- Linux-stable-mirror - lists.linaro.org

[PATCH stable 4.4 V2 0/6] fix SegmentSmack in stable branch (CVE-2018-5390)

by Mao Wenan

There are five patches to fix CVE-2018-5390 in latest mainline branch, but only two patches exist in stable 4.4 and 3.18: dc6ae4d tcp: detect malicious patterns in tcp_collapse_ofo_queue() 5fbec48 tcp: avoid collapses in tcp_prune_queue() if possible I have tested with stable 4.4 kernel, and found the cpu usage was very high. So I think only two patches can't fix the CVE-2018-5390. test results: with fix patch： 78.2% ksoftirqd withoutfix patch： 90% ksoftirqd Then I try to imitate 72cd43ba(tcp: free batches of packets in tcp_prune_ofo_queue()) to drop at least 12.5 % of sk_rcvbuf to avoid malicious attacks with simple queue instead of RB tree. The result is not very well. After analysing the codes of stable 4.4, and debuging the system, shows that search of ofo_queue(tcp ofo using a simple queue) cost more cycles. So I try to backport "tcp: use an RB tree for ooo receive queue" using RB tree instead of simple queue, then backport Eric Dumazet 5 fixed patches in mainline, good news is that ksoftirqd is turn to about 20%, which is the same with mainline now. Stable 4.4 have already back port two patches, f4a3313d(tcp: avoid collapses in tcp_prune_queue() if possible) 3d4bf93a(tcp: detect malicious patterns in tcp_collapse_ofo_queue()) If we want to change simple queue to RB tree to finally resolve, we should apply previous patch 9f5afeae(tcp: use an RB tree for ooo receive queue.) firstly, but 9f5afeae have many conflicts with 3d4bf93a and f4a3313d, which are part of patch series from Eric in mainline to fix CVE-2018-5390, so I need revert part of patches in stable 4.4 firstly, then apply 9f5afeae, and reapply five patches from Eric. V1->V2: 1) Don't revert 3d4bf93a and f4a3313d firstly, all of 6 patches based on 4.4.155. 2) Add one bug fix patch for RB tree:76f0dcbb5ae1a7c3dbeec13dd98233b8e6b0b32a tcp: fix a stale ooo_last_skb Eric Dumazet (5): tcp: increment sk_drops for dropped rx packets tcp: fix a stale ooo_last_skb after a replace tcp: free batches of packets in tcp_prune_ofo_queue() tcp: call tcp_drop() from tcp_data_queue_ofo() tcp: add tcp_ooo_try_coalesce() helper Yaogong Wang (1): tcp: use an RB tree for ooo receive queue include/linux/skbuff.h | 8 + include/linux/tcp.h | 7 +- include/net/sock.h | 7 + include/net/tcp.h | 2 +- net/core/skbuff.c | 19 +++ net/ipv4/tcp.c | 4 +- net/ipv4/tcp_input.c | 417 +++++++++++++++++++++++++++++------------------ net/ipv4/tcp_ipv4.c | 3 +- net/ipv4/tcp_minisocks.c | 1 - net/ipv6/tcp_ipv6.c | 1 + 10 files changed, 297 insertions(+), 172 deletions(-) -- 1.8.3.1

7 years, 1 month

3
9
0 0

[PATCH 4.4-stable] jffs2: return -ERANGE when xattr buffer is too small

by Hou Tao

Hi Greg, The problem had been fixed by 764a5c6b1fa4 ("xattr handlers: Simplify list operation") in v4.5-rc1, but the modification in that commit may be too much because it modifies all file-systems which implement xattr, so I create a single patch for jffs2 to fix the problem. Which one is your preference ? Hi Andreas, Could you please help review the patch ? Thanks, Tao --- From: Hou Tao <houtao1(a)huawei.com> When a file have multiple xattrs and the passed buffer is smaller than the required size, jffs2_listxattr() should return -ERANGE instead of continue, else Oops may occurs due to memory corruption. Also remove the unnecessary check ("rc < 0"), because xhandle->list(...) will not return an error number. Spotted by generic/377 in xfstests-dev. Signed-off-by: Hou Tao <houtao1(a)huawei.com> --- fs/jffs2/xattr.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/fs/jffs2/xattr.c b/fs/jffs2/xattr.c index 4c2c03663533..8e1427762eeb 100644 --- a/fs/jffs2/xattr.c +++ b/fs/jffs2/xattr.c @@ -1004,12 +1004,14 @@ ssize_t jffs2_listxattr(struct dentry *dentry, char *buffer, size_t size) rc = xhandle->list(xhandle, dentry, buffer + len, size - len, xd->xname, xd->name_len); + if (rc > size - len) { + rc = -ERANGE; + goto out; + } } else { rc = xhandle->list(xhandle, dentry, NULL, 0, xd->xname, xd->name_len); } - if (rc < 0) - goto out; len += rc; } rc = len; --

7 years, 1 month

2
1
0 0

[PATCH] HID: wacom: Work around HID descriptor bug in DTK-2451 and DTH-2452

by Jason Gerecke

The DTK-2451 and DTH-2452 have a buggy HID descriptor which incorrectly contains a Cintiq-like report, complete with pen tilt, rotation, twist, serial number, etc. The hardware doesn't actually support this data but our driver duitifully sets up the device as though it does. To ensure userspace has a correct view of devices without updated firmware, we clean up this incorrect data in wacom_setup_device_quirks. We're also careful to clear the WACOM_QUIRK_TOOLSERIAL flag since its presence causes the driver to wait for serial number information (via wacom_wac_pen_serial_enforce) that never comes, resulting in the pen being non-responsive. Signed-off-by: Jason Gerecke <jason.gerecke(a)wacom.com> Fixes: 8341720642 ("HID: wacom: Queue events with missing type/serial data for later processing") Cc: stable(a)vger.kernel.org # v4.16+ --- drivers/hid/wacom_wac.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/drivers/hid/wacom_wac.c b/drivers/hid/wacom_wac.c index e0a06be5ef5c..b4b4a30e3982 100644 --- a/drivers/hid/wacom_wac.c +++ b/drivers/hid/wacom_wac.c @@ -3335,6 +3335,7 @@ static void wacom_setup_intuos(struct wacom_wac *wacom_wac) void wacom_setup_device_quirks(struct wacom *wacom) { + struct wacom_wac *wacom_wac = &wacom->wacom_wac; struct wacom_features *features = &wacom->wacom_wac.features; /* The pen and pad share the same interface on most devices */ @@ -3464,6 +3465,25 @@ void wacom_setup_device_quirks(struct wacom *wacom) if (features->type == REMOTE) features->device_type |= WACOM_DEVICETYPE_WL_MONITOR; + + /* HID descriptor for DTK-2451 / DTH-2452 claims to report lots + * of things it shouldn't. Lets fix up the damage... + */ + if (wacom->hdev->product == 0x382 || wacom->hdev->product == 0x37d) { + features->quirks &= ~WACOM_QUIRK_TOOLSERIAL; + __clear_bit(BTN_TOOL_BRUSH, wacom_wac->pen_input->keybit); + __clear_bit(BTN_TOOL_PENCIL, wacom_wac->pen_input->keybit); + __clear_bit(BTN_TOOL_AIRBRUSH, wacom_wac->pen_input->keybit); + __clear_bit(ABS_Z, wacom_wac->pen_input->absbit); + __clear_bit(ABS_DISTANCE, wacom_wac->pen_input->absbit); + __clear_bit(ABS_TILT_X, wacom_wac->pen_input->absbit); + __clear_bit(ABS_TILT_Y, wacom_wac->pen_input->absbit); + __clear_bit(ABS_WHEEL, wacom_wac->pen_input->absbit); + __clear_bit(ABS_MISC, wacom_wac->pen_input->absbit); + __clear_bit(MSC_SERIAL, wacom_wac->pen_input->mscbit); + __clear_bit(EV_MSC, wacom_wac->pen_input->evbit); + } } int wacom_setup_pen_input_capabilities(struct input_dev *input_dev, -- 2.19.1

7 years, 1 month

2
1
0 0

[PATCH 1/1] crypto:chelsio: Fix memory corruption in DMA Mapped buffers.

by Harsh Jain

commit add92a817e60e308a419693413a38d9d1e663aff upstream Update PCI Id in "cpl_rx_phys_dsgl" header. In case pci_chan_id and tx_chan_id are not derived from same queue, H/W can send request completion indication before completing DMA Transfer. Cc: <stable(a)vger.kernel.org> # 4.14.x Signed-off-by: Harsh Jain <harsh(a)chelsio.com> --- drivers/crypto/chelsio/chcr_algo.c | 41 ++++++++++++++++++++++++------------ drivers/crypto/chelsio/chcr_crypto.h | 2 ++ 2 files changed, 29 insertions(+), 14 deletions(-) diff --git a/drivers/crypto/chelsio/chcr_algo.c b/drivers/crypto/chelsio/chcr_algo.c index 0e81607..bb7b59f 100644 --- a/drivers/crypto/chelsio/chcr_algo.c +++ b/drivers/crypto/chelsio/chcr_algo.c @@ -384,7 +384,8 @@ static inline int is_hmac(struct crypto_tfm *tfm) static void write_phys_cpl(struct cpl_rx_phys_dsgl *phys_cpl, struct scatterlist *sg, - struct phys_sge_parm *sg_param) + struct phys_sge_parm *sg_param, + int pci_chan_id) { struct phys_sge_pairs *to; unsigned int len = 0, left_size = sg_param->obsize; @@ -402,6 +403,7 @@ static void write_phys_cpl(struct cpl_rx_phys_dsgl *phys_cpl, phys_cpl->rss_hdr_int.opcode = CPL_RX_PHYS_ADDR; phys_cpl->rss_hdr_int.qid = htons(sg_param->qid); phys_cpl->rss_hdr_int.hash_val = 0; + phys_cpl->rss_hdr_int.channel = pci_chan_id; to = (struct phys_sge_pairs *)((unsigned char *)phys_cpl + sizeof(struct cpl_rx_phys_dsgl)); for (i = 0; nents && left_size; to++) { @@ -418,7 +420,8 @@ static void write_phys_cpl(struct cpl_rx_phys_dsgl *phys_cpl, static inline int map_writesg_phys_cpl(struct device *dev, struct cpl_rx_phys_dsgl *phys_cpl, struct scatterlist *sg, - struct phys_sge_parm *sg_param) + struct phys_sge_parm *sg_param, + int pci_chan_id) { if (!sg || !sg_param->nents) return -EINVAL; @@ -428,7 +431,7 @@ static inline int map_writesg_phys_cpl(struct device *dev, pr_err("CHCR : DMA mapping failed\n"); return -EINVAL; } - write_phys_cpl(phys_cpl, sg, sg_param); + write_phys_cpl(phys_cpl, sg, sg_param, pci_chan_id); return 0; } @@ -608,7 +611,7 @@ static inline void create_wreq(struct chcr_context *ctx, is_iv ? iv_loc : IV_NOP, !!lcb, ctx->tx_qidx); - chcr_req->ulptx.cmd_dest = FILL_ULPTX_CMD_DEST(ctx->dev->tx_channel_id, + chcr_req->ulptx.cmd_dest = FILL_ULPTX_CMD_DEST(ctx->tx_chan_id, qid); chcr_req->ulptx.len = htonl((DIV_ROUND_UP((calc_tx_flits_ofld(skb) * 8), 16) - ((sizeof(chcr_req->wreq)) >> 4))); @@ -698,7 +701,8 @@ static struct sk_buff *create_cipher_wr(struct cipher_wr_param *wrparam) sg_param.obsize = wrparam->bytes; sg_param.qid = wrparam->qid; error = map_writesg_phys_cpl(&u_ctx->lldi.pdev->dev, phys_cpl, - reqctx->dst, &sg_param); + reqctx->dst, &sg_param, + ctx->pci_chan_id); if (error) goto map_fail1; @@ -1228,16 +1232,23 @@ static int chcr_device_init(struct chcr_context *ctx) adap->vres.ncrypto_fc); rxq_perchan = u_ctx->lldi.nrxq / u_ctx->lldi.nchan; txq_perchan = ntxq / u_ctx->lldi.nchan; - rxq_idx = ctx->dev->tx_channel_id * rxq_perchan; - rxq_idx += id % rxq_perchan; - txq_idx = ctx->dev->tx_channel_id * txq_perchan; - txq_idx += id % txq_perchan; spin_lock(&ctx->dev->lock_chcr_dev); - ctx->rx_qidx = rxq_idx; - ctx->tx_qidx = txq_idx; + ctx->tx_chan_id = ctx->dev->tx_channel_id; ctx->dev->tx_channel_id = !ctx->dev->tx_channel_id; ctx->dev->rx_channel_id = 0; spin_unlock(&ctx->dev->lock_chcr_dev); + rxq_idx = ctx->tx_chan_id * rxq_perchan; + rxq_idx += id % rxq_perchan; + txq_idx = ctx->tx_chan_id * txq_perchan; + txq_idx += id % txq_perchan; + ctx->rx_qidx = rxq_idx; + ctx->tx_qidx = txq_idx; + /* Channel Id used by SGE to forward packet to Host. + * Same value should be used in cpl_fw6_pld RSS_CH field + * by FW. Driver programs PCI channel ID to be used in fw + * at the time of queue allocation with value "pi->tx_chan" + */ + ctx->pci_chan_id = txq_idx / txq_perchan; } out: return err; @@ -2066,7 +2077,8 @@ static struct sk_buff *create_authenc_wr(struct aead_request *req, sg_param.obsize = req->cryptlen + (op_type ? -authsize : authsize); sg_param.qid = qid; error = map_writesg_phys_cpl(&u_ctx->lldi.pdev->dev, phys_cpl, - reqctx->dst, &sg_param); + reqctx->dst, &sg_param, + ctx->pci_chan_id); if (error) goto dstmap_fail; @@ -2389,7 +2401,7 @@ static struct sk_buff *create_aead_ccm_wr(struct aead_request *req, sg_param.obsize = req->cryptlen + (op_type ? -authsize : authsize); sg_param.qid = qid; error = map_writesg_phys_cpl(&u_ctx->lldi.pdev->dev, phys_cpl, - reqctx->dst, &sg_param); + reqctx->dst, &sg_param, ctx->pci_chan_id); if (error) goto dstmap_fail; @@ -2545,7 +2557,8 @@ static struct sk_buff *create_gcm_wr(struct aead_request *req, sg_param.obsize = req->cryptlen + (op_type ? -authsize : authsize); sg_param.qid = qid; error = map_writesg_phys_cpl(&u_ctx->lldi.pdev->dev, phys_cpl, - reqctx->dst, &sg_param); + reqctx->dst, &sg_param, + ctx->pci_chan_id); if (error) goto dstmap_fail; diff --git a/drivers/crypto/chelsio/chcr_crypto.h b/drivers/crypto/chelsio/chcr_crypto.h index 30af1ee..e039d9a 100644 --- a/drivers/crypto/chelsio/chcr_crypto.h +++ b/drivers/crypto/chelsio/chcr_crypto.h @@ -222,6 +222,8 @@ struct chcr_context { struct chcr_dev *dev; unsigned char tx_qidx; unsigned char rx_qidx; + unsigned char tx_chan_id; + unsigned char pci_chan_id; struct __crypto_ctx crypto_ctx[0]; }; -- 2.1.4

7 years, 1 month

2
1
0 0

[PATCH backport for 4.9] x86/mm: Expand static page table for fixmap space

by Feng Tang

commit 05ab1d8a4b36ee912b7087c6da127439ed0a903e upstream We met a kernel panic when enabling earlycon, which is due to the fixmap address of earlycon is not statically setup. Currently the static fixmap setup in head_64.S only covers 2M virtual address space, while it actually could be in 4M space with different kernel configurations, e.g. when VSYSCALL emulation is disabled. So increase the static space to 4M for now by defining FIXMAP_PMD_NUM to 2, and add a build time check to ensure that the fixmap is covered by the initial static page tables. Fixes: 1ad83c858c7d ("x86_64,vsyscall: Make vsyscall emulation configurable") Suggested-by: Thomas Gleixner <tglx(a)linutronix.de> Signed-off-by: Feng Tang <feng.tang(a)intel.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: <stable(a)vger.kernel.org> # v4.9 Cc: Juergen Gross <jgross(a)suse.com> Cc: H Peter Anvin <hpa(a)linux.intel.com> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Michal Hocko <mhocko(a)kernel.org> Cc: Yinghai Lu <yinghai(a)kernel.org> Cc: Dave Hansen <dave.hansen(a)intel.com> Cc: Andi Kleen <ak(a)linux.intel.com> Cc: Andy Lutomirsky <luto(a)kernel.org> --- arch/x86/include/asm/fixmap.h | 10 ++++++++++ arch/x86/include/asm/pgtable_64.h | 3 ++- arch/x86/kernel/head_64.S | 16 ++++++++++++---- arch/x86/mm/pgtable.c | 9 +++++++++ arch/x86/xen/mmu.c | 8 ++++++-- 5 files changed, 39 insertions(+), 7 deletions(-) diff --git a/arch/x86/include/asm/fixmap.h b/arch/x86/include/asm/fixmap.h index 8554f960..2515284 100644 --- a/arch/x86/include/asm/fixmap.h +++ b/arch/x86/include/asm/fixmap.h @@ -14,6 +14,16 @@ #ifndef _ASM_X86_FIXMAP_H #define _ASM_X86_FIXMAP_H +/* + * Exposed to assembly code for setting up initial page tables. Cannot be + * calculated in assembly code (fixmap entries are an enum), but is sanity + * checked in the actual fixmap C code to make sure that the fixmap is + * covered fully. + */ +#define FIXMAP_PMD_NUM 2 +/* fixmap starts downwards from the 507th entry in level2_fixmap_pgt */ +#define FIXMAP_PMD_TOP 507 + #ifndef __ASSEMBLY__ #include <linux/kernel.h> #include <asm/acpi.h> diff --git a/arch/x86/include/asm/pgtable_64.h b/arch/x86/include/asm/pgtable_64.h index 221a32e..d5c4df9 100644 --- a/arch/x86/include/asm/pgtable_64.h +++ b/arch/x86/include/asm/pgtable_64.h @@ -13,13 +13,14 @@ #include <asm/processor.h> #include <linux/bitops.h> #include <linux/threads.h> +#include <asm/fixmap.h> extern pud_t level3_kernel_pgt[512]; extern pud_t level3_ident_pgt[512]; extern pmd_t level2_kernel_pgt[512]; extern pmd_t level2_fixmap_pgt[512]; extern pmd_t level2_ident_pgt[512]; -extern pte_t level1_fixmap_pgt[512]; +extern pte_t level1_fixmap_pgt[512 * FIXMAP_PMD_NUM]; extern pgd_t init_level4_pgt[]; #define swapper_pg_dir init_level4_pgt diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S index 9d72cf5..b0d6697 100644 --- a/arch/x86/kernel/head_64.S +++ b/arch/x86/kernel/head_64.S @@ -23,6 +23,7 @@ #include "../entry/calling.h" #include <asm/export.h> #include <asm/nospec-branch.h> +#include <asm/fixmap.h> #ifdef CONFIG_PARAVIRT #include <asm/asm-offsets.h> @@ -493,13 +494,20 @@ NEXT_PAGE(level2_kernel_pgt) KERNEL_IMAGE_SIZE/PMD_SIZE) NEXT_PAGE(level2_fixmap_pgt) - .fill 506,8,0 - .quad level1_fixmap_pgt - __START_KERNEL_map + _PAGE_TABLE - /* 8MB reserved for vsyscalls + a 2MB hole = 4 + 1 entries */ - .fill 5,8,0 + .fill (512 - 4 - FIXMAP_PMD_NUM),8,0 + pgtno = 0 + .rept (FIXMAP_PMD_NUM) + .quad level1_fixmap_pgt + (pgtno << PAGE_SHIFT) - __START_KERNEL_map \ + + _PAGE_TABLE; + pgtno = pgtno + 1 + .endr + /* 6 MB reserved space + a 2MB hole */ + .fill 4,8,0 NEXT_PAGE(level1_fixmap_pgt) + .rept (FIXMAP_PMD_NUM) .fill 512,8,0 + .endr #undef PMDS diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c index e30baa8..8cbed30 100644 --- a/arch/x86/mm/pgtable.c +++ b/arch/x86/mm/pgtable.c @@ -536,6 +536,15 @@ void __native_set_fixmap(enum fixed_addresses idx, pte_t pte) { unsigned long address = __fix_to_virt(idx); +#ifdef CONFIG_X86_64 + /* + * Ensure that the static initial page tables are covering the + * fixmap completely. + */ + BUILD_BUG_ON(__end_of_permanent_fixed_addresses > + (FIXMAP_PMD_NUM * PTRS_PER_PTE)); +#endif + if (idx >= __end_of_fixed_addresses) { BUG(); return; diff --git a/arch/x86/xen/mmu.c b/arch/x86/xen/mmu.c index c92f75f..ebceaba 100644 --- a/arch/x86/xen/mmu.c +++ b/arch/x86/xen/mmu.c @@ -1936,7 +1936,7 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn) * L3_k[511] -> level2_fixmap_pgt */ convert_pfn_mfn(level3_kernel_pgt); - /* L3_k[511][506] -> level1_fixmap_pgt */ + /* L3_k[511][508-FIXMAP_PMD_NUM ... 507] -> level1_fixmap_pgt */ convert_pfn_mfn(level2_fixmap_pgt); } /* We get [511][511] and have Xen's version of level2_kernel_pgt */ @@ -1970,7 +1970,11 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn) set_page_prot(level2_ident_pgt, PAGE_KERNEL_RO); set_page_prot(level2_kernel_pgt, PAGE_KERNEL_RO); set_page_prot(level2_fixmap_pgt, PAGE_KERNEL_RO); - set_page_prot(level1_fixmap_pgt, PAGE_KERNEL_RO); + + for (i = 0; i < FIXMAP_PMD_NUM; i++) { + set_page_prot(level1_fixmap_pgt + i * PTRS_PER_PTE, + PAGE_KERNEL_RO); + } /* Pin down new L4 */ pin_pagetable_pfn(MMUEXT_PIN_L4_TABLE, -- 2.7.4

7 years, 1 month

2
1
0 0

[PATCH 0/1] Fix 4.4-stable and 4.9-stable ppc build

by Kleber Sacilotto de Souza

Hi Greg, The backport of upstream commit 1bd6a1c4b80a ("powerpc/fadump: handle crash memory ranges array index overflow") introduced a ppc build failure on 4.4-stable and 4.9-stable when CONFIG_FA_DUMP is enabled: arch/powerpc/kernel/fadump.c: In function ‘register_fadump’: arch/powerpc/kernel/fadump.c:1015:10: error: ‘return’ with a value, in function returning void [-Werror] return ret; ^~~ arch/powerpc/kernel/fadump.c:1000:13: note: declared here static void register_fadump(void) ^~~~~~~~~~~~~~~ I am suggesting to fix it by backporting 98b8cd7f7564 ("powerpc/fadump: Return error when fadump registration fails"), which is an earlier commit that (among other things) set the return of register_fadump() to int and has little functional changes. It was applied upstream for v4.13, so 4.14-stable and later are already fixed. Thanks, Kleber Michal Suchanek (1): powerpc/fadump: Return error when fadump registration fails arch/powerpc/kernel/fadump.c | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) -- 2.17.1

7 years, 1 month

2
2
0 0

FAILED: patch "[PATCH] powerpc/lib: fix book3s/32 boot failure due to code patching" failed to apply to 4.18-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.18-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From b45ba4a51cde29b2939365ef0c07ad34c8321789 Mon Sep 17 00:00:00 2001 From: Christophe Leroy <christophe.leroy(a)c-s.fr> Date: Mon, 1 Oct 2018 12:21:10 +0000 Subject: [PATCH] powerpc/lib: fix book3s/32 boot failure due to code patching Commit 51c3c62b58b3 ("powerpc: Avoid code patching freed init sections") accesses 'init_mem_is_free' flag too early, before the kernel is relocated. This provokes early boot failure (before the console is active). As it is not necessary to do this verification that early, this patch moves the test into patch_instruction() instead of __patch_instruction(). This modification also has the advantage of avoiding unnecessary remappings. Fixes: 51c3c62b58b3 ("powerpc: Avoid code patching freed init sections") Cc: stable(a)vger.kernel.org # 4.13+ Signed-off-by: Christophe Leroy <christophe.leroy(a)c-s.fr> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> diff --git a/arch/powerpc/lib/code-patching.c b/arch/powerpc/lib/code-patching.c index 6ae2777c220d..5ffee298745f 100644 --- a/arch/powerpc/lib/code-patching.c +++ b/arch/powerpc/lib/code-patching.c @@ -28,12 +28,6 @@ static int __patch_instruction(unsigned int *exec_addr, unsigned int instr, { int err; - /* Make sure we aren't patching a freed init section */ - if (init_mem_is_free && init_section_contains(exec_addr, 4)) { - pr_debug("Skipping init section patching addr: 0x%px\n", exec_addr); - return 0; - } - __put_user_size(instr, patch_addr, 4, err); if (err) return err; @@ -148,7 +142,7 @@ static inline int unmap_patch_area(unsigned long addr) return 0; } -int patch_instruction(unsigned int *addr, unsigned int instr) +static int do_patch_instruction(unsigned int *addr, unsigned int instr) { int err; unsigned int *patch_addr = NULL; @@ -188,12 +182,22 @@ int patch_instruction(unsigned int *addr, unsigned int instr) } #else /* !CONFIG_STRICT_KERNEL_RWX */ -int patch_instruction(unsigned int *addr, unsigned int instr) +static int do_patch_instruction(unsigned int *addr, unsigned int instr) { return raw_patch_instruction(addr, instr); } #endif /* CONFIG_STRICT_KERNEL_RWX */ + +int patch_instruction(unsigned int *addr, unsigned int instr) +{ + /* Make sure we aren't patching a freed init section */ + if (init_mem_is_free && init_section_contains(addr, 4)) { + pr_debug("Skipping init section patching addr: 0x%px\n", addr); + return 0; + } + return do_patch_instruction(addr, instr); +} NOKPROBE_SYMBOL(patch_instruction); int patch_branch(unsigned int *addr, unsigned long target, int flags)

7 years, 1 month

3
2
0 0

[PATCH for-4.14.y 1/4] cgroup/cpuset: remove circular dependency deadlock

by Amit Pundir

From: Prateek Sood <prsood(a)codeaurora.org> commit aa24163b2ee5c92120e32e99b5a93143a0f4258e upstream. Remove circular dependency deadlock in a scenario where hotplug of CPU is being done while there is updation in cgroup and cpuset triggered from userspace. Process A => kthreadd => Process B => Process C => Process A Process A cpu_subsys_offline(); cpu_down(); _cpu_down(); percpu_down_write(&cpu_hotplug_lock); //held cpuhp_invoke_callback(); workqueue_offline_cpu(); queue_work_on(); // unbind_work on system_highpri_wq __queue_work(); insert_work(); wake_up_worker(); flush_work(); wait_for_completion(); worker_thread(); manage_workers(); create_worker(); kthread_create_on_node(); wake_up_process(kthreadd_task); kthreadd kthreadd(); kernel_thread(); do_fork(); copy_process(); percpu_down_read(&cgroup_threadgroup_rwsem); __rwsem_down_read_failed_common(); //waiting Process B kernfs_fop_write(); cgroup_file_write(); cgroup_procs_write(); percpu_down_write(&cgroup_threadgroup_rwsem); //held cgroup_attach_task(); cgroup_migrate(); cgroup_migrate_execute(); cpuset_can_attach(); mutex_lock(&cpuset_mutex); //waiting Process C kernfs_fop_write(); cgroup_file_write(); cpuset_write_resmask(); mutex_lock(&cpuset_mutex); //held update_cpumask(); update_cpumasks_hier(); rebuild_sched_domains_locked(); get_online_cpus(); percpu_down_read(&cpu_hotplug_lock); //waiting Eliminating deadlock by reversing the locking order for cpuset_mutex and cpu_hotplug_lock. Signed-off-by: Prateek Sood <prsood(a)codeaurora.org> Signed-off-by: Tejun Heo <tj(a)kernel.org> Signed-off-by: Amit Pundir <amit.pundir(a)linaro.org> --- Build tested on 4.14.74 for ARCH=arm/arm64 allmodconfig. kernel/cgroup/cpuset.c | 53 ++++++++++++++++++++++++++++---------------------- 1 file changed, 30 insertions(+), 23 deletions(-) diff --git a/kernel/cgroup/cpuset.c b/kernel/cgroup/cpuset.c index 4657e2924ecb..54f4855b92fa 100644 --- a/kernel/cgroup/cpuset.c +++ b/kernel/cgroup/cpuset.c @@ -817,6 +817,18 @@ static int generate_sched_domains(cpumask_var_t **domains, return ndoms; } +static void cpuset_sched_change_begin(void) +{ + cpus_read_lock(); + mutex_lock(&cpuset_mutex); +} + +static void cpuset_sched_change_end(void) +{ + mutex_unlock(&cpuset_mutex); + cpus_read_unlock(); +} + /* * Rebuild scheduler domains. * @@ -826,16 +838,14 @@ static int generate_sched_domains(cpumask_var_t **domains, * 'cpus' is removed, then call this routine to rebuild the * scheduler's dynamic sched domains. * - * Call with cpuset_mutex held. Takes get_online_cpus(). */ -static void rebuild_sched_domains_locked(void) +static void rebuild_sched_domains_cpuslocked(void) { struct sched_domain_attr *attr; cpumask_var_t *doms; int ndoms; lockdep_assert_held(&cpuset_mutex); - get_online_cpus(); /* * We have raced with CPU hotplug. Don't do anything to avoid @@ -843,27 +853,25 @@ static void rebuild_sched_domains_locked(void) * Anyways, hotplug work item will rebuild sched domains. */ if (!cpumask_equal(top_cpuset.effective_cpus, cpu_active_mask)) - goto out; + return; /* Generate domain masks and attrs */ ndoms = generate_sched_domains(&doms, &attr); /* Have scheduler rebuild the domains */ partition_sched_domains(ndoms, doms, attr); -out: - put_online_cpus(); } #else /* !CONFIG_SMP */ -static void rebuild_sched_domains_locked(void) +static void rebuild_sched_domains_cpuslocked(void) { } #endif /* CONFIG_SMP */ void rebuild_sched_domains(void) { - mutex_lock(&cpuset_mutex); - rebuild_sched_domains_locked(); - mutex_unlock(&cpuset_mutex); + cpuset_sched_change_begin(); + rebuild_sched_domains_cpuslocked(); + cpuset_sched_change_end(); } /** @@ -949,7 +957,7 @@ static void update_cpumasks_hier(struct cpuset *cs, struct cpumask *new_cpus) rcu_read_unlock(); if (need_rebuild_sched_domains) - rebuild_sched_domains_locked(); + rebuild_sched_domains_cpuslocked(); } /** @@ -1281,7 +1289,7 @@ static int update_relax_domain_level(struct cpuset *cs, s64 val) cs->relax_domain_level = val; if (!cpumask_empty(cs->cpus_allowed) && is_sched_load_balance(cs)) - rebuild_sched_domains_locked(); + rebuild_sched_domains_cpuslocked(); } return 0; @@ -1314,7 +1322,6 @@ static void update_tasks_flags(struct cpuset *cs) * * Call with cpuset_mutex held. */ - static int update_flag(cpuset_flagbits_t bit, struct cpuset *cs, int turning_on) { @@ -1347,7 +1354,7 @@ static int update_flag(cpuset_flagbits_t bit, struct cpuset *cs, spin_unlock_irq(&callback_lock); if (!cpumask_empty(trialcs->cpus_allowed) && balance_flag_changed) - rebuild_sched_domains_locked(); + rebuild_sched_domains_cpuslocked(); if (spread_flag_changed) update_tasks_flags(cs); @@ -1615,7 +1622,7 @@ static int cpuset_write_u64(struct cgroup_subsys_state *css, struct cftype *cft, cpuset_filetype_t type = cft->private; int retval = 0; - mutex_lock(&cpuset_mutex); + cpuset_sched_change_begin(); if (!is_cpuset_online(cs)) { retval = -ENODEV; goto out_unlock; @@ -1651,7 +1658,7 @@ static int cpuset_write_u64(struct cgroup_subsys_state *css, struct cftype *cft, break; } out_unlock: - mutex_unlock(&cpuset_mutex); + cpuset_sched_change_end(); return retval; } @@ -1662,7 +1669,7 @@ static int cpuset_write_s64(struct cgroup_subsys_state *css, struct cftype *cft, cpuset_filetype_t type = cft->private; int retval = -ENODEV; - mutex_lock(&cpuset_mutex); + cpuset_sched_change_begin(); if (!is_cpuset_online(cs)) goto out_unlock; @@ -1675,7 +1682,7 @@ static int cpuset_write_s64(struct cgroup_subsys_state *css, struct cftype *cft, break; } out_unlock: - mutex_unlock(&cpuset_mutex); + cpuset_sched_change_end(); return retval; } @@ -1714,7 +1721,7 @@ static ssize_t cpuset_write_resmask(struct kernfs_open_file *of, kernfs_break_active_protection(of->kn); flush_work(&cpuset_hotplug_work); - mutex_lock(&cpuset_mutex); + cpuset_sched_change_begin(); if (!is_cpuset_online(cs)) goto out_unlock; @@ -1738,7 +1745,7 @@ static ssize_t cpuset_write_resmask(struct kernfs_open_file *of, free_trial_cpuset(trialcs); out_unlock: - mutex_unlock(&cpuset_mutex); + cpuset_sched_change_end(); kernfs_unbreak_active_protection(of->kn); css_put(&cs->css); flush_workqueue(cpuset_migrate_mm_wq); @@ -2039,14 +2046,14 @@ static int cpuset_css_online(struct cgroup_subsys_state *css) /* * If the cpuset being removed has its flag 'sched_load_balance' * enabled, then simulate turning sched_load_balance off, which - * will call rebuild_sched_domains_locked(). + * will call rebuild_sched_domains_cpuslocked(). */ static void cpuset_css_offline(struct cgroup_subsys_state *css) { struct cpuset *cs = css_cs(css); - mutex_lock(&cpuset_mutex); + cpuset_sched_change_begin(); if (is_sched_load_balance(cs)) update_flag(CS_SCHED_LOAD_BALANCE, cs, 0); @@ -2054,7 +2061,7 @@ static void cpuset_css_offline(struct cgroup_subsys_state *css) cpuset_dec(); clear_bit(CS_ONLINE, &cs->flags); - mutex_unlock(&cpuset_mutex); + cpuset_sched_change_end(); } static void cpuset_css_free(struct cgroup_subsys_state *css) -- 2.7.4

7 years, 1 month

2
6
0 0

[PATCH for-4.9.y] cgroup: Fix deadlock in cpu hotplug path

by Amit Pundir

From: Prateek Sood <prsood(a)codeaurora.org> commit 116d2f7496c51b2e02e8e4ecdd2bdf5fb9d5a641 upstream. Deadlock during cgroup migration from cpu hotplug path when a task T is being moved from source to destination cgroup. kworker/0:0 cpuset_hotplug_workfn() cpuset_hotplug_update_tasks() hotplug_update_tasks_legacy() remove_tasks_in_empty_cpuset() cgroup_transfer_tasks() // stuck in iterator loop cgroup_migrate() cgroup_migrate_add_task() In cgroup_migrate_add_task() it checks for PF_EXITING flag of task T. Task T will not migrate to destination cgroup. css_task_iter_start() will keep pointing to task T in loop waiting for task T cg_list node to be removed. Task T do_exit() exit_signals() // sets PF_EXITING exit_task_namespaces() switch_task_namespaces() free_nsproxy() put_mnt_ns() drop_collected_mounts() namespace_unlock() synchronize_rcu() _synchronize_rcu_expedited() schedule_work() // on cpu0 low priority worker pool wait_event() // waiting for work item to execute Task T inserted a work item in the worklist of cpu0 low priority worker pool. It is waiting for expedited grace period work item to execute. This work item will only be executed once kworker/0:0 complete execution of cpuset_hotplug_workfn(). kworker/0:0 ==> Task T ==>kworker/0:0 In case of PF_EXITING task being migrated from source to destination cgroup, migrate next available task in source cgroup. Signed-off-by: Prateek Sood <prsood(a)codeaurora.org> Signed-off-by: Tejun Heo <tj(a)kernel.org> [AmitP: Upstream commit cherry-pick failed, so I picked the backported changes from CAF/msm-4.9 tree instead: https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=49b74f16964…] Signed-off-by: Amit Pundir <amit.pundir(a)linaro.org> --- This patch can be cleanly applied and build tested on 4.4.y and 3.18.y as well but I couldn't find it in msm-4.4 and msm-3.18 trees. So this patch is really untested on those stable trees. Build tested on 4.9.131, 4.4.159 and 3.18.123 for ARCH=arm/arm64 allmodconfig. kernel/cgroup.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/kernel/cgroup.c b/kernel/cgroup.c index 4c233437ee1a..bb0cf1caf1cd 100644 --- a/kernel/cgroup.c +++ b/kernel/cgroup.c @@ -4386,7 +4386,11 @@ int cgroup_transfer_tasks(struct cgroup *to, struct cgroup *from) */ do { css_task_iter_start(&from->self, &it); - task = css_task_iter_next(&it); + + do { + task = css_task_iter_next(&it); + } while (task && (task->flags & PF_EXITING)); + if (task) get_task_struct(task); css_task_iter_end(&it); -- 2.7.4

7 years, 1 month

2
1
0 0

[4.4.y 4.9.y 0/1] ext4 CVE fixes for 4.9 and 4.4

by Chenbo Feng

This patch is aimed to fixing CVE-2018-10883 and is already in 4.14 stable. The upstream one has minor conflicts when backporting to 4.4 and 4.9 but it is trivial to resolve. I have tested the patch with xfstests on kvm and there is no regression. Theodore Ts'o (1): ext4: avoid running out of journal credits when appending to an inline file fs/ext4/ext4.h | 3 --- fs/ext4/inline.c | 38 +------------------------------------- fs/ext4/xattr.c | 18 ++---------------- 3 files changed, 3 insertions(+), 56 deletions(-) -- 2.19.0.605.g01d371f741-goog

7 years, 1 month

2
2
0 0

[PATCH 0/2] A couple recent ext4 CVE fixes

by Daniel Rosenberg

A couple ext4-related CVE fixes were released to other kernels in linux-stable, but didn't cleanly apply to 4.9.y. These are adjusted cherry-picks of Ben Hutching's 3.16.y backports. Theodore Ts'o (2): ext4: add corruption check in ext4_xattr_set_entry() ext4: always verify the magic number in xattr blocks fs/ext4/xattr.c | 28 +++++++++++++++++----------- 1 file changed, 17 insertions(+), 11 deletions(-) -- 2.19.0.605.g01d371f741-goog

7 years, 1 month

2
3
0 0

[PATCH 0/2] A couple recent ext4 CVE fixes

by Daniel Rosenberg

A couple ext4-related CVE fixes were released to other kernels in linux-stable, but didn't cleanly apply to 4.4.y. These are adjusted cherry-picks of Ben Hutching's 3.16.y backports. Theodore Ts'o (2): ext4: add corruption check in ext4_xattr_set_entry() ext4: always verify the magic number in xattr blocks fs/ext4/xattr.c | 28 +++++++++++++++++----------- 1 file changed, 17 insertions(+), 11 deletions(-) -- 2.19.0.605.g01d371f741-goog

7 years, 1 month

2
3
0 0

Re: [PATCH] platform-msi: Free descriptors in platform_msi_domain_free()

by Miquel Raynal

Hi Marc, Marc Zyngier <marc.zyngier(a)arm.com> wrote on Thu, 11 Oct 2018 09:36:04 +0100: > Miquel, > > On Fri, 28 Sep 2018 16:10:29 +0100, > Miquel Raynal <miquel.raynal(a)bootlin.com> wrote: > > > > Hi Marc, > > > > [...] > > > > > At that stage, you're better off just calling > > > > > > list_del(&desc->list); > > > free_msi_entry(desc); > > > > > > I like this approach better as we only traverse the list once. > > > > Right. > > > > > > > > > } > > > > } > > > > > /** > > > > diff --git a/include/linux/msi.h b/include/linux/msi.h > > > > index 5839d8062dfc..be8ec813dbfb 100644 > > > > --- a/include/linux/msi.h > > > > +++ b/include/linux/msi.h > > > > @@ -116,6 +116,8 @@ struct msi_desc { > > > > list_first_entry(dev_to_msi_list((dev)), struct msi_desc, list) > > > > #define for_each_msi_entry(desc, dev) \ > > > > list_for_each_entry((desc), dev_to_msi_list((dev)), list) > > > > +#define for_each_msi_entry_safe(desc, tmp, dev) \ > > > > + list_for_each_entry_safe((desc), (tmp), dev_to_msi_list((dev)), list) > > > > > #ifdef CONFIG_PCI_MSI > > > > #define first_pci_msi_entry(pdev) first_msi_entry(&(pdev)->dev) > > > > > > If you repin this, I'll queue it right away. > > > > Let me test the new version to be sure I'm not breaking anything and > > I'll send a v2. > > What is the status of this? Are you still planning to send a v2? I'd > really like this fix to reach 4.19 before we put the last nail on it. Sorry about that, I was sure I already sent the v2, now it's done. The changes in this v2 are that instead of creating a platform_msi_domain_free_descs() helper that iterates over the list of descriptors, the descriptor itself is removed from the list and destroyed directly in platform_msi_domain_free(). The for_each_msi_entry() loop is also transformed to use the "_safe" alternative. Thanks, Miquèl

7 years, 1 month

1
0
0 0

[PATCH 3.18.y 00/10] recent ext4 CVE fixes

by Greg Hackmann

A batch of ext4-related CVE fixes were released to other kernels in linux-stable, but don't apply cleanly to 3.18.y. For the most part these are unmodified cherry-picks of Ben Hutchings's 3.16.y backports (exceptions are noted above my Signed-off-by). Theodore Ts'o (10): ext4: only look at the bg_flags field if it is valid ext4: fix check to prevent initializing reserved inodes ext4: always check block group bounds in ext4_init_block_bitmap() ext4: fix false negatives *and* false positives in ext4_check_descriptors() ext4: add corruption check in ext4_xattr_set_entry() ext4: always verify the magic number in xattr blocks ext4: never move the system.data xattr out of the inode body ext4: add more inode number paranoia checks jbd2: don't mark block as modified if the handle is out of credits ext4: avoid running out of journal credits when appending to an inline file fs/ext4/balloc.c | 21 ++++++++++++------- fs/ext4/ext4.h | 8 ------- fs/ext4/ialloc.c | 19 ++++++++++++++--- fs/ext4/inline.c | 38 +-------------------------------- fs/ext4/inode.c | 3 ++- fs/ext4/mballoc.c | 6 ++++-- fs/ext4/super.c | 12 +++++++++-- fs/ext4/xattr.c | 49 ++++++++++++++++++++----------------------- fs/jbd2/transaction.c | 2 +- 9 files changed, 70 insertions(+), 88 deletions(-) -- 2.19.0.605.g01d371f741-goog

7 years, 1 month

2
11
0 0

[PATCH 1/6] arm64: perf: Reject stand-alone CHAIN events for PMUv3

by Will Deacon

It doesn't make sense for a perf event to be configured as a CHAIN event in isolation, so extend the arm_pmu structure with a ->filter_match() function to allow the backend PMU implementation to reject CHAIN events early. Cc: <stable(a)vger.kernel.org> Signed-off-by: Will Deacon <will.deacon(a)arm.com> --- arch/arm64/kernel/perf_event.c | 7 +++++++ drivers/perf/arm_pmu.c | 8 +++++++- include/linux/perf/arm_pmu.h | 1 + 3 files changed, 15 insertions(+), 1 deletion(-) diff --git a/arch/arm64/kernel/perf_event.c b/arch/arm64/kernel/perf_event.c index 8e38d5267f22..e213f8e867f6 100644 --- a/arch/arm64/kernel/perf_event.c +++ b/arch/arm64/kernel/perf_event.c @@ -966,6 +966,12 @@ static int armv8pmu_set_event_filter(struct hw_perf_event *event, return 0; } +static int armv8pmu_filter_match(struct perf_event *event) +{ + unsigned long evtype = event->hw.config_base & ARMV8_PMU_EVTYPE_EVENT; + return evtype != ARMV8_PMUV3_PERFCTR_CHAIN; +} + static void armv8pmu_reset(void *info) { struct arm_pmu *cpu_pmu = (struct arm_pmu *)info; @@ -1114,6 +1120,7 @@ static int armv8_pmu_init(struct arm_pmu *cpu_pmu) cpu_pmu->stop = armv8pmu_stop, cpu_pmu->reset = armv8pmu_reset, cpu_pmu->set_event_filter = armv8pmu_set_event_filter; + cpu_pmu->filter_match = armv8pmu_filter_match; return 0; } diff --git a/drivers/perf/arm_pmu.c b/drivers/perf/arm_pmu.c index 7f01f6f60b87..d0b7dd8fb184 100644 --- a/drivers/perf/arm_pmu.c +++ b/drivers/perf/arm_pmu.c @@ -485,7 +485,13 @@ static int armpmu_filter_match(struct perf_event *event) { struct arm_pmu *armpmu = to_arm_pmu(event->pmu); unsigned int cpu = smp_processor_id(); - return cpumask_test_cpu(cpu, &armpmu->supported_cpus); + int ret; + + ret = cpumask_test_cpu(cpu, &armpmu->supported_cpus); + if (ret && armpmu->filter_match) + return armpmu->filter_match(event); + + return ret; } static ssize_t armpmu_cpumask_show(struct device *dev, diff --git a/include/linux/perf/arm_pmu.h b/include/linux/perf/arm_pmu.h index 10f92e1d8e7b..bf309ff6f244 100644 --- a/include/linux/perf/arm_pmu.h +++ b/include/linux/perf/arm_pmu.h @@ -99,6 +99,7 @@ struct arm_pmu { void (*stop)(struct arm_pmu *); void (*reset)(void *); int (*map_event)(struct perf_event *event); + int (*filter_match)(struct perf_event *event); int num_events; bool secure_access; /* 32-bit ARM only */ #define ARMV8_PMUV3_MAX_COMMON_EVENTS 0x40 -- 2.1.4

7 years, 1 month

2
2
0 0

[PATCH] drm/atomic_helper: Allow DPMS On<->Off changes for unregistered connectors

by Lyude Paul

It appears when testing my previous fix for some of the legacy modesetting issues with MST, I misattributed some kernel splats that started appearing on my machine after a rebase as being from upstream. But it appears they actually came from my patch series: [ 2.980512] [drm:drm_atomic_helper_check_modeset [drm_kms_helper]] Updating routing for [CONNECTOR:65:eDP-1] [ 2.980516] [drm:drm_atomic_helper_check_modeset [drm_kms_helper]] [CONNECTOR:65:eDP-1] is not registered [ 2.980516] ------------[ cut here ]------------ [ 2.980519] Could not determine valid watermarks for inherited state [ 2.980553] WARNING: CPU: 3 PID: 551 at drivers/gpu/drm/i915/intel_display.c:14983 intel_modeset_init+0x14d7/0x19f0 [i915] [ 2.980556] Modules linked in: i915(O+) i2c_algo_bit drm_kms_helper(O) syscopyarea sysfillrect sysimgblt fb_sys_fops drm(O) intel_rapl x86_pkg_temp_thermal iTCO_wdt wmi_bmof coretemp crc32_pclmul psmouse i2c_i801 mei_me mei i2c_core lpc_ich mfd_core tpm_tis tpm_tis_core wmi tpm thinkpad_acpi pcc_cpufreq video ehci_pci crc32c_intel serio_raw ehci_hcd xhci_pci xhci_hcd [ 2.980577] CPU: 3 PID: 551 Comm: systemd-udevd Tainted: G O 4.19.0-rc7Lyude-Test+ #1 [ 2.980579] Hardware name: LENOVO 20BWS1KY00/20BWS1KY00, BIOS JBET63WW (1.27 ) 11/10/2016 [ 2.980605] RIP: 0010:intel_modeset_init+0x14d7/0x19f0 [i915] [ 2.980607] Code: 89 df e8 ec 27 02 00 e9 24 f2 ff ff be 03 00 00 00 48 89 df e8 da 27 02 00 e9 26 f2 ff ff 48 c7 c7 c8 d1 34 a0 e8 23 cf dc e0 <0f> 0b e9 7c fd ff ff f6 c4 04 0f 85 37 f7 ff ff 48 8b 83 60 08 00 [ 2.980611] RSP: 0018:ffffc90000287988 EFLAGS: 00010282 [ 2.980614] RAX: 0000000000000000 RBX: ffff88031b488000 RCX: 0000000000000006 [ 2.980617] RDX: 0000000000000007 RSI: 0000000000000086 RDI: ffff880321ad54d0 [ 2.980620] RBP: ffffc90000287a10 R08: 000000000000040a R09: 0000000000000065 [ 2.980623] R10: ffff88030ebb8f00 R11: ffffffff81416590 R12: ffff88031b488000 [ 2.980626] R13: ffff88031b4883a0 R14: ffffc900002879a8 R15: ffff880319099800 [ 2.980630] FS: 00007f475620d180(0000) GS:ffff880321ac0000(0000) knlGS:0000000000000000 [ 2.980633] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 2.980636] CR2: 00007f9ef28018a0 CR3: 000000031b72c001 CR4: 00000000003606e0 [ 2.980639] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 2.980642] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 2.980645] Call Trace: [ 2.980675] i915_driver_load+0xb0e/0xdc0 [i915] [ 2.980681] ? kernfs_add_one+0xe7/0x130 [ 2.980709] i915_pci_probe+0x46/0x60 [i915] [ 2.980715] pci_device_probe+0xd4/0x150 [ 2.980719] really_probe+0x243/0x3b0 [ 2.980722] driver_probe_device+0xba/0x100 [ 2.980726] __driver_attach+0xe4/0x110 [ 2.980729] ? driver_probe_device+0x100/0x100 [ 2.980733] bus_for_each_dev+0x74/0xb0 [ 2.980736] driver_attach+0x1e/0x20 [ 2.980739] bus_add_driver+0x159/0x230 [ 2.980743] ? 0xffffffffa0393000 [ 2.980746] driver_register+0x70/0xc0 [ 2.980749] ? 0xffffffffa0393000 [ 2.980753] __pci_register_driver+0x57/0x60 [ 2.980780] i915_init+0x55/0x58 [i915] [ 2.980785] do_one_initcall+0x4a/0x1c4 [ 2.980789] ? do_init_module+0x27/0x210 [ 2.980793] ? kmem_cache_alloc_trace+0x131/0x190 [ 2.980797] do_init_module+0x60/0x210 [ 2.980800] load_module+0x2063/0x22e0 [ 2.980804] ? vfs_read+0x116/0x140 [ 2.980807] ? vfs_read+0x116/0x140 [ 2.980811] __do_sys_finit_module+0xbd/0x120 [ 2.980814] ? __do_sys_finit_module+0xbd/0x120 [ 2.980818] __x64_sys_finit_module+0x1a/0x20 [ 2.980821] do_syscall_64+0x5a/0x110 [ 2.980824] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2.980826] RIP: 0033:0x7f4754e32879 [ 2.980828] Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d f7 45 2c 00 f7 d8 64 89 01 48 [ 2.980831] RSP: 002b:00007fff43fd97d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 [ 2.980834] RAX: ffffffffffffffda RBX: 0000559a44ca64f0 RCX: 00007f4754e32879 [ 2.980836] RDX: 0000000000000000 RSI: 00007f475599f4cd RDI: 0000000000000018 [ 2.980838] RBP: 00007f475599f4cd R08: 0000000000000000 R09: 0000000000000000 [ 2.980839] R10: 0000000000000018 R11: 0000000000000246 R12: 0000000000000000 [ 2.980841] R13: 0000559a44c92fd0 R14: 0000000000020000 R15: 0000000000000000 [ 2.980881] WARNING: CPU: 3 PID: 551 at drivers/gpu/drm/i915/intel_display.c:14983 intel_modeset_init+0x14d7/0x19f0 [i915] [ 2.980884] ---[ end trace 5eb47a76277d4731 ]--- The cause of this appears to be due to the fact that if there's pre-existing display state that was set by the BIOS when i915 loads, it will attempt to perform a modeset before the driver is registered with userspace. Since this happens before the driver's registered with userspace, it's connectors are also unregistered and thus-states which would turn on DPMS on a connector end up getting rejected since the connector isn't registered. These bugs managed to get past Intel's CI partially due to the fact it never ran a full test on my patches for some reason, but also because all of the tests unload the GPU once before running. Since this bug is only really triggered when the drivers tries to perform a modeset before it's been fully registered with userspace when coming from whatever display configuration the firmware left us with, it likely would never have been picked up by CI in the first place. After some discussion with vsyrjala, we decided the best course of action would be to just move the unregistered connector checks out of update_connector_routing() and into drm_atomic_set_crtc_for_connector(). The reason for this being that legacy modesetting isn't going to be expecting failures anywhere (at least this is the case with X), so ideally we want to ensure that any DPMS changes will still work even on unregistered connectors. Instead, we now only reject new modesets which would change the current CRTC assigned to an unregistered connector unless no new CRTC is being assigned to replace the connector's previous one. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Reported-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Fixes: 4d80273976bf ("drm/atomic_helper: Disallow new modesets on unregistered connectors") Cc: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/drm_atomic_helper.c | 21 +-------------------- drivers/gpu/drm/drm_atomic_uapi.c | 21 +++++++++++++++++++++ 2 files changed, 22 insertions(+), 20 deletions(-) diff --git a/drivers/gpu/drm/drm_atomic_helper.c b/drivers/gpu/drm/drm_atomic_helper.c index e6a2cf72de5e..6f66777dca4b 100644 --- a/drivers/gpu/drm/drm_atomic_helper.c +++ b/drivers/gpu/drm/drm_atomic_helper.c @@ -319,26 +319,6 @@ update_connector_routing(struct drm_atomic_state *state, return 0; } - crtc_state = drm_atomic_get_new_crtc_state(state, - new_connector_state->crtc); - /* - * For compatibility with legacy users, we want to make sure that - * we allow DPMS On->Off modesets on unregistered connectors. Modesets - * which would result in anything else must be considered invalid, to - * avoid turning on new displays on dead connectors. - * - * Since the connector can be unregistered at any point during an - * atomic check or commit, this is racy. But that's OK: all we care - * about is ensuring that userspace can't do anything but shut off the - * display on a connector that was destroyed after its been notified, - * not before. - */ - if (!READ_ONCE(connector->registered) && crtc_state->active) { - DRM_DEBUG_ATOMIC("[CONNECTOR:%d:%s] is not registered\n", - connector->base.id, connector->name); - return -EINVAL; - } - funcs = connector->helper_private; if (funcs->atomic_best_encoder) @@ -383,6 +363,7 @@ update_connector_routing(struct drm_atomic_state *state, set_best_encoder(state, new_connector_state, new_encoder); + crtc_state = drm_atomic_get_new_crtc_state(state, new_connector_state->crtc); crtc_state->connectors_changed = true; DRM_DEBUG_ATOMIC("[CONNECTOR:%d:%s] using [ENCODER:%d:%s] on [CRTC:%d:%s]\n", diff --git a/drivers/gpu/drm/drm_atomic_uapi.c b/drivers/gpu/drm/drm_atomic_uapi.c index d5b7f315098c..7acec863b10c 100644 --- a/drivers/gpu/drm/drm_atomic_uapi.c +++ b/drivers/gpu/drm/drm_atomic_uapi.c @@ -299,6 +299,27 @@ drm_atomic_set_crtc_for_connector(struct drm_connector_state *conn_state, struct drm_connector *connector = conn_state->connector; struct drm_crtc_state *crtc_state; + /* + * For compatibility with legacy users, we want to make sure that + * we allow DPMS On<->Off modesets on unregistered connectors, since + * legacy modesetting users will not be expecting these to fail. We do + * not however, want to allow legacy users to assign a connector + * that's been unregistered from sysfs to another CRTC, since doing + * this with a now non-existant connector could potentially leave us + * in an invalid state. + * + * Since the connector can be unregistered at any point during an + * atomic check or commit, this is racy. But that's OK: all we care + * about is ensuring that userspace can't use this connector for new + * configurations after it's been notified that the connector is no + * longer present. + */ + if (!READ_ONCE(connector->registered) && crtc) { + DRM_DEBUG_ATOMIC("[CONNECTOR:%d:%s] is not registered\n", + connector->base.id, connector->name); + return -EINVAL; + } + if (conn_state->crtc == crtc) return 0; -- 2.17.1

7 years, 1 month

3
2
0 0

[PATCH v7 1/5] drm/atomic_helper: Disallow new modesets on unregistered connectors

by Lyude Paul

With the exception of modesets which would switch the DPMS state of a connector from on to off, we want to make sure that we disallow all modesets which would result in enabling a new monitor or a new mode configuration on a monitor if the connector for the display in question is no longer registered. This allows us to stop userspace from trying to enable new displays on connectors for an MST topology that were just removed from the system, without preventing userspace from disabling DPMS on those connectors. Changes since v5: - Fix typo in comment, nothing else Signed-off-by: Lyude Paul <lyude(a)redhat.com> Reviewed-by: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/drm_atomic_helper.c | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/drm_atomic_helper.c b/drivers/gpu/drm/drm_atomic_helper.c index 6f66777dca4b..e6a2cf72de5e 100644 --- a/drivers/gpu/drm/drm_atomic_helper.c +++ b/drivers/gpu/drm/drm_atomic_helper.c @@ -319,6 +319,26 @@ update_connector_routing(struct drm_atomic_state *state, return 0; } + crtc_state = drm_atomic_get_new_crtc_state(state, + new_connector_state->crtc); + /* + * For compatibility with legacy users, we want to make sure that + * we allow DPMS On->Off modesets on unregistered connectors. Modesets + * which would result in anything else must be considered invalid, to + * avoid turning on new displays on dead connectors. + * + * Since the connector can be unregistered at any point during an + * atomic check or commit, this is racy. But that's OK: all we care + * about is ensuring that userspace can't do anything but shut off the + * display on a connector that was destroyed after its been notified, + * not before. + */ + if (!READ_ONCE(connector->registered) && crtc_state->active) { + DRM_DEBUG_ATOMIC("[CONNECTOR:%d:%s] is not registered\n", + connector->base.id, connector->name); + return -EINVAL; + } + funcs = connector->helper_private; if (funcs->atomic_best_encoder) @@ -363,7 +383,6 @@ update_connector_routing(struct drm_atomic_state *state, set_best_encoder(state, new_connector_state, new_encoder); - crtc_state = drm_atomic_get_new_crtc_state(state, new_connector_state->crtc); crtc_state->connectors_changed = true; DRM_DEBUG_ATOMIC("[CONNECTOR:%d:%s] using [ENCODER:%d:%s] on [CRTC:%d:%s]\n", -- 2.17.1

7 years, 1 month

3
2
0 0

FAILED: patch "[PATCH] USB: serial: option: improve Quectel EP06 detection" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 36cae568404a298a19a6e8a3f18641075d4cab04 Mon Sep 17 00:00:00 2001 From: Kristian Evensen <kristian.evensen(a)gmail.com> Date: Thu, 13 Sep 2018 11:21:49 +0200 Subject: [PATCH] USB: serial: option: improve Quectel EP06 detection The Quectel EP06 (and EM06/EG06) LTE modem supports updating the USB configuration, without the VID/PID or configuration number changing. When the configuration is updated and interfaces are added/removed, the interface numbers are updated. This causes our current code for matching EP06 not to work as intended, as the assumption about reserved interfaces no longer holds. If for example the diagnostic (first) interface is removed, option will (try to) bind to the QMI interface. This patch improves EP06 detection by replacing the current match with two matches, and those matches check class, subclass and protocol as well as VID and PID. The diag interface exports class, subclass and protocol as 0xff. For the other serial interfaces, class is 0xff and subclass and protocol are both 0x0. The modem can export the following devices and always in this order: diag, nmea, at, ppp. qmi and adb. This means that diag can only ever be interface 0, and interface numbers 1-5 should be marked as reserved. The three other serial devices can have interface numbers 0-3, but I have not marked any interfaces as reserved. The reason is that the serial devices are the only interfaces exported by the device where subclass and protocol is 0x0. QMI exports the same class, subclass and protocol values as the diag interface. However, the two interfaces have different number of endpoints, QMI has three and diag two. I have added a check for number of interfaces if VID/PID matches the EP06, and we ignore the device if number of interfaces equals three (and subclass is set). Signed-off-by: Kristian Evensen <kristian.evensen(a)gmail.com> Acked-by: Dan Williams <dcbw(a)redhat.com> [ johan: drop uneeded RSVD(5) for ADB ] Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Johan Hovold <johan(a)kernel.org> diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c index 0215b70c4efc..382feafbd127 100644 --- a/drivers/usb/serial/option.c +++ b/drivers/usb/serial/option.c @@ -1081,8 +1081,9 @@ static const struct usb_device_id option_ids[] = { .driver_info = RSVD(4) }, { USB_DEVICE(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_BG96), .driver_info = RSVD(4) }, - { USB_DEVICE(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EP06), - .driver_info = RSVD(4) | RSVD(5) }, + { USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EP06, 0xff, 0xff, 0xff), + .driver_info = RSVD(1) | RSVD(2) | RSVD(3) | RSVD(4) }, + { USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EP06, 0xff, 0, 0) }, { USB_DEVICE(CMOTECH_VENDOR_ID, CMOTECH_PRODUCT_6001) }, { USB_DEVICE(CMOTECH_VENDOR_ID, CMOTECH_PRODUCT_CMU_300) }, { USB_DEVICE(CMOTECH_VENDOR_ID, CMOTECH_PRODUCT_6003), @@ -1985,6 +1986,7 @@ static int option_probe(struct usb_serial *serial, { struct usb_interface_descriptor *iface_desc = &serial->interface->cur_altsetting->desc; + struct usb_device_descriptor *dev_desc = &serial->dev->descriptor; unsigned long device_flags = id->driver_info; /* Never bind to the CD-Rom emulation interface */ @@ -1999,6 +2001,18 @@ static int option_probe(struct usb_serial *serial, if (device_flags & RSVD(iface_desc->bInterfaceNumber)) return -ENODEV; + /* + * Don't bind to the QMI device of the Quectel EP06/EG06/EM06. Class, + * subclass and protocol is 0xff for both the diagnostic port and the + * QMI interface, but the diagnostic port only has two endpoints (QMI + * has three). + */ + if (dev_desc->idVendor == cpu_to_le16(QUECTEL_VENDOR_ID) && + dev_desc->idProduct == cpu_to_le16(QUECTEL_PRODUCT_EP06) && + iface_desc->bInterfaceSubClass && iface_desc->bNumEndpoints == 3) { + return -ENODEV; + } + /* Store the device flags so we can use them during attach. */ usb_set_serial_data(serial, (void *)device_flags);

7 years, 1 month

1
0
0 0

FAILED: patch "[PATCH] USB: serial: option: add two-endpoints device-id flag" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 35aecc02b5b621782111f64cbb032c7f6a90bb32 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan(a)kernel.org> Date: Thu, 13 Sep 2018 11:21:50 +0200 Subject: [PATCH] USB: serial: option: add two-endpoints device-id flag Allow matching on interfaces having two endpoints by adding a new device-id flag. This allows for the handling of devices whose interface numbers can change (e.g. Quectel EP06) to be contained in the device-id table. Tested-by: Kristian Evensen <kristian.evensen(a)gmail.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Johan Hovold <johan(a)kernel.org> diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c index 382feafbd127..e72ad9f81c73 100644 --- a/drivers/usb/serial/option.c +++ b/drivers/usb/serial/option.c @@ -561,6 +561,9 @@ static void option_instat_callback(struct urb *urb); /* Interface is reserved */ #define RSVD(ifnum) ((BIT(ifnum) & 0xff) << 0) +/* Interface must have two endpoints */ +#define NUMEP2 BIT(16) + static const struct usb_device_id option_ids[] = { { USB_DEVICE(OPTION_VENDOR_ID, OPTION_PRODUCT_COLT) }, @@ -1082,7 +1085,7 @@ static const struct usb_device_id option_ids[] = { { USB_DEVICE(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_BG96), .driver_info = RSVD(4) }, { USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EP06, 0xff, 0xff, 0xff), - .driver_info = RSVD(1) | RSVD(2) | RSVD(3) | RSVD(4) }, + .driver_info = RSVD(1) | RSVD(2) | RSVD(3) | RSVD(4) | NUMEP2 }, { USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EP06, 0xff, 0, 0) }, { USB_DEVICE(CMOTECH_VENDOR_ID, CMOTECH_PRODUCT_6001) }, { USB_DEVICE(CMOTECH_VENDOR_ID, CMOTECH_PRODUCT_CMU_300) }, @@ -1986,7 +1989,6 @@ static int option_probe(struct usb_serial *serial, { struct usb_interface_descriptor *iface_desc = &serial->interface->cur_altsetting->desc; - struct usb_device_descriptor *dev_desc = &serial->dev->descriptor; unsigned long device_flags = id->driver_info; /* Never bind to the CD-Rom emulation interface */ @@ -2002,16 +2004,11 @@ static int option_probe(struct usb_serial *serial, return -ENODEV; /* - * Don't bind to the QMI device of the Quectel EP06/EG06/EM06. Class, - * subclass and protocol is 0xff for both the diagnostic port and the - * QMI interface, but the diagnostic port only has two endpoints (QMI - * has three). + * Allow matching on bNumEndpoints for devices whose interface numbers + * can change (e.g. Quectel EP06). */ - if (dev_desc->idVendor == cpu_to_le16(QUECTEL_VENDOR_ID) && - dev_desc->idProduct == cpu_to_le16(QUECTEL_PRODUCT_EP06) && - iface_desc->bInterfaceSubClass && iface_desc->bNumEndpoints == 3) { + if (device_flags & NUMEP2 && iface_desc->bNumEndpoints != 2) return -ENODEV; - } /* Store the device flags so we can use them during attach. */ usb_set_serial_data(serial, (void *)device_flags);

7 years, 1 month

1
0
0 0

FAILED: patch "[PATCH] powerpc/lib: fix book3s/32 boot failure due to code patching" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From b45ba4a51cde29b2939365ef0c07ad34c8321789 Mon Sep 17 00:00:00 2001 From: Christophe Leroy <christophe.leroy(a)c-s.fr> Date: Mon, 1 Oct 2018 12:21:10 +0000 Subject: [PATCH] powerpc/lib: fix book3s/32 boot failure due to code patching Commit 51c3c62b58b3 ("powerpc: Avoid code patching freed init sections") accesses 'init_mem_is_free' flag too early, before the kernel is relocated. This provokes early boot failure (before the console is active). As it is not necessary to do this verification that early, this patch moves the test into patch_instruction() instead of __patch_instruction(). This modification also has the advantage of avoiding unnecessary remappings. Fixes: 51c3c62b58b3 ("powerpc: Avoid code patching freed init sections") Cc: stable(a)vger.kernel.org # 4.13+ Signed-off-by: Christophe Leroy <christophe.leroy(a)c-s.fr> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> diff --git a/arch/powerpc/lib/code-patching.c b/arch/powerpc/lib/code-patching.c index 6ae2777c220d..5ffee298745f 100644 --- a/arch/powerpc/lib/code-patching.c +++ b/arch/powerpc/lib/code-patching.c @@ -28,12 +28,6 @@ static int __patch_instruction(unsigned int *exec_addr, unsigned int instr, { int err; - /* Make sure we aren't patching a freed init section */ - if (init_mem_is_free && init_section_contains(exec_addr, 4)) { - pr_debug("Skipping init section patching addr: 0x%px\n", exec_addr); - return 0; - } - __put_user_size(instr, patch_addr, 4, err); if (err) return err; @@ -148,7 +142,7 @@ static inline int unmap_patch_area(unsigned long addr) return 0; } -int patch_instruction(unsigned int *addr, unsigned int instr) +static int do_patch_instruction(unsigned int *addr, unsigned int instr) { int err; unsigned int *patch_addr = NULL; @@ -188,12 +182,22 @@ int patch_instruction(unsigned int *addr, unsigned int instr) } #else /* !CONFIG_STRICT_KERNEL_RWX */ -int patch_instruction(unsigned int *addr, unsigned int instr) +static int do_patch_instruction(unsigned int *addr, unsigned int instr) { return raw_patch_instruction(addr, instr); } #endif /* CONFIG_STRICT_KERNEL_RWX */ + +int patch_instruction(unsigned int *addr, unsigned int instr) +{ + /* Make sure we aren't patching a freed init section */ + if (init_mem_is_free && init_section_contains(addr, 4)) { + pr_debug("Skipping init section patching addr: 0x%px\n", addr); + return 0; + } + return do_patch_instruction(addr, instr); +} NOKPROBE_SYMBOL(patch_instruction); int patch_branch(unsigned int *addr, unsigned long target, int flags)

7 years, 1 month

1
0
0 0

FAILED: patch "[PATCH] dm cache metadata: ignore hints array being too small during" failed to apply to 3.18-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 3.18-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 4561ffca88c546f96367f94b8f1e4715a9c62314 Mon Sep 17 00:00:00 2001 From: Joe Thornber <ejt(a)redhat.com> Date: Mon, 24 Sep 2018 16:19:30 -0400 Subject: [PATCH] dm cache metadata: ignore hints array being too small during resize Commit fd2fa9541 ("dm cache metadata: save in-core policy_hint_size to on-disk superblock") enabled previously written policy hints to be used after a cache is reactivated. But in doing so the cache metadata's hint array was left exposed to out of bounds access because on resize the metadata's on-disk hint array wasn't ever extended. Fix this by ignoring that there are no on-disk hints associated with the newly added cache blocks. An expanded on-disk hint array is later rewritten upon the next clean shutdown of the cache. Fixes: fd2fa9541 ("dm cache metadata: save in-core policy_hint_size to on-disk superblock") Cc: stable(a)vger.kernel.org Signed-off-by: Joe Thornber <ejt(a)redhat.com> Signed-off-by: Mike Snitzer <snitzer(a)redhat.com> diff --git a/drivers/md/dm-cache-metadata.c b/drivers/md/dm-cache-metadata.c index 69dddeab124c..5936de71883f 100644 --- a/drivers/md/dm-cache-metadata.c +++ b/drivers/md/dm-cache-metadata.c @@ -1455,8 +1455,8 @@ static int __load_mappings(struct dm_cache_metadata *cmd, if (hints_valid) { r = dm_array_cursor_next(&cmd->hint_cursor); if (r) { - DMERR("dm_array_cursor_next for hint failed"); - goto out; + dm_array_cursor_end(&cmd->hint_cursor); + hints_valid = false; } }

7 years, 1 month

1
0
0 0

FAILED: patch "[PATCH] dm cache metadata: ignore hints array being too small during" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 4561ffca88c546f96367f94b8f1e4715a9c62314 Mon Sep 17 00:00:00 2001 From: Joe Thornber <ejt(a)redhat.com> Date: Mon, 24 Sep 2018 16:19:30 -0400 Subject: [PATCH] dm cache metadata: ignore hints array being too small during resize Commit fd2fa9541 ("dm cache metadata: save in-core policy_hint_size to on-disk superblock") enabled previously written policy hints to be used after a cache is reactivated. But in doing so the cache metadata's hint array was left exposed to out of bounds access because on resize the metadata's on-disk hint array wasn't ever extended. Fix this by ignoring that there are no on-disk hints associated with the newly added cache blocks. An expanded on-disk hint array is later rewritten upon the next clean shutdown of the cache. Fixes: fd2fa9541 ("dm cache metadata: save in-core policy_hint_size to on-disk superblock") Cc: stable(a)vger.kernel.org Signed-off-by: Joe Thornber <ejt(a)redhat.com> Signed-off-by: Mike Snitzer <snitzer(a)redhat.com> diff --git a/drivers/md/dm-cache-metadata.c b/drivers/md/dm-cache-metadata.c index 69dddeab124c..5936de71883f 100644 --- a/drivers/md/dm-cache-metadata.c +++ b/drivers/md/dm-cache-metadata.c @@ -1455,8 +1455,8 @@ static int __load_mappings(struct dm_cache_metadata *cmd, if (hints_valid) { r = dm_array_cursor_next(&cmd->hint_cursor); if (r) { - DMERR("dm_array_cursor_next for hint failed"); - goto out; + dm_array_cursor_end(&cmd->hint_cursor); + hints_valid = false; } }

7 years, 1 month

1
0
0 0

FAILED: patch "[PATCH] drm/i915: Handle incomplete Z_FINISH for compressed error" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 4c9613ce556fdeb671e779668b627ea3a2b61728 Mon Sep 17 00:00:00 2001 From: Chris Wilson <chris(a)chris-wilson.co.uk> Date: Wed, 3 Oct 2018 09:24:22 +0100 Subject: [PATCH] drm/i915: Handle incomplete Z_FINISH for compressed error states The final call to zlib_deflate(Z_FINISH) may require more output space to be allocated and so needs to re-invoked. Failure to do so in the current code leads to incomplete zlib streams (albeit intact due to the use of Z_SYNC_FLUSH) resulting in the occasional short object capture. v2: Check against overrunning our pre-allocated page array v3: Drop Z_SYNC_FLUSH entirely Testcase: igt/i915-error-capture.js Fixes: 0a97015d45ee ("drm/i915: Compress GPU objects in error state") Signed-off-by: Chris Wilson <chris(a)chris-wilson.co.uk> Cc: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> # v4.10+ Cc: Tvrtko Ursulin <tvrtko.ursulin(a)intel.com> Reviewed-by: Tvrtko Ursulin <tvrtko.ursulin(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20181003082422.23214-1-chris@… (cherry picked from commit 83bc0f5b432f60394466deef16fc753e27371d0b) Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> diff --git a/drivers/gpu/drm/i915/i915_gpu_error.c b/drivers/gpu/drm/i915/i915_gpu_error.c index f7f2aa71d8d9..a262a64f5625 100644 --- a/drivers/gpu/drm/i915/i915_gpu_error.c +++ b/drivers/gpu/drm/i915/i915_gpu_error.c @@ -232,6 +232,20 @@ static bool compress_init(struct compress *c) return true; } +static void *compress_next_page(struct drm_i915_error_object *dst) +{ + unsigned long page; + + if (dst->page_count >= dst->num_pages) + return ERR_PTR(-ENOSPC); + + page = __get_free_page(GFP_ATOMIC | __GFP_NOWARN); + if (!page) + return ERR_PTR(-ENOMEM); + + return dst->pages[dst->page_count++] = (void *)page; +} + static int compress_page(struct compress *c, void *src, struct drm_i915_error_object *dst) @@ -245,19 +259,14 @@ static int compress_page(struct compress *c, do { if (zstream->avail_out == 0) { - unsigned long page; - - page = __get_free_page(GFP_ATOMIC | __GFP_NOWARN); - if (!page) - return -ENOMEM; + zstream->next_out = compress_next_page(dst); + if (IS_ERR(zstream->next_out)) + return PTR_ERR(zstream->next_out); - dst->pages[dst->page_count++] = (void *)page; - - zstream->next_out = (void *)page; zstream->avail_out = PAGE_SIZE; } - if (zlib_deflate(zstream, Z_SYNC_FLUSH) != Z_OK) + if (zlib_deflate(zstream, Z_NO_FLUSH) != Z_OK) return -EIO; } while (zstream->avail_in); @@ -268,19 +277,42 @@ static int compress_page(struct compress *c, return 0; } -static void compress_fini(struct compress *c, +static int compress_flush(struct compress *c, struct drm_i915_error_object *dst) { struct z_stream_s *zstream = &c->zstream; - if (dst) { - zlib_deflate(zstream, Z_FINISH); - dst->unused = zstream->avail_out; - } + do { + switch (zlib_deflate(zstream, Z_FINISH)) { + case Z_OK: /* more space requested */ + zstream->next_out = compress_next_page(dst); + if (IS_ERR(zstream->next_out)) + return PTR_ERR(zstream->next_out); + + zstream->avail_out = PAGE_SIZE; + break; + + case Z_STREAM_END: + goto end; + + default: /* any error */ + return -EIO; + } + } while (1); + +end: + memset(zstream->next_out, 0, zstream->avail_out); + dst->unused = zstream->avail_out; + return 0; +} + +static void compress_fini(struct compress *c, + struct drm_i915_error_object *dst) +{ + struct z_stream_s *zstream = &c->zstream; zlib_deflateEnd(zstream); kfree(zstream->workspace); - if (c->tmp) free_page((unsigned long)c->tmp); } @@ -319,6 +351,12 @@ static int compress_page(struct compress *c, return 0; } +static int compress_flush(struct compress *c, + struct drm_i915_error_object *dst) +{ + return 0; +} + static void compress_fini(struct compress *c, struct drm_i915_error_object *dst) { @@ -917,6 +955,7 @@ i915_error_object_create(struct drm_i915_private *i915, unsigned long num_pages; struct sgt_iter iter; dma_addr_t dma; + int ret; if (!vma) return NULL; @@ -930,6 +969,7 @@ i915_error_object_create(struct drm_i915_private *i915, dst->gtt_offset = vma->node.start; dst->gtt_size = vma->node.size; + dst->num_pages = num_pages; dst->page_count = 0; dst->unused = 0; @@ -938,28 +978,26 @@ i915_error_object_create(struct drm_i915_private *i915, return NULL; } + ret = -EINVAL; for_each_sgt_dma(dma, iter, vma->pages) { void __iomem *s; - int ret; ggtt->vm.insert_page(&ggtt->vm, dma, slot, I915_CACHE_NONE, 0); s = io_mapping_map_atomic_wc(&ggtt->iomap, slot); ret = compress_page(&compress, (void __force *)s, dst); io_mapping_unmap_atomic(s); - if (ret) - goto unwind; + break; } - goto out; -unwind: - while (dst->page_count--) - free_page((unsigned long)dst->pages[dst->page_count]); - kfree(dst); - dst = NULL; + if (ret || compress_flush(&compress, dst)) { + while (dst->page_count--) + free_page((unsigned long)dst->pages[dst->page_count]); + kfree(dst); + dst = NULL; + } -out: compress_fini(&compress, dst); ggtt->vm.clear_range(&ggtt->vm, slot, PAGE_SIZE); return dst; diff --git a/drivers/gpu/drm/i915/i915_gpu_error.h b/drivers/gpu/drm/i915/i915_gpu_error.h index f893a4e8b783..8710fb18ed74 100644 --- a/drivers/gpu/drm/i915/i915_gpu_error.h +++ b/drivers/gpu/drm/i915/i915_gpu_error.h @@ -135,6 +135,7 @@ struct i915_gpu_state { struct drm_i915_error_object { u64 gtt_offset; u64 gtt_size; + int num_pages; int page_count; int unused; u32 *pages[0];

7 years, 1 month

1
0
0 0

FAILED: patch "[PATCH] drm/i915: Handle incomplete Z_FINISH for compressed error" failed to apply to 4.18-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.18-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 4c9613ce556fdeb671e779668b627ea3a2b61728 Mon Sep 17 00:00:00 2001 From: Chris Wilson <chris(a)chris-wilson.co.uk> Date: Wed, 3 Oct 2018 09:24:22 +0100 Subject: [PATCH] drm/i915: Handle incomplete Z_FINISH for compressed error states The final call to zlib_deflate(Z_FINISH) may require more output space to be allocated and so needs to re-invoked. Failure to do so in the current code leads to incomplete zlib streams (albeit intact due to the use of Z_SYNC_FLUSH) resulting in the occasional short object capture. v2: Check against overrunning our pre-allocated page array v3: Drop Z_SYNC_FLUSH entirely Testcase: igt/i915-error-capture.js Fixes: 0a97015d45ee ("drm/i915: Compress GPU objects in error state") Signed-off-by: Chris Wilson <chris(a)chris-wilson.co.uk> Cc: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> # v4.10+ Cc: Tvrtko Ursulin <tvrtko.ursulin(a)intel.com> Reviewed-by: Tvrtko Ursulin <tvrtko.ursulin(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20181003082422.23214-1-chris@… (cherry picked from commit 83bc0f5b432f60394466deef16fc753e27371d0b) Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> diff --git a/drivers/gpu/drm/i915/i915_gpu_error.c b/drivers/gpu/drm/i915/i915_gpu_error.c index f7f2aa71d8d9..a262a64f5625 100644 --- a/drivers/gpu/drm/i915/i915_gpu_error.c +++ b/drivers/gpu/drm/i915/i915_gpu_error.c @@ -232,6 +232,20 @@ static bool compress_init(struct compress *c) return true; } +static void *compress_next_page(struct drm_i915_error_object *dst) +{ + unsigned long page; + + if (dst->page_count >= dst->num_pages) + return ERR_PTR(-ENOSPC); + + page = __get_free_page(GFP_ATOMIC | __GFP_NOWARN); + if (!page) + return ERR_PTR(-ENOMEM); + + return dst->pages[dst->page_count++] = (void *)page; +} + static int compress_page(struct compress *c, void *src, struct drm_i915_error_object *dst) @@ -245,19 +259,14 @@ static int compress_page(struct compress *c, do { if (zstream->avail_out == 0) { - unsigned long page; - - page = __get_free_page(GFP_ATOMIC | __GFP_NOWARN); - if (!page) - return -ENOMEM; + zstream->next_out = compress_next_page(dst); + if (IS_ERR(zstream->next_out)) + return PTR_ERR(zstream->next_out); - dst->pages[dst->page_count++] = (void *)page; - - zstream->next_out = (void *)page; zstream->avail_out = PAGE_SIZE; } - if (zlib_deflate(zstream, Z_SYNC_FLUSH) != Z_OK) + if (zlib_deflate(zstream, Z_NO_FLUSH) != Z_OK) return -EIO; } while (zstream->avail_in); @@ -268,19 +277,42 @@ static int compress_page(struct compress *c, return 0; } -static void compress_fini(struct compress *c, +static int compress_flush(struct compress *c, struct drm_i915_error_object *dst) { struct z_stream_s *zstream = &c->zstream; - if (dst) { - zlib_deflate(zstream, Z_FINISH); - dst->unused = zstream->avail_out; - } + do { + switch (zlib_deflate(zstream, Z_FINISH)) { + case Z_OK: /* more space requested */ + zstream->next_out = compress_next_page(dst); + if (IS_ERR(zstream->next_out)) + return PTR_ERR(zstream->next_out); + + zstream->avail_out = PAGE_SIZE; + break; + + case Z_STREAM_END: + goto end; + + default: /* any error */ + return -EIO; + } + } while (1); + +end: + memset(zstream->next_out, 0, zstream->avail_out); + dst->unused = zstream->avail_out; + return 0; +} + +static void compress_fini(struct compress *c, + struct drm_i915_error_object *dst) +{ + struct z_stream_s *zstream = &c->zstream; zlib_deflateEnd(zstream); kfree(zstream->workspace); - if (c->tmp) free_page((unsigned long)c->tmp); } @@ -319,6 +351,12 @@ static int compress_page(struct compress *c, return 0; } +static int compress_flush(struct compress *c, + struct drm_i915_error_object *dst) +{ + return 0; +} + static void compress_fini(struct compress *c, struct drm_i915_error_object *dst) { @@ -917,6 +955,7 @@ i915_error_object_create(struct drm_i915_private *i915, unsigned long num_pages; struct sgt_iter iter; dma_addr_t dma; + int ret; if (!vma) return NULL; @@ -930,6 +969,7 @@ i915_error_object_create(struct drm_i915_private *i915, dst->gtt_offset = vma->node.start; dst->gtt_size = vma->node.size; + dst->num_pages = num_pages; dst->page_count = 0; dst->unused = 0; @@ -938,28 +978,26 @@ i915_error_object_create(struct drm_i915_private *i915, return NULL; } + ret = -EINVAL; for_each_sgt_dma(dma, iter, vma->pages) { void __iomem *s; - int ret; ggtt->vm.insert_page(&ggtt->vm, dma, slot, I915_CACHE_NONE, 0); s = io_mapping_map_atomic_wc(&ggtt->iomap, slot); ret = compress_page(&compress, (void __force *)s, dst); io_mapping_unmap_atomic(s); - if (ret) - goto unwind; + break; } - goto out; -unwind: - while (dst->page_count--) - free_page((unsigned long)dst->pages[dst->page_count]); - kfree(dst); - dst = NULL; + if (ret || compress_flush(&compress, dst)) { + while (dst->page_count--) + free_page((unsigned long)dst->pages[dst->page_count]); + kfree(dst); + dst = NULL; + } -out: compress_fini(&compress, dst); ggtt->vm.clear_range(&ggtt->vm, slot, PAGE_SIZE); return dst; diff --git a/drivers/gpu/drm/i915/i915_gpu_error.h b/drivers/gpu/drm/i915/i915_gpu_error.h index f893a4e8b783..8710fb18ed74 100644 --- a/drivers/gpu/drm/i915/i915_gpu_error.h +++ b/drivers/gpu/drm/i915/i915_gpu_error.h @@ -135,6 +135,7 @@ struct i915_gpu_state { struct drm_i915_error_object { u64 gtt_offset; u64 gtt_size; + int num_pages; int page_count; int unused; u32 *pages[0];

7 years, 1 month

1
0
0 0

FAILED: patch "[PATCH] bcache: add separate workqueue for journal_write to avoid" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 0f843e65d9eef4936929bb036c5f771fb261eea4 Mon Sep 17 00:00:00 2001 From: Guoju Fang <fangguoju(a)gmail.com> Date: Thu, 27 Sep 2018 23:41:46 +0800 Subject: [PATCH] bcache: add separate workqueue for journal_write to avoid deadlock After write SSD completed, bcache schedules journal_write work to system_wq, which is a public workqueue in system, without WQ_MEM_RECLAIM flag. system_wq is also a bound wq, and there may be no idle kworker on current processor. Creating a new kworker may unfortunately need to reclaim memory first, by shrinking cache and slab used by vfs, which depends on bcache device. That's a deadlock. This patch create a new workqueue for journal_write with WQ_MEM_RECLAIM flag. It's rescuer thread will work to avoid the deadlock. Signed-off-by: Guoju Fang <fangguoju(a)gmail.com> Cc: stable(a)vger.kernel.org Signed-off-by: Coly Li <colyli(a)suse.de> Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/drivers/md/bcache/bcache.h b/drivers/md/bcache/bcache.h index 83504dd8100a..954dad29e6e8 100644 --- a/drivers/md/bcache/bcache.h +++ b/drivers/md/bcache/bcache.h @@ -965,6 +965,7 @@ void bch_prio_write(struct cache *ca); void bch_write_bdev_super(struct cached_dev *dc, struct closure *parent); extern struct workqueue_struct *bcache_wq; +extern struct workqueue_struct *bch_journal_wq; extern struct mutex bch_register_lock; extern struct list_head bch_cache_sets; diff --git a/drivers/md/bcache/journal.c b/drivers/md/bcache/journal.c index 6116bbf870d8..522c7426f3a0 100644 --- a/drivers/md/bcache/journal.c +++ b/drivers/md/bcache/journal.c @@ -485,7 +485,7 @@ static void do_journal_discard(struct cache *ca) closure_get(&ca->set->cl); INIT_WORK(&ja->discard_work, journal_discard_work); - schedule_work(&ja->discard_work); + queue_work(bch_journal_wq, &ja->discard_work); } } @@ -592,7 +592,7 @@ static void journal_write_done(struct closure *cl) : &j->w[0]; __closure_wake_up(&w->wait); - continue_at_nobarrier(cl, journal_write, system_wq); + continue_at_nobarrier(cl, journal_write, bch_journal_wq); } static void journal_write_unlock(struct closure *cl) @@ -627,7 +627,7 @@ static void journal_write_unlocked(struct closure *cl) spin_unlock(&c->journal.lock); btree_flush_write(c); - continue_at(cl, journal_write, system_wq); + continue_at(cl, journal_write, bch_journal_wq); return; } diff --git a/drivers/md/bcache/super.c b/drivers/md/bcache/super.c index 94c756c66bd7..30ba9aeb5ee8 100644 --- a/drivers/md/bcache/super.c +++ b/drivers/md/bcache/super.c @@ -47,6 +47,7 @@ static int bcache_major; static DEFINE_IDA(bcache_device_idx); static wait_queue_head_t unregister_wait; struct workqueue_struct *bcache_wq; +struct workqueue_struct *bch_journal_wq; #define BTREE_MAX_PAGES (256 * 1024 / PAGE_SIZE) /* limitation of partitions number on single bcache device */ @@ -2341,6 +2342,9 @@ static void bcache_exit(void) kobject_put(bcache_kobj); if (bcache_wq) destroy_workqueue(bcache_wq); + if (bch_journal_wq) + destroy_workqueue(bch_journal_wq); + if (bcache_major) unregister_blkdev(bcache_major, "bcache"); unregister_reboot_notifier(&reboot); @@ -2370,6 +2374,10 @@ static int __init bcache_init(void) if (!bcache_wq) goto err; + bch_journal_wq = alloc_workqueue("bch_journal", WQ_MEM_RECLAIM, 0); + if (!bch_journal_wq) + goto err; + bcache_kobj = kobject_create_and_add("bcache", fs_kobj); if (!bcache_kobj) goto err;

7 years, 1 month

1
0
0 0

FAILED: patch "[PATCH] bcache: add separate workqueue for journal_write to avoid" failed to apply to 4.18-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.18-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 0f843e65d9eef4936929bb036c5f771fb261eea4 Mon Sep 17 00:00:00 2001 From: Guoju Fang <fangguoju(a)gmail.com> Date: Thu, 27 Sep 2018 23:41:46 +0800 Subject: [PATCH] bcache: add separate workqueue for journal_write to avoid deadlock After write SSD completed, bcache schedules journal_write work to system_wq, which is a public workqueue in system, without WQ_MEM_RECLAIM flag. system_wq is also a bound wq, and there may be no idle kworker on current processor. Creating a new kworker may unfortunately need to reclaim memory first, by shrinking cache and slab used by vfs, which depends on bcache device. That's a deadlock. This patch create a new workqueue for journal_write with WQ_MEM_RECLAIM flag. It's rescuer thread will work to avoid the deadlock. Signed-off-by: Guoju Fang <fangguoju(a)gmail.com> Cc: stable(a)vger.kernel.org Signed-off-by: Coly Li <colyli(a)suse.de> Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/drivers/md/bcache/bcache.h b/drivers/md/bcache/bcache.h index 83504dd8100a..954dad29e6e8 100644 --- a/drivers/md/bcache/bcache.h +++ b/drivers/md/bcache/bcache.h @@ -965,6 +965,7 @@ void bch_prio_write(struct cache *ca); void bch_write_bdev_super(struct cached_dev *dc, struct closure *parent); extern struct workqueue_struct *bcache_wq; +extern struct workqueue_struct *bch_journal_wq; extern struct mutex bch_register_lock; extern struct list_head bch_cache_sets; diff --git a/drivers/md/bcache/journal.c b/drivers/md/bcache/journal.c index 6116bbf870d8..522c7426f3a0 100644 --- a/drivers/md/bcache/journal.c +++ b/drivers/md/bcache/journal.c @@ -485,7 +485,7 @@ static void do_journal_discard(struct cache *ca) closure_get(&ca->set->cl); INIT_WORK(&ja->discard_work, journal_discard_work); - schedule_work(&ja->discard_work); + queue_work(bch_journal_wq, &ja->discard_work); } } @@ -592,7 +592,7 @@ static void journal_write_done(struct closure *cl) : &j->w[0]; __closure_wake_up(&w->wait); - continue_at_nobarrier(cl, journal_write, system_wq); + continue_at_nobarrier(cl, journal_write, bch_journal_wq); } static void journal_write_unlock(struct closure *cl) @@ -627,7 +627,7 @@ static void journal_write_unlocked(struct closure *cl) spin_unlock(&c->journal.lock); btree_flush_write(c); - continue_at(cl, journal_write, system_wq); + continue_at(cl, journal_write, bch_journal_wq); return; } diff --git a/drivers/md/bcache/super.c b/drivers/md/bcache/super.c index 94c756c66bd7..30ba9aeb5ee8 100644 --- a/drivers/md/bcache/super.c +++ b/drivers/md/bcache/super.c @@ -47,6 +47,7 @@ static int bcache_major; static DEFINE_IDA(bcache_device_idx); static wait_queue_head_t unregister_wait; struct workqueue_struct *bcache_wq; +struct workqueue_struct *bch_journal_wq; #define BTREE_MAX_PAGES (256 * 1024 / PAGE_SIZE) /* limitation of partitions number on single bcache device */ @@ -2341,6 +2342,9 @@ static void bcache_exit(void) kobject_put(bcache_kobj); if (bcache_wq) destroy_workqueue(bcache_wq); + if (bch_journal_wq) + destroy_workqueue(bch_journal_wq); + if (bcache_major) unregister_blkdev(bcache_major, "bcache"); unregister_reboot_notifier(&reboot); @@ -2370,6 +2374,10 @@ static int __init bcache_init(void) if (!bcache_wq) goto err; + bch_journal_wq = alloc_workqueue("bch_journal", WQ_MEM_RECLAIM, 0); + if (!bch_journal_wq) + goto err; + bcache_kobj = kobject_create_and_add("bcache", fs_kobj); if (!bcache_kobj) goto err;

7 years, 1 month

1
0
0 0

FAILED: patch "[PATCH] KVM: VMX: hide flexpriority from guest when disabled at the" failed to apply to 4.18-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.18-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 2cf7ea9f40fabee0f8b40db4eb2d1e85cc6c0a95 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini <pbonzini(a)redhat.com> Date: Wed, 3 Oct 2018 10:34:00 +0200 Subject: [PATCH] KVM: VMX: hide flexpriority from guest when disabled at the module level As of commit 8d860bbeedef ("kvm: vmx: Basic APIC virtualization controls have three settings"), KVM will disable VIRTUALIZE_APIC_ACCESSES when a nested guest writes APIC_BASE MSR and kvm-intel.flexpriority=0, whereas previously KVM would allow a nested guest to enable VIRTUALIZE_APIC_ACCESSES so long as it's supported in hardware. That is, KVM now advertises VIRTUALIZE_APIC_ACCESSES to a guest but doesn't (always) allow setting it when kvm-intel.flexpriority=0, and may even initially allow the control and then clear it when the nested guest writes APIC_BASE MSR, which is decidedly odd even if it doesn't cause functional issues. Hide the control completely when the module parameter is cleared. reported-by: Sean Christopherson <sean.j.christopherson(a)intel.com> Fixes: 8d860bbeedef ("kvm: vmx: Basic APIC virtualization controls have three settings") Cc: Jim Mattson <jmattson(a)google.com> Cc: stable(a)vger.kernel.org Signed-off-by: Paolo Bonzini <pbonzini(a)redhat.com> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c index 764ae031054f..55b62760b694 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -3589,12 +3589,12 @@ static void nested_vmx_setup_ctls_msrs(struct nested_vmx_msrs *msrs, bool apicv) msrs->secondary_ctls_high); msrs->secondary_ctls_low = 0; msrs->secondary_ctls_high &= - SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES | SECONDARY_EXEC_DESC | SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE | SECONDARY_EXEC_APIC_REGISTER_VIRT | SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY | SECONDARY_EXEC_WBINVD_EXITING; + /* * We can emulate "VMCS shadowing," even if the hardware * doesn't support it. @@ -3651,6 +3651,10 @@ static void nested_vmx_setup_ctls_msrs(struct nested_vmx_msrs *msrs, bool apicv) msrs->secondary_ctls_high |= SECONDARY_EXEC_UNRESTRICTED_GUEST; + if (flexpriority_enabled) + msrs->secondary_ctls_high |= + SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES; + /* miscellaneous data */ rdmsr(MSR_IA32_VMX_MISC, msrs->misc_low,

7 years, 1 month

1
0
0 0

[PATCH stable 4.9 00/29] backport of IP fragmentation fixes

by Florian Fainelli

This is based on Stephen's v4.14 patches, with the necessary merge conflicts, and the lack of timer_setup() on the 4.9 baseline. Perf results on a gigabit capable system, before and after are below. Series can also be found here: https://github.com/ffainelli/linux/commits/fragment-stack-v4.9 PerfTop: 457 irqs/sec kernel:74.4% exact: 0.0% [4000Hz cycles], (all, 4 CPUs) ------------------------------------------------------------------------------- 29.62% [kernel] [k] ip_defrag 6.57% [kernel] [k] arch_cpu_idle 1.72% [kernel] [k] v7_dma_inv_range 1.68% [kernel] [k] __netif_receive_skb_core 1.43% [kernel] [k] fib_table_lookup 1.30% [kernel] [k] finish_task_switch 1.08% [kernel] [k] ip_rcv 1.01% [kernel] [k] skb_release_data 0.99% [kernel] [k] __slab_free 0.96% [kernel] [k] bcm_sysport_poll 0.88% [kernel] [k] __netdev_alloc_skb 0.87% [kernel] [k] tick_nohz_idle_enter 0.86% [kernel] [k] dev_gro_receive 0.85% [kernel] [k] _raw_spin_unlock_irqrestore 0.84% [kernel] [k] __memzero 0.74% [kernel] [k] tick_nohz_idle_exit 0.73% ld-2.24.so [.] do_lookup_x 0.66% [kernel] [k] kmem_cache_free 0.66% [kernel] [k] bcm_sysport_rx_refill 0.65% [kernel] [k] eth_type_trans After patching: PerfTop: 170 irqs/sec kernel:86.5% exact: 0.0% [4000Hz cycles], (all, 4 CPUs) ------------------------------------------------------------------------------- 7.79% [kernel] [k] arch_cpu_idle 5.14% [kernel] [k] v7_dma_inv_range 4.20% [kernel] [k] ip_defrag 3.89% [kernel] [k] __netif_receive_skb_core 3.65% [kernel] [k] fib_table_lookup 2.16% [kernel] [k] finish_task_switch 1.93% [kernel] [k] _raw_spin_unlock_irqrestore 1.90% [kernel] [k] ip_rcv 1.84% [kernel] [k] bcm_sysport_poll 1.83% [kernel] [k] __memzero 1.65% [kernel] [k] __netdev_alloc_skb 1.60% [kernel] [k] __slab_free 1.49% [kernel] [k] __do_softirq 1.49% [kernel] [k] bcm_sysport_rx_refill 1.31% [kernel] [k] dma_cache_maint_page 1.25% [kernel] [k] tick_nohz_idle_enter 1.24% [kernel] [k] ip_route_input_noref 1.17% [kernel] [k] eth_type_trans 1.06% [kernel] [k] fib_validate_source 1.03% [kernel] [k] inet_frag_find Dan Carpenter (1): ipv4: frags: precedence bug in ip_expire() Eric Dumazet (22): inet: frags: change inet_frags_init_net() return value inet: frags: add a pointer to struct netns_frags inet: frags: refactor ipfrag_init() inet: frags: refactor ipv6_frag_init() inet: frags: refactor lowpan_net_frag_init() ipv6: export ip6 fragments sysctl to unprivileged users rhashtable: add schedule points inet: frags: use rhashtables for reassembly units inet: frags: remove some helpers inet: frags: get rif of inet_frag_evicting() inet: frags: remove inet_frag_maybe_warn_overflow() inet: frags: break the 2GB limit for frags storage inet: frags: do not clone skb in ip_expire() ipv6: frags: rewrite ip6_expire_frag_queue() rhashtable: reorganize struct rhashtable layout inet: frags: reorganize struct netns_frags inet: frags: get rid of ipfrag_skb_cb/FRAG_CB inet: frags: fix ip6frag_low_thresh boundary net: speed up skb_rbtree_purge() net: pskb_trim_rcsum() and CHECKSUM_COMPLETE are friends net: add rb_to_skb() and other rb tree helpers net: sk_buff rbnode reorg Florian Westphal (1): ipv6: defrag: drop non-last frags smaller than min mtu Peter Oskolkov (4): ip: discard IPv4 datagrams with overlapping segments. net: modify skb_rbtree_purge to return the truesize of all purged skbs. ip: add helpers to process in-order fragments faster. ip: process in-order fragments efficiently Taehee Yoo (1): ip: frags: fix crash in ip_do_fragment() Documentation/networking/ip-sysctl.txt | 13 +- include/linux/rhashtable.h | 4 +- include/linux/skbuff.h | 48 +- include/net/inet_frag.h | 133 +++--- include/net/ip.h | 1 - include/net/ipv6.h | 26 +- include/uapi/linux/snmp.h | 1 + lib/rhashtable.c | 5 +- net/core/skbuff.c | 31 +- net/ieee802154/6lowpan/6lowpan_i.h | 26 +- net/ieee802154/6lowpan/reassembly.c | 148 +++--- net/ipv4/inet_fragment.c | 379 ++++------------ net/ipv4/ip_fragment.c | 573 +++++++++++++----------- net/ipv4/proc.c | 7 +- net/ipv4/tcp_input.c | 33 +- net/ipv6/netfilter/nf_conntrack_reasm.c | 100 ++--- net/ipv6/proc.c | 5 +- net/ipv6/reassembly.c | 212 ++++----- 18 files changed, 785 insertions(+), 960 deletions(-) -- 2.17.1

7 years, 1 month

3
33
0 0

+ mm-dont-clobber-partially-overlapping-vma-with-map_fixed_noreplace.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm/mmap.c: don't clobber partially overlapping VMA with MAP_FIXED_NOREPLACE has been added to the -mm tree. Its filename is mm-dont-clobber-partially-overlapping-vma-with-map_fixed_noreplace.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/mm-dont-clobber-partially-overlapp… and later at http://ozlabs.org/~akpm/mmotm/broken-out/mm-dont-clobber-partially-overlapp… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Jann Horn <jannh(a)google.com> Subject: mm/mmap.c: don't clobber partially overlapping VMA with MAP_FIXED_NOREPLACE Daniel Micay reports that attempting to use MAP_FIXED_NOREPLACE in an application causes that application to randomly crash. The existing check for handling MAP_FIXED_NOREPLACE looks up the first VMA that either overlaps or follows the requested region, and then bails out if that VMA overlaps *the start* of the requested region. It does not bail out if the VMA only overlaps another part of the requested region. Fix it by checking that the found VMA only starts at or after the end of the requested region, in which case there is no overlap. Test case: user@debian:~$ cat mmap_fixed_simple.c #include <sys/mman.h> #include <errno.h> #include <stdio.h> #include <stdlib.h> #include <unistd.h> #ifndef MAP_FIXED_NOREPLACE #define MAP_FIXED_NOREPLACE 0x100000 #endif int main(void) { char *p; errno = 0; p = mmap((void*)0x10001000, 0x4000, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_FIXED_NOREPLACE, -1, 0); printf("p1=%p err=%m\n", p); errno = 0; p = mmap((void*)0x10000000, 0x2000, PROT_READ, MAP_PRIVATE|MAP_ANONYMOUS|MAP_FIXED_NOREPLACE, -1, 0); printf("p2=%p err=%m\n", p); char cmd[100]; sprintf(cmd, "cat /proc/%d/maps", getpid()); system(cmd); return 0; } user@debian:~$ gcc -o mmap_fixed_simple mmap_fixed_simple.c user@debian:~$ ./mmap_fixed_simple p1=0x10001000 err=Success p2=0x10000000 err=Success 10000000-10002000 r--p 00000000 00:00 0 10002000-10005000 ---p 00000000 00:00 0 564a9a06f000-564a9a070000 r-xp 00000000 fe:01 264004 /home/user/mmap_fixed_simple 564a9a26f000-564a9a270000 r--p 00000000 fe:01 264004 /home/user/mmap_fixed_simple 564a9a270000-564a9a271000 rw-p 00001000 fe:01 264004 /home/user/mmap_fixed_simple 564a9a54a000-564a9a56b000 rw-p 00000000 00:00 0 [heap] 7f8eba447000-7f8eba5dc000 r-xp 00000000 fe:01 405885 /lib/x86_64-linux-gnu/libc-2.24.so 7f8eba5dc000-7f8eba7dc000 ---p 00195000 fe:01 405885 /lib/x86_64-linux-gnu/libc-2.24.so 7f8eba7dc000-7f8eba7e0000 r--p 00195000 fe:01 405885 /lib/x86_64-linux-gnu/libc-2.24.so 7f8eba7e0000-7f8eba7e2000 rw-p 00199000 fe:01 405885 /lib/x86_64-linux-gnu/libc-2.24.so 7f8eba7e2000-7f8eba7e6000 rw-p 00000000 00:00 0 7f8eba7e6000-7f8eba809000 r-xp 00000000 fe:01 405876 /lib/x86_64-linux-gnu/ld-2.24.so 7f8eba9e9000-7f8eba9eb000 rw-p 00000000 00:00 0 7f8ebaa06000-7f8ebaa09000 rw-p 00000000 00:00 0 7f8ebaa09000-7f8ebaa0a000 r--p 00023000 fe:01 405876 /lib/x86_64-linux-gnu/ld-2.24.so 7f8ebaa0a000-7f8ebaa0b000 rw-p 00024000 fe:01 405876 /lib/x86_64-linux-gnu/ld-2.24.so 7f8ebaa0b000-7f8ebaa0c000 rw-p 00000000 00:00 0 7ffcc99fa000-7ffcc9a1b000 rw-p 00000000 00:00 0 [stack] 7ffcc9b44000-7ffcc9b47000 r--p 00000000 00:00 0 [vvar] 7ffcc9b47000-7ffcc9b49000 r-xp 00000000 00:00 0 [vdso] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall] user@debian:~$ uname -a Linux debian 4.19.0-rc6+ #181 SMP Wed Oct 3 23:43:42 CEST 2018 x86_64 GNU/Linux user@debian:~$ As you can see, the first page of the mapping at 0x10001000 was clobbered. Link: http://lkml.kernel.org/r/20181010152736.99475-1-jannh@google.com Fixes: a4ff8e8620d3 ("mm: introduce MAP_FIXED_NOREPLACE") Signed-off-by: Jann Horn <jannh(a)google.com> Reported-by: Daniel Micay <danielmicay(a)gmail.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Acked-by: John Hubbard <jhubbard(a)nvidia.com> Acked-by: Kees Cook <keescook(a)chromium.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- diff -puN mm/mmap.c~mm-dont-clobber-partially-overlapping-vma-with-map_fixed_noreplace mm/mmap.c --- a/mm/mmap.c~mm-dont-clobber-partially-overlapping-vma-with-map_fixed_noreplace +++ a/mm/mmap.c @@ -1410,7 +1410,7 @@ unsigned long do_mmap(struct file *file, if (flags & MAP_FIXED_NOREPLACE) { struct vm_area_struct *vma = find_vma(mm, addr); - if (vma && vma->vm_start <= addr) + if (vma && vma->vm_start < addr + len) return -EEXIST; } _ Patches currently in -mm which might be from jannh(a)google.com are mm-dont-clobber-partially-overlapping-vma-with-map_fixed_noreplace.patch mm-vmstat-assert-that-vmstat_text-is-in-sync-with-stat_items_size.patch reiserfs-propagate-errors-from-fill_with_dentries-properly.patch

