Daniel Jordan <daniel.m.jordan(a)oracle.com>
Cc: Matthew Wilcox <willy(a)infradead.org>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
diff -puN arch/x86/kernel/e820.c~x86-e820-put-e820_type_ram-regions-into-memblockreserved arch/x86/kernel/e820.c
--- a/arch/x86/kernel/e820.c~x86-e820-put-e820_type_ram-regions-into-memblockreserved
+++ a/arch/x86/kernel/e820.c
@@ -1248,6 +1248,7 @@ void __init e820__memblock_setup(void)
{
int i;
u64 end;
+ u64 addr = 0;
/*
* The bootstrap memblock region count maximum is 128 entries
@@ -1264,13 +1265,21 @@ void __init e820__memblock_setup(void)
struct e820_entry *entry = &e820_table->entries[i];
end = entry->addr + entry->size;
+ if (addr < entry->addr)
+ memblock_reserve(addr, entry->addr - addr);
+ addr = end;
if (end != (resource_size_t)end)
continue;
+ /*
+ * all !E820_TYPE_RAM ranges (including gap ranges) are put
+ * into memblock.reserved to make sure that struct pages in
+ * such regions are not left uninitialized after bootup.
+ */
if (entry->type != E820_TYPE_RAM && entry->type != E820_TYPE_RESERVED_KERN)
- continue;
-
- memblock_add(entry->addr, entry->size);
+ memblock_reserve(entry->addr, entry->size);
+ else
+ memblock_add(entry->addr, entry->size);
}
/* Throw away partial pages: */
_
The patch below does not apply to the 4.14-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
>From d7609f4210cb716c11abfe2bfb5997191095d00b Mon Sep 17 00:00:00 2001
From: "mike.travis(a)hpe.com" <mike.travis(a)hpe.com>
Date: Thu, 24 May 2018 15:17:14 -0500
Subject: [PATCH] x86/platform/UV: Add kernel parameter to set memory block
size
Add a kernel parameter that allows setting UV memory block size. This
is to provide an adjustment for new forms of PMEM and other DIMM memory
that might require alignment restrictions other than scanning the global
address table for the required minimum alignment. The value set will be
further adjusted by both the GAM range table scan as well as restrictions
imposed by set_memory_block_size_order().
Signed-off-by: Mike Travis <mike.travis(a)hpe.com>
Reviewed-by: Andrew Banman <andrew.banman(a)hpe.com>
Cc: Andrew Morton <akpm(a)linux-foundation.org>
Cc: Dimitri Sivanich <dimitri.sivanich(a)hpe.com>
Cc: Linus Torvalds <torvalds(a)linux-foundation.org>
Cc: Peter Zijlstra <peterz(a)infradead.org>
Cc: Russ Anderson <russ.anderson(a)hpe.com>
Cc: Thomas Gleixner <tglx(a)linutronix.de>
Cc: dan.j.williams(a)intel.com
Cc: jgross(a)suse.com
Cc: kirill.shutemov(a)linux.intel.com
Cc: mhocko(a)suse.com
Cc: stable(a)vger.kernel.org
Link: https://lkml.kernel.org/lkml/20180524201711.854849120@stormcage.americas.sg…
Signed-off-by: Ingo Molnar <mingo(a)kernel.org>
diff --git a/arch/x86/kernel/apic/x2apic_uv_x.c b/arch/x86/kernel/apic/x2apic_uv_x.c
index 2270a777d647..d492752f79e1 100644
--- a/arch/x86/kernel/apic/x2apic_uv_x.c
+++ b/arch/x86/kernel/apic/x2apic_uv_x.c
@@ -396,6 +396,17 @@ EXPORT_SYMBOL(uv_hub_info_version);
/* Default UV memory block size is 2GB */
static unsigned long mem_block_size = (2UL << 30);
+/* Kernel parameter to specify UV mem block size */
+static int parse_mem_block_size(char *ptr)
+{
+ unsigned long size = memparse(ptr, NULL);
+
+ /* Size will be rounded down by set_block_size() below */
+ mem_block_size = size;
+ return 0;
+}
+early_param("uv_memblksize", parse_mem_block_size);
+
static __init int adj_blksize(u32 lgre)
{
unsigned long base = (unsigned long)lgre << UV_GAM_RANGE_SHFT;
The patch below does not apply to the 4.17-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
>From d7609f4210cb716c11abfe2bfb5997191095d00b Mon Sep 17 00:00:00 2001
From: "mike.travis(a)hpe.com" <mike.travis(a)hpe.com>
Date: Thu, 24 May 2018 15:17:14 -0500
Subject: [PATCH] x86/platform/UV: Add kernel parameter to set memory block
size
Add a kernel parameter that allows setting UV memory block size. This
is to provide an adjustment for new forms of PMEM and other DIMM memory
that might require alignment restrictions other than scanning the global
address table for the required minimum alignment. The value set will be
further adjusted by both the GAM range table scan as well as restrictions
imposed by set_memory_block_size_order().
Signed-off-by: Mike Travis <mike.travis(a)hpe.com>
Reviewed-by: Andrew Banman <andrew.banman(a)hpe.com>
Cc: Andrew Morton <akpm(a)linux-foundation.org>
Cc: Dimitri Sivanich <dimitri.sivanich(a)hpe.com>
Cc: Linus Torvalds <torvalds(a)linux-foundation.org>
Cc: Peter Zijlstra <peterz(a)infradead.org>
Cc: Russ Anderson <russ.anderson(a)hpe.com>
Cc: Thomas Gleixner <tglx(a)linutronix.de>
Cc: dan.j.williams(a)intel.com
Cc: jgross(a)suse.com
Cc: kirill.shutemov(a)linux.intel.com
Cc: mhocko(a)suse.com
Cc: stable(a)vger.kernel.org
Link: https://lkml.kernel.org/lkml/20180524201711.854849120@stormcage.americas.sg…
Signed-off-by: Ingo Molnar <mingo(a)kernel.org>
diff --git a/arch/x86/kernel/apic/x2apic_uv_x.c b/arch/x86/kernel/apic/x2apic_uv_x.c
index 2270a777d647..d492752f79e1 100644
--- a/arch/x86/kernel/apic/x2apic_uv_x.c
+++ b/arch/x86/kernel/apic/x2apic_uv_x.c
@@ -396,6 +396,17 @@ EXPORT_SYMBOL(uv_hub_info_version);
/* Default UV memory block size is 2GB */
static unsigned long mem_block_size = (2UL << 30);
+/* Kernel parameter to specify UV mem block size */
+static int parse_mem_block_size(char *ptr)
+{
+ unsigned long size = memparse(ptr, NULL);
+
+ /* Size will be rounded down by set_block_size() below */
+ mem_block_size = size;
+ return 0;
+}
+early_param("uv_memblksize", parse_mem_block_size);
+
static __init int adj_blksize(u32 lgre)
{
unsigned long base = (unsigned long)lgre << UV_GAM_RANGE_SHFT;
The patch below does not apply to the 4.9-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
>From 74899d92e66663dc7671a8017b3146dcd4735f3b Mon Sep 17 00:00:00 2001
From: Juergen Gross <jgross(a)suse.com>
Date: Thu, 21 Jun 2018 10:43:31 +0200
Subject: [PATCH] x86/xen: Add call of speculative_store_bypass_ht_init() to PV
paths
Commit:
1f50ddb4f418 ("x86/speculation: Handle HT correctly on AMD")
... added speculative_store_bypass_ht_init() to the per-CPU initialization sequence.
speculative_store_bypass_ht_init() needs to be called on each CPU for
PV guests, too.
Reported-by: Brian Woods <brian.woods(a)amd.com>
Tested-by: Brian Woods <brian.woods(a)amd.com>
Signed-off-by: Juergen Gross <jgross(a)suse.com>
Cc: <stable(a)vger.kernel.org>
Cc: Linus Torvalds <torvalds(a)linux-foundation.org>
Cc: Peter Zijlstra <peterz(a)infradead.org>
Cc: Thomas Gleixner <tglx(a)linutronix.de>
Cc: boris.ostrovsky(a)oracle.com
Cc: xen-devel(a)lists.xenproject.org
Fixes: 1f50ddb4f4189243c05926b842dc1a0332195f31 ("x86/speculation: Handle HT correctly on AMD")
Link: https://lore.kernel.org/lkml/20180621084331.21228-1-jgross@suse.com
Signed-off-by: Ingo Molnar <mingo(a)kernel.org>
diff --git a/arch/x86/xen/smp_pv.c b/arch/x86/xen/smp_pv.c
index 2e20ae2fa2d6..e3b18ad49889 100644
--- a/arch/x86/xen/smp_pv.c
+++ b/arch/x86/xen/smp_pv.c
@@ -32,6 +32,7 @@
#include <xen/interface/vcpu.h>
#include <xen/interface/xenpmu.h>
+#include <asm/spec-ctrl.h>
#include <asm/xen/interface.h>
#include <asm/xen/hypercall.h>
@@ -70,6 +71,8 @@ static void cpu_bringup(void)
cpu_data(cpu).x86_max_cores = 1;
set_cpu_sibling_map(cpu);
+ speculative_store_bypass_ht_init();
+
xen_setup_cpu_clockevents();
notify_cpu_starting(cpu);
@@ -250,6 +253,8 @@ static void __init xen_pv_smp_prepare_cpus(unsigned int max_cpus)
}
set_cpu_sibling_map(0);
+ speculative_store_bypass_ht_init();
+
xen_pmu_init(0);
if (xen_smp_intr_init(0) || xen_smp_intr_init_pv(0))
The patch titled
Subject: mm: hugetlb: yield when prepping struct pages
has been added to the -mm tree. Its filename is
mm-hugetlb-yield-when-prepping-struct-pages.patch
This patch should soon appear at
http://ozlabs.org/~akpm/mmots/broken-out/mm-hugetlb-yield-when-prepping-str…
and later at
http://ozlabs.org/~akpm/mmotm/broken-out/mm-hugetlb-yield-when-prepping-str…
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***
The -mm tree is included into linux-next and is updated
there every 3-4 working days
------------------------------------------------------
From: Cannon Matthews <cannonmatthews(a)google.com>
Subject: mm: hugetlb: yield when prepping struct pages
When booting with very large numbers of gigantic (i.e. 1G) pages, the
operations in the loop of gather_bootmem_prealloc, and specifically
prep_compound_gigantic_page, takes a very long time, and can cause a
softlockup if enough pages are requested at boot.
For example booting with 3844 1G pages requires prepping
(set_compound_head, init the count) over 1 billion 4K tail pages, which
takes considerable time. This should also apply to reserving the same
amount of memory as 2M pages, as the same number of struct pages are
affected in either case.
Add a cond_resched() to the outer loop in gather_bootmem_prealloc() to
prevent this lockup.
Tested: Booted with softlockup_panic=1 hugepagesz=1G hugepages=3844 and no
softlockup is reported, and the hugepages are reported as successfully
setup.
Link: http://lkml.kernel.org/r/20180627214447.260804-1-cannonmatthews@google.com
Signed-off-by: Cannon Matthews <cannonmatthews(a)google.com>
Reviewed-by: Andrew Morton <akpm(a)linux-foundation.org>
Cc: Mike Kravetz <mike.kravetz(a)oracle.com>
Cc: Andres Lagar-Cavilla <andreslc(a)google.com>
Cc: Peter Feiner <pfeiner(a)google.com>
Cc: Greg Thelen <gthelen(a)google.com>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
diff -puN mm/hugetlb.c~mm-hugetlb-yield-when-prepping-struct-pages mm/hugetlb.c
--- a/mm/hugetlb.c~mm-hugetlb-yield-when-prepping-struct-pages
+++ a/mm/hugetlb.c
@@ -2163,6 +2163,7 @@ static void __init gather_bootmem_preall
*/
if (hstate_is_gigantic(h))
adjust_managed_page_count(page, 1 << h->order);
+ cond_resched();
}
}
_
Patches currently in -mm which might be from cannonmatthews(a)google.com are
mm-hugetlb-yield-when-prepping-struct-pages.patch
The patch titled
Subject: userfaultfd: hugetlbfs: fix userfaultfd_huge_must_wait() pte access
has been added to the -mm tree. Its filename is
userfaultfd-hugetlbfs-fix-userfaultfd_huge_must_wait-pte-access.patch
This patch should soon appear at
http://ozlabs.org/~akpm/mmots/broken-out/userfaultfd-hugetlbfs-fix-userfaul…
and later at
http://ozlabs.org/~akpm/mmotm/broken-out/userfaultfd-hugetlbfs-fix-userfaul…
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***
The -mm tree is included into linux-next and is updated
there every 3-4 working days
------------------------------------------------------
From: Janosch Frank <frankja(a)linux.ibm.com>
Subject: userfaultfd: hugetlbfs: fix userfaultfd_huge_must_wait() pte access
Use huge_ptep_get() to translate huge ptes to normal ptes so we can check
them with the huge_pte_* functions. Otherwise some architectures will
check the wrong values and will not wait for userspace to bring in the
memory.
Link: http://lkml.kernel.org/r/20180626132421.78084-1-frankja@linux.ibm.com
Fixes: 369cd2121be4 ("userfaultfd: hugetlbfs: userfaultfd_huge_must_wait for hugepmd ranges")
Signed-off-by: Janosch Frank <frankja(a)linux.ibm.com>
Reviewed-by: David Hildenbrand <david(a)redhat.com>
Reviewed-by: Mike Kravetz <mike.kravetz(a)oracle.com>
Cc: Andrea Arcangeli <aarcange(a)redhat.com>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
diff -puN fs/userfaultfd.c~userfaultfd-hugetlbfs-fix-userfaultfd_huge_must_wait-pte-access fs/userfaultfd.c
--- a/fs/userfaultfd.c~userfaultfd-hugetlbfs-fix-userfaultfd_huge_must_wait-pte-access
+++ a/fs/userfaultfd.c
@@ -222,24 +222,26 @@ static inline bool userfaultfd_huge_must
unsigned long reason)
{
struct mm_struct *mm = ctx->mm;
- pte_t *pte;
+ pte_t *ptep, pte;
bool ret = true;
VM_BUG_ON(!rwsem_is_locked(&mm->mmap_sem));
- pte = huge_pte_offset(mm, address, vma_mmu_pagesize(vma));
- if (!pte)
+ ptep = huge_pte_offset(mm, address, vma_mmu_pagesize(vma));
+
+ if (!ptep)
goto out;
ret = false;
+ pte = huge_ptep_get(ptep);
/*
* Lockless access: we're in a wait_event so it's ok if it
* changes under us.
*/
- if (huge_pte_none(*pte))
+ if (huge_pte_none(pte))
ret = true;
- if (!huge_pte_write(*pte) && (reason & VM_UFFD_WP))
+ if (!huge_pte_write(pte) && (reason & VM_UFFD_WP))
ret = true;
out:
return ret;
_
Patches currently in -mm which might be from frankja(a)linux.ibm.com are
userfaultfd-hugetlbfs-fix-userfaultfd_huge_must_wait-pte-access.patch
On Thu, Jun 14, 2018 at 02:27:10PM -0700, Andrew Morton wrote:
> On Wed, 13 Jun 2018 23:46:45 +0200 (CEST) Thomas Gleixner <tglx(a)linutronix.de> wrote:
>
> > Can we please revert that master piece of duct tape engineering and wait
> > for someone to actually trigger the warning again?
>
> OK.
And while we're at it, can we revert it from stable as well. As this is just
an overly aggressive pulling anything that looks like a fix into stable.
-- Steve
This is an automatic generated email to let you know that the following patch were queued:
Subject: media: rc: be less noisy when driver misbehaves
Author: Sean Young <sean(a)mess.org>
Date: Tue Jun 26 11:03:18 2018 -0400
Since commit 48231f289e52 ("media: rc: drivers should produce alternate
pulse and space timing events"), on meson-ir we are regularly producing
errors. Reduce to warning level and only warn once to avoid flooding
the log.
A proper fix for meson-ir is going to be too large for v4.18.
Signed-off-by: Sean Young <sean(a)mess.org>
Cc: stable(a)vger.kernel.org # 4.17+
Tested-by: Jerome Brunet <jbrunet(a)baylibre.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org>
drivers/media/rc/rc-ir-raw.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
---
diff --git a/drivers/media/rc/rc-ir-raw.c b/drivers/media/rc/rc-ir-raw.c
index 2e0066b1a31c..e7948908e78c 100644
--- a/drivers/media/rc/rc-ir-raw.c
+++ b/drivers/media/rc/rc-ir-raw.c
@@ -30,13 +30,13 @@ static int ir_raw_event_thread(void *data)
while (kfifo_out(&raw->kfifo, &ev, 1)) {
if (is_timing_event(ev)) {
if (ev.duration == 0)
- dev_err(&dev->dev, "nonsensical timing event of duration 0");
+ dev_warn_once(&dev->dev, "nonsensical timing event of duration 0");
if (is_timing_event(raw->prev_ev) &&
!is_transition(&ev, &raw->prev_ev))
- dev_err(&dev->dev, "two consecutive events of type %s",
- TO_STR(ev.pulse));
+ dev_warn_once(&dev->dev, "two consecutive events of type %s",
+ TO_STR(ev.pulse));
if (raw->prev_ev.reset && ev.pulse == 0)
- dev_err(&dev->dev, "timing event after reset should be pulse");
+ dev_warn_once(&dev->dev, "timing event after reset should be pulse");
}
list_for_each_entry(handler, &ir_raw_handler_list, list)
if (dev->enabled_protocols &
From: Mike Snitzer <snitzer(a)redhat.com>
Use of bio_clone_bioset() is inefficient if there is no need to clone
the original bio's bio_vec array. Best to use the bio_clone_fast()
variant. Also, just using bio_advance() is only part of what is needed
to properly setup the clone -- it doesn't account for the various
bio_integrity() related work that also needs to be performed (see
bio_split).
Address both of these issues by switching from bio_clone_bioset() to
bio_split().
Fixes: 18a25da8 ("dm: ensure bio submission follows a depth-first tree walk")
Cc: stable(a)vger.kernel.org
Reported-by: Christoph Hellwig <hch(a)lst.de>
Reviewed-by: NeilBrown <neilb(a)suse.com>
Reviewed-by: Ming Lei <ming.lei(a)redhat.com>
Signed-off-by: Mike Snitzer <snitzer(a)redhat.com>
---
drivers/md/dm.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/drivers/md/dm.c b/drivers/md/dm.c
index e65429a29c06..a3b103e8e3ce 100644
--- a/drivers/md/dm.c
+++ b/drivers/md/dm.c
@@ -1606,10 +1606,9 @@ static blk_qc_t __split_and_process_bio(struct mapped_device *md,
* the usage of io->orig_bio in dm_remap_zone_report()
* won't be affected by this reassignment.
*/
- struct bio *b = bio_clone_bioset(bio, GFP_NOIO,
- &md->queue->bio_split);
+ struct bio *b = bio_split(bio, bio_sectors(bio) - ci.sector_count,
+ GFP_NOIO, &md->queue->bio_split);
ci.io->orig_bio = b;
- bio_advance(bio, (bio_sectors(bio) - ci.sector_count) << 9);
bio_chain(b, bio);
ret = generic_make_request(bio);
break;
--
2.9.5
This is an automatic generated email to let you know that the following patch were queued:
Subject: media: uvcvideo: Prevent setting unavailable flags
Author: Kieran Bingham <kieran.bingham(a)ideasonboard.com>
Date: Wed Mar 21 11:43:08 2018 -0400
The addition of an extra operation to use the GET_INFO command
overwrites all existing flags from the uvc_ctrls table. This includes
setting all controls as supporting GET_MIN, GET_MAX, GET_RES, and
GET_DEF regardless of whether they do or not.
Move the initialisation of these control capabilities directly to the
uvc_ctrl_fill_xu_info() call where they were originally located in that
use case, and ensure that the new functionality in uvc_ctrl_get_flags()
will only set flags based on their reported capability from the GET_INFO
call.
Fixes: 859086ae3636 ("media: uvcvideo: Apply flags from device to actual properties")
Cc: stable(a)vger.kernel.org
Signed-off-by: Kieran Bingham <kieran.bingham(a)ideasonboard.com>
Tested-by: Guennadi Liakhovetski <guennadi.liakhovetski(a)intel.com>
Signed-off-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org>
drivers/media/usb/uvc/uvc_ctrl.c | 17 +++++++++--------
1 file changed, 9 insertions(+), 8 deletions(-)
---
diff --git a/drivers/media/usb/uvc/uvc_ctrl.c b/drivers/media/usb/uvc/uvc_ctrl.c
index 102594ec3e97..a36b4fb949fa 100644
--- a/drivers/media/usb/uvc/uvc_ctrl.c
+++ b/drivers/media/usb/uvc/uvc_ctrl.c
@@ -1607,14 +1607,12 @@ static int uvc_ctrl_get_flags(struct uvc_device *dev,
ret = uvc_query_ctrl(dev, UVC_GET_INFO, ctrl->entity->id, dev->intfnum,
info->selector, data, 1);
if (!ret)
- info->flags = UVC_CTRL_FLAG_GET_MIN | UVC_CTRL_FLAG_GET_MAX
- | UVC_CTRL_FLAG_GET_RES | UVC_CTRL_FLAG_GET_DEF
- | (data[0] & UVC_CONTROL_CAP_GET ?
- UVC_CTRL_FLAG_GET_CUR : 0)
- | (data[0] & UVC_CONTROL_CAP_SET ?
- UVC_CTRL_FLAG_SET_CUR : 0)
- | (data[0] & UVC_CONTROL_CAP_AUTOUPDATE ?
- UVC_CTRL_FLAG_AUTO_UPDATE : 0);
+ info->flags |= (data[0] & UVC_CONTROL_CAP_GET ?
+ UVC_CTRL_FLAG_GET_CUR : 0)
+ | (data[0] & UVC_CONTROL_CAP_SET ?
+ UVC_CTRL_FLAG_SET_CUR : 0)
+ | (data[0] & UVC_CONTROL_CAP_AUTOUPDATE ?
+ UVC_CTRL_FLAG_AUTO_UPDATE : 0);
kfree(data);
return ret;
@@ -1689,6 +1687,9 @@ static int uvc_ctrl_fill_xu_info(struct uvc_device *dev,
info->size = le16_to_cpup((__le16 *)data);
+ info->flags = UVC_CTRL_FLAG_GET_MIN | UVC_CTRL_FLAG_GET_MAX
+ | UVC_CTRL_FLAG_GET_RES | UVC_CTRL_FLAG_GET_DEF;
+
ret = uvc_ctrl_get_flags(dev, ctrl, info);
if (ret < 0) {
uvc_trace(UVC_TRACE_CONTROL,
Good day, I am Mrs. Deepak Rajappan a banker from India and I work with a bank here. I have a profitable and risk free business proposal that will benefit the both of us. Kindly contact me for more details.
Thanks
Mrs. Deepak Rajappan
Email: deepakrajappan(a)hotmail.com
Currently device_supports_dax() just checks to see if the QUEUE_FLAG_DAX
flag is set on the device's request queue to decide whether or not the
device supports filesystem DAX. Really we should be using
bdev_dax_supported() like filesystems do at mount time. This performs
other tests like checking to make sure the dax_direct_access() path works.
We also explicitly clear QUEUE_FLAG_DAX on the DM device's request queue if
any of the underlying devices do not support DAX. This makes the handling
of QUEUE_FLAG_DAX consistent with the setting/clearing of most other flags
in dm_table_set_restrictions().
Now that bdev_dax_supported() explicitly checks for QUEUE_FLAG_DAX, this
will ensure that filesystems built upon DM devices will only be able to
mount with DAX if all underlying devices also support DAX.
Signed-off-by: Ross Zwisler <ross.zwisler(a)linux.intel.com>
Fixes: commit 545ed20e6df6 ("dm: add infrastructure for DAX support")
Cc: stable(a)vger.kernel.org
---
drivers/md/dm-table.c | 7 ++++---
drivers/md/dm.c | 3 +--
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/drivers/md/dm-table.c b/drivers/md/dm-table.c
index 938766794c2e..3d0e2c198f06 100644
--- a/drivers/md/dm-table.c
+++ b/drivers/md/dm-table.c
@@ -885,9 +885,7 @@ EXPORT_SYMBOL_GPL(dm_table_set_type);
static int device_supports_dax(struct dm_target *ti, struct dm_dev *dev,
sector_t start, sector_t len, void *data)
{
- struct request_queue *q = bdev_get_queue(dev->bdev);
-
- return q && blk_queue_dax(q);
+ return bdev_dax_supported(dev->bdev, PAGE_SIZE);
}
static bool dm_table_supports_dax(struct dm_table *t)
@@ -1907,6 +1905,9 @@ void dm_table_set_restrictions(struct dm_table *t, struct request_queue *q,
if (dm_table_supports_dax(t))
blk_queue_flag_set(QUEUE_FLAG_DAX, q);
+ else
+ blk_queue_flag_clear(QUEUE_FLAG_DAX, q);
+
if (dm_table_supports_dax_write_cache(t))
dax_write_cache(t->md->dax_dev, true);
diff --git a/drivers/md/dm.c b/drivers/md/dm.c
index e65429a29c06..bef5a3f243ed 100644
--- a/drivers/md/dm.c
+++ b/drivers/md/dm.c
@@ -1056,8 +1056,7 @@ static long dm_dax_direct_access(struct dax_device *dax_dev, pgoff_t pgoff,
if (len < 1)
goto out;
nr_pages = min(len, nr_pages);
- if (ti->type->direct_access)
- ret = ti->type->direct_access(ti, pgoff, nr_pages, kaddr, pfn);
+ ret = ti->type->direct_access(ti, pgoff, nr_pages, kaddr, pfn);
out:
dm_put_live_table(md, srcu_idx);
--
2.14.4
Add an explicit check for QUEUE_FLAG_DAX to __bdev_dax_supported(). This
is needed for DM configurations where the first element in the dm-linear or
dm-stripe target supports DAX, but other elements do not. Without this
check __bdev_dax_supported() will pass for such devices, letting a
filesystem on that device mount with the DAX option.
Signed-off-by: Ross Zwisler <ross.zwisler(a)linux.intel.com>
Suggested-by: Mike Snitzer <snitzer(a)redhat.com>
Fixes: commit 545ed20e6df6 ("dm: add infrastructure for DAX support")
Cc: stable(a)vger.kernel.org
---
drivers/dax/super.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/drivers/dax/super.c b/drivers/dax/super.c
index 903d9c473749..45276abf03aa 100644
--- a/drivers/dax/super.c
+++ b/drivers/dax/super.c
@@ -86,6 +86,7 @@ bool __bdev_dax_supported(struct block_device *bdev, int blocksize)
{
struct dax_device *dax_dev;
bool dax_enabled = false;
+ struct request_queue *q;
pgoff_t pgoff;
int err, id;
void *kaddr;
@@ -99,6 +100,13 @@ bool __bdev_dax_supported(struct block_device *bdev, int blocksize)
return false;
}
+ q = bdev_get_queue(bdev);
+ if (!q || !blk_queue_dax(q)) {
+ pr_debug("%s: error: request queue doesn't support dax\n",
+ bdevname(bdev, buf));
+ return false;
+ }
+
err = bdev_dax_pgoff(bdev, 0, PAGE_SIZE, &pgoff);
if (err) {
pr_debug("%s: error: unaligned partition for dax\n",
--
2.14.4
Hi Doug and Jason,
Here are a couple patches that we'd like to get into 4.18 rc cycle. These fix
bugs and aren't too complex. One of them is an issue that Dan Carpenter just
reported recently and is marked for stable.
---
Michael J. Ruhl (3):
IB/hfi1: Set in_use_ctxts bits for user ctxts only
IB/hfi1: Remove incorrect call to do_interrupt callback
IB/hfi1: Fix incorrect mixing of ERR_PTR and NULL return values
drivers/infiniband/hw/hfi1/chip.c | 30 +++++++++++++++++-------------
drivers/infiniband/hw/hfi1/file_ops.c | 4 ++++
drivers/infiniband/hw/hfi1/init.c | 1 -
drivers/infiniband/hw/hfi1/rc.c | 2 +-
drivers/infiniband/hw/hfi1/uc.c | 4 ++--
drivers/infiniband/hw/hfi1/ud.c | 4 ++--
drivers/infiniband/hw/hfi1/verbs_txreq.c | 4 ++--
drivers/infiniband/hw/hfi1/verbs_txreq.h | 4 ++--
8 files changed, 30 insertions(+), 23 deletions(-)
--
-Denny
Currently device_supports_dax() just checks to see if the QUEUE_FLAG_DAX
flag is set on the device's request queue to decide whether or not the
device supports filesystem DAX. Really we should be using
bdev_dax_supported() like filesystems do at mount time. This performs
other tests like checking to make sure the dax_direct_access() path works.
Conditionally set QUEUE_FLAG_DAX on the DM device's request queue based on
whether all underlying devices support DAX. Now that bdev_dax_supported()
explicitly checks for this flag, this will ensure that filesystems built
upon DM devices will only be able to mount with DAX if all underlying
devices also support DAX.
Signed-off-by: Ross Zwisler <ross.zwisler(a)linux.intel.com>
Fixes: commit 545ed20e6df6 ("dm: add infrastructure for DAX support")
Cc: stable(a)vger.kernel.org
---
drivers/md/dm-ioctl.c | 5 +++++
drivers/md/dm-table.c | 7 +++----
drivers/md/dm.c | 3 +--
include/linux/device-mapper.h | 5 +++++
4 files changed, 14 insertions(+), 6 deletions(-)
diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c
index b810ea77e6b1..0055bdbee5b1 100644
--- a/drivers/md/dm-ioctl.c
+++ b/drivers/md/dm-ioctl.c
@@ -1350,6 +1350,11 @@ static int table_load(struct file *filp, struct dm_ioctl *param, size_t param_si
goto err_unlock_md_type;
}
+ if (dm_table_supports_dax(t))
+ blk_queue_flag_set(QUEUE_FLAG_DAX, md->queue);
+ else
+ blk_queue_flag_clear(QUEUE_FLAG_DAX, md->queue);
+
dm_unlock_md_type(md);
/* stage inactive table */
diff --git a/drivers/md/dm-table.c b/drivers/md/dm-table.c
index 938766794c2e..c673b4a51fb2 100644
--- a/drivers/md/dm-table.c
+++ b/drivers/md/dm-table.c
@@ -885,12 +885,10 @@ EXPORT_SYMBOL_GPL(dm_table_set_type);
static int device_supports_dax(struct dm_target *ti, struct dm_dev *dev,
sector_t start, sector_t len, void *data)
{
- struct request_queue *q = bdev_get_queue(dev->bdev);
-
- return q && blk_queue_dax(q);
+ return bdev_dax_supported(dev->bdev, PAGE_SIZE);
}
-static bool dm_table_supports_dax(struct dm_table *t)
+bool dm_table_supports_dax(struct dm_table *t)
{
struct dm_target *ti;
unsigned i;
@@ -909,6 +907,7 @@ static bool dm_table_supports_dax(struct dm_table *t)
return true;
}
+EXPORT_SYMBOL_GPL(dm_table_supports_dax);
static bool dm_table_does_not_support_partial_completion(struct dm_table *t);
diff --git a/drivers/md/dm.c b/drivers/md/dm.c
index e65429a29c06..bef5a3f243ed 100644
--- a/drivers/md/dm.c
+++ b/drivers/md/dm.c
@@ -1056,8 +1056,7 @@ static long dm_dax_direct_access(struct dax_device *dax_dev, pgoff_t pgoff,
if (len < 1)
goto out;
nr_pages = min(len, nr_pages);
- if (ti->type->direct_access)
- ret = ti->type->direct_access(ti, pgoff, nr_pages, kaddr, pfn);
+ ret = ti->type->direct_access(ti, pgoff, nr_pages, kaddr, pfn);
out:
dm_put_live_table(md, srcu_idx);
diff --git a/include/linux/device-mapper.h b/include/linux/device-mapper.h
index 6fb0808e87c8..45ea9e1f9af9 100644
--- a/include/linux/device-mapper.h
+++ b/include/linux/device-mapper.h
@@ -461,6 +461,11 @@ void dm_table_add_target_callbacks(struct dm_table *t, struct dm_target_callback
*/
void dm_table_set_type(struct dm_table *t, enum dm_queue_mode type);
+/*
+ * Check to see if this target type and all table devices support DAX.
+ */
+bool dm_table_supports_dax(struct dm_table *t);
+
/*
* Finally call this to make the table ready for use.
*/
--
2.14.4
A device may have boundary restrictions where the number of sectors
between boundaries exceeds its max transfer size. In this case, we need
to cap the max size to the smaller of the two limits.
Reported-by: Jitendra Bhivare <jitendra.bhivare(a)broadcom.com>
Tested-by: Jitendra Bhivare <jitendra.bhivare(a)broadcom.com>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Keith Busch <keith.busch(a)intel.com>
---
include/linux/blkdev.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/linux/blkdev.h b/include/linux/blkdev.h
index 9154570edf29..79226ca8f80f 100644
--- a/include/linux/blkdev.h
+++ b/include/linux/blkdev.h
@@ -1119,8 +1119,8 @@ static inline unsigned int blk_max_size_offset(struct request_queue *q,
if (!q->limits.chunk_sectors)
return q->limits.max_sectors;
- return q->limits.chunk_sectors -
- (offset & (q->limits.chunk_sectors - 1));
+ return min(q->limits.max_sectors, (unsigned int)(q->limits.chunk_sectors -
+ (offset & (q->limits.chunk_sectors - 1))));
}
static inline unsigned int blk_rq_get_max_sectors(struct request *rq,
--
2.14.3
Add an explicit check for QUEUE_FLAG_DAX to __bdev_dax_supported(). This
is needed for DM configurations where the first element in the dm-linear or
dm-stripe target supports DAX, but other elements do not. Without this
check __bdev_dax_supported() will pass for such devices, letting a
filesystem on that device mount with the DAX option.
Signed-off-by: Ross Zwisler <ross.zwisler(a)linux.intel.com>
Suggested-by: Mike Snitzer <snitzer(a)redhat.com>
Cc: stable(a)vger.kernel.org
---
drivers/dax/super.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/drivers/dax/super.c b/drivers/dax/super.c
index 903d9c473749..45276abf03aa 100644
--- a/drivers/dax/super.c
+++ b/drivers/dax/super.c
@@ -86,6 +86,7 @@ bool __bdev_dax_supported(struct block_device *bdev, int blocksize)
{
struct dax_device *dax_dev;
bool dax_enabled = false;
+ struct request_queue *q;
pgoff_t pgoff;
int err, id;
void *kaddr;
@@ -99,6 +100,13 @@ bool __bdev_dax_supported(struct block_device *bdev, int blocksize)
return false;
}
+ q = bdev_get_queue(bdev);
+ if (!q || !blk_queue_dax(q)) {
+ pr_debug("%s: error: request queue doesn't support dax\n",
+ bdevname(bdev, buf));
+ return false;
+ }
+
err = bdev_dax_pgoff(bdev, 0, PAGE_SIZE, &pgoff);
if (err) {
pr_debug("%s: error: unaligned partition for dax\n",
--
2.14.4
From: Maciej S. Szmigiero <mail(a)maciej.szmigiero.name>
The signatureValue field of a X.509 certificate is encoded as a BIT STRING.
For RSA signatures this BIT STRING is of so-called primitive subtype, which
contains a u8 prefix indicating a count of unused bits in the encoding.
We have to strip this prefix from signature data, just as we already do for
key data in x509_extract_key_data() function.
This wasn't noticed earlier because this prefix byte is zero for RSA key
sizes divisible by 8. Since BIT STRING is a big-endian encoding adding zero
prefixes has no bearing on its value.
The signature length, however was incorrect, which is a problem for RSA
implementations that need it to be exactly correct (like AMD CCP).
Signed-off-by: Maciej S. Szmigiero <mail(a)maciej.szmigiero.name>
Fixes: c26fd69fa009 ("X.509: Add a crypto key parser for binary (DER) X.509 certificates")
Cc: stable(a)vger.kernel.org
Signed-off-by: David Howells <dhowells(a)redhat.com>
---
crypto/asymmetric_keys/x509_cert_parser.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/crypto/asymmetric_keys/x509_cert_parser.c b/crypto/asymmetric_keys/x509_cert_parser.c
index 7d81e6bb461a..b6cabac4b62b 100644
--- a/crypto/asymmetric_keys/x509_cert_parser.c
+++ b/crypto/asymmetric_keys/x509_cert_parser.c
@@ -249,6 +249,15 @@ int x509_note_signature(void *context, size_t hdrlen,
return -EINVAL;
}
+ if (strcmp(ctx->cert->sig->pkey_algo, "rsa") == 0) {
+ /* Discard the BIT STRING metadata */
+ if (vlen < 1 || *(const u8 *)value != 0)
+ return -EBADMSG;
+
+ value++;
+ vlen--;
+ }
+
ctx->cert->raw_sig = value;
ctx->cert->raw_sig_size = vlen;
return 0;
With commit 8f111bc357aa ("cpufreq/schedutil: Rewrite CPUFREQ_RT support")
schedutil governor uses rq->rt.rt_nr_running to detect whether a RT task is
currently running on the CPU and to set frequency to max if necessary.
cpufreq_update_util() is called in enqueue/dequeue_top_rt_rq() but
rq->rt.rt_nr_running as not been updated yet when dequeue_top_rt_rq() is
called so schedutil still considers that a RT task is running when the
last task is dequeued. The update of rq->rt.rt_nr_running happens later
in dequeue_rt_stack()
Fixes: 8f111bc357aa ('cpufreq/schedutil: Rewrite CPUFREQ_RT support')
Cc: <stable(a)vger.kernel.org> # v4.16+
Signed-off-by: Vincent Guittot <vincent.guittot(a)linaro.org>
---
- v2:
- remove blank line
kernel/sched/rt.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/kernel/sched/rt.c b/kernel/sched/rt.c
index 7aef6b4..a9f1119 100644
--- a/kernel/sched/rt.c
+++ b/kernel/sched/rt.c
@@ -1000,9 +1000,6 @@ dequeue_top_rt_rq(struct rt_rq *rt_rq)
sub_nr_running(rq, rt_rq->rt_nr_running);
rt_rq->rt_queued = 0;
-
- /* Kick cpufreq (see the comment in kernel/sched/sched.h). */
- cpufreq_update_util(rq, 0);
}
static void
@@ -1288,6 +1285,9 @@ static void dequeue_rt_stack(struct sched_rt_entity *rt_se, unsigned int flags)
if (on_rt_rq(rt_se))
__dequeue_rt_entity(rt_se, flags);
}
+
+ /* Kick cpufreq (see the comment in kernel/sched/sched.h). */
+ cpufreq_update_util(rq_of_rt_rq(rt_rq_of_se(back)), 0);
}
static void enqueue_rt_entity(struct sched_rt_entity *rt_se, unsigned int flags)
--
2.7.4
If an iio channel defines a basic property, there are duplicate entries
in /sys/class/power/*/uevent.
So add a check to avoid duplicates. Since all channels may be duplicates,
we have to modify the related error check.
Signed-off-by: H. Nikolaus Schaller <hns(a)goldelico.com>
Cc: stable(a)vger.kernel.org
---
drivers/power/supply/generic-adc-battery.c | 15 +++++++++++++--
1 file changed, 13 insertions(+), 2 deletions(-)
diff --git a/drivers/power/supply/generic-adc-battery.c b/drivers/power/supply/generic-adc-battery.c
index 11f59275bff4..bc462d1ec963 100644
--- a/drivers/power/supply/generic-adc-battery.c
+++ b/drivers/power/supply/generic-adc-battery.c
@@ -244,6 +244,7 @@ static int gab_probe(struct platform_device *pdev)
int ret = 0;
int chan;
int index = ARRAY_SIZE(gab_props);
+ bool any = false;
adc_bat = devm_kzalloc(&pdev->dev, sizeof(*adc_bat), GFP_KERNEL);
if (!adc_bat) {
@@ -290,12 +291,22 @@ static int gab_probe(struct platform_device *pdev)
adc_bat->channel[chan] = NULL;
} else {
/* copying properties for supported channels only */
- psy_desc->properties[index++] = gab_dyn_props[chan];
+ int index2;
+
+ for (index2 = 0; index2 < index; index2++) {
+ if (psy_desc->properties[index2] ==
+ gab_dyn_props[chan])
+ break; /* already known */
+ }
+ if (index2 == index) /* really new */
+ psy_desc->properties[index++] =
+ gab_dyn_props[chan];
+ any = true;
}
}
/* none of the channels are supported so let's bail out */
- if (index == ARRAY_SIZE(gab_props)) {
+ if (!any) {
ret = -ENODEV;
goto second_mem_fail;
}
--
2.12.2
We did have sporadic problems in the pinctrl framework during boot
where a pin group name unexpectedly became NULL leading to a NULL
dereference in strcmp.
Detailled analysis of the failing cases did reveal that there were
two devm allocated objects close to each other. The second one was
the affected group_desc in pinmux and the first one was the
psy_desc->properties buffer of the gab driver.
Review of the gab code showed that the address calculation for
one memcpy() is wrong. It does
properties + sizeof(type) * index
but C is defined to do the index multiplication already for
pointer + integer additions. Hence the factor was applied twice
and the memcpy() does write outside of the properties buffer.
Sometimes it happened to be the pinctrl and triggered the strcmp(NULL).
Anyways, it is overkill to use a memcpy() here instead of a simple
assignment, which is easier to read and has less risk for wrong
address calculations. So we change code to a simple assignment.
If we initialize the index to the first free location, we can even
remove the local variable 'properties'.
This bug seems to exist right from the beginning in 3.7-rc1 in
commit e60fea794e6e ("power: battery: Generic battery driver using IIO")
Signed-off-by: H. Nikolaus Schaller <hns(a)goldelico.com>
Cc: stable(a)vger.kernel.org
---
drivers/power/supply/generic-adc-battery.c | 14 ++++----------
1 file changed, 4 insertions(+), 10 deletions(-)
diff --git a/drivers/power/supply/generic-adc-battery.c b/drivers/power/supply/generic-adc-battery.c
index 28dc056eaafa..11f59275bff4 100644
--- a/drivers/power/supply/generic-adc-battery.c
+++ b/drivers/power/supply/generic-adc-battery.c
@@ -241,10 +241,9 @@ static int gab_probe(struct platform_device *pdev)
struct power_supply_desc *psy_desc;
struct power_supply_config psy_cfg = {};
struct gab_platform_data *pdata = pdev->dev.platform_data;
- enum power_supply_property *properties;
int ret = 0;
int chan;
- int index = 0;
+ int index = ARRAY_SIZE(gab_props);
adc_bat = devm_kzalloc(&pdev->dev, sizeof(*adc_bat), GFP_KERNEL);
if (!adc_bat) {
@@ -278,8 +277,6 @@ static int gab_probe(struct platform_device *pdev)
}
memcpy(psy_desc->properties, gab_props, sizeof(gab_props));
- properties = (enum power_supply_property *)
- ((char *)psy_desc->properties + sizeof(gab_props));
/*
* getting channel from iio and copying the battery properties
@@ -293,15 +290,12 @@ static int gab_probe(struct platform_device *pdev)
adc_bat->channel[chan] = NULL;
} else {
/* copying properties for supported channels only */
- memcpy(properties + sizeof(*(psy_desc->properties)) * index,
- &gab_dyn_props[chan],
- sizeof(gab_dyn_props[chan]));
- index++;
+ psy_desc->properties[index++] = gab_dyn_props[chan];
}
}
/* none of the channels are supported so let's bail out */
- if (index == 0) {
+ if (index == ARRAY_SIZE(gab_props)) {
ret = -ENODEV;
goto second_mem_fail;
}
@@ -312,7 +306,7 @@ static int gab_probe(struct platform_device *pdev)
* as come channels may be not be supported by the device.So
* we need to take care of that.
*/
- psy_desc->num_properties = ARRAY_SIZE(gab_props) + index;
+ psy_desc->num_properties = index;
adc_bat->psy = power_supply_register(&pdev->dev, psy_desc, &psy_cfg);
if (IS_ERR(adc_bat->psy)) {
--
2.12.2
If the ALL bit is set in the ZBC_OUT command, the command zone ID field
(block) should be ignored.
Reported-by: David Butterfield <david.butterfield(a)wdc.com>
Signed-off-by: Damien Le Moal <damien.lemoal(a)wdc.com>
Cc: stable(a)vger.kernel.org
---
drivers/ata/libata-scsi.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/drivers/ata/libata-scsi.c b/drivers/ata/libata-scsi.c
index a5543751f446..aad1b01447de 100644
--- a/drivers/ata/libata-scsi.c
+++ b/drivers/ata/libata-scsi.c
@@ -3805,7 +3805,14 @@ static unsigned int ata_scsi_zbc_out_xlat(struct ata_queued_cmd *qc)
*/
goto invalid_param_len;
}
- if (block >= dev->n_sectors) {
+
+ all = cdb[14] & 0x1;
+ if (all) {
+ /*
+ * Ignore the block address (zone ID) as defined by ZBC.
+ */
+ block = 0;
+ } else if (block >= dev->n_sectors) {
/*
* Block must be a valid zone ID (a zone start LBA).
*/
@@ -3813,8 +3820,6 @@ static unsigned int ata_scsi_zbc_out_xlat(struct ata_queued_cmd *qc)
goto invalid_fld;
}
- all = cdb[14] & 0x1;
-
if (ata_ncq_enabled(qc->dev) &&
ata_fpdma_zac_mgmt_out_supported(qc->dev)) {
tf->protocol = ATA_PROT_NCQ_NODATA;
--
2.17.1
The block (LBA) specified must not exceed the last addressable LBA,
which is dev->nr_sectors - 1. So fix the correct check is
"if (block >= dev->n_sectors)" and not "if (block > dev->n_sectords)".
Additionally, the asc/ascq to return for an LBA that is not a zone start
LBA should be ILLEGAL REQUEST, regardless if the bad LBA is out of
range.
Reported-by: David Butterfield <david.butterfield(a)wdc.com>
Signed-off-by: Damien Le Moal <damien.lemoal(a)wdc.com>
Cc: stable(a)vger.kernel.org
---
drivers/ata/libata-scsi.c | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/drivers/ata/libata-scsi.c b/drivers/ata/libata-scsi.c
index 6a91d04351d9..a5543751f446 100644
--- a/drivers/ata/libata-scsi.c
+++ b/drivers/ata/libata-scsi.c
@@ -3805,8 +3805,13 @@ static unsigned int ata_scsi_zbc_out_xlat(struct ata_queued_cmd *qc)
*/
goto invalid_param_len;
}
- if (block > dev->n_sectors)
- goto out_of_range;
+ if (block >= dev->n_sectors) {
+ /*
+ * Block must be a valid zone ID (a zone start LBA).
+ */
+ fp = 2;
+ goto invalid_fld;
+ }
all = cdb[14] & 0x1;
@@ -3837,10 +3842,6 @@ static unsigned int ata_scsi_zbc_out_xlat(struct ata_queued_cmd *qc)
invalid_fld:
ata_scsi_set_invalid_field(qc->dev, scmd, fp, 0xff);
return 1;
- out_of_range:
- /* "Logical Block Address out of range" */
- ata_scsi_set_sense(qc->dev, scmd, ILLEGAL_REQUEST, 0x21, 0x00);
- return 1;
invalid_param_len:
/* "Parameter list length error" */
ata_scsi_set_sense(qc->dev, scmd, ILLEGAL_REQUEST, 0x1a, 0x0);
--
2.17.1
Tejun,
These two patches fix problems with the checks of the ZBC_OUT command fields
prior to its translation to ZAC MANAGEMENT OUT.
The first patch fixes an incorrect out-of-range check and changes the returned
asc/ascq to the ZBC defined INVALID FIELD IN CDB instead of (the more natural
but incorrect) LBA OUT OF RANGE.
The second patch disables the ZBC_OUT command block address check if the ALL
bit is set, as defined by the ZBC specifications.
Thank you for considering these patches for inclusion in 4.18 fixes (and CC
stable).
Damien Le Moal (2):
ata: Fix ZBC_OUT command block check
ata: Fix ZBC_OUT all bit handling
drivers/ata/libata-scsi.c | 18 ++++++++++++------
1 file changed, 12 insertions(+), 6 deletions(-)
--
2.17.1
Hi balbi,
Thanks for reponse. Now I fixed this case without check STALL status when clear-Halt request.
BDW, I have meet other case:
Run dwc3 for uvc function, the uvc video show video overlapping when windows 7 restart camera app.
I debug the dwc3 drivers ,found :
1. when camera app close, the dwc3 ep_dequeue is call. Then giveback request with status: -ECONNRESET to uvc function layer. dep->trb_dequeue keep stable
2.when camera app reopen ,the dwc3 ep_queue is call. Then kick a transfer, fetch a new trb to dwc3 core. dep->trb_enqueue increment.
3.when one trb tranfter complete, handle event process function fetch one frb by current dep->trb_dequeue, and uvc function would get one request complete giveback, which have been dequeue.
But in fact, current dep->trb_dequeue pointer buffer is "old", because stp1 have been dequeue it.
Current dwc3 drivers: the correct enqueue req process is " ep enqueue > fetch a new trb by trb_enqueue > increase trb_enqueue > pack trb to dwc3 core", Right?
For dequeue request process, now is " ep dequeue > stop started_list request > giveback request with -ECONNRESET status" Right ?
To avoid getting a older request which has been dequeued, I think dequeue process necessary sync the trb_dequeue to trb_enqueue. Right ?
Liang Shengjun
-----邮件原件-----
发件人: Felipe Balbi [mailto:felipe.balbi@linux.intel.com]
发送时间: 2018年6月25日 15:48
收件人: Alan Stern <stern(a)rowland.harvard.edu>
抄送: liangshengjun <liangshengjun(a)hisilicon.com>; stable(a)vger.kernel.org; linux-usb(a)vger.kernel.org
主题: Re: make a confirm for [usb: dwc3: gadget: skip Set/Clear Halt when invalid]
Hi,
Alan Stern <stern(a)rowland.harvard.edu> writes:
>> that patch is not 100% correct. You can revert it in your tree. I
>> added that because of a problem I found when running adb against macOS.
>>
>> It's actually okay to send Clear Halt at any time, but for some
>> reason
>> dwc3 was hanging when running adb against macOS.
>
> Note: According to the USB spec it's okay to send Clear-Halt at any
> time. But there are plenty of devices that get upset if they receive
> this message when the endpoint isn't actually halted.
right. The weird thing here is that dwc3 has never suffered from this until we ran ADB against macOS. That was the only way to get any problems.
Without clear halt, though, we have no means for syncing data toggle.
--
balbi
Hello Greg,
#Forgot to add --compose
Following up on our discussion during the review of
kernel 4.4.138-stable, I have backported a few
patches that remove the remaining FPU lazy mode deadcode
from 4.4.y and 4.9.y. To avoid confusion I will send the
explanation on separate e-mails:
Patches for 4.4.y:
[PATCH 1/4] KVM: x86: remove eager_fpu field of struct kvm_vcpu_arch
- This is a git cherry-pick of
5a5fbdc0e3f1 ("KVM: x86: remove eager_fpu field of struct kvm_vcpu_arch").
It applies cleanly and is required for the next patch not to cause conflicts
on arch/x86/kvm/cpuid.c
[PATCH 2/4] x86/fpu: Remove use_eager_fpu()
- The main conflict ocurred on fpu/core.c because commit
bf15a8cf8d14 ("x86/fpu/xstate: Rename 'xstate_size' to 'fpu_kernel_xstate_size', to distinguish it from 'fpu_user_xstate_size'")
is not on 4.4.y. That commit renames xstate_size to fpu_kernel_xstate_size
but it also has its conflicts so I decided just to fix the conflict manually/
[PATCH 3/4] x86/fpu: Remove struct fpu::counter
- caused one conflict because 4.4.y does not have commit
d1898b733619 ("x86/fpu: Add tracepoints to dump FPU state at key points")
I fixed it manually.
[PATCH 4/4] x86/fpu: Finish excising 'eagerfpu'
- caused a small conflict because 'nopku' is not in 4.4.y
- sorry my editor might have removed a couple of trailing spaces
automatically to Documentation/kernel-paramters.txt
- cause one conflict in these files because they didn't exist
arch/x86/include/asm/cpufeatures.h
arch/x86/mm/pkeys.c
tools/arch/x86/include/asm/cpufeatures.h
- Instead I removed the X86_FEATURE_EAGER_FPU definition from arch/x86/include/asm/cpufeature.h
Best regards,
Daniel Sangorrin
PS: Used git send-email --to stable(a)vger.kernel.org --cc-cmd="./scripts/get_maintainer.pl --norolestats" 2197a44..HEAD
but it doesn't seem to work sorry...humm
Hi Ingo,
Please consider pulling,
- Arnaldo
Test results at the end of this message, as usual.
The following changes since commit 57d6a7938a8fc6cee8420b40ca244220b41721f5:
perf/core: Move the inline keyword at the beginning of the function declaration (2018-06-22 11:07:47 +0200)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux.git tags/perf-urgent-for-mingo-4.18-20180625
for you to fetch changes up to 92ead7ee30c80f8852d28735cbcb9d79bc85f715:
perf tools: Fix crash caused by accessing feat_ops[HEADER_LAST_FEATURE] (2018-06-25 11:59:37 -0300)
----------------------------------------------------------------
perf/urgent fixes:
perf bench: (Jiri Olsa):
. Fix NUMA report output code handling of less than 1s runtimes.
perf script: (Ravi Bangoria)
. Add missing output fields in a 'perf script -h' hint.
. Fix crash because of missing evsel->priv.
. Fix crash caused by accessing feat_ops[HEADER_LAST_FEATURE], which
is just a end of features header marker.
perf stat: (Thomas Richter)
. Remove duplicate event counting
perf test:
. Wire parsing error handling in 'parse events' test (Jiri Olsa)
. Fix 'session topology' test on s/390 (Thomas Richter)
eBPF: (Yonghong Song)
. Fix a clang 7.0 compilation error when building perf linking
with libclang
intel-pt: (Adrian Hunter)
. Fix packet decoding of CYC packets.
Copies of kernel files: (Arnaldo Carvalho de Melo)
. Synchronize drm/drm.h UAPI
. Update x86's syscall_64.tbl, adding support for 'io_pgetevents' and 'rseq'
in 'perf trace'.
. Update powerpc uapi/asm/unistd.h, adding support for the 'rseq' syscall.
. Update if_link.h and bpf.h, no effect on tool features.
PowerPC: (Sandipan Das)
. Fix crash if callchain is empty.
s/390: (Thomas Richter)
. Support random socked_id assignment in the perf header.
. Support s390 random socket_id assignment in perf.data file.
. Make PMU alias definitions taken from sysfs and JSON files comparable
by normalizing them wrt spaces and newlines.
Signed-off-by: Arnaldo Carvalho de Melo <acme(a)redhat.com>
----------------------------------------------------------------
Adrian Hunter (1):
perf intel-pt: Fix packet decoding of CYC packets
Arnaldo Carvalho de Melo (5):
tools headers uapi: Synchronize drm/drm.h
perf tools: Update x86's syscall_64.tbl, adding 'io_pgetevents' and 'rseq'
tools include powerpc: Update arch/powerpc/include/uapi/asm/unistd.h copy to get 'rseq' syscall
tools include uapi: Update if_link.h to pick IFLA_{BRPORT_ISOLATED,VXLAN_TTL_INHERIT}
tools include uapi: Synchronize bpf.h with the kernel
Jiri Olsa (3):
perf tests: Add event parsing error handling to parse events test
perf tests: Add valid callback for parse-events test
perf bench: Fix numa report output code
Ravi Bangoria (3):
perf script: Add missing output fields in a hint
perf script: Fix crash because of missing evsel->priv
perf tools: Fix crash caused by accessing feat_ops[HEADER_LAST_FEATURE]
Sandipan Das (1):
perf report powerpc: Fix crash if callchain is empty
Thomas Richter (5):
perf record: Support s390 random socket_id assignment
perf test session topology: Fix test on s390
perf alias: Remove trailing newline when reading sysfs files
perf alias: Rebuild alias expression string to make it comparable
perf stat: Remove duplicate event counting
Yonghong Song (1):
perf tools: Fix a clang 7.0 compilation error
tools/arch/powerpc/include/uapi/asm/unistd.h | 1 +
tools/include/uapi/drm/drm.h | 7 ++
tools/include/uapi/linux/bpf.h | 2 +-
tools/include/uapi/linux/if_link.h | 2 +
tools/perf/arch/powerpc/util/skip-callchain-idx.c | 2 +-
tools/perf/arch/x86/entry/syscalls/syscall_64.tbl | 2 +
tools/perf/bench/numa.c | 5 +-
tools/perf/builtin-annotate.c | 11 ++-
tools/perf/builtin-report.c | 3 +-
tools/perf/builtin-script.c | 30 ++++++-
tools/perf/tests/parse-events.c | 25 ++++--
tools/perf/tests/topology.c | 1 +
tools/perf/util/c++/clang.cpp | 11 ++-
tools/perf/util/header.c | 12 ++-
.../util/intel-pt-decoder/intel-pt-pkt-decoder.c | 2 +-
tools/perf/util/pmu.c | 99 +++++++++++++++++++++-
16 files changed, 194 insertions(+), 21 deletions(-)
Test results:
The first ones are container (docker) based builds of tools/perf with
and without libelf support. Where clang is available, it is also used
to build perf with/without libelf, and building with LIBCLANGLLVM=1
(built-in clang) with gcc and clang when clang and its devel libraries
are installed.
The objtool and samples/bpf/ builds are disabled now that I'm switching from
using the sources in a local volume to fetching them from a http server to
build it inside the container, to make it easier to build in a container cluster.
Those will come back later.
Several are cross builds, the ones with -x-ARCH and the android one, and those
may not have all the features built, due to lack of multi-arch devel packages,
available and being used so far on just a few, like
debian:experimental-x-{arm64,mipsel}.
The 'perf test' one will perform a variety of tests exercising
tools/perf/util/, tools/lib/{bpf,traceevent,etc}, as well as run perf commands
with a variety of command line event specifications to then intercept the
sys_perf_event syscall to check that the perf_event_attr fields are set up as
expected, among a variety of other unit tests.
Then there is the 'make -C tools/perf build-test' ones, that build tools/perf/
with a variety of feature sets, exercising the build with an incomplete set of
features as well as with a complete one. It is planned to have it run on each
of the containers mentioned above, using some container orchestration
infrastructure. Get in contact if interested in helping having this in place.
# dm
1 alpine:3.4 : Ok gcc (Alpine 5.3.0) 5.3.0
2 alpine:3.5 : Ok gcc (Alpine 6.2.1) 6.2.1 20160822
3 alpine:3.6 : Ok gcc (Alpine 6.3.0) 6.3.0
4 alpine:3.7 : Ok gcc (Alpine 6.4.0) 6.4.0
5 alpine:edge : Ok gcc (Alpine 6.4.0) 6.4.0
6 amazonlinux:1 : Ok gcc (GCC) 4.8.5 20150623 (Red Hat 4.8.5-28)
7 amazonlinux:2 : Ok gcc (GCC) 7.3.1 20180303 (Red Hat 7.3.1-5)
8 android-ndk:r12b-arm : Ok arm-linux-androideabi-gcc (GCC) 4.9.x 20150123 (prerelease)
9 android-ndk:r15c-arm : Ok arm-linux-androideabi-gcc (GCC) 4.9.x 20150123 (prerelease)
10 centos:5 : Ok gcc (GCC) 4.1.2 20080704 (Red Hat 4.1.2-55)
11 centos:6 : Ok gcc (GCC) 4.4.7 20120313 (Red Hat 4.4.7-18)
12 centos:7 : Ok gcc (GCC) 4.8.5 20150623 (Red Hat 4.8.5-28)
13 debian:7 : Ok gcc (Debian 4.7.2-5) 4.7.2
14 debian:8 : Ok gcc (Debian 4.9.2-10+deb8u1) 4.9.2
15 debian:9 : Ok gcc (Debian 6.3.0-18+deb9u1) 6.3.0 20170516
16 debian:experimental : Ok gcc (Debian 7.3.0-19) 7.3.0
17 debian:experimental-x-arm64 : Ok aarch64-linux-gnu-gcc (Debian 7.3.0-19) 7.3.0
18 debian:experimental-x-mips : Ok mips-linux-gnu-gcc (Debian 7.3.0-19) 7.3.0
19 debian:experimental-x-mips64 : Ok mips64-linux-gnuabi64-gcc (Debian 7.3.0-18) 7.3.0
20 debian:experimental-x-mipsel : Ok mipsel-linux-gnu-gcc (Debian 7.3.0-19) 7.3.0
21 fedora:20 : Ok gcc (GCC) 4.8.3 20140911 (Red Hat 4.8.3-7)
22 fedora:21 : Ok gcc (GCC) 4.9.2 20150212 (Red Hat 4.9.2-6)
23 fedora:22 : Ok gcc (GCC) 5.3.1 20160406 (Red Hat 5.3.1-6)
24 fedora:23 : Ok gcc (GCC) 5.3.1 20160406 (Red Hat 5.3.1-6)
<stopped due to a power outage>
# git log --oneline -1
92ead7ee30c8 (HEAD -> perf/urgent) perf tools: Fix crash caused by accessing feat_ops[HEADER_LAST_FEATURE]
# perf version
perf version 4.17.g92ead7
# uname -a
Linux jouet 4.17.0-rc5 #21 SMP Mon May 14 15:35:35 -03 2018 x86_64 x86_64 x86_64 GNU/Linux
# perf test
1: vmlinux symtab matches kallsyms : Ok
2: Detect openat syscall event : Ok
3: Detect openat syscall event on all cpus : Ok
4: Read samples using the mmap interface : Ok
5: Test data source output : Ok
6: Parse event definition strings : Ok
7: Simple expression parser : Ok
8: PERF_RECORD_* events & perf_sample fields : Ok
9: Parse perf pmu format : Ok
10: DSO data read : Ok
11: DSO data cache : Ok
12: DSO data reopen : Ok
13: Roundtrip evsel->name : Ok
14: Parse sched tracepoints fields : Ok
15: syscalls:sys_enter_openat event fields : Ok
16: Setup struct perf_event_attr : Ok
17: Match and link multiple hists : Ok
18: 'import perf' in python : Ok
19: Breakpoint overflow signal handler : Ok
20: Breakpoint overflow sampling : Ok
21: Breakpoint accounting : Ok
22: Number of exit events of a simple workload : Ok
23: Software clock events period values : Ok
24: Object code reading : Ok
25: Sample parsing : Ok
26: Use a dummy software event to keep tracking : Ok
27: Parse with no sample_id_all bit set : Ok
28: Filter hist entries : Ok
29: Lookup mmap thread : Ok
30: Share thread mg : Ok
31: Sort output of hist entries : Ok
32: Cumulate child hist entries : Ok
33: Track with sched_switch : Ok
34: Filter fds with revents mask in a fdarray : Ok
35: Add fd to a fdarray, making it autogrow : Ok
36: kmod_path__parse : Ok
37: Thread map : Ok
38: LLVM search and compile :
38.1: Basic BPF llvm compile : Ok
38.2: kbuild searching : Ok
38.3: Compile source for BPF prologue generation : Ok
38.4: Compile source for BPF relocation : Ok
39: Session topology : Ok
40: BPF filter :
40.1: Basic BPF filtering : Ok
40.2: BPF pinning : Ok
40.3: BPF prologue generation : Ok
40.4: BPF relocation checker : Ok
41: Synthesize thread map : Ok
42: Remove thread map : Ok
43: Synthesize cpu map : Ok
44: Synthesize stat config : Ok
45: Synthesize stat : Ok
46: Synthesize stat round : Ok
47: Synthesize attr update : Ok
48: Event times : Ok
49: Read backward ring buffer : Ok
50: Print cpu map : Ok
51: Probe SDT events : Ok
52: is_printable_array : Ok
53: Print bitmap : Ok
54: perf hooks : Ok
55: builtin clang support : Skip (not compiled in)
56: unit_number__scnprintf : Ok
57: mem2node : Ok
58: x86 rdpmc : Ok
59: Convert perf time to TSC : Ok
60: DWARF unwind : Ok
61: x86 instruction decoder - new instructions : Ok
62: Use vfs_getname probe to get syscall args filenames : Ok
63: Check open filename arg using perf trace + vfs_getname: Ok
64: probe libc's inet_pton & backtrace it with ping : Ok
65: Add vfs_getname probe to get syscall args filenames : Ok
#
$ make -C tools/perf build-test
make: Entering directory '/home/acme/git/perf/tools/perf'
- tarpkg: ./tests/perf-targz-src-pkg .
make_install_prefix_O: make install prefix=/tmp/krava
make_install_O: make install
make_clean_all_O: make clean all
make_no_libnuma_O: make NO_LIBNUMA=1
make_perf_o_O: make perf.o
make_no_libdw_dwarf_unwind_O: make NO_LIBDW_DWARF_UNWIND=1
make_no_libelf_O: make NO_LIBELF=1
make_no_demangle_O: make NO_DEMANGLE=1
make_no_libbionic_O: make NO_LIBBIONIC=1
make_with_babeltrace_O: make LIBBABELTRACE=1
make_pure_O: make
make_no_scripts_O: make NO_LIBPYTHON=1 NO_LIBPERL=1
make_util_map_o_O: make util/map.o
make_util_pmu_bison_o_O: make util/pmu-bison.o
make_install_bin_O: make install-bin
make_install_prefix_slash_O: make install prefix=/tmp/krava/
make_no_ui_O: make NO_NEWT=1 NO_SLANG=1 NO_GTK2=1
make_doc_O: make doc
make_minimal_O: make NO_LIBPERL=1 NO_LIBPYTHON=1 NO_NEWT=1 NO_GTK2=1 NO_DEMANGLE=1 NO_LIBELF=1 NO_LIBUNWIND=1 NO_BACKTRACE=1 NO_LIBNUMA=1 NO_LIBAUDIT=1 NO_LIBBIONIC=1 NO_LIBDW_DWARF_UNWIND=1 NO_AUXTRACE=1 NO_LIBBPF=1 NO_LIBCRYPTO=1 NO_SDT=1 NO_JVMTI=1
make_tags_O: make tags
make_static_O: make LDFLAGS=-static
make_no_slang_O: make NO_SLANG=1
make_no_libbpf_O: make NO_LIBBPF=1
make_no_libperl_O: make NO_LIBPERL=1
make_debug_O: make DEBUG=1
make_no_libunwind_O: make NO_LIBUNWIND=1
make_no_libaudit_O: make NO_LIBAUDIT=1
make_no_newt_O: make NO_NEWT=1
make_no_libpython_O: make NO_LIBPYTHON=1
make_no_backtrace_O: make NO_BACKTRACE=1
make_help_O: make help
make_with_clangllvm_O: make LIBCLANGLLVM=1
make_no_gtk2_O: make NO_GTK2=1
make_no_auxtrace_O: make NO_AUXTRACE=1
OK
make: Leaving directory '/home/acme/git/perf/tools/perf'
$
Hello Greg,
Following up on our discussion during the review of
kernel 4.4.138-stable, I have backported a few
patches that remove the remaining FPU lazy mode deadcode
from 4.4.y and 4.9.y. To avoid confusion I will send the
explanation on separate e-mails:
Patches for 4.9.y:
[PATCH 1/4] x86/fpu: Remove use_eager_fpu()
-> I only had to solve a small conflict caused by the fact that
commit b22cbe404a9c ("x86/fpu: Fix invalid FPU ptrace state after execve()")
had been applied before (it was supposed to come after)
[PATCH 2/4] x86/fpu: Remove struct fpu::counter
-> This is just a git cherry-pick of 3913cc350757 ("x86/fpu: Remove struct fpu::counter")
which applies cleanly on 4.9.y. You can cherry-pick it instead of applying my patch.
[PATCH 3/4] Revert "perf: sync up x86/.../cpufeatures.h"
-> Sorry to revert your patch ;). This was just for the next patch to apply cleanly.
[PATCH 4/4] x86/fpu: Finish excising 'eagerfpu'
-> Again you can use a cherry pick of e63650840e8b ("x86/fpu: Finish excising 'eagerfpu'")
instead of applying my patch.
Tested on x86_64 only with:
- ./runltp -f math (all tests pass)
- IEEE 754 tests (no regressions seen)
Ref: http://www.math.utah.edu/~beebe/software/ieee/
[Note] I could not prepare a x86 32-bit machine to test no387
[Note] If someone knows better about testing the FPU please let me know.
Best regards,
Daniel Sangorrin
PS: Using git send-email --cc-cmd="scripts/get_maintainer.pl" for the first time. Apologies if this is not the right method.
I'm announcing the release of the 4.9.110 kernel.
All users of the 4.9 kernel series must upgrade.
The updated 4.9.y git tree can be found at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.9.y
and can be browsed at the normal kernel.org git web browser:
http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary
thanks,
greg k-h
------------
Documentation/devicetree/bindings/net/dsa/b53.txt | 1
Makefile | 2 -
drivers/ata/libata-core.c | 3 -
drivers/ata/libata-zpodd.c | 4 +-
drivers/atm/zatm.c | 4 +-
drivers/base/core.c | 14 +++++++-
drivers/cpufreq/cpufreq.c | 2 +
drivers/hid/intel-ish-hid/ipc/pci-ish.c | 22 ++++---------
drivers/net/bonding/bond_options.c | 1
drivers/net/dsa/b53/b53_common.c | 13 +++++++
drivers/net/dsa/b53/b53_mdio.c | 5 ++-
drivers/net/dsa/b53/b53_priv.h | 1
drivers/net/ethernet/natsemi/sonic.c | 2 -
drivers/net/usb/qmi_wwan.c | 1
drivers/net/wireless/intel/iwlwifi/pcie/trans.c | 10 +++---
drivers/platform/x86/asus-wmi.c | 23 +++++++-------
drivers/usb/musb/musb_host.c | 5 ++-
drivers/usb/musb/musb_host.h | 7 +++-
drivers/usb/musb/musb_virthub.c | 25 +++++++++------
drivers/vhost/vhost.c | 3 +
drivers/w1/masters/mxc_w1.c | 20 +++++++-----
fs/binfmt_misc.c | 12 +++++--
fs/btrfs/ioctl.c | 18 ++++++-----
fs/btrfs/scrub.c | 2 -
fs/cifs/smb2pdu.c | 1
fs/ext4/indirect.c | 14 ++++++--
fs/ext4/inode.c | 36 +++++++++++-----------
fs/ext4/resize.c | 2 -
fs/orangefs/namei.c | 7 ++++
net/bridge/netfilter/ebtables.c | 3 +
net/ipv4/tcp_input.c | 2 -
net/ipv4/tcp_ipv4.c | 4 ++
net/ipv6/route.c | 3 -
net/ipv6/tcp_ipv6.c | 4 ++
net/ipv6/xfrm6_policy.c | 2 -
net/netfilter/ipvs/ip_vs_ctl.c | 21 +++++++++---
net/sched/act_simple.c | 15 +++------
sound/pci/hda/hda_controller.c | 4 +-
sound/pci/hda/patch_conexant.c | 2 +
sound/pci/hda/patch_realtek.c | 8 ++++
tools/objtool/.gitignore | 2 -
41 files changed, 211 insertions(+), 119 deletions(-)
Bo Chen (1):
ALSA: hda - Handle kzalloc() failure in snd_hda_attach_pcm_stream()
Colin Ian King (1):
libata: zpodd: make arrays cdb static, reduces object code size
Damien Thébault (1):
net: dsa: b53: Add BCM5389 support
Dan Carpenter (1):
libata: zpodd: small read overflow in eject_tray()
Daniel Glöckner (1):
usb: musb: fix remote wakeup racing with suspend
Davide Caratti (1):
net/sched: act_simple: fix parsing of TCA_DEF_DATA
Dennis Wassenberg (2):
ALSA: hda: add dock and led support for HP EliteBook 830 G5
ALSA: hda: add dock and led support for HP ProBook 640 G4
Eric Dumazet (2):
xfrm6: avoid potential infinite loop in _decode_session6()
tcp: do not overshoot window_clamp in tcp_rcv_space_adjust()
Even Xu (1):
HID: intel_ish-hid: ipc: register more pm callbacks to support hibernation
Finn Thain (1):
net/sonic: Use dma_mapping_error()
Frank van der Linden (1):
tcp: verify the checksum of the first data segment in a new connection
Greg Kroah-Hartman (2):
objtool: update .gitignore file
Linux 4.9.110
Hans de Goede (1):
libata: Drop SanDisk SD7UB3Q*G1001 NOLPM quirk
Hao Wei Tee (1):
iwlwifi: pcie: compare with number of IRQs requested for, not number of CPUs
Ivan Bornyakov (1):
atm: zatm: fix memcmp casting
Jan Kara (2):
ext4: fix hole length detection in ext4_ind_map_blocks()
ext4: fix fencepost error in check for inode count overflow during resize
Josh Hill (1):
net: qmi_wwan: Add Netgear Aircard 779S
João Paulo Rechi Vita (1):
platform/x86: asus-wmi: Fix NULL pointer dereference
Julian Anastasov (2):
ipvs: fix buffer overflow with sync daemon and service
ipv6: allow PMTU exceptions to local routes
Kailang Yang (1):
ALSA: hda/realtek - New codec support for ALC257
Liu Bo (1):
Btrfs: make raid6 rebuild retry more
Lukas Czerner (1):
ext4: update mtime in ext4_punch_hole even if no blocks are released
Martin Brandenburg (1):
orangefs: set i_size on new symlink
Michael S. Tsirkin (1):
vhost: fix info leak due to uninitialized memory
Omar Sandoval (2):
Btrfs: fix clone vs chattr NODATASUM race
Btrfs: fix memory and mount leak in btrfs_ioctl_rm_dev_v2()
Paolo Abeni (1):
netfilter: ebtables: handle string from userspace with care
Qu Wenruo (1):
btrfs: scrub: Don't use inode pages for device replace
Sasha Levin (1):
Revert "Btrfs: fix scrub to repair raid6 corruption"
Stefan Potyra (1):
w1: mxc_w1: Enable clock before calling clk_get_rate() on it
Steve French (1):
smb3: on reconnect set PreviousSessionId field
Tao Wang (1):
cpufreq: Fix new policy initialization during limits updates via sysfs
Tetsuo Handa (1):
driver core: Don't ignore class_dir_create_and_add() failure.
Thadeu Lima de Souza Cascardo (1):
fs/binfmt_misc.c: do not allow offset overflow
Xiangning Yu (1):
bonding: re-evaluate force_primary when the primary slave name changes
I'm announcing the release of the 4.14.52 kernel.
All users of the 4.14 kernel series must upgrade.
The updated 4.14.y git tree can be found at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.14.y
and can be browsed at the normal kernel.org git web browser:
http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary
thanks,
greg k-h
------------
Makefile | 2
arch/x86/kernel/cpu/intel_rdt.c | 2
arch/x86/kernel/cpu/mcheck/mce-inject.c | 2
block/blk-mq.c | 3
drivers/ata/libata-core.c | 3
drivers/ata/libata-zpodd.c | 2
drivers/base/core.c | 14 ++
drivers/block/nbd.c | 17 ++
drivers/cpufreq/cpufreq.c | 2
drivers/cpufreq/cpufreq_governor.c | 12 --
drivers/hid/intel-ish-hid/ipc/pci-ish.c | 22 +--
drivers/hid/wacom_sys.c | 8 +
drivers/net/bonding/bond_options.c | 1
drivers/net/hyperv/netvsc_drv.c | 4
drivers/net/tap.c | 5
drivers/net/tun.c | 3
drivers/net/usb/cdc_ncm.c | 4
drivers/net/virtio_net.c | 3
drivers/net/wireless/intel/iwlwifi/fw/paging.c | 49 ++++++--
drivers/vhost/vhost.c | 3
drivers/w1/masters/mxc_w1.c | 20 ++-
fs/binfmt_misc.c | 12 +-
fs/btrfs/inode.c | 4
fs/btrfs/ioctl.c | 18 +--
fs/btrfs/scrub.c | 2
fs/cifs/cifsacl.h | 14 ++
fs/cifs/smb2ops.c | 68 +++++++----
fs/cifs/smb2pdu.c | 4
fs/ext4/indirect.c | 14 +-
fs/ext4/inline.c | 6 +
fs/ext4/inode.c | 46 ++++---
fs/ext4/resize.c | 2
fs/ext4/xattr.c | 2
fs/nfs/nfs4_fs.h | 2
fs/nfs/nfs4proc.c | 148 +++++++++++++++++--------
fs/orangefs/inode.c | 7 +
fs/orangefs/namei.c | 7 +
include/linux/virtio_net.h | 11 -
include/net/transp_v6.h | 11 +
include/net/udp.h | 5
mm/backing-dev.c | 18 ++-
mm/page_alloc.c | 1
net/dsa/tag_trailer.c | 3
net/ipv4/tcp_ipv4.c | 4
net/ipv4/udp.c | 2
net/ipv4/udp_diag.c | 2
net/ipv6/datagram.c | 6 -
net/ipv6/route.c | 3
net/ipv6/tcp_ipv6.c | 4
net/ipv6/udp.c | 3
net/packet/af_packet.c | 4
net/sched/act_simple.c | 15 +-
net/socket.c | 18 ++-
net/tls/tls_sw.c | 26 ++--
sound/pci/hda/hda_controller.c | 4
sound/pci/hda/patch_conexant.c | 3
sound/pci/hda/patch_realtek.c | 6 -
57 files changed, 472 insertions(+), 214 deletions(-)
Bjørn Mork (1):
cdc_ncm: avoid padding beyond end of skb
Bo Chen (1):
ALSA: hda - Handle kzalloc() failure in snd_hda_attach_pcm_stream()
Chen Yu (1):
cpufreq: governors: Fix long idle detection logic in load calculation
Cong Wang (1):
socket: close race condition between sock_close() and sockfs_setattr()
Dan Carpenter (1):
libata: zpodd: small read overflow in eject_tray()
Daniel Borkmann (1):
tls: fix use-after-free in tls_push_record
Davide Caratti (1):
net/sched: act_simple: fix parsing of TCA_DEF_DATA
Dennis Wassenberg (2):
ALSA: hda: add dock and led support for HP EliteBook 830 G5
ALSA: hda: add dock and led support for HP ProBook 640 G4
Dexuan Cui (1):
hv_netvsc: Fix a network regression after ifdown/ifup
Even Xu (1):
HID: intel_ish-hid: ipc: register more pm callbacks to support hibernation
Frank van der Linden (1):
tcp: verify the checksum of the first data segment in a new connection
Greg Kroah-Hartman (1):
Linux 4.14.52
Hans de Goede (1):
libata: Drop SanDisk SD7UB3Q*G1001 NOLPM quirk
Hui Wang (1):
ALSA: hda/realtek - Enable mic-mute hotkey for several Lenovo AIOs
Jan Kara (2):
ext4: fix hole length detection in ext4_ind_map_blocks()
ext4: fix fencepost error in check for inode count overflow during resize
Jason Gerecke (1):
HID: wacom: Correct logical maximum Y for 2nd-gen Intuos Pro large
Josef Bacik (3):
nbd: fix nbd device deletion
nbd: update size when connected
nbd: use bd_set_size when updating disk size
Julian Anastasov (1):
ipv6: allow PMTU exceptions to local routes
Luca Coelho (1):
iwlwifi: fw: harden page loading code
Lukas Czerner (1):
ext4: update mtime in ext4_punch_hole even if no blocks are released
Mark Syms (1):
CIFS: 511c54a2f69195b28afb9dd119f03787b1625bb4 adds a check for session expiry
Martin Brandenburg (2):
orangefs: set i_size on new symlink
orangefs: report attributes_mask and attributes for statx
Michael S. Tsirkin (1):
vhost: fix info leak due to uninitialized memory
Omar Sandoval (2):
Btrfs: fix clone vs chattr NODATASUM race
Btrfs: fix memory and mount leak in btrfs_ioctl_rm_dev_v2()
Paolo Abeni (1):
udp: fix rx queue len reported by diag and proc interface
Qu Wenruo (1):
btrfs: scrub: Don't use inode pages for device replace
Roman Pen (1):
blk-mq: reinit q->tag_set_list entry only after grace period
Shirish Pargaonkar (1):
cifs: For SMB2 security informaion query, check for minimum sized security descriptor instead of sizeof FileAllInformation class
Stefan Potyra (1):
w1: mxc_w1: Enable clock before calling clk_get_rate() on it
Steve French (2):
smb3: fix various xid leaks
smb3: on reconnect set PreviousSessionId field
Su Yue (1):
btrfs: return error value if create_io_em failed in cow_file_range
Takashi Iwai (1):
ALSA: hda/conexant - Add fixup for HP Z2 G4 workstation
Tao Wang (1):
cpufreq: Fix new policy initialization during limits updates via sysfs
Tejun Heo (1):
bdi: Move cgroup bdi_writeback to a dedicated low concurrency workqueue
Tetsuo Handa (1):
driver core: Don't ignore class_dir_create_and_add() failure.
Thadeu Lima de Souza Cascardo (1):
fs/binfmt_misc.c: do not allow offset overflow
Theodore Ts'o (3):
ext4: do not allow external inodes for inline data
ext4: bubble errors from ext4_find_inline_data_nolock() up to ext4_iget()
ext4: correctly handle a zero-length xattr with a non-zero e_value_offs
Tony Luck (2):
x86/MCE: Fix stack out-of-bounds write in mce-inject.c: Flags_read()
x86/intel_rdt: Enable CMT and MBM on new Skylake stepping
Trond Myklebust (1):
NFSv4.1: Fix up replays of interrupted requests
Vlastimil Babka (1):
mm, page_alloc: do not break __GFP_THISNODE by zonelist reset
Willem de Bruijn (1):
net: in virtio_net_hdr only add VLAN_HLEN to csum_start if payload holds vlan
Xiangning Yu (1):
bonding: re-evaluate force_primary when the primary slave name changes
Zhouyang Jia (1):
net: dsa: add error handling for pskb_trim_rcsum
---------------------
Note, this is the LAST 4.16.y kernel release. This branch is now
end-of-life. Please move to the 4.17.y kernel now.
---------------------
I'm announcing the release of the 4.16.18 kernel.
All users of the 4.16 kernel series must upgrade.
The updated 4.16.y git tree can be found at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.16.y
and can be browsed at the normal kernel.org git web browser:
http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary
thanks,
greg k-h
------------
Makefile | 2
arch/x86/include/asm/apic.h | 2
arch/x86/include/asm/trace/irq_vectors.h | 2
arch/x86/kernel/apic/io_apic.c | 2
arch/x86/kernel/apic/vector.c | 18 +++++-
arch/x86/kernel/cpu/intel_rdt.c | 2
arch/x86/kernel/cpu/mcheck/mce-inject.c | 2
arch/x86/platform/uv/uv_irq.c | 7 --
block/blk-mq.c | 3 -
drivers/ata/libata-core.c | 3 -
drivers/ata/libata-zpodd.c | 2
drivers/base/core.c | 14 ++++-
drivers/block/nbd.c | 17 +++++-
drivers/cpufreq/cpufreq.c | 2
drivers/cpufreq/cpufreq_governor.c | 12 +---
drivers/cpufreq/ti-cpufreq.c | 2
drivers/hid/intel-ish-hid/ipc/pci-ish.c | 22 ++------
drivers/hid/wacom_sys.c | 8 ++
drivers/iommu/amd_iommu.c | 2
drivers/iommu/intel_irq_remapping.c | 2
drivers/iommu/irq_remapping.c | 5 -
drivers/iommu/irq_remapping.h | 2
drivers/net/bonding/bond_options.c | 1
drivers/net/hyperv/netvsc_drv.c | 4 +
drivers/net/phy/dp83848.c | 35 ++++++++++--
drivers/net/tap.c | 5 +
drivers/net/tun.c | 3 -
drivers/net/usb/cdc_ncm.c | 4 -
drivers/net/virtio_net.c | 3 -
drivers/net/wireless/intel/iwlwifi/fw/paging.c | 49 +++++++++++++++---
drivers/nvme/host/pci.c | 11 +++-
drivers/vhost/vhost.c | 3 +
drivers/w1/masters/mxc_w1.c | 20 ++++---
fs/binfmt_misc.c | 12 +++-
fs/btrfs/inode.c | 4 +
fs/btrfs/ioctl.c | 18 ++++--
fs/btrfs/scrub.c | 2
fs/cifs/cifsacl.h | 14 +++++
fs/cifs/smb2ops.c | 68 +++++++++++++++++--------
fs/cifs/smb2pdu.c | 4 -
fs/ext4/indirect.c | 14 +++--
fs/ext4/inline.c | 6 ++
fs/ext4/inode.c | 46 +++++++++-------
fs/ext4/resize.c | 2
fs/ext4/xattr.c | 2
fs/orangefs/inode.c | 7 ++
fs/orangefs/namei.c | 7 ++
include/linux/irq.h | 7 ++
include/linux/virtio_net.h | 11 +---
include/net/transp_v6.h | 11 +++-
include/net/udp.h | 5 +
kernel/irq/manage.c | 37 ++++++++++++-
kernel/irq/migration.c | 31 +++++++----
mm/backing-dev.c | 18 ++++++
mm/page_alloc.c | 1
net/dsa/tag_trailer.c | 3 -
net/ipv4/tcp_ipv4.c | 4 +
net/ipv4/udp.c | 2
net/ipv4/udp_diag.c | 2
net/ipv6/datagram.c | 6 +-
net/ipv6/route.c | 3 -
net/ipv6/tcp_ipv6.c | 4 +
net/ipv6/udp.c | 3 -
net/packet/af_packet.c | 4 -
net/sched/act_simple.c | 15 ++---
net/socket.c | 18 +++++-
net/tls/tls_sw.c | 26 ++++-----
sound/pci/hda/hda_controller.c | 4 +
sound/pci/hda/patch_conexant.c | 3 +
sound/pci/hda/patch_realtek.c | 6 +-
sound/usb/quirks-table.h | 5 +
71 files changed, 497 insertions(+), 209 deletions(-)
Alvaro Gamez Machado (1):
net: phy: dp83822: use BMCR_ANENABLE instead of BMSR_ANEGCAPABLE for DP83620
Bjørn Mork (1):
cdc_ncm: avoid padding beyond end of skb
Bo Chen (1):
ALSA: hda - Handle kzalloc() failure in snd_hda_attach_pcm_stream()
Chen Yu (1):
cpufreq: governors: Fix long idle detection logic in load calculation
Cong Wang (1):
socket: close race condition between sock_close() and sockfs_setattr()
Dan Carpenter (1):
libata: zpodd: small read overflow in eject_tray()
Daniel Borkmann (1):
tls: fix use-after-free in tls_push_record
Davide Caratti (1):
net/sched: act_simple: fix parsing of TCA_DEF_DATA
Dennis Wassenberg (2):
ALSA: hda: add dock and led support for HP EliteBook 830 G5
ALSA: hda: add dock and led support for HP ProBook 640 G4
Dexuan Cui (1):
hv_netvsc: Fix a network regression after ifdown/ifup
Dou Liyang (1):
x86/vector: Fix the args of vector_alloc tracepoint
Even Xu (1):
HID: intel_ish-hid: ipc: register more pm callbacks to support hibernation
Frank van der Linden (1):
tcp: verify the checksum of the first data segment in a new connection
Greg Kroah-Hartman (1):
Linux 4.16.18
Hans de Goede (1):
libata: Drop SanDisk SD7UB3Q*G1001 NOLPM quirk
Hui Wang (1):
ALSA: hda/realtek - Enable mic-mute hotkey for several Lenovo AIOs
Jan Kara (2):
ext4: fix hole length detection in ext4_ind_map_blocks()
ext4: fix fencepost error in check for inode count overflow during resize
Jason Gerecke (1):
HID: wacom: Correct logical maximum Y for 2nd-gen Intuos Pro large
Josef Bacik (3):
nbd: fix nbd device deletion
nbd: update size when connected
nbd: use bd_set_size when updating disk size
Julian Anastasov (1):
ipv6: allow PMTU exceptions to local routes
Keith Busch (1):
nvme/pci: Sync controller reset for AER slot_reset
Luca Coelho (1):
iwlwifi: fw: harden page loading code
Lukas Czerner (1):
ext4: update mtime in ext4_punch_hole even if no blocks are released
Mark Syms (1):
CIFS: 511c54a2f69195b28afb9dd119f03787b1625bb4 adds a check for session expiry
Martin Brandenburg (2):
orangefs: set i_size on new symlink
orangefs: report attributes_mask and attributes for statx
Michael S. Tsirkin (1):
vhost: fix info leak due to uninitialized memory
Omar Sandoval (2):
Btrfs: fix clone vs chattr NODATASUM race
Btrfs: fix memory and mount leak in btrfs_ioctl_rm_dev_v2()
Paolo Abeni (1):
udp: fix rx queue len reported by diag and proc interface
Qu Wenruo (1):
btrfs: scrub: Don't use inode pages for device replace
Roman Pen (1):
blk-mq: reinit q->tag_set_list entry only after grace period
Shirish Pargaonkar (1):
cifs: For SMB2 security informaion query, check for minimum sized security descriptor instead of sizeof FileAllInformation class
Stefan Potyra (1):
w1: mxc_w1: Enable clock before calling clk_get_rate() on it
Steve French (2):
smb3: fix various xid leaks
smb3: on reconnect set PreviousSessionId field
Su Yue (1):
btrfs: return error value if create_io_em failed in cow_file_range
Suman Anna (1):
cpufreq: ti-cpufreq: Fix an incorrect error return value
Takashi Iwai (2):
ALSA: usb-audio: Disable the quirk for Nura headset
ALSA: hda/conexant - Add fixup for HP Z2 G4 workstation
Tao Wang (1):
cpufreq: Fix new policy initialization during limits updates via sysfs
Tejun Heo (1):
bdi: Move cgroup bdi_writeback to a dedicated low concurrency workqueue
Tetsuo Handa (1):
driver core: Don't ignore class_dir_create_and_add() failure.
Thadeu Lima de Souza Cascardo (1):
fs/binfmt_misc.c: do not allow offset overflow
Theodore Ts'o (3):
ext4: do not allow external inodes for inline data
ext4: bubble errors from ext4_find_inline_data_nolock() up to ext4_iget()
ext4: correctly handle a zero-length xattr with a non-zero e_value_offs
Thomas Gleixner (8):
x86/apic/vector: Prevent hlist corruption and leaks
x86/apic: Provide apic_ack_irq()
x86/ioapic: Use apic_ack_irq()
x86/platform/uv: Use apic_ack_irq()
irq_remapping: Use apic_ack_irq()
genirq/generic_pending: Do not lose pending affinity update
genirq/affinity: Defer affinity setting if irq chip is busy
genirq/migration: Avoid out of line call if pending is not set
Tony Luck (2):
x86/MCE: Fix stack out-of-bounds write in mce-inject.c: Flags_read()
x86/intel_rdt: Enable CMT and MBM on new Skylake stepping
Vlastimil Babka (1):
mm, page_alloc: do not break __GFP_THISNODE by zonelist reset
Willem de Bruijn (1):
net: in virtio_net_hdr only add VLAN_HLEN to csum_start if payload holds vlan
Xiangning Yu (1):
bonding: re-evaluate force_primary when the primary slave name changes
Zhouyang Jia (1):
net: dsa: add error handling for pskb_trim_rcsum
I'm announcing the release of the 4.17.3 kernel.
All users of the 4.17 kernel series must upgrade.
The updated 4.17.y git tree can be found at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.17.y
and can be browsed at the normal kernel.org git web browser:
http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary
thanks,
greg k-h
------------
Makefile | 2
arch/um/drivers/vector_transports.c | 3
arch/x86/include/asm/apic.h | 2
arch/x86/include/asm/trace/irq_vectors.h | 2
arch/x86/kernel/apic/io_apic.c | 2
arch/x86/kernel/apic/vector.c | 18 ++++-
arch/x86/kernel/cpu/intel_rdt.c | 2
arch/x86/kernel/cpu/mcheck/mce-inject.c | 2
arch/x86/platform/uv/uv_irq.c | 7 -
block/blk-mq.c | 3
drivers/acpi/acpica/psloop.c | 51 +++++++++++++-
drivers/acpi/acpica/psobject.c | 30 ++++++++
drivers/acpi/acpica/uterror.c | 10 +-
drivers/ata/libata-core.c | 3
drivers/ata/libata-zpodd.c | 2
drivers/base/core.c | 14 +++
drivers/block/nbd.c | 17 ++++
drivers/cpufreq/cpufreq.c | 2
drivers/cpufreq/cpufreq_governor.c | 12 +--
drivers/cpufreq/ti-cpufreq.c | 2
drivers/hid/intel-ish-hid/ipc/pci-ish.c | 22 +-----
drivers/hid/wacom_sys.c | 8 ++
drivers/iommu/amd_iommu.c | 2
drivers/iommu/intel_irq_remapping.c | 2
drivers/iommu/irq_remapping.c | 5 -
drivers/iommu/irq_remapping.h | 2
drivers/media/rc/rc-main.c | 4 -
drivers/media/usb/uvc/uvc_ctrl.c | 17 ++--
drivers/net/bonding/bond_options.c | 1
drivers/net/ethernet/aquantia/atlantic/aq_pci_func.c | 11 +--
drivers/net/hyperv/netvsc_drv.c | 4 -
drivers/net/phy/dp83848.c | 35 ++++++++-
drivers/net/tap.c | 5 +
drivers/net/tun.c | 3
drivers/net/usb/cdc_ncm.c | 4 -
drivers/net/virtio_net.c | 3
drivers/net/wireless/intel/iwlwifi/fw/paging.c | 49 +++++++++++--
drivers/nvme/host/pci.c | 11 ++-
drivers/vhost/vhost.c | 3
drivers/w1/masters/mxc_w1.c | 20 +++--
fs/binfmt_misc.c | 12 ++-
fs/btrfs/inode.c | 4 -
fs/btrfs/ioctl.c | 18 +++--
fs/btrfs/scrub.c | 2
fs/btrfs/super.c | 3
fs/cifs/cifsacl.h | 14 +++
fs/cifs/smb2ops.c | 68 +++++++++++++------
fs/cifs/smb2pdu.c | 4 -
fs/ext4/indirect.c | 14 ++-
fs/ext4/inline.c | 6 +
fs/ext4/inode.c | 46 ++++++------
fs/ext4/resize.c | 2
fs/ext4/xattr.c | 2
fs/orangefs/inode.c | 7 +
fs/orangefs/namei.c | 7 +
include/linux/irq.h | 7 +
include/linux/virtio_net.h | 11 +--
include/net/transp_v6.h | 11 ++-
include/net/udp.h | 5 +
kernel/irq/manage.c | 37 +++++++++-
kernel/irq/migration.c | 31 +++++---
mm/backing-dev.c | 18 ++++-
mm/page_alloc.c | 1
net/dsa/tag_trailer.c | 3
net/ipv4/tcp_ipv4.c | 4 +
net/ipv4/udp.c | 2
net/ipv4/udp_diag.c | 2
net/ipv6/datagram.c | 6 -
net/ipv6/route.c | 3
net/ipv6/tcp_ipv6.c | 4 +
net/ipv6/udp.c | 3
net/packet/af_packet.c | 4 -
net/sched/act_simple.c | 15 +---
net/socket.c | 18 ++++-
net/tls/tls_sw.c | 32 +++++---
sound/pci/hda/hda_controller.c | 4 -
sound/pci/hda/patch_conexant.c | 3
sound/pci/hda/patch_realtek.c | 6 +
sound/usb/quirks-table.h | 5 +
79 files changed, 608 insertions(+), 233 deletions(-)
Alvaro Gamez Machado (1):
net: phy: dp83822: use BMCR_ANENABLE instead of BMSR_ANEGCAPABLE for DP83620
Bjørn Mork (1):
cdc_ncm: avoid padding beyond end of skb
Bo Chen (1):
ALSA: hda - Handle kzalloc() failure in snd_hda_attach_pcm_stream()
Chen Yu (1):
cpufreq: governors: Fix long idle detection logic in load calculation
Colin Ian King (1):
net: aquantia: fix unsigned numvecs comparison with less than zero
Cong Wang (1):
socket: close race condition between sock_close() and sockfs_setattr()
Dan Carpenter (1):
libata: zpodd: small read overflow in eject_tray()
Daniel Borkmann (2):
tls: fix use-after-free in tls_push_record
tls: fix waitall behavior in tls_sw_recvmsg
Davide Caratti (1):
net/sched: act_simple: fix parsing of TCA_DEF_DATA
Dennis Wassenberg (2):
ALSA: hda: add dock and led support for HP EliteBook 830 G5
ALSA: hda: add dock and led support for HP ProBook 640 G4
Dexuan Cui (1):
hv_netvsc: Fix a network regression after ifdown/ifup
Dou Liyang (1):
x86/vector: Fix the args of vector_alloc tracepoint
Erik Schmauss (1):
ACPICA: AML parser: attempt to continue loading table after error
Even Xu (1):
HID: intel_ish-hid: ipc: register more pm callbacks to support hibernation
Frank van der Linden (1):
tcp: verify the checksum of the first data segment in a new connection
Greg Kroah-Hartman (1):
Linux 4.17.3
Hans de Goede (1):
libata: Drop SanDisk SD7UB3Q*G1001 NOLPM quirk
Hui Wang (1):
ALSA: hda/realtek - Enable mic-mute hotkey for several Lenovo AIOs
Jan Kara (2):
ext4: fix hole length detection in ext4_ind_map_blocks()
ext4: fix fencepost error in check for inode count overflow during resize
Jason Gerecke (1):
HID: wacom: Correct logical maximum Y for 2nd-gen Intuos Pro large
Josef Bacik (3):
nbd: fix nbd device deletion
nbd: update size when connected
nbd: use bd_set_size when updating disk size
Julian Anastasov (1):
ipv6: allow PMTU exceptions to local routes
Keith Busch (1):
nvme/pci: Sync controller reset for AER slot_reset
Kieran Bingham (1):
media: uvcvideo: Prevent setting unavailable flags
Luca Coelho (1):
iwlwifi: fw: harden page loading code
Lukas Czerner (1):
ext4: update mtime in ext4_punch_hole even if no blocks are released
Mark Syms (1):
CIFS: 511c54a2f69195b28afb9dd119f03787b1625bb4 adds a check for session expiry
Martin Brandenburg (2):
orangefs: set i_size on new symlink
orangefs: report attributes_mask and attributes for statx
Michael S. Tsirkin (1):
vhost: fix info leak due to uninitialized memory
Omar Sandoval (3):
Btrfs: allow empty subvol= again
Btrfs: fix clone vs chattr NODATASUM race
Btrfs: fix memory and mount leak in btrfs_ioctl_rm_dev_v2()
Paolo Abeni (1):
udp: fix rx queue len reported by diag and proc interface
Qu Wenruo (1):
btrfs: scrub: Don't use inode pages for device replace
Roman Pen (1):
blk-mq: reinit q->tag_set_list entry only after grace period
Sean Young (1):
media: rc: ensure input/lirc device can be opened after register
Shirish Pargaonkar (1):
cifs: For SMB2 security informaion query, check for minimum sized security descriptor instead of sizeof FileAllInformation class
Stefan Potyra (1):
w1: mxc_w1: Enable clock before calling clk_get_rate() on it
Steve French (2):
smb3: fix various xid leaks
smb3: on reconnect set PreviousSessionId field
Su Yue (1):
btrfs: return error value if create_io_em failed in cow_file_range
Suman Anna (1):
cpufreq: ti-cpufreq: Fix an incorrect error return value
Takashi Iwai (2):
ALSA: usb-audio: Disable the quirk for Nura headset
ALSA: hda/conexant - Add fixup for HP Z2 G4 workstation
Tao Wang (1):
cpufreq: Fix new policy initialization during limits updates via sysfs
Tejun Heo (1):
bdi: Move cgroup bdi_writeback to a dedicated low concurrency workqueue
Tetsuo Handa (1):
driver core: Don't ignore class_dir_create_and_add() failure.
Thadeu Lima de Souza Cascardo (1):
fs/binfmt_misc.c: do not allow offset overflow
Theodore Ts'o (3):
ext4: do not allow external inodes for inline data
ext4: bubble errors from ext4_find_inline_data_nolock() up to ext4_iget()
ext4: correctly handle a zero-length xattr with a non-zero e_value_offs
Thomas Gleixner (8):
x86/apic/vector: Prevent hlist corruption and leaks
x86/apic: Provide apic_ack_irq()
x86/ioapic: Use apic_ack_irq()
x86/platform/uv: Use apic_ack_irq()
irq_remapping: Use apic_ack_irq()
genirq/generic_pending: Do not lose pending affinity update
genirq/affinity: Defer affinity setting if irq chip is busy
genirq/migration: Avoid out of line call if pending is not set
Tony Luck (2):
x86/MCE: Fix stack out-of-bounds write in mce-inject.c: Flags_read()
x86/intel_rdt: Enable CMT and MBM on new Skylake stepping
Vlastimil Babka (1):
mm, page_alloc: do not break __GFP_THISNODE by zonelist reset
Willem de Bruijn (1):
net: in virtio_net_hdr only add VLAN_HLEN to csum_start if payload holds vlan
Xiangning Yu (1):
bonding: re-evaluate force_primary when the primary slave name changes
Zhouyang Jia (1):
net: dsa: add error handling for pskb_trim_rcsum
This is the start of the stable review cycle for the 4.17.3 release.
There are 70 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Tue Jun 26 14:27:20 UTC 2018.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.17.3-rc1…
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.17.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 4.17.3-rc1
Vlastimil Babka <vbabka(a)suse.cz>
mm, page_alloc: do not break __GFP_THISNODE by zonelist reset
Thadeu Lima de Souza Cascardo <cascardo(a)canonical.com>
fs/binfmt_misc.c: do not allow offset overflow
Michael S. Tsirkin <mst(a)redhat.com>
vhost: fix info leak due to uninitialized memory
Jason Gerecke <killertofu(a)gmail.com>
HID: wacom: Correct logical maximum Y for 2nd-gen Intuos Pro large
Even Xu <even.xu(a)intel.com>
HID: intel_ish-hid: ipc: register more pm callbacks to support hibernation
Martin Brandenburg <martin(a)omnibond.com>
orangefs: report attributes_mask and attributes for statx
Martin Brandenburg <martin(a)omnibond.com>
orangefs: set i_size on new symlink
Luca Coelho <luciano.coelho(a)intel.com>
iwlwifi: fw: harden page loading code
Sean Young <sean(a)mess.org>
media: rc: ensure input/lirc device can be opened after register
Kieran Bingham <kieran.bingham(a)ideasonboard.com>
media: uvcvideo: Prevent setting unavailable flags
Tony Luck <tony.luck(a)intel.com>
x86/intel_rdt: Enable CMT and MBM on new Skylake stepping
Thomas Gleixner <tglx(a)linutronix.de>
genirq/migration: Avoid out of line call if pending is not set
Thomas Gleixner <tglx(a)linutronix.de>
genirq/affinity: Defer affinity setting if irq chip is busy
Thomas Gleixner <tglx(a)linutronix.de>
genirq/generic_pending: Do not lose pending affinity update
Thomas Gleixner <tglx(a)linutronix.de>
irq_remapping: Use apic_ack_irq()
Thomas Gleixner <tglx(a)linutronix.de>
x86/platform/uv: Use apic_ack_irq()
Thomas Gleixner <tglx(a)linutronix.de>
x86/ioapic: Use apic_ack_irq()
Thomas Gleixner <tglx(a)linutronix.de>
x86/apic: Provide apic_ack_irq()
Thomas Gleixner <tglx(a)linutronix.de>
x86/apic/vector: Prevent hlist corruption and leaks
Dou Liyang <douly.fnst(a)cn.fujitsu.com>
x86/vector: Fix the args of vector_alloc tracepoint
Stefan Potyra <Stefan.Potyra(a)elektrobit.com>
w1: mxc_w1: Enable clock before calling clk_get_rate() on it
Keith Busch <keith.busch(a)intel.com>
nvme/pci: Sync controller reset for AER slot_reset
Hans de Goede <hdegoede(a)redhat.com>
libata: Drop SanDisk SD7UB3Q*G1001 NOLPM quirk
Dan Carpenter <dan.carpenter(a)oracle.com>
libata: zpodd: small read overflow in eject_tray()
Chen Yu <yu.c.chen(a)intel.com>
cpufreq: governors: Fix long idle detection logic in load calculation
Suman Anna <s-anna(a)ti.com>
cpufreq: ti-cpufreq: Fix an incorrect error return value
Tao Wang <kevin.wangtao(a)hisilicon.com>
cpufreq: Fix new policy initialization during limits updates via sysfs
Tejun Heo <tj(a)kernel.org>
bdi: Move cgroup bdi_writeback to a dedicated low concurrency workqueue
Roman Pen <roman.penyaev(a)profitbricks.com>
blk-mq: reinit q->tag_set_list entry only after grace period
Josef Bacik <jbacik(a)fb.com>
nbd: use bd_set_size when updating disk size
Josef Bacik <jbacik(a)fb.com>
nbd: update size when connected
Josef Bacik <jbacik(a)fb.com>
nbd: fix nbd device deletion
Shirish Pargaonkar <shirishpargaonkar(a)gmail.com>
cifs: For SMB2 security informaion query, check for minimum sized security descriptor instead of sizeof FileAllInformation class
Mark Syms <mark.syms(a)citrix.com>
CIFS: 511c54a2f69195b28afb9dd119f03787b1625bb4 adds a check for session expiry
Steve French <stfrench(a)microsoft.com>
smb3: on reconnect set PreviousSessionId field
Steve French <stfrench(a)microsoft.com>
smb3: fix various xid leaks
Tony Luck <tony.luck(a)intel.com>
x86/MCE: Fix stack out-of-bounds write in mce-inject.c: Flags_read()
Dennis Wassenberg <dennis.wassenberg(a)secunet.com>
ALSA: hda: add dock and led support for HP ProBook 640 G4
Dennis Wassenberg <dennis.wassenberg(a)secunet.com>
ALSA: hda: add dock and led support for HP EliteBook 830 G5
Bo Chen <chenbo(a)pdx.edu>
ALSA: hda - Handle kzalloc() failure in snd_hda_attach_pcm_stream()
Takashi Iwai <tiwai(a)suse.de>
ALSA: hda/conexant - Add fixup for HP Z2 G4 workstation
Hui Wang <hui.wang(a)canonical.com>
ALSA: hda/realtek - Enable mic-mute hotkey for several Lenovo AIOs
Takashi Iwai <tiwai(a)suse.de>
ALSA: usb-audio: Disable the quirk for Nura headset
Qu Wenruo <wqu(a)suse.com>
btrfs: scrub: Don't use inode pages for device replace
Su Yue <suy.fnst(a)cn.fujitsu.com>
btrfs: return error value if create_io_em failed in cow_file_range
Omar Sandoval <osandov(a)fb.com>
Btrfs: fix memory and mount leak in btrfs_ioctl_rm_dev_v2()
Omar Sandoval <osandov(a)fb.com>
Btrfs: fix clone vs chattr NODATASUM race
Omar Sandoval <osandov(a)fb.com>
Btrfs: allow empty subvol= again
Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp>
driver core: Don't ignore class_dir_create_and_add() failure.
Jan Kara <jack(a)suse.cz>
ext4: fix fencepost error in check for inode count overflow during resize
Theodore Ts'o <tytso(a)mit.edu>
ext4: correctly handle a zero-length xattr with a non-zero e_value_offs
Theodore Ts'o <tytso(a)mit.edu>
ext4: bubble errors from ext4_find_inline_data_nolock() up to ext4_iget()
Theodore Ts'o <tytso(a)mit.edu>
ext4: do not allow external inodes for inline data
Lukas Czerner <lczerner(a)redhat.com>
ext4: update mtime in ext4_punch_hole even if no blocks are released
Jan Kara <jack(a)suse.cz>
ext4: fix hole length detection in ext4_ind_map_blocks()
Erik Schmauss <erik.schmauss(a)intel.com>
ACPICA: AML parser: attempt to continue loading table after error
Dexuan Cui <decui(a)microsoft.com>
hv_netvsc: Fix a network regression after ifdown/ifup
Willem de Bruijn <willemb(a)google.com>
net: in virtio_net_hdr only add VLAN_HLEN to csum_start if payload holds vlan
Paolo Abeni <pabeni(a)redhat.com>
udp: fix rx queue len reported by diag and proc interface
Cong Wang <xiyou.wangcong(a)gmail.com>
socket: close race condition between sock_close() and sockfs_setattr()
Daniel Borkmann <daniel(a)iogearbox.net>
tls: fix waitall behavior in tls_sw_recvmsg
Daniel Borkmann <daniel(a)iogearbox.net>
tls: fix use-after-free in tls_push_record
Frank van der Linden <fllinden(a)amazon.com>
tcp: verify the checksum of the first data segment in a new connection
Davide Caratti <dcaratti(a)redhat.com>
net/sched: act_simple: fix parsing of TCA_DEF_DATA
Alvaro Gamez Machado <alvaro.gamez(a)hazent.com>
net: phy: dp83822: use BMCR_ANENABLE instead of BMSR_ANEGCAPABLE for DP83620
Zhouyang Jia <jiazhouyang09(a)gmail.com>
net: dsa: add error handling for pskb_trim_rcsum
Julian Anastasov <ja(a)ssi.bg>
ipv6: allow PMTU exceptions to local routes
Bjørn Mork <bjorn(a)mork.no>
cdc_ncm: avoid padding beyond end of skb
Xiangning Yu <yuxiangning(a)gmail.com>
bonding: re-evaluate force_primary when the primary slave name changes
Colin Ian King <colin.king(a)canonical.com>
net: aquantia: fix unsigned numvecs comparison with less than zero
-------------
Diffstat:
Makefile | 4 +-
arch/um/drivers/vector_transports.c | 3 +-
arch/x86/include/asm/apic.h | 2 +
arch/x86/include/asm/trace/irq_vectors.h | 2 +-
arch/x86/kernel/apic/io_apic.c | 2 +-
arch/x86/kernel/apic/vector.c | 18 +++++-
arch/x86/kernel/cpu/intel_rdt.c | 2 +
arch/x86/kernel/cpu/mcheck/mce-inject.c | 2 +-
arch/x86/platform/uv/uv_irq.c | 7 +--
block/blk-mq.c | 3 +-
drivers/acpi/acpica/psloop.c | 51 +++++++++++++++-
drivers/acpi/acpica/psobject.c | 30 ++++++++++
drivers/acpi/acpica/uterror.c | 10 ++--
drivers/ata/libata-core.c | 3 -
drivers/ata/libata-zpodd.c | 2 +-
drivers/base/core.c | 14 ++++-
drivers/block/nbd.c | 17 +++++-
drivers/cpufreq/cpufreq.c | 2 +
drivers/cpufreq/cpufreq_governor.c | 12 ++--
drivers/cpufreq/ti-cpufreq.c | 2 +-
drivers/hid/intel-ish-hid/ipc/pci-ish.c | 22 +++----
drivers/hid/wacom_sys.c | 8 +++
drivers/iommu/amd_iommu.c | 2 +-
drivers/iommu/intel_irq_remapping.c | 2 +-
drivers/iommu/irq_remapping.c | 5 --
drivers/iommu/irq_remapping.h | 2 -
drivers/media/rc/rc-main.c | 4 +-
drivers/media/usb/uvc/uvc_ctrl.c | 17 +++---
drivers/net/bonding/bond_options.c | 1 +
.../net/ethernet/aquantia/atlantic/aq_pci_func.c | 11 ++--
drivers/net/hyperv/netvsc_drv.c | 4 +-
drivers/net/phy/dp83848.c | 35 +++++++++--
drivers/net/tap.c | 5 +-
drivers/net/tun.c | 3 +-
drivers/net/usb/cdc_ncm.c | 4 +-
drivers/net/virtio_net.c | 3 +-
drivers/net/wireless/intel/iwlwifi/fw/paging.c | 49 +++++++++++++---
drivers/nvme/host/pci.c | 11 +++-
drivers/vhost/vhost.c | 3 +
drivers/w1/masters/mxc_w1.c | 20 ++++---
fs/binfmt_misc.c | 12 +++-
fs/btrfs/inode.c | 4 +-
fs/btrfs/ioctl.c | 18 +++---
fs/btrfs/scrub.c | 2 +-
fs/btrfs/super.c | 3 +
fs/cifs/cifsacl.h | 14 +++++
fs/cifs/smb2ops.c | 68 +++++++++++++++-------
fs/cifs/smb2pdu.c | 4 +-
fs/ext4/indirect.c | 14 +++--
fs/ext4/inline.c | 6 ++
fs/ext4/inode.c | 46 ++++++++-------
fs/ext4/resize.c | 2 +-
fs/ext4/xattr.c | 2 +-
fs/orangefs/inode.c | 7 +++
fs/orangefs/namei.c | 7 +++
include/linux/irq.h | 7 ++-
include/linux/virtio_net.h | 11 ++--
include/net/transp_v6.h | 11 +++-
include/net/udp.h | 5 ++
kernel/irq/manage.c | 37 +++++++++++-
kernel/irq/migration.c | 31 ++++++----
mm/backing-dev.c | 18 +++++-
mm/page_alloc.c | 1 -
net/dsa/tag_trailer.c | 3 +-
net/ipv4/tcp_ipv4.c | 4 ++
net/ipv4/udp.c | 2 +-
net/ipv4/udp_diag.c | 2 +-
net/ipv6/datagram.c | 6 +-
net/ipv6/route.c | 3 -
net/ipv6/tcp_ipv6.c | 4 ++
net/ipv6/udp.c | 3 +-
net/packet/af_packet.c | 4 +-
net/sched/act_simple.c | 15 ++---
net/socket.c | 18 +++++-
net/tls/tls_sw.c | 32 +++++-----
sound/pci/hda/hda_controller.c | 4 +-
sound/pci/hda/patch_conexant.c | 3 +
sound/pci/hda/patch_realtek.c | 6 +-
sound/usb/quirks-table.h | 5 ++
79 files changed, 609 insertions(+), 234 deletions(-)
This is a note to let you know that I've just added the patch titled
iio: mma8452: Fix ignoring MMA8452_INT_DRDY
to my staging git tree which can be found at
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git
in the staging-linus branch.
The patch will show up in the next release of the linux-next tree
(usually sometime within the next 24 hours during the week.)
The patch will hopefully also be merged in Linus's tree for the
next -rc kernel release.
If you have any questions about this process, please let me know.
>From b02ec67a8e38875cdc5f9214be885022f11c0017 Mon Sep 17 00:00:00 2001
From: Leonard Crestez <leonard.crestez(a)nxp.com>
Date: Thu, 7 Jun 2018 21:52:50 +0300
Subject: iio: mma8452: Fix ignoring MMA8452_INT_DRDY
Interrupts are ignored if no event bit is set in the status status
register and this breaks the buffer interface. No data is shown when
running "iio_generic_buffer -n mma8451 -a" and interrupt counts go
crazy.
Fix by not returning IRQ_NONE if DRDY is set.
Fixes: 605f72de137a ("iio: accel: mma8452: improvements to handle
multiple events")
Signed-off-by: Leonard Crestez <leonard.crestez(a)nxp.com>
cc: <Stable(a)vger.kernel.org>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com>
---
drivers/iio/accel/mma8452.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/iio/accel/mma8452.c b/drivers/iio/accel/mma8452.c
index 7e3d82cff3d5..c149c9c360fc 100644
--- a/drivers/iio/accel/mma8452.c
+++ b/drivers/iio/accel/mma8452.c
@@ -1053,7 +1053,7 @@ static irqreturn_t mma8452_interrupt(int irq, void *p)
if (src < 0)
return IRQ_NONE;
- if (!(src & data->chip_info->enabled_events))
+ if (!(src & (data->chip_info->enabled_events | MMA8452_INT_DRDY)))
return IRQ_NONE;
if (src & MMA8452_INT_DRDY) {
--
2.18.0
Every function that returns COMPST_ERROR must set wqe->status to
another value than IB_WC_SUCCESS before returning COMPST_ERROR. Fix
the only code path for which this is not yet the case.
Signed-off-by: Bart Van Assche <bart.vanassche(a)wdc.com>
Cc: Zhu Yanjun <yanjun.zhu(a)oracle.com>
Cc: Jianchao Wang <jianchao.w.wang(a)oracle.com>
Cc: Yuval Shaia <yuval.shaia(a)oracle.com>
Cc: <stable(a)vger.kernel.org>
---
drivers/infiniband/sw/rxe/rxe_comp.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/infiniband/sw/rxe/rxe_comp.c b/drivers/infiniband/sw/rxe/rxe_comp.c
index 98d470d1f3fc..5bc62c0cc802 100644
--- a/drivers/infiniband/sw/rxe/rxe_comp.c
+++ b/drivers/infiniband/sw/rxe/rxe_comp.c
@@ -276,6 +276,9 @@ static inline enum comp_state check_ack(struct rxe_qp *qp,
case IB_OPCODE_RC_RDMA_READ_RESPONSE_MIDDLE:
if (wqe->wr.opcode != IB_WR_RDMA_READ &&
wqe->wr.opcode != IB_WR_RDMA_READ_WITH_INV) {
+ pr_err("%s: opcode wr %d <> pkt %d\n", __func__,
+ wqe->wr.opcode, pkt->opcode);
+ wqe->status = IB_WC_FATAL_ERR;
return COMPST_ERROR;
}
reset_retry_counters(qp);
--
2.17.1
From: Fabio Estevam <fabio.estevam(a)nxp.com>
Russell King reported:
"When removing and reloading the etnaviv module, the following splat
occurs:
sysfs: cannot create duplicate filename '/devices/platform/etnaviv'
CPU: 0 PID: 1471 Comm: modprobe Not tainted 4.17.0+ #1608
Hardware name: Marvell Dove (Cubox)
Backtrace:
[<c00157d4>] (dump_backtrace) from [<c0015b8c>] (show_stack+0x18/0x1c)
r6:ef033e38 r5:ee07b340 r4:edb9d000 r3:00000000
[<c0015b74>] (show_stack) from [<c0620784>] (dump_stack+0x20/0x28)
[<c0620764>] (dump_stack) from [<c01bcd24>] (sysfs_warn_dup+0x5c/0x70)
[<c01bccc8>] (sysfs_warn_dup) from [<c01bce14>] (sysfs_create_dir_ns+0x90/0x98)
..."
Commit 246774d17fc0 ("drm/etnaviv: remove the need for a gpu-subsystem
DT node") introduced DRM registration via
platform_device_register_simple(), but missed to call
platform_device_unregister() inside etnaviv_exit().
Fix the problem by calling platform_device_unregister() inside
etnaviv_exit(). While at it, also rearrange the function calls
in the exit path to make them happen in the opposite order of
registration.
Tested on a imx6-sabresd board.
Cc: <stable(a)vger.kernel.org>
Fixes: 246774d17fc0 ("drm/etnaviv: remove the need for a gpu-subsystem DT node")
Reported-by: Russell King <linux(a)armlinux.org.uk>
Signed-off-by: Fabio Estevam <fabio.estevam(a)nxp.com>
---
Changes since v1:
- Make the exit path symmetrical to the init path by calling
platform_device_unregister() inside for_each_compatible_node()
drivers/gpu/drm/etnaviv/etnaviv_drv.c | 18 ++++++++++++++++--
1 file changed, 16 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/etnaviv/etnaviv_drv.c b/drivers/gpu/drm/etnaviv/etnaviv_drv.c
index e5013a9..626ad8b 100644
--- a/drivers/gpu/drm/etnaviv/etnaviv_drv.c
+++ b/drivers/gpu/drm/etnaviv/etnaviv_drv.c
@@ -631,6 +631,8 @@ static struct platform_driver etnaviv_platform_driver = {
},
};
+static struct platform_device *etnaviv_drm;
+
static int __init etnaviv_init(void)
{
int ret;
@@ -654,7 +656,8 @@ static int __init etnaviv_init(void)
if (!of_device_is_available(np))
continue;
- platform_device_register_simple("etnaviv", -1, NULL, 0);
+ etnaviv_drm = platform_device_register_simple("etnaviv", -1,
+ NULL, 0);
of_node_put(np);
break;
}
@@ -665,8 +668,19 @@ module_init(etnaviv_init);
static void __exit etnaviv_exit(void)
{
- platform_driver_unregister(&etnaviv_gpu_driver);
+ struct device_node *np;
+
+ for_each_compatible_node(np, NULL, "vivante,gc") {
+ if (!of_device_is_available(np))
+ continue;
+
+ platform_device_unregister(etnaviv_drm);
+ of_node_put(np);
+ break;
+ }
+
platform_driver_unregister(&etnaviv_platform_driver);
+ platform_driver_unregister(&etnaviv_gpu_driver);
}
module_exit(etnaviv_exit);
--
2.7.4
----------------
NOTE: This will be the last 4.16.y release. After this release, this
tree will be end-of-life. You should have moved to the 4.17.y tree by
now.
----------------
This is the start of the stable review cycle for the 4.16.18 release.
There are 64 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Tue Jun 26 14:27:22 UTC 2018.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.16.18-rc…
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.16.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 4.16.18-rc1
Vlastimil Babka <vbabka(a)suse.cz>
mm, page_alloc: do not break __GFP_THISNODE by zonelist reset
Thadeu Lima de Souza Cascardo <cascardo(a)canonical.com>
fs/binfmt_misc.c: do not allow offset overflow
Michael S. Tsirkin <mst(a)redhat.com>
vhost: fix info leak due to uninitialized memory
Jason Gerecke <killertofu(a)gmail.com>
HID: wacom: Correct logical maximum Y for 2nd-gen Intuos Pro large
Even Xu <even.xu(a)intel.com>
HID: intel_ish-hid: ipc: register more pm callbacks to support hibernation
Martin Brandenburg <martin(a)omnibond.com>
orangefs: report attributes_mask and attributes for statx
Martin Brandenburg <martin(a)omnibond.com>
orangefs: set i_size on new symlink
Luca Coelho <luciano.coelho(a)intel.com>
iwlwifi: fw: harden page loading code
Tony Luck <tony.luck(a)intel.com>
x86/intel_rdt: Enable CMT and MBM on new Skylake stepping
Thomas Gleixner <tglx(a)linutronix.de>
genirq/migration: Avoid out of line call if pending is not set
Thomas Gleixner <tglx(a)linutronix.de>
genirq/affinity: Defer affinity setting if irq chip is busy
Thomas Gleixner <tglx(a)linutronix.de>
genirq/generic_pending: Do not lose pending affinity update
Thomas Gleixner <tglx(a)linutronix.de>
irq_remapping: Use apic_ack_irq()
Thomas Gleixner <tglx(a)linutronix.de>
x86/platform/uv: Use apic_ack_irq()
Thomas Gleixner <tglx(a)linutronix.de>
x86/ioapic: Use apic_ack_irq()
Thomas Gleixner <tglx(a)linutronix.de>
x86/apic: Provide apic_ack_irq()
Thomas Gleixner <tglx(a)linutronix.de>
x86/apic/vector: Prevent hlist corruption and leaks
Dou Liyang <douly.fnst(a)cn.fujitsu.com>
x86/vector: Fix the args of vector_alloc tracepoint
Stefan Potyra <Stefan.Potyra(a)elektrobit.com>
w1: mxc_w1: Enable clock before calling clk_get_rate() on it
Keith Busch <keith.busch(a)intel.com>
nvme/pci: Sync controller reset for AER slot_reset
Hans de Goede <hdegoede(a)redhat.com>
libata: Drop SanDisk SD7UB3Q*G1001 NOLPM quirk
Dan Carpenter <dan.carpenter(a)oracle.com>
libata: zpodd: small read overflow in eject_tray()
Chen Yu <yu.c.chen(a)intel.com>
cpufreq: governors: Fix long idle detection logic in load calculation
Suman Anna <s-anna(a)ti.com>
cpufreq: ti-cpufreq: Fix an incorrect error return value
Tao Wang <kevin.wangtao(a)hisilicon.com>
cpufreq: Fix new policy initialization during limits updates via sysfs
Tejun Heo <tj(a)kernel.org>
bdi: Move cgroup bdi_writeback to a dedicated low concurrency workqueue
Roman Pen <roman.penyaev(a)profitbricks.com>
blk-mq: reinit q->tag_set_list entry only after grace period
Josef Bacik <jbacik(a)fb.com>
nbd: use bd_set_size when updating disk size
Josef Bacik <jbacik(a)fb.com>
nbd: update size when connected
Josef Bacik <jbacik(a)fb.com>
nbd: fix nbd device deletion
Shirish Pargaonkar <shirishpargaonkar(a)gmail.com>
cifs: For SMB2 security informaion query, check for minimum sized security descriptor instead of sizeof FileAllInformation class
Mark Syms <mark.syms(a)citrix.com>
CIFS: 511c54a2f69195b28afb9dd119f03787b1625bb4 adds a check for session expiry
Steve French <stfrench(a)microsoft.com>
smb3: on reconnect set PreviousSessionId field
Steve French <stfrench(a)microsoft.com>
smb3: fix various xid leaks
Tony Luck <tony.luck(a)intel.com>
x86/MCE: Fix stack out-of-bounds write in mce-inject.c: Flags_read()
Dennis Wassenberg <dennis.wassenberg(a)secunet.com>
ALSA: hda: add dock and led support for HP ProBook 640 G4
Dennis Wassenberg <dennis.wassenberg(a)secunet.com>
ALSA: hda: add dock and led support for HP EliteBook 830 G5
Bo Chen <chenbo(a)pdx.edu>
ALSA: hda - Handle kzalloc() failure in snd_hda_attach_pcm_stream()
Takashi Iwai <tiwai(a)suse.de>
ALSA: hda/conexant - Add fixup for HP Z2 G4 workstation
Hui Wang <hui.wang(a)canonical.com>
ALSA: hda/realtek - Enable mic-mute hotkey for several Lenovo AIOs
Takashi Iwai <tiwai(a)suse.de>
ALSA: usb-audio: Disable the quirk for Nura headset
Qu Wenruo <wqu(a)suse.com>
btrfs: scrub: Don't use inode pages for device replace
Su Yue <suy.fnst(a)cn.fujitsu.com>
btrfs: return error value if create_io_em failed in cow_file_range
Omar Sandoval <osandov(a)fb.com>
Btrfs: fix memory and mount leak in btrfs_ioctl_rm_dev_v2()
Omar Sandoval <osandov(a)fb.com>
Btrfs: fix clone vs chattr NODATASUM race
Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp>
driver core: Don't ignore class_dir_create_and_add() failure.