7 years, 1 month

1
0
0 0

[GIT PULL] vsprintf: Fix off-by-one bug in bstr_printf() processing dereferenced pointers

by Steven Rostedt

Linus (aka Greg), It was reported that trace_printk() was not reporting properly values that came after a dereference pointer. trace_printk() utilizes vbin_printf() and bstr_printf() to keep the overhead of tracing down. vbin_printf() does not do any conversions and just stors the string format and the raw arguments into the buffer. bstr_printf() is used to read the buffer and does the conversions to complete the printf() output. This can be troublesome with dereferenced pointers because the reference may be different from the time vbin_printf() is called to the time bstr_printf() is called. To fix this, a prior commit changed vbin_printf() to convert dereferenced pointers into strings and load the converted string into the buffer. But the change to bstr_printf() had an off-by-one error and didn't account for the nul character at the end of the string and this corrupted the rest of the values in the format that came after a dereferenced pointer. Please pull the latest trace-v4.19-rc5 tree, which can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace.git trace-v4.19-rc5 Tag SHA1: b5fc80d980ae316323e88c165084deef39afd168 Head SHA1: 62165600ae73ebd76e2d9b992b36360408d570d8 Steven Rostedt (VMware) (1): vsprintf: Fix off-by-one bug in bstr_printf() processing dereferenced pointers ---- lib/vsprintf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --------------------------- commit 62165600ae73ebd76e2d9b992b36360408d570d8 Author: Steven Rostedt (VMware) <rostedt(a)goodmis.org> Date: Fri Oct 5 10:08:03 2018 -0400 vsprintf: Fix off-by-one bug in bstr_printf() processing dereferenced pointers The functions vbin_printf() and bstr_printf() are used by trace_printk() to try to keep the overhead down during printing. trace_printk() uses vbin_printf() at the time of execution, as it only scans the fmt string to record the printf values into the buffer, and then uses vbin_printf() to do the conversions to print the string based on the format and the saved values in the buffer. This is an issue for dereferenced pointers, as before commit 841a915d20c7b, the processing of the pointer could happen some time after the pointer value was recorded (reading the trace buffer). This means the processing of the value at a later time could show different results, or even crash the system, if the pointer no longer existed. Commit 841a915d20c7b addressed this by processing dereferenced pointers at the time of execution and save the result in the ring buffer as a string. The bstr_printf() would then treat these pointers as normal strings, and print the value. But there was an off-by-one bug here, where after processing the argument, it move the pointer only "strlen(arg)" which made the arg pointer not point to the next argument in the ring buffer, but instead point to the nul character of the last argument. This causes any values after a dereferenced pointer to be corrupted. Cc: stable(a)vger.kernel.org Fixes: 841a915d20c7b ("vsprintf: Do not have bprintf dereference pointers") Reported-by: Nikolay Borisov <nborisov(a)suse.com> Tested-by: Nikolay Borisov <nborisov(a)suse.com> Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> diff --git a/lib/vsprintf.c b/lib/vsprintf.c index d5b3a3f95c01..812e59e13fe6 100644 --- a/lib/vsprintf.c +++ b/lib/vsprintf.c @@ -2794,7 +2794,7 @@ int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf) copy = end - str; memcpy(str, args, copy); str += len; - args += len; + args += len + 1; } } if (process)

7 years, 1 month

2
1
0 0

[PATCH] drm/amdgpu: Suppress keypresses from ACPI_VIDEO events

by Lyude Paul

Currently we return NOTIFY_DONE for any event which we don't think is ours. However, many laptops will send more then just an ATIF event and will also send an ACPI_VIDEO_NOTIFY_PROBE event as well. Since we don't check for this, we return NOTIFY_DONE which causes a keypress for the ACPI event to be propogated to userspace. This is the equivalent of someone pressing the display key on a laptop every time there's a hotplug event. So, check for ACPI_VIDEO_NOTIFY_PROBE events and suppress keypresses from them. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c index 353993218f21..f008804f0b97 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c @@ -358,7 +358,9 @@ static int amdgpu_atif_get_sbios_requests(struct amdgpu_atif *atif, * * Checks the acpi event and if it matches an atif event, * handles it. - * Returns NOTIFY code + * + * Returns: + * NOTIFY_BAD or NOTIFY_DONE, depending on the event. */ static int amdgpu_atif_handler(struct amdgpu_device *adev, struct acpi_bus_event *event) @@ -372,11 +374,16 @@ static int amdgpu_atif_handler(struct amdgpu_device *adev, if (strcmp(event->device_class, ACPI_VIDEO_CLASS) != 0) return NOTIFY_DONE; + /* Is this actually our event? */ if (!atif || !atif->notification_cfg.enabled || - event->type != atif->notification_cfg.command_code) - /* Not our event */ - return NOTIFY_DONE; + event->type != atif->notification_cfg.command_code) { + /* These events will generate keypresses otherwise */ + if (event->type == ACPI_VIDEO_NOTIFY_PROBE) + return NOTIFY_BAD; + else + return NOTIFY_DONE; + } if (atif->functions.sbios_requests) { struct atif_sbios_requests req; @@ -385,7 +392,7 @@ static int amdgpu_atif_handler(struct amdgpu_device *adev, count = amdgpu_atif_get_sbios_requests(atif, &req); if (count <= 0) - return NOTIFY_DONE; + return NOTIFY_BAD; DRM_DEBUG_DRIVER("ATIF: %d pending SBIOS requests\n", count); -- 2.17.1

7 years, 1 month

2
1
0 0

[PATCH 4.4 000/113] 4.4.160-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.4.160 release. There are 113 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed Oct 10 17:55:13 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.160-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.4.160-rc1 Ashish Samant <ashish.samant(a)oracle.com> ocfs2: fix locking for res->tracking and dlm->tracking_list Jann Horn <jannh(a)google.com> proc: restrict kernel stack dumps to root Leonard Crestez <leonard.crestez(a)nxp.com> crypto: mxs-dcp - Fix wait logic on chan threads Kai-Heng Feng <kai.heng.feng(a)canonical.com> ALSA: hda/realtek - Cannot adjust speaker's volume on Dell XPS 27 7760 Aurelien Aptel <aaptel(a)suse.com> smb2: fix missing files in root share directory listing Josh Abraham <j.abraham1776(a)gmail.com> xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage Olaf Hering <olaf(a)aepfle.de> xen: avoid crash in disable_hotplug_cpu Vitaly Kuznetsov <vkuznets(a)redhat.com> xen/manage: don't complain about an empty value in control/sysrq node Dan Carpenter <dan.carpenter(a)oracle.com> cifs: read overflow in is_valid_oplock_break() Julian Wiedmann <jwi(a)linux.ibm.com> s390/qeth: don't dump past end of unknown HW header Kai-Heng Feng <kai.heng.feng(a)canonical.com> r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED Miguel Ojeda <miguel.ojeda.sandonis(a)gmail.com> arm64: jump_label.h: use asm_volatile_goto macro instead of "asm goto" Randy Dunlap <rdunlap(a)infradead.org> hexagon: modify ffs() and fls() to return int Randy Dunlap <rdunlap(a)infradead.org> arch/hexagon: fix kernel/dma.c build warning Joe Thornber <ejt(a)redhat.com> dm thin metadata: try to avoid ever aborting transactions Stephen Rothwell <sfr(a)canb.auug.org.au> fs/cifs: suppress a string overflow warning Ben Skeggs <bskeggs(a)redhat.com> drm/nouveau/TBDdevinit: don't fail when PMU/PRE_OS is missing from VBIOS Ben Hutchings <ben.hutchings(a)codethink.co.uk> USB: yurex: Check for truncation in yurex_read() Jann Horn <jannh(a)google.com> RDMA/ucma: check fd type in ucma_migrate_id() Sandipan Das <sandipan(a)linux.ibm.com> perf probe powerpc: Ignore SyS symbols irrespective of endianness Stephen Boyd <swboyd(a)chromium.org> pinctrl: msm: Really mask level interrupts to prevent latching Anton Vasilyev <vasilyev(a)ispras.ru> usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i] Daniel Black <daniel(a)linux.ibm.com> mm: madvise(MADV_DODUMP): allow hugetlbfs pages Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> tools/vm/page-types.c: fix "defined but not used" warning Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> tools/vm/slabinfo.c: fix sign-compare warning Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> mac80211: shorten the IBSS debug messages Ilan Peer <ilan.peer(a)intel.com> mac80211: Fix station bandwidth setting after channel switch Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> mac80211: fix a race between restart and CSA flows Dan Carpenter <dan.carpenter(a)oracle.com> cfg80211: fix a type issue in ieee80211_chandef_to_operating_class() Jon Kuhn <jkuhn(a)barracuda.com> fs/cifs: don't translate SFM_SLASH (U+F026) to backslash Jia-Ju Bai <baijiaju1990(a)gmail.com> net: cadence: Fix a sleep-in-atomic-context bug in macb_halt_tx() Masahiro Yamada <yamada.masahiro(a)socionext.com> i2c: uniphier-f: issue STOP only for last message or I2C_M_STOP Masahiro Yamada <yamada.masahiro(a)socionext.com> i2c: uniphier: issue STOP only for last message or I2C_M_STOP Xiao Ni <xni(a)redhat.com> RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0 Arunk Khandavalli <akhandav(a)codeaurora.org> cfg80211: nl80211_update_ft_ies() to validate NL80211_ATTR_IE Yuan-Chi Pang <fu3mo6goo(a)gmail.com> mac80211: mesh: fix HWMP sequence numbering to follow standard Michael Hennerich <michael.hennerich(a)analog.com> gpio: adp5588: Fix sleep-in-atomic-context bug Danek Duvall <duvall(a)comfychair.org> mac80211_hwsim: correct use of IEEE80211_VHT_CAP_RXSTBC_X Danek Duvall <duvall(a)comfychair.org> mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X Paul Mackerras <paulus(a)ozlabs.org> KVM: PPC: Book3S HV: Don't truncate HPTE index in xlate function Sakari Ailus <sakari.ailus(a)linux.intel.com> media: v4l: event: Prevent freeing event subscriptions while accessed Marc Zyngier <marc.zyngier(a)arm.com> arm64: KVM: Sanitize PSTATE.M when being set from userspace Suzuki K Poulose <suzuki.poulose(a)arm.com> arm64: cpufeature: Track 32bit EL0 support Mika Westerberg <mika.westerberg(a)linux.intel.com> i2c: i801: Allow ACPI AML access I/O ports not reserved for SMBus Dan Carpenter <dan.carpenter(a)oracle.com> hwmon: (adt7475) Make adt7475_read_word() return errors Lothar Felten <lothar.felten(a)gmail.com> hwmon: (ina2xx) fix sysfs shunt resistor read access Bo Chen <chenbo(a)pdx.edu> e1000: ensure to free old tx/rx rings in set_ringparam() Bo Chen <chenbo(a)pdx.edu> e1000: check on netif_running() before calling e1000_up() Huazhong Tan <tanhuazhong(a)huawei.com> net: hns: fix length and page_offset overflow when CONFIG_ARM64_64K_PAGES Anson Huang <Anson.Huang(a)nxp.com> thermal: of-thermal: disable passive polling when thermal zone is disabled Theodore Ts'o <tytso(a)mit.edu> ext4: never move the system.data xattr out of the inode body Dave Martin <Dave.Martin(a)arm.com> arm64: KVM: Tighten guest core register access from userspace Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> serial: imx: restore handshaking irq for imx1 Vincent Pelletier <plr.vincent(a)gmail.com> scsi: target: iscsi: Use bin2hex instead of a re-implementation Bart Van Assche <bvanassche(a)acm.org> IB/srp: Avoid that sg_reset -d ${srp_device} triggers an infinite loop Aaron Ma <aaron.ma(a)canonical.com> Input: elantech - enable middle button of touchpad on ThinkPad P72 Alan Stern <stern(a)rowland.harvard.edu> USB: remove LPM management from usb_driver_claim_interface() Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> Revert "usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt()" Oliver Neukum <oneukum(a)suse.com> USB: usbdevfs: restore warning for nonsensical flags Oliver Neukum <oneukum(a)suse.com> USB: usbdevfs: sanitize flags more ming_qian <ming_qian(a)realsil.com.cn> media: uvcvideo: Support realtek's UVC 1.5 device Alexey Dobriyan <adobriyan(a)gmail.com> slub: make ->cpu_partial unsigned int Alan Stern <stern(a)rowland.harvard.edu> USB: handle NULL config in usb_find_alt_setting() Alan Stern <stern(a)rowland.harvard.edu> USB: fix error handling in usb_driver_claim_interface() Geert Uytterhoeven <geert+renesas(a)glider.be> spi: rspi: Fix interrupted DMA transfers Geert Uytterhoeven <geert+renesas(a)glider.be> spi: rspi: Fix invalid SPI use during system suspend Hiromitsu Yamasaki <hiromitsu.yamasaki.ym(a)renesas.com> spi: sh-msiof: Fix handling of write value for SISTR register Gaku Inami <gaku.inami.xw(a)bp.renesas.com> spi: sh-msiof: Fix invalid SPI use during system suspend Marcel Ziswiler <marcel.ziswiler(a)toradex.com> spi: tegra20-slink: explicitly enable/disable clock Christophe Leroy <christophe.leroy(a)c-s.fr> serial: cpm_uart: return immediately from console poll Andy Whitcroft <apw(a)canonical.com> floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl Kevin Hilman <khilman(a)baylibre.com> ARM: dts: dra7: fix DCAN node addresses J. Bruce Fields <bfields(a)redhat.com> nfsd: fix corrupted reply to badly ordered compound Jessica Yu <jeyu(a)kernel.org> module: exclude SHN_UNDEF symbols from kallsyms api Liam Girdwood <liam.r.girdwood(a)linux.intel.com> ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs Johan Hovold <johan(a)kernel.org> EDAC, i7core: Fix memleaks and use-after-free on probe and remove Zhouyang Jia <jiazhouyang09(a)gmail.com> scsi: bnx2i: add error handling for ioremap_nocache Zhouyang Jia <jiazhouyang09(a)gmail.com> HID: hid-ntrig: add error handling for sysfs_create_group Ethan Tuttle <ethan(a)ethantuttle.com> ARM: mvebu: declare asm symbols as character arrays in pmsu.c Tony Lindgren <tony(a)atomide.com> wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout() Dan Carpenter <dan.carpenter(a)oracle.com> rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication() Ben Greear <greearb(a)candelatech.com> ath10k: protect ath10k_htt_rx_ring_free with rx_ring.lock Kai-Heng Feng <kai.heng.feng(a)canonical.com> ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge Zhouyang Jia <jiazhouyang09(a)gmail.com> media: tm6000: add error handling for dvb_register_adapter Zhouyang Jia <jiazhouyang09(a)gmail.com> drivers/tty: add error handling for pcmcia_loop_config Alistair Strachan <astrachan(a)google.com> staging: android: ashmem: Fix mmap size validation Javier Martinez Canillas <javierm(a)redhat.com> media: omap3isp: zero-initialize the isp cam_xclk{a,b} initial data Akinobu Mita <akinobu.mita(a)gmail.com> media: soc_camera: ov772x: correct setting of banding filter Akinobu Mita <akinobu.mita(a)gmail.com> media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power Nicholas Mc Guire <hofrat(a)osadl.org> ALSA: snd-aoa: add of_node_put() in error path Vasily Gorbik <gor(a)linux.ibm.com> s390/extmem: fix gcc 8 stringop-overflow warning Thomas Gleixner <tglx(a)linutronix.de> alarmtimer: Prevent overflow for relative nanosleep Alexey Kardashevskiy <aik(a)ozlabs.ru> powerpc/powernv/ioda2: Reduce upper limit for DMA window size Julia Lawall <Julia.Lawall(a)lip6.fr> usb: wusbcore: security: cast sizeof to int for comparison Breno Leitao <leitao(a)debian.org> scsi: ibmvscsi: Improve strings handling Bart Van Assche <bart.vanassche(a)wdc.com> scsi: klist: Make it safe to use klists in atomic context Bart Van Assche <bart.vanassche(a)wdc.com> scsi: target/iscsi: Make iscsit_ta_authentication() respect the output buffer size Jan Beulich <JBeulich(a)suse.com> x86/entry/64: Add two more instruction suffixes Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> x86/tsc: Add missing header to tsc_msr.c Alexey Khoroshilov <khoroshilov(a)ispras.ru> media: fsl-viu: fix error handling in viu_of_probe() Hari Bathini <hbathini(a)linux.ibm.com> powerpc/kdump: Handle crashkernel memory reservation failure Sylwester Nawrocki <s.nawrocki(a)samsung.com> media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt() Guoqing Jiang <gqjiang(a)suse.com> md-cluster: clear another node's suspend_area after the copy is finished Michael Scott <michael(a)opensourcefoundries.com> 6lowpan: iphc: reset mac_header after decompress to fix panic Johan Hovold <johan(a)kernel.org> USB: serial: kobil_sct: fix modem-status error handling Jian-Hong Pan <jian-hong(a)endlessm.com> Bluetooth: Add a new Realtek 8723DE ID 0bda:b009 Sudeep Holla <sudeep.holla(a)arm.com> power: vexpress: fix corruption in notifier registration Anton Vasilyev <vasilyev(a)ispras.ru> uwb: hwa-rc: fix memory leak at probe Colin Ian King <colin.king(a)canonical.com> staging: rts5208: fix missing error check on call to rtsx_write_register Dan Williams <dan.j.williams(a)intel.com> x86/numa_emulation: Fix emulated-to-physical node mapping Dan Carpenter <dan.carpenter(a)oracle.com> vmci: type promotion bug in qp_host_get_user_memory() Matt Ranostay <matt.ranostay(a)konsulko.com> tsl2550: fix lux1_input error in low light Stafford Horne <shorne(a)gmail.com> crypto: skcipher - Fix -Wstringop-truncation warnings ------------- Diffstat: Documentation/hwmon/ina2xx | 2 +- Makefile | 4 +- arch/arm/boot/dts/dra7.dtsi | 4 +- arch/arm/mach-mvebu/pmsu.c | 6 +- arch/arm64/include/asm/cpufeature.h | 8 ++- arch/arm64/include/asm/jump_label.h | 4 +- arch/arm64/include/asm/kvm_emulate.h | 5 ++ arch/arm64/include/asm/sysreg.h | 1 + arch/arm64/kernel/cpufeature.c | 8 +++ arch/arm64/kvm/guest.c | 55 +++++++++++++++- arch/hexagon/include/asm/bitops.h | 4 +- arch/hexagon/kernel/dma.c | 2 +- arch/powerpc/kernel/machine_kexec.c | 7 ++- arch/powerpc/kvm/book3s_64_mmu_hv.c | 2 +- arch/powerpc/platforms/powernv/pci-ioda.c | 2 +- arch/s390/mm/extmem.c | 4 +- arch/x86/entry/entry_64.S | 4 +- arch/x86/kernel/tsc_msr.c | 1 + arch/x86/mm/numa_emulation.c | 2 +- crypto/ablkcipher.c | 2 + crypto/blkcipher.c | 1 + drivers/block/floppy.c | 3 + drivers/bluetooth/btusb.c | 1 + drivers/crypto/mxs-dcp.c | 53 +++++++++------- drivers/edac/i7core_edac.c | 22 ++++--- drivers/gpio/gpio-adp5588.c | 24 +++++-- .../gpu/drm/nouveau/nvkm/subdev/devinit/gm204.c | 3 +- drivers/hid/hid-ntrig.c | 2 + drivers/hwmon/adt7475.c | 14 +++-- drivers/hwmon/ina2xx.c | 13 +++- drivers/i2c/busses/i2c-i801.c | 9 ++- drivers/i2c/busses/i2c-uniphier-f.c | 7 +-- drivers/i2c/busses/i2c-uniphier.c | 7 +-- drivers/infiniband/core/ucma.c | 6 ++ drivers/infiniband/ulp/srp/ib_srp.c | 6 +- drivers/input/mouse/elantech.c | 2 + drivers/md/dm-thin-metadata.c | 36 ++++++++++- drivers/md/dm-thin.c | 73 +++++++++++++++++++--- drivers/md/md-cluster.c | 19 +++--- drivers/md/raid10.c | 5 +- drivers/media/i2c/soc_camera/ov772x.c | 2 +- drivers/media/platform/exynos4-is/fimc-isp-video.c | 11 +++- drivers/media/platform/fsl-viu.c | 38 ++++++----- drivers/media/platform/omap3isp/isp.c | 2 +- drivers/media/platform/s3c-camif/camif-capture.c | 2 + drivers/media/usb/tm6000/tm6000-dvb.c | 5 ++ drivers/media/usb/uvc/uvc_video.c | 24 +++++-- drivers/media/v4l2-core/v4l2-event.c | 37 +++++------ drivers/media/v4l2-core/v4l2-fh.c | 2 + drivers/misc/tsl2550.c | 2 +- drivers/misc/vmw_vmci/vmci_queue_pair.c | 4 +- drivers/net/ethernet/cadence/macb.c | 2 +- drivers/net/ethernet/hisilicon/hns/hnae.h | 6 +- drivers/net/ethernet/intel/e1000/e1000_ethtool.c | 7 ++- drivers/net/ethernet/realtek/r8169.c | 9 ++- drivers/net/wireless/ath/ath10k/htt_rx.c | 5 +- drivers/net/wireless/mac80211_hwsim.c | 3 - drivers/net/wireless/rndis_wlan.c | 2 + drivers/net/wireless/ti/wlcore/cmd.c | 6 ++ drivers/pinctrl/qcom/pinctrl-msm.c | 24 +++++++ drivers/power/reset/vexpress-poweroff.c | 12 ++-- drivers/s390/net/qeth_l2_main.c | 2 +- drivers/s390/net/qeth_l3_main.c | 2 +- drivers/scsi/bnx2i/bnx2i_hwi.c | 2 + drivers/scsi/ibmvscsi/ibmvscsi.c | 4 +- drivers/spi/spi-rspi.c | 34 ++++++++-- drivers/spi/spi-sh-msiof.c | 28 ++++++++- drivers/spi/spi-tegra20-slink.c | 31 ++++++--- drivers/staging/android/ashmem.c | 6 ++ drivers/staging/rts5208/sd.c | 2 +- drivers/target/iscsi/iscsi_target_auth.c | 15 +---- drivers/target/iscsi/iscsi_target_tpg.c | 3 +- drivers/thermal/of-thermal.c | 7 ++- drivers/tty/serial/8250/serial_cs.c | 6 +- drivers/tty/serial/cpm_uart/cpm_uart_core.c | 10 ++- drivers/tty/serial/imx.c | 8 +++ drivers/usb/class/cdc-wdm.c | 2 +- drivers/usb/core/devio.c | 24 ++++++- drivers/usb/core/driver.c | 28 ++++----- drivers/usb/core/usb.c | 2 + drivers/usb/gadget/udc/fotg210-udc.c | 15 +++-- drivers/usb/misc/yurex.c | 3 + drivers/usb/serial/kobil_sct.c | 12 +++- drivers/usb/wusbcore/security.c | 2 +- drivers/uwb/hwa-rc.c | 1 + drivers/xen/cpu_hotplug.c | 15 ++--- drivers/xen/events/events_base.c | 2 +- drivers/xen/manage.c | 6 +- fs/cifs/cifs_unicode.c | 3 - fs/cifs/cifssmb.c | 11 +++- fs/cifs/misc.c | 8 +++ fs/cifs/smb2ops.c | 2 +- fs/ext4/xattr.c | 5 ++ fs/nfsd/nfs4proc.c | 1 + fs/ocfs2/dlm/dlmmaster.c | 4 +- fs/proc/base.c | 14 +++++ include/linux/platform_data/ina2xx.h | 2 +- include/linux/slub_def.h | 3 +- include/media/v4l2-fh.h | 1 + kernel/module.c | 6 +- kernel/time/alarmtimer.c | 3 +- lib/klist.c | 10 +-- mm/madvise.c | 2 +- mm/slub.c | 6 +- net/6lowpan/iphc.c | 1 + net/mac80211/ibss.c | 22 +++---- net/mac80211/main.c | 26 ++++++-- net/mac80211/mesh_hwmp.c | 4 ++ net/mac80211/mlme.c | 53 ++++++++++++++++ net/wireless/nl80211.c | 1 + net/wireless/util.c | 2 +- sound/aoa/core/gpio-feature.c | 4 +- sound/pci/hda/hda_intel.c | 3 +- sound/pci/hda/patch_realtek.c | 1 + sound/soc/soc-dapm.c | 7 +++ tools/perf/arch/powerpc/util/sym-handling.c | 4 +- tools/vm/page-types.c | 6 -- tools/vm/slabinfo.c | 4 +- 118 files changed, 842 insertions(+), 287 deletions(-)

7 years, 1 month

10
128
0 0

[PATCH AUTOSEL 3.18 1/6] selftests/efivarfs: add required kernel configs

by Sasha Levin

From: Lei Yang <Lei.Yang(a)windriver.com> [ Upstream commit 53cf59d6c0ad3edc4f4449098706a8f8986258b6 ] add config file Signed-off-by: Lei Yang <Lei.Yang(a)windriver.com> Signed-off-by: Shuah Khan (Samsung OSG) <shuah(a)kernel.org> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- tools/testing/selftests/efivarfs/config | 1 + 1 file changed, 1 insertion(+) create mode 100644 tools/testing/selftests/efivarfs/config diff --git a/tools/testing/selftests/efivarfs/config b/tools/testing/selftests/efivarfs/config new file mode 100644 index 000000000000..4e151f1005b2 --- /dev/null +++ b/tools/testing/selftests/efivarfs/config @@ -0,0 +1 @@ +CONFIG_EFIVAR_FS=y -- 2.17.1

7 years, 1 month

2
7
0 0

[PATCH 2/2] xen: make xen_qlock_wait() nestable

by Juergen Gross

xen_qlock_wait() isn't safe for nested calls due to interrupts. A call of xen_qlock_kick() might be ignored in case a deeper nesting level was active right before the call of xen_poll_irq(): CPU 1: CPU 2: spin_lock(lock1) spin_lock(lock1) -> xen_qlock_wait() -> xen_clear_irq_pending() Interrupt happens spin_unlock(lock1) -> xen_qlock_kick(CPU 2) spin_lock_irqsave(lock2) spin_lock_irqsave(lock2) -> xen_qlock_wait() -> xen_clear_irq_pending() clears kick for lock1 -> xen_poll_irq() spin_unlock_irq_restore(lock2) -> xen_qlock_kick(CPU 2) wakes up spin_unlock_irq_restore(lock2) IRET resumes in xen_qlock_wait() -> xen_poll_irq() never wakes up The solution is to disable interrupts in xen_qlock_wait() and not to poll for the irq in case xen_qlock_wait() is called in nmi context. Cc: stable(a)vger.kernel.org Cc: Waiman.Long(a)hp.com Cc: peterz(a)infradead.org Signed-off-by: Juergen Gross <jgross(a)suse.com> --- arch/x86/xen/spinlock.c | 24 ++++++++++-------------- 1 file changed, 10 insertions(+), 14 deletions(-) diff --git a/arch/x86/xen/spinlock.c b/arch/x86/xen/spinlock.c index cd210a4ba7b1..e8d880e98057 100644 --- a/arch/x86/xen/spinlock.c +++ b/arch/x86/xen/spinlock.c @@ -39,29 +39,25 @@ static void xen_qlock_kick(int cpu) */ static void xen_qlock_wait(u8 *byte, u8 val) { + unsigned long flags; int irq = __this_cpu_read(lock_kicker_irq); /* If kicker interrupts not initialized yet, just spin */ - if (irq == -1) + if (irq == -1 || in_nmi()) return; - /* If irq pending already clear it and return. */ + /* Guard against reentry. */ + local_irq_save(flags); + + /* If irq pending already clear it. */ if (xen_test_irq_pending(irq)) { xen_clear_irq_pending(irq); - return; + } else if (READ_ONCE(*byte) == val) { + /* Block until irq becomes pending (or a spurious wakeup) */ + xen_poll_irq(irq); } - if (READ_ONCE(*byte) != val) - return; - - /* - * If an interrupt happens here, it will leave the wakeup irq - * pending, which will cause xen_poll_irq() to return - * immediately. - */ - - /* Block until irq becomes pending (or perhaps a spurious wakeup) */ - xen_poll_irq(irq); + local_irq_restore(flags); } static irqreturn_t dummy_handler(int irq, void *dev_id) -- 2.16.4

7 years, 1 month

4
8
0 0

troubles with https://www.kernel.org/

by Pavlos Parissis

Hi, https://www.kernel.org is either down or very slow for me(based in The Netherlands, Europe). I do understand this is not the right ML to report this issue, but the contact page doesn't load for me and as a result I could find the right communication channel. Cheers, Pavlos

7 years, 1 month

2
2
0 0

Linux 4.18.13

by Greg KH

I'm announcing the release of the 4.18.13 kernel. All users of the 4.18 kernel series must upgrade. The updated 4.18.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.18.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/net/sh_eth.txt | 1 Makefile | 2 arch/arc/include/asm/atomic.h | 2 arch/arm64/include/asm/jump_label.h | 4 arch/hexagon/include/asm/bitops.h | 4 arch/hexagon/kernel/dma.c | 2 arch/nds32/include/asm/elf.h | 4 arch/nds32/include/asm/uaccess.h | 26 - arch/nds32/kernel/atl2c.c | 3 arch/nds32/kernel/module.c | 4 arch/nds32/kernel/traps.c | 2 arch/nds32/kernel/vmlinux.lds.S | 12 arch/powerpc/kvm/book3s_64_mmu_hv.c | 2 arch/riscv/kernel/setup.c | 7 arch/x86/events/intel/lbr.c | 4 arch/x86/kernel/apm_32.c | 2 block/blk-cgroup.c | 78 +---- drivers/ata/libata-core.c | 2 drivers/base/firmware_loader/main.c | 35 +- drivers/cpufreq/qcom-cpufreq-kryo.c | 4 drivers/crypto/caam/caamalg.c | 8 drivers/crypto/chelsio/chcr_algo.c | 32 +- drivers/crypto/chelsio/chcr_crypto.h | 2 drivers/crypto/mxs-dcp.c | 53 ++- drivers/crypto/qat/qat_c3xxx/adf_drv.c | 6 drivers/crypto/qat/qat_c3xxxvf/adf_drv.c | 6 drivers/crypto/qat/qat_c62x/adf_drv.c | 6 drivers/crypto/qat/qat_c62xvf/adf_drv.c | 6 drivers/crypto/qat/qat_dh895xcc/adf_drv.c | 6 drivers/crypto/qat/qat_dh895xccvf/adf_drv.c | 6 drivers/firmware/arm_scmi/perf.c | 8 drivers/gpio/gpio-adp5588.c | 24 + drivers/gpio/gpio-dwapb.c | 1 drivers/gpio/gpiolib-acpi.c | 86 +++-- drivers/gpio/gpiolib-of.c | 1 drivers/gpio/gpiolib.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 23 + drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c | 7 drivers/gpu/drm/amd/powerplay/hwmgr/smu7_hwmgr.c | 8 drivers/gpu/drm/amd/powerplay/hwmgr/smu8_hwmgr.c | 6 drivers/gpu/drm/nouveau/nouveau_drm.c | 14 drivers/gpu/drm/nouveau/nvkm/engine/disp/base.c | 14 drivers/gpu/drm/nouveau/nvkm/engine/disp/dp.c | 17 - drivers/gpu/drm/nouveau/nvkm/engine/disp/ior.h | 1 drivers/gpu/drm/nouveau/nvkm/engine/disp/nv50.c | 6 drivers/gpu/drm/nouveau/nvkm/engine/disp/outp.c | 17 - drivers/gpu/drm/nouveau/nvkm/engine/disp/outp.h | 4 drivers/gpu/drm/nouveau/nvkm/subdev/devinit/gm200.c | 3 drivers/gpu/drm/nouveau/nvkm/subdev/mmu/vmm.c | 2 drivers/hid/hid-apple.c | 9 drivers/hid/hid-ids.h | 7 drivers/hid/hid-saitek.c | 2 drivers/hid/hid-sensor-hub.c | 23 + drivers/hid/i2c-hid/i2c-hid.c | 24 + drivers/hid/intel-ish-hid/ipc/hw-ish.h | 1 drivers/hid/intel-ish-hid/ipc/pci-ish.c | 1 drivers/hv/connection.c | 8 drivers/i2c/busses/i2c-uniphier-f.c | 7 drivers/i2c/busses/i2c-uniphier.c | 7 drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_buffer.c | 13 drivers/iio/temperature/maxim_thermocouple.c | 1 drivers/infiniband/core/ucma.c | 6 drivers/infiniband/hw/bnxt_re/ib_verbs.c | 2 drivers/infiniband/hw/bnxt_re/qplib_fp.c | 2 drivers/iommu/amd_iommu.c | 2 drivers/md/dm-raid.c | 144 +++------ drivers/md/dm-thin-metadata.c | 34 ++ drivers/md/dm-thin.c | 73 ++++ drivers/md/raid10.c | 5 drivers/md/raid5-log.h | 5 drivers/md/raid5.c | 6 drivers/net/ethernet/amazon/ena/ena_com.c | 8 drivers/net/ethernet/amazon/ena/ena_netdev.c | 52 +-- drivers/net/ethernet/amazon/ena/ena_netdev.h | 11 drivers/net/ethernet/cadence/macb_main.c | 2 drivers/net/ethernet/hisilicon/hns/hnae.h | 2 drivers/net/ethernet/hisilicon/hns/hns_ae_adapt.c | 67 ++++ drivers/net/ethernet/hisilicon/hns/hns_dsaf_gmac.c | 36 ++ drivers/net/ethernet/hisilicon/hns/hns_dsaf_mac.c | 44 ++ drivers/net/ethernet/hisilicon/hns/hns_dsaf_mac.h | 8 drivers/net/ethernet/hisilicon/hns/hns_dsaf_main.c | 29 + drivers/net/ethernet/hisilicon/hns/hns_dsaf_main.h | 3 drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.c | 23 + drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.h | 1 drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.c | 23 + drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.h | 1 drivers/net/ethernet/hisilicon/hns/hns_dsaf_reg.h | 1 drivers/net/ethernet/hisilicon/hns/hns_enet.c | 21 + drivers/net/ethernet/hisilicon/hns/hns_ethtool.c | 2 drivers/net/ethernet/ibm/emac/core.c | 6 drivers/net/ethernet/ibm/ibmvnic.c | 12 drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 12 drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 1 drivers/net/ethernet/mellanox/mlx5/core/dev.c | 7 drivers/net/ethernet/realtek/r8169.c | 11 drivers/net/ethernet/renesas/sh_eth.c | 36 ++ drivers/net/wireless/broadcom/b43/dma.c | 6 drivers/net/wireless/intel/iwlwifi/iwl-nvm-parse.c | 50 --- drivers/net/wireless/mac80211_hwsim.c | 12 drivers/nvme/target/rdma.c | 27 + drivers/s390/net/qeth_core_main.c | 5 drivers/s390/net/qeth_l2_main.c | 2 drivers/s390/net/qeth_l3_main.c | 2 drivers/scsi/aacraid/aacraid.h | 2 drivers/scsi/csiostor/csio_hw.c | 71 +++- drivers/scsi/csiostor/csio_hw.h | 1 drivers/scsi/csiostor/csio_mb.c | 6 drivers/scsi/qedi/qedi.h | 7 drivers/scsi/qedi/qedi_main.c | 28 + drivers/target/iscsi/iscsi_target.c | 9 drivers/target/iscsi/iscsi_target_login.c | 149 +++++----- drivers/target/iscsi/iscsi_target_login.h | 2 drivers/usb/gadget/udc/fotg210-udc.c | 15 - drivers/usb/host/xhci-plat.c | 27 + drivers/usb/misc/yurex.c | 3 drivers/xen/cpu_hotplug.c | 15 - drivers/xen/events/events_base.c | 2 drivers/xen/manage.c | 6 fs/afs/proc.c | 15 - fs/btrfs/ctree.h | 1 fs/btrfs/disk-io.c | 1 fs/btrfs/inode.c | 25 - fs/btrfs/ioctl.c | 16 + fs/btrfs/volumes.c | 7 fs/ceph/super.c | 16 - fs/cifs/cifs_unicode.c | 3 fs/cifs/cifssmb.c | 11 fs/cifs/misc.c | 8 fs/cifs/smb2ops.c | 2 fs/dcache.c | 2 fs/inode.c | 53 +++ fs/notify/fsnotify.c | 13 fs/ocfs2/dlm/dlmmaster.c | 4 fs/overlayfs/dir.c | 4 fs/overlayfs/namei.c | 2 fs/overlayfs/overlayfs.h | 4 fs/overlayfs/util.c | 3 fs/proc/base.c | 14 fs/xattr.c | 24 - include/asm-generic/io.h | 3 include/linux/blk-cgroup.h | 1 include/linux/fs.h | 6 include/net/cfg80211.h | 4 include/net/regulatory.h | 4 kernel/bpf/sockmap.c | 64 ++-- kernel/bpf/verifier.c | 10 kernel/sched/topology.c | 5 mm/madvise.c | 2 net/core/filter.c | 57 ++- net/ipv4/netfilter/Kconfig | 8 net/mac80211/ibss.c | 22 - net/mac80211/main.c | 28 + net/mac80211/mesh_hwmp.c | 4 net/mac80211/mlme.c | 70 ++++ net/mac80211/tx.c | 54 ++- net/mac80211/util.c | 11 net/netfilter/Kconfig | 12 net/netfilter/nf_tables_api.c | 1 net/netfilter/nfnetlink_queue.c | 1 net/netfilter/xt_CHECKSUM.c | 22 + net/netfilter/xt_cluster.c | 14 net/netfilter/xt_hashlimit.c | 18 - net/tipc/diag.c | 2 net/tipc/netlink.c | 2 net/tipc/socket.c | 76 +++-- net/tipc/socket.h | 2 net/wireless/nl80211.c | 15 - net/wireless/reg.c | 91 ------ net/wireless/util.c | 2 sound/pci/hda/patch_realtek.c | 1 tools/hv/hv_fcopy_daemon.c | 1 tools/kvm/kvm_stat/kvm_stat | 25 + tools/perf/arch/powerpc/util/sym-handling.c | 4 tools/perf/util/annotate.c | 32 +- tools/perf/util/annotate.h | 1 tools/perf/util/evsel.c | 5 tools/perf/util/trace-event-info.c | 2 tools/testing/selftests/net/pmtu.sh | 7 tools/testing/selftests/rseq/param_test.c | 19 - tools/testing/selftests/tc-testing/tc-tests/actions/police.json | 48 +++ tools/vm/page-types.c | 6 tools/vm/slabinfo.c | 4 182 files changed, 1827 insertions(+), 990 deletions(-) Al Viro (1): new primitive: discard_new_inode() Alexey Khoroshilov (1): gpio: dwapb: Fix error handling in dwapb_gpio_probe() Amir Goldstein (3): fsnotify: fix ignore mask logic in fsnotify() ovl: fix access beyond unterminated strings ovl: fix memory leak on unlink of indexed file Anand Jain (1): btrfs: btrfs_shrink_device should call commit transaction at the end Andreas Bosch (1): HID: intel-ish-hid: Enable Sunrise Point-H ish driver Andreas Gruenbacher (1): sysfs: Do not return POSIX ACL xattrs via listxattr Andrew Murray (1): asm-generic: io: Fix ioport_map() for !CONFIG_GENERIC_IOMAP && CONFIG_INDIRECT_PIO Andy Shevchenko (1): gpiolib: acpi: Switch to cansleep version of GPIO library call Anisse Astier (1): HID: i2c-hid: disable runtime PM operations on hantick touchpad Anton Vasilyev (1): usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i] Anurag Kumar Vulisha (1): usb: host: xhci-plat: Iterate over parent nodes for finding quirks Arunk Khandavalli (1): cfg80211: nl80211_update_ft_ies() to validate NL80211_ATTR_IE Ashish Samant (1): ocfs2: fix locking for res->tracking and dlm->tracking_list Aurelien Aptel (1): smb2: fix missing files in root share directory listing Baruch Siach (1): net: mvpp2: initialize port of_node pointer Ben Hutchings (1): USB: yurex: Check for truncation in yurex_read() Ben Skeggs (5): drm/nouveau: fix oops in client init failure path drm/nouveau/mmu: don't attempt to dereference vmm without valid instance pointer drm/nouveau/TBDdevinit: don't fail when PMU/PRE_OS is missing from VBIOS drm/nouveau/disp: fix DP disable race drm/nouveau/disp/gm200-: enforce identity-mapped SOR assignment for LVDS/eDP panels Bjorn Andersson (1): firmware: Always initialize the fw_priv list object Chris Brandt (1): sh_eth: Add R7S9210 support Chris Phlipot (1): perf util: Fix bad memory access in trace info. Christian König (1): drm/amdgpu: fix error handling in amdgpu_cs_user_fence_chunk Cong Wang (2): tipc: switch to rhashtable iterator netfilter: xt_hashlimit: use s->file instead of s->private Dan Carpenter (3): scsi: aacraid: fix a signedness bug cfg80211: fix a type issue in ieee80211_chandef_to_operating_class() cifs: read overflow in is_valid_oplock_break() Danek Duvall (2): mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X mac80211_hwsim: correct use of IEEE80211_VHT_CAP_RXSTBC_X Daniel Black (1): mm: madvise(MADV_DODUMP): allow hugetlbfs pages Daniel Borkmann (6): bpf, sockmap: fix potential use after free in bpf_tcp_close bpf, sockmap: fix psock refcount leak in bpf_tcp_recvmsg bpf: fix several offset tests in bpf_msg_pull_data bpf: fix msg->data/data_end after sg shift repair in bpf_msg_pull_data bpf: fix shift upon scatterlist ring wrap-around in bpf_msg_pull_data bpf: fix sg shift repair start offset in bpf_msg_pull_data Daniel Jurgens (1): net/mlx5: Consider PCI domain in search for next dev David Howells (1): afs: Fix cell specification to permit an empty address list Dennis Zhou (Facebook) (1): Revert "blk-throttle: fix race between blkcg_bio_issue_check() and cgroup_rmdir()" Dexuan Cui (1): Drivers: hv: vmbus: Use get/put_cpu() in vmbus_connect() Dreyfuss, Haim (1): mac80211: fix WMM TXOP calculation Emmanuel Grumbach (3): mac80211: fix a race between restart and CSA flows mac80211: don't Tx a deauth frame if the AP forbade Tx mac80211: shorten the IBSS debug messages Florian Westphal (2): netfilter: xt_checksum: ignore gso skbs netfilter: kconfig: nat related expression depend on nftables core Geert Uytterhoeven (1): scsi: libata: Add missing newline at end of file Greentime Hu (3): nds32: fix logic for module nds32: fix build error because of wrong semicolon nds32: linker script: GCOV kernel may refers data in __exit Greg Kroah-Hartman (2): Revert "drm/amd/pp: Send khz clock values to DC for smu7/8" Linux 4.18.13 Guenter Roeck (1): riscv: Do not overwrite initrd_start and initrd_end Haim Dreyfuss (2): nl80211: Fix nla_put_u8 to u16 for NL80211_WMMR_TXOP nl80211: Pass center frequency in kHz instead of MHz Hans de Goede (2): gpiolib-acpi: Register GpioInt ACPI event handlers from a late_initcall HID: sensor-hub: Restore fixup for Lenovo ThinkPad Helix 2 sensor hub report Harry Mallon (1): HID: hid-saitek: Add device ID for RAT 7 Contagion Harsh Jain (1): crypto: chelsio - Fix memory corruption in DMA Mapped buffers. Heinz Mauelshagen (4): dm raid: fix reshape race on small devices dm raid: fix stripe adding reshape deadlock dm raid: fix rebuild of specific devices by updating superblock dm raid: fix RAID leg rebuild errors Hisao Tanabe (1): perf evsel: Fix potential null pointer dereference in perf_evsel__new_idx() Horia Geantă (1): crypto: caam/jr - fix ablkcipher_edesc pointer arithmetic Ilan Peer (1): mac80211: Fix station bandwidth setting after channel switch Ilya Dryomov (1): ceph: avoid a use-after-free in ceph_destroy_options() Ivan Mikhaylov (1): net/ibm/emac: wrong emac_calc_base call was used by typo Jacek Tomaka (1): perf/x86/intel: Add support/quirk for the MISPREDICT bit on Knights Landing CPUs Jann Horn (3): bpf: 32-bit RSH verification must truncate input before the ALU op RDMA/ucma: check fd type in ucma_migrate_id() proc: restrict kernel stack dumps to root Jia-Ju Bai (1): net: cadence: Fix a sleep-in-atomic-context bug in macb_halt_tx() Jinbum Park (1): mac80211_hwsim: Fix possible Spectre-v1 for hwsim_world_regdom_custom Joe Thornber (1): dm thin metadata: try to avoid ever aborting transactions Johannes Berg (3): mac80211_hwsim: require at least one channel cfg80211: remove division by size of sizeof(struct ieee80211_wmm_rule) mac80211: always account for A-MSDU header changes John Fastabend (2): bpf: sockmap, decrement copied count correctly in redirect error case bpf: avoid misuse of psock when TCP_ULP_BPF collides with another ULP Jon Kuhn (1): fs/cifs: don't translate SFM_SLASH (U+F026) to backslash Josh Abraham (1): xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage Julian Wiedmann (1): s390/qeth: don't dump past end of unknown HW header Kai-Heng Feng (3): HID: i2c-hid: Don't reset device upon system resume r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED ALSA: hda/realtek - Cannot adjust speaker's volume on Dell XPS 27 7760 Kim Phillips (1): perf annotate: Fix parsing aarch64 branch instructions after objdump update Larry Finger (1): b43: fix DMA error related regression with proprietary firmware Leonard Crestez (1): crypto: mxs-dcp - Fix wait logic on chan threads Lorenzo Bianconi (3): mac80211: do not convert to A-MSDU if frag/subframe limited mac80211: fix an off-by-one issue in A-MSDU max_subframe computation iio: imu: st_lsm6dsx: take into account ts samples in wm configuration Maciej S. Szmigiero (1): r8169: set TxConfig register after TX / RX is enabled, just like RxConfig Martin Liška (1): perf annotate: Properly interpret indirect call Martin Willi (1): netfilter: xt_cluster: add dependency on conntrack module Masahiro Yamada (2): i2c: uniphier: issue STOP only for last message or I2C_M_STOP i2c: uniphier-f: issue STOP only for last message or I2C_M_STOP Mathieu Desnoyers (1): rseq/selftests: fix parametrized test with -fpie Matt Ranostay (1): Revert "iio: temperature: maxim_thermocouple: add MAX31856 part" Michael Hennerich (1): gpio: adp5588: Fix sleep-in-atomic-context bug Michal 'vorner' Vaner (1): netfilter: nfnetlink_queue: Solve the NFQUEUE/conntrack clash for NF_REPEAT Miguel Ojeda (1): arm64: jump_label.h: use asm_volatile_goto macro instead of "asm goto" Mike Christie (1): scsi: iscsi: target: Fix conn_ops double free Mike Snitzer (1): dm thin metadata: fix __udivdi3 undefined on 32-bit Miklos Szeredi (3): vfs: don't evict uninitialized inode ovl: set I_CREATING on inode being created ovl: fix format of setxattr debug Naoya Horiguchi (2): tools/vm/slabinfo.c: fix sign-compare warning tools/vm/page-types.c: fix "defined but not used" warning Nathan Chancellor (1): cpufreq: qcom-kryo: Fix section annotations Netanel Belgazal (6): net: ena: fix surprise unplug NULL dereference kernel crash net: ena: fix driver when PAGE_SIZE == 64kB net: ena: fix device destruction to gracefully free resources net: ena: fix potential double ena_destroy_device() net: ena: fix missing lock during device destruction net: ena: fix missing calls to READ_ONCE Nilesh Javali (1): scsi: qedi: Add the CRC size within iSCSI NVM image Olaf Hering (1): xen: avoid crash in disable_hotplug_cpu Paolo Abeni (1): tc-testing: add test-cases for numeric and invalid control action Paul Mackerras (1): KVM: PPC: Book3S HV: Don't truncate HPTE index in xlate function Peng Li (2): net: hns: add the code for cleaning pkt in chip net: hns: add netif_carrier_off before change speed and duplex Randy Dunlap (3): arch/hexagon: fix kernel/dma.c build warning hexagon: modify ffs() and fls() to return int x86/APM: Fix build warning when PROC_FS is not enabled Ricardo Ribalda Delgado (1): gpiolib: Free the last requested descriptor Rishabh Bhatnagar (1): firmware: Fix security issue with request_firmware_into_buf() Robbie Ko (1): Btrfs: fix unexpected failure of nocow buffered writes after snapshotting when low on space Sabrina Dubroca (2): selftests: pmtu: maximum MTU for vti4 is 2^16-1-20 selftests: pmtu: detect correct binary to ping ipv6 addresses Sagi Grimberg (1): nvmet-rdma: fix possible bogus dereference under heavy load Sandipan Das (1): perf probe powerpc: Ignore SyS symbols irrespective of endianness Sara Sharon (1): mac80211: avoid kernel panic when building AMSDU from non-linear SKB Sean O'Brien (1): HID: add support for Apple Magic Keyboards Shaohua Li (1): md/raid5-cache: disable reshape completely Singh, Brijesh (1): iommu/amd: Clear memory encryption mask from physical address Somnath Kotur (1): bnxt_re: Fix couple of memory leaks that could lead to IOMMU call traces Song Liu (1): ixgbe: check return value of napi_complete_done() Srikar Dronamraju (1): sched/topology: Set correct NUMA topology type Stanislaw Gruszka (1): cfg80211: make wmm_rule part of the reg_rule structure Stefan Raspl (3): tools/kvm_stat: fix python3 issues tools/kvm_stat: fix handling of invalid paths in debugfs provider tools/kvm_stat: fix updates for dead guests Stephen Rothwell (1): fs/cifs: suppress a string overflow warning Sudeep Holla (1): firmware: arm_scmi: fix divide by zero when sustained_perf_level is zero Taehee Yoo (1): netfilter: nf_tables: release chain in flushing set Tao Zhou (1): drm/amdgpu: Fix SDMA hang in prt mode v2 Thomas Falcon (1): ibmvnic: Include missing return code checks in reset function Toke Høiland-Jørgensen (1): mac80211: Run TXQ teardown code before de-registering interfaces Tushar Dave (1): bpf: Fix bpf_msg_pull_data() Varun Prakash (2): scsi: csiostor: add a check for NULL pointer after kmalloc() scsi: csiostor: fix incorrect port capabilities Vincent Pelletier (1): scsi: iscsi: target: Set conn->sess to NULL when iscsi_login_set_conn_values fails Vincent Whitchurch (1): gpio: Fix crash due to registration race Vitaly Kuznetsov (2): xen/manage: don't complain about an empty value in control/sysrq node tools: hv: fcopy: set 'error' in case an unknown operation was requested Waiman Long (1): crypto: qat - Fix KASAN stack-out-of-bounds bug in adf_probe() Wenjia Zhang (1): s390/qeth: use vzalloc for QUERY OAT buffer Will Deacon (1): ARC: atomics: unbork atomic_fetch_##op() Xiao Ni (1): RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0 Yuan-Chi Pang (1): mac80211: mesh: fix HWMP sequence numbering to follow standard YueHaibing (1): nds32: add NULL entry to the end of_device_id array Zong Li (2): nds32: Fix empty call trace nds32: Fix get_user/put_user macro expand pointer problem

7 years, 1 month

1
1
0 0

Linux 4.14.75

by Greg KH

I'm announcing the release of the 4.14.75 kernel. All users of the 4.14 kernel series must upgrade. The updated 4.14.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.14.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arc/include/asm/atomic.h | 2 arch/arm64/include/asm/jump_label.h | 4 arch/hexagon/include/asm/bitops.h | 4 arch/hexagon/kernel/dma.c | 2 arch/powerpc/kvm/book3s_64_mmu_hv.c | 2 arch/x86/events/intel/lbr.c | 4 drivers/crypto/caam/caamalg.c | 8 - drivers/crypto/mxs-dcp.c | 53 +++++----- drivers/crypto/qat/qat_c3xxx/adf_drv.c | 6 - drivers/crypto/qat/qat_c3xxxvf/adf_drv.c | 6 - drivers/crypto/qat/qat_c62x/adf_drv.c | 6 - drivers/crypto/qat/qat_c62xvf/adf_drv.c | 6 - drivers/crypto/qat/qat_dh895xcc/adf_drv.c | 6 - drivers/crypto/qat/qat_dh895xccvf/adf_drv.c | 6 - drivers/gpio/gpio-adp5588.c | 24 +++- drivers/gpio/gpiolib-acpi.c | 86 +++++++++-------- drivers/gpio/gpiolib-of.c | 1 drivers/gpio/gpiolib.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_atpx_handler.c | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 23 ++-- drivers/gpu/drm/amd/powerplay/hwmgr/vega10_powertune.c | 2 drivers/gpu/drm/nouveau/nvkm/engine/disp/dp.c | 17 ++- drivers/gpu/drm/nouveau/nvkm/engine/disp/nv50.c | 6 - drivers/gpu/drm/nouveau/nvkm/engine/disp/outp.c | 2 drivers/gpu/drm/nouveau/nvkm/engine/disp/outp.h | 3 drivers/gpu/drm/nouveau/nvkm/subdev/devinit/gm200.c | 3 drivers/hid/hid-apple.c | 9 + drivers/hid/hid-ids.h | 3 drivers/hid/hid-saitek.c | 2 drivers/hid/hid-sensor-hub.c | 23 ++++ drivers/hv/connection.c | 8 - drivers/i2c/busses/i2c-uniphier-f.c | 7 - drivers/i2c/busses/i2c-uniphier.c | 7 - drivers/iio/temperature/maxim_thermocouple.c | 1 drivers/infiniband/core/ucma.c | 6 + drivers/iommu/amd_iommu.c | 2 drivers/md/dm-raid.c | 5 drivers/md/dm-thin-metadata.c | 34 ++++++ drivers/md/dm-thin.c | 73 ++++++++++++-- drivers/md/raid10.c | 5 drivers/md/raid5-log.h | 5 drivers/md/raid5.c | 6 - drivers/net/ethernet/amazon/ena/ena_com.c | 8 - drivers/net/ethernet/amazon/ena/ena_netdev.c | 10 - drivers/net/ethernet/amazon/ena/ena_netdev.h | 11 ++ drivers/net/ethernet/cadence/macb_main.c | 2 drivers/net/ethernet/hisilicon/hns/hnae.h | 2 drivers/net/ethernet/hisilicon/hns/hns_ae_adapt.c | 67 +++++++++++++ drivers/net/ethernet/hisilicon/hns/hns_dsaf_gmac.c | 36 +++++++ drivers/net/ethernet/hisilicon/hns/hns_dsaf_mac.c | 44 ++++++++ drivers/net/ethernet/hisilicon/hns/hns_dsaf_mac.h | 8 + drivers/net/ethernet/hisilicon/hns/hns_dsaf_main.c | 29 +++++ drivers/net/ethernet/hisilicon/hns/hns_dsaf_main.h | 3 drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.c | 23 ++++ drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.h | 1 drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.c | 23 ++++ drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.h | 1 drivers/net/ethernet/hisilicon/hns/hns_dsaf_reg.h | 1 drivers/net/ethernet/hisilicon/hns/hns_enet.c | 21 +++- drivers/net/ethernet/hisilicon/hns/hns_ethtool.c | 2 drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 12 +- drivers/net/ethernet/mellanox/mlx5/core/dev.c | 7 - drivers/net/ethernet/realtek/r8169.c | 9 + drivers/net/wireless/mac80211_hwsim.c | 8 - drivers/nvme/target/rdma.c | 27 ++++- drivers/s390/net/qeth_core_main.c | 5 drivers/s390/net/qeth_l2_main.c | 2 drivers/s390/net/qeth_l3_main.c | 2 drivers/scsi/csiostor/csio_hw.c | 16 +-- drivers/scsi/qedi/qedi.h | 7 + drivers/scsi/qedi/qedi_main.c | 28 ++--- drivers/target/iscsi/iscsi_target_login.c | 8 - drivers/tty/serial/mvebu-uart.c | 4 drivers/usb/gadget/udc/fotg210-udc.c | 15 +- drivers/usb/misc/yurex.c | 3 drivers/xen/cpu_hotplug.c | 15 +- drivers/xen/events/events_base.c | 2 drivers/xen/manage.c | 6 - fs/btrfs/volumes.c | 7 + fs/cifs/cifs_unicode.c | 3 fs/cifs/cifssmb.c | 11 +- fs/cifs/misc.c | 8 + fs/cifs/smb2ops.c | 2 fs/ocfs2/dlm/dlmmaster.c | 4 fs/overlayfs/namei.c | 2 fs/overlayfs/overlayfs.h | 4 fs/overlayfs/util.c | 3 fs/proc/base.c | 14 ++ fs/xattr.c | 24 ++-- kernel/bpf/verifier.c | 10 + mm/madvise.c | 2 net/mac80211/ibss.c | 22 ++-- net/mac80211/main.c | 28 ++++- net/mac80211/mesh_hwmp.c | 4 net/mac80211/mlme.c | 70 +++++++++++++ net/mac80211/tx.c | 54 +++++----- net/netfilter/nf_tables_api.c | 1 net/netfilter/xt_cluster.c | 14 ++ net/wireless/nl80211.c | 1 net/wireless/util.c | 2 sound/pci/hda/patch_realtek.c | 1 tools/hv/hv_fcopy_daemon.c | 1 tools/kvm/kvm_stat/kvm_stat | 14 ++ tools/perf/arch/powerpc/util/sym-handling.c | 4 tools/perf/util/evsel.c | 5 tools/perf/util/trace-event-info.c | 2 tools/power/x86/turbostat/turbostat.c | 2 tools/vm/page-types.c | 6 - tools/vm/slabinfo.c | 4 110 files changed, 974 insertions(+), 306 deletions(-) Alex Deucher (1): drm/amdgpu: add another ATPX quirk for TOPAZ Amir Goldstein (2): ovl: fix access beyond unterminated strings ovl: fix memory leak on unlink of indexed file Anand Jain (1): btrfs: btrfs_shrink_device should call commit transaction at the end Andreas Gruenbacher (1): sysfs: Do not return POSIX ACL xattrs via listxattr Andy Shevchenko (1): gpiolib: acpi: Switch to cansleep version of GPIO library call Anton Vasilyev (1): usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i] Arunk Khandavalli (1): cfg80211: nl80211_update_ft_ies() to validate NL80211_ATTR_IE Ashish Samant (1): ocfs2: fix locking for res->tracking and dlm->tracking_list Aurelien Aptel (1): smb2: fix missing files in root share directory listing Ben Hutchings (1): USB: yurex: Check for truncation in yurex_read() Ben Skeggs (2): drm/nouveau/TBDdevinit: don't fail when PMU/PRE_OS is missing from VBIOS drm/nouveau/disp: fix DP disable race Chris Phlipot (1): perf util: Fix bad memory access in trace info. Christian König (1): drm/amdgpu: fix error handling in amdgpu_cs_user_fence_chunk Colin Ian King (1): drm/amd/pp: initialize result to before or'ing in data Dan Carpenter (2): cfg80211: fix a type issue in ieee80211_chandef_to_operating_class() cifs: read overflow in is_valid_oplock_break() Danek Duvall (2): mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X mac80211_hwsim: correct use of IEEE80211_VHT_CAP_RXSTBC_X Daniel Black (1): mm: madvise(MADV_DODUMP): allow hugetlbfs pages Daniel Jurgens (1): net/mlx5: Consider PCI domain in search for next dev Dexuan Cui (1): Drivers: hv: vmbus: Use get/put_cpu() in vmbus_connect() Emmanuel Grumbach (3): mac80211: fix a race between restart and CSA flows mac80211: don't Tx a deauth frame if the AP forbade Tx mac80211: shorten the IBSS debug messages Greg Kroah-Hartman (1): Linux 4.14.75 Hans de Goede (2): gpiolib-acpi: Register GpioInt ACPI event handlers from a late_initcall HID: sensor-hub: Restore fixup for Lenovo ThinkPad Helix 2 sensor hub report Harry Mallon (1): HID: hid-saitek: Add device ID for RAT 7 Contagion Heinz Mauelshagen (1): dm raid: fix rebuild of specific devices by updating superblock Hisao Tanabe (1): perf evsel: Fix potential null pointer dereference in perf_evsel__new_idx() Horia Geantă (1): crypto: caam/jr - fix ablkcipher_edesc pointer arithmetic Ilan Peer (1): mac80211: Fix station bandwidth setting after channel switch Jacek Tomaka (1): perf/x86/intel: Add support/quirk for the MISPREDICT bit on Knights Landing CPUs Jan Kiszka (1): serial: mvebu-uart: Fix reporting of effective CSIZE to userspace Jann Horn (3): bpf: 32-bit RSH verification must truncate input before the ALU op RDMA/ucma: check fd type in ucma_migrate_id() proc: restrict kernel stack dumps to root Jia-Ju Bai (1): net: cadence: Fix a sleep-in-atomic-context bug in macb_halt_tx() Joe Thornber (1): dm thin metadata: try to avoid ever aborting transactions Johannes Berg (2): mac80211_hwsim: require at least one channel mac80211: always account for A-MSDU header changes Jon Kuhn (1): fs/cifs: don't translate SFM_SLASH (U+F026) to backslash Josh Abraham (1): xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage Julian Wiedmann (1): s390/qeth: don't dump past end of unknown HW header Kai-Heng Feng (2): r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED ALSA: hda/realtek - Cannot adjust speaker's volume on Dell XPS 27 7760 Len Brown (1): tools/power turbostat: fix possible sprintf buffer overflow Leonard Crestez (1): crypto: mxs-dcp - Fix wait logic on chan threads Lorenzo Bianconi (2): mac80211: do not convert to A-MSDU if frag/subframe limited mac80211: fix an off-by-one issue in A-MSDU max_subframe computation Martin Willi (1): netfilter: xt_cluster: add dependency on conntrack module Masahiro Yamada (2): i2c: uniphier: issue STOP only for last message or I2C_M_STOP i2c: uniphier-f: issue STOP only for last message or I2C_M_STOP Matt Ranostay (1): Revert "iio: temperature: maxim_thermocouple: add MAX31856 part" Michael Hennerich (1): gpio: adp5588: Fix sleep-in-atomic-context bug Miguel Ojeda (1): arm64: jump_label.h: use asm_volatile_goto macro instead of "asm goto" Mike Snitzer (1): dm thin metadata: fix __udivdi3 undefined on 32-bit Miklos Szeredi (1): ovl: fix format of setxattr debug Naoya Horiguchi (2): tools/vm/slabinfo.c: fix sign-compare warning tools/vm/page-types.c: fix "defined but not used" warning Netanel Belgazal (2): net: ena: fix driver when PAGE_SIZE == 64kB net: ena: fix missing calls to READ_ONCE Nilesh Javali (1): scsi: qedi: Add the CRC size within iSCSI NVM image Olaf Hering (1): xen: avoid crash in disable_hotplug_cpu Paul Mackerras (1): KVM: PPC: Book3S HV: Don't truncate HPTE index in xlate function Peng Li (2): net: hns: add the code for cleaning pkt in chip net: hns: add netif_carrier_off before change speed and duplex Randy Dunlap (2): arch/hexagon: fix kernel/dma.c build warning hexagon: modify ffs() and fls() to return int Ricardo Ribalda Delgado (1): gpiolib: Free the last requested descriptor Sagi Grimberg (1): nvmet-rdma: fix possible bogus dereference under heavy load Sandipan Das (1): perf probe powerpc: Ignore SyS symbols irrespective of endianness Sara Sharon (1): mac80211: avoid kernel panic when building AMSDU from non-linear SKB Sean O'Brien (1): HID: add support for Apple Magic Keyboards Shaohua Li (1): md/raid5-cache: disable reshape completely Singh, Brijesh (1): iommu/amd: Clear memory encryption mask from physical address Song Liu (1): ixgbe: check return value of napi_complete_done() Stefan Raspl (2): tools/kvm_stat: fix python3 issues tools/kvm_stat: fix handling of invalid paths in debugfs provider Stephen Rothwell (1): fs/cifs: suppress a string overflow warning Taehee Yoo (1): netfilter: nf_tables: release chain in flushing set Toke Høiland-Jørgensen (1): mac80211: Run TXQ teardown code before de-registering interfaces Varun Prakash (1): scsi: csiostor: add a check for NULL pointer after kmalloc() Vincent Pelletier (1): scsi: iscsi: target: Set conn->sess to NULL when iscsi_login_set_conn_values fails Vincent Whitchurch (1): gpio: Fix crash due to registration race Vitaly Kuznetsov (2): xen/manage: don't complain about an empty value in control/sysrq node tools: hv: fcopy: set 'error' in case an unknown operation was requested Waiman Long (1): crypto: qat - Fix KASAN stack-out-of-bounds bug in adf_probe() Wenjia Zhang (1): s390/qeth: use vzalloc for QUERY OAT buffer Will Deacon (1): ARC: atomics: unbork atomic_fetch_##op() Xiao Ni (1): RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0 Yuan-Chi Pang (1): mac80211: mesh: fix HWMP sequence numbering to follow standard

7 years, 1 month

1
1
0 0

Linux 4.9.132

by Greg KH

I'm announcing the release of the 4.9.132 kernel. All users of the 4.9 kernel series must upgrade. The updated 4.9.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.9.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arc/include/asm/atomic.h | 2 arch/arm64/include/asm/jump_label.h | 4 - arch/hexagon/include/asm/bitops.h | 4 - arch/hexagon/kernel/dma.c | 2 arch/powerpc/kvm/book3s_64_mmu_hv.c | 2 arch/x86/events/intel/lbr.c | 4 + drivers/crypto/mxs-dcp.c | 53 ++++++++------ drivers/crypto/qat/qat_c3xxx/adf_drv.c | 6 - drivers/crypto/qat/qat_c3xxxvf/adf_drv.c | 6 - drivers/crypto/qat/qat_c62x/adf_drv.c | 6 - drivers/crypto/qat/qat_c62xvf/adf_drv.c | 6 - drivers/crypto/qat/qat_dh895xcc/adf_drv.c | 6 - drivers/crypto/qat/qat_dh895xccvf/adf_drv.c | 6 - drivers/gpio/gpio-adp5588.c | 24 +++++- drivers/gpio/gpiolib-of.c | 1 drivers/gpio/gpiolib.c | 2 drivers/gpu/drm/nouveau/nvkm/subdev/devinit/gm200.c | 3 drivers/hid/hid-apple.c | 9 ++ drivers/hid/hid-ids.h | 3 drivers/hid/hid-saitek.c | 2 drivers/i2c/busses/i2c-uniphier-f.c | 7 - drivers/i2c/busses/i2c-uniphier.c | 7 - drivers/infiniband/core/ucma.c | 6 + drivers/md/dm-raid.c | 5 + drivers/md/dm-thin-metadata.c | 34 +++++++++ drivers/md/dm-thin.c | 73 +++++++++++++++++--- drivers/md/raid10.c | 5 + drivers/net/ethernet/amazon/ena/ena_netdev.c | 10 +- drivers/net/ethernet/amazon/ena/ena_netdev.h | 11 +++ drivers/net/ethernet/cadence/macb.c | 2 drivers/net/ethernet/hisilicon/hns/hns_ethtool.c | 2 drivers/net/ethernet/mellanox/mlx5/core/dev.c | 7 + drivers/net/ethernet/realtek/r8169.c | 9 +- drivers/net/wireless/mac80211_hwsim.c | 3 drivers/nvme/target/rdma.c | 27 ++++++- drivers/s390/net/qeth_core_main.c | 5 - drivers/s390/net/qeth_l2_main.c | 2 drivers/s390/net/qeth_l3_main.c | 2 drivers/tty/serial/mvebu-uart.c | 4 - drivers/usb/gadget/udc/fotg210-udc.c | 15 ++-- drivers/usb/misc/yurex.c | 3 drivers/xen/cpu_hotplug.c | 15 ++-- drivers/xen/events/events_base.c | 2 drivers/xen/manage.c | 6 + fs/cifs/cifs_unicode.c | 3 fs/cifs/cifssmb.c | 11 ++- fs/cifs/misc.c | 8 ++ fs/cifs/smb2ops.c | 2 fs/ocfs2/dlm/dlmmaster.c | 4 - fs/proc/base.c | 14 +++ fs/xattr.c | 24 +++--- include/linux/jiffies.h | 2 kernel/time/time.c | 10 ++ kernel/time/timeconst.bc | 6 + mm/madvise.c | 2 net/mac80211/ibss.c | 22 +++--- net/mac80211/main.c | 28 ++++++- net/mac80211/mesh_hwmp.c | 4 + net/mac80211/mlme.c | 70 ++++++++++++++++++- net/wireless/nl80211.c | 1 net/wireless/util.c | 2 sound/pci/hda/patch_realtek.c | 1 tools/perf/arch/powerpc/util/sym-handling.c | 4 - tools/perf/util/evsel.c | 5 - tools/vm/page-types.c | 6 - tools/vm/slabinfo.c | 4 - 67 files changed, 483 insertions(+), 165 deletions(-) Andreas Gruenbacher (1): sysfs: Do not return POSIX ACL xattrs via listxattr Anton Vasilyev (1): usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i] Arunk Khandavalli (1): cfg80211: nl80211_update_ft_ies() to validate NL80211_ATTR_IE Ashish Samant (1): ocfs2: fix locking for res->tracking and dlm->tracking_list Aurelien Aptel (1): smb2: fix missing files in root share directory listing Ben Hutchings (1): USB: yurex: Check for truncation in yurex_read() Ben Skeggs (1): drm/nouveau/TBDdevinit: don't fail when PMU/PRE_OS is missing from VBIOS Dan Carpenter (2): cfg80211: fix a type issue in ieee80211_chandef_to_operating_class() cifs: read overflow in is_valid_oplock_break() Danek Duvall (2): mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X mac80211_hwsim: correct use of IEEE80211_VHT_CAP_RXSTBC_X Daniel Black (1): mm: madvise(MADV_DODUMP): allow hugetlbfs pages Daniel Jurgens (1): net/mlx5: Consider PCI domain in search for next dev Emmanuel Grumbach (3): mac80211: fix a race between restart and CSA flows mac80211: don't Tx a deauth frame if the AP forbade Tx mac80211: shorten the IBSS debug messages Frederic Weisbecker (1): time: Introduce jiffies64_to_nsecs() Greg Kroah-Hartman (1): Linux 4.9.132 Harry Mallon (1): HID: hid-saitek: Add device ID for RAT 7 Contagion Heinz Mauelshagen (1): dm raid: fix rebuild of specific devices by updating superblock Hisao Tanabe (1): perf evsel: Fix potential null pointer dereference in perf_evsel__new_idx() Ilan Peer (1): mac80211: Fix station bandwidth setting after channel switch Jacek Tomaka (1): perf/x86/intel: Add support/quirk for the MISPREDICT bit on Knights Landing CPUs Jan Kiszka (1): serial: mvebu-uart: Fix reporting of effective CSIZE to userspace Jann Horn (2): RDMA/ucma: check fd type in ucma_migrate_id() proc: restrict kernel stack dumps to root Jia-Ju Bai (1): net: cadence: Fix a sleep-in-atomic-context bug in macb_halt_tx() Joe Thornber (1): dm thin metadata: try to avoid ever aborting transactions Jon Kuhn (1): fs/cifs: don't translate SFM_SLASH (U+F026) to backslash Josh Abraham (1): xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage Julian Wiedmann (1): s390/qeth: don't dump past end of unknown HW header Kai-Heng Feng (2): r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED ALSA: hda/realtek - Cannot adjust speaker's volume on Dell XPS 27 7760 Leonard Crestez (1): crypto: mxs-dcp - Fix wait logic on chan threads Masahiro Yamada (2): i2c: uniphier: issue STOP only for last message or I2C_M_STOP i2c: uniphier-f: issue STOP only for last message or I2C_M_STOP Michael Hennerich (1): gpio: adp5588: Fix sleep-in-atomic-context bug Miguel Ojeda (1): arm64: jump_label.h: use asm_volatile_goto macro instead of "asm goto" Mike Snitzer (1): dm thin metadata: fix __udivdi3 undefined on 32-bit Naoya Horiguchi (2): tools/vm/slabinfo.c: fix sign-compare warning tools/vm/page-types.c: fix "defined but not used" warning Netanel Belgazal (1): net: ena: fix driver when PAGE_SIZE == 64kB Olaf Hering (1): xen: avoid crash in disable_hotplug_cpu Paul Mackerras (1): KVM: PPC: Book3S HV: Don't truncate HPTE index in xlate function Peng Li (1): net: hns: add netif_carrier_off before change speed and duplex Randy Dunlap (2): arch/hexagon: fix kernel/dma.c build warning hexagon: modify ffs() and fls() to return int Ricardo Ribalda Delgado (1): gpiolib: Free the last requested descriptor Sagi Grimberg (1): nvmet-rdma: fix possible bogus dereference under heavy load Sandipan Das (1): perf probe powerpc: Ignore SyS symbols irrespective of endianness Sean O'Brien (1): HID: add support for Apple Magic Keyboards Stephen Rothwell (1): fs/cifs: suppress a string overflow warning Toke Høiland-Jørgensen (1): mac80211: Run TXQ teardown code before de-registering interfaces Vincent Whitchurch (1): gpio: Fix crash due to registration race Vitaly Kuznetsov (1): xen/manage: don't complain about an empty value in control/sysrq node Waiman Long (1): crypto: qat - Fix KASAN stack-out-of-bounds bug in adf_probe() Wenjia Zhang (1): s390/qeth: use vzalloc for QUERY OAT buffer Will Deacon (1): ARC: atomics: unbork atomic_fetch_##op() Xiao Ni (1): RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0 Yuan-Chi Pang (1): mac80211: mesh: fix HWMP sequence numbering to follow standard

7 years, 1 month

1
1
0 0

Linux 4.4.160

by Greg KH

I'm announcing the release of the 4.4.160 kernel. All users of the 4.4 kernel series must upgrade. The updated 4.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.4.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/hwmon/ina2xx | 2 Makefile | 2 arch/arm/boot/dts/dra7.dtsi | 4 - arch/arm/mach-mvebu/pmsu.c | 6 - arch/arm64/include/asm/cpufeature.h | 8 +- arch/arm64/include/asm/jump_label.h | 4 - arch/arm64/include/asm/kvm_emulate.h | 5 + arch/arm64/include/asm/sysreg.h | 1 arch/arm64/kernel/cpufeature.c | 8 ++ arch/arm64/kvm/guest.c | 55 ++++++++++++++- arch/hexagon/include/asm/bitops.h | 4 - arch/hexagon/kernel/dma.c | 2 arch/powerpc/kernel/machine_kexec.c | 7 + arch/powerpc/kvm/book3s_64_mmu_hv.c | 2 arch/powerpc/platforms/powernv/pci-ioda.c | 2 arch/s390/mm/extmem.c | 4 - arch/x86/entry/entry_64.S | 4 - arch/x86/kernel/tsc_msr.c | 1 arch/x86/mm/numa_emulation.c | 2 crypto/ablkcipher.c | 2 crypto/blkcipher.c | 1 drivers/block/floppy.c | 3 drivers/bluetooth/btusb.c | 1 drivers/crypto/mxs-dcp.c | 53 ++++++++------ drivers/edac/i7core_edac.c | 22 ++++-- drivers/gpio/gpio-adp5588.c | 24 +++++- drivers/gpu/drm/nouveau/nvkm/subdev/devinit/gm204.c | 3 drivers/hid/hid-ntrig.c | 2 drivers/hwmon/adt7475.c | 14 ++- drivers/hwmon/ina2xx.c | 13 +++ drivers/i2c/busses/i2c-i801.c | 9 ++ drivers/i2c/busses/i2c-uniphier-f.c | 7 - drivers/i2c/busses/i2c-uniphier.c | 7 - drivers/infiniband/core/ucma.c | 6 + drivers/infiniband/ulp/srp/ib_srp.c | 6 - drivers/input/mouse/elantech.c | 2 drivers/md/dm-thin-metadata.c | 34 +++++++++ drivers/md/dm-thin.c | 73 +++++++++++++++++--- drivers/md/md-cluster.c | 19 ++--- drivers/md/raid10.c | 5 + drivers/media/i2c/soc_camera/ov772x.c | 2 drivers/media/platform/exynos4-is/fimc-isp-video.c | 11 ++- drivers/media/platform/fsl-viu.c | 38 ++++++---- drivers/media/platform/omap3isp/isp.c | 2 drivers/media/platform/s3c-camif/camif-capture.c | 2 drivers/media/usb/tm6000/tm6000-dvb.c | 5 + drivers/media/usb/uvc/uvc_video.c | 24 ++++-- drivers/media/v4l2-core/v4l2-event.c | 37 +++++----- drivers/media/v4l2-core/v4l2-fh.c | 2 drivers/misc/tsl2550.c | 2 drivers/misc/vmw_vmci/vmci_queue_pair.c | 4 - drivers/net/ethernet/cadence/macb.c | 2 drivers/net/ethernet/hisilicon/hns/hnae.h | 6 - drivers/net/ethernet/intel/e1000/e1000_ethtool.c | 7 + drivers/net/ethernet/realtek/r8169.c | 9 +- drivers/net/wireless/ath/ath10k/htt_rx.c | 5 + drivers/net/wireless/mac80211_hwsim.c | 3 drivers/net/wireless/rndis_wlan.c | 2 drivers/net/wireless/ti/wlcore/cmd.c | 6 + drivers/power/reset/vexpress-poweroff.c | 12 ++- drivers/s390/net/qeth_l2_main.c | 2 drivers/s390/net/qeth_l3_main.c | 2 drivers/scsi/bnx2i/bnx2i_hwi.c | 2 drivers/scsi/ibmvscsi/ibmvscsi.c | 4 - drivers/spi/spi-rspi.c | 34 ++++++++- drivers/spi/spi-sh-msiof.c | 28 +++++++ drivers/spi/spi-tegra20-slink.c | 31 ++++++-- drivers/staging/android/ashmem.c | 6 + drivers/staging/rts5208/sd.c | 2 drivers/target/iscsi/iscsi_target_auth.c | 15 ---- drivers/target/iscsi/iscsi_target_tpg.c | 3 drivers/thermal/of-thermal.c | 7 + drivers/tty/serial/8250/serial_cs.c | 6 + drivers/tty/serial/cpm_uart/cpm_uart_core.c | 10 +- drivers/tty/serial/imx.c | 8 ++ drivers/usb/class/cdc-wdm.c | 2 drivers/usb/core/devio.c | 24 +++++- drivers/usb/core/driver.c | 28 +++---- drivers/usb/core/usb.c | 2 drivers/usb/gadget/udc/fotg210-udc.c | 15 ++-- drivers/usb/misc/yurex.c | 3 drivers/usb/serial/kobil_sct.c | 12 ++- drivers/usb/wusbcore/security.c | 2 drivers/uwb/hwa-rc.c | 1 drivers/xen/cpu_hotplug.c | 15 ++-- drivers/xen/events/events_base.c | 2 drivers/xen/manage.c | 6 + fs/cifs/cifs_unicode.c | 3 fs/cifs/cifssmb.c | 11 ++- fs/cifs/misc.c | 8 ++ fs/cifs/smb2ops.c | 2 fs/ext4/xattr.c | 5 + fs/nfsd/nfs4proc.c | 1 fs/ocfs2/dlm/dlmmaster.c | 4 - fs/proc/base.c | 14 +++ include/linux/platform_data/ina2xx.h | 2 include/linux/slub_def.h | 3 include/media/v4l2-fh.h | 1 kernel/module.c | 6 + kernel/time/alarmtimer.c | 3 lib/klist.c | 10 +- mm/madvise.c | 2 mm/slub.c | 6 - net/6lowpan/iphc.c | 1 net/mac80211/ibss.c | 22 +++--- net/mac80211/main.c | 26 +++++-- net/mac80211/mesh_hwmp.c | 4 + net/mac80211/mlme.c | 53 ++++++++++++++ net/wireless/nl80211.c | 1 net/wireless/util.c | 2 sound/aoa/core/gpio-feature.c | 4 - sound/pci/hda/hda_intel.c | 3 sound/pci/hda/patch_realtek.c | 1 sound/soc/soc-dapm.c | 7 + tools/perf/arch/powerpc/util/sym-handling.c | 4 - tools/vm/page-types.c | 6 - tools/vm/slabinfo.c | 4 - 117 files changed, 815 insertions(+), 286 deletions(-) Aaron Ma (1): Input: elantech - enable middle button of touchpad on ThinkPad P72 Akinobu Mita (2): media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power media: soc_camera: ov772x: correct setting of banding filter Alan Stern (3): USB: fix error handling in usb_driver_claim_interface() USB: handle NULL config in usb_find_alt_setting() USB: remove LPM management from usb_driver_claim_interface() Alexey Dobriyan (1): slub: make ->cpu_partial unsigned int Alexey Kardashevskiy (1): powerpc/powernv/ioda2: Reduce upper limit for DMA window size Alexey Khoroshilov (1): media: fsl-viu: fix error handling in viu_of_probe() Alistair Strachan (1): staging: android: ashmem: Fix mmap size validation Andy Shevchenko (1): x86/tsc: Add missing header to tsc_msr.c Andy Whitcroft (1): floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl Anson Huang (1): thermal: of-thermal: disable passive polling when thermal zone is disabled Anton Vasilyev (2): uwb: hwa-rc: fix memory leak at probe usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i] Arunk Khandavalli (1): cfg80211: nl80211_update_ft_ies() to validate NL80211_ATTR_IE Ashish Samant (1): ocfs2: fix locking for res->tracking and dlm->tracking_list Aurelien Aptel (1): smb2: fix missing files in root share directory listing Bart Van Assche (3): scsi: target/iscsi: Make iscsit_ta_authentication() respect the output buffer size scsi: klist: Make it safe to use klists in atomic context IB/srp: Avoid that sg_reset -d ${srp_device} triggers an infinite loop Ben Greear (1): ath10k: protect ath10k_htt_rx_ring_free with rx_ring.lock Ben Hutchings (1): USB: yurex: Check for truncation in yurex_read() Ben Skeggs (1): drm/nouveau/TBDdevinit: don't fail when PMU/PRE_OS is missing from VBIOS Bo Chen (2): e1000: check on netif_running() before calling e1000_up() e1000: ensure to free old tx/rx rings in set_ringparam() Breno Leitao (1): scsi: ibmvscsi: Improve strings handling Christophe Leroy (1): serial: cpm_uart: return immediately from console poll Colin Ian King (1): staging: rts5208: fix missing error check on call to rtsx_write_register Dan Carpenter (5): vmci: type promotion bug in qp_host_get_user_memory() rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication() hwmon: (adt7475) Make adt7475_read_word() return errors cfg80211: fix a type issue in ieee80211_chandef_to_operating_class() cifs: read overflow in is_valid_oplock_break() Dan Williams (1): x86/numa_emulation: Fix emulated-to-physical node mapping Danek Duvall (2): mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X mac80211_hwsim: correct use of IEEE80211_VHT_CAP_RXSTBC_X Daniel Black (1): mm: madvise(MADV_DODUMP): allow hugetlbfs pages Dave Martin (1): arm64: KVM: Tighten guest core register access from userspace Emmanuel Grumbach (2): mac80211: fix a race between restart and CSA flows mac80211: shorten the IBSS debug messages Ethan Tuttle (1): ARM: mvebu: declare asm symbols as character arrays in pmsu.c Gaku Inami (1): spi: sh-msiof: Fix invalid SPI use during system suspend Geert Uytterhoeven (2): spi: rspi: Fix invalid SPI use during system suspend spi: rspi: Fix interrupted DMA transfers Greg Kroah-Hartman (1): Linux 4.4.160 Guoqing Jiang (1): md-cluster: clear another node's suspend_area after the copy is finished Hari Bathini (1): powerpc/kdump: Handle crashkernel memory reservation failure Hiromitsu Yamasaki (1): spi: sh-msiof: Fix handling of write value for SISTR register Huazhong Tan (1): net: hns: fix length and page_offset overflow when CONFIG_ARM64_64K_PAGES Ilan Peer (1): mac80211: Fix station bandwidth setting after channel switch J. Bruce Fields (1): nfsd: fix corrupted reply to badly ordered compound Jan Beulich (1): x86/entry/64: Add two more instruction suffixes Jann Horn (2): RDMA/ucma: check fd type in ucma_migrate_id() proc: restrict kernel stack dumps to root Javier Martinez Canillas (1): media: omap3isp: zero-initialize the isp cam_xclk{a,b} initial data Jessica Yu (1): module: exclude SHN_UNDEF symbols from kallsyms api Jia-Ju Bai (1): net: cadence: Fix a sleep-in-atomic-context bug in macb_halt_tx() Jian-Hong Pan (1): Bluetooth: Add a new Realtek 8723DE ID 0bda:b009 Joe Thornber (1): dm thin metadata: try to avoid ever aborting transactions Johan Hovold (2): USB: serial: kobil_sct: fix modem-status error handling EDAC, i7core: Fix memleaks and use-after-free on probe and remove Jon Kuhn (1): fs/cifs: don't translate SFM_SLASH (U+F026) to backslash Josh Abraham (1): xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage Julia Lawall (1): usb: wusbcore: security: cast sizeof to int for comparison Julian Wiedmann (1): s390/qeth: don't dump past end of unknown HW header Kai-Heng Feng (3): ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED ALSA: hda/realtek - Cannot adjust speaker's volume on Dell XPS 27 7760 Kevin Hilman (1): ARM: dts: dra7: fix DCAN node addresses Leonard Crestez (1): crypto: mxs-dcp - Fix wait logic on chan threads Liam Girdwood (1): ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs Lothar Felten (1): hwmon: (ina2xx) fix sysfs shunt resistor read access Marc Zyngier (1): arm64: KVM: Sanitize PSTATE.M when being set from userspace Marcel Ziswiler (1): spi: tegra20-slink: explicitly enable/disable clock Masahiro Yamada (2): i2c: uniphier: issue STOP only for last message or I2C_M_STOP i2c: uniphier-f: issue STOP only for last message or I2C_M_STOP Matt Ranostay (1): tsl2550: fix lux1_input error in low light Michael Hennerich (1): gpio: adp5588: Fix sleep-in-atomic-context bug Michael Scott (1): 6lowpan: iphc: reset mac_header after decompress to fix panic Miguel Ojeda (1): arm64: jump_label.h: use asm_volatile_goto macro instead of "asm goto" Mika Westerberg (1): i2c: i801: Allow ACPI AML access I/O ports not reserved for SMBus Mike Snitzer (1): dm thin metadata: fix __udivdi3 undefined on 32-bit Naoya Horiguchi (2): tools/vm/slabinfo.c: fix sign-compare warning tools/vm/page-types.c: fix "defined but not used" warning Nicholas Mc Guire (1): ALSA: snd-aoa: add of_node_put() in error path Olaf Hering (1): xen: avoid crash in disable_hotplug_cpu Oliver Neukum (2): USB: usbdevfs: sanitize flags more USB: usbdevfs: restore warning for nonsensical flags Paul Mackerras (1): KVM: PPC: Book3S HV: Don't truncate HPTE index in xlate function Randy Dunlap (2): arch/hexagon: fix kernel/dma.c build warning hexagon: modify ffs() and fls() to return int Sakari Ailus (1): media: v4l: event: Prevent freeing event subscriptions while accessed Sandipan Das (1): perf probe powerpc: Ignore SyS symbols irrespective of endianness Sebastian Andrzej Siewior (1): Revert "usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt()" Stafford Horne (1): crypto: skcipher - Fix -Wstringop-truncation warnings Stephen Rothwell (1): fs/cifs: suppress a string overflow warning Sudeep Holla (1): power: vexpress: fix corruption in notifier registration Suzuki K Poulose (1): arm64: cpufeature: Track 32bit EL0 support Sylwester Nawrocki (1): media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt() Theodore Ts'o (1): ext4: never move the system.data xattr out of the inode body Thomas Gleixner (1): alarmtimer: Prevent overflow for relative nanosleep Tony Lindgren (1): wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout() Uwe Kleine-König (1): serial: imx: restore handshaking irq for imx1 Vasily Gorbik (1): s390/extmem: fix gcc 8 stringop-overflow warning Vincent Pelletier (1): scsi: target: iscsi: Use bin2hex instead of a re-implementation Vitaly Kuznetsov (1): xen/manage: don't complain about an empty value in control/sysrq node Xiao Ni (1): RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0 Yuan-Chi Pang (1): mac80211: mesh: fix HWMP sequence numbering to follow standard Zhouyang Jia (4): drivers/tty: add error handling for pcmcia_loop_config media: tm6000: add error handling for dvb_register_adapter HID: hid-ntrig: add error handling for sysfs_create_group scsi: bnx2i: add error handling for ioremap_nocache ming_qian (1): media: uvcvideo: Support realtek's UVC 1.5 device

7 years, 1 month

1
1
0 0

[PATCH] xen/balloon: Support xend-based toolstack

by Boris Ostrovsky

Xend-based toolstacks don't have static-max entry in xenstore. The equivalent node for those toolstacks is memory_static_max. Fixes: 5266b8e4445c (xen: fix booting ballooned down hvm guest) Signed-off-by: Boris Ostrovsky <boris.ostrovsky(a)oracle.com> Cc: <stable(a)vger.kernel.org> # 4.13 --- drivers/xen/xen-balloon.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/drivers/xen/xen-balloon.c b/drivers/xen/xen-balloon.c index 63c1494a8d73..2acbfe104e46 100644 --- a/drivers/xen/xen-balloon.c +++ b/drivers/xen/xen-balloon.c @@ -76,12 +76,15 @@ static void watch_target(struct xenbus_watch *watch, if (!watch_fired) { watch_fired = true; - err = xenbus_scanf(XBT_NIL, "memory", "static-max", "%llu", - &static_max); - if (err != 1) - static_max = new_target; - else + + if ((xenbus_scanf(XBT_NIL, "memory", "static-max", + "%llu", &static_max) == 1) || + (xenbus_scanf(XBT_NIL, "memory", "memory_static_max", + "%llu", &static_max) == 1)) static_max >>= PAGE_SHIFT - 10; + else + static_max = new_target; + target_diff = (xen_pv_domain() || xen_initial_domain()) ? 0 : static_max - balloon_stats.target_pages; } -- 2.17.1

7 years, 1 month

2
2
0 0

[PATCH] mm: Preserve _PAGE_DEVMAP across mprotect() calls

by Jan Kara

Currently _PAGE_DEVMAP bit is not preserved in mprotect(2) calls. As a result we will see warnings such as: BUG: Bad page map in process JobWrk0013 pte:800001803875ea25 pmd:7624381067 addr:00007f0930720000 vm_flags:280000f9 anon_vma: (null) mapping:ffff97f2384056f0 index:0 file:457-000000fe00000030-00000009-000000ca-00000001_2001.fileblock fault:xfs_filemap_fault [xfs] mmap:xfs_file_mmap [xfs] readpage: (null) CPU: 3 PID: 15848 Comm: JobWrk0013 Tainted: G W 4.12.14-2.g7573215-default #1 SLE12-SP4 (unreleased) Hardware name: Intel Corporation S2600WFD/S2600WFD, BIOS SE5C620.86B.01.00.0833.051120182255 05/11/2018 Call Trace: dump_stack+0x5a/0x75 print_bad_pte+0x217/0x2c0 ? enqueue_task_fair+0x76/0x9f0 _vm_normal_page+0xe5/0x100 zap_pte_range+0x148/0x740 unmap_page_range+0x39a/0x4b0 unmap_vmas+0x42/0x90 unmap_region+0x99/0xf0 ? vma_gap_callbacks_rotate+0x1a/0x20 do_munmap+0x255/0x3a0 vm_munmap+0x54/0x80 SyS_munmap+0x1d/0x30 do_syscall_64+0x74/0x150 entry_SYSCALL_64_after_hwframe+0x3d/0xa2 ... when mprotect(2) gets used on DAX mappings. Also there is a wide variety of other failures that can result from the missing _PAGE_DEVMAP flag when the area gets used by get_user_pages() later. Fix the problem by including _PAGE_DEVMAP in a set of flags that get preserved by mprotect(2). Fixes: 69660fd797c3 ("x86, mm: introduce _PAGE_DEVMAP") Fixes: ebd31197931d ("powerpc/mm: Add devmap support for ppc64") CC: stable(a)vger.kernel.org Signed-off-by: Jan Kara <jack(a)suse.cz> --- arch/powerpc/include/asm/book3s/64/pgtable.h | 4 ++-- arch/x86/include/asm/pgtable_types.h | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/powerpc/include/asm/book3s/64/pgtable.h b/arch/powerpc/include/asm/book3s/64/pgtable.h index 2fdc865ca374..2a2486526d1f 100644 --- a/arch/powerpc/include/asm/book3s/64/pgtable.h +++ b/arch/powerpc/include/asm/book3s/64/pgtable.h @@ -114,7 +114,7 @@ */ #define _HPAGE_CHG_MASK (PTE_RPN_MASK | _PAGE_HPTEFLAGS | _PAGE_DIRTY | \ _PAGE_ACCESSED | H_PAGE_THP_HUGE | _PAGE_PTE | \ - _PAGE_SOFT_DIRTY) + _PAGE_SOFT_DIRTY | _PAGE_DEVMAP) /* * user access blocked by key */ @@ -132,7 +132,7 @@ */ #define _PAGE_CHG_MASK (PTE_RPN_MASK | _PAGE_HPTEFLAGS | _PAGE_DIRTY | \ _PAGE_ACCESSED | _PAGE_SPECIAL | _PAGE_PTE | \ - _PAGE_SOFT_DIRTY) + _PAGE_SOFT_DIRTY | _PAGE_DEVMAP) #define H_PTE_PKEY (H_PTE_PKEY_BIT0 | H_PTE_PKEY_BIT1 | H_PTE_PKEY_BIT2 | \ H_PTE_PKEY_BIT3 | H_PTE_PKEY_BIT4) diff --git a/arch/x86/include/asm/pgtable_types.h b/arch/x86/include/asm/pgtable_types.h index b64acb08a62b..106b7d0e2dae 100644 --- a/arch/x86/include/asm/pgtable_types.h +++ b/arch/x86/include/asm/pgtable_types.h @@ -124,7 +124,7 @@ */ #define _PAGE_CHG_MASK (PTE_PFN_MASK | _PAGE_PCD | _PAGE_PWT | \ _PAGE_SPECIAL | _PAGE_ACCESSED | _PAGE_DIRTY | \ - _PAGE_SOFT_DIRTY) + _PAGE_SOFT_DIRTY | _PAGE_DEVMAP) #define _HPAGE_CHG_MASK (_PAGE_CHG_MASK | _PAGE_PSE) /* -- 2.16.4