Jan Kara <jack(a)suse.cz>
ext4: fix fencepost error in check for inode count overflow during resize
Theodore Ts'o <tytso(a)mit.edu>
ext4: correctly handle a zero-length xattr with a non-zero e_value_offs
Theodore Ts'o <tytso(a)mit.edu>
ext4: bubble errors from ext4_find_inline_data_nolock() up to ext4_iget()
Theodore Ts'o <tytso(a)mit.edu>
ext4: do not allow external inodes for inline data
Lukas Czerner <lczerner(a)redhat.com>
ext4: update mtime in ext4_punch_hole even if no blocks are released
Jan Kara <jack(a)suse.cz>
ext4: fix hole length detection in ext4_ind_map_blocks()
Daniel Borkmann <daniel(a)iogearbox.net>
tls: fix use-after-free in tls_push_record
Dexuan Cui <decui(a)microsoft.com>
hv_netvsc: Fix a network regression after ifdown/ifup
Willem de Bruijn <willemb(a)google.com>
net: in virtio_net_hdr only add VLAN_HLEN to csum_start if payload holds vlan
Paolo Abeni <pabeni(a)redhat.com>
udp: fix rx queue len reported by diag and proc interface
Cong Wang <xiyou.wangcong(a)gmail.com>
socket: close race condition between sock_close() and sockfs_setattr()
Frank van der Linden <fllinden(a)amazon.com>
tcp: verify the checksum of the first data segment in a new connection
Davide Caratti <dcaratti(a)redhat.com>
net/sched: act_simple: fix parsing of TCA_DEF_DATA
Alvaro Gamez Machado <alvaro.gamez(a)hazent.com>
net: phy: dp83822: use BMCR_ANENABLE instead of BMSR_ANEGCAPABLE for DP83620
Zhouyang Jia <jiazhouyang09(a)gmail.com>
net: dsa: add error handling for pskb_trim_rcsum
Julian Anastasov <ja(a)ssi.bg>
ipv6: allow PMTU exceptions to local routes
Bjørn Mork <bjorn(a)mork.no>
cdc_ncm: avoid padding beyond end of skb
Xiangning Yu <yuxiangning(a)gmail.com>
bonding: re-evaluate force_primary when the primary slave name changes
-------------
Diffstat:
Makefile | 4 +-
arch/x86/include/asm/apic.h | 2 +
arch/x86/include/asm/trace/irq_vectors.h | 2 +-
arch/x86/kernel/apic/io_apic.c | 2 +-
arch/x86/kernel/apic/vector.c | 18 ++++++-
arch/x86/kernel/cpu/intel_rdt.c | 2 +
arch/x86/kernel/cpu/mcheck/mce-inject.c | 2 +-
arch/x86/platform/uv/uv_irq.c | 7 +--
block/blk-mq.c | 3 +-
drivers/ata/libata-core.c | 3 --
drivers/ata/libata-zpodd.c | 2 +-
drivers/base/core.c | 14 +++++-
drivers/block/nbd.c | 17 ++++++-
drivers/cpufreq/cpufreq.c | 2 +
drivers/cpufreq/cpufreq_governor.c | 12 ++---
drivers/cpufreq/ti-cpufreq.c | 2 +-
drivers/hid/intel-ish-hid/ipc/pci-ish.c | 22 +++------
drivers/hid/wacom_sys.c | 8 +++
drivers/iommu/amd_iommu.c | 2 +-
drivers/iommu/intel_irq_remapping.c | 2 +-
drivers/iommu/irq_remapping.c | 5 --
drivers/iommu/irq_remapping.h | 2 -
drivers/net/bonding/bond_options.c | 1 +
drivers/net/hyperv/netvsc_drv.c | 4 +-
drivers/net/phy/dp83848.c | 35 ++++++++++---
drivers/net/tap.c | 5 +-
drivers/net/tun.c | 3 +-
drivers/net/usb/cdc_ncm.c | 4 +-
drivers/net/virtio_net.c | 3 +-
drivers/net/wireless/intel/iwlwifi/fw/paging.c | 49 ++++++++++++++++---
drivers/nvme/host/pci.c | 11 ++++-
drivers/vhost/vhost.c | 3 ++
drivers/w1/masters/mxc_w1.c | 20 +++++---
fs/binfmt_misc.c | 12 +++--
fs/btrfs/inode.c | 4 +-
fs/btrfs/ioctl.c | 18 ++++---
fs/btrfs/scrub.c | 2 +-
fs/cifs/cifsacl.h | 14 ++++++
fs/cifs/smb2ops.c | 68 ++++++++++++++++++--------
fs/cifs/smb2pdu.c | 4 +-
fs/ext4/indirect.c | 14 ++++--
fs/ext4/inline.c | 6 +++
fs/ext4/inode.c | 46 +++++++++--------
fs/ext4/resize.c | 2 +-
fs/ext4/xattr.c | 2 +-
fs/orangefs/inode.c | 7 +++
fs/orangefs/namei.c | 7 +++
include/linux/irq.h | 7 ++-
include/linux/virtio_net.h | 11 ++---
include/net/transp_v6.h | 11 ++++-
include/net/udp.h | 5 ++
kernel/irq/manage.c | 37 +++++++++++++-
kernel/irq/migration.c | 31 +++++++-----
mm/backing-dev.c | 18 ++++++-
mm/page_alloc.c | 1 -
net/dsa/tag_trailer.c | 3 +-
net/ipv4/tcp_ipv4.c | 4 ++
net/ipv4/udp.c | 2 +-
net/ipv4/udp_diag.c | 2 +-
net/ipv6/datagram.c | 6 +--
net/ipv6/route.c | 3 --
net/ipv6/tcp_ipv6.c | 4 ++
net/ipv6/udp.c | 3 +-
net/packet/af_packet.c | 4 +-
net/sched/act_simple.c | 15 +++---
net/socket.c | 18 +++++--
net/tls/tls_sw.c | 26 +++++-----
sound/pci/hda/hda_controller.c | 4 +-
sound/pci/hda/patch_conexant.c | 3 ++
sound/pci/hda/patch_realtek.c | 6 ++-
sound/usb/quirks-table.h | 5 ++
71 files changed, 498 insertions(+), 210 deletions(-)
This is the start of the stable review cycle for the 4.14.52 release.
There are 52 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Tue Jun 26 14:27:24 UTC 2018.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.52-rc…
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 4.14.52-rc1
Vlastimil Babka <vbabka(a)suse.cz>
mm, page_alloc: do not break __GFP_THISNODE by zonelist reset
Thadeu Lima de Souza Cascardo <cascardo(a)canonical.com>
fs/binfmt_misc.c: do not allow offset overflow
Michael S. Tsirkin <mst(a)redhat.com>
vhost: fix info leak due to uninitialized memory
Jason Gerecke <killertofu(a)gmail.com>
HID: wacom: Correct logical maximum Y for 2nd-gen Intuos Pro large
Even Xu <even.xu(a)intel.com>
HID: intel_ish-hid: ipc: register more pm callbacks to support hibernation
Martin Brandenburg <martin(a)omnibond.com>
orangefs: report attributes_mask and attributes for statx
Martin Brandenburg <martin(a)omnibond.com>
orangefs: set i_size on new symlink
Luca Coelho <luciano.coelho(a)intel.com>
iwlwifi: fw: harden page loading code
Tony Luck <tony.luck(a)intel.com>
x86/intel_rdt: Enable CMT and MBM on new Skylake stepping
Stefan Potyra <Stefan.Potyra(a)elektrobit.com>
w1: mxc_w1: Enable clock before calling clk_get_rate() on it
Hans de Goede <hdegoede(a)redhat.com>
libata: Drop SanDisk SD7UB3Q*G1001 NOLPM quirk
Dan Carpenter <dan.carpenter(a)oracle.com>
libata: zpodd: small read overflow in eject_tray()
Chen Yu <yu.c.chen(a)intel.com>
cpufreq: governors: Fix long idle detection logic in load calculation
Tao Wang <kevin.wangtao(a)hisilicon.com>
cpufreq: Fix new policy initialization during limits updates via sysfs
Tejun Heo <tj(a)kernel.org>
bdi: Move cgroup bdi_writeback to a dedicated low concurrency workqueue
Roman Pen <roman.penyaev(a)profitbricks.com>
blk-mq: reinit q->tag_set_list entry only after grace period
Josef Bacik <jbacik(a)fb.com>
nbd: use bd_set_size when updating disk size
Josef Bacik <jbacik(a)fb.com>
nbd: update size when connected
Josef Bacik <jbacik(a)fb.com>
nbd: fix nbd device deletion
Shirish Pargaonkar <shirishpargaonkar(a)gmail.com>
cifs: For SMB2 security informaion query, check for minimum sized security descriptor instead of sizeof FileAllInformation class
Mark Syms <mark.syms(a)citrix.com>
CIFS: 511c54a2f69195b28afb9dd119f03787b1625bb4 adds a check for session expiry
Steve French <stfrench(a)microsoft.com>
smb3: on reconnect set PreviousSessionId field
Steve French <stfrench(a)microsoft.com>
smb3: fix various xid leaks
Tony Luck <tony.luck(a)intel.com>
x86/MCE: Fix stack out-of-bounds write in mce-inject.c: Flags_read()
Dennis Wassenberg <dennis.wassenberg(a)secunet.com>
ALSA: hda: add dock and led support for HP ProBook 640 G4
Dennis Wassenberg <dennis.wassenberg(a)secunet.com>
ALSA: hda: add dock and led support for HP EliteBook 830 G5
Bo Chen <chenbo(a)pdx.edu>
ALSA: hda - Handle kzalloc() failure in snd_hda_attach_pcm_stream()
Takashi Iwai <tiwai(a)suse.de>
ALSA: hda/conexant - Add fixup for HP Z2 G4 workstation
Hui Wang <hui.wang(a)canonical.com>
ALSA: hda/realtek - Enable mic-mute hotkey for several Lenovo AIOs
Qu Wenruo <wqu(a)suse.com>
btrfs: scrub: Don't use inode pages for device replace
Su Yue <suy.fnst(a)cn.fujitsu.com>
btrfs: return error value if create_io_em failed in cow_file_range
Omar Sandoval <osandov(a)fb.com>
Btrfs: fix memory and mount leak in btrfs_ioctl_rm_dev_v2()
Omar Sandoval <osandov(a)fb.com>
Btrfs: fix clone vs chattr NODATASUM race
Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp>
driver core: Don't ignore class_dir_create_and_add() failure.
Jan Kara <jack(a)suse.cz>
ext4: fix fencepost error in check for inode count overflow during resize
Theodore Ts'o <tytso(a)mit.edu>
ext4: correctly handle a zero-length xattr with a non-zero e_value_offs
Theodore Ts'o <tytso(a)mit.edu>
ext4: bubble errors from ext4_find_inline_data_nolock() up to ext4_iget()
Theodore Ts'o <tytso(a)mit.edu>
ext4: do not allow external inodes for inline data
Lukas Czerner <lczerner(a)redhat.com>
ext4: update mtime in ext4_punch_hole even if no blocks are released
Jan Kara <jack(a)suse.cz>
ext4: fix hole length detection in ext4_ind_map_blocks()
Trond Myklebust <trond.myklebust(a)primarydata.com>
NFSv4.1: Fix up replays of interrupted requests
Daniel Borkmann <daniel(a)iogearbox.net>
tls: fix use-after-free in tls_push_record
Dexuan Cui <decui(a)microsoft.com>
hv_netvsc: Fix a network regression after ifdown/ifup
Willem de Bruijn <willemb(a)google.com>
net: in virtio_net_hdr only add VLAN_HLEN to csum_start if payload holds vlan
Paolo Abeni <pabeni(a)redhat.com>
udp: fix rx queue len reported by diag and proc interface
Cong Wang <xiyou.wangcong(a)gmail.com>
socket: close race condition between sock_close() and sockfs_setattr()
Frank van der Linden <fllinden(a)amazon.com>
tcp: verify the checksum of the first data segment in a new connection
Davide Caratti <dcaratti(a)redhat.com>
net/sched: act_simple: fix parsing of TCA_DEF_DATA
Zhouyang Jia <jiazhouyang09(a)gmail.com>
net: dsa: add error handling for pskb_trim_rcsum
Julian Anastasov <ja(a)ssi.bg>
ipv6: allow PMTU exceptions to local routes
Bjørn Mork <bjorn(a)mork.no>
cdc_ncm: avoid padding beyond end of skb
Xiangning Yu <yuxiangning(a)gmail.com>
bonding: re-evaluate force_primary when the primary slave name changes
-------------
Diffstat:
Makefile | 4 +-
arch/x86/kernel/cpu/intel_rdt.c | 2 +
arch/x86/kernel/cpu/mcheck/mce-inject.c | 2 +-
block/blk-mq.c | 3 +-
drivers/ata/libata-core.c | 3 -
drivers/ata/libata-zpodd.c | 2 +-
drivers/base/core.c | 14 ++-
drivers/block/nbd.c | 17 ++-
drivers/cpufreq/cpufreq.c | 2 +
drivers/cpufreq/cpufreq_governor.c | 12 +-
drivers/hid/intel-ish-hid/ipc/pci-ish.c | 22 ++--
drivers/hid/wacom_sys.c | 8 ++
drivers/net/bonding/bond_options.c | 1 +
drivers/net/hyperv/netvsc_drv.c | 4 +-
drivers/net/tap.c | 5 +-
drivers/net/tun.c | 3 +-
drivers/net/usb/cdc_ncm.c | 4 +-
drivers/net/virtio_net.c | 3 +-
drivers/net/wireless/intel/iwlwifi/fw/paging.c | 49 ++++++--
drivers/vhost/vhost.c | 3 +
drivers/w1/masters/mxc_w1.c | 20 ++--
fs/binfmt_misc.c | 12 +-
fs/btrfs/inode.c | 4 +-
fs/btrfs/ioctl.c | 18 +--
fs/btrfs/scrub.c | 2 +-
fs/cifs/cifsacl.h | 14 +++
fs/cifs/smb2ops.c | 68 ++++++++----
fs/cifs/smb2pdu.c | 4 +-
fs/ext4/indirect.c | 14 ++-
fs/ext4/inline.c | 6 +
fs/ext4/inode.c | 46 ++++----
fs/ext4/resize.c | 2 +-
fs/ext4/xattr.c | 2 +-
fs/nfs/nfs4_fs.h | 2 +-
fs/nfs/nfs4proc.c | 148 +++++++++++++++++--------
fs/orangefs/inode.c | 7 ++
fs/orangefs/namei.c | 7 ++
include/linux/virtio_net.h | 11 +-
include/net/transp_v6.h | 11 +-
include/net/udp.h | 5 +
mm/backing-dev.c | 18 ++-
mm/page_alloc.c | 1 -
net/dsa/tag_trailer.c | 3 +-
net/ipv4/tcp_ipv4.c | 4 +
net/ipv4/udp.c | 2 +-
net/ipv4/udp_diag.c | 2 +-
net/ipv6/datagram.c | 6 +-
net/ipv6/route.c | 3 -
net/ipv6/tcp_ipv6.c | 4 +
net/ipv6/udp.c | 3 +-
net/packet/af_packet.c | 4 +-
net/sched/act_simple.c | 15 +--
net/socket.c | 18 ++-
net/tls/tls_sw.c | 26 ++---
sound/pci/hda/hda_controller.c | 4 +-
sound/pci/hda/patch_conexant.c | 3 +
sound/pci/hda/patch_realtek.c | 6 +-
57 files changed, 473 insertions(+), 215 deletions(-)
This is the start of the stable review cycle for the 4.9.110 release.
There are 39 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Tue Jun 26 15:23:25 UTC 2018.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.110-rc…
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 4.9.110-rc1
Thadeu Lima de Souza Cascardo <cascardo(a)canonical.com>
fs/binfmt_misc.c: do not allow offset overflow
Michael S. Tsirkin <mst(a)redhat.com>
vhost: fix info leak due to uninitialized memory
Even Xu <even.xu(a)intel.com>
HID: intel_ish-hid: ipc: register more pm callbacks to support hibernation
Martin Brandenburg <martin(a)omnibond.com>
orangefs: set i_size on new symlink
Stefan Potyra <Stefan.Potyra(a)elektrobit.com>
w1: mxc_w1: Enable clock before calling clk_get_rate() on it
Hans de Goede <hdegoede(a)redhat.com>
libata: Drop SanDisk SD7UB3Q*G1001 NOLPM quirk
Dan Carpenter <dan.carpenter(a)oracle.com>
libata: zpodd: small read overflow in eject_tray()
Colin Ian King <colin.king(a)canonical.com>
libata: zpodd: make arrays cdb static, reduces object code size
Tao Wang <kevin.wangtao(a)hisilicon.com>
cpufreq: Fix new policy initialization during limits updates via sysfs
Steve French <stfrench(a)microsoft.com>
smb3: on reconnect set PreviousSessionId field
Dennis Wassenberg <dennis.wassenberg(a)secunet.com>
ALSA: hda: add dock and led support for HP ProBook 640 G4
Dennis Wassenberg <dennis.wassenberg(a)secunet.com>
ALSA: hda: add dock and led support for HP EliteBook 830 G5
Bo Chen <chenbo(a)pdx.edu>
ALSA: hda - Handle kzalloc() failure in snd_hda_attach_pcm_stream()
Qu Wenruo <wqu(a)suse.com>
btrfs: scrub: Don't use inode pages for device replace
Omar Sandoval <osandov(a)fb.com>
Btrfs: fix memory and mount leak in btrfs_ioctl_rm_dev_v2()
Omar Sandoval <osandov(a)fb.com>
Btrfs: fix clone vs chattr NODATASUM race
Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp>
driver core: Don't ignore class_dir_create_and_add() failure.
Jan Kara <jack(a)suse.cz>
ext4: fix fencepost error in check for inode count overflow during resize
Lukas Czerner <lczerner(a)redhat.com>
ext4: update mtime in ext4_punch_hole even if no blocks are released
Jan Kara <jack(a)suse.cz>
ext4: fix hole length detection in ext4_ind_map_blocks()
Kailang Yang <kailang(a)realtek.com>
ALSA: hda/realtek - New codec support for ALC257
Frank van der Linden <fllinden(a)amazon.com>
tcp: verify the checksum of the first data segment in a new connection
Davide Caratti <dcaratti(a)redhat.com>
net/sched: act_simple: fix parsing of TCA_DEF_DATA
Julian Anastasov <ja(a)ssi.bg>
ipv6: allow PMTU exceptions to local routes
Xiangning Yu <yuxiangning(a)gmail.com>
bonding: re-evaluate force_primary when the primary slave name changes
Daniel Glöckner <dg(a)emlix.com>
usb: musb: fix remote wakeup racing with suspend
Liu Bo <bo.li.liu(a)oracle.com>
Btrfs: make raid6 rebuild retry more
Eric Dumazet <edumazet(a)google.com>
tcp: do not overshoot window_clamp in tcp_rcv_space_adjust()
Sasha Levin <Alexander.Levin(a)microsoft.com>
Revert "Btrfs: fix scrub to repair raid6 corruption"
Damien Thébault <damien.thebault(a)vitec.com>
net: dsa: b53: Add BCM5389 support
Finn Thain <fthain(a)telegraphics.com.au>
net/sonic: Use dma_mapping_error()
João Paulo Rechi Vita <jprvita(a)gmail.com>
platform/x86: asus-wmi: Fix NULL pointer dereference
Josh Hill <josh(a)joshuajhill.com>
net: qmi_wwan: Add Netgear Aircard 779S
Ivan Bornyakov <brnkv.i1(a)gmail.com>
atm: zatm: fix memcmp casting
Hao Wei Tee <angelsl(a)in04.sg>
iwlwifi: pcie: compare with number of IRQs requested for, not number of CPUs
Julian Anastasov <ja(a)ssi.bg>
ipvs: fix buffer overflow with sync daemon and service
Paolo Abeni <pabeni(a)redhat.com>
netfilter: ebtables: handle string from userspace with care
Eric Dumazet <edumazet(a)google.com>
xfrm6: avoid potential infinite loop in _decode_session6()
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
objtool: update .gitignore file
-------------
Diffstat:
Documentation/devicetree/bindings/net/dsa/b53.txt | 1 +
Makefile | 4 +--
drivers/ata/libata-core.c | 3 --
drivers/ata/libata-zpodd.c | 4 +--
drivers/atm/zatm.c | 4 +--
drivers/base/core.c | 14 +++++++--
drivers/cpufreq/cpufreq.c | 2 ++
drivers/hid/intel-ish-hid/ipc/pci-ish.c | 22 +++++---------
drivers/net/bonding/bond_options.c | 1 +
drivers/net/dsa/b53/b53_common.c | 13 ++++++++
drivers/net/dsa/b53/b53_mdio.c | 5 +++-
drivers/net/dsa/b53/b53_priv.h | 1 +
drivers/net/ethernet/natsemi/sonic.c | 2 +-
drivers/net/usb/qmi_wwan.c | 1 +
drivers/net/wireless/intel/iwlwifi/pcie/trans.c | 10 +++----
drivers/platform/x86/asus-wmi.c | 23 ++++++++-------
drivers/usb/musb/musb_host.c | 5 +++-
drivers/usb/musb/musb_host.h | 7 +++--
drivers/usb/musb/musb_virthub.c | 25 +++++++++-------
drivers/vhost/vhost.c | 3 ++
drivers/w1/masters/mxc_w1.c | 20 ++++++++-----
fs/binfmt_misc.c | 12 ++++++--
fs/btrfs/ioctl.c | 18 +++++++-----
fs/btrfs/scrub.c | 2 +-
fs/cifs/smb2pdu.c | 1 +
fs/ext4/indirect.c | 14 ++++++---
fs/ext4/inode.c | 36 +++++++++++------------
fs/ext4/resize.c | 2 +-
fs/orangefs/namei.c | 7 +++++
net/bridge/netfilter/ebtables.c | 3 +-
net/ipv4/tcp_input.c | 2 +-
net/ipv4/tcp_ipv4.c | 4 +++
net/ipv6/route.c | 3 --
net/ipv6/tcp_ipv6.c | 4 +++
net/ipv6/xfrm6_policy.c | 2 +-
net/netfilter/ipvs/ip_vs_ctl.c | 21 +++++++++----
net/sched/act_simple.c | 15 ++++------
sound/pci/hda/hda_controller.c | 4 ++-
sound/pci/hda/patch_conexant.c | 2 ++
sound/pci/hda/patch_realtek.c | 8 +++++
tools/objtool/.gitignore | 2 +-
41 files changed, 212 insertions(+), 120 deletions(-)
This is a note to let you know that I've just added the patch titled
staging: android: ion: Return an ERR_PTR in ion_map_kernel
to my staging git tree which can be found at
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git
in the staging-linus branch.
The patch will show up in the next release of the linux-next tree
(usually sometime within the next 24 hours during the week.)
The patch will hopefully also be merged in Linus's tree for the
next -rc kernel release.
If you have any questions about this process, please let me know.
>From 0a2bc00341dcfcc793c0dbf4f8d43adf60458b05 Mon Sep 17 00:00:00 2001
From: Laura Abbott <labbott(a)redhat.com>
Date: Mon, 11 Jun 2018 11:06:53 -0700
Subject: staging: android: ion: Return an ERR_PTR in ion_map_kernel
The expected return value from ion_map_kernel is an ERR_PTR. The error
path for a vmalloc failure currently just returns NULL, triggering
a warning in ion_buffer_kmap_get. Encode the vmalloc failure as an ERR_PTR.
Reported-by: syzbot+55b1d9f811650de944c6(a)syzkaller.appspotmail.com
Signed-off-by: Laura Abbott <labbott(a)redhat.com>
Cc: stable <stable(a)vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
---
drivers/staging/android/ion/ion_heap.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/staging/android/ion/ion_heap.c b/drivers/staging/android/ion/ion_heap.c
index e8c440329708..31db510018a9 100644
--- a/drivers/staging/android/ion/ion_heap.c
+++ b/drivers/staging/android/ion/ion_heap.c
@@ -30,7 +30,7 @@ void *ion_heap_map_kernel(struct ion_heap *heap,
struct page **tmp = pages;
if (!pages)
- return NULL;
+ return ERR_PTR(-ENOMEM);
if (buffer->flags & ION_FLAG_CACHED)
pgprot = PAGE_KERNEL;
--
2.18.0
This is a note to let you know that I've just added the patch titled
usb: typec: tcpm: fix logbuffer index is wrong if _tcpm_log is
to my usb git tree which can be found at
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git
in the usb-linus branch.
The patch will show up in the next release of the linux-next tree
(usually sometime within the next 24 hours during the week.)
The patch will hopefully also be merged in Linus's tree for the
next -rc kernel release.
If you have any questions about this process, please let me know.
>From d5a4f93511b7000183c0d528739b824752139f79 Mon Sep 17 00:00:00 2001
From: Peter Chen <peter.chen(a)nxp.com>
Date: Tue, 12 Jun 2018 09:53:01 +0800
Subject: usb: typec: tcpm: fix logbuffer index is wrong if _tcpm_log is
re-entered
The port->logbuffer_head may be wrong if the two processes enters
_tcpm_log at the mostly same time. The 2nd process enters _tcpm_log
before the 1st process update the index, then the 2nd process will
not allocate logbuffer, when the 2nd process tries to use log buffer,
the index has already updated by the 1st process, so it will get
NULL pointer for updated logbuffer, the error message like below:
tcpci 0-0050: Log buffer index 6 is NULL
Cc: Heikki Krogerus <heikki.krogerus(a)linux.intel.com>
Cc: Guenter Roeck <linux(a)roeck-us.net>
Cc: Jun Li <jun.li(a)nxp.com>
Signed-off-by: Peter Chen <peter.chen(a)nxp.com>
Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com>
Cc: stable <stable(a)vger.kernel.org>
Reviewed-by: Guenter Roeck <linux(a)roeck-us.net>
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
---
drivers/usb/typec/tcpm.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/drivers/usb/typec/tcpm.c b/drivers/usb/typec/tcpm.c
index 0dfd755020f4..d961f1ec0e08 100644
--- a/drivers/usb/typec/tcpm.c
+++ b/drivers/usb/typec/tcpm.c
@@ -418,17 +418,18 @@ static void _tcpm_log(struct tcpm_port *port, const char *fmt, va_list args)
u64 ts_nsec = local_clock();
unsigned long rem_nsec;
+ mutex_lock(&port->logbuffer_lock);
if (!port->logbuffer[port->logbuffer_head]) {
port->logbuffer[port->logbuffer_head] =
kzalloc(LOG_BUFFER_ENTRY_SIZE, GFP_KERNEL);
- if (!port->logbuffer[port->logbuffer_head])
+ if (!port->logbuffer[port->logbuffer_head]) {
+ mutex_unlock(&port->logbuffer_lock);
return;
+ }
}
vsnprintf(tmpbuffer, sizeof(tmpbuffer), fmt, args);
- mutex_lock(&port->logbuffer_lock);
-
if (tcpm_log_full(port)) {
port->logbuffer_head = max(port->logbuffer_head - 1, 0);
strcpy(tmpbuffer, "overflow");
--
2.18.0
This is a note to let you know that I've just added the patch titled
usb: cdc_acm: Add quirk for Uniden UBC125 scanner
to my usb git tree which can be found at
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git
in the usb-linus branch.
The patch will show up in the next release of the linux-next tree
(usually sometime within the next 24 hours during the week.)
The patch will hopefully also be merged in Linus's tree for the
next -rc kernel release.
If you have any questions about this process, please let me know.
>From 4a762569a2722b8a48066c7bacf0e1dc67d17fa1 Mon Sep 17 00:00:00 2001
From: Houston Yaroschoff <hstn(a)4ever3.net>
Date: Mon, 11 Jun 2018 12:39:09 +0200
Subject: usb: cdc_acm: Add quirk for Uniden UBC125 scanner
Uniden UBC125 radio scanner has USB interface which fails to work
with cdc_acm driver:
usb 1-1.5: new full-speed USB device number 4 using xhci_hcd
cdc_acm 1-1.5:1.0: Zero length descriptor references
cdc_acm: probe of 1-1.5:1.0 failed with error -22
Adding the NO_UNION_NORMAL quirk for the device fixes the issue:
usb 1-4: new full-speed USB device number 15 using xhci_hcd
usb 1-4: New USB device found, idVendor=1965, idProduct=0018
usb 1-4: New USB device strings: Mfr=1, Product=2, SerialNumber=3
usb 1-4: Product: UBC125XLT
usb 1-4: Manufacturer: Uniden Corp.
usb 1-4: SerialNumber: 0001
cdc_acm 1-4:1.0: ttyACM0: USB ACM device
`lsusb -v` of the device:
Bus 001 Device 015: ID 1965:0018 Uniden Corporation
Device Descriptor:
bLength 18
bDescriptorType 1
bcdUSB 2.00
bDeviceClass 2 Communications
bDeviceSubClass 0
bDeviceProtocol 0
bMaxPacketSize0 64
idVendor 0x1965 Uniden Corporation
idProduct 0x0018
bcdDevice 0.01
iManufacturer 1 Uniden Corp.
iProduct 2 UBC125XLT
iSerial 3 0001
bNumConfigurations 1
Configuration Descriptor:
bLength 9
bDescriptorType 2
wTotalLength 48
bNumInterfaces 2
bConfigurationValue 1
iConfiguration 0
bmAttributes 0x80
(Bus Powered)
MaxPower 500mA
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 0
bAlternateSetting 0
bNumEndpoints 1
bInterfaceClass 2 Communications
bInterfaceSubClass 2 Abstract (modem)
bInterfaceProtocol 0 None
iInterface 0
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x87 EP 7 IN
bmAttributes 3
Transfer Type Interrupt
Synch Type None
Usage Type Data
wMaxPacketSize 0x0008 1x 8 bytes
bInterval 10
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 1
bAlternateSetting 0
bNumEndpoints 2
bInterfaceClass 10 CDC Data
bInterfaceSubClass 0 Unused
bInterfaceProtocol 0
iInterface 0
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x81 EP 1 IN
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0040 1x 64 bytes
bInterval 0
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x02 EP 2 OUT
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0040 1x 64 bytes
bInterval 0
Device Status: 0x0000
(Bus Powered)
Signed-off-by: Houston Yaroschoff <hstn(a)4ever3.net>
Cc: stable <stable(a)vger.kernel.org>
Acked-by: Oliver Neukum <oneukum(a)suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
---
drivers/usb/class/cdc-acm.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c
index 7b366a6c0b49..998b32d0167e 100644
--- a/drivers/usb/class/cdc-acm.c
+++ b/drivers/usb/class/cdc-acm.c
@@ -1758,6 +1758,9 @@ static const struct usb_device_id acm_ids[] = {
{ USB_DEVICE(0x11ca, 0x0201), /* VeriFone Mx870 Gadget Serial */
.driver_info = SINGLE_RX_URB,
},
+ { USB_DEVICE(0x1965, 0x0018), /* Uniden UBC125XLT */
+ .driver_info = NO_UNION_NORMAL, /* has no union descriptor */
+ },
{ USB_DEVICE(0x22b8, 0x7000), /* Motorola Q Phone */
.driver_info = NO_UNION_NORMAL, /* has no union descriptor */
},
--
2.18.0
This is a note to let you know that I've just added the patch titled
usb: typec: ucsi: Fix for incorrect status data issue
to my usb git tree which can be found at
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git
in the usb-linus branch.
The patch will show up in the next release of the linux-next tree
(usually sometime within the next 24 hours during the week.)
The patch will hopefully also be merged in Linus's tree for the
next -rc kernel release.
If you have any questions about this process, please let me know.
>From 68816e16b4789f2d05e77b6dcb77564cf5d6a8d8 Mon Sep 17 00:00:00 2001
From: Heikki Krogerus <heikki.krogerus(a)linux.intel.com>
Date: Thu, 21 Jun 2018 16:43:19 +0300
Subject: usb: typec: ucsi: Fix for incorrect status data issue
According to UCSI Specification, Connector Change Event only
means a change in the Connector Status and Operation Mode
fields of the STATUS data structure. So any other change
should create another event.
Unfortunately on some platforms the firmware acting as PPM
(platform policy manager - usually embedded controller
firmware) still does not report any other status changes if
there is a connector change event. So if the connector power
or data role was changed when a device was plugged to the
connector, the driver does not get any indication about
that. The port will show wrong roles if that happens.
To fix the issue, always checking the data and power role
together with a connector change event.
Fixes: c1b0bc2dabfa ("usb: typec: Add support for UCSI interface")
Signed-off-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com>
Cc: stable <stable(a)vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
---
drivers/usb/typec/ucsi/ucsi.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/drivers/usb/typec/ucsi/ucsi.c b/drivers/usb/typec/ucsi/ucsi.c
index bd5cca5632b3..8d0a6fe748bd 100644
--- a/drivers/usb/typec/ucsi/ucsi.c
+++ b/drivers/usb/typec/ucsi/ucsi.c
@@ -350,6 +350,19 @@ static void ucsi_connector_change(struct work_struct *work)
}
if (con->status.change & UCSI_CONSTAT_CONNECT_CHANGE) {
+ typec_set_pwr_role(con->port, con->status.pwr_dir);
+
+ switch (con->status.partner_type) {
+ case UCSI_CONSTAT_PARTNER_TYPE_UFP:
+ typec_set_data_role(con->port, TYPEC_HOST);
+ break;
+ case UCSI_CONSTAT_PARTNER_TYPE_DFP:
+ typec_set_data_role(con->port, TYPEC_DEVICE);
+ break;
+ default:
+ break;
+ }
+
if (con->status.connected)
ucsi_register_partner(con);
else
--
2.18.0
This is a note to let you know that I've just added the patch titled
xhci: Fix perceived dead host due to runtime suspend race with event
to my usb git tree which can be found at
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git
in the usb-linus branch.
The patch will show up in the next release of the linux-next tree
(usually sometime within the next 24 hours during the week.)
The patch will hopefully also be merged in Linus's tree for the
next -rc kernel release.
If you have any questions about this process, please let me know.
>From 229bc19fd7aca4f37964af06e3583c1c8f36b5d6 Mon Sep 17 00:00:00 2001
From: Mathias Nyman <mathias.nyman(a)linux.intel.com>
Date: Thu, 21 Jun 2018 16:19:41 +0300
Subject: xhci: Fix perceived dead host due to runtime suspend race with event
handler
Don't rely on event interrupt (EINT) bit alone to detect pending port
change in resume. If no change event is detected the host may be suspended
again, oterwise roothubs are resumed.
There is a lag in xHC setting EINT. If we don't notice the pending change
in resume, and the controller is runtime suspeded again, it causes the
event handler to assume host is dead as it will fail to read xHC registers
once PCI puts the controller to D3 state.
[ 268.520969] xhci_hcd: xhci_resume: starting port polling.
[ 268.520985] xhci_hcd: xhci_hub_status_data: stopping port polling.
[ 268.521030] xhci_hcd: xhci_suspend: stopping port polling.
[ 268.521040] xhci_hcd: // Setting command ring address to 0x349bd001
[ 268.521139] xhci_hcd: Port Status Change Event for port 3
[ 268.521149] xhci_hcd: resume root hub
[ 268.521163] xhci_hcd: port resume event for port 3
[ 268.521168] xhci_hcd: xHC is not running.
[ 268.521174] xhci_hcd: handle_port_status: starting port polling.
[ 268.596322] xhci_hcd: xhci_hc_died: xHCI host controller not responding, assume dead
The EINT lag is described in a additional note in xhci specs 4.19.2:
"Due to internal xHC scheduling and system delays, there will be a lag
between a change bit being set and the Port Status Change Event that it
generated being written to the Event Ring. If SW reads the PORTSC and
sees a change bit set, there is no guarantee that the corresponding Port
Status Change Event has already been written into the Event Ring."
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
---
drivers/usb/host/xhci.c | 40 +++++++++++++++++++++++++++++++++++++---
drivers/usb/host/xhci.h | 4 ++++
2 files changed, 41 insertions(+), 3 deletions(-)
diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c
index 8c8da2d657fa..f11ec61bcc7d 100644
--- a/drivers/usb/host/xhci.c
+++ b/drivers/usb/host/xhci.c
@@ -908,6 +908,41 @@ static void xhci_disable_port_wake_on_bits(struct xhci_hcd *xhci)
spin_unlock_irqrestore(&xhci->lock, flags);
}
+static bool xhci_pending_portevent(struct xhci_hcd *xhci)
+{
+ struct xhci_port **ports;
+ int port_index;
+ u32 status;
+ u32 portsc;
+
+ status = readl(&xhci->op_regs->status);
+ if (status & STS_EINT)
+ return true;
+ /*
+ * Checking STS_EINT is not enough as there is a lag between a change
+ * bit being set and the Port Status Change Event that it generated
+ * being written to the Event Ring. See note in xhci 1.1 section 4.19.2.
+ */
+
+ port_index = xhci->usb2_rhub.num_ports;
+ ports = xhci->usb2_rhub.ports;
+ while (port_index--) {
+ portsc = readl(ports[port_index]->addr);
+ if (portsc & PORT_CHANGE_MASK ||
+ (portsc & PORT_PLS_MASK) == XDEV_RESUME)
+ return true;
+ }
+ port_index = xhci->usb3_rhub.num_ports;
+ ports = xhci->usb3_rhub.ports;
+ while (port_index--) {
+ portsc = readl(ports[port_index]->addr);
+ if (portsc & PORT_CHANGE_MASK ||
+ (portsc & PORT_PLS_MASK) == XDEV_RESUME)
+ return true;
+ }
+ return false;
+}
+
/*
* Stop HC (not bus-specific)
*
@@ -1009,7 +1044,7 @@ EXPORT_SYMBOL_GPL(xhci_suspend);
*/
int xhci_resume(struct xhci_hcd *xhci, bool hibernated)
{
- u32 command, temp = 0, status;
+ u32 command, temp = 0;
struct usb_hcd *hcd = xhci_to_hcd(xhci);
struct usb_hcd *secondary_hcd;
int retval = 0;
@@ -1134,8 +1169,7 @@ int xhci_resume(struct xhci_hcd *xhci, bool hibernated)
done:
if (retval == 0) {
/* Resume root hubs only when have pending events. */
- status = readl(&xhci->op_regs->status);
- if (status & STS_EINT) {
+ if (xhci_pending_portevent(xhci)) {
usb_hcd_resume_root_hub(xhci->shared_hcd);
usb_hcd_resume_root_hub(hcd);
}
diff --git a/drivers/usb/host/xhci.h b/drivers/usb/host/xhci.h
index 939e2f86b595..841e89ffe2e9 100644
--- a/drivers/usb/host/xhci.h
+++ b/drivers/usb/host/xhci.h
@@ -382,6 +382,10 @@ struct xhci_op_regs {
#define PORT_PLC (1 << 22)
/* port configure error change - port failed to configure its link partner */
#define PORT_CEC (1 << 23)
+#define PORT_CHANGE_MASK (PORT_CSC | PORT_PEC | PORT_WRC | PORT_OCC | \
+ PORT_RC | PORT_PLC | PORT_CEC)
+
+
/* Cold Attach Status - xHC can set this bit to report device attached during
* Sx state. Warm port reset should be perfomed to clear this bit and move port
* to connected state.
--
2.18.0
This is a note to let you know that I've just added the patch titled
usb: dwc2: fix the incorrect bitmaps for the ports of multi_tt hub
to my usb git tree which can be found at
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git
in the usb-linus branch.
The patch will show up in the next release of the linux-next tree
(usually sometime within the next 24 hours during the week.)
The patch will hopefully also be merged in Linus's tree for the
next -rc kernel release.
If you have any questions about this process, please let me know.
>From 8760675932ddb614e83702117d36ea644050c609 Mon Sep 17 00:00:00 2001
From: William Wu <william.wu(a)rock-chips.com>
Date: Mon, 21 May 2018 18:12:00 +0800
Subject: usb: dwc2: fix the incorrect bitmaps for the ports of multi_tt hub
The dwc2_get_ls_map() use ttport to reference into the
bitmap if we're on a multi_tt hub. But the bitmaps index
from 0 to (hub->maxchild - 1), while the ttport index from
1 to hub->maxchild. This will cause invalid memory access
when the number of ttport is hub->maxchild.
Without this patch, I can easily meet a Kernel panic issue
if connect a low-speed USB mouse with the max port of FE2.1
multi-tt hub (1a40:0201) on rk3288 platform.
Fixes: 9f9f09b048f5 ("usb: dwc2: host: Totally redo the microframe scheduler")
Cc: <stable(a)vger.kernel.org>
Reviewed-by: Douglas Anderson <dianders(a)chromium.org>
Acked-by: Minas Harutyunyan hminas(a)synopsys.com>
Signed-off-by: William Wu <william.wu(a)rock-chips.com>
Signed-off-by: Felipe Balbi <felipe.balbi(a)linux.intel.com>
---
drivers/usb/dwc2/hcd_queue.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/usb/dwc2/hcd_queue.c b/drivers/usb/dwc2/hcd_queue.c
index d7c3d6c776d8..9c55d1addba9 100644
--- a/drivers/usb/dwc2/hcd_queue.c
+++ b/drivers/usb/dwc2/hcd_queue.c
@@ -383,7 +383,7 @@ static unsigned long *dwc2_get_ls_map(struct dwc2_hsotg *hsotg,
/* Get the map and adjust if this is a multi_tt hub */
map = qh->dwc_tt->periodic_bitmaps;
if (qh->dwc_tt->usb_tt->multi)
- map += DWC2_ELEMENTS_PER_LS_BITMAP * qh->ttport;
+ map += DWC2_ELEMENTS_PER_LS_BITMAP * (qh->ttport - 1);
return map;
}
--
2.18.0
Open-coded page table entry checks don't work correctly when we fold the
page table level at runtime.
pgd_present() on 4-level paging machine always returns true, but
open-coded version of the check may return false-negative result and
we silently skip the rest of the loop body in efi_call_phys_epilog().
Replace open-coded checks with proper helpers.
Signed-off-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com>
Fixes: 94133e46a0f5 ("x86/efi: Correct EFI identity mapping under 'efi=old_map' when KASLR is enabled")
Cc: stable(a)vger.kernel.org # 4.12+
Cc: Baoquan He <bhe(a)redhat.com>
Cc: Matt Fleming <matt(a)codeblueprint.co.uk>
Cc: Andrey Ryabinin <aryabinin(a)virtuozzo.com>
---
arch/x86/platform/efi/efi_64.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/x86/platform/efi/efi_64.c b/arch/x86/platform/efi/efi_64.c
index e01f7ceb9e7a..77873ce700ae 100644
--- a/arch/x86/platform/efi/efi_64.c
+++ b/arch/x86/platform/efi/efi_64.c
@@ -166,14 +166,14 @@ void __init efi_call_phys_epilog(pgd_t *save_pgd)
pgd = pgd_offset_k(pgd_idx * PGDIR_SIZE);
set_pgd(pgd_offset_k(pgd_idx * PGDIR_SIZE), save_pgd[pgd_idx]);
- if (!(pgd_val(*pgd) & _PAGE_PRESENT))
+ if (!pgd_present(*pgd))
continue;
for (i = 0; i < PTRS_PER_P4D; i++) {
p4d = p4d_offset(pgd,
pgd_idx * PGDIR_SIZE + i * P4D_SIZE);
- if (!(p4d_val(*p4d) & _PAGE_PRESENT))
+ if (!p4d_present(*p4d))
continue;
pud = (pud_t *)p4d_page_vaddr(*p4d);
--
2.18.0
This is the start of the stable review cycle for the 4.4.136 release.
There are 37 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Thu Jun 7 17:00:49 UTC 2018.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.136-rc…
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 4.4.136-rc1
David S. Miller <davem(a)davemloft.net>
sparc64: Fix build warnings with gcc 7.
David S. Miller <davem(a)davemloft.net>
sparc64: Don't clibber fixed registers in __multi4.
David S. Miller <davem(a)davemloft.net>
sparc64: Add __multi3 for gcc 7.x and later.
Hugh Dickins <hughd(a)google.com>
mm: fix the NULL mapping case in __isolate_lru_page()
Al Viro <viro(a)zeniv.linux.org.uk>
fix io_destroy()/aio_complete() race
Arnd Bergmann <arnd(a)arndb.de>
Kbuild: change CC_OPTIMIZE_FOR_SIZE definition
Ondrej Zary <linux(a)rainbow-software.org>
drm/i915: Disable LVDS on Radiant P845
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
hwtracing: stm: fix build error on some arches
Alexander Shishkin <alexander.shishkin(a)linux.intel.com>
stm class: Use vmalloc for the master map
Bart Van Assche <bart.vanassche(a)wdc.com>
scsi: scsi_transport_srp: Fix shost to rport translation
Maciej W. Rozycki <macro(a)mips.com>
MIPS: prctl: Disallow FRE without FR with PR_SET_FP_MODE requests
Maciej W. Rozycki <macro(a)mips.com>
MIPS: ptrace: Fix PTRACE_PEEKUSR requests for 64-bit FGRs
Martin Kelly <mkelly(a)xevo.com>
iio:kfifo_buf: check for uint overflow
Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com>
dmaengine: usb-dmac: fix endless loop in usb_dmac_chan_terminate_all()
Wolfram Sang <wsa+renesas(a)sang-engineering.com>
i2c: rcar: revoke START request early
Wolfram Sang <wsa+renesas(a)sang-engineering.com>
i2c: rcar: check master irqs before slave irqs
Wolfram Sang <wsa+renesas(a)sang-engineering.com>
i2c: rcar: don't issue stop when HW does it automatically
Wolfram Sang <wsa+renesas(a)sang-engineering.com>
i2c: rcar: init new messages in irq
Wolfram Sang <wsa+renesas(a)sang-engineering.com>
i2c: rcar: refactor setup of a msg
Wolfram Sang <wsa+renesas(a)sang-engineering.com>
i2c: rcar: remove spinlock
Wolfram Sang <wsa+renesas(a)sang-engineering.com>
i2c: rcar: remove unused IOERROR state
Wolfram Sang <wsa+renesas(a)sang-engineering.com>
i2c: rcar: rework hw init
Wolfram Sang <wsa+renesas(a)sang-engineering.com>
i2c: rcar: make sure clocks are on when doing clock calculation
Eric Dumazet <edumazet(a)google.com>
tcp: avoid integer overflows in tcp_rcv_space_adjust()
Arnd Bergmann <arnd(a)arndb.de>
irda: fix overly long udelay()
Colin Ian King <colin.king(a)canonical.com>
ASoC: Intel: sst: remove redundant variable dma_dev_name
Matthias Kaehlcke <mka(a)chromium.org>
rtlwifi: rtl8192cu: Remove variable self-assignment in rf.c
Eric Biggers <ebiggers(a)google.com>
cfg80211: further limit wiphy names to 64 bytes
Sachin Grover <sgrover(a)codeaurora.org>
selinux: KASAN: slab-out-of-bounds in xattr_getsecurity
Steven Rostedt (VMware) <rostedt(a)goodmis.org>
tracing: Fix crash when freeing instances with event triggers
Benjamin Tissoires <benjamin.tissoires(a)redhat.com>
Input: elan_i2c_smbus - fix corrupted stack
Mimi Zohar <zohar(a)linux.vnet.ibm.com>
Revert "ima: limit file hash setting by user to fix and log modes"
Brian Foster <bfoster(a)redhat.com>
xfs: detect agfl count corruption and reset agfl
Yoshinori Sato <ysato(a)users.sourceforge.jp>
sh: New gcc support
Geert Uytterhoeven <geert(a)linux-m68k.org>
USB: serial: cp210x: use tcflag_t to fix incompatible pointer type
Michael Neuling <mikey(a)neuling.org>
powerpc/64s: Clear PCR on boot
Will Deacon <will.deacon(a)arm.com>
arm64: lse: Add early clobbers to some input/output asm operands
-------------
Diffstat:
Makefile | 4 +-
arch/arm64/include/asm/atomic_lse.h | 14 +-
arch/mips/kernel/process.c | 4 +
arch/mips/kernel/ptrace.c | 2 +-
arch/mips/kernel/ptrace32.c | 2 +-
arch/powerpc/kernel/cpu_setup_power.S | 4 +
arch/sh/kernel/sh_ksyms_32.c | 3 +
arch/sh/lib/ashlsi3.S | 35 +++-
arch/sh/lib/ashrsi3.S | 33 +++-
arch/sh/lib/lshrsi3.S | 34 +++-
arch/sparc/kernel/ds.c | 2 +-
arch/sparc/lib/Makefile | 1 +
arch/sparc/lib/multi3.S | 35 ++++
drivers/dma/sh/usb-dmac.c | 4 +-
drivers/gpu/drm/i915/intel_lvds.c | 8 +
drivers/hwtracing/stm/core.c | 7 +-
drivers/i2c/busses/i2c-rcar.c | 202 +++++++++------------
drivers/iio/buffer/kfifo_buf.c | 7 +
drivers/input/mouse/elan_i2c_smbus.c | 22 +--
drivers/net/irda/w83977af_ir.c | 4 +-
.../net/wireless/realtek/rtlwifi/rtl8192cu/rf.c | 3 -
drivers/scsi/scsi_transport_srp.c | 22 ++-
drivers/usb/serial/cp210x.c | 9 +-
fs/aio.c | 3 +-
fs/xfs/libxfs/xfs_alloc.c | 94 ++++++++++
fs/xfs/xfs_mount.h | 1 +
fs/xfs/xfs_trace.h | 9 +-
include/linux/tcp.h | 2 +-
include/uapi/linux/nl80211.h | 2 +-
init/Kconfig | 13 ++
kernel/trace/trace_events_trigger.c | 5 +-
mm/vmscan.c | 2 +-
net/ipv4/tcp_input.c | 10 +-
security/integrity/ima/ima_appraise.c | 8 +-
security/selinux/ss/services.c | 2 +-
sound/soc/intel/common/sst-firmware.c | 2 -
36 files changed, 410 insertions(+), 204 deletions(-)
We have 3 more Lenovo machines, they all have 2 front mics on them,
so they need the fixup to change the location for one of two mics.
Among these 3 Lenovo machines, one of them has the same pin cfg as the
machine with subid 0x17aa3138, so use the pin cfg table to apply fixup
for them. The rest machines don't share the same pin cfg, so far use
the subid to apply fixup for them.
Fixes: a3dafb2200bf ("ALSA: hda/realtek - adjust the location of one mic")
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Hui Wang <hui.wang(a)canonical.com>
---
sound/pci/hda/patch_realtek.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
index 4834847..418f27b 100644
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -6594,8 +6594,9 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = {
SND_PCI_QUIRK(0x17aa, 0x30bb, "ThinkCentre AIO", ALC233_FIXUP_LENOVO_LINE2_MIC_HOTKEY),
SND_PCI_QUIRK(0x17aa, 0x30e2, "ThinkCentre AIO", ALC233_FIXUP_LENOVO_LINE2_MIC_HOTKEY),
SND_PCI_QUIRK(0x17aa, 0x310c, "ThinkCentre Station", ALC294_FIXUP_LENOVO_MIC_LOCATION),
+ SND_PCI_QUIRK(0x17aa, 0x312a, "ThinkCentre Station", ALC294_FIXUP_LENOVO_MIC_LOCATION),
SND_PCI_QUIRK(0x17aa, 0x312f, "ThinkCentre Station", ALC294_FIXUP_LENOVO_MIC_LOCATION),
- SND_PCI_QUIRK(0x17aa, 0x3138, "ThinkCentre Station", ALC294_FIXUP_LENOVO_MIC_LOCATION),
+ SND_PCI_QUIRK(0x17aa, 0x3136, "ThinkCentre Station", ALC294_FIXUP_LENOVO_MIC_LOCATION),
SND_PCI_QUIRK(0x17aa, 0x313c, "ThinkCentre Station", ALC294_FIXUP_LENOVO_MIC_LOCATION),
SND_PCI_QUIRK(0x17aa, 0x3902, "Lenovo E50-80", ALC269_FIXUP_DMIC_THINKPAD_ACPI),
SND_PCI_QUIRK(0x17aa, 0x3977, "IdeaPad S210", ALC283_FIXUP_INT_MIC),
@@ -6773,6 +6774,12 @@ static const struct snd_hda_pin_quirk alc269_pin_fixup_tbl[] = {
{0x14, 0x90170110},
{0x19, 0x02a11030},
{0x21, 0x02211020}),
+ SND_HDA_PIN_QUIRK(0x10ec0235, 0x17aa, "Lenovo", ALC294_FIXUP_LENOVO_MIC_LOCATION,
+ {0x14, 0x90170110},
+ {0x19, 0x02a11030},
+ {0x1a, 0x02a11040},
+ {0x1b, 0x01014020},
+ {0x21, 0x0221101f}),
SND_HDA_PIN_QUIRK(0x10ec0236, 0x1028, "Dell", ALC255_FIXUP_DELL1_MIC_NO_PRESENCE,
{0x12, 0x90a60140},
{0x14, 0x90170110},
--
2.7.4
The patch below does not apply to the 4.16-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
>From d7832cd2a3c87eb6ae1e802c88b6fc56c5823f6d Mon Sep 17 00:00:00 2001
From: Sean Young <sean(a)mess.org>
Date: Thu, 24 May 2018 05:47:17 -0400
Subject: [PATCH] media: rc: ensure input/lirc device can be opened after
register
Since commit cb84343fced1 ("media: lirc: do not call close() or open() on
unregistered devices") rc_open() will return -ENODEV if rcdev->registered
is false. Ensure this is set before we register the input device and the
lirc device, else we have a short window where the neither the lirc or
input device can be opened.
Fixes: cb84343fced1 ("media: lirc: do not call close() or open() on unregistered devices")
Cc: stable(a)vger.kernel.org # v4.16+
Signed-off-by: Sean Young <sean(a)mess.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org>
diff --git a/drivers/media/rc/rc-main.c b/drivers/media/rc/rc-main.c
index b7071bde670a..2e222d9ee01f 100644
--- a/drivers/media/rc/rc-main.c
+++ b/drivers/media/rc/rc-main.c
@@ -1862,6 +1862,8 @@ int rc_register_device(struct rc_dev *dev)
dev->device_name ?: "Unspecified device", path ?: "N/A");
kfree(path);
+ dev->registered = true;
+
if (dev->driver_type != RC_DRIVER_IR_RAW_TX) {
rc = rc_setup_rx_device(dev);
if (rc)
@@ -1881,8 +1883,6 @@ int rc_register_device(struct rc_dev *dev)
goto out_lirc;
}
- dev->registered = true;
-
dev_dbg(&dev->dev, "Registered rc%u (driver: %s)\n", dev->minor,
dev->driver_name ? dev->driver_name : "unknown");
The patch below does not apply to the 4.17-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
>From e6fc46498784e799d3eb95d83079180e413c4e7d Mon Sep 17 00:00:00 2001
From: Ming Lei <ming.lei(a)redhat.com>
Date: Thu, 24 May 2018 11:00:39 -0600
Subject: [PATCH] blk-mq: avoid starving tag allocation after allocating
process migrates
When the allocation process is scheduled back and the mapped hw queue is
changed, fake one extra wake up on previous queue for compensating wake
up miss, so other allocations on the previous queue won't be starved.
This patch fixes one request allocation hang issue, which can be
triggered easily in case of very low nr_request.
The race is as follows:
1) 2 hw queues, nr_requests are 2, and wake_batch is one
2) there are 3 waiters on hw queue 0
3) two in-flight requests in hw queue 0 are completed, and only two
waiters of 3 are waken up because of wake_batch, but both the two
waiters can be scheduled to another CPU and cause to switch to hw
queue 1
4) then the 3rd waiter will wait for ever, since no in-flight request
is in hw queue 0 any more.
5) this patch fixes it by the fake wakeup when waiter is scheduled to
another hw queue
Cc: <stable(a)vger.kernel.org>
Reviewed-by: Omar Sandoval <osandov(a)fb.com>
Signed-off-by: Ming Lei <ming.lei(a)redhat.com>
Modified commit message to make it clearer, and make it apply on
top of the 4.18 branch.
Signed-off-by: Jens Axboe <axboe(a)kernel.dk>
diff --git a/block/blk-mq-tag.c b/block/blk-mq-tag.c
index 336dde07b230..a4e58fc28a06 100644
--- a/block/blk-mq-tag.c
+++ b/block/blk-mq-tag.c
@@ -134,6 +134,8 @@ unsigned int blk_mq_get_tag(struct blk_mq_alloc_data *data)
ws = bt_wait_ptr(bt, data->hctx);
drop_ctx = data->ctx == NULL;
do {
+ struct sbitmap_queue *bt_prev;
+
/*
* We're out of tags on this hardware queue, kick any
* pending IO submits before going to sleep waiting for
@@ -159,6 +161,7 @@ unsigned int blk_mq_get_tag(struct blk_mq_alloc_data *data)
if (data->ctx)
blk_mq_put_ctx(data->ctx);
+ bt_prev = bt;
io_schedule();
data->ctx = blk_mq_get_ctx(data->q);
@@ -170,6 +173,15 @@ unsigned int blk_mq_get_tag(struct blk_mq_alloc_data *data)
bt = &tags->bitmap_tags;
finish_wait(&ws->wait, &wait);
+
+ /*
+ * If destination hw queue is changed, fake wake up on
+ * previous queue for compensating the wake up miss, so
+ * other allocations on previous queue won't be starved.
+ */
+ if (bt != bt_prev)
+ sbitmap_queue_wake_up(bt_prev);
+
ws = bt_wait_ptr(bt, data->hctx);
} while (1);
diff --git a/include/linux/sbitmap.h b/include/linux/sbitmap.h
index 0c4a9c242dd7..e6539536dea9 100644
--- a/include/linux/sbitmap.h
+++ b/include/linux/sbitmap.h
@@ -512,6 +512,13 @@ static inline struct sbq_wait_state *sbq_wait_ptr(struct sbitmap_queue *sbq,
*/
void sbitmap_queue_wake_all(struct sbitmap_queue *sbq);
+/**
+ * sbitmap_queue_wake_up() - Wake up some of waiters in one waitqueue
+ * on a &struct sbitmap_queue.
+ * @sbq: Bitmap queue to wake up.
+ */
+void sbitmap_queue_wake_up(struct sbitmap_queue *sbq);
+
/**
* sbitmap_queue_show() - Dump &struct sbitmap_queue information to a &struct
* seq_file.
diff --git a/lib/sbitmap.c b/lib/sbitmap.c
index e6d7d610778d..6fdc6267f4a8 100644
--- a/lib/sbitmap.c
+++ b/lib/sbitmap.c
@@ -352,8 +352,9 @@ static void sbitmap_queue_update_wake_batch(struct sbitmap_queue *sbq,
if (sbq->wake_batch != wake_batch) {
WRITE_ONCE(sbq->wake_batch, wake_batch);
/*
- * Pairs with the memory barrier in sbq_wake_up() to ensure that
- * the batch size is updated before the wait counts.
+ * Pairs with the memory barrier in sbitmap_queue_wake_up()
+ * to ensure that the batch size is updated before the wait
+ * counts.
*/
smp_mb__before_atomic();
for (i = 0; i < SBQ_WAIT_QUEUES; i++)
@@ -463,15 +464,6 @@ static bool __sbq_wake_up(struct sbitmap_queue *sbq)
unsigned int wake_batch;
int wait_cnt;
- /*
- * Pairs with the memory barrier in set_current_state() to ensure the
- * proper ordering of clear_bit()/waitqueue_active() in the waker and
- * test_and_set_bit_lock()/prepare_to_wait()/finish_wait() in the
- * waiter. See the comment on waitqueue_active(). This is __after_atomic
- * because we just did clear_bit_unlock() in the caller.
- */
- smp_mb__after_atomic();
-
ws = sbq_wake_ptr(sbq);
if (!ws)
return false;
@@ -507,17 +499,26 @@ static bool __sbq_wake_up(struct sbitmap_queue *sbq)
return false;
}
-static void sbq_wake_up(struct sbitmap_queue *sbq)
+void sbitmap_queue_wake_up(struct sbitmap_queue *sbq)
{
while (__sbq_wake_up(sbq))
;
}
+EXPORT_SYMBOL_GPL(sbitmap_queue_wake_up);
void sbitmap_queue_clear(struct sbitmap_queue *sbq, unsigned int nr,
unsigned int cpu)
{
sbitmap_clear_bit_unlock(&sbq->sb, nr);
- sbq_wake_up(sbq);
+ /*
+ * Pairs with the memory barrier in set_current_state() to ensure the
+ * proper ordering of clear_bit_unlock()/waitqueue_active() in the waker
+ * and test_and_set_bit_lock()/prepare_to_wait()/finish_wait() in the
+ * waiter. See the comment on waitqueue_active().
+ */
+ smp_mb__after_atomic();
+ sbitmap_queue_wake_up(sbq);
+
if (likely(!sbq->round_robin && nr < sbq->sb.depth))
*per_cpu_ptr(sbq->alloc_hint, cpu) = nr;
}
@@ -529,7 +530,7 @@ void sbitmap_queue_wake_all(struct sbitmap_queue *sbq)
/*
* Pairs with the memory barrier in set_current_state() like in
- * sbq_wake_up().
+ * sbitmap_queue_wake_up().
*/
smp_mb();
wake_index = atomic_read(&sbq->wake_index);
The patch below does not apply to the 4.4-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
>From cfe89091644c441a1ade6dae6d2e47b715648615 Mon Sep 17 00:00:00 2001
From: Steve French <stfrench(a)microsoft.com>
Date: Sat, 19 May 2018 02:04:55 -0500
Subject: [PATCH] smb3: fix various xid leaks
Fix a few cases where we were not freeing the xid which led to
active requests being non-zero at unmount time.
Signed-off-by: Steve French <smfrench(a)gmail.com>
CC: Stable <stable(a)vger.kernel.org>
Reviewed-by: Ronnie Sahlberg <lsahlber(a)redhat.com>
diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c
index ceaa358723f0..f0ae47e69cb3 100644
--- a/fs/cifs/smb2ops.c
+++ b/fs/cifs/smb2ops.c
@@ -1637,8 +1637,11 @@ get_smb2_acl_by_path(struct cifs_sb_info *cifs_sb,
oparms.create_options = 0;
utf16_path = cifs_convert_path_to_utf16(path, cifs_sb);
- if (!utf16_path)
- return ERR_PTR(-ENOMEM);
+ if (!utf16_path) {
+ rc = -ENOMEM;
+ free_xid(xid);
+ return ERR_PTR(rc);
+ }
oparms.tcon = tcon;
oparms.desired_access = READ_CONTROL;
@@ -1696,8 +1699,11 @@ set_smb2_acl(struct cifs_ntsd *pnntsd, __u32 acllen,
access_flags = WRITE_DAC;
utf16_path = cifs_convert_path_to_utf16(path, cifs_sb);
- if (!utf16_path)
- return -ENOMEM;
+ if (!utf16_path) {
+ rc = -ENOMEM;
+ free_xid(xid);
+ return rc;
+ }
oparms.tcon = tcon;
oparms.desired_access = access_flags;
@@ -1757,15 +1763,21 @@ static long smb3_zero_range(struct file *file, struct cifs_tcon *tcon,
/* if file not oplocked can't be sure whether asking to extend size */
if (!CIFS_CACHE_READ(cifsi))
- if (keep_size == false)
- return -EOPNOTSUPP;
+ if (keep_size == false) {
+ rc = -EOPNOTSUPP;
+ free_xid(xid);
+ return rc;
+ }
/*
* Must check if file sparse since fallocate -z (zero range) assumes
* non-sparse allocation
*/
- if (!(cifsi->cifsAttrs & FILE_ATTRIBUTE_SPARSE_FILE))
- return -EOPNOTSUPP;
+ if (!(cifsi->cifsAttrs & FILE_ATTRIBUTE_SPARSE_FILE)) {
+ rc = -EOPNOTSUPP;
+ free_xid(xid);
+ return rc;
+ }
/*
* need to make sure we are not asked to extend the file since the SMB3
@@ -1774,8 +1786,11 @@ static long smb3_zero_range(struct file *file, struct cifs_tcon *tcon,
* which for a non sparse file would zero the newly extended range
*/
if (keep_size == false)
- if (i_size_read(inode) < offset + len)
- return -EOPNOTSUPP;
+ if (i_size_read(inode) < offset + len) {
+ rc = -EOPNOTSUPP;
+ free_xid(xid);
+ return rc;
+ }
cifs_dbg(FYI, "offset %lld len %lld", offset, len);
@@ -1808,8 +1823,11 @@ static long smb3_punch_hole(struct file *file, struct cifs_tcon *tcon,
/* Need to make file sparse, if not already, before freeing range. */
/* Consider adding equivalent for compressed since it could also work */
- if (!smb2_set_sparse(xid, tcon, cfile, inode, set_sparse))
- return -EOPNOTSUPP;
+ if (!smb2_set_sparse(xid, tcon, cfile, inode, set_sparse)) {
+ rc = -EOPNOTSUPP;
+ free_xid(xid);
+ return rc;
+ }
cifs_dbg(FYI, "offset %lld len %lld", offset, len);
@@ -1840,8 +1858,10 @@ static long smb3_simple_falloc(struct file *file, struct cifs_tcon *tcon,
/* if file not oplocked can't be sure whether asking to extend size */
if (!CIFS_CACHE_READ(cifsi))
- if (keep_size == false)
- return -EOPNOTSUPP;
+ if (keep_size == false) {
+ free_xid(xid);
+ return rc;
+ }
/*
* Files are non-sparse by default so falloc may be a no-op
@@ -1850,14 +1870,16 @@ static long smb3_simple_falloc(struct file *file, struct cifs_tcon *tcon,
*/
if ((cifsi->cifsAttrs & FILE_ATTRIBUTE_SPARSE_FILE) == 0) {
if (keep_size == true)
- return 0;
+ rc = 0;
/* check if extending file */
else if (i_size_read(inode) >= off + len)
/* not extending file and already not sparse */
- return 0;
+ rc = 0;
/* BB: in future add else clause to extend file */
else
- return -EOPNOTSUPP;
+ rc = -EOPNOTSUPP;
+ free_xid(xid);
+ return rc;
}
if ((keep_size == true) || (i_size_read(inode) >= off + len)) {
@@ -1869,8 +1891,11 @@ static long smb3_simple_falloc(struct file *file, struct cifs_tcon *tcon,
* ie potentially making a few extra pages at the beginning
* or end of the file non-sparse via set_sparse is harmless.
*/
- if ((off > 8192) || (off + len + 8192 < i_size_read(inode)))
- return -EOPNOTSUPP;
+ if ((off > 8192) || (off + len + 8192 < i_size_read(inode))) {
+ rc = -EOPNOTSUPP;
+ free_xid(xid);
+ return rc;
+ }
rc = smb2_set_sparse(xid, tcon, cfile, inode, false);
}
The patch below does not apply to the 4.9-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
>From cfe89091644c441a1ade6dae6d2e47b715648615 Mon Sep 17 00:00:00 2001
From: Steve French <stfrench(a)microsoft.com>
Date: Sat, 19 May 2018 02:04:55 -0500
Subject: [PATCH] smb3: fix various xid leaks
Fix a few cases where we were not freeing the xid which led to
active requests being non-zero at unmount time.
Signed-off-by: Steve French <smfrench(a)gmail.com>
CC: Stable <stable(a)vger.kernel.org>
Reviewed-by: Ronnie Sahlberg <lsahlber(a)redhat.com>
diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c
index ceaa358723f0..f0ae47e69cb3 100644
--- a/fs/cifs/smb2ops.c
+++ b/fs/cifs/smb2ops.c
@@ -1637,8 +1637,11 @@ get_smb2_acl_by_path(struct cifs_sb_info *cifs_sb,
oparms.create_options = 0;
utf16_path = cifs_convert_path_to_utf16(path, cifs_sb);
- if (!utf16_path)
- return ERR_PTR(-ENOMEM);
+ if (!utf16_path) {
+ rc = -ENOMEM;
+ free_xid(xid);
+ return ERR_PTR(rc);
+ }
oparms.tcon = tcon;
oparms.desired_access = READ_CONTROL;
@@ -1696,8 +1699,11 @@ set_smb2_acl(struct cifs_ntsd *pnntsd, __u32 acllen,
access_flags = WRITE_DAC;
utf16_path = cifs_convert_path_to_utf16(path, cifs_sb);
- if (!utf16_path)
- return -ENOMEM;
+ if (!utf16_path) {
+ rc = -ENOMEM;
+ free_xid(xid);
+ return rc;
+ }
oparms.tcon = tcon;
oparms.desired_access = access_flags;
@@ -1757,15 +1763,21 @@ static long smb3_zero_range(struct file *file, struct cifs_tcon *tcon,
/* if file not oplocked can't be sure whether asking to extend size */
if (!CIFS_CACHE_READ(cifsi))
- if (keep_size == false)
- return -EOPNOTSUPP;
+ if (keep_size == false) {
+ rc = -EOPNOTSUPP;
+ free_xid(xid);
+ return rc;
+ }
/*
* Must check if file sparse since fallocate -z (zero range) assumes
* non-sparse allocation
*/
- if (!(cifsi->cifsAttrs & FILE_ATTRIBUTE_SPARSE_FILE))
- return -EOPNOTSUPP;
+ if (!(cifsi->cifsAttrs & FILE_ATTRIBUTE_SPARSE_FILE)) {
+ rc = -EOPNOTSUPP;
+ free_xid(xid);
+ return rc;
+ }
/*
* need to make sure we are not asked to extend the file since the SMB3
@@ -1774,8 +1786,11 @@ static long smb3_zero_range(struct file *file, struct cifs_tcon *tcon,
* which for a non sparse file would zero the newly extended range
*/
if (keep_size == false)
- if (i_size_read(inode) < offset + len)
- return -EOPNOTSUPP;
+ if (i_size_read(inode) < offset + len) {
+ rc = -EOPNOTSUPP;
+ free_xid(xid);
+ return rc;
+ }
cifs_dbg(FYI, "offset %lld len %lld", offset, len);
@@ -1808,8 +1823,11 @@ static long smb3_punch_hole(struct file *file, struct cifs_tcon *tcon,
/* Need to make file sparse, if not already, before freeing range. */
/* Consider adding equivalent for compressed since it could also work */
- if (!smb2_set_sparse(xid, tcon, cfile, inode, set_sparse))
- return -EOPNOTSUPP;
+ if (!smb2_set_sparse(xid, tcon, cfile, inode, set_sparse)) {
+ rc = -EOPNOTSUPP;
+ free_xid(xid);
+ return rc;
+ }
cifs_dbg(FYI, "offset %lld len %lld", offset, len);
@@ -1840,8 +1858,10 @@ static long smb3_simple_falloc(struct file *file, struct cifs_tcon *tcon,
/* if file not oplocked can't be sure whether asking to extend size */
if (!CIFS_CACHE_READ(cifsi))
- if (keep_size == false)
- return -EOPNOTSUPP;
+ if (keep_size == false) {
+ free_xid(xid);
+ return rc;
+ }
/*
* Files are non-sparse by default so falloc may be a no-op
@@ -1850,14 +1870,16 @@ static long smb3_simple_falloc(struct file *file, struct cifs_tcon *tcon,
*/
if ((cifsi->cifsAttrs & FILE_ATTRIBUTE_SPARSE_FILE) == 0) {
if (keep_size == true)
- return 0;
+ rc = 0;
/* check if extending file */
else if (i_size_read(inode) >= off + len)
/* not extending file and already not sparse */
- return 0;
+ rc = 0;
/* BB: in future add else clause to extend file */
else
- return -EOPNOTSUPP;
+ rc = -EOPNOTSUPP;
+ free_xid(xid);
+ return rc;
}
if ((keep_size == true) || (i_size_read(inode) >= off + len)) {
@@ -1869,8 +1891,11 @@ static long smb3_simple_falloc(struct file *file, struct cifs_tcon *tcon,
* ie potentially making a few extra pages at the beginning
* or end of the file non-sparse via set_sparse is harmless.
*/
- if ((off > 8192) || (off + len + 8192 < i_size_read(inode)))
- return -EOPNOTSUPP;
+ if ((off > 8192) || (off + len + 8192 < i_size_read(inode))) {
+ rc = -EOPNOTSUPP;
+ free_xid(xid);
+ return rc;
+ }
rc = smb2_set_sparse(xid, tcon, cfile, inode, false);
}
From: Fabio Estevam <fabio.estevam(a)nxp.com>
Russell King reported:
"When removing and reloading the etnaviv module, the following splat
occurs:
sysfs: cannot create duplicate filename '/devices/platform/etnaviv'
CPU: 0 PID: 1471 Comm: modprobe Not tainted 4.17.0+ #1608
Hardware name: Marvell Dove (Cubox)
Backtrace:
[<c00157d4>] (dump_backtrace) from [<c0015b8c>] (show_stack+0x18/0x1c)
r6:ef033e38 r5:ee07b340 r4:edb9d000 r3:00000000
[<c0015b74>] (show_stack) from [<c0620784>] (dump_stack+0x20/0x28)
[<c0620764>] (dump_stack) from [<c01bcd24>] (sysfs_warn_dup+0x5c/0x70)
[<c01bccc8>] (sysfs_warn_dup) from [<c01bce14>] (sysfs_create_dir_ns+0x90/0x98)
..."
Commit 246774d17fc0 ("drm/etnaviv: remove the need for a gpu-subsystem
DT node") introduced DRM registration via
platform_device_register_simple(), but missed to call
platform_device_unregister() inside etnaviv_exit().
Fix the problem by calling platform_device_unregister() inside
etnaviv_exit(). While at it, also rearrange the function calls
in the exit path to make them happen in the opposite order of
registration.
Tested on a imx6-sabresd board.
Cc: <stable(a)vger.kernel.org>
Fixes: 246774d17fc0 ("drm/etnaviv: remove the need for a gpu-subsystem DT node")
Reported-by: Russell King <linux(a)armlinux.org.uk>
Signed-off-by: Fabio Estevam <fabio.estevam(a)nxp.com>
---
drivers/gpu/drm/etnaviv/etnaviv_drv.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/etnaviv/etnaviv_drv.c b/drivers/gpu/drm/etnaviv/etnaviv_drv.c
index e5013a9..88ab61b 100644
--- a/drivers/gpu/drm/etnaviv/etnaviv_drv.c
+++ b/drivers/gpu/drm/etnaviv/etnaviv_drv.c
@@ -631,6 +631,8 @@ static struct platform_driver etnaviv_platform_driver = {
},
};
+static struct platform_device *etnaviv_drm;
+
static int __init etnaviv_init(void)
{
int ret;
@@ -654,7 +656,8 @@ static int __init etnaviv_init(void)
if (!of_device_is_available(np))
continue;
- platform_device_register_simple("etnaviv", -1, NULL, 0);
+ etnaviv_drm = platform_device_register_simple("etnaviv", -1,
+ NULL, 0);
of_node_put(np);
break;
}
@@ -665,8 +668,9 @@ module_init(etnaviv_init);
static void __exit etnaviv_exit(void)
{
- platform_driver_unregister(&etnaviv_gpu_driver);
+ platform_device_unregister(etnaviv_drm);
platform_driver_unregister(&etnaviv_platform_driver);
+ platform_driver_unregister(&etnaviv_gpu_driver);
}
module_exit(etnaviv_exit);
--
2.7.4
From: "Steven Rostedt (VMware)" <rostedt(a)goodmis.org>
The syzkaller detected a out-of-bounds issue with the events filter code,
specifically here:
prog[N].pred = NULL; /* #13 */
prog[N].target = 1; /* TRUE */
prog[N+1].pred = NULL;
prog[N+1].target = 0; /* FALSE */
-> prog[N-1].target = N;
prog[N-1].when_to_branch = false;
As that's the first reference to a "N-1" index, it appears that the code got
here with N = 0, which means the filter parser found no filter to parse
(which shouldn't ever happen, but apparently it did).
Add a new error to the parsing code that will check to make sure that N is
not zero before going into this part of the code. If N = 0, then -EINVAL is
returned, and a error message is added to the filter.
Cc: stable(a)vger.kernel.org
Fixes: 80765597bc587 ("tracing: Rewrite filter logic to be simpler and faster")
Reported-by: air icy <icytxw(a)gmail.com>
bugzilla url: https://bugzilla.kernel.org/show_bug.cgi?id=200019
Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org>
---
kernel/trace/trace_events_filter.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/kernel/trace/trace_events_filter.c b/kernel/trace/trace_events_filter.c
index e1c818dbc0d7..0dceb77d1d42 100644
--- a/kernel/trace/trace_events_filter.c
+++ b/kernel/trace/trace_events_filter.c
@@ -78,7 +78,8 @@ static const char * ops[] = { OPS };
C(TOO_MANY_PREDS, "Too many terms in predicate expression"), \
C(INVALID_FILTER, "Meaningless filter expression"), \
C(IP_FIELD_ONLY, "Only 'ip' field is supported for function trace"), \
- C(INVALID_VALUE, "Invalid value (did you forget quotes)?"),
+ C(INVALID_VALUE, "Invalid value (did you forget quotes)?"), \
+ C(NO_FILTER, "No filter found"),
#undef C
#define C(a, b) FILT_ERR_##a
@@ -550,6 +551,13 @@ predicate_parse(const char *str, int nr_parens, int nr_preds,
goto out_free;
}
+ if (!N) {
+ /* No program? */
+ ret = -EINVAL;
+ parse_error(pe, FILT_ERR_NO_FILTER, ptr - str);
+ goto out_free;
+ }
+
prog[N].pred = NULL; /* #13 */
prog[N].target = 1; /* TRUE */
prog[N+1].pred = NULL;
--
2.17.1
The patch titled
Subject: kasan: depend on CONFIG_SLUB_DEBUG
has been added to the -mm tree. Its filename is
kasan-depend-on-config_slub_debug.patch
This patch should soon appear at
http://ozlabs.org/~akpm/mmots/broken-out/kasan-depend-on-config_slub_debug.…
and later at
http://ozlabs.org/~akpm/mmotm/broken-out/kasan-depend-on-config_slub_debug.…
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***
The -mm tree is included into linux-next and is updated
there every 3-4 working days
------------------------------------------------------
From: "Jason A. Donenfeld" <Jason(a)zx2c4.com>
Subject: kasan: depend on CONFIG_SLUB_DEBUG
KASAN depends on having access to some of the accounting that SLUB_DEBUG
does; without it, there are immediate crashes [1]. So, the natural thing
to do is to make KASAN select SLUB_DEBUG.
[1] http://lkml.kernel.org/r/CAHmME9rtoPwxUSnktxzKso14iuVCWT7BE_-_8PAC=pGw1iJnQ…
Link: http://lkml.kernel.org/r/20180622154623.25388-1-Jason@zx2c4.com
Fixes: f9e13c0a5a33 ("slab, slub: skip unnecessary kasan_cache_shutdown()")
Signed-off-by: Jason A. Donenfeld <Jason(a)zx2c4.com>
Acked-by: Michal Hocko <mhocko(a)suse.com>
Reviewed-by: Shakeel Butt <shakeelb(a)google.com>
Cc: Shakeel Butt <shakeelb(a)google.com>
Cc: David Rientjes <rientjes(a)google.com>
Cc: Christoph Lameter <cl(a)linux.com>
Cc: Pekka Enberg <penberg(a)kernel.org>
Cc: Joonsoo Kim <iamjoonsoo.kim(a)lge.com>
Cc: Andrey Ryabinin <aryabinin(a)virtuozzo.com>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
lib/Kconfig.kasan | 1 +
1 file changed, 1 insertion(+)
diff -puN lib/Kconfig.kasan~kasan-depend-on-config_slub_debug lib/Kconfig.kasan
--- a/lib/Kconfig.kasan~kasan-depend-on-config_slub_debug
+++ a/lib/Kconfig.kasan
@@ -6,6 +6,7 @@ if HAVE_ARCH_KASAN
config KASAN
bool "KASan: runtime memory debugger"
depends on SLUB || (SLAB && !DEBUG_SLAB)
+ select SLUB_DEBUG if SLUB
select CONSTRUCTORS
select STACKDEPOT
help
_
Patches currently in -mm which might be from Jason(a)zx2c4.com are
kasan-depend-on-config_slub_debug.patch
Since commit 1bb88666775e ("mtd: nand: denali: handle timing parameters
by setup_data_interface()"), denali_dt.c gets the clock rate from the
clock driver. The driver expects the frequency of the bus interface
clock, whereas the clock driver of SOCFPGA provides the core clock.
Thus, the setup_data_interface() hook calculates timing parameters
based on a wrong frequency.
To make it work without relying on the clock driver, hard-code the clock
frequency, 200MHz. This is fine for existing DT of UniPhier, and also
fixes the issue of SOCFPGA because both platforms use 200 MHz for the
bus interface clock.
Fixes: 1bb88666775e ("mtd: nand: denali: handle timing parameters by setup_data_interface()")
Cc: linux-stable <stable(a)vger.kernel.org> #4.14+
Reported-by: Philipp Rosenberger <p.rosenberger(a)linutronix.de>
Suggested-by: Boris Brezillon <boris.brezillon(a)bootlin.com>
Signed-off-by: Masahiro Yamada <yamada.masahiro(a)socionext.com>
Tested-by: Richard Weinberger <richard(a)nod.at>
---
Changes in v4:
- split into a very simple patch for backport candiate
drivers/mtd/nand/raw/denali_dt.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/mtd/nand/raw/denali_dt.c b/drivers/mtd/nand/raw/denali_dt.c
index cfd33e6..5869e90 100644
--- a/drivers/mtd/nand/raw/denali_dt.c
+++ b/drivers/mtd/nand/raw/denali_dt.c
@@ -123,7 +123,11 @@ static int denali_dt_probe(struct platform_device *pdev)
if (ret)
return ret;
- denali->clk_x_rate = clk_get_rate(dt->clk);
+ /*
+ * Hardcode the clock rate for the backward compatibility.
+ * This works for both SOCFPGA and UniPhier.
+ */
+ denali->clk_x_rate = 200000000;
ret = denali_init(denali);
if (ret)
--
2.7.4
When rewriting swapper using nG mappings, we must performance cache
maintenance around each page table access in order to avoid coherency
problems with the host's cacheable alias under KVM. To ensure correct
ordering of the maintenance with respect to Device memory accesses made
with the Stage-1 MMU disabled, DMBs need to be added between the
maintenance and the corresponding memory access.
This patch adds a missing DMB between writing a new page table entry and
performing a clean+invalidate on the same line.
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Will Deacon <will.deacon(a)arm.com>
---
arch/arm64/mm/proc.S | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/arch/arm64/mm/proc.S b/arch/arm64/mm/proc.S
index 5f9a73a4452c..03646e6a2ef4 100644
--- a/arch/arm64/mm/proc.S
+++ b/arch/arm64/mm/proc.S
@@ -217,8 +217,9 @@ ENDPROC(idmap_cpu_replace_ttbr1)
.macro __idmap_kpti_put_pgtable_ent_ng, type
orr \type, \type, #PTE_NG // Same bit for blocks and pages
- str \type, [cur_\()\type\()p] // Update the entry and ensure it
- dc civac, cur_\()\type\()p // is visible to all CPUs.
+ str \type, [cur_\()\type\()p] // Update the entry and ensure
+ dmb sy // that it is visible to all
+ dc civac, cur_\()\type\()p // CPUs.
.endm
/*
--
2.1.4
For !CONFIG_SLUB_DEBUG, SLUB does not maintain the number of slabs
allocated per node for a kmem_cache. Thus, slabs_node() in
__kmem_cache_empty(), __kmem_cache_shrink() and __kmem_cache_destroy()
will always return 0 for such config. This is wrong and can cause issues
for all users of these functions.
Infact in [1] Jason has reported a system crash while using SLUB without
CONFIG_SLUB_DEBUG. The reason was the usage of slabs_node() by
__kmem_cache_empty().
The right solution is to make slabs_node() work even for
!CONFIG_SLUB_DEBUG. The commit 0f389ec63077 ("slub: No need for per node
slab counters if !SLUB_DEBUG") had put the per node slab counter under
CONFIG_SLUB_DEBUG because it was only read through sysfs API and the
sysfs API was disabled on !CONFIG_SLUB_DEBUG. However the users of the
per node slab counter assumed that it will work in the absence of
CONFIG_SLUB_DEBUG. So, make the counter work for !CONFIG_SLUB_DEBUG.
Please note that commit f9e13c0a5a33 ("slab, slub: skip unnecessary
kasan_cache_shutdown()") exposed this issue but it is present even
before.
[1] http://lkml.kernel.org/r/CAHmME9rtoPwxUSnktxzKso14iuVCWT7BE_-_8PAC=pGw1iJnQ…
Fixes: f9e13c0a5a33 ("slab, slub: skip unnecessary kasan_cache_shutdown()")
Signed-off-by: Shakeel Butt <shakeelb(a)google.com>
Suggested-by: David Rientjes <rientjes(a)google.com>
Reported-by: Jason A . Donenfeld <Jason(a)zx2c4.com>
Cc: Christoph Lameter <cl(a)linux.com>
Cc: Pekka Enberg <penberg(a)kernel.org>
Cc: Joonsoo Kim <iamjoonsoo.kim(a)lge.com>
Cc: Andrew Morton <akpm(a)linux-foundation.org>
Cc: Andrey Ryabinin <aryabinin(a)virtuozzo.com>
Cc: <stable(a)vger.kernel.org>
Cc: <linux-mm(a)kvack.org>
Cc: <linux-kernel(a)vger.kernel.org>
---
mm/slab.h | 2 +-
mm/slub.c | 80 +++++++++++++++++++++++++------------------------------
2 files changed, 38 insertions(+), 44 deletions(-)
diff --git a/mm/slab.h b/mm/slab.h
index 68bdf498da3b..a6545332cc86 100644
--- a/mm/slab.h
+++ b/mm/slab.h
@@ -473,8 +473,8 @@ struct kmem_cache_node {
#ifdef CONFIG_SLUB
unsigned long nr_partial;
struct list_head partial;
-#ifdef CONFIG_SLUB_DEBUG
atomic_long_t nr_slabs;
+#ifdef CONFIG_SLUB_DEBUG
atomic_long_t total_objects;
struct list_head full;
#endif
diff --git a/mm/slub.c b/mm/slub.c
index a3b8467c14af..c9c190d54687 100644
--- a/mm/slub.c
+++ b/mm/slub.c
@@ -1030,42 +1030,6 @@ static void remove_full(struct kmem_cache *s, struct kmem_cache_node *n, struct
list_del(&page->lru);
}
-/* Tracking of the number of slabs for debugging purposes */
-static inline unsigned long slabs_node(struct kmem_cache *s, int node)
-{
- struct kmem_cache_node *n = get_node(s, node);
-
- return atomic_long_read(&n->nr_slabs);
-}
-
-static inline unsigned long node_nr_slabs(struct kmem_cache_node *n)
-{
- return atomic_long_read(&n->nr_slabs);
-}
-
-static inline void inc_slabs_node(struct kmem_cache *s, int node, int objects)
-{
- struct kmem_cache_node *n = get_node(s, node);
-
- /*
- * May be called early in order to allocate a slab for the
- * kmem_cache_node structure. Solve the chicken-egg
- * dilemma by deferring the increment of the count during
- * bootstrap (see early_kmem_cache_node_alloc).
- */
- if (likely(n)) {
- atomic_long_inc(&n->nr_slabs);
- atomic_long_add(objects, &n->total_objects);
- }
-}
-static inline void dec_slabs_node(struct kmem_cache *s, int node, int objects)
-{
- struct kmem_cache_node *n = get_node(s, node);
-
- atomic_long_dec(&n->nr_slabs);
- atomic_long_sub(objects, &n->total_objects);
-}
-
/* Object debug checks for alloc/free paths */
static void setup_object_debug(struct kmem_cache *s, struct page *page,
void *object)
@@ -1321,16 +1285,46 @@ slab_flags_t kmem_cache_flags(unsigned int object_size,
#define disable_higher_order_debug 0
+#endif /* CONFIG_SLUB_DEBUG */
+
static inline unsigned long slabs_node(struct kmem_cache *s, int node)
- { return 0; }
+{
+ struct kmem_cache_node *n = get_node(s, node);
+
+ return atomic_long_read(&n->nr_slabs);
+}
+
static inline unsigned long node_nr_slabs(struct kmem_cache_node *n)
- { return 0; }
-static inline void inc_slabs_node(struct kmem_cache *s, int node,
- int objects) {}
-static inline void dec_slabs_node(struct kmem_cache *s, int node,
- int objects) {}
+{
+ return atomic_long_read(&n->nr_slabs);
+}
-#endif /* CONFIG_SLUB_DEBUG */
+static inline void inc_slabs_node(struct kmem_cache *s, int node, int objects)
+{
+ struct kmem_cache_node *n = get_node(s, node);
+
+ /*
+ * May be called early in order to allocate a slab for the
+ * kmem_cache_node structure. Solve the chicken-egg
+ * dilemma by deferring the increment of the count during
+ * bootstrap (see early_kmem_cache_node_alloc).
+ */
+ if (likely(n)) {
+ atomic_long_inc(&n->nr_slabs);
+#ifdef CONFIG_SLUB_DEBUG
+ atomic_long_add(objects, &n->total_objects);
+#endif
+ }
+}
+static inline void dec_slabs_node(struct kmem_cache *s, int node, int objects)
+{
+ struct kmem_cache_node *n = get_node(s, node);
+
+ atomic_long_dec(&n->nr_slabs);
+#ifdef CONFIG_SLUB_DEBUG
+ atomic_long_sub(objects, &n->total_objects);
+#endif
+}
/*
* Hooks for other subsystems that check memory allocations. In a typical
--
2.18.0.rc1.244.gcf134e6275-goog
For the common cases where 1000 is a multiple of HZ, or HZ is a multiple
of 1000, jiffies_to_msecs() never returns zero when passed a non-zero
time period.
However, if HZ > 1000 and not an integer multiple of 1000 (e.g. 1024 or
1200, as used on alpha and DECstation), jiffies_to_msecs() may return
zero for small non-zero time periods. This may break code that relies
on receiving back a non-zero value.
jiffies_to_usecs() does not need such a fix: one jiffy can only be
less than one µs if HZ > 1000000, and such large values of HZ are
already rejected at build time, twice:
- include/linux/jiffies.h does #error if HZ >= 12288,
- kernel/time/time.c has BUILD_BUG_ON(HZ > USEC_PER_SEC).
Signed-off-by: Geert Uytterhoeven <geert(a)linux-m68k.org>
Reviewed-by: Arnd Bergmann <arnd(a)arndb.de>
Cc: stable(a)vger.kernel.org
---
Broken since forever.
v3:
- Add Reviewed-by,
- Cc stable,
- Explain better why jiffies_to_usecs() does not need a fix,
v2:
- Add examples of affected systems,
- Use DIV_ROUND_UP().
---
kernel/time/time.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/kernel/time/time.c b/kernel/time/time.c
index 6fa99213fc720e4b..2b41e8e2d31db26f 100644
--- a/kernel/time/time.c
+++ b/kernel/time/time.c
@@ -28,6 +28,7 @@
*/
#include <linux/export.h>
+#include <linux/kernel.h>
#include <linux/timex.h>
#include <linux/capability.h>
#include <linux/timekeeper_internal.h>
@@ -314,9 +315,10 @@ unsigned int jiffies_to_msecs(const unsigned long j)
return (j + (HZ / MSEC_PER_SEC) - 1)/(HZ / MSEC_PER_SEC);
#else
# if BITS_PER_LONG == 32
- return (HZ_TO_MSEC_MUL32 * j) >> HZ_TO_MSEC_SHR32;
+ return (HZ_TO_MSEC_MUL32 * j + (1ULL << HZ_TO_MSEC_SHR32) - 1) >>
+ HZ_TO_MSEC_SHR32;
# else
- return (j * HZ_TO_MSEC_NUM) / HZ_TO_MSEC_DEN;
+ return DIV_ROUND_UP(j * HZ_TO_MSEC_NUM, HZ_TO_MSEC_DEN);
# endif
#endif
}
--
2.17.1
According to the Denali User's Guide, this IP needs three clocks:
- clk: controller core clock
- clk_x: bus interface clock
- ecc_clk: clock at which ECC circuitry is run
Currently, denali_dt.c requires a single anonymous clock and its
frequency. However, the driver needs to get the frequency of "clk_x"
not "clk". This is confusing because people tend to assume the
anonymous clock means the core clock. In fact, I got a report of
SOCFPGA breakage because the timing parameters are calculated based
on a wrong frequency.
Instead of the cheesy implementation, the clocks in the real hardware
should be represented in the driver and the DT-binding.
However, adding new clocks would break the existing platforms. For the
backward compatibility, the driver still accepts a single clock just as
before. If clk_x is missing, clk_x_rate is set to a hardcoded value.
This is fine for existing DT of Socionext UniPhier, and also fixes the
issue of Altera (Intel) SOCFPGA because both platforms use 200 MHz for
the bus interface clock.
Fixes: 1bb88666775e ("mtd: nand: denali: handle timing parameters by setup_data_interface()")
Cc: linux-stable <stable(a)vger.kernel.org> #4.14+
Reported-by: Richard Weinberger <richard(a)nod.at>
Signed-off-by: Masahiro Yamada <yamada.masahiro(a)socionext.com>
---
Changes in v3:
- Change the patch order so that the bug-fix one comes the first
Changes in v2:
- Split patches into sensible chunks
.../devicetree/bindings/mtd/denali-nand.txt | 5 +++
drivers/mtd/nand/raw/denali_dt.c | 49 ++++++++++++++++++++--
2 files changed, 50 insertions(+), 4 deletions(-)
diff --git a/Documentation/devicetree/bindings/mtd/denali-nand.txt b/Documentation/devicetree/bindings/mtd/denali-nand.txt
index 0ee8edb..f33da87 100644
--- a/Documentation/devicetree/bindings/mtd/denali-nand.txt
+++ b/Documentation/devicetree/bindings/mtd/denali-nand.txt
@@ -8,6 +8,9 @@ Required properties:
- reg : should contain registers location and length for data and reg.
- reg-names: Should contain the reg names "nand_data" and "denali_reg"
- interrupts : The interrupt number.
+ - clocks: should contain phandle of the controller core clock, the bus
+ interface clock, and the ECC circuit clock.
+ - clock-names: should contain "nand", "nand_x", "ecc"
Optional properties:
- nand-ecc-step-size: see nand.txt for details. If present, the value must be
@@ -31,5 +34,7 @@ nand: nand@ff900000 {
compatible = "altr,socfpga-denali-nand";
reg = <0xff900000 0x20>, <0xffb80000 0x1000>;
reg-names = "nand_data", "denali_reg";
+ clocks = <&nand_clk>, <&nand_x_clk>, <&nand_ecc_clk>;
+ clock-names = "nand", "nand_x", "ecc";
interrupts = <0 144 4>;
};
diff --git a/drivers/mtd/nand/raw/denali_dt.c b/drivers/mtd/nand/raw/denali_dt.c
index cfd33e6..ce6239d 100644
--- a/drivers/mtd/nand/raw/denali_dt.c
+++ b/drivers/mtd/nand/raw/denali_dt.c
@@ -27,7 +27,9 @@
struct denali_dt {
struct denali_nand_info denali;
- struct clk *clk;
+ struct clk *clk; /* core clock */
+ struct clk *clk_x; /* bus interface clock */
+ struct clk *clk_ecc; /* ECC circuit clock */
};
struct denali_dt_data {
@@ -114,24 +116,61 @@ static int denali_dt_probe(struct platform_device *pdev)
if (IS_ERR(denali->host))
return PTR_ERR(denali->host);
- dt->clk = devm_clk_get(&pdev->dev, NULL);
+ /*
+ * A single anonymous clock is supported for the backward compatibility.
+ * New platforms should support all the named clocks.
+ */
+ dt->clk = devm_clk_get(&pdev->dev, "nand");
+ if (IS_ERR(dt->clk))
+ dt->clk = devm_clk_get(&pdev->dev, NULL);
if (IS_ERR(dt->clk)) {
dev_err(&pdev->dev, "no clk available\n");
return PTR_ERR(dt->clk);
}
+
+ dt->clk_x = devm_clk_get(&pdev->dev, "nand_x");
+ if (IS_ERR(dt->clk_x))
+ dt->clk_x = NULL;
+
+ dt->clk_ecc = devm_clk_get(&pdev->dev, "ecc");
+ if (IS_ERR(dt->clk_ecc))
+ dt->clk_ecc = NULL;
+
ret = clk_prepare_enable(dt->clk);
if (ret)
return ret;
- denali->clk_x_rate = clk_get_rate(dt->clk);
+ ret = clk_prepare_enable(dt->clk_x);
+ if (ret)
+ goto out_disable_clk;
+
+ ret = clk_prepare_enable(dt->clk_ecc);
+ if (ret)
+ goto out_disable_clk_x;
+
+ if (dt->clk_x) {
+ denali->clk_x_rate = clk_get_rate(dt->clk_x);
+ } else {
+ /*
+ * Hardcode the clock rates for the backward compatibility.
+ * This works for both SOCFPGA and UniPhier.
+ */
+ dev_notice(&pdev->dev,
+ "necessary clock is missing. default clock rates are used.\n");
+ denali->clk_x_rate = 200000000;
+ }
ret = denali_init(denali);
if (ret)
- goto out_disable_clk;
+ goto out_disable_clk_ecc;
platform_set_drvdata(pdev, dt);
return 0;
+out_disable_clk_ecc:
+ clk_disable_unprepare(dt->clk_ecc);
+out_disable_clk_x:
+ clk_disable_unprepare(dt->clk_x);
out_disable_clk:
clk_disable_unprepare(dt->clk);
@@ -143,6 +182,8 @@ static int denali_dt_remove(struct platform_device *pdev)
struct denali_dt *dt = platform_get_drvdata(pdev);
denali_remove(&dt->denali);
+ clk_disable_unprepare(dt->clk_ecc);
+ clk_disable_unprepare(dt->clk_x);
clk_disable_unprepare(dt->clk);
return 0;
--
2.7.4
Commit-ID: 1f74c8a64798e2c488f86efc97e308b85fb7d7aa
Gitweb: https://git.kernel.org/tip/1f74c8a64798e2c488f86efc97e308b85fb7d7aa
Author: Borislav Petkov <bp(a)suse.de>
AuthorDate: Fri, 22 Jun 2018 11:54:28 +0200
Committer: Thomas Gleixner <tglx(a)linutronix.de>
CommitDate: Fri, 22 Jun 2018 14:35:50 +0200
x86/mce: Do not overwrite MCi_STATUS in mce_no_way_out()
mce_no_way_out() does a quick check during #MC to see whether some of
the MCEs logged would require the kernel to panic immediately. And it
passes a struct mce where MCi_STATUS gets written.
However, after having saved a valid status value, the next iteration
of the loop which goes over the MCA banks on the CPU, overwrites the
valid status value because we're using struct mce as storage instead of
a temporary variable.
Which leads to MCE records with an empty status value:
mce: [Hardware Error]: CPU 0: Machine Check Exception: 6 Bank 0: 0000000000000000
mce: [Hardware Error]: RIP 10:<ffffffffbd42fbd7> {trigger_mce+0x7/0x10}
In order to prevent the loss of the status register value, return
immediately when severity is a panic one so that we can panic
immediately with the first fatal MCE logged. This is also the intention
of this function and not to noodle over the banks while a fatal MCE is
already logged.
Tony: read the rest of the MCA bank to populate the struct mce fully.
Suggested-by: Tony Luck <tony.luck(a)intel.com>
Signed-off-by: Borislav Petkov <bp(a)suse.de>
Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de>
Cc: <stable(a)vger.kernel.org>
Link: https://lkml.kernel.org/r/20180622095428.626-8-bp@alien8.de
---
arch/x86/kernel/cpu/mcheck/mce.c | 18 ++++++++++--------
1 file changed, 10 insertions(+), 8 deletions(-)
diff --git a/arch/x86/kernel/cpu/mcheck/mce.c b/arch/x86/kernel/cpu/mcheck/mce.c
index cd76380af79f..7e6f51a9d917 100644
--- a/arch/x86/kernel/cpu/mcheck/mce.c
+++ b/arch/x86/kernel/cpu/mcheck/mce.c
@@ -772,23 +772,25 @@ EXPORT_SYMBOL_GPL(machine_check_poll);
static int mce_no_way_out(struct mce *m, char **msg, unsigned long *validp,
struct pt_regs *regs)
{
- int i, ret = 0;
char *tmp;
+ int i;
for (i = 0; i < mca_cfg.banks; i++) {
m->status = mce_rdmsrl(msr_ops.status(i));
- if (m->status & MCI_STATUS_VAL) {
- __set_bit(i, validp);
- if (quirk_no_way_out)
- quirk_no_way_out(i, m, regs);
- }
+ if (!(m->status & MCI_STATUS_VAL))
+ continue;
+
+ __set_bit(i, validp);
+ if (quirk_no_way_out)
+ quirk_no_way_out(i, m, regs);
if (mce_severity(m, mca_cfg.tolerant, &tmp, true) >= MCE_PANIC_SEVERITY) {
+ mce_read_aux(m, i);
*msg = tmp;
- ret = 1;
+ return 1;
}
}
- return ret;
+ return 0;
}
/*
From: Mason Yang <masonccyang(a)mxic.com.tw>
Make sure we flag all broken chips as not supporting this feature.
Also move this logic to a new function to keep things readable.
Fixes: 34c5c01e0c8c ("mtd: rawnand: macronix: nack the support of changing timings for one chip")
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Mason Yang <masonccyang(a)mxic.com.tw>
Signed-off-by: Boris Brezillon <boris.brezillon(a)bootlin.com>
---
Changes in v2:
- Add Fixes and Cc-stable tags
---
drivers/mtd/nand/raw/nand_macronix.c | 48 +++++++++++++++++++++++++++---------
1 file changed, 36 insertions(+), 12 deletions(-)
diff --git a/drivers/mtd/nand/raw/nand_macronix.c b/drivers/mtd/nand/raw/nand_macronix.c
index 7ed1f87e742a..49c546c97c6f 100644
--- a/drivers/mtd/nand/raw/nand_macronix.c
+++ b/drivers/mtd/nand/raw/nand_macronix.c
@@ -17,23 +17,47 @@
#include <linux/mtd/rawnand.h>
+/*
+ * Macronix AC series does not support using SET/GET_FEATURES to change
+ * the timings unlike what is declared in the parameter page. Unflag
+ * this feature to avoid unnecessary downturns.
+ */
+static void macronix_nand_fix_broken_get_timings(struct nand_chip *chip)
+{
+ unsigned int i;
+ static const char * const broken_get_timings[] = {
+ "MX30LF1G18AC",
+ "MX30LF1G28AC",
+ "MX30LF2G18AC",
+ "MX30LF2G28AC",
+ "MX30LF4G18AC",
+ "MX30LF4G28AC",
+ "MX60LF8G18AC",
+ };
+
+ if (!chip->parameters.supports_set_get_features)
+ return;
+
+ for (i = 0; i < ARRAY_SIZE(broken_get_timings); i++) {
+ if (!strcmp(broken_get_timings[i], chip->parameters.model))
+ break;
+ }
+
+ if (i == ARRAY_SIZE(broken_get_timings))
+ return;
+
+ bitmap_clear(chip->parameters.get_feature_list,
+ ONFI_FEATURE_ADDR_TIMING_MODE, 1);
+ bitmap_clear(chip->parameters.set_feature_list,
+ ONFI_FEATURE_ADDR_TIMING_MODE, 1);
+}
+
static int macronix_nand_init(struct nand_chip *chip)
{
if (nand_is_slc(chip))
chip->bbt_options |= NAND_BBT_SCAN2NDPAGE;
- /*
- * MX30LF2G18AC chip does not support using SET/GET_FEATURES to change
- * the timings unlike what is declared in the parameter page. Unflag
- * this feature to avoid unnecessary downturns.
- */
- if (chip->parameters.supports_set_get_features &&
- !strcmp("MX30LF2G18AC", chip->parameters.model)) {
- bitmap_clear(chip->parameters.get_feature_list,
- ONFI_FEATURE_ADDR_TIMING_MODE, 1);
- bitmap_clear(chip->parameters.set_feature_list,
- ONFI_FEATURE_ADDR_TIMING_MODE, 1);
- }
+ macronix_nand_fix_broken_get_timings(chip);
return 0;
}
--
2.14.1
Positive return value from read_oob() is making false BAD
blocks. For some of the NAND controllers, OOB bytes will be
protected with ECC and read_oob() will return number of bitflips.
If there is any bitflip in ECC protected OOB bytes for BAD block
status page, then that block is getting treated as BAD.
Fixes: c120e75e0e7d ("mtd: nand: use read_oob() instead of cmdfunc() for bad block check")
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Abhishek Sahu <absahu(a)codeaurora.org>
---
drivers/mtd/nand/raw/nand_base.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/mtd/nand/raw/nand_base.c b/drivers/mtd/nand/raw/nand_base.c
index f28c3a5..4a73f73 100644
--- a/drivers/mtd/nand/raw/nand_base.c
+++ b/drivers/mtd/nand/raw/nand_base.c
@@ -440,7 +440,7 @@ static int nand_block_bad(struct mtd_info *mtd, loff_t ofs)
for (; page < page_end; page++) {
res = chip->ecc.read_oob(mtd, chip, page);
- if (res)
+ if (res < 0)
return res;
bad = chip->oob_poi[chip->badblockpos];
--
QUALCOMM INDIA, on behalf of Qualcomm Innovation Center, Inc.
is a member of Code Aurora Forum, hosted by The Linux Foundation
Commit 910f8befdf5b ("xen/pirq: fix error path cleanup when binding
MSIs") fixed a couple of errors in error cleanup path of
xen_bind_pirq_msi_to_irq(). This cleanup allowed a call to
__unbind_from_irq() with an unbound irq, which would result in
triggering the BUG_ON there.
Since there is really no reason for the BUG_ON (xen_free_irq() can
operate on unbound irqs) we can remove it.
Reported-by: Ben Hutchings <ben.hutchings(a)codethink.co.uk>
Signed-off-by: Boris Ostrovsky <boris.ostrovsky(a)oracle.com>
Cc: stable(a)vger.kernel.org
---
drivers/xen/events/events_base.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/drivers/xen/events/events_base.c b/drivers/xen/events/events_base.c
index 762378f..08e4af0 100644
--- a/drivers/xen/events/events_base.c
+++ b/drivers/xen/events/events_base.c
@@ -628,8 +628,6 @@ static void __unbind_from_irq(unsigned int irq)
xen_irq_info_cleanup(info);
}
- BUG_ON(info_for_irq(irq)->type == IRQT_UNBOUND);
-
xen_free_irq(irq);
}
--
1.8.3.1
On Sun, Jun 17, 2018 at 01:06:42PM +0300, Gilad Ben-Yossef wrote:
>
> It was ctr(aes). I wrongly assumed that we are supposed to unconditionally
> copy
> the cipher-text block post operation and let the caller do with it what it
> wants and so the
> code now does that for all cipher operations unconditionally.
For CTR it doesn't matter whether the last block is less than a
block, you should still increment the counter.
> So what is a good description of what we are supposed to provide in that
> field post operation?
> The next IV? but as you stated, that is not necessarily useful for all
> ciphers.
When in doubt, please refer to the generic implementation. If
that is still unclear or if it seems wrong, please post to the
list.
Cheers,
--
Email: Herbert Xu <herbert(a)gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
The patch below does not apply to the 4.16-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
>From 6ed66c3ce095ae65bbc976b5817c318653745736 Mon Sep 17 00:00:00 2001
From: Mario Limonciello <mario.limonciello(a)dell.com>
Date: Fri, 20 Apr 2018 12:42:11 -0500
Subject: [PATCH] platform/x86: Kconfig: Fix dell-laptop dependency chain.
As reported by Randy Dunlap:
>> WARNING: unmet direct dependencies detected for DELL_SMBIOS
>> Depends on [m]: X86 [=y] && X86_PLATFORM_DEVICES [=y]
>> && (DCDBAS [=m] ||
>> DCDBAS [=m]=n) && (ACPI_WMI [=n] || ACPI_WMI [=n]=n)
>> Selected by [y]:
>> - DELL_LAPTOP [=y] && X86 [=y] && X86_PLATFORM_DEVICES [=y]
>> && DMI [=y]
>> && BACKLIGHT_CLASS_DEVICE [=y] && (ACPI_VIDEO [=n] ||
>> ACPI_VIDEO [=n]=n)
>> && (RFKILL [=n] || RFKILL [=n]=n) && SERIO_I8042 [=y]
>>
Right now it's possible to set dell laptop to compile in but this
causes dell-smbios to compile in which breaks if dcdbas is a module.
Dell laptop shouldn't select dell-smbios anymore, but depend on it.
Fixes: 32d7b19bad96 (platform/x86: dell-smbios: Resolve dependency error on DCDBAS)
Reported-by: Randy Dunlap <rdunlap(a)infradead.org>
Signed-off-by: Mario Limonciello <mario.limonciello(a)dell.com>
Cc: stable(a)vger.kernel.org
Signed-off-by: Darren Hart (VMware) <dvhart(a)infradead.org>
diff --git a/drivers/platform/x86/Kconfig b/drivers/platform/x86/Kconfig
index 39d06dd1f63a..bc309c5327ff 100644
--- a/drivers/platform/x86/Kconfig
+++ b/drivers/platform/x86/Kconfig
@@ -154,7 +154,7 @@ config DELL_LAPTOP
depends on ACPI_VIDEO || ACPI_VIDEO = n
depends on RFKILL || RFKILL = n
depends on SERIO_I8042
- select DELL_SMBIOS
+ depends on DELL_SMBIOS
select POWER_SUPPLY
select LEDS_CLASS
select NEW_LEDS
The patch below does not apply to the 4.17-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
>From 6ed66c3ce095ae65bbc976b5817c318653745736 Mon Sep 17 00:00:00 2001
From: Mario Limonciello <mario.limonciello(a)dell.com>
Date: Fri, 20 Apr 2018 12:42:11 -0500
Subject: [PATCH] platform/x86: Kconfig: Fix dell-laptop dependency chain.
As reported by Randy Dunlap:
>> WARNING: unmet direct dependencies detected for DELL_SMBIOS
>> Depends on [m]: X86 [=y] && X86_PLATFORM_DEVICES [=y]
>> && (DCDBAS [=m] ||
>> DCDBAS [=m]=n) && (ACPI_WMI [=n] || ACPI_WMI [=n]=n)
>> Selected by [y]:
>> - DELL_LAPTOP [=y] && X86 [=y] && X86_PLATFORM_DEVICES [=y]
>> && DMI [=y]
>> && BACKLIGHT_CLASS_DEVICE [=y] && (ACPI_VIDEO [=n] ||
>> ACPI_VIDEO [=n]=n)
>> && (RFKILL [=n] || RFKILL [=n]=n) && SERIO_I8042 [=y]
>>
Right now it's possible to set dell laptop to compile in but this
causes dell-smbios to compile in which breaks if dcdbas is a module.
Dell laptop shouldn't select dell-smbios anymore, but depend on it.
Fixes: 32d7b19bad96 (platform/x86: dell-smbios: Resolve dependency error on DCDBAS)
Reported-by: Randy Dunlap <rdunlap(a)infradead.org>
Signed-off-by: Mario Limonciello <mario.limonciello(a)dell.com>
Cc: stable(a)vger.kernel.org
Signed-off-by: Darren Hart (VMware) <dvhart(a)infradead.org>
diff --git a/drivers/platform/x86/Kconfig b/drivers/platform/x86/Kconfig
index 39d06dd1f63a..bc309c5327ff 100644
--- a/drivers/platform/x86/Kconfig
+++ b/drivers/platform/x86/Kconfig
@@ -154,7 +154,7 @@ config DELL_LAPTOP
depends on ACPI_VIDEO || ACPI_VIDEO = n
depends on RFKILL || RFKILL = n
depends on SERIO_I8042
- select DELL_SMBIOS
+ depends on DELL_SMBIOS
select POWER_SUPPLY
select LEDS_CLASS
select NEW_LEDS
The patch below does not apply to the 4.9-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
>From 986376b68dcc95bb7df60ad30c2353c1f7578fa5 Mon Sep 17 00:00:00 2001
From: Hui Wang <hui.wang(a)canonical.com>
Date: Wed, 30 May 2018 12:33:07 +0800
Subject: [PATCH] ALSA: hda/realtek - Enable mic-mute hotkey for several Lenovo
AIOs
We have several Lenovo AIOs like M810z, M820z and M920z, they have
the same design for mic-mute hotkey and led and they use the same
codec with the same pin configuration, so use the pin conf table to
apply fix to all of them.
Fixes: 29693efcea0f ("ALSA: hda - Fix micmute hotkey problem for a lenovo AIO machine")
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Hui Wang <hui.wang(a)canonical.com>
Signed-off-by: Takashi Iwai <tiwai(a)suse.de>
diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
index 240a1a43e048..d64dcb9a4c99 100644
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -6603,7 +6603,6 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = {
SND_PCI_QUIRK(0x17aa, 0x312f, "ThinkCentre Station", ALC294_FIXUP_LENOVO_MIC_LOCATION),
SND_PCI_QUIRK(0x17aa, 0x3138, "ThinkCentre Station", ALC294_FIXUP_LENOVO_MIC_LOCATION),
SND_PCI_QUIRK(0x17aa, 0x313c, "ThinkCentre Station", ALC294_FIXUP_LENOVO_MIC_LOCATION),
- SND_PCI_QUIRK(0x17aa, 0x3112, "ThinkCentre AIO", ALC233_FIXUP_LENOVO_LINE2_MIC_HOTKEY),
SND_PCI_QUIRK(0x17aa, 0x3902, "Lenovo E50-80", ALC269_FIXUP_DMIC_THINKPAD_ACPI),
SND_PCI_QUIRK(0x17aa, 0x3977, "IdeaPad S210", ALC283_FIXUP_INT_MIC),
SND_PCI_QUIRK(0x17aa, 0x3978, "IdeaPad Y410P", ALC269_FIXUP_NO_SHUTUP),
@@ -6775,6 +6774,11 @@ static const struct snd_hda_pin_quirk alc269_pin_fixup_tbl[] = {
{0x1b, 0x01111010},
{0x1e, 0x01451130},
{0x21, 0x02211020}),
+ SND_HDA_PIN_QUIRK(0x10ec0235, 0x17aa, "Lenovo", ALC233_FIXUP_LENOVO_LINE2_MIC_HOTKEY,
+ {0x12, 0x90a60140},
+ {0x14, 0x90170110},
+ {0x19, 0x02a11030},
+ {0x21, 0x02211020}),
SND_HDA_PIN_QUIRK(0x10ec0236, 0x1028, "Dell", ALC255_FIXUP_DELL1_MIC_NO_PRESENCE,
{0x12, 0x90a60140},
{0x14, 0x90170110},
The patch below does not apply to the 4.4-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
>From 986376b68dcc95bb7df60ad30c2353c1f7578fa5 Mon Sep 17 00:00:00 2001
From: Hui Wang <hui.wang(a)canonical.com>
Date: Wed, 30 May 2018 12:33:07 +0800
Subject: [PATCH] ALSA: hda/realtek - Enable mic-mute hotkey for several Lenovo
AIOs
We have several Lenovo AIOs like M810z, M820z and M920z, they have
the same design for mic-mute hotkey and led and they use the same
codec with the same pin configuration, so use the pin conf table to
apply fix to all of them.
Fixes: 29693efcea0f ("ALSA: hda - Fix micmute hotkey problem for a lenovo AIO machine")
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Hui Wang <hui.wang(a)canonical.com>
Signed-off-by: Takashi Iwai <tiwai(a)suse.de>
diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
index 240a1a43e048..d64dcb9a4c99 100644
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -6603,7 +6603,6 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = {
SND_PCI_QUIRK(0x17aa, 0x312f, "ThinkCentre Station", ALC294_FIXUP_LENOVO_MIC_LOCATION),
SND_PCI_QUIRK(0x17aa, 0x3138, "ThinkCentre Station", ALC294_FIXUP_LENOVO_MIC_LOCATION),
SND_PCI_QUIRK(0x17aa, 0x313c, "ThinkCentre Station", ALC294_FIXUP_LENOVO_MIC_LOCATION),
- SND_PCI_QUIRK(0x17aa, 0x3112, "ThinkCentre AIO", ALC233_FIXUP_LENOVO_LINE2_MIC_HOTKEY),
SND_PCI_QUIRK(0x17aa, 0x3902, "Lenovo E50-80", ALC269_FIXUP_DMIC_THINKPAD_ACPI),
SND_PCI_QUIRK(0x17aa, 0x3977, "IdeaPad S210", ALC283_FIXUP_INT_MIC),
SND_PCI_QUIRK(0x17aa, 0x3978, "IdeaPad Y410P", ALC269_FIXUP_NO_SHUTUP),
@@ -6775,6 +6774,11 @@ static const struct snd_hda_pin_quirk alc269_pin_fixup_tbl[] = {
{0x1b, 0x01111010},
{0x1e, 0x01451130},
{0x21, 0x02211020}),
+ SND_HDA_PIN_QUIRK(0x10ec0235, 0x17aa, "Lenovo", ALC233_FIXUP_LENOVO_LINE2_MIC_HOTKEY,
+ {0x12, 0x90a60140},
+ {0x14, 0x90170110},
+ {0x19, 0x02a11030},
+ {0x21, 0x02211020}),
SND_HDA_PIN_QUIRK(0x10ec0236, 0x1028, "Dell", ALC255_FIXUP_DELL1_MIC_NO_PRESENCE,
{0x12, 0x90a60140},
{0x14, 0x90170110},
The patch below does not apply to the 4.4-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
>From db6516a5e7ddb6dc72d167b920f2f272596ea22d Mon Sep 17 00:00:00 2001
From: Amir Goldstein <amir73il(a)gmail.com>
Date: Sun, 13 May 2018 22:54:44 -0400
Subject: [PATCH] ext4: do not update s_last_mounted of a frozen fs
If fs is frozen after mount and before the first file open, the
update of s_last_mounted bypasses freeze protection and prints out
a WARNING splat:
$ mount /vdf
$ fsfreeze -f /vdf
$ cat /vdf/foo
[ 31.578555] WARNING: CPU: 1 PID: 1415 at
fs/ext4/ext4_jbd2.c:53 ext4_journal_check_start+0x48/0x82
[ 31.614016] Call Trace:
[ 31.614997] __ext4_journal_start_sb+0xe4/0x1a4
[ 31.616771] ? ext4_file_open+0xb6/0x189
[ 31.618094] ext4_file_open+0xb6/0x189
If fs is frozen, skip s_last_mounted update.
[backport hint: to apply to stable tree, need to apply also patches
vfs: add the sb_start_intwrite_trylock() helper
ext4: factor out helper ext4_sample_last_mounted()]
Cc: stable(a)vger.kernel.org
Fixes: bc0b0d6d69ee ("ext4: update the s_last_mounted field in the superblock")
Signed-off-by: Amir Goldstein <amir73il(a)gmail.com>
Signed-off-by: Theodore Ts'o <tytso(a)mit.edu>
Reviewed-by: Jan Kara <jack(a)suse.cz>
diff --git a/fs/ext4/file.c b/fs/ext4/file.c
index c48ea76b63e4..7f8023340eb8 100644
--- a/fs/ext4/file.c
+++ b/fs/ext4/file.c
@@ -393,7 +393,7 @@ static int ext4_sample_last_mounted(struct super_block *sb,
if (likely(sbi->s_mount_flags & EXT4_MF_MNTDIR_SAMPLED))
return 0;
- if (sb_rdonly(sb))
+ if (sb_rdonly(sb) || !sb_start_intwrite_trylock(sb))
return 0;
sbi->s_mount_flags |= EXT4_MF_MNTDIR_SAMPLED;
@@ -407,21 +407,25 @@ static int ext4_sample_last_mounted(struct super_block *sb,
path.mnt = mnt;
path.dentry = mnt->mnt_root;
cp = d_path(&path, buf, sizeof(buf));
+ err = 0;
if (IS_ERR(cp))
- return 0;
+ goto out;
handle = ext4_journal_start_sb(sb, EXT4_HT_MISC, 1);
+ err = PTR_ERR(handle);
if (IS_ERR(handle))
- return PTR_ERR(handle);
+ goto out;
BUFFER_TRACE(sbi->s_sbh, "get_write_access");
err = ext4_journal_get_write_access(handle, sbi->s_sbh);
if (err)
- goto out;
+ goto out_journal;
strlcpy(sbi->s_es->s_last_mounted, cp,
sizeof(sbi->s_es->s_last_mounted));
ext4_handle_dirty_super(handle, sb);
-out:
+out_journal:
ext4_journal_stop(handle);
+out:
+ sb_end_intwrite(sb);
return err;
}
The patch below does not apply to the 4.9-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
>From db6516a5e7ddb6dc72d167b920f2f272596ea22d Mon Sep 17 00:00:00 2001
From: Amir Goldstein <amir73il(a)gmail.com>
Date: Sun, 13 May 2018 22:54:44 -0400
Subject: [PATCH] ext4: do not update s_last_mounted of a frozen fs
If fs is frozen after mount and before the first file open, the
update of s_last_mounted bypasses freeze protection and prints out
a WARNING splat:
$ mount /vdf
$ fsfreeze -f /vdf
$ cat /vdf/foo
[ 31.578555] WARNING: CPU: 1 PID: 1415 at
fs/ext4/ext4_jbd2.c:53 ext4_journal_check_start+0x48/0x82
[ 31.614016] Call Trace:
[ 31.614997] __ext4_journal_start_sb+0xe4/0x1a4
[ 31.616771] ? ext4_file_open+0xb6/0x189
[ 31.618094] ext4_file_open+0xb6/0x189
If fs is frozen, skip s_last_mounted update.
[backport hint: to apply to stable tree, need to apply also patches
vfs: add the sb_start_intwrite_trylock() helper
ext4: factor out helper ext4_sample_last_mounted()]
Cc: stable(a)vger.kernel.org
Fixes: bc0b0d6d69ee ("ext4: update the s_last_mounted field in the superblock")
Signed-off-by: Amir Goldstein <amir73il(a)gmail.com>
Signed-off-by: Theodore Ts'o <tytso(a)mit.edu>
Reviewed-by: Jan Kara <jack(a)suse.cz>
diff --git a/fs/ext4/file.c b/fs/ext4/file.c
index c48ea76b63e4..7f8023340eb8 100644
--- a/fs/ext4/file.c
+++ b/fs/ext4/file.c
@@ -393,7 +393,7 @@ static int ext4_sample_last_mounted(struct super_block *sb,
if (likely(sbi->s_mount_flags & EXT4_MF_MNTDIR_SAMPLED))
return 0;
- if (sb_rdonly(sb))
+ if (sb_rdonly(sb) || !sb_start_intwrite_trylock(sb))
return 0;
sbi->s_mount_flags |= EXT4_MF_MNTDIR_SAMPLED;
@@ -407,21 +407,25 @@ static int ext4_sample_last_mounted(struct super_block *sb,
path.mnt = mnt;
path.dentry = mnt->mnt_root;
cp = d_path(&path, buf, sizeof(buf));
+ err = 0;
if (IS_ERR(cp))
- return 0;
+ goto out;
handle = ext4_journal_start_sb(sb, EXT4_HT_MISC, 1);
+ err = PTR_ERR(handle);
if (IS_ERR(handle))
- return PTR_ERR(handle);
+ goto out;
BUFFER_TRACE(sbi->s_sbh, "get_write_access");
err = ext4_journal_get_write_access(handle, sbi->s_sbh);
if (err)
- goto out;
+ goto out_journal;
strlcpy(sbi->s_es->s_last_mounted, cp,
sizeof(sbi->s_es->s_last_mounted));
ext4_handle_dirty_super(handle, sb);
-out:
+out_journal:
ext4_journal_stop(handle);
+out:
+ sb_end_intwrite(sb);
return err;
}
The patch below does not apply to the 4.14-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
>From db6516a5e7ddb6dc72d167b920f2f272596ea22d Mon Sep 17 00:00:00 2001
From: Amir Goldstein <amir73il(a)gmail.com>
Date: Sun, 13 May 2018 22:54:44 -0400
Subject: [PATCH] ext4: do not update s_last_mounted of a frozen fs
If fs is frozen after mount and before the first file open, the
update of s_last_mounted bypasses freeze protection and prints out
a WARNING splat:
$ mount /vdf
$ fsfreeze -f /vdf
$ cat /vdf/foo
[ 31.578555] WARNING: CPU: 1 PID: 1415 at
fs/ext4/ext4_jbd2.c:53 ext4_journal_check_start+0x48/0x82
[ 31.614016] Call Trace:
[ 31.614997] __ext4_journal_start_sb+0xe4/0x1a4
[ 31.616771] ? ext4_file_open+0xb6/0x189
[ 31.618094] ext4_file_open+0xb6/0x189
If fs is frozen, skip s_last_mounted update.