7 years, 1 month

4
4
0 0

[PATCH 4.14 00/94] 4.14.75-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.14.75 release. There are 94 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed Oct 10 17:55:37 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.75-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.14.75-rc1 Song Liu <songliubraving(a)fb.com> ixgbe: check return value of napi_complete_done() Ashish Samant <ashish.samant(a)oracle.com> ocfs2: fix locking for res->tracking and dlm->tracking_list Jann Horn <jannh(a)google.com> proc: restrict kernel stack dumps to root Vitaly Kuznetsov <vkuznets(a)redhat.com> tools: hv: fcopy: set 'error' in case an unknown operation was requested Dexuan Cui <decui(a)microsoft.com> Drivers: hv: vmbus: Use get/put_cpu() in vmbus_connect() Ricardo Ribalda Delgado <ricardo.ribalda(a)gmail.com> gpiolib: Free the last requested descriptor Horia Geantă <horia.geanta(a)nxp.com> crypto: caam/jr - fix ablkcipher_edesc pointer arithmetic Leonard Crestez <leonard.crestez(a)nxp.com> crypto: mxs-dcp - Fix wait logic on chan threads Waiman Long <longman(a)redhat.com> crypto: qat - Fix KASAN stack-out-of-bounds bug in adf_probe() Kai-Heng Feng <kai.heng.feng(a)canonical.com> ALSA: hda/realtek - Cannot adjust speaker's volume on Dell XPS 27 7760 Singh, Brijesh <brijesh.singh(a)amd.com> iommu/amd: Clear memory encryption mask from physical address Aurelien Aptel <aaptel(a)suse.com> smb2: fix missing files in root share directory listing Andreas Gruenbacher <agruenba(a)redhat.com> sysfs: Do not return POSIX ACL xattrs via listxattr Miklos Szeredi <mszeredi(a)redhat.com> ovl: fix format of setxattr debug Amir Goldstein <amir73il(a)gmail.com> ovl: fix memory leak on unlink of indexed file Amir Goldstein <amir73il(a)gmail.com> ovl: fix access beyond unterminated strings Josh Abraham <j.abraham1776(a)gmail.com> xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage Olaf Hering <olaf(a)aepfle.de> xen: avoid crash in disable_hotplug_cpu Vitaly Kuznetsov <vkuznets(a)redhat.com> xen/manage: don't complain about an empty value in control/sysrq node Dan Carpenter <dan.carpenter(a)oracle.com> cifs: read overflow in is_valid_oplock_break() Julian Wiedmann <jwi(a)linux.ibm.com> s390/qeth: don't dump past end of unknown HW header Wenjia Zhang <wenjia(a)linux.ibm.com> s390/qeth: use vzalloc for QUERY OAT buffer Kai-Heng Feng <kai.heng.feng(a)canonical.com> r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED Christian König <christian.koenig(a)amd.com> drm/amdgpu: fix error handling in amdgpu_cs_user_fence_chunk Miguel Ojeda <miguel.ojeda.sandonis(a)gmail.com> arm64: jump_label.h: use asm_volatile_goto macro instead of "asm goto" Randy Dunlap <rdunlap(a)infradead.org> hexagon: modify ffs() and fls() to return int Randy Dunlap <rdunlap(a)infradead.org> arch/hexagon: fix kernel/dma.c build warning Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: conntrack: timeout interface depend on CONFIG_NF_CONNTRACK_TIMEOUT Joe Thornber <ejt(a)redhat.com> dm thin metadata: try to avoid ever aborting transactions Jacek Tomaka <jacek.tomaka(a)poczta.fm> perf/x86/intel: Add support/quirk for the MISPREDICT bit on Knights Landing CPUs Netanel Belgazal <netanel(a)amazon.com> net: ena: fix missing calls to READ_ONCE Netanel Belgazal <netanel(a)amazon.com> net: ena: fix driver when PAGE_SIZE == 64kB Stephen Rothwell <sfr(a)canb.auug.org.au> fs/cifs: suppress a string overflow warning Heinz Mauelshagen <heinzm(a)redhat.com> dm raid: fix rebuild of specific devices by updating superblock Ben Skeggs <bskeggs(a)redhat.com> drm/nouveau/disp: fix DP disable race Ben Skeggs <bskeggs(a)redhat.com> drm/nouveau/TBDdevinit: don't fail when PMU/PRE_OS is missing from VBIOS Daniel Jurgens <danielj(a)mellanox.com> net/mlx5: Consider PCI domain in search for next dev Sagi Grimberg <sagi(a)grimberg.me> nvmet-rdma: fix possible bogus dereference under heavy load Ben Hutchings <ben.hutchings(a)codethink.co.uk> USB: yurex: Check for truncation in yurex_read() Hans de Goede <hdegoede(a)redhat.com> HID: sensor-hub: Restore fixup for Lenovo ThinkPad Helix 2 sensor hub report Jann Horn <jannh(a)google.com> RDMA/ucma: check fd type in ucma_migrate_id() Matt Ranostay <matt.ranostay(a)konsulko.com> Revert "iio: temperature: maxim_thermocouple: add MAX31856 part" Taehee Yoo <ap420073(a)gmail.com> netfilter: nf_tables: release chain in flushing set Sandipan Das <sandipan(a)linux.ibm.com> perf probe powerpc: Ignore SyS symbols irrespective of endianness Chris Phlipot <cphlipot0(a)gmail.com> perf util: Fix bad memory access in trace info. Hisao Tanabe <xtanabe(a)gmail.com> perf evsel: Fix potential null pointer dereference in perf_evsel__new_idx() Nilesh Javali <nilesh.javali(a)cavium.com> scsi: qedi: Add the CRC size within iSCSI NVM image Vincent Pelletier <plr.vincent(a)gmail.com> scsi: iscsi: target: Set conn->sess to NULL when iscsi_login_set_conn_values fails Harry Mallon <hjmallon(a)gmail.com> HID: hid-saitek: Add device ID for RAT 7 Contagion Stephen Boyd <swboyd(a)chromium.org> pinctrl: msm: Really mask level interrupts to prevent latching Anton Vasilyev <vasilyev(a)ispras.ru> usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i] Sean O'Brien <seobrien(a)chromium.org> HID: add support for Apple Magic Keyboards Martin Willi <martin(a)strongswan.org> netfilter: xt_cluster: add dependency on conntrack module Jann Horn <jannh(a)google.com> bpf: 32-bit RSH verification must truncate input before the ALU op Daniel Black <daniel(a)linux.ibm.com> mm: madvise(MADV_DODUMP): allow hugetlbfs pages Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> tools/vm/page-types.c: fix "defined but not used" warning Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> tools/vm/slabinfo.c: fix sign-compare warning Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> mac80211: shorten the IBSS debug messages Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> mac80211: don't Tx a deauth frame if the AP forbade Tx Ilan Peer <ilan.peer(a)intel.com> mac80211: Fix station bandwidth setting after channel switch Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> mac80211: fix a race between restart and CSA flows Dan Carpenter <dan.carpenter(a)oracle.com> cfg80211: fix a type issue in ieee80211_chandef_to_operating_class() Lorenzo Bianconi <lorenzo.bianconi(a)redhat.com> mac80211: fix an off-by-one issue in A-MSDU max_subframe computation Jon Kuhn <jkuhn(a)barracuda.com> fs/cifs: don't translate SFM_SLASH (U+F026) to backslash Jia-Ju Bai <baijiaju1990(a)gmail.com> net: cadence: Fix a sleep-in-atomic-context bug in macb_halt_tx() Masahiro Yamada <yamada.masahiro(a)socionext.com> i2c: uniphier-f: issue STOP only for last message or I2C_M_STOP Masahiro Yamada <yamada.masahiro(a)socionext.com> i2c: uniphier: issue STOP only for last message or I2C_M_STOP Xiao Ni <xni(a)redhat.com> RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0 Shaohua Li <shli(a)fb.com> md/raid5-cache: disable reshape completely Will Deacon <will.deacon(a)arm.com> ARC: atomics: unbork atomic_fetch_##op() Vincent Whitchurch <vincent.whitchurch(a)axis.com> gpio: Fix crash due to registration race Stefan Raspl <stefan.raspl(a)de.ibm.com> tools/kvm_stat: fix handling of invalid paths in debugfs provider Stefan Raspl <stefan.raspl(a)de.ibm.com> tools/kvm_stat: fix python3 issues Johannes Berg <johannes.berg(a)intel.com> mac80211: always account for A-MSDU header changes Lorenzo Bianconi <lorenzo.bianconi(a)redhat.com> mac80211: do not convert to A-MSDU if frag/subframe limited Arunk Khandavalli <akhandav(a)codeaurora.org> cfg80211: nl80211_update_ft_ies() to validate NL80211_ATTR_IE Peng Li <lipeng321(a)huawei.com> net: hns: add netif_carrier_off before change speed and duplex Peng Li <lipeng321(a)huawei.com> net: hns: add the code for cleaning pkt in chip Hans de Goede <hdegoede(a)redhat.com> gpiolib-acpi: Register GpioInt ACPI event handlers from a late_initcall Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpiolib: acpi: Switch to cansleep version of GPIO library call Sara Sharon <sara.sharon(a)intel.com> mac80211: avoid kernel panic when building AMSDU from non-linear SKB Yuan-Chi Pang <fu3mo6goo(a)gmail.com> mac80211: mesh: fix HWMP sequence numbering to follow standard Michael Hennerich <michael.hennerich(a)analog.com> gpio: adp5588: Fix sleep-in-atomic-context bug Danek Duvall <duvall(a)comfychair.org> mac80211_hwsim: correct use of IEEE80211_VHT_CAP_RXSTBC_X Danek Duvall <duvall(a)comfychair.org> mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X Varun Prakash <varun(a)chelsio.com> scsi: csiostor: add a check for NULL pointer after kmalloc() Anand Jain <anand.jain(a)oracle.com> btrfs: btrfs_shrink_device should call commit transaction at the end Paul Mackerras <paulus(a)ozlabs.org> KVM: PPC: Book3S HV: Don't truncate HPTE index in xlate function Johannes Berg <johannes.berg(a)intel.com> mac80211_hwsim: require at least one channel Toke Høiland-Jørgensen <toke(a)toke.dk> mac80211: Run TXQ teardown code before de-registering interfaces Len Brown <len.brown(a)intel.com> tools/power turbostat: fix possible sprintf buffer overflow Jan Kiszka <jan.kiszka(a)siemens.com> serial: mvebu-uart: Fix reporting of effective CSIZE to userspace Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: add another ATPX quirk for TOPAZ Colin Ian King <colin.king(a)canonical.com> drm/amd/pp: initialize result to before or'ing in data ------------- Diffstat: Makefile | 4 +- arch/arc/include/asm/atomic.h | 2 +- arch/arm64/include/asm/jump_label.h | 4 +- arch/hexagon/include/asm/bitops.h | 4 +- arch/hexagon/kernel/dma.c | 2 +- arch/powerpc/kvm/book3s_64_mmu_hv.c | 2 +- arch/x86/events/intel/lbr.c | 4 + drivers/crypto/caam/caamalg.c | 8 +- drivers/crypto/mxs-dcp.c | 53 +++++++------ drivers/crypto/qat/qat_c3xxx/adf_drv.c | 6 +- drivers/crypto/qat/qat_c3xxxvf/adf_drv.c | 6 +- drivers/crypto/qat/qat_c62x/adf_drv.c | 6 +- drivers/crypto/qat/qat_c62xvf/adf_drv.c | 6 +- drivers/crypto/qat/qat_dh895xcc/adf_drv.c | 6 +- drivers/crypto/qat/qat_dh895xccvf/adf_drv.c | 6 +- drivers/gpio/gpio-adp5588.c | 24 +++++- drivers/gpio/gpiolib-acpi.c | 86 +++++++++++++--------- drivers/gpio/gpiolib-of.c | 1 + drivers/gpio/gpiolib.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_atpx_handler.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 23 ++++-- .../gpu/drm/amd/powerplay/hwmgr/vega10_powertune.c | 2 +- drivers/gpu/drm/nouveau/nvkm/engine/disp/dp.c | 17 +++-- drivers/gpu/drm/nouveau/nvkm/engine/disp/nv50.c | 6 +- drivers/gpu/drm/nouveau/nvkm/engine/disp/outp.c | 2 + drivers/gpu/drm/nouveau/nvkm/engine/disp/outp.h | 3 +- .../gpu/drm/nouveau/nvkm/subdev/devinit/gm200.c | 3 +- drivers/hid/hid-apple.c | 9 ++- drivers/hid/hid-ids.h | 3 + drivers/hid/hid-saitek.c | 2 + drivers/hid/hid-sensor-hub.c | 23 ++++++ drivers/hv/connection.c | 8 +- drivers/i2c/busses/i2c-uniphier-f.c | 7 +- drivers/i2c/busses/i2c-uniphier.c | 7 +- drivers/iio/temperature/maxim_thermocouple.c | 1 - drivers/infiniband/core/ucma.c | 6 ++ drivers/iommu/amd_iommu.c | 2 +- drivers/md/dm-raid.c | 5 ++ drivers/md/dm-thin-metadata.c | 36 ++++++++- drivers/md/dm-thin.c | 73 ++++++++++++++++-- drivers/md/raid10.c | 5 +- drivers/md/raid5-log.h | 5 ++ drivers/md/raid5.c | 6 +- drivers/net/ethernet/amazon/ena/ena_com.c | 8 +- drivers/net/ethernet/amazon/ena/ena_netdev.c | 10 +-- drivers/net/ethernet/amazon/ena/ena_netdev.h | 11 +++ drivers/net/ethernet/cadence/macb_main.c | 2 +- drivers/net/ethernet/hisilicon/hns/hnae.h | 2 + drivers/net/ethernet/hisilicon/hns/hns_ae_adapt.c | 67 ++++++++++++++++- drivers/net/ethernet/hisilicon/hns/hns_dsaf_gmac.c | 36 +++++++++ drivers/net/ethernet/hisilicon/hns/hns_dsaf_mac.c | 44 +++++++++++ drivers/net/ethernet/hisilicon/hns/hns_dsaf_mac.h | 8 ++ drivers/net/ethernet/hisilicon/hns/hns_dsaf_main.c | 29 ++++++++ drivers/net/ethernet/hisilicon/hns/hns_dsaf_main.h | 3 + drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.c | 23 ++++++ drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.h | 1 + drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.c | 23 ++++++ drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.h | 1 + drivers/net/ethernet/hisilicon/hns/hns_dsaf_reg.h | 1 + drivers/net/ethernet/hisilicon/hns/hns_enet.c | 21 +++++- drivers/net/ethernet/hisilicon/hns/hns_ethtool.c | 2 + drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 12 +-- drivers/net/ethernet/mellanox/mlx5/core/dev.c | 7 +- drivers/net/ethernet/realtek/r8169.c | 9 ++- drivers/net/wireless/mac80211_hwsim.c | 8 +- drivers/nvme/target/rdma.c | 27 ++++++- drivers/pinctrl/qcom/pinctrl-msm.c | 24 ++++++ drivers/s390/net/qeth_core_main.c | 5 +- drivers/s390/net/qeth_l2_main.c | 2 +- drivers/s390/net/qeth_l3_main.c | 2 +- drivers/scsi/csiostor/csio_hw.c | 16 ++-- drivers/scsi/qedi/qedi.h | 7 +- drivers/scsi/qedi/qedi_main.c | 28 +++---- drivers/target/iscsi/iscsi_target_login.c | 8 +- drivers/tty/serial/mvebu-uart.c | 4 +- drivers/usb/gadget/udc/fotg210-udc.c | 15 ++-- drivers/usb/misc/yurex.c | 3 + drivers/xen/cpu_hotplug.c | 15 ++-- drivers/xen/events/events_base.c | 2 +- drivers/xen/manage.c | 6 +- fs/btrfs/volumes.c | 7 +- fs/cifs/cifs_unicode.c | 3 - fs/cifs/cifssmb.c | 11 ++- fs/cifs/misc.c | 8 ++ fs/cifs/smb2ops.c | 2 +- fs/ocfs2/dlm/dlmmaster.c | 4 +- fs/overlayfs/namei.c | 2 +- fs/overlayfs/overlayfs.h | 4 +- fs/overlayfs/util.c | 3 +- fs/proc/base.c | 14 ++++ fs/xattr.c | 24 +++--- kernel/bpf/verifier.c | 10 ++- mm/madvise.c | 2 +- net/ipv4/netfilter/nf_conntrack_proto_icmp.c | 8 +- net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c | 8 +- net/mac80211/ibss.c | 22 +++--- net/mac80211/main.c | 28 +++++-- net/mac80211/mesh_hwmp.c | 4 + net/mac80211/mlme.c | 70 +++++++++++++++++- net/mac80211/tx.c | 54 ++++++++------ net/netfilter/nf_conntrack_proto_dccp.c | 12 +-- net/netfilter/nf_conntrack_proto_generic.c | 8 +- net/netfilter/nf_conntrack_proto_gre.c | 8 +- net/netfilter/nf_conntrack_proto_sctp.c | 14 ++-- net/netfilter/nf_conntrack_proto_tcp.c | 12 +-- net/netfilter/nf_conntrack_proto_udp.c | 20 ++--- net/netfilter/nf_tables_api.c | 1 + net/netfilter/xt_cluster.c | 14 +++- net/wireless/nl80211.c | 1 + net/wireless/util.c | 2 +- sound/pci/hda/patch_realtek.c | 1 + tools/hv/hv_fcopy_daemon.c | 1 + tools/kvm/kvm_stat/kvm_stat | 14 +++- tools/perf/arch/powerpc/util/sym-handling.c | 4 +- tools/perf/util/evsel.c | 5 +- tools/perf/util/trace-event-info.c | 2 +- tools/power/x86/turbostat/turbostat.c | 2 +- tools/vm/page-types.c | 6 -- tools/vm/slabinfo.c | 4 +- 119 files changed, 1046 insertions(+), 352 deletions(-)

7 years, 1 month

6
102
0 0

[PATCH] ALSA: hda/realtek - Fix the problem of the front MIC on the Lenovo M715

by Hui Wang

The front MIC on the Lenovo M715 can't record sound, after applying the ALC294_FIXUP_LENOVO_MIC_LOCATION, the problem is fixed. So add the pin configuration of this machine to the pin quirk table. Cc: <stable(a)vger.kernel.org> Signed-off-by: Hui Wang <hui.wang(a)canonical.com> --- sound/pci/hda/patch_realtek.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c index 6f3c8e888c2a..2871c54f62ab 100644 --- a/sound/pci/hda/patch_realtek.c +++ b/sound/pci/hda/patch_realtek.c @@ -6840,6 +6840,12 @@ static const struct snd_hda_pin_quirk alc269_pin_fixup_tbl[] = { {0x1a, 0x02a11040}, {0x1b, 0x01014020}, {0x21, 0x0221101f}), + SND_HDA_PIN_QUIRK(0x10ec0235, 0x17aa, "Lenovo", ALC294_FIXUP_LENOVO_MIC_LOCATION, + {0x14, 0x90170110}, + {0x19, 0x02a11030}, + {0x1a, 0x02a11040}, + {0x1b, 0x01011020}, + {0x21, 0x0221101f}), SND_HDA_PIN_QUIRK(0x10ec0235, 0x17aa, "Lenovo", ALC294_FIXUP_LENOVO_MIC_LOCATION, {0x14, 0x90170110}, {0x19, 0x02a11020}, -- 2.17.1

7 years, 1 month

2
1
0 0

[PATCH v5 1/3] x86/xen: fix boot loader version reported for pvh guests

by Juergen Gross

The boot loader version reported via sysfs is wrong in case of the kernel being booted via the Xen PVH boot entry. it should be 2.12 (0x020c), but it is reported to be 2.18 (0x0212). As the current way to set the version is error prone use the more readable variant (2 << 8) | 12. Cc: <stable(a)vger.kernel.org> # 4.12 Signed-off-by: Juergen Gross <jgross(a)suse.com> --- arch/x86/xen/enlighten_pvh.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/xen/enlighten_pvh.c b/arch/x86/xen/enlighten_pvh.c index c85d1a88f476..f7f77023288a 100644 --- a/arch/x86/xen/enlighten_pvh.c +++ b/arch/x86/xen/enlighten_pvh.c @@ -75,7 +75,7 @@ static void __init init_pvh_bootparams(void) * Version 2.12 supports Xen entry point but we will use default x86/PC * environment (i.e. hardware_subarch 0). */ - pvh_bootparams.hdr.version = 0x212; + pvh_bootparams.hdr.version = (2 << 8) | 12; pvh_bootparams.hdr.type_of_loader = (9 << 4) | 0; /* Xen loader */ x86_init.acpi.get_root_pointer = pvh_get_root_pointer; -- 2.16.4

7 years, 1 month

1
0
0 0

[PATCH 4.18 000/168] 4.18.13-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.18.13 release. There are 168 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed Oct 10 17:55:44 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.18.13-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.18.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.18.13-rc1 Song Liu <songliubraving(a)fb.com> ixgbe: check return value of napi_complete_done() Anisse Astier <anisse(a)astier.eu> HID: i2c-hid: disable runtime PM operations on hantick touchpad Ashish Samant <ashish.samant(a)oracle.com> ocfs2: fix locking for res->tracking and dlm->tracking_list Jann Horn <jannh(a)google.com> proc: restrict kernel stack dumps to root Vitaly Kuznetsov <vkuznets(a)redhat.com> tools: hv: fcopy: set 'error' in case an unknown operation was requested Dexuan Cui <decui(a)microsoft.com> Drivers: hv: vmbus: Use get/put_cpu() in vmbus_connect() Ricardo Ribalda Delgado <ricardo.ribalda(a)gmail.com> gpiolib: Free the last requested descriptor Horia Geantă <horia.geanta(a)nxp.com> crypto: caam/jr - fix ablkcipher_edesc pointer arithmetic Leonard Crestez <leonard.crestez(a)nxp.com> crypto: mxs-dcp - Fix wait logic on chan threads Harsh Jain <harsh(a)chelsio.com> crypto: chelsio - Fix memory corruption in DMA Mapped buffers. Waiman Long <longman(a)redhat.com> crypto: qat - Fix KASAN stack-out-of-bounds bug in adf_probe() Kai-Heng Feng <kai.heng.feng(a)canonical.com> ALSA: hda/realtek - Cannot adjust speaker's volume on Dell XPS 27 7760 Singh, Brijesh <brijesh.singh(a)amd.com> iommu/amd: Clear memory encryption mask from physical address Aurelien Aptel <aaptel(a)suse.com> smb2: fix missing files in root share directory listing Nathan Chancellor <natechancellor(a)gmail.com> cpufreq: qcom-kryo: Fix section annotations Bjorn Andersson <bjorn.andersson(a)linaro.org> firmware: Always initialize the fw_priv list object Rishabh Bhatnagar <rishabhb(a)codeaurora.org> firmware: Fix security issue with request_firmware_into_buf() Larry Finger <Larry.Finger(a)lwfinger.net> b43: fix DMA error related regression with proprietary firmware Andreas Gruenbacher <agruenba(a)redhat.com> sysfs: Do not return POSIX ACL xattrs via listxattr Miklos Szeredi <mszeredi(a)redhat.com> ovl: fix format of setxattr debug Amir Goldstein <amir73il(a)gmail.com> ovl: fix memory leak on unlink of indexed file Amir Goldstein <amir73il(a)gmail.com> ovl: fix access beyond unterminated strings Miklos Szeredi <miklos(a)szeredi.hu> ovl: set I_CREATING on inode being created Miklos Szeredi <mszeredi(a)redhat.com> vfs: don't evict uninitialized inode Al Viro <viro(a)zeniv.linux.org.uk> new primitive: discard_new_inode() Randy Dunlap <rdunlap(a)infradead.org> x86/APM: Fix build warning when PROC_FS is not enabled Josh Abraham <j.abraham1776(a)gmail.com> xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage Olaf Hering <olaf(a)aepfle.de> xen: avoid crash in disable_hotplug_cpu Vitaly Kuznetsov <vkuznets(a)redhat.com> xen/manage: don't complain about an empty value in control/sysrq node Andrew Murray <andrew.murray(a)arm.com> asm-generic: io: Fix ioport_map() for !CONFIG_GENERIC_IOMAP && CONFIG_INDIRECT_PIO Dan Carpenter <dan.carpenter(a)oracle.com> cifs: read overflow in is_valid_oplock_break() Julian Wiedmann <jwi(a)linux.ibm.com> s390/qeth: don't dump past end of unknown HW header Wenjia Zhang <wenjia(a)linux.ibm.com> s390/qeth: use vzalloc for QUERY OAT buffer Kai-Heng Feng <kai.heng.feng(a)canonical.com> r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED Christian König <christian.koenig(a)amd.com> drm/amdgpu: fix error handling in amdgpu_cs_user_fence_chunk Miguel Ojeda <miguel.ojeda.sandonis(a)gmail.com> arm64: jump_label.h: use asm_volatile_goto macro instead of "asm goto" Tao Zhou <tao.zhou1(a)amd.com> drm/amdgpu: Fix SDMA hang in prt mode v2 Randy Dunlap <rdunlap(a)infradead.org> hexagon: modify ffs() and fls() to return int Randy Dunlap <rdunlap(a)infradead.org> arch/hexagon: fix kernel/dma.c build warning Cong Wang <xiyou.wangcong(a)gmail.com> netfilter: xt_hashlimit: use s->file instead of s->private Michal 'vorner' Vaner <michal.vaner(a)avast.com> netfilter: nfnetlink_queue: Solve the NFQUEUE/conntrack clash for NF_REPEAT Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: conntrack: timeout interface depend on CONFIG_NF_CONNTRACK_TIMEOUT Joe Thornber <ejt(a)redhat.com> dm thin metadata: try to avoid ever aborting transactions Srikar Dronamraju <srikar(a)linux.vnet.ibm.com> sched/topology: Set correct NUMA topology type Jacek Tomaka <jacek.tomaka(a)poczta.fm> perf/x86/intel: Add support/quirk for the MISPREDICT bit on Knights Landing CPUs Netanel Belgazal <netanel(a)amazon.com> net: ena: fix missing calls to READ_ONCE Netanel Belgazal <netanel(a)amazon.com> net: ena: fix missing lock during device destruction Netanel Belgazal <netanel(a)amazon.com> net: ena: fix potential double ena_destroy_device() Netanel Belgazal <netanel(a)amazon.com> net: ena: fix device destruction to gracefully free resources Netanel Belgazal <netanel(a)amazon.com> net: ena: fix driver when PAGE_SIZE == 64kB Netanel Belgazal <netanel(a)amazon.com> net: ena: fix surprise unplug NULL dereference kernel crash Stephen Rothwell <sfr(a)canb.auug.org.au> fs/cifs: suppress a string overflow warning Maciej S. Szmigiero <mail(a)maciej.szmigiero.name> r8169: set TxConfig register after TX / RX is enabled, just like RxConfig Heinz Mauelshagen <heinzm(a)redhat.com> dm raid: fix RAID leg rebuild errors Heinz Mauelshagen <heinzm(a)redhat.com> dm raid: fix rebuild of specific devices by updating superblock Heinz Mauelshagen <heinzm(a)redhat.com> dm raid: fix stripe adding reshape deadlock Ben Skeggs <bskeggs(a)redhat.com> drm/nouveau/disp/gm200-: enforce identity-mapped SOR assignment for LVDS/eDP panels Ben Skeggs <bskeggs(a)redhat.com> drm/nouveau/disp: fix DP disable race Ben Skeggs <bskeggs(a)redhat.com> drm/nouveau/TBDdevinit: don't fail when PMU/PRE_OS is missing from VBIOS Ben Skeggs <bskeggs(a)redhat.com> drm/nouveau/mmu: don't attempt to dereference vmm without valid instance pointer Ben Skeggs <bskeggs(a)redhat.com> drm/nouveau: fix oops in client init failure path Heinz Mauelshagen <heinzm(a)redhat.com> dm raid: fix reshape race on small devices Kai-Heng Feng <kai.heng.feng(a)canonical.com> HID: i2c-hid: Don't reset device upon system resume Daniel Jurgens <danielj(a)mellanox.com> net/mlx5: Consider PCI domain in search for next dev Somnath Kotur <somnath.kotur(a)broadcom.com> bnxt_re: Fix couple of memory leaks that could lead to IOMMU call traces Sagi Grimberg <sagi(a)grimberg.me> nvmet-rdma: fix possible bogus dereference under heavy load Ben Hutchings <ben.hutchings(a)codethink.co.uk> USB: yurex: Check for truncation in yurex_read() Anurag Kumar Vulisha <anurag.kumar.vulisha(a)xilinx.com> usb: host: xhci-plat: Iterate over parent nodes for finding quirks Hans de Goede <hdegoede(a)redhat.com> HID: sensor-hub: Restore fixup for Lenovo ThinkPad Helix 2 sensor hub report Guenter Roeck <linux(a)roeck-us.net> riscv: Do not overwrite initrd_start and initrd_end Jann Horn <jannh(a)google.com> RDMA/ucma: check fd type in ucma_migrate_id() Lorenzo Bianconi <lorenzo.bianconi(a)redhat.com> iio: imu: st_lsm6dsx: take into account ts samples in wm configuration Matt Ranostay <matt.ranostay(a)konsulko.com> Revert "iio: temperature: maxim_thermocouple: add MAX31856 part" Taehee Yoo <ap420073(a)gmail.com> netfilter: nf_tables: release chain in flushing set Florian Westphal <fw(a)strlen.de> netfilter: kconfig: nat related expression depend on nftables core Kim Phillips <kim.phillips(a)arm.com> perf annotate: Fix parsing aarch64 branch instructions after objdump update Sandipan Das <sandipan(a)linux.ibm.com> perf probe powerpc: Ignore SyS symbols irrespective of endianness Chris Phlipot <cphlipot0(a)gmail.com> perf util: Fix bad memory access in trace info. Hisao Tanabe <xtanabe(a)gmail.com> perf evsel: Fix potential null pointer dereference in perf_evsel__new_idx() Martin Liška <mliska(a)suse.cz> perf annotate: Properly interpret indirect call Nilesh Javali <nilesh.javali(a)cavium.com> scsi: qedi: Add the CRC size within iSCSI NVM image Mike Christie <mchristi(a)redhat.com> scsi: iscsi: target: Fix conn_ops double free Vincent Pelletier <plr.vincent(a)gmail.com> scsi: iscsi: target: Set conn->sess to NULL when iscsi_login_set_conn_values fails Harry Mallon <hjmallon(a)gmail.com> HID: hid-saitek: Add device ID for RAT 7 Contagion Stephen Boyd <swboyd(a)chromium.org> pinctrl: msm: Really mask level interrupts to prevent latching Anton Vasilyev <vasilyev(a)ispras.ru> usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i] Sean O'Brien <seobrien(a)chromium.org> HID: add support for Apple Magic Keyboards Andreas Bosch <linux(a)progandy.de> HID: intel-ish-hid: Enable Sunrise Point-H ish driver Florian Westphal <fw(a)strlen.de> netfilter: xt_checksum: ignore gso skbs Martin Willi <martin(a)strongswan.org> netfilter: xt_cluster: add dependency on conntrack module Jann Horn <jannh(a)google.com> bpf: 32-bit RSH verification must truncate input before the ALU op Daniel Black <daniel(a)linux.ibm.com> mm: madvise(MADV_DODUMP): allow hugetlbfs pages David Howells <dhowells(a)redhat.com> afs: Fix cell specification to permit an empty address list Sudeep Holla <sudeep.holla(a)arm.com> firmware: arm_scmi: fix divide by zero when sustained_perf_level is zero Ilya Dryomov <idryomov(a)gmail.com> ceph: avoid a use-after-free in ceph_destroy_options() Greentime Hu <greentime(a)andestech.com> nds32: linker script: GCOV kernel may refers data in __exit Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> tools/vm/page-types.c: fix "defined but not used" warning Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> tools/vm/slabinfo.c: fix sign-compare warning Greentime Hu <greentime(a)andestech.com> nds32: fix build error because of wrong semicolon Zong Li <zong(a)andestech.com> nds32: Fix get_user/put_user macro expand pointer problem Zong Li <zong(a)andestech.com> nds32: Fix empty call trace YueHaibing <yuehaibing(a)huawei.com> nds32: add NULL entry to the end of_device_id array Greentime Hu <greentime(a)andestech.com> nds32: fix logic for module Ivan Mikhaylov <ivan(a)de.ibm.com> net/ibm/emac: wrong emac_calc_base call was used by typo Amir Goldstein <amir73il(a)gmail.com> fsnotify: fix ignore mask logic in fsnotify() Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> mac80211: shorten the IBSS debug messages Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> mac80211: don't Tx a deauth frame if the AP forbade Tx Ilan Peer <ilan.peer(a)intel.com> mac80211: Fix station bandwidth setting after channel switch Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> mac80211: fix a race between restart and CSA flows Dreyfuss, Haim <haim.dreyfuss(a)intel.com> mac80211: fix WMM TXOP calculation Dan Carpenter <dan.carpenter(a)oracle.com> cfg80211: fix a type issue in ieee80211_chandef_to_operating_class() Lorenzo Bianconi <lorenzo.bianconi(a)redhat.com> mac80211: fix an off-by-one issue in A-MSDU max_subframe computation Jon Kuhn <jkuhn(a)barracuda.com> fs/cifs: don't translate SFM_SLASH (U+F026) to backslash Jia-Ju Bai <baijiaju1990(a)gmail.com> net: cadence: Fix a sleep-in-atomic-context bug in macb_halt_tx() Masahiro Yamada <yamada.masahiro(a)socionext.com> i2c: uniphier-f: issue STOP only for last message or I2C_M_STOP Masahiro Yamada <yamada.masahiro(a)socionext.com> i2c: uniphier: issue STOP only for last message or I2C_M_STOP John Fastabend <john.fastabend(a)gmail.com> bpf: avoid misuse of psock when TCP_ULP_BPF collides with another ULP Tushar Dave <tushar.n.dave(a)oracle.com> bpf: Fix bpf_msg_pull_data() Thomas Falcon <tlfalcon(a)linux.vnet.ibm.com> ibmvnic: Include missing return code checks in reset function Sabrina Dubroca <sd(a)queasysnail.net> selftests: pmtu: detect correct binary to ping ipv6 addresses Sabrina Dubroca <sd(a)queasysnail.net> selftests: pmtu: maximum MTU for vti4 is 2^16-1-20 Xiao Ni <xni(a)redhat.com> RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0 Shaohua Li <shli(a)fb.com> md/raid5-cache: disable reshape completely Dennis Zhou (Facebook) <dennisszhou(a)gmail.com> Revert "blk-throttle: fix race between blkcg_bio_issue_check() and cgroup_rmdir()" Will Deacon <will.deacon(a)arm.com> ARC: atomics: unbork atomic_fetch_##op() Vincent Whitchurch <vincent.whitchurch(a)axis.com> gpio: Fix crash due to registration race Stefan Raspl <stefan.raspl(a)de.ibm.com> tools/kvm_stat: fix updates for dead guests Stefan Raspl <stefan.raspl(a)de.ibm.com> tools/kvm_stat: fix handling of invalid paths in debugfs provider Stefan Raspl <stefan.raspl(a)de.ibm.com> tools/kvm_stat: fix python3 issues Johannes Berg <johannes.berg(a)intel.com> mac80211: always account for A-MSDU header changes Lorenzo Bianconi <lorenzo.bianconi(a)redhat.com> mac80211: do not convert to A-MSDU if frag/subframe limited Arunk Khandavalli <akhandav(a)codeaurora.org> cfg80211: nl80211_update_ft_ies() to validate NL80211_ATTR_IE Paolo Abeni <pabeni(a)redhat.com> tc-testing: add test-cases for numeric and invalid control action Baruch Siach <baruch(a)tkos.co.il> net: mvpp2: initialize port of_node pointer Chris Brandt <chris.brandt(a)renesas.com> sh_eth: Add R7S9210 support Peng Li <lipeng321(a)huawei.com> net: hns: add netif_carrier_off before change speed and duplex Peng Li <lipeng321(a)huawei.com> net: hns: add the code for cleaning pkt in chip Cong Wang <xiyou.wangcong(a)gmail.com> tipc: switch to rhashtable iterator Daniel Borkmann <daniel(a)iogearbox.net> bpf: fix sg shift repair start offset in bpf_msg_pull_data Daniel Borkmann <daniel(a)iogearbox.net> bpf: fix shift upon scatterlist ring wrap-around in bpf_msg_pull_data Daniel Borkmann <daniel(a)iogearbox.net> bpf: fix msg->data/data_end after sg shift repair in bpf_msg_pull_data Alexey Khoroshilov <khoroshilov(a)ispras.ru> gpio: dwapb: Fix error handling in dwapb_gpio_probe() Hans de Goede <hdegoede(a)redhat.com> gpiolib-acpi: Register GpioInt ACPI event handlers from a late_initcall Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpiolib: acpi: Switch to cansleep version of GPIO library call Sara Sharon <sara.sharon(a)intel.com> mac80211: avoid kernel panic when building AMSDU from non-linear SKB Yuan-Chi Pang <fu3mo6goo(a)gmail.com> mac80211: mesh: fix HWMP sequence numbering to follow standard Michael Hennerich <michael.hennerich(a)analog.com> gpio: adp5588: Fix sleep-in-atomic-context bug Daniel Borkmann <daniel(a)iogearbox.net> bpf: fix several offset tests in bpf_msg_pull_data Haim Dreyfuss <haim.dreyfuss(a)intel.com> nl80211: Pass center frequency in kHz instead of MHz Haim Dreyfuss <haim.dreyfuss(a)intel.com> nl80211: Fix nla_put_u8 to u16 for NL80211_WMMR_TXOP Jinbum Park <jinb.park7(a)gmail.com> mac80211_hwsim: Fix possible Spectre-v1 for hwsim_world_regdom_custom Stanislaw Gruszka <sgruszka(a)redhat.com> cfg80211: make wmm_rule part of the reg_rule structure Danek Duvall <duvall(a)comfychair.org> mac80211_hwsim: correct use of IEEE80211_VHT_CAP_RXSTBC_X Danek Duvall <duvall(a)comfychair.org> mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X John Fastabend <john.fastabend(a)gmail.com> bpf: sockmap, decrement copied count correctly in redirect error case Daniel Borkmann <daniel(a)iogearbox.net> bpf, sockmap: fix psock refcount leak in bpf_tcp_recvmsg Daniel Borkmann <daniel(a)iogearbox.net> bpf, sockmap: fix potential use after free in bpf_tcp_close Dan Carpenter <dan.carpenter(a)oracle.com> scsi: aacraid: fix a signedness bug Geert Uytterhoeven <geert(a)linux-m68k.org> scsi: libata: Add missing newline at end of file Varun Prakash <varun(a)chelsio.com> scsi: csiostor: fix incorrect port capabilities Varun Prakash <varun(a)chelsio.com> scsi: csiostor: add a check for NULL pointer after kmalloc() Anand Jain <anand.jain(a)oracle.com> btrfs: btrfs_shrink_device should call commit transaction at the end Johannes Berg <johannes.berg(a)intel.com> cfg80211: remove division by size of sizeof(struct ieee80211_wmm_rule) Paul Mackerras <paulus(a)ozlabs.org> KVM: PPC: Book3S HV: Don't truncate HPTE index in xlate function Robbie Ko <robbieko(a)synology.com> Btrfs: fix unexpected failure of nocow buffered writes after snapshotting when low on space Johannes Berg <johannes.berg(a)intel.com> mac80211_hwsim: require at least one channel Toke Høiland-Jørgensen <toke(a)toke.dk> mac80211: Run TXQ teardown code before de-registering interfaces Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> rseq/selftests: fix parametrized test with -fpie ------------- Diffstat: Documentation/devicetree/bindings/net/sh_eth.txt | 1 + Makefile | 4 +- arch/arc/include/asm/atomic.h | 2 +- arch/arm64/include/asm/jump_label.h | 4 +- arch/hexagon/include/asm/bitops.h | 4 +- arch/hexagon/kernel/dma.c | 2 +- arch/nds32/include/asm/elf.h | 4 +- arch/nds32/include/asm/uaccess.h | 26 ++-- arch/nds32/kernel/atl2c.c | 3 +- arch/nds32/kernel/module.c | 4 +- arch/nds32/kernel/traps.c | 2 +- arch/nds32/kernel/vmlinux.lds.S | 12 ++ arch/powerpc/kvm/book3s_64_mmu_hv.c | 2 +- arch/riscv/kernel/setup.c | 7 - arch/x86/events/intel/lbr.c | 4 + arch/x86/kernel/apm_32.c | 2 + block/blk-cgroup.c | 78 +++-------- drivers/ata/libata-core.c | 2 +- drivers/base/firmware_loader/main.c | 35 +++-- drivers/cpufreq/qcom-cpufreq-kryo.c | 4 +- drivers/crypto/caam/caamalg.c | 8 +- drivers/crypto/chelsio/chcr_algo.c | 32 +++-- drivers/crypto/chelsio/chcr_crypto.h | 2 + drivers/crypto/mxs-dcp.c | 53 ++++---- drivers/crypto/qat/qat_c3xxx/adf_drv.c | 6 +- drivers/crypto/qat/qat_c3xxxvf/adf_drv.c | 6 +- drivers/crypto/qat/qat_c62x/adf_drv.c | 6 +- drivers/crypto/qat/qat_c62xvf/adf_drv.c | 6 +- drivers/crypto/qat/qat_dh895xcc/adf_drv.c | 6 +- drivers/crypto/qat/qat_dh895xccvf/adf_drv.c | 6 +- drivers/firmware/arm_scmi/perf.c | 8 +- drivers/gpio/gpio-adp5588.c | 24 +++- drivers/gpio/gpio-dwapb.c | 1 + drivers/gpio/gpiolib-acpi.c | 86 +++++++----- drivers/gpio/gpiolib-of.c | 1 + drivers/gpio/gpiolib.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 23 ++-- drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c | 7 +- drivers/gpu/drm/nouveau/nouveau_drm.c | 14 +- drivers/gpu/drm/nouveau/nvkm/engine/disp/base.c | 14 ++ drivers/gpu/drm/nouveau/nvkm/engine/disp/dp.c | 17 ++- drivers/gpu/drm/nouveau/nvkm/engine/disp/ior.h | 1 + drivers/gpu/drm/nouveau/nvkm/engine/disp/nv50.c | 6 +- drivers/gpu/drm/nouveau/nvkm/engine/disp/outp.c | 17 ++- drivers/gpu/drm/nouveau/nvkm/engine/disp/outp.h | 4 +- .../gpu/drm/nouveau/nvkm/subdev/devinit/gm200.c | 3 +- drivers/gpu/drm/nouveau/nvkm/subdev/mmu/vmm.c | 2 +- drivers/hid/hid-apple.c | 9 +- drivers/hid/hid-ids.h | 7 +- drivers/hid/hid-saitek.c | 2 + drivers/hid/hid-sensor-hub.c | 23 ++++ drivers/hid/i2c-hid/i2c-hid.c | 24 ++-- drivers/hid/intel-ish-hid/ipc/hw-ish.h | 1 + drivers/hid/intel-ish-hid/ipc/pci-ish.c | 1 + drivers/hv/connection.c | 8 +- drivers/i2c/busses/i2c-uniphier-f.c | 7 +- drivers/i2c/busses/i2c-uniphier.c | 7 +- drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_buffer.c | 13 +- drivers/iio/temperature/maxim_thermocouple.c | 1 - drivers/infiniband/core/ucma.c | 6 + drivers/infiniband/hw/bnxt_re/ib_verbs.c | 2 + drivers/infiniband/hw/bnxt_re/qplib_fp.c | 2 +- drivers/iommu/amd_iommu.c | 2 +- drivers/md/dm-raid.c | 144 ++++++++------------ drivers/md/dm-thin-metadata.c | 36 ++++- drivers/md/dm-thin.c | 73 ++++++++-- drivers/md/raid10.c | 5 +- drivers/md/raid5-log.h | 5 + drivers/md/raid5.c | 6 +- drivers/net/ethernet/amazon/ena/ena_com.c | 8 +- drivers/net/ethernet/amazon/ena/ena_netdev.c | 52 +++---- drivers/net/ethernet/amazon/ena/ena_netdev.h | 11 ++ drivers/net/ethernet/cadence/macb_main.c | 2 +- drivers/net/ethernet/hisilicon/hns/hnae.h | 2 + drivers/net/ethernet/hisilicon/hns/hns_ae_adapt.c | 67 ++++++++- drivers/net/ethernet/hisilicon/hns/hns_dsaf_gmac.c | 36 +++++ drivers/net/ethernet/hisilicon/hns/hns_dsaf_mac.c | 44 ++++++ drivers/net/ethernet/hisilicon/hns/hns_dsaf_mac.h | 8 ++ drivers/net/ethernet/hisilicon/hns/hns_dsaf_main.c | 29 ++++ drivers/net/ethernet/hisilicon/hns/hns_dsaf_main.h | 3 + drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.c | 23 ++++ drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.h | 1 + drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.c | 23 ++++ drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.h | 1 + drivers/net/ethernet/hisilicon/hns/hns_dsaf_reg.h | 1 + drivers/net/ethernet/hisilicon/hns/hns_enet.c | 21 ++- drivers/net/ethernet/hisilicon/hns/hns_ethtool.c | 2 + drivers/net/ethernet/ibm/emac/core.c | 6 +- drivers/net/ethernet/ibm/ibmvnic.c | 12 +- drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 12 +- drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 1 + drivers/net/ethernet/mellanox/mlx5/core/dev.c | 7 +- drivers/net/ethernet/realtek/r8169.c | 11 +- drivers/net/ethernet/renesas/sh_eth.c | 36 +++++ drivers/net/wireless/broadcom/b43/dma.c | 6 +- drivers/net/wireless/intel/iwlwifi/iwl-nvm-parse.c | 50 +------ drivers/net/wireless/mac80211_hwsim.c | 12 +- drivers/nvme/target/rdma.c | 27 +++- drivers/pinctrl/qcom/pinctrl-msm.c | 24 ++++ drivers/s390/net/qeth_core_main.c | 5 +- drivers/s390/net/qeth_l2_main.c | 2 +- drivers/s390/net/qeth_l3_main.c | 2 +- drivers/scsi/aacraid/aacraid.h | 2 +- drivers/scsi/csiostor/csio_hw.c | 71 +++++++--- drivers/scsi/csiostor/csio_hw.h | 1 + drivers/scsi/csiostor/csio_mb.c | 6 +- drivers/scsi/qedi/qedi.h | 7 +- drivers/scsi/qedi/qedi_main.c | 28 ++-- drivers/target/iscsi/iscsi_target.c | 9 +- drivers/target/iscsi/iscsi_target_login.c | 149 +++++++++++---------- drivers/target/iscsi/iscsi_target_login.h | 2 +- drivers/usb/gadget/udc/fotg210-udc.c | 15 ++- drivers/usb/host/xhci-plat.c | 27 ++-- drivers/usb/misc/yurex.c | 3 + drivers/xen/cpu_hotplug.c | 15 ++- drivers/xen/events/events_base.c | 2 +- drivers/xen/manage.c | 6 +- fs/afs/proc.c | 15 +-- fs/btrfs/ctree.h | 1 + fs/btrfs/disk-io.c | 1 + fs/btrfs/inode.c | 25 +--- fs/btrfs/ioctl.c | 16 +++ fs/btrfs/volumes.c | 7 +- fs/ceph/super.c | 16 ++- fs/cifs/cifs_unicode.c | 3 - fs/cifs/cifssmb.c | 11 +- fs/cifs/misc.c | 8 ++ fs/cifs/smb2ops.c | 2 +- fs/dcache.c | 2 +- fs/inode.c | 53 +++++++- fs/notify/fsnotify.c | 13 +- fs/ocfs2/dlm/dlmmaster.c | 4 +- fs/overlayfs/dir.c | 4 + fs/overlayfs/namei.c | 2 +- fs/overlayfs/overlayfs.h | 4 +- fs/overlayfs/util.c | 3 +- fs/proc/base.c | 14 ++ fs/xattr.c | 24 ++-- include/asm-generic/io.h | 3 +- include/linux/blk-cgroup.h | 1 - include/linux/fs.h | 6 +- include/net/cfg80211.h | 4 +- include/net/regulatory.h | 4 +- kernel/bpf/sockmap.c | 64 +++++---- kernel/bpf/verifier.c | 10 +- kernel/sched/topology.c | 5 +- mm/madvise.c | 2 +- net/core/filter.c | 57 ++++---- net/ipv4/netfilter/Kconfig | 8 +- net/ipv4/netfilter/nf_conntrack_proto_icmp.c | 8 +- net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c | 8 +- net/mac80211/ibss.c | 22 +-- net/mac80211/main.c | 28 +++- net/mac80211/mesh_hwmp.c | 4 + net/mac80211/mlme.c | 70 +++++++++- net/mac80211/tx.c | 54 ++++---- net/mac80211/util.c | 11 +- net/netfilter/Kconfig | 12 +- net/netfilter/nf_conntrack_proto_dccp.c | 12 +- net/netfilter/nf_conntrack_proto_generic.c | 8 +- net/netfilter/nf_conntrack_proto_gre.c | 8 +- net/netfilter/nf_conntrack_proto_sctp.c | 14 +- net/netfilter/nf_conntrack_proto_tcp.c | 12 +- net/netfilter/nf_conntrack_proto_udp.c | 20 +-- net/netfilter/nf_tables_api.c | 1 + net/netfilter/nfnetlink_queue.c | 1 + net/netfilter/xt_CHECKSUM.c | 22 ++- net/netfilter/xt_cluster.c | 14 +- net/netfilter/xt_hashlimit.c | 18 +-- net/tipc/diag.c | 2 + net/tipc/netlink.c | 2 + net/tipc/socket.c | 76 +++++++---- net/tipc/socket.h | 2 + net/wireless/nl80211.c | 15 ++- net/wireless/reg.c | 91 ++----------- net/wireless/util.c | 2 +- sound/pci/hda/patch_realtek.c | 1 + tools/hv/hv_fcopy_daemon.c | 1 + tools/kvm/kvm_stat/kvm_stat | 25 +++- tools/perf/arch/powerpc/util/sym-handling.c | 4 +- tools/perf/util/annotate.c | 32 ++++- tools/perf/util/annotate.h | 1 + tools/perf/util/evsel.c | 5 +- tools/perf/util/trace-event-info.c | 2 +- tools/testing/selftests/net/pmtu.sh | 7 +- tools/testing/selftests/rseq/param_test.c | 19 +-- .../tc-testing/tc-tests/actions/police.json | 48 +++++++ tools/vm/page-types.c | 6 - tools/vm/slabinfo.c | 4 +- 189 files changed, 1892 insertions(+), 1029 deletions(-)

7 years, 1 month

6
180
0 0

[PATCH 4.9 00/59] 4.9.132-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.9.132 release. There are 59 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed Oct 10 17:55:28 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.132-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.9.132-rc1 Ashish Samant <ashish.samant(a)oracle.com> ocfs2: fix locking for res->tracking and dlm->tracking_list Jann Horn <jannh(a)google.com> proc: restrict kernel stack dumps to root Ricardo Ribalda Delgado <ricardo.ribalda(a)gmail.com> gpiolib: Free the last requested descriptor Leonard Crestez <leonard.crestez(a)nxp.com> crypto: mxs-dcp - Fix wait logic on chan threads Waiman Long <longman(a)redhat.com> crypto: qat - Fix KASAN stack-out-of-bounds bug in adf_probe() Kai-Heng Feng <kai.heng.feng(a)canonical.com> ALSA: hda/realtek - Cannot adjust speaker's volume on Dell XPS 27 7760 Aurelien Aptel <aaptel(a)suse.com> smb2: fix missing files in root share directory listing Andreas Gruenbacher <agruenba(a)redhat.com> sysfs: Do not return POSIX ACL xattrs via listxattr Josh Abraham <j.abraham1776(a)gmail.com> xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage Olaf Hering <olaf(a)aepfle.de> xen: avoid crash in disable_hotplug_cpu Vitaly Kuznetsov <vkuznets(a)redhat.com> xen/manage: don't complain about an empty value in control/sysrq node Dan Carpenter <dan.carpenter(a)oracle.com> cifs: read overflow in is_valid_oplock_break() Julian Wiedmann <jwi(a)linux.ibm.com> s390/qeth: don't dump past end of unknown HW header Wenjia Zhang <wenjia(a)linux.ibm.com> s390/qeth: use vzalloc for QUERY OAT buffer Kai-Heng Feng <kai.heng.feng(a)canonical.com> r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED Miguel Ojeda <miguel.ojeda.sandonis(a)gmail.com> arm64: jump_label.h: use asm_volatile_goto macro instead of "asm goto" Randy Dunlap <rdunlap(a)infradead.org> hexagon: modify ffs() and fls() to return int Randy Dunlap <rdunlap(a)infradead.org> arch/hexagon: fix kernel/dma.c build warning Joe Thornber <ejt(a)redhat.com> dm thin metadata: try to avoid ever aborting transactions Jacek Tomaka <jacek.tomaka(a)poczta.fm> perf/x86/intel: Add support/quirk for the MISPREDICT bit on Knights Landing CPUs Netanel Belgazal <netanel(a)amazon.com> net: ena: fix driver when PAGE_SIZE == 64kB Stephen Rothwell <sfr(a)canb.auug.org.au> fs/cifs: suppress a string overflow warning Heinz Mauelshagen <heinzm(a)redhat.com> dm raid: fix rebuild of specific devices by updating superblock Ben Skeggs <bskeggs(a)redhat.com> drm/nouveau/TBDdevinit: don't fail when PMU/PRE_OS is missing from VBIOS Daniel Jurgens <danielj(a)mellanox.com> net/mlx5: Consider PCI domain in search for next dev Sagi Grimberg <sagi(a)grimberg.me> nvmet-rdma: fix possible bogus dereference under heavy load Ben Hutchings <ben.hutchings(a)codethink.co.uk> USB: yurex: Check for truncation in yurex_read() Jann Horn <jannh(a)google.com> RDMA/ucma: check fd type in ucma_migrate_id() Sandipan Das <sandipan(a)linux.ibm.com> perf probe powerpc: Ignore SyS symbols irrespective of endianness Hisao Tanabe <xtanabe(a)gmail.com> perf evsel: Fix potential null pointer dereference in perf_evsel__new_idx() Harry Mallon <hjmallon(a)gmail.com> HID: hid-saitek: Add device ID for RAT 7 Contagion Stephen Boyd <swboyd(a)chromium.org> pinctrl: msm: Really mask level interrupts to prevent latching Anton Vasilyev <vasilyev(a)ispras.ru> usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i] Sean O'Brien <seobrien(a)chromium.org> HID: add support for Apple Magic Keyboards Daniel Black <daniel(a)linux.ibm.com> mm: madvise(MADV_DODUMP): allow hugetlbfs pages Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> tools/vm/page-types.c: fix "defined but not used" warning Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> tools/vm/slabinfo.c: fix sign-compare warning Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> mac80211: shorten the IBSS debug messages Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> mac80211: don't Tx a deauth frame if the AP forbade Tx Ilan Peer <ilan.peer(a)intel.com> mac80211: Fix station bandwidth setting after channel switch Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> mac80211: fix a race between restart and CSA flows Dan Carpenter <dan.carpenter(a)oracle.com> cfg80211: fix a type issue in ieee80211_chandef_to_operating_class() Jon Kuhn <jkuhn(a)barracuda.com> fs/cifs: don't translate SFM_SLASH (U+F026) to backslash Jia-Ju Bai <baijiaju1990(a)gmail.com> net: cadence: Fix a sleep-in-atomic-context bug in macb_halt_tx() Masahiro Yamada <yamada.masahiro(a)socionext.com> i2c: uniphier-f: issue STOP only for last message or I2C_M_STOP Masahiro Yamada <yamada.masahiro(a)socionext.com> i2c: uniphier: issue STOP only for last message or I2C_M_STOP Xiao Ni <xni(a)redhat.com> RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0 Will Deacon <will.deacon(a)arm.com> ARC: atomics: unbork atomic_fetch_##op() Vincent Whitchurch <vincent.whitchurch(a)axis.com> gpio: Fix crash due to registration race Arunk Khandavalli <akhandav(a)codeaurora.org> cfg80211: nl80211_update_ft_ies() to validate NL80211_ATTR_IE Peng Li <lipeng321(a)huawei.com> net: hns: add netif_carrier_off before change speed and duplex Yuan-Chi Pang <fu3mo6goo(a)gmail.com> mac80211: mesh: fix HWMP sequence numbering to follow standard Michael Hennerich <michael.hennerich(a)analog.com> gpio: adp5588: Fix sleep-in-atomic-context bug Danek Duvall <duvall(a)comfychair.org> mac80211_hwsim: correct use of IEEE80211_VHT_CAP_RXSTBC_X Danek Duvall <duvall(a)comfychair.org> mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X Paul Mackerras <paulus(a)ozlabs.org> KVM: PPC: Book3S HV: Don't truncate HPTE index in xlate function Toke Høiland-Jørgensen <toke(a)toke.dk> mac80211: Run TXQ teardown code before de-registering interfaces Frederic Weisbecker <fweisbec(a)gmail.com> time: Introduce jiffies64_to_nsecs() Jan Kiszka <jan.kiszka(a)siemens.com> serial: mvebu-uart: Fix reporting of effective CSIZE to userspace ------------- Diffstat: Makefile | 4 +- arch/arc/include/asm/atomic.h | 2 +- arch/arm64/include/asm/jump_label.h | 4 +- arch/hexagon/include/asm/bitops.h | 4 +- arch/hexagon/kernel/dma.c | 2 +- arch/powerpc/kvm/book3s_64_mmu_hv.c | 2 +- arch/x86/events/intel/lbr.c | 4 ++ drivers/crypto/mxs-dcp.c | 53 +++++++++------- drivers/crypto/qat/qat_c3xxx/adf_drv.c | 6 +- drivers/crypto/qat/qat_c3xxxvf/adf_drv.c | 6 +- drivers/crypto/qat/qat_c62x/adf_drv.c | 6 +- drivers/crypto/qat/qat_c62xvf/adf_drv.c | 6 +- drivers/crypto/qat/qat_dh895xcc/adf_drv.c | 6 +- drivers/crypto/qat/qat_dh895xccvf/adf_drv.c | 6 +- drivers/gpio/gpio-adp5588.c | 24 +++++-- drivers/gpio/gpiolib-of.c | 1 + drivers/gpio/gpiolib.c | 2 +- .../gpu/drm/nouveau/nvkm/subdev/devinit/gm200.c | 3 +- drivers/hid/hid-apple.c | 9 ++- drivers/hid/hid-ids.h | 3 + drivers/hid/hid-saitek.c | 2 + drivers/i2c/busses/i2c-uniphier-f.c | 7 +-- drivers/i2c/busses/i2c-uniphier.c | 7 +-- drivers/infiniband/core/ucma.c | 6 ++ drivers/md/dm-raid.c | 5 ++ drivers/md/dm-thin-metadata.c | 36 ++++++++++- drivers/md/dm-thin.c | 73 +++++++++++++++++++--- drivers/md/raid10.c | 5 +- drivers/net/ethernet/amazon/ena/ena_netdev.c | 10 +-- drivers/net/ethernet/amazon/ena/ena_netdev.h | 11 ++++ drivers/net/ethernet/cadence/macb.c | 2 +- drivers/net/ethernet/hisilicon/hns/hns_ethtool.c | 2 + drivers/net/ethernet/mellanox/mlx5/core/dev.c | 7 ++- drivers/net/ethernet/realtek/r8169.c | 9 ++- drivers/net/wireless/mac80211_hwsim.c | 3 - drivers/nvme/target/rdma.c | 27 +++++++- drivers/pinctrl/qcom/pinctrl-msm.c | 24 +++++++ drivers/s390/net/qeth_core_main.c | 5 +- drivers/s390/net/qeth_l2_main.c | 2 +- drivers/s390/net/qeth_l3_main.c | 2 +- drivers/tty/serial/mvebu-uart.c | 4 +- drivers/usb/gadget/udc/fotg210-udc.c | 15 +++-- drivers/usb/misc/yurex.c | 3 + drivers/xen/cpu_hotplug.c | 15 ++--- drivers/xen/events/events_base.c | 2 +- drivers/xen/manage.c | 6 +- fs/cifs/cifs_unicode.c | 3 - fs/cifs/cifssmb.c | 11 +++- fs/cifs/misc.c | 8 +++ fs/cifs/smb2ops.c | 2 +- fs/ocfs2/dlm/dlmmaster.c | 4 +- fs/proc/base.c | 14 +++++ fs/xattr.c | 24 +++---- include/linux/jiffies.h | 2 + kernel/time/time.c | 10 +++ kernel/time/timeconst.bc | 6 ++ mm/madvise.c | 2 +- net/mac80211/ibss.c | 22 +++---- net/mac80211/main.c | 28 +++++++-- net/mac80211/mesh_hwmp.c | 4 ++ net/mac80211/mlme.c | 70 ++++++++++++++++++++- net/wireless/nl80211.c | 1 + net/wireless/util.c | 2 +- sound/pci/hda/patch_realtek.c | 1 + tools/perf/arch/powerpc/util/sym-handling.c | 4 +- tools/perf/util/evsel.c | 5 +- tools/vm/page-types.c | 6 -- tools/vm/slabinfo.c | 4 +- 68 files changed, 510 insertions(+), 166 deletions(-)

7 years, 1 month

5
64
0 0

[PATCH] drm/vc4: Set ->is_yuv to false when num_planes == 1

by Boris Brezillon

When vc4_plane_state is duplicated ->is_yuv is left assigned to its previous value, and we never set it back to false when switching to a non-YUV format. Fix that by setting ->is_yuv to false in the 'num_planes == 1' branch of the vc4_plane_setup_clipping_and_scaling() function. Fixes: fc04023fafecf ("drm/vc4: Add support for YUV planes.") Cc: <stable(a)vger.kernel.org> Signed-off-by: Boris Brezillon <boris.brezillon(a)bootlin.com> --- drivers/gpu/drm/vc4/vc4_plane.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/gpu/drm/vc4/vc4_plane.c b/drivers/gpu/drm/vc4/vc4_plane.c index d04b3c3246ba..60d5ad19cedd 100644 --- a/drivers/gpu/drm/vc4/vc4_plane.c +++ b/drivers/gpu/drm/vc4/vc4_plane.c @@ -321,6 +321,7 @@ static int vc4_plane_setup_clipping_and_scaling(struct drm_plane_state *state) if (vc4_state->is_unity) vc4_state->x_scaling[0] = VC4_SCALING_PPF; } else { + vc4_state->is_yuv = false; vc4_state->x_scaling[1] = VC4_SCALING_NONE; vc4_state->y_scaling[1] = VC4_SCALING_NONE; } -- 2.14.1

7 years, 1 month

2
1
0 0

[PATCH] usb: dwc3: gadget: Properly check last unaligned/zero chain TRB

by Thinh Nguyen

Current check for the last extra TRB for zero and unaligned transfers does not account for isoc OUT. The last TRB of the Buffer Descriptor for isoc OUT transfers will be retired with HWO=0. As a result, we won't return early. The req->remaining will be updated to include the BUFSIZ count of the extra TRB, and the actual number of transferred bytes calculation will be wrong. To fix this, check whether it's a short or zero packet and the last TRB chain bit to return early. Cc: stable(a)vger.kernel.org Fixes: c6267a51639b ("usb: dwc3: gadget: align transfers to wMaxPacketSize") Signed-off-by: Thinh Nguyen <thinhn(a)synopsys.com> --- drivers/usb/dwc3/gadget.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c index 032ea7d709ba..c09e4f784810 100644 --- a/drivers/usb/dwc3/gadget.c +++ b/drivers/usb/dwc3/gadget.c @@ -2251,7 +2251,7 @@ static int dwc3_gadget_ep_reclaim_completed_trb(struct dwc3_ep *dep, * with one TRB pending in the ring. We need to manually clear HWO bit * from that TRB. */ - if ((req->zero || req->unaligned) && (trb->ctrl & DWC3_TRB_CTRL_HWO)) { + if ((req->zero || req->unaligned) && !(trb->ctrl & DWC3_TRB_CTRL_CHN)) { trb->ctrl &= ~DWC3_TRB_CTRL_HWO; return 1; } -- 2.11.0

7 years, 1 month

2
1
0 0

[PATCH 4.18 000/235] 4.18.10-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.18.10 release. There are 235 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed Sep 26 11:30:01 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.18.10-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.18.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.18.10-rc1 Brijesh Singh <brijesh.singh(a)amd.com> crypto: ccp - add timeout support in the SEV command Dan Carpenter <dan.carpenter(a)oracle.com> mei: bus: type promotion bug in mei_nfc_if_version() Mikko Perttunen <mperttunen(a)nvidia.com> clk: tegra: bpmp: Don't crash when a clock fails to register Douglas Anderson <dianders(a)chromium.org> pinctrl: qcom: spmi-gpio: Fix pmic_gpio_config_get() to be compliant Douglas Anderson <dianders(a)chromium.org> pinctrl: msm: Fix msm_config_group_get() to be compliant Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpiolib: Respect error code of ->get_direction() Ming Lei <ming.lei(a)redhat.com> blk-mq: avoid to synchronize rcu inside blk_cleanup_queue() Ming Lei <ming.lei(a)redhat.com> blk-mq: only attempt to merge bio if there is rq in sw queue Jann Horn <jannh(a)google.com> IB/mlx5: fix uaccess beyond "count" in debugfs read/write handlers Randy Dunlap <rdunlap(a)infradead.org> block/DAC960.c: fix defined but not used build warnings Bart Van Assche <bart.vanassche(a)wdc.com> IB/nes: Fix a compiler warning Ioana Radulescu <ruxandra.radulescu(a)nxp.com> staging: fsl-dpaa2/eth: Fix DMA mapping direction Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> dmaengine: sh: rcar-dmac: avoid to write CHCR.TE to 1 if TCR is set to 0 Harry Wentland <harry.wentland(a)amd.com> drm/amd/pp: Send khz clock values to DC for smu7/8 Suzuki K Poulose <suzuki.poulose(a)arm.com> arm64: perf: Disable PMU while processing counter overflows Dan Carpenter <dan.carpenter(a)oracle.com> drm/panel: type promotion bug in s6e8aa0_read_mtp_id() Hans de Goede <hdegoede(a)redhat.com> ASoC: rt5651: Fix workqueue cancel vs irq free race on remove John Stultz <john.stultz(a)linaro.org> selftest: timers: Tweak raw_skew to SKIP when ADJ_OFFSET/other clock adjustments are in progress Sibi Sankar <sibis(a)codeaurora.org> remoteproc: qcom: q6v5-pil: fix modem hang on SDM845 after axis2 clk unvote James Smart <jsmart2021(a)gmail.com> scsi: lpfc: Fix panic if driver unloaded when port is offline James Smart <jsmart2021(a)gmail.com> scsi: lpfc: Fix NVME Target crash in defer rcv logic Hannes Reinecke <hare(a)suse.de> scsi: libfc: fixup 'sleeping function called from invalid context' Timo Wischer <twischer(a)de.adit-jv.com> ALSA: pcm: Fix snd_interval_refine first/last with open min/max Li Zhijian <lizhijian(a)cn.fujitsu.com> selftests/android: initialize heap_type to avoid compiling warning Shuah Khan (Samsung OSG) <shuah(a)kernel.org> selftests: vDSO - fix to return KSFT_SKIP when test couldn't be run Zhouyang Jia <jiazhouyang09(a)gmail.com> rtc: bq4802: add error handling for devm_ioremap Wei Lu <wei.lu2(a)amd.com> drm/amdkfd: Fix error codes in kfd_get_process Shaoyun Liu <Shaoyun.Liu(a)amd.com> drm/amdkfd: Fix kernel queue 64 bit doorbell offset calculation Paul E. McKenney <paulmck(a)linux.vnet.ibm.com> rcu: Fix grace-period hangs due to race with CPU offline Peter Rosin <peda(a)axentia.se> input: rohm_bu21023: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT) Peter Rosin <peda(a)axentia.se> mfd: 88pm860x-i2c: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT) Arnd Bergmann <arnd(a)arndb.de> rcutorture: Use monotonic timestamp for stall detection Maxime Chevallier <maxime.chevallier(a)bootlin.com> net: mvpp2: make sure we use single queue mode on PPv2.1 Linus Walleij <linus.walleij(a)linaro.org> net: gemini: Allow multiple ports to instantiate Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpiolib: Mark gpio_suffixes array with __maybe_unused Wei Yongjun <weiyongjun1(a)huawei.com> gpio: pxa: Fix potential NULL dereference Tuomas Tynkkynen <tuomas(a)tuxera.com> staging: bcm2835-audio: Don't leak workqueue if open fails Matias Bjørling <mb(a)lightnvm.io> lightnvm: pblk: enable line minor version detection Hans Holmberg <hans.holmberg(a)cnexlabs.com> lightnvm: pblk: assume that chunks are closed on 1.2 devices Dan Carpenter <dan.carpenter(a)oracle.com> ASoC: qdsp6: q6afe-dai: fix a range check in of_q6afe_parse_dai_data() Eric Yang <Eric.Yang2(a)amd.com> drm/amd/display: support access ddc for mst branch Dan Williams <dan.j.williams(a)intel.com> tools/testing/nvdimm: Fix support for emulating controller temperature Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: do checkpoint in kill_sb Suzuki K Poulose <suzuki.poulose(a)arm.com> coresight: ETM: Add support for Arm Cortex-A73 and Cortex-A35 Robin Murphy <robin.murphy(a)arm.com> coresight: tpiu: Fix disabling timeouts Suzuki K Poulose <suzuki.poulose(a)arm.com> coresight: Handle errors in finding input/output ports Quentin Perret <quentin.perret(a)arm.com> sched/fair: Fix util_avg of new tasks for asymmetric systems Julia Lawall <Julia.Lawall(a)lip6.fr> parport: sunbpp: fix error return code Boris Pismenny <borisp(a)mellanox.com> tls: Fix zerocopy_from_iter iov handling Thierry Reding <treding(a)nvidia.com> drm/nouveau: tegra: Detach from ARM DMA/IOMMU mapping Karol Herbst <karolherbst(a)gmail.com> drm/nouveau/debugfs: Wake up GPU before doing any reclocking Lyude Paul <lyude(a)redhat.com> drm/nouveau: Fix runtime PM leak in drm_open() Stefan Agner <stefan(a)agner.ch> mmc: sdhci: do not try to use 3.3V signaling if not supported Stefan Agner <stefan(a)agner.ch> mmc: tegra: prevent HS200 on Tegra 3 Laurentiu Tudor <laurentiu.tudor(a)nxp.com> mmc: sdhci-of-esdhc: set proper dma mask for ls104x chips Johan Hovold <johan(a)kernel.org> tty: fix termios input-speed encoding Johan Hovold <johan(a)kernel.org> tty: fix termios input-speed encoding when using BOTHER Alexander Sverdlin <alexander.sverdlin(a)nokia.com> serial: 8250: of: Correct of_platform_serial_setup() error handling Bartosz Golaszewski <brgl(a)bgdev.pl> gpiolib: don't allow userspace to set values of input lines Russell King <rmk+kernel(a)armlinux.org.uk> ASoC: hdmi-codec: fix routing Enrico Scholz <enrico.scholz(a)sigma-chemnitz.de> gpu: ipu-v3: csi: pass back mbus_code_to_bus_cfg error codes Rick Farrington <ricardo.farrington(a)cavium.com> liquidio: fix hang when re-binding VF host drv after running DPDK VF driver Nicholas Mc Guire <hofrat(a)osadl.org> ARM: hisi: check of_iomap and fix missing of_node_put Huazhong Tan <tanhuazhong(a)huawei.com> net: hns3: Fix return value error in hns3_reset_notify_down_enet Nicholas Mc Guire <hofrat(a)osadl.org> ARM: hisi: fix error handling and missing of_node_put Nicholas Mc Guire <hofrat(a)osadl.org> ARM: hisi: handle of_iomap and fix missing of_node_put Yunsheng Lin <linyunsheng(a)huawei.com> net: hns3: Fix for reset_level default assignment probelm Huazhong Tan <tanhuazhong(a)huawei.com> net: hns3: Reset net device with rtnl_lock Ard Biesheuvel <ard.biesheuvel(a)linaro.org> efi/esrt: Only call efi_mem_reserve() for boot services memory Andrea Parri <andrea.parri(a)amarulasolutions.com> sched/core: Use smp_mb() in wake_woken_function() Ryder Lee <ryder.lee(a)mediatek.com> arm64: dts: mt7622: update a clock property for UART0 Tony Lindgren <tony(a)atomide.com> pinctrl: pinmux: Return selector to the pinctrl driver Tony Lindgren <tony(a)atomide.com> pinctrl: rza1: Fix selector use for groups and functions Sean Wang <sean.wang(a)mediatek.com> pinctrl: mt7622: Fix probe fail by misuse the selector Mike Christie <mchristi(a)redhat.com> configfs: fix registered group removal Paul Burton <paul.burton(a)mips.com> MIPS: loongson64: cs5536: Fix PCI_OHCI_INT_REG reads Alexey Kardashevskiy <aik(a)ozlabs.ru> KVM: PPC: Book3S: Fix matching of hardware and emulated TCE tables Arvind Yadav <arvind.yadav.cs(a)gmail.com> PM / devfreq: use put_device() instead of kfree() Eric Biggers <ebiggers(a)google.com> security: check for kstrdup() failure in lsm_append() Nicholas Mc Guire <hofrat(a)osadl.org> KVM: PPC: Book3S HV: Add of_node_put() in success path Matthew Garrett <mjg59(a)google.com> evm: Don't deadlock if a crypto algorithm is unavailable Philipp Puschmann <pp(a)emlix.com> Bluetooth: Use lock_sock_nested in bt_accept_enqueue Alexandre Belloni <alexandre.belloni(a)bootlin.com> spi: dw: fix possible race condition Roman Gushchin <guro(a)fb.com> bpf: fix rcu annotations in compute_effective_progs() Miklos Szeredi <mszeredi(a)redhat.com> vfs: fix freeze protection in mnt_want_write_file() for overlayfs Jann Horn <jannh(a)google.com> mtdchar: fix overflows in adjustment of `count` Ronny Chevalier <ronny.chevalier(a)hp.com> audit: fix use-after-free in audit_add_watch Viresh Kumar <viresh.kumar(a)linaro.org> arm64: dts: uniphier: Add missing cooling device properties for CPUs Noa Osherovich <noaos(a)mellanox.com> net/mlx5: Add missing SET_DRIVER_VERSION command translation Maciej W. Rozycki <macro(a)mips.com> binfmt_elf: Respect error return from `regset->active' Johan Hovold <johan(a)kernel.org> mmc: meson-mx-sdio: fix OF child-node lookup Johan Hovold <johan(a)kernel.org> of: add helper to lookup compatible child node Trond Myklebust <trondmy(a)gmail.com> NFSv4.1 fix infinite loop on I/O. Trond Myklebust <trondmy(a)gmail.com> NFSv4: Fix a tracepoint Oops in initiate_file_draining() Boris Ostrovsky <boris.ostrovsky(a)oracle.com> x86/EISA: Don't probe EISA bus for Xen PV guests Rob Herring <robh(a)kernel.org> of: fix phandle cache creation for DTs with no phandles Adrian Hunter <adrian.hunter(a)intel.com> perf tools: Fix maps__find_symbol_by_name() Yabin Cui <yabinc(a)google.com> perf/core: Force USER_DS when recording user stack data Max Filippov <jcmvbkbc(a)gmail.com> xtensa: ISS: don't allocate memory in platform_setup Dan Carpenter <dan.carpenter(a)oracle.com> cifs: integer overflow in in SMB2_ioctl() Dan Carpenter <dan.carpenter(a)oracle.com> CIFS: fix wrapping bugs in num_entries() Dan Carpenter <dan.carpenter(a)oracle.com> cifs: prevent integer overflow in nxt_dir_entry() Oliver Neukum <oneukum(a)suse.com> Revert "cdc-acm: implement put_char() and flush_chars()" Jia-Ju Bai <baijiaju1990(a)gmail.com> usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt() Ben Hutchings <ben.hutchings(a)codethink.co.uk> USB: yurex: Fix buffer over-read in yurex_write() Johan Hovold <johan(a)kernel.org> USB: serial: ti_usb_3410_5052: fix array underflow in completion handler Jia-Ju Bai <baijiaju1990(a)gmail.com> usb: misc: uss720: Fix two sleep-in-atomic-context bugs Johan Hovold <johan(a)kernel.org> USB: serial: io_ti: fix array underflow in completion handler Alan Stern <stern(a)rowland.harvard.edu> USB: net2280: Fix erroneous synchronization change Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> usb: gadget: udc: renesas_usb3: fix maxpacket size of ep0 Maxence Duprès <xpros64(a)hotmail.fr> USB: add quirk for WORLDE Controller KS49 or Prodipe MIDI 49C USB controller Jia-Ju Bai <baijiaju1990(a)gmail.com> usb: host: u132-hcd: Fix a sleep-in-atomic-context bug in u132_get_frame() Mathias Nyman <mathias.nyman(a)linux.intel.com> usb: Avoid use-after-free by flushing endpoints early in usb_set_interface() Oliver Neukum <oneukum(a)suse.com> usb: uas: add support for more quirk flags Tim Anderson <tsa(a)biglakesoftware.com> USB: Add quirk to support DJI CineSSD Mikulas Patocka <mpatocka(a)redhat.com> dm verity: fix crash on bufio buffer that was allocated with vmalloc Tomas Winkler <tomas.winkler(a)intel.com> mei: bus: need to unlink client before freeing Tomas Winkler <tomas.winkler(a)intel.com> mei: bus: fix hw module get/put balance Alexander Usyskin <alexander.usyskin(a)intel.com> mei: ignore not found client in the enumeration Chunfeng Yun <chunfeng.yun(a)mediatek.com> usb: mtu3: fix error of xhci port id when enable U3 dual role Chunfeng Yun <chunfeng.yun(a)mediatek.com> usb: xhci: fix interrupt transfer error happened on MTK platforms Mathias Nyman <mathias.nyman(a)linux.intel.com> usb: Don't die twice if PCI xhci host is not responding in resume Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Fix use after free for URB cancellation on a reallocated endpoint Gustavo A. R. Silva <gustavo(a)embeddedor.com> misc: hmc6352: fix potential Spectre v1 Bryant G. Ly <bryantly(a)linux.ibm.com> misc: ibmvsm: Fix wrong assignment of return code K. Y. Srinivasan <kys(a)microsoft.com> Tools: hv: Fix a bug in the key delete code Stephen Hemminger <stephen(a)networkplumber.org> vmbus: don't return values for uninitalized channels Miklos Szeredi <mszeredi(a)redhat.com> ovl: fix oopses in ovl_fill_super() failure paths Corey Minyard <cminyard(a)mvista.com> ipmi: Fix I2C client removal in the SSIF driver Corey Minyard <cminyard(a)mvista.com> ipmi: Move BT capabilities detection to the detect call Corey Minyard <cminyard(a)mvista.com> ipmi: Rework SMI registration failure Andreas Kemnade <andreas(a)kemnade.info> mmc: omap_hsmmc: fix wakeirq handling on removal Ingo Franzki <ifranzki(a)linux.ibm.com> s390/crypto: Fix return code checking in cbc_paes_crypt() Aaron Knister <aaron.s.knister(a)nasa.gov> IB/ipoib: Avoid a race condition between start_xmit and cm_rep_handler Juergen Gross <jgross(a)suse.com> xen/netfront: fix waiting for xenbus state change Bin Yang <bin.yang(a)intel.com> pstore: Fix incorrect persistent ram buffer mapping Parav Pandit <parav(a)mellanox.com> RDMA/cma: Protect cma dev list with lock Xiao Liang <xiliang(a)redhat.com> xen-netfront: fix warn message as irq device name has '/' Alexandru Gagniuc <mr.nuke.me(a)gmail.com> PCI/AER: Honor "pcie_ports=native" even if HEST sets FIRMWARE_FIRST Joerg Roedel <jroedel(a)suse.de> x86/mm/pti: Add an overflow check to pti_clone_pmds() Jiang Biao <jiang.biao2(a)zte.com.cn> x86/pti: Check the return value of pti_user_pagetable_walk_pmd() Jiang Biao <jiang.biao2(a)zte.com.cn> x86/pti: Check the return value of pti_user_pagetable_walk_p4d() Michael Müller <michael(a)fds-team.de> crypto: sharah - Unregister correct algorithms for SAHARA 3 Hanna Hawa <hannah(a)marvell.com> dmaengine: mv_xor_v2: kill the tasklets upon exit Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> iommu/ipmmu-vmsa: IMUCTRn.TTSEL needs a special usage on R-Car Gen3 Niklas Cassel <niklas.cassel(a)linaro.org> regulator: qcom_spmi: Fix warning Bad of_node_put() Niklas Cassel <niklas.cassel(a)linaro.org> regulator: qcom_spmi: Use correct regmap when checking for error Rex Zhu <rex.zhu(a)amd.com> drm/amd/pp: Set Max clock level to display by default Jae Hyun Yoo <jae.hyun.yoo(a)linux.intel.com> i2c: aspeed: Fix initial values of master and slave state Pingfan Liu <kernelfans(a)gmail.com> drivers/base: stop new probing during shutdown Christoffer Dall <christoffer.dall(a)arm.com> KVM: arm/arm64: Fix vgic init race Randy Dunlap <rdunlap(a)infradead.org> platform/x86: toshiba_acpi: Fix defined but not used build warnings Julian Wiedmann <jwi(a)linux.ibm.com> s390/qeth: reset layer2 attribute on layer switch Julian Wiedmann <jwi(a)linux.ibm.com> s390/qeth: fix race in used-buffer accounting Bjorn Andersson <bjorn.andersson(a)linaro.org> soc: qcom: smem: Correct check for global partition Bhushan Shah <bshah(a)kde.org> ARM: dts: qcom: msm8974-hammerhead: increase load on l20 for sdhci Loic Poulain <loic.poulain(a)linaro.org> arm64: dts: qcom: db410c: Fix Bluetooth LED trigger Vitaly Kuznetsov <vkuznets(a)redhat.com> xen-netfront: fix queue name setting Jakub Kicinski <jakub.kicinski(a)netronome.com> nfp: avoid buffer leak when FW communication fails Yue Wang <yuleopen(a)gmail.com> ALSA: usb-audio: Generic DSD detection for Thesycon-based implementations Ard Biesheuvel <ard.biesheuvel(a)linaro.org> efi/arm: preserve early mapping of UEFI memory map longer for BGRT Leonard Crestez <leonard.crestez(a)nxp.com> reset: imx7: Fix always writing bits as 0 Mark Rutland <mark.rutland(a)arm.com> arm64: fix possible spectre-v1 write in ptrace_hbp_set_event() YueHaibing <yuehaibing(a)huawei.com> wan/fsl_ucc_hdlc: use IS_ERR_VALUE() to check return value of qe_muram_alloc Piotr Sawicki <p.sawicki2(a)partner.samsung.com> Smack: Fix handling of IPv4 traffic received by PF_INET6 sockets Manikanta Pubbisetty <mpubbise(a)codeaurora.org> mac80211: restrict delayed tailroom needed decrement Paul Cercueil <paul(a)crapouillou.net> MIPS: jz4740: Bump zload address Oder Chiou <oder_chiou(a)realtek.com> ASoC: rt5514: Fix the issue of the delay volume applied Nicholas Mc Guire <hofrat(a)osadl.org> staging: bcm2835-camera: handle wait_for_completion_timeout return properly Nicholas Mc Guire <hofrat(a)osadl.org> staging: bcm2835-camera: fix timeout handling in wait_for_completion_timeout Sandipan Das <sandipan(a)linux.ibm.com> perf script: Show correct offsets for DWARF-based unwinding Nicholas Piggin <npiggin(a)gmail.com> powerpc/powernv: opal_put_chars partial write fix Mark Rutland <mark.rutland(a)arm.com> KVM: arm/arm64: vgic: Fix possible spectre-v1 write in vgic_mmio_write_apr() Sagi Grimberg <sagi(a)grimberg.me> nvme-rdma: unquiesce queues when deleting the controller Sagi Grimberg <sagi(a)grimberg.me> nvmet: fix file discard return status Sandipan Das <sandipan(a)linux.ibm.com> perf powerpc: Fix callchain ip filtering Krzysztof Kozlowski <krzk(a)kernel.org> ARM: exynos: Clear global variable on init error path Arnd Bergmann <arnd(a)arndb.de> omapfb: rename omap2 module to omap2fb.ko Fredrik Noring <noring(a)nocrew.org> fbdev: Distinguish between interlaced and progressive modes Daniel Mack <daniel(a)zonque.org> video: fbdev: pxafb: clear allocated memory for video modes Sandipan Das <sandipan(a)linux.ibm.com> perf powerpc: Fix callchain ip filtering when return address is in a register Randy Dunlap <rdunlap(a)infradead.org> fbdev/via: fix defined but not used warning Anton Vasilyev <vasilyev(a)ispras.ru> video: goldfishfb: fix memory leak on driver remove Jiri Olsa <jolsa(a)redhat.com> perf tools: Fix struct comm_str removal crash Dan Carpenter <dan.carpenter(a)oracle.com> fbdev: omapfb: off by one in omapfb_register_client() Sandipan Das <sandipan(a)linux.ibm.com> perf tests: Fix record+probe_libc_inet_pton.sh to ensure cleanups Sandipan Das <sandipan(a)linux.ibm.com> perf tests: Fix record+probe_libc_inet_pton.sh when event exists Sandipan Das <sandipan(a)linux.ibm.com> perf tests: Fix record+probe_libc_inet_pton.sh for powerpc64 Jiri Olsa <jolsa(a)kernel.org> perf tools: Synthesize GROUP_DESC feature in pipe mode Bob Peterson <rpeterso(a)redhat.com> gfs2: Don't reject a supposedly full bitmap if we have blocks reserved Thomas Richter <tmricht(a)linux.ibm.com> perf test: Fix subtest number when showing results Todor Tomov <todor.tomov(a)linaro.org> media: ov5645: Supported external clock is 24MHz Randy Dunlap <rdunlap(a)infradead.org> mtd/maps: fix solutionengine.c printk format warnings Wei Yongjun <weiyongjun1(a)huawei.com> IB/ipoib: Fix error return code in ipoib_dev_init() Mike Snitzer <snitzer(a)redhat.com> block: allow max_discard_segments to be stacked Zhu Yanjun <yanjun.zhu(a)oracle.com> IB/rxe: Drop QP0 silently Hans Verkuil <hverkuil(a)xs4all.nl> media: videobuf2-core: check for q->error in vb2_core_qbuf() Felix Fietkau <nbd(a)nbd.name> MIPS: ath79: fix system restart John Keeping <john(a)metanate.com> dmaengine: pl330: fix irq race with terminate_all Krzysztof Ha?asa <khalasa(a)piap.pl> media: tw686x: Fix oops on buffer alloc failure Masahiro Yamada <yamada.masahiro(a)socionext.com> kbuild: do not update config when running install targets Masahiro Yamada <yamada.masahiro(a)socionext.com> kbuild: add .DELETE_ON_ERROR special target Rajan Vaja <rajan.vaja(a)xilinx.com> clk: clk-fixed-factor: Clear OF_POPULATED flag in case of failure Mikko Perttunen <mperttunen(a)nvidia.com> clk: core: Potentially free connection id Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: pxrc - fix freeing URB on device teardown Gregory CLEMENT <gregory.clement(a)bootlin.com> clk: mvebu: armada-37xx-periph: Fix wrong return value in get_parent Nicholas Mc Guire <hofrat(a)osadl.org> clk: imx6sll: fix missing of_node_put() Nicholas Mc Guire <hofrat(a)osadl.org> clk: imx6ul: fix missing of_node_put() Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Special-case rindex for gfs2_grow Golan Ben Ami <golan.ben.ami(a)intel.com> iwlwifi: cancel the injective function between hw pointers to tfd entry index Jakub Kicinski <jakub.kicinski(a)netronome.com> nfp: don't fail probe on pci_sriov_set_totalvfs() errors YueHaibing <yuehaibing(a)huawei.com> amd-xgbe: use dma_mapping_error to check map errors YueHaibing <yuehaibing(a)huawei.com> xfrm: fix 'passing zero to ERR_PTR()' warning Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Fix multiple definitions in AU0828_DEVICE() macro Jeff Crukley <jcrukley(a)gmail.com> ALSA: usb-audio: Add support for Encore mDSD USB DAC Takashi Iwai <tiwai(a)suse.de> ALSA: msnd: Fix the default sample sizes Jean-Philippe Brucker <jean-philippe.brucker(a)arm.com> iommu/io-pgtable-arm: Fix pgtable allocation in selftest Jean-Philippe Brucker <jean-philippe.brucker(a)arm.com> iommu/io-pgtable-arm-v7s: Abort allocation when table address overflows the PTE Miao Zhong <zhongmiao(a)hisilicon.com> iommu/arm-smmu-v3: sync the OVACKFLG to PRIQ consumer register Erich E. Hoover <ehoover(a)sweptlaser.com> usb: dwc3: change stream event enable bit back to 13 Tariq Toukan <tariqt(a)mellanox.com> net/mlx5: Use u16 for Work Queue buffer fragment size Roi Dayan <roid(a)mellanox.com> net/mlx5: Fix possible deadlock from lockdep when adding fte to fg Roi Dayan <roid(a)mellanox.com> net/mlx5: Fix not releasing read lock when adding flow rules Vincent Whitchurch <vincent.whitchurch(a)axis.com> tcp: really ignore MSG_ZEROCOPY if no SO_ZEROCOPY Haishuang Yan <yanhaishuang(a)cmss.chinamobile.com> erspan: return PACKET_REJECT when the appropriate tunnel is not found Haishuang Yan <yanhaishuang(a)cmss.chinamobile.com> erspan: fix error handling for erspan tunnel Jack Morgenstein <jackm(a)dev.mellanox.co.il> net/mlx5: Fix debugfs cleanup in the device init/remove flow Huy Nguyen <huyn(a)mellanox.com> net/mlx5: Check for error in mlx5_attach_interface Vakul Garg <vakul.garg(a)nxp.com> net/tls: Set count of SG entries if sk_alloc_sg returns -ENOSPC Raed Salem <raeds(a)mellanox.com> net/mlx5: E-Switch, Fix memory leak when creating switchdev mode FDB tables Cong Wang <xiyou.wangcong(a)gmail.com> tipc: orphan sock in tipc_release() Cong Wang <xiyou.wangcong(a)gmail.com> rds: fix two RCU related problems Stefan Wahren <stefan.wahren(a)i2se.com> net: qca_spi: Fix race condition in spi transfers Jack Morgenstein <jackm(a)dev.mellanox.co.il> net/mlx5: Fix use-after-free in self-healing flow Petr Oros <poros(a)redhat.com> be2net: Fix memory leak in be_cmd_get_profile_config() ------------- Diffstat: Makefile | 31 ++++-- .../dts/qcom-msm8974-lge-nexus5-hammerhead.dts | 2 + arch/arm/mach-exynos/suspend.c | 1 + arch/arm/mach-hisi/hotplug.c | 41 +++++--- arch/arm64/boot/dts/mediatek/mt7622.dtsi | 2 +- arch/arm64/boot/dts/qcom/apq8016-sbc.dtsi | 2 +- arch/arm64/boot/dts/socionext/uniphier-ld20.dtsi | 2 + arch/arm64/kernel/perf_event.c | 50 +++++----- arch/arm64/kernel/ptrace.c | 19 ++-- arch/mips/ath79/setup.c | 1 + arch/mips/include/asm/mach-ath79/ath79.h | 1 + arch/mips/jz4740/Platform | 2 +- arch/mips/loongson64/common/cs5536/cs5536_ohci.c | 2 +- arch/powerpc/kvm/book3s_64_vio.c | 5 +- arch/powerpc/kvm/book3s_hv.c | 2 + arch/powerpc/platforms/powernv/opal.c | 2 +- arch/s390/crypto/paes_s390.c | 2 +- arch/x86/kernel/eisa.c | 10 +- arch/x86/mm/pti.c | 25 ++++- arch/xtensa/platforms/iss/setup.c | 25 +++-- block/blk-core.c | 8 +- block/blk-mq-sched.c | 3 +- block/blk-settings.c | 2 +- crypto/api.c | 2 +- drivers/base/core.c | 3 + drivers/block/DAC960.c | 9 +- drivers/char/ipmi/ipmi_bt_sm.c | 92 ++++++++--------- drivers/char/ipmi/ipmi_msghandler.c | 53 +++++----- drivers/char/ipmi/ipmi_si_intf.c | 17 +--- drivers/char/ipmi/ipmi_ssif.c | 30 ++---- drivers/clk/clk-fixed-factor.c | 9 +- drivers/clk/clk.c | 3 + drivers/clk/imx/clk-imx6sll.c | 1 + drivers/clk/imx/clk-imx6ul.c | 1 + drivers/clk/mvebu/armada-37xx-periph.c | 3 - drivers/clk/tegra/clk-bpmp.c | 12 ++- drivers/crypto/ccp/psp-dev.c | 46 ++++++++- drivers/crypto/sahara.c | 4 +- drivers/devfreq/devfreq.c | 4 +- drivers/dma/mv_xor_v2.c | 2 + drivers/dma/pl330.c | 5 +- drivers/dma/sh/rcar-dmac.c | 5 +- drivers/firmware/efi/arm-init.c | 1 - drivers/firmware/efi/arm-runtime.c | 4 +- drivers/firmware/efi/esrt.c | 3 +- drivers/gpio/gpio-pxa.c | 2 + drivers/gpio/gpiolib.c | 14 ++- drivers/gpio/gpiolib.h | 2 +- drivers/gpu/drm/amd/amdkfd/kfd_doorbell.c | 9 +- drivers/gpu/drm/amd/amdkfd/kfd_process.c | 2 + drivers/gpu/drm/amd/display/dc/core/dc_link.c | 4 + drivers/gpu/drm/amd/powerplay/amd_powerplay.c | 9 +- drivers/gpu/drm/amd/powerplay/hwmgr/smu7_hwmgr.c | 8 +- drivers/gpu/drm/amd/powerplay/hwmgr/smu8_hwmgr.c | 6 +- drivers/gpu/drm/nouveau/nouveau_debugfs.c | 4 + drivers/gpu/drm/nouveau/nouveau_drm.c | 6 +- drivers/gpu/drm/nouveau/nvkm/engine/device/tegra.c | 13 +++ drivers/gpu/drm/panel/panel-samsung-s6e8aa0.c | 2 +- drivers/gpu/ipu-v3/ipu-csi.c | 20 +++- drivers/hv/vmbus_drv.c | 3 + drivers/hwtracing/coresight/coresight-etm4x.c | 31 +++--- drivers/hwtracing/coresight/coresight-tpiu.c | 7 +- drivers/hwtracing/coresight/coresight.c | 7 +- drivers/i2c/busses/i2c-aspeed.c | 4 +- drivers/infiniband/core/cma.c | 12 ++- drivers/infiniband/hw/mlx5/cong.c | 9 +- drivers/infiniband/hw/mlx5/mr.c | 32 ++---- drivers/infiniband/hw/nes/nes.h | 2 +- drivers/infiniband/sw/rxe/rxe_recv.c | 9 +- drivers/infiniband/ulp/ipoib/ipoib_cm.c | 2 + drivers/infiniband/ulp/ipoib/ipoib_main.c | 3 +- drivers/input/joystick/pxrc.c | 66 ++++++------- drivers/input/touchscreen/rohm_bu21023.c | 4 +- drivers/iommu/arm-smmu-v3.c | 1 + drivers/iommu/io-pgtable-arm-v7s.c | 7 +- drivers/iommu/io-pgtable-arm.c | 3 +- drivers/iommu/ipmmu-vmsa.c | 8 ++ drivers/lightnvm/pblk-init.c | 5 +- drivers/lightnvm/pblk-recovery.c | 5 +- drivers/md/dm-verity-target.c | 24 ++++- drivers/media/common/videobuf2/videobuf2-core.c | 5 + drivers/media/i2c/ov5645.c | 13 +-- drivers/media/pci/tw686x/tw686x-video.c | 11 ++- drivers/mfd/88pm860x-i2c.c | 8 +- drivers/misc/hmc6352.c | 2 + drivers/misc/ibmvmc.c | 2 +- drivers/misc/mei/bus-fixup.c | 2 +- drivers/misc/mei/bus.c | 12 +-- drivers/misc/mei/hbm.c | 9 +- drivers/mmc/host/meson-mx-sdio.c | 8 +- drivers/mmc/host/omap_hsmmc.c | 1 + drivers/mmc/host/sdhci-of-esdhc.c | 6 ++ drivers/mmc/host/sdhci-tegra.c | 3 +- drivers/mmc/host/sdhci.c | 9 +- drivers/mtd/maps/solutionengine.c | 6 +- drivers/mtd/mtdchar.c | 10 +- drivers/net/ethernet/amd/xgbe/xgbe-desc.c | 7 +- .../ethernet/cavium/liquidio/cn23xx_pf_device.c | 3 + .../ethernet/cavium/liquidio/cn23xx_vf_device.c | 3 + drivers/net/ethernet/cortina/gemini.c | 5 +- drivers/net/ethernet/emulex/benet/be_cmds.c | 2 +- drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 8 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 5 +- drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 6 ++ drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 1 + drivers/net/ethernet/mellanox/mlx5/core/dev.c | 15 ++- .../ethernet/mellanox/mlx5/core/eswitch_offloads.c | 1 + drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 76 +++++++------- drivers/net/ethernet/mellanox/mlx5/core/health.c | 10 +- drivers/net/ethernet/mellanox/mlx5/core/main.c | 12 ++- drivers/net/ethernet/mellanox/mlx5/core/wq.c | 4 +- drivers/net/ethernet/mellanox/mlx5/core/wq.h | 2 +- drivers/net/ethernet/netronome/nfp/nfp_main.c | 20 ++-- .../net/ethernet/netronome/nfp/nfp_net_common.c | 13 ++- drivers/net/ethernet/qualcomm/qca_7k.c | 76 +++++++------- drivers/net/ethernet/qualcomm/qca_spi.c | 110 +++++++++++---------- drivers/net/ethernet/qualcomm/qca_spi.h | 5 - drivers/net/wan/fsl_ucc_hdlc.c | 6 +- drivers/net/wireless/intel/iwlwifi/pcie/internal.h | 12 ++- drivers/net/wireless/intel/iwlwifi/pcie/tx.c | 11 ++- drivers/net/xen-netfront.c | 30 +++--- drivers/nvme/host/rdma.c | 2 + drivers/nvme/target/io-cmd-file.c | 18 ++-- drivers/of/base.c | 28 ++++++ drivers/parport/parport_sunbpp.c | 8 +- drivers/pci/pcie/aer.c | 6 ++ drivers/pinctrl/mediatek/pinctrl-mt7622.c | 4 +- drivers/pinctrl/pinctrl-rza1.c | 24 ++--- drivers/pinctrl/pinmux.c | 16 ++- drivers/pinctrl/qcom/pinctrl-msm.c | 14 ++- drivers/pinctrl/qcom/pinctrl-spmi-gpio.c | 32 ++++-- drivers/platform/x86/toshiba_acpi.c | 3 +- drivers/regulator/qcom_spmi-regulator.c | 34 ++++--- drivers/remoteproc/qcom_q6v5_pil.c | 1 - drivers/reset/reset-imx7.c | 2 +- drivers/rtc/rtc-bq4802.c | 4 + drivers/s390/net/qeth_core_main.c | 3 +- drivers/s390/net/qeth_core_sys.c | 1 + drivers/scsi/libfc/fc_disc.c | 7 +- drivers/scsi/lpfc/lpfc_nvme.c | 5 +- drivers/scsi/lpfc/lpfc_nvmet.c | 12 ++- drivers/soc/qcom/smem.c | 10 +- drivers/spi/spi-dw.c | 3 +- drivers/staging/fsl-dpaa2/ethernet/dpaa2-eth.c | 2 +- .../vc04_services/bcm2835-audio/bcm2835-vchiq.c | 16 +-- .../vc04_services/bcm2835-camera/bcm2835-camera.c | 7 +- .../vc04_services/bcm2835-camera/mmal-vchiq.c | 11 ++- drivers/tty/serial/8250/8250_of.c | 2 +- drivers/tty/tty_baudrate.c | 13 ++- drivers/usb/class/cdc-acm.c | 73 -------------- drivers/usb/class/cdc-acm.h | 1 - drivers/usb/class/cdc-wdm.c | 2 +- drivers/usb/core/hcd-pci.c | 2 - drivers/usb/core/message.c | 11 +++ drivers/usb/core/quirks.c | 7 ++ drivers/usb/dwc3/gadget.h | 2 +- drivers/usb/gadget/udc/net2280.c | 16 ++- drivers/usb/gadget/udc/renesas_usb3.c | 5 +- drivers/usb/host/u132-hcd.c | 2 +- drivers/usb/host/xhci-mem.c | 4 + drivers/usb/host/xhci.c | 30 ++++++ drivers/usb/misc/uss720.c | 4 +- drivers/usb/misc/yurex.c | 5 +- drivers/usb/mtu3/mtu3_core.c | 6 +- drivers/usb/mtu3/mtu3_hw_regs.h | 1 + drivers/usb/serial/io_ti.h | 2 +- drivers/usb/serial/ti_usb_3410_5052.c | 2 +- drivers/usb/storage/scsiglue.c | 9 ++ drivers/usb/storage/uas.c | 21 ++++ drivers/usb/storage/unusual_devs.h | 7 ++ drivers/video/fbdev/core/modedb.c | 41 +++++--- drivers/video/fbdev/goldfishfb.c | 1 + drivers/video/fbdev/omap/omapfb_main.c | 2 +- drivers/video/fbdev/omap2/omapfb/Makefile | 4 +- drivers/video/fbdev/pxafb.c | 4 +- drivers/video/fbdev/via/viafbdev.c | 3 +- fs/binfmt_elf.c | 2 +- fs/cifs/readdir.c | 11 ++- fs/cifs/smb2pdu.c | 29 +++--- fs/configfs/dir.c | 11 +++ fs/f2fs/super.c | 16 ++- fs/gfs2/bmap.c | 2 +- fs/gfs2/rgrp.c | 3 +- fs/namespace.c | 7 +- fs/nfs/nfs4proc.c | 10 +- fs/nfs/nfs4state.c | 2 + fs/nfs/nfs4trace.h | 2 +- fs/overlayfs/super.c | 26 ++--- fs/pstore/ram_core.c | 17 +++- include/linux/crypto.h | 5 + include/linux/mlx5/driver.h | 4 +- include/linux/of.h | 8 ++ kernel/audit_watch.c | 12 ++- kernel/bpf/cgroup.c | 7 +- kernel/events/core.c | 4 + kernel/rcu/rcutorture.c | 5 +- kernel/rcu/tree.c | 6 ++ kernel/rcu/tree.h | 4 + kernel/sched/fair.c | 10 +- kernel/sched/wait.c | 47 ++++----- net/bluetooth/af_bluetooth.c | 2 +- net/core/skbuff.c | 3 - net/ipv4/ip_gre.c | 5 + net/ipv4/tcp.c | 2 +- net/mac80211/cfg.c | 2 +- net/mac80211/key.c | 24 +++-- net/rds/bind.c | 5 +- net/tipc/socket.c | 1 + net/tls/tls_sw.c | 14 ++- net/xfrm/xfrm_policy.c | 5 +- scripts/Kbuild.include | 3 + security/integrity/evm/evm_crypto.c | 3 +- security/security.c | 2 + security/smack/smack_lsm.c | 14 ++- sound/core/pcm_lib.c | 14 ++- sound/isa/msnd/msnd_pinnacle.c | 4 +- sound/soc/codecs/hdmi-codec.c | 21 ++-- sound/soc/codecs/rt5514.c | 8 +- sound/soc/codecs/rt5651.c | 22 +++-- sound/soc/qcom/qdsp6/q6afe-dai.c | 2 +- sound/usb/quirks-table.h | 3 +- sound/usb/quirks.c | 2 + tools/hv/hv_kvp_daemon.c | 2 +- tools/perf/arch/powerpc/util/skip-callchain-idx.c | 10 +- tools/perf/tests/builtin-test.c | 2 +- .../tests/shell/record+probe_libc_inet_pton.sh | 36 ++++++- tools/perf/util/comm.c | 16 ++- tools/perf/util/header.c | 2 +- tools/perf/util/machine.c | 9 +- tools/perf/util/map.c | 11 +++ tools/perf/util/unwind-libdw.c | 2 +- tools/perf/util/unwind-libunwind-local.c | 2 +- tools/testing/nvdimm/test/nfit.c | 3 +- .../testing/selftests/android/ion/ionapp_export.c | 1 + tools/testing/selftests/timers/raw_skew.c | 5 + tools/testing/selftests/vDSO/vdso_test.c | 7 +- virt/kvm/arm/vgic/vgic-init.c | 4 + virt/kvm/arm/vgic/vgic-mmio-v2.c | 3 + 238 files changed, 1599 insertions(+), 926 deletions(-)

7 years, 1 month

10
260
0 0

[git:media_tree/master] media: v4l2-tpg: fix kernel oops when enabling HFLIP and OSD

by Mauro Carvalho Chehab

This is an automatic generated email to let you know that the following patch were queued: Subject: media: v4l2-tpg: fix kernel oops when enabling HFLIP and OSD Author: Hans Verkuil <hverkuil(a)xs4all.nl> Date: Mon Oct 8 15:08:27 2018 -0400 When the OSD is on (i.e. vivid displays text on top of the test pattern), and you enable hflip, then the driver crashes. The cause turned out to be a division of a negative number by an unsigned value. You expect that -8 / 2U would be -4, but in reality it is 2147483644 :-( Fixes: 3e14e7a82c1ef ("vivid-tpg: add hor/vert downsampling support to tpg_gen_text") Signed-off-by: Hans Verkuil <hans.verkuil(a)cisco.com> Reported-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> Cc: <stable(a)vger.kernel.org> # for v4.1 and up Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> drivers/media/common/v4l2-tpg/v4l2-tpg-core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- diff --git a/drivers/media/common/v4l2-tpg/v4l2-tpg-core.c b/drivers/media/common/v4l2-tpg/v4l2-tpg-core.c index 76b125ebee6d..fa483b95bc5a 100644 --- a/drivers/media/common/v4l2-tpg/v4l2-tpg-core.c +++ b/drivers/media/common/v4l2-tpg/v4l2-tpg-core.c @@ -1801,7 +1801,7 @@ typedef struct { u16 __; u8 _; } __packed x24; pos[7] = (chr & (0x01 << 0) ? fg : bg); \ } \ \ - pos += (tpg->hflip ? -8 : 8) / hdiv; \ + pos += (tpg->hflip ? -8 : 8) / (int)hdiv; \ } \ } \ } while (0)

7 years, 1 month

1
0
0 0

[PATCH v4 1/3] x86/xen: fix boot loader version reported for pvh guests

by Juergen Gross

The boot loader version reported via sysfs is wrong in case of the kernel being booted via the Xen PVH boot entry. it should be 2.12 (0x020c), but it is reported to be 2.18 (0x0212). As the current way to set the version is error prone use the more readable variant (2 << 8) | 12. Cc: <stable(a)vger.kernel.org> # 4.12 Signed-off-by: Juergen Gross <jgross(a)suse.com> --- arch/x86/xen/enlighten_pvh.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/xen/enlighten_pvh.c b/arch/x86/xen/enlighten_pvh.c index c85d1a88f476..f7f77023288a 100644 --- a/arch/x86/xen/enlighten_pvh.c +++ b/arch/x86/xen/enlighten_pvh.c @@ -75,7 +75,7 @@ static void __init init_pvh_bootparams(void) * Version 2.12 supports Xen entry point but we will use default x86/PC * environment (i.e. hardware_subarch 0). */ - pvh_bootparams.hdr.version = 0x212; + pvh_bootparams.hdr.version = (2 << 8) | 12; pvh_bootparams.hdr.type_of_loader = (9 << 4) | 0; /* Xen loader */ x86_init.acpi.get_root_pointer = pvh_get_root_pointer; -- 2.16.4

7 years, 1 month

1
0
0 0

FAILED: patch "[PATCH] firmware: Always initialize the fw_priv list object" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 7012040576c6ae25a47035659ee48673612c2c27 Mon Sep 17 00:00:00 2001 From: Bjorn Andersson <bjorn.andersson(a)linaro.org> Date: Wed, 19 Sep 2018 18:09:38 -0700 Subject: [PATCH] firmware: Always initialize the fw_priv list object When freeing the fw_priv the item is taken off the list. This causes an oops in the FW_OPT_NOCACHE case as the list object is not initialized. Make sure to initialize the list object regardless of this flag. Fixes: 422b3db2a503 ("firmware: Fix security issue with request_firmware_into_buf()") Cc: stable(a)vger.kernel.org Cc: Rishabh Bhatnagar <rishabhb(a)codeaurora.org> Signed-off-by: Bjorn Andersson <bjorn.andersson(a)linaro.org> Reviewed-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/base/firmware_loader/main.c b/drivers/base/firmware_loader/main.c index b3c0498ee433..8e9213b36e31 100644 --- a/drivers/base/firmware_loader/main.c +++ b/drivers/base/firmware_loader/main.c @@ -226,8 +226,11 @@ static int alloc_lookup_fw_priv(const char *fw_name, } tmp = __allocate_fw_priv(fw_name, fwc, dbuf, size); - if (tmp && !(opt_flags & FW_OPT_NOCACHE)) - list_add(&tmp->list, &fwc->head); + if (tmp) { + INIT_LIST_HEAD(&tmp->list); + if (!(opt_flags & FW_OPT_NOCACHE)) + list_add(&tmp->list, &fwc->head); + } spin_unlock(&fwc->lock); *fw_priv = tmp;

7 years, 1 month

3
2
0 0

[PATCH net-next] net/ipv6: stop leaking percpu memory in fib6 info

by Mike Rapoport

The fib6_info_alloc() function allocates percpu memory to hold per CPU pointers to rt6_info, but this memory is never freed. Fix it. Fixes: a64efe142f5e ("net/ipv6: introduce fib6_info struct and helpers") Signed-off-by: Mike Rapoport <rppt(a)linux.vnet.ibm.com> Cc: stable(a)vger.kernel.org --- net/ipv6/ip6_fib.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/ipv6/ip6_fib.c b/net/ipv6/ip6_fib.c index cf709eadc932..cc7de7eb8b9c 100644 --- a/net/ipv6/ip6_fib.c +++ b/net/ipv6/ip6_fib.c @@ -194,6 +194,8 @@ void fib6_info_destroy_rcu(struct rcu_head *head) *ppcpu_rt = NULL; } } + + free_percpu(f6i->rt6i_pcpu); } lwtstate_put(f6i->fib6_nh.nh_lwtstate); -- 2.7.4

7 years, 1 month

3
3
0 0

[merged] ocfs2-fix-locking-for-res-tracking-and-dlm-tracking_list.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: ocfs2: fix locking for res->tracking and dlm->tracking_list has been removed from the -mm tree. Its filename was ocfs2-fix-locking-for-res-tracking-and-dlm-tracking_list.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Ashish Samant <ashish.samant(a)oracle.com> Subject: ocfs2: fix locking for res->tracking and dlm->tracking_list In dlm_init_lockres() we access and modify res->tracking and dlm->tracking_list without holding dlm->track_lock. This can cause list corruptions and can end up in kernel panic. Fix this by locking res->tracking and dlm->tracking_list with dlm->track_lock instead of dlm->spinlock. Link: http://lkml.kernel.org/r/1529951192-4686-1-git-send-email-ashish.samant@ora… Signed-off-by: Ashish Samant <ashish.samant(a)oracle.com> Reviewed-by: Changwei Ge <ge.changwei(a)h3c.com> Acked-by: Joseph Qi <jiangqi903(a)gmail.com> Acked-by: Jun Piao <piaojun(a)huawei.com> Cc: Mark Fasheh <mark(a)fasheh.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Changwei Ge <ge.changwei(a)h3c.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/ocfs2/dlm/dlmmaster.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/fs/ocfs2/dlm/dlmmaster.c~ocfs2-fix-locking-for-res-tracking-and-dlm-tracking_list +++ a/fs/ocfs2/dlm/dlmmaster.c @@ -584,9 +584,9 @@ static void dlm_init_lockres(struct dlm_ res->last_used = 0; - spin_lock(&dlm->spinlock); + spin_lock(&dlm->track_lock); list_add_tail(&res->tracking, &dlm->tracking_list); - spin_unlock(&dlm->spinlock); + spin_unlock(&dlm->track_lock); memset(res->lvb, 0, DLM_LVB_LEN); memset(res->refmap, 0, sizeof(res->refmap)); _ Patches currently in -mm which might be from ashish.samant(a)oracle.com are

7 years, 1 month

1
0
0 0

[merged] mm-vmstat-skip-nr_tlb_remote_flush-properly.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly has been removed from the -mm tree. Its filename was mm-vmstat-skip-nr_tlb_remote_flush-properly.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Jann Horn <jannh(a)google.com> Subject: mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly 5dd0b16cdaff ("mm/vmstat: Make NR_TLB_REMOTE_FLUSH_RECEIVED available even on UP") made the availability of the NR_TLB_REMOTE_FLUSH* counters inside the kernel unconditional to reduce #ifdef soup, but (either to avoid showing dummy zero counters to userspace, or because that code was missed) didn't update the vmstat_array, meaning that all following counters would be shown with incorrect values. This only affects kernel builds with CONFIG_VM_EVENT_COUNTERS=y && CONFIG_DEBUG_TLBFLUSH=y && CONFIG_SMP=n. Link: http://lkml.kernel.org/r/20181001143138.95119-2-jannh@google.com Fixes: 5dd0b16cdaff ("mm/vmstat: Make NR_TLB_REMOTE_FLUSH_RECEIVED available even on UP") Signed-off-by: Jann Horn <jannh(a)google.com> Reviewed-by: Kees Cook <keescook(a)chromium.org> Reviewed-by: Andrew Morton <akpm(a)linux-foundation.org> Acked-by: Michal Hocko <mhocko(a)suse.com> Acked-by: Roman Gushchin <guro(a)fb.com> Cc: Davidlohr Bueso <dave(a)stgolabs.net> Cc: Oleg Nesterov <oleg(a)redhat.com> Cc: Christoph Lameter <clameter(a)sgi.com> Cc: Kemi Wang <kemi.wang(a)intel.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Ingo Molnar <mingo(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/vmstat.c | 3 +++ 1 file changed, 3 insertions(+) --- a/mm/vmstat.c~mm-vmstat-skip-nr_tlb_remote_flush-properly +++ a/mm/vmstat.c @@ -1275,6 +1275,9 @@ const char * const vmstat_text[] = { #ifdef CONFIG_SMP "nr_tlb_remote_flush", "nr_tlb_remote_flush_received", +#else + "", /* nr_tlb_remote_flush */ + "", /* nr_tlb_remote_flush_received */ #endif /* CONFIG_SMP */ "nr_tlb_local_flush_all", "nr_tlb_local_flush_one", _ Patches currently in -mm which might be from jannh(a)google.com are mm-vmstat-assert-that-vmstat_text-is-in-sync-with-stat_items_size.patch reiserfs-propagate-errors-from-fill_with_dentries-properly.patch

7 years, 1 month

1
0
0 0

[merged] proc-restrict-kernel-stack-dumps-to-root.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: proc: restrict kernel stack dumps to root has been removed from the -mm tree. Its filename was proc-restrict-kernel-stack-dumps-to-root.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Jann Horn <jannh(a)google.com> Subject: proc: restrict kernel stack dumps to root Currently, you can use /proc/self/task/*/stack to cause a stack walk on a task you control while it is running on another CPU. That means that the stack can change under the stack walker. The stack walker does have guards against going completely off the rails and into random kernel memory, but it can interpret random data from your kernel stack as instruction pointers and stack pointers. This can cause exposure of kernel stack contents to userspace. Restrict the ability to inspect kernel stacks of arbitrary tasks to root in order to prevent a local attacker from exploiting racy stack unwinding to leak kernel task stack contents. See the added comment for a longer rationale. There don't seem to be any users of this userspace API that can't gracefully bail out if reading from the file fails. Therefore, I believe that this change is unlikely to break things. In the case that this patch does end up needing a revert, the next-best solution might be to fake a single-entry stack based on wchan. Link: http://lkml.kernel.org/r/20180927153316.200286-1-jannh@google.com Fixes: 2ec220e27f50 ("proc: add /proc/*/stack") Signed-off-by: Jann Horn <jannh(a)google.com> Acked-by: Kees Cook <keescook(a)chromium.org> Cc: Alexey Dobriyan <adobriyan(a)gmail.com> Cc: Ken Chen <kenchen(a)google.com> Cc: Will Deacon <will.deacon(a)arm.com> Cc: Laura Abbott <labbott(a)redhat.com> Cc: Andy Lutomirski <luto(a)amacapital.net> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Josh Poimboeuf <jpoimboe(a)redhat.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: "H . Peter Anvin" <hpa(a)zytor.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/proc/base.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) --- a/fs/proc/base.c~proc-restrict-kernel-stack-dumps-to-root +++ a/fs/proc/base.c @@ -407,6 +407,20 @@ static int proc_pid_stack(struct seq_fil unsigned long *entries; int err; + /* + * The ability to racily run the kernel stack unwinder on a running task + * and then observe the unwinder output is scary; while it is useful for + * debugging kernel issues, it can also allow an attacker to leak kernel + * stack contents. + * Doing this in a manner that is at least safe from races would require + * some work to ensure that the remote task can not be scheduled; and + * even then, this would still expose the unwinder as local attack + * surface. + * Therefore, this interface is restricted to root. + */ + if (!file_ns_capable(m->file, &init_user_ns, CAP_SYS_ADMIN)) + return -EACCES; + entries = kmalloc_array(MAX_STACK_TRACE_DEPTH, sizeof(*entries), GFP_KERNEL); if (!entries) _ Patches currently in -mm which might be from jannh(a)google.com are mm-vmstat-assert-that-vmstat_text-is-in-sync-with-stat_items_size.patch reiserfs-propagate-errors-from-fill_with_dentries-properly.patch

7 years, 1 month

1
0
0 0

[merged] mm-thp-fix-mlocking-thp-page-with-migration-enabled.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm, thp: fix mlocking THP page with migration enabled has been removed from the -mm tree. Its filename was mm-thp-fix-mlocking-thp-page-with-migration-enabled.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: "Kirill A. Shutemov" <kirill.shutemov(a)linux.intel.com> Subject: mm, thp: fix mlocking THP page with migration enabled A transparent huge page is represented by a single entry on an LRU list. Therefore, we can only make unevictable an entire compound page, not individual subpages. If a user tries to mlock() part of a huge page, we want the rest of the page to be reclaimable. We handle this by keeping PTE-mapped huge pages on normal LRU lists: the PMD on border of VM_LOCKED VMA will be split into PTE table. Introduction of THP migration breaks[1] the rules around mlocking THP pages. If we had a single PMD mapping of the page in mlocked VMA, the page will get mlocked, regardless of PTE mappings of the page. For tmpfs/shmem it's easy to fix by checking PageDoubleMap() in remove_migration_pmd(). Anon THP pages can only be shared between processes via fork(). Mlocked page can only be shared if parent mlocked it before forking, otherwise CoW will be triggered on mlock(). For Anon-THP, we can fix the issue by munlocking the page on removing PTE migration entry for the page. PTEs for the page will always come after mlocked PMD: rmap walks VMAs from oldest to newest. Test-case: #include <unistd.h> #include <sys/mman.h> #include <sys/wait.h> #include <linux/mempolicy.h> #include <numaif.h> int main(void) { unsigned long nodemask = 4; void *addr; addr = mmap((void *)0x20000000UL, 2UL << 20, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS | MAP_LOCKED, -1, 0); if (fork()) { wait(NULL); return 0; } mlock(addr, 4UL << 10); mbind(addr, 2UL << 20, MPOL_PREFERRED | MPOL_F_RELATIVE_NODES, &nodemask, 4, MPOL_MF_MOVE); return 0; } [1] https://lkml.kernel.org/r/CAOMGZ=G52R-30rZvhGxEbkTw7rLLwBGadVYeo--iizcD3upL… Link: http://lkml.kernel.org/r/20180917133816.43995-1-kirill.shutemov@linux.intel… Fixes: 616b8371539a ("mm: thp: enable thp migration in generic path") Signed-off-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Reported-by: Vegard Nossum <vegard.nossum(a)oracle.com> Reviewed-by: Zi Yan <zi.yan(a)cs.rutgers.edu> Cc: Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: <stable(a)vger.kernel.org> [4.14+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/huge_memory.c | 2 +- mm/migrate.c | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) --- a/mm/huge_memory.c~mm-thp-fix-mlocking-thp-page-with-migration-enabled +++ a/mm/huge_memory.c @@ -2931,7 +2931,7 @@ void remove_migration_pmd(struct page_vm else page_add_file_rmap(new, true); set_pmd_at(mm, mmun_start, pvmw->pmd, pmde); - if (vma->vm_flags & VM_LOCKED) + if ((vma->vm_flags & VM_LOCKED) && !PageDoubleMap(new)) mlock_vma_page(new); update_mmu_cache_pmd(vma, address, pvmw->pmd); } --- a/mm/migrate.c~mm-thp-fix-mlocking-thp-page-with-migration-enabled +++ a/mm/migrate.c @@ -275,6 +275,9 @@ static bool remove_migration_pte(struct if (vma->vm_flags & VM_LOCKED && !PageTransCompound(new)) mlock_vma_page(new); + if (PageTransHuge(page) && PageMlocked(page)) + clear_page_mlock(page); + /* No need to invalidate - it was non-present before */ update_mmu_cache(vma, pvmw.address, pvmw.pte); } _ Patches currently in -mm which might be from kirill.shutemov(a)linux.intel.com are

7 years, 1 month

1
0
0 0

[merged] mm-migration-fix-migration-of-huge-pmd-shared-pages.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm: migration: fix migration of huge PMD shared pages has been removed from the -mm tree. Its filename was mm-migration-fix-migration-of-huge-pmd-shared-pages.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Mike Kravetz <mike.kravetz(a)oracle.com> Subject: mm: migration: fix migration of huge PMD shared pages The page migration code employs try_to_unmap() to try and unmap the source page. This is accomplished by using rmap_walk to find all vmas where the page is mapped. This search stops when page mapcount is zero. For shared PMD huge pages, the page map count is always 1 no matter the number of mappings. Shared mappings are tracked via the reference count of the PMD page. Therefore, try_to_unmap stops prematurely and does not completely unmap all mappings of the source page. This problem can result is data corruption as writes to the original source page can happen after contents of the page are copied to the target page. Hence, data is lost. This problem was originally seen as DB corruption of shared global areas after a huge page was soft offlined due to ECC memory errors. DB developers noticed they could reproduce the issue by (hotplug) offlining memory used to back huge pages. A simple testcase can reproduce the problem by creating a shared PMD mapping (note that this must be at least PUD_SIZE in size and PUD_SIZE aligned (1GB on x86)), and using migrate_pages() to migrate process pages between nodes while continually writing to the huge pages being migrated. To fix, have the try_to_unmap_one routine check for huge PMD sharing by calling huge_pmd_unshare for hugetlbfs huge pages. If it is a shared mapping it will be 'unshared' which removes the page table entry and drops the reference on the PMD page. After this, flush caches and TLB. mmu notifiers are called before locking page tables, but we can not be sure of PMD sharing until page tables are locked. Therefore, check for the possibility of PMD sharing before locking so that notifiers can prepare for the worst possible case. Link: http://lkml.kernel.org/r/20180823205917.16297-2-mike.kravetz@oracle.com [mike.kravetz(a)oracle.com: make _range_in_vma() a static inline] Link: http://lkml.kernel.org/r/6063f215-a5c8-2f0c-465a-2c515ddc952d@oracle.com Fixes: 39dde65c9940 ("shared page table for hugetlb page") Signed-off-by: Mike Kravetz <mike.kravetz(a)oracle.com> Acked-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Reviewed-by: Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Davidlohr Bueso <dave(a)stgolabs.net> Cc: Jerome Glisse <jglisse(a)redhat.com> Cc: Mike Kravetz <mike.kravetz(a)oracle.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/hugetlb.h | 14 ++++++++++++ include/linux/mm.h | 6 +++++ mm/hugetlb.c | 37 +++++++++++++++++++++++++++++++-- mm/rmap.c | 42 +++++++++++++++++++++++++++++++++++--- 4 files changed, 94 insertions(+), 5 deletions(-) --- a/include/linux/hugetlb.h~mm-migration-fix-migration-of-huge-pmd-shared-pages +++ a/include/linux/hugetlb.h @@ -140,6 +140,8 @@ pte_t *huge_pte_alloc(struct mm_struct * pte_t *huge_pte_offset(struct mm_struct *mm, unsigned long addr, unsigned long sz); int huge_pmd_unshare(struct mm_struct *mm, unsigned long *addr, pte_t *ptep); +void adjust_range_if_pmd_sharing_possible(struct vm_area_struct *vma, + unsigned long *start, unsigned long *end); struct page *follow_huge_addr(struct mm_struct *mm, unsigned long address, int write); struct page *follow_huge_pd(struct vm_area_struct *vma, @@ -170,6 +172,18 @@ static inline unsigned long hugetlb_tota return 0; } +static inline int huge_pmd_unshare(struct mm_struct *mm, unsigned long *addr, + pte_t *ptep) +{ + return 0; +} + +static inline void adjust_range_if_pmd_sharing_possible( + struct vm_area_struct *vma, + unsigned long *start, unsigned long *end) +{ +} + #define follow_hugetlb_page(m,v,p,vs,a,b,i,w,n) ({ BUG(); 0; }) #define follow_huge_addr(mm, addr, write) ERR_PTR(-EINVAL) #define copy_hugetlb_page_range(src, dst, vma) ({ BUG(); 0; }) --- a/include/linux/mm.h~mm-migration-fix-migration-of-huge-pmd-shared-pages +++ a/include/linux/mm.h @@ -2455,6 +2455,12 @@ static inline struct vm_area_struct *fin return vma; } +static inline bool range_in_vma(struct vm_area_struct *vma, + unsigned long start, unsigned long end) +{ + return (vma && vma->vm_start <= start && end <= vma->vm_end); +} + #ifdef CONFIG_MMU pgprot_t vm_get_page_prot(unsigned long vm_flags); void vma_set_page_prot(struct vm_area_struct *vma); --- a/mm/hugetlb.c~mm-migration-fix-migration-of-huge-pmd-shared-pages +++ a/mm/hugetlb.c @@ -4545,13 +4545,41 @@ static bool vma_shareable(struct vm_area /* * check on proper vm_flags and page table alignment */ - if (vma->vm_flags & VM_MAYSHARE && - vma->vm_start <= base && end <= vma->vm_end) + if (vma->vm_flags & VM_MAYSHARE && range_in_vma(vma, base, end)) return true; return false; } /* + * Determine if start,end range within vma could be mapped by shared pmd. + * If yes, adjust start and end to cover range associated with possible + * shared pmd mappings. + */ +void adjust_range_if_pmd_sharing_possible(struct vm_area_struct *vma, + unsigned long *start, unsigned long *end) +{ + unsigned long check_addr = *start; + + if (!(vma->vm_flags & VM_MAYSHARE)) + return; + + for (check_addr = *start; check_addr < *end; check_addr += PUD_SIZE) { + unsigned long a_start = check_addr & PUD_MASK; + unsigned long a_end = a_start + PUD_SIZE; + + /* + * If sharing is possible, adjust start/end if necessary. + */ + if (range_in_vma(vma, a_start, a_end)) { + if (a_start < *start) + *start = a_start; + if (a_end > *end) + *end = a_end; + } + } +} + +/* * Search for a shareable pmd page for hugetlb. In any case calls pmd_alloc() * and returns the corresponding pte. While this is not necessary for the * !shared pmd case because we can allocate the pmd later as well, it makes the @@ -4648,6 +4676,11 @@ int huge_pmd_unshare(struct mm_struct *m { return 0; } + +void adjust_range_if_pmd_sharing_possible(struct vm_area_struct *vma, + unsigned long *start, unsigned long *end) +{ +} #define want_pmd_share() (0) #endif /* CONFIG_ARCH_WANT_HUGE_PMD_SHARE */ --- a/mm/rmap.c~mm-migration-fix-migration-of-huge-pmd-shared-pages +++ a/mm/rmap.c @@ -1362,11 +1362,21 @@ static bool try_to_unmap_one(struct page } /* - * We have to assume the worse case ie pmd for invalidation. Note that - * the page can not be free in this function as call of try_to_unmap() - * must hold a reference on the page. + * For THP, we have to assume the worse case ie pmd for invalidation. + * For hugetlb, it could be much worse if we need to do pud + * invalidation in the case of pmd sharing. + * + * Note that the page can not be free in this function as call of + * try_to_unmap() must hold a reference on the page. */ end = min(vma->vm_end, start + (PAGE_SIZE << compound_order(page))); + if (PageHuge(page)) { + /* + * If sharing is possible, start and end will be adjusted + * accordingly. + */ + adjust_range_if_pmd_sharing_possible(vma, &start, &end); + } mmu_notifier_invalidate_range_start(vma->vm_mm, start, end); while (page_vma_mapped_walk(&pvmw)) { @@ -1409,6 +1419,32 @@ static bool try_to_unmap_one(struct page subpage = page - page_to_pfn(page) + pte_pfn(*pvmw.pte); address = pvmw.address; + if (PageHuge(page)) { + if (huge_pmd_unshare(mm, &address, pvmw.pte)) { + /* + * huge_pmd_unshare unmapped an entire PMD + * page. There is no way of knowing exactly + * which PMDs may be cached for this mm, so + * we must flush them all. start/end were + * already adjusted above to cover this range. + */ + flush_cache_range(vma, start, end); + flush_tlb_range(vma, start, end); + mmu_notifier_invalidate_range(mm, start, end); + + /* + * The ref count of the PMD page was dropped + * which is part of the way map counting + * is done for shared PMDs. Return 'true' + * here. When there is no other sharing, + * huge_pmd_unshare returns false and we will + * unmap the actual page and drop map count + * to zero. + */ + page_vma_mapped_walk_done(&pvmw); + break; + } + } if (IS_ENABLED(CONFIG_MIGRATION) && (flags & TTU_MIGRATION) && _ Patches currently in -mm which might be from mike.kravetz(a)oracle.com are

7 years, 1 month

1
0
0 0

[PATCH v7 5/5] drm/i915: Fix intel_dp_mst_best_encoder()

by Lyude Paul

Currently, i915 appears to rely on blocking modesets on no-longer-present MSTB ports by simply returning NULL for ->best_encoder(), which in turn causes any new atomic commits that don't disable the CRTC to fail. This is wrong however, since we still want to allow userspace to disable CRTCs on no-longer-present MSTB ports by changing the DPMS state to off and this still requires that we retrieve an encoder. So, fix this by always returning a valid encoder regardless of the state of the MST port. Changes since v1: - Remove mst atomic helper, since this got replaced with a much simpler solution Signed-off-by: Lyude Paul <lyude(a)redhat.com> Reviewed-by: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/i915/intel_dp_mst.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_dp_mst.c b/drivers/gpu/drm/i915/intel_dp_mst.c index 0f14c0d1669c..7f155b4f1a7d 100644 --- a/drivers/gpu/drm/i915/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/intel_dp_mst.c @@ -404,8 +404,6 @@ static struct drm_encoder *intel_mst_atomic_best_encoder(struct drm_connector *c struct intel_dp *intel_dp = intel_connector->mst_port; struct intel_crtc *crtc = to_intel_crtc(state->crtc); - if (!READ_ONCE(connector->registered)) - return NULL; return &intel_dp->mst_encoders[crtc->pipe]->base.base; } -- 2.17.1

7 years, 1 month

1
0
0 0

[PATCH v7 4/5] drm/i915: Skip vcpi allocation for MSTB ports that are gone

by Lyude Paul

Since we need to be able to allow DPMS on->off prop changes after an MST port has disappeared from the system, we need to be able to make sure we can compute a config for the resulting atomic commit. Currently this is impossible when the port has disappeared, since the VCPI slot searching we try to do in intel_dp_mst_compute_config() will fail with -EINVAL. Since the only commits we want to allow on no-longer-present MST ports are ones that shut off display hardware, we already know that no VCPI allocations are needed. So, hardcode the VCPI slot count to 0 when intel_dp_mst_compute_config() is called on an MST port that's gone. Changes since V4: - Don't use mst_port_gone at all, just check whether or not the drm connector is registered - Daniel Vetter Signed-off-by: Lyude Paul <lyude(a)redhat.com> Reviewed-by: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/i915/intel_dp_mst.c | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_dp_mst.c b/drivers/gpu/drm/i915/intel_dp_mst.c index aa21742d8634..0f14c0d1669c 100644 --- a/drivers/gpu/drm/i915/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/intel_dp_mst.c @@ -38,11 +38,11 @@ static bool intel_dp_mst_compute_config(struct intel_encoder *encoder, struct intel_dp_mst_encoder *intel_mst = enc_to_mst(&encoder->base); struct intel_digital_port *intel_dig_port = intel_mst->primary; struct intel_dp *intel_dp = &intel_dig_port->dp; - struct intel_connector *connector = - to_intel_connector(conn_state->connector); + struct drm_connector *connector = conn_state->connector; + void *port = to_intel_connector(connector)->port; struct drm_atomic_state *state = pipe_config->base.state; int bpp; - int lane_count, slots; + int lane_count, slots = 0; const struct drm_display_mode *adjusted_mode = &pipe_config->base.adjusted_mode; int mst_pbn; bool constant_n = drm_dp_has_quirk(&intel_dp->desc, @@ -70,17 +70,23 @@ static bool intel_dp_mst_compute_config(struct intel_encoder *encoder, pipe_config->port_clock = intel_dp_max_link_rate(intel_dp); - if (drm_dp_mst_port_has_audio(&intel_dp->mst_mgr, connector->port)) + if (drm_dp_mst_port_has_audio(&intel_dp->mst_mgr, port)) pipe_config->has_audio = true; mst_pbn = drm_dp_calc_pbn_mode(adjusted_mode->crtc_clock, bpp); pipe_config->pbn = mst_pbn; - slots = drm_dp_atomic_find_vcpi_slots(state, &intel_dp->mst_mgr, - connector->port, mst_pbn); - if (slots < 0) { - DRM_DEBUG_KMS("failed finding vcpi slots:%d\n", slots); - return false; + /* Zombie connectors can't have VCPI slots */ + if (READ_ONCE(connector->registered)) { + slots = drm_dp_atomic_find_vcpi_slots(state, + &intel_dp->mst_mgr, + port, + mst_pbn); + if (slots < 0) { + DRM_DEBUG_KMS("failed finding vcpi slots:%d\n", + slots); + return false; + } } intel_link_compute_m_n(bpp, lane_count, -- 2.17.1

7 years, 1 month

1
0
0 0

[PATCH v7 3/5] drm/i915: Don't unset intel_connector->mst_port

by Lyude Paul

Currently we set intel_connector->mst_port to NULL to signify that the MST port has been removed from the system so that we can prevent further action on the port such as connector probes, mode probing, etc. However, we're going to need access to intel_connector->mst_port in order to fixup ->best_encoder() so that it can always return the correct encoder for an MST port to prevent legacy DPMS prop changes from failing. This should be safe, so instead keep intel_connector->mst_port always set and instead just check the status of drm_connector->regustered to signify whether or not the connector has disappeared from the system. Changes since v2: - Add a comment to mst_port_gone (Jani Nikula) - Change mst_port_gone to a u8 instead of a bool, per the kernel bot. Apparently bool is discouraged in structs these days Changes since v4: - Don't use mst_port_gone at all! Just check if the connector is registered or not - Daniel Vetter Signed-off-by: Lyude Paul <lyude(a)redhat.com> Reviewed-by: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/i915/intel_dp_mst.c | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_dp_mst.c b/drivers/gpu/drm/i915/intel_dp_mst.c index 43db2e9ac575..aa21742d8634 100644 --- a/drivers/gpu/drm/i915/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/intel_dp_mst.c @@ -307,9 +307,8 @@ static int intel_dp_mst_get_ddc_modes(struct drm_connector *connector) struct edid *edid; int ret; - if (!intel_dp) { + if (!READ_ONCE(connector->registered)) return intel_connector_update_modes(connector, NULL); - } edid = drm_dp_mst_get_edid(connector, &intel_dp->mst_mgr, intel_connector->port); ret = intel_connector_update_modes(connector, edid); @@ -324,9 +323,10 @@ intel_dp_mst_detect(struct drm_connector *connector, bool force) struct intel_connector *intel_connector = to_intel_connector(connector); struct intel_dp *intel_dp = intel_connector->mst_port; - if (!intel_dp) + if (!READ_ONCE(connector->registered)) return connector_status_disconnected; - return drm_dp_mst_detect_port(connector, &intel_dp->mst_mgr, intel_connector->port); + return drm_dp_mst_detect_port(connector, &intel_dp->mst_mgr, + intel_connector->port); } static void @@ -366,7 +366,7 @@ intel_dp_mst_mode_valid(struct drm_connector *connector, int bpp = 24; /* MST uses fixed bpp */ int max_rate, mode_rate, max_lanes, max_link_clock; - if (!intel_dp) + if (!READ_ONCE(connector->registered)) return MODE_ERROR; if (mode->flags & DRM_MODE_FLAG_DBLSCAN) @@ -398,7 +398,7 @@ static struct drm_encoder *intel_mst_atomic_best_encoder(struct drm_connector *c struct intel_dp *intel_dp = intel_connector->mst_port; struct intel_crtc *crtc = to_intel_crtc(state->crtc); - if (!intel_dp) + if (!READ_ONCE(connector->registered)) return NULL; return &intel_dp->mst_encoders[crtc->pipe]->base.base; } @@ -499,7 +499,6 @@ static void intel_dp_register_mst_connector(struct drm_connector *connector) static void intel_dp_destroy_mst_connector(struct drm_dp_mst_topology_mgr *mgr, struct drm_connector *connector) { - struct intel_connector *intel_connector = to_intel_connector(connector); struct drm_i915_private *dev_priv = to_i915(connector->dev); DRM_DEBUG_KMS("[CONNECTOR:%d:%s]\n", connector->base.id, connector->name); @@ -508,10 +507,6 @@ static void intel_dp_destroy_mst_connector(struct drm_dp_mst_topology_mgr *mgr, if (dev_priv->fbdev) drm_fb_helper_remove_one_connector(&dev_priv->fbdev->helper, connector); - /* prevent race with the check in ->detect */ - drm_modeset_lock(&connector->dev->mode_config.connection_mutex, NULL); - intel_connector->mst_port = NULL; - drm_modeset_unlock(&connector->dev->mode_config.connection_mutex); drm_connector_put(connector); } -- 2.17.1

7 years, 1 month

1
0
0 0

[PATCH v7 2/5] drm/nouveau: Fix nv50_mstc->best_encoder()

by Lyude Paul

As mentioned in the previous commit, we currently prevent new modesets on recently-removed MST connectors by returning no encoder from our ->best_encoder() callback once the MST port has disappeared. This is wrong however, because it prevents legacy modesetting users from being able to disable CRTCs on MST connectors after the connector's respective topology has disappeared. So, fix this by instead by just always returning a valid encoder. Changes since v2: - Remove usage of atomic MST helper for now, since that got replaced with a much simpler solution Signed-off-by: Lyude Paul <lyude(a)redhat.com> Reviewed-by: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/nouveau/dispnv50/disp.c | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/drivers/gpu/drm/nouveau/dispnv50/disp.c b/drivers/gpu/drm/nouveau/dispnv50/disp.c index 9f32b10c7c29..31b94bc9ec90 100644 --- a/drivers/gpu/drm/nouveau/dispnv50/disp.c +++ b/drivers/gpu/drm/nouveau/dispnv50/disp.c @@ -843,22 +843,16 @@ nv50_mstc_atomic_best_encoder(struct drm_connector *connector, { struct nv50_head *head = nv50_head(connector_state->crtc); struct nv50_mstc *mstc = nv50_mstc(connector); - if (mstc->port) { - struct nv50_mstm *mstm = mstc->mstm; - return &mstm->msto[head->base.index]->encoder; - } - return NULL; + + return &mstc->mstm->msto[head->base.index]->encoder; } static struct drm_encoder * nv50_mstc_best_encoder(struct drm_connector *connector) { struct nv50_mstc *mstc = nv50_mstc(connector); - if (mstc->port) { - struct nv50_mstm *mstm = mstc->mstm; - return &mstm->msto[0]->encoder; - } - return NULL; + + return &mstc->mstm->msto[0]->encoder; } static enum drm_mode_status -- 2.17.1

7 years, 1 month

1
0
0 0

FAILED: patch "[PATCH] powerpc: Avoid code patching freed init sections" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 51c3c62b58b357e8d35e4cc32f7b4ec907426fe3 Mon Sep 17 00:00:00 2001 From: Michael Neuling <mikey(a)neuling.org> Date: Fri, 14 Sep 2018 11:14:11 +1000 Subject: [PATCH] powerpc: Avoid code patching freed init sections This stops us from doing code patching in init sections after they've been freed. In this chain: kvm_guest_init() -> kvm_use_magic_page() -> fault_in_pages_readable() -> __get_user() -> __get_user_nocheck() -> barrier_nospec(); We have a code patching location at barrier_nospec() and kvm_guest_init() is an init function. This whole chain gets inlined, so when we free the init section (hence kvm_guest_init()), this code goes away and hence should no longer be patched. We seen this as userspace memory corruption when using a memory checker while doing partition migration testing on powervm (this starts the code patching post migration via /sys/kernel/mobility/migration). In theory, it could also happen when using /sys/kernel/debug/powerpc/barrier_nospec. Cc: stable(a)vger.kernel.org # 4.13+ Signed-off-by: Michael Neuling <mikey(a)neuling.org> Reviewed-by: Nicholas Piggin <npiggin(a)gmail.com> Reviewed-by: Christophe Leroy <christophe.leroy(a)c-s.fr> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> diff --git a/arch/powerpc/include/asm/setup.h b/arch/powerpc/include/asm/setup.h index 1a951b00465d..1fffbba8d6a5 100644 --- a/arch/powerpc/include/asm/setup.h +++ b/arch/powerpc/include/asm/setup.h @@ -9,6 +9,7 @@ extern void ppc_printk_progress(char *s, unsigned short hex); extern unsigned int rtas_data; extern unsigned long long memory_limit; +extern bool init_mem_is_free; extern unsigned long klimit; extern void *zalloc_maybe_bootmem(size_t size, gfp_t mask); diff --git a/arch/powerpc/lib/code-patching.c b/arch/powerpc/lib/code-patching.c index 850f3b8f4da5..6ae2777c220d 100644 --- a/arch/powerpc/lib/code-patching.c +++ b/arch/powerpc/lib/code-patching.c @@ -28,6 +28,12 @@ static int __patch_instruction(unsigned int *exec_addr, unsigned int instr, { int err; + /* Make sure we aren't patching a freed init section */ + if (init_mem_is_free && init_section_contains(exec_addr, 4)) { + pr_debug("Skipping init section patching addr: 0x%px\n", exec_addr); + return 0; + } + __put_user_size(instr, patch_addr, 4, err); if (err) return err; diff --git a/arch/powerpc/mm/mem.c b/arch/powerpc/mm/mem.c index 5c8530d0c611..04ccb274a620 100644 --- a/arch/powerpc/mm/mem.c +++ b/arch/powerpc/mm/mem.c @@ -63,6 +63,7 @@ #endif unsigned long long memory_limit; +bool init_mem_is_free; #ifdef CONFIG_HIGHMEM pte_t *kmap_pte; @@ -396,6 +397,7 @@ void free_initmem(void) { ppc_md.progress = ppc_printk_progress; mark_initmem_nx(); + init_mem_is_free = true; free_initmem_default(POISON_FREE_INITMEM); }

7 years, 1 month

2
1
0 0

[PATCH v6 5/5] drm/i915: Fix intel_dp_mst_best_encoder()

by Lyude Paul

Currently, i915 appears to rely on blocking modesets on no-longer-present MSTB ports by simply returning NULL for ->best_encoder(), which in turn causes any new atomic commits that don't disable the CRTC to fail. This is wrong however, since we still want to allow userspace to disable CRTCs on no-longer-present MSTB ports by changing the DPMS state to off and this still requires that we retrieve an encoder. So, fix this by always returning a valid encoder regardless of the state of the MST port. Changes since v1: - Remove mst atomic helper, since this got replaced with a much simpler solution Signed-off-by: Lyude Paul <lyude(a)redhat.com> Reviewed-by: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/i915/intel_dp_mst.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_dp_mst.c b/drivers/gpu/drm/i915/intel_dp_mst.c index 0f14c0d1669c..7f155b4f1a7d 100644 --- a/drivers/gpu/drm/i915/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/intel_dp_mst.c @@ -404,8 +404,6 @@ static struct drm_encoder *intel_mst_atomic_best_encoder(struct drm_connector *c struct intel_dp *intel_dp = intel_connector->mst_port; struct intel_crtc *crtc = to_intel_crtc(state->crtc); - if (!READ_ONCE(connector->registered)) - return NULL; return &intel_dp->mst_encoders[crtc->pipe]->base.base; } -- 2.17.1

7 years, 1 month

1
0
0 0

[PATCH v6 4/5] drm/i915: Skip vcpi allocation for MSTB ports that are gone

by Lyude Paul

Since we need to be able to allow DPMS on->off prop changes after an MST port has disappeared from the system, we need to be able to make sure we can compute a config for the resulting atomic commit. Currently this is impossible when the port has disappeared, since the VCPI slot searching we try to do in intel_dp_mst_compute_config() will fail with -EINVAL. Since the only commits we want to allow on no-longer-present MST ports are ones that shut off display hardware, we already know that no VCPI allocations are needed. So, hardcode the VCPI slot count to 0 when intel_dp_mst_compute_config() is called on an MST port that's gone. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Reviewed-by: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: stable(a)vger.kernel.org Changes since V4: - Don't use mst_port_gone at all, just check whether or not the drm connector is registered - Daniel Vetter Signed-off-by: Lyude Paul <lyude(a)redhat.com> --- drivers/gpu/drm/i915/intel_dp_mst.c | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_dp_mst.c b/drivers/gpu/drm/i915/intel_dp_mst.c index aa21742d8634..0f14c0d1669c 100644 --- a/drivers/gpu/drm/i915/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/intel_dp_mst.c @@ -38,11 +38,11 @@ static bool intel_dp_mst_compute_config(struct intel_encoder *encoder, struct intel_dp_mst_encoder *intel_mst = enc_to_mst(&encoder->base); struct intel_digital_port *intel_dig_port = intel_mst->primary; struct intel_dp *intel_dp = &intel_dig_port->dp; - struct intel_connector *connector = - to_intel_connector(conn_state->connector); + struct drm_connector *connector = conn_state->connector; + void *port = to_intel_connector(connector)->port; struct drm_atomic_state *state = pipe_config->base.state; int bpp; - int lane_count, slots; + int lane_count, slots = 0; const struct drm_display_mode *adjusted_mode = &pipe_config->base.adjusted_mode; int mst_pbn; bool constant_n = drm_dp_has_quirk(&intel_dp->desc, @@ -70,17 +70,23 @@ static bool intel_dp_mst_compute_config(struct intel_encoder *encoder, pipe_config->port_clock = intel_dp_max_link_rate(intel_dp); - if (drm_dp_mst_port_has_audio(&intel_dp->mst_mgr, connector->port)) + if (drm_dp_mst_port_has_audio(&intel_dp->mst_mgr, port)) pipe_config->has_audio = true; mst_pbn = drm_dp_calc_pbn_mode(adjusted_mode->crtc_clock, bpp); pipe_config->pbn = mst_pbn; - slots = drm_dp_atomic_find_vcpi_slots(state, &intel_dp->mst_mgr, - connector->port, mst_pbn); - if (slots < 0) { - DRM_DEBUG_KMS("failed finding vcpi slots:%d\n", slots); - return false; + /* Zombie connectors can't have VCPI slots */ + if (READ_ONCE(connector->registered)) { + slots = drm_dp_atomic_find_vcpi_slots(state, + &intel_dp->mst_mgr, + port, + mst_pbn); + if (slots < 0) { + DRM_DEBUG_KMS("failed finding vcpi slots:%d\n", + slots); + return false; + } } intel_link_compute_m_n(bpp, lane_count, -- 2.17.1

7 years, 1 month

1
0
0 0

[PATCH v6 3/5] drm/i915: Don't unset intel_connector->mst_port

by Lyude Paul

Currently we set intel_connector->mst_port to NULL to signify that the MST port has been removed from the system so that we can prevent further action on the port such as connector probes, mode probing, etc. However, we're going to need access to intel_connector->mst_port in order to fixup ->best_encoder() so that it can always return the correct encoder for an MST port to prevent legacy DPMS prop changes from failing. This should be safe, so instead keep intel_connector->mst_port always set and instead just check the status of drm_connector->regustered to signify whether or not the connector has disappeared from the system. Changes since v2: - Add a comment to mst_port_gone (Jani Nikula) - Change mst_port_gone to a u8 instead of a bool, per the kernel bot. Apparently bool is discouraged in structs these days Changes since v4: - Don't use mst_port_gone at all! Just check if the connector is registered or not - Daniel Vetter Signed-off-by: Lyude Paul <lyude(a)redhat.com> Reviewed-by: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/i915/intel_dp_mst.c | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_dp_mst.c b/drivers/gpu/drm/i915/intel_dp_mst.c index 43db2e9ac575..aa21742d8634 100644 --- a/drivers/gpu/drm/i915/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/intel_dp_mst.c @@ -307,9 +307,8 @@ static int intel_dp_mst_get_ddc_modes(struct drm_connector *connector) struct edid *edid; int ret; - if (!intel_dp) { + if (!READ_ONCE(connector->registered)) return intel_connector_update_modes(connector, NULL); - } edid = drm_dp_mst_get_edid(connector, &intel_dp->mst_mgr, intel_connector->port); ret = intel_connector_update_modes(connector, edid); @@ -324,9 +323,10 @@ intel_dp_mst_detect(struct drm_connector *connector, bool force) struct intel_connector *intel_connector = to_intel_connector(connector); struct intel_dp *intel_dp = intel_connector->mst_port; - if (!intel_dp) + if (!READ_ONCE(connector->registered)) return connector_status_disconnected; - return drm_dp_mst_detect_port(connector, &intel_dp->mst_mgr, intel_connector->port); + return drm_dp_mst_detect_port(connector, &intel_dp->mst_mgr, + intel_connector->port); } static void @@ -366,7 +366,7 @@ intel_dp_mst_mode_valid(struct drm_connector *connector, int bpp = 24; /* MST uses fixed bpp */ int max_rate, mode_rate, max_lanes, max_link_clock; - if (!intel_dp) + if (!READ_ONCE(connector->registered)) return MODE_ERROR; if (mode->flags & DRM_MODE_FLAG_DBLSCAN) @@ -398,7 +398,7 @@ static struct drm_encoder *intel_mst_atomic_best_encoder(struct drm_connector *c struct intel_dp *intel_dp = intel_connector->mst_port; struct intel_crtc *crtc = to_intel_crtc(state->crtc); - if (!intel_dp) + if (!READ_ONCE(connector->registered)) return NULL; return &intel_dp->mst_encoders[crtc->pipe]->base.base; } @@ -499,7 +499,6 @@ static void intel_dp_register_mst_connector(struct drm_connector *connector) static void intel_dp_destroy_mst_connector(struct drm_dp_mst_topology_mgr *mgr, struct drm_connector *connector) { - struct intel_connector *intel_connector = to_intel_connector(connector); struct drm_i915_private *dev_priv = to_i915(connector->dev); DRM_DEBUG_KMS("[CONNECTOR:%d:%s]\n", connector->base.id, connector->name); @@ -508,10 +507,6 @@ static void intel_dp_destroy_mst_connector(struct drm_dp_mst_topology_mgr *mgr, if (dev_priv->fbdev) drm_fb_helper_remove_one_connector(&dev_priv->fbdev->helper, connector); - /* prevent race with the check in ->detect */ - drm_modeset_lock(&connector->dev->mode_config.connection_mutex, NULL); - intel_connector->mst_port = NULL; - drm_modeset_unlock(&connector->dev->mode_config.connection_mutex); drm_connector_put(connector); } -- 2.17.1

7 years, 1 month

1
0
0 0

[PATCH v6 2/5] drm/nouveau: Fix nv50_mstc->best_encoder()

by Lyude Paul

As mentioned in the previous commit, we currently prevent new modesets on recently-removed MST connectors by returning no encoder from our ->best_encoder() callback once the MST port has disappeared. This is wrong however, because it prevents legacy modesetting users from being able to disable CRTCs on MST connectors after the connector's respective topology has disappeared. So, fix this by instead by just always returning a valid encoder. Changes since v2: - Remove usage of atomic MST helper for now, since that got replaced with a much simpler solution Signed-off-by: Lyude Paul <lyude(a)redhat.com> Reviewed-by: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/nouveau/dispnv50/disp.c | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/drivers/gpu/drm/nouveau/dispnv50/disp.c b/drivers/gpu/drm/nouveau/dispnv50/disp.c index 9f32b10c7c29..31b94bc9ec90 100644 --- a/drivers/gpu/drm/nouveau/dispnv50/disp.c +++ b/drivers/gpu/drm/nouveau/dispnv50/disp.c @@ -843,22 +843,16 @@ nv50_mstc_atomic_best_encoder(struct drm_connector *connector, { struct nv50_head *head = nv50_head(connector_state->crtc); struct nv50_mstc *mstc = nv50_mstc(connector); - if (mstc->port) { - struct nv50_mstm *mstm = mstc->mstm; - return &mstm->msto[head->base.index]->encoder; - } - return NULL; + + return &mstc->mstm->msto[head->base.index]->encoder; } static struct drm_encoder * nv50_mstc_best_encoder(struct drm_connector *connector) { struct nv50_mstc *mstc = nv50_mstc(connector); - if (mstc->port) { - struct nv50_mstm *mstm = mstc->mstm; - return &mstm->msto[0]->encoder; - } - return NULL; + + return &mstc->mstm->msto[0]->encoder; } static enum drm_mode_status -- 2.17.1

7 years, 1 month

1
0
0 0

[PATCH v6 1/5] drm/atomic_helper: Disallow new modesets on unregistered connectors

by Lyude Paul

With the exception of modesets which would switch the DPMS state of a connector from on to off, we want to make sure that we disallow all modesets which would result in enabling a new monitor or a new mode configuration on a monitor if the connector for the display in question is no longer registered. This allows us to stop userspace from trying to enable new displays on connectors for an MST topology that were just removed from the system, without preventing userspace from disabling DPMS on those connectors. Changes since v5: - Fix typo in comment, nothing else Signed-off-by: Lyude Paul <lyude(a)redhat.com> Reviewed-by: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/drm_atomic_helper.c | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/drm_atomic_helper.c b/drivers/gpu/drm/drm_atomic_helper.c index 6f66777dca4b..e6a2cf72de5e 100644 --- a/drivers/gpu/drm/drm_atomic_helper.c +++ b/drivers/gpu/drm/drm_atomic_helper.c @@ -319,6 +319,26 @@ update_connector_routing(struct drm_atomic_state *state, return 0; } + crtc_state = drm_atomic_get_new_crtc_state(state, + new_connector_state->crtc); + /* + * For compatibility with legacy users, we want to make sure that + * we allow DPMS On->Off modesets on unregistered connectors. Modesets + * which would result in anything else must be considered invalid, to + * avoid turning on new displays on dead connectors. + * + * Since the connector can be unregistered at any point during an + * atomic check or commit, this is racy. But that's OK: all we care + * about is ensuring that userspace can't do anything but shut off the + * display on a connector that was destroyed after its been notified, + * not before. + */ + if (!READ_ONCE(connector->registered) && crtc_state->active) { + DRM_DEBUG_ATOMIC("[CONNECTOR:%d:%s] is not registered\n", + connector->base.id, connector->name); + return -EINVAL; + } + funcs = connector->helper_private; if (funcs->atomic_best_encoder) @@ -363,7 +383,6 @@ update_connector_routing(struct drm_atomic_state *state, set_best_encoder(state, new_connector_state, new_encoder); - crtc_state = drm_atomic_get_new_crtc_state(state, new_connector_state->crtc); crtc_state->connectors_changed = true; DRM_DEBUG_ATOMIC("[CONNECTOR:%d:%s] using [ENCODER:%d:%s] on [CRTC:%d:%s]\n", -- 2.17.1

7 years, 1 month

1
0
0 0

[PATCH v5 5/5] drm/i915: Fix intel_dp_mst_best_encoder()

by Lyude Paul

Currently, i915 appears to rely on blocking modesets on no-longer-present MSTB ports by simply returning NULL for ->best_encoder(), which in turn causes any new atomic commits that don't disable the CRTC to fail. This is wrong however, since we still want to allow userspace to disable CRTCs on no-longer-present MSTB ports by changing the DPMS state to off and this still requires that we retrieve an encoder. So, fix this by always returning a valid encoder regardless of the state of the MST port. Changes since v1: - Remove mst atomic helper, since this got replaced with a much simpler solution Signed-off-by: Lyude Paul <lyude(a)redhat.com> Reviewed-by: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/i915/intel_dp_mst.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_dp_mst.c b/drivers/gpu/drm/i915/intel_dp_mst.c index 0f14c0d1669c..7f155b4f1a7d 100644 --- a/drivers/gpu/drm/i915/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/intel_dp_mst.c @@ -404,8 +404,6 @@ static struct drm_encoder *intel_mst_atomic_best_encoder(struct drm_connector *c struct intel_dp *intel_dp = intel_connector->mst_port; struct intel_crtc *crtc = to_intel_crtc(state->crtc); - if (!READ_ONCE(connector->registered)) - return NULL; return &intel_dp->mst_encoders[crtc->pipe]->base.base; } -- 2.17.1

7 years, 1 month

1
0
0 0

[PATCH v5 4/5] drm/i915: Skip vcpi allocation for MSTB ports that are gone

by Lyude Paul

Since we need to be able to allow DPMS on->off prop changes after an MST port has disappeared from the system, we need to be able to make sure we can compute a config for the resulting atomic commit. Currently this is impossible when the port has disappeared, since the VCPI slot searching we try to do in intel_dp_mst_compute_config() will fail with -EINVAL. Since the only commits we want to allow on no-longer-present MST ports are ones that shut off display hardware, we already know that no VCPI allocations are needed. So, hardcode the VCPI slot count to 0 when intel_dp_mst_compute_config() is called on an MST port that's gone. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Reviewed-by: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: stable(a)vger.kernel.org Changes since V4: - Don't use mst_port_gone at all, just check whether or not the drm connector is registered - Daniel Vetter Signed-off-by: Lyude Paul <lyude(a)redhat.com> --- drivers/gpu/drm/i915/intel_dp_mst.c | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_dp_mst.c b/drivers/gpu/drm/i915/intel_dp_mst.c index aa21742d8634..0f14c0d1669c 100644 --- a/drivers/gpu/drm/i915/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/intel_dp_mst.c @@ -38,11 +38,11 @@ static bool intel_dp_mst_compute_config(struct intel_encoder *encoder, struct intel_dp_mst_encoder *intel_mst = enc_to_mst(&encoder->base); struct intel_digital_port *intel_dig_port = intel_mst->primary; struct intel_dp *intel_dp = &intel_dig_port->dp; - struct intel_connector *connector = - to_intel_connector(conn_state->connector); + struct drm_connector *connector = conn_state->connector; + void *port = to_intel_connector(connector)->port; struct drm_atomic_state *state = pipe_config->base.state; int bpp; - int lane_count, slots; + int lane_count, slots = 0; const struct drm_display_mode *adjusted_mode = &pipe_config->base.adjusted_mode; int mst_pbn; bool constant_n = drm_dp_has_quirk(&intel_dp->desc, @@ -70,17 +70,23 @@ static bool intel_dp_mst_compute_config(struct intel_encoder *encoder, pipe_config->port_clock = intel_dp_max_link_rate(intel_dp); - if (drm_dp_mst_port_has_audio(&intel_dp->mst_mgr, connector->port)) + if (drm_dp_mst_port_has_audio(&intel_dp->mst_mgr, port)) pipe_config->has_audio = true; mst_pbn = drm_dp_calc_pbn_mode(adjusted_mode->crtc_clock, bpp); pipe_config->pbn = mst_pbn; - slots = drm_dp_atomic_find_vcpi_slots(state, &intel_dp->mst_mgr, - connector->port, mst_pbn); - if (slots < 0) { - DRM_DEBUG_KMS("failed finding vcpi slots:%d\n", slots); - return false; + /* Zombie connectors can't have VCPI slots */ + if (READ_ONCE(connector->registered)) { + slots = drm_dp_atomic_find_vcpi_slots(state, + &intel_dp->mst_mgr, + port, + mst_pbn); + if (slots < 0) { + DRM_DEBUG_KMS("failed finding vcpi slots:%d\n", + slots); + return false; + } } intel_link_compute_m_n(bpp, lane_count, -- 2.17.1

7 years, 1 month

1
0
0 0

[PATCH v5 3/5] drm/i915: Don't unset intel_connector->mst_port

by Lyude Paul

Currently we set intel_connector->mst_port to NULL to signify that the MST port has been removed from the system so that we can prevent further action on the port such as connector probes, mode probing, etc. However, we're going to need access to intel_connector->mst_port in order to fixup ->best_encoder() so that it can always return the correct encoder for an MST port to prevent legacy DPMS prop changes from failing. This should be safe, so instead keep intel_connector->mst_port always set and instead just check the status of drm_connector->regustered to signify whether or not the connector has disappeared from the system. Changes since v2: - Add a comment to mst_port_gone (Jani Nikula) - Change mst_port_gone to a u8 instead of a bool, per the kernel bot. Apparently bool is discouraged in structs these days Changes since v4: - Don't use mst_port_gone at all! Just check if the connector is registered or not - Daniel Vetter Signed-off-by: Lyude Paul <lyude(a)redhat.com> Reviewed-by: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/i915/intel_dp_mst.c | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_dp_mst.c b/drivers/gpu/drm/i915/intel_dp_mst.c index 43db2e9ac575..aa21742d8634 100644 --- a/drivers/gpu/drm/i915/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/intel_dp_mst.c @@ -307,9 +307,8 @@ static int intel_dp_mst_get_ddc_modes(struct drm_connector *connector) struct edid *edid; int ret; - if (!intel_dp) { + if (!READ_ONCE(connector->registered)) return intel_connector_update_modes(connector, NULL); - } edid = drm_dp_mst_get_edid(connector, &intel_dp->mst_mgr, intel_connector->port); ret = intel_connector_update_modes(connector, edid); @@ -324,9 +323,10 @@ intel_dp_mst_detect(struct drm_connector *connector, bool force) struct intel_connector *intel_connector = to_intel_connector(connector); struct intel_dp *intel_dp = intel_connector->mst_port; - if (!intel_dp) + if (!READ_ONCE(connector->registered)) return connector_status_disconnected; - return drm_dp_mst_detect_port(connector, &intel_dp->mst_mgr, intel_connector->port); + return drm_dp_mst_detect_port(connector, &intel_dp->mst_mgr, + intel_connector->port); } static void @@ -366,7 +366,7 @@ intel_dp_mst_mode_valid(struct drm_connector *connector, int bpp = 24; /* MST uses fixed bpp */ int max_rate, mode_rate, max_lanes, max_link_clock; - if (!intel_dp) + if (!READ_ONCE(connector->registered)) return MODE_ERROR; if (mode->flags & DRM_MODE_FLAG_DBLSCAN) @@ -398,7 +398,7 @@ static struct drm_encoder *intel_mst_atomic_best_encoder(struct drm_connector *c struct intel_dp *intel_dp = intel_connector->mst_port; struct intel_crtc *crtc = to_intel_crtc(state->crtc); - if (!intel_dp) + if (!READ_ONCE(connector->registered)) return NULL; return &intel_dp->mst_encoders[crtc->pipe]->base.base; } @@ -499,7 +499,6 @@ static void intel_dp_register_mst_connector(struct drm_connector *connector) static void intel_dp_destroy_mst_connector(struct drm_dp_mst_topology_mgr *mgr, struct drm_connector *connector) { - struct intel_connector *intel_connector = to_intel_connector(connector); struct drm_i915_private *dev_priv = to_i915(connector->dev); DRM_DEBUG_KMS("[CONNECTOR:%d:%s]\n", connector->base.id, connector->name); @@ -508,10 +507,6 @@ static void intel_dp_destroy_mst_connector(struct drm_dp_mst_topology_mgr *mgr, if (dev_priv->fbdev) drm_fb_helper_remove_one_connector(&dev_priv->fbdev->helper, connector); - /* prevent race with the check in ->detect */ - drm_modeset_lock(&connector->dev->mode_config.connection_mutex, NULL); - intel_connector->mst_port = NULL; - drm_modeset_unlock(&connector->dev->mode_config.connection_mutex); drm_connector_put(connector); } -- 2.17.1

7 years, 1 month

1
0
0 0

[PATCH v5 2/5] drm/nouveau: Fix nv50_mstc->best_encoder()

by Lyude Paul

As mentioned in the previous commit, we currently prevent new modesets on recently-removed MST connectors by returning no encoder from our ->best_encoder() callback once the MST port has disappeared. This is wrong however, because it prevents legacy modesetting users from being able to disable CRTCs on MST connectors after the connector's respective topology has disappeared. So, fix this by instead by just always returning a valid encoder. Changes since v2: - Remove usage of atomic MST helper for now, since that got replaced with a much simpler solution Signed-off-by: Lyude Paul <lyude(a)redhat.com> Reviewed-by: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/nouveau/dispnv50/disp.c | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/drivers/gpu/drm/nouveau/dispnv50/disp.c b/drivers/gpu/drm/nouveau/dispnv50/disp.c index 9f32b10c7c29..31b94bc9ec90 100644 --- a/drivers/gpu/drm/nouveau/dispnv50/disp.c +++ b/drivers/gpu/drm/nouveau/dispnv50/disp.c @@ -843,22 +843,16 @@ nv50_mstc_atomic_best_encoder(struct drm_connector *connector, { struct nv50_head *head = nv50_head(connector_state->crtc); struct nv50_mstc *mstc = nv50_mstc(connector); - if (mstc->port) { - struct nv50_mstm *mstm = mstc->mstm; - return &mstm->msto[head->base.index]->encoder; - } - return NULL; + + return &mstc->mstm->msto[head->base.index]->encoder; } static struct drm_encoder * nv50_mstc_best_encoder(struct drm_connector *connector) { struct nv50_mstc *mstc = nv50_mstc(connector); - if (mstc->port) { - struct nv50_mstm *mstm = mstc->mstm; - return &mstm->msto[0]->encoder; - } - return NULL; + + return &mstc->mstm->msto[0]->encoder; } static enum drm_mode_status -- 2.17.1

7 years, 1 month

1
0
0 0

[PATCH v5 1/5] drm/atomic_helper: Disallow new modesets on unregistered connectors

by Lyude Paul

With the exception of modesets which would switch the DPMS state of a connector from on to off, we want to make sure that we disallow all modesets which would result in enabling a new monitor or a new mode configuration on a monitor if the connector for the display in question is no longer registered. This allows us to stop userspace from trying to enable new displays on connectors for an MST topology that were just removed from the system, without preventing userspace from disabling DPMS on those connectors. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Reviewed-by: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/drm_atomic_helper.c | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/drm_atomic_helper.c b/drivers/gpu/drm/drm_atomic_helper.c index 6f66777dca4b..788749021ac9 100644 --- a/drivers/gpu/drm/drm_atomic_helper.c +++ b/drivers/gpu/drm/drm_atomic_helper.c @@ -319,6 +319,26 @@ update_connector_routing(struct drm_atomic_state *state, return 0; } + crtc_state = drm_atomic_get_new_crtc_state(state, + new_connector_state->crtc); + /* + * For compatibility with legacy users, we want to make sure that + * we allow DPMS On->Off modesets on unregistered connectors. Modesets + * which would result in anything else must be considered invalid, to + * avoid turning on new displays on dead connectors. + * + * Since the connector can be unregistered at any point during an + * atomic check or commit, this is racy. But that's OK: all we care + * about is ensuring that userspace can't do anything but shut off the + * display on a connector that was destroyed after it's been notified, + * not before. + */ + if (!READ_ONCE(connector->registered) && crtc_state->active) { + DRM_DEBUG_ATOMIC("[CONNECTOR:%d:%s] is not registered\n", + connector->base.id, connector->name); + return -EINVAL; + } + funcs = connector->helper_private; if (funcs->atomic_best_encoder) @@ -363,7 +383,6 @@ update_connector_routing(struct drm_atomic_state *state, set_best_encoder(state, new_connector_state, new_encoder); - crtc_state = drm_atomic_get_new_crtc_state(state, new_connector_state->crtc); crtc_state->connectors_changed = true; DRM_DEBUG_ATOMIC("[CONNECTOR:%d:%s] using [ENCODER:%d:%s] on [CRTC:%d:%s]\n", -- 2.17.1

7 years, 1 month

1
0
0 0

[PATCH] usbip: vhci_hcd: check port number before using

by Sudip Mukherjee

From: Sudip Mukherjee <sudipm.mukherjee(a)gmail.com> The port number is checked and it just prints an error message but it still continues to use the invalid port. And as a result it accesses memory which is not its resulting in BUG report from KASAN. Reported-by: syzbot+600b03e0cf1b73bb23c4(a)syzkaller.appspotmail.com Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Sudip Mukherjee <sudipm.mukherjee(a)gmail.com> --- drivers/usb/usbip/vhci_hcd.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/usb/usbip/vhci_hcd.c b/drivers/usb/usbip/vhci_hcd.c index d11f3f8dad40..71883aa788ac 100644 --- a/drivers/usb/usbip/vhci_hcd.c +++ b/drivers/usb/usbip/vhci_hcd.c @@ -334,8 +334,10 @@ static int vhci_hub_control(struct usb_hcd *hcd, u16 typeReq, u16 wValue, usbip_dbg_vhci_rh("typeReq %x wValue %x wIndex %x\n", typeReq, wValue, wIndex); - if (wIndex > VHCI_HC_PORTS) + if (wIndex > VHCI_HC_PORTS) { pr_err("invalid port number %d\n", wIndex); + return -ENODEV; + } rhport = wIndex - 1; vhci_hcd = hcd_to_vhci_hcd(hcd); -- 2.11.0

7 years, 1 month

2
3
0 0

[PATCH 4.18 000/228] 4.18.12-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.18.12 release. There are 228 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu Oct 4 13:24:08 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.18.12-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.18.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.18.12-rc1 Michael Bringmann <mwb(a)linux.vnet.ibm.com> powerpc/pseries: Fix unitialized timer reset on migration Thiago Jung Bauermann <bauerman(a)linux.ibm.com> powerpc/pkeys: Fix reading of ibm, processor-storage-keys property Christophe Leroy <christophe.leroy(a)c-s.fr> powerpc: fix csum_ipv6_magic() on little endian platforms Michael Neuling <mikey(a)neuling.org> KVM: PPC: Book3S HV: Fix guest r11 corruption with POWER9 TM workarounds Randy Dunlap <rdunlap(a)infradead.org> x86/pti: Fix section mismatch warning/error Akshu Agrawal <akshu.agrawal(a)amd.com> clk: x86: Set default parent to 48Mhz Mika Westerberg <mika.westerberg(a)linux.intel.com> i2c: i801: Allow ACPI AML access I/O ports not reserved for SMBus Marc Zyngier <marc.zyngier(a)arm.com> arm/arm64: smccc-1.1: Handle function result as parameters Marc Zyngier <marc.zyngier(a)arm.com> arm/arm64: smccc-1.1: Make return values unsigned long Emily Deng <Emily.Deng(a)amd.com> drm/amdgpu: Need to set moved to true when evict bo Tony Lindgren <tony(a)atomide.com> ARM: dts: omap4-droid4: Fix emmc errors seen on some devices James Smart <jsmart2021(a)gmail.com> nvme-fcloop: Fix dropped LS's to removed target port Linus Walleij <linus.walleij(a)linaro.org> ata: ftide010: Add a quirk for SQ201 Rex Zhu <Rex.Zhu(a)amd.com> drm/amdgpu: Update power state at the end of smu hw_init. Rex Zhu <Rex.Zhu(a)amd.com> drm/amdgpu: Enable/disable gfx PG feature in rlc safe mode Leonard Crestez <leonard.crestez(a)nxp.com> Revert "ARM: dts: imx7d: Invert legacy PCI irq mapping" Dan Carpenter <dan.carpenter(a)oracle.com> hwmon: (adt7475) Make adt7475_read_word() return errors Lothar Felten <lothar.felten(a)gmail.com> hwmon: (ina2xx) fix sysfs shunt resistor read access Srikanth Jampala <Jampala.Srikanth(a)cavium.com> crypto: cavium/nitrox - fix for command corruption in queue full case with backlog submissions. Ganesh Goudar <ganeshgr(a)chelsio.com> crypto: chtls - fix null dereference chtls_free_uld() Jacob Keller <jacob.e.keller(a)intel.com> i40e: fix condition of WARN_ONCE for stat strings Martyna Szapar <martyna.szapar(a)intel.com> i40e: Fix for Tx timeouts when interface is brought up if DCB is enabled Sebastian Basierski <sebastianx.basierski(a)intel.com> ixgbe: fix driver behaviour after issuing VFLR Bo Chen <chenbo(a)pdx.edu> e1000: ensure to free old tx/rx rings in set_ringparam() Bo Chen <chenbo(a)pdx.edu> e1000: check on netif_running() before calling e1000_up() Jesse Brandeburg <jesse.brandeburg(a)intel.com> ice: Fix potential return of uninitialized value Anirudh Venkataramanan <anirudh.venkataramanan(a)intel.com> ice: Fix a few null pointer dereference issues Quentin Monnet <quentin.monnet(a)netronome.com> tools: bpftool: return from do_event_pipe() on bad arguments Brett Creeley <brett.creeley(a)intel.com> ice: Set VLAN flags correctly Jacob Keller <jacob.e.keller(a)intel.com> ice: Use order_base_2 to calculate higher power of 2 Anirudh Venkataramanan <anirudh.venkataramanan(a)intel.com> ice: Fix bugs in control queue processing Preethi Banala <preethi.banala(a)intel.com> ice: Clean control queues only when they are initialized Jacob Keller <jacob.e.keller(a)intel.com> ice: Report stats for allocated queues via ethtool stats Anirudh Venkataramanan <anirudh.venkataramanan(a)intel.com> ice: Fix multiple static analyser warnings Huazhong Tan <tanhuazhong(a)huawei.com> net: hns3: fix page_offset overflow when CONFIG_ARM64_64K_PAGES Huazhong Tan <tanhuazhong(a)huawei.com> net: hns: fix skb->truesize underestimation Huazhong Tan <tanhuazhong(a)huawei.com> net: hns: fix length and page_offset overflow when CONFIG_ARM64_64K_PAGES Kevin Yang <yyd(a)google.com> tcp_bbr: in restart from idle, see if we should exit PROBE_RTT Kevin Yang <yyd(a)google.com> tcp_bbr: add bbr_check_probe_rtt_done() helper Samuel Mendoza-Jonas <sam(a)mendozajonas.com> net/ncsi: Fixup .dumpit message flags and ID check in Netlink handler Emily Deng <Emily.Deng(a)amd.com> amdgpu: fix multi-process hang issue Christian König <christian.koenig(a)amd.com> drm/amdgpu: fix preamble handling Christian König <christian.koenig(a)amd.com> drm/amdgpu: fix VM clearing for the root PD John Fastabend <john.fastabend(a)gmail.com> bpf: sockmap: write_space events need to be passed to TCP handler John Fastabend <john.fastabend(a)gmail.com> tls: possible hang when do_tcp_sendpages hits sndbuf is full case Daniel Borkmann <daniel(a)iogearbox.net> bpf, sockmap: fix sock hash count in alloc_sock_hash_elem Daniel Borkmann <daniel(a)iogearbox.net> bpf, sockmap: fix sock_hash_alloc and reject zero-sized keys Pavel Machek <pavel(a)ucw.cz> ARM: dts: omap4-droid4: fix vibrations on Droid 4 Tony Lindgren <tony(a)atomide.com> bus: ti-sysc: Fix no_console_suspend handling Ludovic Desroches <ludovic.desroches(a)microchip.com> mmc: android-goldfish: fix bad logic of sg_copy_{from,to}_buffer conversion Ludovic Desroches <ludovic.desroches(a)microchip.com> mmc: atmel-mci: fix bad logic of sg_copy_{from,to}_buffer conversion Eric Sandeen <sandeen(a)redhat.com> isofs: reject hardware sector size > 2048 bytes Anson Huang <Anson.Huang(a)nxp.com> thermal: of-thermal: disable passive polling when thermal zone is disabled Tomer Tayar <Tomer.Tayar(a)cavium.com> qed: Avoid sending mailbox commands when MFW is not responsive Tomer Tayar <Tomer.Tayar(a)cavium.com> qed: Prevent a possible deadlock during driver load and unload Tomer Tayar <Tomer.Tayar(a)cavium.com> qed: Wait for MCP halt and resume commands to take place Tomer Tayar <Tomer.Tayar(a)cavium.com> qed: Wait for ready indication before rereading the shmem Tony Lindgren <tony(a)atomide.com> bus: ti-sysc: Fix module register ioremap for larger offsets Tony Lindgren <tony(a)atomide.com> ARM: OMAP2+: Fix module address for modules using mpu_rt_idx Tony Lindgren <tony(a)atomide.com> ARM: OMAP2+: Fix null hwmod for ti-sysc debug Dave Martin <Dave.Martin(a)arm.com> arm64: KVM: Tighten guest core register access from userspace Steve Wise <swise(a)opengridcomputing.com> RDMA/uverbs: Atomically flush and mark closed the comp event queue Mika Westerberg <mika.westerberg(a)linux.intel.com> ACPI / hotplug / PCI: Don't scan for non-hotplug bridges if slot is not bridge Michael J. Ruhl <michael.j.ruhl(a)intel.com> IB/hfi1: Fix destroy_qp hang after a link down Michael J. Ruhl <michael.j.ruhl(a)intel.com> IB/hfi1: Fix context recovery when PBC has an UnsupportedVL Michael J. Ruhl <michael.j.ruhl(a)intel.com> IB/hfi1: Invalid user input can result in crash Ira Weiny <ira.weiny(a)intel.com> IB/hfi1: Fix SL array bounds check Bart Van Assche <bvanassche(a)acm.org> IB/srp: Avoid that sg_reset -d ${srp_device} triggers an infinite loop Aaron Ma <aaron.ma(a)canonical.com> Input: elantech - enable middle button of touchpad on ThinkPad P72 Matthew Wilcox <willy(a)infradead.org> filesystem-dax: Fix use of zero page Toshi Kani <toshi.kani(a)hpe.com> ext2, dax: set ext2_dax_aops for dax files Dave Jiang <dave.jiang(a)intel.com> uaccess: Fix is_source param for check_copy_size() in copy_to_iter_mcsafe() Alan Stern <stern(a)rowland.harvard.edu> USB: remove LPM management from usb_driver_claim_interface() Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> Revert "usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt()" Oliver Neukum <oneukum(a)suse.com> USB: usbdevfs: restore warning for nonsensical flags Oliver Neukum <oneukum(a)suse.com> USB: usbdevfs: sanitize flags more Bin Liu <b-liu(a)ti.com> usb: musb: dsps: do not disable CPPI41 irq in driver teardown Harry Pan <harry.pan(a)intel.com> usb: core: safely deal with the dynamic quirk lists Heikki Krogerus <heikki.krogerus(a)linux.intel.com> usb: roles: Take care of driver module reference counting Alan Stern <stern(a)rowland.harvard.edu> USB: handle NULL config in usb_find_alt_setting() Alan Stern <stern(a)rowland.harvard.edu> USB: fix error handling in usb_driver_claim_interface() Marek Szyprowski <m.szyprowski(a)samsung.com> regulator: Fix 'do-nothing' value for regulators without suspend state Yu Zhao <yuzhao(a)google.com> regulator: fix crash caused by null driver data Geert Uytterhoeven <geert+renesas(a)glider.be> spi: rspi: Fix interrupted DMA transfers Geert Uytterhoeven <geert+renesas(a)glider.be> spi: rspi: Fix invalid SPI use during system suspend Hiromitsu Yamasaki <hiromitsu.yamasaki.ym(a)renesas.com> spi: sh-msiof: Fix handling of write value for SISTR register Gaku Inami <gaku.inami.xw(a)bp.renesas.com> spi: sh-msiof: Fix invalid SPI use during system suspend Marcel Ziswiler <marcel.ziswiler(a)toradex.com> spi: tegra20-slink: explicitly enable/disable clock Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: Fix resource handling for ACPI glue layer Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: Fix device removal logic Christophe Leroy <christophe.leroy(a)c-s.fr> serial: cpm_uart: return immediately from console poll Jan Kiszka <jan.kiszka(a)siemens.com> serial: mvebu-uart: Fix reporting of effective CSIZE to userspace Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> serial: imx: restore handshaking irq for imx1 Stefan Agner <stefan(a)agner.ch> tty: serial: lpuart: avoid leaking struct tty_struct Feng Tang <feng.tang(a)intel.com> x86/mm: Expand static page table for fixmap space Damien Le Moal <damien.lemoal(a)wdc.com> block: fix deadline elevator drain for zoned block devices Andy Whitcroft <apw(a)canonical.com> floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl Dmitry Osipenko <digetx(a)gmail.com> gpio: tegra: Fix tegra_gpio_irq_set_type() Sandipan Das <sandipan(a)linux.ibm.com> perf tests: Fix indexing when invoking subtests Maxime Ripard <maxime.ripard(a)bootlin.com> drm/vc4: plane: Expand the lower bits by repeating the higher bits Kevin Hilman <khilman(a)baylibre.com> ARM: dts: dra7: fix DCAN node addresses Eric Anholt <eric(a)anholt.net> drm/vc4: Add missing formats to vc4_format_mod_supported(). William Breathitt Gray <vilhelm.gray(a)gmail.com> iio: 104-quad-8: Fix off-by-one error in register selection Oleksandr Andrushchenko <oleksandr_andrushchenko(a)epam.com> Input: xen-kbdfront - fix multi-touch XenStore node's locations Colin Ian King <colin.king(a)canonical.com> ath10k: fix memory leak of tpc_stats Konstantin Khorenko <khorenko(a)virtuozzo.com> fs/lock: skip lock owner pid translation in case we are in init_pid_ns Brian Norris <briannorris(a)chromium.org> ath10k: snoc: use correct bus-specific pointer in RX retry YueHaibing <yuehaibing(a)huawei.com> ath10k: fix incorrect size of dma_free_coherent in ath10k_ce_alloc_src_ring_64 Hugo Lefeuvre <hle(a)owl.eu.com> staging: pi433: fix race condition in pi433_ioctl Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> EDAC, altera: Fix an error handling path in altr_s10_sdram_probe() Johan Hovold <johan(a)kernel.org> EDAC: Fix memleak in module init error path J. Bruce Fields <bfields(a)redhat.com> nfsd: fix corrupted reply to badly ordered compound Nadav Amit <namit(a)vmware.com> gpio: Fix wrong rounding in gpio-menz127 Jessica Yu <jeyu(a)kernel.org> module: exclude SHN_UNDEF symbols from kallsyms api Liam Girdwood <liam.r.girdwood(a)linux.intel.com> ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs Johan Hovold <johan(a)kernel.org> EDAC, i7core: Fix memleaks and use-after-free on probe and remove Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: rsnd: SSI parent cares SWSP bit Geert Uytterhoeven <geert(a)linux-m68k.org> ASoC: rt1305: Use ULL suffixes for 64-bit constants Hans de Goede <hdegoede(a)redhat.com> ASoC: Intel: bytcr_rt5640: Fix Acer Iconia 8 over-current detect threshold Shivasharan S <shivasharan.srikanteshwara(a)broadcom.com> scsi: megaraid_sas: Update controller info during resume Jan Kundrát <jan.kundrat(a)cesnet.cz> spi: orion: fix CS GPIO handling again Xiaofei Tan <tanxiaofei(a)huawei.com> scsi: hisi_sas: Fix the conflict between dev gone and host reset Andreas Gruenbacher <agruenba(a)redhat.com> iomap: complete partial direct I/O writes synchronously Zhouyang Jia <jiazhouyang09(a)gmail.com> scsi: bnx2i: add error handling for ioremap_nocache Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel/lbr: Fix incomplete LBR call stack Eric Anholt <eric(a)anholt.net> drm/v3d: Take a lock across GPU scheduler job creation and queuing. Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> arm64: dts: renesas: Fix VSPD registers range Masahiro Yamada <yamada.masahiro(a)socionext.com> MIPS: boot: fix build rule of vmlinux.its.S Stephen Boyd <swboyd(a)chromium.org> HID: i2c-hid: Use devm to allocate i2c_hid struct Zhouyang Jia <jiazhouyang09(a)gmail.com> HID: hid-ntrig: add error handling for sysfs_create_group Viresh Kumar <viresh.kumar(a)linaro.org> arm: dts: mediatek: Add missing cooling device properties for CPUs Frederic Weisbecker <frederic(a)kernel.org> perf/hw_breakpoint: Split attribute parse and commit Randy Dunlap <rdunlap(a)infradead.org> Documentation/process: fix reST table border error Leon Romanovsky <leon(a)kernel.org> RDMA/uverbs: Don't overwrite NULL pointer with ZERO_SIZE_PTR Ethan Tuttle <ethan(a)ethantuttle.com> ARM: mvebu: declare asm symbols as character arrays in pmsu.c Daniel Vetter <daniel.vetter(a)ffwll.ch> drm/omap: gem: Fix mm_list locking Tony Lindgren <tony(a)atomide.com> wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout() Johannes Berg <johannes(a)sipsolutions.net> bitfield: fix *_encode_bits() Stefan Agner <stefan(a)agner.ch> brcmsmac: fix wrap around in conversion from constant to s16 Dan Carpenter <dan.carpenter(a)oracle.com> rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication() Lorenzo Bianconi <lorenzo.bianconi(a)redhat.com> mt76x2: fix mrr idx/count estimation in mt76x2_mac_fill_tx_status() Niklas Cassel <niklas.cassel(a)linaro.org> ath10k: transmit queued frames after processing rx packets Jernej Skrabec <jernej.skrabec(a)siol.net> drm/sun4i: Fix releasing node when enumerating enpoints Brandon Maier <brandon.maier(a)rockwellcollins.com> net: phy: xgmiitorgmii: Check phy_driver ready before accessing Jernej Skrabec <jernej.skrabec(a)siol.net> drm/sun4i: Enable DW HDMI PHY clock Ben Greear <greearb(a)candelatech.com> ath10k: protect ath10k_htt_rx_ring_free with rx_ring.lock Brandon Maier <brandon.maier(a)rockwellcollins.com> net: phy: xgmiitorgmii: Check read_status results Kai-Heng Feng <kai.heng.feng(a)canonical.com> ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge Dan Carpenter <dan.carpenter(a)oracle.com> ASoC: qdsp6: qdafe: fix some off by one bugs Zhouyang Jia <jiazhouyang09(a)gmail.com> media: tm6000: add error handling for dvb_register_adapter Rosen Penev <rosenp(a)gmail.com> staging: mt7621-dts: Fix remaining pcie warnings Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> serial: pxa: Fix an error handling path in 'serial_pxa_probe()' Geert Uytterhoeven <geert+renesas(a)glider.be> arm64: dts: renesas: salvator-common: Fix adv7482 decimal unit addresses Zhouyang Jia <jiazhouyang09(a)gmail.com> drivers/tty: add error handling for pcmcia_loop_config Kamal Heib <kamalheib1(a)gmail.com> staging: mt7621-eth: Fix memory leak in mtk_add_mac() error path Akinobu Mita <akinobu.mita(a)gmail.com> media: ov772x: allow i2c controllers without I2C_FUNC_PROTOCOL_MANGLING Alistair Strachan <astrachan(a)google.com> staging: android: ashmem: Fix mmap size validation Akinobu Mita <akinobu.mita(a)gmail.com> media: ov772x: add checks for register read errors Javier Martinez Canillas <javierm(a)redhat.com> media: omap3isp: zero-initialize the isp cam_xclk{a,b} initial data Akinobu Mita <akinobu.mita(a)gmail.com> media: soc_camera: ov772x: correct setting of banding filter Akinobu Mita <akinobu.mita(a)gmail.com> media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power Bob Copeland <me(a)bobcopeland.com> ath10k: use locked skb_dequeue for rx completions Petr Machata <petrm(a)mellanox.com> selftests: forwarding: Tweak tc filters for mirror-to-gretap tests Nicholas Mc Guire <hofrat(a)osadl.org> ALSA: snd-aoa: add of_node_put() in error path Thomas Gleixner <tglx(a)linutronix.de> posix-timers: Sanitize overrun handling Thomas Gleixner <tglx(a)linutronix.de> posix-timers: Make forward callback return s64 Akinobu Mita <akinobu.mita(a)gmail.com> iio: accel: adxl345: convert address field usage in iio_chan_spec Peter Rosin <peda(a)axentia.se> mtd: rawnand: atmel: add module param to avoid using dma Vasily Gorbik <gor(a)linux.ibm.com> s390/extmem: fix gcc 8 stringop-overflow warning Vasily Gorbik <gor(a)linux.ibm.com> s390/scm_blk: correct numa_node in scm_blk_dev_setup Vasily Gorbik <gor(a)linux.ibm.com> s390/dasd: correct numa_node in dasd_alloc_queue Thomas Gleixner <tglx(a)linutronix.de> alarmtimer: Prevent overflow for relative nanosleep Heiko Carstens <heiko.carstens(a)de.ibm.com> s390/sysinfo: add missing #ifdef CONFIG_PROC_FS Ravi Chandra Sadineni <ravisadineni(a)chromium.org> ACPI / button: increment wakeup count only when notified João Paulo Rechi Vita <jprvita(a)endlessm.com> platform/x86: asus-wireless: Fix uninitialized symbol usage Alexey Kardashevskiy <aik(a)ozlabs.ru> powerpc/powernv/ioda2: Reduce upper limit for DMA window size Alagu Sankar <alagusankar(a)silex-india.com> ath10k: sdio: set skb len for all rx packets Alagu Sankar <alagusankar(a)silex-india.com> ath10k: sdio: use same endpoint id for all packets in a bundle Julia Lawall <Julia.Lawall(a)lip6.fr> usb: wusbcore: security: cast sizeof to int for comparison Bart Van Assche <bart.vanassche(a)wdc.com> scsi: target: Avoid that EXTENDED COPY commands trigger lock inversion Breno Leitao <leitao(a)debian.org> scsi: ibmvscsi: Improve strings handling Bart Van Assche <bart.vanassche(a)wdc.com> scsi: klist: Make it safe to use klists in atomic context Jean-Christophe Dubois <jcd(a)tribudubois.net> thermal: i.MX: Allow thermal probe to fail gracefully in case of bad calibration. Bart Van Assche <bart.vanassche(a)wdc.com> scsi: target/iscsi: Make iscsit_ta_authentication() respect the output buffer size Viresh Kumar <viresh.kumar(a)linaro.org> ARM: dts: ls1021a: Add missing cooling device properties for CPUs Jan Beulich <JBeulich(a)suse.com> x86/entry/64: Add two more instruction suffixes Dave Gerlach <d-gerlach(a)ti.com> ARM: hwmod: RTC: Don't assume lock/unlock will be called with irq enabled Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> x86/tsc: Add missing header to tsc_msr.c Bart Van Assche <bart.vanassche(a)wdc.com> include/rdma/opa_addr.h: Fix an endianness issue Maor Gottlieb <maorg(a)mellanox.com> IB/mlx5: Fix GRE flow specification Peter Seiderer <ps.report(a)gmx.net> media: staging/imx: fill vb2_v4l2_buffer field entry Toshiaki Makita <makita.toshiaki(a)lab.ntt.co.jp> vhost_net: Avoid tx vring kicks during busyloop Alexey Khoroshilov <khoroshilov(a)ispras.ru> media: fsl-viu: fix error handling in viu_of_probe() Hari Bathini <hbathini(a)linux.ibm.com> powerpc/kdump: Handle crashkernel memory reservation failure Tarick Bedeir <tarick(a)google.com> IB/mlx4: Test port number before querying type. Sylwester Nawrocki <s.nawrocki(a)samsung.com> media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt() Dan Carpenter <dan.carpenter(a)oracle.com> IB/core: type promotion bug in rdma_rw_init_one_mr() Dan Carpenter <dan.carpenter(a)oracle.com> RDMA/bnxt_re: Fix a bunch of off by one bugs in qplib_fp.c Leon Romanovsky <leon(a)kernel.org> RDMA/i40w: Hold read semaphore while looking after VMA Dan Carpenter <dan.carpenter(a)oracle.com> RDMA/bnxt_re: Fix a couple off by one bugs Ganesh Goudar <ganeshgr(a)chelsio.com> cxgb4: Fix the condition to check if the card is T5 Guoqing Jiang <gqjiang(a)suse.com> md-cluster: clear another node's suspend_area after the copy is finished Wesley Chalmers <Wesley.Chalmers(a)amd.com> drm/amd/display: fix use of uninitialized memory Gustavo A. R. Silva <gustavo(a)embeddedor.com> drm/amd/display/dc/dce: Fix multiple potential integer overflows Benjamin Tissoires <benjamin.tissoires(a)redhat.com> power: remove possible deadlock when unregistering power_supply Vasily Gorbik <gor(a)linux.ibm.com> s390/mm: correct allocate_pgste proc_handler callback Niklas Cassel <niklas.cassel(a)linaro.org> iommu/msm: Don't call iommu_device_{,un}link from atomic context Michael Scott <michael(a)opensourcefoundries.com> 6lowpan: iphc: reset mac_header after decompress to fix panic Johan Hovold <johan(a)kernel.org> USB: serial: kobil_sct: fix modem-status error handling Jian-Hong Pan <jian-hong(a)endlessm.com> Bluetooth: Add a new Realtek 8723DE ID 0bda:b009 Zhen Lei <thunder.leizhen(a)huawei.com> iommu/amd: make sure TLB to be flushed before IOVA freed Sudeep Holla <sudeep.holla(a)arm.com> power: vexpress: fix corruption in notifier registration Anton Vasilyev <vasilyev(a)ispras.ru> uwb: hwa-rc: fix memory leak at probe Geert Uytterhoeven <geert+renesas(a)glider.be> serial: sh-sci: Stop RX FIFO timer during port shutdown Johan Hovold <johan(a)kernel.org> misc: sram: enable clock before registering regions Hans de Goede <hdegoede(a)redhat.com> power: supply: axp288_charger: Fix initial constant_charge_current value Colin Ian King <colin.king(a)canonical.com> staging: rts5208: fix missing error check on call to rtsx_write_register Dan Williams <dan.j.williams(a)intel.com> x86/numa_emulation: Fix emulated-to-physical node mapping Yunsheng Lin <linyunsheng(a)huawei.com> net: hns3: Fix get_vector ops in hclgevf_main module Yunsheng Lin <linyunsheng(a)huawei.com> net: hns3: Fix warning bug when doing lp selftest Yunsheng Lin <linyunsheng(a)huawei.com> net: hns3: Fix for mac pause not disable in pfc mode Fuyun Liang <liangfuyun1(a)huawei.com> net: hns3: Fix for mailbox message truncated problem Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> siox: don't create a thread without starting it Dan Carpenter <dan.carpenter(a)oracle.com> vmci: type promotion bug in qp_host_get_user_memory() Wei Yongjun <weiyongjun1(a)huawei.com> misc: ibmvmc: Use GFP_ATOMIC under spin lock Matt Ranostay <matt.ranostay(a)konsulko.com> tsl2550: fix lux1_input error in low light Akinobu Mita <akinobu.mita(a)gmail.com> iio: adc: ina2xx: avoid kthread_stop() with stale task_struct Stafford Horne <shorne(a)gmail.com> crypto: skcipher - Fix -Wstringop-truncation warnings ------------- Diffstat: Documentation/hwmon/ina2xx | 2 +- Documentation/process/2.Process.rst | 2 +- Makefile | 4 +- arch/arm/boot/dts/dra7.dtsi | 4 +- arch/arm/boot/dts/imx7d.dtsi | 12 +- arch/arm/boot/dts/ls1021a.dtsi | 1 + arch/arm/boot/dts/mt7623.dtsi | 3 + arch/arm/boot/dts/omap4-droid4-xt894.dts | 20 +-- arch/arm/mach-mvebu/pmsu.c | 6 +- arch/arm/mach-omap2/omap_hwmod.c | 39 ++++- arch/arm/mach-omap2/omap_hwmod_reset.c | 12 +- arch/arm64/boot/dts/renesas/r8a7795-es1.dtsi | 2 +- arch/arm64/boot/dts/renesas/r8a7795.dtsi | 6 +- arch/arm64/boot/dts/renesas/r8a7796.dtsi | 6 +- arch/arm64/boot/dts/renesas/r8a77965.dtsi | 4 +- arch/arm64/boot/dts/renesas/r8a77970.dtsi | 2 +- arch/arm64/boot/dts/renesas/r8a77995.dtsi | 4 +- arch/arm64/boot/dts/renesas/salvator-common.dtsi | 4 +- arch/arm64/kvm/guest.c | 45 +++++ arch/mips/boot/Makefile | 6 +- arch/powerpc/kernel/exceptions-64s.S | 4 +- arch/powerpc/kernel/machine_kexec.c | 7 +- arch/powerpc/lib/checksum_64.S | 3 + arch/powerpc/mm/numa.c | 3 +- arch/powerpc/mm/pkeys.c | 2 +- arch/powerpc/platforms/powernv/pci-ioda.c | 2 +- arch/s390/kernel/sysinfo.c | 4 + arch/s390/mm/extmem.c | 4 +- arch/s390/mm/pgalloc.c | 2 +- arch/x86/entry/entry_64.S | 4 +- arch/x86/events/intel/lbr.c | 32 +++- arch/x86/events/perf_event.h | 1 + arch/x86/include/asm/fixmap.h | 10 ++ arch/x86/include/asm/pgtable_64.h | 3 +- arch/x86/kernel/head64.c | 4 +- arch/x86/kernel/head_64.S | 16 +- arch/x86/kernel/tsc_msr.c | 1 + arch/x86/mm/numa_emulation.c | 2 +- arch/x86/mm/pgtable.c | 9 + arch/x86/mm/pti.c | 2 +- arch/x86/xen/mmu_pv.c | 8 +- block/elevator.c | 2 +- crypto/ablkcipher.c | 2 + crypto/blkcipher.c | 1 + drivers/acpi/button.c | 13 +- drivers/ata/pata_ftide010.c | 27 +-- drivers/block/floppy.c | 3 + drivers/bluetooth/btusb.c | 1 + drivers/bus/ti-sysc.c | 37 ++-- drivers/clk/x86/clk-st.c | 2 +- drivers/crypto/cavium/nitrox/nitrox_dev.h | 3 +- drivers/crypto/cavium/nitrox/nitrox_lib.c | 1 + drivers/crypto/cavium/nitrox/nitrox_reqmgr.c | 57 ++++--- drivers/crypto/chelsio/chtls/chtls.h | 5 + drivers/crypto/chelsio/chtls/chtls_main.c | 7 +- drivers/edac/altera_edac.c | 3 +- drivers/edac/edac_mc_sysfs.c | 6 +- drivers/edac/i7core_edac.c | 22 ++- drivers/gpio/gpio-menz127.c | 4 +- drivers/gpio/gpio-tegra.c | 15 +- drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 16 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ib.c | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 3 +- drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c | 11 +- drivers/gpu/drm/amd/amdgpu/kv_dpm.c | 4 +- drivers/gpu/drm/amd/amdgpu/si_dpm.c | 3 +- .../gpu/drm/amd/display/dc/dce/dce_clock_source.c | 10 +- .../amd/display/dc/dml/dml1_display_rq_dlg_calc.c | 2 + drivers/gpu/drm/omapdrm/omap_debugfs.c | 2 + drivers/gpu/drm/omapdrm/omap_drv.c | 2 +- drivers/gpu/drm/omapdrm/omap_drv.h | 2 +- drivers/gpu/drm/omapdrm/omap_gem.c | 15 +- drivers/gpu/drm/sun4i/sun4i_drv.c | 3 +- drivers/gpu/drm/sun4i/sun8i_hdmi_phy.c | 7 +- drivers/gpu/drm/v3d/v3d_drv.h | 5 + drivers/gpu/drm/v3d/v3d_gem.c | 4 + drivers/gpu/drm/vc4/vc4_plane.c | 3 + drivers/hid/hid-ntrig.c | 2 + drivers/hid/i2c-hid/i2c-hid.c | 9 +- drivers/hwmon/adt7475.c | 14 +- drivers/hwmon/ina2xx.c | 13 +- drivers/hwtracing/intel_th/core.c | 16 +- drivers/i2c/busses/i2c-i801.c | 9 +- drivers/iio/accel/adxl345_core.c | 21 ++- drivers/iio/adc/ina2xx-adc.c | 17 +- drivers/iio/counter/104-quad-8.c | 2 +- drivers/infiniband/core/rw.c | 2 +- drivers/infiniband/core/uverbs_cmd.c | 5 +- drivers/infiniband/core/uverbs_main.c | 1 + drivers/infiniband/hw/bnxt_re/qplib_fp.c | 12 +- drivers/infiniband/hw/bnxt_re/qplib_sp.c | 4 +- drivers/infiniband/hw/hfi1/chip.c | 6 +- drivers/infiniband/hw/hfi1/pio.c | 51 ++++-- drivers/infiniband/hw/hfi1/pio.h | 2 + drivers/infiniband/hw/hfi1/user_sdma.c | 2 +- drivers/infiniband/hw/hfi1/verbs.c | 8 +- drivers/infiniband/hw/i40iw/i40iw_verbs.c | 2 + drivers/infiniband/hw/mlx4/qp.c | 2 +- drivers/infiniband/hw/mlx5/main.c | 2 +- drivers/infiniband/ulp/srp/ib_srp.c | 6 +- drivers/input/misc/xen-kbdfront.c | 8 +- drivers/input/mouse/elantech.c | 2 + drivers/iommu/amd_iommu.c | 2 +- drivers/iommu/msm_iommu.c | 16 +- drivers/md/md-cluster.c | 19 ++- drivers/media/i2c/ov772x.c | 40 +++-- drivers/media/i2c/soc_camera/ov772x.c | 2 +- drivers/media/platform/exynos4-is/fimc-isp-video.c | 11 +- drivers/media/platform/fsl-viu.c | 38 +++-- drivers/media/platform/omap3isp/isp.c | 2 +- drivers/media/platform/s3c-camif/camif-capture.c | 2 + drivers/media/usb/tm6000/tm6000-dvb.c | 5 + drivers/misc/ibmvmc.c | 2 +- drivers/misc/sram.c | 13 +- drivers/misc/tsl2550.c | 2 +- drivers/misc/vmw_vmci/vmci_queue_pair.c | 4 +- drivers/mmc/host/android-goldfish.c | 4 +- drivers/mmc/host/atmel-mci.c | 12 +- drivers/mtd/nand/raw/atmel/nand-controller.c | 7 +- drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 2 +- drivers/net/ethernet/hisilicon/hns/hnae.h | 6 +- drivers/net/ethernet/hisilicon/hns/hns_enet.c | 2 +- drivers/net/ethernet/hisilicon/hns3/hns3_enet.h | 6 +- drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c | 2 + .../net/ethernet/hisilicon/hns3/hns3pf/hclge_tm.c | 9 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 11 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_mbx.c | 3 +- drivers/net/ethernet/intel/e1000/e1000_ethtool.c | 7 +- drivers/net/ethernet/intel/i40e/i40e_ethtool.c | 2 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 15 +- drivers/net/ethernet/intel/ice/ice.h | 7 + drivers/net/ethernet/intel/ice/ice_adminq_cmd.h | 25 +-- drivers/net/ethernet/intel/ice/ice_common.c | 27 +-- drivers/net/ethernet/intel/ice/ice_controlq.c | 29 +++- drivers/net/ethernet/intel/ice/ice_ethtool.c | 52 ++++-- drivers/net/ethernet/intel/ice/ice_main.c | 98 ++++++----- drivers/net/ethernet/intel/ice/ice_switch.c | 4 +- drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 26 +++ drivers/net/ethernet/intel/ixgbe/ixgbe_type.h | 1 + drivers/net/ethernet/qlogic/qed/qed_mcp.c | 187 +++++++++++++++++---- drivers/net/ethernet/qlogic/qed/qed_mcp.h | 27 ++- drivers/net/ethernet/qlogic/qed/qed_reg_addr.h | 2 + drivers/net/phy/xilinx_gmii2rgmii.c | 10 +- drivers/net/wireless/ath/ath10k/ce.c | 2 +- drivers/net/wireless/ath/ath10k/htt_rx.c | 13 +- drivers/net/wireless/ath/ath10k/mac.c | 1 + drivers/net/wireless/ath/ath10k/sdio.c | 9 +- drivers/net/wireless/ath/ath10k/snoc.c | 2 +- drivers/net/wireless/ath/ath10k/wmi.c | 8 +- .../broadcom/brcm80211/brcmsmac/phy/phy_qmath.c | 2 +- drivers/net/wireless/mediatek/mt76/mt76x2_mac.c | 6 +- drivers/net/wireless/rndis_wlan.c | 2 + drivers/net/wireless/ti/wlcore/cmd.c | 6 + drivers/nvme/target/fcloop.c | 3 +- drivers/pci/hotplug/acpiphp_glue.c | 11 +- drivers/platform/x86/asus-wireless.c | 23 +-- drivers/power/reset/vexpress-poweroff.c | 12 +- drivers/power/supply/axp288_charger.c | 2 +- drivers/power/supply/power_supply_core.c | 11 +- drivers/regulator/core.c | 4 +- drivers/regulator/of_regulator.c | 2 - drivers/s390/block/dasd.c | 1 + drivers/s390/block/scm_blk.c | 1 + drivers/scsi/bnx2i/bnx2i_hwi.c | 2 + drivers/scsi/hisi_sas/hisi_sas.h | 1 + drivers/scsi/hisi_sas/hisi_sas_main.c | 6 + drivers/scsi/ibmvscsi/ibmvscsi.c | 4 +- drivers/scsi/megaraid/megaraid_sas_base.c | 3 + drivers/siox/siox-core.c | 10 +- drivers/spi/spi-orion.c | 77 +++++---- drivers/spi/spi-rspi.c | 34 +++- drivers/spi/spi-sh-msiof.c | 28 ++- drivers/spi/spi-tegra20-slink.c | 31 +++- drivers/staging/android/ashmem.c | 6 + drivers/staging/media/imx/imx-ic-prpencvf.c | 1 + drivers/staging/media/imx/imx-media-csi.c | 1 + drivers/staging/mt7621-dts/gbpc1.dts | 2 + drivers/staging/mt7621-dts/mt7621.dtsi | 21 +-- drivers/staging/mt7621-eth/mtk_eth_soc.c | 13 +- drivers/staging/pi433/pi433_if.c | 7 +- drivers/staging/rts5208/sd.c | 2 +- drivers/target/iscsi/iscsi_target_tpg.c | 3 +- drivers/target/target_core_device.c | 22 ++- drivers/thermal/imx_thermal.c | 5 +- drivers/thermal/of-thermal.c | 7 +- drivers/tty/serial/8250/serial_cs.c | 6 +- drivers/tty/serial/cpm_uart/cpm_uart_core.c | 10 +- drivers/tty/serial/fsl_lpuart.c | 3 +- drivers/tty/serial/imx.c | 8 + drivers/tty/serial/mvebu-uart.c | 1 + drivers/tty/serial/pxa.c | 3 +- drivers/tty/serial/sh-sci.c | 2 + drivers/usb/class/cdc-wdm.c | 2 +- drivers/usb/common/roles.c | 15 +- drivers/usb/core/devio.c | 24 ++- drivers/usb/core/driver.c | 28 +-- drivers/usb/core/quirks.c | 3 +- drivers/usb/core/usb.c | 2 + drivers/usb/musb/musb_dsps.c | 12 +- drivers/usb/serial/kobil_sct.c | 12 +- drivers/usb/wusbcore/security.c | 2 +- drivers/uwb/hwa-rc.c | 1 + drivers/vhost/net.c | 35 ++-- fs/dax.c | 13 +- fs/ext2/inode.c | 2 +- fs/iomap.c | 21 +-- fs/isofs/inode.c | 7 + fs/locks.c | 7 + fs/nfsd/nfs4proc.c | 1 + include/linux/arm-smccc.h | 38 +++-- include/linux/bitfield.h | 6 +- include/linux/platform_data/ina2xx.h | 2 +- include/linux/posix-timers.h | 4 +- include/linux/power_supply.h | 1 + include/linux/regulator/machine.h | 6 +- include/linux/uio.h | 2 +- include/rdma/opa_addr.h | 2 +- kernel/bpf/sockmap.c | 11 +- kernel/events/hw_breakpoint.c | 57 +++++-- kernel/module.c | 6 +- kernel/time/alarmtimer.c | 7 +- kernel/time/posix-cpu-timers.c | 2 +- kernel/time/posix-timers.c | 33 ++-- kernel/time/posix-timers.h | 2 +- lib/klist.c | 10 +- net/6lowpan/iphc.c | 1 + net/ipv4/tcp_bbr.c | 38 +++-- net/ncsi/ncsi-netlink.c | 4 +- net/tls/tls_main.c | 9 +- sound/aoa/core/gpio-feature.c | 4 +- sound/pci/hda/hda_intel.c | 3 +- sound/soc/codecs/rt1305.c | 4 +- sound/soc/intel/boards/bytcr_rt5640.c | 2 +- sound/soc/qcom/qdsp6/q6afe.c | 6 +- sound/soc/sh/rcar/ssi.c | 32 ++-- sound/soc/soc-dapm.c | 7 + tools/bpf/bpftool/map_perf_ring.c | 5 +- tools/perf/tests/builtin-test.c | 2 +- .../net/forwarding/mirror_gre_bridge_1d_vlan.sh | 6 +- .../selftests/net/forwarding/mirror_gre_lib.sh | 2 +- .../net/forwarding/mirror_gre_vlan_bridge_1q.sh | 6 +- 241 files changed, 1730 insertions(+), 789 deletions(-)

7 years, 1 month

6
242
0 0

FAILED: patch "[PATCH] crypto: chelsio - Fix memory corruption in DMA Mapped" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From add92a817e60e308a419693413a38d9d1e663aff Mon Sep 17 00:00:00 2001 From: Harsh Jain <harsh(a)chelsio.com> Date: Wed, 19 Sep 2018 22:42:16 +0530 Subject: [PATCH] crypto: chelsio - Fix memory corruption in DMA Mapped buffers. Update PCI Id in "cpl_rx_phys_dsgl" header. In case pci_chan_id and tx_chan_id are not derived from same queue, H/W can send request completion indication before completing DMA Transfer. Herbert, It would be good if fix can be merge to stable tree. For 4.14 kernel, It requires some update to avoid mege conficts. Cc: <stable(a)vger.kernel.org> Signed-off-by: Harsh Jain <harsh(a)chelsio.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/drivers/crypto/chelsio/chcr_algo.c b/drivers/crypto/chelsio/chcr_algo.c index 5c539af8ed60..010bbf607797 100644 --- a/drivers/crypto/chelsio/chcr_algo.c +++ b/drivers/crypto/chelsio/chcr_algo.c @@ -367,7 +367,8 @@ static inline void dsgl_walk_init(struct dsgl_walk *walk, walk->to = (struct phys_sge_pairs *)(dsgl + 1); } -static inline void dsgl_walk_end(struct dsgl_walk *walk, unsigned short qid) +static inline void dsgl_walk_end(struct dsgl_walk *walk, unsigned short qid, + int pci_chan_id) { struct cpl_rx_phys_dsgl *phys_cpl; @@ -385,6 +386,7 @@ static inline void dsgl_walk_end(struct dsgl_walk *walk, unsigned short qid) phys_cpl->rss_hdr_int.opcode = CPL_RX_PHYS_ADDR; phys_cpl->rss_hdr_int.qid = htons(qid); phys_cpl->rss_hdr_int.hash_val = 0; + phys_cpl->rss_hdr_int.channel = pci_chan_id; } static inline void dsgl_walk_add_page(struct dsgl_walk *walk, @@ -718,7 +720,7 @@ static inline void create_wreq(struct chcr_context *ctx, FILL_WR_RX_Q_ID(ctx->dev->rx_channel_id, qid, !!lcb, ctx->tx_qidx); - chcr_req->ulptx.cmd_dest = FILL_ULPTX_CMD_DEST(ctx->dev->tx_channel_id, + chcr_req->ulptx.cmd_dest = FILL_ULPTX_CMD_DEST(ctx->tx_chan_id, qid); chcr_req->ulptx.len = htonl((DIV_ROUND_UP(len16, 16) - ((sizeof(chcr_req->wreq)) >> 4))); @@ -1339,16 +1341,23 @@ static int chcr_device_init(struct chcr_context *ctx) adap->vres.ncrypto_fc); rxq_perchan = u_ctx->lldi.nrxq / u_ctx->lldi.nchan; txq_perchan = ntxq / u_ctx->lldi.nchan; - rxq_idx = ctx->dev->tx_channel_id * rxq_perchan; - rxq_idx += id % rxq_perchan; - txq_idx = ctx->dev->tx_channel_id * txq_perchan; - txq_idx += id % txq_perchan; spin_lock(&ctx->dev->lock_chcr_dev); - ctx->rx_qidx = rxq_idx; - ctx->tx_qidx = txq_idx; + ctx->tx_chan_id = ctx->dev->tx_channel_id; ctx->dev->tx_channel_id = !ctx->dev->tx_channel_id; ctx->dev->rx_channel_id = 0; spin_unlock(&ctx->dev->lock_chcr_dev); + rxq_idx = ctx->tx_chan_id * rxq_perchan; + rxq_idx += id % rxq_perchan; + txq_idx = ctx->tx_chan_id * txq_perchan; + txq_idx += id % txq_perchan; + ctx->rx_qidx = rxq_idx; + ctx->tx_qidx = txq_idx; + /* Channel Id used by SGE to forward packet to Host. + * Same value should be used in cpl_fw6_pld RSS_CH field + * by FW. Driver programs PCI channel ID to be used in fw + * at the time of queue allocation with value "pi->tx_chan" + */ + ctx->pci_chan_id = txq_idx / txq_perchan; } out: return err; @@ -2503,6 +2512,7 @@ void chcr_add_aead_dst_ent(struct aead_request *req, struct crypto_aead *tfm = crypto_aead_reqtfm(req); struct dsgl_walk dsgl_walk; unsigned int authsize = crypto_aead_authsize(tfm); + struct chcr_context *ctx = a_ctx(tfm); u32 temp; dsgl_walk_init(&dsgl_walk, phys_cpl); @@ -2512,7 +2522,7 @@ void chcr_add_aead_dst_ent(struct aead_request *req, dsgl_walk_add_page(&dsgl_walk, IV, &reqctx->iv_dma); temp = req->cryptlen + (reqctx->op ? -authsize : authsize); dsgl_walk_add_sg(&dsgl_walk, req->dst, temp, req->assoclen); - dsgl_walk_end(&dsgl_walk, qid); + dsgl_walk_end(&dsgl_walk, qid, ctx->pci_chan_id); } void chcr_add_cipher_src_ent(struct ablkcipher_request *req, @@ -2544,6 +2554,8 @@ void chcr_add_cipher_dst_ent(struct ablkcipher_request *req, unsigned short qid) { struct chcr_blkcipher_req_ctx *reqctx = ablkcipher_request_ctx(req); + struct crypto_ablkcipher *tfm = crypto_ablkcipher_reqtfm(wrparam->req); + struct chcr_context *ctx = c_ctx(tfm); struct dsgl_walk dsgl_walk; dsgl_walk_init(&dsgl_walk, phys_cpl); @@ -2552,7 +2564,7 @@ void chcr_add_cipher_dst_ent(struct ablkcipher_request *req, reqctx->dstsg = dsgl_walk.last_sg; reqctx->dst_ofst = dsgl_walk.last_sg_len; - dsgl_walk_end(&dsgl_walk, qid); + dsgl_walk_end(&dsgl_walk, qid, ctx->pci_chan_id); } void chcr_add_hash_src_ent(struct ahash_request *req, diff --git a/drivers/crypto/chelsio/chcr_crypto.h b/drivers/crypto/chelsio/chcr_crypto.h index 54835cb109e5..0d2c70c344f3 100644 --- a/drivers/crypto/chelsio/chcr_crypto.h +++ b/drivers/crypto/chelsio/chcr_crypto.h @@ -255,6 +255,8 @@ struct chcr_context { struct chcr_dev *dev; unsigned char tx_qidx; unsigned char rx_qidx; + unsigned char tx_chan_id; + unsigned char pci_chan_id; struct __crypto_ctx crypto_ctx[0]; };