[backport hint: to apply to stable tree, need to apply also patches
vfs: add the sb_start_intwrite_trylock() helper
ext4: factor out helper ext4_sample_last_mounted()]
Cc: stable(a)vger.kernel.org
Fixes: bc0b0d6d69ee ("ext4: update the s_last_mounted field in the superblock")
Signed-off-by: Amir Goldstein <amir73il(a)gmail.com>
Signed-off-by: Theodore Ts'o <tytso(a)mit.edu>
Reviewed-by: Jan Kara <jack(a)suse.cz>
diff --git a/fs/ext4/file.c b/fs/ext4/file.c
index c48ea76b63e4..7f8023340eb8 100644
--- a/fs/ext4/file.c
+++ b/fs/ext4/file.c
@@ -393,7 +393,7 @@ static int ext4_sample_last_mounted(struct super_block *sb,
if (likely(sbi->s_mount_flags & EXT4_MF_MNTDIR_SAMPLED))
return 0;
- if (sb_rdonly(sb))
+ if (sb_rdonly(sb) || !sb_start_intwrite_trylock(sb))
return 0;
sbi->s_mount_flags |= EXT4_MF_MNTDIR_SAMPLED;
@@ -407,21 +407,25 @@ static int ext4_sample_last_mounted(struct super_block *sb,
path.mnt = mnt;
path.dentry = mnt->mnt_root;
cp = d_path(&path, buf, sizeof(buf));
+ err = 0;
if (IS_ERR(cp))
- return 0;
+ goto out;
handle = ext4_journal_start_sb(sb, EXT4_HT_MISC, 1);
+ err = PTR_ERR(handle);
if (IS_ERR(handle))
- return PTR_ERR(handle);
+ goto out;
BUFFER_TRACE(sbi->s_sbh, "get_write_access");
err = ext4_journal_get_write_access(handle, sbi->s_sbh);
if (err)
- goto out;
+ goto out_journal;
strlcpy(sbi->s_es->s_last_mounted, cp,
sizeof(sbi->s_es->s_last_mounted));
ext4_handle_dirty_super(handle, sb);
-out:
+out_journal:
ext4_journal_stop(handle);
+out:
+ sb_end_intwrite(sb);
return err;
}
The patch below does not apply to the 4.16-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
>From db6516a5e7ddb6dc72d167b920f2f272596ea22d Mon Sep 17 00:00:00 2001
From: Amir Goldstein <amir73il(a)gmail.com>
Date: Sun, 13 May 2018 22:54:44 -0400
Subject: [PATCH] ext4: do not update s_last_mounted of a frozen fs
If fs is frozen after mount and before the first file open, the
update of s_last_mounted bypasses freeze protection and prints out
a WARNING splat:
$ mount /vdf
$ fsfreeze -f /vdf
$ cat /vdf/foo
[ 31.578555] WARNING: CPU: 1 PID: 1415 at
fs/ext4/ext4_jbd2.c:53 ext4_journal_check_start+0x48/0x82
[ 31.614016] Call Trace:
[ 31.614997] __ext4_journal_start_sb+0xe4/0x1a4
[ 31.616771] ? ext4_file_open+0xb6/0x189
[ 31.618094] ext4_file_open+0xb6/0x189
If fs is frozen, skip s_last_mounted update.
[backport hint: to apply to stable tree, need to apply also patches
vfs: add the sb_start_intwrite_trylock() helper
ext4: factor out helper ext4_sample_last_mounted()]
Cc: stable(a)vger.kernel.org
Fixes: bc0b0d6d69ee ("ext4: update the s_last_mounted field in the superblock")
Signed-off-by: Amir Goldstein <amir73il(a)gmail.com>
Signed-off-by: Theodore Ts'o <tytso(a)mit.edu>
Reviewed-by: Jan Kara <jack(a)suse.cz>
diff --git a/fs/ext4/file.c b/fs/ext4/file.c
index c48ea76b63e4..7f8023340eb8 100644
--- a/fs/ext4/file.c
+++ b/fs/ext4/file.c
@@ -393,7 +393,7 @@ static int ext4_sample_last_mounted(struct super_block *sb,
if (likely(sbi->s_mount_flags & EXT4_MF_MNTDIR_SAMPLED))
return 0;
- if (sb_rdonly(sb))
+ if (sb_rdonly(sb) || !sb_start_intwrite_trylock(sb))
return 0;
sbi->s_mount_flags |= EXT4_MF_MNTDIR_SAMPLED;
@@ -407,21 +407,25 @@ static int ext4_sample_last_mounted(struct super_block *sb,
path.mnt = mnt;
path.dentry = mnt->mnt_root;
cp = d_path(&path, buf, sizeof(buf));
+ err = 0;
if (IS_ERR(cp))
- return 0;
+ goto out;
handle = ext4_journal_start_sb(sb, EXT4_HT_MISC, 1);
+ err = PTR_ERR(handle);
if (IS_ERR(handle))
- return PTR_ERR(handle);
+ goto out;
BUFFER_TRACE(sbi->s_sbh, "get_write_access");
err = ext4_journal_get_write_access(handle, sbi->s_sbh);
if (err)
- goto out;
+ goto out_journal;
strlcpy(sbi->s_es->s_last_mounted, cp,
sizeof(sbi->s_es->s_last_mounted));
ext4_handle_dirty_super(handle, sb);
-out:
+out_journal:
ext4_journal_stop(handle);
+out:
+ sb_end_intwrite(sb);
return err;
}
Hi Stable folks,
Please consider adding:
commit 3be0f80b5fe9c16eca2d538f799b94ca8aa59433
Author: Trond Myklebust <trond.myklebust(a)primarydata.com>
Date: Thu Oct 19 15:46:45 2017 -0400
NFSv4.1: Fix up replays of interrupted requests
This patch fixes a data corruption issue that happens if the interrupted slot is reused by the same type of NFS operation (such as two different WRITE requests). I should apply cleanly to v4.11+
Thanks,
Anna
From: Kailang Yang <kailang(a)realtek.com>
commit f429e7e494afaded76e62c6f98211a635aa03098
Add new support for ALC257 codec.
[ It's supposed to be almost equivalent with other ALC25x variants,
just adding another type and id -- tiwai ]
Signed-off-by: Kailang Yang <kailang(a)realtek.com>
Signed-off-by: Takashi Iwai <tiwai(a)suse.de>
Cc: <stable(a)vger.kernel.org> # 4.9.y
Tested-by: Pali Rohár <pali.rohar(a)gmail.com>
---
This patch is for 4.9 stable tree and needed small modification to be
cleanly applied for linux-4.9.y git tree. I tested it on Debian's 4.9
Stretch kernel. After applying this patch mute and micmute leds on ThinkPad
T480s started working. Leds are managed by snd-hda-codec-realtek.
---
sound/pci/hda/patch_realtek.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
index 39cd35f6a6df..183436e4a8c1 100644
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -333,6 +333,7 @@ static void alc_fill_eapd_coef(struct hda_codec *codec)
case 0x10ec0236:
case 0x10ec0255:
case 0x10ec0256:
+ case 0x10ec0257:
case 0x10ec0282:
case 0x10ec0283:
case 0x10ec0286:
@@ -2663,6 +2664,7 @@ enum {
ALC269_TYPE_ALC298,
ALC269_TYPE_ALC255,
ALC269_TYPE_ALC256,
+ ALC269_TYPE_ALC257,
ALC269_TYPE_ALC225,
ALC269_TYPE_ALC294,
ALC269_TYPE_ALC700,
@@ -2695,6 +2697,7 @@ static int alc269_parse_auto_config(struct hda_codec *codec)
case ALC269_TYPE_ALC298:
case ALC269_TYPE_ALC255:
case ALC269_TYPE_ALC256:
+ case ALC269_TYPE_ALC257:
case ALC269_TYPE_ALC225:
case ALC269_TYPE_ALC294:
case ALC269_TYPE_ALC700:
@@ -6375,6 +6378,10 @@ static int patch_alc269(struct hda_codec *codec)
spec->gen.mixer_nid = 0; /* ALC256 does not have any loopback mixer path */
alc_update_coef_idx(codec, 0x36, 1 << 13, 1 << 5); /* Switch pcbeep path to Line in path*/
break;
+ case 0x10ec0257:
+ spec->codec_variant = ALC269_TYPE_ALC257;
+ spec->gen.mixer_nid = 0;
+ break;
case 0x10ec0225:
case 0x10ec0295:
case 0x10ec0299:
@@ -7361,6 +7368,7 @@ static const struct hda_device_id snd_hda_id_realtek[] = {
HDA_CODEC_ENTRY(0x10ec0236, "ALC236", patch_alc269),
HDA_CODEC_ENTRY(0x10ec0255, "ALC255", patch_alc269),
HDA_CODEC_ENTRY(0x10ec0256, "ALC256", patch_alc269),
+ HDA_CODEC_ENTRY(0x10ec0257, "ALC257", patch_alc269),
HDA_CODEC_ENTRY(0x10ec0260, "ALC260", patch_alc260),
HDA_CODEC_ENTRY(0x10ec0262, "ALC262", patch_alc262),
HDA_CODEC_ENTRY(0x10ec0267, "ALC267", patch_alc268),
--
2.11.0
Hi Greg,
As per the subject, please add the following mainline commit:
5088814a6e93 ACPICA: AML parser: attempt to continue loading table after error
to the 4.17.y series as it is reported to fix a regression introduced in 4.17.
Thanks,
Rafael
I'd like to nominate commit f605cfca8c39 ("perf/x86/intel: Fix large
period handling on Broadwell CPUs") for backport to the affected
stable Linux releases. (The bug was introduced in 4.1.)
Because of this bug, the NMI watchdog timer may fire spuriously on
Broadwell systems, resulting in a hard lockup panic when there is, in
fact, no lockup.
While working on extended rand for last_error/first_error timestamps,
I noticed that the endianess is wrong, we access the little-endian
fields in struct ext4_super_block as native-endian when we print them.
This adds a special case in ext4_attr_show() and ext4_attr_store()
to byteswap the superblock fields if needed.
In older kernels, this code was part of super.c, it got moved to sysfs.c
in linux-4.4.
Cc: stable(a)vger.kernel.org
Fixes: 52c198c6820f ("ext4: add sysfs entry showing whether the fs contains errors")
Signed-off-by: Arnd Bergmann <arnd(a)arndb.de>
---
fs/ext4/sysfs.c | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
diff --git a/fs/ext4/sysfs.c b/fs/ext4/sysfs.c
index f34da0bb8f17..b970a200f20c 100644
--- a/fs/ext4/sysfs.c
+++ b/fs/ext4/sysfs.c
@@ -274,8 +274,12 @@ static ssize_t ext4_attr_show(struct kobject *kobj,
case attr_pointer_ui:
if (!ptr)
return 0;
- return snprintf(buf, PAGE_SIZE, "%u\n",
- *((unsigned int *) ptr));
+ if (a->attr_ptr == ptr_ext4_super_block_offset)
+ return snprintf(buf, PAGE_SIZE, "%u\n",
+ le32_to_cpup(ptr));
+ else
+ return snprintf(buf, PAGE_SIZE, "%u\n",
+ *((unsigned int *) ptr));
case attr_pointer_atomic:
if (!ptr)
return 0;
@@ -308,7 +312,10 @@ static ssize_t ext4_attr_store(struct kobject *kobj,
ret = kstrtoul(skip_spaces(buf), 0, &t);
if (ret)
return ret;
- *((unsigned int *) ptr) = t;
+ if (a->attr_ptr == ptr_ext4_super_block_offset)
+ *((__le32 *) ptr) = cpu_to_le32(t);
+ else
+ *((unsigned int *) ptr) = t;
return len;
case attr_inode_readahead:
return inode_readahead_blks_store(sbi, buf, len);
--
2.9.0
Commit-ID: eab6870fee877258122a042bfd99ee7908c40280
Gitweb: https://git.kernel.org/tip/eab6870fee877258122a042bfd99ee7908c40280
Author: Dan Williams <dan.j.williams(a)intel.com>
AuthorDate: Thu, 7 Jun 2018 09:13:48 -0700
Committer: Ingo Molnar <mingo(a)kernel.org>
CommitDate: Thu, 21 Jun 2018 16:00:21 +0200
x86/spectre_v1: Disable compiler optimizations over array_index_mask_nospec()
Mark Rutland noticed that GCC optimization passes have the potential to elide
necessary invocations of the array_index_mask_nospec() instruction sequence,
so mark the asm() volatile.
Mark explains:
"The volatile will inhibit *some* cases where the compiler could lift the
array_index_nospec() call out of a branch, e.g. where there are multiple
invocations of array_index_nospec() with the same arguments:
if (idx < foo) {
idx1 = array_idx_nospec(idx, foo)
do_something(idx1);
}
< some other code >
if (idx < foo) {
idx2 = array_idx_nospec(idx, foo);
do_something_else(idx2);
}
... since the compiler can determine that the two invocations yield the same
result, and reuse the first result (likely the same register as idx was in
originally) for the second branch, effectively re-writing the above as:
if (idx < foo) {
idx = array_idx_nospec(idx, foo);
do_something(idx);
}
< some other code >
if (idx < foo) {
do_something_else(idx);
}
... if we don't take the first branch, then speculatively take the second, we
lose the nospec protection.
There's more info on volatile asm in the GCC docs:
https://gcc.gnu.org/onlinedocs/gcc/Extended-Asm.html#Volatile
"
Reported-by: Mark Rutland <mark.rutland(a)arm.com>
Signed-off-by: Dan Williams <dan.j.williams(a)intel.com>
Acked-by: Mark Rutland <mark.rutland(a)arm.com>
Acked-by: Thomas Gleixner <tglx(a)linutronix.de>
Acked-by: Linus Torvalds <torvalds(a)linux-foundation.org>
Cc: <stable(a)vger.kernel.org>
Cc: Peter Zijlstra <peterz(a)infradead.org>
Fixes: babdde2698d4 ("x86: Implement array_index_mask_nospec")
Link: https://lkml.kernel.org/lkml/152838798950.14521.4893346294059739135.stgit@d…
Signed-off-by: Ingo Molnar <mingo(a)kernel.org>
---
arch/x86/include/asm/barrier.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/include/asm/barrier.h b/arch/x86/include/asm/barrier.h
index 042b5e892ed1..14de0432d288 100644
--- a/arch/x86/include/asm/barrier.h
+++ b/arch/x86/include/asm/barrier.h
@@ -38,7 +38,7 @@ static inline unsigned long array_index_mask_nospec(unsigned long index,
{
unsigned long mask;
- asm ("cmp %1,%2; sbb %0,%0;"
+ asm volatile ("cmp %1,%2; sbb %0,%0;"
:"=r" (mask)
:"g"(size),"r" (index)
:"cc");
This fixes an issue where the driver fails with an error:
ioremap error for 0x3f799000-0x3f79a000, requested 0x2, got 0x0
On some platforms the UCSI ACPI mailbox SystemMemory
Operation Region may be setup before the driver has been
loaded. That will lead into the driver failing to map the
mailbox region, as it has been already marked as write-back
memory. acpi_os_ioremap() for x86 uses ioremap_cache()
unconditionally.
When the issue happens, the embedded controller has a
pending query event for the UCSI notification right after
boot-up which causes the operation region to be setup before
UCSI driver has been loaded.
The fix is to notify acpi core that the driver is about to
access memory region which potentially overlaps with an
operation region right before mapping it.
acpi_release_memory() will check if the memory has already
been setup (mapped) by acpi core, and deactivate it (unmap)
if it has. The driver is then able to map the memory with
ioremap_nocache() and set the memtype to uncached for the
region.
Reported-by: Paul Menzel <pmenzel(a)molgen.mpg.de>
Fixes: 8243edf44152 ("usb: typec: ucsi: Add ACPI driver")
Cc: stable(a)vger.kernel.org
Signed-off-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com>
---
drivers/usb/typec/ucsi/ucsi_acpi.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/usb/typec/ucsi/ucsi_acpi.c b/drivers/usb/typec/ucsi/ucsi_acpi.c
index 44eb4e1ea817..a18112a83fae 100644
--- a/drivers/usb/typec/ucsi/ucsi_acpi.c
+++ b/drivers/usb/typec/ucsi/ucsi_acpi.c
@@ -79,6 +79,11 @@ static int ucsi_acpi_probe(struct platform_device *pdev)
return -ENODEV;
}
+ /* This will make sure we can use ioremap_nocache() */
+ status = acpi_release_memory(ACPI_HANDLE(&pdev->dev), res, 1);
+ if (ACPI_FAILURE(status))
+ return -ENOMEM;
+
/*
* NOTE: The memory region for the data structures is used also in an
* operation region, which means ACPI has already reserved it. Therefore
--
2.17.1
Sometimes memory resource may be overlapping with
SystemMemory Operation Region by design, for example if the
memory region is used as a mailbox for communication with a
firmware in the system. One occasion of such mailboxes is
USB Type-C Connector System Software Interface (UCSI).
With regions like that, it is important that the driver is
able to map the memory with the requirements it has. For
example, the driver should be allowed to map the memory as
non-cached memory. However, if the operation region has been
accessed before the driver has mapped the memory, the memory
has been marked as write-back by the time the driver is
loaded. That means the driver will fail to map the memory
if it expects non-cached memory.
To work around the problem, introducing helper that the
drivers can use to temporarily deactivate (unmap)
SystemMemory Operation Regions that overlap with their
IO memory.
Fixes: 8243edf44152 ("usb: typec: ucsi: Add ACPI driver")
Cc: stable(a)vger.kernel.org
Reviewed-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com>
Signed-off-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com>
---
drivers/acpi/osl.c | 72 ++++++++++++++++++++++++++++++++++++++++++++
include/linux/acpi.h | 3 ++
2 files changed, 75 insertions(+)
diff --git a/drivers/acpi/osl.c b/drivers/acpi/osl.c
index 7ca41bf023c9..8df9abfa947b 100644
--- a/drivers/acpi/osl.c
+++ b/drivers/acpi/osl.c
@@ -45,6 +45,8 @@
#include <linux/uaccess.h>
#include <linux/io-64-nonatomic-lo-hi.h>
+#include "acpica/accommon.h"
+#include "acpica/acnamesp.h"
#include "internal.h"
#define _COMPONENT ACPI_OS_SERVICES
@@ -1490,6 +1492,76 @@ int acpi_check_region(resource_size_t start, resource_size_t n,
}
EXPORT_SYMBOL(acpi_check_region);
+static acpi_status acpi_deactivate_mem_region(acpi_handle handle, u32 level,
+ void *_res, void **return_value)
+{
+ struct acpi_mem_space_context **mem_ctx;
+ union acpi_operand_object *handler_obj;
+ union acpi_operand_object *region_obj2;
+ union acpi_operand_object *region_obj;
+ struct resource *res = _res;
+ acpi_status status;
+
+ region_obj = acpi_ns_get_attached_object(handle);
+ if (!region_obj)
+ return AE_OK;
+
+ handler_obj = region_obj->region.handler;
+ if (!handler_obj)
+ return AE_OK;
+
+ if (region_obj->region.space_id != ACPI_ADR_SPACE_SYSTEM_MEMORY)
+ return AE_OK;
+
+ if (!(region_obj->region.flags & AOPOBJ_SETUP_COMPLETE))
+ return AE_OK;
+
+ region_obj2 = acpi_ns_get_secondary_object(region_obj);
+ if (!region_obj2)
+ return AE_OK;
+
+ mem_ctx = (void *)®ion_obj2->extra.region_context;
+
+ if (!(mem_ctx[0]->address >= res->start &&
+ mem_ctx[0]->address < res->end))
+ return AE_OK;
+
+ status = handler_obj->address_space.setup(region_obj,
+ ACPI_REGION_DEACTIVATE,
+ NULL, (void **)mem_ctx);
+ if (ACPI_SUCCESS(status))
+ region_obj->region.flags &= ~(AOPOBJ_SETUP_COMPLETE);
+
+ return status;
+}
+
+/**
+ * acpi_release_memory - Release any mappings done to a memory region
+ * @handle: Handle to namespace node
+ * @res: Memory resource
+ * @level: A level that terminates the search
+ *
+ * Walks through @handle and unmaps all SystemMemory Operation Regions that
+ * overlap with @res and that have already been activated (mapped).
+ *
+ * This is a helper that allows drivers to place special requirements on memory
+ * region that may overlap with operation regions, primarily allowing them to
+ * safely map the region as non-cached memory.
+ *
+ * The unmapped Operation Regions will be automatically remapped next time they
+ * are called, so the drivers do not need to do anything else.
+ */
+acpi_status acpi_release_memory(acpi_handle handle, struct resource *res,
+ u32 level)
+{
+ if (!(res->flags & IORESOURCE_MEM))
+ return AE_TYPE;
+
+ return acpi_walk_namespace(ACPI_TYPE_REGION, handle, level,
+ acpi_deactivate_mem_region, NULL, res, NULL);
+}
+EXPORT_SYMBOL_GPL(acpi_release_memory);
+
/*
* Let drivers know whether the resource checks are effective
*/
diff --git a/include/linux/acpi.h b/include/linux/acpi.h
index 4b35a66383f9..e54f40974eb0 100644
--- a/include/linux/acpi.h
+++ b/include/linux/acpi.h
@@ -443,6 +443,9 @@ int acpi_check_resource_conflict(const struct resource *res);
int acpi_check_region(resource_size_t start, resource_size_t n,
const char *name);
+acpi_status acpi_release_memory(acpi_handle handle, struct resource *res,
+ u32 level);
+
int acpi_resources_are_enforced(void);
#ifdef CONFIG_HIBERNATION
--
2.17.1
Hi Andrew,
On Wed, Jun 6, 2018 at 6:29 PM, Andrew Jeddeloh
<andrew.jeddeloh(a)redhat.com> wrote:
> Hi all,
>
> The patch "xen-netfront: Fix race between device setup and open" seems
> to have introduced a regression preventing setting MTU's larger than
> 1500. We experienced this downstream with Container Linux and
> confirmed with Fedora 28 as well.
>
> It's commit f599c64fdf7d9c108e8717fb04bc41c680120da4 in the linux-stable tree.
> https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/com…
>
> Downstream bugs:
> https://github.com/coreos/bugs/issues/2443
> https://bugzilla.redhat.com/show_bug.cgi?id=1584216
>
> We've confirmed that reverting that commit fixes the bug. It be
> reliably can be reproduced on AWS with t2.micro instances (and
> presumably other systems using the same driver). Both using
> systemd-networkd to set the mtu and manual ip link commands cause the
> link to repsond with "Invalid argument" when trying to set the MTU >
> 1500.
>
> I'm not sure why that commit introduced the regression.
>
> Please let me know if there's any more information that would be helpful.
>
> - Andrew
I'm adding some relevant people to the CC list to bring more attention
on this regression.
The get_maintainer.pl script is very useful to get some hints on who
should be copied, i.e:
$ ./scripts/get_maintainer.pl -f drivers/net/xen-netfront.c
Best regards,
Javier
On 6/21/18 1:01 AM, bsegall(a)google.com wrote:
> Xunlei Pang <xlpang(a)linux.alibaba.com> writes:
>
>> I noticed the group constantly got throttled even it consumed
>> low cpu usage, this caused some jitters on the response time
>> to some of our business containers enabling cpu quota.
>>
>> It's very simple to reproduce:
>> mkdir /sys/fs/cgroup/cpu/test
>> cd /sys/fs/cgroup/cpu/test
>> echo 100000 > cpu.cfs_quota_us
>> echo $$ > tasks
>> then repeat:
>> cat cpu.stat |grep nr_throttled // nr_throttled will increase
>>
>> After some analysis, we found that cfs_rq::runtime_remaining will
>> be cleared by expire_cfs_rq_runtime() due to two equal but stale
>> "cfs_{b|q}->runtime_expires" after period timer is re-armed.
>>
>> The current condition to judge clock drift in expire_cfs_rq_runtime()
>> is wrong, the two runtime_expires are actually the same when clock
>> drift happens, so this condtion can never hit. The orginal design was
>> correctly done by commit a9cf55b28610 ("sched: Expire invalid runtime"),
>> but was changed to be the current one due to its locking issue.
>>
>> This patch introduces another way, it adds a new field in both structures
>> cfs_rq and cfs_bandwidth to record the expiration update sequence, and
>> use them to figure out if clock drift happens(true if they equal).
>>
>> Fixes: 51f2176d74ac ("sched/fair: Fix unlocked reads of some cfs_b->quota/period")
>> Cc: Ben Segall <bsegall(a)google.com>
>
> Reviewed-By: Ben Segall <bsegall(a)google.com>
Thanks Ben :-)
Hi Peter, could you please have a look at them?
Cc stable(a)vger.kernel.org
>
>> Signed-off-by: Xunlei Pang <xlpang(a)linux.alibaba.com>
>> ---
>> kernel/sched/fair.c | 14 ++++++++------
>> kernel/sched/sched.h | 6 ++++--
>> 2 files changed, 12 insertions(+), 8 deletions(-)
>>
>> diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c
>> index e497c05aab7f..e6bb68d52962 100644
>> --- a/kernel/sched/fair.c
>> +++ b/kernel/sched/fair.c
>> @@ -4590,6 +4590,7 @@ void __refill_cfs_bandwidth_runtime(struct cfs_bandwidth *cfs_b)
>> now = sched_clock_cpu(smp_processor_id());
>> cfs_b->runtime = cfs_b->quota;
>> cfs_b->runtime_expires = now + ktime_to_ns(cfs_b->period);
>> + cfs_b->expires_seq++;
>> }
>>
>> static inline struct cfs_bandwidth *tg_cfs_bandwidth(struct task_group *tg)
>> @@ -4612,6 +4613,7 @@ static int assign_cfs_rq_runtime(struct cfs_rq *cfs_rq)
>> struct task_group *tg = cfs_rq->tg;
>> struct cfs_bandwidth *cfs_b = tg_cfs_bandwidth(tg);
>> u64 amount = 0, min_amount, expires;
>> + int expires_seq;
>>
>> /* note: this is a positive sum as runtime_remaining <= 0 */
>> min_amount = sched_cfs_bandwidth_slice() - cfs_rq->runtime_remaining;
>> @@ -4628,6 +4630,7 @@ static int assign_cfs_rq_runtime(struct cfs_rq *cfs_rq)
>> cfs_b->idle = 0;
>> }
>> }
>> + expires_seq = cfs_b->expires_seq;
>> expires = cfs_b->runtime_expires;
>> raw_spin_unlock(&cfs_b->lock);
>>
>> @@ -4637,8 +4640,10 @@ static int assign_cfs_rq_runtime(struct cfs_rq *cfs_rq)
>> * spread between our sched_clock and the one on which runtime was
>> * issued.
>> */
>> - if ((s64)(expires - cfs_rq->runtime_expires) > 0)
>> + if (cfs_rq->expires_seq != expires_seq) {
>> + cfs_rq->expires_seq = expires_seq;
>> cfs_rq->runtime_expires = expires;
>> + }
>>
>> return cfs_rq->runtime_remaining > 0;
>> }
>> @@ -4664,12 +4669,9 @@ static void expire_cfs_rq_runtime(struct cfs_rq *cfs_rq)
>> * has not truly expired.
>> *
>> * Fortunately we can check determine whether this the case by checking
>> - * whether the global deadline has advanced. It is valid to compare
>> - * cfs_b->runtime_expires without any locks since we only care about
>> - * exact equality, so a partial write will still work.
>> + * whether the global deadline(cfs_b->expires_seq) has advanced.
>> */
>> -
>> - if (cfs_rq->runtime_expires != cfs_b->runtime_expires) {
>> + if (cfs_rq->expires_seq == cfs_b->expires_seq) {
>> /* extend local deadline, drift is bounded above by 2 ticks */
>> cfs_rq->runtime_expires += TICK_NSEC;
>> } else {
>> diff --git a/kernel/sched/sched.h b/kernel/sched/sched.h
>> index 6601baf2361c..e977e04f8daf 100644
>> --- a/kernel/sched/sched.h
>> +++ b/kernel/sched/sched.h
>> @@ -334,9 +334,10 @@ struct cfs_bandwidth {
>> u64 runtime;
>> s64 hierarchical_quota;
>> u64 runtime_expires;
>> + int expires_seq;
>>
>> - int idle;
>> - int period_active;
>> + short idle;
>> + short period_active;
>> struct hrtimer period_timer;
>> struct hrtimer slack_timer;
>> struct list_head throttled_cfs_rq;
>> @@ -551,6 +552,7 @@ struct cfs_rq {
>>
>> #ifdef CONFIG_CFS_BANDWIDTH
>> int runtime_enabled;
>> + int expires_seq;
>> u64 runtime_expires;
>> s64 runtime_remaining;
The patch titled
Subject: slub: track number of slabs irrespective of CONFIG_SLUB_DEBUG
has been added to the -mm tree. Its filename is
slub-track-number-of-slabs-irrespective-of-config_slub_debug.patch
This patch should soon appear at
http://ozlabs.org/~akpm/mmots/broken-out/slub-track-number-of-slabs-irrespe…
and later at
http://ozlabs.org/~akpm/mmotm/broken-out/slub-track-number-of-slabs-irrespe…
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***
The -mm tree is included into linux-next and is updated
there every 3-4 working days
------------------------------------------------------
From: Shakeel Butt <shakeelb(a)google.com>
Subject: slub: track number of slabs irrespective of CONFIG_SLUB_DEBUG
For !CONFIG_SLUB_DEBUG, SLUB does not maintain the number of slabs
allocated per node for a kmem_cache. Thus, slabs_node() in
__kmem_cache_empty(), __kmem_cache_shrink() and __kmem_cache_destroy()
will always return 0 for such config. This is wrong and can cause issues
for all users of these functions.
In fact in [1] Jason has reported a system crash while using SLUB without
CONFIG_SLUB_DEBUG. The reason was the usage of slabs_node() by
__kmem_cache_empty().
The right solution is to make slabs_node() work even for
!CONFIG_SLUB_DEBUG. The commit 0f389ec63077 ("slub: No need for per node
slab counters if !SLUB_DEBUG") had put the per node slab counter under
CONFIG_SLUB_DEBUG because it was only read through sysfs API and the sysfs
API was disabled on !CONFIG_SLUB_DEBUG. However the users of the per node
slab counter assumed that it will work in the absence of
CONFIG_SLUB_DEBUG. So, make the counter work for !CONFIG_SLUB_DEBUG.
Please note that f9e13c0a5a33 ("slab, slub: skip unnecessary
kasan_cache_shutdown()") exposed this issue but it is present even before.
[1] http://lkml.kernel.org/r/CAHmME9rtoPwxUSnktxzKso14iuVCWT7BE_-_8PAC=pGw1iJnQ…
Link: http://lkml.kernel.org/r/20180620224147.23777-1-shakeelb@google.com
Fixes: f9e13c0a5a33 ("slab, slub: skip unnecessary kasan_cache_shutdown()")
Signed-off-by: Shakeel Butt <shakeelb(a)google.com>
Suggested-by: David Rientjes <rientjes(a)google.com>
Reported-by: Jason A . Donenfeld <Jason(a)zx2c4.com>
Cc: Christoph Lameter <cl(a)linux.com>
Cc: Pekka Enberg <penberg(a)kernel.org>
Cc: Joonsoo Kim <iamjoonsoo.kim(a)lge.com>
Cc: Andrey Ryabinin <aryabinin(a)virtuozzo.com>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
mm/slab.h | 2 -
mm/slub.c | 80 ++++++++++++++++++++++++----------------------------
2 files changed, 38 insertions(+), 44 deletions(-)
diff -puN mm/slab.h~slub-track-number-of-slabs-irrespective-of-config_slub_debug mm/slab.h
--- a/mm/slab.h~slub-track-number-of-slabs-irrespective-of-config_slub_debug
+++ a/mm/slab.h
@@ -473,8 +473,8 @@ struct kmem_cache_node {
#ifdef CONFIG_SLUB
unsigned long nr_partial;
struct list_head partial;
-#ifdef CONFIG_SLUB_DEBUG
atomic_long_t nr_slabs;
+#ifdef CONFIG_SLUB_DEBUG
atomic_long_t total_objects;
struct list_head full;
#endif
diff -puN mm/slub.c~slub-track-number-of-slabs-irrespective-of-config_slub_debug mm/slub.c
--- a/mm/slub.c~slub-track-number-of-slabs-irrespective-of-config_slub_debug
+++ a/mm/slub.c
@@ -1030,42 +1030,6 @@ static void remove_full(struct kmem_cach
list_del(&page->lru);
}
-/* Tracking of the number of slabs for debugging purposes */
-static inline unsigned long slabs_node(struct kmem_cache *s, int node)
-{
- struct kmem_cache_node *n = get_node(s, node);
-
- return atomic_long_read(&n->nr_slabs);
-}
-
-static inline unsigned long node_nr_slabs(struct kmem_cache_node *n)
-{
- return atomic_long_read(&n->nr_slabs);
-}
-
-static inline void inc_slabs_node(struct kmem_cache *s, int node, int objects)
-{
- struct kmem_cache_node *n = get_node(s, node);
-
- /*
- * May be called early in order to allocate a slab for the
- * kmem_cache_node structure. Solve the chicken-egg
- * dilemma by deferring the increment of the count during
- * bootstrap (see early_kmem_cache_node_alloc).
- */
- if (likely(n)) {
- atomic_long_inc(&n->nr_slabs);
- atomic_long_add(objects, &n->total_objects);
- }
-}
-static inline void dec_slabs_node(struct kmem_cache *s, int node, int objects)
-{
- struct kmem_cache_node *n = get_node(s, node);
-
- atomic_long_dec(&n->nr_slabs);
- atomic_long_sub(objects, &n->total_objects);
-}
-
/* Object debug checks for alloc/free paths */
static void setup_object_debug(struct kmem_cache *s, struct page *page,
void *object)
@@ -1321,16 +1285,46 @@ slab_flags_t kmem_cache_flags(unsigned i
#define disable_higher_order_debug 0
+#endif /* CONFIG_SLUB_DEBUG */
+
static inline unsigned long slabs_node(struct kmem_cache *s, int node)
- { return 0; }
+{
+ struct kmem_cache_node *n = get_node(s, node);
+
+ return atomic_long_read(&n->nr_slabs);
+}
+
static inline unsigned long node_nr_slabs(struct kmem_cache_node *n)
- { return 0; }
-static inline void inc_slabs_node(struct kmem_cache *s, int node,
- int objects) {}
-static inline void dec_slabs_node(struct kmem_cache *s, int node,
- int objects) {}
+{
+ return atomic_long_read(&n->nr_slabs);
+}
-#endif /* CONFIG_SLUB_DEBUG */
+static inline void inc_slabs_node(struct kmem_cache *s, int node, int objects)
+{
+ struct kmem_cache_node *n = get_node(s, node);
+
+ /*
+ * May be called early in order to allocate a slab for the
+ * kmem_cache_node structure. Solve the chicken-egg
+ * dilemma by deferring the increment of the count during
+ * bootstrap (see early_kmem_cache_node_alloc).
+ */
+ if (likely(n)) {
+ atomic_long_inc(&n->nr_slabs);
+#ifdef CONFIG_SLUB_DEBUG
+ atomic_long_add(objects, &n->total_objects);
+#endif
+ }
+}
+static inline void dec_slabs_node(struct kmem_cache *s, int node, int objects)
+{
+ struct kmem_cache_node *n = get_node(s, node);
+
+ atomic_long_dec(&n->nr_slabs);
+#ifdef CONFIG_SLUB_DEBUG
+ atomic_long_sub(objects, &n->total_objects);
+#endif
+}
/*
* Hooks for other subsystems that check memory allocations. In a typical
_
Patches currently in -mm which might be from shakeelb(a)google.com are
slub-track-number-of-slabs-irrespective-of-config_slub_debug.patch
slub-fix-__kmem_cache_empty-for-config_slub_debug.patch
The patch titled
Subject: slub: fix __kmem_cache_empty for !CONFIG_SLUB_DEBUG
has been removed from the -mm tree. Its filename was
slub-fix-__kmem_cache_empty-for-config_slub_debug.patch
This patch was dropped because an updated version will be merged
------------------------------------------------------
From: Shakeel Butt <shakeelb(a)google.com>
Subject: slub: fix __kmem_cache_empty for !CONFIG_SLUB_DEBUG
f9e13c0a5a33 ("slab, slub: skip unnecessary kasan_cache_shutdown()")
causes crashes when using slub, as described at
http://lkml.kernel.org/r/CAHmME9rtoPwxUSnktxzKso14iuVCWT7BE_-_8PAC=pGw1iJnQ…
For !CONFIG_SLUB_DEBUG, SLUB does not maintain the number of slabs
allocated per node for a kmem_cache. Thus, slabs_node() in
__kmem_cache_empty() will always return 0. So, in such situation, it is
required to check per-cpu slabs to make sure if a kmem_cache is empty or
not.
Please note that __kmem_cache_shutdown() and __kmem_cache_shrink() are not
affected by !CONFIG_SLUB_DEBUG as they call flush_all() to clear per-cpu
slabs.
Link: http://lkml.kernel.org/r/20180619213352.71740-1-shakeelb@google.com
Link: http://lkml.kernel.org/r/CAHmME9rtoPwxUSnktxzKso14iuVCWT7BE_-_8PAC=pGw1iJnQ…
Fixes: f9e13c0a5a33 ("slab, slub: skip unnecessary kasan_cache_shutdown()")
Signed-off-by: Shakeel Butt <shakeelb(a)google.com>
Reported-by: Jason A. Donenfeld <Jason(a)zx2c4.com>
Tested-by: Jason A. Donenfeld <Jason(a)zx2c4.com>
Cc: Christoph Lameter <cl(a)linux.com>
Cc: Pekka Enberg <penberg(a)kernel.org>
Cc: David Rientjes <rientjes(a)google.com>
Cc: Joonsoo Kim <iamjoonsoo.kim(a)lge.com>
Cc: Andrey Ryabinin <aryabinin(a)virtuozzo.com>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
mm/slub.c | 16 +++++++++++++++-
1 file changed, 15 insertions(+), 1 deletion(-)
diff -puN mm/slub.c~slub-fix-__kmem_cache_empty-for-config_slub_debug mm/slub.c
--- a/mm/slub.c~slub-fix-__kmem_cache_empty-for-config_slub_debug
+++ a/mm/slub.c
@@ -3673,9 +3673,23 @@ static void free_partial(struct kmem_cac
bool __kmem_cache_empty(struct kmem_cache *s)
{
- int node;
+ int cpu, node;
struct kmem_cache_node *n;
+ /*
+ * slabs_node will always be 0 for !CONFIG_SLUB_DEBUG. So, manually
+ * check slabs for all cpus.
+ */
+ if (!IS_ENABLED(CONFIG_SLUB_DEBUG)) {
+ for_each_online_cpu(cpu) {
+ struct kmem_cache_cpu *c;
+
+ c = per_cpu_ptr(s->cpu_slab, cpu);
+ if (c->page || slub_percpu_partial(c))
+ return false;
+ }
+ }
+
for_each_kmem_cache_node(s, node, n)
if (n->nr_partial || slabs_node(s, node))
return false;
_
Patches currently in -mm which might be from shakeelb(a)google.com are
slub-track-number-of-slabs-irrespective-of-config_slub_debug.patch
For !CONFIG_SLUB_DEBUG, SLUB does not maintain the number of slabs
allocated per node for a kmem_cache. Thus, slabs_node() in
__kmem_cache_empty() will always return 0. So, in such situation, it is
required to check per-cpu slabs to make sure if a kmem_cache is empty or
not.
Please note that __kmem_cache_shutdown() and __kmem_cache_shrink() are
not affected by !CONFIG_SLUB_DEBUG as they call flush_all() to clear
per-cpu slabs.
Fixes: f9e13c0a5a33 ("slab, slub: skip unnecessary kasan_cache_shutdown()")
Signed-off-by: Shakeel Butt <shakeelb(a)google.com>
Reported-by: Jason A . Donenfeld <Jason(a)zx2c4.com>
Cc: Christoph Lameter <cl(a)linux.com>
Cc: Pekka Enberg <penberg(a)kernel.org>
Cc: David Rientjes <rientjes(a)google.com>
Cc: Joonsoo Kim <iamjoonsoo.kim(a)lge.com>
Cc: Andrew Morton <akpm(a)linux-foundation.org>
Cc: <stable(a)vger.kernel.org>
---
mm/slub.c | 16 +++++++++++++++-
1 file changed, 15 insertions(+), 1 deletion(-)
diff --git a/mm/slub.c b/mm/slub.c
index a3b8467c14af..731c02b371ae 100644
--- a/mm/slub.c
+++ b/mm/slub.c
@@ -3673,9 +3673,23 @@ static void free_partial(struct kmem_cache *s, struct kmem_cache_node *n)
bool __kmem_cache_empty(struct kmem_cache *s)
{
- int node;
+ int cpu, node;
struct kmem_cache_node *n;
+ /*
+ * slabs_node will always be 0 for !CONFIG_SLUB_DEBUG. So, manually
+ * check slabs for all cpus.
+ */
+ if (!IS_ENABLED(CONFIG_SLUB_DEBUG)) {
+ for_each_online_cpu(cpu) {
+ struct kmem_cache_cpu *c;
+
+ c = per_cpu_ptr(s->cpu_slab, cpu);
+ if (c->page || slub_percpu_partial(c))
+ return false;
+ }
+ }
+
for_each_kmem_cache_node(s, node, n)
if (n->nr_partial || slabs_node(s, node))
return false;
--
2.18.0.rc1.244.gcf134e6275-goog
The VDSO Makefile filters CFLAGS to select a subset which it uses whilst
building the VDSO ELF. One of the flags it allows through is the -march=
flag that selects the architecture/ISA to target.
Unfortunately in cases where CONFIG_CPU_MIPS32_R{1,2}=y and the
toolchain defaults to building for MIPS64, the main MIPS Makefile ends
up using the short-form -<arch> flags in cflags-y. This is because the
calls to cc-option always fail to use the long-form -march=<arch> flag
due to the lack of an -mabi=<abi> flag in KBUILD_CFLAGS at the point
where the cc-option function is executed. The resulting GCC invocation
is something like:
$ mips64-linux-gcc -Werror -march=mips32r2 -c -x c /dev/null -o tmp
cc1: error: '-march=mips32r2' is not compatible with the selected ABI
These short-form -<arch> flags are dropped by the VDSO Makefile's
filtering, and so we attempt to build the VDSO without specifying any
architecture. This results in an attempt to build the VDSO using
whatever the compiler's default architecture is, regardless of whether
that is suitable for the kernel configuration.
One encountered build failure resulting from this mismatch is a
rejection of the sync instruction if the kernel is configured for a
MIPS32 or MIPS64 r1 or r2 target but the toolchain defaults to an older
architecture revision such as MIPS1 which did not include the sync
instruction:
CC arch/mips/vdso/gettimeofday.o
/tmp/ccGQKoOj.s: Assembler messages:
/tmp/ccGQKoOj.s:273: Error: opcode not supported on this processor: mips1 (mips1) `sync'
/tmp/ccGQKoOj.s:329: Error: opcode not supported on this processor: mips1 (mips1) `sync'
/tmp/ccGQKoOj.s:520: Error: opcode not supported on this processor: mips1 (mips1) `sync'
/tmp/ccGQKoOj.s:714: Error: opcode not supported on this processor: mips1 (mips1) `sync'
/tmp/ccGQKoOj.s:1009: Error: opcode not supported on this processor: mips1 (mips1) `sync'
/tmp/ccGQKoOj.s:1066: Error: opcode not supported on this processor: mips1 (mips1) `sync'
/tmp/ccGQKoOj.s:1114: Error: opcode not supported on this processor: mips1 (mips1) `sync'
/tmp/ccGQKoOj.s:1279: Error: opcode not supported on this processor: mips1 (mips1) `sync'
/tmp/ccGQKoOj.s:1334: Error: opcode not supported on this processor: mips1 (mips1) `sync'
/tmp/ccGQKoOj.s:1374: Error: opcode not supported on this processor: mips1 (mips1) `sync'
/tmp/ccGQKoOj.s:1459: Error: opcode not supported on this processor: mips1 (mips1) `sync'
/tmp/ccGQKoOj.s:1514: Error: opcode not supported on this processor: mips1 (mips1) `sync'
/tmp/ccGQKoOj.s:1814: Error: opcode not supported on this processor: mips1 (mips1) `sync'
/tmp/ccGQKoOj.s:2002: Error: opcode not supported on this processor: mips1 (mips1) `sync'
/tmp/ccGQKoOj.s:2066: Error: opcode not supported on this processor: mips1 (mips1) `sync'
make[2]: *** [scripts/Makefile.build:318: arch/mips/vdso/gettimeofday.o] Error 1
make[1]: *** [scripts/Makefile.build:558: arch/mips/vdso] Error 2
make[1]: *** Waiting for unfinished jobs....
This can be reproduced for example by attempting to build
pistachio_defconfig using Arnd's GCC 8.1.0 mips64 toolchain from
kernel.org:
https://mirrors.edge.kernel.org/pub/tools/crosstool/files/bin/x86_64/8.1.0/…
Resolve this problem by using the long-form -march=<arch> in all cases,
which makes it through the arch/mips/vdso/Makefile's filtering & is thus
consistently used to build both the kernel proper & the VDSO.
The use of cc-option to prefer the long-form & fall back to the
short-form flags makes no sense since the short-form is just an
abbreviation for the also-supported long-form in all GCC versions that
we support building with. This means there is no case in which we have
to use the short-form -<arch> flags, so we can simply remove them.
The manual redefinition of _MIPS_ISA is removed naturally along with the
use of the short-form flags that it accompanied, and whilst here we
remove the separate assembler ISA selection. I suspect that both of
these were only required due to the mips32 vs mips2 mismatch that was
introduced by commit 59b3e8e9aac6 ("[MIPS] Makefile crapectomy.") and
fixed but not cleaned up by commit 9200c0b2a07c ("[MIPS] Fix Makefile
bugs for MIPS32/MIPS64 R1 and R2.").
I've marked this for backport as far as v4.4 where the MIPS VDSO was
introduced. In earlier kernels there should be no ill effect to using
the short-form flags.
Signed-off-by: Paul Burton <paul.burton(a)mips.com>
Cc: James Hogan <jhogan(a)kernel.org>
Cc: Ralf Baechle <ralf(a)linux-mips.org>
Cc: linux-mips(a)linux-mips.org
Cc: stable(a)vger.kernel.org # v4.4+
---
arch/mips/Makefile | 12 ++++--------
1 file changed, 4 insertions(+), 8 deletions(-)
diff --git a/arch/mips/Makefile b/arch/mips/Makefile
index e2122cca4ae2..1e98d22ec119 100644
--- a/arch/mips/Makefile
+++ b/arch/mips/Makefile
@@ -155,15 +155,11 @@ cflags-$(CONFIG_CPU_R4300) += -march=r4300 -Wa,--trap
cflags-$(CONFIG_CPU_VR41XX) += -march=r4100 -Wa,--trap
cflags-$(CONFIG_CPU_R4X00) += -march=r4600 -Wa,--trap
cflags-$(CONFIG_CPU_TX49XX) += -march=r4600 -Wa,--trap
-cflags-$(CONFIG_CPU_MIPS32_R1) += $(call cc-option,-march=mips32,-mips32 -U_MIPS_ISA -D_MIPS_ISA=_MIPS_ISA_MIPS32) \
- -Wa,-mips32 -Wa,--trap
-cflags-$(CONFIG_CPU_MIPS32_R2) += $(call cc-option,-march=mips32r2,-mips32r2 -U_MIPS_ISA -D_MIPS_ISA=_MIPS_ISA_MIPS32) \
- -Wa,-mips32r2 -Wa,--trap
+cflags-$(CONFIG_CPU_MIPS32_R1) += -march=mips32 -Wa,--trap
+cflags-$(CONFIG_CPU_MIPS32_R2) += -march=mips32r2 -Wa,--trap
cflags-$(CONFIG_CPU_MIPS32_R6) += -march=mips32r6 -Wa,--trap -modd-spreg
-cflags-$(CONFIG_CPU_MIPS64_R1) += $(call cc-option,-march=mips64,-mips64 -U_MIPS_ISA -D_MIPS_ISA=_MIPS_ISA_MIPS64) \
- -Wa,-mips64 -Wa,--trap
-cflags-$(CONFIG_CPU_MIPS64_R2) += $(call cc-option,-march=mips64r2,-mips64r2 -U_MIPS_ISA -D_MIPS_ISA=_MIPS_ISA_MIPS64) \
- -Wa,-mips64r2 -Wa,--trap
+cflags-$(CONFIG_CPU_MIPS64_R1) += -march=mips64 -Wa,--trap
+cflags-$(CONFIG_CPU_MIPS64_R2) += -march=mips64r2 -Wa,--trap
cflags-$(CONFIG_CPU_MIPS64_R6) += -march=mips64r6 -Wa,--trap
cflags-$(CONFIG_CPU_R5000) += -march=r5000 -Wa,--trap
cflags-$(CONFIG_CPU_R5432) += $(call cc-option,-march=r5400,-march=r5000) \
--
2.17.1
On Sun, 17 Jun 2018, gregkh(a)linuxfoundation.org wrote:
>
> This is a note to let you know that I've just added the patch titled
>
> livepatch: Initialize shadow variables safely by a custom callback
>
> to the 4.16-stable tree which can be found at:
> http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum…
>
> The filename of the patch is:
> livepatch-initialize-shadow-variables-safely-by-a-custom-callback.patch
> and it can be found in the queue-4.16 subdirectory.
>
> If you, or anyone else, feels it should not be added to the stable tree,
> please let <stable(a)vger.kernel.org> know about it.
Hi,
I think the patch really should not be added to the stable tree. It is not
a bug fix. It is a new feature. The original API was more limited and this
patch extends it.
The same applies to patch "livepatch: Allow to call a custom callback when
freeing shadow variables".
Regards,
Miroslav
The v21 version of the NAND flash controller contains a Spare Area Size
Register (SPAS) at offset 0x10. Its setting defaults to the maximum
spare area size of 218 bytes. The size that is set in this register is
used by the controller when it calculates the ECC bytes internally in
hardware.
Usually, this register is updated from settings in the IIM fuses when
the system is booting from nand flash. For other boot media, however,
the SPAS register remains at the default setting, which may not work for
the particular flash chip on the board. The same goes for flash chips
whose configuration cannot be set in the IIM fuses (e.g. chips with 2k
sector size and 128 bytes spare area size can't be configured in the IIM
fuses on imx25 systems).
Set the SPAS register explicitly during the preset operation. Derive the
register value from mtd->oobsize that was detected during probe by
decoding the flash chip's ID bytes.
While at it, rename the define for the spare area register's offset to
NFC_V21_RSLTSPARE_AREA. The register at offset 0x10 on v1 controllers is
different from the register on v21 controllers.
Signed-off-by: Martin Kaiser <martin(a)kaiser.cx>
Cc: stable(a)vger.kernel.org
---
drivers/mtd/nand/raw/mxc_nand.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/mtd/nand/raw/mxc_nand.c b/drivers/mtd/nand/raw/mxc_nand.c
index 45786e7..c2f8572 100644
--- a/drivers/mtd/nand/raw/mxc_nand.c
+++ b/drivers/mtd/nand/raw/mxc_nand.c
@@ -48,7 +48,7 @@
#define NFC_V1_V2_CONFIG (host->regs + 0x0a)
#define NFC_V1_V2_ECC_STATUS_RESULT (host->regs + 0x0c)
#define NFC_V1_V2_RSLTMAIN_AREA (host->regs + 0x0e)
-#define NFC_V1_V2_RSLTSPARE_AREA (host->regs + 0x10)
+#define NFC_V21_RSLTSPARE_AREA (host->regs + 0x10)
#define NFC_V1_V2_WRPROT (host->regs + 0x12)
#define NFC_V1_UNLOCKSTART_BLKADDR (host->regs + 0x14)
#define NFC_V1_UNLOCKEND_BLKADDR (host->regs + 0x16)
@@ -1274,6 +1274,9 @@ static void preset_v2(struct mtd_info *mtd)
writew(config1, NFC_V1_V2_CONFIG1);
/* preset operation */
+ /* spare area size in 16bit words */
+ writew(mtd->oobsize >> 1, NFC_V21_RSLTSPARE_AREA);
+
/* Unlock the internal RAM Buffer */
writew(0x2, NFC_V1_V2_CONFIG);
--
2.1.4
After commit 7f56b58a92aaf2c ("locking/mcs: Use smp_cond_load_acquire()
in MCS spin loop") Loongson-3 fails to boot. This is because Loongson-3
has SFB (Store Fill Buffer) and READ_ONCE() may get an old value in a
tight loop. So in smp_cond_load_acquire() we need a __smp_mb() after
every READ_ONCE().
This patch introduce a Loongson-specific smp_cond_load_acquire(). And
it should be backported to as early as linux-4.5, in which release the
smp_cond_acquire() is introduced.
Cc: stable(a)vger.kernel.org
Signed-off-by: Huacai Chen <chenhc(a)lemote.com>
---
arch/mips/include/asm/barrier.h | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
diff --git a/arch/mips/include/asm/barrier.h b/arch/mips/include/asm/barrier.h
index a5eb1bb..4ea384d 100644
--- a/arch/mips/include/asm/barrier.h
+++ b/arch/mips/include/asm/barrier.h
@@ -222,6 +222,23 @@
#define __smp_mb__before_atomic() __smp_mb__before_llsc()
#define __smp_mb__after_atomic() smp_llsc_mb()
+#ifdef CONFIG_CPU_LOONGSON3
+/* Loongson-3 need a __smp_mb() after READ_ONCE() here */
+#define smp_cond_load_acquire(ptr, cond_expr) \
+({ \
+ typeof(ptr) __PTR = (ptr); \
+ typeof(*ptr) VAL; \
+ for (;;) { \
+ VAL = READ_ONCE(*__PTR); \
+ __smp_mb(); \
+ if (cond_expr) \
+ break; \
+ cpu_relax(); \
+ } \
+ VAL; \
+})
+#endif /* CONFIG_CPU_LOONGSON3 */
+
#include <asm-generic/barrier.h>
#endif /* __ASM_BARRIER_H */
--
2.7.0
From: Bartosz Golaszewski <bgolaszewski(a)baylibre.com>
This patch reverts commit 3243ff2a05ec ("net: ethernet: davinci_emac:
Deduplicate bus_find_device() by name matching") and adds a comment
which should stop anyone from reintroducing the same "fix" in the future.
We can't use bus_find_device_by_name() here because the device name is
not guaranteed to be 'davinci_mdio'. On some systems it can be
'davinci_mdio.0' so we need to use strncmp() against the first part of
the string to correctly match it.
Fixes: 3243ff2a05ec ("net: ethernet: davinci_emac: Deduplicate bus_find_device() by name matching")
Cc: stable(a)vger.kernel.org
Signed-off-by: Bartosz Golaszewski <bgolaszewski(a)baylibre.com>
Acked-by: Lukas Wunner <lukas(a)wunner.de>
---
drivers/net/ethernet/ti/davinci_emac.c | 15 +++++++++++++--
1 file changed, 13 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/ti/davinci_emac.c b/drivers/net/ethernet/ti/davinci_emac.c
index 06d7c9e4dcda..a1a6445b5a7e 100644
--- a/drivers/net/ethernet/ti/davinci_emac.c
+++ b/drivers/net/ethernet/ti/davinci_emac.c
@@ -1385,6 +1385,11 @@ static int emac_devioctl(struct net_device *ndev, struct ifreq *ifrq, int cmd)
return -EOPNOTSUPP;
}
+static int match_first_device(struct device *dev, void *data)
+{
+ return !strncmp(dev_name(dev), "davinci_mdio", 12);
+}
+
/**
* emac_dev_open - EMAC device open
* @ndev: The DaVinci EMAC network adapter
@@ -1484,8 +1489,14 @@ static int emac_dev_open(struct net_device *ndev)
/* use the first phy on the bus if pdata did not give us a phy id */
if (!phydev && !priv->phy_id) {
- phy = bus_find_device_by_name(&mdio_bus_type, NULL,
- "davinci_mdio");
+ /* NOTE: we can't use bus_find_device_by_name() here because
+ * the device name is not guaranteed to be 'davinci_mdio'. On
+ * some systems it can be 'davinci_mdio.0' so we need to use
+ * strncmp() against the first part of the string to correctly
+ * match it.
+ */
+ phy = bus_find_device(&mdio_bus_type, NULL, NULL,
+ match_first_device);
if (phy) {
priv->phy_id = dev_name(phy);
if (!priv->phy_id || !*priv->phy_id)
--
2.17.1
From: Bartosz Golaszewski <bgolaszewski(a)baylibre.com>
This patch reverts commit 3243ff2a05ec ("net: ethernet: davinci_emac:
Deduplicate bus_find_device() by name matching") and adds a comment
which should stop anyone from reintroducing the same "fix" in the future.
We can't use bus_find_device_by_name() here because the device name is
not guaranteed to be 'davinci_mdio'. On some systems it can be
'davinci_mdio.0' so we need to use strncmp() against the first part of
the string to correctly match it.
Fixes: 3243ff2a05ec ("net: ethernet: davinci_emac: Deduplicate bus_find_device() by name matching")
Cc: stable(a)vger.kernel.org
Signed-off-by: Bartosz Golaszewski <bgolaszewski(a)baylibre.com>
---
drivers/net/ethernet/ti/davinci_emac.c | 15 +++++++++++++--
1 file changed, 13 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/ti/davinci_emac.c b/drivers/net/ethernet/ti/davinci_emac.c
index 06d7c9e4dcda..a1a6445b5a7e 100644
--- a/drivers/net/ethernet/ti/davinci_emac.c
+++ b/drivers/net/ethernet/ti/davinci_emac.c
@@ -1385,6 +1385,11 @@ static int emac_devioctl(struct net_device *ndev, struct ifreq *ifrq, int cmd)
return -EOPNOTSUPP;
}
+static int match_first_device(struct device *dev, void *data)
+{
+ return !strncmp(dev_name(dev), "davinci_mdio", 12);
+}
+
/**
* emac_dev_open - EMAC device open
* @ndev: The DaVinci EMAC network adapter
@@ -1484,8 +1489,14 @@ static int emac_dev_open(struct net_device *ndev)
/* use the first phy on the bus if pdata did not give us a phy id */
if (!phydev && !priv->phy_id) {
- phy = bus_find_device_by_name(&mdio_bus_type, NULL,
- "davinci_mdio");
+ /* NOTE: we can't use bus_find_device_by_name() here because
+ * the device name is not guaranteed to be 'davinci_mdio'. On
+ * some systems it can be 'davinci_mdio.0' so we need to use
+ * strncmp() against the first part of the string to correctly
+ * match it.
+ */
+ phy = bus_find_device(&mdio_bus_type, NULL, NULL,
+ match_first_device);
if (phy) {
priv->phy_id = dev_name(phy);
if (!priv->phy_id || !*priv->phy_id)
--
2.17.1
The BAM has 3 channels - tx, rx and command. command channel
is used for register read/writes, tx channel for data writes
and rx channel for data reads. Currently, the driver assumes the
transfer completion once it gets all the command descriptors
completed. Sometimes, there is race condition between data channel
(tx/rx) and command channel completion. In these cases,
the data present in buffer is not valid during small window
between command descriptor completion and data descriptor
completion.
This patch generates NAND transfer completion when both
(Data and Command) DMA channels have completed all its DMA
descriptors. It assigns completion callback in last
DMA descriptors of that channel and wait for completion.
Fixes: 8d6b6d7e135e ("mtd: nand: qcom: support for command descriptor formation")
Cc: stable(a)vger.kernel.org
Acked-by: Miquel Raynal <miquel.raynal(a)bootlin.com>
Signed-off-by: Abhishek Sahu <absahu(a)codeaurora.org>
---
* Changes from v3:
1. NONE
* Changes from v2:
1. Changed commit message and comments slightly
2. Renamed wait_second_completion from first_chan_done and set
it before submit desc
3. Mark for stable tree
* Changes from v1:
NONE
drivers/mtd/nand/raw/qcom_nandc.c | 53 ++++++++++++++++++++++++++++++++++++++-
1 file changed, 52 insertions(+), 1 deletion(-)
diff --git a/drivers/mtd/nand/raw/qcom_nandc.c b/drivers/mtd/nand/raw/qcom_nandc.c
index 2375780..fc20149 100644
--- a/drivers/mtd/nand/raw/qcom_nandc.c
+++ b/drivers/mtd/nand/raw/qcom_nandc.c
@@ -213,6 +213,8 @@
#define QPIC_PER_CW_CMD_SGL 32
#define QPIC_PER_CW_DATA_SGL 8
+#define QPIC_NAND_COMPLETION_TIMEOUT msecs_to_jiffies(2000)
+
/*
* Flags used in DMA descriptor preparation helper functions
* (i.e. read_reg_dma/write_reg_dma/read_data_dma/write_data_dma)
@@ -245,6 +247,11 @@
* @tx_sgl_start - start index in data sgl for tx.
* @rx_sgl_pos - current index in data sgl for rx.
* @rx_sgl_start - start index in data sgl for rx.
+ * @wait_second_completion - wait for second DMA desc completion before making
+ * the NAND transfer completion.
+ * @txn_done - completion for NAND transfer.
+ * @last_data_desc - last DMA desc in data channel (tx/rx).
+ * @last_cmd_desc - last DMA desc in command channel.
*/
struct bam_transaction {
struct bam_cmd_element *bam_ce;
@@ -258,6 +265,10 @@ struct bam_transaction {
u32 tx_sgl_start;
u32 rx_sgl_pos;
u32 rx_sgl_start;
+ bool wait_second_completion;
+ struct completion txn_done;
+ struct dma_async_tx_descriptor *last_data_desc;
+ struct dma_async_tx_descriptor *last_cmd_desc;
};
/*
@@ -504,6 +515,8 @@ static void free_bam_transaction(struct qcom_nand_controller *nandc)
bam_txn->data_sgl = bam_txn_buf;
+ init_completion(&bam_txn->txn_done);
+
return bam_txn;
}
@@ -523,11 +536,33 @@ static void clear_bam_transaction(struct qcom_nand_controller *nandc)
bam_txn->tx_sgl_start = 0;
bam_txn->rx_sgl_pos = 0;
bam_txn->rx_sgl_start = 0;
+ bam_txn->last_data_desc = NULL;
+ bam_txn->wait_second_completion = false;
sg_init_table(bam_txn->cmd_sgl, nandc->max_cwperpage *
QPIC_PER_CW_CMD_SGL);
sg_init_table(bam_txn->data_sgl, nandc->max_cwperpage *
QPIC_PER_CW_DATA_SGL);
+
+ reinit_completion(&bam_txn->txn_done);
+}
+
+/* Callback for DMA descriptor completion */
+static void qpic_bam_dma_done(void *data)
+{
+ struct bam_transaction *bam_txn = data;
+
+ /*
+ * In case of data transfer with NAND, 2 callbacks will be generated.
+ * One for command channel and another one for data channel.
+ * If current transaction has data descriptors
+ * (i.e. wait_second_completion is true), then set this to false
+ * and wait for second DMA descriptor completion.
+ */
+ if (bam_txn->wait_second_completion)
+ bam_txn->wait_second_completion = false;
+ else
+ complete(&bam_txn->txn_done);
}
static inline struct qcom_nand_host *to_qcom_nand_host(struct nand_chip *chip)
@@ -756,6 +791,12 @@ static int prepare_bam_async_desc(struct qcom_nand_controller *nandc,
desc->dma_desc = dma_desc;
+ /* update last data/command descriptor */
+ if (chan == nandc->cmd_chan)
+ bam_txn->last_cmd_desc = dma_desc;
+ else
+ bam_txn->last_data_desc = dma_desc;
+
list_add_tail(&desc->node, &nandc->desc_list);
return 0;
@@ -1273,10 +1314,20 @@ static int submit_descs(struct qcom_nand_controller *nandc)
cookie = dmaengine_submit(desc->dma_desc);
if (nandc->props->is_bam) {
+ bam_txn->last_cmd_desc->callback = qpic_bam_dma_done;
+ bam_txn->last_cmd_desc->callback_param = bam_txn;
+ if (bam_txn->last_data_desc) {
+ bam_txn->last_data_desc->callback = qpic_bam_dma_done;
+ bam_txn->last_data_desc->callback_param = bam_txn;
+ bam_txn->wait_second_completion = true;
+ }
+
dma_async_issue_pending(nandc->tx_chan);
dma_async_issue_pending(nandc->rx_chan);
+ dma_async_issue_pending(nandc->cmd_chan);
- if (dma_sync_wait(nandc->cmd_chan, cookie) != DMA_COMPLETE)
+ if (!wait_for_completion_timeout(&bam_txn->txn_done,
+ QPIC_NAND_COMPLETION_TIMEOUT))
return -ETIMEDOUT;
} else {
if (dma_sync_wait(nandc->chan, cookie) != DMA_COMPLETE)
--
QUALCOMM INDIA, on behalf of Qualcomm Innovation Center, Inc.
is a member of Code Aurora Forum, hosted by The Linux Foundation
The commit 719f6a7040f1bdaf96fcc ("printk: Use the main logbuf in NMI when
logbuf_lock is available") tried to detect when logbuf_lock was taken
on another CPU. Then it looked safe to wait for the lock even in NMI.
It would be safe if other locks were not involved. Ironically the same
commit introduced an ABBA deadlock scenario. It added a spin lock into
nmi_cpu_backtrace() to serialize logs from different CPUs. The effect
is that also the NMI handlers are serialized. As a result, logbuf_lock
might be blocked by NMI on another CPU:
CPU0 CPU1 CPU2
printk()
vprintk_emit()
spin_lock(&logbuf_lock)
trigger_all_cpu_backtrace()
raise()
nmi_enter()
printk_nmi_enter()
if (this_cpu_read(printk_context)
& PRINTK_SAFE_CONTEXT_MASK)
// false
else
// looks safe to use printk_deferred()
this_cpu_or(printk_context,
PRINTK_NMI_DEFERRED_CONTEXT_MASK);
nmi_cpu_backtrace()
arch_spin_lock(&lock);
show_regs()
nmi_enter()
nmi_cpu_backtrace()
arch_spin_lock(&lock);
printk()
vprintk_func()
vprintk_deferred()
vprintk_emit()
spin_lock(&logbuf_lock)
DEADLOCK: between &logbuf_lock from vprintk_emit() and
&lock from nmi_cpu_backtrace().
CPU0 CPU1
lock(logbuf_lock) lock(lock)
lock(lock) lock(logbuf_lock)
I have found this problem when stress testing trigger_all_cpu_backtrace()
and the system frozen.
Note that lockdep is not able to detect these dependencies because
there is no support for NMI context. Let's stay on the safe side
and always use printk_safe buffers when logbuf_lock is taken
when entering NMI.
Fixes: 719f6a7040f1bdaf96fcc ("printk: Use the main logbuf in NMI when logbuf_lock is available")
Cc: 4.13+ <stable(a)vger.kernel.org> # v4.13+
Signed-off-by: Petr Mladek <pmladek(a)suse.com>
---
kernel/printk/printk_safe.c | 9 +++------
1 file changed, 3 insertions(+), 6 deletions(-)
diff --git a/kernel/printk/printk_safe.c b/kernel/printk/printk_safe.c
index 449d67edfa4b..a2ebd749c053 100644
--- a/kernel/printk/printk_safe.c
+++ b/kernel/printk/printk_safe.c
@@ -310,15 +310,12 @@ void printk_nmi_enter(void)
{
/*
* The size of the extra per-CPU buffer is limited. Use it only when
- * the main one is locked. If this CPU is not in the safe context,
- * the lock must be taken on another CPU and we could wait for it.
+ * the main one is locked.
*/
- if ((this_cpu_read(printk_context) & PRINTK_SAFE_CONTEXT_MASK) &&
- raw_spin_is_locked(&logbuf_lock)) {
+ if (raw_spin_is_locked(&logbuf_lock))
this_cpu_or(printk_context, PRINTK_NMI_CONTEXT_MASK);
- } else {
+ else
this_cpu_or(printk_context, PRINTK_NMI_DEFERRED_CONTEXT_MASK);
- }
}
void printk_nmi_exit(void)
--
2.13.6
SPC5r17 states that the contents of the ADDITIONAL LENGTH field are not
altered based on the allocation length, so always calculate and pack the
full key list length even if the list itself is truncated.
According to Maged:
Yes it fixes the "Storage Spaces Persistent Reservation" test in the
Windows 2016 Server Failover Cluster validation suites when having
many connections that result in more than 8 registrations. I tested
your patch on 4.17 with iblock.
This behaviour can be tested using the libiscsi PrinReadKeys.Truncate
test.
Cc: stable(a)vger.kernel.org
Signed-off-by: David Disseldorp <ddiss(a)suse.de>
Reviewed-by: Mike Christie <mchristi(a)redhat.com>
Tested-by: Maged Mokhtar <mmokhtar(a)petasan.org>
Reviewed-by: Christoph Hellwig <hch(a)lst.de>
---
Changes since v2:
* drop unnecessary braces
* add Christoph's Reviewed-by
Changes since v1:
* CC stable
* mention Maged's Windows PR test fix comment in commit message
* add Reviewed-by and Tested-by tags
drivers/target/target_core_pr.c | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
diff --git a/drivers/target/target_core_pr.c b/drivers/target/target_core_pr.c
index 01ac306131c1..10db5656fd5d 100644
--- a/drivers/target/target_core_pr.c
+++ b/drivers/target/target_core_pr.c
@@ -3727,11 +3727,16 @@ core_scsi3_pri_read_keys(struct se_cmd *cmd)
* Check for overflow of 8byte PRI READ_KEYS payload and
* next reservation key list descriptor.
*/
- if ((add_len + 8) > (cmd->data_length - 8))
- break;
-
- put_unaligned_be64(pr_reg->pr_res_key, &buf[off]);
- off += 8;
+ if (off + 8 <= cmd->data_length) {
+ put_unaligned_be64(pr_reg->pr_res_key, &buf[off]);
+ off += 8;
+ }
+ /*
+ * SPC5r17: 6.16.2 READ KEYS service action
+ * The ADDITIONAL LENGTH field indicates the number of bytes in
+ * the Reservation key list. The contents of the ADDITIONAL
+ * LENGTH field are not altered based on the allocation length
+ */
add_len += 8;
}
spin_unlock(&dev->t10_pr.registration_lock);
--
2.13.7
Currently, when all modules, including VMCI and VMware balloon are built
into the kernel, the initialization of the balloon happens before the
VMCI is probed. As a result, the balloon fails to initialize the VMCI
doorbell, which it uses to get asynchronous requests for balloon size
changes.
The problem can be seen in the logs, in the form of the following
message:
"vmw_balloon: failed to initialize vmci doorbell"
The driver would work correctly but slightly less efficiently, probing
for requests periodically. This patch changes the balloon to be
initialized using late_initcall() instead of module_init() to address
this issue. It does not address a situation in which VMCI is built as a
module and the balloon is built into the kernel.
Fixes: 48e3d668b790 ("VMware balloon: Enable notification via VMCI")
Cc: stable(a)vger.kernel.org
Reviewed-by: Xavier Deguillard <xdeguillard(a)vmware.com>
Signed-off-by: Nadav Amit <namit(a)vmware.com>
---
drivers/misc/vmw_balloon.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/drivers/misc/vmw_balloon.c b/drivers/misc/vmw_balloon.c
index a7df4c24a28d..e7cfc85f6961 100644
--- a/drivers/misc/vmw_balloon.c
+++ b/drivers/misc/vmw_balloon.c
@@ -1297,7 +1297,14 @@ static int __init vmballoon_init(void)
return 0;
}
-module_init(vmballoon_init);
+
+/*
+ * Using late_initcall() instead of module_init() allows the balloon to use the
+ * VMCI doorbell even when the balloon is built into the kernel. Otherwise the
+ * VMCI is probed only after the balloon is initialized. If the balloon is used
+ * as a module, late_initcall() is equivalent to module_init().
+ */
+late_initcall(vmballoon_init);
static void __exit vmballoon_exit(void)
{
--
2.17.0
If the hypervisor sets 2MB batching is on, while batching is cleared,
the balloon code breaks. In this case the legacy mechanism is used with
2MB page. The VM would report a 2MB page is ballooned, and the
hypervisor would only take the first 4KB.
While the hypervisor should not report such settings, make the code more
robust by not enabling 2MB support without batching.
Fixes: 365bd7ef7ec8e ("VMware balloon: Support 2m page ballooning.")
Cc: stable(a)vger.kernel.org
Reviewed-by: Xavier Deguillard <xdeguillard(a)vmware.com>
Signed-off-by: Nadav Amit <nadav.amit(a)gmail.com>
---
drivers/misc/vmw_balloon.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/drivers/misc/vmw_balloon.c b/drivers/misc/vmw_balloon.c
index 28e77ab1e136..60ab83d3d0ef 100644
--- a/drivers/misc/vmw_balloon.c
+++ b/drivers/misc/vmw_balloon.c
@@ -341,7 +341,13 @@ static bool vmballoon_send_start(struct vmballoon *b, unsigned long req_caps)
success = false;
}
- if (b->capabilities & VMW_BALLOON_BATCHED_2M_CMDS)
+ /*
+ * 2MB pages are only supported with batching. If batching is for some
+ * reason disabled, do not use 2MB pages, since otherwise the legacy
+ * mechanism is used with 2MB pages, causing a failure.
+ */
+ if ((b->capabilities & VMW_BALLOON_BATCHED_2M_CMDS) &&
+ (b->capabilities & VMW_BALLOON_BATCHED_CMDS))
b->supported_page_sizes = 2;
else
b->supported_page_sizes = 1;
--
2.17.0
The patch titled
Subject: slub: fix __kmem_cache_empty for !CONFIG_SLUB_DEBUG
has been added to the -mm tree. Its filename is
slub-fix-__kmem_cache_empty-for-config_slub_debug.patch
This patch should soon appear at
http://ozlabs.org/~akpm/mmots/broken-out/slub-fix-__kmem_cache_empty-for-co…
and later at
http://ozlabs.org/~akpm/mmotm/broken-out/slub-fix-__kmem_cache_empty-for-co…
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***
The -mm tree is included into linux-next and is updated
there every 3-4 working days
------------------------------------------------------
From: Shakeel Butt <shakeelb(a)google.com>
Subject: slub: fix __kmem_cache_empty for !CONFIG_SLUB_DEBUG
f9e13c0a5a33 ("slab, slub: skip unnecessary kasan_cache_shutdown()")
causes crashes when using slub, as described at
http://lkml.kernel.org/r/CAHmME9rtoPwxUSnktxzKso14iuVCWT7BE_-_8PAC=pGw1iJnQ…
For !CONFIG_SLUB_DEBUG, SLUB does not maintain the number of slabs
allocated per node for a kmem_cache. Thus, slabs_node() in
__kmem_cache_empty() will always return 0. So, in such situation, it is
required to check per-cpu slabs to make sure if a kmem_cache is empty or
not.
Please note that __kmem_cache_shutdown() and __kmem_cache_shrink() are not
affected by !CONFIG_SLUB_DEBUG as they call flush_all() to clear per-cpu
slabs.
Link: http://lkml.kernel.org/r/20180619213352.71740-1-shakeelb@google.com
Link: http://lkml.kernel.org/r/CAHmME9rtoPwxUSnktxzKso14iuVCWT7BE_-_8PAC=pGw1iJnQ…
Fixes: f9e13c0a5a33 ("slab, slub: skip unnecessary kasan_cache_shutdown()")
Signed-off-by: Shakeel Butt <shakeelb(a)google.com>
Reported-by: Jason A. Donenfeld <Jason(a)zx2c4.com>
Tested-by: Jason A. Donenfeld <Jason(a)zx2c4.com>
Cc: Christoph Lameter <cl(a)linux.com>
Cc: Pekka Enberg <penberg(a)kernel.org>
Cc: David Rientjes <rientjes(a)google.com>
Cc: Joonsoo Kim <iamjoonsoo.kim(a)lge.com>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
mm/slub.c | 16 +++++++++++++++-
1 file changed, 15 insertions(+), 1 deletion(-)
diff -puN mm/slub.c~slub-fix-__kmem_cache_empty-for-config_slub_debug mm/slub.c
--- a/mm/slub.c~slub-fix-__kmem_cache_empty-for-config_slub_debug
+++ a/mm/slub.c
@@ -3673,9 +3673,23 @@ static void free_partial(struct kmem_cac
bool __kmem_cache_empty(struct kmem_cache *s)
{
- int node;
+ int cpu, node;
struct kmem_cache_node *n;
+ /*
+ * slabs_node will always be 0 for !CONFIG_SLUB_DEBUG. So, manually
+ * check slabs for all cpus.
+ */
+ if (!IS_ENABLED(CONFIG_SLUB_DEBUG)) {
+ for_each_online_cpu(cpu) {
+ struct kmem_cache_cpu *c;
+
+ c = per_cpu_ptr(s->cpu_slab, cpu);
+ if (c->page || slub_percpu_partial(c))
+ return false;
+ }
+ }
+
for_each_kmem_cache_node(s, node, n)
if (n->nr_partial || slabs_node(s, node))
return false;
_
Patches currently in -mm which might be from shakeelb(a)google.com are
slub-fix-__kmem_cache_empty-for-config_slub_debug.patch
The patch titled
Subject: mm, devm_memremap_pages: handle errors allocating final devres action
has been removed from the -mm tree. Its filename was
mm-devm_memremap_pages-handle-errors-allocating-final-devres-action.patch
This patch was dropped because an updated version will be merged
------------------------------------------------------
From: Dan Williams <dan.j.williams(a)intel.com>
Subject: mm, devm_memremap_pages: handle errors allocating final devres action
The last step before devm_memremap_pages() returns success is to
allocate a release action to tear the entire setup down. However, the
result from devm_add_action() is not checked.
Checking the error also means that we need to handle the fact that the
percpu_ref may not be killed by the time devm_memremap_pages_release()
runs. Add a new state flag for this case.
Without this change we could fail to register the teardown of
devm_memremap_pages(). The likelihood of hitting this failure is tiny
as small memory allocations almost always succeed. However, the impact
of the failure is large given any future reconfiguration, or
disable/enable, of an nvdimm namespace will fail forever as subsequent
calls to devm_memremap_pages() will fail to setup the pgmap_radix since
there will be stale entries for the physical address range.
Link: http://lkml.kernel.org/r/152694212460.5484.13180030631810166467.stgit@dwill…
Fixes: e8d513483300 ("memremap: change devm_memremap_pages interface...")
Signed-off-by: Dan Williams <dan.j.williams(a)intel.com>
Reviewed-by: Christoph Hellwig <hch(a)lst.de>
Cc: "Jérôme Glisse" <jglisse(a)redhat.com>
Cc: Logan Gunthorpe <logang(a)deltatee.com>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
include/linux/memremap.h | 1 +
kernel/memremap.c | 8 ++++++--
2 files changed, 7 insertions(+), 2 deletions(-)
diff -puN include/linux/memremap.h~mm-devm_memremap_pages-handle-errors-allocating-final-devres-action include/linux/memremap.h
--- a/include/linux/memremap.h~mm-devm_memremap_pages-handle-errors-allocating-final-devres-action
+++ a/include/linux/memremap.h
@@ -115,6 +115,7 @@ struct dev_pagemap {
dev_page_free_t page_free;
struct vmem_altmap altmap;
bool altmap_valid;
+ bool registered;
struct resource res;
struct percpu_ref *ref;
struct device *dev;
diff -puN kernel/memremap.c~mm-devm_memremap_pages-handle-errors-allocating-final-devres-action kernel/memremap.c
--- a/kernel/memremap.c~mm-devm_memremap_pages-handle-errors-allocating-final-devres-action
+++ a/kernel/memremap.c
@@ -124,7 +124,7 @@ static void devm_memremap_pages_release(
for_each_device_pfn(pfn, pgmap)
put_page(pfn_to_page(pfn));
- if (percpu_ref_tryget_live(pgmap->ref)) {
+ if (pgmap->registered && percpu_ref_tryget_live(pgmap->ref)) {
dev_WARN(dev, "%s: page mapping is still live!\n", __func__);
percpu_ref_put(pgmap->ref);
}
@@ -246,7 +246,11 @@ void *devm_memremap_pages(struct device
percpu_ref_get(pgmap->ref);
}
- devm_add_action(dev, devm_memremap_pages_release, pgmap);
+ error = devm_add_action_or_reset(dev, devm_memremap_pages_release,
+ pgmap);
+ if (error)
+ return ERR_PTR(error);
+ pgmap->registered = true;
return __va(res->start);
_
Patches currently in -mm which might be from dan.j.williams(a)intel.com are
mm-hmm-use-devm-semantics-for-hmm_devmem_add-remove.patch
mm-hmm-replace-hmm_devmem_pages_create-with-devm_memremap_pages.patch
mm-hmm-mark-hmm_devmem_add-add_resource-export_symbol_gpl.patch
This reverts commit 95b286daf7ba784191023ad110122703eb2ebabc.
This commit used an incorrect log message.
Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com>
---
fs/btrfs/raid56.c | 18 ++++--------------
fs/btrfs/volumes.c | 9 +--------
2 files changed, 5 insertions(+), 22 deletions(-)
diff --git a/fs/btrfs/raid56.c b/fs/btrfs/raid56.c
index b9fa99577bf7..1a33d3eb36de 100644
--- a/fs/btrfs/raid56.c
+++ b/fs/btrfs/raid56.c
@@ -2160,21 +2160,11 @@ int raid56_parity_recover(struct btrfs_root *root, struct bio *bio,
}
/*
- * Loop retry:
- * for 'mirror == 2', reconstruct from all other stripes.
- * for 'mirror_num > 2', select a stripe to fail on every retry.
+ * reconstruct from the q stripe if they are
+ * asking for mirror 3
*/
- if (mirror_num > 2) {
- /*
- * 'mirror == 3' is to fail the p stripe and
- * reconstruct from the q stripe. 'mirror > 3' is to
- * fail a data stripe and reconstruct from p+q stripe.
- */
- rbio->failb = rbio->real_stripes - (mirror_num - 1);
- ASSERT(rbio->failb > 0);
- if (rbio->failb <= rbio->faila)
- rbio->failb--;
- }
+ if (mirror_num == 3)
+ rbio->failb = rbio->real_stripes - 2;
ret = lock_stripe_add(rbio);
diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c
index b4d63a9842fa..ed75d70b4bc2 100644
--- a/fs/btrfs/volumes.c
+++ b/fs/btrfs/volumes.c
@@ -5056,14 +5056,7 @@ int btrfs_num_copies(struct btrfs_fs_info *fs_info, u64 logical, u64 len)
else if (map->type & BTRFS_BLOCK_GROUP_RAID5)
ret = 2;
else if (map->type & BTRFS_BLOCK_GROUP_RAID6)
- /*
- * There could be two corrupted data stripes, we need
- * to loop retry in order to rebuild the correct data.
- *
- * Fail a stripe at a time on every retry except the
- * stripe under reconstruction.
- */
- ret = map->num_stripes;
+ ret = 3;
else
ret = 1;
free_extent_map(em);
--
2.17.1
This reverts commit 95b286daf7ba784191023ad110122703eb2ebabc.
This commit used an incorrect log message.
Reported-by: Ben Hutchings <ben.hutchings(a)codethink.co.uk>
Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com>
---
fs/btrfs/raid56.c | 18 ++++--------------
fs/btrfs/volumes.c | 9 +--------
2 files changed, 5 insertions(+), 22 deletions(-)
diff --git a/fs/btrfs/raid56.c b/fs/btrfs/raid56.c
index b9fa99577bf7..1a33d3eb36de 100644
--- a/fs/btrfs/raid56.c
+++ b/fs/btrfs/raid56.c
@@ -2160,21 +2160,11 @@ int raid56_parity_recover(struct btrfs_root *root, struct bio *bio,
}
/*
- * Loop retry:
- * for 'mirror == 2', reconstruct from all other stripes.
- * for 'mirror_num > 2', select a stripe to fail on every retry.
+ * reconstruct from the q stripe if they are
+ * asking for mirror 3
*/
- if (mirror_num > 2) {
- /*
- * 'mirror == 3' is to fail the p stripe and
- * reconstruct from the q stripe. 'mirror > 3' is to
- * fail a data stripe and reconstruct from p+q stripe.
- */
- rbio->failb = rbio->real_stripes - (mirror_num - 1);
- ASSERT(rbio->failb > 0);
- if (rbio->failb <= rbio->faila)
- rbio->failb--;
- }
+ if (mirror_num == 3)
+ rbio->failb = rbio->real_stripes - 2;
ret = lock_stripe_add(rbio);
diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c
index b4d63a9842fa..ed75d70b4bc2 100644
--- a/fs/btrfs/volumes.c
+++ b/fs/btrfs/volumes.c
@@ -5056,14 +5056,7 @@ int btrfs_num_copies(struct btrfs_fs_info *fs_info, u64 logical, u64 len)
else if (map->type & BTRFS_BLOCK_GROUP_RAID5)
ret = 2;
else if (map->type & BTRFS_BLOCK_GROUP_RAID6)
- /*
- * There could be two corrupted data stripes, we need
- * to loop retry in order to rebuild the correct data.
- *
- * Fail a stripe at a time on every retry except the
- * stripe under reconstruction.
- */
- ret = map->num_stripes;
+ ret = 3;
else
ret = 1;
free_extent_map(em);
--
2.17.1
This reverts commit 186a6519dc94964a4c5c68fca482f20f71551f26.
This commit used an incorrect log message.
Reported-by: Ben Hutchings <ben.hutchings(a)codethink.co.uk>
Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com>
---
fs/btrfs/raid56.c | 18 ++++--------------
fs/btrfs/volumes.c | 9 +--------
2 files changed, 5 insertions(+), 22 deletions(-)
diff --git a/fs/btrfs/raid56.c b/fs/btrfs/raid56.c
index af6a776fa18c..d016d4a79864 100644
--- a/fs/btrfs/raid56.c
+++ b/fs/btrfs/raid56.c
@@ -2161,21 +2161,11 @@ int raid56_parity_recover(struct btrfs_root *root, struct bio *bio,
}
/*
- * Loop retry:
- * for 'mirror == 2', reconstruct from all other stripes.
- * for 'mirror_num > 2', select a stripe to fail on every retry.
+ * reconstruct from the q stripe if they are
+ * asking for mirror 3
*/
- if (mirror_num > 2) {
- /*
- * 'mirror == 3' is to fail the p stripe and
- * reconstruct from the q stripe. 'mirror > 3' is to
- * fail a data stripe and reconstruct from p+q stripe.
- */
- rbio->failb = rbio->real_stripes - (mirror_num - 1);
- ASSERT(rbio->failb > 0);
- if (rbio->failb <= rbio->faila)
- rbio->failb--;
- }
+ if (mirror_num == 3)
+ rbio->failb = rbio->real_stripes - 2;
ret = lock_stripe_add(rbio);
diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c
index 76017e1b3c0f..c2495cde26f6 100644
--- a/fs/btrfs/volumes.c
+++ b/fs/btrfs/volumes.c
@@ -5186,14 +5186,7 @@ int btrfs_num_copies(struct btrfs_fs_info *fs_info, u64 logical, u64 len)
else if (map->type & BTRFS_BLOCK_GROUP_RAID5)
ret = 2;
else if (map->type & BTRFS_BLOCK_GROUP_RAID6)
- /*
- * There could be two corrupted data stripes, we need
- * to loop retry in order to rebuild the correct data.
- *
- * Fail a stripe at a time on every retry except the
- * stripe under reconstruction.
- */
- ret = map->num_stripes;
+ ret = 3;
else
ret = 1;
free_extent_map(em);
--
2.17.1
This reverts commit d91bb7c6988bd6450284c762b33f2e1ea3fe7c97.
This commit used an incorrect log message.
Reported-by: Ben Hutchings <ben.hutchings(a)codethink.co.uk>
Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com>
---
fs/btrfs/raid56.c | 18 ++++--------------
fs/btrfs/volumes.c | 9 +--------
2 files changed, 5 insertions(+), 22 deletions(-)
diff --git a/fs/btrfs/raid56.c b/fs/btrfs/raid56.c
index 2e995e565633..d1bda68a3386 100644
--- a/fs/btrfs/raid56.c
+++ b/fs/btrfs/raid56.c
@@ -2172,21 +2172,11 @@ int raid56_parity_recover(struct btrfs_fs_info *fs_info, struct bio *bio,
}
/*
- * Loop retry:
- * for 'mirror == 2', reconstruct from all other stripes.
- * for 'mirror_num > 2', select a stripe to fail on every retry.
+ * reconstruct from the q stripe if they are
+ * asking for mirror 3
*/
- if (mirror_num > 2) {
- /*
- * 'mirror == 3' is to fail the p stripe and
- * reconstruct from the q stripe. 'mirror > 3' is to
- * fail a data stripe and reconstruct from p+q stripe.
- */
- rbio->failb = rbio->real_stripes - (mirror_num - 1);
- ASSERT(rbio->failb > 0);
- if (rbio->failb <= rbio->faila)
- rbio->failb--;
- }
+ if (mirror_num == 3)
+ rbio->failb = rbio->real_stripes - 2;
ret = lock_stripe_add(rbio);
diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c
index 08afafb6ecf7..69bc37a87c5a 100644
--- a/fs/btrfs/volumes.c
+++ b/fs/btrfs/volumes.c
@@ -5110,14 +5110,7 @@ int btrfs_num_copies(struct btrfs_fs_info *fs_info, u64 logical, u64 len)
else if (map->type & BTRFS_BLOCK_GROUP_RAID5)
ret = 2;
else if (map->type & BTRFS_BLOCK_GROUP_RAID6)
- /*
- * There could be two corrupted data stripes, we need
- * to loop retry in order to rebuild the correct data.
- *
- * Fail a stripe at a time on every retry except the
- * stripe under reconstruction.
- */
- ret = map->num_stripes;
+ ret = 3;
else
ret = 1;
free_extent_map(em);
--
2.17.1
From: Bartosz Golaszewski <bgolaszewski(a)baylibre.com>
This patch reverts commit 3243ff2a05ec ("net: ethernet: davinci_emac:
Deduplicate bus_find_device() by name matching") and adds a comment
which should stop anyone from reintroducing the same "fix" in the future.
We can't use bus_find_device_by_name() here because the device name is
not guaranteed to be 'davinci_mdio'. On some systems it can be
'davinci_mdio.0' so we need to use strncmp() against the first part of
the string to correctly match it.
Fixes: 3243ff2a05ec ("net: ethernet: davinci_emac: Deduplicate bus_find_device() by name matching")
Cc: stable(a)vger.kernel.org
Signed-off-by: Bartosz Golaszewski <bgolaszewski(a)baylibre.com>
---
drivers/net/ethernet/ti/davinci_emac.c | 15 +++++++++++++--
1 file changed, 13 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/ti/davinci_emac.c b/drivers/net/ethernet/ti/davinci_emac.c
index 06d7c9e4dcda..a1a6445b5a7e 100644
--- a/drivers/net/ethernet/ti/davinci_emac.c
+++ b/drivers/net/ethernet/ti/davinci_emac.c
@@ -1385,6 +1385,11 @@ static int emac_devioctl(struct net_device *ndev, struct ifreq *ifrq, int cmd)
return -EOPNOTSUPP;
}
+static int match_first_device(struct device *dev, void *data)
+{
+ return !strncmp(dev_name(dev), "davinci_mdio", 12);
+}
+
/**
* emac_dev_open - EMAC device open
* @ndev: The DaVinci EMAC network adapter
@@ -1484,8 +1489,14 @@ static int emac_dev_open(struct net_device *ndev)
/* use the first phy on the bus if pdata did not give us a phy id */
if (!phydev && !priv->phy_id) {
- phy = bus_find_device_by_name(&mdio_bus_type, NULL,
- "davinci_mdio");
+ /* NOTE: we can't use bus_find_device_by_name() here because
+ * the device name is not guaranteed to be 'davinci_mdio'. On
+ * some systems it can be 'davinci_mdio.0' so we need to use
+ * strncmp() against the first part of the string to correctly
+ * match it.
+ */
+ phy = bus_find_device(&mdio_bus_type, NULL, NULL,
+ match_first_device);
if (phy) {
priv->phy_id = dev_name(phy);
if (!priv->phy_id || !*priv->phy_id)
--
2.17.1
Changes since v2 [1]:
* Rebased on v4.18-rc1
* Collect Logan's reviewed-by for "mm, devm_memremap_pages: Add
MEMORY_DEVICE_PRIVATE support"
* Convert __put_devmap_managed_page and devmap_managed_key to
EXPORT_SYMBOL otherwise put_page() becomes limited to GPL-only
modules.
* Clarify some of the changelogs.
[1]: https://lkml.org/lkml/2018/5/23/24
---
Hi Andrew, here's v3 to replace these 5 currently in mm:
mm-devm_memremap_pages-mark-devm_memremap_pages-export_symbol_gpl.patch
mm-devm_memremap_pages-handle-errors-allocating-final-devres-action.patch
mm-hmm-use-devm-semantics-for-hmm_devmem_add-remove.patch
mm-hmm-replace-hmm_devmem_pages_create-with-devm_memremap_pages.patch
mm-hmm-mark-hmm_devmem_add-add_resource-export_symbol_gpl.patch
For maintainability, as ZONE_DEVICE continues to attract new users,
it is useful to keep all users consolidated on devm_memremap_pages() as
the interface for create "device pages".
The devm_memremap_pages() implementation was recently reworked to make
it more generic for arbitrary users, like the proposed peer-to-peer
PCI-E enabling. HMM pre-dated this rework and opted to duplicate
devm_memremap_pages() as hmm_devmem_pages_create().
Rework HMM to be a consumer of devm_memremap_pages() directly and fix up
the licensing on the exports given the deep dependencies on the mm.
Patches based on v4.18-rc1 where there are no upstream consumers of the
HMM functionality.
---
Dan Williams (8):
mm, devm_memremap_pages: Mark devm_memremap_pages() EXPORT_SYMBOL_GPL
mm, devm_memremap_pages: Kill mapping "System RAM" support
mm, devm_memremap_pages: Fix shutdown handling
mm, devm_memremap_pages: Add MEMORY_DEVICE_PRIVATE support
mm, hmm: Use devm semantics for hmm_devmem_{add,remove}
mm, hmm: Replace hmm_devmem_pages_create() with devm_memremap_pages()
mm, hmm: Mark hmm_devmem_{add,add_resource} EXPORT_SYMBOL_GPL
mm: Fix exports that inadvertently make put_page() EXPORT_SYMBOL_GPL
drivers/dax/pmem.c | 10 -
drivers/nvdimm/pmem.c | 18 +-
include/linux/hmm.h | 4
include/linux/memremap.h | 7 +
kernel/memremap.c | 89 +++++++----
mm/hmm.c | 307 +++++--------------------------------
tools/testing/nvdimm/test/iomap.c | 21 ++-
7 files changed, 132 insertions(+), 324 deletions(-)
SPC5r17 states that the contents of the ADDITIONAL LENGTH field are not
altered based on the allocation length, so always calculate and pack the
full key list length even if the list itself is truncated.
According to Maged:
Yes it fixes the "Storage Spaces Persistent Reservation" test in the
Windows 2016 Server Failover Cluster validation suites when having
many connections that result in more than 8 registrations. I tested
your patch on 4.17 with iblock.
This behaviour can be tested using the libiscsi PrinReadKeys.Truncate
test.
Cc: stable(a)vger.kernel.org
Signed-off-by: David Disseldorp <ddiss(a)suse.de>
Reviewed-by: Mike Christie <mchristi(a)redhat.com>
Tested-by: Maged Mokhtar <mmokhtar(a)petasan.org>
---
drivers/target/target_core_pr.c | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
Changes since v1:
* CC stable
* mention Maged's Windows PR test fix comment in commit message
* add Reviewed-by and Tested-by tags
diff --git a/drivers/target/target_core_pr.c b/drivers/target/target_core_pr.c
index 01ac306131c1..2e865fdaa362 100644
--- a/drivers/target/target_core_pr.c
+++ b/drivers/target/target_core_pr.c
@@ -3727,11 +3727,16 @@ core_scsi3_pri_read_keys(struct se_cmd *cmd)
* Check for overflow of 8byte PRI READ_KEYS payload and
* next reservation key list descriptor.
*/
- if ((add_len + 8) > (cmd->data_length - 8))
- break;
-
- put_unaligned_be64(pr_reg->pr_res_key, &buf[off]);
- off += 8;
+ if ((off + 8) <= cmd->data_length) {
+ put_unaligned_be64(pr_reg->pr_res_key, &buf[off]);
+ off += 8;
+ }
+ /*
+ * SPC5r17: 6.16.2 READ KEYS service action
+ * The ADDITIONAL LENGTH field indicates the number of bytes in
+ * the Reservation key list. The contents of the ADDITIONAL
+ * LENGTH field are not altered based on the allocation length
+ */
add_len += 8;
}
spin_unlock(&dev->t10_pr.registration_lock);
--
2.13.6
This is the start of the stable review cycle for the 4.4.137 release.
There are 24 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Thu Jun 14 16:48:07 UTC 2018.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.137-rc…
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 4.4.137-rc1
Eric Dumazet <edumazet(a)google.com>
net: metrics: add proper netlink validation
Florian Fainelli <f.fainelli(a)gmail.com>
net: phy: broadcom: Fix bcm_write_exp()
Eric Dumazet <edumazet(a)google.com>
rtnetlink: validate attributes in do_setlink()
Dan Carpenter <dan.carpenter(a)oracle.com>
team: use netdev_features_t instead of u32
Jack Morgenstein <jackm(a)dev.mellanox.co.il>
net/mlx4: Fix irq-unsafe spinlock usage
Shahed Shaikh <shahed.shaikh(a)cavium.com>
qed: Fix mask for physical address in ILT entry
Willem de Bruijn <willemb(a)google.com>
packet: fix reserve calculation
Daniele Palmas <dnlplm(a)gmail.com>
net: usb: cdc_mbim: add flag FLAG_SEND_ZLP
Eric Dumazet <edumazet(a)google.com>
net/packet: refine check for priv area size
Cong Wang <xiyou.wangcong(a)gmail.com>
netdev-FAQ: clarify DaveM's position for stable backports
Wenwen Wang <wang6495(a)umn.edu>
isdn: eicon: fix a missing-check bug
Willem de Bruijn <willemb(a)google.com>
ipv4: remove warning in ip_recv_error
Sabrina Dubroca <sd(a)queasysnail.net>
ip6mr: only set ip6mr_table from setsockopt when ip6mr_new_table succeeds
Govindarajulu Varadarajan <gvaradar(a)cisco.com>
enic: set DMA mask to 47 bit
Alexey Kodanev <alexey.kodanev(a)oracle.com>
dccp: don't free ccid2_hc_tx_sock struct in dccp_disconnect()
Julia Lawall <Julia.Lawall(a)lip6.fr>
bnx2x: use the right constant
Stefan Wahren <stefan.wahren(a)i2se.com>
brcmfmac: Fix check for ISO3166 code
Dave Airlie <airlied(a)redhat.com>
drm: set FMODE_UNSIGNED_OFFSET for drm files
Amir Goldstein <amir73il(a)gmail.com>
xfs: fix incorrect log_flushed on fsync
Nathan Chancellor <natechancellor(a)gmail.com>
kconfig: Avoid format overflow warning from GCC 8.1
Linus Torvalds <torvalds(a)linux-foundation.org>
mmap: relax file size limit for regular files
Linus Torvalds <torvalds(a)linux-foundation.org>
mmap: introduce sane default mmap limits
Chris Chiu <chiu(a)endlessm.com>
tpm: self test failure should not cause suspend to fail
Enric Balletbo i Serra <enric.balletbo(a)collabora.com>
tpm: do not suspend/resume if power stays on
-------------
Diffstat:
Documentation/networking/netdev-FAQ.txt | 9 ++++++
Makefile | 4 +--
drivers/char/tpm/tpm-chip.c | 13 +++++++++
drivers/char/tpm/tpm-interface.c | 7 +++++
drivers/char/tpm/tpm.h | 1 +
drivers/gpu/drm/drm_fops.c | 1 +
drivers/isdn/hardware/eicon/diva.c | 22 ++++++++++-----
drivers/isdn/hardware/eicon/diva.h | 5 ++--
drivers/isdn/hardware/eicon/divasmain.c | 18 +++++++-----
drivers/net/ethernet/broadcom/bnx2x/bnx2x_link.c | 2 +-
drivers/net/ethernet/cisco/enic/enic_main.c | 8 +++---
drivers/net/ethernet/mellanox/mlx4/qp.c | 4 +--
drivers/net/ethernet/qlogic/qed/qed_cxt.c | 2 +-
drivers/net/phy/bcm-cygnus.c | 6 ++--
drivers/net/phy/bcm-phy-lib.h | 7 +++++
drivers/net/phy/bcm7xxx.c | 4 +--
drivers/net/team/team.c | 3 +-
drivers/net/usb/cdc_mbim.c | 2 +-
drivers/net/wireless/brcm80211/brcmfmac/cfg80211.c | 2 +-
fs/xfs/xfs_log.c | 7 -----
mm/mmap.c | 32 ++++++++++++++++++++++
net/core/rtnetlink.c | 8 +++---
net/dccp/proto.c | 2 --
net/ipv4/fib_semantics.c | 2 ++
net/ipv4/ip_sockglue.c | 2 --
net/ipv6/ip6mr.c | 3 +-
net/packet/af_packet.c | 4 +--
scripts/kconfig/confdata.c | 2 +-
28 files changed, 129 insertions(+), 53 deletions(-)
From: Sandy Huang <hjc(a)rock-chips.com>
The vop irq is shared between vop and iommu and irq probing in the
iommu driver moved to the probe function recently. This can in some
cases lead to a stall if the irq is triggered while the vop driver
still has it disabled, but the vop irq handler gets called.
But there is no real need to disable the irq, as the vop can simply
also track its enabled state and ignore irqs in that case.
For this we can simply check the power-domain state of the vop,
similar to how the iommu driver does it.
So remove the enable/disable handling and add appropriate condition
to the irq handler.
changes in v2:
- move to just check the power-domain state
- add clock handling
changes in v3:
- clarify comment to speak of runtime-pm not power-domain
changes in v4:
- address Marc's comments (clk-enable WARN_ON and style improvement)
Fixes: d0b912bd4c23 ("iommu/rockchip: Request irqs in rk_iommu_probe()")
Cc: stable(a)vger.kernel.org
Signed-off-by: Sandy Huang <hjc(a)rock-chips.com>
Signed-off-by: Heiko Stuebner <heiko(a)sntech.de>
Tested-by: Ezequiel Garcia <ezequiel(a)collabora.com>
---
drivers/gpu/drm/rockchip/rockchip_drm_vop.c | 25 ++++++++++++++-------
1 file changed, 17 insertions(+), 8 deletions(-)
diff --git a/drivers/gpu/drm/rockchip/rockchip_drm_vop.c b/drivers/gpu/drm/rockchip/rockchip_drm_vop.c
index 9a1f272e41c7..d105e984cf09 100644
--- a/drivers/gpu/drm/rockchip/rockchip_drm_vop.c
+++ b/drivers/gpu/drm/rockchip/rockchip_drm_vop.c
@@ -573,8 +573,6 @@ static int vop_enable(struct drm_crtc *crtc)
spin_unlock(&vop->reg_lock);
- enable_irq(vop->irq);
-
drm_crtc_vblank_on(crtc);
return 0;
@@ -618,8 +616,6 @@ static void vop_crtc_atomic_disable(struct drm_crtc *crtc,
vop_dsp_hold_valid_irq_disable(vop);
- disable_irq(vop->irq);
-
vop->is_enabled = false;
/*
@@ -1195,6 +1191,18 @@ static irqreturn_t vop_isr(int irq, void *data)
uint32_t active_irqs;
int ret = IRQ_NONE;
+ /*
+ * The irq is shared with the iommu. If the runtime-pm state of the
+ * vop-device is disabled the irq has to be targetted at the iommu.
+ */
+ if (!pm_runtime_get_if_in_use(vop->dev))
+ return IRQ_NONE;
+
+ if (vop_core_clks_enable(vop)) {
+ DRM_DEV_ERROR_RATELIMITED(vop->dev, "couldn't enable clocks\n");
+ goto out;
+ }
+
/*
* interrupt register has interrupt status, enable and clear bits, we
* must hold irq_lock to avoid a race with enable/disable_vblank().
@@ -1210,7 +1218,7 @@ static irqreturn_t vop_isr(int irq, void *data)
/* This is expected for vop iommu irqs, since the irq is shared */
if (!active_irqs)
- return IRQ_NONE;
+ goto out_disable;
if (active_irqs & DSP_HOLD_VALID_INTR) {
complete(&vop->dsp_hold_completion);
@@ -1236,6 +1244,10 @@ static irqreturn_t vop_isr(int irq, void *data)
DRM_DEV_ERROR(vop->dev, "Unknown VOP IRQs: %#02x\n",
active_irqs);
+out_disable:
+ vop_core_clks_disable(vop);
+out:
+ pm_runtime_put(vop->dev);
return ret;
}
@@ -1614,9 +1626,6 @@ static int vop_bind(struct device *dev, struct device *master, void *data)
if (ret)
goto err_disable_pm_runtime;
- /* IRQ is initially disabled; it gets enabled in power_on */
- disable_irq(vop->irq);
-
return 0;
err_disable_pm_runtime:
--
2.17.0
From: Mike Snitzer <snitzer(a)redhat.com>
Use of bio_clone_bioset() is inefficient if there is no need to clone
the original bio's bio_vec array. Best to use the bio_clone_fast()
variant. Also, just using bio_advance() is only part of what is needed
to properly setup the clone -- it doesn't account for the various
bio_integrity() related work that also needs to be performed (see
bio_split).
Address both of these issues by switching from bio_clone_bioset() to
bio_split().
Fixes: 18a25da8 ("dm: ensure bio submission follows a depth-first tree walk")
Cc: stable(a)vger.kernel.org # 4.15+, requires removal of '&' before md->queue->bio_split
Reported-by: Christoph Hellwig <hch(a)lst.de>
Reviewed-by: NeilBrown <neilb(a)suse.com>
Signed-off-by: Mike Snitzer <snitzer(a)redhat.com>
---
drivers/md/dm.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/drivers/md/dm.c b/drivers/md/dm.c
index e65429a29c06..a3b103e8e3ce 100644
--- a/drivers/md/dm.c
+++ b/drivers/md/dm.c
@@ -1606,10 +1606,9 @@ static blk_qc_t __split_and_process_bio(struct mapped_device *md,
* the usage of io->orig_bio in dm_remap_zone_report()
* won't be affected by this reassignment.
*/
- struct bio *b = bio_clone_bioset(bio, GFP_NOIO,
- &md->queue->bio_split);
+ struct bio *b = bio_split(bio, bio_sectors(bio) - ci.sector_count,
+ GFP_NOIO, &md->queue->bio_split);
ci.io->orig_bio = b;
- bio_advance(bio, (bio_sectors(bio) - ci.sector_count) << 9);
bio_chain(b, bio);
ret = generic_make_request(bio);
break;
--
2.17.1
gregkh(a)linuxfoundation.org wrote:
>
> This is a note to let you know that I've just added the patch titled
>
> powerpc/trace/syscalls: Update syscall name matching logic
>
> to the 3.18-stable tree which can be found at:
> http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum…
>
> The filename of the patch is:
> powerpc-trace-syscalls-update-syscall-name-matching-logic.patch
> and it can be found in the queue-3.18 subdirectory.
>
> If you, or anyone else, feels it should not be added to the stable tree,
> please let <stable(a)vger.kernel.org> know about it.
Please drop this patch from v3.18 as this depends on commit
e145242ea0df6, which I don't see backported to v3.18.
Thanks,
Naveen
>
>
> From foo@baz Sun Jun 17 13:19:44 CEST 2018
> From: "Naveen N. Rao" <naveen.n.rao(a)linux.vnet.ibm.com>
> Date: Fri, 4 May 2018 18:44:24 +0530
> Subject: powerpc/trace/syscalls: Update syscall name matching logic
>
> From: "Naveen N. Rao" <naveen.n.rao(a)linux.vnet.ibm.com>
>
> [ Upstream commit 0b7758aaf6543b9a10c8671db559e9d374a3fd95 ]
>
> On powerpc64 ABIv1, we are enabling syscall tracing for only ~20
> syscalls. This is due to commit e145242ea0df6 ("syscalls/core,
> syscalls/x86: Clean up syscall stub naming convention") which has
> changed the syscall entry wrapper prefix from "SyS" to "__se_sys".
>
> Update the logic for ABIv1 to not just skip the initial dot, but also
> the "__se_sys" prefix.
>
> Fixes: commit e145242ea0df6 ("syscalls/core, syscalls/x86: Clean up
> syscall stub naming convention")
> Reported-by: Michael Ellerman <mpe(a)ellerman.id.au>
> Signed-off-by: Naveen N. Rao <naveen.n.rao(a)linux.vnet.ibm.com>
> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au>
> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com>
> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
> ---
> arch/powerpc/include/asm/ftrace.h | 10 +++-------
> 1 file changed, 3 insertions(+), 7 deletions(-)
>
> --- a/arch/powerpc/include/asm/ftrace.h
> +++ b/arch/powerpc/include/asm/ftrace.h
> @@ -65,13 +65,9 @@ struct dyn_arch_ftrace {
> #define ARCH_HAS_SYSCALL_MATCH_SYM_NAME
> static inline bool arch_syscall_match_sym_name(const char *sym, const char *name)
> {
> - /*
> - * Compare the symbol name with the system call name. Skip the .sys or .SyS
> - * prefix from the symbol name and the sys prefix from the system call name and
> - * just match the rest. This is only needed on ppc64 since symbol names on
> - * 32bit do not start with a period so the generic function will work.
> - */
> - return !strcmp(sym + 4, name + 3);
> + /* We need to skip past the initial dot, and the __se_sys alias */
> + return !strcmp(sym + 1, name) ||
> + (!strncmp(sym, ".__se_sys", 9) && !strcmp(sym + 6, name));
> }
> #endif
> #endif /* CONFIG_FTRACE_SYSCALLS && CONFIG_PPC64 && !__ASSEMBLY__ */
>
>
> Patches currently in stable-queue which might be from naveen.n.rao(a)linux.vnet.ibm.com are
>
> queue-3.18/powerpc-trace-syscalls-update-syscall-name-matching-logic.patch
>
>
The patch titled
Subject: x86/e820: put !E820_TYPE_RAM regions into memblock.reserved
has been added to the -mm tree. Its filename is
x86-e820-put-e820_type_ram-regions-into-memblockreserved.patch
This patch should soon appear at
http://ozlabs.org/~akpm/mmots/broken-out/x86-e820-put-e820_type_ram-regions…
and later at
http://ozlabs.org/~akpm/mmotm/broken-out/x86-e820-put-e820_type_ram-regions…
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***
The -mm tree is included into linux-next and is updated
there every 3-4 working days
------------------------------------------------------
From: Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com>
Subject: x86/e820: put !E820_TYPE_RAM regions into memblock.reserved
There is a kernel panic that is triggered when reading /proc/kpageflags on
the kernel booted with kernel parameter 'memmap=nn[KMG]!ss[KMG]':
BUG: unable to handle kernel paging request at fffffffffffffffe
PGD 9b20e067 P4D 9b20e067 PUD 9b210067 PMD 0
Oops: 0000 [#1] SMP PTI
CPU: 2 PID: 1728 Comm: page-types Not tainted 4.17.0-rc6-mm1-v4.17-rc6-180605-0816-00236-g2dfb086ef02c+ #160
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2.fc28 04/01/2014
RIP: 0010:stable_page_flags+0x27/0x3c0
Code: 00 00 00 0f 1f 44 00 00 48 85 ff 0f 84 a0 03 00 00 41 54 55 49 89 fc 53 48 8b 57 08 48 8b 2f 48 8d 42 ff 83 e2 01 48 0f 44 c7 <48> 8b 00 f6 c4 01 0f 84 10 03 00 00 31 db 49 8b 54 24 08 4c 89 e7
RSP: 0018:ffffbbd44111fde0 EFLAGS: 00010202
RAX: fffffffffffffffe RBX: 00007fffffffeff9 RCX: 0000000000000000
RDX: 0000000000000001 RSI: 0000000000000202 RDI: ffffed1182fff5c0
RBP: ffffffffffffffff R08: 0000000000000001 R09: 0000000000000001
R10: ffffbbd44111fed8 R11: 0000000000000000 R12: ffffed1182fff5c0
R13: 00000000000bffd7 R14: 0000000002fff5c0 R15: ffffbbd44111ff10
FS: 00007efc4335a500(0000) GS:ffff93a5bfc00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: fffffffffffffffe CR3: 00000000b2a58000 CR4: 00000000001406e0
Call Trace:
kpageflags_read+0xc7/0x120
proc_reg_read+0x3c/0x60
__vfs_read+0x36/0x170
vfs_read+0x89/0x130
ksys_pread64+0x71/0x90
do_syscall_64+0x5b/0x160
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7efc42e75e23
Code: 09 00 ba 9f 01 00 00 e8 ab 81 f4 ff 66 2e 0f 1f 84 00 00 00 00 00 90 83 3d 29 0a 2d 00 00 75 13 49 89 ca b8 11 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 34 c3 48 83 ec 08 e8 db d3 01 00 48 89 04 24
According to kernel bisection, this problem became visible due to commit
f7f99100d8d9 ("mm: stop zeroing memory during allocation in vmemmap")
which changes how struct pages are initialized.
Memblock layout affects the pfn ranges covered by node/zone. Consider
that we have a VM with 2 NUMA nodes and each node has 4GB memory, and the
default (no memmap= given) memblock layout is like below:
MEMBLOCK configuration:
memory size = 0x00000001fff75c00 reserved size = 0x000000000300c000
memory.cnt = 0x4
memory[0x0] [0x0000000000001000-0x000000000009efff], 0x000000000009e000 bytes on node 0 flags: 0x0
memory[0x1] [0x0000000000100000-0x00000000bffd6fff], 0x00000000bfed7000 bytes on node 0 flags: 0x0
memory[0x2] [0x0000000100000000-0x000000013fffffff], 0x0000000040000000 bytes on node 0 flags: 0x0
memory[0x3] [0x0000000140000000-0x000000023fffffff], 0x0000000100000000 bytes on node 1 flags: 0x0
...
If you give memmap=1G!4G (so it just covers memory[0x2]),
the range [0x100000000-0x13fffffff] is gone:
MEMBLOCK configuration:
memory size = 0x00000001bff75c00 reserved size = 0x000000000300c000
memory.cnt = 0x3
memory[0x0] [0x0000000000001000-0x000000000009efff], 0x000000000009e000 bytes on node 0 flags: 0x0
memory[0x1] [0x0000000000100000-0x00000000bffd6fff], 0x00000000bfed7000 bytes on node 0 flags: 0x0
memory[0x2] [0x0000000140000000-0x000000023fffffff], 0x0000000100000000 bytes on node 1 flags: 0x0
...
This causes shrinking node 0's pfn range because it is calculated by the
address range of memblock.memory. So some of struct pages in the gap
range are left uninitialized.
We have a function zero_resv_unavail() which does zeroing the struct pages
within the reserved unavailable range (i.e. memblock.memory &&
!memblock.reserved). This patch utilizes it to cover all unavailable
ranges by putting them into memblock.reserved.
Link: http://lkml.kernel.org/r/20180615072947.GB23273@hori1.linux.bs1.fc.nec.co.jp
Fixes: f7f99100d8d9 ("mm: stop zeroing memory during allocation in vmemmap")
Signed-off-by: Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com>
Tested-by: Oscar Salvador <osalvador(a)suse.de>
Acked-by: Michal Hocko <mhocko(a)suse.com>
Reviewed-by: Pavel Tatashin <pasha.tatashin(a)oracle.com>
Cc: Steven Sistare <steven.sistare(a)oracle.com>
Cc: Daniel Jordan <daniel.m.jordan(a)oracle.com>
Cc: Matthew Wilcox <willy(a)infradead.org>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
arch/x86/kernel/e820.c | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
diff -puN arch/x86/kernel/e820.c~x86-e820-put-e820_type_ram-regions-into-memblockreserved arch/x86/kernel/e820.c
--- a/arch/x86/kernel/e820.c~x86-e820-put-e820_type_ram-regions-into-memblockreserved
+++ a/arch/x86/kernel/e820.c
@@ -1248,6 +1248,7 @@ void __init e820__memblock_setup(void)
{
int i;
u64 end;
+ u64 addr = 0;
/*
* The bootstrap memblock region count maximum is 128 entries
@@ -1264,13 +1265,21 @@ void __init e820__memblock_setup(void)
struct e820_entry *entry = &e820_table->entries[i];
end = entry->addr + entry->size;
+ if (addr < entry->addr)
+ memblock_reserve(addr, entry->addr - addr);
+ addr = end;
if (end != (resource_size_t)end)
continue;
+ /*
+ * all !E820_TYPE_RAM ranges (including gap ranges) are put
+ * into memblock.reserved to make sure that struct pages in
+ * such regions are not left uninitialized after bootup.
+ */
if (entry->type != E820_TYPE_RAM && entry->type != E820_TYPE_RESERVED_KERN)
- continue;
-
- memblock_add(entry->addr, entry->size);
+ memblock_reserve(entry->addr, entry->size);
+ else
+ memblock_add(entry->addr, entry->size);
}
/* Throw away partial pages: */
_
Patches currently in -mm which might be from n-horiguchi(a)ah.jp.nec.com are
x86-e820-put-e820_type_ram-regions-into-memblockreserved.patch
The patch titled
Subject: mm: zero remaining unavailable struct pages
has been removed from the -mm tree. Its filename was
mm-zero-remaining-unavailable-struct-pages.patch
This patch was dropped because an updated version will be merged
------------------------------------------------------
From: Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com>
Subject: mm: zero remaining unavailable struct pages
There is a kernel panic that is triggered when reading /proc/kpageflags on
the kernel booted with kernel parameter 'memmap=nn[KMG]!ss[KMG]':
BUG: unable to handle kernel paging request at fffffffffffffffe
PGD 9b20e067 P4D 9b20e067 PUD 9b210067 PMD 0
Oops: 0000 [#1] SMP PTI
CPU: 2 PID: 1728 Comm: page-types Not tainted 4.17.0-rc6-mm1-v4.17-rc6-180605-0816-00236-g2dfb086ef02c+ #160
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2.fc28 04/01/2014
RIP: 0010:stable_page_flags+0x27/0x3c0
Code: 00 00 00 0f 1f 44 00 00 48 85 ff 0f 84 a0 03 00 00 41 54 55 49 89 fc 53 48 8b 57 08 48 8b 2f 48 8d 42 ff 83 e2 01 48 0f 44 c7 <48> 8b 00 f6 c4 01 0f 84 10 03 00 00 31 db 49 8b 54 24 08 4c 89 e7
RSP: 0018:ffffbbd44111fde0 EFLAGS: 00010202
RAX: fffffffffffffffe RBX: 00007fffffffeff9 RCX: 0000000000000000
RDX: 0000000000000001 RSI: 0000000000000202 RDI: ffffed1182fff5c0
RBP: ffffffffffffffff R08: 0000000000000001 R09: 0000000000000001
R10: ffffbbd44111fed8 R11: 0000000000000000 R12: ffffed1182fff5c0
R13: 00000000000bffd7 R14: 0000000002fff5c0 R15: ffffbbd44111ff10
FS: 00007efc4335a500(0000) GS:ffff93a5bfc00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: fffffffffffffffe CR3: 00000000b2a58000 CR4: 00000000001406e0
Call Trace:
kpageflags_read+0xc7/0x120
proc_reg_read+0x3c/0x60
__vfs_read+0x36/0x170
vfs_read+0x89/0x130
ksys_pread64+0x71/0x90
do_syscall_64+0x5b/0x160
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7efc42e75e23
Code: 09 00 ba 9f 01 00 00 e8 ab 81 f4 ff 66 2e 0f 1f 84 00 00 00 00 00 90 83 3d 29 0a 2d 00 00 75 13 49 89 ca b8 11 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 34 c3 48 83 ec 08 e8 db d3 01 00 48 89 04 24
According to kernel bisection, this problem became visible due to commit
f7f99100d8d9 which changes how struct pages are initialized.
Memblock layout affects the pfn ranges covered by node/zone. Consider
that we have a VM with 2 NUMA nodes and each node has 4GB memory, and
the default (no memmap= given) memblock layout is like below:
MEMBLOCK configuration:
memory size = 0x00000001fff75c00 reserved size = 0x000000000300c000
memory.cnt = 0x4
memory[0x0] [0x0000000000001000-0x000000000009efff], 0x000000000009e000 bytes on node 0 flags: 0x0
memory[0x1] [0x0000000000100000-0x00000000bffd6fff], 0x00000000bfed7000 bytes on node 0 flags: 0x0
memory[0x2] [0x0000000100000000-0x000000013fffffff], 0x0000000040000000 bytes on node 0 flags: 0x0
memory[0x3] [0x0000000140000000-0x000000023fffffff], 0x0000000100000000 bytes on node 1 flags: 0x0
...
If you give memmap=1G!4G (so it just covers memory[0x2]),
the range [0x100000000-0x13fffffff] is gone:
MEMBLOCK configuration:
memory size = 0x00000001bff75c00 reserved size = 0x000000000300c000
memory.cnt = 0x3
memory[0x0] [0x0000000000001000-0x000000000009efff], 0x000000000009e000 bytes on node 0 flags: 0x0
memory[0x1] [0x0000000000100000-0x00000000bffd6fff], 0x00000000bfed7000 bytes on node 0 flags: 0x0
memory[0x2] [0x0000000140000000-0x000000023fffffff], 0x0000000100000000 bytes on node 1 flags: 0x0
...
This causes shrinking node 0's pfn range because it is calculated by
the address range of memblock.memory. So some of struct pages in the
gap range are left uninitialized.
We have a function zero_resv_unavail() which does zeroing the struct
pages outside memblock.memory, but currently it covers only the reserved
unavailable range (i.e. memblock.memory && !memblock.reserved).
This patch extends it to cover all unavailable range, which fixes
the reported issue.
Link: http://lkml.kernel.org/r/20180613054107.GA5329@hori1.linux.bs1.fc.nec.co.jp
Fixes: f7f99100d8d9 ("mm: stop zeroing memory during allocation in vmemmap")
Signed-off-by: Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com>
Tested-by: Oscar Salvador <osalvador(a)suse.de>
Cc: Pavel Tatashin <pasha.tatashin(a)oracle.com>
Cc: Steven Sistare <steven.sistare(a)oracle.com>
Cc: Daniel Jordan <daniel.m.jordan(a)oracle.com>
Cc: Matthew Wilcox <willy(a)infradead.org>
Cc: Michal Hocko <mhocko(a)kernel.org>
Cc: Huang Ying <ying.huang(a)intel.com>
Cc: Ingo Molnar <mingo(a)kernel.org>
Cc: Dan Williams <dan.j.williams(a)intel.com>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
include/linux/memblock.h | 16 ----------------
mm/page_alloc.c | 33 ++++++++++++++++++++++++---------
2 files changed, 24 insertions(+), 25 deletions(-)
diff -puN include/linux/memblock.h~mm-zero-remaining-unavailable-struct-pages include/linux/memblock.h
--- a/include/linux/memblock.h~mm-zero-remaining-unavailable-struct-pages
+++ a/include/linux/memblock.h
@@ -236,22 +236,6 @@ void __next_mem_pfn_range(int *idx, int
for_each_mem_range_rev(i, &memblock.memory, &memblock.reserved, \
nid, flags, p_start, p_end, p_nid)
-/**
- * for_each_resv_unavail_range - iterate through reserved and unavailable memory
- * @i: u64 used as loop variable
- * @flags: pick from blocks based on memory attributes
- * @p_start: ptr to phys_addr_t for start address of the range, can be %NULL
- * @p_end: ptr to phys_addr_t for end address of the range, can be %NULL
- *
- * Walks over unavailable but reserved (reserved && !memory) areas of memblock.
- * Available as soon as memblock is initialized.
- * Note: because this memory does not belong to any physical node, flags and
- * nid arguments do not make sense and thus not exported as arguments.
- */
-#define for_each_resv_unavail_range(i, p_start, p_end) \
- for_each_mem_range(i, &memblock.reserved, &memblock.memory, \
- NUMA_NO_NODE, MEMBLOCK_NONE, p_start, p_end, NULL)
-
static inline void memblock_set_region_flags(struct memblock_region *r,
unsigned long flags)
{
diff -puN mm/page_alloc.c~mm-zero-remaining-unavailable-struct-pages mm/page_alloc.c
--- a/mm/page_alloc.c~mm-zero-remaining-unavailable-struct-pages
+++ a/mm/page_alloc.c
@@ -6390,25 +6390,40 @@ void __paginginit free_area_init_node(in
* struct pages which are reserved in memblock allocator and their fields
* may be accessed (for example page_to_pfn() on some configuration accesses
* flags). We must explicitly zero those struct pages.
+ *
+ * This function also addresses a similar issue where struct pages are left
+ * uninitialized because the physical address range is not covered by
+ * memblock.memory or memblock.reserved. That could happen when memblock
+ * layout is manually configured via memmap=.