7 years, 1 month

1
0
0 0

FAILED: patch "[PATCH] crypto: chelsio - Fix memory corruption in DMA Mapped" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From add92a817e60e308a419693413a38d9d1e663aff Mon Sep 17 00:00:00 2001 From: Harsh Jain <harsh(a)chelsio.com> Date: Wed, 19 Sep 2018 22:42:16 +0530 Subject: [PATCH] crypto: chelsio - Fix memory corruption in DMA Mapped buffers. Update PCI Id in "cpl_rx_phys_dsgl" header. In case pci_chan_id and tx_chan_id are not derived from same queue, H/W can send request completion indication before completing DMA Transfer. Herbert, It would be good if fix can be merge to stable tree. For 4.14 kernel, It requires some update to avoid mege conficts. Cc: <stable(a)vger.kernel.org> Signed-off-by: Harsh Jain <harsh(a)chelsio.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/drivers/crypto/chelsio/chcr_algo.c b/drivers/crypto/chelsio/chcr_algo.c index 5c539af8ed60..010bbf607797 100644 --- a/drivers/crypto/chelsio/chcr_algo.c +++ b/drivers/crypto/chelsio/chcr_algo.c @@ -367,7 +367,8 @@ static inline void dsgl_walk_init(struct dsgl_walk *walk, walk->to = (struct phys_sge_pairs *)(dsgl + 1); } -static inline void dsgl_walk_end(struct dsgl_walk *walk, unsigned short qid) +static inline void dsgl_walk_end(struct dsgl_walk *walk, unsigned short qid, + int pci_chan_id) { struct cpl_rx_phys_dsgl *phys_cpl; @@ -385,6 +386,7 @@ static inline void dsgl_walk_end(struct dsgl_walk *walk, unsigned short qid) phys_cpl->rss_hdr_int.opcode = CPL_RX_PHYS_ADDR; phys_cpl->rss_hdr_int.qid = htons(qid); phys_cpl->rss_hdr_int.hash_val = 0; + phys_cpl->rss_hdr_int.channel = pci_chan_id; } static inline void dsgl_walk_add_page(struct dsgl_walk *walk, @@ -718,7 +720,7 @@ static inline void create_wreq(struct chcr_context *ctx, FILL_WR_RX_Q_ID(ctx->dev->rx_channel_id, qid, !!lcb, ctx->tx_qidx); - chcr_req->ulptx.cmd_dest = FILL_ULPTX_CMD_DEST(ctx->dev->tx_channel_id, + chcr_req->ulptx.cmd_dest = FILL_ULPTX_CMD_DEST(ctx->tx_chan_id, qid); chcr_req->ulptx.len = htonl((DIV_ROUND_UP(len16, 16) - ((sizeof(chcr_req->wreq)) >> 4))); @@ -1339,16 +1341,23 @@ static int chcr_device_init(struct chcr_context *ctx) adap->vres.ncrypto_fc); rxq_perchan = u_ctx->lldi.nrxq / u_ctx->lldi.nchan; txq_perchan = ntxq / u_ctx->lldi.nchan; - rxq_idx = ctx->dev->tx_channel_id * rxq_perchan; - rxq_idx += id % rxq_perchan; - txq_idx = ctx->dev->tx_channel_id * txq_perchan; - txq_idx += id % txq_perchan; spin_lock(&ctx->dev->lock_chcr_dev); - ctx->rx_qidx = rxq_idx; - ctx->tx_qidx = txq_idx; + ctx->tx_chan_id = ctx->dev->tx_channel_id; ctx->dev->tx_channel_id = !ctx->dev->tx_channel_id; ctx->dev->rx_channel_id = 0; spin_unlock(&ctx->dev->lock_chcr_dev); + rxq_idx = ctx->tx_chan_id * rxq_perchan; + rxq_idx += id % rxq_perchan; + txq_idx = ctx->tx_chan_id * txq_perchan; + txq_idx += id % txq_perchan; + ctx->rx_qidx = rxq_idx; + ctx->tx_qidx = txq_idx; + /* Channel Id used by SGE to forward packet to Host. + * Same value should be used in cpl_fw6_pld RSS_CH field + * by FW. Driver programs PCI channel ID to be used in fw + * at the time of queue allocation with value "pi->tx_chan" + */ + ctx->pci_chan_id = txq_idx / txq_perchan; } out: return err; @@ -2503,6 +2512,7 @@ void chcr_add_aead_dst_ent(struct aead_request *req, struct crypto_aead *tfm = crypto_aead_reqtfm(req); struct dsgl_walk dsgl_walk; unsigned int authsize = crypto_aead_authsize(tfm); + struct chcr_context *ctx = a_ctx(tfm); u32 temp; dsgl_walk_init(&dsgl_walk, phys_cpl); @@ -2512,7 +2522,7 @@ void chcr_add_aead_dst_ent(struct aead_request *req, dsgl_walk_add_page(&dsgl_walk, IV, &reqctx->iv_dma); temp = req->cryptlen + (reqctx->op ? -authsize : authsize); dsgl_walk_add_sg(&dsgl_walk, req->dst, temp, req->assoclen); - dsgl_walk_end(&dsgl_walk, qid); + dsgl_walk_end(&dsgl_walk, qid, ctx->pci_chan_id); } void chcr_add_cipher_src_ent(struct ablkcipher_request *req, @@ -2544,6 +2554,8 @@ void chcr_add_cipher_dst_ent(struct ablkcipher_request *req, unsigned short qid) { struct chcr_blkcipher_req_ctx *reqctx = ablkcipher_request_ctx(req); + struct crypto_ablkcipher *tfm = crypto_ablkcipher_reqtfm(wrparam->req); + struct chcr_context *ctx = c_ctx(tfm); struct dsgl_walk dsgl_walk; dsgl_walk_init(&dsgl_walk, phys_cpl); @@ -2552,7 +2564,7 @@ void chcr_add_cipher_dst_ent(struct ablkcipher_request *req, reqctx->dstsg = dsgl_walk.last_sg; reqctx->dst_ofst = dsgl_walk.last_sg_len; - dsgl_walk_end(&dsgl_walk, qid); + dsgl_walk_end(&dsgl_walk, qid, ctx->pci_chan_id); } void chcr_add_hash_src_ent(struct ahash_request *req, diff --git a/drivers/crypto/chelsio/chcr_crypto.h b/drivers/crypto/chelsio/chcr_crypto.h index 54835cb109e5..0d2c70c344f3 100644 --- a/drivers/crypto/chelsio/chcr_crypto.h +++ b/drivers/crypto/chelsio/chcr_crypto.h @@ -255,6 +255,8 @@ struct chcr_context { struct chcr_dev *dev; unsigned char tx_qidx; unsigned char rx_qidx; + unsigned char tx_chan_id; + unsigned char pci_chan_id; struct __crypto_ctx crypto_ctx[0]; };

7 years, 1 month

1
0
0 0

FAILED: patch "[PATCH] firmware: Always initialize the fw_priv list object" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 7012040576c6ae25a47035659ee48673612c2c27 Mon Sep 17 00:00:00 2001 From: Bjorn Andersson <bjorn.andersson(a)linaro.org> Date: Wed, 19 Sep 2018 18:09:38 -0700 Subject: [PATCH] firmware: Always initialize the fw_priv list object When freeing the fw_priv the item is taken off the list. This causes an oops in the FW_OPT_NOCACHE case as the list object is not initialized. Make sure to initialize the list object regardless of this flag. Fixes: 422b3db2a503 ("firmware: Fix security issue with request_firmware_into_buf()") Cc: stable(a)vger.kernel.org Cc: Rishabh Bhatnagar <rishabhb(a)codeaurora.org> Signed-off-by: Bjorn Andersson <bjorn.andersson(a)linaro.org> Reviewed-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/base/firmware_loader/main.c b/drivers/base/firmware_loader/main.c index b3c0498ee433..8e9213b36e31 100644 --- a/drivers/base/firmware_loader/main.c +++ b/drivers/base/firmware_loader/main.c @@ -226,8 +226,11 @@ static int alloc_lookup_fw_priv(const char *fw_name, } tmp = __allocate_fw_priv(fw_name, fwc, dbuf, size); - if (tmp && !(opt_flags & FW_OPT_NOCACHE)) - list_add(&tmp->list, &fwc->head); + if (tmp) { + INIT_LIST_HEAD(&tmp->list); + if (!(opt_flags & FW_OPT_NOCACHE)) + list_add(&tmp->list, &fwc->head); + } spin_unlock(&fwc->lock); *fw_priv = tmp;

7 years, 1 month

1
0
0 0

FAILED: patch "[PATCH] firmware: Fix security issue with request_firmware_into_buf()" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 422b3db2a5036add39a82425b1dd9fb6c96481e8 Mon Sep 17 00:00:00 2001 From: Rishabh Bhatnagar <rishabhb(a)codeaurora.org> Date: Fri, 31 Aug 2018 08:43:31 -0700 Subject: [PATCH] firmware: Fix security issue with request_firmware_into_buf() When calling request_firmware_into_buf() with the FW_OPT_NOCACHE flag it is expected that firmware is loaded into buffer from memory. But inside alloc_lookup_fw_priv every new firmware that is loaded is added to the firmware cache (fwc) list head. So if any driver requests a firmware that is already loaded the code iterates over the above mentioned list and it can end up giving a pointer to other device driver's firmware buffer. Also the existing copy may either be modified by drivers, remote processors or even freed. This causes a potential security issue with batched requests when using request_firmware_into_buf. Fix alloc_lookup_fw_priv to not add to the fwc head list if FW_OPT_NOCACHE is set, and also don't do the lookup in the list. Fixes: 0e742e9275 ("firmware: provide infrastructure to make fw caching optional") [mcgrof: broken since feature introduction on v4.8] Cc: stable(a)vger.kernel.org # v4.8+ Signed-off-by: Vikram Mulukutla <markivx(a)codeaurora.org> Signed-off-by: Rishabh Bhatnagar <rishabhb(a)codeaurora.org> Signed-off-by: Luis Chamberlain <mcgrof(a)kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/base/firmware_loader/main.c b/drivers/base/firmware_loader/main.c index 0943e7065e0e..b3c0498ee433 100644 --- a/drivers/base/firmware_loader/main.c +++ b/drivers/base/firmware_loader/main.c @@ -209,21 +209,24 @@ static struct fw_priv *__lookup_fw_priv(const char *fw_name) static int alloc_lookup_fw_priv(const char *fw_name, struct firmware_cache *fwc, struct fw_priv **fw_priv, void *dbuf, - size_t size) + size_t size, enum fw_opt opt_flags) { struct fw_priv *tmp; spin_lock(&fwc->lock); - tmp = __lookup_fw_priv(fw_name); - if (tmp) { - kref_get(&tmp->ref); - spin_unlock(&fwc->lock); - *fw_priv = tmp; - pr_debug("batched request - sharing the same struct fw_priv and lookup for multiple requests\n"); - return 1; + if (!(opt_flags & FW_OPT_NOCACHE)) { + tmp = __lookup_fw_priv(fw_name); + if (tmp) { + kref_get(&tmp->ref); + spin_unlock(&fwc->lock); + *fw_priv = tmp; + pr_debug("batched request - sharing the same struct fw_priv and lookup for multiple requests\n"); + return 1; + } } + tmp = __allocate_fw_priv(fw_name, fwc, dbuf, size); - if (tmp) + if (tmp && !(opt_flags & FW_OPT_NOCACHE)) list_add(&tmp->list, &fwc->head); spin_unlock(&fwc->lock); @@ -493,7 +496,8 @@ int assign_fw(struct firmware *fw, struct device *device, */ static int _request_firmware_prepare(struct firmware **firmware_p, const char *name, - struct device *device, void *dbuf, size_t size) + struct device *device, void *dbuf, size_t size, + enum fw_opt opt_flags) { struct firmware *firmware; struct fw_priv *fw_priv; @@ -511,7 +515,8 @@ _request_firmware_prepare(struct firmware **firmware_p, const char *name, return 0; /* assigned */ } - ret = alloc_lookup_fw_priv(name, &fw_cache, &fw_priv, dbuf, size); + ret = alloc_lookup_fw_priv(name, &fw_cache, &fw_priv, dbuf, size, + opt_flags); /* * bind with 'priv' now to avoid warning in failure path @@ -571,7 +576,8 @@ _request_firmware(const struct firmware **firmware_p, const char *name, goto out; } - ret = _request_firmware_prepare(&fw, name, device, buf, size); + ret = _request_firmware_prepare(&fw, name, device, buf, size, + opt_flags); if (ret <= 0) /* error or already assigned */ goto out;

7 years, 1 month

1
0
0 0

FAILED: patch "[PATCH] firmware: Fix security issue with request_firmware_into_buf()" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 422b3db2a5036add39a82425b1dd9fb6c96481e8 Mon Sep 17 00:00:00 2001 From: Rishabh Bhatnagar <rishabhb(a)codeaurora.org> Date: Fri, 31 Aug 2018 08:43:31 -0700 Subject: [PATCH] firmware: Fix security issue with request_firmware_into_buf() When calling request_firmware_into_buf() with the FW_OPT_NOCACHE flag it is expected that firmware is loaded into buffer from memory. But inside alloc_lookup_fw_priv every new firmware that is loaded is added to the firmware cache (fwc) list head. So if any driver requests a firmware that is already loaded the code iterates over the above mentioned list and it can end up giving a pointer to other device driver's firmware buffer. Also the existing copy may either be modified by drivers, remote processors or even freed. This causes a potential security issue with batched requests when using request_firmware_into_buf. Fix alloc_lookup_fw_priv to not add to the fwc head list if FW_OPT_NOCACHE is set, and also don't do the lookup in the list. Fixes: 0e742e9275 ("firmware: provide infrastructure to make fw caching optional") [mcgrof: broken since feature introduction on v4.8] Cc: stable(a)vger.kernel.org # v4.8+ Signed-off-by: Vikram Mulukutla <markivx(a)codeaurora.org> Signed-off-by: Rishabh Bhatnagar <rishabhb(a)codeaurora.org> Signed-off-by: Luis Chamberlain <mcgrof(a)kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/base/firmware_loader/main.c b/drivers/base/firmware_loader/main.c index 0943e7065e0e..b3c0498ee433 100644 --- a/drivers/base/firmware_loader/main.c +++ b/drivers/base/firmware_loader/main.c @@ -209,21 +209,24 @@ static struct fw_priv *__lookup_fw_priv(const char *fw_name) static int alloc_lookup_fw_priv(const char *fw_name, struct firmware_cache *fwc, struct fw_priv **fw_priv, void *dbuf, - size_t size) + size_t size, enum fw_opt opt_flags) { struct fw_priv *tmp; spin_lock(&fwc->lock); - tmp = __lookup_fw_priv(fw_name); - if (tmp) { - kref_get(&tmp->ref); - spin_unlock(&fwc->lock); - *fw_priv = tmp; - pr_debug("batched request - sharing the same struct fw_priv and lookup for multiple requests\n"); - return 1; + if (!(opt_flags & FW_OPT_NOCACHE)) { + tmp = __lookup_fw_priv(fw_name); + if (tmp) { + kref_get(&tmp->ref); + spin_unlock(&fwc->lock); + *fw_priv = tmp; + pr_debug("batched request - sharing the same struct fw_priv and lookup for multiple requests\n"); + return 1; + } } + tmp = __allocate_fw_priv(fw_name, fwc, dbuf, size); - if (tmp) + if (tmp && !(opt_flags & FW_OPT_NOCACHE)) list_add(&tmp->list, &fwc->head); spin_unlock(&fwc->lock); @@ -493,7 +496,8 @@ int assign_fw(struct firmware *fw, struct device *device, */ static int _request_firmware_prepare(struct firmware **firmware_p, const char *name, - struct device *device, void *dbuf, size_t size) + struct device *device, void *dbuf, size_t size, + enum fw_opt opt_flags) { struct firmware *firmware; struct fw_priv *fw_priv; @@ -511,7 +515,8 @@ _request_firmware_prepare(struct firmware **firmware_p, const char *name, return 0; /* assigned */ } - ret = alloc_lookup_fw_priv(name, &fw_cache, &fw_priv, dbuf, size); + ret = alloc_lookup_fw_priv(name, &fw_cache, &fw_priv, dbuf, size, + opt_flags); /* * bind with 'priv' now to avoid warning in failure path @@ -571,7 +576,8 @@ _request_firmware(const struct firmware **firmware_p, const char *name, goto out; } - ret = _request_firmware_prepare(&fw, name, device, buf, size); + ret = _request_firmware_prepare(&fw, name, device, buf, size, + opt_flags); if (ret <= 0) /* error or already assigned */ goto out;

7 years, 1 month

1
0
0 0

[PATCH stable v2 0/2] termios: Alpha BOTHER/IBSHIFT, tty_baudrate fix

by H. Peter Anvin

From: "H. Peter Anvin (Intel)" <hpa(a)zytor.com> It turns out that Alpha is the only architecture that never implemented BOTHER and IBSHIFT, which is otherwise ages old. This is one thing that has held up glibc support for this feature (all other architectures have supported these for about a decade, at least before the current 3.2 glibc cutoff.) Furthermore, in the process of dealing with this, I discovered that the current code in tty_baudrate.c can read past the end of the baud_table[] on Alpha and PowerPC. The second patch in this series fixes that, but it also cleans up the code substantially by auto-generating the table and, since all architectures now have them, removing all conditionals for BOTHER and IBSHIFT existing. Tagging for stable because these are concrete and immediate problems. I have a much bigger update in process, nearly done, which will clean up a lot of duplicated code and make the uapi headers usable for libc, but that is not critical on the same level. Tested on x86, compile-tested on Alpha. SPARC, and PowerPC. v2: the CBAUDEX masking-as-fallback code was wrong, but it could never be exercised on any architecture anyway (gcc would not even emit it) so just remove it. There are thus no object code changes from v1. --- arch/alpha/include/asm/termios.h | 8 +- arch/alpha/include/uapi/asm/ioctls.h | 5 + arch/alpha/include/uapi/asm/termbits.h | 17 +++ drivers/tty/.gitignore | 1 + drivers/tty/Makefile | 16 +++ drivers/tty/bmacros.c | 2 + drivers/tty/tty_baudrate.c | 182 ++++++++++++--------------------- 7 files changed, 114 insertions(+), 117 deletions(-) Signed-off-by: H. Peter Anvin (Intel) <hpa(a)zytor.com> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Jiri Slaby <jslaby(a)suse.com> Cc: Al Viro <viro(a)zeniv.linux.org.uk> Cc: Richard Henderson <rth(a)twiddle.net> Cc: Ivan Kokshaysky <ink(a)jurassic.park.msu.ru> Cc: Matt Turner <mattst88(a)gmail.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Kate Stewart <kstewart(a)linuxfoundation.org> Cc: Philippe Ombredanne <pombredanne(a)nexb.com> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Eugene Syromiatnikov <esyr(a)redhat.com> Cc: <linux-alpha(a)vger.kernel.org> Cc: <linux-serial(a)vger.kernel.org> Cc: Johan Hovold <johan(a)kernel.org> Cc: Alan Cox <alan(a)lxorguk.ukuu.org.uk> Cc: Benjamin Herrenschmidt <benh(a)kernel.crashing.org> Cc: Paul Mackerras <paulus(a)samba.org> Cc: Michael Ellerman <mpe(a)ellerman.id.au> Cc: <stable(a)vger.kernel.org>

7 years, 1 month

2
7
0 0

[GIT PULL] commits for Linux 4.18

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.18 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 7da07a3216a00aa3c523db4539fc6914497d0576: Linux 4.18.12 (2018-10-03 16:59:28 -0700) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.18-08102018 for you to fetch changes up to 880c04da777b6fab0bb97d8fccf7aed9c223db5e: x86/APM: Fix build warning when PROC_FS is not enabled (2018-10-03 22:23:29 -0400) - ---------------------------------------------------------------- for-greg-4.18-08102018 - ---------------------------------------------------------------- Andreas Bosch (1): HID: intel-ish-hid: Enable Sunrise Point-H ish driver Andrew Murray (1): asm-generic: io: Fix ioport_map() for !CONFIG_GENERIC_IOMAP && CONFIG_INDIRECT_PIO Anton Vasilyev (1): usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i] Anurag Kumar Vulisha (1): usb: host: xhci-plat: Iterate over parent nodes for finding quirks Ben Hutchings (1): USB: yurex: Check for truncation in yurex_read() Ben Skeggs (5): drm/nouveau: fix oops in client init failure path drm/nouveau/mmu: don't attempt to dereference vmm without valid instance pointer drm/nouveau/TBDdevinit: don't fail when PMU/PRE_OS is missing from VBIOS drm/nouveau/disp: fix DP disable race drm/nouveau/disp/gm200-: enforce identity-mapped SOR assignment for LVDS/eDP panels Chris Phlipot (1): perf util: Fix bad memory access in trace info. Christian König (1): drm/amdgpu: fix error handling in amdgpu_cs_user_fence_chunk Cong Wang (1): netfilter: xt_hashlimit: use s->file instead of s->private Dan Carpenter (1): cifs: read overflow in is_valid_oplock_break() Daniel Jurgens (1): net/mlx5: Consider PCI domain in search for next dev Florian Westphal (2): netfilter: xt_checksum: ignore gso skbs netfilter: kconfig: nat related expression depend on nftables core Guenter Roeck (1): riscv: Do not overwrite initrd_start and initrd_end Hans de Goede (1): HID: sensor-hub: Restore fixup for Lenovo ThinkPad Helix 2 sensor hub report Harry Mallon (1): HID: hid-saitek: Add device ID for RAT 7 Contagion Heinz Mauelshagen (4): dm raid: fix reshape race on small devices dm raid: fix stripe adding reshape deadlock dm raid: fix rebuild of specific devices by updating superblock dm raid: fix RAID leg rebuild errors Hisao Tanabe (1): perf evsel: Fix potential null pointer dereference in perf_evsel__new_idx() Jacek Tomaka (1): perf/x86/intel: Add support/quirk for the MISPREDICT bit on Knights Landing CPUs Jann Horn (1): RDMA/ucma: check fd type in ucma_migrate_id() Joe Thornber (1): dm thin metadata: try to avoid ever aborting transactions Josh Abraham (1): xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage Julian Wiedmann (1): s390/qeth: don't dump past end of unknown HW header Kai-Heng Feng (2): HID: i2c-hid: Don't reset device upon system resume r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED Kim Phillips (1): perf annotate: Fix parsing aarch64 branch instructions after objdump update Lorenzo Bianconi (1): iio: imu: st_lsm6dsx: take into account ts samples in wm configuration Maciej S. Szmigiero (1): r8169: set TxConfig register after TX / RX is enabled, just like RxConfig Martin Liška (1): perf annotate: Properly interpret indirect call Martin Willi (1): netfilter: xt_cluster: add dependency on conntrack module Matt Ranostay (1): Revert "iio: temperature: maxim_thermocouple: add MAX31856 part" Michal 'vorner' Vaner (1): netfilter: nfnetlink_queue: Solve the NFQUEUE/conntrack clash for NF_REPEAT Miguel Ojeda (1): arm64: jump_label.h: use asm_volatile_goto macro instead of "asm goto" Mike Christie (1): scsi: iscsi: target: Fix conn_ops double free Netanel Belgazal (6): net: ena: fix surprise unplug NULL dereference kernel crash net: ena: fix driver when PAGE_SIZE == 64kB net: ena: fix device destruction to gracefully free resources net: ena: fix potential double ena_destroy_device() net: ena: fix missing lock during device destruction net: ena: fix missing calls to READ_ONCE Nilesh Javali (1): scsi: qedi: Add the CRC size within iSCSI NVM image Olaf Hering (1): xen: avoid crash in disable_hotplug_cpu Pablo Neira Ayuso (1): netfilter: conntrack: timeout interface depend on CONFIG_NF_CONNTRACK_TIMEOUT Randy Dunlap (3): arch/hexagon: fix kernel/dma.c build warning hexagon: modify ffs() and fls() to return int x86/APM: Fix build warning when PROC_FS is not enabled Sagi Grimberg (1): nvmet-rdma: fix possible bogus dereference under heavy load Sandipan Das (1): perf probe powerpc: Ignore SyS symbols irrespective of endianness Sean O'Brien (1): HID: add support for Apple Magic Keyboards Somnath Kotur (1): bnxt_re: Fix couple of memory leaks that could lead to IOMMU call traces Srikar Dronamraju (1): sched/topology: Set correct NUMA topology type Stephen Boyd (1): pinctrl: msm: Really mask level interrupts to prevent latching Stephen Rothwell (1): fs/cifs: suppress a string overflow warning Taehee Yoo (1): netfilter: nf_tables: release chain in flushing set Tao Zhou (1): drm/amdgpu: Fix SDMA hang in prt mode v2 Vincent Pelletier (1): scsi: iscsi: target: Set conn->sess to NULL when iscsi_login_set_conn_values fails Vitaly Kuznetsov (1): xen/manage: don't complain about an empty value in control/sysrq node Wenjia Zhang (1): s390/qeth: use vzalloc for QUERY OAT buffer arch/arm64/include/asm/jump_label.h | 4 +- arch/hexagon/include/asm/bitops.h | 4 +- arch/hexagon/kernel/dma.c | 2 +- arch/riscv/kernel/setup.c | 7 - arch/x86/events/intel/lbr.c | 4 + arch/x86/kernel/apm_32.c | 2 + drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 23 ++-- drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c | 7 +- drivers/gpu/drm/nouveau/nouveau_drm.c | 14 +- drivers/gpu/drm/nouveau/nvkm/engine/disp/base.c | 14 ++ drivers/gpu/drm/nouveau/nvkm/engine/disp/dp.c | 17 ++- drivers/gpu/drm/nouveau/nvkm/engine/disp/ior.h | 1 + drivers/gpu/drm/nouveau/nvkm/engine/disp/nv50.c | 6 +- drivers/gpu/drm/nouveau/nvkm/engine/disp/outp.c | 17 ++- drivers/gpu/drm/nouveau/nvkm/engine/disp/outp.h | 4 +- .../gpu/drm/nouveau/nvkm/subdev/devinit/gm200.c | 3 +- drivers/gpu/drm/nouveau/nvkm/subdev/mmu/vmm.c | 2 +- drivers/hid/hid-apple.c | 9 +- drivers/hid/hid-ids.h | 7 +- drivers/hid/hid-saitek.c | 2 + drivers/hid/hid-sensor-hub.c | 23 ++++ drivers/hid/i2c-hid/i2c-hid.c | 13 +- drivers/hid/intel-ish-hid/ipc/hw-ish.h | 1 + drivers/hid/intel-ish-hid/ipc/pci-ish.c | 1 + drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_buffer.c | 13 +- drivers/iio/temperature/maxim_thermocouple.c | 1 - drivers/infiniband/core/ucma.c | 6 + drivers/infiniband/hw/bnxt_re/ib_verbs.c | 2 + drivers/infiniband/hw/bnxt_re/qplib_fp.c | 2 +- drivers/md/dm-raid.c | 144 ++++++++------------ drivers/md/dm-thin-metadata.c | 36 ++++- drivers/md/dm-thin.c | 73 ++++++++-- drivers/net/ethernet/amazon/ena/ena_com.c | 8 +- drivers/net/ethernet/amazon/ena/ena_netdev.c | 52 +++---- drivers/net/ethernet/amazon/ena/ena_netdev.h | 11 ++ drivers/net/ethernet/mellanox/mlx5/core/dev.c | 7 +- drivers/net/ethernet/realtek/r8169.c | 11 +- drivers/nvme/target/rdma.c | 27 +++- drivers/pinctrl/qcom/pinctrl-msm.c | 24 ++++ drivers/s390/net/qeth_core_main.c | 5 +- drivers/s390/net/qeth_l2_main.c | 2 +- drivers/s390/net/qeth_l3_main.c | 2 +- drivers/scsi/qedi/qedi.h | 7 +- drivers/scsi/qedi/qedi_main.c | 28 ++-- drivers/target/iscsi/iscsi_target.c | 9 +- drivers/target/iscsi/iscsi_target_login.c | 149 +++++++++++---------- drivers/target/iscsi/iscsi_target_login.h | 2 +- drivers/usb/gadget/udc/fotg210-udc.c | 15 ++- drivers/usb/host/xhci-plat.c | 27 ++-- drivers/usb/misc/yurex.c | 3 + drivers/xen/cpu_hotplug.c | 15 ++- drivers/xen/events/events_base.c | 2 +- drivers/xen/manage.c | 6 +- fs/cifs/cifssmb.c | 11 +- fs/cifs/misc.c | 8 ++ include/asm-generic/io.h | 3 +- kernel/sched/topology.c | 5 +- net/ipv4/netfilter/Kconfig | 8 +- net/ipv4/netfilter/nf_conntrack_proto_icmp.c | 8 +- net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c | 8 +- net/netfilter/Kconfig | 12 +- net/netfilter/nf_conntrack_proto_dccp.c | 12 +- net/netfilter/nf_conntrack_proto_generic.c | 8 +- net/netfilter/nf_conntrack_proto_gre.c | 8 +- net/netfilter/nf_conntrack_proto_sctp.c | 14 +- net/netfilter/nf_conntrack_proto_tcp.c | 12 +- net/netfilter/nf_conntrack_proto_udp.c | 20 +-- net/netfilter/nf_tables_api.c | 1 + net/netfilter/nfnetlink_queue.c | 1 + net/netfilter/xt_CHECKSUM.c | 22 ++- net/netfilter/xt_cluster.c | 14 +- net/netfilter/xt_hashlimit.c | 18 +-- tools/perf/arch/powerpc/util/sym-handling.c | 4 +- tools/perf/util/annotate.c | 32 ++++- tools/perf/util/annotate.h | 1 + tools/perf/util/evsel.c | 5 +- tools/perf/util/trace-event-info.c | 2 +- 77 files changed, 709 insertions(+), 404 deletions(-) -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlu7cW8ACgkQ3qZv95d3 LNxYhQ/+IIWI+gqynHl33wBHO24BHgCzM0qUdEfofRfQe3sz4Fhs16b4mK8Yeaw0 Yag+8wh7fVccHI4VBIWkldzAyDm8+NQRuuqvE0JCofVNYm4C5lUmO+gf3inVwLmh FRdiWyk6EdcXFn3C540rfj9PXXkO8Kdn2iDHd0cQJx1+3rrBN1CwFzCv1pWozJVh 2bIoutp13EbiS3RxFoxEI0GLzVy6lyRV6v2Qrv+2bpHkfRBl3lZlLUpSZy9V+Kza kKDZTJC99F3jOj7Wy2kGzCdToDtk0Q4V9XTuB09Rdgj28rxoVSxSdx6qGvV73qxG 4PEV0tbpdJW2pUbGx2bvfx6LMkADxcFykujg4dYenErXbLTHnh2597Ryc6VXUdiL bZtbBbWNBx1OPx29vvghj1364O8rnpXRzU4aIT/P0fSofB2QTQsVEKjadNASDz0B OsMAKlsu4Z/6W5UGeG4Uoz7B6Qi3QKxxa/pt2OM8rdHMb8L6LY6g5j4RGUEbXspq 7vbzGWiibD1cPT+k/xtgRZ2mWwrRu0Ivx73vHp/Pm2TdKj2J7WwUXh6xaXnXWN5M TknNELY/rcZw35ThhKNCvpqgoYb+hoWTjL5amvY+JgduVcxxQG8fETlTZoYIoDOt HdV4RAKwlydKV9QUhiotaH6Gqir4VjY4cew8j8XTw6HjKJ+SOJc= =pn2C -----END PGP SIGNATURE-----

7 years, 1 month

2
1
0 0

[PATCH AUTOSEL 3.18 1/4] media: af9035: prevent buffer overflow on write

by Sasha Levin

From: Jozef Balga <jozef.balga(a)gmail.com> [ Upstream commit 312f73b648626a0526a3aceebb0a3192aaba05ce ] When less than 3 bytes are written to the device, memcpy is called with negative array size which leads to buffer overflow and kernel panic. This patch adds a condition and returns -EOPNOTSUPP instead. Fixes bugzilla issue 64871 [mchehab+samsung(a)kernel.org: fix a merge conflict and changed the condition to match the patch's comment, e. g. len == 3 could also be valid] Signed-off-by: Jozef Balga <jozef.balga(a)gmail.com> Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- drivers/media/usb/dvb-usb-v2/af9035.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/media/usb/dvb-usb-v2/af9035.c b/drivers/media/usb/dvb-usb-v2/af9035.c index 1896ab218b11..efc1545bf29e 100644 --- a/drivers/media/usb/dvb-usb-v2/af9035.c +++ b/drivers/media/usb/dvb-usb-v2/af9035.c @@ -389,8 +389,10 @@ static int af9035_i2c_master_xfer(struct i2c_adapter *adap, msg[0].addr == (state->af9033_i2c_addr[1] >> 1)) reg |= 0x100000; - ret = af9035_wr_regs(d, reg, &msg[0].buf[3], - msg[0].len - 3); + ret = (msg[0].len >= 3) ? af9035_wr_regs(d, reg, + &msg[0].buf[3], + msg[0].len - 3) + : -EOPNOTSUPP; } else { /* I2C write */ u8 buf[MAX_XFER_SIZE]; -- 2.17.1

7 years, 1 month

1
3
0 0

[PATCH AUTOSEL 4.4 1/9] media: af9035: prevent buffer overflow on write

by Sasha Levin

From: Jozef Balga <jozef.balga(a)gmail.com> [ Upstream commit 312f73b648626a0526a3aceebb0a3192aaba05ce ] When less than 3 bytes are written to the device, memcpy is called with negative array size which leads to buffer overflow and kernel panic. This patch adds a condition and returns -EOPNOTSUPP instead. Fixes bugzilla issue 64871 [mchehab+samsung(a)kernel.org: fix a merge conflict and changed the condition to match the patch's comment, e. g. len == 3 could also be valid] Signed-off-by: Jozef Balga <jozef.balga(a)gmail.com> Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- drivers/media/usb/dvb-usb-v2/af9035.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/media/usb/dvb-usb-v2/af9035.c b/drivers/media/usb/dvb-usb-v2/af9035.c index 6e02a15d39ce..abddb621d9e6 100644 --- a/drivers/media/usb/dvb-usb-v2/af9035.c +++ b/drivers/media/usb/dvb-usb-v2/af9035.c @@ -389,8 +389,10 @@ static int af9035_i2c_master_xfer(struct i2c_adapter *adap, msg[0].addr == (state->af9033_i2c_addr[1] >> 1)) reg |= 0x100000; - ret = af9035_wr_regs(d, reg, &msg[0].buf[3], - msg[0].len - 3); + ret = (msg[0].len >= 3) ? af9035_wr_regs(d, reg, + &msg[0].buf[3], + msg[0].len - 3) + : -EOPNOTSUPP; } else { /* I2C write */ u8 buf[MAX_XFER_SIZE]; -- 2.17.1

7 years, 1 month

1
8
0 0

[PATCH AUTOSEL 4.9 01/23] media: af9035: prevent buffer overflow on write

by Sasha Levin

From: Jozef Balga <jozef.balga(a)gmail.com> [ Upstream commit 312f73b648626a0526a3aceebb0a3192aaba05ce ] When less than 3 bytes are written to the device, memcpy is called with negative array size which leads to buffer overflow and kernel panic. This patch adds a condition and returns -EOPNOTSUPP instead. Fixes bugzilla issue 64871 [mchehab+samsung(a)kernel.org: fix a merge conflict and changed the condition to match the patch's comment, e. g. len == 3 could also be valid] Signed-off-by: Jozef Balga <jozef.balga(a)gmail.com> Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- drivers/media/usb/dvb-usb-v2/af9035.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/media/usb/dvb-usb-v2/af9035.c b/drivers/media/usb/dvb-usb-v2/af9035.c index 8961dd732522..64be30d53847 100644 --- a/drivers/media/usb/dvb-usb-v2/af9035.c +++ b/drivers/media/usb/dvb-usb-v2/af9035.c @@ -406,8 +406,10 @@ static int af9035_i2c_master_xfer(struct i2c_adapter *adap, msg[0].addr == (state->af9033_i2c_addr[1] >> 1)) reg |= 0x100000; - ret = af9035_wr_regs(d, reg, &msg[0].buf[3], - msg[0].len - 3); + ret = (msg[0].len >= 3) ? af9035_wr_regs(d, reg, + &msg[0].buf[3], + msg[0].len - 3) + : -EOPNOTSUPP; } else { /* I2C write */ u8 buf[MAX_XFER_SIZE]; -- 2.17.1

7 years, 1 month

1
22
0 0

[PATCH AUTOSEL 4.14 01/32] media: af9035: prevent buffer overflow on write

by Sasha Levin

From: Jozef Balga <jozef.balga(a)gmail.com> [ Upstream commit 312f73b648626a0526a3aceebb0a3192aaba05ce ] When less than 3 bytes are written to the device, memcpy is called with negative array size which leads to buffer overflow and kernel panic. This patch adds a condition and returns -EOPNOTSUPP instead. Fixes bugzilla issue 64871 [mchehab+samsung(a)kernel.org: fix a merge conflict and changed the condition to match the patch's comment, e. g. len == 3 could also be valid] Signed-off-by: Jozef Balga <jozef.balga(a)gmail.com> Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- drivers/media/usb/dvb-usb-v2/af9035.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/media/usb/dvb-usb-v2/af9035.c b/drivers/media/usb/dvb-usb-v2/af9035.c index 666d319d3d1a..1f6c1eefe389 100644 --- a/drivers/media/usb/dvb-usb-v2/af9035.c +++ b/drivers/media/usb/dvb-usb-v2/af9035.c @@ -402,8 +402,10 @@ static int af9035_i2c_master_xfer(struct i2c_adapter *adap, if (msg[0].addr == state->af9033_i2c_addr[1]) reg |= 0x100000; - ret = af9035_wr_regs(d, reg, &msg[0].buf[3], - msg[0].len - 3); + ret = (msg[0].len >= 3) ? af9035_wr_regs(d, reg, + &msg[0].buf[3], + msg[0].len - 3) + : -EOPNOTSUPP; } else { /* I2C write */ u8 buf[MAX_XFER_SIZE]; -- 2.17.1

7 years, 1 month

1
31
0 0

[GIT PULL] commits for Linux 3.18

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 3.18 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 921b2fed6a79439ef1609ef4af0ada5cccb3555c: Linux 3.18.123 (2018-09-26 08:33:59 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-3.18-08102018 for you to fetch changes up to 9ea48c2937d91b2c0d6ce1a7c047798298de6701: xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage (2018-09-28 10:16:27 -0400) - ---------------------------------------------------------------- for-greg-3.18-08102018 - ---------------------------------------------------------------- Anton Vasilyev (1): usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i] Ben Hutchings (1): USB: yurex: Check for truncation in yurex_read() Dan Carpenter (1): cifs: read overflow in is_valid_oplock_break() Jann Horn (1): RDMA/ucma: check fd type in ucma_migrate_id() Joe Thornber (1): dm thin metadata: try to avoid ever aborting transactions Josh Abraham (1): xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage Julian Wiedmann (1): s390/qeth: don't dump past end of unknown HW header Kai-Heng Feng (1): r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED Randy Dunlap (2): arch/hexagon: fix kernel/dma.c build warning hexagon: modify ffs() and fls() to return int Stephen Boyd (1): pinctrl: msm: Really mask level interrupts to prevent latching Stephen Rothwell (1): fs/cifs: suppress a string overflow warning Vitaly Kuznetsov (1): xen/manage: don't complain about an empty value in control/sysrq node arch/hexagon/include/asm/bitops.h | 4 +- arch/hexagon/kernel/dma.c | 2 +- drivers/infiniband/core/ucma.c | 6 +++ drivers/md/dm-thin-metadata.c | 36 +++++++++++++++++- drivers/md/dm-thin.c | 73 ++++++++++++++++++++++++++++++++---- drivers/net/ethernet/realtek/r8169.c | 9 +++-- drivers/pinctrl/qcom/pinctrl-msm.c | 24 ++++++++++++ drivers/s390/net/qeth_l2_main.c | 2 +- drivers/s390/net/qeth_l3_main.c | 2 +- drivers/usb/gadget/udc/fotg210-udc.c | 15 +++++--- drivers/usb/misc/yurex.c | 3 ++ drivers/xen/events/events_base.c | 2 +- drivers/xen/manage.c | 6 ++- fs/cifs/cifssmb.c | 11 ++++-- fs/cifs/misc.c | 8 ++++ 15 files changed, 175 insertions(+), 28 deletions(-) -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlu7caEACgkQ3qZv95d3 LNwjIRAAg+Kz3Igp9uJpAc9uUri/IxF3qwXL00FZT92BJTi0FqUEyJIQqtCbu7mo hyTNwNjw0PBQfrXcnDGWHTFcl5vICdd4KiFm5NRZB3UNdhYy+ATaBPWFA56Y7dSK oFd/IBWt9XQT/OWLJslul1PXR+JsulaRhFHYJPWJ0K9oys8jbTyTVBSvos1Wshzk wMJ9X3tTtQ/NfoXega1xdxgHIIwV9L4gR2jfTSMz0t5DnypGddUDlAR8/800yJGH J23tXprXRI7AZ5sf9qM2ybhL6MGvgU/86nd4DsA3Igkspi9jQDjXiV9FMGFx+PiB BjQraiLfXVI0bPsswsWBYKWwuZwheTf0WxlofAjO/Ct5aAZ14zlwg/HVOvFOpU5O PpxLGrJ2e28lsinhVSd8aLbJu1Jc4GpkAwp+0OHuolWqZlUTrbLrfKHho+SMANNs Y6smRnSYpgzhYI1l/9W8xoFMyP7CNRqihPGAZY2PKbPRPy4CXgQcGMC0OM8hLA+e Mf/g+GglCwqUZw3l6V8wZY83+X6gB/qhoSryrPgi2n2u9onA/aXtUOWynjmzXOKY oU0lW2CW5yThgo73pBTKLDW8bc5Vy9QuMFmnuXoaUsMIXJ3FjR799pFsyRaZMd/1 AuRnQ16Uw2N+W9xZLRTE3F8l9eapA47N+DTbOKVgJRFmhNjv7xM= =dYwu -----END PGP SIGNATURE-----

7 years, 1 month

1
0
0 0

[GIT PULL] commits for Linux 4.4

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.4 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 9c6cd3f3a4b8194e82fa927bc00028c7a505e3b3: Linux 4.4.159 (2018-09-29 03:08:55 -0700) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.4-08102018 for you to fetch changes up to 78c9795a56513a101b1620f0e34d89c114a7a59a: xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage (2018-09-29 13:03:41 -0400) - ---------------------------------------------------------------- for-greg-4.4-08102018 - ---------------------------------------------------------------- Anton Vasilyev (1): usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i] Ben Hutchings (1): USB: yurex: Check for truncation in yurex_read() Ben Skeggs (1): drm/nouveau/TBDdevinit: don't fail when PMU/PRE_OS is missing from VBIOS Dan Carpenter (1): cifs: read overflow in is_valid_oplock_break() Jann Horn (1): RDMA/ucma: check fd type in ucma_migrate_id() Joe Thornber (1): dm thin metadata: try to avoid ever aborting transactions Josh Abraham (1): xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage Julian Wiedmann (1): s390/qeth: don't dump past end of unknown HW header Kai-Heng Feng (1): r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED Miguel Ojeda (1): arm64: jump_label.h: use asm_volatile_goto macro instead of "asm goto" Olaf Hering (1): xen: avoid crash in disable_hotplug_cpu Randy Dunlap (2): arch/hexagon: fix kernel/dma.c build warning hexagon: modify ffs() and fls() to return int Sandipan Das (1): perf probe powerpc: Ignore SyS symbols irrespective of endianness Stephen Boyd (1): pinctrl: msm: Really mask level interrupts to prevent latching Stephen Rothwell (1): fs/cifs: suppress a string overflow warning Vitaly Kuznetsov (1): xen/manage: don't complain about an empty value in control/sysrq node arch/arm64/include/asm/jump_label.h | 4 +- arch/hexagon/include/asm/bitops.h | 4 +- arch/hexagon/kernel/dma.c | 2 +- .../gpu/drm/nouveau/nvkm/subdev/devinit/gm204.c | 3 +- drivers/infiniband/core/ucma.c | 6 ++ drivers/md/dm-thin-metadata.c | 36 ++++++++++- drivers/md/dm-thin.c | 73 +++++++++++++++++++--- drivers/net/ethernet/realtek/r8169.c | 9 ++- drivers/pinctrl/qcom/pinctrl-msm.c | 24 +++++++ drivers/s390/net/qeth_l2_main.c | 2 +- drivers/s390/net/qeth_l3_main.c | 2 +- drivers/usb/gadget/udc/fotg210-udc.c | 15 +++-- drivers/usb/misc/yurex.c | 3 + drivers/xen/cpu_hotplug.c | 15 ++--- drivers/xen/events/events_base.c | 2 +- drivers/xen/manage.c | 6 +- fs/cifs/cifssmb.c | 11 +++- fs/cifs/misc.c | 8 +++ tools/perf/arch/powerpc/util/sym-handling.c | 4 +- 19 files changed, 190 insertions(+), 39 deletions(-) -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlu7cZoACgkQ3qZv95d3 LNwdwQ//dsOKScH3qjTVEsX+fIwRTTnw9qTnQeCobQm2C2ibPnoVKST+oqaXoffQ 7QwdtrIXxNc/i4Ga4JuqV4AZUSuyrgsppueoHwoF+8v5Pa5hiwexlbSBJ0CmtTg9 mma8c6QGjyObaxtytWohX0AZ/1awLrmh2RYYngGTeMyTyfylRDwZoj9DA1lzT1Vv M9Qm+aDV7IApjiQW0Jb7UHZVGV8pyps0NRm0MUiwzNeoTTTOBW+s3uY1yu7pytpt +Gw1s39pmaAwmPfrxsjyzZMbFVogK9KFa/0nSVN56oo+qamq3IzvFYFIj78GJv1P hPhCH1T1OVprZPt3FAdYPnpuWvb/4maogGyrEu1LME09erC9NpLs9ovTiORTmc5h ucUJmgtHF7EXb53R//m8jLcWKWnlIRPezKxIGv/vUx5N86LOWixX/yFtZU3QanMj yKbQBz/eBYhe0Mj8G+roI3kIN0naplH5FuluissaMWRzdBXTDUMe+YKmEEYWVIHs V2KX2aiYbaAojv4/JLaKnPV0HMIG6+DUJq/h8yFDxMn8kUeiKyW7JVpNWrNgz38p oIYK5qf/JO9RqKbQK1qLOi8HkFNTq9VOFoEBz9SnEHwiJq39wLs3W3wZIAGcLnhd sfy1yJM5ihbGX51oSAbc4O/5bxzmnPzycq8AA84JnYfN65zYBjw= =+003 -----END PGP SIGNATURE-----

7 years, 1 month

1
0
0 0

[GIT PULL] commits for Linux 4.9

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.9 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit cdd48f386d7e6671e7cc21e517ae258b298ec877: Linux 4.9.131 (2018-10-03 17:01:55 -0700) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.9-08102018 for you to fetch changes up to 3c29b011970e1edb3d203e2e2517daad893c8ed4: xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage (2018-10-03 22:23:44 -0400) - ---------------------------------------------------------------- for-greg-4.9-08102018 - ---------------------------------------------------------------- Anton Vasilyev (1): usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i] Ben Hutchings (1): USB: yurex: Check for truncation in yurex_read() Ben Skeggs (1): drm/nouveau/TBDdevinit: don't fail when PMU/PRE_OS is missing from VBIOS Dan Carpenter (1): cifs: read overflow in is_valid_oplock_break() Daniel Jurgens (1): net/mlx5: Consider PCI domain in search for next dev Harry Mallon (1): HID: hid-saitek: Add device ID for RAT 7 Contagion Heinz Mauelshagen (1): dm raid: fix rebuild of specific devices by updating superblock Hisao Tanabe (1): perf evsel: Fix potential null pointer dereference in perf_evsel__new_idx() Jacek Tomaka (1): perf/x86/intel: Add support/quirk for the MISPREDICT bit on Knights Landing CPUs Jann Horn (1): RDMA/ucma: check fd type in ucma_migrate_id() Joe Thornber (1): dm thin metadata: try to avoid ever aborting transactions Josh Abraham (1): xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage Julian Wiedmann (1): s390/qeth: don't dump past end of unknown HW header Kai-Heng Feng (1): r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED Miguel Ojeda (1): arm64: jump_label.h: use asm_volatile_goto macro instead of "asm goto" Netanel Belgazal (1): net: ena: fix driver when PAGE_SIZE == 64kB Olaf Hering (1): xen: avoid crash in disable_hotplug_cpu Randy Dunlap (2): arch/hexagon: fix kernel/dma.c build warning hexagon: modify ffs() and fls() to return int Sagi Grimberg (1): nvmet-rdma: fix possible bogus dereference under heavy load Sandipan Das (1): perf probe powerpc: Ignore SyS symbols irrespective of endianness Sean O'Brien (1): HID: add support for Apple Magic Keyboards Stephen Boyd (1): pinctrl: msm: Really mask level interrupts to prevent latching Stephen Rothwell (1): fs/cifs: suppress a string overflow warning Vitaly Kuznetsov (1): xen/manage: don't complain about an empty value in control/sysrq node Wenjia Zhang (1): s390/qeth: use vzalloc for QUERY OAT buffer arch/arm64/include/asm/jump_label.h | 4 +- arch/hexagon/include/asm/bitops.h | 4 +- arch/hexagon/kernel/dma.c | 2 +- arch/x86/events/intel/lbr.c | 4 ++ .../gpu/drm/nouveau/nvkm/subdev/devinit/gm200.c | 3 +- drivers/hid/hid-apple.c | 9 ++- drivers/hid/hid-ids.h | 3 + drivers/hid/hid-saitek.c | 2 + drivers/infiniband/core/ucma.c | 6 ++ drivers/md/dm-raid.c | 5 ++ drivers/md/dm-thin-metadata.c | 36 ++++++++++- drivers/md/dm-thin.c | 73 +++++++++++++++++++--- drivers/net/ethernet/amazon/ena/ena_netdev.c | 10 +-- drivers/net/ethernet/amazon/ena/ena_netdev.h | 11 ++++ drivers/net/ethernet/mellanox/mlx5/core/dev.c | 7 ++- drivers/net/ethernet/realtek/r8169.c | 9 ++- drivers/nvme/target/rdma.c | 27 +++++++- drivers/pinctrl/qcom/pinctrl-msm.c | 24 +++++++ drivers/s390/net/qeth_core_main.c | 5 +- drivers/s390/net/qeth_l2_main.c | 2 +- drivers/s390/net/qeth_l3_main.c | 2 +- drivers/usb/gadget/udc/fotg210-udc.c | 15 +++-- drivers/usb/misc/yurex.c | 3 + drivers/xen/cpu_hotplug.c | 15 ++--- drivers/xen/events/events_base.c | 2 +- drivers/xen/manage.c | 6 +- fs/cifs/cifssmb.c | 11 +++- fs/cifs/misc.c | 8 +++ tools/perf/arch/powerpc/util/sym-handling.c | 4 +- tools/perf/util/evsel.c | 5 +- 30 files changed, 263 insertions(+), 54 deletions(-) -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlu7cZMACgkQ3qZv95d3 LNyMbQ//fC/jcjVOdeQmwRDBUo13zt25Eb/MeXdLdAS2NleK44wY+/e804oq3CBV qACG1CIWtP0tV0V295NrblM6xWxroPnGU8X3GdXgfT97MIByGkGEv3kU+4Nsc4c6 Gv/QlBRHcZM5QFLAk6J6nOwzEk5BKNh/XyJuaniz9DNnQGTfDMLFpN4xpFJHIZlU 5NFlcTeycPnU8ljPFxfupGQ78XVQp1QCJKT3Zrc9iPnMUDlxMdW3ERHIi3uYkyva RXrYIZJ8KYSq2RqLT8nMMiNybKy3F+20/UdfTIl7uk71AkLUB75JjWFMu9MkOWCm k0KRJ89whIN9pH5imEt7pcqFKwkyjyVT0Zk+SJQJ4Xi6+Yc0Q8p2uBteopcerwJ9 tShMyUcOSgmEctg4ujchfUalOXB2CWewV+CKyblhiiURqSTBjPZFxKtwwQF8SF/r 28MlCx8gHL9zjNpGL6z0TEp9CSPlrCjggdKca07aYZj/XJz9rV0zXh7DHNa1gUTt s7mYPZDK9RryNHVaJMss/W5eIfdy2JE1vpsQlyFgVxWxkFKmWT4iZgZwO+NqTtjd 1x1nVtw1KRnGQP748d3iBtUApsH9jS1PDer9ZJXyjVEy2jfiK6exHRcC7HGkCtz4 UTLoqw65N+bTUfGvAnlOJ8EqD9hjqLFZyTKNQ1uiK19/UDzhdp0= =nX+I -----END PGP SIGNATURE-----

7 years, 1 month

1
0
0 0

[GIT PULL] commits for Linux 4.14

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.14 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit e6abbe80c8838e9c0bdb51835e6218008fa49386: Linux 4.14.74 (2018-10-03 17:01:00 -0700) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.14-08102018 for you to fetch changes up to 3ab4f07c10e5c704c2c46d772debf0b2fb7c3467: xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage (2018-10-03 22:23:37 -0400) - ---------------------------------------------------------------- for-greg-4.14-08102018 - ---------------------------------------------------------------- Anton Vasilyev (1): usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i] Ben Hutchings (1): USB: yurex: Check for truncation in yurex_read() Ben Skeggs (2): drm/nouveau/TBDdevinit: don't fail when PMU/PRE_OS is missing from VBIOS drm/nouveau/disp: fix DP disable race Chris Phlipot (1): perf util: Fix bad memory access in trace info. Christian König (1): drm/amdgpu: fix error handling in amdgpu_cs_user_fence_chunk Dan Carpenter (1): cifs: read overflow in is_valid_oplock_break() Daniel Jurgens (1): net/mlx5: Consider PCI domain in search for next dev Hans de Goede (1): HID: sensor-hub: Restore fixup for Lenovo ThinkPad Helix 2 sensor hub report Harry Mallon (1): HID: hid-saitek: Add device ID for RAT 7 Contagion Heinz Mauelshagen (1): dm raid: fix rebuild of specific devices by updating superblock Hisao Tanabe (1): perf evsel: Fix potential null pointer dereference in perf_evsel__new_idx() Jacek Tomaka (1): perf/x86/intel: Add support/quirk for the MISPREDICT bit on Knights Landing CPUs Jann Horn (1): RDMA/ucma: check fd type in ucma_migrate_id() Joe Thornber (1): dm thin metadata: try to avoid ever aborting transactions Josh Abraham (1): xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage Julian Wiedmann (1): s390/qeth: don't dump past end of unknown HW header Kai-Heng Feng (1): r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED Martin Willi (1): netfilter: xt_cluster: add dependency on conntrack module Matt Ranostay (1): Revert "iio: temperature: maxim_thermocouple: add MAX31856 part" Miguel Ojeda (1): arm64: jump_label.h: use asm_volatile_goto macro instead of "asm goto" Netanel Belgazal (2): net: ena: fix driver when PAGE_SIZE == 64kB net: ena: fix missing calls to READ_ONCE Nilesh Javali (1): scsi: qedi: Add the CRC size within iSCSI NVM image Olaf Hering (1): xen: avoid crash in disable_hotplug_cpu Pablo Neira Ayuso (1): netfilter: conntrack: timeout interface depend on CONFIG_NF_CONNTRACK_TIMEOUT Randy Dunlap (2): arch/hexagon: fix kernel/dma.c build warning hexagon: modify ffs() and fls() to return int Sagi Grimberg (1): nvmet-rdma: fix possible bogus dereference under heavy load Sandipan Das (1): perf probe powerpc: Ignore SyS symbols irrespective of endianness Sean O'Brien (1): HID: add support for Apple Magic Keyboards Stephen Boyd (1): pinctrl: msm: Really mask level interrupts to prevent latching Stephen Rothwell (1): fs/cifs: suppress a string overflow warning Taehee Yoo (1): netfilter: nf_tables: release chain in flushing set Vincent Pelletier (1): scsi: iscsi: target: Set conn->sess to NULL when iscsi_login_set_conn_values fails Vitaly Kuznetsov (1): xen/manage: don't complain about an empty value in control/sysrq node Wenjia Zhang (1): s390/qeth: use vzalloc for QUERY OAT buffer arch/arm64/include/asm/jump_label.h | 4 +- arch/hexagon/include/asm/bitops.h | 4 +- arch/hexagon/kernel/dma.c | 2 +- arch/x86/events/intel/lbr.c | 4 ++ drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 23 ++++--- drivers/gpu/drm/nouveau/nvkm/engine/disp/dp.c | 17 +++-- drivers/gpu/drm/nouveau/nvkm/engine/disp/nv50.c | 6 +- drivers/gpu/drm/nouveau/nvkm/engine/disp/outp.c | 2 + drivers/gpu/drm/nouveau/nvkm/engine/disp/outp.h | 3 +- .../gpu/drm/nouveau/nvkm/subdev/devinit/gm200.c | 3 +- drivers/hid/hid-apple.c | 9 ++- drivers/hid/hid-ids.h | 3 + drivers/hid/hid-saitek.c | 2 + drivers/hid/hid-sensor-hub.c | 23 +++++++ drivers/iio/temperature/maxim_thermocouple.c | 1 - drivers/infiniband/core/ucma.c | 6 ++ drivers/md/dm-raid.c | 5 ++ drivers/md/dm-thin-metadata.c | 36 ++++++++++- drivers/md/dm-thin.c | 73 +++++++++++++++++++--- drivers/net/ethernet/amazon/ena/ena_com.c | 8 +-- drivers/net/ethernet/amazon/ena/ena_netdev.c | 10 +-- drivers/net/ethernet/amazon/ena/ena_netdev.h | 11 ++++ drivers/net/ethernet/mellanox/mlx5/core/dev.c | 7 ++- drivers/net/ethernet/realtek/r8169.c | 9 ++- drivers/nvme/target/rdma.c | 27 +++++++- drivers/pinctrl/qcom/pinctrl-msm.c | 24 +++++++ drivers/s390/net/qeth_core_main.c | 5 +- drivers/s390/net/qeth_l2_main.c | 2 +- drivers/s390/net/qeth_l3_main.c | 2 +- drivers/scsi/qedi/qedi.h | 7 ++- drivers/scsi/qedi/qedi_main.c | 28 +++++---- drivers/target/iscsi/iscsi_target_login.c | 8 +-- drivers/usb/gadget/udc/fotg210-udc.c | 15 +++-- drivers/usb/misc/yurex.c | 3 + drivers/xen/cpu_hotplug.c | 15 ++--- drivers/xen/events/events_base.c | 2 +- drivers/xen/manage.c | 6 +- fs/cifs/cifssmb.c | 11 +++- fs/cifs/misc.c | 8 +++ net/ipv4/netfilter/nf_conntrack_proto_icmp.c | 8 +-- net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c | 8 +-- net/netfilter/nf_conntrack_proto_dccp.c | 12 ++-- net/netfilter/nf_conntrack_proto_generic.c | 8 +-- net/netfilter/nf_conntrack_proto_gre.c | 8 +-- net/netfilter/nf_conntrack_proto_sctp.c | 14 ++--- net/netfilter/nf_conntrack_proto_tcp.c | 12 ++-- net/netfilter/nf_conntrack_proto_udp.c | 20 +++--- net/netfilter/nf_tables_api.c | 1 + net/netfilter/xt_cluster.c | 14 ++++- tools/perf/arch/powerpc/util/sym-handling.c | 4 +- tools/perf/util/evsel.c | 5 +- tools/perf/util/trace-event-info.c | 2 +- 52 files changed, 408 insertions(+), 142 deletions(-) -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlu7cYwACgkQ3qZv95d3 LNwxIg//XuOMBAUlGyM9sgqUgbHSoTCeq+NssR49ijpiK/Qa068KIBCcBFUHd9SX fBdxDbF80d56CVC34EbdltN7OjafPlVPbOnA2MAUel64pvrNNkBEEecXKXk7rOrq xnSX4wbQX/vJcdbPf1RgE4RQuSCLhRVpbCSL74W+MP9FZv9gHlF9Cfle6tVnWR6j nSVYw8Uyh4Hh3vAncf8tdBwrm2+eg7QEAalssD2mGiNdVnxWcuw30y8eUDyPI8p9 iBYhmLMrXKdrcupBHRMYv7bA/BA3fW9fBb2iOQYiuWCRe82dyFrcp6Zqu0MlzGQn TzgxnROGvujDMkRyMTcwPEISrirDWnMwUyyk4cCKl+K/sxsT+PTW/yMkLgluldLv KHmyeYNGyTXxOozTUSUmF3VcXanxM++xUGVsEP/zGn5UjO919iVjF71mqgZPUXpC bUfdcI0bdmpDnbayVQDoztidg+Ru9aRKA1DmMdBX2B/MSE6/xAZ8my3FPUJ+/Nkq YH8SypNLG4v45KGwLaVO4mPZqhMW6bFc8l/edrtNoaPuDtSwd/2YREvIY0W039Ux 6PkWPwrIa+L4eW8MjpCCmRstgma3CrMFfOwHNmvtvsvCgtxMMnSvrdqqm3PtE3Pv FylEUBHdkuU0XUJAV2kd5XwiczsokrN7G1WENuvylWYwJ+39io0= =jkO/ -----END PGP SIGNATURE-----

7 years, 1 month

1
0
0 0

[PATCH] kernel/bounds: Provide prototype for foo

by Kieran Bingham

kernel/bounds.c is recompiled on every build, and shows the following warning when compiling with W=1: CC kernel/bounds.s linux/kernel/bounds.c:16:6: warning: no previous prototype for ‘foo’ [-Wmissing-prototypes] void foo(void) ^~~ Provide a prototype to satisfy the compiler. Signed-off-by: Kieran Bingham <kieran.bingham+renesas(a)ideasonboard.com> Cc: stable(a)vger.kernel.org --- I compile all of my incremental builds with W=1, which allows me to know instantly if I add a new compiler warning in code I generate. This warning always comes up and seems trivial to clean up. --- kernel/bounds.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/kernel/bounds.c b/kernel/bounds.c index c373e887c066..60136d937800 100644 --- a/kernel/bounds.c +++ b/kernel/bounds.c @@ -13,6 +13,8 @@ #include <linux/log2.h> #include <linux/spinlock_types.h> +void foo(void); + void foo(void) { /* The enum constants to put into include/generated/bounds.h */ -- 2.17.1

7 years, 1 month

7
16
0 0

[PATCH v2] filesystem-dax: Fix dax_layout_busy_page() livelock

by Dan Williams

In the presence of multi-order entries the typical pagevec_lookup_entries() pattern may loop forever: while (index < end && pagevec_lookup_entries(&pvec, mapping, index, min(end - index, (pgoff_t)PAGEVEC_SIZE), indices)) { ... for (i = 0; i < pagevec_count(&pvec); i++) { index = indices[i]; ... } index++; /* BUG */ } The loop updates 'index' for each index found and then increments to the next possible page to continue the lookup. However, if the last entry in the pagevec is multi-order then the next possible page index is more than 1 page away. Fix this locally for the filesystem-dax case by checking for dax-multi-order entries. Going forward new users of multi-order entries need to be similarly careful, or we need a generic way to report the page increment in the radix iterator. Fixes: 5fac7408d828 ("mm, fs, dax: handle layout changes to pinned dax...") Cc: <stable(a)vger.kernel.org> Cc: Jan Kara <jack(a)suse.cz> Cc: Ross Zwisler <zwisler(a)kernel.org> Cc: Matthew Wilcox <willy(a)infradead.org> Signed-off-by: Dan Williams <dan.j.williams(a)intel.com> --- Changes in v2: * Only update nr_pages if the last entry in the pagevec is multi-order. fs/dax.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/fs/dax.c b/fs/dax.c index 4becbf168b7f..0fb270f0a0ef 100644 --- a/fs/dax.c +++ b/fs/dax.c @@ -666,6 +666,8 @@ struct page *dax_layout_busy_page(struct address_space *mapping) while (index < end && pagevec_lookup_entries(&pvec, mapping, index, min(end - index, (pgoff_t)PAGEVEC_SIZE), indices)) { + pgoff_t nr_pages = 1; + for (i = 0; i < pagevec_count(&pvec); i++) { struct page *pvec_ent = pvec.pages[i]; void *entry; @@ -680,8 +682,15 @@ struct page *dax_layout_busy_page(struct address_space *mapping) xa_lock_irq(&mapping->i_pages); entry = get_unlocked_mapping_entry(mapping, index, NULL); - if (entry) + if (entry) { page = dax_busy_page(entry); + /* + * Account for multi-order entries at + * the end of the pagevec. + */ + if (i + 1 >= pagevec_count(&pvec)) + nr_pages = 1UL << dax_radix_order(entry); + } put_unlocked_mapping_entry(mapping, index, entry); xa_unlock_irq(&mapping->i_pages); if (page) @@ -696,7 +705,7 @@ struct page *dax_layout_busy_page(struct address_space *mapping) */ pagevec_remove_exceptionals(&pvec); pagevec_release(&pvec); - index++; + index += nr_pages; if (page) break;

7 years, 1 month

2
1
0 0

FAILED: patch "[PATCH] powerpc/lib: fix book3s/32 boot failure due to code patching" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From b45ba4a51cde29b2939365ef0c07ad34c8321789 Mon Sep 17 00:00:00 2001 From: Christophe Leroy <christophe.leroy(a)c-s.fr> Date: Mon, 1 Oct 2018 12:21:10 +0000 Subject: [PATCH] powerpc/lib: fix book3s/32 boot failure due to code patching Commit 51c3c62b58b3 ("powerpc: Avoid code patching freed init sections") accesses 'init_mem_is_free' flag too early, before the kernel is relocated. This provokes early boot failure (before the console is active). As it is not necessary to do this verification that early, this patch moves the test into patch_instruction() instead of __patch_instruction(). This modification also has the advantage of avoiding unnecessary remappings. Fixes: 51c3c62b58b3 ("powerpc: Avoid code patching freed init sections") Cc: stable(a)vger.kernel.org # 4.13+ Signed-off-by: Christophe Leroy <christophe.leroy(a)c-s.fr> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> diff --git a/arch/powerpc/lib/code-patching.c b/arch/powerpc/lib/code-patching.c index 6ae2777c220d..5ffee298745f 100644 --- a/arch/powerpc/lib/code-patching.c +++ b/arch/powerpc/lib/code-patching.c @@ -28,12 +28,6 @@ static int __patch_instruction(unsigned int *exec_addr, unsigned int instr, { int err; - /* Make sure we aren't patching a freed init section */ - if (init_mem_is_free && init_section_contains(exec_addr, 4)) { - pr_debug("Skipping init section patching addr: 0x%px\n", exec_addr); - return 0; - } - __put_user_size(instr, patch_addr, 4, err); if (err) return err; @@ -148,7 +142,7 @@ static inline int unmap_patch_area(unsigned long addr) return 0; } -int patch_instruction(unsigned int *addr, unsigned int instr) +static int do_patch_instruction(unsigned int *addr, unsigned int instr) { int err; unsigned int *patch_addr = NULL; @@ -188,12 +182,22 @@ out: } #else /* !CONFIG_STRICT_KERNEL_RWX */ -int patch_instruction(unsigned int *addr, unsigned int instr) +static int do_patch_instruction(unsigned int *addr, unsigned int instr) { return raw_patch_instruction(addr, instr); } #endif /* CONFIG_STRICT_KERNEL_RWX */ + +int patch_instruction(unsigned int *addr, unsigned int instr) +{ + /* Make sure we aren't patching a freed init section */ + if (init_mem_is_free && init_section_contains(addr, 4)) { + pr_debug("Skipping init section patching addr: 0x%px\n", addr); + return 0; + } + return do_patch_instruction(addr, instr); +} NOKPROBE_SYMBOL(patch_instruction); int patch_branch(unsigned int *addr, unsigned long target, int flags)

7 years, 1 month

1
0
0 0

[PATCH stable 4.14, 4.18] bpf: 32-bit RSH verification must truncate input before the ALU op

by Daniel Borkmann

From: Jann Horn <jannh(a)google.com> [ upstream commit b799207e1e1816b09e7a5920fbb2d5fcf6edd681 ] When I wrote commit 468f6eafa6c4 ("bpf: fix 32-bit ALU op verification"), I assumed that, in order to emulate 64-bit arithmetic with 32-bit logic, it is sufficient to just truncate the output to 32 bits; and so I just moved the register size coercion that used to be at the start of the function to the end of the function. That assumption is true for almost every op, but not for 32-bit right shifts, because those can propagate information towards the least significant bit. Fix it by always truncating inputs for 32-bit ops to 32 bits. Also get rid of the coerce_reg_to_size() after the ALU op, since that has no effect. Fixes: 468f6eafa6c4 ("bpf: fix 32-bit ALU op verification") Acked-by: Daniel Borkmann <daniel(a)iogearbox.net> Signed-off-by: Jann Horn <jannh(a)google.com> Signed-off-by: Daniel Borkmann <daniel(a)iogearbox.net> --- kernel/bpf/verifier.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index adbe21c..82e8ede 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -2865,6 +2865,15 @@ static int adjust_scalar_min_max_vals(struct bpf_verifier_env *env, u64 umin_val, umax_val; u64 insn_bitness = (BPF_CLASS(insn->code) == BPF_ALU64) ? 64 : 32; + if (insn_bitness == 32) { + /* Relevant for 32-bit RSH: Information can propagate towards + * LSB, so it isn't sufficient to only truncate the output to + * 32 bits. + */ + coerce_reg_to_size(dst_reg, 4); + coerce_reg_to_size(&src_reg, 4); + } + smin_val = src_reg.smin_value; smax_val = src_reg.smax_value; umin_val = src_reg.umin_value; @@ -3100,7 +3109,6 @@ static int adjust_scalar_min_max_vals(struct bpf_verifier_env *env, if (BPF_CLASS(insn->code) != BPF_ALU64) { /* 32-bit ALU ops are (32,32)->32 */ coerce_reg_to_size(dst_reg, 4); - coerce_reg_to_size(&src_reg, 4); } __reg_deduce_bounds(dst_reg); -- 2.9.5

7 years, 1 month

2
1
0 0

Re: [PATCH 03/16] vfs: don't evict uninitialized inode

by Amir Goldstein

> Miklos, > > Seeing that it wasn't fixed in 4.18.. > > > I've nothing against applying "new primitive: discard_new_inode() now > > + this patch, but if it is deemed too risky at this point, we could > > just revert the buggy commit 80ea09a002bf ("vfs: factor out > > inode_insert5()") and its dependencies. > > > > Should we propose for stable the upstream commits: > e950564b97fd vfs: don't evict uninitialized inode > c2b6d621c4ff new primitive: discard_new_inode() > > Or should we go with the independent v1 patch: > https://patchwork.kernel.org/patch/10511969/ > Greg, To fix a 4.18 overlayfs regression please apply the following 3 upstream commits (in apply order): c2b6d621c4ff new primitive: discard_new_inode() e950564b97fd vfs: don't evict uninitialized inode 6faf05c2b2b4 ovl: set I_CREATING on inode being created Thanks, Amir.

7 years, 1 month

3
2
0 0

[PATCH 08/15] bcache: fix miss key refill->end in writeback

by Coly Li

From: Tang Junhui <tang.junhui.linux(a)gmail.com> refill->end record the last key of writeback, for example, at the first time, keys (1,128K) to (1,1024K) are flush to the backend device, but the end key (1,1024K) is not included, since the bellow code: if (bkey_cmp(k, refill->end) >= 0) { ret = MAP_DONE; goto out; } And in the next time when we refill writeback keybuf again, we searched key start from (1,1024K), and got a key bigger than it, so the key (1,1024K) missed. This patch modify the above code, and let the end key to be included to the writeback key buffer. Signed-off-by: Tang Junhui <tang.junhui.linux(a)gmail.com> Cc: stable(a)vger.kernel.org Signed-off-by: Coly Li <colyli(a)suse.de> --- drivers/md/bcache/btree.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/md/bcache/btree.c b/drivers/md/bcache/btree.c index e7d4817681f2..3f4211b5cd33 100644 --- a/drivers/md/bcache/btree.c +++ b/drivers/md/bcache/btree.c @@ -2434,7 +2434,7 @@ static int refill_keybuf_fn(struct btree_op *op, struct btree *b, struct keybuf *buf = refill->buf; int ret = MAP_CONTINUE; - if (bkey_cmp(k, refill->end) >= 0) { + if (bkey_cmp(k, refill->end) > 0) { ret = MAP_DONE; goto out; } -- 2.19.0

7 years, 1 month

1
0
0 0

[PATCH 06/15] bcache: correct dirty data statistics

by Coly Li

From: Tang Junhui <tang.junhui.linux(a)gmail.com> When bcache device is clean, dirty keys may still exist after journal replay, so we need to count these dirty keys even device in clean status, otherwise after writeback, the amount of dirty data would be incorrect. Signed-off-by: Tang Junhui <tang.junhui.linux(a)gmail.com> Cc: stable(a)vger.kernel.org Signed-off-by: Coly Li <colyli(a)suse.de> --- drivers/md/bcache/super.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/md/bcache/super.c b/drivers/md/bcache/super.c index a99af19d2f91..4989c7d4d4d0 100644 --- a/drivers/md/bcache/super.c +++ b/drivers/md/bcache/super.c @@ -1152,11 +1152,12 @@ int bch_cached_dev_attach(struct cached_dev *dc, struct cache_set *c, } if (BDEV_STATE(&dc->sb) == BDEV_STATE_DIRTY) { - bch_sectors_dirty_init(&dc->disk); atomic_set(&dc->has_dirty, 1); bch_writeback_queue(dc); } + bch_sectors_dirty_init(&dc->disk); + bch_cached_dev_run(dc); bcache_device_link(&dc->disk, c, "bdev"); atomic_inc(&c->attached_dev_nr); -- 2.19.0

7 years, 1 month

1
0
0 0

[PATCH 04/15] bcache: fix ioctl in flash device

by Coly Li

From: Tang Junhui <tang.junhui.linux(a)gmail.com> When doing ioctl in flash device, it will call ioctl_dev() in super.c, then we should not to get cached device since flash only device has no backend device. This patch just move the jugement dc->io_disable to cached_dev_ioctl() to make ioctl in flash device correctly. Fixes: 0f0709e6bfc3c ("bcache: stop bcache device when backing device is offline") Signed-off-by: Tang Junhui <tang.junhui.linux(a)gmail.com> Cc: stable(a)vger.kernel.org Signed-off-by: Coly Li <colyli(a)suse.de> --- drivers/md/bcache/request.c | 3 +++ drivers/md/bcache/super.c | 4 ---- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/drivers/md/bcache/request.c b/drivers/md/bcache/request.c index ee15fb039fd0..3bf35914bb57 100644 --- a/drivers/md/bcache/request.c +++ b/drivers/md/bcache/request.c @@ -1218,6 +1218,9 @@ static int cached_dev_ioctl(struct bcache_device *d, fmode_t mode, { struct cached_dev *dc = container_of(d, struct cached_dev, disk); + if (dc->io_disable) + return -EIO; + return __blkdev_driver_ioctl(dc->bdev, mode, cmd, arg); } diff --git a/drivers/md/bcache/super.c b/drivers/md/bcache/super.c index 448e531e8c2d..a99af19d2f91 100644 --- a/drivers/md/bcache/super.c +++ b/drivers/md/bcache/super.c @@ -647,10 +647,6 @@ static int ioctl_dev(struct block_device *b, fmode_t mode, unsigned int cmd, unsigned long arg) { struct bcache_device *d = b->bd_disk->private_data; - struct cached_dev *dc = container_of(d, struct cached_dev, disk); - - if (dc->io_disable) - return -EIO; return d->ioctl(d, mode, cmd, arg); } -- 2.19.0

7 years, 1 month

1
0
0 0

[PATCH 02/15] bcache: trace missed reading by cache_missed

by Coly Li

From: Tang Junhui <tang.junhui.linux(a)gmail.com> Missed reading IOs are identified by s->cache_missed, not the s->cache_miss, so in trace_bcache_read() using trace_bcache_read to identify whether the IO is missed or not. Signed-off-by: Tang Junhui <tang.junhui.linux(a)gmail.com> Cc: stable(a)vger.kernel.org Signed-off-by: Coly Li <colyli(a)suse.de> --- drivers/md/bcache/request.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/md/bcache/request.c b/drivers/md/bcache/request.c index 51be355a3309..4946d486f734 100644 --- a/drivers/md/bcache/request.c +++ b/drivers/md/bcache/request.c @@ -850,7 +850,7 @@ static void cached_dev_read_done_bh(struct closure *cl) bch_mark_cache_accounting(s->iop.c, s->d, !s->cache_missed, s->iop.bypass); - trace_bcache_read(s->orig_bio, !s->cache_miss, s->iop.bypass); + trace_bcache_read(s->orig_bio, !s->cache_missed, s->iop.bypass); if (s->iop.status) continue_at_nobarrier(cl, cached_dev_read_error, bcache_wq); -- 2.19.0

7 years, 1 month

1
0
0 0

[PATCH AUTOSEL 4.18 01/48] ASoC: dapm: Fix NULL pointer deference on CODEC to CODEC DAIs

by Sasha Levin

From: Charles Keepax <ckeepax(a)opensource.cirrus.com> [ Upstream commit 249dc49576fc953a7378b916c6a6d47ea81e4da2 ] Commit a655de808cbde ("ASoC: core: Allow topology to override machine driver FE DAI link config.") caused soc_dai_hw_params to be come dependent on the substream private_data being set with a pointer to the snd_soc_pcm_runtime. Currently, CODEC to CODEC links don't set this, which causes a NULL pointer dereference: [<4069de54>] (soc_dai_hw_params) from [<40694b68>] (snd_soc_dai_link_event+0x1a0/0x380) Since the ASoC core in general assumes that the substream private_data will be set to a pointer to the snd_soc_pcm_runtime, update the CODEC to CODEC links to respect this. Signed-off-by: Charles Keepax <ckeepax(a)opensource.cirrus.com> Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- include/sound/soc-dapm.h | 1 + sound/soc/soc-core.c | 4 ++-- sound/soc/soc-dapm.c | 4 ++++ 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/include/sound/soc-dapm.h b/include/sound/soc-dapm.h index a6ce2de4e20a..be3bee1cf91f 100644 --- a/include/sound/soc-dapm.h +++ b/include/sound/soc-dapm.h @@ -410,6 +410,7 @@ int snd_soc_dapm_new_dai_widgets(struct snd_soc_dapm_context *dapm, int snd_soc_dapm_link_dai_widgets(struct snd_soc_card *card); void snd_soc_dapm_connect_dai_link_widgets(struct snd_soc_card *card); int snd_soc_dapm_new_pcm(struct snd_soc_card *card, + struct snd_soc_pcm_runtime *rtd, const struct snd_soc_pcm_stream *params, unsigned int num_params, struct snd_soc_dapm_widget *source, diff --git a/sound/soc/soc-core.c b/sound/soc/soc-core.c index 4663de3cf495..0b4896d411f9 100644 --- a/sound/soc/soc-core.c +++ b/sound/soc/soc-core.c @@ -1430,7 +1430,7 @@ static int soc_link_dai_widgets(struct snd_soc_card *card, sink = codec_dai->playback_widget; source = cpu_dai->capture_widget; if (sink && source) { - ret = snd_soc_dapm_new_pcm(card, dai_link->params, + ret = snd_soc_dapm_new_pcm(card, rtd, dai_link->params, dai_link->num_params, source, sink); if (ret != 0) { @@ -1443,7 +1443,7 @@ static int soc_link_dai_widgets(struct snd_soc_card *card, sink = cpu_dai->playback_widget; source = codec_dai->capture_widget; if (sink && source) { - ret = snd_soc_dapm_new_pcm(card, dai_link->params, + ret = snd_soc_dapm_new_pcm(card, rtd, dai_link->params, dai_link->num_params, source, sink); if (ret != 0) { diff --git a/sound/soc/soc-dapm.c b/sound/soc/soc-dapm.c index a099c3e45504..577f6178af57 100644 --- a/sound/soc/soc-dapm.c +++ b/sound/soc/soc-dapm.c @@ -3658,6 +3658,7 @@ static int snd_soc_dai_link_event(struct snd_soc_dapm_widget *w, { struct snd_soc_dapm_path *source_p, *sink_p; struct snd_soc_dai *source, *sink; + struct snd_soc_pcm_runtime *rtd = w->priv; const struct snd_soc_pcm_stream *config = w->params + w->params_select; struct snd_pcm_substream substream; struct snd_pcm_hw_params *params = NULL; @@ -3717,6 +3718,7 @@ static int snd_soc_dai_link_event(struct snd_soc_dapm_widget *w, goto out; } substream.runtime = runtime; + substream.private_data = rtd; switch (event) { case SND_SOC_DAPM_PRE_PMU: @@ -3901,6 +3903,7 @@ snd_soc_dapm_alloc_kcontrol(struct snd_soc_card *card, } int snd_soc_dapm_new_pcm(struct snd_soc_card *card, + struct snd_soc_pcm_runtime *rtd, const struct snd_soc_pcm_stream *params, unsigned int num_params, struct snd_soc_dapm_widget *source, @@ -3969,6 +3972,7 @@ int snd_soc_dapm_new_pcm(struct snd_soc_card *card, w->params = params; w->num_params = num_params; + w->priv = rtd; ret = snd_soc_dapm_add_path(&card->dapm, source, w, NULL, NULL); if (ret) -- 2.17.1

7 years, 1 month

3
51
0 0

[PATCH] percpu: stop leaking bitmap metadata blocks

by Mike Rapoport

The commit ca460b3c9627 ("percpu: introduce bitmap metadata blocks") introduced bitmap metadata blocks. These metadata blocks are allocated whenever a new chunk is created, but they are never freed. Fix it. Fixes: ca460b3c9627 ("percpu: introduce bitmap metadata blocks") Signed-off-by: Mike Rapoport <rppt(a)linux.vnet.ibm.com> Cc: stable(a)vger.kernel.org --- mm/percpu.c | 1 + 1 file changed, 1 insertion(+) diff --git a/mm/percpu.c b/mm/percpu.c index d21cb13..25104cd 100644 --- a/mm/percpu.c +++ b/mm/percpu.c @@ -1212,6 +1212,7 @@ static void pcpu_free_chunk(struct pcpu_chunk *chunk) { if (!chunk) return; + pcpu_mem_free(chunk->md_blocks); pcpu_mem_free(chunk->bound_map); pcpu_mem_free(chunk->alloc_map); pcpu_mem_free(chunk); -- 2.7.4

7 years, 1 month

2
1
0 0

[PATCH v2 03/29] clk: sunxi-ng: Use u64 for calculation of NM rate

by Jernej Skrabec

Allwinner H6 SoC has multiplier N range between 1 and 254. Since parent rate is 24MHz, intermediate result when calculating final rate easily overflows 32 bit variable. Because of that, introduce function for calculating clock rate which uses 64 bit variable for intermediate result. Fixes: 6174a1e24b0d ("clk: sunxi-ng: Add N-M-factor clock support") Fixes: ee28648cb2b4 ("clk: sunxi-ng: Remove the use of rational computations") CC: <stable(a)vger.kernel.org> Signed-off-by: Jernej Skrabec <jernej.skrabec(a)siol.net> --- drivers/clk/sunxi-ng/ccu_nm.c | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/drivers/clk/sunxi-ng/ccu_nm.c b/drivers/clk/sunxi-ng/ccu_nm.c index 6fe3c14f7b2d..424d8635b053 100644 --- a/drivers/clk/sunxi-ng/ccu_nm.c +++ b/drivers/clk/sunxi-ng/ccu_nm.c @@ -19,6 +19,17 @@ struct _ccu_nm { unsigned long m, min_m, max_m; }; +static unsigned long ccu_nm_calc_rate(unsigned long parent, + unsigned long n, unsigned long m) +{ + u64 rate = parent; + + rate *= n; + do_div(rate, m); + + return rate; +} + static void ccu_nm_find_best(unsigned long parent, unsigned long rate, struct _ccu_nm *nm) { @@ -28,7 +39,8 @@ static void ccu_nm_find_best(unsigned long parent, unsigned long rate, for (_n = nm->min_n; _n <= nm->max_n; _n++) { for (_m = nm->min_m; _m <= nm->max_m; _m++) { - unsigned long tmp_rate = parent * _n / _m; + unsigned long tmp_rate = ccu_nm_calc_rate(parent, + _n, _m); if (tmp_rate > rate) continue; @@ -100,7 +112,7 @@ static unsigned long ccu_nm_recalc_rate(struct clk_hw *hw, if (ccu_sdm_helper_is_enabled(&nm->common, &nm->sdm)) rate = ccu_sdm_helper_read_rate(&nm->common, &nm->sdm, m, n); else - rate = parent_rate * n / m; + rate = ccu_nm_calc_rate(parent_rate, n, m); if (nm->common.features & CCU_FEATURE_FIXED_POSTDIV) rate /= nm->fixed_post_div; @@ -149,7 +161,7 @@ static long ccu_nm_round_rate(struct clk_hw *hw, unsigned long rate, _nm.max_m = nm->m.max ?: 1 << nm->m.width; ccu_nm_find_best(*parent_rate, rate, &_nm); - rate = *parent_rate * _nm.n / _nm.m; + rate = ccu_nm_calc_rate(*parent_rate, _nm.n, _nm.m); if (nm->common.features & CCU_FEATURE_FIXED_POSTDIV) rate /= nm->fixed_post_div; -- 2.19.0

7 years, 1 month

1
0
0 0

[PATCH] filesystem-dax: Fix dax_layout_busy_page() livelock

by Dan Williams

In the presence of multi-order entries the typical pagevec_lookup_entries() pattern may loop forever: while (index < end && pagevec_lookup_entries(&pvec, mapping, index, min(end - index, (pgoff_t)PAGEVEC_SIZE), indices)) { ... for (i = 0; i < pagevec_count(&pvec); i++) { index = indices[i]; ... } index++; /* BUG */ } The loop updates 'index' for each index found and then increments to the next possible page to continue the lookup. However, if the last entry in the pagevec is multi-order then the next possible page index is more than 1 page away. Fix this locally for the filesystem-dax case by checking for dax-multi-order entries. Going forward new users of multi-order entries need to be similarly careful, or we need a generic way to report the page increment in the radix iterator. Fixes: 5fac7408d828 ("mm, fs, dax: handle layout changes to pinned dax...") Cc: <stable(a)vger.kernel.org> Cc: Jan Kara <jack(a)suse.cz> Cc: Ross Zwisler <zwisler(a)kernel.org> Cc: Matthew Wilcox <willy(a)infradead.org> Signed-off-by: Dan Williams <dan.j.williams(a)intel.com> --- fs/dax.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/fs/dax.c b/fs/dax.c index 4becbf168b7f..c1472eede1f7 100644 --- a/fs/dax.c +++ b/fs/dax.c @@ -666,6 +666,8 @@ struct page *dax_layout_busy_page(struct address_space *mapping) while (index < end && pagevec_lookup_entries(&pvec, mapping, index, min(end - index, (pgoff_t)PAGEVEC_SIZE), indices)) { + pgoff_t nr_pages = 1; + for (i = 0; i < pagevec_count(&pvec); i++) { struct page *pvec_ent = pvec.pages[i]; void *entry; @@ -680,8 +682,11 @@ struct page *dax_layout_busy_page(struct address_space *mapping) xa_lock_irq(&mapping->i_pages); entry = get_unlocked_mapping_entry(mapping, index, NULL); - if (entry) + if (entry) { page = dax_busy_page(entry); + /* account for multi-order entries */ + nr_pages = 1UL << dax_radix_order(entry); + } put_unlocked_mapping_entry(mapping, index, entry); xa_unlock_irq(&mapping->i_pages); if (page) @@ -696,7 +701,7 @@ struct page *dax_layout_busy_page(struct address_space *mapping) */ pagevec_remove_exceptionals(&pvec); pagevec_release(&pvec); - index++; + index += nr_pages; if (page) break;

7 years, 1 month

1
1
0 0

please apply d41aa5252394 ("mm: madvise(MADV_DODUMP): allow hugetlbfs pages")

by Daniel Black

This is a bugfix on 0103bd16fb90 which exists in 3.16+ stable trees Mike Kravetz confirmed this as a regression: https://marc.info/?l=linux-mm&m=153843190414206&w=2 Thanks -- Daniel Black

7 years, 1 month

2
1
0 0

[PATCH stable 0/2] termios: Alpha BOTHER/IBSHIFT, tty_baudrate fix

by H. Peter Anvin

From: "H. Peter Anvin (Intel)" <hpa(a)zytor.com> It turns out that Alpha is the only architecture that never implemented BOTHER and IBSHIFT, which is otherwise ages old. This is one thing that has held up glibc support for this feature (all other architectures have supported these for about a decade, at least before the current 3.2 glibc cutoff.) Furthermore, in the process of dealing with this, I discovered that the current code in tty_baudrate.c can read past the end of the baud_table[] on Alpha and PowerPC. The second patch in this series fixes that, but it also cleans up the code substantially by auto-generating the table and, since all architectures now have them, removing all conditionals for BOTHER and IBSHIFT existing. Tagging for stable because these are concrete problems. I have a much bigger update in process, nearly done, which will clean up a lot of duplicated code and make the uapi headers usable for libc, but that is not critical on the same level. Tested on x86, compile-tested on Alpha. Signed-off-by: H. Peter Anvin (Intel) <hpa(a)zytor.com> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Jiri Slaby <jslaby(a)suse.com> Cc: Al Viro <viro(a)zeniv.linux.org.uk> Cc: Richard Henderson <rth(a)twiddle.net> Cc: Ivan Kokshaysky <ink(a)jurassic.park.msu.ru> Cc: Matt Turner <mattst88(a)gmail.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Kate Stewart <kstewart(a)linuxfoundation.org> Cc: Philippe Ombredanne <pombredanne(a)nexb.com> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Eugene Syromiatnikov <esyr(a)redhat.com> Cc: <linux-alpha(a)vger.kernel.org> Cc: <linux-serial(a)vger.kernel.org> Cc: Johan Hovold <johan(a)kernel.org> Cc: Alan Cox <alan(a)lxorguk.ukuu.org.uk> Cc: Benjamin Herrenschmidt <benh(a)kernel.crashing.org> Cc: Paul Mackerras <paulus(a)samba.org> Cc: Michael Ellerman <mpe(a)ellerman.id.au> Cc: <stable(a)vger.kernel.org> --- arch/alpha/include/asm/termios.h | 8 +- arch/alpha/include/uapi/asm/ioctls.h | 5 + arch/alpha/include/uapi/asm/termbits.h | 17 +++ drivers/tty/.gitignore | 1 + drivers/tty/Makefile | 16 +++ drivers/tty/bmacros.c | 2 + drivers/tty/tty_baudrate.c | 190 +++++++++++++-------------------- 7 files changed, 122 insertions(+), 117 deletions(-)

7 years, 1 month

1
2
0 0

[PATCH] remoteproc: qcom: q6v5: Propagate EPROBE_DEFER

by Bjorn Andersson

In the case that the interrupts fail to result because of the interrupt-controller not yet being registered the platform_get_irq_byname() call will fail with -EPROBE_DEFER, but passing this into devm_request_threaded_irq() will result in -EINVAL being returned, the driver is therefor not reprobed later. Fixes: 3b415c8fb263 ("remoteproc: q6v5: Extract common resource handling") Cc: stable(a)vger.kernel.org Signed-off-by: Bjorn Andersson <bjorn.andersson(a)linaro.org> --- drivers/remoteproc/qcom_q6v5.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/drivers/remoteproc/qcom_q6v5.c b/drivers/remoteproc/qcom_q6v5.c index 61a760ee4aac..e9ab90c19304 100644 --- a/drivers/remoteproc/qcom_q6v5.c +++ b/drivers/remoteproc/qcom_q6v5.c @@ -198,6 +198,9 @@ int qcom_q6v5_init(struct qcom_q6v5 *q6v5, struct platform_device *pdev, } q6v5->fatal_irq = platform_get_irq_byname(pdev, "fatal"); + if (q6v5->fatal_irq == -EPROBE_DEFER) + return -EPROBE_DEFER; + ret = devm_request_threaded_irq(&pdev->dev, q6v5->fatal_irq, NULL, q6v5_fatal_interrupt, IRQF_TRIGGER_RISING | IRQF_ONESHOT, @@ -208,6 +211,9 @@ int qcom_q6v5_init(struct qcom_q6v5 *q6v5, struct platform_device *pdev, } q6v5->ready_irq = platform_get_irq_byname(pdev, "ready"); + if (q6v5->ready_irq == -EPROBE_DEFER) + return -EPROBE_DEFER; + ret = devm_request_threaded_irq(&pdev->dev, q6v5->ready_irq, NULL, q6v5_ready_interrupt, IRQF_TRIGGER_RISING | IRQF_ONESHOT, @@ -218,6 +224,9 @@ int qcom_q6v5_init(struct qcom_q6v5 *q6v5, struct platform_device *pdev, } q6v5->handover_irq = platform_get_irq_byname(pdev, "handover"); + if (q6v5->handover_irq == -EPROBE_DEFER) + return -EPROBE_DEFER; + ret = devm_request_threaded_irq(&pdev->dev, q6v5->handover_irq, NULL, q6v5_handover_interrupt, IRQF_TRIGGER_RISING | IRQF_ONESHOT, @@ -229,6 +238,9 @@ int qcom_q6v5_init(struct qcom_q6v5 *q6v5, struct platform_device *pdev, disable_irq(q6v5->handover_irq); q6v5->stop_irq = platform_get_irq_byname(pdev, "stop-ack"); + if (q6v5->stop_irq == -EPROBE_DEFER) + return -EPROBE_DEFER; + ret = devm_request_threaded_irq(&pdev->dev, q6v5->stop_irq, NULL, q6v5_stop_interrupt, IRQF_TRIGGER_RISING | IRQF_ONESHOT, -- 2.18.0

7 years, 1 month

2
2
0 0

[PATCH] jbd2: Fix use after free in jbd2_log_do_checkpoint()

by Jan Kara

The code cleaning transaction's lists of checkpoint buffers has a bug where it increases bh refcount only after releasing journal->j_list_lock. Thus the following race is possible: CPU0 CPU1 jbd2_log_do_checkpoint() jbd2_journal_try_to_free_buffers() __journal_try_to_free_buffer(bh) ... while (transaction->t_checkpoint_io_list) ... if (buffer_locked(bh)) { <-- IO completes now, buffer gets unlocked --> spin_unlock(&journal->j_list_lock); spin_lock(&journal->j_list_lock); __jbd2_journal_remove_checkpoint(jh); spin_unlock(&journal->j_list_lock); try_to_free_buffers(page); get_bh(bh) <-- accesses freed bh Fix the problem by grabbing bh reference before unlocking journal->j_list_lock. Fixes: dc6e8d669cf5cb3ff84707c372c0a2a8a5e80845 Fixes: be1158cc615fd723552f0d9912087423c7cadda5 Reported-by: syzbot+7f4a27091759e2fe7453(a)syzkaller.appspotmail.com CC: stable(a)vger.kernel.org Signed-off-by: Jan Kara <jack(a)suse.cz> --- fs/jbd2/checkpoint.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/jbd2/checkpoint.c b/fs/jbd2/checkpoint.c index c125d662777c..26f8d7e46462 100644 --- a/fs/jbd2/checkpoint.c +++ b/fs/jbd2/checkpoint.c @@ -251,8 +251,8 @@ int jbd2_log_do_checkpoint(journal_t *journal) bh = jh2bh(jh); if (buffer_locked(bh)) { - spin_unlock(&journal->j_list_lock); get_bh(bh); + spin_unlock(&journal->j_list_lock); wait_on_buffer(bh); /* the journal_head may have gone by now */ BUFFER_TRACE(bh, "brelse"); @@ -333,8 +333,8 @@ int jbd2_log_do_checkpoint(journal_t *journal) jh = transaction->t_checkpoint_io_list; bh = jh2bh(jh); if (buffer_locked(bh)) { - spin_unlock(&journal->j_list_lock); get_bh(bh); + spin_unlock(&journal->j_list_lock); wait_on_buffer(bh); /* the journal_head may have gone by now */ BUFFER_TRACE(bh, "brelse"); -- 2.16.4

7 years, 1 month

4
8
0 0

[patch 13/14] ocfs2: fix locking for res->tracking and dlm->tracking_list

by akpm＠linux-foundation.org

From: Ashish Samant <ashish.samant(a)oracle.com> Subject: ocfs2: fix locking for res->tracking and dlm->tracking_list In dlm_init_lockres() we access and modify res->tracking and dlm->tracking_list without holding dlm->track_lock. This can cause list corruptions and can end up in kernel panic. Fix this by locking res->tracking and dlm->tracking_list with dlm->track_lock instead of dlm->spinlock. Link: http://lkml.kernel.org/r/1529951192-4686-1-git-send-email-ashish.samant@ora… Signed-off-by: Ashish Samant <ashish.samant(a)oracle.com> Reviewed-by: Changwei Ge <ge.changwei(a)h3c.com> Acked-by: Joseph Qi <jiangqi903(a)gmail.com> Acked-by: Jun Piao <piaojun(a)huawei.com> Cc: Mark Fasheh <mark(a)fasheh.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Changwei Ge <ge.changwei(a)h3c.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/ocfs2/dlm/dlmmaster.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/fs/ocfs2/dlm/dlmmaster.c~ocfs2-fix-locking-for-res-tracking-and-dlm-tracking_list +++ a/fs/ocfs2/dlm/dlmmaster.c @@ -584,9 +584,9 @@ static void dlm_init_lockres(struct dlm_ res->last_used = 0; - spin_lock(&dlm->spinlock); + spin_lock(&dlm->track_lock); list_add_tail(&res->tracking, &dlm->tracking_list); - spin_unlock(&dlm->spinlock); + spin_unlock(&dlm->track_lock); memset(res->lvb, 0, DLM_LVB_LEN); memset(res->refmap, 0, sizeof(res->refmap)); _

7 years, 1 month

1
0
0 0

[patch 11/14] mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly

by akpm＠linux-foundation.org

From: Jann Horn <jannh(a)google.com> Subject: mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly 5dd0b16cdaff ("mm/vmstat: Make NR_TLB_REMOTE_FLUSH_RECEIVED available even on UP") made the availability of the NR_TLB_REMOTE_FLUSH* counters inside the kernel unconditional to reduce #ifdef soup, but (either to avoid showing dummy zero counters to userspace, or because that code was missed) didn't update the vmstat_array, meaning that all following counters would be shown with incorrect values. This only affects kernel builds with CONFIG_VM_EVENT_COUNTERS=y && CONFIG_DEBUG_TLBFLUSH=y && CONFIG_SMP=n. Link: http://lkml.kernel.org/r/20181001143138.95119-2-jannh@google.com Fixes: 5dd0b16cdaff ("mm/vmstat: Make NR_TLB_REMOTE_FLUSH_RECEIVED available even on UP") Signed-off-by: Jann Horn <jannh(a)google.com> Reviewed-by: Kees Cook <keescook(a)chromium.org> Reviewed-by: Andrew Morton <akpm(a)linux-foundation.org> Acked-by: Michal Hocko <mhocko(a)suse.com> Acked-by: Roman Gushchin <guro(a)fb.com> Cc: Davidlohr Bueso <dave(a)stgolabs.net> Cc: Oleg Nesterov <oleg(a)redhat.com> Cc: Christoph Lameter <clameter(a)sgi.com> Cc: Kemi Wang <kemi.wang(a)intel.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Ingo Molnar <mingo(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/vmstat.c | 3 +++ 1 file changed, 3 insertions(+) --- a/mm/vmstat.c~mm-vmstat-skip-nr_tlb_remote_flush-properly +++ a/mm/vmstat.c @@ -1275,6 +1275,9 @@ const char * const vmstat_text[] = { #ifdef CONFIG_SMP "nr_tlb_remote_flush", "nr_tlb_remote_flush_received", +#else + "", /* nr_tlb_remote_flush */ + "", /* nr_tlb_remote_flush_received */ #endif /* CONFIG_SMP */ "nr_tlb_local_flush_all", "nr_tlb_local_flush_one", _

7 years, 1 month

1
0
0 0

[patch 09/14] proc: restrict kernel stack dumps to root

by akpm＠linux-foundation.org

From: Jann Horn <jannh(a)google.com> Subject: proc: restrict kernel stack dumps to root Currently, you can use /proc/self/task/*/stack to cause a stack walk on a task you control while it is running on another CPU. That means that the stack can change under the stack walker. The stack walker does have guards against going completely off the rails and into random kernel memory, but it can interpret random data from your kernel stack as instruction pointers and stack pointers. This can cause exposure of kernel stack contents to userspace. Restrict the ability to inspect kernel stacks of arbitrary tasks to root in order to prevent a local attacker from exploiting racy stack unwinding to leak kernel task stack contents. See the added comment for a longer rationale. There don't seem to be any users of this userspace API that can't gracefully bail out if reading from the file fails. Therefore, I believe that this change is unlikely to break things. In the case that this patch does end up needing a revert, the next-best solution might be to fake a single-entry stack based on wchan. Link: http://lkml.kernel.org/r/20180927153316.200286-1-jannh@google.com Fixes: 2ec220e27f50 ("proc: add /proc/*/stack") Signed-off-by: Jann Horn <jannh(a)google.com> Acked-by: Kees Cook <keescook(a)chromium.org> Cc: Alexey Dobriyan <adobriyan(a)gmail.com> Cc: Ken Chen <kenchen(a)google.com> Cc: Will Deacon <will.deacon(a)arm.com> Cc: Laura Abbott <labbott(a)redhat.com> Cc: Andy Lutomirski <luto(a)amacapital.net> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Josh Poimboeuf <jpoimboe(a)redhat.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: "H . Peter Anvin" <hpa(a)zytor.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/proc/base.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) --- a/fs/proc/base.c~proc-restrict-kernel-stack-dumps-to-root +++ a/fs/proc/base.c @@ -407,6 +407,20 @@ static int proc_pid_stack(struct seq_fil unsigned long *entries; int err; + /* + * The ability to racily run the kernel stack unwinder on a running task + * and then observe the unwinder output is scary; while it is useful for + * debugging kernel issues, it can also allow an attacker to leak kernel + * stack contents. + * Doing this in a manner that is at least safe from races would require + * some work to ensure that the remote task can not be scheduled; and + * even then, this would still expose the unwinder as local attack + * surface. + * Therefore, this interface is restricted to root. + */ + if (!file_ns_capable(m->file, &init_user_ns, CAP_SYS_ADMIN)) + return -EACCES; + entries = kmalloc_array(MAX_STACK_TRACE_DEPTH, sizeof(*entries), GFP_KERNEL); if (!entries) _

7 years, 1 month

1
0
0 0

[patch 04/14] mm, thp: fix mlocking THP page with migration enabled

by akpm＠linux-foundation.org

From: "Kirill A. Shutemov" <kirill.shutemov(a)linux.intel.com> Subject: mm, thp: fix mlocking THP page with migration enabled A transparent huge page is represented by a single entry on an LRU list. Therefore, we can only make unevictable an entire compound page, not individual subpages. If a user tries to mlock() part of a huge page, we want the rest of the page to be reclaimable. We handle this by keeping PTE-mapped huge pages on normal LRU lists: the PMD on border of VM_LOCKED VMA will be split into PTE table. Introduction of THP migration breaks[1] the rules around mlocking THP pages. If we had a single PMD mapping of the page in mlocked VMA, the page will get mlocked, regardless of PTE mappings of the page. For tmpfs/shmem it's easy to fix by checking PageDoubleMap() in remove_migration_pmd(). Anon THP pages can only be shared between processes via fork(). Mlocked page can only be shared if parent mlocked it before forking, otherwise CoW will be triggered on mlock(). For Anon-THP, we can fix the issue by munlocking the page on removing PTE migration entry for the page. PTEs for the page will always come after mlocked PMD: rmap walks VMAs from oldest to newest. Test-case: #include <unistd.h> #include <sys/mman.h> #include <sys/wait.h> #include <linux/mempolicy.h> #include <numaif.h> int main(void) { unsigned long nodemask = 4; void *addr; addr = mmap((void *)0x20000000UL, 2UL << 20, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS | MAP_LOCKED, -1, 0); if (fork()) { wait(NULL); return 0; } mlock(addr, 4UL << 10); mbind(addr, 2UL << 20, MPOL_PREFERRED | MPOL_F_RELATIVE_NODES, &nodemask, 4, MPOL_MF_MOVE); return 0; } [1] https://lkml.kernel.org/r/CAOMGZ=G52R-30rZvhGxEbkTw7rLLwBGadVYeo--iizcD3upL… Link: http://lkml.kernel.org/r/20180917133816.43995-1-kirill.shutemov@linux.intel… Fixes: 616b8371539a ("mm: thp: enable thp migration in generic path") Signed-off-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Reported-by: Vegard Nossum <vegard.nossum(a)oracle.com> Reviewed-by: Zi Yan <zi.yan(a)cs.rutgers.edu> Cc: Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: <stable(a)vger.kernel.org> [4.14+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/huge_memory.c | 2 +- mm/migrate.c | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) --- a/mm/huge_memory.c~mm-thp-fix-mlocking-thp-page-with-migration-enabled +++ a/mm/huge_memory.c @@ -2931,7 +2931,7 @@ void remove_migration_pmd(struct page_vm else page_add_file_rmap(new, true); set_pmd_at(mm, mmun_start, pvmw->pmd, pmde); - if (vma->vm_flags & VM_LOCKED) + if ((vma->vm_flags & VM_LOCKED) && !PageDoubleMap(new)) mlock_vma_page(new); update_mmu_cache_pmd(vma, address, pvmw->pmd); } --- a/mm/migrate.c~mm-thp-fix-mlocking-thp-page-with-migration-enabled +++ a/mm/migrate.c @@ -275,6 +275,9 @@ static bool remove_migration_pte(struct if (vma->vm_flags & VM_LOCKED && !PageTransCompound(new)) mlock_vma_page(new); + if (PageTransHuge(page) && PageMlocked(page)) + clear_page_mlock(page); + /* No need to invalidate - it was non-present before */ update_mmu_cache(vma, pvmw.address, pvmw.pte); } _

7 years, 1 month

1
0
0 0

[patch 01/14] mm: migration: fix migration of huge PMD shared pages

by akpm＠linux-foundation.org

From: Mike Kravetz <mike.kravetz(a)oracle.com> Subject: mm: migration: fix migration of huge PMD shared pages The page migration code employs try_to_unmap() to try and unmap the source page. This is accomplished by using rmap_walk to find all vmas where the page is mapped. This search stops when page mapcount is zero. For shared PMD huge pages, the page map count is always 1 no matter the number of mappings. Shared mappings are tracked via the reference count of the PMD page. Therefore, try_to_unmap stops prematurely and does not completely unmap all mappings of the source page. This problem can result is data corruption as writes to the original source page can happen after contents of the page are copied to the target page. Hence, data is lost. This problem was originally seen as DB corruption of shared global areas after a huge page was soft offlined due to ECC memory errors. DB developers noticed they could reproduce the issue by (hotplug) offlining memory used to back huge pages. A simple testcase can reproduce the problem by creating a shared PMD mapping (note that this must be at least PUD_SIZE in size and PUD_SIZE aligned (1GB on x86)), and using migrate_pages() to migrate process pages between nodes while continually writing to the huge pages being migrated. To fix, have the try_to_unmap_one routine check for huge PMD sharing by calling huge_pmd_unshare for hugetlbfs huge pages. If it is a shared mapping it will be 'unshared' which removes the page table entry and drops the reference on the PMD page. After this, flush caches and TLB. mmu notifiers are called before locking page tables, but we can not be sure of PMD sharing until page tables are locked. Therefore, check for the possibility of PMD sharing before locking so that notifiers can prepare for the worst possible case. Link: http://lkml.kernel.org/r/20180823205917.16297-2-mike.kravetz@oracle.com [mike.kravetz(a)oracle.com: make _range_in_vma() a static inline] Link: http://lkml.kernel.org/r/6063f215-a5c8-2f0c-465a-2c515ddc952d@oracle.com Fixes: 39dde65c9940 ("shared page table for hugetlb page") Signed-off-by: Mike Kravetz <mike.kravetz(a)oracle.com> Acked-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Reviewed-by: Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Davidlohr Bueso <dave(a)stgolabs.net> Cc: Jerome Glisse <jglisse(a)redhat.com> Cc: Mike Kravetz <mike.kravetz(a)oracle.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/hugetlb.h | 14 ++++++++++++ include/linux/mm.h | 6 +++++ mm/hugetlb.c | 37 +++++++++++++++++++++++++++++++-- mm/rmap.c | 42 +++++++++++++++++++++++++++++++++++--- 4 files changed, 94 insertions(+), 5 deletions(-) --- a/include/linux/hugetlb.h~mm-migration-fix-migration-of-huge-pmd-shared-pages +++ a/include/linux/hugetlb.h @@ -140,6 +140,8 @@ pte_t *huge_pte_alloc(struct mm_struct * pte_t *huge_pte_offset(struct mm_struct *mm, unsigned long addr, unsigned long sz); int huge_pmd_unshare(struct mm_struct *mm, unsigned long *addr, pte_t *ptep); +void adjust_range_if_pmd_sharing_possible(struct vm_area_struct *vma, + unsigned long *start, unsigned long *end); struct page *follow_huge_addr(struct mm_struct *mm, unsigned long address, int write); struct page *follow_huge_pd(struct vm_area_struct *vma, @@ -170,6 +172,18 @@ static inline unsigned long hugetlb_tota return 0; } +static inline int huge_pmd_unshare(struct mm_struct *mm, unsigned long *addr, + pte_t *ptep) +{ + return 0; +} + +static inline void adjust_range_if_pmd_sharing_possible( + struct vm_area_struct *vma, + unsigned long *start, unsigned long *end) +{ +} + #define follow_hugetlb_page(m,v,p,vs,a,b,i,w,n) ({ BUG(); 0; }) #define follow_huge_addr(mm, addr, write) ERR_PTR(-EINVAL) #define copy_hugetlb_page_range(src, dst, vma) ({ BUG(); 0; }) --- a/include/linux/mm.h~mm-migration-fix-migration-of-huge-pmd-shared-pages +++ a/include/linux/mm.h @@ -2455,6 +2455,12 @@ static inline struct vm_area_struct *fin return vma; } +static inline bool range_in_vma(struct vm_area_struct *vma, + unsigned long start, unsigned long end) +{ + return (vma && vma->vm_start <= start && end <= vma->vm_end); +} + #ifdef CONFIG_MMU pgprot_t vm_get_page_prot(unsigned long vm_flags); void vma_set_page_prot(struct vm_area_struct *vma); --- a/mm/hugetlb.c~mm-migration-fix-migration-of-huge-pmd-shared-pages +++ a/mm/hugetlb.c @@ -4545,13 +4545,41 @@ static bool vma_shareable(struct vm_area /* * check on proper vm_flags and page table alignment */ - if (vma->vm_flags & VM_MAYSHARE && - vma->vm_start <= base && end <= vma->vm_end) + if (vma->vm_flags & VM_MAYSHARE && range_in_vma(vma, base, end)) return true; return false; } /* + * Determine if start,end range within vma could be mapped by shared pmd. + * If yes, adjust start and end to cover range associated with possible + * shared pmd mappings. + */ +void adjust_range_if_pmd_sharing_possible(struct vm_area_struct *vma, + unsigned long *start, unsigned long *end) +{ + unsigned long check_addr = *start; + + if (!(vma->vm_flags & VM_MAYSHARE)) + return; + + for (check_addr = *start; check_addr < *end; check_addr += PUD_SIZE) { + unsigned long a_start = check_addr & PUD_MASK; + unsigned long a_end = a_start + PUD_SIZE; + + /* + * If sharing is possible, adjust start/end if necessary. + */ + if (range_in_vma(vma, a_start, a_end)) { + if (a_start < *start) + *start = a_start; + if (a_end > *end) + *end = a_end; + } + } +} + +/* * Search for a shareable pmd page for hugetlb. In any case calls pmd_alloc() * and returns the corresponding pte. While this is not necessary for the * !shared pmd case because we can allocate the pmd later as well, it makes the @@ -4648,6 +4676,11 @@ int huge_pmd_unshare(struct mm_struct *m { return 0; } + +void adjust_range_if_pmd_sharing_possible(struct vm_area_struct *vma, + unsigned long *start, unsigned long *end) +{ +} #define want_pmd_share() (0) #endif /* CONFIG_ARCH_WANT_HUGE_PMD_SHARE */ --- a/mm/rmap.c~mm-migration-fix-migration-of-huge-pmd-shared-pages +++ a/mm/rmap.c @@ -1362,11 +1362,21 @@ static bool try_to_unmap_one(struct page } /* - * We have to assume the worse case ie pmd for invalidation. Note that - * the page can not be free in this function as call of try_to_unmap() - * must hold a reference on the page. + * For THP, we have to assume the worse case ie pmd for invalidation. + * For hugetlb, it could be much worse if we need to do pud + * invalidation in the case of pmd sharing. + * + * Note that the page can not be free in this function as call of + * try_to_unmap() must hold a reference on the page. */ end = min(vma->vm_end, start + (PAGE_SIZE << compound_order(page))); + if (PageHuge(page)) { + /* + * If sharing is possible, start and end will be adjusted + * accordingly. + */ + adjust_range_if_pmd_sharing_possible(vma, &start, &end); + } mmu_notifier_invalidate_range_start(vma->vm_mm, start, end); while (page_vma_mapped_walk(&pvmw)) { @@ -1409,6 +1419,32 @@ static bool try_to_unmap_one(struct page subpage = page - page_to_pfn(page) + pte_pfn(*pvmw.pte); address = pvmw.address; + if (PageHuge(page)) { + if (huge_pmd_unshare(mm, &address, pvmw.pte)) { + /* + * huge_pmd_unshare unmapped an entire PMD + * page. There is no way of knowing exactly + * which PMDs may be cached for this mm, so + * we must flush them all. start/end were + * already adjusted above to cover this range. + */ + flush_cache_range(vma, start, end); + flush_tlb_range(vma, start, end); + mmu_notifier_invalidate_range(mm, start, end); + + /* + * The ref count of the PMD page was dropped + * which is part of the way map counting + * is done for shared PMDs. Return 'true' + * here. When there is no other sharing, + * huge_pmd_unshare returns false and we will + * unmap the actual page and drop map count + * to zero. + */ + page_vma_mapped_walk_done(&pvmw); + break; + } + } if (IS_ENABLED(CONFIG_MIGRATION) && (flags & TTU_MIGRATION) && _

7 years, 1 month

1
0
0 0

[PATCH] ARC: clone syscall to setp r25 as thread pointer

by Vineet Gupta

Per ARC TLS ABI, r25 is designated TP (thread pointer register). However so far kernel didn't do any special treatment, like setting up usermode r25, even for CLONE_SETTLS. We instead relied on libc runtime to do this, in say clone libc wrapper [1]. This was deliberate to keep kernel ABI agnostic (userspace could potentially change TP, specially for different ARC ISA say ARCompact vs. ARCv2 with different spare registers etc) However userspace setting up r25, after clone syscall opens a race, if child is not scheduled and gets a signal instead. It starts off in userspace not in clone but in a signal handler and anything TP sepcific there such as pthread_self() fails which showed up with uClibc testsuite nptl/tst-kill6 [2] Fix this by having kernel populate r25 to TP value. So this locks in ABI, but it was not going to change anyways, and fwiw is same for both ARCompact (arc700 core) and ARCvs (HS3x cores) [1] https://cgit.uclibc-ng.org/cgi/cgit/uclibc-ng.git/tree/libc/sysdeps/linux/a… [2] https://github.com/wbx-github/uclibc-ng-test/blob/master/test/nptl/tst-kill… Fixes: ARC STAR 9001378481 Cc: stable(a)vger.kernel.org Reported-by: Nikita Sobolev <sobolev(a)synopsys.com> Signed-off-by: Vineet Gupta <vgupta(a)synopsys.com> --- arch/arc/kernel/process.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/arch/arc/kernel/process.c b/arch/arc/kernel/process.c index 4674541eba3f..c29fa8ceb2d6 100644 --- a/arch/arc/kernel/process.c +++ b/arch/arc/kernel/process.c @@ -241,6 +241,26 @@ int copy_thread(unsigned long clone_flags, task_thread_info(current)->thr_ptr; } + + /* + * setup usermode thread pointer #1: + * when child is picked by scheduler, __switch_to() uses @c_callee to + * populate usermode callee regs: this is fine even despite being in a + * kernel function since special return path for child @ret_from_fork() + * ensures those regs are not clobbered all the way to RTIE to usermode + */ + c_callee->r25 = task_thread_info(p)->thr_ptr; + +#ifdef CONFIG_ARC_CURR_IN_REG + /* + * setup usermode thread pointer #2: + * however for this special use of r25 in kernel, __switch_to() sets + * r25 for kernel needs and only in the final return path is usermode + * r25 setup, from pt_regs->user_r25. So set that up as well + */ + c_regs->user_r25 = c_callee->r25; +#endif + return 0; } -- 2.7.4

7 years, 1 month

1
0
0 0

+ kbuild-fix-kernel-boundsc-w=1-warning.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: kbuild: fix kernel/bounds.c 'W=1' warning has been added to the -mm tree. Its filename is kbuild-fix-kernel-boundsc-w=1-warning.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/kbuild-fix-kernel-boundsc-w%3D1-wa… and later at http://ozlabs.org/~akpm/mmotm/broken-out/kbuild-fix-kernel-boundsc-w%3D1-wa… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Arnd Bergmann <arnd(a)arndb.de> Subject: kbuild: fix kernel/bounds.c 'W=1' warning Building any configuration with 'make W=1' produces a warning: kernel/bounds.c:16:6: warning: no previous prototype for 'foo' [-Wmissing-prototypes] When also passing -Werror, this prevents us from building any other files. Nobody ever calls the function, but we can't make it 'static' either since we want the compiler output. Calling it 'main' instead however avoids the warning, because gcc does not insist on having a declaration for main. Link: http://lkml.kernel.org/r/20181005083313.2088252-1-arnd@arndb.de Signed-off-by: Arnd Bergmann <arnd(a)arndb.de> Reported-by: Kieran Bingham <kieran.bingham+renesas(a)ideasonboard.com> Reviewed-by: Kieran Bingham <kieran.bingham+renesas(a)ideasonboard.com> Cc: David Laight <David.Laight(a)ACULAB.COM> Cc: Masahiro Yamada <yamada.masahiro(a)socionext.com> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- kernel/bounds.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/kernel/bounds.c~kbuild-fix-kernel-boundsc-w=1-warning +++ a/kernel/bounds.c @@ -13,7 +13,7 @@ #include <linux/log2.h> #include <linux/spinlock_types.h> -void foo(void) +int main(void) { /* The enum constants to put into include/generated/bounds.h */ DEFINE(NR_PAGEFLAGS, __NR_PAGEFLAGS); @@ -23,4 +23,6 @@ void foo(void) #endif DEFINE(SPINLOCK_SIZE, sizeof(spinlock_t)); /* End of constants */ + + return 0; } _ Patches currently in -mm which might be from arnd(a)arndb.de are ocfs2-dlmglue-clean-up-timestamp-handling.patch hugetlb-introduce-generic-version-of-huge_ptep_get-fix.patch kbuild-fix-kernel-boundsc-w=1-warning.patch vfs-replace-current_kernel_time64-with-ktime-equivalent.patch

7 years, 1 month

1
0
0 0

[PATCH] lib/bch: fix possible stack overrun

by Arnd Bergmann

The previous patch introduced very large kernel stack usage and a Makefile change to hide the warning about it. >From what I can tell, a number of things went wrong here: - The BCH_MAX_T constant was set to the maximum value for 'n', not the maximum for 't', which is much smaller. - The stack usage is actually larger than the entire kernel stack on some architectures that can use 4KB stacks (m68k, sh, c6x), which leads to an immediate overrun. - The justification in the patch description claimed that nothing changed, however that is not the case even without the two points above: the configuration is machine specific, and most boards never use the maximum BCH_ECC_WORDS() length but instead have something much smaller. That maximum would only apply to machines that use both the maximum block size and the maximum ECC strength. The largest value for 't' that I could find is '32', which in turn leads to a 60 byte array instead of 2048 bytes. With that changed, the warning can be enabled again. Fixes: 02361bc77888 ("lib/bch: Remove VLA usage") Reported-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Cc: stable(a)vger.kernel.org Signed-off-by: Arnd Bergmann <arnd(a)arndb.de> --- Please review carefully to ensure my logic is correct. I spent a long time trying to understand what is going on here, but I'm not too familiar with this algorithm, and it's possible I still got it wrong as well. In particular, I'm not 100% sure if '32' is the maximum ECC strength we can support, or if a larger one (which?) might be possible. --- lib/Makefile | 1 - lib/bch.c | 10 ++++++---- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/lib/Makefile b/lib/Makefile index 8c9647fa271a..12c479dd46e0 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -122,7 +122,6 @@ obj-$(CONFIG_ZLIB_INFLATE) += zlib_inflate/ obj-$(CONFIG_ZLIB_DEFLATE) += zlib_deflate/ obj-$(CONFIG_REED_SOLOMON) += reed_solomon/ obj-$(CONFIG_BCH) += bch.o -CFLAGS_bch.o := $(call cc-option,-Wframe-larger-than=4500) obj-$(CONFIG_LZO_COMPRESS) += lzo/ obj-$(CONFIG_LZO_DECOMPRESS) += lzo/ obj-$(CONFIG_LZ4_COMPRESS) += lz4/ diff --git a/lib/bch.c b/lib/bch.c index 7b0f2006698b..3ef1a3467e7b 100644 --- a/lib/bch.c +++ b/lib/bch.c @@ -79,20 +79,19 @@ #define GF_T(_p) (CONFIG_BCH_CONST_T) #define GF_N(_p) ((1 << (CONFIG_BCH_CONST_M))-1) #define BCH_MAX_M (CONFIG_BCH_CONST_M) +#define BCH_MAX_T (CONFIG_BCH_CONST_T) #else #define GF_M(_p) ((_p)->m) #define GF_T(_p) ((_p)->t) #define GF_N(_p) ((_p)->n) -#define BCH_MAX_M 15 +#define BCH_MAX_M 15 /* 2KB */ +#define BCH_MAX_T 32 /* 32 bit correction */ #endif -#define BCH_MAX_T (((1 << BCH_MAX_M) - 1) / BCH_MAX_M) - #define BCH_ECC_WORDS(_p) DIV_ROUND_UP(GF_M(_p)*GF_T(_p), 32) #define BCH_ECC_BYTES(_p) DIV_ROUND_UP(GF_M(_p)*GF_T(_p), 8) #define BCH_ECC_MAX_WORDS DIV_ROUND_UP(BCH_MAX_M * BCH_MAX_T, 32) -#define BCH_ECC_MAX_BYTES DIV_ROUND_UP(BCH_MAX_M * BCH_MAX_T, 8) #ifndef dbg #define dbg(_fmt, args...) do {} while (0) @@ -202,6 +201,9 @@ void encode_bch(struct bch_control *bch, const uint8_t *data, const uint32_t * const tab3 = tab2 + 256*(l+1); const uint32_t *pdata, *p0, *p1, *p2, *p3; + if (WARN_ON(r_bytes > sizeof(r))) + return; + if (ecc) { /* load ecc parity bytes into internal 32-bit buffer */ load_ecc8(bch, bch->ecc_buf, ecc); -- 2.18.0

7 years, 1 month

2
1
0 0

[PATCH AUTOSEL 4.4 01/11] ASoC: wm8804: Add ACPI support

by Sasha Levin

From: Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> [ Upstream commit 960cdd50ca9fdfeb82c2757107bcb7f93c8d7d41 ] HID made of either Wolfson/CirrusLogic PCI ID + 8804 identifier. This helps enumerate the HifiBerry Digi+ HAT boards on the Up2 platform. The scripts at https://github.com/thesofproject/acpi-scripts can be used to add the ACPI initrd overlays. Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> Acked-by: Charles Keepax <ckeepax(a)opensource.cirrus.com> Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- sound/soc/codecs/wm8804-i2c.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/sound/soc/codecs/wm8804-i2c.c b/sound/soc/codecs/wm8804-i2c.c index f27464c2c5ba..79541960f45d 100644 --- a/sound/soc/codecs/wm8804-i2c.c +++ b/sound/soc/codecs/wm8804-i2c.c @@ -13,6 +13,7 @@ #include <linux/init.h> #include <linux/module.h> #include <linux/i2c.h> +#include <linux/acpi.h> #include "wm8804.h" @@ -40,17 +41,29 @@ static const struct i2c_device_id wm8804_i2c_id[] = { }; MODULE_DEVICE_TABLE(i2c, wm8804_i2c_id); +#if defined(CONFIG_OF) static const struct of_device_id wm8804_of_match[] = { { .compatible = "wlf,wm8804", }, { } }; MODULE_DEVICE_TABLE(of, wm8804_of_match); +#endif + +#ifdef CONFIG_ACPI +static const struct acpi_device_id wm8804_acpi_match[] = { + { "1AEC8804", 0 }, /* Wolfson PCI ID + part ID */ + { "10138804", 0 }, /* Cirrus Logic PCI ID + part ID */ + { }, +}; +MODULE_DEVICE_TABLE(acpi, wm8804_acpi_match); +#endif static struct i2c_driver wm8804_i2c_driver = { .driver = { .name = "wm8804", .pm = &wm8804_pm, - .of_match_table = wm8804_of_match, + .of_match_table = of_match_ptr(wm8804_of_match), + .acpi_match_table = ACPI_PTR(wm8804_acpi_match), }, .probe = wm8804_i2c_probe, .remove = wm8804_i2c_remove, -- 2.17.1

7 years, 1 month

1
10
0 0

[PATCH AUTOSEL 4.9 01/14] ASoC: wm8804: Add ACPI support

by Sasha Levin

From: Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> [ Upstream commit 960cdd50ca9fdfeb82c2757107bcb7f93c8d7d41 ] HID made of either Wolfson/CirrusLogic PCI ID + 8804 identifier. This helps enumerate the HifiBerry Digi+ HAT boards on the Up2 platform. The scripts at https://github.com/thesofproject/acpi-scripts can be used to add the ACPI initrd overlays. Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> Acked-by: Charles Keepax <ckeepax(a)opensource.cirrus.com> Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- sound/soc/codecs/wm8804-i2c.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/sound/soc/codecs/wm8804-i2c.c b/sound/soc/codecs/wm8804-i2c.c index f27464c2c5ba..79541960f45d 100644 --- a/sound/soc/codecs/wm8804-i2c.c +++ b/sound/soc/codecs/wm8804-i2c.c @@ -13,6 +13,7 @@ #include <linux/init.h> #include <linux/module.h> #include <linux/i2c.h> +#include <linux/acpi.h> #include "wm8804.h" @@ -40,17 +41,29 @@ static const struct i2c_device_id wm8804_i2c_id[] = { }; MODULE_DEVICE_TABLE(i2c, wm8804_i2c_id); +#if defined(CONFIG_OF) static const struct of_device_id wm8804_of_match[] = { { .compatible = "wlf,wm8804", }, { } }; MODULE_DEVICE_TABLE(of, wm8804_of_match); +#endif + +#ifdef CONFIG_ACPI +static const struct acpi_device_id wm8804_acpi_match[] = { + { "1AEC8804", 0 }, /* Wolfson PCI ID + part ID */ + { "10138804", 0 }, /* Cirrus Logic PCI ID + part ID */ + { }, +}; +MODULE_DEVICE_TABLE(acpi, wm8804_acpi_match); +#endif static struct i2c_driver wm8804_i2c_driver = { .driver = { .name = "wm8804", .pm = &wm8804_pm, - .of_match_table = wm8804_of_match, + .of_match_table = of_match_ptr(wm8804_of_match), + .acpi_match_table = ACPI_PTR(wm8804_acpi_match), }, .probe = wm8804_i2c_probe, .remove = wm8804_i2c_remove, -- 2.17.1

7 years, 1 month

1
13
0 0

[PATCH AUTOSEL 4.14 01/23] ASoC: rt5514: Fix the issue of the delay volume applied again

by Sasha Levin

From: Oder Chiou <oder_chiou(a)realtek.com> [ Upstream commit 6f0a256253f48095ba2e5bcdfbed41f21643c105 ] After our evaluation, we need to modify the default values to make sure the volume applied immediately. Signed-off-by: Oder Chiou <oder_chiou(a)realtek.com> Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- sound/soc/codecs/rt5514.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/sound/soc/codecs/rt5514.c b/sound/soc/codecs/rt5514.c index 1bfc8db1826a..56ddab43da7e 100644 --- a/sound/soc/codecs/rt5514.c +++ b/sound/soc/codecs/rt5514.c @@ -64,8 +64,8 @@ static const struct reg_sequence rt5514_patch[] = { {RT5514_ANA_CTRL_LDO10, 0x00028604}, {RT5514_ANA_CTRL_ADCFED, 0x00000800}, {RT5514_ASRC_IN_CTRL1, 0x00000003}, - {RT5514_DOWNFILTER0_CTRL3, 0x10000352}, - {RT5514_DOWNFILTER1_CTRL3, 0x10000352}, + {RT5514_DOWNFILTER0_CTRL3, 0x10000342}, + {RT5514_DOWNFILTER1_CTRL3, 0x10000342}, }; static const struct reg_default rt5514_reg[] = { @@ -92,10 +92,10 @@ static const struct reg_default rt5514_reg[] = { {RT5514_ASRC_IN_CTRL1, 0x00000003}, {RT5514_DOWNFILTER0_CTRL1, 0x00020c2f}, {RT5514_DOWNFILTER0_CTRL2, 0x00020c2f}, - {RT5514_DOWNFILTER0_CTRL3, 0x10000352}, + {RT5514_DOWNFILTER0_CTRL3, 0x10000342}, {RT5514_DOWNFILTER1_CTRL1, 0x00020c2f}, {RT5514_DOWNFILTER1_CTRL2, 0x00020c2f}, - {RT5514_DOWNFILTER1_CTRL3, 0x10000352}, + {RT5514_DOWNFILTER1_CTRL3, 0x10000342}, {RT5514_ANA_CTRL_LDO10, 0x00028604}, {RT5514_ANA_CTRL_LDO18_16, 0x02000345}, {RT5514_ANA_CTRL_ADC12, 0x0000a2a8}, -- 2.17.1

7 years, 1 month

1
22
0 0

[GIT PULL 0/5] perf/urgent fixes

by Arnaldo Carvalho de Melo

Hi Ingo, Please consider pulling, - Arnaldo Test results at the end of this message, as usual. The following changes since commit 5d05dfd13f20b01a3cd5d293058baa7d5c1583b6: Merge tag 'perf-urgent-for-mingo-4.19-20180918' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux into perf/urgent (2018-09-19 13:25:35 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux.git tags/perf-urgent-for-mingo-4.19-20181005 for you to fetch changes up to 7a8a8fcf7b860e4b2d4edc787c844d41cad9dfcf: perf record: Use unmapped IP for inline callchain cursors (2018-10-05 11:18:09 -0300) ---------------------------------------------------------------- perf/urgent fixes: - Fix the build on Clear Linux, coping with redundant declarations of function prototypes in python3 header files by adding -Wno-redundant-decls to build with PYTHON=python3 (Arnaldo Carvalho de Melo) - Fixes for processing inline frames in backtraces using DWARF based unwinding (Milian Wolff) - Cope with bad DWARF info for function names for inline frames,not trying to demangle this symbol. Problem reported with rust but reproduced as well with C++. Problem reported to the libbpf maintainers (Milian Wolff) - Fix python export to postgresql and sqlite code (Adrian Hunter) Signed-off-by: Arnaldo Carvalho de Melo <acme(a)redhat.com> ---------------------------------------------------------------- Adrian Hunter (2): perf script python: Fix export-to-postgresql.py occasional failure perf script python: Fix export-to-sqlite.py sample columns Arnaldo Carvalho de Melo (1): perf python: Use -Wno-redundant-decls to build with PYTHON=python3 Milian Wolff (2): perf report: Don't try to map ip to invalid map perf record: Use unmapped IP for inline callchain cursors tools/perf/scripts/python/export-to-postgresql.py | 9 +++++++++ tools/perf/scripts/python/export-to-sqlite.py | 6 +++++- tools/perf/util/machine.c | 8 +++++--- tools/perf/util/setup.py | 2 +- 4 files changed, 20 insertions(+), 5 deletions(-) Test results: The first ones are container (docker) based builds of tools/perf with and without libelf support. Where clang is available, it is also used to build perf with/without libelf, and building with LIBCLANGLLVM=1 (built-in clang) with gcc and clang when clang and its devel libraries are installed. The objtool and samples/bpf/ builds are disabled now that I'm switching from using the sources in a local volume to fetching them from a http server to build it inside the container, to make it easier to build in a container cluster. Those will come back later. Several are cross builds, the ones with -x-ARCH and the android one, and those may not have all the features built, due to lack of multi-arch devel packages, available and being used so far on just a few, like debian:experimental-x-{arm64,mipsel}. The 'perf test' one will perform a variety of tests exercising tools/perf/util/, tools/lib/{bpf,traceevent,etc}, as well as run perf commands with a variety of command line event specifications to then intercept the sys_perf_event syscall to check that the perf_event_attr fields are set up as expected, among a variety of other unit tests. Then there is the 'make -C tools/perf build-test' ones, that build tools/perf/ with a variety of feature sets, exercising the build with an incomplete set of features as well as with a complete one. It is planned to have it run on each of the containers mentioned above, using some container orchestration infrastructure. Get in contact if interested in helping having this in place. The Clear Linux container is building with NO_CLANG=1, the problem preventing its use when building for python3 has been identified and the next builds will build in ClearLinux with both gcc and clang. This time around only gcc was used. # dm 1 alpine:3.4 : Ok gcc (Alpine 5.3.0) 5.3.0 2 alpine:3.5 : Ok gcc (Alpine 6.2.1) 6.2.1 20160822 3 alpine:3.6 : Ok gcc (Alpine 6.3.0) 6.3.0 4 alpine:3.7 : Ok gcc (Alpine 6.4.0) 6.4.0 5 alpine:3.8 : Ok gcc (Alpine 6.4.0) 6.4.0 6 alpine:edge : Ok gcc (Alpine 6.4.0) 6.4.0 7 amazonlinux:1 : Ok gcc (GCC) 4.8.5 20150623 (Red Hat 4.8.5-28) 8 amazonlinux:2 : Ok gcc (GCC) 7.3.1 20180303 (Red Hat 7.3.1-5) 9 android-ndk:r12b-arm : Ok arm-linux-androideabi-gcc (GCC) 4.9.x 20150123 (prerelease) 10 android-ndk:r15c-arm : Ok arm-linux-androideabi-gcc (GCC) 4.9.x 20150123 (prerelease) 11 centos:5 : Ok gcc (GCC) 4.1.2 20080704 (Red Hat 4.1.2-55) 12 centos:6 : Ok gcc (GCC) 4.4.7 20120313 (Red Hat 4.4.7-23) 13 centos:7 : Ok gcc (GCC) 4.8.5 20150623 (Red Hat 4.8.5-28) 14 clearlinux:latest : Ok gcc (Clear Linux OS for Intel Architecture) 8.2.1 20180502 15 debian:7 : Ok gcc (Debian 4.7.2-5) 4.7.2 16 debian:8 : Ok gcc (Debian 4.9.2-10+deb8u1) 4.9.2 17 debian:9 : Ok gcc (Debian 6.3.0-18+deb9u1) 6.3.0 20170516 18 debian:experimental : Ok gcc (Debian 8.2.0-7) 8.2.0 19 debian:experimental-x-arm64 : Ok aarch64-linux-gnu-gcc (Debian 8.2.0-4) 8.2.0 20 debian:experimental-x-mips : Ok mips-linux-gnu-gcc (Debian 8.1.0-12) 8.1.0 21 debian:experimental-x-mips64 : Ok mips64-linux-gnuabi64-gcc (Debian 8.1.0-12) 8.1.0 22 debian:experimental-x-mipsel : Ok mipsel-linux-gnu-gcc (Debian 8.1.0-12) 8.1.0 23 fedora:20 : Ok gcc (GCC) 4.8.3 20140911 (Red Hat 4.8.3-7) 24 fedora:21 : Ok gcc (GCC) 4.9.2 20150212 (Red Hat 4.9.2-6) 25 fedora:22 : Ok gcc (GCC) 5.3.1 20160406 (Red Hat 5.3.1-6) 26 fedora:23 : Ok gcc (GCC) 5.3.1 20160406 (Red Hat 5.3.1-6) 27 fedora:24 : Ok gcc (GCC) 6.3.1 20161221 (Red Hat 6.3.1-1) 28 fedora:24-x-ARC-uClibc : Ok arc-linux-gcc (ARCompact ISA Linux uClibc toolchain 2017.09-rc2) 7.1.1 20170710 29 fedora:25 : Ok gcc (GCC) 6.4.1 20170727 (Red Hat 6.4.1-1) 30 fedora:26 : Ok gcc (GCC) 7.3.1 20180130 (Red Hat 7.3.1-2) 31 fedora:27 : Ok gcc (GCC) 7.3.1 20180712 (Red Hat 7.3.1-6) 32 fedora:28 : Ok gcc (GCC) 8.1.1 20180712 (Red Hat 8.1.1-5) 33 fedora:rawhide : Ok gcc (GCC) 8.2.1 20180905 (Red Hat 8.2.1-3) 34 gentoo-stage3-amd64:latest : Ok gcc (Gentoo 7.3.0-r3 p1.4) 7.3.0 35 mageia:5 : Ok gcc (GCC) 4.9.2 36 mageia:6 : Ok gcc (Mageia 5.5.0-1.mga6) 5.5.0 37 opensuse:13.2 : Ok gcc (SUSE Linux) 4.8.3 20140627 [gcc-4_8-branch revision 212064] 38 opensuse:42.1 : Ok gcc (SUSE Linux) 4.8.5 39 opensuse:42.2 : Ok gcc (SUSE Linux) 4.8.5 40 opensuse:42.3 : Ok gcc (SUSE Linux) 4.8.5 41 opensuse:tumbleweed : Ok gcc (SUSE Linux) 7.3.1 20180323 [gcc-7-branch revision 258812] 42 oraclelinux:6 : Ok gcc (GCC) 4.4.7 20120313 (Red Hat 4.4.7-23.0.1) 43 oraclelinux:7 : Ok gcc (GCC) 4.8.5 20150623 (Red Hat 4.8.5-28.0.1) 44 ubuntu:12.04.5 : Ok gcc (Ubuntu/Linaro 4.6.3-1ubuntu5) 4.6.3 45 ubuntu:14.04.4 : Ok gcc (Ubuntu 4.8.4-2ubuntu1~14.04.3) 4.8.4 46 ubuntu:14.04.4-x-linaro-arm64 : Ok aarch64-linux-gnu-gcc (Linaro GCC 5.5-2017.10) 5.5.0 47 ubuntu:16.04 : Ok gcc (Ubuntu 5.4.0-6ubuntu1~16.04.10) 5.4.0 20160609 48 ubuntu:16.04-x-arm : Ok arm-linux-gnueabihf-gcc (Ubuntu/Linaro 5.4.0-6ubuntu1~16.04.9) 5.4.0 20160609 49 ubuntu:16.04-x-arm64 : Ok aarch64-linux-gnu-gcc (Ubuntu/Linaro 5.4.0-6ubuntu1~16.04.9) 5.4.0 20160609 50 ubuntu:16.04-x-powerpc : Ok powerpc-linux-gnu-gcc (Ubuntu 5.4.0-6ubuntu1~16.04.9) 5.4.0 20160609 51 ubuntu:16.04-x-powerpc64 : Ok powerpc64-linux-gnu-gcc (Ubuntu/IBM 5.4.0-6ubuntu1~16.04.9) 5.4.0 20160609 52 ubuntu:16.04-x-powerpc64el : Ok powerpc64le-linux-gnu-gcc (Ubuntu/IBM 5.4.0-6ubuntu1~16.04.9) 5.4.0 20160609 53 ubuntu:16.04-x-s390 : Ok s390x-linux-gnu-gcc (Ubuntu 5.4.0-6ubuntu1~16.04.9) 5.4.0 20160609 54 ubuntu:16.10 : Ok gcc (Ubuntu 6.2.0-5ubuntu12) 6.2.0 20161005 55 ubuntu:17.10 : Ok gcc (Ubuntu 7.2.0-8ubuntu3.2) 7.2.0 56 ubuntu:18.04 : Ok gcc (Ubuntu 7.3.0-16ubuntu3) 7.3.0 57 ubuntu:18.04-x-arm : Ok arm-linux-gnueabihf-gcc (Ubuntu/Linaro 7.3.0-16ubuntu3) 7.3.0 58 ubuntu:18.04-x-arm64 : Ok aarch64-linux-gnu-gcc (Ubuntu/Linaro 7.3.0-16ubuntu3) 7.3.0 59 ubuntu:18.04-x-m68k : Ok m68k-linux-gnu-gcc (Ubuntu 7.3.0-16ubuntu3) 7.3.0 60 ubuntu:18.04-x-powerpc : Ok powerpc-linux-gnu-gcc (Ubuntu 7.3.0-16ubuntu3) 7.3.0 61 ubuntu:18.04-x-powerpc64 : Ok powerpc64-linux-gnu-gcc (Ubuntu 7.3.0-16ubuntu3) 7.3.0 62 ubuntu:18.04-x-powerpc64el : Ok powerpc64le-linux-gnu-gcc (Ubuntu 7.3.0-16ubuntu3) 7.3.0 63 ubuntu:18.04-x-riscv64 : Ok riscv64-linux-gnu-gcc (Ubuntu 7.3.0-16ubuntu3) 7.3.0 64 ubuntu:18.04-x-s390 : Ok s390x-linux-gnu-gcc (Ubuntu 7.3.0-16ubuntu3) 7.3.0 65 ubuntu:18.04-x-sh4 : Ok sh4-linux-gnu-gcc (Ubuntu 7.3.0-16ubuntu3) 7.3.0 66 ubuntu:18.04-x-sparc64 : Ok sparc64-linux-gnu-gcc (Ubuntu 7.3.0-16ubuntu3) 7.3.0 67 ubuntu:18.10 : Ok gcc (Ubuntu 8.2.0-4ubuntu1) 8.2.0 # uname -a Linux jouet 4.19.0-rc4-00022-gad3273d5f1b9 #1 SMP Mon Sep 17 17:18:22 -03 2018 x86_64 x86_64 x86_64 GNU/Linux # git log --oneline -1 7a8a8fcf7b86 perf record: Use unmapped IP for inline callchain cursors # perf version --build-options perf version 4.19.rc4.g7a8a8f dwarf: [ on ] # HAVE_DWARF_SUPPORT dwarf_getlocations: [ on ] # HAVE_DWARF_GETLOCATIONS_SUPPORT glibc: [ on ] # HAVE_GLIBC_SUPPORT gtk2: [ on ] # HAVE_GTK2_SUPPORT syscall_table: [ on ] # HAVE_SYSCALL_TABLE_SUPPORT libbfd: [ on ] # HAVE_LIBBFD_SUPPORT libelf: [ on ] # HAVE_LIBELF_SUPPORT libnuma: [ on ] # HAVE_LIBNUMA_SUPPORT numa_num_possible_cpus: [ on ] # HAVE_LIBNUMA_SUPPORT libperl: [ on ] # HAVE_LIBPERL_SUPPORT libpython: [ on ] # HAVE_LIBPYTHON_SUPPORT libslang: [ on ] # HAVE_SLANG_SUPPORT libcrypto: [ on ] # HAVE_LIBCRYPTO_SUPPORT libunwind: [ on ] # HAVE_LIBUNWIND_SUPPORT libdw-dwarf-unwind: [ on ] # HAVE_DWARF_SUPPORT zlib: [ on ] # HAVE_ZLIB_SUPPORT lzma: [ on ] # HAVE_LZMA_SUPPORT get_cpuid: [ on ] # HAVE_AUXTRACE_SUPPORT bpf: [ on ] # HAVE_LIBBPF_SUPPORT # perf test 1: vmlinux symtab matches kallsyms : Ok 2: Detect openat syscall event : Ok 3: Detect openat syscall event on all cpus : Ok 4: Read samples using the mmap interface : Ok 5: Test data source output : Ok 6: Parse event definition strings : Ok 7: Simple expression parser : Ok 8: PERF_RECORD_* events & perf_sample fields : Ok 9: Parse perf pmu format : Ok 10: DSO data read : Ok 11: DSO data cache : Ok 12: DSO data reopen : Ok 13: Roundtrip evsel->name : Ok 14: Parse sched tracepoints fields : Ok 15: syscalls:sys_enter_openat event fields : Ok 16: Setup struct perf_event_attr : Ok 17: Match and link multiple hists : Ok 18: 'import perf' in python : Ok 19: Breakpoint overflow signal handler : Ok 20: Breakpoint overflow sampling : Ok 21: Breakpoint accounting : Ok 22: Number of exit events of a simple workload : Ok 23: Software clock events period values : Ok 24: Object code reading : Ok 25: Sample parsing : Ok 26: Use a dummy software event to keep tracking : Ok 27: Parse with no sample_id_all bit set : Ok 28: Filter hist entries : Ok 29: Lookup mmap thread : Ok 30: Share thread mg : Ok 31: Sort output of hist entries : Ok 32: Cumulate child hist entries : Ok 33: Track with sched_switch : Ok 34: Filter fds with revents mask in a fdarray : Ok 35: Add fd to a fdarray, making it autogrow : Ok 36: kmod_path__parse : Ok 37: Thread map : Ok 38: LLVM search and compile : 38.1: Basic BPF llvm compile : Ok 38.2: kbuild searching : Ok 38.3: Compile source for BPF prologue generation : Ok 38.4: Compile source for BPF relocation : Ok 39: Session topology : Ok 40: BPF filter : 40.1: Basic BPF filtering : Ok 40.2: BPF pinning : Ok 40.3: BPF prologue generation : Ok 40.4: BPF relocation checker : Ok 41: Synthesize thread map : Ok 42: Remove thread map : Ok 43: Synthesize cpu map : Ok 44: Synthesize stat config : Ok 45: Synthesize stat : Ok 46: Synthesize stat round : Ok 47: Synthesize attr update : Ok 48: Event times : Ok 49: Read backward ring buffer : Ok 50: Print cpu map : Ok 51: Probe SDT events : Ok 52: is_printable_array : Ok 53: Print bitmap : Ok 54: perf hooks : Ok 55: builtin clang support : Skip (not compiled in) 56: unit_number__scnprintf : Ok 57: mem2node : Ok 58: x86 rdpmc : Ok 59: Convert perf time to TSC : Ok 60: DWARF unwind : Ok 61: x86 instruction decoder - new instructions : Ok 62: x86 bp modify : Ok 63: Use vfs_getname probe to get syscall args filenames : Ok 64: Check open filename arg using perf trace + vfs_getname: Ok 65: probe libc's inet_pton & backtrace it with ping : Ok 66: Add vfs_getname probe to get syscall args filenames : Ok $ make -C tools/perf build-test make: Entering directory '/home/acme/git/perf/tools/perf' - tarpkg: ./tests/perf-targz-src-pkg . make_with_clangllvm_O: make LIBCLANGLLVM=1 make_install_prefix_slash_O: make install prefix=/tmp/krava/ make_minimal_O: make NO_LIBPERL=1 NO_LIBPYTHON=1 NO_NEWT=1 NO_GTK2=1 NO_DEMANGLE=1 NO_LIBELF=1 NO_LIBUNWIND=1 NO_BACKTRACE=1 NO_LIBNUMA=1 NO_LIBAUDIT=1 NO_LIBBIONIC=1 NO_LIBDW_DWARF_UNWIND=1 NO_AUXTRACE=1 NO_LIBBPF=1 NO_LIBCRYPTO=1 NO_SDT=1 NO_JVMTI=1 make_no_ui_O: make NO_NEWT=1 NO_SLANG=1 NO_GTK2=1 make_pure_O: make - /home/acme/git/perf/tools/perf/BUILD_TEST_FEATURE_DUMP_STATIC: make FEATURE_DUMP_COPY=/home/acme/git/perf/tools/perf/BUILD_TEST_FEATURE_DUMP_STATIC LDFLAGS='-static' feature-dump make_static_O: make LDFLAGS=-static make_perf_o_O: make perf.o make_no_scripts_O: make NO_LIBPYTHON=1 NO_LIBPERL=1 make_clean_all_O: make clean all make_no_libbpf_O: make NO_LIBBPF=1 make_install_prefix_O: make install prefix=/tmp/krava make_no_newt_O: make NO_NEWT=1 make_no_backtrace_O: make NO_BACKTRACE=1 make_no_auxtrace_O: make NO_AUXTRACE=1 make_with_babeltrace_O: make LIBBABELTRACE=1 make_no_libnuma_O: make NO_LIBNUMA=1 make_debug_O: make DEBUG=1 make_no_libaudit_O: make NO_LIBAUDIT=1 make_util_map_o_O: make util/map.o make_tags_O: make tags make_no_libbionic_O: make NO_LIBBIONIC=1 make_no_libelf_O: make NO_LIBELF=1 make_no_libpython_O: make NO_LIBPYTHON=1 make_no_libperl_O: make NO_LIBPERL=1 make_no_demangle_O: make NO_DEMANGLE=1 make_no_slang_O: make NO_SLANG=1 make_no_libunwind_O: make NO_LIBUNWIND=1 make_install_O: make install make_util_pmu_bison_o_O: make util/pmu-bison.o make_install_bin_O: make install-bin make_no_gtk2_O: make NO_GTK2=1 make_doc_O: make doc make_help_O: make help make_no_libdw_dwarf_unwind_O: make NO_LIBDW_DWARF_UNWIND=1 OK make: Leaving directory '/home/acme/git/perf/tools/perf' $

7 years, 1 month

2
3
0 0

[git:media_tree/master] media: cec: fix the Signal Free Time calculation

by Mauro Carvalho Chehab

This is an automatic generated email to let you know that the following patch were queued: Subject: media: cec: fix the Signal Free Time calculation Author: Hans Verkuil <hans.verkuil(a)cisco.com> Date: Fri Oct 5 08:00:21 2018 -0400 The calculation of the Signal Free Time in the framework was not correct. If a message was received, then the next transmit should be considered a New Initiator and use a shorter SFT value. This was not done with the result that if both sides where continually sending messages, they both could use the same SFT value and one side could deny the other side access to the bus. Note that this fix does not take the corner case into account where a receive is in progress when you call adap_transmit. Signed-off-by: Hans Verkuil <hans.verkuil(a)cisco.com> Cc: <stable(a)vger.kernel.org> # for v4.18 and up Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> drivers/media/cec/cec-adap.c | 26 +++++++------------------- include/media/cec.h | 2 +- 2 files changed, 8 insertions(+), 20 deletions(-) --- diff --git a/drivers/media/cec/cec-adap.c b/drivers/media/cec/cec-adap.c index e6e82b504e56..0c0d9107383e 100644 --- a/drivers/media/cec/cec-adap.c +++ b/drivers/media/cec/cec-adap.c @@ -526,9 +526,11 @@ int cec_thread_func(void *_adap) if (data->attempts) { /* should be >= 3 data bit periods for a retry */ signal_free_time = CEC_SIGNAL_FREE_TIME_RETRY; - } else if (data->new_initiator) { + } else if (adap->last_initiator != + cec_msg_initiator(&data->msg)) { /* should be >= 5 data bit periods for new initiator */ signal_free_time = CEC_SIGNAL_FREE_TIME_NEW_INITIATOR; + adap->last_initiator = cec_msg_initiator(&data->msg); } else { /* * should be >= 7 data bit periods for sending another @@ -713,7 +715,6 @@ int cec_transmit_msg_fh(struct cec_adapter *adap, struct cec_msg *msg, struct cec_fh *fh, bool block) { struct cec_data *data; - u8 last_initiator = 0xff; msg->rx_ts = 0; msg->tx_ts = 0; @@ -823,23 +824,6 @@ int cec_transmit_msg_fh(struct cec_adapter *adap, struct cec_msg *msg, data->adap = adap; data->blocking = block; - /* - * Determine if this message follows a message from the same - * initiator. Needed to determine the free signal time later on. - */ - if (msg->len > 1) { - if (!(list_empty(&adap->transmit_queue))) { - const struct cec_data *last; - - last = list_last_entry(&adap->transmit_queue, - const struct cec_data, list); - last_initiator = cec_msg_initiator(&last->msg); - } else if (adap->transmitting) { - last_initiator = - cec_msg_initiator(&adap->transmitting->msg); - } - } - data->new_initiator = last_initiator != cec_msg_initiator(msg); init_completion(&data->c); INIT_DELAYED_WORK(&data->work, cec_wait_timeout); @@ -1027,6 +1011,8 @@ void cec_received_msg_ts(struct cec_adapter *adap, mutex_lock(&adap->lock); dprintk(2, "%s: %*ph\n", __func__, msg->len, msg->msg); + adap->last_initiator = 0xff; + /* Check if this message was for us (directed or broadcast). */ if (!cec_msg_is_broadcast(msg)) valid_la = cec_has_log_addr(adap, msg_dest); @@ -1489,6 +1475,8 @@ void __cec_s_phys_addr(struct cec_adapter *adap, u16 phys_addr, bool block) } mutex_lock(&adap->devnode.lock); + adap->last_initiator = 0xff; + if ((adap->needs_hpd || list_empty(&adap->devnode.fhs)) && adap->ops->adap_enable(adap, true)) { mutex_unlock(&adap->devnode.lock); diff --git a/include/media/cec.h b/include/media/cec.h index 9f382f0c2970..254a610b9aa5 100644 --- a/include/media/cec.h +++ b/include/media/cec.h @@ -63,7 +63,6 @@ struct cec_data { struct delayed_work work; struct completion c; u8 attempts; - bool new_initiator; bool blocking; bool completed; }; @@ -174,6 +173,7 @@ struct cec_adapter { bool is_configuring; bool is_configured; bool cec_pin_is_high; + u8 last_initiator; u32 monitor_all_cnt; u32 monitor_pin_cnt; u32 follower_cnt;

7 years, 1 month

1
0
0 0

[git:media_tree/master] media: adv7842: when the EDID is cleared, unconfigure CEC as well

by Mauro Carvalho Chehab

This is an automatic generated email to let you know that the following patch were queued: Subject: media: adv7842: when the EDID is cleared, unconfigure CEC as well Author: Hans Verkuil <hans.verkuil(a)cisco.com> Date: Thu Oct 4 03:58:34 2018 -0400 When there is no EDID the CEC adapter should be unconfigured as well. So call cec_phys_addr_invalidate() when this happens. Signed-off-by: Hans Verkuil <hans.verkuil(a)cisco.com> Cc: <stable(a)vger.kernel.org> # for v4.18 and up Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> drivers/media/i2c/adv7842.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- diff --git a/drivers/media/i2c/adv7842.c b/drivers/media/i2c/adv7842.c index cd63cc6564e9..4721d49dcf0f 100644 --- a/drivers/media/i2c/adv7842.c +++ b/drivers/media/i2c/adv7842.c @@ -786,8 +786,10 @@ static int edid_write_hdmi_segment(struct v4l2_subdev *sd, u8 port) /* Disable I2C access to internal EDID ram from HDMI DDC ports */ rep_write_and_or(sd, 0x77, 0xf3, 0x00); - if (!state->hdmi_edid.present) + if (!state->hdmi_edid.present) { + cec_phys_addr_invalidate(state->cec_adap); return 0; + } pa = v4l2_get_edid_phys_addr(edid, 256, &spa_loc); err = v4l2_phys_addr_validate(pa, &pa, NULL);

7 years, 1 month

1
0
0 0

[git:media_tree/master] media: adv7604: when the EDID is cleared, unconfigure CEC as well

by Mauro Carvalho Chehab

This is an automatic generated email to let you know that the following patch were queued: Subject: media: adv7604: when the EDID is cleared, unconfigure CEC as well Author: Hans Verkuil <hans.verkuil(a)cisco.com> Date: Thu Oct 4 03:57:06 2018 -0400 When there is no EDID the CEC adapter should be unconfigured as well. So call cec_phys_addr_invalidate() when this happens. Signed-off-by: Hans Verkuil <hans.verkuil(a)cisco.com> Cc: <stable(a)vger.kernel.org> # for v4.18 and up Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> drivers/media/i2c/adv7604.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- diff --git a/drivers/media/i2c/adv7604.c b/drivers/media/i2c/adv7604.c index 1c89959b1509..9eb7c70a7712 100644 --- a/drivers/media/i2c/adv7604.c +++ b/drivers/media/i2c/adv7604.c @@ -2284,8 +2284,10 @@ static int adv76xx_set_edid(struct v4l2_subdev *sd, struct v4l2_edid *edid) state->aspect_ratio.numerator = 16; state->aspect_ratio.denominator = 9; - if (!state->edid.present) + if (!state->edid.present) { state->edid.blocks = 0; + cec_phys_addr_invalidate(state->cec_adap); + } v4l2_dbg(2, debug, sd, "%s: clear EDID pad %d, edid.present = 0x%x\n", __func__, edid->pad, state->edid.present);

7 years, 1 month

1
0
0 0

[git:media_tree/master] media: cec: add new tx/rx status bits to detect aborts/timeouts

by Mauro Carvalho Chehab

This is an automatic generated email to let you know that the following patch were queued: Subject: media: cec: add new tx/rx status bits to detect aborts/timeouts Author: Hans Verkuil <hans.verkuil(a)cisco.com> Date: Thu Oct 4 03:28:21 2018 -0400 If the HDMI cable is disconnected or the CEC adapter is manually unconfigured, then all pending transmits and wait-for-replies are aborted. Signal this with new status bits (CEC_RX/TX_STATUS_ABORTED). If due to (usually) a driver bug a transmit never ends (i.e. the transmit_done was never called by the driver), then when this times out the message is marked with CEC_TX_STATUS_TIMEOUT. This should not happen and is an indication of a driver bug. Without a separate status bit for this it was impossible to detect this from userspace. The 'transmit timed out' kernel message is now a warning, so this should be more prominent in the kernel log as well. Signed-off-by: Hans Verkuil <hans.verkuil(a)cisco.com> Cc: <stable(a)vger.kernel.org> # for v4.18 and up Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> Documentation/media/uapi/cec/cec-ioc-receive.rst | 25 ++++++++- drivers/media/cec/cec-adap.c | 66 +++++++----------------- include/uapi/linux/cec.h | 3 ++ 3 files changed, 44 insertions(+), 50 deletions(-) --- diff --git a/Documentation/media/uapi/cec/cec-ioc-receive.rst b/Documentation/media/uapi/cec/cec-ioc-receive.rst index e964074cd15b..b25e48afaa08 100644 --- a/Documentation/media/uapi/cec/cec-ioc-receive.rst +++ b/Documentation/media/uapi/cec/cec-ioc-receive.rst @@ -16,10 +16,10 @@ CEC_RECEIVE, CEC_TRANSMIT - Receive or transmit a CEC message Synopsis ======== -.. c:function:: int ioctl( int fd, CEC_RECEIVE, struct cec_msg *argp ) +.. c:function:: int ioctl( int fd, CEC_RECEIVE, struct cec_msg \*argp ) :name: CEC_RECEIVE -.. c:function:: int ioctl( int fd, CEC_TRANSMIT, struct cec_msg *argp ) +.. c:function:: int ioctl( int fd, CEC_TRANSMIT, struct cec_msg \*argp ) :name: CEC_TRANSMIT Arguments @@ -272,6 +272,19 @@ View On' messages from initiator 0xf ('Unregistered') to destination 0 ('TV'). - The transmit failed after one or more retries. This status bit is mutually exclusive with :ref:`CEC_TX_STATUS_OK <CEC-TX-STATUS-OK>`. Other bits can still be set to explain which failures were seen. + * .. _`CEC-TX-STATUS-ABORTED`: + + - ``CEC_TX_STATUS_ABORTED`` + - 0x40 + - The transmit was aborted due to an HDMI disconnect, or the adapter + was unconfigured, or a transmit was interrupted, or the driver + returned an error when attempting to start a transmit. + * .. _`CEC-TX-STATUS-TIMEOUT`: + + - ``CEC_TX_STATUS_TIMEOUT`` + - 0x80 + - The transmit timed out. This should not normally happen and this + indicates a driver problem. .. tabularcolumns:: |p{5.6cm}|p{0.9cm}|p{11.0cm}| @@ -300,6 +313,14 @@ View On' messages from initiator 0xf ('Unregistered') to destination 0 ('TV'). - The message was received successfully but the reply was ``CEC_MSG_FEATURE_ABORT``. This status is only set if this message was the reply to an earlier transmitted message. + * .. _`CEC-RX-STATUS-ABORTED`: + + - ``CEC_RX_STATUS_ABORTED`` + - 0x08 + - The wait for a reply to an earlier transmitted message was aborted + because the HDMI cable was disconnected, the adapter was unconfigured + or the :ref:`CEC_TRANSMIT <CEC_RECEIVE>` that waited for a + reply was interrupted. diff --git a/drivers/media/cec/cec-adap.c b/drivers/media/cec/cec-adap.c index 829878356e1e..e6e82b504e56 100644 --- a/drivers/media/cec/cec-adap.c +++ b/drivers/media/cec/cec-adap.c @@ -354,7 +354,7 @@ static void cec_data_completed(struct cec_data *data) * * This function is called with adap->lock held. */ -static void cec_data_cancel(struct cec_data *data) +static void cec_data_cancel(struct cec_data *data, u8 tx_status) { /* * It's either the current transmit, or it is a pending @@ -369,13 +369,11 @@ static void cec_data_cancel(struct cec_data *data) } if (data->msg.tx_status & CEC_TX_STATUS_OK) { - /* Mark the canceled RX as a timeout */ data->msg.rx_ts = ktime_get_ns(); - data->msg.rx_status = CEC_RX_STATUS_TIMEOUT; + data->msg.rx_status = CEC_RX_STATUS_ABORTED; } else { - /* Mark the canceled TX as an error */ data->msg.tx_ts = ktime_get_ns(); - data->msg.tx_status |= CEC_TX_STATUS_ERROR | + data->msg.tx_status |= tx_status | CEC_TX_STATUS_MAX_RETRIES; data->msg.tx_error_cnt++; data->attempts = 0; @@ -403,15 +401,15 @@ static void cec_flush(struct cec_adapter *adap) while (!list_empty(&adap->transmit_queue)) { data = list_first_entry(&adap->transmit_queue, struct cec_data, list); - cec_data_cancel(data); + cec_data_cancel(data, CEC_TX_STATUS_ABORTED); } if (adap->transmitting) - cec_data_cancel(adap->transmitting); + cec_data_cancel(adap->transmitting, CEC_TX_STATUS_ABORTED); /* Cancel the pending timeout work. */ list_for_each_entry_safe(data, n, &adap->wait_queue, list) { if (cancel_delayed_work(&data->work)) - cec_data_cancel(data); + cec_data_cancel(data, CEC_TX_STATUS_OK); /* * If cancel_delayed_work returned false, then * the cec_wait_timeout function is running, @@ -487,12 +485,13 @@ int cec_thread_func(void *_adap) * so much traffic on the bus that the adapter was * unable to transmit for CEC_XFER_TIMEOUT_MS (2.1s). */ - dprintk(1, "%s: message %*ph timed out\n", __func__, + pr_warn("cec-%s: message %*ph timed out\n", adap->name, adap->transmitting->msg.len, adap->transmitting->msg.msg); adap->tx_timeouts++; /* Just give up on this. */ - cec_data_cancel(adap->transmitting); + cec_data_cancel(adap->transmitting, + CEC_TX_STATUS_TIMEOUT); goto unlock; } @@ -543,7 +542,7 @@ int cec_thread_func(void *_adap) /* Tell the adapter to transmit, cancel on error */ if (adap->ops->adap_transmit(adap, data->attempts, signal_free_time, &data->msg)) - cec_data_cancel(data); + cec_data_cancel(data, CEC_TX_STATUS_ABORTED); unlock: mutex_unlock(&adap->lock); @@ -715,8 +714,6 @@ int cec_transmit_msg_fh(struct cec_adapter *adap, struct cec_msg *msg, { struct cec_data *data; u8 last_initiator = 0xff; - unsigned int timeout; - int res = 0; msg->rx_ts = 0; msg->tx_ts = 0; @@ -859,47 +856,20 @@ int cec_transmit_msg_fh(struct cec_adapter *adap, struct cec_msg *msg, return 0; /* - * If we don't get a completion before this time something is really - * wrong and we time out. - */ - timeout = CEC_XFER_TIMEOUT_MS; - /* Add the requested timeout if we have to wait for a reply as well */ - if (msg->timeout) - timeout += msg->timeout; - - /* * Release the lock and wait, retake the lock afterwards. */ mutex_unlock(&adap->lock); - res = wait_for_completion_killable_timeout(&data->c, - msecs_to_jiffies(timeout)); + wait_for_completion_killable(&data->c); mutex_lock(&adap->lock); - if (data->completed) { - /* The transmit completed (possibly with an error) */ - *msg = data->msg; - kfree(data); - return 0; - } - /* - * The wait for completion timed out or was interrupted, so mark this - * as non-blocking and disconnect from the filehandle since it is - * still 'in flight'. When it finally completes it will just drop the - * result silently. - */ - data->blocking = false; - if (data->fh) - list_del(&data->xfer_list); - data->fh = NULL; + /* Cancel the transmit if it was interrupted */ + if (!data->completed) + cec_data_cancel(data, CEC_TX_STATUS_ABORTED); - if (res == 0) { /* timed out */ - /* Check if the reply or the transmit failed */ - if (msg->timeout && (msg->tx_status & CEC_TX_STATUS_OK)) - msg->rx_status = CEC_RX_STATUS_TIMEOUT; - else - msg->tx_status = CEC_TX_STATUS_MAX_RETRIES; - } - return res > 0 ? 0 : res; + /* The transmit completed (possibly with an error) */ + *msg = data->msg; + kfree(data); + return 0; } /* Helper function to be used by drivers and this framework. */ diff --git a/include/uapi/linux/cec.h b/include/uapi/linux/cec.h index 097fcd812471..3094af68b6e7 100644 --- a/include/uapi/linux/cec.h +++ b/include/uapi/linux/cec.h @@ -152,10 +152,13 @@ static inline void cec_msg_set_reply_to(struct cec_msg *msg, #define CEC_TX_STATUS_LOW_DRIVE (1 << 3) #define CEC_TX_STATUS_ERROR (1 << 4) #define CEC_TX_STATUS_MAX_RETRIES (1 << 5) +#define CEC_TX_STATUS_ABORTED (1 << 6) +#define CEC_TX_STATUS_TIMEOUT (1 << 7) #define CEC_RX_STATUS_OK (1 << 0) #define CEC_RX_STATUS_TIMEOUT (1 << 1) #define CEC_RX_STATUS_FEATURE_ABORT (1 << 2) +#define CEC_RX_STATUS_ABORTED (1 << 3) static inline int cec_msg_status_is_ok(const struct cec_msg *msg) {

7 years, 1 month

1
0
0 0

[git:media_tree/master] media: ov7670: make "xclk" clock optional

by Mauro Carvalho Chehab

This is an automatic generated email to let you know that the following patch were queued: Subject: media: ov7670: make "xclk" clock optional Author: Lubomir Rintel <lkundrak(a)v3.sk> Date: Thu Oct 4 17:29:03 2018 -0400 When the "xclk" clock was added, it was made mandatory. This broke the driver on an OLPC plaform which doesn't know such clock. Make it optional. Tested on a OLPC XO-1 laptop. Fixes: 0a024d634cee ("[media] ov7670: get xclk") Cc: stable(a)vger.kernel.org # 4.11+ Signed-off-by: Lubomir Rintel <lkundrak(a)v3.sk> Signed-off-by: Sakari Ailus <sakari.ailus(a)linux.intel.com> Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> drivers/media/i2c/ov7670.c | 27 +++++++++++++++++---------- 1 file changed, 17 insertions(+), 10 deletions(-) --- diff --git a/drivers/media/i2c/ov7670.c b/drivers/media/i2c/ov7670.c index 92f59ae1b624..bc68a3a5b4ec 100644 --- a/drivers/media/i2c/ov7670.c +++ b/drivers/media/i2c/ov7670.c @@ -1808,17 +1808,24 @@ static int ov7670_probe(struct i2c_client *client, info->pclk_hb_disable = true; } - info->clk = devm_clk_get(&client->dev, "xclk"); - if (IS_ERR(info->clk)) - return PTR_ERR(info->clk); - ret = clk_prepare_enable(info->clk); - if (ret) - return ret; + info->clk = devm_clk_get(&client->dev, "xclk"); /* optional */ + if (IS_ERR(info->clk)) { + ret = PTR_ERR(info->clk); + if (ret == -ENOENT) + info->clk = NULL; + else + return ret; + } + if (info->clk) { + ret = clk_prepare_enable(info->clk); + if (ret) + return ret; - info->clock_speed = clk_get_rate(info->clk) / 1000000; - if (info->clock_speed < 10 || info->clock_speed > 48) { - ret = -EINVAL; - goto clk_disable; + info->clock_speed = clk_get_rate(info->clk) / 1000000; + if (info->clock_speed < 10 || info->clock_speed > 48) { + ret = -EINVAL; + goto clk_disable; + } } ret = ov7670_init_gpio(client, info);

7 years, 1 month

1
0
0 0

[git:media_tree/master] Revert "media: dvbsky: use just one mutex for serializing device R/W ops"

by Mauro Carvalho Chehab

This is an automatic generated email to let you know that the following patch were queued: Subject: Revert "media: dvbsky: use just one mutex for serializing device R/W ops" Author: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> Date: Fri Oct 5 10:21:25 2018 -0400 As pointed at: https://bugzilla.kernel.org/show_bug.cgi?id=199323 This patch causes a bad effect on RPi. I suspect that the root cause is at the USB out of tree RPi driver, with uses high priority interrupts instead of normal ones. Anyway, as this patch is mostly a cleanup, better to revert it. This reverts commit 7d95fb746c4eece67308f1642a666ea1ebdbd2cc. Cc: stable(a)vger.kernel.org # For Kernel 4.18 Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> drivers/media/usb/dvb-usb-v2/dvbsky.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) --- diff --git a/drivers/media/usb/dvb-usb-v2/dvbsky.c b/drivers/media/usb/dvb-usb-v2/dvbsky.c index 1aa88d94e57f..e28bd8836751 100644 --- a/drivers/media/usb/dvb-usb-v2/dvbsky.c +++ b/drivers/media/usb/dvb-usb-v2/dvbsky.c @@ -31,6 +31,7 @@ MODULE_PARM_DESC(disable_rc, "Disable inbuilt IR receiver."); DVB_DEFINE_MOD_OPT_ADAPTER_NR(adapter_nr); struct dvbsky_state { + struct mutex stream_mutex; u8 ibuf[DVBSKY_BUF_LEN]; u8 obuf[DVBSKY_BUF_LEN]; u8 last_lock; @@ -67,17 +68,18 @@ static int dvbsky_usb_generic_rw(struct dvb_usb_device *d, static int dvbsky_stream_ctrl(struct dvb_usb_device *d, u8 onoff) { + struct dvbsky_state *state = d_to_priv(d); int ret; - static u8 obuf_pre[3] = { 0x37, 0, 0 }; - static u8 obuf_post[3] = { 0x36, 3, 0 }; + u8 obuf_pre[3] = { 0x37, 0, 0 }; + u8 obuf_post[3] = { 0x36, 3, 0 }; - mutex_lock(&d->usb_mutex); - ret = dvb_usbv2_generic_rw_locked(d, obuf_pre, 3, NULL, 0); + mutex_lock(&state->stream_mutex); + ret = dvbsky_usb_generic_rw(d, obuf_pre, 3, NULL, 0); if (!ret && onoff) { msleep(20); - ret = dvb_usbv2_generic_rw_locked(d, obuf_post, 3, NULL, 0); + ret = dvbsky_usb_generic_rw(d, obuf_post, 3, NULL, 0); } - mutex_unlock(&d->usb_mutex); + mutex_unlock(&state->stream_mutex); return ret; } @@ -606,6 +608,8 @@ static int dvbsky_init(struct dvb_usb_device *d) if (ret) return ret; */ + mutex_init(&state->stream_mutex); + state->last_lock = 0; return 0;

7 years, 1 month

1
0
0 0

[PATCH] mtd: rawnand: marvell: fix the IRQ handler complete() condition

by Miquel Raynal

With the current implementation, the complete() in the IRQ handler is supposed to be called only if the register status has one or the other RDY bit set. Other events might trigger an interrupt as well if enabled, but should not end-up with a complete() call. For this purpose, the code was checking if the other bits were set, in this case complete() was not called. This is wrong as two events might happen in a very tight time-frame and if the NDSR status read reports two bits set (eg. RDY(0) and RDDREQ) at the same time, complete() was not called. This logic would lead to timeouts in marvell_nfc_wait_op() and has been observed on PXA boards (NFCv1) in the Hamming write path. Fixes: 02f26ecf8c77 ("mtd: nand: add reworked Marvell NAND controller driver") Cc: stable(a)vger.kernel.org Reported-by: Daniel Mack <daniel(a)zonque.org> Signed-off-by: Miquel Raynal <miquel.raynal(a)bootlin.com> Tested-by: Daniel Mack <daniel(a)zonque.org> --- drivers/mtd/nand/raw/marvell_nand.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/mtd/nand/raw/marvell_nand.c b/drivers/mtd/nand/raw/marvell_nand.c index bc2ef5209783..c7573ccdbacd 100644 --- a/drivers/mtd/nand/raw/marvell_nand.c +++ b/drivers/mtd/nand/raw/marvell_nand.c @@ -686,7 +686,7 @@ static irqreturn_t marvell_nfc_isr(int irq, void *dev_id) marvell_nfc_disable_int(nfc, st & NDCR_ALL_INT); - if (!(st & (NDSR_RDDREQ | NDSR_WRDREQ | NDSR_WRCMDREQ))) + if (st & (NDSR_RDY(0) | NDSR_RDY(1))) complete(&nfc->complete); return IRQ_HANDLED; -- 2.17.1

7 years, 1 month

2
2
0 0

[PATCH RESEND] Revert "media: dvbsky: use just one mutex for serializing device R/W ops"

by Mauro Carvalho Chehab

As pointed at: https://bugzilla.kernel.org/show_bug.cgi?id=199323 This patch causes a bad effect on RPi. I suspect that the root cause is at the USB RPi driver, with uses high priority interrupts instead of normal ones. Anyway, as this patch is mostly a cleanup, better to revert it. This reverts commit 7d95fb746c4eece67308f1642a666ea1ebdbd2cc. Cc: stable(a)vger.kernel.org # For Kernel 4.18 Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> --- Re-sending it with the right message ID drivers/media/usb/dvb-usb-v2/dvbsky.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/drivers/media/usb/dvb-usb-v2/dvbsky.c b/drivers/media/usb/dvb-usb-v2/dvbsky.c index 1aa88d94e57f..e28bd8836751 100644 --- a/drivers/media/usb/dvb-usb-v2/dvbsky.c +++ b/drivers/media/usb/dvb-usb-v2/dvbsky.c @@ -31,6 +31,7 @@ MODULE_PARM_DESC(disable_rc, "Disable inbuilt IR receiver."); DVB_DEFINE_MOD_OPT_ADAPTER_NR(adapter_nr); struct dvbsky_state { + struct mutex stream_mutex; u8 ibuf[DVBSKY_BUF_LEN]; u8 obuf[DVBSKY_BUF_LEN]; u8 last_lock; @@ -67,17 +68,18 @@ static int dvbsky_usb_generic_rw(struct dvb_usb_device *d, static int dvbsky_stream_ctrl(struct dvb_usb_device *d, u8 onoff) { + struct dvbsky_state *state = d_to_priv(d); int ret; - static u8 obuf_pre[3] = { 0x37, 0, 0 }; - static u8 obuf_post[3] = { 0x36, 3, 0 }; + u8 obuf_pre[3] = { 0x37, 0, 0 }; + u8 obuf_post[3] = { 0x36, 3, 0 }; - mutex_lock(&d->usb_mutex); - ret = dvb_usbv2_generic_rw_locked(d, obuf_pre, 3, NULL, 0); + mutex_lock(&state->stream_mutex); + ret = dvbsky_usb_generic_rw(d, obuf_pre, 3, NULL, 0); if (!ret && onoff) { msleep(20); - ret = dvb_usbv2_generic_rw_locked(d, obuf_post, 3, NULL, 0); + ret = dvbsky_usb_generic_rw(d, obuf_post, 3, NULL, 0); } - mutex_unlock(&d->usb_mutex); + mutex_unlock(&state->stream_mutex); return ret; } @@ -606,6 +608,8 @@ static int dvbsky_init(struct dvb_usb_device *d) if (ret) return ret; */ + mutex_init(&state->stream_mutex); + state->last_lock = 0; return 0; -- 2.17.1

7 years, 1 month

1
0
0 0

[PATCH] Revert "media: dvbsky: use just one mutex for serializing device R/W ops"

by Mauro Carvalho Chehab

As pointed at: https://bugzilla.kernel.org/show_bug.cgi?id=199323 This patch causes a bad effect on RPi. I suspect that the root cause is at the USB RPi driver, with uses high priority interrupts instead of normal ones. Anyway, as this patch is mostly a cleanup, better to revert it. This reverts commit 7d95fb746c4eece67308f1642a666ea1ebdbd2cc. Cc: stable(a)vger.kernel.org # For Kernel 4.18 Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> --- drivers/media/usb/dvb-usb-v2/dvbsky.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/drivers/media/usb/dvb-usb-v2/dvbsky.c b/drivers/media/usb/dvb-usb-v2/dvbsky.c index 1aa88d94e57f..e28bd8836751 100644 --- a/drivers/media/usb/dvb-usb-v2/dvbsky.c +++ b/drivers/media/usb/dvb-usb-v2/dvbsky.c @@ -31,6 +31,7 @@ MODULE_PARM_DESC(disable_rc, "Disable inbuilt IR receiver."); DVB_DEFINE_MOD_OPT_ADAPTER_NR(adapter_nr); struct dvbsky_state { + struct mutex stream_mutex; u8 ibuf[DVBSKY_BUF_LEN]; u8 obuf[DVBSKY_BUF_LEN]; u8 last_lock; @@ -67,17 +68,18 @@ static int dvbsky_usb_generic_rw(struct dvb_usb_device *d, static int dvbsky_stream_ctrl(struct dvb_usb_device *d, u8 onoff) { + struct dvbsky_state *state = d_to_priv(d); int ret; - static u8 obuf_pre[3] = { 0x37, 0, 0 }; - static u8 obuf_post[3] = { 0x36, 3, 0 }; + u8 obuf_pre[3] = { 0x37, 0, 0 }; + u8 obuf_post[3] = { 0x36, 3, 0 }; - mutex_lock(&d->usb_mutex); - ret = dvb_usbv2_generic_rw_locked(d, obuf_pre, 3, NULL, 0); + mutex_lock(&state->stream_mutex); + ret = dvbsky_usb_generic_rw(d, obuf_pre, 3, NULL, 0); if (!ret && onoff) { msleep(20); - ret = dvb_usbv2_generic_rw_locked(d, obuf_post, 3, NULL, 0); + ret = dvbsky_usb_generic_rw(d, obuf_post, 3, NULL, 0); } - mutex_unlock(&d->usb_mutex); + mutex_unlock(&state->stream_mutex); return ret; } @@ -606,6 +608,8 @@ static int dvbsky_init(struct dvb_usb_device *d) if (ret) return ret; */ + mutex_init(&state->stream_mutex); + state->last_lock = 0; return 0; -- 2.17.1

7 years, 1 month

1
0
0 0

[PATCH] i2c: designware: Call i2c_dw_clk_rate() only when calculating timings

by Jarkko Nikula

There are platforms which don't provide input clock rate but provide I2C timing parameters. Commit 3bd4f277274b ("i2c: designware: Call i2c_dw_clk_rate() only once in i2c_dw_init_master()") causes needless warning during probe on those platforms since i2c_dw_clk_rate(), which causes the warning when input clock is unknown, is called even when there is no need to calculate timing parameters. Fixes: 3bd4f277274b ("i2c: designware: Call i2c_dw_clk_rate() only once in i2c_dw_init_master()") Reported-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Cc: <stable(a)vger.kernel.org> # 4.19 Signed-off-by: Jarkko Nikula <jarkko.nikula(a)linux.intel.com> --- for current 4.19-rc6. I Cc'ed stable just in case this doesn't hit the v4.19. --- drivers/i2c/busses/i2c-designware-master.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/i2c/busses/i2c-designware-master.c b/drivers/i2c/busses/i2c-designware-master.c index 94d94b4a9a0d..18cc324f3ca9 100644 --- a/drivers/i2c/busses/i2c-designware-master.c +++ b/drivers/i2c/busses/i2c-designware-master.c @@ -34,11 +34,11 @@ static void i2c_dw_configure_fifo_master(struct dw_i2c_dev *dev) static int i2c_dw_set_timings_master(struct dw_i2c_dev *dev) { - u32 ic_clk = i2c_dw_clk_rate(dev); const char *mode_str, *fp_str = ""; u32 comp_param1; u32 sda_falling_time, scl_falling_time; struct i2c_timings *t = &dev->timings; + u32 ic_clk; int ret; ret = i2c_dw_acquire_lock(dev); @@ -53,6 +53,7 @@ static int i2c_dw_set_timings_master(struct dw_i2c_dev *dev) /* Calculate SCL timing parameters for standard mode if not set */ if (!dev->ss_hcnt || !dev->ss_lcnt) { + ic_clk = i2c_dw_clk_rate(dev); dev->ss_hcnt = i2c_dw_scl_hcnt(ic_clk, 4000, /* tHD;STA = tHIGH = 4.0 us */ @@ -89,6 +90,7 @@ static int i2c_dw_set_timings_master(struct dw_i2c_dev *dev) * needed also in high speed mode. */ if (!dev->fs_hcnt || !dev->fs_lcnt) { + ic_clk = i2c_dw_clk_rate(dev); dev->fs_hcnt = i2c_dw_scl_hcnt(ic_clk, 600, /* tHD;STA = tHIGH = 0.6 us */ -- 2.19.0

7 years, 1 month

3
2
0 0

[PATCH] dm: Fix report zone remapping

by Damien Le Moal

If dm-linear or dm-flakey have targets on top of a partition of a zoned block device, remapping of the start sector and write pointer position of the zones reported by a report zones BIO must be modified to not only account for the target table entry mapping, but also to account for the partition first sector. This start sector must be substracted to the start sector of all zones reported. The write pointer position of sequential zones must also be reduced by this offset. Since there is no easy way to access the underlying bdev of the target table entry from the dm_target or dm_target_io pointers, modify the interface of the function dm_remap_zone_report() to allow a target to pass the partition block device starting sector (offset). Fixes: 10999307c14e ("dm: introduce dm_remap_zone_report()") Signed-off-by: Damien Le Moal <damien.lemoal(a)wdc.com> Cc: <stable(a)vger.kernel.org> --- drivers/md/dm-flakey.c | 3 ++- drivers/md/dm-linear.c | 3 ++- drivers/md/dm.c | 16 ++++++++++++---- include/linux/device-mapper.h | 2 +- 4 files changed, 17 insertions(+), 7 deletions(-) diff --git a/drivers/md/dm-flakey.c b/drivers/md/dm-flakey.c index 21d126a5078c..c68c2e9cde6b 100644 --- a/drivers/md/dm-flakey.c +++ b/drivers/md/dm-flakey.c @@ -381,7 +381,8 @@ static int flakey_end_io(struct dm_target *ti, struct bio *bio, return DM_ENDIO_DONE; if (bio_op(bio) == REQ_OP_ZONE_REPORT) { - dm_remap_zone_report(ti, bio, fc->start); + dm_remap_zone_report(ti, bio, get_start_sect(fc->dev->bdev), + fc->start); return DM_ENDIO_DONE; } diff --git a/drivers/md/dm-linear.c b/drivers/md/dm-linear.c index d10964d41fd7..f8cd367abbf6 100644 --- a/drivers/md/dm-linear.c +++ b/drivers/md/dm-linear.c @@ -108,7 +108,8 @@ static int linear_end_io(struct dm_target *ti, struct bio *bio, struct linear_c *lc = ti->private; if (!*error && bio_op(bio) == REQ_OP_ZONE_REPORT) - dm_remap_zone_report(ti, bio, lc->start); + dm_remap_zone_report(ti, bio, get_start_sect(lc->dev->bdev), + lc->start); return DM_ENDIO_DONE; } diff --git a/drivers/md/dm.c b/drivers/md/dm.c index 20f7e4ef5342..ffd8544eedd8 100644 --- a/drivers/md/dm.c +++ b/drivers/md/dm.c @@ -1162,7 +1162,8 @@ EXPORT_SYMBOL_GPL(dm_accept_partial_bio); * REQ_OP_ZONE_REPORT bio to remap the zone descriptors obtained * from the target device mapping to the dm device. */ -void dm_remap_zone_report(struct dm_target *ti, struct bio *bio, sector_t start) +void dm_remap_zone_report(struct dm_target *ti, struct bio *bio, + sector_t dev_offset, sector_t start) { #ifdef CONFIG_BLK_DEV_ZONED struct dm_target_io *tio = container_of(bio, struct dm_target_io, clone); @@ -1195,18 +1196,25 @@ void dm_remap_zone_report(struct dm_target *ti, struct bio *bio, sector_t start) /* Set zones start sector */ while (hdr->nr_zones && ofst < bvec.bv_len) { zone = addr + ofst; + zone->start -= dev_offset; if (zone->start >= start + ti->len) { hdr->nr_zones = 0; break; } zone->start = zone->start + ti->begin - start; if (zone->type != BLK_ZONE_TYPE_CONVENTIONAL) { - if (zone->cond == BLK_ZONE_COND_FULL) + switch (zone->cond) { + case BLK_ZONE_COND_FULL: zone->wp = zone->start + zone->len; - else if (zone->cond == BLK_ZONE_COND_EMPTY) + break; + case BLK_ZONE_COND_EMPTY: zone->wp = zone->start; - else + break; + default: + zone->wp -= dev_offset; zone->wp = zone->wp + ti->begin - start; + break; + } } ofst += sizeof(struct blk_zone); hdr->nr_zones--; diff --git a/include/linux/device-mapper.h b/include/linux/device-mapper.h index 6fb0808e87c8..22c1924c0ee8 100644 --- a/include/linux/device-mapper.h +++ b/include/linux/device-mapper.h @@ -421,7 +421,7 @@ int dm_suspended(struct dm_target *ti); int dm_noflush_suspending(struct dm_target *ti); void dm_accept_partial_bio(struct bio *bio, unsigned n_sectors); void dm_remap_zone_report(struct dm_target *ti, struct bio *bio, - sector_t start); + sector_t dev_offset, sector_t start); union map_info *dm_get_rq_mapinfo(struct request *rq); struct queue_limits *dm_get_queue_limits(struct mapped_device *md); -- 2.17.1

7 years, 1 month

1
0
0 0

[PATCH] iommu/amd: Clear memory encryption mask from physical address

by Singh, Brijesh

Boris Ostrovsky reported a memory leak with device passthrough when SME is active. The VFIO driver uses iommu_iova_to_phys() to get the physical address for an iova. This physical address is later passed into vfio_unmap_unpin() to unpin the memory. The vfio_unmap_unpin() uses pfn_valid() before unpinning the memory. The pfn_valid() check was failing because encryption mask was part of the physical address returned. This resulted in the memory not being unpinned and therefore leaked after the guest terminates. The memory encryption mask must be cleared from the physical address in iommu_iova_to_phys(). Fixes: 2543a786aa25 ("iommu/amd: Allow the AMD IOMMU to work with memory encryption") Reported-by: Boris Ostrovsky <boris.ostrovsky(a)oracle.com> Cc: Tom Lendacky <thomas.lendacky(a)amd.com> Cc: Joerg Roedel <joro(a)8bytes.org> Cc: <iommu(a)lists.linux-foundation.org> Cc: Borislav Petkov <bp(a)suse.de> Cc: Paolo Bonzini <pbonzini(a)redhat.com> Cc: Radim Krčmář <rkrcmar(a)redhat.com> Cc: kvm(a)vger.kernel.org Cc: Boris Ostrovsky <boris.ostrovsky(a)oracle.com> Cc: <stable(a)vger.kernel.org> # 4.14+ Signed-off-by: Brijesh Singh <brijesh.singh(a)amd.com> --- drivers/iommu/amd_iommu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/iommu/amd_iommu.c b/drivers/iommu/amd_iommu.c index 73e47d9..bee0dfb 100644 --- a/drivers/iommu/amd_iommu.c +++ b/drivers/iommu/amd_iommu.c @@ -3069,7 +3069,7 @@ static phys_addr_t amd_iommu_iova_to_phys(struct iommu_domain *dom, return 0; offset_mask = pte_pgsize - 1; - __pte = *pte & PM_ADDR_MASK; + __pte = __sme_clr(*pte & PM_ADDR_MASK); return (__pte & ~offset_mask) | (iova & offset_mask); } -- 2.7.4

7 years, 1 month

2
1
0 0

[PATCH v4 5/5] drm/i915: Fix intel_dp_mst_best_encoder()

by Lyude Paul

Currently, i915 appears to rely on blocking modesets on no-longer-present MSTB ports by simply returning NULL for ->best_encoder(), which in turn causes any new atomic commits that don't disable the CRTC to fail. This is wrong however, since we still want to allow userspace to disable CRTCs on no-longer-present MSTB ports by changing the DPMS state to off and this still requires that we retrieve an encoder. So, fix this by always returning a valid encoder regardless of the state of the MST port. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org Changes since v1: - Remove mst atomic helper, since this got replaced with a much simpler solution Signed-off-by: Lyude Paul <lyude(a)redhat.com> --- drivers/gpu/drm/i915/intel_dp_mst.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_dp_mst.c b/drivers/gpu/drm/i915/intel_dp_mst.c index a366f32b048a..daade60c5714 100644 --- a/drivers/gpu/drm/i915/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/intel_dp_mst.c @@ -407,8 +407,6 @@ static struct drm_encoder *intel_mst_atomic_best_encoder(struct drm_connector *c struct intel_dp *intel_dp = intel_connector->mst_port; struct intel_crtc *crtc = to_intel_crtc(state->crtc); - if (intel_connector->mst_port_gone) - return NULL; return &intel_dp->mst_encoders[crtc->pipe]->base.base; } -- 2.17.1

7 years, 1 month

2
1
0 0

[PATCH v4 4/5] drm/i915: Skip vcpi allocation for MSTB ports that are gone

by Lyude Paul

Since we need to be able to allow DPMS on->off prop changes after an MST port has disappeared from the system, we need to be able to make sure we can compute a config for the resulting atomic commit. Currently this is impossible when the port has disappeared, since the VCPI slot searching we try to do in intel_dp_mst_compute_config() will fail with -EINVAL. Since the only commits we want to allow on no-longer-present MST ports are ones that shut off display hardware, we already know that no VCPI allocations are needed. So, hardcode the VCPI slot count to 0 when intel_dp_mst_compute_config() is called on an MST port that's gone. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/i915/intel_dp_mst.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_dp_mst.c b/drivers/gpu/drm/i915/intel_dp_mst.c index fcb9b87b9339..a366f32b048a 100644 --- a/drivers/gpu/drm/i915/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/intel_dp_mst.c @@ -42,7 +42,7 @@ static bool intel_dp_mst_compute_config(struct intel_encoder *encoder, to_intel_connector(conn_state->connector); struct drm_atomic_state *state = pipe_config->base.state; int bpp; - int lane_count, slots; + int lane_count, slots = 0; const struct drm_display_mode *adjusted_mode = &pipe_config->base.adjusted_mode; int mst_pbn; bool reduce_m_n = drm_dp_has_quirk(&intel_dp->desc, @@ -76,11 +76,16 @@ static bool intel_dp_mst_compute_config(struct intel_encoder *encoder, mst_pbn = drm_dp_calc_pbn_mode(adjusted_mode->crtc_clock, bpp); pipe_config->pbn = mst_pbn; - slots = drm_dp_atomic_find_vcpi_slots(state, &intel_dp->mst_mgr, - connector->port, mst_pbn); - if (slots < 0) { - DRM_DEBUG_KMS("failed finding vcpi slots:%d\n", slots); - return false; + if (!connector->mst_port_gone) { + slots = drm_dp_atomic_find_vcpi_slots(state, + &intel_dp->mst_mgr, + connector->port, + mst_pbn); + if (slots < 0) { + DRM_DEBUG_KMS("failed finding vcpi slots:%d\n", + slots); + return false; + } } intel_link_compute_m_n(bpp, lane_count, -- 2.17.1

7 years, 1 month

2
1
0 0

[PATCH v4 3/5] drm/i915: Leave intel_conn->mst_port set, use mst_port_gone instead

by Lyude Paul

Currently we set intel_connector->mst_port to NULL to signify that the MST port has been removed from the system so that we can prevent further action on the port such as connector probes, mode probing, etc. However, we're going to need access to intel_connector->mst_port in order to fixup ->best_encoder() so that it can always return the correct encoder for an MST port to prevent legacy DPMS prop changes from failing. This should be safe, so instead keep intel_connector->mst_port always set and instead add intel_connector->mst_port_gone in order to signify whether or not the connector has disappeared from the system. Changes since v2: - Add a comment to mst_port_gone (Jani Nikula) - Change mst_port_gone to a u8 instead of a bool, per the kernel bot. Apparently bool is discouraged in structs these days Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/i915/intel_dp_mst.c | 14 +++++++------- drivers/gpu/drm/i915/intel_drv.h | 6 ++++++ 2 files changed, 13 insertions(+), 7 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_dp_mst.c b/drivers/gpu/drm/i915/intel_dp_mst.c index 4ecd65375603..fcb9b87b9339 100644 --- a/drivers/gpu/drm/i915/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/intel_dp_mst.c @@ -311,9 +311,8 @@ static int intel_dp_mst_get_ddc_modes(struct drm_connector *connector) struct edid *edid; int ret; - if (!intel_dp) { + if (intel_connector->mst_port_gone) return intel_connector_update_modes(connector, NULL); - } edid = drm_dp_mst_get_edid(connector, &intel_dp->mst_mgr, intel_connector->port); ret = intel_connector_update_modes(connector, edid); @@ -328,9 +327,10 @@ intel_dp_mst_detect(struct drm_connector *connector, bool force) struct intel_connector *intel_connector = to_intel_connector(connector); struct intel_dp *intel_dp = intel_connector->mst_port; - if (!intel_dp) + if (intel_connector->mst_port_gone) return connector_status_disconnected; - return drm_dp_mst_detect_port(connector, &intel_dp->mst_mgr, intel_connector->port); + return drm_dp_mst_detect_port(connector, &intel_dp->mst_mgr, + intel_connector->port); } static void @@ -370,7 +370,7 @@ intel_dp_mst_mode_valid(struct drm_connector *connector, int bpp = 24; /* MST uses fixed bpp */ int max_rate, mode_rate, max_lanes, max_link_clock; - if (!intel_dp) + if (intel_connector->mst_port_gone) return MODE_ERROR; if (mode->flags & DRM_MODE_FLAG_DBLSCAN) @@ -402,7 +402,7 @@ static struct drm_encoder *intel_mst_atomic_best_encoder(struct drm_connector *c struct intel_dp *intel_dp = intel_connector->mst_port; struct intel_crtc *crtc = to_intel_crtc(state->crtc); - if (!intel_dp) + if (intel_connector->mst_port_gone) return NULL; return &intel_dp->mst_encoders[crtc->pipe]->base.base; } @@ -514,7 +514,7 @@ static void intel_dp_destroy_mst_connector(struct drm_dp_mst_topology_mgr *mgr, connector); /* prevent race with the check in ->detect */ drm_modeset_lock(&connector->dev->mode_config.connection_mutex, NULL); - intel_connector->mst_port = NULL; + intel_connector->mst_port_gone = true; drm_modeset_unlock(&connector->dev->mode_config.connection_mutex); drm_connector_put(connector); diff --git a/drivers/gpu/drm/i915/intel_drv.h b/drivers/gpu/drm/i915/intel_drv.h index 8fc61e96754f..8261d4579452 100644 --- a/drivers/gpu/drm/i915/intel_drv.h +++ b/drivers/gpu/drm/i915/intel_drv.h @@ -410,6 +410,12 @@ struct intel_connector { struct intel_dp *mst_port; + /* + * Set to 1 if this is an MST connector that was removed from the + * system and unregistered from sysfs + */ + u8 mst_port_gone; + /* Work struct to schedule a uevent on link train failure */ struct work_struct modeset_retry_work; -- 2.17.1

7 years, 1 month

2
1
0 0

[PATCH v4 2/5] drm/nouveau: Fix nv50_mstc->best_encoder()

by Lyude Paul

As mentioned in the previous commit, we currently prevent new modesets on recently-removed MST connectors by returning no encoder from our ->best_encoder() callback once the MST port has disappeared. This is wrong however, because it prevents legacy modesetting users from being able to disable CRTCs on MST connectors after the connector's respective topology has disappeared. So, fix this by instead by just always returning a valid encoder. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org Changes since v2: - Remove usage of atomic MST helper for now, since that got replaced with a much simpler solution Signed-off-by: Lyude Paul <lyude(a)redhat.com> --- drivers/gpu/drm/nouveau/dispnv50/disp.c | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/drivers/gpu/drm/nouveau/dispnv50/disp.c b/drivers/gpu/drm/nouveau/dispnv50/disp.c index 5691dfa1db6f..63a23a80f279 100644 --- a/drivers/gpu/drm/nouveau/dispnv50/disp.c +++ b/drivers/gpu/drm/nouveau/dispnv50/disp.c @@ -843,22 +843,16 @@ nv50_mstc_atomic_best_encoder(struct drm_connector *connector, { struct nv50_head *head = nv50_head(connector_state->crtc); struct nv50_mstc *mstc = nv50_mstc(connector); - if (mstc->port) { - struct nv50_mstm *mstm = mstc->mstm; - return &mstm->msto[head->base.index]->encoder; - } - return NULL; + + return &mstc->mstm->msto[head->base.index]->encoder; } static struct drm_encoder * nv50_mstc_best_encoder(struct drm_connector *connector) { struct nv50_mstc *mstc = nv50_mstc(connector); - if (mstc->port) { - struct nv50_mstm *mstm = mstc->mstm; - return &mstm->msto[0]->encoder; - } - return NULL; + + return &mstc->mstm->msto[0]->encoder; } static enum drm_mode_status -- 2.17.1

7 years, 1 month

2
1
0 0

[PATCH v4 1/5] drm/atomic_helper: Disallow new modesets on unregistered connectors

by Lyude Paul

With the exception of modesets which would switch the DPMS state of a connector from on to off, we want to make sure that we disallow all modesets which would result in enabling a new monitor or a new mode configuration on a monitor if the connector for the display in question is no longer registered. This allows us to stop userspace from trying to enable new displays on connectors for an MST topology that were just removed from the system, without preventing userspace from disabling DPMS on those connectors. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/drm_atomic_helper.c | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/drm_atomic_helper.c b/drivers/gpu/drm/drm_atomic_helper.c index 80be74df7ba6..ce2decfc6826 100644 --- a/drivers/gpu/drm/drm_atomic_helper.c +++ b/drivers/gpu/drm/drm_atomic_helper.c @@ -307,6 +307,26 @@ update_connector_routing(struct drm_atomic_state *state, return 0; } + crtc_state = drm_atomic_get_new_crtc_state(state, + new_connector_state->crtc); + /* + * For compatibility with legacy users, we want to make sure that + * we allow DPMS On->Off modesets on unregistered connectors. Modesets + * which would result in anything else must be considered invalid, to + * avoid turning on new displays on dead connectors. + * + * Since the connector can be unregistered at any point during an + * atomic check or commit, this is racy. But that's OK: all we care + * about is ensuring that userspace can't do anything but shut off the + * display on a connector that was destroyed after it's been notified, + * not before. + */ + if (!READ_ONCE(connector->registered) && crtc_state->active) { + DRM_DEBUG_ATOMIC("[CONNECTOR:%d:%s] is not registered\n", + connector->base.id, connector->name); + return -EINVAL; + } + funcs = connector->helper_private; if (funcs->atomic_best_encoder) @@ -351,7 +371,6 @@ update_connector_routing(struct drm_atomic_state *state, set_best_encoder(state, new_connector_state, new_encoder); - crtc_state = drm_atomic_get_new_crtc_state(state, new_connector_state->crtc); crtc_state->connectors_changed = true; DRM_DEBUG_ATOMIC("[CONNECTOR:%d:%s] using [ENCODER:%d:%s] on [CRTC:%d:%s]\n", -- 2.17.1

7 years, 1 month

2
1
0 0

[PATCH] power: supply: olpc_battery: correct the temperature units

by Lubomir Rintel

According to [1] and [2], the temperature values are in tenths of degree Celsius. Exposing the Celsius value makes the battery appear on fire: $ upower -i /org/freedesktop/UPower/devices/battery_olpc_battery ... temperature: 236.9 degrees C Tested on OLPC XO-1 and OLPC XO-1.75 laptops. [1] include/linux/power_supply.h [2] Documentation/power/power_supply_class.txt Cc: stable(a)vger.kernel.org Signed-off-by: Lubomir Rintel <lkundrak(a)v3.sk> --- drivers/power/supply/olpc_battery.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/power/supply/olpc_battery.c b/drivers/power/supply/olpc_battery.c index 6da79ae14860..5a97e42a3547 100644 --- a/drivers/power/supply/olpc_battery.c +++ b/drivers/power/supply/olpc_battery.c @@ -428,14 +428,14 @@ static int olpc_bat_get_property(struct power_supply *psy, if (ret) return ret; - val->intval = (s16)be16_to_cpu(ec_word) * 100 / 256; + val->intval = (s16)be16_to_cpu(ec_word) * 10 / 256; break; case POWER_SUPPLY_PROP_TEMP_AMBIENT: ret = olpc_ec_cmd(EC_AMB_TEMP, NULL, 0, (void *)&ec_word, 2); if (ret) return ret; - val->intval = (int)be16_to_cpu(ec_word) * 100 / 256; + val->intval = (int)be16_to_cpu(ec_word) * 10 / 256; break; case POWER_SUPPLY_PROP_CHARGE_COUNTER: ret = olpc_ec_cmd(EC_BAT_ACR, NULL, 0, (void *)&ec_word, 2); -- 2.19.0

7 years, 1 month

1
0
0 0

[PATCH] libnvdimm, pmem: Fix badblocks population for 'raw' namespaces

by Dan Williams

The driver is only initializing bb_res in the devm_memremap_pages() paths, but the raw namespace case is passing an uninitialized bb_res to nvdimm_badblocks_populate(). Fixes: e8d513483300 ("memremap: change devm_memremap_pages interface...") Cc: <stable(a)vger.kernel.org> Cc: Christoph Hellwig <hch(a)lst.de> Reported-by: Jacek Zloch <jacek.zloch(a)intel.com> Reported-by: Krzysztof Rusocki <krzysztof.rusocki(a)intel.com> Signed-off-by: Dan Williams <dan.j.williams(a)intel.com> --- drivers/nvdimm/pmem.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/nvdimm/pmem.c b/drivers/nvdimm/pmem.c index 6071e2942053..2082ae01b9c8 100644 --- a/drivers/nvdimm/pmem.c +++ b/drivers/nvdimm/pmem.c @@ -421,9 +421,11 @@ static int pmem_attach_disk(struct device *dev, addr = devm_memremap_pages(dev, &pmem->pgmap); pmem->pfn_flags |= PFN_MAP; memcpy(&bb_res, &pmem->pgmap.res, sizeof(bb_res)); - } else + } else { addr = devm_memremap(dev, pmem->phys_addr, pmem->size, ARCH_MEMREMAP_PMEM); + memcpy(&bb_res, &nsio->res, sizeof(bb_res)); + } /* * At release time the queue must be frozen before

7 years, 1 month

2
1
0 0

[PATCH v3 5/5] drm/i915: Fix intel_dp_mst_best_encoder()

by Lyude Paul

Currently, i915 appears to rely on blocking modesets on no-longer-present MSTB ports by simply returning NULL for ->best_encoder(), which in turn causes any new atomic commits that don't disable the CRTC to fail. This is wrong however, since we still want to allow userspace to disable CRTCs on no-longer-present MSTB ports by changing the DPMS state to off and this still requires that we retrieve an encoder. So, fix this by always returning a valid encoder regardless of the state of the MST port. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org Changes since v1: - Remove mst atomic helper, since this got replaced with a much simpler solution Signed-off-by: Lyude Paul <lyude(a)redhat.com> --- drivers/gpu/drm/i915/intel_dp_mst.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_dp_mst.c b/drivers/gpu/drm/i915/intel_dp_mst.c index a366f32b048a..daade60c5714 100644 --- a/drivers/gpu/drm/i915/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/intel_dp_mst.c @@ -407,8 +407,6 @@ static struct drm_encoder *intel_mst_atomic_best_encoder(struct drm_connector *c struct intel_dp *intel_dp = intel_connector->mst_port; struct intel_crtc *crtc = to_intel_crtc(state->crtc); - if (intel_connector->mst_port_gone) - return NULL; return &intel_dp->mst_encoders[crtc->pipe]->base.base; } -- 2.17.1

7 years, 1 month

1
0
0 0

[PATCH v3 4/5] drm/i915: Skip vcpi allocation for MSTB ports that are gone

by Lyude Paul

Since we need to be able to allow DPMS on->off prop changes after an MST port has disappeared from the system, we need to be able to make sure we can compute a config for the resulting atomic commit. Currently this is impossible when the port has disappeared, since the VCPI slot searching we try to do in intel_dp_mst_compute_config() will fail with -EINVAL. Since the only commits we want to allow on no-longer-present MST ports are ones that shut off display hardware, we already know that no VCPI allocations are needed. So, hardcode the VCPI slot count to 0 when intel_dp_mst_compute_config() is called on an MST port that's gone. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/i915/intel_dp_mst.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_dp_mst.c b/drivers/gpu/drm/i915/intel_dp_mst.c index fcb9b87b9339..a366f32b048a 100644 --- a/drivers/gpu/drm/i915/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/intel_dp_mst.c @@ -42,7 +42,7 @@ static bool intel_dp_mst_compute_config(struct intel_encoder *encoder, to_intel_connector(conn_state->connector); struct drm_atomic_state *state = pipe_config->base.state; int bpp; - int lane_count, slots; + int lane_count, slots = 0; const struct drm_display_mode *adjusted_mode = &pipe_config->base.adjusted_mode; int mst_pbn; bool reduce_m_n = drm_dp_has_quirk(&intel_dp->desc, @@ -76,11 +76,16 @@ static bool intel_dp_mst_compute_config(struct intel_encoder *encoder, mst_pbn = drm_dp_calc_pbn_mode(adjusted_mode->crtc_clock, bpp); pipe_config->pbn = mst_pbn; - slots = drm_dp_atomic_find_vcpi_slots(state, &intel_dp->mst_mgr, - connector->port, mst_pbn); - if (slots < 0) { - DRM_DEBUG_KMS("failed finding vcpi slots:%d\n", slots); - return false; + if (!connector->mst_port_gone) { + slots = drm_dp_atomic_find_vcpi_slots(state, + &intel_dp->mst_mgr, + connector->port, + mst_pbn); + if (slots < 0) { + DRM_DEBUG_KMS("failed finding vcpi slots:%d\n", + slots); + return false; + } } intel_link_compute_m_n(bpp, lane_count, -- 2.17.1

7 years, 1 month

1
0
0 0

[PATCH v3 3/5] drm/i915: Leave intel_conn->mst_port set, use mst_port_gone instead

by Lyude Paul

Currently we set intel_connector->mst_port to NULL to signify that the MST port has been removed from the system so that we can prevent further action on the port such as connector probes, mode probing, etc. However, we're going to need access to intel_connector->mst_port in order to fixup ->best_encoder() so that it can always return the correct encoder for an MST port to prevent legacy DPMS prop changes from failing. This should be safe, so instead keep intel_connector->mst_port always set and instead add intel_connector->mst_port_gone in order to signify whether or not the connector has disappeared from the system. Changes since v2: - Add a comment to mst_port_gone (Jani Nikula) - Change mst_port_gone to a u8 instead of a bool, per the kernel bot. Apparently bool is discouraged in structs these days Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/i915/intel_dp_mst.c | 14 +++++++------- drivers/gpu/drm/i915/intel_drv.h | 6 ++++++ 2 files changed, 13 insertions(+), 7 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_dp_mst.c b/drivers/gpu/drm/i915/intel_dp_mst.c index 4ecd65375603..fcb9b87b9339 100644 --- a/drivers/gpu/drm/i915/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/intel_dp_mst.c @@ -311,9 +311,8 @@ static int intel_dp_mst_get_ddc_modes(struct drm_connector *connector) struct edid *edid; int ret; - if (!intel_dp) { + if (intel_connector->mst_port_gone) return intel_connector_update_modes(connector, NULL); - } edid = drm_dp_mst_get_edid(connector, &intel_dp->mst_mgr, intel_connector->port); ret = intel_connector_update_modes(connector, edid); @@ -328,9 +327,10 @@ intel_dp_mst_detect(struct drm_connector *connector, bool force) struct intel_connector *intel_connector = to_intel_connector(connector); struct intel_dp *intel_dp = intel_connector->mst_port; - if (!intel_dp) + if (intel_connector->mst_port_gone) return connector_status_disconnected; - return drm_dp_mst_detect_port(connector, &intel_dp->mst_mgr, intel_connector->port); + return drm_dp_mst_detect_port(connector, &intel_dp->mst_mgr, + intel_connector->port); } static void @@ -370,7 +370,7 @@ intel_dp_mst_mode_valid(struct drm_connector *connector, int bpp = 24; /* MST uses fixed bpp */ int max_rate, mode_rate, max_lanes, max_link_clock; - if (!intel_dp) + if (intel_connector->mst_port_gone) return MODE_ERROR; if (mode->flags & DRM_MODE_FLAG_DBLSCAN) @@ -402,7 +402,7 @@ static struct drm_encoder *intel_mst_atomic_best_encoder(struct drm_connector *c struct intel_dp *intel_dp = intel_connector->mst_port; struct intel_crtc *crtc = to_intel_crtc(state->crtc); - if (!intel_dp) + if (intel_connector->mst_port_gone) return NULL; return &intel_dp->mst_encoders[crtc->pipe]->base.base; } @@ -514,7 +514,7 @@ static void intel_dp_destroy_mst_connector(struct drm_dp_mst_topology_mgr *mgr, connector); /* prevent race with the check in ->detect */ drm_modeset_lock(&connector->dev->mode_config.connection_mutex, NULL); - intel_connector->mst_port = NULL; + intel_connector->mst_port_gone = true; drm_modeset_unlock(&connector->dev->mode_config.connection_mutex); drm_connector_put(connector); diff --git a/drivers/gpu/drm/i915/intel_drv.h b/drivers/gpu/drm/i915/intel_drv.h index 8fc61e96754f..8261d4579452 100644 --- a/drivers/gpu/drm/i915/intel_drv.h +++ b/drivers/gpu/drm/i915/intel_drv.h @@ -410,6 +410,12 @@ struct intel_connector { struct intel_dp *mst_port; + /* + * Set to 1 if this is an MST connector that was removed from the + * system and unregistered from sysfs + */ + u8 mst_port_gone; + /* Work struct to schedule a uevent on link train failure */ struct work_struct modeset_retry_work; -- 2.17.1