*/
void __paginginit zero_resv_unavail(void)
{
phys_addr_t start, end;
unsigned long pfn;
u64 i, pgcnt;
+ phys_addr_t next = 0;
/*
- * Loop through ranges that are reserved, but do not have reported
- * physical memory backing.
+ * Loop through unavailable ranges not covered by memblock.memory.
*/
pgcnt = 0;
- for_each_resv_unavail_range(i, &start, &end) {
- for (pfn = PFN_DOWN(start); pfn < PFN_UP(end); pfn++) {
- if (!pfn_valid(ALIGN_DOWN(pfn, pageblock_nr_pages)))
- continue;
- mm_zero_struct_page(pfn_to_page(pfn));
- pgcnt++;
+ for_each_mem_range(i, &memblock.memory, NULL,
+ NUMA_NO_NODE, MEMBLOCK_NONE, &start, &end, NULL) {
+ if (next < start) {
+ for (pfn = PFN_DOWN(next); pfn < PFN_UP(start); pfn++) {
+ if (!pfn_valid(ALIGN_DOWN(pfn, pageblock_nr_pages)))
+ continue;
+ mm_zero_struct_page(pfn_to_page(pfn));
+ pgcnt++;
+ }
}
+ next = end;
+ }
+ for (pfn = PFN_DOWN(next); pfn < max_pfn; pfn++) {
+ if (!pfn_valid(ALIGN_DOWN(pfn, pageblock_nr_pages)))
+ continue;
+ mm_zero_struct_page(pfn_to_page(pfn));
+ pgcnt++;
}
/*
@@ -6419,7 +6434,7 @@ void __paginginit zero_resv_unavail(void
* this code can be removed.
*/
if (pgcnt)
- pr_info("Reserved but unavailable: %lld pages", pgcnt);
+ pr_info("Zeroed struct page in unavailable ranges: %lld pages", pgcnt);
}
#endif /* CONFIG_HAVE_MEMBLOCK */
_
Patches currently in -mm which might be from n-horiguchi(a)ah.jp.nec.com are
Hi,
The patch has been in the mainline, and I have verified the commit can be cherry-picked
cleanly to these 3 stable branches mentioned in the subject.
When the patch was originally submitted, I did add a " Cc: stable(a)vger.kernel.org" tag:
https://lkml.org/lkml/2018/6/6/766 .
It looks somehow the tag was left out.
Thanks,
-- Dexuan
From: Martin Kelly <mkelly(a)xevo.com>
commit c043ec1ca5baae63726aae32abbe003192bc6eec upstream.
Currently, we use int for buffer length and bytes_per_datum. However,
kfifo uses unsigned int for length and size_t for element size. We need
to make sure these matches or we will have bugs related to overflow (in
the range between INT_MAX and UINT_MAX for length, for example).
In addition, set_bytes_per_datum uses size_t while bytes_per_datum is an
int, which would cause bugs for large values of bytes_per_datum.
Change buffer length to use unsigned int and bytes_per_datum to use
size_t.
Signed-off-by: Martin Kelly <mkelly(a)xevo.com>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com>
[bwh: Backported to 4.4:
- Drop change to iio_dma_buffer_set_length()
- Adjust filename, context]
Signed-off-by: Ben Hutchings <ben.hutchings(a)codethink.co.uk>
---
drivers/iio/buffer/kfifo_buf.c | 4 ++--
include/linux/iio/buffer.h | 6 +++---
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/drivers/iio/buffer/kfifo_buf.c b/drivers/iio/buffer/kfifo_buf.c
index 7ef9b13262a8..e44181f9eb36 100644
--- a/drivers/iio/buffer/kfifo_buf.c
+++ b/drivers/iio/buffer/kfifo_buf.c
@@ -19,7 +19,7 @@ struct iio_kfifo {
#define iio_to_kfifo(r) container_of(r, struct iio_kfifo, buffer)
static inline int __iio_allocate_kfifo(struct iio_kfifo *buf,
- int bytes_per_datum, int length)
+ size_t bytes_per_datum, unsigned int length)
{
if ((length == 0) || (bytes_per_datum == 0))
return -EINVAL;
@@ -71,7 +71,7 @@ static int iio_set_bytes_per_datum_kfifo(struct iio_buffer *r, size_t bpd)
return 0;
}
-static int iio_set_length_kfifo(struct iio_buffer *r, int length)
+static int iio_set_length_kfifo(struct iio_buffer *r, unsigned int length)
{
/* Avoid an invalid state */
if (length < 2)
diff --git a/include/linux/iio/buffer.h b/include/linux/iio/buffer.h
index 1600c55828e0..93a774ce4922 100644
--- a/include/linux/iio/buffer.h
+++ b/include/linux/iio/buffer.h
@@ -49,7 +49,7 @@ struct iio_buffer_access_funcs {
int (*request_update)(struct iio_buffer *buffer);
int (*set_bytes_per_datum)(struct iio_buffer *buffer, size_t bpd);
- int (*set_length)(struct iio_buffer *buffer, int length);
+ int (*set_length)(struct iio_buffer *buffer, unsigned int length);
void (*release)(struct iio_buffer *buffer);
@@ -78,8 +78,8 @@ struct iio_buffer_access_funcs {
* @watermark: [INTERN] number of datums to wait for poll/read.
*/
struct iio_buffer {
- int length;
- int bytes_per_datum;
+ unsigned int length;
+ size_t bytes_per_datum;
struct attribute_group *scan_el_attrs;
long *scan_mask;
bool scan_timestamp;
--
Ben Hutchings, Software Developer Codethink Ltd
https://www.codethink.co.uk/ Dale House, 35 Dale Street
Manchester, M1 2HF, United Kingdom
The patch
spi: cadence: Change usleep_range() to udelay(), for atomic context
has been applied to the spi tree at
https://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi.git
All being well this means that it will be integrated into the linux-next
tree (usually sometime in the next 24 hours) and sent to Linus during
the next merge window (or sooner if it is a bug fix), however if
problems are discovered then the patch may be dropped or reverted.
You may get further e-mails resulting from automated or manual testing
and review of the tree, please engage with people reporting problems and
send followup patches addressing any issues that are reported if needed.
If any updates are required or you are submitting further changes they
should be sent as incremental updates against current git, existing
patches will not be replaced.
Please add any relevant lists and maintainers to the CCs when replying
to this mail.
Thanks,
Mark
>From 931c4e9a72ae91d59c5332ffb6812911a749da8e Mon Sep 17 00:00:00 2001
From: Janek Kotas <jank(a)cadence.com>
Date: Mon, 4 Jun 2018 11:24:44 +0000
Subject: [PATCH] spi: cadence: Change usleep_range() to udelay(), for atomic
context
The path "spi: cadence: Add usleep_range() for
cdns_spi_fill_tx_fifo()" added a usleep_range() function call,
which cannot be used in atomic context.
However the cdns_spi_fill_tx_fifo() function can be called during
an interrupt which may result in a kernel panic:
BUG: scheduling while atomic: grep/561/0x00010002
Modules linked in:
Preemption disabled at:
[<ffffff800858ea28>] wait_for_common+0x48/0x178
CPU: 0 PID: 561 Comm: grep Not tainted 4.17.0 #1
Hardware name: Cadence CSP (DT)
Call trace:
dump_backtrace+0x0/0x198
show_stack+0x14/0x20
dump_stack+0x8c/0xac
__schedule_bug+0x6c/0xb8
__schedule+0x570/0x5d8
schedule+0x34/0x98
schedule_hrtimeout_range_clock+0x98/0x110
schedule_hrtimeout_range+0x10/0x18
usleep_range+0x64/0x98
cdns_spi_fill_tx_fifo+0x70/0xb0
cdns_spi_irq+0xd0/0xe0
__handle_irq_event_percpu+0x9c/0x128
handle_irq_event_percpu+0x34/0x88
handle_irq_event+0x48/0x78
handle_fasteoi_irq+0xbc/0x1b0
generic_handle_irq+0x24/0x38
__handle_domain_irq+0x84/0xf8
gic_handle_irq+0xc4/0x180
This patch replaces the function call with udelay() which can be
used in an atomic context, like an interrupt.
Signed-off-by: Jan Kotas <jank(a)cadence.com>
Signed-off-by: Mark Brown <broonie(a)kernel.org>
Cc: stable(a)vger.kernel.org
---
drivers/spi/spi-cadence.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/spi/spi-cadence.c b/drivers/spi/spi-cadence.c
index f3dad6fcdc35..a568f35522f9 100644
--- a/drivers/spi/spi-cadence.c
+++ b/drivers/spi/spi-cadence.c
@@ -319,7 +319,7 @@ static void cdns_spi_fill_tx_fifo(struct cdns_spi *xspi)
*/
if (cdns_spi_read(xspi, CDNS_SPI_ISR) &
CDNS_SPI_IXR_TXFULL)
- usleep_range(10, 20);
+ udelay(10);
if (xspi->txbuf)
cdns_spi_write(xspi, CDNS_SPI_TXD, *xspi->txbuf++);
--
2.17.1
From: Sandy Huang <hjc(a)rock-chips.com>
The vop irq is shared between vop and iommu and irq probing in the
iommu driver moved to the probe function recently. This can in some
cases lead to a stall if the irq is triggered while the vop driver
still has it disabled, but the vop irq handler gets called.
But there is no real need to disable the irq, as the vop can simply
also track its enabled state and ignore irqs in that case.
For this we can simply check the power-domain state of the vop,
similar to how the iommu driver does it.
So remove the enable/disable handling and add appropriate condition
to the irq handler.
changes in v2:
- move to just check the power-domain state
- add clock handling
changes in v3:
- clarify comment to speak of runtime-pm not power-domain
Fixes: d0b912bd4c23 ("iommu/rockchip: Request irqs in rk_iommu_probe()")
Cc: stable(a)vger.kernel.org
Signed-off-by: Sandy Huang <hjc(a)rock-chips.com>
Signed-off-by: Heiko Stuebner <heiko(a)sntech.de>
Tested-by: Ezequiel Garcia <ezequiel(a)collabora.com>
---
drivers/gpu/drm/rockchip/rockchip_drm_vop.c | 28 ++++++++++++++-------
1 file changed, 19 insertions(+), 9 deletions(-)
diff --git a/drivers/gpu/drm/rockchip/rockchip_drm_vop.c b/drivers/gpu/drm/rockchip/rockchip_drm_vop.c
index 9a1f272e41c7..ae8a69793aed 100644
--- a/drivers/gpu/drm/rockchip/rockchip_drm_vop.c
+++ b/drivers/gpu/drm/rockchip/rockchip_drm_vop.c
@@ -573,8 +573,6 @@ static int vop_enable(struct drm_crtc *crtc)
spin_unlock(&vop->reg_lock);
- enable_irq(vop->irq);
-
drm_crtc_vblank_on(crtc);
return 0;
@@ -618,8 +616,6 @@ static void vop_crtc_atomic_disable(struct drm_crtc *crtc,
vop_dsp_hold_valid_irq_disable(vop);
- disable_irq(vop->irq);
-
vop->is_enabled = false;
/*
@@ -1195,6 +1191,16 @@ static irqreturn_t vop_isr(int irq, void *data)
uint32_t active_irqs;
int ret = IRQ_NONE;
+ /*
+ * The irq is shared with the iommu. If the runtime-pm state of the
+ * vop-device is disabled the irq has to be targetted at the iommu.
+ */
+ if (!pm_runtime_get_if_in_use(vop->dev))
+ return IRQ_NONE;
+
+ if (WARN_ON(vop_core_clks_enable(vop)))
+ goto out;
+
/*
* interrupt register has interrupt status, enable and clear bits, we
* must hold irq_lock to avoid a race with enable/disable_vblank().
@@ -1209,8 +1215,11 @@ static irqreturn_t vop_isr(int irq, void *data)
spin_unlock(&vop->irq_lock);
/* This is expected for vop iommu irqs, since the irq is shared */
- if (!active_irqs)
- return IRQ_NONE;
+ if (!active_irqs) {
+ ret = IRQ_NONE;
+ vop_core_clks_disable(vop);
+ goto out;
+ }
if (active_irqs & DSP_HOLD_VALID_INTR) {
complete(&vop->dsp_hold_completion);
@@ -1236,6 +1245,10 @@ static irqreturn_t vop_isr(int irq, void *data)
DRM_DEV_ERROR(vop->dev, "Unknown VOP IRQs: %#02x\n",
active_irqs);
+ vop_core_clks_disable(vop);
+
+out:
+ pm_runtime_put(vop->dev);
return ret;
}
@@ -1614,9 +1627,6 @@ static int vop_bind(struct device *dev, struct device *master, void *data)
if (ret)
goto err_disable_pm_runtime;
- /* IRQ is initially disabled; it gets enabled in power_on */
- disable_irq(vop->irq);
-
return 0;
err_disable_pm_runtime:
--
2.17.0
This reverts commit 2c17a4368aad2b88b68e4390c819e226cf320f70.
The offending commit triggers a run-time fault when accessing the panel
element of the sun4i_tcon structure when no such panel is attached.
It was apparently assumed in said commit that a panel is always used with
the TCON. Although it is often the case, this is not always true.
For instance a bridge might be used instead of a panel.
This issue was discovered using an A13-OLinuXino, that uses the TCON
in RGB mode for a simple DAC-based VGA bridge.
Cc: stable(a)vger.kernel.org
Signed-off-by: Paul Kocialkowski <paul.kocialkowski(a)bootlin.com>
---
drivers/gpu/drm/sun4i/sun4i_tcon.c | 25 -------------------------
1 file changed, 25 deletions(-)
diff --git a/drivers/gpu/drm/sun4i/sun4i_tcon.c b/drivers/gpu/drm/sun4i/sun4i_tcon.c
index c3d92d537240..8045871335b5 100644
--- a/drivers/gpu/drm/sun4i/sun4i_tcon.c
+++ b/drivers/gpu/drm/sun4i/sun4i_tcon.c
@@ -17,7 +17,6 @@
#include <drm/drm_encoder.h>
#include <drm/drm_modes.h>
#include <drm/drm_of.h>
-#include <drm/drm_panel.h>
#include <uapi/drm/drm_mode.h>
@@ -350,9 +349,6 @@ static void sun4i_tcon0_mode_set_lvds(struct sun4i_tcon *tcon,
static void sun4i_tcon0_mode_set_rgb(struct sun4i_tcon *tcon,
const struct drm_display_mode *mode)
{
- struct drm_panel *panel = tcon->panel;
- struct drm_connector *connector = panel->connector;
- struct drm_display_info display_info = connector->display_info;
unsigned int bp, hsync, vsync;
u8 clk_delay;
u32 val = 0;
@@ -410,27 +406,6 @@ static void sun4i_tcon0_mode_set_rgb(struct sun4i_tcon *tcon,
if (mode->flags & DRM_MODE_FLAG_PVSYNC)
val |= SUN4I_TCON0_IO_POL_VSYNC_POSITIVE;
- /*
- * On A20 and similar SoCs, the only way to achieve Positive Edge
- * (Rising Edge), is setting dclk clock phase to 2/3(240°).
- * By default TCON works in Negative Edge(Falling Edge),
- * this is why phase is set to 0 in that case.
- * Unfortunately there's no way to logically invert dclk through
- * IO_POL register.
- * The only acceptable way to work, triple checked with scope,
- * is using clock phase set to 0° for Negative Edge and set to 240°
- * for Positive Edge.
- * On A33 and similar SoCs there would be a 90° phase option,
- * but it divides also dclk by 2.
- * Following code is a way to avoid quirks all around TCON
- * and DOTCLOCK drivers.
- */
- if (display_info.bus_flags & DRM_BUS_FLAG_PIXDATA_POSEDGE)
- clk_set_phase(tcon->dclk, 240);
-
- if (display_info.bus_flags & DRM_BUS_FLAG_PIXDATA_NEGEDGE)
- clk_set_phase(tcon->dclk, 0);
-
regmap_update_bits(tcon->regs, SUN4I_TCON0_IO_POL_REG,
SUN4I_TCON0_IO_POL_HSYNC_POSITIVE | SUN4I_TCON0_IO_POL_VSYNC_POSITIVE,
val);
--
2.17.0
From: Eric Dumazet <edumazet(a)google.com>
commit 02db55718d53f9d426cee504c27fb768e9ed4ffe upstream.
While rcvbuf is properly clamped by tcp_rmem[2], rcvwin
is left to a potentially too big value.
It has no serious effect, since :
1) tcp_grow_window() has very strict checks.
2) window_clamp can be mangled by user space to any value anyway.
tcp_init_buffer_space() and companions use tcp_full_space(),
we use tcp_win_from_space() to avoid reloading sk->sk_rcvbuf
Signed-off-by: Eric Dumazet <edumazet(a)google.com>
Acked-by: Soheil Hassas Yeganeh <soheil(a)google.com>
Acked-by: Wei Wang <weiwan(a)google.com>
Acked-by: Neal Cardwell <ncardwell(a)google.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
Signed-off-by: Guenter Roeck <linux(a)roeck-us.net>
---
net/ipv4/tcp_input.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index 125b49c166a4..f0caff3139ed 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -647,7 +647,7 @@ void tcp_rcv_space_adjust(struct sock *sk)
sk->sk_rcvbuf = rcvbuf;
/* Make the window clamp follow along. */
- tp->window_clamp = rcvwin;
+ tp->window_clamp = tcp_win_from_space(rcvbuf);
}
}
tp->rcvq_space.space = copied;
--
2.7.4
Hi,
4.14.48 can cause abnormally small TCP receive windows when the sender is
faster than the receiver; see https://github.com/coreos/bugs/issues/2457 for
details. Reverting "tcp: avoid integer overflows in tcp_rcv_space_adjust()"
fixes it. Backporting 02db55718d53 ("tcp: do not overshoot window_clamp in
tcp_rcv_space_adjust()"), which is its parent commit upstream, also fixes
it.
--Benjamin Gilbert
Tree/Branch: v3.16.57
Git describe: v3.16.57
Commit: e472f29ebd Linux 3.16.57
Build Time: 31 min 15 sec
Passed: 10 / 10 (100.00 %)
Failed: 0 / 10 ( 0.00 %)
Errors: 0
Warnings: 16
Section Mismatches: 0
-------------------------------------------------------------------------------
defconfigs with issues (other than build errors):
1 warnings 0 mismatches : arm64-allmodconfig
1 warnings 0 mismatches : x86_64-defconfig
4 warnings 0 mismatches : arm-allmodconfig
1 warnings 0 mismatches : x86_64-allnoconfig
9 warnings 0 mismatches : x86_64-allmodconfig
2 warnings 0 mismatches : arm64-defconfig
-------------------------------------------------------------------------------
Warnings Summary: 16
2 ../ipc/sem.c:377:6: warning: '___p1' may be used uninitialized in this function [-Wmaybe-uninitialized]
2 ../drivers/net/ethernet/broadcom/genet/bcmgenet.c:1346:17: warning: unused variable 'kdev' [-Wunused-variable]
1 ../drivers/staging/vt6656/main_usb.c:1101:7: warning: this 'if' clause does not guard... [-Wmisleading-indentation]
1 ../drivers/staging/vt6656/dpc.c:712:5: warning: this 'if' clause does not guard... [-Wmisleading-indentation]
1 ../drivers/staging/rtl8192ee/rtl8192ee/hw.c:529:5: warning: this 'if' clause does not guard... [-Wmisleading-indentation]
1 ../drivers/staging/rtl8192ee/rtl8192ee/hw.c:524:4: warning: this 'if' clause does not guard... [-Wmisleading-indentation]
1 ../drivers/staging/rtl8192ee/btcoexist/halbtc8821a2ant.c:2338:2: warning: this 'else' clause does not guard... [-Wmisleading-indentation]
1 ../drivers/scsi/fnic/fnic_fcs.c:104:6: warning: this 'else' clause does not guard... [-Wmisleading-indentation]
1 ../drivers/platform/x86/eeepc-laptop.c:279:10: warning: 'value' may be used uninitialized in this function [-Wmaybe-uninitialized]
1 ../drivers/net/wireless/rtlwifi/rtl8723be/hw.c:1132:2: warning: this 'else' clause does not guard... [-Wmisleading-indentation]
1 ../drivers/mtd/nand/omap2.c:1318:12: warning: 'omap_calculate_ecc_bch_multi' defined but not used [-Wunused-function]
1 ../drivers/media/platform/davinci/vpfe_capture.c:291:12: warning: 'vpfe_get_ccdc_image_format' defined but not used [-Wunused-function]
1 ../drivers/media/platform/davinci/vpfe_capture.c:1718:1: warning: label 'unlock_out' defined but not used [-Wunused-label]
1 ../drivers/media/dvb-frontends/drxk_hard.c:2223:3: warning: this 'if' clause does not guard... [-Wmisleading-indentation]
1 ../drivers/media/dvb-frontends/drxd_hard.c:2631:3: warning: this 'if' clause does not guard... [-Wmisleading-indentation]
1 ../arch/x86/kernel/cpu/common.c:1095:13: warning: 'syscall32_cpu_init' defined but not used [-Wunused-function]
===============================================================================
Detailed per-defconfig build reports below:
-------------------------------------------------------------------------------
arm64-allmodconfig : PASS, 0 errors, 1 warnings, 0 section mismatches
Warnings:
../drivers/net/ethernet/broadcom/genet/bcmgenet.c:1346:17: warning: unused variable 'kdev' [-Wunused-variable]
-------------------------------------------------------------------------------
x86_64-defconfig : PASS, 0 errors, 1 warnings, 0 section mismatches
Warnings:
../drivers/platform/x86/eeepc-laptop.c:279:10: warning: 'value' may be used uninitialized in this function [-Wmaybe-uninitialized]
-------------------------------------------------------------------------------
arm-allmodconfig : PASS, 0 errors, 4 warnings, 0 section mismatches
Warnings:
../drivers/mtd/nand/omap2.c:1318:12: warning: 'omap_calculate_ecc_bch_multi' defined but not used [-Wunused-function]
../drivers/media/platform/davinci/vpfe_capture.c:1718:1: warning: label 'unlock_out' defined but not used [-Wunused-label]
../drivers/media/platform/davinci/vpfe_capture.c:291:12: warning: 'vpfe_get_ccdc_image_format' defined but not used [-Wunused-function]
../drivers/net/ethernet/broadcom/genet/bcmgenet.c:1346:17: warning: unused variable 'kdev' [-Wunused-variable]
-------------------------------------------------------------------------------
x86_64-allnoconfig : PASS, 0 errors, 1 warnings, 0 section mismatches
Warnings:
../arch/x86/kernel/cpu/common.c:1095:13: warning: 'syscall32_cpu_init' defined but not used [-Wunused-function]
-------------------------------------------------------------------------------
x86_64-allmodconfig : PASS, 0 errors, 9 warnings, 0 section mismatches
Warnings:
../drivers/media/dvb-frontends/drxd_hard.c:2631:3: warning: this 'if' clause does not guard... [-Wmisleading-indentation]
../drivers/media/dvb-frontends/drxk_hard.c:2223:3: warning: this 'if' clause does not guard... [-Wmisleading-indentation]
../drivers/scsi/fnic/fnic_fcs.c:104:6: warning: this 'else' clause does not guard... [-Wmisleading-indentation]
../drivers/net/wireless/rtlwifi/rtl8723be/hw.c:1132:2: warning: this 'else' clause does not guard... [-Wmisleading-indentation]
../drivers/staging/rtl8192ee/rtl8192ee/hw.c:524:4: warning: this 'if' clause does not guard... [-Wmisleading-indentation]
../drivers/staging/rtl8192ee/rtl8192ee/hw.c:529:5: warning: this 'if' clause does not guard... [-Wmisleading-indentation]
../drivers/staging/rtl8192ee/btcoexist/halbtc8821a2ant.c:2338:2: warning: this 'else' clause does not guard... [-Wmisleading-indentation]
../drivers/staging/vt6656/main_usb.c:1101:7: warning: this 'if' clause does not guard... [-Wmisleading-indentation]
../drivers/staging/vt6656/dpc.c:712:5: warning: this 'if' clause does not guard... [-Wmisleading-indentation]
-------------------------------------------------------------------------------
arm64-defconfig : PASS, 0 errors, 2 warnings, 0 section mismatches
Warnings:
../ipc/sem.c:377:6: warning: '___p1' may be used uninitialized in this function [-Wmaybe-uninitialized]
../ipc/sem.c:377:6: warning: '___p1' may be used uninitialized in this function [-Wmaybe-uninitialized]
-------------------------------------------------------------------------------
Passed with no errors, warnings or mismatches:
arm64-allnoconfig
arm-multi_v7_defconfig
arm-allnoconfig
arm-multi_v5_defconfig
Previously, extcon used the spinlock before calling the notifier_call_chain
to prevent the scheduled out of task and to prevent the notification delay.
When spinlock is locked for sending the notification, deadlock issue
occured on the side of extcon consumer device. To fix this issue,
extcon consumer device should always use the work. it is always not
reasonable to use work.
To fix this issue on extcon consumer device, release locking when sending
the notification of connector state.
Fixes: ab11af049f88 ("extcon: Add the synchronization extcon APIs to support the notification")
Cc: stable(a)vger.kernel.org
Cc: Roger Quadros <rogerq(a)ti.com>
Cc: Kishon Vijay Abraham I <kishon(a)ti.com>
Signed-off-by: Chanwoo Choi <cw00.choi(a)samsung.com>
---
drivers/extcon/extcon.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/extcon/extcon.c b/drivers/extcon/extcon.c
index 8bff5fd18185..f75b08a45d4e 100644
--- a/drivers/extcon/extcon.c
+++ b/drivers/extcon/extcon.c
@@ -433,8 +433,8 @@ int extcon_sync(struct extcon_dev *edev, unsigned int id)
return index;
spin_lock_irqsave(&edev->lock, flags);
-
state = !!(edev->state & BIT(index));
+ spin_unlock_irqrestore(&edev->lock, flags);
/*
* Call functions in a raw notifier chain for the specific one
@@ -448,6 +448,7 @@ int extcon_sync(struct extcon_dev *edev, unsigned int id)
*/
raw_notifier_call_chain(&edev->nh_all, state, edev);
+ spin_lock_irqsave(&edev->lock, flags);
/* This could be in interrupt handler */
prop_buf = (char *)get_zeroed_page(GFP_ATOMIC);
if (!prop_buf) {
--
1.9.1
On 2018/6/8 2:18, Ben Hutchings wrote:
> On Thu, 2018-06-07 at 17:32 +0100, John Garry wrote:
>> On 07/06/2018 15:05, Ben Hutchings wrote:
>>> 3.16.57-rc1 review patch. If anyone has any objections, please let me know.
>>>
>>> ------------------
>>>
>>
>> Hi Ben,
>>
>> I noticed that you are looking to backport this patch to 3.16
>>
>> I am wondering why you are taking this libsas patch (and a couple other
>> libsas patches) in isolation, when these patches were part of a series
>> to fix libsas hotplug issues? I'm not sure if cherry-picking certain
>> patches is ok.
>>
>> Maybe Jason (cc'ed) can comment further.
>
> This one apparently fixed a security issue (CVE-2017-18232), though I'm
> certainly not convinced it's a particularly serious one.
>
> But please send objections to the list, not just privately.
>
Hi Ben,
This patch is in the series below. I recommend to backport them
together. If you really want to do this, I'm happy to help you to
backport them.
1689c9367bfa scsi: libsas: notify event PORTE_BROADCAST_RCVD in
sas_enable_revalidation()
0558f33c06bb scsi: libsas: direct call probe and destruct
517e5153d242 scsi: libsas: use flush_workqueue to process disco events
synchronously
93bdbd06b164 scsi: libsas: Use new workqueue to run sas event and disco
event
8eea9dd84e45 scsi: libsas: make the event threshold configurable
f12486e06ae8 scsi: libsas: shut down the PHY if events reached the threshold
1c393b970e0f scsi: libsas: Use dynamic alloced work to avoid sas event lost
> Ben.
>
>> Thanks,
>> John
>>
>>> From: Jason Yan <yanaijie(a)huawei.com>
>>>
>>> commit 0558f33c06bb910e2879e355192227a8e8f0219d upstream.
>>>
>>> In commit 87c8331fcf72 ("[SCSI] libsas: prevent domain rediscovery
>>> competing with ata error handling") introduced disco mutex to prevent
>>> rediscovery competing with ata error handling and put the whole
>>> revalidation in the mutex. But the rphy add/remove needs to wait for the
>>> error handling which also grabs the disco mutex. This may leads to dead
>>> lock.So the probe and destruct event were introduce to do the rphy
>>> add/remove asynchronously and out of the lock.
>>>
>>> The asynchronously processed workers makes the whole discovery process
>>> not atomic, the other events may interrupt the process. For example,
>>> if a loss of signal event inserted before the probe event, the
>>> sas_deform_port() is called and the port will be deleted.
>>>
>>> And sas_port_delete() may run before the destruct event, but the
>>> port-x:x is the top parent of end device or expander. This leads to
>>> a kernel WARNING such as:
>>>
>>> [ 82.042979] sysfs group 'power' not found for kobject 'phy-1:0:22'
>>> [ 82.042983] ------------[ cut here ]------------
>>> [ 82.042986] WARNING: CPU: 54 PID: 1714 at fs/sysfs/group.c:237
>>> sysfs_remove_group+0x94/0xa0
>>> [ 82.043059] Call trace:
>>> [ 82.043082] [<ffff0000082e7624>] sysfs_remove_group+0x94/0xa0
>>> [ 82.043085] [<ffff00000864e320>] dpm_sysfs_remove+0x60/0x70
>>> [ 82.043086] [<ffff00000863ee10>] device_del+0x138/0x308
>>> [ 82.043089] [<ffff00000869a2d0>] sas_phy_delete+0x38/0x60
>>> [ 82.043091] [<ffff00000869a86c>] do_sas_phy_delete+0x6c/0x80
>>> [ 82.043093] [<ffff00000863dc20>] device_for_each_child+0x58/0xa0
>>> [ 82.043095] [<ffff000008696f80>] sas_remove_children+0x40/0x50
>>> [ 82.043100] [<ffff00000869d1bc>] sas_destruct_devices+0x64/0xa0
>>> [ 82.043102] [<ffff0000080e93bc>] process_one_work+0x1fc/0x4b0
>>> [ 82.043104] [<ffff0000080e96c0>] worker_thread+0x50/0x490
>>> [ 82.043105] [<ffff0000080f0364>] kthread+0xfc/0x128
>>> [ 82.043107] [<ffff0000080836c0>] ret_from_fork+0x10/0x50
>>>
>>> Make probe and destruct a direct call in the disco and revalidate function,
>>> but put them outside the lock. The whole discovery or revalidate won't
>>> be interrupted by other events. And the DISCE_PROBE and DISCE_DESTRUCT
>>> event are deleted as a result of the direct call.
>>>
>>> Introduce a new list to destruct the sas_port and put the port delete after
>>> the destruct. This makes sure the right order of destroying the sysfs
>>> kobject and fix the warning above.
>>>
>>> In sas_ex_revalidate_domain() have a loop to find all broadcasted
>>> device, and sometimes we have a chance to find the same expander twice.
>>> Because the sas_port will be deleted at the end of the whole revalidate
>>> process, sas_port with the same name cannot be added before this.
>>> Otherwise the sysfs will complain of creating duplicate filename. Since
>>> the LLDD will send broadcast for every device change, we can only
>>> process one expander's revalidation.
>>>
>>> [mkp: kbuild test robot warning]
>>>
>>> Signed-off-by: Jason Yan <yanaijie(a)huawei.com>
>>> CC: John Garry <john.garry(a)huawei.com>
>>> CC: Johannes Thumshirn <jthumshirn(a)suse.de>
>>> CC: Ewan Milne <emilne(a)redhat.com>
>>> CC: Christoph Hellwig <hch(a)lst.de>
>>> CC: Tomas Henzl <thenzl(a)redhat.com>
>>> CC: Dan Williams <dan.j.williams(a)intel.com>
>>> Reviewed-by: Hannes Reinecke <hare(a)suse.com>
>>> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com>
>>> [bwh: Backported to 4.9: adjust context]
>>> Signed-off-by: Ben Hutchings <ben(a)decadent.org.uk>
>>> ---
>>> drivers/scsi/libsas/sas_ata.c | 1 -
>>> drivers/scsi/libsas/sas_discover.c | 32 +++++++++++++++++-------------
>>> drivers/scsi/libsas/sas_expander.c | 8 +++-----
>>> drivers/scsi/libsas/sas_internal.h | 1 +
>>> drivers/scsi/libsas/sas_port.c | 3 +++
>>> include/scsi/libsas.h | 3 +--
>>> include/scsi/scsi_transport_sas.h | 1 +
>>> 7 files changed, 27 insertions(+), 22 deletions(-)
>>>
>>> --- a/drivers/scsi/libsas/sas_ata.c
>>> +++ b/drivers/scsi/libsas/sas_ata.c
>>> @@ -782,7 +782,6 @@ int sas_discover_sata(struct domain_devi
>>> if (res)
>>> return res;
>>>
>>> - sas_discover_event(dev->port, DISCE_PROBE);
>>> return 0;
>>> }
>>>
>>> --- a/drivers/scsi/libsas/sas_discover.c
>>> +++ b/drivers/scsi/libsas/sas_discover.c
>>> @@ -212,13 +212,9 @@ void sas_notify_lldd_dev_gone(struct dom
>>> }
>>> }
>>>
>>> -static void sas_probe_devices(struct work_struct *work)
>>> +static void sas_probe_devices(struct asd_sas_port *port)
>>> {
>>> struct domain_device *dev, *n;
>>> - struct sas_discovery_event *ev = to_sas_discovery_event(work);
>>> - struct asd_sas_port *port = ev->port;
>>> -
>>> - clear_bit(DISCE_PROBE, &port->disc.pending);
>>>
>>> /* devices must be domain members before link recovery and probe */
>>> list_for_each_entry(dev, &port->disco_list, disco_list_node) {
>>> @@ -294,7 +290,6 @@ int sas_discover_end_dev(struct domain_d
>>> res = sas_notify_lldd_dev_found(dev);
>>> if (res)
>>> return res;
>>> - sas_discover_event(dev->port, DISCE_PROBE);
>>>
>>> return 0;
>>> }
>>> @@ -353,13 +348,9 @@ static void sas_unregister_common_dev(st
>>> sas_put_device(dev);
>>> }
>>>
>>> -static void sas_destruct_devices(struct work_struct *work)
>>> +void sas_destruct_devices(struct asd_sas_port *port)
>>> {
>>> struct domain_device *dev, *n;
>>> - struct sas_discovery_event *ev = to_sas_discovery_event(work);
>>> - struct asd_sas_port *port = ev->port;
>>> -
>>> - clear_bit(DISCE_DESTRUCT, &port->disc.pending);
>>>
>>> list_for_each_entry_safe(dev, n, &port->destroy_list, disco_list_node) {
>>> list_del_init(&dev->disco_list_node);
>>> @@ -370,6 +361,16 @@ static void sas_destruct_devices(struct
>>> }
>>> }
>>>
>>> +static void sas_destruct_ports(struct asd_sas_port *port)
>>> +{
>>> + struct sas_port *sas_port, *p;
>>> +
>>> + list_for_each_entry_safe(sas_port, p, &port->sas_port_del_list, del_list) {
>>> + list_del_init(&sas_port->del_list);
>>> + sas_port_delete(sas_port);
>>> + }
>>> +}
>>> +
>>> void sas_unregister_dev(struct asd_sas_port *port, struct domain_device *dev)
>>> {
>>> if (!test_bit(SAS_DEV_DESTROY, &dev->state) &&
>>> @@ -384,7 +385,6 @@ void sas_unregister_dev(struct asd_sas_p
>>> if (!test_and_set_bit(SAS_DEV_DESTROY, &dev->state)) {
>>> sas_rphy_unlink(dev->rphy);
>>> list_move_tail(&dev->disco_list_node, &port->destroy_list);
>>> - sas_discover_event(dev->port, DISCE_DESTRUCT);
>>> }
>>> }
>>>
>>> @@ -490,6 +490,8 @@ static void sas_discover_domain(struct w
>>> port->port_dev = NULL;
>>> }
>>>
>>> + sas_probe_devices(port);
>>> +
>>> SAS_DPRINTK("DONE DISCOVERY on port %d, pid:%d, result:%d\n", port->id,
>>> task_pid_nr(current), error);
>>> }
>>> @@ -523,6 +525,10 @@ static void sas_revalidate_domain(struct
>>> port->id, task_pid_nr(current), res);
>>> out:
>>> mutex_unlock(&ha->disco_mutex);
>>> +
>>> + sas_destruct_devices(port);
>>> + sas_destruct_ports(port);
>>> + sas_probe_devices(port);
>>> }
>>>
>>> /* ---------- Events ---------- */
>>> @@ -578,10 +584,8 @@ void sas_init_disc(struct sas_discovery
>>> static const work_func_t sas_event_fns[DISC_NUM_EVENTS] = {
>>> [DISCE_DISCOVER_DOMAIN] = sas_discover_domain,
>>> [DISCE_REVALIDATE_DOMAIN] = sas_revalidate_domain,
>>> - [DISCE_PROBE] = sas_probe_devices,
>>> [DISCE_SUSPEND] = sas_suspend_devices,
>>> [DISCE_RESUME] = sas_resume_devices,
>>> - [DISCE_DESTRUCT] = sas_destruct_devices,
>>> };
>>>
>>> disc->pending = 0;
>>> --- a/drivers/scsi/libsas/sas_expander.c
>>> +++ b/drivers/scsi/libsas/sas_expander.c
>>> @@ -1903,7 +1903,8 @@ static void sas_unregister_devs_sas_addr
>>> sas_port_delete_phy(phy->port, phy->phy);
>>> sas_device_set_phy(found, phy->port);
>>> if (phy->port->num_phys == 0)
>>> - sas_port_delete(phy->port);
>>> + list_add_tail(&phy->port->del_list,
>>> + &parent->port->sas_port_del_list);
>>> phy->port = NULL;
>>> }
>>> }
>>> @@ -2111,7 +2112,7 @@ int sas_ex_revalidate_domain(struct doma
>>> struct domain_device *dev = NULL;
>>>
>>> res = sas_find_bcast_dev(port_dev, &dev);
>>> - while (res == 0 && dev) {
>>> + if (res == 0 && dev) {
>>> struct expander_device *ex = &dev->ex_dev;
>>> int i = 0, phy_id;
>>>
>>> @@ -2123,9 +2124,6 @@ int sas_ex_revalidate_domain(struct doma
>>> res = sas_rediscover(dev, phy_id);
>>> i = phy_id + 1;
>>> } while (i < ex->num_phys);
>>> -
>>> - dev = NULL;
>>> - res = sas_find_bcast_dev(port_dev, &dev);
>>> }
>>> return res;
>>> }
>>> --- a/drivers/scsi/libsas/sas_internal.h
>>> +++ b/drivers/scsi/libsas/sas_internal.h
>>> @@ -100,6 +100,7 @@ int sas_try_ata_reset(struct asd_sas_phy
>>> void sas_hae_reset(struct work_struct *work);
>>>
>>> void sas_free_device(struct kref *kref);
>>> +void sas_destruct_devices(struct asd_sas_port *port);
>>>
>>> #ifdef CONFIG_SCSI_SAS_HOST_SMP
>>> extern int sas_smp_host_handler(struct Scsi_Host *shost, struct request *req,
>>> --- a/drivers/scsi/libsas/sas_port.c
>>> +++ b/drivers/scsi/libsas/sas_port.c
>>> @@ -66,6 +66,7 @@ static void sas_resume_port(struct asd_s
>>> rc = sas_notify_lldd_dev_found(dev);
>>> if (rc) {
>>> sas_unregister_dev(port, dev);
>>> + sas_destruct_devices(port);
>>> continue;
>>> }
>>>
>>> @@ -219,6 +220,7 @@ void sas_deform_port(struct asd_sas_phy
>>>
>>> if (port->num_phys == 1) {
>>> sas_unregister_domain_devices(port, gone);
>>> + sas_destruct_devices(port);
>>> sas_port_delete(port->port);
>>> port->port = NULL;
>>> } else {
>>> @@ -323,6 +325,7 @@ static void sas_init_port(struct asd_sas
>>> INIT_LIST_HEAD(&port->dev_list);
>>> INIT_LIST_HEAD(&port->disco_list);
>>> INIT_LIST_HEAD(&port->destroy_list);
>>> + INIT_LIST_HEAD(&port->sas_port_del_list);
>>> spin_lock_init(&port->phy_list_lock);
>>> INIT_LIST_HEAD(&port->phy_list);
>>> port->ha = sas_ha;
>>> --- a/include/scsi/libsas.h
>>> +++ b/include/scsi/libsas.h
>>> @@ -87,10 +87,8 @@ enum discover_event {
>>> DISCE_DISCOVER_DOMAIN = 0U,
>>> DISCE_REVALIDATE_DOMAIN,
>>> DISCE_PORT_GONE,
>>> - DISCE_PROBE,
>>> DISCE_SUSPEND,
>>> DISCE_RESUME,
>>> - DISCE_DESTRUCT,
>>> DISC_NUM_EVENTS,
>>> };
>>>
>>> @@ -274,6 +272,7 @@ struct asd_sas_port {
>>> struct list_head dev_list;
>>> struct list_head disco_list;
>>> struct list_head destroy_list;
>>> + struct list_head sas_port_del_list;
>>> enum sas_linkrate linkrate;
>>>
>>> struct sas_work work;
>>> --- a/include/scsi/scsi_transport_sas.h
>>> +++ b/include/scsi/scsi_transport_sas.h
>>> @@ -145,6 +145,7 @@ struct sas_port {
>>>
>>> struct mutex phy_list_mutex;
>>> struct list_head phy_list;
>>> + struct list_head del_list; /* libsas only */
>>> };
>>>
>>> #define dev_to_sas_port(d) \
>>>
>>>
>>> .
>>>
>>
>>
Tree/Branch: v4.4.138
Git describe: v4.4.138
Commit: 0bd2bedb35 Linux 4.4.138
Build Time: 63 min 6 sec
Passed: 10 / 10 (100.00 %)
Failed: 0 / 10 ( 0.00 %)
Errors: 0
Warnings: 31
Section Mismatches: 0
-------------------------------------------------------------------------------
defconfigs with issues (other than build errors):
19 warnings 0 mismatches : arm64-allmodconfig
17 warnings 0 mismatches : x86_64-allmodconfig
-------------------------------------------------------------------------------
Warnings Summary: 31
3 warning: (IMA) selects TCG_CRB which has unmet direct dependencies (TCG_TPM && X86 && ACPI)
2 ../drivers/media/dvb-frontends/stv090x.c:4250:1: warning: the frame size of 4832 bytes is larger than 2048 bytes [-Wframe-larger-than=]
2 ../drivers/media/dvb-frontends/stv090x.c:1211:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=]
2 ../drivers/media/dvb-frontends/stv090x.c:1168:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=]
1 ../drivers/net/ethernet/rocker/rocker.c:2172:1: warning: the frame size of 2752 bytes is larger than 2048 bytes [-Wframe-larger-than=]
1 ../drivers/net/ethernet/rocker/rocker.c:2172:1: warning: the frame size of 2720 bytes is larger than 2048 bytes [-Wframe-larger-than=]
1 ../drivers/media/dvb-frontends/stv090x.c:4759:1: warning: the frame size of 2056 bytes is larger than 2048 bytes [-Wframe-larger-than=]
1 ../drivers/media/dvb-frontends/stv090x.c:4565:1: warning: the frame size of 2096 bytes is larger than 2048 bytes [-Wframe-larger-than=]
1 ../drivers/media/dvb-frontends/stv090x.c:4565:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=]
1 ../drivers/media/dvb-frontends/stv090x.c:3436:1: warning: the frame size of 6784 bytes is larger than 2048 bytes [-Wframe-larger-than=]
1 ../drivers/media/dvb-frontends/stv090x.c:3436:1: warning: the frame size of 5280 bytes is larger than 2048 bytes [-Wframe-larger-than=]
1 ../drivers/media/dvb-frontends/stv090x.c:3095:1: warning: the frame size of 5864 bytes is larger than 2048 bytes [-Wframe-larger-than=]
1 ../drivers/media/dvb-frontends/stv090x.c:3095:1: warning: the frame size of 5840 bytes is larger than 2048 bytes [-Wframe-larger-than=]
1 ../drivers/media/dvb-frontends/stv090x.c:2513:1: warning: the frame size of 2304 bytes is larger than 2048 bytes [-Wframe-larger-than=]
1 ../drivers/media/dvb-frontends/stv090x.c:2513:1: warning: the frame size of 2288 bytes is larger than 2048 bytes [-Wframe-larger-than=]
1 ../drivers/media/dvb-frontends/stv090x.c:2141:1: warning: the frame size of 2104 bytes is larger than 2048 bytes [-Wframe-larger-than=]
1 ../drivers/media/dvb-frontends/stv090x.c:2141:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=]
1 ../drivers/media/dvb-frontends/stv090x.c:2073:1: warning: the frame size of 2552 bytes is larger than 2048 bytes [-Wframe-larger-than=]
1 ../drivers/media/dvb-frontends/stv090x.c:2073:1: warning: the frame size of 2544 bytes is larger than 2048 bytes [-Wframe-larger-than=]
1 ../drivers/media/dvb-frontends/stv090x.c:1956:1: warning: the frame size of 3264 bytes is larger than 2048 bytes [-Wframe-larger-than=]
1 ../drivers/media/dvb-frontends/stv090x.c:1956:1: warning: the frame size of 3248 bytes is larger than 2048 bytes [-Wframe-larger-than=]
1 ../drivers/media/dvb-frontends/stv090x.c:1858:1: warning: the frame size of 3008 bytes is larger than 2048 bytes [-Wframe-larger-than=]
1 ../drivers/media/dvb-frontends/stv090x.c:1858:1: warning: the frame size of 2992 bytes is larger than 2048 bytes [-Wframe-larger-than=]
1 ../drivers/media/dvb-frontends/stv090x.c:1599:1: warning: the frame size of 5296 bytes is larger than 2048 bytes [-Wframe-larger-than=]
1 ../drivers/media/dvb-frontends/stv090x.c:1599:1: warning: the frame size of 5280 bytes is larger than 2048 bytes [-Wframe-larger-than=]
1 ../drivers/media/dvb-frontends/stv0367.c:3147:1: warning: the frame size of 4144 bytes is larger than 2048 bytes [-Wframe-larger-than=]
1 ../drivers/media/dvb-frontends/stv0367.c:2490:1: warning: the frame size of 3424 bytes is larger than 2048 bytes [-Wframe-larger-than=]
1 ../drivers/media/dvb-frontends/cxd2841er.c:2401:1: warning: the frame size of 2984 bytes is larger than 2048 bytes [-Wframe-larger-than=]
1 ../drivers/media/dvb-frontends/cxd2841er.c:2401:1: warning: the frame size of 2976 bytes is larger than 2048 bytes [-Wframe-larger-than=]
1 ../drivers/media/dvb-frontends/cxd2841er.c:2282:1: warning: the frame size of 4336 bytes is larger than 2048 bytes [-Wframe-larger-than=]
1 ../drivers/media/dvb-frontends/cxd2841er.c:2282:1: warning: the frame size of 4328 bytes is larger than 2048 bytes [-Wframe-larger-than=]
===============================================================================
Detailed per-defconfig build reports below:
-------------------------------------------------------------------------------
arm64-allmodconfig : PASS, 0 errors, 19 warnings, 0 section mismatches
Warnings:
warning: (IMA) selects TCG_CRB which has unmet direct dependencies (TCG_TPM && X86 && ACPI)
warning: (IMA) selects TCG_CRB which has unmet direct dependencies (TCG_TPM && X86 && ACPI)
warning: (IMA) selects TCG_CRB which has unmet direct dependencies (TCG_TPM && X86 && ACPI)
../drivers/media/dvb-frontends/stv090x.c:1858:1: warning: the frame size of 2992 bytes is larger than 2048 bytes [-Wframe-larger-than=]
../drivers/media/dvb-frontends/stv090x.c:2141:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=]
../drivers/media/dvb-frontends/stv090x.c:2513:1: warning: the frame size of 2288 bytes is larger than 2048 bytes [-Wframe-larger-than=]
../drivers/media/dvb-frontends/stv090x.c:4565:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=]
../drivers/media/dvb-frontends/stv090x.c:1956:1: warning: the frame size of 3248 bytes is larger than 2048 bytes [-Wframe-larger-than=]
../drivers/media/dvb-frontends/stv090x.c:1599:1: warning: the frame size of 5280 bytes is larger than 2048 bytes [-Wframe-larger-than=]
../drivers/media/dvb-frontends/stv090x.c:1211:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=]
../drivers/media/dvb-frontends/stv090x.c:4250:1: warning: the frame size of 4832 bytes is larger than 2048 bytes [-Wframe-larger-than=]
../drivers/media/dvb-frontends/stv090x.c:1168:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=]
../drivers/media/dvb-frontends/stv090x.c:2073:1: warning: the frame size of 2544 bytes is larger than 2048 bytes [-Wframe-larger-than=]
../drivers/media/dvb-frontends/stv090x.c:3095:1: warning: the frame size of 5840 bytes is larger than 2048 bytes [-Wframe-larger-than=]
../drivers/media/dvb-frontends/stv090x.c:3436:1: warning: the frame size of 6784 bytes is larger than 2048 bytes [-Wframe-larger-than=]
../drivers/media/dvb-frontends/stv0367.c:2490:1: warning: the frame size of 3424 bytes is larger than 2048 bytes [-Wframe-larger-than=]
../drivers/media/dvb-frontends/cxd2841er.c:2401:1: warning: the frame size of 2976 bytes is larger than 2048 bytes [-Wframe-larger-than=]
../drivers/media/dvb-frontends/cxd2841er.c:2282:1: warning: the frame size of 4336 bytes is larger than 2048 bytes [-Wframe-larger-than=]
../drivers/net/ethernet/rocker/rocker.c:2172:1: warning: the frame size of 2720 bytes is larger than 2048 bytes [-Wframe-larger-than=]
-------------------------------------------------------------------------------
x86_64-allmodconfig : PASS, 0 errors, 17 warnings, 0 section mismatches
Warnings:
../drivers/media/dvb-frontends/stv090x.c:1858:1: warning: the frame size of 3008 bytes is larger than 2048 bytes [-Wframe-larger-than=]
../drivers/media/dvb-frontends/stv090x.c:2141:1: warning: the frame size of 2104 bytes is larger than 2048 bytes [-Wframe-larger-than=]
../drivers/media/dvb-frontends/stv090x.c:2513:1: warning: the frame size of 2304 bytes is larger than 2048 bytes [-Wframe-larger-than=]
../drivers/media/dvb-frontends/stv090x.c:4565:1: warning: the frame size of 2096 bytes is larger than 2048 bytes [-Wframe-larger-than=]
../drivers/media/dvb-frontends/stv090x.c:1956:1: warning: the frame size of 3264 bytes is larger than 2048 bytes [-Wframe-larger-than=]
../drivers/media/dvb-frontends/stv090x.c:1599:1: warning: the frame size of 5296 bytes is larger than 2048 bytes [-Wframe-larger-than=]
../drivers/media/dvb-frontends/stv090x.c:1211:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=]
../drivers/media/dvb-frontends/stv090x.c:4250:1: warning: the frame size of 4832 bytes is larger than 2048 bytes [-Wframe-larger-than=]
../drivers/media/dvb-frontends/stv090x.c:4759:1: warning: the frame size of 2056 bytes is larger than 2048 bytes [-Wframe-larger-than=]
../drivers/media/dvb-frontends/stv090x.c:1168:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=]
../drivers/media/dvb-frontends/stv090x.c:2073:1: warning: the frame size of 2552 bytes is larger than 2048 bytes [-Wframe-larger-than=]
../drivers/media/dvb-frontends/stv090x.c:3095:1: warning: the frame size of 5864 bytes is larger than 2048 bytes [-Wframe-larger-than=]
../drivers/media/dvb-frontends/stv090x.c:3436:1: warning: the frame size of 5280 bytes is larger than 2048 bytes [-Wframe-larger-than=]
../drivers/media/dvb-frontends/stv0367.c:3147:1: warning: the frame size of 4144 bytes is larger than 2048 bytes [-Wframe-larger-than=]
../drivers/media/dvb-frontends/cxd2841er.c:2401:1: warning: the frame size of 2984 bytes is larger than 2048 bytes [-Wframe-larger-than=]
../drivers/media/dvb-frontends/cxd2841er.c:2282:1: warning: the frame size of 4328 bytes is larger than 2048 bytes [-Wframe-larger-than=]
../drivers/net/ethernet/rocker/rocker.c:2172:1: warning: the frame size of 2752 bytes is larger than 2048 bytes [-Wframe-larger-than=]
-------------------------------------------------------------------------------
Passed with no errors, warnings or mismatches:
arm64-allnoconfig
arm-multi_v5_defconfig
arm-multi_v7_defconfig
x86_64-defconfig
arm-allmodconfig
arm-allnoconfig
x86_64-allnoconfig
arm64-defconfig
Detect when a directory entry is (possibly partially) beyond directory
size and return EIO in that case since it means the filesystem is
corrupted. Otherwise directory operations can further corrupt the
directory and possibly also oops the kernel.
CC: Anatoly Trosinenko <anatoly.trosinenko(a)gmail.com>
CC: stable(a)vger.kernel.org
Reported-by: Anatoly Trosinenko <anatoly.trosinenko(a)gmail.com>
Signed-off-by: Jan Kara <jack(a)suse.cz>
---
fs/udf/directory.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/fs/udf/directory.c b/fs/udf/directory.c
index 0a98a2369738..3835f983cc99 100644
--- a/fs/udf/directory.c
+++ b/fs/udf/directory.c
@@ -152,6 +152,9 @@ struct fileIdentDesc *udf_fileident_read(struct inode *dir, loff_t *nf_pos,
sizeof(struct fileIdentDesc));
}
}
+ /* Got last entry outside of dir size - fs is corrupted! */
+ if (*nf_pos > dir->i_size)
+ return NULL;
return fi;
}
--
2.16.4
SysRq-L and RCU stall detector call arch_trigger_cpumask_backtrace() to
trigger other CPU's backtrace, but its behavior is totally broken. The
root cause is arch_trigger_cpumask_backtrace() use call-function IPI in
irq context, which trigger deadlocks in smp_call_function_single() and
smp_call_function_many().
This patch fix arch_trigger_cpumask_backtrace() by:
1, Use a dedecated IPI (SMP_CPU_BACKTRACE) to trigger backtraces;
2, If myself is in target cpumask, do backtrace and clear myself;
3, Use a spinlock to avoid parallel backtrace output;
4, Handle SMP_CPU_BACKTRACE IPI for Loongson-3.
I have attempted to implement SMP_CPU_BACKTRACE for all MIPS CPUs, but I
failed because some of their IPIs are not extensible. :(
Cc: stable(a)vger.kernel.org
Signed-off-by: Huacai Chen <chenhc(a)lemote.com>
---
arch/mips/include/asm/smp.h | 3 +++
arch/mips/kernel/process.c | 23 ++++++++++++++++++-----
arch/mips/loongson64/loongson-3/smp.c | 6 ++++++
3 files changed, 27 insertions(+), 5 deletions(-)
diff --git a/arch/mips/include/asm/smp.h b/arch/mips/include/asm/smp.h
index 88ebd83..b0521f4 100644
--- a/arch/mips/include/asm/smp.h
+++ b/arch/mips/include/asm/smp.h
@@ -43,6 +43,7 @@ extern int __cpu_logical_map[NR_CPUS];
/* Octeon - Tell another core to flush its icache */
#define SMP_ICACHE_FLUSH 0x4
#define SMP_ASK_C0COUNT 0x8
+#define SMP_CPU_BACKTRACE 0x10
/* Mask of CPUs which are currently definitely operating coherently */
extern cpumask_t cpu_coherent_mask;
@@ -81,6 +82,8 @@ static inline void __cpu_die(unsigned int cpu)
extern void play_dead(void);
#endif
+void arch_dump_stack(void);
+
/*
* This function will set up the necessary IPIs for Linux to communicate
* with the CPUs in mask.
diff --git a/arch/mips/kernel/process.c b/arch/mips/kernel/process.c
index 57028d4..647e15d 100644
--- a/arch/mips/kernel/process.c
+++ b/arch/mips/kernel/process.c
@@ -655,26 +655,39 @@ unsigned long arch_align_stack(unsigned long sp)
return sp & ALMASK;
}
-static void arch_dump_stack(void *info)
+void arch_dump_stack(void)
{
struct pt_regs *regs;
+ static arch_spinlock_t lock = __ARCH_SPIN_LOCK_UNLOCKED;
+ arch_spin_lock(&lock);
regs = get_irq_regs();
if (regs)
show_regs(regs);
dump_stack();
+ arch_spin_unlock(&lock);
}
void arch_trigger_cpumask_backtrace(const cpumask_t *mask, bool exclude_self)
{
long this_cpu = get_cpu();
+ struct cpumask backtrace_mask;
+ extern const struct plat_smp_ops *mp_ops;
+
+ cpumask_copy(&backtrace_mask, mask);
+ if (cpumask_test_cpu(this_cpu, mask)) {
+ if (!exclude_self) {
+ struct pt_regs *regs = get_irq_regs();
+ if (regs)
+ show_regs(regs);
+ dump_stack();
+ }
+ cpumask_clear_cpu(this_cpu, &backtrace_mask);
+ }
- if (cpumask_test_cpu(this_cpu, mask) && !exclude_self)
- dump_stack();
-
- smp_call_function_many(mask, arch_dump_stack, NULL, 1);
+ mp_ops->send_ipi_mask(&backtrace_mask, SMP_CPU_BACKTRACE);
put_cpu();
}
diff --git a/arch/mips/loongson64/loongson-3/smp.c b/arch/mips/loongson64/loongson-3/smp.c
index 8501109..0655114 100644
--- a/arch/mips/loongson64/loongson-3/smp.c
+++ b/arch/mips/loongson64/loongson-3/smp.c
@@ -291,6 +291,12 @@ void loongson3_ipi_interrupt(struct pt_regs *regs)
__wbflush(); /* Let others see the result ASAP */
}
+ if (action & SMP_CPU_BACKTRACE) {
+ irq_enter();
+ arch_dump_stack();
+ irq_exit();
+ }
+
if (irqs) {
int irq;
while ((irq = ffs(irqs))) {
--
2.7.0
The patch titled
Subject: slub: fix failure when we delete and create a slab cache
has been added to the -mm tree. Its filename is
slub-fix-failure-when-we-delete-and-create-a-slab-cache.patch
This patch should soon appear at
http://ozlabs.org/~akpm/mmots/broken-out/slub-fix-failure-when-we-delete-an…
and later at
http://ozlabs.org/~akpm/mmotm/broken-out/slub-fix-failure-when-we-delete-an…
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***
The -mm tree is included into linux-next and is updated
there every 3-4 working days
------------------------------------------------------
From: Mikulas Patocka <mpatocka(a)redhat.com>
Subject: slub: fix failure when we delete and create a slab cache
In kernel 4.17 I removed some code from dm-bufio that did slab cache
merging (21bb13276768) - both slab and slub support merging caches with
identical attributes, so dm-bufio now just calls kmem_cache_create and
relies on implicit merging.
This uncovered a bug in the slub subsystem - if we delete a cache and
immediatelly create another cache with the same attributes, it fails
because of duplicate filename in /sys/kernel/slab/. The slub subsystem
offloads freeing the cache to a workqueue - and if we create the new cache
before the workqueue runs, it complains because of duplicate filename in
sysfs.
This patch fixes the bug by moving the call of kobject_del from
sysfs_slab_remove_workfn to shutdown_cache. kobject_del must be called
while we hold slab_mutex - so that the sysfs entry is deleted before a
cache with the same attributes could be created.
Running device-mapper-test-suite with:
dmtest run --suite thin-provisioning -n /commit_failure_causes_fallback/
triggers:
[ 119.618958] Buffer I/O error on dev dm-0, logical block 1572848, async page read
[ 119.686224] device-mapper: thin: 253:1: metadata operation 'dm_pool_alloc_data_block' failed: error = -5
[ 119.695821] device-mapper: thin: 253:1: aborting current metadata transaction
[ 119.703255] sysfs: cannot create duplicate filename '/kernel/slab/:a-0000144'
[ 119.710394] CPU: 2 PID: 1037 Comm: kworker/u48:1 Not tainted 4.17.0.snitm+ #25
[ 119.717608] Hardware name: Supermicro SYS-1029P-WTR/X11DDW-L, BIOS 2.0a 12/06/2017
[ 119.725177] Workqueue: dm-thin do_worker [dm_thin_pool]
[ 119.730401] Call Trace:
[ 119.732856] dump_stack+0x5a/0x73
[ 119.736173] sysfs_warn_dup+0x58/0x70
[ 119.739839] sysfs_create_dir_ns+0x77/0x80
[ 119.743939] kobject_add_internal+0xba/0x2e0
[ 119.748210] kobject_init_and_add+0x70/0xb0
[ 119.752399] ? sysfs_slab_add+0x101/0x250
[ 119.756409] sysfs_slab_add+0xb1/0x250
[ 119.760161] __kmem_cache_create+0x116/0x150
[ 119.764436] ? number+0x2fb/0x340
[ 119.767755] ? _cond_resched+0x15/0x30
[ 119.771508] create_cache+0xd9/0x1f0
[ 119.775085] kmem_cache_create_usercopy+0x1c1/0x250
[ 119.779965] kmem_cache_create+0x18/0x20
[ 119.783894] dm_bufio_client_create+0x1ae/0x410 [dm_bufio]
[ 119.789380] ? dm_block_manager_alloc_callback+0x20/0x20 [dm_persistent_data]
[ 119.796509] ? kmem_cache_alloc_trace+0xae/0x1d0
[ 119.801131] dm_block_manager_create+0x5e/0x90 [dm_persistent_data]
[ 119.807397] __create_persistent_data_objects+0x38/0x940 [dm_thin_pool]
[ 119.814008] dm_pool_abort_metadata+0x64/0x90 [dm_thin_pool]
[ 119.819669] metadata_operation_failed+0x59/0x100 [dm_thin_pool]
[ 119.825673] alloc_data_block.isra.53+0x86/0x180 [dm_thin_pool]
[ 119.831592] process_cell+0x2a3/0x550 [dm_thin_pool]
[ 119.836558] ? mempool_alloc+0x6f/0x180
[ 119.840400] ? u32_swap+0x10/0x10
[ 119.843717] ? sort+0x17b/0x270
[ 119.846863] ? u32_swap+0x10/0x10
[ 119.850181] do_worker+0x28d/0x8f0 [dm_thin_pool]
[ 119.854890] ? move_linked_works+0x6f/0xa0
[ 119.858989] process_one_work+0x171/0x370
[ 119.862999] worker_thread+0x49/0x3f0
[ 119.866669] kthread+0xf8/0x130
[ 119.869813] ? max_active_store+0x80/0x80
[ 119.873827] ? kthread_bind+0x10/0x10
[ 119.877493] ret_from_fork+0x35/0x40
[ 119.881076] kobject_add_internal failed for :a-0000144 with -EEXIST, don't try to register things with the same name in the same directory.