7 years, 1 month

1
0
0 0

[PATCH v3 2/5] drm/nouveau: Fix nv50_mstc->best_encoder()

by Lyude Paul

As mentioned in the previous commit, we currently prevent new modesets on recently-removed MST connectors by returning no encoder from our ->best_encoder() callback once the MST port has disappeared. This is wrong however, because it prevents legacy modesetting users from being able to disable CRTCs on MST connectors after the connector's respective topology has disappeared. So, fix this by instead by just always returning a valid encoder. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org Changes since v2: - Remove usage of atomic MST helper for now, since that got replaced with a much simpler solution Signed-off-by: Lyude Paul <lyude(a)redhat.com> --- drivers/gpu/drm/nouveau/dispnv50/disp.c | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/drivers/gpu/drm/nouveau/dispnv50/disp.c b/drivers/gpu/drm/nouveau/dispnv50/disp.c index 9da0bdfe1e1c..f58fc12f0a07 100644 --- a/drivers/gpu/drm/nouveau/dispnv50/disp.c +++ b/drivers/gpu/drm/nouveau/dispnv50/disp.c @@ -881,22 +881,16 @@ nv50_mstc_atomic_best_encoder(struct drm_connector *connector, { struct nv50_head *head = nv50_head(connector_state->crtc); struct nv50_mstc *mstc = nv50_mstc(connector); - if (mstc->port) { - struct nv50_mstm *mstm = mstc->mstm; - return &mstm->msto[head->base.index]->encoder; - } - return NULL; + + return &mstc->mstm->msto[head->base.index]->encoder; } static struct drm_encoder * nv50_mstc_best_encoder(struct drm_connector *connector) { struct nv50_mstc *mstc = nv50_mstc(connector); - if (mstc->port) { - struct nv50_mstm *mstm = mstc->mstm; - return &mstm->msto[0]->encoder; - } - return NULL; + + return &mstc->mstm->msto[0]->encoder; } static enum drm_mode_status -- 2.17.1

7 years, 1 month

1
0
0 0

[PATCH v3 1/5] drm/atomic_helper: Disallow new modesets on unregistered connectors

by Lyude Paul

With the exception of modesets which would switch the DPMS state of a connector from on to off, we want to make sure that we disallow all modesets which would result in enabling a new monitor or a new mode configuration on a monitor if the connector for the display in question is no longer registered. This allows us to stop userspace from trying to enable new displays on connectors for an MST topology that were just removed from the system, without preventing userspace from disabling DPMS on those connectors. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/drm_atomic_helper.c | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/drm_atomic_helper.c b/drivers/gpu/drm/drm_atomic_helper.c index 80be74df7ba6..ce2decfc6826 100644 --- a/drivers/gpu/drm/drm_atomic_helper.c +++ b/drivers/gpu/drm/drm_atomic_helper.c @@ -307,6 +307,26 @@ update_connector_routing(struct drm_atomic_state *state, return 0; } + crtc_state = drm_atomic_get_new_crtc_state(state, + new_connector_state->crtc); + /* + * For compatibility with legacy users, we want to make sure that + * we allow DPMS On->Off modesets on unregistered connectors. Modesets + * which would result in anything else must be considered invalid, to + * avoid turning on new displays on dead connectors. + * + * Since the connector can be unregistered at any point during an + * atomic check or commit, this is racy. But that's OK: all we care + * about is ensuring that userspace can't do anything but shut off the + * display on a connector that was destroyed after it's been notified, + * not before. + */ + if (!READ_ONCE(connector->registered) && crtc_state->active) { + DRM_DEBUG_ATOMIC("[CONNECTOR:%d:%s] is not registered\n", + connector->base.id, connector->name); + return -EINVAL; + } + funcs = connector->helper_private; if (funcs->atomic_best_encoder) @@ -351,7 +371,6 @@ update_connector_routing(struct drm_atomic_state *state, set_best_encoder(state, new_connector_state, new_encoder); - crtc_state = drm_atomic_get_new_crtc_state(state, new_connector_state->crtc); crtc_state->connectors_changed = true; DRM_DEBUG_ATOMIC("[CONNECTOR:%d:%s] using [ENCODER:%d:%s] on [CRTC:%d:%s]\n", -- 2.17.1

7 years, 1 month

1
0
0 0

v4.9.131 build: 0 failures 0 warnings (v4.9.131)

by Build bot for Mark Brown

Tree/Branch: v4.9.131 Git describe: v4.9.131 Commit: cdd48f386d Linux 4.9.131 Build Time: 95 min 25 sec Passed: 11 / 11 (100.00 %) Failed: 0 / 11 ( 0.00 %) Errors: 0 Warnings: 0 Section Mismatches: 0 ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): ------------------------------------------------------------------------------- =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches: arm64-allnoconfig arm64-allmodconfig arm-multi_v5_defconfig arm-multi_v7_defconfig x86_64-defconfig arm-allmodconfig arm-allnoconfig x86_64-allnoconfig arm-multi_v4t_defconfig x86_64-allmodconfig arm64-defconfig close failed in file object destructor: sys.excepthook is missing lost sys.stderr

7 years, 1 month

1
0
0 0

Re: [GIT PULL] commits for Linux 4.18

by Greg KH

On Thu, Oct 04, 2018 at 02:07:45PM -0400, Sasha Levin wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > Hi Greg, > > Pleae pull commits for Linux 4.18 . > > I've sent a review request for all commits over a week ago and all > comments were addressed. Thanks for these, all 5 trees now pulled in. greg k-h

7 years, 1 month

1
0
0 0

[PATCH backport for 4.18] rseq/selftests: fix parametrized test with -fpie

by Mathieu Desnoyers

commit ce01a1575f45bf319e374592656441021a7f5823 upstream. On x86-64, the parametrized selftest code for rseq crashes with a segmentation fault when compiled with -fpie. This happens when the param_test binary is loaded at an address beyond 32-bit on x86-64. The issue is caused by use of a 32-bit register to hold the address of the loop counter variable. Fix this by using a 64-bit register to calculate the address of the loop counter variables as an offset from rip. Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Acked-by: "Paul E . McKenney" <paulmck(a)linux.vnet.ibm.com> Cc: <stable(a)vger.kernel.org> # v4.18 Cc: Shuah Khan <shuah(a)kernel.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Joel Fernandes <joelaf(a)google.com> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Dave Watson <davejwatson(a)fb.com> Cc: Will Deacon <will.deacon(a)arm.com> Cc: Andi Kleen <andi(a)firstfloor.org> Cc: linux-kselftest(a)vger.kernel.org Cc: "H . Peter Anvin" <hpa(a)zytor.com> Cc: Chris Lameter <cl(a)linux.com> Cc: Russell King <linux(a)arm.linux.org.uk> Cc: Michael Kerrisk <mtk.manpages(a)gmail.com> Cc: "Paul E . McKenney" <paulmck(a)linux.vnet.ibm.com> Cc: Paul Turner <pjt(a)google.com> Cc: Boqun Feng <boqun.feng(a)gmail.com> Cc: Josh Triplett <josh(a)joshtriplett.org> Cc: Steven Rostedt <rostedt(a)goodmis.org> Cc: Ben Maurer <bmaurer(a)fb.com> Cc: Andy Lutomirski <luto(a)amacapital.net> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> --- tools/testing/selftests/rseq/param_test.c | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/tools/testing/selftests/rseq/param_test.c b/tools/testing/selftests/rseq/param_test.c index 615252331813..4bc071525bf7 100644 --- a/tools/testing/selftests/rseq/param_test.c +++ b/tools/testing/selftests/rseq/param_test.c @@ -56,15 +56,13 @@ unsigned int yield_mod_cnt, nr_abort; printf(fmt, ## __VA_ARGS__); \ } while (0) -#if defined(__x86_64__) || defined(__i386__) +#ifdef __i386__ #define INJECT_ASM_REG "eax" #define RSEQ_INJECT_CLOBBER \ , INJECT_ASM_REG -#ifdef __i386__ - #define RSEQ_INJECT_ASM(n) \ "mov asm_loop_cnt_" #n ", %%" INJECT_ASM_REG "\n\t" \ "test %%" INJECT_ASM_REG ",%%" INJECT_ASM_REG "\n\t" \ @@ -76,9 +74,16 @@ unsigned int yield_mod_cnt, nr_abort; #elif defined(__x86_64__) +#define INJECT_ASM_REG_P "rax" +#define INJECT_ASM_REG "eax" + +#define RSEQ_INJECT_CLOBBER \ + , INJECT_ASM_REG_P \ + , INJECT_ASM_REG + #define RSEQ_INJECT_ASM(n) \ - "lea asm_loop_cnt_" #n "(%%rip), %%" INJECT_ASM_REG "\n\t" \ - "mov (%%" INJECT_ASM_REG "), %%" INJECT_ASM_REG "\n\t" \ + "lea asm_loop_cnt_" #n "(%%rip), %%" INJECT_ASM_REG_P "\n\t" \ + "mov (%%" INJECT_ASM_REG_P "), %%" INJECT_ASM_REG "\n\t" \ "test %%" INJECT_ASM_REG ",%%" INJECT_ASM_REG "\n\t" \ "jz 333f\n\t" \ "222:\n\t" \ @@ -86,10 +91,6 @@ unsigned int yield_mod_cnt, nr_abort; "jnz 222b\n\t" \ "333:\n\t" -#else -#error "Unsupported architecture" -#endif - #elif defined(__ARMEL__) #define RSEQ_INJECT_INPUT \ -- 2.17.1

7 years, 1 month

3
2
0 0

Requests for inclusion on linux-4.14.y

by Alakesh Haloi

Hello Greg, Can you please consider including the following patch in the stable linux-4.14.y branch? This is to fix a possible sprintf buffer overflow 46c2797826cc ("tools/power turbostat: fix possible sprintf buffer overflow") Thanks Alakesh Haloi

7 years, 1 month

2
1
0 0

v4.18.12 build: 0 failures 4 warnings (v4.18.12)

by Build bot for Mark Brown

Tree/Branch: v4.18.12 Git describe: v4.18.12 Commit: 7da07a3216 Linux 4.18.12 Build Time: 123 min 36 sec Passed: 11 / 11 (100.00 %) Failed: 0 / 11 ( 0.00 %) Errors: 0 Warnings: 4 Section Mismatches: 0 ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): 1 warnings 0 mismatches : arm64-allnoconfig 4 warnings 0 mismatches : arm64-allmodconfig 2 warnings 0 mismatches : arm-multi_v5_defconfig 2 warnings 0 mismatches : arm-multi_v7_defconfig 2 warnings 0 mismatches : arm-allmodconfig 1 warnings 0 mismatches : arm-allnoconfig 1 warnings 0 mismatches : arm-multi_v4t_defconfig 3 warnings 0 mismatches : arm64-defconfig ------------------------------------------------------------------------------- Warnings Summary: 4 8 <stdin>:1332:2: warning: #warning syscall io_pgetevents not implemented [-Wcpp] 5 <stdin>:1335:2: warning: #warning syscall rseq not implemented [-Wcpp] 2 ../drivers/clk/mvebu/armada-37xx-periph.c:422:6: warning: unused variable 'num_parents' [-Wunused-variable] 1 ../drivers/isdn/hardware/eicon/message.c:5985:1: warning: the frame size of 2064 bytes is larger than 2048 bytes [-Wframe-larger-than=] =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- arm64-allnoconfig : PASS, 0 errors, 1 warnings, 0 section mismatches Warnings: <stdin>:1335:2: warning: #warning syscall rseq not implemented [-Wcpp] ------------------------------------------------------------------------------- arm64-allmodconfig : PASS, 0 errors, 4 warnings, 0 section mismatches Warnings: <stdin>:1335:2: warning: #warning syscall rseq not implemented [-Wcpp] ../drivers/clk/mvebu/armada-37xx-periph.c:422:6: warning: unused variable 'num_parents' [-Wunused-variable] ../drivers/isdn/hardware/eicon/message.c:5985:1: warning: the frame size of 2064 bytes is larger than 2048 bytes [-Wframe-larger-than=] <stdin>:1335:2: warning: #warning syscall rseq not implemented [-Wcpp] ------------------------------------------------------------------------------- arm-multi_v5_defconfig : PASS, 0 errors, 2 warnings, 0 section mismatches Warnings: <stdin>:1332:2: warning: #warning syscall io_pgetevents not implemented [-Wcpp] <stdin>:1332:2: warning: #warning syscall io_pgetevents not implemented [-Wcpp] ------------------------------------------------------------------------------- arm-multi_v7_defconfig : PASS, 0 errors, 2 warnings, 0 section mismatches Warnings: <stdin>:1332:2: warning: #warning syscall io_pgetevents not implemented [-Wcpp] <stdin>:1332:2: warning: #warning syscall io_pgetevents not implemented [-Wcpp] ------------------------------------------------------------------------------- arm-allmodconfig : PASS, 0 errors, 2 warnings, 0 section mismatches Warnings: <stdin>:1332:2: warning: #warning syscall io_pgetevents not implemented [-Wcpp] <stdin>:1332:2: warning: #warning syscall io_pgetevents not implemented [-Wcpp] ------------------------------------------------------------------------------- arm-allnoconfig : PASS, 0 errors, 1 warnings, 0 section mismatches Warnings: <stdin>:1332:2: warning: #warning syscall io_pgetevents not implemented [-Wcpp] ------------------------------------------------------------------------------- arm-multi_v4t_defconfig : PASS, 0 errors, 1 warnings, 0 section mismatches Warnings: <stdin>:1332:2: warning: #warning syscall io_pgetevents not implemented [-Wcpp] ------------------------------------------------------------------------------- arm64-defconfig : PASS, 0 errors, 3 warnings, 0 section mismatches Warnings: <stdin>:1335:2: warning: #warning syscall rseq not implemented [-Wcpp] ../drivers/clk/mvebu/armada-37xx-periph.c:422:6: warning: unused variable 'num_parents' [-Wunused-variable] <stdin>:1335:2: warning: #warning syscall rseq not implemented [-Wcpp] ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches: x86_64-allnoconfig x86_64-allmodconfig x86_64-defconfig

7 years, 1 month

1
0
0 0

FAILED: patch "[PATCH] serial: mvebu-uart: Fix reporting of effective CSIZE to" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From e0bf2d4982fe7d9ddaf550dd023803ea286f47fc Mon Sep 17 00:00:00 2001 From: Jan Kiszka <jan.kiszka(a)siemens.com> Date: Sun, 26 Aug 2018 19:49:32 +0200 Subject: [PATCH] serial: mvebu-uart: Fix reporting of effective CSIZE to userspace Apparently, this driver (or the hardware) does not support character length settings. It's apparently running in 8-bit mode, but it makes userspace believe it's in 5-bit mode. That makes tcsetattr with CS8 incorrectly fail, breaking e.g. getty from busybox, thus the login shell on ttyMVx. Fix by hard-wiring CS8 into c_cflag. Signed-off-by: Jan Kiszka <jan.kiszka(a)siemens.com> Fixes: 30530791a7a0 ("serial: mvebu-uart: initial support for Armada-3700 serial port") Cc: stable <stable(a)vger.kernel.org> # 4.6+ Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/mvebu-uart.c b/drivers/tty/serial/mvebu-uart.c index d04b5eeea3c6..170e446a2f62 100644 --- a/drivers/tty/serial/mvebu-uart.c +++ b/drivers/tty/serial/mvebu-uart.c @@ -511,6 +511,7 @@ static void mvebu_uart_set_termios(struct uart_port *port, termios->c_iflag |= old->c_iflag & ~(INPCK | IGNPAR); termios->c_cflag &= CREAD | CBAUD; termios->c_cflag |= old->c_cflag & ~(CREAD | CBAUD); + termios->c_cflag |= CS8; } spin_unlock_irqrestore(&port->lock, flags);

7 years, 1 month

3
2
0 0

FAILED: patch "[PATCH] drm/amdgpu: add another ATPX quirk for TOPAZ" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From b3fc2ab37e27f8d6588a4755382346ba2335a7c7 Mon Sep 17 00:00:00 2001 From: Alex Deucher <alexander.deucher(a)amd.com> Date: Tue, 17 Jul 2018 10:52:29 -0500 Subject: [PATCH] drm/amdgpu: add another ATPX quirk for TOPAZ Needs ATPX rather than _PR3. Bug: https://bugzilla.kernel.org/show_bug.cgi?id=200517 Reviewed-by: Junwei Zhang <Jerry.Zhang(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_atpx_handler.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_atpx_handler.c index 9ab89371d9e8..ca8bf1c9a98e 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_atpx_handler.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_atpx_handler.c @@ -575,6 +575,7 @@ static const struct amdgpu_px_quirk amdgpu_px_quirk_list[] = { { 0x1002, 0x6900, 0x1002, 0x0124, AMDGPU_PX_QUIRK_FORCE_ATPX }, { 0x1002, 0x6900, 0x1028, 0x0812, AMDGPU_PX_QUIRK_FORCE_ATPX }, { 0x1002, 0x6900, 0x1028, 0x0813, AMDGPU_PX_QUIRK_FORCE_ATPX }, + { 0x1002, 0x6900, 0x1025, 0x125A, AMDGPU_PX_QUIRK_FORCE_ATPX }, { 0, 0, 0, 0, 0 }, };

7 years, 1 month

3
2
0 0

FAILED: patch "[PATCH] drm/amd/pp: initialize result to before or'ing in data" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From c4ff91dd40e2253ab6dd028011469c2c694e1e19 Mon Sep 17 00:00:00 2001 From: Colin Ian King <colin.king(a)canonical.com> Date: Wed, 6 Jun 2018 13:18:31 +0100 Subject: [PATCH] drm/amd/pp: initialize result to before or'ing in data The current use of result is or'ing in values and checking for a non-zero result, however, result is not initialized to zero so it potentially contains garbage to start with. Fix this by initializing it to the first return from the call to vega10_program_didt_config_registers. Detected by cppcheck: "(error) Uninitialized variable: result" Fixes: 9b7b8154cdb8 ("drm/amd/powerplay: added didt support for vega10") Signed-off-by: Colin Ian King <colin.king(a)canonical.com> Acked-by: Huang Rui <ray.huang(a)amd.com> [Fix the subject as Colin's comment] Signed-off-by: Huang Rui <ray.huang(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/powerplay/hwmgr/vega10_powertune.c b/drivers/gpu/drm/amd/powerplay/hwmgr/vega10_powertune.c index a9efd8554fbc..dbe4b1f66784 100644 --- a/drivers/gpu/drm/amd/powerplay/hwmgr/vega10_powertune.c +++ b/drivers/gpu/drm/amd/powerplay/hwmgr/vega10_powertune.c @@ -1104,7 +1104,7 @@ static int vega10_enable_psm_gc_edc_config(struct pp_hwmgr *hwmgr) for (count = 0; count < num_se; count++) { data = GRBM_GFX_INDEX__INSTANCE_BROADCAST_WRITES_MASK | GRBM_GFX_INDEX__SH_BROADCAST_WRITES_MASK | ( count << GRBM_GFX_INDEX__SE_INDEX__SHIFT); WREG32_SOC15(GC, 0, mmGRBM_GFX_INDEX, data); - result |= vega10_program_didt_config_registers(hwmgr, PSMSEEDCStallPatternConfig_Vega10, VEGA10_CONFIGREG_DIDT); + result = vega10_program_didt_config_registers(hwmgr, PSMSEEDCStallPatternConfig_Vega10, VEGA10_CONFIGREG_DIDT); result |= vega10_program_didt_config_registers(hwmgr, PSMSEEDCStallDelayConfig_Vega10, VEGA10_CONFIGREG_DIDT); result |= vega10_program_didt_config_registers(hwmgr, PSMSEEDCCtrlResetConfig_Vega10, VEGA10_CONFIGREG_DIDT); result |= vega10_program_didt_config_registers(hwmgr, PSMSEEDCCtrlConfig_Vega10, VEGA10_CONFIGREG_DIDT);

7 years, 1 month

3
2
0 0

FAILED: patch "[PATCH] rseq/selftests: fix parametrized test with -fpie" failed to apply to 4.18-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.18-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From ce01a1575f45bf319e374592656441021a7f5823 Mon Sep 17 00:00:00 2001 From: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Date: Thu, 27 Sep 2018 14:39:19 -0400 Subject: [PATCH] rseq/selftests: fix parametrized test with -fpie On x86-64, the parametrized selftest code for rseq crashes with a segmentation fault when compiled with -fpie. This happens when the param_test binary is loaded at an address beyond 32-bit on x86-64. The issue is caused by use of a 32-bit register to hold the address of the loop counter variable. Fix this by using a 64-bit register to calculate the address of the loop counter variables as an offset from rip. Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Acked-by: "Paul E . McKenney" <paulmck(a)linux.vnet.ibm.com> Cc: <stable(a)vger.kernel.org> # v4.18 Cc: Shuah Khan <shuah(a)kernel.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Joel Fernandes <joelaf(a)google.com> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Dave Watson <davejwatson(a)fb.com> Cc: Will Deacon <will.deacon(a)arm.com> Cc: Andi Kleen <andi(a)firstfloor.org> Cc: linux-kselftest(a)vger.kernel.org Cc: "H . Peter Anvin" <hpa(a)zytor.com> Cc: Chris Lameter <cl(a)linux.com> Cc: Russell King <linux(a)arm.linux.org.uk> Cc: Michael Kerrisk <mtk.manpages(a)gmail.com> Cc: "Paul E . McKenney" <paulmck(a)linux.vnet.ibm.com> Cc: Paul Turner <pjt(a)google.com> Cc: Boqun Feng <boqun.feng(a)gmail.com> Cc: Josh Triplett <josh(a)joshtriplett.org> Cc: Steven Rostedt <rostedt(a)goodmis.org> Cc: Ben Maurer <bmaurer(a)fb.com> Cc: Andy Lutomirski <luto(a)amacapital.net> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Signed-off-by: Shuah Khan (Samsung OSG) <shuah(a)kernel.org> diff --git a/tools/testing/selftests/rseq/param_test.c b/tools/testing/selftests/rseq/param_test.c index 642d4e12abea..eec2663261f2 100644 --- a/tools/testing/selftests/rseq/param_test.c +++ b/tools/testing/selftests/rseq/param_test.c @@ -56,15 +56,13 @@ unsigned int yield_mod_cnt, nr_abort; printf(fmt, ## __VA_ARGS__); \ } while (0) -#if defined(__x86_64__) || defined(__i386__) +#ifdef __i386__ #define INJECT_ASM_REG "eax" #define RSEQ_INJECT_CLOBBER \ , INJECT_ASM_REG -#ifdef __i386__ - #define RSEQ_INJECT_ASM(n) \ "mov asm_loop_cnt_" #n ", %%" INJECT_ASM_REG "\n\t" \ "test %%" INJECT_ASM_REG ",%%" INJECT_ASM_REG "\n\t" \ @@ -76,9 +74,16 @@ unsigned int yield_mod_cnt, nr_abort; #elif defined(__x86_64__) +#define INJECT_ASM_REG_P "rax" +#define INJECT_ASM_REG "eax" + +#define RSEQ_INJECT_CLOBBER \ + , INJECT_ASM_REG_P \ + , INJECT_ASM_REG + #define RSEQ_INJECT_ASM(n) \ - "lea asm_loop_cnt_" #n "(%%rip), %%" INJECT_ASM_REG "\n\t" \ - "mov (%%" INJECT_ASM_REG "), %%" INJECT_ASM_REG "\n\t" \ + "lea asm_loop_cnt_" #n "(%%rip), %%" INJECT_ASM_REG_P "\n\t" \ + "mov (%%" INJECT_ASM_REG_P "), %%" INJECT_ASM_REG "\n\t" \ "test %%" INJECT_ASM_REG ",%%" INJECT_ASM_REG "\n\t" \ "jz 333f\n\t" \ "222:\n\t" \ @@ -86,10 +91,6 @@ unsigned int yield_mod_cnt, nr_abort; "jnz 222b\n\t" \ "333:\n\t" -#else -#error "Unsupported architecture" -#endif - #elif defined(__s390__) #define RSEQ_INJECT_INPUT \

7 years, 1 month

1
0
0 0

[PATCH 1/3] drm/i915: Restore vblank interrupts earlier

by Ville Syrjala

From: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Plane sanitation needs vblank interrupts (on account of CxSR disable). So let's restore vblank interrupts earlier. v2: Make it actually build Cc: stable(a)vger.kernel.org Cc: Dennis <dennis.nezic(a)utoronto.ca> Tested-by: Dennis <dennis.nezic(a)utoronto.ca> Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=105637 Fixes: b1e01595a66d ("drm/i915: Redo plane sanitation during readout") Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> --- drivers/gpu/drm/i915/intel_display.c | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c index 4c5c2b39e65c..e018b37bed39 100644 --- a/drivers/gpu/drm/i915/intel_display.c +++ b/drivers/gpu/drm/i915/intel_display.c @@ -15551,13 +15551,9 @@ static void intel_sanitize_crtc(struct intel_crtc *crtc, I915_READ(reg) & ~PIPECONF_FRAME_START_DELAY_MASK); } - /* restore vblank interrupts to correct state */ - drm_crtc_vblank_reset(&crtc->base); if (crtc->active) { struct intel_plane *plane; - drm_crtc_vblank_on(&crtc->base); - /* Disable everything but the primary plane */ for_each_intel_plane_on_crtc(dev, crtc, plane) { const struct intel_plane_state *plane_state = @@ -15899,7 +15895,6 @@ intel_modeset_setup_hw_state(struct drm_device *dev, struct drm_modeset_acquire_ctx *ctx) { struct drm_i915_private *dev_priv = to_i915(dev); - enum pipe pipe; struct intel_crtc *crtc; struct intel_encoder *encoder; int i; @@ -15912,15 +15907,19 @@ intel_modeset_setup_hw_state(struct drm_device *dev, /* HW state is read out, now we need to sanitize this mess. */ get_encoder_power_domains(dev_priv); - intel_sanitize_plane_mapping(dev_priv); + for_each_intel_crtc(&dev_priv->drm, crtc) { + drm_crtc_vblank_reset(&crtc->base); - for_each_intel_encoder(dev, encoder) { - intel_sanitize_encoder(encoder); + if (crtc->active) + drm_crtc_vblank_on(&crtc->base); } - for_each_pipe(dev_priv, pipe) { - crtc = intel_get_crtc_for_pipe(dev_priv, pipe); + intel_sanitize_plane_mapping(dev_priv); + for_each_intel_encoder(dev, encoder) + intel_sanitize_encoder(encoder); + + for_each_intel_crtc(&dev_priv->drm, crtc) { intel_sanitize_crtc(crtc, ctx); intel_dump_pipe_config(crtc, crtc->config, "[setup_hw_state]"); -- 2.16.4

7 years, 1 month

3
10
0 0

[PATCH v3] devres: Explicitly align datai[] to 64-bit

by Alexey Brodkin

data[] must be 64-bit aligned even on 32-bit architectures because it might be accessed by instructions that require aligned memory arguments. One example is "atomic64_t" type accessed by special atomic instructions which may read/write entire 64-bit word. Atomic instructions are a bit special compared to normal loads and stores. Even if normal loads and stores may deal with unaligned data, atomic instructions still require data to be aligned because it's hard to manage atomic value that spans through multiple cache lines or even MMU pages. And hardware just raises an alignment fault exception. The problem with previously used approach is that depending on ABI "long long" type of a particular 32-bit CPU might be aligned to 8-, 16-, 32- or 64-bit boundary. Which will get in the way of mentioned above atomic instructions. Consider the following snippet: | struct mystruct { | atomic64_t myvar; | } | | struct mystruct *p; | p = devm_kzalloc(dev, sizeof(*p), GFP_KERNEL); Here address of "myvar" will match data[] in "struct devres", that said if "data" is not 64-bit aligned atomic instruction will fail on the first access to "myvar". Signed-off-by: Alexey Brodkin <abrodkin(a)synopsys.com> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Geert Uytterhoeven <geert(a)linux-m68k.org> Cc: David Laight <David.Laight(a)ACULAB.COM> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Will Deacon <will.deacon(a)arm.com> Cc: Greg KH <greg(a)kroah.com> Cc: <stable(a)vger.kernel.org> # 4.8+ --- Changes v2 -> v3: * Align explicitly to 8 bytes [David] * Rephrased in-line comment [David] * Added more techinical details to commit message [Greg] * Mention more alignment options in commit message [Geert] Changes v1 -> v2: * Reworded commit message * Inserted comment right in source [Thomas] drivers/base/devres.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/base/devres.c b/drivers/base/devres.c index f98a097e73f2..d65327cb83c9 100644 --- a/drivers/base/devres.c +++ b/drivers/base/devres.c @@ -24,8 +24,12 @@ struct devres_node { struct devres { struct devres_node node; - /* -- 3 pointers */ - unsigned long long data[]; /* guarantee ull alignment */ + /* + * data[] must be 64 bit aligned even on 32 bit architectures + * because it might be accessed by instructions that require + * aligned memory arguments such as atomic64_t. + */ + u8 __aligned(8) data[]; }; struct devres_group { -- 2.17.1

7 years, 1 month

7
18
0 0

Linux 4.18.12

by Greg KH

I'm announcing the release of the 4.18.12 kernel. All users of the 4.18 kernel series must upgrade. The updated 4.18.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.18.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/hwmon/ina2xx | 2 Documentation/process/2.Process.rst | 2 Makefile | 2 arch/arm/boot/dts/dra7.dtsi | 4 arch/arm/boot/dts/imx7d.dtsi | 12 arch/arm/boot/dts/ls1021a.dtsi | 1 arch/arm/boot/dts/mt7623.dtsi | 3 arch/arm/boot/dts/omap4-droid4-xt894.dts | 20 - arch/arm/mach-mvebu/pmsu.c | 6 arch/arm/mach-omap2/omap_hwmod.c | 39 ++ arch/arm/mach-omap2/omap_hwmod_reset.c | 12 arch/arm64/boot/dts/renesas/r8a7795-es1.dtsi | 2 arch/arm64/boot/dts/renesas/r8a7795.dtsi | 6 arch/arm64/boot/dts/renesas/r8a7796.dtsi | 6 arch/arm64/boot/dts/renesas/r8a77965.dtsi | 4 arch/arm64/boot/dts/renesas/r8a77970.dtsi | 2 arch/arm64/boot/dts/renesas/r8a77995.dtsi | 4 arch/arm64/boot/dts/renesas/salvator-common.dtsi | 4 arch/arm64/kvm/guest.c | 55 ++ arch/mips/boot/Makefile | 6 arch/powerpc/kernel/exceptions-64s.S | 4 arch/powerpc/kernel/machine_kexec.c | 7 arch/powerpc/lib/checksum_64.S | 3 arch/powerpc/mm/numa.c | 3 arch/powerpc/mm/pkeys.c | 2 arch/powerpc/platforms/powernv/pci-ioda.c | 2 arch/s390/kernel/sysinfo.c | 4 arch/s390/mm/extmem.c | 4 arch/s390/mm/pgalloc.c | 2 arch/x86/entry/entry_64.S | 4 arch/x86/events/intel/lbr.c | 32 + arch/x86/events/perf_event.h | 1 arch/x86/include/asm/fixmap.h | 10 arch/x86/include/asm/pgtable_64.h | 3 arch/x86/kernel/head64.c | 4 arch/x86/kernel/head_64.S | 16 arch/x86/kernel/tsc_msr.c | 1 arch/x86/mm/numa_emulation.c | 2 arch/x86/mm/pgtable.c | 9 arch/x86/mm/pti.c | 2 arch/x86/xen/mmu_pv.c | 8 block/elevator.c | 2 crypto/ablkcipher.c | 2 crypto/blkcipher.c | 1 drivers/acpi/button.c | 13 drivers/ata/pata_ftide010.c | 27 - drivers/block/floppy.c | 3 drivers/bluetooth/btusb.c | 1 drivers/bus/ti-sysc.c | 37 - drivers/clk/x86/clk-st.c | 2 drivers/crypto/cavium/nitrox/nitrox_dev.h | 3 drivers/crypto/cavium/nitrox/nitrox_lib.c | 1 drivers/crypto/cavium/nitrox/nitrox_reqmgr.c | 57 +-- drivers/crypto/chelsio/chtls/chtls.h | 5 drivers/crypto/chelsio/chtls/chtls_main.c | 7 drivers/edac/altera_edac.c | 3 drivers/edac/edac_mc_sysfs.c | 6 drivers/edac/i7core_edac.c | 22 - drivers/gpio/gpio-menz127.c | 4 drivers/gpio/gpio-tegra.c | 15 drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 16 drivers/gpu/drm/amd/amdgpu/amdgpu_ib.c | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 3 drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c | 11 drivers/gpu/drm/amd/amdgpu/kv_dpm.c | 4 drivers/gpu/drm/amd/amdgpu/si_dpm.c | 3 drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c | 10 drivers/gpu/drm/amd/display/dc/dml/dml1_display_rq_dlg_calc.c | 2 drivers/gpu/drm/omapdrm/omap_debugfs.c | 2 drivers/gpu/drm/omapdrm/omap_drv.c | 2 drivers/gpu/drm/omapdrm/omap_drv.h | 2 drivers/gpu/drm/omapdrm/omap_gem.c | 15 drivers/gpu/drm/sun4i/sun4i_drv.c | 3 drivers/gpu/drm/sun4i/sun8i_hdmi_phy.c | 7 drivers/gpu/drm/v3d/v3d_drv.h | 5 drivers/gpu/drm/v3d/v3d_gem.c | 4 drivers/gpu/drm/vc4/vc4_plane.c | 3 drivers/hid/hid-ntrig.c | 2 drivers/hid/i2c-hid/i2c-hid.c | 9 drivers/hwmon/adt7475.c | 14 drivers/hwmon/ina2xx.c | 13 drivers/hwtracing/intel_th/core.c | 16 drivers/i2c/busses/i2c-i801.c | 9 drivers/iio/accel/adxl345_core.c | 21 - drivers/iio/adc/ina2xx-adc.c | 17 drivers/iio/counter/104-quad-8.c | 2 drivers/infiniband/core/rw.c | 2 drivers/infiniband/core/uverbs_cmd.c | 5 drivers/infiniband/core/uverbs_main.c | 1 drivers/infiniband/hw/bnxt_re/qplib_fp.c | 12 drivers/infiniband/hw/bnxt_re/qplib_sp.c | 4 drivers/infiniband/hw/hfi1/chip.c | 6 drivers/infiniband/hw/hfi1/pio.c | 51 ++ drivers/infiniband/hw/hfi1/pio.h | 2 drivers/infiniband/hw/hfi1/user_sdma.c | 2 drivers/infiniband/hw/hfi1/verbs.c | 8 drivers/infiniband/hw/i40iw/i40iw_verbs.c | 2 drivers/infiniband/hw/mlx4/qp.c | 2 drivers/infiniband/hw/mlx5/main.c | 2 drivers/infiniband/ulp/srp/ib_srp.c | 6 drivers/input/misc/xen-kbdfront.c | 8 drivers/input/mouse/elantech.c | 2 drivers/iommu/amd_iommu.c | 2 drivers/iommu/msm_iommu.c | 16 drivers/md/md-cluster.c | 19 - drivers/media/i2c/ov772x.c | 40 +- drivers/media/i2c/soc_camera/ov772x.c | 2 drivers/media/platform/exynos4-is/fimc-isp-video.c | 11 drivers/media/platform/fsl-viu.c | 38 +- drivers/media/platform/omap3isp/isp.c | 2 drivers/media/platform/s3c-camif/camif-capture.c | 2 drivers/media/usb/tm6000/tm6000-dvb.c | 5 drivers/media/v4l2-core/v4l2-event.c | 38 +- drivers/media/v4l2-core/v4l2-fh.c | 2 drivers/misc/ibmvmc.c | 2 drivers/misc/sram.c | 13 drivers/misc/tsl2550.c | 2 drivers/misc/vmw_vmci/vmci_queue_pair.c | 4 drivers/mmc/host/android-goldfish.c | 4 drivers/mmc/host/atmel-mci.c | 12 drivers/mtd/nand/raw/atmel/nand-controller.c | 7 drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 2 drivers/net/ethernet/hisilicon/hns/hnae.h | 6 drivers/net/ethernet/hisilicon/hns/hns_enet.c | 2 drivers/net/ethernet/hisilicon/hns3/hns3_enet.h | 6 drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c | 2 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_tm.c | 9 drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 11 drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_mbx.c | 3 drivers/net/ethernet/intel/e1000/e1000_ethtool.c | 7 drivers/net/ethernet/intel/i40e/i40e_ethtool.c | 2 drivers/net/ethernet/intel/i40e/i40e_main.c | 15 drivers/net/ethernet/intel/ice/ice.h | 7 drivers/net/ethernet/intel/ice/ice_adminq_cmd.h | 25 - drivers/net/ethernet/intel/ice/ice_common.c | 27 - drivers/net/ethernet/intel/ice/ice_controlq.c | 29 + drivers/net/ethernet/intel/ice/ice_ethtool.c | 52 ++ drivers/net/ethernet/intel/ice/ice_main.c | 98 +++-- drivers/net/ethernet/intel/ice/ice_switch.c | 4 drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 26 + drivers/net/ethernet/intel/ixgbe/ixgbe_type.h | 1 drivers/net/ethernet/qlogic/qed/qed_mcp.c | 187 ++++++++-- drivers/net/ethernet/qlogic/qed/qed_mcp.h | 27 - drivers/net/ethernet/qlogic/qed/qed_reg_addr.h | 2 drivers/net/phy/xilinx_gmii2rgmii.c | 10 drivers/net/wireless/ath/ath10k/ce.c | 2 drivers/net/wireless/ath/ath10k/htt_rx.c | 13 drivers/net/wireless/ath/ath10k/mac.c | 1 drivers/net/wireless/ath/ath10k/sdio.c | 9 drivers/net/wireless/ath/ath10k/snoc.c | 2 drivers/net/wireless/ath/ath10k/wmi.c | 8 drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_qmath.c | 2 drivers/net/wireless/mediatek/mt76/mt76x2_mac.c | 6 drivers/net/wireless/rndis_wlan.c | 2 drivers/net/wireless/ti/wlcore/cmd.c | 6 drivers/nvme/target/fcloop.c | 3 drivers/pci/hotplug/acpiphp_glue.c | 11 drivers/platform/x86/asus-wireless.c | 23 - drivers/power/reset/vexpress-poweroff.c | 12 drivers/power/supply/axp288_charger.c | 2 drivers/power/supply/power_supply_core.c | 11 drivers/regulator/core.c | 4 drivers/regulator/of_regulator.c | 2 drivers/s390/block/dasd.c | 1 drivers/s390/block/scm_blk.c | 1 drivers/scsi/bnx2i/bnx2i_hwi.c | 2 drivers/scsi/hisi_sas/hisi_sas.h | 1 drivers/scsi/hisi_sas/hisi_sas_main.c | 6 drivers/scsi/ibmvscsi/ibmvscsi.c | 4 drivers/scsi/megaraid/megaraid_sas_base.c | 3 drivers/siox/siox-core.c | 10 drivers/spi/spi-orion.c | 77 ++-- drivers/spi/spi-rspi.c | 34 + drivers/spi/spi-sh-msiof.c | 28 + drivers/spi/spi-tegra20-slink.c | 31 + drivers/staging/android/ashmem.c | 6 drivers/staging/media/imx/imx-ic-prpencvf.c | 1 drivers/staging/media/imx/imx-media-csi.c | 1 drivers/staging/mt7621-dts/gbpc1.dts | 2 drivers/staging/mt7621-dts/mt7621.dtsi | 21 - drivers/staging/mt7621-eth/mtk_eth_soc.c | 13 drivers/staging/pi433/pi433_if.c | 7 drivers/staging/rts5208/sd.c | 2 drivers/target/iscsi/iscsi_target_tpg.c | 3 drivers/target/target_core_device.c | 22 - drivers/thermal/imx_thermal.c | 5 drivers/thermal/of-thermal.c | 7 drivers/tty/serial/8250/serial_cs.c | 6 drivers/tty/serial/cpm_uart/cpm_uart_core.c | 10 drivers/tty/serial/fsl_lpuart.c | 3 drivers/tty/serial/imx.c | 8 drivers/tty/serial/mvebu-uart.c | 1 drivers/tty/serial/pxa.c | 3 drivers/tty/serial/sh-sci.c | 2 drivers/usb/class/cdc-wdm.c | 2 drivers/usb/common/roles.c | 15 drivers/usb/core/devio.c | 24 + drivers/usb/core/driver.c | 28 - drivers/usb/core/quirks.c | 3 drivers/usb/core/usb.c | 2 drivers/usb/musb/musb_dsps.c | 12 drivers/usb/serial/kobil_sct.c | 12 drivers/usb/wusbcore/security.c | 2 drivers/uwb/hwa-rc.c | 1 drivers/vhost/net.c | 35 + fs/dax.c | 13 fs/ext2/inode.c | 2 fs/iomap.c | 21 - fs/isofs/inode.c | 7 fs/locks.c | 7 fs/nfsd/nfs4proc.c | 1 include/linux/arm-smccc.h | 38 +- include/linux/bitfield.h | 6 include/linux/platform_data/ina2xx.h | 2 include/linux/posix-timers.h | 4 include/linux/power_supply.h | 1 include/linux/regulator/machine.h | 6 include/linux/uio.h | 2 include/media/v4l2-fh.h | 4 include/rdma/opa_addr.h | 2 kernel/bpf/sockmap.c | 11 kernel/events/hw_breakpoint.c | 57 ++- kernel/module.c | 6 kernel/time/alarmtimer.c | 7 kernel/time/posix-cpu-timers.c | 2 kernel/time/posix-timers.c | 33 + kernel/time/posix-timers.h | 2 lib/klist.c | 10 net/6lowpan/iphc.c | 1 net/ipv4/tcp_bbr.c | 38 +- net/ncsi/ncsi-netlink.c | 4 net/tls/tls_main.c | 9 sound/aoa/core/gpio-feature.c | 4 sound/pci/hda/hda_intel.c | 3 sound/soc/codecs/rt1305.c | 4 sound/soc/intel/boards/bytcr_rt5640.c | 2 sound/soc/qcom/qdsp6/q6afe.c | 6 sound/soc/sh/rcar/ssi.c | 32 + sound/soc/soc-dapm.c | 7 tools/bpf/bpftool/map_perf_ring.c | 5 tools/perf/tests/builtin-test.c | 2 tools/testing/selftests/net/forwarding/mirror_gre_bridge_1d_vlan.sh | 6 tools/testing/selftests/net/forwarding/mirror_gre_lib.sh | 2 tools/testing/selftests/net/forwarding/mirror_gre_vlan_bridge_1q.sh | 6 244 files changed, 1764 insertions(+), 807 deletions(-) Aaron Ma (1): Input: elantech - enable middle button of touchpad on ThinkPad P72 Akinobu Mita (6): iio: adc: ina2xx: avoid kthread_stop() with stale task_struct iio: accel: adxl345: convert address field usage in iio_chan_spec media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power media: soc_camera: ov772x: correct setting of banding filter media: ov772x: add checks for register read errors media: ov772x: allow i2c controllers without I2C_FUNC_PROTOCOL_MANGLING Akshu Agrawal (1): clk: x86: Set default parent to 48Mhz Alagu Sankar (2): ath10k: sdio: use same endpoint id for all packets in a bundle ath10k: sdio: set skb len for all rx packets Alan Stern (3): USB: fix error handling in usb_driver_claim_interface() USB: handle NULL config in usb_find_alt_setting() USB: remove LPM management from usb_driver_claim_interface() Alexander Shishkin (2): intel_th: Fix device removal logic intel_th: Fix resource handling for ACPI glue layer Alexey Kardashevskiy (1): powerpc/powernv/ioda2: Reduce upper limit for DMA window size Alexey Khoroshilov (1): media: fsl-viu: fix error handling in viu_of_probe() Alistair Strachan (1): staging: android: ashmem: Fix mmap size validation Andreas Gruenbacher (1): iomap: complete partial direct I/O writes synchronously Andy Shevchenko (1): x86/tsc: Add missing header to tsc_msr.c Andy Whitcroft (1): floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl Anirudh Venkataramanan (3): ice: Fix multiple static analyser warnings ice: Fix bugs in control queue processing ice: Fix a few null pointer dereference issues Anson Huang (1): thermal: of-thermal: disable passive polling when thermal zone is disabled Anton Vasilyev (1): uwb: hwa-rc: fix memory leak at probe Bart Van Assche (5): include/rdma/opa_addr.h: Fix an endianness issue scsi: target/iscsi: Make iscsit_ta_authentication() respect the output buffer size scsi: klist: Make it safe to use klists in atomic context scsi: target: Avoid that EXTENDED COPY commands trigger lock inversion IB/srp: Avoid that sg_reset -d ${srp_device} triggers an infinite loop Ben Greear (1): ath10k: protect ath10k_htt_rx_ring_free with rx_ring.lock Benjamin Tissoires (1): power: remove possible deadlock when unregistering power_supply Bin Liu (1): usb: musb: dsps: do not disable CPPI41 irq in driver teardown Bo Chen (2): e1000: check on netif_running() before calling e1000_up() e1000: ensure to free old tx/rx rings in set_ringparam() Bob Copeland (1): ath10k: use locked skb_dequeue for rx completions Brandon Maier (2): net: phy: xgmiitorgmii: Check read_status results net: phy: xgmiitorgmii: Check phy_driver ready before accessing Breno Leitao (1): scsi: ibmvscsi: Improve strings handling Brett Creeley (1): ice: Set VLAN flags correctly Brian Norris (1): ath10k: snoc: use correct bus-specific pointer in RX retry Christian König (2): drm/amdgpu: fix VM clearing for the root PD drm/amdgpu: fix preamble handling Christophe JAILLET (2): serial: pxa: Fix an error handling path in 'serial_pxa_probe()' EDAC, altera: Fix an error handling path in altr_s10_sdram_probe() Christophe Leroy (2): serial: cpm_uart: return immediately from console poll powerpc: fix csum_ipv6_magic() on little endian platforms Colin Ian King (2): staging: rts5208: fix missing error check on call to rtsx_write_register ath10k: fix memory leak of tpc_stats Damien Le Moal (1): block: fix deadline elevator drain for zoned block devices Dan Carpenter (7): vmci: type promotion bug in qp_host_get_user_memory() RDMA/bnxt_re: Fix a couple off by one bugs RDMA/bnxt_re: Fix a bunch of off by one bugs in qplib_fp.c IB/core: type promotion bug in rdma_rw_init_one_mr() ASoC: qdsp6: qdafe: fix some off by one bugs rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication() hwmon: (adt7475) Make adt7475_read_word() return errors Dan Williams (1): x86/numa_emulation: Fix emulated-to-physical node mapping Daniel Borkmann (2): bpf, sockmap: fix sock_hash_alloc and reject zero-sized keys bpf, sockmap: fix sock hash count in alloc_sock_hash_elem Daniel Vetter (1): drm/omap: gem: Fix mm_list locking Dave Gerlach (1): ARM: hwmod: RTC: Don't assume lock/unlock will be called with irq enabled Dave Jiang (1): uaccess: Fix is_source param for check_copy_size() in copy_to_iter_mcsafe() Dave Martin (1): arm64: KVM: Tighten guest core register access from userspace Dmitry Osipenko (1): gpio: tegra: Fix tegra_gpio_irq_set_type() Emily Deng (2): amdgpu: fix multi-process hang issue drm/amdgpu: Need to set moved to true when evict bo Eric Anholt (2): drm/v3d: Take a lock across GPU scheduler job creation and queuing. drm/vc4: Add missing formats to vc4_format_mod_supported(). Eric Sandeen (1): isofs: reject hardware sector size > 2048 bytes Ethan Tuttle (1): ARM: mvebu: declare asm symbols as character arrays in pmsu.c Feng Tang (1): x86/mm: Expand static page table for fixmap space Frederic Weisbecker (1): perf/hw_breakpoint: Split attribute parse and commit Fuyun Liang (1): net: hns3: Fix for mailbox message truncated problem Gaku Inami (1): spi: sh-msiof: Fix invalid SPI use during system suspend Ganesh Goudar (2): cxgb4: Fix the condition to check if the card is T5 crypto: chtls - fix null dereference chtls_free_uld() Geert Uytterhoeven (5): serial: sh-sci: Stop RX FIFO timer during port shutdown arm64: dts: renesas: salvator-common: Fix adv7482 decimal unit addresses ASoC: rt1305: Use ULL suffixes for 64-bit constants spi: rspi: Fix invalid SPI use during system suspend spi: rspi: Fix interrupted DMA transfers Greg Kroah-Hartman (1): Linux 4.18.12 Guoqing Jiang (1): md-cluster: clear another node's suspend_area after the copy is finished Gustavo A. R. Silva (1): drm/amd/display/dc/dce: Fix multiple potential integer overflows Hans de Goede (2): power: supply: axp288_charger: Fix initial constant_charge_current value ASoC: Intel: bytcr_rt5640: Fix Acer Iconia 8 over-current detect threshold Hari Bathini (1): powerpc/kdump: Handle crashkernel memory reservation failure Harry Pan (1): usb: core: safely deal with the dynamic quirk lists Heikki Krogerus (1): usb: roles: Take care of driver module reference counting Heiko Carstens (1): s390/sysinfo: add missing #ifdef CONFIG_PROC_FS Hiromitsu Yamasaki (1): spi: sh-msiof: Fix handling of write value for SISTR register Huazhong Tan (3): net: hns: fix length and page_offset overflow when CONFIG_ARM64_64K_PAGES net: hns: fix skb->truesize underestimation net: hns3: fix page_offset overflow when CONFIG_ARM64_64K_PAGES Hugo Lefeuvre (1): staging: pi433: fix race condition in pi433_ioctl Ira Weiny (1): IB/hfi1: Fix SL array bounds check J. Bruce Fields (1): nfsd: fix corrupted reply to badly ordered compound Jacob Keller (3): ice: Report stats for allocated queues via ethtool stats ice: Use order_base_2 to calculate higher power of 2 i40e: fix condition of WARN_ONCE for stat strings James Smart (1): nvme-fcloop: Fix dropped LS's to removed target port Jan Beulich (1): x86/entry/64: Add two more instruction suffixes Jan Kiszka (1): serial: mvebu-uart: Fix reporting of effective CSIZE to userspace Jan Kundrát (1): spi: orion: fix CS GPIO handling again Javier Martinez Canillas (1): media: omap3isp: zero-initialize the isp cam_xclk{a,b} initial data Jean-Christophe Dubois (1): thermal: i.MX: Allow thermal probe to fail gracefully in case of bad calibration. Jernej Skrabec (2): drm/sun4i: Enable DW HDMI PHY clock drm/sun4i: Fix releasing node when enumerating enpoints Jesse Brandeburg (1): ice: Fix potential return of uninitialized value Jessica Yu (1): module: exclude SHN_UNDEF symbols from kallsyms api Jian-Hong Pan (1): Bluetooth: Add a new Realtek 8723DE ID 0bda:b009 Johan Hovold (4): misc: sram: enable clock before registering regions USB: serial: kobil_sct: fix modem-status error handling EDAC, i7core: Fix memleaks and use-after-free on probe and remove EDAC: Fix memleak in module init error path Johannes Berg (1): bitfield: fix *_encode_bits() John Fastabend (2): tls: possible hang when do_tcp_sendpages hits sndbuf is full case bpf: sockmap: write_space events need to be passed to TCP handler João Paulo Rechi Vita (1): platform/x86: asus-wireless: Fix uninitialized symbol usage Julia Lawall (1): usb: wusbcore: security: cast sizeof to int for comparison Kai-Heng Feng (1): ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge Kamal Heib (1): staging: mt7621-eth: Fix memory leak in mtk_add_mac() error path Kan Liang (1): perf/x86/intel/lbr: Fix incomplete LBR call stack Kevin Hilman (1): ARM: dts: dra7: fix DCAN node addresses Kevin Yang (2): tcp_bbr: add bbr_check_probe_rtt_done() helper tcp_bbr: in restart from idle, see if we should exit PROBE_RTT Konstantin Khorenko (1): fs/lock: skip lock owner pid translation in case we are in init_pid_ns Kuninori Morimoto (1): ASoC: rsnd: SSI parent cares SWSP bit Laurent Pinchart (1): arm64: dts: renesas: Fix VSPD registers range Leon Romanovsky (2): RDMA/i40w: Hold read semaphore while looking after VMA RDMA/uverbs: Don't overwrite NULL pointer with ZERO_SIZE_PTR Leonard Crestez (1): Revert "ARM: dts: imx7d: Invert legacy PCI irq mapping" Liam Girdwood (1): ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs Linus Walleij (1): ata: ftide010: Add a quirk for SQ201 Lorenzo Bianconi (1): mt76x2: fix mrr idx/count estimation in mt76x2_mac_fill_tx_status() Lothar Felten (1): hwmon: (ina2xx) fix sysfs shunt resistor read access Ludovic Desroches (2): mmc: atmel-mci: fix bad logic of sg_copy_{from,to}_buffer conversion mmc: android-goldfish: fix bad logic of sg_copy_{from,to}_buffer conversion Maor Gottlieb (1): IB/mlx5: Fix GRE flow specification Marc Zyngier (3): arm/arm64: smccc-1.1: Make return values unsigned long arm/arm64: smccc-1.1: Handle function result as parameters arm64: KVM: Sanitize PSTATE.M when being set from userspace Marcel Ziswiler (1): spi: tegra20-slink: explicitly enable/disable clock Marek Szyprowski (1): regulator: Fix 'do-nothing' value for regulators without suspend state Martyna Szapar (1): i40e: Fix for Tx timeouts when interface is brought up if DCB is enabled Masahiro Yamada (1): MIPS: boot: fix build rule of vmlinux.its.S Matt Ranostay (1): tsl2550: fix lux1_input error in low light Matthew Wilcox (1): filesystem-dax: Fix use of zero page Maxime Ripard (1): drm/vc4: plane: Expand the lower bits by repeating the higher bits Michael Bringmann (1): powerpc/pseries: Fix unitialized timer reset on migration Michael J. Ruhl (3): IB/hfi1: Invalid user input can result in crash IB/hfi1: Fix context recovery when PBC has an UnsupportedVL IB/hfi1: Fix destroy_qp hang after a link down Michael Neuling (1): KVM: PPC: Book3S HV: Fix guest r11 corruption with POWER9 TM workarounds Michael Scott (1): 6lowpan: iphc: reset mac_header after decompress to fix panic Mika Westerberg (2): ACPI / hotplug / PCI: Don't scan for non-hotplug bridges if slot is not bridge i2c: i801: Allow ACPI AML access I/O ports not reserved for SMBus Nadav Amit (1): gpio: Fix wrong rounding in gpio-menz127 Nicholas Mc Guire (1): ALSA: snd-aoa: add of_node_put() in error path Niklas Cassel (2): iommu/msm: Don't call iommu_device_{,un}link from atomic context ath10k: transmit queued frames after processing rx packets Oleksandr Andrushchenko (1): Input: xen-kbdfront - fix multi-touch XenStore node's locations Oliver Neukum (2): USB: usbdevfs: sanitize flags more USB: usbdevfs: restore warning for nonsensical flags Pavel Machek (1): ARM: dts: omap4-droid4: fix vibrations on Droid 4 Peter Rosin (1): mtd: rawnand: atmel: add module param to avoid using dma Peter Seiderer (1): media: staging/imx: fill vb2_v4l2_buffer field entry Petr Machata (1): selftests: forwarding: Tweak tc filters for mirror-to-gretap tests Preethi Banala (1): ice: Clean control queues only when they are initialized Quentin Monnet (1): tools: bpftool: return from do_event_pipe() on bad arguments Randy Dunlap (2): Documentation/process: fix reST table border error x86/pti: Fix section mismatch warning/error Ravi Chandra Sadineni (1): ACPI / button: increment wakeup count only when notified Rex Zhu (2): drm/amdgpu: Enable/disable gfx PG feature in rlc safe mode drm/amdgpu: Update power state at the end of smu hw_init. Rosen Penev (1): staging: mt7621-dts: Fix remaining pcie warnings Sakari Ailus (1): media: v4l: event: Prevent freeing event subscriptions while accessed Samuel Mendoza-Jonas (1): net/ncsi: Fixup .dumpit message flags and ID check in Netlink handler Sandipan Das (1): perf tests: Fix indexing when invoking subtests Sebastian Andrzej Siewior (1): Revert "usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt()" Sebastian Basierski (1): ixgbe: fix driver behaviour after issuing VFLR Shivasharan S (1): scsi: megaraid_sas: Update controller info during resume Srikanth Jampala (1): crypto: cavium/nitrox - fix for command corruption in queue full case with backlog submissions. Stafford Horne (1): crypto: skcipher - Fix -Wstringop-truncation warnings Stefan Agner (2): brcmsmac: fix wrap around in conversion from constant to s16 tty: serial: lpuart: avoid leaking struct tty_struct Stephen Boyd (1): HID: i2c-hid: Use devm to allocate i2c_hid struct Steve Wise (1): RDMA/uverbs: Atomically flush and mark closed the comp event queue Sudeep Holla (1): power: vexpress: fix corruption in notifier registration Sylwester Nawrocki (1): media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt() Tarick Bedeir (1): IB/mlx4: Test port number before querying type. Thiago Jung Bauermann (1): powerpc/pkeys: Fix reading of ibm, processor-storage-keys property Thomas Gleixner (3): alarmtimer: Prevent overflow for relative nanosleep posix-timers: Make forward callback return s64 posix-timers: Sanitize overrun handling Tomer Tayar (4): qed: Wait for ready indication before rereading the shmem qed: Wait for MCP halt and resume commands to take place qed: Prevent a possible deadlock during driver load and unload qed: Avoid sending mailbox commands when MFW is not responsive Tony Lindgren (6): wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout() ARM: OMAP2+: Fix null hwmod for ti-sysc debug ARM: OMAP2+: Fix module address for modules using mpu_rt_idx bus: ti-sysc: Fix module register ioremap for larger offsets bus: ti-sysc: Fix no_console_suspend handling ARM: dts: omap4-droid4: Fix emmc errors seen on some devices Toshi Kani (1): ext2, dax: set ext2_dax_aops for dax files Toshiaki Makita (1): vhost_net: Avoid tx vring kicks during busyloop Uwe Kleine-König (2): siox: don't create a thread without starting it serial: imx: restore handshaking irq for imx1 Vasily Gorbik (4): s390/mm: correct allocate_pgste proc_handler callback s390/dasd: correct numa_node in dasd_alloc_queue s390/scm_blk: correct numa_node in scm_blk_dev_setup s390/extmem: fix gcc 8 stringop-overflow warning Viresh Kumar (2): ARM: dts: ls1021a: Add missing cooling device properties for CPUs arm: dts: mediatek: Add missing cooling device properties for CPUs Wei Yongjun (1): misc: ibmvmc: Use GFP_ATOMIC under spin lock Wesley Chalmers (1): drm/amd/display: fix use of uninitialized memory William Breathitt Gray (1): iio: 104-quad-8: Fix off-by-one error in register selection Xiaofei Tan (1): scsi: hisi_sas: Fix the conflict between dev gone and host reset Yu Zhao (1): regulator: fix crash caused by null driver data YueHaibing (1): ath10k: fix incorrect size of dma_free_coherent in ath10k_ce_alloc_src_ring_64 Yunsheng Lin (3): net: hns3: Fix for mac pause not disable in pfc mode net: hns3: Fix warning bug when doing lp selftest net: hns3: Fix get_vector ops in hclgevf_main module Zhen Lei (1): iommu/amd: make sure TLB to be flushed before IOVA freed Zhouyang Jia (4): drivers/tty: add error handling for pcmcia_loop_config media: tm6000: add error handling for dvb_register_adapter HID: hid-ntrig: add error handling for sysfs_create_group scsi: bnx2i: add error handling for ioremap_nocache

7 years, 1 month

1
1
0 0

Linux 4.14.74

by Greg KH

I'm announcing the release of the 4.14.74 kernel. All users of the 4.14 kernel series must upgrade. The updated 4.14.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.14.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/hwmon/ina2xx | 2 Makefile | 2 arch/arm/boot/dts/dra7.dtsi | 4 arch/arm/boot/dts/imx7d.dtsi | 12 arch/arm/boot/dts/ls1021a.dtsi | 1 arch/arm/boot/dts/mt7623.dtsi | 3 arch/arm/boot/dts/omap4-droid4-xt894.dts | 2 arch/arm/mach-mvebu/pmsu.c | 6 arch/arm/mach-omap2/omap_hwmod_reset.c | 12 arch/arm64/include/asm/kvm_emulate.h | 5 arch/arm64/kvm/guest.c | 55 ++ arch/mips/boot/Makefile | 6 arch/powerpc/kernel/machine_kexec.c | 7 arch/powerpc/platforms/powernv/pci-ioda.c | 2 arch/s390/kernel/sysinfo.c | 4 arch/s390/mm/extmem.c | 4 arch/s390/mm/pgalloc.c | 2 arch/x86/entry/entry_64.S | 4 arch/x86/events/intel/lbr.c | 32 + arch/x86/events/perf_event.h | 1 arch/x86/include/asm/fixmap.h | 10 arch/x86/include/asm/pgtable_64.h | 3 arch/x86/kernel/head64.c | 4 arch/x86/kernel/head_64.S | 16 arch/x86/kernel/tsc_msr.c | 1 arch/x86/mm/numa_emulation.c | 2 arch/x86/mm/pgtable.c | 9 arch/x86/mm/pti.c | 2 arch/x86/xen/mmu_pv.c | 8 crypto/ablkcipher.c | 2 crypto/blkcipher.c | 1 drivers/ata/pata_ftide010.c | 27 - drivers/block/floppy.c | 3 drivers/bluetooth/btusb.c | 1 drivers/crypto/cavium/nitrox/nitrox_dev.h | 3 drivers/crypto/cavium/nitrox/nitrox_lib.c | 1 drivers/crypto/cavium/nitrox/nitrox_reqmgr.c | 57 +-- drivers/edac/edac_mc_sysfs.c | 6 drivers/edac/i7core_edac.c | 22 - drivers/gpio/gpio-menz127.c | 4 drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c | 11 drivers/gpu/drm/amd/amdgpu/kv_dpm.c | 4 drivers/gpu/drm/amd/amdgpu/si_dpm.c | 3 drivers/gpu/drm/i915/i915_gem.c | 3 drivers/gpu/drm/i915/i915_vma.c | 4 drivers/gpu/drm/sun4i/sun4i_drv.c | 3 drivers/hid/hid-ntrig.c | 2 drivers/hwmon/adt7475.c | 14 drivers/hwmon/ina2xx.c | 13 drivers/hwtracing/intel_th/core.c | 3 drivers/i2c/busses/i2c-i801.c | 9 drivers/iio/accel/adxl345_core.c | 21 - drivers/iio/adc/ina2xx-adc.c | 17 drivers/iio/counter/104-quad-8.c | 2 drivers/infiniband/core/rw.c | 2 drivers/infiniband/core/uverbs_main.c | 1 drivers/infiniband/hw/bnxt_re/qplib_sp.c | 4 drivers/infiniband/hw/hfi1/pio.c | 9 drivers/infiniband/hw/hfi1/user_sdma.c | 2 drivers/infiniband/hw/hfi1/verbs.c | 8 drivers/infiniband/hw/i40iw/i40iw_verbs.c | 2 drivers/infiniband/hw/mlx4/qp.c | 2 drivers/infiniband/ulp/srp/ib_srp.c | 6 drivers/input/misc/xen-kbdfront.c | 8 drivers/input/mouse/elantech.c | 2 drivers/iommu/amd_iommu.c | 2 drivers/iommu/msm_iommu.c | 16 drivers/md/md-cluster.c | 19 - drivers/media/i2c/soc_camera/ov772x.c | 2 drivers/media/platform/exynos4-is/fimc-isp-video.c | 11 drivers/media/platform/fsl-viu.c | 38 +- drivers/media/platform/omap3isp/isp.c | 2 drivers/media/platform/s3c-camif/camif-capture.c | 2 drivers/media/usb/tm6000/tm6000-dvb.c | 5 drivers/media/usb/uvc/uvc_video.c | 24 - drivers/media/v4l2-core/v4l2-event.c | 38 +- drivers/media/v4l2-core/v4l2-fh.c | 2 drivers/misc/sram.c | 13 drivers/misc/tsl2550.c | 2 drivers/misc/vmw_vmci/vmci_queue_pair.c | 4 drivers/mtd/nand/atmel/nand-controller.c | 7 drivers/net/ethernet/hisilicon/hns/hnae.h | 6 drivers/net/ethernet/hisilicon/hns/hns_enet.c | 2 drivers/net/ethernet/intel/e1000/e1000_ethtool.c | 7 drivers/net/ethernet/qlogic/qed/qed_mcp.c | 187 ++++++++-- drivers/net/ethernet/qlogic/qed/qed_mcp.h | 27 - drivers/net/ethernet/qlogic/qed/qed_reg_addr.h | 2 drivers/net/phy/xilinx_gmii2rgmii.c | 10 drivers/net/wireless/ath/ath10k/htt_rx.c | 5 drivers/net/wireless/ath/ath10k/mac.c | 1 drivers/net/wireless/ath/ath10k/sdio.c | 9 drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_qmath.c | 2 drivers/net/wireless/rndis_wlan.c | 2 drivers/net/wireless/ti/wlcore/cmd.c | 6 drivers/nvme/target/fcloop.c | 3 drivers/power/reset/vexpress-poweroff.c | 12 drivers/power/supply/axp288_charger.c | 2 drivers/power/supply/power_supply_core.c | 11 drivers/regulator/core.c | 2 drivers/s390/block/dasd.c | 1 drivers/s390/block/scm_blk.c | 1 drivers/scsi/bnx2i/bnx2i_hwi.c | 2 drivers/scsi/ibmvscsi/ibmvscsi.c | 4 drivers/scsi/megaraid/megaraid_sas_base.c | 3 drivers/spi/spi-rspi.c | 34 + drivers/spi/spi-sh-msiof.c | 28 + drivers/spi/spi-tegra20-slink.c | 31 + drivers/staging/android/ashmem.c | 6 drivers/staging/media/imx/imx-ic-prpencvf.c | 1 drivers/staging/media/imx/imx-media-csi.c | 1 drivers/staging/rts5208/sd.c | 2 drivers/target/iscsi/iscsi_target_tpg.c | 3 drivers/target/target_core_device.c | 22 - drivers/thermal/of-thermal.c | 7 drivers/tty/serial/8250/serial_cs.c | 6 drivers/tty/serial/cpm_uart/cpm_uart_core.c | 10 drivers/tty/serial/fsl_lpuart.c | 3 drivers/tty/serial/imx.c | 8 drivers/tty/serial/sh-sci.c | 2 drivers/usb/class/cdc-wdm.c | 2 drivers/usb/core/devio.c | 24 + drivers/usb/core/driver.c | 28 - drivers/usb/core/usb.c | 2 drivers/usb/musb/musb_dsps.c | 12 drivers/usb/serial/kobil_sct.c | 12 drivers/usb/wusbcore/security.c | 2 drivers/uwb/hwa-rc.c | 1 fs/iomap.c | 21 - fs/isofs/inode.c | 7 fs/locks.c | 7 fs/nfsd/nfs4proc.c | 1 fs/overlayfs/inode.c | 62 ++- include/linux/arm-smccc.h | 38 +- include/linux/platform_data/ina2xx.h | 2 include/linux/posix-timers.h | 4 include/linux/power_supply.h | 1 include/linux/slub_def.h | 3 include/media/v4l2-fh.h | 4 kernel/bpf/sockmap.c | 3 kernel/module.c | 6 kernel/time/alarmtimer.c | 7 kernel/time/posix-cpu-timers.c | 2 kernel/time/posix-timers.c | 33 + kernel/time/posix-timers.h | 2 lib/klist.c | 10 mm/slub.c | 6 net/6lowpan/iphc.c | 1 net/tls/tls_main.c | 9 sound/aoa/core/gpio-feature.c | 4 sound/pci/hda/hda_intel.c | 3 sound/soc/soc-dapm.c | 7 151 files changed, 1079 insertions(+), 408 deletions(-) Aaron Ma (1): Input: elantech - enable middle button of touchpad on ThinkPad P72 Akinobu Mita (4): iio: adc: ina2xx: avoid kthread_stop() with stale task_struct iio: accel: adxl345: convert address field usage in iio_chan_spec media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power media: soc_camera: ov772x: correct setting of banding filter Alagu Sankar (2): ath10k: sdio: use same endpoint id for all packets in a bundle ath10k: sdio: set skb len for all rx packets Alan Stern (3): USB: fix error handling in usb_driver_claim_interface() USB: handle NULL config in usb_find_alt_setting() USB: remove LPM management from usb_driver_claim_interface() Alexander Shishkin (1): intel_th: Fix device removal logic Alexey Dobriyan (1): slub: make ->cpu_partial unsigned int Alexey Kardashevskiy (1): powerpc/powernv/ioda2: Reduce upper limit for DMA window size Alexey Khoroshilov (1): media: fsl-viu: fix error handling in viu_of_probe() Alistair Strachan (1): staging: android: ashmem: Fix mmap size validation Amir Goldstein (1): ovl: hash non-dir by lower inode for fsnotify Andreas Gruenbacher (1): iomap: complete partial direct I/O writes synchronously Andy Shevchenko (1): x86/tsc: Add missing header to tsc_msr.c Andy Whitcroft (1): floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl Anson Huang (1): thermal: of-thermal: disable passive polling when thermal zone is disabled Anton Vasilyev (1): uwb: hwa-rc: fix memory leak at probe Bart Van Assche (4): scsi: target/iscsi: Make iscsit_ta_authentication() respect the output buffer size scsi: klist: Make it safe to use klists in atomic context scsi: target: Avoid that EXTENDED COPY commands trigger lock inversion IB/srp: Avoid that sg_reset -d ${srp_device} triggers an infinite loop Ben Greear (1): ath10k: protect ath10k_htt_rx_ring_free with rx_ring.lock Benjamin Tissoires (1): power: remove possible deadlock when unregistering power_supply Bin Liu (1): usb: musb: dsps: do not disable CPPI41 irq in driver teardown Bo Chen (2): e1000: check on netif_running() before calling e1000_up() e1000: ensure to free old tx/rx rings in set_ringparam() Brandon Maier (2): net: phy: xgmiitorgmii: Check read_status results net: phy: xgmiitorgmii: Check phy_driver ready before accessing Breno Leitao (1): scsi: ibmvscsi: Improve strings handling Chris Wilson (1): drm/i915: Remove vma from object on destroy, not close Christophe Leroy (1): serial: cpm_uart: return immediately from console poll Colin Ian King (1): staging: rts5208: fix missing error check on call to rtsx_write_register Dan Carpenter (5): vmci: type promotion bug in qp_host_get_user_memory() RDMA/bnxt_re: Fix a couple off by one bugs IB/core: type promotion bug in rdma_rw_init_one_mr() rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication() hwmon: (adt7475) Make adt7475_read_word() return errors Dan Williams (1): x86/numa_emulation: Fix emulated-to-physical node mapping Dave Gerlach (1): ARM: hwmod: RTC: Don't assume lock/unlock will be called with irq enabled Dave Martin (1): arm64: KVM: Tighten guest core register access from userspace Eric Sandeen (1): isofs: reject hardware sector size > 2048 bytes Ethan Tuttle (1): ARM: mvebu: declare asm symbols as character arrays in pmsu.c Feng Tang (1): x86/mm: Expand static page table for fixmap space Gaku Inami (1): spi: sh-msiof: Fix invalid SPI use during system suspend Geert Uytterhoeven (3): serial: sh-sci: Stop RX FIFO timer during port shutdown spi: rspi: Fix invalid SPI use during system suspend spi: rspi: Fix interrupted DMA transfers Greg Kroah-Hartman (1): Linux 4.14.74 Guoqing Jiang (1): md-cluster: clear another node's suspend_area after the copy is finished Hans de Goede (1): power: supply: axp288_charger: Fix initial constant_charge_current value Hari Bathini (1): powerpc/kdump: Handle crashkernel memory reservation failure Heiko Carstens (1): s390/sysinfo: add missing #ifdef CONFIG_PROC_FS Hiromitsu Yamasaki (1): spi: sh-msiof: Fix handling of write value for SISTR register Huazhong Tan (2): net: hns: fix length and page_offset overflow when CONFIG_ARM64_64K_PAGES net: hns: fix skb->truesize underestimation Ira Weiny (1): IB/hfi1: Fix SL array bounds check J. Bruce Fields (1): nfsd: fix corrupted reply to badly ordered compound James Smart (1): nvme-fcloop: Fix dropped LS's to removed target port Jan Beulich (1): x86/entry/64: Add two more instruction suffixes Javier Martinez Canillas (1): media: omap3isp: zero-initialize the isp cam_xclk{a,b} initial data Jernej Skrabec (1): drm/sun4i: Fix releasing node when enumerating enpoints Jessica Yu (1): module: exclude SHN_UNDEF symbols from kallsyms api Jian-Hong Pan (1): Bluetooth: Add a new Realtek 8723DE ID 0bda:b009 Johan Hovold (4): misc: sram: enable clock before registering regions USB: serial: kobil_sct: fix modem-status error handling EDAC, i7core: Fix memleaks and use-after-free on probe and remove EDAC: Fix memleak in module init error path John Fastabend (2): tls: possible hang when do_tcp_sendpages hits sndbuf is full case bpf: sockmap: write_space events need to be passed to TCP handler Julia Lawall (1): usb: wusbcore: security: cast sizeof to int for comparison Kai-Heng Feng (1): ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge Kan Liang (1): perf/x86/intel/lbr: Fix incomplete LBR call stack Kevin Hilman (1): ARM: dts: dra7: fix DCAN node addresses Konstantin Khorenko (1): fs/lock: skip lock owner pid translation in case we are in init_pid_ns Leon Romanovsky (1): RDMA/i40w: Hold read semaphore while looking after VMA Leonard Crestez (1): Revert "ARM: dts: imx7d: Invert legacy PCI irq mapping" Liam Girdwood (1): ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs Linus Walleij (1): ata: ftide010: Add a quirk for SQ201 Lothar Felten (1): hwmon: (ina2xx) fix sysfs shunt resistor read access Marc Zyngier (3): arm/arm64: smccc-1.1: Make return values unsigned long arm/arm64: smccc-1.1: Handle function result as parameters arm64: KVM: Sanitize PSTATE.M when being set from userspace Marcel Ziswiler (1): spi: tegra20-slink: explicitly enable/disable clock Masahiro Yamada (1): MIPS: boot: fix build rule of vmlinux.its.S Matt Ranostay (1): tsl2550: fix lux1_input error in low light Michael J. Ruhl (2): IB/hfi1: Invalid user input can result in crash IB/hfi1: Fix context recovery when PBC has an UnsupportedVL Michael Scott (1): 6lowpan: iphc: reset mac_header after decompress to fix panic Mika Westerberg (1): i2c: i801: Allow ACPI AML access I/O ports not reserved for SMBus Nadav Amit (1): gpio: Fix wrong rounding in gpio-menz127 Nicholas Mc Guire (1): ALSA: snd-aoa: add of_node_put() in error path Niklas Cassel (2): iommu/msm: Don't call iommu_device_{,un}link from atomic context ath10k: transmit queued frames after processing rx packets Oleksandr Andrushchenko (1): Input: xen-kbdfront - fix multi-touch XenStore node's locations Oliver Neukum (2): USB: usbdevfs: sanitize flags more USB: usbdevfs: restore warning for nonsensical flags Peter Rosin (1): mtd: rawnand: atmel: add module param to avoid using dma Peter Seiderer (1): media: staging/imx: fill vb2_v4l2_buffer field entry Randy Dunlap (1): x86/pti: Fix section mismatch warning/error Rex Zhu (2): drm/amdgpu: Enable/disable gfx PG feature in rlc safe mode drm/amdgpu: Update power state at the end of smu hw_init. Sakari Ailus (1): media: v4l: event: Prevent freeing event subscriptions while accessed Sebastian Andrzej Siewior (1): Revert "usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt()" Shivasharan S (1): scsi: megaraid_sas: Update controller info during resume Srikanth Jampala (1): crypto: cavium/nitrox - fix for command corruption in queue full case with backlog submissions. Stafford Horne (1): crypto: skcipher - Fix -Wstringop-truncation warnings Stefan Agner (2): brcmsmac: fix wrap around in conversion from constant to s16 tty: serial: lpuart: avoid leaking struct tty_struct Steve Wise (1): RDMA/uverbs: Atomically flush and mark closed the comp event queue Sudeep Holla (1): power: vexpress: fix corruption in notifier registration Sylwester Nawrocki (1): media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt() Tarick Bedeir (1): IB/mlx4: Test port number before querying type. Thomas Gleixner (3): alarmtimer: Prevent overflow for relative nanosleep posix-timers: Make forward callback return s64 posix-timers: Sanitize overrun handling Tomer Tayar (4): qed: Wait for ready indication before rereading the shmem qed: Wait for MCP halt and resume commands to take place qed: Prevent a possible deadlock during driver load and unload qed: Avoid sending mailbox commands when MFW is not responsive Tony Lindgren (2): wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout() ARM: dts: omap4-droid4: Fix emmc errors seen on some devices Uwe Kleine-König (1): serial: imx: restore handshaking irq for imx1 Vasily Gorbik (4): s390/mm: correct allocate_pgste proc_handler callback s390/dasd: correct numa_node in dasd_alloc_queue s390/scm_blk: correct numa_node in scm_blk_dev_setup s390/extmem: fix gcc 8 stringop-overflow warning Viresh Kumar (2): ARM: dts: ls1021a: Add missing cooling device properties for CPUs arm: dts: mediatek: Add missing cooling device properties for CPUs William Breathitt Gray (1): iio: 104-quad-8: Fix off-by-one error in register selection Yu Zhao (1): regulator: fix crash caused by null driver data Zhen Lei (1): iommu/amd: make sure TLB to be flushed before IOVA freed Zhouyang Jia (4): drivers/tty: add error handling for pcmcia_loop_config media: tm6000: add error handling for dvb_register_adapter HID: hid-ntrig: add error handling for sysfs_create_group scsi: bnx2i: add error handling for ioremap_nocache ming_qian (1): media: uvcvideo: Support realtek's UVC 1.5 device

7 years, 1 month

1
1
0 0

Linux 4.9.131

by Greg KH

I'm announcing the release of the 4.9.131 kernel. All users of the 4.9 kernel series must upgrade. The updated 4.9.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.9.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/hwmon/ina2xx | 2 Makefile | 2 arch/arm/boot/dts/dra7.dtsi | 4 arch/arm/mach-mvebu/pmsu.c | 6 - arch/arm/mach-omap2/omap_hwmod_reset.c | 12 +- arch/arm64/include/asm/kvm_emulate.h | 5 + arch/arm64/kvm/guest.c | 55 +++++++++++- arch/powerpc/kernel/machine_kexec.c | 7 + arch/powerpc/platforms/powernv/pci-ioda.c | 2 arch/s390/mm/extmem.c | 4 arch/s390/mm/pgalloc.c | 2 arch/x86/entry/entry_64.S | 4 arch/x86/events/intel/lbr.c | 32 +++++-- arch/x86/events/perf_event.h | 1 arch/x86/kernel/tsc_msr.c | 1 arch/x86/mm/numa_emulation.c | 2 crypto/ablkcipher.c | 2 crypto/blkcipher.c | 1 drivers/block/floppy.c | 3 drivers/bluetooth/btusb.c | 1 drivers/edac/edac_mc_sysfs.c | 6 - drivers/edac/i7core_edac.c | 22 +++- drivers/gpio/gpio-menz127.c | 4 drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c | 11 ++ drivers/gpu/drm/amd/amdgpu/kv_dpm.c | 4 drivers/gpu/drm/amd/amdgpu/si_dpm.c | 3 drivers/gpu/drm/sun4i/sun4i_drv.c | 3 drivers/hid/hid-ntrig.c | 2 drivers/hwmon/adt7475.c | 14 +-- drivers/hwmon/ina2xx.c | 13 ++ drivers/i2c/busses/i2c-i801.c | 9 + drivers/infiniband/core/rw.c | 2 drivers/infiniband/hw/hfi1/pio.c | 9 + drivers/infiniband/hw/hfi1/user_sdma.c | 2 drivers/infiniband/hw/hfi1/verbs.c | 8 + drivers/infiniband/ulp/srp/ib_srp.c | 6 - drivers/input/mouse/elantech.c | 2 drivers/iommu/amd_iommu.c | 2 drivers/md/md-cluster.c | 19 ++-- drivers/media/i2c/soc_camera/ov772x.c | 2 drivers/media/platform/exynos4-is/fimc-isp-video.c | 11 +- drivers/media/platform/fsl-viu.c | 38 +++++--- drivers/media/platform/omap3isp/isp.c | 2 drivers/media/platform/s3c-camif/camif-capture.c | 2 drivers/media/usb/tm6000/tm6000-dvb.c | 5 + drivers/media/usb/uvc/uvc_video.c | 24 +++-- drivers/media/v4l2-core/v4l2-event.c | 38 ++++---- drivers/media/v4l2-core/v4l2-fh.c | 2 drivers/misc/tsl2550.c | 2 drivers/misc/vmw_vmci/vmci_queue_pair.c | 4 drivers/net/ethernet/hisilicon/hns/hnae.h | 6 - drivers/net/ethernet/hisilicon/hns/hns_enet.c | 2 drivers/net/ethernet/intel/e1000/e1000_ethtool.c | 7 - drivers/net/ethernet/qlogic/qed/qed_mcp.c | 96 +++++++++++++++++---- drivers/net/ethernet/qlogic/qed/qed_reg_addr.h | 1 drivers/net/phy/xilinx_gmii2rgmii.c | 10 +- drivers/net/wireless/ath/ath10k/htt_rx.c | 5 - drivers/net/wireless/rndis_wlan.c | 2 drivers/net/wireless/ti/wlcore/cmd.c | 6 + drivers/power/reset/vexpress-poweroff.c | 12 +- drivers/power/supply/power_supply_core.c | 11 +- drivers/regulator/core.c | 2 drivers/scsi/bnx2i/bnx2i_hwi.c | 2 drivers/scsi/ibmvscsi/ibmvscsi.c | 4 drivers/scsi/megaraid/megaraid_sas_base.c | 3 drivers/spi/spi-rspi.c | 34 ++++++- drivers/spi/spi-sh-msiof.c | 28 +++++- drivers/spi/spi-tegra20-slink.c | 31 +++++- drivers/staging/android/ashmem.c | 6 + drivers/staging/rts5208/sd.c | 2 drivers/target/iscsi/iscsi_target_auth.c | 15 --- drivers/target/iscsi/iscsi_target_tpg.c | 3 drivers/thermal/of-thermal.c | 7 + drivers/tty/serial/8250/serial_cs.c | 6 - drivers/tty/serial/cpm_uart/cpm_uart_core.c | 10 +- drivers/tty/serial/fsl_lpuart.c | 3 drivers/tty/serial/imx.c | 8 + drivers/usb/class/cdc-wdm.c | 2 drivers/usb/core/devio.c | 24 ++++- drivers/usb/core/driver.c | 28 +++--- drivers/usb/core/usb.c | 2 drivers/usb/serial/kobil_sct.c | 12 ++ drivers/usb/wusbcore/security.c | 2 drivers/uwb/hwa-rc.c | 1 fs/ext4/xattr.c | 5 + fs/nfsd/nfs4proc.c | 1 include/linux/arm-smccc.h | 38 +++++--- include/linux/platform_data/ina2xx.h | 2 include/linux/power_supply.h | 1 include/linux/slub_def.h | 3 include/media/v4l2-fh.h | 4 kernel/module.c | 6 + kernel/time/alarmtimer.c | 3 lib/klist.c | 10 +- mm/slub.c | 6 - net/6lowpan/iphc.c | 1 sound/aoa/core/gpio-feature.c | 4 sound/pci/hda/hda_intel.c | 3 sound/soc/soc-dapm.c | 7 + 99 files changed, 669 insertions(+), 237 deletions(-) Aaron Ma (1): Input: elantech - enable middle button of touchpad on ThinkPad P72 Akinobu Mita (2): media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power media: soc_camera: ov772x: correct setting of banding filter Alan Stern (3): USB: fix error handling in usb_driver_claim_interface() USB: handle NULL config in usb_find_alt_setting() USB: remove LPM management from usb_driver_claim_interface() Alexey Dobriyan (1): slub: make ->cpu_partial unsigned int Alexey Kardashevskiy (1): powerpc/powernv/ioda2: Reduce upper limit for DMA window size Alexey Khoroshilov (1): media: fsl-viu: fix error handling in viu_of_probe() Alistair Strachan (1): staging: android: ashmem: Fix mmap size validation Andy Shevchenko (1): x86/tsc: Add missing header to tsc_msr.c Andy Whitcroft (1): floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl Anson Huang (1): thermal: of-thermal: disable passive polling when thermal zone is disabled Anton Vasilyev (1): uwb: hwa-rc: fix memory leak at probe Bart Van Assche (3): scsi: target/iscsi: Make iscsit_ta_authentication() respect the output buffer size scsi: klist: Make it safe to use klists in atomic context IB/srp: Avoid that sg_reset -d ${srp_device} triggers an infinite loop Ben Greear (1): ath10k: protect ath10k_htt_rx_ring_free with rx_ring.lock Benjamin Tissoires (1): power: remove possible deadlock when unregistering power_supply Bo Chen (2): e1000: check on netif_running() before calling e1000_up() e1000: ensure to free old tx/rx rings in set_ringparam() Brandon Maier (2): net: phy: xgmiitorgmii: Check read_status results net: phy: xgmiitorgmii: Check phy_driver ready before accessing Breno Leitao (1): scsi: ibmvscsi: Improve strings handling Christophe Leroy (1): serial: cpm_uart: return immediately from console poll Colin Ian King (1): staging: rts5208: fix missing error check on call to rtsx_write_register Dan Carpenter (4): vmci: type promotion bug in qp_host_get_user_memory() IB/core: type promotion bug in rdma_rw_init_one_mr() rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication() hwmon: (adt7475) Make adt7475_read_word() return errors Dan Williams (1): x86/numa_emulation: Fix emulated-to-physical node mapping Dave Gerlach (1): ARM: hwmod: RTC: Don't assume lock/unlock will be called with irq enabled Dave Martin (1): arm64: KVM: Tighten guest core register access from userspace Ethan Tuttle (1): ARM: mvebu: declare asm symbols as character arrays in pmsu.c Gaku Inami (1): spi: sh-msiof: Fix invalid SPI use during system suspend Geert Uytterhoeven (2): spi: rspi: Fix invalid SPI use during system suspend spi: rspi: Fix interrupted DMA transfers Greg Kroah-Hartman (1): Linux 4.9.131 Guoqing Jiang (1): md-cluster: clear another node's suspend_area after the copy is finished Hari Bathini (1): powerpc/kdump: Handle crashkernel memory reservation failure Hiromitsu Yamasaki (1): spi: sh-msiof: Fix handling of write value for SISTR register Huazhong Tan (2): net: hns: fix length and page_offset overflow when CONFIG_ARM64_64K_PAGES net: hns: fix skb->truesize underestimation Ira Weiny (1): IB/hfi1: Fix SL array bounds check J. Bruce Fields (1): nfsd: fix corrupted reply to badly ordered compound Jan Beulich (1): x86/entry/64: Add two more instruction suffixes Javier Martinez Canillas (1): media: omap3isp: zero-initialize the isp cam_xclk{a,b} initial data Jernej Skrabec (1): drm/sun4i: Fix releasing node when enumerating enpoints Jessica Yu (1): module: exclude SHN_UNDEF symbols from kallsyms api Jian-Hong Pan (1): Bluetooth: Add a new Realtek 8723DE ID 0bda:b009 Johan Hovold (3): USB: serial: kobil_sct: fix modem-status error handling EDAC, i7core: Fix memleaks and use-after-free on probe and remove EDAC: Fix memleak in module init error path Julia Lawall (1): usb: wusbcore: security: cast sizeof to int for comparison Kai-Heng Feng (1): ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge Kan Liang (1): perf/x86/intel/lbr: Fix incomplete LBR call stack Kevin Hilman (1): ARM: dts: dra7: fix DCAN node addresses Liam Girdwood (1): ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs Lothar Felten (1): hwmon: (ina2xx) fix sysfs shunt resistor read access Marc Zyngier (3): arm/arm64: smccc-1.1: Make return values unsigned long arm/arm64: smccc-1.1: Handle function result as parameters arm64: KVM: Sanitize PSTATE.M when being set from userspace Marcel Ziswiler (1): spi: tegra20-slink: explicitly enable/disable clock Matt Ranostay (1): tsl2550: fix lux1_input error in low light Michael J. Ruhl (2): IB/hfi1: Invalid user input can result in crash IB/hfi1: Fix context recovery when PBC has an UnsupportedVL Michael Scott (1): 6lowpan: iphc: reset mac_header after decompress to fix panic Mika Westerberg (1): i2c: i801: Allow ACPI AML access I/O ports not reserved for SMBus Nadav Amit (1): gpio: Fix wrong rounding in gpio-menz127 Nicholas Mc Guire (1): ALSA: snd-aoa: add of_node_put() in error path Oliver Neukum (2): USB: usbdevfs: sanitize flags more USB: usbdevfs: restore warning for nonsensical flags Rex Zhu (2): drm/amdgpu: Enable/disable gfx PG feature in rlc safe mode drm/amdgpu: Update power state at the end of smu hw_init. Sakari Ailus (1): media: v4l: event: Prevent freeing event subscriptions while accessed Sebastian Andrzej Siewior (1): Revert "usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt()" Shivasharan S (1): scsi: megaraid_sas: Update controller info during resume Stafford Horne (1): crypto: skcipher - Fix -Wstringop-truncation warnings Stefan Agner (1): tty: serial: lpuart: avoid leaking struct tty_struct Sudeep Holla (1): power: vexpress: fix corruption in notifier registration Sylwester Nawrocki (1): media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt() Theodore Ts'o (1): ext4: never move the system.data xattr out of the inode body Thomas Gleixner (1): alarmtimer: Prevent overflow for relative nanosleep Tomer Tayar (2): qed: Wait for ready indication before rereading the shmem qed: Wait for MCP halt and resume commands to take place Tony Lindgren (1): wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout() Uwe Kleine-König (1): serial: imx: restore handshaking irq for imx1 Vasily Gorbik (2): s390/mm: correct allocate_pgste proc_handler callback s390/extmem: fix gcc 8 stringop-overflow warning Vincent Pelletier (1): scsi: target: iscsi: Use bin2hex instead of a re-implementation Yu Zhao (1): regulator: fix crash caused by null driver data Zhen Lei (1): iommu/amd: make sure TLB to be flushed before IOVA freed Zhouyang Jia (4): drivers/tty: add error handling for pcmcia_loop_config media: tm6000: add error handling for dvb_register_adapter HID: hid-ntrig: add error handling for sysfs_create_group scsi: bnx2i: add error handling for ioremap_nocache ming_qian (1): media: uvcvideo: Support realtek's UVC 1.5 device

7 years, 1 month

1
1
0 0

[PATCH 4.14 000/137] 4.14.74-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.14.74 release. There are 137 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu Oct 4 13:24:18 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.74-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.14.74-rc1 Randy Dunlap <rdunlap(a)infradead.org> x86/pti: Fix section mismatch warning/error Mika Westerberg <mika.westerberg(a)linux.intel.com> i2c: i801: Allow ACPI AML access I/O ports not reserved for SMBus Marc Zyngier <marc.zyngier(a)arm.com> arm/arm64: smccc-1.1: Handle function result as parameters Marc Zyngier <marc.zyngier(a)arm.com> arm/arm64: smccc-1.1: Make return values unsigned long Tony Lindgren <tony(a)atomide.com> ARM: dts: omap4-droid4: Fix emmc errors seen on some devices James Smart <jsmart2021(a)gmail.com> nvme-fcloop: Fix dropped LS's to removed target port Linus Walleij <linus.walleij(a)linaro.org> ata: ftide010: Add a quirk for SQ201 Rex Zhu <Rex.Zhu(a)amd.com> drm/amdgpu: Update power state at the end of smu hw_init. Rex Zhu <Rex.Zhu(a)amd.com> drm/amdgpu: Enable/disable gfx PG feature in rlc safe mode Leonard Crestez <leonard.crestez(a)nxp.com> Revert "ARM: dts: imx7d: Invert legacy PCI irq mapping" Dan Carpenter <dan.carpenter(a)oracle.com> hwmon: (adt7475) Make adt7475_read_word() return errors Lothar Felten <lothar.felten(a)gmail.com> hwmon: (ina2xx) fix sysfs shunt resistor read access Srikanth Jampala <Jampala.Srikanth(a)cavium.com> crypto: cavium/nitrox - fix for command corruption in queue full case with backlog submissions. Bo Chen <chenbo(a)pdx.edu> e1000: ensure to free old tx/rx rings in set_ringparam() Bo Chen <chenbo(a)pdx.edu> e1000: check on netif_running() before calling e1000_up() Huazhong Tan <tanhuazhong(a)huawei.com> net: hns: fix skb->truesize underestimation Huazhong Tan <tanhuazhong(a)huawei.com> net: hns: fix length and page_offset overflow when CONFIG_ARM64_64K_PAGES John Fastabend <john.fastabend(a)gmail.com> bpf: sockmap: write_space events need to be passed to TCP handler John Fastabend <john.fastabend(a)gmail.com> tls: possible hang when do_tcp_sendpages hits sndbuf is full case Eric Sandeen <sandeen(a)redhat.com> isofs: reject hardware sector size > 2048 bytes Anson Huang <Anson.Huang(a)nxp.com> thermal: of-thermal: disable passive polling when thermal zone is disabled Tomer Tayar <Tomer.Tayar(a)cavium.com> qed: Avoid sending mailbox commands when MFW is not responsive Tomer Tayar <Tomer.Tayar(a)cavium.com> qed: Prevent a possible deadlock during driver load and unload Tomer Tayar <Tomer.Tayar(a)cavium.com> qed: Wait for MCP halt and resume commands to take place Tomer Tayar <Tomer.Tayar(a)cavium.com> qed: Wait for ready indication before rereading the shmem Dave Martin <Dave.Martin(a)arm.com> arm64: KVM: Tighten guest core register access from userspace Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> serial: imx: restore handshaking irq for imx1 Chris Wilson <chris(a)chris-wilson.co.uk> drm/i915: Remove vma from object on destroy, not close Amir Goldstein <amir73il(a)gmail.com> ovl: hash non-dir by lower inode for fsnotify Steve Wise <swise(a)opengridcomputing.com> RDMA/uverbs: Atomically flush and mark closed the comp event queue Michael J. Ruhl <michael.j.ruhl(a)intel.com> IB/hfi1: Fix context recovery when PBC has an UnsupportedVL Michael J. Ruhl <michael.j.ruhl(a)intel.com> IB/hfi1: Invalid user input can result in crash Ira Weiny <ira.weiny(a)intel.com> IB/hfi1: Fix SL array bounds check Bart Van Assche <bvanassche(a)acm.org> IB/srp: Avoid that sg_reset -d ${srp_device} triggers an infinite loop Aaron Ma <aaron.ma(a)canonical.com> Input: elantech - enable middle button of touchpad on ThinkPad P72 Alan Stern <stern(a)rowland.harvard.edu> USB: remove LPM management from usb_driver_claim_interface() Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> Revert "usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt()" Oliver Neukum <oneukum(a)suse.com> USB: usbdevfs: restore warning for nonsensical flags Oliver Neukum <oneukum(a)suse.com> USB: usbdevfs: sanitize flags more ming_qian <ming_qian(a)realsil.com.cn> media: uvcvideo: Support realtek's UVC 1.5 device Alexey Dobriyan <adobriyan(a)gmail.com> slub: make ->cpu_partial unsigned int Bin Liu <b-liu(a)ti.com> usb: musb: dsps: do not disable CPPI41 irq in driver teardown Alan Stern <stern(a)rowland.harvard.edu> USB: handle NULL config in usb_find_alt_setting() Alan Stern <stern(a)rowland.harvard.edu> USB: fix error handling in usb_driver_claim_interface() Yu Zhao <yuzhao(a)google.com> regulator: fix crash caused by null driver data Geert Uytterhoeven <geert+renesas(a)glider.be> spi: rspi: Fix interrupted DMA transfers Geert Uytterhoeven <geert+renesas(a)glider.be> spi: rspi: Fix invalid SPI use during system suspend Hiromitsu Yamasaki <hiromitsu.yamasaki.ym(a)renesas.com> spi: sh-msiof: Fix handling of write value for SISTR register Gaku Inami <gaku.inami.xw(a)bp.renesas.com> spi: sh-msiof: Fix invalid SPI use during system suspend Marcel Ziswiler <marcel.ziswiler(a)toradex.com> spi: tegra20-slink: explicitly enable/disable clock Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: Fix device removal logic Christophe Leroy <christophe.leroy(a)c-s.fr> serial: cpm_uart: return immediately from console poll Stefan Agner <stefan(a)agner.ch> tty: serial: lpuart: avoid leaking struct tty_struct Feng Tang <feng.tang(a)intel.com> x86/mm: Expand static page table for fixmap space Andy Whitcroft <apw(a)canonical.com> floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl Kevin Hilman <khilman(a)baylibre.com> ARM: dts: dra7: fix DCAN node addresses William Breathitt Gray <vilhelm.gray(a)gmail.com> iio: 104-quad-8: Fix off-by-one error in register selection Oleksandr Andrushchenko <oleksandr_andrushchenko(a)epam.com> Input: xen-kbdfront - fix multi-touch XenStore node's locations Konstantin Khorenko <khorenko(a)virtuozzo.com> fs/lock: skip lock owner pid translation in case we are in init_pid_ns Johan Hovold <johan(a)kernel.org> EDAC: Fix memleak in module init error path J. Bruce Fields <bfields(a)redhat.com> nfsd: fix corrupted reply to badly ordered compound Nadav Amit <namit(a)vmware.com> gpio: Fix wrong rounding in gpio-menz127 Jessica Yu <jeyu(a)kernel.org> module: exclude SHN_UNDEF symbols from kallsyms api Liam Girdwood <liam.r.girdwood(a)linux.intel.com> ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs Johan Hovold <johan(a)kernel.org> EDAC, i7core: Fix memleaks and use-after-free on probe and remove Shivasharan S <shivasharan.srikanteshwara(a)broadcom.com> scsi: megaraid_sas: Update controller info during resume Andreas Gruenbacher <agruenba(a)redhat.com> iomap: complete partial direct I/O writes synchronously Zhouyang Jia <jiazhouyang09(a)gmail.com> scsi: bnx2i: add error handling for ioremap_nocache Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel/lbr: Fix incomplete LBR call stack Masahiro Yamada <yamada.masahiro(a)socionext.com> MIPS: boot: fix build rule of vmlinux.its.S Zhouyang Jia <jiazhouyang09(a)gmail.com> HID: hid-ntrig: add error handling for sysfs_create_group Viresh Kumar <viresh.kumar(a)linaro.org> arm: dts: mediatek: Add missing cooling device properties for CPUs Ethan Tuttle <ethan(a)ethantuttle.com> ARM: mvebu: declare asm symbols as character arrays in pmsu.c Tony Lindgren <tony(a)atomide.com> wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout() Stefan Agner <stefan(a)agner.ch> brcmsmac: fix wrap around in conversion from constant to s16 Dan Carpenter <dan.carpenter(a)oracle.com> rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication() Niklas Cassel <niklas.cassel(a)linaro.org> ath10k: transmit queued frames after processing rx packets Jernej Skrabec <jernej.skrabec(a)siol.net> drm/sun4i: Fix releasing node when enumerating enpoints Brandon Maier <brandon.maier(a)rockwellcollins.com> net: phy: xgmiitorgmii: Check phy_driver ready before accessing Ben Greear <greearb(a)candelatech.com> ath10k: protect ath10k_htt_rx_ring_free with rx_ring.lock Brandon Maier <brandon.maier(a)rockwellcollins.com> net: phy: xgmiitorgmii: Check read_status results Kai-Heng Feng <kai.heng.feng(a)canonical.com> ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge Zhouyang Jia <jiazhouyang09(a)gmail.com> media: tm6000: add error handling for dvb_register_adapter Zhouyang Jia <jiazhouyang09(a)gmail.com> drivers/tty: add error handling for pcmcia_loop_config Alistair Strachan <astrachan(a)google.com> staging: android: ashmem: Fix mmap size validation Javier Martinez Canillas <javierm(a)redhat.com> media: omap3isp: zero-initialize the isp cam_xclk{a,b} initial data Akinobu Mita <akinobu.mita(a)gmail.com> media: soc_camera: ov772x: correct setting of banding filter Akinobu Mita <akinobu.mita(a)gmail.com> media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power Nicholas Mc Guire <hofrat(a)osadl.org> ALSA: snd-aoa: add of_node_put() in error path Thomas Gleixner <tglx(a)linutronix.de> posix-timers: Sanitize overrun handling Thomas Gleixner <tglx(a)linutronix.de> posix-timers: Make forward callback return s64 Akinobu Mita <akinobu.mita(a)gmail.com> iio: accel: adxl345: convert address field usage in iio_chan_spec Peter Rosin <peda(a)axentia.se> mtd: rawnand: atmel: add module param to avoid using dma Vasily Gorbik <gor(a)linux.ibm.com> s390/extmem: fix gcc 8 stringop-overflow warning Vasily Gorbik <gor(a)linux.ibm.com> s390/scm_blk: correct numa_node in scm_blk_dev_setup Vasily Gorbik <gor(a)linux.ibm.com> s390/dasd: correct numa_node in dasd_alloc_queue Thomas Gleixner <tglx(a)linutronix.de> alarmtimer: Prevent overflow for relative nanosleep Heiko Carstens <heiko.carstens(a)de.ibm.com> s390/sysinfo: add missing #ifdef CONFIG_PROC_FS Alexey Kardashevskiy <aik(a)ozlabs.ru> powerpc/powernv/ioda2: Reduce upper limit for DMA window size Alagu Sankar <alagusankar(a)silex-india.com> ath10k: sdio: set skb len for all rx packets Alagu Sankar <alagusankar(a)silex-india.com> ath10k: sdio: use same endpoint id for all packets in a bundle Julia Lawall <Julia.Lawall(a)lip6.fr> usb: wusbcore: security: cast sizeof to int for comparison Bart Van Assche <bart.vanassche(a)wdc.com> scsi: target: Avoid that EXTENDED COPY commands trigger lock inversion Breno Leitao <leitao(a)debian.org> scsi: ibmvscsi: Improve strings handling Bart Van Assche <bart.vanassche(a)wdc.com> scsi: klist: Make it safe to use klists in atomic context Bart Van Assche <bart.vanassche(a)wdc.com> scsi: target/iscsi: Make iscsit_ta_authentication() respect the output buffer size Viresh Kumar <viresh.kumar(a)linaro.org> ARM: dts: ls1021a: Add missing cooling device properties for CPUs Jan Beulich <JBeulich(a)suse.com> x86/entry/64: Add two more instruction suffixes Dave Gerlach <d-gerlach(a)ti.com> ARM: hwmod: RTC: Don't assume lock/unlock will be called with irq enabled Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> x86/tsc: Add missing header to tsc_msr.c Peter Seiderer <ps.report(a)gmx.net> media: staging/imx: fill vb2_v4l2_buffer field entry Alexey Khoroshilov <khoroshilov(a)ispras.ru> media: fsl-viu: fix error handling in viu_of_probe() Hari Bathini <hbathini(a)linux.ibm.com> powerpc/kdump: Handle crashkernel memory reservation failure Tarick Bedeir <tarick(a)google.com> IB/mlx4: Test port number before querying type. Sylwester Nawrocki <s.nawrocki(a)samsung.com> media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt() Dan Carpenter <dan.carpenter(a)oracle.com> IB/core: type promotion bug in rdma_rw_init_one_mr() Leon Romanovsky <leonro(a)mellanox.com> RDMA/i40w: Hold read semaphore while looking after VMA Dan Carpenter <dan.carpenter(a)oracle.com> RDMA/bnxt_re: Fix a couple off by one bugs Guoqing Jiang <gqjiang(a)suse.com> md-cluster: clear another node's suspend_area after the copy is finished Benjamin Tissoires <benjamin.tissoires(a)redhat.com> power: remove possible deadlock when unregistering power_supply Vasily Gorbik <gor(a)linux.ibm.com> s390/mm: correct allocate_pgste proc_handler callback Niklas Cassel <niklas.cassel(a)linaro.org> iommu/msm: Don't call iommu_device_{,un}link from atomic context Michael Scott <michael(a)opensourcefoundries.com> 6lowpan: iphc: reset mac_header after decompress to fix panic Johan Hovold <johan(a)kernel.org> USB: serial: kobil_sct: fix modem-status error handling Jian-Hong Pan <jian-hong(a)endlessm.com> Bluetooth: Add a new Realtek 8723DE ID 0bda:b009 Zhen Lei <thunder.leizhen(a)huawei.com> iommu/amd: make sure TLB to be flushed before IOVA freed Sudeep Holla <sudeep.holla(a)arm.com> power: vexpress: fix corruption in notifier registration Anton Vasilyev <vasilyev(a)ispras.ru> uwb: hwa-rc: fix memory leak at probe Geert Uytterhoeven <geert+renesas(a)glider.be> serial: sh-sci: Stop RX FIFO timer during port shutdown Johan Hovold <johan(a)kernel.org> misc: sram: enable clock before registering regions Hans de Goede <hdegoede(a)redhat.com> power: supply: axp288_charger: Fix initial constant_charge_current value Colin Ian King <colin.king(a)canonical.com> staging: rts5208: fix missing error check on call to rtsx_write_register Dan Williams <dan.j.williams(a)intel.com> x86/numa_emulation: Fix emulated-to-physical node mapping Dan Carpenter <dan.carpenter(a)oracle.com> vmci: type promotion bug in qp_host_get_user_memory() Matt Ranostay <matt.ranostay(a)konsulko.com> tsl2550: fix lux1_input error in low light Akinobu Mita <akinobu.mita(a)gmail.com> iio: adc: ina2xx: avoid kthread_stop() with stale task_struct Stafford Horne <shorne(a)gmail.com> crypto: skcipher - Fix -Wstringop-truncation warnings ------------- Diffstat: Documentation/hwmon/ina2xx | 2 +- Makefile | 4 +- arch/arm/boot/dts/dra7.dtsi | 4 +- arch/arm/boot/dts/imx7d.dtsi | 12 +- arch/arm/boot/dts/ls1021a.dtsi | 1 + arch/arm/boot/dts/mt7623.dtsi | 3 + arch/arm/boot/dts/omap4-droid4-xt894.dts | 2 +- arch/arm/mach-mvebu/pmsu.c | 6 +- arch/arm/mach-omap2/omap_hwmod_reset.c | 12 +- arch/arm64/kvm/guest.c | 45 +++++ arch/mips/boot/Makefile | 6 +- arch/powerpc/kernel/machine_kexec.c | 7 +- arch/powerpc/platforms/powernv/pci-ioda.c | 2 +- arch/s390/kernel/sysinfo.c | 4 + arch/s390/mm/extmem.c | 4 +- arch/s390/mm/pgalloc.c | 2 +- arch/x86/entry/entry_64.S | 4 +- arch/x86/events/intel/lbr.c | 32 +++- arch/x86/events/perf_event.h | 1 + arch/x86/include/asm/fixmap.h | 10 ++ arch/x86/include/asm/pgtable_64.h | 3 +- arch/x86/kernel/head64.c | 4 +- arch/x86/kernel/head_64.S | 16 +- arch/x86/kernel/tsc_msr.c | 1 + arch/x86/mm/numa_emulation.c | 2 +- arch/x86/mm/pgtable.c | 9 + arch/x86/mm/pti.c | 2 +- arch/x86/xen/mmu_pv.c | 8 +- crypto/ablkcipher.c | 2 + crypto/blkcipher.c | 1 + drivers/ata/pata_ftide010.c | 27 +-- drivers/block/floppy.c | 3 + drivers/bluetooth/btusb.c | 1 + drivers/crypto/cavium/nitrox/nitrox_dev.h | 3 +- drivers/crypto/cavium/nitrox/nitrox_lib.c | 1 + drivers/crypto/cavium/nitrox/nitrox_reqmgr.c | 57 ++++--- drivers/edac/edac_mc_sysfs.c | 6 +- drivers/edac/i7core_edac.c | 22 ++- drivers/gpio/gpio-menz127.c | 4 +- drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c | 11 +- drivers/gpu/drm/amd/amdgpu/kv_dpm.c | 4 +- drivers/gpu/drm/amd/amdgpu/si_dpm.c | 3 +- drivers/gpu/drm/i915/i915_gem.c | 3 +- drivers/gpu/drm/i915/i915_vma.c | 4 +- drivers/gpu/drm/sun4i/sun4i_drv.c | 3 +- drivers/hid/hid-ntrig.c | 2 + drivers/hwmon/adt7475.c | 14 +- drivers/hwmon/ina2xx.c | 13 +- drivers/hwtracing/intel_th/core.c | 3 +- drivers/i2c/busses/i2c-i801.c | 9 +- drivers/iio/accel/adxl345_core.c | 21 ++- drivers/iio/adc/ina2xx-adc.c | 17 +- drivers/iio/counter/104-quad-8.c | 2 +- drivers/infiniband/core/rw.c | 2 +- drivers/infiniband/core/uverbs_main.c | 1 + drivers/infiniband/hw/bnxt_re/qplib_sp.c | 4 +- drivers/infiniband/hw/hfi1/pio.c | 9 +- drivers/infiniband/hw/hfi1/user_sdma.c | 2 +- drivers/infiniband/hw/hfi1/verbs.c | 8 +- drivers/infiniband/hw/i40iw/i40iw_verbs.c | 2 + drivers/infiniband/hw/mlx4/qp.c | 2 +- drivers/infiniband/ulp/srp/ib_srp.c | 6 +- drivers/input/misc/xen-kbdfront.c | 8 +- drivers/input/mouse/elantech.c | 2 + drivers/iommu/amd_iommu.c | 2 +- drivers/iommu/msm_iommu.c | 16 +- drivers/md/md-cluster.c | 19 ++- drivers/media/i2c/soc_camera/ov772x.c | 2 +- drivers/media/platform/exynos4-is/fimc-isp-video.c | 11 +- drivers/media/platform/fsl-viu.c | 38 +++-- drivers/media/platform/omap3isp/isp.c | 2 +- drivers/media/platform/s3c-camif/camif-capture.c | 2 + drivers/media/usb/tm6000/tm6000-dvb.c | 5 + drivers/media/usb/uvc/uvc_video.c | 24 ++- drivers/misc/sram.c | 13 +- drivers/misc/tsl2550.c | 2 +- drivers/misc/vmw_vmci/vmci_queue_pair.c | 4 +- drivers/mtd/nand/atmel/nand-controller.c | 7 +- drivers/net/ethernet/hisilicon/hns/hnae.h | 6 +- drivers/net/ethernet/hisilicon/hns/hns_enet.c | 2 +- drivers/net/ethernet/intel/e1000/e1000_ethtool.c | 7 +- drivers/net/ethernet/qlogic/qed/qed_mcp.c | 187 +++++++++++++++++---- drivers/net/ethernet/qlogic/qed/qed_mcp.h | 27 ++- drivers/net/ethernet/qlogic/qed/qed_reg_addr.h | 2 + drivers/net/phy/xilinx_gmii2rgmii.c | 10 +- drivers/net/wireless/ath/ath10k/htt_rx.c | 5 +- drivers/net/wireless/ath/ath10k/mac.c | 1 + drivers/net/wireless/ath/ath10k/sdio.c | 9 +- .../broadcom/brcm80211/brcmsmac/phy/phy_qmath.c | 2 +- drivers/net/wireless/rndis_wlan.c | 2 + drivers/net/wireless/ti/wlcore/cmd.c | 6 + drivers/nvme/target/fcloop.c | 3 +- drivers/power/reset/vexpress-poweroff.c | 12 +- drivers/power/supply/axp288_charger.c | 2 +- drivers/power/supply/power_supply_core.c | 11 +- drivers/regulator/core.c | 2 +- drivers/s390/block/dasd.c | 1 + drivers/s390/block/scm_blk.c | 1 + drivers/scsi/bnx2i/bnx2i_hwi.c | 2 + drivers/scsi/ibmvscsi/ibmvscsi.c | 4 +- drivers/scsi/megaraid/megaraid_sas_base.c | 3 + drivers/spi/spi-rspi.c | 34 +++- drivers/spi/spi-sh-msiof.c | 28 ++- drivers/spi/spi-tegra20-slink.c | 31 +++- drivers/staging/android/ashmem.c | 6 + drivers/staging/media/imx/imx-ic-prpencvf.c | 1 + drivers/staging/media/imx/imx-media-csi.c | 1 + drivers/staging/rts5208/sd.c | 2 +- drivers/target/iscsi/iscsi_target_tpg.c | 3 +- drivers/target/target_core_device.c | 22 ++- drivers/thermal/of-thermal.c | 7 +- drivers/tty/serial/8250/serial_cs.c | 6 +- drivers/tty/serial/cpm_uart/cpm_uart_core.c | 10 +- drivers/tty/serial/fsl_lpuart.c | 3 +- drivers/tty/serial/imx.c | 8 + drivers/tty/serial/sh-sci.c | 2 + drivers/usb/class/cdc-wdm.c | 2 +- drivers/usb/core/devio.c | 24 ++- drivers/usb/core/driver.c | 28 +-- drivers/usb/core/usb.c | 2 + drivers/usb/musb/musb_dsps.c | 12 +- drivers/usb/serial/kobil_sct.c | 12 +- drivers/usb/wusbcore/security.c | 2 +- drivers/uwb/hwa-rc.c | 1 + fs/iomap.c | 21 +-- fs/isofs/inode.c | 7 + fs/locks.c | 7 + fs/nfsd/nfs4proc.c | 1 + fs/overlayfs/inode.c | 62 +++++-- include/linux/arm-smccc.h | 38 +++-- include/linux/platform_data/ina2xx.h | 2 +- include/linux/posix-timers.h | 4 +- include/linux/power_supply.h | 1 + include/linux/slub_def.h | 3 +- kernel/bpf/sockmap.c | 3 + kernel/module.c | 6 +- kernel/time/alarmtimer.c | 7 +- kernel/time/posix-cpu-timers.c | 2 +- kernel/time/posix-timers.c | 33 ++-- kernel/time/posix-timers.h | 2 +- lib/klist.c | 10 +- mm/slub.c | 6 +- net/6lowpan/iphc.c | 1 + net/tls/tls_main.c | 9 +- sound/aoa/core/gpio-feature.c | 4 +- sound/pci/hda/hda_intel.c | 3 +- sound/soc/soc-dapm.c | 7 + 147 files changed, 1040 insertions(+), 390 deletions(-)