[ 119.893580] kmem_cache_create(dm_bufio_buffer-16) failed with error -17
Link: http://lkml.kernel.org/r/alpine.LRH.2.02.1806151817130.6333@file01.intranet…
Signed-off-by: Mikulas Patocka <mpatocka(a)redhat.com>
Reported-by: Mike Snitzer <snitzer(a)redhat.com>
Tested-by: Mike Snitzer <snitzer(a)redhat.com>
Cc: Christoph Lameter <cl(a)linux.com>
Cc: Pekka Enberg <penberg(a)kernel.org>
Cc: David Rientjes <rientjes(a)google.com>
Cc: Joonsoo Kim <iamjoonsoo.kim(a)lge.com>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
include/linux/slub_def.h | 4 ++++
mm/slab_common.c | 4 ++++
mm/slub.c | 7 ++++++-
3 files changed, 14 insertions(+), 1 deletion(-)
diff -puN include/linux/slub_def.h~slub-fix-failure-when-we-delete-and-create-a-slab-cache include/linux/slub_def.h
--- a/include/linux/slub_def.h~slub-fix-failure-when-we-delete-and-create-a-slab-cache
+++ a/include/linux/slub_def.h
@@ -155,8 +155,12 @@ struct kmem_cache {
#ifdef CONFIG_SYSFS
#define SLAB_SUPPORTS_SYSFS
+void sysfs_slab_unlink(struct kmem_cache *);
void sysfs_slab_release(struct kmem_cache *);
#else
+static inline void sysfs_slab_unlink(struct kmem_cache *s)
+{
+}
static inline void sysfs_slab_release(struct kmem_cache *s)
{
}
diff -puN mm/slab_common.c~slub-fix-failure-when-we-delete-and-create-a-slab-cache mm/slab_common.c
--- a/mm/slab_common.c~slub-fix-failure-when-we-delete-and-create-a-slab-cache
+++ a/mm/slab_common.c
@@ -567,10 +567,14 @@ static int shutdown_cache(struct kmem_ca
list_del(&s->list);
if (s->flags & SLAB_TYPESAFE_BY_RCU) {
+#ifdef SLAB_SUPPORTS_SYSFS
+ sysfs_slab_unlink(s);
+#endif
list_add_tail(&s->list, &slab_caches_to_rcu_destroy);
schedule_work(&slab_caches_to_rcu_destroy_work);
} else {
#ifdef SLAB_SUPPORTS_SYSFS
+ sysfs_slab_unlink(s);
sysfs_slab_release(s);
#else
slab_kmem_cache_release(s);
diff -puN mm/slub.c~slub-fix-failure-when-we-delete-and-create-a-slab-cache mm/slub.c
--- a/mm/slub.c~slub-fix-failure-when-we-delete-and-create-a-slab-cache
+++ a/mm/slub.c
@@ -5667,7 +5667,6 @@ static void sysfs_slab_remove_workfn(str
kset_unregister(s->memcg_kset);
#endif
kobject_uevent(&s->kobj, KOBJ_REMOVE);
- kobject_del(&s->kobj);
out:
kobject_put(&s->kobj);
}
@@ -5752,6 +5751,12 @@ static void sysfs_slab_remove(struct kme
schedule_work(&s->kobj_remove_work);
}
+void sysfs_slab_unlink(struct kmem_cache *s)
+{
+ if (slab_state >= FULL)
+ kobject_del(&s->kobj);
+}
+
void sysfs_slab_release(struct kmem_cache *s)
{
if (slab_state >= FULL)
_
Patches currently in -mm which might be from mpatocka(a)redhat.com are
slub-fix-failure-when-we-delete-and-create-a-slab-cache.patch
The patch titled
Subject: mm: fix devmem_is_allowed() for sub-page System RAM intersections
has been removed from the -mm tree. Its filename was
mm-fix-devmem_is_allowed-for-sub-page-system-ram-intersections.patch
This patch was dropped because it was merged into mainline or a subsystem tree
------------------------------------------------------
From: Dan Williams <dan.j.williams(a)intel.com>
Subject: mm: fix devmem_is_allowed() for sub-page System RAM intersections
Hussam reports:
I was poking around and for no real reason, I did cat /dev/mem and
strings /dev/mem. Then I saw the following warning in dmesg. I saved it
and rebooted immediately.
memremap attempted on mixed range 0x000000000009c000 size: 0x1000
------------[ cut here ]------------
WARNING: CPU: 0 PID: 11810 at kernel/memremap.c:98 memremap+0x104/0x170
[..]
Call Trace:
xlate_dev_mem_ptr+0x25/0x40
read_mem+0x89/0x1a0
__vfs_read+0x36/0x170
The memremap() implementation checks for attempts to remap System RAM with
MEMREMAP_WB and instead redirects those mapping attempts to the linear
map. However, that only works if the physical address range being
remapped is page aligned. In low memory we have situations like the
following:
00000000-00000fff : Reserved
00001000-0009fbff : System RAM
0009fc00-0009ffff : Reserved
...where System RAM intersects Reserved ranges on a sub-page page
granularity.
Given that devmem_is_allowed() special cases any attempt to map System RAM
in the first 1MB of memory, replace page_is_ram() with the more precise
region_intersects() to trap attempts to map disallowed ranges.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=199999
Link: http://lkml.kernel.org/r/152856436164.18127.2847888121707136898.stgit@dwill…
Fixes: 92281dee825f ("arch: introduce memremap()")
Signed-off-by: Dan Williams <dan.j.williams(a)intel.com>
Reported-by: Hussam Al-Tayeb <me(a)hussam.eu.org>
Tested-by: Hussam Al-Tayeb <me(a)hussam.eu.org>
Cc: Christoph Hellwig <hch(a)lst.de>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
arch/x86/mm/init.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff -puN arch/x86/mm/init.c~mm-fix-devmem_is_allowed-for-sub-page-system-ram-intersections arch/x86/mm/init.c
--- a/arch/x86/mm/init.c~mm-fix-devmem_is_allowed-for-sub-page-system-ram-intersections
+++ a/arch/x86/mm/init.c
@@ -706,7 +706,9 @@ void __init init_mem_mapping(void)
*/
int devmem_is_allowed(unsigned long pagenr)
{
- if (page_is_ram(pagenr)) {
+ if (region_intersects(PFN_PHYS(pagenr), PAGE_SIZE,
+ IORESOURCE_SYSTEM_RAM, IORES_DESC_NONE)
+ != REGION_DISJOINT) {
/*
* For disallowed memory regions in the low 1MB range,
* request that the page be shown as all zeros.
_
Patches currently in -mm which might be from dan.j.williams(a)intel.com are
mm-devm_memremap_pages-mark-devm_memremap_pages-export_symbol_gpl.patch
mm-devm_memremap_pages-handle-errors-allocating-final-devres-action.patch
mm-hmm-use-devm-semantics-for-hmm_devmem_add-remove.patch
mm-hmm-replace-hmm_devmem_pages_create-with-devm_memremap_pages.patch
mm-hmm-mark-hmm_devmem_add-add_resource-export_symbol_gpl.patch
The patch titled
Subject: mm/ksm.c: ignore STABLE_FLAG of rmap_item->address in rmap_walk_ksm()
has been removed from the -mm tree. Its filename was
mm-ksm-ignore-stable_flag-of-rmap_item-address-in-rmap_walk_ksm.patch
This patch was dropped because it was merged into mainline or a subsystem tree
------------------------------------------------------
From: Jia He <jia.he(a)hxt-semitech.com>
Subject: mm/ksm.c: ignore STABLE_FLAG of rmap_item->address in rmap_walk_ksm()
In our armv8a server(QDF2400), I noticed lots of WARN_ON caused by
PAGE_SIZE unaligned for rmap_item->address under memory pressure
tests(start 20 guests and run memhog in the host).
--------------------------begin--------------------------------------
[ 410.853828] WARNING: CPU: 4 PID: 4641 at
arch/arm64/kvm/../../../virt/kvm/arm/mmu.c:1826
kvm_age_hva_handler+0xc0/0xc8
[ 410.864518] Modules linked in: vhost_net vhost tap xt_CHECKSUM
ipt_MASQUERADE nf_nat_masquerade_ipv4 ip6t_rpfilter ipt_REJECT
nf_reject_ipv4 ip6t_REJECT nf_reject_ipv6 xt_conntrack ip_set nfnetlink
ebtable_nat ebtable_broute bridge stp llc ip6table_nat nf_conntrack_ipv6
nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_security
ip6table_raw iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4
nf_nat nf_conntrack iptable_mangle iptable_security iptable_raw
ebtable_filter ebtables ip6table_filter ip6_tables iptable_filter
rpcrdma ib_isert iscsi_target_mod ib_iser libiscsi scsi_transport_iscsi
ib_srpt target_core_mod ib_srp scsi_transport_srp ib_ipoib rdma_ucm
ib_ucm ib_umad rdma_cm ib_cm iw_cm mlx5_ib vfat fat ib_uverbs dm_mirror
dm_region_hash ib_core dm_log dm_mod crc32_ce ipmi_ssif sg nfsd
[ 410.935101] auth_rpcgss nfs_acl lockd grace sunrpc ip_tables xfs
libcrc32c mlx5_core ixgbe mlxfw devlink mdio ahci_platform
libahci_platform qcom_emac libahci hdma hdma_mgmt i2c_qup
[ 410.951369] CPU: 4 PID: 4641 Comm: memhog Tainted: G W
4.17.0-rc3+ #8
[ 410.959104] Hardware name: <snip for confidential issues>
[ 410.969791] pstate: 80400005 (Nzcv daif +PAN -UAO)
[ 410.974575] pc : kvm_age_hva_handler+0xc0/0xc8
[ 410.979012] lr : handle_hva_to_gpa+0xa8/0xe0
[ 410.983274] sp : ffff801761553290
[ 410.986581] x29: ffff801761553290 x28: 0000000000000000
[ 410.991888] x27: 0000000000000002 x26: 0000000000000000
[ 410.997195] x25: ffff801765430058 x24: ffff0000080b5608
[ 411.002501] x23: 0000000000000000 x22: ffff8017ccb84000
[ 411.007807] x21: 0000000003ff0000 x20: ffff8017ccb84000
[ 411.013113] x19: 000000000000fe00 x18: ffff000008fb3c08
[ 411.018419] x17: 0000000000000000 x16: 0060001645820bd3
[ 411.023725] x15: ffff80176aacbc08 x14: 0000000000000000
[ 411.029031] x13: 0000000000000040 x12: 0000000000000228
[ 411.034337] x11: 0000000000000000 x10: 0000000000000000
[ 411.039643] x9 : 0000000000000010 x8 : 0000000000000004
[ 411.044949] x7 : 0000000000000000 x6 : 00008017f0770000
[ 411.050255] x5 : 0000fffda59f0200 x4 : 0000000000000000
[ 411.055561] x3 : 0000000000000000 x2 : 000000000000fe00
[ 411.060867] x1 : 0000000003ff0000 x0 : 0000000020000000
[ 411.066173] Call trace:
[ 411.068614] kvm_age_hva_handler+0xc0/0xc8
[ 411.072703] handle_hva_to_gpa+0xa8/0xe0
[ 411.076619] kvm_age_hva+0x4c/0xe8
[ 411.080014] kvm_mmu_notifier_clear_flush_young+0x54/0x98
[ 411.085408] __mmu_notifier_clear_flush_young+0x6c/0xa0
[ 411.090627] page_referenced_one+0x154/0x1d8
[ 411.094890] rmap_walk_ksm+0x12c/0x1d0
[ 411.098632] rmap_walk+0x94/0xa0
[ 411.101854] page_referenced+0x194/0x1b0
[ 411.105770] shrink_page_list+0x674/0xc28
[ 411.109772] shrink_inactive_list+0x26c/0x5b8
[ 411.114122] shrink_node_memcg+0x35c/0x620
[ 411.118211] shrink_node+0x100/0x430
[ 411.121778] do_try_to_free_pages+0xe0/0x3a8
[ 411.126041] try_to_free_pages+0xe4/0x230
[ 411.130045] __alloc_pages_nodemask+0x564/0xdc0
[ 411.134569] alloc_pages_vma+0x90/0x228
[ 411.138398] do_anonymous_page+0xc8/0x4d0
[ 411.142400] __handle_mm_fault+0x4a0/0x508
[ 411.146489] handle_mm_fault+0xf8/0x1b0
[ 411.150321] do_page_fault+0x218/0x4b8
[ 411.154064] do_translation_fault+0x90/0xa0
[ 411.158239] do_mem_abort+0x68/0xf0
[ 411.161721] el0_da+0x24/0x28
---------------------------end---------------------------------------
In rmap_walk_ksm, the rmap_item->address might still have the STABLE_FLAG,
then the start and end in handle_hva_to_gpa might not be PAGE_SIZE
aligned. Thus it will cause exceptions in handle_hva_to_gpa on arm64.
This patch fixes it by ignoring (not removing) the low bits of address
when doing rmap_walk_ksm.
IMO, it should be backported to stable tree. the stom of WARN_ONs is
very easy for me to reproduce. More than that, I watched a panic (not
reproducible) as follows:
[35380.805825] page:ffff7fe003742d80 count:-4871 mapcount:-2126053375
mapping: (null) index:0x0
[35380.815024] flags: 0x1fffc00000000000()
[35380.818845] raw: 1fffc00000000000 0000000000000000 0000000000000000
ffffecf981470000
[35380.826569] raw: dead000000000100 dead000000000200 ffff8017c001c000
0000000000000000
[35380.834294] page dumped because: nonzero _refcount
[35380.839069] Modules linked in: vhost_net vhost tap ebtable_filter ebtables
ip6table_filter ip6_tables iptable_filter fcoe libfcoe libfc 8021q garp mrp stp
llc scsi_transport_fc openvswitch nf_conntrack_ipv6 nf_nat_ipv6
nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_defrag_ipv6 nf_nat nf_conntrack
vfat fat rpcrdma ib_isert iscsi_target_mod ib_iser libiscsi scsi_transport_iscsi
ib_srpt target_core_mod ib_srp scsi_transport_srp ib_ipoib rdma_ucm ib_ucm
ib_uverbs ib_umad rdma_cm ib_cm iw_cm mlx5_ib ib_core crc32_ce ipmi_ssif tpm_tis
tpm_tis_core sg nfsd auth_rpcgss nfs_acl lockd grace sunrpc dm_multipath
ip_tables xfs libcrc32c mlx5_core mlxfw devlink ahci_platform libahci_platform
libahci qcom_emac sdhci_acpi sdhci hdma mmc_core hdma_mgmt i2c_qup dm_mirror
dm_region_hash dm_log dm_mod
[35380.908341] CPU: 29 PID: 18323 Comm: qemu-kvm Tainted: G W
4.14.15-5.hxt.aarch64 #1
[35380.917107] Hardware name: <snip for confidential issues>
[35380.930909] Call trace:
[35380.933345] [<ffff000008088f00>] dump_backtrace+0x0/0x22c
[35380.938723] [<ffff000008089150>] show_stack+0x24/0x2c
[35380.943759] [<ffff00000893c078>] dump_stack+0x8c/0xb0
[35380.948794] [<ffff00000820ab50>] bad_page+0xf4/0x154
[35380.953740] [<ffff000008211ce8>] free_pages_check_bad+0x90/0x9c
[35380.959642] [<ffff00000820c430>] free_pcppages_bulk+0x464/0x518
[35380.965545] [<ffff00000820db98>] free_hot_cold_page+0x22c/0x300
[35380.971448] [<ffff0000082176fc>] __put_page+0x54/0x60
[35380.976484] [<ffff0000080b1164>] unmap_stage2_range+0x170/0x2b4
[35380.982385] [<ffff0000080b12d8>] kvm_unmap_hva_handler+0x30/0x40
[35380.988375] [<ffff0000080b0104>] handle_hva_to_gpa+0xb0/0xec
[35380.994016] [<ffff0000080b2644>] kvm_unmap_hva_range+0x5c/0xd0
[35380.999833] [<ffff0000080a8054>]
I even injected a fault on purpose in kvm_unmap_hva_range by seting
size=size-0x200, the call trace is similar as above. So I thought the
panic is similarly caused by the root cause of WARN_ON.
Andrea said:
: It looks a straightforward safe fix, on x86 hva_to_gfn_memslot would
: zap those bits and hide the misalignment caused by the low metadata
: bits being erroneously left set in the address, but the arm code
: notices when that's the last page in the memslot and the hva_end is
: getting aligned and the size is below one page.
:
: I think the problem triggers in the addr += PAGE_SIZE of
: unmap_stage2_ptes that never matches end because end is aligned but
: addr is not.
:
: } while (pte++, addr += PAGE_SIZE, addr != end);
:
: x86 again only works on hva_start/hva_end after converting it to
: gfn_start/end and that being in pfn units the bits are zapped before
: they risk to cause trouble.
Jia He said:
: I've tested by myself in arm64 server (QDF2400,46 cpus,96G mem) Without
: this patch, the WARN_ON is very easy for reproducing. After this patch, I
: have run the same benchmarch for a whole day without any WARN_ONs
Link: http://lkml.kernel.org/r/1525403506-6750-1-git-send-email-hejianet@gmail.com
Signed-off-by: Jia He <jia.he(a)hxt-semitech.com>
Reviewed-by: Andrea Arcangeli <aarcange(a)redhat.com>
Tested-by: Jia He <hejianet(a)gmail.com>
Cc: Suzuki K Poulose <Suzuki.Poulose(a)arm.com>
Cc: Minchan Kim <minchan(a)kernel.org>
Cc: Claudio Imbrenda <imbrenda(a)linux.vnet.ibm.com>
Cc: Arvind Yadav <arvind.yadav.cs(a)gmail.com>
Cc: Mike Rapoport <rppt(a)linux.vnet.ibm.com>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
mm/ksm.c | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
diff -puN mm/ksm.c~mm-ksm-ignore-stable_flag-of-rmap_item-address-in-rmap_walk_ksm mm/ksm.c
--- a/mm/ksm.c~mm-ksm-ignore-stable_flag-of-rmap_item-address-in-rmap_walk_ksm
+++ a/mm/ksm.c
@@ -216,6 +216,8 @@ struct rmap_item {
#define SEQNR_MASK 0x0ff /* low bits of unstable tree seqnr */
#define UNSTABLE_FLAG 0x100 /* is a node of the unstable tree */
#define STABLE_FLAG 0x200 /* is listed from the stable tree */
+#define KSM_FLAG_MASK (SEQNR_MASK|UNSTABLE_FLAG|STABLE_FLAG)
+ /* to mask all the flags */
/* The stable and unstable tree heads */
static struct rb_root one_stable_tree[1] = { RB_ROOT };
@@ -2598,10 +2600,15 @@ again:
anon_vma_lock_read(anon_vma);
anon_vma_interval_tree_foreach(vmac, &anon_vma->rb_root,
0, ULONG_MAX) {
+ unsigned long addr;
+
cond_resched();
vma = vmac->vma;
- if (rmap_item->address < vma->vm_start ||
- rmap_item->address >= vma->vm_end)
+
+ /* Ignore the stable/unstable/sqnr flags */
+ addr = rmap_item->address & ~KSM_FLAG_MASK;
+
+ if (addr < vma->vm_start || addr >= vma->vm_end)
continue;
/*
* Initially we examine only the vma which covers this
@@ -2615,8 +2622,7 @@ again:
if (rwc->invalid_vma && rwc->invalid_vma(vma, rwc->arg))
continue;
- if (!rwc->rmap_one(page, vma,
- rmap_item->address, rwc->arg)) {
+ if (!rwc->rmap_one(page, vma, addr, rwc->arg)) {
anon_vma_unlock_read(anon_vma);
return;
}
_
Patches currently in -mm which might be from jia.he(a)hxt-semitech.com are
Tree/Branch: v4.4.137
Git describe: v4.4.137
Commit: ed90fd0cfe Linux 4.4.137
Build Time: 63 min 2 sec
Passed: 10 / 10 (100.00 %)
Failed: 0 / 10 ( 0.00 %)
Errors: 0
Warnings: 31
Section Mismatches: 0
-------------------------------------------------------------------------------
defconfigs with issues (other than build errors):
19 warnings 0 mismatches : arm64-allmodconfig
17 warnings 0 mismatches : x86_64-allmodconfig
-------------------------------------------------------------------------------
Warnings Summary: 31
3 warning: (IMA) selects TCG_CRB which has unmet direct dependencies (TCG_TPM && X86 && ACPI)
2 ../drivers/media/dvb-frontends/stv090x.c:4250:1: warning: the frame size of 4832 bytes is larger than 2048 bytes [-Wframe-larger-than=]
2 ../drivers/media/dvb-frontends/stv090x.c:1211:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=]
2 ../drivers/media/dvb-frontends/stv090x.c:1168:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=]
1 ../drivers/net/ethernet/rocker/rocker.c:2172:1: warning: the frame size of 2752 bytes is larger than 2048 bytes [-Wframe-larger-than=]
1 ../drivers/net/ethernet/rocker/rocker.c:2172:1: warning: the frame size of 2720 bytes is larger than 2048 bytes [-Wframe-larger-than=]
1 ../drivers/media/dvb-frontends/stv090x.c:4759:1: warning: the frame size of 2056 bytes is larger than 2048 bytes [-Wframe-larger-than=]
1 ../drivers/media/dvb-frontends/stv090x.c:4565:1: warning: the frame size of 2096 bytes is larger than 2048 bytes [-Wframe-larger-than=]
1 ../drivers/media/dvb-frontends/stv090x.c:4565:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=]
1 ../drivers/media/dvb-frontends/stv090x.c:3436:1: warning: the frame size of 6784 bytes is larger than 2048 bytes [-Wframe-larger-than=]
1 ../drivers/media/dvb-frontends/stv090x.c:3436:1: warning: the frame size of 5280 bytes is larger than 2048 bytes [-Wframe-larger-than=]
1 ../drivers/media/dvb-frontends/stv090x.c:3095:1: warning: the frame size of 5864 bytes is larger than 2048 bytes [-Wframe-larger-than=]
1 ../drivers/media/dvb-frontends/stv090x.c:3095:1: warning: the frame size of 5840 bytes is larger than 2048 bytes [-Wframe-larger-than=]
1 ../drivers/media/dvb-frontends/stv090x.c:2513:1: warning: the frame size of 2304 bytes is larger than 2048 bytes [-Wframe-larger-than=]
1 ../drivers/media/dvb-frontends/stv090x.c:2513:1: warning: the frame size of 2288 bytes is larger than 2048 bytes [-Wframe-larger-than=]
1 ../drivers/media/dvb-frontends/stv090x.c:2141:1: warning: the frame size of 2104 bytes is larger than 2048 bytes [-Wframe-larger-than=]
1 ../drivers/media/dvb-frontends/stv090x.c:2141:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=]
1 ../drivers/media/dvb-frontends/stv090x.c:2073:1: warning: the frame size of 2552 bytes is larger than 2048 bytes [-Wframe-larger-than=]
1 ../drivers/media/dvb-frontends/stv090x.c:2073:1: warning: the frame size of 2544 bytes is larger than 2048 bytes [-Wframe-larger-than=]
1 ../drivers/media/dvb-frontends/stv090x.c:1956:1: warning: the frame size of 3264 bytes is larger than 2048 bytes [-Wframe-larger-than=]
1 ../drivers/media/dvb-frontends/stv090x.c:1956:1: warning: the frame size of 3248 bytes is larger than 2048 bytes [-Wframe-larger-than=]
1 ../drivers/media/dvb-frontends/stv090x.c:1858:1: warning: the frame size of 3008 bytes is larger than 2048 bytes [-Wframe-larger-than=]
1 ../drivers/media/dvb-frontends/stv090x.c:1858:1: warning: the frame size of 2992 bytes is larger than 2048 bytes [-Wframe-larger-than=]
1 ../drivers/media/dvb-frontends/stv090x.c:1599:1: warning: the frame size of 5296 bytes is larger than 2048 bytes [-Wframe-larger-than=]
1 ../drivers/media/dvb-frontends/stv090x.c:1599:1: warning: the frame size of 5280 bytes is larger than 2048 bytes [-Wframe-larger-than=]
1 ../drivers/media/dvb-frontends/stv0367.c:3147:1: warning: the frame size of 4144 bytes is larger than 2048 bytes [-Wframe-larger-than=]
1 ../drivers/media/dvb-frontends/stv0367.c:2490:1: warning: the frame size of 3424 bytes is larger than 2048 bytes [-Wframe-larger-than=]
1 ../drivers/media/dvb-frontends/cxd2841er.c:2401:1: warning: the frame size of 2984 bytes is larger than 2048 bytes [-Wframe-larger-than=]
1 ../drivers/media/dvb-frontends/cxd2841er.c:2401:1: warning: the frame size of 2976 bytes is larger than 2048 bytes [-Wframe-larger-than=]
1 ../drivers/media/dvb-frontends/cxd2841er.c:2282:1: warning: the frame size of 4336 bytes is larger than 2048 bytes [-Wframe-larger-than=]
1 ../drivers/media/dvb-frontends/cxd2841er.c:2282:1: warning: the frame size of 4328 bytes is larger than 2048 bytes [-Wframe-larger-than=]
===============================================================================
Detailed per-defconfig build reports below:
-------------------------------------------------------------------------------
arm64-allmodconfig : PASS, 0 errors, 19 warnings, 0 section mismatches
Warnings:
warning: (IMA) selects TCG_CRB which has unmet direct dependencies (TCG_TPM && X86 && ACPI)
warning: (IMA) selects TCG_CRB which has unmet direct dependencies (TCG_TPM && X86 && ACPI)
warning: (IMA) selects TCG_CRB which has unmet direct dependencies (TCG_TPM && X86 && ACPI)
../drivers/media/dvb-frontends/stv090x.c:1858:1: warning: the frame size of 2992 bytes is larger than 2048 bytes [-Wframe-larger-than=]
../drivers/media/dvb-frontends/stv090x.c:2141:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=]
../drivers/media/dvb-frontends/stv090x.c:2513:1: warning: the frame size of 2288 bytes is larger than 2048 bytes [-Wframe-larger-than=]
../drivers/media/dvb-frontends/stv090x.c:4565:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=]
../drivers/media/dvb-frontends/stv090x.c:1956:1: warning: the frame size of 3248 bytes is larger than 2048 bytes [-Wframe-larger-than=]
../drivers/media/dvb-frontends/stv090x.c:1599:1: warning: the frame size of 5280 bytes is larger than 2048 bytes [-Wframe-larger-than=]
../drivers/media/dvb-frontends/stv090x.c:1211:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=]
../drivers/media/dvb-frontends/stv090x.c:4250:1: warning: the frame size of 4832 bytes is larger than 2048 bytes [-Wframe-larger-than=]
../drivers/media/dvb-frontends/stv090x.c:1168:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=]
../drivers/media/dvb-frontends/stv090x.c:2073:1: warning: the frame size of 2544 bytes is larger than 2048 bytes [-Wframe-larger-than=]
../drivers/media/dvb-frontends/stv090x.c:3095:1: warning: the frame size of 5840 bytes is larger than 2048 bytes [-Wframe-larger-than=]
../drivers/media/dvb-frontends/stv090x.c:3436:1: warning: the frame size of 6784 bytes is larger than 2048 bytes [-Wframe-larger-than=]
../drivers/media/dvb-frontends/stv0367.c:2490:1: warning: the frame size of 3424 bytes is larger than 2048 bytes [-Wframe-larger-than=]
../drivers/media/dvb-frontends/cxd2841er.c:2401:1: warning: the frame size of 2976 bytes is larger than 2048 bytes [-Wframe-larger-than=]
../drivers/media/dvb-frontends/cxd2841er.c:2282:1: warning: the frame size of 4336 bytes is larger than 2048 bytes [-Wframe-larger-than=]
../drivers/net/ethernet/rocker/rocker.c:2172:1: warning: the frame size of 2720 bytes is larger than 2048 bytes [-Wframe-larger-than=]
-------------------------------------------------------------------------------
x86_64-allmodconfig : PASS, 0 errors, 17 warnings, 0 section mismatches
Warnings:
../drivers/media/dvb-frontends/stv090x.c:1858:1: warning: the frame size of 3008 bytes is larger than 2048 bytes [-Wframe-larger-than=]
../drivers/media/dvb-frontends/stv090x.c:2141:1: warning: the frame size of 2104 bytes is larger than 2048 bytes [-Wframe-larger-than=]
../drivers/media/dvb-frontends/stv090x.c:2513:1: warning: the frame size of 2304 bytes is larger than 2048 bytes [-Wframe-larger-than=]
../drivers/media/dvb-frontends/stv090x.c:4565:1: warning: the frame size of 2096 bytes is larger than 2048 bytes [-Wframe-larger-than=]
../drivers/media/dvb-frontends/stv090x.c:1956:1: warning: the frame size of 3264 bytes is larger than 2048 bytes [-Wframe-larger-than=]
../drivers/media/dvb-frontends/stv090x.c:1599:1: warning: the frame size of 5296 bytes is larger than 2048 bytes [-Wframe-larger-than=]
../drivers/media/dvb-frontends/stv090x.c:1211:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=]
../drivers/media/dvb-frontends/stv090x.c:4250:1: warning: the frame size of 4832 bytes is larger than 2048 bytes [-Wframe-larger-than=]
../drivers/media/dvb-frontends/stv090x.c:4759:1: warning: the frame size of 2056 bytes is larger than 2048 bytes [-Wframe-larger-than=]
../drivers/media/dvb-frontends/stv090x.c:1168:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=]
../drivers/media/dvb-frontends/stv090x.c:2073:1: warning: the frame size of 2552 bytes is larger than 2048 bytes [-Wframe-larger-than=]
../drivers/media/dvb-frontends/stv090x.c:3095:1: warning: the frame size of 5864 bytes is larger than 2048 bytes [-Wframe-larger-than=]
../drivers/media/dvb-frontends/stv090x.c:3436:1: warning: the frame size of 5280 bytes is larger than 2048 bytes [-Wframe-larger-than=]
../drivers/media/dvb-frontends/stv0367.c:3147:1: warning: the frame size of 4144 bytes is larger than 2048 bytes [-Wframe-larger-than=]
../drivers/media/dvb-frontends/cxd2841er.c:2401:1: warning: the frame size of 2984 bytes is larger than 2048 bytes [-Wframe-larger-than=]
../drivers/media/dvb-frontends/cxd2841er.c:2282:1: warning: the frame size of 4328 bytes is larger than 2048 bytes [-Wframe-larger-than=]
../drivers/net/ethernet/rocker/rocker.c:2172:1: warning: the frame size of 2752 bytes is larger than 2048 bytes [-Wframe-larger-than=]
-------------------------------------------------------------------------------
Passed with no errors, warnings or mismatches:
arm64-allnoconfig
arm-multi_v5_defconfig
arm-multi_v7_defconfig
x86_64-defconfig
arm-allmodconfig
arm-allnoconfig
x86_64-allnoconfig
arm64-defconfig
This is the start of the stable review cycle for the 4.17.2 release.
There are 45 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Sat Jun 16 13:21:05 UTC 2018.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.17.2-rc1…
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.17.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 4.17.2-rc1
Bin Liu <b-liu(a)ti.com>
crypto: omap-sham - fix memleak
Michael Ellerman <mpe(a)ellerman.id.au>
crypto: vmx - Remove overly verbose printk from AES XTS init
Michael Ellerman <mpe(a)ellerman.id.au>
crypto: vmx - Remove overly verbose printk from AES init routines
Jan Glauber <jglauber(a)cavium.com>
crypto: cavium - Limit result reading attempts
Jan Glauber <jglauber(a)cavium.com>
crypto: cavium - Fix fallout from CONFIG_VMAP_STACK
Horia Geantă <horia.geanta(a)nxp.com>
crypto: caam - fix size of RSA prime factor q
Horia Geantă <horia.geanta(a)nxp.com>
crypto: caam/qi - fix IV DMA mapping and updating
Horia Geantă <horia.geanta(a)nxp.com>
crypto: caam - fix IV DMA mapping and updating
Horia Geantă <horia.geanta(a)nxp.com>
crypto: caam - fix DMA mapping dir for generated IV
Horia Geantă <horia.geanta(a)nxp.com>
crypto: caam - strip input zeros from RSA input buffer
Johannes Wienke <languitar(a)semipol.de>
Input: elan_i2c - add ELAN0612 (Lenovo v330 14IKB) ACPI ID
Ethan Lee <flibitijibibo(a)gmail.com>
Input: goodix - add new ACPI id for GPD Win 2 touch screen
Gilad Ben-Yossef <gilad(a)benyossef.com>
crypto: ccree - correct host regs offset
Dave Martin <Dave.Martin(a)arm.com>
tty: pl011: Avoid spuriously stuck-off interrupts
Sean Wang <sean.wang(a)mediatek.com>
arm64: defconfig: Enable CONFIG_PINCTRL_MT7622 by default
Stephen Hemminger <stephen(a)networkplumber.org>
doc: fix sysfs ABI documentation
Gil Kupfer <gilkup(a)gmail.com>
vmw_balloon: fixing double free when batching mode is off
Tony Lindgren <tony(a)atomide.com>
serial: 8250: omap: Fix idling of clocks for unused uarts
Marek Szyprowski <m.szyprowski(a)samsung.com>
serial: samsung: fix maxburst parameter for DMA transactions
Sebastian Andrzej Siewior <bigeasy(a)linutronix.de>
tty/serial: atmel: use port->name as name in request_irq()
Geert Uytterhoeven <geert+renesas(a)glider.be>
serial: sh-sci: Stop using printk format %pCr
Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com>
usb: gadget: udc: renesas_usb3: disable the controller's irqs for reconnecting
Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com>
usb: gadget: udc: renesas_usb3: should fail if devm_phy_get() returns error
Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com>
usb: gadget: udc: renesas_usb3: should call devm_phy_get() before add udc
Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com>
usb: gadget: udc: renesas_usb3: should call pm_runtime_enable() before add udc
Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com>
usb: gadget: udc: renesas_usb3: should remove debugfs
Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com>
usb: gadget: udc: renesas_usb3: fix double phy_put()
Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com>
usb: gadget: function: printer: avoid wrong list handling in printer_write()
Heikki Krogerus <heikki.krogerus(a)linux.intel.com>
usb: typec: wcove: Remove dependency on HW FSM
Ruslan Bilovol <ruslan.bilovol(a)gmail.com>
usb: core: message: remove extra endianness conversion in usb_set_isoch_delay
Manu Gautam <mgautam(a)codeaurora.org>
phy: qcom-qusb2: Fix crash if nvmem cell not specified
Ethan Lee <flibitijibibo(a)gmail.com>
Input: xpad - add GPD Win 2 Controller USB IDs
Alexander Kappner <agk(a)godking.net>
usb-storage: Add compatibility quirk flags for G-Technologies G-Drive
Alexander Kappner <agk(a)godking.net>
usb-storage: Add support for FL_ALWAYS_SYNC flag in the UAS driver
Gustavo A. R. Silva <gustavo(a)embeddedor.com>
usbip: vhci_sysfs: fix potential Spectre v1
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
NFC: pn533: don't send USB data off of the stack
Laura Abbott <labbott(a)redhat.com>
staging: android: ion: Switch to pr_warn_once in ion_buffer_destroy
Paolo Bonzini <pbonzini(a)redhat.com>
kvm: x86: use correct privilege level for sgdt/sidt/fxsave/fxrstor access
Paolo Bonzini <pbonzini(a)redhat.com>
KVM: x86: pass kvm_vcpu to kvm_read_guest_virt and kvm_write_guest_virt_system
Felix Wilhelm <fwilhelm(a)google.com>
kvm: nVMX: Enforce cpl=0 for VMX instructions
Michael S. Tsirkin <mst(a)redhat.com>
kvm: fix typo in flag name
Paolo Bonzini <pbonzini(a)redhat.com>
KVM: x86: introduce linear_{read,write}_system
Wanpeng Li <wanpengli(a)tencent.com>
KVM: X86: Fix reserved bits check for MOV to CR3
Bart Van Assche <bart.vanassche(a)wdc.com>
blkdev_report_zones_ioctl(): Use vmalloc() to allocate large buffers
Atul Gupta <atul.gupta(a)chelsio.com>
crypto: chelsio - request to HW should wrap
-------------
Diffstat:
Documentation/ABI/stable/sysfs-bus-vmbus | 40 +++---
Makefile | 4 +-
arch/arm64/configs/defconfig | 1 +
arch/x86/include/asm/kvm_emulate.h | 6 +-
arch/x86/kvm/emulate.c | 76 +++++-----
arch/x86/kvm/vmx.c | 38 +++--
arch/x86/kvm/x86.c | 61 +++++---
arch/x86/kvm/x86.h | 4 +-
block/blk-zoned.c | 8 +-
drivers/crypto/caam/caamalg.c | 231 ++++++++++++++-----------------
drivers/crypto/caam/caamalg_qi.c | 227 +++++++++++++++---------------
drivers/crypto/caam/caampkc.c | 62 ++++++++-
drivers/crypto/caam/caampkc.h | 8 ++
drivers/crypto/cavium/zip/common.h | 21 +++
drivers/crypto/cavium/zip/zip_crypto.c | 22 +--
drivers/crypto/cavium/zip/zip_deflate.c | 4 +-
drivers/crypto/cavium/zip/zip_inflate.c | 4 +-
drivers/crypto/ccree/cc_debugfs.c | 7 +-
drivers/crypto/ccree/cc_driver.c | 8 +-
drivers/crypto/ccree/cc_driver.h | 2 +
drivers/crypto/ccree/cc_host_regs.h | 6 +-
drivers/crypto/chelsio/chcr_ipsec.c | 35 +++--
drivers/crypto/omap-sham.c | 2 +-
drivers/crypto/vmx/aes.c | 2 -
drivers/crypto/vmx/aes_cbc.c | 3 -
drivers/crypto/vmx/aes_ctr.c | 2 -
drivers/crypto/vmx/aes_xts.c | 2 -
drivers/crypto/vmx/ghash.c | 2 -
drivers/input/joystick/xpad.c | 2 +
drivers/input/mouse/elan_i2c_core.c | 1 +
drivers/input/touchscreen/goodix.c | 1 +
drivers/misc/vmw_balloon.c | 23 +--
drivers/nfc/pn533/usb.c | 42 ++++--
drivers/phy/qualcomm/phy-qcom-qusb2.c | 4 +
drivers/staging/android/ion/ion.c | 5 +-
drivers/tty/serial/8250/8250_omap.c | 16 ++-
drivers/tty/serial/amba-pl011.c | 16 +++
drivers/tty/serial/atmel_serial.c | 5 +-
drivers/tty/serial/samsung.c | 7 +-
drivers/tty/serial/sh-sci.c | 4 +-
drivers/usb/core/message.c | 2 +-
drivers/usb/gadget/function/f_printer.c | 6 +-
drivers/usb/gadget/udc/renesas_usb3.c | 37 +++--
drivers/usb/storage/uas.c | 6 +
drivers/usb/storage/unusual_devs.h | 9 ++
drivers/usb/storage/unusual_uas.h | 9 ++
drivers/usb/typec/typec_wcove.c | 30 +++-
drivers/usb/usbip/vhci_sysfs.c | 24 ++--
include/uapi/linux/kvm.h | 4 +-
tools/include/uapi/linux/kvm.h | 4 +-
50 files changed, 685 insertions(+), 460 deletions(-)
This is the start of the stable review cycle for the 4.16.16 release.
There are 43 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Sat Jun 16 13:21:17 UTC 2018.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.16.16-rc…
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.16.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 4.16.16-rc1
Bin Liu <b-liu(a)ti.com>
crypto: omap-sham - fix memleak
Michael Ellerman <mpe(a)ellerman.id.au>
crypto: vmx - Remove overly verbose printk from AES XTS init
Michael Ellerman <mpe(a)ellerman.id.au>
crypto: vmx - Remove overly verbose printk from AES init routines
Jan Glauber <jglauber(a)cavium.com>
crypto: cavium - Limit result reading attempts
Jan Glauber <jglauber(a)cavium.com>
crypto: cavium - Fix fallout from CONFIG_VMAP_STACK
Horia Geantă <horia.geanta(a)nxp.com>
crypto: caam - fix size of RSA prime factor q
Horia Geantă <horia.geanta(a)nxp.com>
crypto: caam/qi - fix IV DMA mapping and updating
Horia Geantă <horia.geanta(a)nxp.com>
crypto: caam - fix IV DMA mapping and updating
Horia Geantă <horia.geanta(a)nxp.com>
crypto: caam - fix DMA mapping dir for generated IV
Horia Geantă <horia.geanta(a)nxp.com>
crypto: caam - strip input zeros from RSA input buffer
Johannes Wienke <languitar(a)semipol.de>
Input: elan_i2c - add ELAN0612 (Lenovo v330 14IKB) ACPI ID
Ethan Lee <flibitijibibo(a)gmail.com>
Input: goodix - add new ACPI id for GPD Win 2 touch screen
Paolo Bonzini <pbonzini(a)redhat.com>
kvm: x86: use correct privilege level for sgdt/sidt/fxsave/fxrstor access
Dave Martin <Dave.Martin(a)arm.com>
tty: pl011: Avoid spuriously stuck-off interrupts
Gil Kupfer <gilkup(a)gmail.com>
vmw_balloon: fixing double free when batching mode is off
Tony Lindgren <tony(a)atomide.com>
serial: 8250: omap: Fix idling of clocks for unused uarts
Marek Szyprowski <m.szyprowski(a)samsung.com>
serial: samsung: fix maxburst parameter for DMA transactions
Sebastian Andrzej Siewior <bigeasy(a)linutronix.de>
tty/serial: atmel: use port->name as name in request_irq()
Geert Uytterhoeven <geert+renesas(a)glider.be>
serial: sh-sci: Stop using printk format %pCr
Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com>
usb: gadget: udc: renesas_usb3: disable the controller's irqs for reconnecting
Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com>
usb: gadget: udc: renesas_usb3: should fail if devm_phy_get() returns error
Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com>
usb: gadget: udc: renesas_usb3: should call devm_phy_get() before add udc
Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com>
usb: gadget: udc: renesas_usb3: should call pm_runtime_enable() before add udc
Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com>
usb: gadget: udc: renesas_usb3: should remove debugfs
Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com>
usb: gadget: udc: renesas_usb3: fix double phy_put()
Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com>
usb: gadget: function: printer: avoid wrong list handling in printer_write()
Heikki Krogerus <heikki.krogerus(a)linux.intel.com>
usb: typec: wcove: Remove dependency on HW FSM
Ruslan Bilovol <ruslan.bilovol(a)gmail.com>
usb: core: message: remove extra endianness conversion in usb_set_isoch_delay
Manu Gautam <mgautam(a)codeaurora.org>
phy: qcom-qusb2: Fix crash if nvmem cell not specified
Ethan Lee <flibitijibibo(a)gmail.com>
Input: xpad - add GPD Win 2 Controller USB IDs
Alexander Kappner <agk(a)godking.net>
usb-storage: Add compatibility quirk flags for G-Technologies G-Drive
Alexander Kappner <agk(a)godking.net>
usb-storage: Add support for FL_ALWAYS_SYNC flag in the UAS driver
Gustavo A. R. Silva <gustavo(a)embeddedor.com>
usbip: vhci_sysfs: fix potential Spectre v1
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
NFC: pn533: don't send USB data off of the stack
Laura Abbott <labbott(a)redhat.com>
staging: android: ion: Switch to pr_warn_once in ion_buffer_destroy
Paolo Bonzini <pbonzini(a)redhat.com>
KVM: x86: pass kvm_vcpu to kvm_read_guest_virt and kvm_write_guest_virt_system
Felix Wilhelm <fwilhelm(a)google.com>
kvm: nVMX: Enforce cpl=0 for VMX instructions
Paolo Bonzini <pbonzini(a)redhat.com>
KVM: x86: introduce linear_{read,write}_system
Wanpeng Li <wanpengli(a)tencent.com>
KVM: X86: Fix reserved bits check for MOV to CR3
Kevin Easton <kevin(a)guarana.org>
af_key: Always verify length of provided sadb_key
Bart Van Assche <bart.vanassche(a)wdc.com>
blkdev_report_zones_ioctl(): Use vmalloc() to allocate large buffers
Atul Gupta <atul.gupta(a)chelsio.com>
crypto: chelsio - request to HW should wrap
Taehee Yoo <ap420073(a)gmail.com>
netfilter: nf_tables: fix NULL pointer dereference on nft_ct_helper_obj_dump()
-------------
Diffstat:
Makefile | 4 +-
arch/x86/include/asm/kvm_emulate.h | 6 +-
arch/x86/kvm/emulate.c | 76 ++++++-----
arch/x86/kvm/vmx.c | 38 +++---
arch/x86/kvm/x86.c | 53 +++++---
arch/x86/kvm/x86.h | 4 +-
block/blk-zoned.c | 8 +-
drivers/crypto/caam/caamalg.c | 231 ++++++++++++++------------------
drivers/crypto/caam/caamalg_qi.c | 227 ++++++++++++++++---------------
drivers/crypto/caam/caampkc.c | 62 ++++++++-
drivers/crypto/caam/caampkc.h | 8 ++
drivers/crypto/cavium/zip/common.h | 21 +++
drivers/crypto/cavium/zip/zip_crypto.c | 22 +--
drivers/crypto/cavium/zip/zip_deflate.c | 4 +-
drivers/crypto/cavium/zip/zip_inflate.c | 4 +-
drivers/crypto/chelsio/chcr_ipsec.c | 35 +++--
drivers/crypto/omap-sham.c | 2 +-
drivers/crypto/vmx/aes.c | 2 -
drivers/crypto/vmx/aes_cbc.c | 3 -
drivers/crypto/vmx/aes_ctr.c | 2 -
drivers/crypto/vmx/aes_xts.c | 2 -
drivers/crypto/vmx/ghash.c | 2 -
drivers/input/joystick/xpad.c | 2 +
drivers/input/mouse/elan_i2c_core.c | 1 +
drivers/input/touchscreen/goodix.c | 1 +
drivers/misc/vmw_balloon.c | 23 +---
drivers/nfc/pn533/usb.c | 42 ++++--
drivers/phy/qualcomm/phy-qcom-qusb2.c | 4 +
drivers/staging/android/ion/ion.c | 5 +-
drivers/tty/serial/8250/8250_omap.c | 16 ++-
drivers/tty/serial/amba-pl011.c | 16 +++
drivers/tty/serial/atmel_serial.c | 5 +-
drivers/tty/serial/samsung.c | 7 +-
drivers/tty/serial/sh-sci.c | 4 +-
drivers/usb/core/message.c | 2 +-
drivers/usb/gadget/function/f_printer.c | 6 +-
drivers/usb/gadget/udc/renesas_usb3.c | 37 +++--
drivers/usb/storage/uas.c | 6 +
drivers/usb/storage/unusual_devs.h | 9 ++
drivers/usb/storage/unusual_uas.h | 9 ++
drivers/usb/typec/typec_wcove.c | 30 ++++-
drivers/usb/usbip/vhci_sysfs.c | 24 ++--
net/key/af_key.c | 45 +++++--
net/netfilter/nft_ct.c | 20 +--
44 files changed, 686 insertions(+), 444 deletions(-)
This is the start of the stable review cycle for the 4.14.50 release.
There are 36 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Sat Jun 16 13:21:44 UTC 2018.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.50-rc…
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 4.14.50-rc1
Bin Liu <b-liu(a)ti.com>
crypto: omap-sham - fix memleak
Michael Ellerman <mpe(a)ellerman.id.au>
crypto: vmx - Remove overly verbose printk from AES XTS init
Michael Ellerman <mpe(a)ellerman.id.au>
crypto: vmx - Remove overly verbose printk from AES init routines
Jan Glauber <jglauber(a)cavium.com>
crypto: cavium - Limit result reading attempts
Jan Glauber <jglauber(a)cavium.com>
crypto: cavium - Fix fallout from CONFIG_VMAP_STACK
Horia Geantă <horia.geanta(a)nxp.com>
crypto: caam - fix size of RSA prime factor q
Horia Geantă <horia.geanta(a)nxp.com>
crypto: caam/qi - fix IV DMA mapping and updating
Horia Geantă <horia.geanta(a)nxp.com>
crypto: caam - fix IV DMA mapping and updating
Horia Geantă <horia.geanta(a)nxp.com>
crypto: caam - fix DMA mapping dir for generated IV
Horia Geantă <horia.geanta(a)nxp.com>
crypto: caam - strip input zeros from RSA input buffer
Johannes Wienke <languitar(a)semipol.de>
Input: elan_i2c - add ELAN0612 (Lenovo v330 14IKB) ACPI ID
Ethan Lee <flibitijibibo(a)gmail.com>
Input: goodix - add new ACPI id for GPD Win 2 touch screen
Paolo Bonzini <pbonzini(a)redhat.com>
kvm: x86: use correct privilege level for sgdt/sidt/fxsave/fxrstor access
Dave Martin <Dave.Martin(a)arm.com>
tty: pl011: Avoid spuriously stuck-off interrupts
Gil Kupfer <gilkup(a)gmail.com>
vmw_balloon: fixing double free when batching mode is off
Tony Lindgren <tony(a)atomide.com>
serial: 8250: omap: Fix idling of clocks for unused uarts
Marek Szyprowski <m.szyprowski(a)samsung.com>
serial: samsung: fix maxburst parameter for DMA transactions
Sebastian Andrzej Siewior <bigeasy(a)linutronix.de>
tty/serial: atmel: use port->name as name in request_irq()
Geert Uytterhoeven <geert+renesas(a)glider.be>
serial: sh-sci: Stop using printk format %pCr
Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com>
usb: gadget: udc: renesas_usb3: disable the controller's irqs for reconnecting
Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com>
usb: gadget: function: printer: avoid wrong list handling in printer_write()
Manu Gautam <mgautam(a)codeaurora.org>
phy: qcom-qusb2: Fix crash if nvmem cell not specified
Ethan Lee <flibitijibibo(a)gmail.com>
Input: xpad - add GPD Win 2 Controller USB IDs
Alexander Kappner <agk(a)godking.net>
usb-storage: Add compatibility quirk flags for G-Technologies G-Drive
Alexander Kappner <agk(a)godking.net>
usb-storage: Add support for FL_ALWAYS_SYNC flag in the UAS driver
Gustavo A. R. Silva <gustavo(a)embeddedor.com>
usbip: vhci_sysfs: fix potential Spectre v1
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
NFC: pn533: don't send USB data off of the stack
Laura Abbott <labbott(a)redhat.com>
staging: android: ion: Switch to pr_warn_once in ion_buffer_destroy
Paolo Bonzini <pbonzini(a)redhat.com>
KVM: x86: pass kvm_vcpu to kvm_read_guest_virt and kvm_write_guest_virt_system
Felix Wilhelm <fwilhelm(a)google.com>
kvm: nVMX: Enforce cpl=0 for VMX instructions
Paolo Bonzini <pbonzini(a)redhat.com>
KVM: x86: introduce linear_{read,write}_system
Wanpeng Li <wanpengli(a)tencent.com>
KVM: X86: Fix reserved bits check for MOV to CR3
Linus Walleij <linus.walleij(a)linaro.org>
gpio: No NULL owner
Kevin Easton <kevin(a)guarana.org>
af_key: Always verify length of provided sadb_key
Bart Van Assche <bart.vanassche(a)wdc.com>
blkdev_report_zones_ioctl(): Use vmalloc() to allocate large buffers
Taehee Yoo <ap420073(a)gmail.com>
netfilter: nf_tables: fix NULL pointer dereference on nft_ct_helper_obj_dump()
-------------
Diffstat:
Makefile | 4 +-
arch/x86/include/asm/kvm_emulate.h | 6 +-
arch/x86/kvm/emulate.c | 76 ++++++-----
arch/x86/kvm/vmx.c | 38 +++---
arch/x86/kvm/x86.c | 53 +++++---
arch/x86/kvm/x86.h | 4 +-
block/blk-zoned.c | 8 +-
drivers/crypto/caam/caamalg.c | 231 ++++++++++++++------------------
drivers/crypto/caam/caamalg_qi.c | 227 ++++++++++++++++---------------
drivers/crypto/caam/caampkc.c | 62 ++++++++-
drivers/crypto/caam/caampkc.h | 8 ++
drivers/crypto/cavium/zip/common.h | 21 +++
drivers/crypto/cavium/zip/zip_crypto.c | 22 +--
drivers/crypto/cavium/zip/zip_deflate.c | 4 +-
drivers/crypto/cavium/zip/zip_inflate.c | 4 +-
drivers/crypto/omap-sham.c | 2 +-
drivers/crypto/vmx/aes.c | 2 -
drivers/crypto/vmx/aes_cbc.c | 3 -
drivers/crypto/vmx/aes_ctr.c | 2 -
drivers/crypto/vmx/aes_xts.c | 2 -
drivers/crypto/vmx/ghash.c | 2 -
drivers/gpio/gpiolib.c | 9 +-
drivers/input/joystick/xpad.c | 2 +
drivers/input/mouse/elan_i2c_core.c | 1 +
drivers/input/touchscreen/goodix.c | 1 +
drivers/misc/vmw_balloon.c | 23 +---
drivers/nfc/pn533/usb.c | 42 ++++--
drivers/phy/qualcomm/phy-qcom-qusb2.c | 4 +
drivers/staging/android/ion/ion.c | 5 +-
drivers/tty/serial/8250/8250_omap.c | 16 ++-
drivers/tty/serial/amba-pl011.c | 16 +++
drivers/tty/serial/atmel_serial.c | 5 +-
drivers/tty/serial/samsung.c | 7 +-
drivers/tty/serial/sh-sci.c | 4 +-
drivers/usb/gadget/function/f_printer.c | 6 +-
drivers/usb/gadget/udc/renesas_usb3.c | 7 +
drivers/usb/storage/uas.c | 6 +
drivers/usb/storage/unusual_devs.h | 9 ++
drivers/usb/storage/unusual_uas.h | 9 ++
drivers/usb/usbip/vhci_sysfs.c | 24 ++--
net/key/af_key.c | 45 +++++--
net/netfilter/nft_ct.c | 20 +--
42 files changed, 629 insertions(+), 413 deletions(-)
This is the start of the stable review cycle for the 4.9.109 release.
There are 30 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Sat Jun 16 13:25:48 UTC 2018.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.109-rc…
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 4.9.109-rc1
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
perf: sync up x86/.../cpufeatures.h
Bin Liu <b-liu(a)ti.com>
crypto: omap-sham - fix memleak
Michael Ellerman <mpe(a)ellerman.id.au>
crypto: vmx - Remove overly verbose printk from AES init routines
Johannes Wienke <languitar(a)semipol.de>
Input: elan_i2c - add ELAN0612 (Lenovo v330 14IKB) ACPI ID
Ethan Lee <flibitijibibo(a)gmail.com>
Input: goodix - add new ACPI id for GPD Win 2 touch screen
Paolo Bonzini <pbonzini(a)redhat.com>
kvm: x86: use correct privilege level for sgdt/sidt/fxsave/fxrstor access
Dave Martin <Dave.Martin(a)arm.com>
tty: pl011: Avoid spuriously stuck-off interrupts
Gil Kupfer <gilkup(a)gmail.com>
vmw_balloon: fixing double free when batching mode is off
Tony Lindgren <tony(a)atomide.com>
serial: 8250: omap: Fix idling of clocks for unused uarts
Marek Szyprowski <m.szyprowski(a)samsung.com>
serial: samsung: fix maxburst parameter for DMA transactions
Sebastian Andrzej Siewior <bigeasy(a)linutronix.de>
tty/serial: atmel: use port->name as name in request_irq()
Geert Uytterhoeven <geert+renesas(a)glider.be>
serial: sh-sci: Stop using printk format %pCr
Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com>
usb: gadget: udc: renesas_usb3: disable the controller's irqs for reconnecting
Alexander Kappner <agk(a)godking.net>
usb-storage: Add compatibility quirk flags for G-Technologies G-Drive
Alexander Kappner <agk(a)godking.net>
usb-storage: Add support for FL_ALWAYS_SYNC flag in the UAS driver
Gustavo A. R. Silva <gustavo(a)embeddedor.com>
usbip: vhci_sysfs: fix potential Spectre v1
Laura Abbott <labbott(a)redhat.com>
staging: android: ion: Switch to pr_warn_once in ion_buffer_destroy
Paolo Bonzini <pbonzini(a)redhat.com>
KVM: x86: pass kvm_vcpu to kvm_read_guest_virt and kvm_write_guest_virt_system
Paolo Bonzini <pbonzini(a)redhat.com>
KVM: x86: introduce linear_{read,write}_system
Linus Walleij <linus.walleij(a)linaro.org>
gpio: No NULL owner
Martin Wilck <mwilck(a)suse.com>
nvmet: don't overwrite identify sn/fr with 0-bytes
Martin Wilck <mwilck(a)suse.com>
nvmet: don't report 0-bytes in serial number
Johannes Thumshirn <jthumshirn(a)suse.de>
nvmet: Move serial number from controller to subsystem
Andy Lutomirski <luto(a)kernel.org>
x86/crypto, x86/fpu: Remove X86_FEATURE_EAGER_FPU #ifdef from the crc32c code
Kevin Easton <kevin(a)guarana.org>
af_key: Always verify length of provided sadb_key
Keith Busch <keith.busch(a)intel.com>
nvme-pci: initialize queue memory before interrupts
Andreas Born <futur.andy(a)googlemail.com>
bonding: require speed/duplex only for 802.3ad, alb and tlb
Mahesh Bandewar <maheshb(a)google.com>
bonding: fix active-backup transition
Mahesh Bandewar <maheshb(a)google.com>
bonding: correctly update link status during mii-commit phase
Andy Lutomirski <luto(a)kernel.org>
x86/fpu: Hard-disable lazy FPU mode
-------------
Diffstat:
Makefile | 4 +-
arch/x86/crypto/crc32c-intel_glue.c | 5 --
arch/x86/include/asm/cpufeatures.h | 2 +-
arch/x86/include/asm/fpu/internal.h | 2 +-
arch/x86/include/asm/kvm_emulate.h | 6 ++-
arch/x86/kernel/fpu/init.c | 91 ++------------------------------
arch/x86/kvm/emulate.c | 72 ++++++++++++-------------
arch/x86/kvm/vmx.c | 23 ++++----
arch/x86/kvm/x86.c | 51 +++++++++++++-----
arch/x86/kvm/x86.h | 4 +-
drivers/crypto/omap-sham.c | 2 +-
drivers/crypto/vmx/aes.c | 2 -
drivers/crypto/vmx/aes_cbc.c | 2 -
drivers/crypto/vmx/aes_ctr.c | 2 -
drivers/crypto/vmx/ghash.c | 2 -
drivers/gpio/gpiolib.c | 9 +++-
drivers/input/mouse/elan_i2c_core.c | 1 +
drivers/input/touchscreen/goodix.c | 1 +
drivers/misc/vmw_balloon.c | 23 +++-----
drivers/net/bonding/bond_main.c | 22 ++++----
drivers/nvme/host/pci.c | 4 +-
drivers/nvme/target/admin-cmd.c | 22 +++++---
drivers/nvme/target/core.c | 5 +-
drivers/nvme/target/nvmet.h | 2 +-
drivers/staging/android/ion/ion.c | 5 +-
drivers/tty/serial/8250/8250_omap.c | 16 +++++-
drivers/tty/serial/amba-pl011.c | 16 ++++++
drivers/tty/serial/atmel_serial.c | 5 +-
drivers/tty/serial/samsung.c | 7 +--
drivers/tty/serial/sh-sci.c | 4 +-
drivers/usb/gadget/udc/renesas_usb3.c | 7 +++
drivers/usb/storage/uas.c | 6 +++
drivers/usb/storage/unusual_devs.h | 9 ++++
drivers/usb/storage/unusual_uas.h | 9 ++++
drivers/usb/usbip/vhci_sysfs.c | 24 ++++++---
include/net/bonding.h | 5 ++
net/key/af_key.c | 45 ++++++++++++----
tools/arch/x86/include/asm/cpufeatures.h | 2 +-
38 files changed, 274 insertions(+), 245 deletions(-)
32bit UML used to define PTRACE_SYSEMU and PTRACE_SYSEMU_SINGLESTEP
own its own because many years ago not all libcs had these request codes
in their UAPI.
These days PTRACE_SYSEMU/_SINGLESTEP is well known and part of glibc
and our own define becomes problematic.
With change c48831d0eebf ("linux/x86: sync sys/ptrace.h with Linux 4.14
[BZ #22433]") glibc turned PTRACE_SYSEMU/_SINGLESTEP into a enum and
UML failed to build.
Let's drop our define and rely on the fact that every libc has
PTRACE_SYSEMU/_SINGLESTEP.
Cc: <stable(a)vger.kernel.org>
Cc: Ritesh Raj Sarraf <rrs(a)researchut.com>
Reported-and-tested-by: Ritesh Raj Sarraf <rrs(a)researchut.com>
Signed-off-by: Richard Weinberger <richard(a)nod.at>
---
arch/x86/um/shared/sysdep/ptrace_32.h | 10 ----------
1 file changed, 10 deletions(-)
diff --git a/arch/x86/um/shared/sysdep/ptrace_32.h b/arch/x86/um/shared/sysdep/ptrace_32.h
index b94a108de1dc..ae00d22bce02 100644
--- a/arch/x86/um/shared/sysdep/ptrace_32.h
+++ b/arch/x86/um/shared/sysdep/ptrace_32.h
@@ -10,20 +10,10 @@
static inline void update_debugregs(int seq) {}
-/* syscall emulation path in ptrace */
-
-#ifndef PTRACE_SYSEMU
-#define PTRACE_SYSEMU 31
-#endif
-
void set_using_sysemu(int value);
int get_using_sysemu(void);
extern int sysemu_supported;
-#ifndef PTRACE_SYSEMU_SINGLESTEP
-#define PTRACE_SYSEMU_SINGLESTEP 32
-#endif
-
#define UPT_SYSCALL_ARG1(r) UPT_BX(r)
#define UPT_SYSCALL_ARG2(r) UPT_CX(r)
#define UPT_SYSCALL_ARG3(r) UPT_DX(r)
--
2.13.6
Yu,
Regarding your patch to disable AVX with eager fpu disabled in the 4.4
stable queue:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tre…
Why would this be necessary? In the Intel SDM Vol 2, Chapter 2.4,
FPU/SIMD instructions are grouped into different classes and for all of
them CR0.TS triggers a #NM exception in all modes but real mode and
virtual 8086 mode.
It seems to me lazy context switching of AVX is perfectly functional
(disregarding the recently disclosed security issue). Am I missing
something?
Julian