7 years, 1 month

6
144
0 0

[PATCH v6 04/10] mtd: maps: gpio-addr-flash: Fix ioremapped size

by Ricardo Ribalda Delgado

We should only iomap the area of the chip that is memory mapped. Otherwise we could be mapping devices beyond the memory space or that belong to other devices. Signed-off-by: Ricardo Ribalda Delgado <ricardo.ribalda(a)gmail.com> Fixes: ebd71e3a4861 ("mtd: maps: gpio-addr-flash: fix warnings and make more portable") Cc: <stable(a)vger.kernel.org> --- drivers/mtd/maps/gpio-addr-flash.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/mtd/maps/gpio-addr-flash.c b/drivers/mtd/maps/gpio-addr-flash.c index 17be47f72973..6de16e81994c 100644 --- a/drivers/mtd/maps/gpio-addr-flash.c +++ b/drivers/mtd/maps/gpio-addr-flash.c @@ -234,7 +234,7 @@ static int gpio_flash_probe(struct platform_device *pdev) state->map.copy_to = gf_copy_to; state->map.bankwidth = pdata->width; state->map.size = state->win_size * (1 << state->gpio_count); - state->map.virt = ioremap_nocache(memory->start, state->map.size); + state->map.virt = ioremap_nocache(memory->start, state->win_size); if (!state->map.virt) return -ENOMEM; -- 2.19.0

7 years, 1 month

1
0
0 0

Your images 24

by Joanna

Have photos for cutting out or retouching? We are one image team and we do editing for your the e-commerce photos, industry photos or portrait photo. If you need test editing then let me know. Waiting for your reply and the photo work. Thanks, Joanna

7 years, 1 month

1
0
0 0

[PATCH v2] drm: fb-helper: Reject all pixel format changing requests

by Eugeniy Paltsev

drm fbdev emulation doesn't support changing the pixel format at all, so reject all pixel format changing requests. Cc: stable(a)vger.kernel.org Signed-off-by: Eugeniy Paltsev <Eugeniy.Paltsev(a)synopsys.com> --- Changes v1->v2: * Reject all pixel format changing request, not just the invalid ones. drivers/gpu/drm/drm_fb_helper.c | 91 ++++++++++++----------------------------- 1 file changed, 26 insertions(+), 65 deletions(-) diff --git a/drivers/gpu/drm/drm_fb_helper.c b/drivers/gpu/drm/drm_fb_helper.c index 16ec93b75dbf..48598d7f673f 100644 --- a/drivers/gpu/drm/drm_fb_helper.c +++ b/drivers/gpu/drm/drm_fb_helper.c @@ -1580,6 +1580,25 @@ int drm_fb_helper_ioctl(struct fb_info *info, unsigned int cmd, } EXPORT_SYMBOL(drm_fb_helper_ioctl); +static bool drm_fb_pixel_format_equal(const struct fb_var_screeninfo *var_1, + const struct fb_var_screeninfo *var_2) +{ + return var_1->bits_per_pixel == var_2->bits_per_pixel && + var_1->grayscale == var_2->grayscale && + var_1->red.offset == var_2->red.offset && + var_1->red.length == var_2->red.length && + var_1->red.msb_right == var_2->red.msb_right && + var_1->green.offset == var_2->green.offset && + var_1->green.length == var_2->green.length && + var_1->green.msb_right == var_2->green.msb_right && + var_1->blue.offset == var_2->blue.offset && + var_1->blue.length == var_2->blue.length && + var_1->blue.msb_right == var_2->blue.msb_right && + var_1->transp.offset == var_2->transp.offset && + var_1->transp.length == var_2->transp.length && + var_1->transp.msb_right == var_2->transp.msb_right; +} + /** * drm_fb_helper_check_var - implementation for &fb_ops.fb_check_var * @var: screeninfo to check @@ -1590,7 +1609,6 @@ int drm_fb_helper_check_var(struct fb_var_screeninfo *var, { struct drm_fb_helper *fb_helper = info->par; struct drm_framebuffer *fb = fb_helper->fb; - int depth; if (var->pixclock != 0 || in_dbg_master()) return -EINVAL; @@ -1610,72 +1628,15 @@ int drm_fb_helper_check_var(struct fb_var_screeninfo *var, return -EINVAL; } - switch (var->bits_per_pixel) { - case 16: - depth = (var->green.length == 6) ? 16 : 15; - break; - case 32: - depth = (var->transp.length > 0) ? 32 : 24; - break; - default: - depth = var->bits_per_pixel; - break; - } - - switch (depth) { - case 8: - var->red.offset = 0; - var->green.offset = 0; - var->blue.offset = 0; - var->red.length = 8; - var->green.length = 8; - var->blue.length = 8; - var->transp.length = 0; - var->transp.offset = 0; - break; - case 15: - var->red.offset = 10; - var->green.offset = 5; - var->blue.offset = 0; - var->red.length = 5; - var->green.length = 5; - var->blue.length = 5; - var->transp.length = 1; - var->transp.offset = 15; - break; - case 16: - var->red.offset = 11; - var->green.offset = 5; - var->blue.offset = 0; - var->red.length = 5; - var->green.length = 6; - var->blue.length = 5; - var->transp.length = 0; - var->transp.offset = 0; - break; - case 24: - var->red.offset = 16; - var->green.offset = 8; - var->blue.offset = 0; - var->red.length = 8; - var->green.length = 8; - var->blue.length = 8; - var->transp.length = 0; - var->transp.offset = 0; - break; - case 32: - var->red.offset = 16; - var->green.offset = 8; - var->blue.offset = 0; - var->red.length = 8; - var->green.length = 8; - var->blue.length = 8; - var->transp.length = 8; - var->transp.offset = 24; - break; - default: + /* + * drm fbdev emulation doesn't support changing the pixel format at all, + * so reject all pixel format changing requests. + */ + if (!drm_fb_pixel_format_equal(var, &info->var)) { + DRM_DEBUG("fbdev emulation doesn't support changing the pixel format\n"); return -EINVAL; } + return 0; } EXPORT_SYMBOL(drm_fb_helper_check_var); -- 2.14.4

7 years, 1 month

3
4
0 0

Applied "ASoC: intel: skylake: Add missing break in skl_tplg_get_token()" to the asoc tree

by Mark Brown

The patch ASoC: intel: skylake: Add missing break in skl_tplg_get_token() has been applied to the asoc tree at https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound.git All being well this means that it will be integrated into the linux-next tree (usually sometime in the next 24 hours) and sent to Linus during the next merge window (or sooner if it is a bug fix), however if problems are discovered then the patch may be dropped or reverted. You may get further e-mails resulting from automated or manual testing and review of the tree, please engage with people reporting problems and send followup patches addressing any issues that are reported if needed. If any updates are required or you are submitting further changes they should be sent as incremental updates against current git, existing patches will not be replaced. Please add any relevant lists and maintainers to the CCs when replying to this mail. Thanks, Mark >From 9c80c5a8831471e0a3e139aad1b0d4c0fdc50b2f Mon Sep 17 00:00:00 2001 From: Takashi Iwai <tiwai(a)suse.de> Date: Wed, 3 Oct 2018 19:31:44 +0200 Subject: [PATCH] ASoC: intel: skylake: Add missing break in skl_tplg_get_token() skl_tplg_get_token() misses a break in the big switch() block for SKL_TKN_U8_CORE_ID entry. Spotted nicely by -Wimplicit-fallthrough compiler option. Fixes: 6277e83292a2 ("ASoC: Intel: Skylake: Parse vendor tokens to build module data") Cc: <stable(a)vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai(a)suse.de> Signed-off-by: Mark Brown <broonie(a)kernel.org> --- sound/soc/intel/skylake/skl-topology.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sound/soc/intel/skylake/skl-topology.c b/sound/soc/intel/skylake/skl-topology.c index 52a9915da0f5..cf8848b779dc 100644 --- a/sound/soc/intel/skylake/skl-topology.c +++ b/sound/soc/intel/skylake/skl-topology.c @@ -2460,6 +2460,7 @@ static int skl_tplg_get_token(struct device *dev, case SKL_TKN_U8_CORE_ID: mconfig->core_id = tkn_elem->value; + break; case SKL_TKN_U8_MOD_TYPE: mconfig->m_type = tkn_elem->value; -- 2.19.0.rc2

7 years, 1 month

1
0
0 0

[PATCH] usb: gadget: udc: renesas_usb3: Fix b-device mode for "workaround"

by Yoshihiro Shimoda

If the "workaround_for_vbus" is true, the driver will not call usb_disconnect(). So, since the controller keeps some registers' value, the driver doesn't re-enumarate suitable speed after the b-device mode is disabled. To fix the issue, this patch adds usb_disconnect() calling in renesas_usb3_b_device_write() if workaround_for_vbus is true. Fixes: 43ba968b00ea ("usb: gadget: udc: renesas_usb3: add debugfs to set the b-device mode") Cc: <stable(a)vger.kernel.org> # v4.14+ Signed-off-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> --- drivers/usb/gadget/udc/renesas_usb3.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/usb/gadget/udc/renesas_usb3.c b/drivers/usb/gadget/udc/renesas_usb3.c index e1656f3..67d8a50 100644 --- a/drivers/usb/gadget/udc/renesas_usb3.c +++ b/drivers/usb/gadget/udc/renesas_usb3.c @@ -2437,6 +2437,9 @@ static ssize_t renesas_usb3_b_device_write(struct file *file, else usb3->forced_b_device = false; + if (usb3->workaround_for_vbus) + usb3_disconnect(usb3); + /* Let this driver call usb3_connect() anyway */ usb3_check_id(usb3); -- 1.9.1

7 years, 1 month

2
1
0 0

[PATCH 1/3] ARM: socfpga: Clean unused functions

by Clément Péron

These functions are unused externally, removed them and declare the one used locally as static. Signed-off-by: Clément Péron <peron.clem(a)gmail.com> --- arch/arm/mach-socfpga/core.h | 2 -- arch/arm/mach-socfpga/socfpga.c | 2 +- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/arch/arm/mach-socfpga/core.h b/arch/arm/mach-socfpga/core.h index 65e1817d8afe..92cae0a9213f 100644 --- a/arch/arm/mach-socfpga/core.h +++ b/arch/arm/mach-socfpga/core.h @@ -34,8 +34,6 @@ #define RSTMGR_MPUMODRST_CPU1 0x2 /* CPU1 Reset */ -extern void socfpga_init_clocks(void); -extern void socfpga_sysmgr_init(void); void socfpga_init_l2_ecc(void); void socfpga_init_ocram_ecc(void); void socfpga_init_arria10_l2_ecc(void); diff --git a/arch/arm/mach-socfpga/socfpga.c b/arch/arm/mach-socfpga/socfpga.c index dde14f7bf2c3..5fb6f79059a8 100644 --- a/arch/arm/mach-socfpga/socfpga.c +++ b/arch/arm/mach-socfpga/socfpga.c @@ -32,7 +32,7 @@ void __iomem *rst_manager_base_addr; void __iomem *sdr_ctl_base_addr; unsigned long socfpga_cpu1start_addr; -void __init socfpga_sysmgr_init(void) +static void __init socfpga_sysmgr_init(void) { struct device_node *np; -- 2.17.1

7 years, 1 month

2
4
0 0

[PATCH] x86/vdso: Fix vDSO syscall fallback asm constraint regression

by Andy Lutomirski

When I added the missing memory outputs, I failed to update the index of the first argument (ebx) on 32-bit builds, which broke the fallbacks. Somehow I must have screwed up my testing or gotten lucky. Add another test to cover gettimeofday() as well. Cc: stable(a)vger.kernel.org Fixes: 715bd9d12f84 ("x86/vdso: Fix asm constraints on vDSO syscall fallbacks") Cc: Thomas Gleixner <tglx(a)linutronix.de> Signed-off-by: Andy Lutomirski <luto(a)kernel.org> --- arch/x86/entry/vdso/vclock_gettime.c | 8 +-- tools/testing/selftests/x86/test_vdso.c | 73 +++++++++++++++++++++++++ 2 files changed, 77 insertions(+), 4 deletions(-) diff --git a/arch/x86/entry/vdso/vclock_gettime.c b/arch/x86/entry/vdso/vclock_gettime.c index 134e2d2e8add..e48ca3afa091 100644 --- a/arch/x86/entry/vdso/vclock_gettime.c +++ b/arch/x86/entry/vdso/vclock_gettime.c @@ -68,11 +68,11 @@ notrace static long vdso_fallback_gettime(long clock, struct timespec *ts) asm ( "mov %%ebx, %%edx \n" - "mov %2, %%ebx \n" + "mov %[clock], %%ebx \n" "call __kernel_vsyscall \n" "mov %%edx, %%ebx \n" : "=a" (ret), "=m" (*ts) - : "0" (__NR_clock_gettime), "g" (clock), "c" (ts) + : "0" (__NR_clock_gettime), [clock] "g" (clock), "c" (ts) : "memory", "edx"); return ret; } @@ -83,11 +83,11 @@ notrace static long vdso_fallback_gtod(struct timeval *tv, struct timezone *tz) asm ( "mov %%ebx, %%edx \n" - "mov %2, %%ebx \n" + "mov %[tv], %%ebx \n" "call __kernel_vsyscall \n" "mov %%edx, %%ebx \n" : "=a" (ret), "=m" (*tv), "=m" (*tz) - : "0" (__NR_gettimeofday), "g" (tv), "c" (tz) + : "0" (__NR_gettimeofday), [tv] "g" (tv), "c" (tz) : "memory", "edx"); return ret; } diff --git a/tools/testing/selftests/x86/test_vdso.c b/tools/testing/selftests/x86/test_vdso.c index 49f7294fb382..35edd61d1663 100644 --- a/tools/testing/selftests/x86/test_vdso.c +++ b/tools/testing/selftests/x86/test_vdso.c @@ -36,6 +36,10 @@ typedef int (*vgettime_t)(clockid_t, struct timespec *); vgettime_t vdso_clock_gettime; +typedef long (*vgtod_t)(struct timeval *tv, struct timezone *tz); + +vgtod_t vdso_gettimeofday; + typedef long (*getcpu_t)(unsigned *, unsigned *, void *); getcpu_t vgetcpu; @@ -104,6 +108,11 @@ static void fill_function_pointers() vdso_clock_gettime = (vgettime_t)dlsym(vdso, "__vdso_clock_gettime"); if (!vdso_clock_gettime) printf("Warning: failed to find clock_gettime in vDSO\n"); + + vdso_gettimeofday = (vgtod_t)dlsym(vdso, "__vdso_gettimeofday"); + if (!vdso_gettimeofday) + printf("Warning: failed to find gettimeofday in vDSO\n"); + } static long sys_getcpu(unsigned * cpu, unsigned * node, @@ -117,6 +126,11 @@ static inline int sys_clock_gettime(clockid_t id, struct timespec *ts) return syscall(__NR_clock_gettime, id, ts); } +static inline int sys_gettimeofday(struct timeval *tv, struct timezone *tz) +{ + return syscall(__NR_gettimeofday, tv, tz); +} + static void test_getcpu(void) { printf("[RUN]\tTesting getcpu...\n"); @@ -177,6 +191,14 @@ static bool ts_leq(const struct timespec *a, const struct timespec *b) return a->tv_nsec <= b->tv_nsec; } +static bool tv_leq(const struct timeval *a, const struct timeval *b) +{ + if (a->tv_sec != b->tv_sec) + return a->tv_sec < b->tv_sec; + else + return a->tv_usec <= b->tv_usec; +} + static char const * const clocknames[] = { [0] = "CLOCK_REALTIME", [1] = "CLOCK_MONOTONIC", @@ -248,11 +270,62 @@ static void test_clock_gettime(void) test_one_clock_gettime(INT_MAX, "invalid"); } +static void test_gettimeofday(void) +{ + struct timeval start, vdso, end; + struct timezone sys_tz, vdso_tz; + int vdso_ret, end_ret; + + if (!vdso_gettimeofday) + return; + + printf("[RUN]\tTesting gettimeofday...\n"); + + if (sys_gettimeofday(&start, &sys_tz) < 0) { + printf("[FAIL]\tsys_gettimeofday failed (%d)\n", errno); + nerrs++; + return; + } + + vdso_ret = vdso_gettimeofday(&vdso, &vdso_tz); + end_ret = sys_gettimeofday(&end, NULL); + + if (vdso_ret != 0 || end_ret != 0) { + printf("[FAIL]\tvDSO returned %d, syscall errno=%d\n", + vdso_ret, errno); + nerrs++; + return; + } + + printf("\t%llu.%06ld %llu.%06ld %llu.%06ld\n", + (unsigned long long)start.tv_sec, start.tv_usec, + (unsigned long long)vdso.tv_sec, vdso.tv_usec, + (unsigned long long)end.tv_sec, end.tv_usec); + + if (!tv_leq(&start, &vdso) || !tv_leq(&vdso, &end)) { + printf("[FAIL]\tTimes are out of sequence\n"); + nerrs++; + } + + if (sys_tz.tz_minuteswest == vdso_tz.tz_minuteswest && + sys_tz.tz_dsttime == vdso_tz.tz_dsttime) { + printf("[OK]\ttimezones match: minuteswest=%d, dsttime=%d\n", + sys_tz.tz_minuteswest, sys_tz.tz_dsttime); + } else { + printf("[FAIL]\ttimezones do not match\n"); + nerrs++; + } + + /* And make sure that passing NULL for tz doesn't crash. */ + vdso_gettimeofday(&vdso, NULL); +} + int main(int argc, char **argv) { fill_function_pointers(); test_clock_gettime(); + test_gettimeofday(); /* * Test getcpu() last so that, if something goes wrong setting affinity, -- 2.17.1

7 years, 1 month

1
0
0 0

[net] ixgbe: check return value of napi_complete_done()

by Jeff Kirsher

From: Song Liu <songliubraving(a)fb.com> The NIC driver should only enable interrupts when napi_complete_done() returns true. This patch adds the check for ixgbe. Cc: stable(a)vger.kernel.org # 4.10+ Suggested-by: Eric Dumazet <edumazet(a)google.com> Signed-off-by: Song Liu <songliubraving(a)fb.com> Tested-by: Andrew Bowers <andrewx.bowers(a)intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher(a)intel.com> --- drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c index f27d73a7bf16..6cdd58d9d461 100644 --- a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c +++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c @@ -3196,11 +3196,13 @@ int ixgbe_poll(struct napi_struct *napi, int budget) return budget; /* all work done, exit the polling mode */ - napi_complete_done(napi, work_done); - if (adapter->rx_itr_setting & 1) - ixgbe_set_itr(q_vector); - if (!test_bit(__IXGBE_DOWN, &adapter->state)) - ixgbe_irq_enable_queues(adapter, BIT_ULL(q_vector->v_idx)); + if (likely(napi_complete_done(napi, work_done))) { + if (adapter->rx_itr_setting & 1) + ixgbe_set_itr(q_vector); + if (!test_bit(__IXGBE_DOWN, &adapter->state)) + ixgbe_irq_enable_queues(adapter, + BIT_ULL(q_vector->v_idx)); + } return min(work_done, budget - 1); } -- 2.17.1

7 years, 1 month

2
1
0 0

[PATCH 4.9 00/94] 4.9.131-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.9.131 release. There are 94 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu Oct 4 13:24:37 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.131-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.9.131-rc1 Mika Westerberg <mika.westerberg(a)linux.intel.com> i2c: i801: Allow ACPI AML access I/O ports not reserved for SMBus Marc Zyngier <marc.zyngier(a)arm.com> arm/arm64: smccc-1.1: Handle function result as parameters Marc Zyngier <marc.zyngier(a)arm.com> arm/arm64: smccc-1.1: Make return values unsigned long Rex Zhu <Rex.Zhu(a)amd.com> drm/amdgpu: Update power state at the end of smu hw_init. Rex Zhu <Rex.Zhu(a)amd.com> drm/amdgpu: Enable/disable gfx PG feature in rlc safe mode Dan Carpenter <dan.carpenter(a)oracle.com> hwmon: (adt7475) Make adt7475_read_word() return errors Lothar Felten <lothar.felten(a)gmail.com> hwmon: (ina2xx) fix sysfs shunt resistor read access Bo Chen <chenbo(a)pdx.edu> e1000: ensure to free old tx/rx rings in set_ringparam() Bo Chen <chenbo(a)pdx.edu> e1000: check on netif_running() before calling e1000_up() Huazhong Tan <tanhuazhong(a)huawei.com> net: hns: fix skb->truesize underestimation Huazhong Tan <tanhuazhong(a)huawei.com> net: hns: fix length and page_offset overflow when CONFIG_ARM64_64K_PAGES Anson Huang <Anson.Huang(a)nxp.com> thermal: of-thermal: disable passive polling when thermal zone is disabled Tomer Tayar <Tomer.Tayar(a)cavium.com> qed: Wait for MCP halt and resume commands to take place Tomer Tayar <Tomer.Tayar(a)cavium.com> qed: Wait for ready indication before rereading the shmem Theodore Ts'o <tytso(a)mit.edu> ext4: never move the system.data xattr out of the inode body Dave Martin <Dave.Martin(a)arm.com> arm64: KVM: Tighten guest core register access from userspace Ira Weiny <ira.weiny(a)intel.com> IB/hfi1: Fix SL array bounds check Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> serial: imx: restore handshaking irq for imx1 Vincent Pelletier <plr.vincent(a)gmail.com> scsi: target: iscsi: Use bin2hex instead of a re-implementation Michael J. Ruhl <michael.j.ruhl(a)intel.com> IB/hfi1: Fix context recovery when PBC has an UnsupportedVL Michael J. Ruhl <michael.j.ruhl(a)intel.com> IB/hfi1: Invalid user input can result in crash Bart Van Assche <bvanassche(a)acm.org> IB/srp: Avoid that sg_reset -d ${srp_device} triggers an infinite loop Aaron Ma <aaron.ma(a)canonical.com> Input: elantech - enable middle button of touchpad on ThinkPad P72 Alan Stern <stern(a)rowland.harvard.edu> USB: remove LPM management from usb_driver_claim_interface() Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> Revert "usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt()" Oliver Neukum <oneukum(a)suse.com> USB: usbdevfs: restore warning for nonsensical flags Oliver Neukum <oneukum(a)suse.com> USB: usbdevfs: sanitize flags more ming_qian <ming_qian(a)realsil.com.cn> media: uvcvideo: Support realtek's UVC 1.5 device Alexey Dobriyan <adobriyan(a)gmail.com> slub: make ->cpu_partial unsigned int Alan Stern <stern(a)rowland.harvard.edu> USB: handle NULL config in usb_find_alt_setting() Alan Stern <stern(a)rowland.harvard.edu> USB: fix error handling in usb_driver_claim_interface() Yu Zhao <yuzhao(a)google.com> regulator: fix crash caused by null driver data Geert Uytterhoeven <geert+renesas(a)glider.be> spi: rspi: Fix interrupted DMA transfers Geert Uytterhoeven <geert+renesas(a)glider.be> spi: rspi: Fix invalid SPI use during system suspend Hiromitsu Yamasaki <hiromitsu.yamasaki.ym(a)renesas.com> spi: sh-msiof: Fix handling of write value for SISTR register Gaku Inami <gaku.inami.xw(a)bp.renesas.com> spi: sh-msiof: Fix invalid SPI use during system suspend Marcel Ziswiler <marcel.ziswiler(a)toradex.com> spi: tegra20-slink: explicitly enable/disable clock Christophe Leroy <christophe.leroy(a)c-s.fr> serial: cpm_uart: return immediately from console poll Stefan Agner <stefan(a)agner.ch> tty: serial: lpuart: avoid leaking struct tty_struct Andy Whitcroft <apw(a)canonical.com> floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl Kevin Hilman <khilman(a)baylibre.com> ARM: dts: dra7: fix DCAN node addresses Johan Hovold <johan(a)kernel.org> EDAC: Fix memleak in module init error path J. Bruce Fields <bfields(a)redhat.com> nfsd: fix corrupted reply to badly ordered compound Nadav Amit <namit(a)vmware.com> gpio: Fix wrong rounding in gpio-menz127 Jessica Yu <jeyu(a)kernel.org> module: exclude SHN_UNDEF symbols from kallsyms api Liam Girdwood <liam.r.girdwood(a)linux.intel.com> ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs Johan Hovold <johan(a)kernel.org> EDAC, i7core: Fix memleaks and use-after-free on probe and remove Shivasharan S <shivasharan.srikanteshwara(a)broadcom.com> scsi: megaraid_sas: Update controller info during resume Zhouyang Jia <jiazhouyang09(a)gmail.com> scsi: bnx2i: add error handling for ioremap_nocache Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel/lbr: Fix incomplete LBR call stack Zhouyang Jia <jiazhouyang09(a)gmail.com> HID: hid-ntrig: add error handling for sysfs_create_group Ethan Tuttle <ethan(a)ethantuttle.com> ARM: mvebu: declare asm symbols as character arrays in pmsu.c Tony Lindgren <tony(a)atomide.com> wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout() Dan Carpenter <dan.carpenter(a)oracle.com> rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication() Jernej Skrabec <jernej.skrabec(a)siol.net> drm/sun4i: Fix releasing node when enumerating enpoints Brandon Maier <brandon.maier(a)rockwellcollins.com> net: phy: xgmiitorgmii: Check phy_driver ready before accessing Ben Greear <greearb(a)candelatech.com> ath10k: protect ath10k_htt_rx_ring_free with rx_ring.lock Brandon Maier <brandon.maier(a)rockwellcollins.com> net: phy: xgmiitorgmii: Check read_status results Kai-Heng Feng <kai.heng.feng(a)canonical.com> ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge Zhouyang Jia <jiazhouyang09(a)gmail.com> media: tm6000: add error handling for dvb_register_adapter Zhouyang Jia <jiazhouyang09(a)gmail.com> drivers/tty: add error handling for pcmcia_loop_config Alistair Strachan <astrachan(a)google.com> staging: android: ashmem: Fix mmap size validation Javier Martinez Canillas <javierm(a)redhat.com> media: omap3isp: zero-initialize the isp cam_xclk{a,b} initial data Akinobu Mita <akinobu.mita(a)gmail.com> media: soc_camera: ov772x: correct setting of banding filter Akinobu Mita <akinobu.mita(a)gmail.com> media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power Nicholas Mc Guire <hofrat(a)osadl.org> ALSA: snd-aoa: add of_node_put() in error path Vasily Gorbik <gor(a)linux.ibm.com> s390/extmem: fix gcc 8 stringop-overflow warning Thomas Gleixner <tglx(a)linutronix.de> alarmtimer: Prevent overflow for relative nanosleep Alexey Kardashevskiy <aik(a)ozlabs.ru> powerpc/powernv/ioda2: Reduce upper limit for DMA window size Julia Lawall <Julia.Lawall(a)lip6.fr> usb: wusbcore: security: cast sizeof to int for comparison Breno Leitao <leitao(a)debian.org> scsi: ibmvscsi: Improve strings handling Bart Van Assche <bart.vanassche(a)wdc.com> scsi: klist: Make it safe to use klists in atomic context Bart Van Assche <bart.vanassche(a)wdc.com> scsi: target/iscsi: Make iscsit_ta_authentication() respect the output buffer size Jan Beulich <JBeulich(a)suse.com> x86/entry/64: Add two more instruction suffixes Dave Gerlach <d-gerlach(a)ti.com> ARM: hwmod: RTC: Don't assume lock/unlock will be called with irq enabled Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> x86/tsc: Add missing header to tsc_msr.c Alexey Khoroshilov <khoroshilov(a)ispras.ru> media: fsl-viu: fix error handling in viu_of_probe() Hari Bathini <hbathini(a)linux.ibm.com> powerpc/kdump: Handle crashkernel memory reservation failure Sylwester Nawrocki <s.nawrocki(a)samsung.com> media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt() Dan Carpenter <dan.carpenter(a)oracle.com> IB/core: type promotion bug in rdma_rw_init_one_mr() Guoqing Jiang <gqjiang(a)suse.com> md-cluster: clear another node's suspend_area after the copy is finished Benjamin Tissoires <benjamin.tissoires(a)redhat.com> power: remove possible deadlock when unregistering power_supply Vasily Gorbik <gor(a)linux.ibm.com> s390/mm: correct allocate_pgste proc_handler callback Michael Scott <michael(a)opensourcefoundries.com> 6lowpan: iphc: reset mac_header after decompress to fix panic Johan Hovold <johan(a)kernel.org> USB: serial: kobil_sct: fix modem-status error handling Jian-Hong Pan <jian-hong(a)endlessm.com> Bluetooth: Add a new Realtek 8723DE ID 0bda:b009 Zhen Lei <thunder.leizhen(a)huawei.com> iommu/amd: make sure TLB to be flushed before IOVA freed Sudeep Holla <sudeep.holla(a)arm.com> power: vexpress: fix corruption in notifier registration Anton Vasilyev <vasilyev(a)ispras.ru> uwb: hwa-rc: fix memory leak at probe Colin Ian King <colin.king(a)canonical.com> staging: rts5208: fix missing error check on call to rtsx_write_register Dan Williams <dan.j.williams(a)intel.com> x86/numa_emulation: Fix emulated-to-physical node mapping Dan Carpenter <dan.carpenter(a)oracle.com> vmci: type promotion bug in qp_host_get_user_memory() Matt Ranostay <matt.ranostay(a)konsulko.com> tsl2550: fix lux1_input error in low light Stafford Horne <shorne(a)gmail.com> crypto: skcipher - Fix -Wstringop-truncation warnings ------------- Diffstat: Documentation/hwmon/ina2xx | 2 +- Makefile | 4 +- arch/arm/boot/dts/dra7.dtsi | 4 +- arch/arm/mach-mvebu/pmsu.c | 6 +- arch/arm/mach-omap2/omap_hwmod_reset.c | 12 ++- arch/arm64/kvm/guest.c | 45 ++++++++++ arch/powerpc/kernel/machine_kexec.c | 7 +- arch/powerpc/platforms/powernv/pci-ioda.c | 2 +- arch/s390/mm/extmem.c | 4 +- arch/s390/mm/pgalloc.c | 2 +- arch/x86/entry/entry_64.S | 4 +- arch/x86/events/intel/lbr.c | 32 ++++++-- arch/x86/events/perf_event.h | 1 + arch/x86/kernel/tsc_msr.c | 1 + arch/x86/mm/numa_emulation.c | 2 +- crypto/ablkcipher.c | 2 + crypto/blkcipher.c | 1 + drivers/block/floppy.c | 3 + drivers/bluetooth/btusb.c | 1 + drivers/edac/edac_mc_sysfs.c | 6 +- drivers/edac/i7core_edac.c | 22 +++-- drivers/gpio/gpio-menz127.c | 4 +- drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c | 11 ++- drivers/gpu/drm/amd/amdgpu/kv_dpm.c | 4 +- drivers/gpu/drm/amd/amdgpu/si_dpm.c | 3 +- drivers/gpu/drm/sun4i/sun4i_drv.c | 3 +- drivers/hid/hid-ntrig.c | 2 + drivers/hwmon/adt7475.c | 14 ++-- drivers/hwmon/ina2xx.c | 13 ++- drivers/i2c/busses/i2c-i801.c | 9 +- drivers/infiniband/core/rw.c | 2 +- drivers/infiniband/hw/hfi1/pio.c | 9 +- drivers/infiniband/hw/hfi1/user_sdma.c | 2 +- drivers/infiniband/hw/hfi1/verbs.c | 8 +- drivers/infiniband/ulp/srp/ib_srp.c | 6 +- drivers/input/mouse/elantech.c | 2 + drivers/iommu/amd_iommu.c | 2 +- drivers/md/md-cluster.c | 19 +++-- drivers/media/i2c/soc_camera/ov772x.c | 2 +- drivers/media/platform/exynos4-is/fimc-isp-video.c | 11 ++- drivers/media/platform/fsl-viu.c | 38 +++++---- drivers/media/platform/omap3isp/isp.c | 2 +- drivers/media/platform/s3c-camif/camif-capture.c | 2 + drivers/media/usb/tm6000/tm6000-dvb.c | 5 ++ drivers/media/usb/uvc/uvc_video.c | 24 ++++-- drivers/misc/tsl2550.c | 2 +- drivers/misc/vmw_vmci/vmci_queue_pair.c | 4 +- drivers/net/ethernet/hisilicon/hns/hnae.h | 6 +- drivers/net/ethernet/hisilicon/hns/hns_enet.c | 2 +- drivers/net/ethernet/intel/e1000/e1000_ethtool.c | 7 +- drivers/net/ethernet/qlogic/qed/qed_mcp.c | 96 ++++++++++++++++++---- drivers/net/ethernet/qlogic/qed/qed_reg_addr.h | 1 + drivers/net/phy/xilinx_gmii2rgmii.c | 10 ++- drivers/net/wireless/ath/ath10k/htt_rx.c | 5 +- drivers/net/wireless/rndis_wlan.c | 2 + drivers/net/wireless/ti/wlcore/cmd.c | 6 ++ drivers/power/reset/vexpress-poweroff.c | 12 ++- drivers/power/supply/power_supply_core.c | 11 ++- drivers/regulator/core.c | 2 +- drivers/scsi/bnx2i/bnx2i_hwi.c | 2 + drivers/scsi/ibmvscsi/ibmvscsi.c | 4 +- drivers/scsi/megaraid/megaraid_sas_base.c | 3 + drivers/spi/spi-rspi.c | 34 +++++++- drivers/spi/spi-sh-msiof.c | 28 ++++++- drivers/spi/spi-tegra20-slink.c | 31 +++++-- drivers/staging/android/ashmem.c | 6 ++ drivers/staging/rts5208/sd.c | 2 +- drivers/target/iscsi/iscsi_target_auth.c | 15 +--- drivers/target/iscsi/iscsi_target_tpg.c | 3 +- drivers/thermal/of-thermal.c | 7 +- drivers/tty/serial/8250/serial_cs.c | 6 +- drivers/tty/serial/cpm_uart/cpm_uart_core.c | 10 ++- drivers/tty/serial/fsl_lpuart.c | 3 +- drivers/tty/serial/imx.c | 8 ++ drivers/usb/class/cdc-wdm.c | 2 +- drivers/usb/core/devio.c | 24 +++++- drivers/usb/core/driver.c | 28 +++---- drivers/usb/core/usb.c | 2 + drivers/usb/serial/kobil_sct.c | 12 ++- drivers/usb/wusbcore/security.c | 2 +- drivers/uwb/hwa-rc.c | 1 + fs/ext4/xattr.c | 5 ++ fs/nfsd/nfs4proc.c | 1 + include/linux/arm-smccc.h | 38 +++++---- include/linux/platform_data/ina2xx.h | 2 +- include/linux/power_supply.h | 1 + include/linux/slub_def.h | 3 +- kernel/module.c | 6 +- kernel/time/alarmtimer.c | 3 +- lib/klist.c | 10 ++- mm/slub.c | 6 +- net/6lowpan/iphc.c | 1 + sound/aoa/core/gpio-feature.c | 4 +- sound/pci/hda/hda_intel.c | 3 +- sound/soc/soc-dapm.c | 7 ++ 95 files changed, 630 insertions(+), 219 deletions(-)

7 years, 1 month

5
98
0 0

[PATCH v5 2/8] mtd: maps: gpio-addr-flash: Fix ioremapped size

by Ricardo Ribalda Delgado

We should only iomap the area of the chip that is memory mapped. Otherwise we could be mapping devices beyond the memory space or that belong to other devices. Signed-off-by: Ricardo Ribalda Delgado <ricardo.ribalda(a)gmail.com> Fixes: ebd71e3a4861 ("mtd: maps: gpio-addr-flash: fix warnings and make more portable") Cc: <stable(a)vger.kernel.org> --- drivers/mtd/maps/gpio-addr-flash.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/mtd/maps/gpio-addr-flash.c b/drivers/mtd/maps/gpio-addr-flash.c index 17be47f72973..6de16e81994c 100644 --- a/drivers/mtd/maps/gpio-addr-flash.c +++ b/drivers/mtd/maps/gpio-addr-flash.c @@ -234,7 +234,7 @@ static int gpio_flash_probe(struct platform_device *pdev) state->map.copy_to = gf_copy_to; state->map.bankwidth = pdata->width; state->map.size = state->win_size * (1 << state->gpio_count); - state->map.virt = ioremap_nocache(memory->start, state->map.size); + state->map.virt = ioremap_nocache(memory->start, state->win_size); if (!state->map.virt) return -ENOMEM; -- 2.19.0

7 years, 1 month

1
0
0 0

patch "usb: typec: tcpm: Fix APDO PPS order checking to be based on voltage" added to usb-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: typec: tcpm: Fix APDO PPS order checking to be based on voltage to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. >From 1b6af2f58c2b1522e0804b150ca95e50a9e80ea7 Mon Sep 17 00:00:00 2001 From: Adam Thomson <Adam.Thomson.Opensource(a)diasemi.com> Date: Fri, 21 Sep 2018 16:04:11 +0100 Subject: usb: typec: tcpm: Fix APDO PPS order checking to be based on voltage Current code mistakenly checks against max current to determine order but this should be max voltage. This commit fixes the issue so order is correctly determined, thus avoiding failure based on a higher voltage PPS APDO having a lower maximum current output, which is actually valid. Fixes: 2eadc33f40d4 ("typec: tcpm: Add core support for sink side PPS") Cc: <stable(a)vger.kernel.org> Signed-off-by: Adam Thomson <Adam.Thomson.Opensource(a)diasemi.com> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Reviewed-by: Guenter Roeck <linux(a)roeck-us.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/typec/tcpm/tcpm.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index 4f1f4215f3d6..c11b3befa87f 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -1430,8 +1430,8 @@ static enum pdo_err tcpm_caps_err(struct tcpm_port *port, const u32 *pdo, if (pdo_apdo_type(pdo[i]) != APDO_TYPE_PPS) break; - if (pdo_pps_apdo_max_current(pdo[i]) < - pdo_pps_apdo_max_current(pdo[i - 1])) + if (pdo_pps_apdo_max_voltage(pdo[i]) < + pdo_pps_apdo_max_voltage(pdo[i - 1])) return PDO_ERR_PPS_APDO_NOT_SORTED; else if (pdo_pps_apdo_min_voltage(pdo[i]) == pdo_pps_apdo_min_voltage(pdo[i - 1]) && -- 2.19.0

7 years, 1 month

1
0
0 0

patch "iio: ad5064: Fix regulator handling" added to staging-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: ad5064: Fix regulator handling to my staging git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git in the staging-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. >From 8911a43bc198877fad9f4b0246a866b26bb547ab Mon Sep 17 00:00:00 2001 From: Lars-Peter Clausen <lars(a)metafoo.de> Date: Fri, 28 Sep 2018 11:23:40 +0200 Subject: iio: ad5064: Fix regulator handling The correct way to handle errors returned by regualtor_get() and friends is to propagate the error since that means that an regulator was specified, but something went wrong when requesting it. For handling optional regulators, e.g. when the device has an internal vref, regulator_get_optional() should be used to avoid getting the dummy regulator that the regulator core otherwise provides. Signed-off-by: Lars-Peter Clausen <lars(a)metafoo.de> Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/dac/ad5064.c | 53 ++++++++++++++++++++++++++++------------ 1 file changed, 38 insertions(+), 15 deletions(-) diff --git a/drivers/iio/dac/ad5064.c b/drivers/iio/dac/ad5064.c index bf4fc40ec84d..2f98cb2a3b96 100644 --- a/drivers/iio/dac/ad5064.c +++ b/drivers/iio/dac/ad5064.c @@ -808,6 +808,40 @@ static int ad5064_set_config(struct ad5064_state *st, unsigned int val) return ad5064_write(st, cmd, 0, val, 0); } +static int ad5064_request_vref(struct ad5064_state *st, struct device *dev) +{ + unsigned int i; + int ret; + + for (i = 0; i < ad5064_num_vref(st); ++i) + st->vref_reg[i].supply = ad5064_vref_name(st, i); + + if (!st->chip_info->internal_vref) + return devm_regulator_bulk_get(dev, ad5064_num_vref(st), + st->vref_reg); + + /* + * This assumes that when the regulator has an internal VREF + * there is only one external VREF connection, which is + * currently the case for all supported devices. + */ + st->vref_reg[0].consumer = devm_regulator_get_optional(dev, "vref"); + if (!IS_ERR(st->vref_reg[0].consumer)) + return 0; + + ret = PTR_ERR(st->vref_reg[0].consumer); + if (ret != -ENODEV) + return ret; + + /* If no external regulator was supplied use the internal VREF */ + st->use_internal_vref = true; + ret = ad5064_set_config(st, AD5064_CONFIG_INT_VREF_ENABLE); + if (ret) + dev_err(dev, "Failed to enable internal vref: %d\n", ret); + + return ret; +} + static int ad5064_probe(struct device *dev, enum ad5064_type type, const char *name, ad5064_write_func write) { @@ -828,22 +862,11 @@ static int ad5064_probe(struct device *dev, enum ad5064_type type, st->dev = dev; st->write = write; - for (i = 0; i < ad5064_num_vref(st); ++i) - st->vref_reg[i].supply = ad5064_vref_name(st, i); + ret = ad5064_request_vref(st, dev); + if (ret) + return ret; - ret = devm_regulator_bulk_get(dev, ad5064_num_vref(st), - st->vref_reg); - if (ret) { - if (!st->chip_info->internal_vref) - return ret; - st->use_internal_vref = true; - ret = ad5064_set_config(st, AD5064_CONFIG_INT_VREF_ENABLE); - if (ret) { - dev_err(dev, "Failed to enable internal vref: %d\n", - ret); - return ret; - } - } else { + if (!st->use_internal_vref) { ret = regulator_bulk_enable(ad5064_num_vref(st), st->vref_reg); if (ret) return ret; -- 2.19.0

7 years, 1 month

1
0
0 0

patch "iio: adc: at91: fix wrong channel number in triggered buffer mode" added to staging-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: adc: at91: fix wrong channel number in triggered buffer mode to my staging git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git in the staging-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. >From aea835f2dc8a682942b859179c49ad1841a6c8b9 Mon Sep 17 00:00:00 2001 From: Eugen Hristev <eugen.hristev(a)microchip.com> Date: Mon, 24 Sep 2018 10:51:44 +0300 Subject: iio: adc: at91: fix wrong channel number in triggered buffer mode When channels are registered, the hardware channel number is not the actual iio channel number. This is because the driver is probed with a certain number of accessible channels. Some pins are routed and some not, depending on the description of the board in the DT. Because of that, channels 0,1,2,3 can correspond to hardware channels 2,3,4,5 for example. In the buffered triggered case, we need to do the translation accordingly. Fixed the channel number to stop reading the wrong channel. Fixes: 0e589d5fb ("ARM: AT91: IIO: Add AT91 ADC driver.") Cc: Maxime Ripard <maxime.ripard(a)bootlin.com> Signed-off-by: Eugen Hristev <eugen.hristev(a)microchip.com> Acked-by: Ludovic Desroches <ludovic.desroches(a)microchip.com> Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/adc/at91_adc.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/iio/adc/at91_adc.c b/drivers/iio/adc/at91_adc.c index e3be88e7192c..75d2f73582a3 100644 --- a/drivers/iio/adc/at91_adc.c +++ b/drivers/iio/adc/at91_adc.c @@ -248,12 +248,14 @@ static irqreturn_t at91_adc_trigger_handler(int irq, void *p) struct iio_poll_func *pf = p; struct iio_dev *idev = pf->indio_dev; struct at91_adc_state *st = iio_priv(idev); + struct iio_chan_spec const *chan; int i, j = 0; for (i = 0; i < idev->masklength; i++) { if (!test_bit(i, idev->active_scan_mask)) continue; - st->buffer[j] = at91_adc_readl(st, AT91_ADC_CHAN(st, i)); + chan = idev->channels + i; + st->buffer[j] = at91_adc_readl(st, AT91_ADC_CHAN(st, chan->channel)); j++; } -- 2.19.0

7 years, 1 month

1
0
0 0

patch "iio: adc: at91: fix acking DRDY irq on simple conversions" added to staging-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: adc: at91: fix acking DRDY irq on simple conversions to my staging git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git in the staging-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. >From bc1b45326223e7e890053cf6266357adfa61942d Mon Sep 17 00:00:00 2001 From: Eugen Hristev <eugen.hristev(a)microchip.com> Date: Mon, 24 Sep 2018 10:51:43 +0300 Subject: iio: adc: at91: fix acking DRDY irq on simple conversions When doing simple conversions, the driver did not acknowledge the DRDY irq. If this irq status is not acked, it will be left pending, and as soon as a trigger is enabled, the irq handler will be called, it doesn't know why this status has occurred because no channel is pending, and then it will go int a irq loop and board will hang. To avoid this situation, read the LCDR after a raw conversion is done. Fixes: 0e589d5fb ("ARM: AT91: IIO: Add AT91 ADC driver.") Cc: Maxime Ripard <maxime.ripard(a)bootlin.com> Signed-off-by: Eugen Hristev <eugen.hristev(a)microchip.com> Acked-by: Ludovic Desroches <ludovic.desroches(a)microchip.com> Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/adc/at91_adc.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/iio/adc/at91_adc.c b/drivers/iio/adc/at91_adc.c index 44b516863c9d..e3be88e7192c 100644 --- a/drivers/iio/adc/at91_adc.c +++ b/drivers/iio/adc/at91_adc.c @@ -279,6 +279,8 @@ static void handle_adc_eoc_trigger(int irq, struct iio_dev *idev) iio_trigger_poll(idev->trig); } else { st->last_value = at91_adc_readl(st, AT91_ADC_CHAN(st, st->chnb)); + /* Needed to ACK the DRDY interruption */ + at91_adc_readl(st, AT91_ADC_LCDR); st->done = true; wake_up_interruptible(&st->wq_data_avail); } -- 2.19.0

7 years, 1 month

1
0
0 0

patch "iio: adc: imx25-gcq: Fix leak of device_node in mx25_gcq_setup_cfgs()" added to staging-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: adc: imx25-gcq: Fix leak of device_node in mx25_gcq_setup_cfgs() to my staging git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git in the staging-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. >From d3fa21c73c391975488818b085b894c2980ea052 Mon Sep 17 00:00:00 2001 From: Alexey Khoroshilov <khoroshilov(a)ispras.ru> Date: Sat, 22 Sep 2018 00:58:02 +0300 Subject: iio: adc: imx25-gcq: Fix leak of device_node in mx25_gcq_setup_cfgs() Leaving for_each_child_of_node loop we should release child device node, if it is not stored for future use. Found by Linux Driver Verification project (linuxtesting.org). JC: I'm not sending this as a quick fix as it's been wrong for years, but good to pick up for stable after the merge window. Signed-off-by: Alexey Khoroshilov <khoroshilov(a)ispras.ru> Fixes: 6df2e98c3ea56 ("iio: adc: Add imx25-gcq ADC driver") Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/adc/fsl-imx25-gcq.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/iio/adc/fsl-imx25-gcq.c b/drivers/iio/adc/fsl-imx25-gcq.c index ea264fa9e567..929c617db364 100644 --- a/drivers/iio/adc/fsl-imx25-gcq.c +++ b/drivers/iio/adc/fsl-imx25-gcq.c @@ -209,12 +209,14 @@ static int mx25_gcq_setup_cfgs(struct platform_device *pdev, ret = of_property_read_u32(child, "reg", &reg); if (ret) { dev_err(dev, "Failed to get reg property\n"); + of_node_put(child); return ret; } if (reg >= MX25_NUM_CFGS) { dev_err(dev, "reg value is greater than the number of available configuration registers\n"); + of_node_put(child); return -EINVAL; } @@ -228,6 +230,7 @@ static int mx25_gcq_setup_cfgs(struct platform_device *pdev, if (IS_ERR(priv->vref[refp])) { dev_err(dev, "Error, trying to use external voltage reference without a vref-%s regulator.", mx25_gcq_refp_names[refp]); + of_node_put(child); return PTR_ERR(priv->vref[refp]); } priv->channel_vref_mv[reg] = @@ -240,6 +243,7 @@ static int mx25_gcq_setup_cfgs(struct platform_device *pdev, break; default: dev_err(dev, "Invalid positive reference %d\n", refp); + of_node_put(child); return -EINVAL; } @@ -254,10 +258,12 @@ static int mx25_gcq_setup_cfgs(struct platform_device *pdev, if ((refp & MX25_ADCQ_CFG_REFP_MASK) != refp) { dev_err(dev, "Invalid fsl,adc-refp property value\n"); + of_node_put(child); return -EINVAL; } if ((refn & MX25_ADCQ_CFG_REFN_MASK) != refn) { dev_err(dev, "Invalid fsl,adc-refn property value\n"); + of_node_put(child); return -EINVAL; } -- 2.19.0

7 years, 1 month

1
0
0 0

patch "Drivers: hv: vmbus: Use cpumask_var_t for on-stack cpu mask" added to char-misc-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled Drivers: hv: vmbus: Use cpumask_var_t for on-stack cpu mask to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. >From 25355252607ca288f329ee033f387764883393f6 Mon Sep 17 00:00:00 2001 From: Dexuan Cui <decui(a)microsoft.com> Date: Sun, 23 Sep 2018 21:10:44 +0000 Subject: Drivers: hv: vmbus: Use cpumask_var_t for on-stack cpu mask MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit A cpumask structure on the stack can cause a warning with CONFIG_NR_CPUS=8192 (e.g. Ubuntu 16.04 and 18.04 use this): drivers/hv//channel_mgmt.c: In function ‘init_vp_index’: drivers/hv//channel_mgmt.c:702:1: warning: the frame size of 1032 bytes is larger than 1024 bytes [-Wframe-larger-than=] Nowadays it looks most distros enable CONFIG_CPUMASK_OFFSTACK=y, and hence we can work around the warning by using cpumask_var_t. Signed-off-by: Dexuan Cui <decui(a)microsoft.com> Cc: K. Y. Srinivasan <kys(a)microsoft.com> Cc: Haiyang Zhang <haiyangz(a)microsoft.com> Cc: Stephen Hemminger <sthemmin(a)microsoft.com> Cc: <Stable(a)vger.kernel.org> Signed-off-by: K. Y. Srinivasan <kys(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/hv/channel_mgmt.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/drivers/hv/channel_mgmt.c b/drivers/hv/channel_mgmt.c index 6f3e6af5e891..6277597d3d58 100644 --- a/drivers/hv/channel_mgmt.c +++ b/drivers/hv/channel_mgmt.c @@ -594,16 +594,18 @@ static void init_vp_index(struct vmbus_channel *channel, u16 dev_type) bool perf_chn = vmbus_devs[dev_type].perf_device; struct vmbus_channel *primary = channel->primary_channel; int next_node; - struct cpumask available_mask; + cpumask_var_t available_mask; struct cpumask *alloced_mask; if ((vmbus_proto_version == VERSION_WS2008) || - (vmbus_proto_version == VERSION_WIN7) || (!perf_chn)) { + (vmbus_proto_version == VERSION_WIN7) || (!perf_chn) || + !alloc_cpumask_var(&available_mask, GFP_KERNEL)) { /* * Prior to win8, all channel interrupts are * delivered on cpu 0. * Also if the channel is not a performance critical * channel, bind it to cpu 0. + * In case alloc_cpumask_var() fails, bind it to cpu 0. */ channel->numa_node = 0; channel->target_cpu = 0; @@ -641,7 +643,7 @@ static void init_vp_index(struct vmbus_channel *channel, u16 dev_type) cpumask_clear(alloced_mask); } - cpumask_xor(&available_mask, alloced_mask, + cpumask_xor(available_mask, alloced_mask, cpumask_of_node(primary->numa_node)); cur_cpu = -1; @@ -659,10 +661,10 @@ static void init_vp_index(struct vmbus_channel *channel, u16 dev_type) } while (true) { - cur_cpu = cpumask_next(cur_cpu, &available_mask); + cur_cpu = cpumask_next(cur_cpu, available_mask); if (cur_cpu >= nr_cpu_ids) { cur_cpu = -1; - cpumask_copy(&available_mask, + cpumask_copy(available_mask, cpumask_of_node(primary->numa_node)); continue; } @@ -692,6 +694,8 @@ static void init_vp_index(struct vmbus_channel *channel, u16 dev_type) channel->target_cpu = cur_cpu; channel->target_vp = hv_cpu_number_to_vp_number(cur_cpu); + + free_cpumask_var(available_mask); } static void vmbus_wait_for_unload(void) -- 2.19.0

7 years, 1 month

1
0
0 0

patch "Drivers: hv: kvp: Fix two "this statement may fall through" warnings" added to char-misc-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled Drivers: hv: kvp: Fix two "this statement may fall through" warnings to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. >From fc62c3b1977d62e6374fd6e28d371bb42dfa5c9d Mon Sep 17 00:00:00 2001 From: Dexuan Cui <decui(a)microsoft.com> Date: Sun, 23 Sep 2018 21:10:43 +0000 Subject: Drivers: hv: kvp: Fix two "this statement may fall through" warnings We don't need to call process_ib_ipinfo() if message->kvp_hdr.operation is KVP_OP_GET_IP_INFO in kvp_send_key(), because here we just need to pass on the op code from the host to the userspace; when the userspace returns the info requested by the host, we pass the info on to the host in kvp_respond_to_host() -> process_ob_ipinfo(). BTW, the current buggy code actually doesn't cause any harm, because only message->kvp_hdr.operation is used by the userspace, in the case of KVP_OP_GET_IP_INFO. The patch also adds a missing "break;" in kvp_send_key(). BTW, the current buggy code actually doesn't cause any harm, because in the case of KVP_OP_SET, the unexpected fall-through corrupts message->body.kvp_set.data.key_size, but that is not really used: see the definition of struct hv_kvp_exchg_msg_value. Signed-off-by: Dexuan Cui <decui(a)microsoft.com> Cc: K. Y. Srinivasan <kys(a)microsoft.com> Cc: Haiyang Zhang <haiyangz(a)microsoft.com> Cc: Stephen Hemminger <sthemmin(a)microsoft.com> Cc: <Stable(a)vger.kernel.org> Signed-off-by: K. Y. Srinivasan <kys(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/hv/hv_kvp.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/hv/hv_kvp.c b/drivers/hv/hv_kvp.c index 023bd185d21a..a7513a8a8e37 100644 --- a/drivers/hv/hv_kvp.c +++ b/drivers/hv/hv_kvp.c @@ -353,7 +353,6 @@ static void process_ib_ipinfo(void *in_msg, void *out_msg, int op) out->body.kvp_ip_val.dhcp_enabled = in->kvp_ip_val.dhcp_enabled; - default: utf16s_to_utf8s((wchar_t *)in->kvp_ip_val.adapter_id, MAX_ADAPTER_ID_SIZE, UTF16_LITTLE_ENDIAN, @@ -406,7 +405,7 @@ kvp_send_key(struct work_struct *dummy) process_ib_ipinfo(in_msg, message, KVP_OP_SET_IP_INFO); break; case KVP_OP_GET_IP_INFO: - process_ib_ipinfo(in_msg, message, KVP_OP_GET_IP_INFO); + /* We only need to pass on message->kvp_hdr.operation. */ break; case KVP_OP_SET: switch (in_msg->body.kvp_set.data.value_type) { @@ -446,6 +445,9 @@ kvp_send_key(struct work_struct *dummy) break; } + + break; + case KVP_OP_GET: message->body.kvp_set.data.key_size = utf16s_to_utf8s( -- 2.19.0

7 years, 1 month

1
0
0 0

patch "w1: omap-hdq: fix missing bus unregister at removal" added to char-misc-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled w1: omap-hdq: fix missing bus unregister at removal to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. >From a007734618fee1bf35556c04fa498d41d42c7301 Mon Sep 17 00:00:00 2001 From: Andreas Kemnade <andreas(a)kemnade.info> Date: Sat, 22 Sep 2018 21:20:54 +0200 Subject: w1: omap-hdq: fix missing bus unregister at removal The bus master was not removed after unloading the module or unbinding the driver. That lead to oopses like this [ 127.842987] Unable to handle kernel paging request at virtual address bf01d04c [ 127.850646] pgd = 70e3cd9a [ 127.853698] [bf01d04c] *pgd=8f908811, *pte=00000000, *ppte=00000000 [ 127.860412] Internal error: Oops: 80000007 [#1] PREEMPT SMP ARM [ 127.866668] Modules linked in: bq27xxx_battery overlay [last unloaded: omap_hdq] [ 127.874542] CPU: 0 PID: 1022 Comm: w1_bus_master1 Not tainted 4.19.0-rc4-00001-g2d51da718324 #12 [ 127.883819] Hardware name: Generic OMAP36xx (Flattened Device Tree) [ 127.890441] PC is at 0xbf01d04c [ 127.893798] LR is at w1_search_process_cb+0x4c/0xfc [ 127.898956] pc : [<bf01d04c>] lr : [<c05f9580>] psr: a0070013 [ 127.905609] sp : cf885f48 ip : bf01d04c fp : ddf1e11c [ 127.911132] r10: cf8fe040 r9 : c05f8d00 r8 : cf8fe040 [ 127.916656] r7 : 000000f0 r6 : cf8fe02c r5 : cf8fe000 r4 : cf8fe01c [ 127.923553] r3 : c05f8d00 r2 : 000000f0 r1 : cf8fe000 r0 : dde1ef10 [ 127.930450] Flags: NzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none [ 127.938018] Control: 10c5387d Table: 8f8f0019 DAC: 00000051 [ 127.944091] Process w1_bus_master1 (pid: 1022, stack limit = 0x9135699f) [ 127.951171] Stack: (0xcf885f48 to 0xcf886000) [ 127.955810] 5f40: cf8fe000 00000000 cf884000 cf8fe090 000003e8 c05f8d00 [ 127.964477] 5f60: dde5fc34 c05f9700 ddf1e100 ddf1e540 cf884000 cf8fe000 c05f9694 00000000 [ 127.973114] 5f80: dde5fc34 c01499a4 00000000 ddf1e540 c0149874 00000000 00000000 00000000 [ 127.981781] 5fa0: 00000000 00000000 00000000 c01010e8 00000000 00000000 00000000 00000000 [ 127.990447] 5fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 127.999114] 5fe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000 [ 128.007781] [<c05f9580>] (w1_search_process_cb) from [<c05f9700>] (w1_process+0x6c/0x118) [ 128.016479] [<c05f9700>] (w1_process) from [<c01499a4>] (kthread+0x130/0x148) [ 128.024047] [<c01499a4>] (kthread) from [<c01010e8>] (ret_from_fork+0x14/0x2c) [ 128.031677] Exception stack(0xcf885fb0 to 0xcf885ff8) [ 128.037017] 5fa0: 00000000 00000000 00000000 00000000 [ 128.045684] 5fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 128.054351] 5fe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 128.061340] Code: bad PC value [ 128.064697] ---[ end trace af066e33c0e14119 ]--- Cc: <stable(a)vger.kernel.org> Signed-off-by: Andreas Kemnade <andreas(a)kemnade.info> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/w1/masters/omap_hdq.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/w1/masters/omap_hdq.c b/drivers/w1/masters/omap_hdq.c index 83fc9aab34e8..3099052e1243 100644 --- a/drivers/w1/masters/omap_hdq.c +++ b/drivers/w1/masters/omap_hdq.c @@ -763,6 +763,8 @@ static int omap_hdq_remove(struct platform_device *pdev) /* remove module dependency */ pm_runtime_disable(&pdev->dev); + w1_remove_master_device(&omap_w1_master); + return 0; } -- 2.19.0

7 years, 1 month

1
0
0 0

[PATCH] drm: fb-helper: Validate requested pixel format against bpp

by Eugeniy Paltsev

Validate requested pixel format against bits_per_pixel to reject invalid formats with subcomponents length sum is greater than requested bits_per_pixel. weston 5.0.0 with fbdev backend tries to set up an ARGB x8r8g8b8 pixel format without bits_per_pixel updating. So it can request x8r8g8b8 with 16 bpp which is obviously incorrect and should be rejected. Cc: stable(a)vger.kernel.org Signed-off-by: Eugeniy Paltsev <Eugeniy.Paltsev(a)synopsys.com> --- drivers/gpu/drm/drm_fb_helper.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/drivers/gpu/drm/drm_fb_helper.c b/drivers/gpu/drm/drm_fb_helper.c index 16ec93b75dbf..4f39da07f053 100644 --- a/drivers/gpu/drm/drm_fb_helper.c +++ b/drivers/gpu/drm/drm_fb_helper.c @@ -1610,6 +1610,13 @@ int drm_fb_helper_check_var(struct fb_var_screeninfo *var, return -EINVAL; } + if ((var->green.length + var->blue.length + var->red.length + + var->transp.length) > var->bits_per_pixel) { + DRM_DEBUG("fb requested pixel format can't fit in %d bpp\n", + var->bits_per_pixel); + return -EINVAL; + } + switch (var->bits_per_pixel) { case 16: depth = (var->green.length == 6) ? 16 : 15; -- 2.14.4

7 years, 1 month

4
5
0 0

Linux 3.16.59

by Ben Hutchings

I'm announcing the release of the 3.16.59 kernel. All users of the 3.16 kernel series should upgrade. The updated 3.16.y git tree can be found at: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-3.16.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git The diff from 3.16.58 is attached to this message. Ben. ------------ Documentation/ABI/testing/sysfs-devices-system-cpu | 1 + Documentation/cachetlb.txt | 8 +- Documentation/kernel-parameters.txt | 45 +++ Documentation/spec_ctrl.rst | 94 +++++ Documentation/vm/remap_file_pages.txt | 7 +- Makefile | 2 +- arch/alpha/include/asm/pgtable.h | 7 - arch/arc/include/asm/pgtable.h | 13 +- arch/arm/include/asm/pgtable-2level.h | 1 - arch/arm/include/asm/pgtable-3level.h | 1 - arch/arm/include/asm/pgtable-nommu.h | 2 - arch/arm/include/asm/pgtable.h | 20 +- arch/arm/mm/proc-macros.S | 2 +- arch/arm64/include/asm/pgtable.h | 22 +- arch/avr32/include/asm/pgtable.h | 25 -- arch/blackfin/include/asm/pgtable.h | 5 - arch/c6x/include/asm/pgtable.h | 5 - arch/cris/include/arch-v10/arch/mmu.h | 3 - arch/cris/include/arch-v32/arch/mmu.h | 3 - arch/cris/include/asm/pgtable.h | 4 - arch/frv/include/asm/pgtable.h | 27 +- arch/hexagon/include/asm/pgtable.h | 60 +-- arch/ia64/include/asm/pgtable.h | 25 +- arch/m32r/include/asm/pgtable-2level.h | 4 - arch/m32r/include/asm/pgtable.h | 11 - arch/m68k/include/asm/mcf_pgtable.h | 23 +- arch/m68k/include/asm/motorola_pgtable.h | 15 - arch/m68k/include/asm/pgtable_no.h | 2 - arch/m68k/include/asm/sun3_pgtable.h | 15 - arch/metag/include/asm/pgtable.h | 6 - arch/microblaze/include/asm/pgtable.h | 11 - arch/mips/include/asm/pgtable-32.h | 39 -- arch/mips/include/asm/pgtable-64.h | 9 - arch/mips/include/asm/pgtable-bits.h | 10 - arch/mips/include/asm/pgtable.h | 2 - arch/mn10300/include/asm/pgtable.h | 17 +- arch/openrisc/include/asm/pgtable.h | 8 - arch/openrisc/kernel/head.S | 5 - arch/parisc/include/asm/pgtable.h | 10 - arch/powerpc/include/asm/pgtable-ppc32.h | 9 +- arch/powerpc/include/asm/pgtable-ppc64.h | 5 +- arch/powerpc/include/asm/pgtable.h | 1 - arch/powerpc/include/asm/pte-40x.h | 1 - arch/powerpc/include/asm/pte-44x.h | 5 - arch/powerpc/include/asm/pte-8xx.h | 1 - arch/powerpc/include/asm/pte-book3e.h | 1 - arch/powerpc/include/asm/pte-fsl-booke.h | 3 - arch/powerpc/include/asm/pte-hash32.h | 1 - arch/powerpc/include/asm/pte-hash64.h | 1 - arch/powerpc/mm/pgtable_64.c | 2 +- arch/s390/include/asm/pgtable.h | 29 +- arch/score/include/asm/pgtable-bits.h | 1 - arch/score/include/asm/pgtable.h | 18 +- arch/sh/include/asm/pgtable_32.h | 30 +- arch/sh/include/asm/pgtable_64.h | 9 +- arch/sparc/include/asm/pgtable_32.h | 24 -- arch/sparc/include/asm/pgtable_64.h | 40 -- arch/sparc/include/asm/pgtsrmmu.h | 14 +- arch/tile/include/asm/pgtable.h | 11 - arch/tile/mm/homecache.c | 4 - arch/um/include/asm/pgtable-2level.h | 9 - arch/um/include/asm/pgtable-3level.h | 20 - arch/um/include/asm/pgtable.h | 9 - arch/unicore32/include/asm/pgtable-hwdef.h | 1 - arch/unicore32/include/asm/pgtable.h | 14 - arch/x86/include/asm/cpufeature.h | 21 +- arch/x86/include/asm/io.h | 6 + arch/x86/include/asm/kvm_host.h | 1 + arch/x86/include/asm/nospec-branch.h | 43 +- arch/x86/include/asm/page_32_types.h | 9 +- arch/x86/include/asm/pgtable-2level.h | 55 +-- arch/x86/include/asm/pgtable-3level.h | 49 ++- arch/x86/include/asm/pgtable-invert.h | 41 ++ arch/x86/include/asm/pgtable.h | 144 +++++-- arch/x86/include/asm/pgtable_64.h | 60 ++- arch/x86/include/asm/pgtable_types.h | 13 +- arch/x86/include/asm/processor.h | 5 + arch/x86/include/asm/spec-ctrl.h | 80 ++++ arch/x86/include/asm/thread_info.h | 10 +- arch/x86/include/uapi/asm/msr-index.h | 9 + arch/x86/kernel/cpu/amd.c | 22 + arch/x86/kernel/cpu/bugs.c | 441 ++++++++++++++++++++- arch/x86/kernel/cpu/common.c | 97 ++++- arch/x86/kernel/cpu/cpu.h | 3 + arch/x86/kernel/cpu/intel.c | 3 + arch/x86/kernel/process.c | 146 +++++++ arch/x86/kernel/setup.c | 6 + arch/x86/kernel/smpboot.c | 5 + arch/x86/kvm/cpuid.c | 21 +- arch/x86/kvm/cpuid.h | 16 +- arch/x86/kvm/svm.c | 72 +++- arch/x86/kvm/vmx.c | 27 +- arch/x86/kvm/x86.c | 7 +- arch/x86/mm/init.c | 24 ++ arch/x86/mm/kmmio.c | 25 +- arch/x86/mm/mmap.c | 21 + arch/x86/mm/pageattr.c | 6 +- arch/x86/mm/pat.c | 14 + arch/x86/tools/relocs.c | 5 +- arch/x86/xen/smp.c | 5 + arch/xtensa/include/asm/pgtable.h | 10 - drivers/base/cpu.c | 16 + drivers/block/floppy.c | 3 + drivers/gpu/drm/ast/ast_ttm.c | 6 + drivers/gpu/drm/cirrus/cirrus_ttm.c | 7 + drivers/gpu/drm/drm_vma_manager.c | 3 +- drivers/gpu/drm/mgag200/mgag200_ttm.c | 7 + drivers/gpu/drm/nouveau/nouveau_ttm.c | 8 + drivers/gpu/drm/radeon/radeon_object.c | 5 + drivers/hid/hid-debug.c | 8 +- drivers/macintosh/via-cuda.c | 16 +- drivers/target/iscsi/iscsi_target_auth.c | 30 +- fs/9p/vfs_file.c | 2 - fs/btrfs/file.c | 1 - fs/ceph/addr.c | 1 - fs/cifs/file.c | 1 - fs/exec.c | 11 +- fs/ext4/file.c | 1 - fs/f2fs/file.c | 1 - fs/fuse/file.c | 1 - fs/gfs2/file.c | 1 - fs/inode.c | 1 - fs/nfs/file.c | 1 - fs/nilfs2/file.c | 1 - fs/ocfs2/mmap.c | 1 - fs/proc/array.c | 26 ++ fs/proc/task_mmu.c | 15 - fs/ubifs/file.c | 1 - fs/xfs/xfs_file.c | 1 - include/asm-generic/pgtable.h | 27 +- include/linux/cpu.h | 4 + include/linux/fs.h | 6 +- include/linux/io.h | 22 + include/linux/mm.h | 50 +-- include/linux/mm_types.h | 12 +- include/linux/nospec.h | 10 + include/linux/rmap.h | 2 - include/linux/sched.h | 10 +- include/linux/seccomp.h | 2 + include/linux/swapfile.h | 2 + include/linux/swapops.h | 4 +- include/linux/vm_event_item.h | 2 - include/uapi/linux/prctl.h | 12 + include/uapi/linux/seccomp.h | 3 + kernel/fork.c | 8 +- kernel/seccomp.c | 16 +- kernel/sys.c | 23 ++ mm/Makefile | 2 +- mm/filemap.c | 1 - mm/filemap_xip.c | 1 - mm/fremap.c | 283 ------------- mm/gup.c | 2 +- mm/interval_tree.c | 34 +- mm/ksm.c | 2 +- mm/madvise.c | 13 +- mm/memcontrol.c | 7 +- mm/memory.c | 285 ++++++------- mm/migrate.c | 32 -- mm/mincore.c | 9 +- mm/mmap.c | 117 +++++- mm/mprotect.c | 51 ++- mm/mremap.c | 2 - mm/msync.c | 5 +- mm/nommu.c | 8 - mm/pagewalk.c | 213 +++++----- mm/rmap.c | 222 +---------- mm/shmem.c | 1 - mm/swap.c | 4 +- mm/swapfile.c | 46 ++- net/irda/af_irda.c | 13 +- 170 files changed, 2214 insertions(+), 1884 deletions(-) Andi Kleen (10): x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation x86/speculation/l1tf: Make sure the first page is always reserved x86/speculation/l1tf: Add sysfs reporting for l1tf x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings x86/speculation/l1tf: Limit swap file size to MAX_PA/2 x86/speculation/l1tf: Invert all not present mappings x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert x86/mm/pat: Make set_memory_np() L1TF safe x86/mm/kmmio: Make the tracer robust against L1TF Andy Lutomirski (2): mm: Add vm_insert_pfn_prot() mm/vmstat: Make NR_TLB_REMOTE_FLUSH_RECEIVED available even on UP Andy Whitcroft (1): floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl Ben Hutchings (4): x86/cpufeatures: Show KAISER in cpuinfo x86: mm: Add PUD functions x86/speculation/l1tf: Protect NUMA-balance entries against L1TF Linux 3.16.59 Borislav Petkov (3): Documentation/spec_ctrl: Do some minor cleanups x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP x86/bugs: Unify x86_spec_ctrl_{set_guest,restore_host} Dan Williams (1): mm: fix cache mode tracking in vm_insert_mixed() Daniel Rosenberg (1): HID: debug: check length before copy_to_user() Dave Airlie (2): x86/io: add interface to reserve io memtype for a resource range. (v1.1) drm/drivers: add support for using the arch wc mapping API. Dave Hansen (1): x86/mm: Move swap offset/type up in PTE to work around erratum Finn Thain (1): via-cuda: Use spinlock_irq_save/restore instead of enable/disable_irq Jim Mattson (1): x86/cpu: Make alternative_msr_write work for 32-bit code Jiri Kosina (3): x86/bugs: Fix __ssb_select_mitigation() return type x86/bugs: Make cpu_show_common() static x86/speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures Juergen Gross (1): x86/xen: Add call of speculative_store_bypass_ht_init() to PV paths Kees Cook (6): nospec: Allow getting/setting on non-current task proc: Provide details on speculation flaw mitigations seccomp: Enable speculation flaw mitigations seccomp: Add filter flag to opt-out of SSB mitigation x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass exec: Limit arg stack to at most 75% of _STK_LIM Kirill A. Shutemov (39): mm: replace remap_file_pages() syscall with emulation mm: fix regression in remap_file_pages() emulation mm: drop support of non-linear mapping from unmap/zap codepath mm: drop support of non-linear mapping from fault codepath mm: drop vm_ops->remap_pages and generic_file_remap_pages() stub proc: drop handling non-linear mappings rmap: drop support of non-linear mappings mm: replace vma->sharead.linear with vma->shared mm: remove rest usage of VM_NONLINEAR and pte_file() asm-generic: drop unused pte_file* helpers alpha: drop _PAGE_FILE and pte_file()-related helpers arc: drop _PAGE_FILE and pte_file()-related helpers arm64: drop PTE_FILE and pte_file()-related helpers arm: drop L_PTE_FILE and pte_file()-related helpers avr32: drop _PAGE_FILE and pte_file()-related helpers blackfin: drop pte_file() c6x: drop pte_file() cris: drop _PAGE_FILE and pte_file()-related helpers frv: drop _PAGE_FILE and pte_file()-related helpers hexagon: drop _PAGE_FILE and pte_file()-related helpers ia64: drop _PAGE_FILE and pte_file()-related helpers m32r: drop _PAGE_FILE and pte_file()-related helpers m68k: drop _PAGE_FILE and pte_file()-related helpers metag: drop _PAGE_FILE and pte_file()-related helpers microblaze: drop _PAGE_FILE and pte_file()-related helpers mips: drop _PAGE_FILE and pte_file()-related helpers mn10300: drop _PAGE_FILE and pte_file()-related helpers openrisc: drop _PAGE_FILE and pte_file()-related helpers parisc: drop _PAGE_FILE and pte_file()-related helpers s390: drop pte_file()-related helpers score: drop _PAGE_FILE and pte_file()-related helpers sh: drop _PAGE_FILE and pte_file()-related helpers sparc: drop pte_file()-related helpers tile: drop pte_file()-related helpers um: drop _PAGE_FILE and pte_file()-related helpers unicore32: drop pte_file()-related helpers x86: drop _PAGE_FILE and pte_file()-related helpers xtensa: drop _PAGE_FILE and pte_file()-related helpers powerpc: drop _PAGE_FILE and pte_file()-related helpers Konrad Rzeszutek Wilk (17): x86/bugs: Concentrate bug detection into a separate function x86/bugs: Concentrate bug reporting into a separate function x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits x86/bugs, KVM: Support the combination of guest and host IBRS x86/bugs: Expose /sys/../spec_store_bypass x86/cpufeatures: Add X86_FEATURE_RDS x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation x86/bugs/intel: Set proper CPU features and setup RDS x86/bugs: Whitelist allowed SPEC_CTRL MSR values x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest x86/bugs: Rename _RDS to _SSBD proc: Use underscores for SSBD in 'status' x86/bugs: Fix the parameters alignment and missing void x86/bugs: Rename SSBD_NO to SSB_NO KVM/VMX: Expose SSBD properly to guests x86/bugs: Move the l1tf function and define pr_fmt properly Linus Torvalds (3): x86/nospec: Simplify alternative_msr_write() x86/speculation/l1tf: Change order of offset/type in swap entry x86/speculation/l1tf: Protect swap entries against L1TF Markus Trippelsdorf (1): x86/tools: Fix gcc-7 warning in relocs.c Michal Hocko (1): x86/speculation/l1tf: Fix up pte->pfn conversion for PAE Naoya Horiguchi (3): mm: x86: move _PAGE_SWP_SOFT_DIRTY from bit 7 to bit 1 mm/pagewalk: remove pgd_entry() and pud_entry() pagewalk: improve vma handling Sean Christopherson (1): x86/speculation/l1tf: Exempt zeroed PTEs from inversion Thomas Gleixner (19): x86/speculation: Create spec-ctrl.h to avoid include hell prctl: Add speculation control prctls x86/process: Allow runtime control of Speculative Store Bypass x86/speculation: Add prctl for Speculative Store Bypass mitigation prctl: Add force disable speculation seccomp: Use PR_SPEC_FORCE_DISABLE seccomp: Move speculation migitation control to arch code KVM: SVM: Move spec control call after restore of GS x86/cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS x86/cpufeatures: Disentangle SSBD enumeration x86/cpufeatures: Add FEATURE_ZEN x86/speculation: Handle HT correctly on AMD x86/bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL x86/speculation: Rework speculative_store_bypass_update() x86/bugs: Expose x86_spec_ctrl_base directly x86/bugs: Remove x86_spec_ctrl_set() x86/bugs: Rework spec_ctrl base and mask logic x86/speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG KVM: x86: SVM: Call x86_spec_ctrl_set_guest/host() with interrupts disabled Tom Lendacky (2): x86/speculation: Add virtualized speculative store bypass disable support KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD Tyler Hicks (2): irda: Fix memory leak caused by repeated binds of irda socket irda: Only insert new objects into the global database via setsockopt Vincent Pelletier (1): scsi: target: iscsi: Use hex2bin instead of a re-implementation Vlastimil Babka (6): x86/init: fix build with CONFIG_SWAP=n x86/speculation/l1tf: Extend 64bit swap file size limit x86/speculation/l1tf: Protect PAE swap entries against L1TF x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM x86/speculation/l1tf: Suggest what to do on systems with too much RAM

7 years, 1 month

1
0
0 0

[PATCH v2] f2fs: fix to recover cold bit of inode block during POR

by Chao Yu

From: Chao Yu <yuchao0(a)huawei.com> Testcase to reproduce this bug: 1. mkfs.f2fs /dev/sdd 2. mount -t f2fs /dev/sdd /mnt/f2fs 3. touch /mnt/f2fs/file 4. sync 5. chattr +A /mnt/f2fs/file 6. xfs_io -f /mnt/f2fs/file -c "fsync" 7. godown /mnt/f2fs 8. umount /mnt/f2fs 9. mount -t f2fs /dev/sdd /mnt/f2fs 10. chattr -A /mnt/f2fs/file 11. xfs_io -f /mnt/f2fs/file -c "fsync" 12. umount /mnt/f2fs 13. mount -t f2fs /dev/sdd /mnt/f2fs 14. lsattr /mnt/f2fs/file -----------------N- /mnt/f2fs/file But actually, we expect the corrct result is: -------A---------N- /mnt/f2fs/file The reason is in step 9) we missed to recover cold bit flag in inode block, so later, in fsync, we will skip write inode block due to below condition check, result in lossing data in another SPOR. f2fs_fsync_node_pages() if (!IS_DNODE(page) || !is_cold_node(page)) continue; Note that, I guess that some non-dir inode has already lost cold bit during POR, so in order to reenable recovery for those inode, let's try to recover cold bit in f2fs_iget() to save more fsynced data. Fixes: c56675750d7c ("f2fs: remove unneeded set_cold_node()") Cc: <stable(a)vger.kernel.org> 4.17+ Signed-off-by: Chao Yu <yuchao0(a)huawei.com> --- v2: - call set_page_dirty to recalculate checksum. fs/f2fs/inode.c | 6 ++++++ fs/f2fs/node.c | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/fs/f2fs/inode.c b/fs/f2fs/inode.c index 86e7333d60c1..4edfa03f3807 100644 --- a/fs/f2fs/inode.c +++ b/fs/f2fs/inode.c @@ -365,6 +365,12 @@ static int do_read_inode(struct inode *inode) if (f2fs_has_inline_data(inode) && !f2fs_exist_data(inode)) __recover_inline_status(inode, node_page); + /* try to recover cold bit for non-dir inode */ + if (!S_ISDIR(inode->i_mode) && !is_cold_node(node_page)) { + set_cold_node(node_page, false); + set_page_dirty(node_page); + } + /* get rdev by using inline_info */ __get_inode_rdev(inode, ri); diff --git a/fs/f2fs/node.c b/fs/f2fs/node.c index b1e3ff8147f6..033ce067509e 100644 --- a/fs/f2fs/node.c +++ b/fs/f2fs/node.c @@ -2542,7 +2542,7 @@ int f2fs_recover_inode_page(struct f2fs_sb_info *sbi, struct page *page) if (!PageUptodate(ipage)) SetPageUptodate(ipage); fill_node_footer(ipage, ino, ino, 0, true); - set_cold_node(page, false); + set_cold_node(ipage, false); src = F2FS_INODE(page); dst = F2FS_INODE(ipage); -- 2.18.0

7 years, 1 month

1
0
0 0

v3.16.59 build: 0 failures 17 warnings (v3.16.59)

by Build bot for Mark Brown

Tree/Branch: v3.16.59 Git describe: v3.16.59 Commit: 58fb9b51d6 Linux 3.16.59 Build Time: 33 min 49 sec Passed: 10 / 10 (100.00 %) Failed: 0 / 10 ( 0.00 %) Errors: 0 Warnings: 17 Section Mismatches: 0 ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): 5 warnings 0 mismatches : arm64-allmodconfig 2 warnings 0 mismatches : arm-multi_v5_defconfig 2 warnings 0 mismatches : arm-multi_v7_defconfig 1 warnings 0 mismatches : x86_64-defconfig 6 warnings 0 mismatches : arm-allmodconfig 1 warnings 0 mismatches : arm-allnoconfig 1 warnings 0 mismatches : x86_64-allnoconfig 9 warnings 0 mismatches : x86_64-allmodconfig 2 warnings 0 mismatches : arm64-defconfig ------------------------------------------------------------------------------- Warnings Summary: 17 7 <stdin>:1238:2: warning: #warning syscall seccomp not implemented [-Wcpp] 2 ../ipc/sem.c:377:6: warning: '___p1' may be used uninitialized in this function [-Wmaybe-uninitialized] 2 ../drivers/staging/vt6656/main_usb.c:1101:7: warning: this 'if' clause does not guard... [-Wmisleading-indentation] 2 ../drivers/staging/vt6656/dpc.c:712:5: warning: this 'if' clause does not guard... [-Wmisleading-indentation] 2 ../drivers/net/ethernet/broadcom/genet/bcmgenet.c:1346:17: warning: unused variable 'kdev' [-Wunused-variable] 2 ../drivers/media/dvb-frontends/drxk_hard.c:2223:3: warning: this 'if' clause does not guard... [-Wmisleading-indentation] 2 ../drivers/media/dvb-frontends/drxd_hard.c:2631:3: warning: this 'if' clause does not guard... [-Wmisleading-indentation] 1 ../drivers/staging/rtl8192ee/rtl8192ee/hw.c:529:5: warning: this 'if' clause does not guard... [-Wmisleading-indentation] 1 ../drivers/staging/rtl8192ee/rtl8192ee/hw.c:524:4: warning: this 'if' clause does not guard... [-Wmisleading-indentation] 1 ../drivers/staging/rtl8192ee/btcoexist/halbtc8821a2ant.c:2338:2: warning: this 'else' clause does not guard... [-Wmisleading-indentation] 1 ../drivers/scsi/fnic/fnic_fcs.c:104:6: warning: this 'else' clause does not guard... [-Wmisleading-indentation] 1 ../drivers/platform/x86/eeepc-laptop.c:279:10: warning: 'value' may be used uninitialized in this function [-Wmaybe-uninitialized] 1 ../drivers/net/wireless/rtlwifi/rtl8723be/hw.c:1132:2: warning: this 'else' clause does not guard... [-Wmisleading-indentation] 1 ../drivers/mtd/nand/omap2.c:1318:12: warning: 'omap_calculate_ecc_bch_multi' defined but not used [-Wunused-function] 1 ../drivers/media/platform/davinci/vpfe_capture.c:291:12: warning: 'vpfe_get_ccdc_image_format' defined but not used [-Wunused-function] 1 ../drivers/media/platform/davinci/vpfe_capture.c:1718:1: warning: label 'unlock_out' defined but not used [-Wunused-label] 1 ../arch/x86/kernel/cpu/common.c:1160:13: warning: 'syscall32_cpu_init' defined but not used [-Wunused-function] =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- arm64-allmodconfig : PASS, 0 errors, 5 warnings, 0 section mismatches Warnings: ../drivers/media/dvb-frontends/drxd_hard.c:2631:3: warning: this 'if' clause does not guard... [-Wmisleading-indentation] ../drivers/media/dvb-frontends/drxk_hard.c:2223:3: warning: this 'if' clause does not guard... [-Wmisleading-indentation] ../drivers/net/ethernet/broadcom/genet/bcmgenet.c:1346:17: warning: unused variable 'kdev' [-Wunused-variable] ../drivers/staging/vt6656/main_usb.c:1101:7: warning: this 'if' clause does not guard... [-Wmisleading-indentation] ../drivers/staging/vt6656/dpc.c:712:5: warning: this 'if' clause does not guard... [-Wmisleading-indentation] ------------------------------------------------------------------------------- arm-multi_v5_defconfig : PASS, 0 errors, 2 warnings, 0 section mismatches Warnings: <stdin>:1238:2: warning: #warning syscall seccomp not implemented [-Wcpp] <stdin>:1238:2: warning: #warning syscall seccomp not implemented [-Wcpp] ------------------------------------------------------------------------------- arm-multi_v7_defconfig : PASS, 0 errors, 2 warnings, 0 section mismatches Warnings: <stdin>:1238:2: warning: #warning syscall seccomp not implemented [-Wcpp] <stdin>:1238:2: warning: #warning syscall seccomp not implemented [-Wcpp] ------------------------------------------------------------------------------- x86_64-defconfig : PASS, 0 errors, 1 warnings, 0 section mismatches Warnings: ../drivers/platform/x86/eeepc-laptop.c:279:10: warning: 'value' may be used uninitialized in this function [-Wmaybe-uninitialized] ------------------------------------------------------------------------------- arm-allmodconfig : PASS, 0 errors, 6 warnings, 0 section mismatches Warnings: <stdin>:1238:2: warning: #warning syscall seccomp not implemented [-Wcpp] ../drivers/media/platform/davinci/vpfe_capture.c:1718:1: warning: label 'unlock_out' defined but not used [-Wunused-label] ../drivers/media/platform/davinci/vpfe_capture.c:291:12: warning: 'vpfe_get_ccdc_image_format' defined but not used [-Wunused-function] ../drivers/mtd/nand/omap2.c:1318:12: warning: 'omap_calculate_ecc_bch_multi' defined but not used [-Wunused-function] ../drivers/net/ethernet/broadcom/genet/bcmgenet.c:1346:17: warning: unused variable 'kdev' [-Wunused-variable] <stdin>:1238:2: warning: #warning syscall seccomp not implemented [-Wcpp] ------------------------------------------------------------------------------- arm-allnoconfig : PASS, 0 errors, 1 warnings, 0 section mismatches Warnings: <stdin>:1238:2: warning: #warning syscall seccomp not implemented [-Wcpp] ------------------------------------------------------------------------------- x86_64-allnoconfig : PASS, 0 errors, 1 warnings, 0 section mismatches Warnings: ../arch/x86/kernel/cpu/common.c:1160:13: warning: 'syscall32_cpu_init' defined but not used [-Wunused-function] ------------------------------------------------------------------------------- x86_64-allmodconfig : PASS, 0 errors, 9 warnings, 0 section mismatches Warnings: ../drivers/media/dvb-frontends/drxd_hard.c:2631:3: warning: this 'if' clause does not guard... [-Wmisleading-indentation] ../drivers/media/dvb-frontends/drxk_hard.c:2223:3: warning: this 'if' clause does not guard... [-Wmisleading-indentation] ../drivers/scsi/fnic/fnic_fcs.c:104:6: warning: this 'else' clause does not guard... [-Wmisleading-indentation] ../drivers/net/wireless/rtlwifi/rtl8723be/hw.c:1132:2: warning: this 'else' clause does not guard... [-Wmisleading-indentation] ../drivers/staging/rtl8192ee/rtl8192ee/hw.c:524:4: warning: this 'if' clause does not guard... [-Wmisleading-indentation] ../drivers/staging/rtl8192ee/rtl8192ee/hw.c:529:5: warning: this 'if' clause does not guard... [-Wmisleading-indentation] ../drivers/staging/rtl8192ee/btcoexist/halbtc8821a2ant.c:2338:2: warning: this 'else' clause does not guard... [-Wmisleading-indentation] ../drivers/staging/vt6656/main_usb.c:1101:7: warning: this 'if' clause does not guard... [-Wmisleading-indentation] ../drivers/staging/vt6656/dpc.c:712:5: warning: this 'if' clause does not guard... [-Wmisleading-indentation] ------------------------------------------------------------------------------- arm64-defconfig : PASS, 0 errors, 2 warnings, 0 section mismatches Warnings: ../ipc/sem.c:377:6: warning: '___p1' may be used uninitialized in this function [-Wmaybe-uninitialized] ../ipc/sem.c:377:6: warning: '___p1' may be used uninitialized in this function [-Wmaybe-uninitialized] ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches: arm64-allnoconfig

7 years, 1 month

1
0
0 0

[PULL 1/1] s390/cio: Fix how vfio-ccw checks pinned pages

by Cornelia Huck

From: Eric Farman <farman(a)linux.ibm.com> We have two nested loops to check the entries within the pfn_array_table arrays. But we mistakenly use the outer array as an index in our check, and completely ignore the indexing performed by the inner loop. Cc: stable(a)vger.kernel.org Signed-off-by: Eric Farman <farman(a)linux.ibm.com> Message-Id: <20181002010235.42483-1-farman(a)linux.ibm.com> Signed-off-by: Cornelia Huck <cohuck(a)redhat.com> --- drivers/s390/cio/vfio_ccw_cp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/s390/cio/vfio_ccw_cp.c b/drivers/s390/cio/vfio_ccw_cp.c index dbe7c7ac9ac8..fd77e46eb3b2 100644 --- a/drivers/s390/cio/vfio_ccw_cp.c +++ b/drivers/s390/cio/vfio_ccw_cp.c @@ -163,7 +163,7 @@ static bool pfn_array_table_iova_pinned(struct pfn_array_table *pat, for (i = 0; i < pat->pat_nr; i++, pa++) for (j = 0; j < pa->pa_nr; j++) - if (pa->pa_iova_pfn[i] == iova_pfn) + if (pa->pa_iova_pfn[j] == iova_pfn) return true; return false; -- 2.14.4

7 years, 1 month

2
1
0 0

[PATCH] selinux: fix race when removing selinuxfs entries

by Ondrej Mosnacek

Letting the following set of commands run long enough on a multi-core machine causes soft lockups in the kernel: (cd /sys/fs/selinux/; while true; do find >/dev/null 2>&1; done) & (cd /sys/fs/selinux/; while true; do find >/dev/null 2>&1; done) & (cd /sys/fs/selinux/; while true; do find >/dev/null 2>&1; done) & while true; do load_policy; echo -n .; sleep 0.1; done The problem is that sel_remove_entries() calls d_genocide() to remove the whole contents of certain subdirectories in /sys/fs/selinux/. This function is apparently only intended for removing filesystem entries that are no longer accessible to userspace, because it doesn't follow the rule that any code removing entries from a directory must hold the write lock on the directory's inode RW semaphore (formerly this was a mutex, see 9902af79c01a ("parallel lookups: actual switch to rwsem")). In order to fix this, I had to open-code d_genocide() again, adding the necessary parent inode locking. I based the new implementation on d_walk() (fs/dcache.c), the original code from before ad52184b705c ("selinuxfs: don't open-code d_genocide()"), and with a slight inspiration from debugfs_remove() (fs/debugfs/inode.c). The new code no longer triggers soft lockups with the above reproducer and it also gives no warnings when run with CONFIG_PROVE_LOCKING=y. Note that I am adding Fixes: on the commit that replaced the open-coded version with d_genocide(), but the bug is present also in the original code that dates back to pre-2.6 times... This patch obviously doesn't apply to this older code so pre-4.0 kernels will need a dedicated patch (just adding the parent inode locks should be sufficient there). Link: https://github.com/SELinuxProject/selinux-kernel/issues/42 Fixes: ad52184b705c ("selinuxfs: don't open-code d_genocide()") Cc: <stable(a)vger.kernel.org> # 4.0+ Cc: Stephen Smalley <sds(a)tycho.nsa.gov> Cc: Al Viro <viro(a)zeniv.linux.org.uk> Signed-off-by: Ondrej Mosnacek <omosnace(a)redhat.com> --- security/selinux/selinuxfs.c | 88 ++++++++++++++++++++++++++++++++++-- 1 file changed, 85 insertions(+), 3 deletions(-) diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index f3a5a138a096..4ac9b17e24d1 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -1316,10 +1316,92 @@ static const struct file_operations sel_commit_bools_ops = { .llseek = generic_file_llseek, }; -static void sel_remove_entries(struct dentry *de) +/* removes all children of the given dentry (but not itself) */ +static void sel_remove_entries(struct dentry *root) { - d_genocide(de); - shrink_dcache_parent(de); + struct dentry *parent = root; + struct dentry *child; + struct list_head *next; + + spin_lock(&parent->d_lock); + +repeat: + next = parent->d_subdirs.next; + + while (next != &parent->d_subdirs) { + child = list_entry(next, struct dentry, d_child); + next = next->next; + + spin_lock_nested(&child->d_lock, DENTRY_D_LOCK_NESTED); + + if (!list_empty(&child->d_subdirs)) { + /* Current entry has children, we need to remove those + * first. We unlock the parent but keep the child locked + * (it will become the new parent). */ + spin_unlock(&parent->d_lock); + + /* we need to re-lock the child (new parent) in a + * special way (see d_walk() in fs/dcache.c) */ + spin_release(&child->d_lock.dep_map, 1, _RET_IP_); + parent = child; + spin_acquire(&parent->d_lock.dep_map, 0, 1, _RET_IP_); + + goto repeat; + } + +resume: + if (child->d_inode) { + /* acquire a reference to the child */ + dget_dlock(child); + + /* drop all locks (someof the callees will try to + * acquire them) */ + spin_unlock(&child->d_lock); + spin_unlock(&parent->d_lock); + + /* IMPORTANT: we need to hold the parent's inode lock + * because some functions (namely dcache_readdir) assume + * holding this lock means children won't be removed */ + inode_lock_nested(parent->d_inode, I_MUTEX_PARENT); + + /* now unlink the child */ + if (d_is_dir(child)) + simple_rmdir(d_inode(parent), child); + else + simple_unlink(d_inode(parent), child); + d_delete(child); + + inode_unlock(parent->d_inode); + + /* drop our extra reference */ + dput(child); + + /* re-lock only the parent */ + spin_lock(&parent->d_lock); + } else + spin_unlock(&child->d_lock); + } + + if (parent != root) { + /* we processed contents of a subdirectory, ascend and continue + * by removing the subdirectory itself (now empty) */ + child = parent; + parent = child->d_parent; + + /* we have to re-lock the child after locking the parent */ + spin_unlock(&child->d_lock); + spin_lock(&parent->d_lock); + spin_lock_nested(&child->d_lock, DENTRY_D_LOCK_NESTED); + + /* set next to the next sibling */ + next = child->d_child.next; + goto resume; + } + + spin_unlock(&root->d_lock); + + /* try to clean up the stale entries */ + shrink_dcache_parent(root); } #define BOOL_DIR_NAME "booleans" -- 2.17.1

7 years, 1 month

3
3
0 0

[PATCH 2/4] drm/i915: Handle incomplete Z_FINISH for compressed error states

by Chris Wilson

The final call to zlib_deflate(Z_FINISH) may require more output space to be allocated and so needs to re-invoked. Failure to do so in the current code leads to incomplete zlib streams (albeit intact due to the use of Z_SYNC_FLUSH) resulting in the occasional short object capture. Testcase: igt/i915-error-capture.js Fixes: 0a97015d45ee ("drm/i915: Compress GPU objects in error state") Signed-off-by: Chris Wilson <chris(a)chris-wilson.co.uk> Cc: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> # v4.10+ --- drivers/gpu/drm/i915/i915_gpu_error.c | 60 +++++++++++++++++++++------ 1 file changed, 47 insertions(+), 13 deletions(-) diff --git a/drivers/gpu/drm/i915/i915_gpu_error.c b/drivers/gpu/drm/i915/i915_gpu_error.c index 3d5554f14dfd..ed8c16cbfaa4 100644 --- a/drivers/gpu/drm/i915/i915_gpu_error.c +++ b/drivers/gpu/drm/i915/i915_gpu_error.c @@ -237,6 +237,7 @@ static int compress_page(struct compress *c, struct drm_i915_error_object *dst) { struct z_stream_s *zstream = &c->zstream; + int flush = Z_NO_FLUSH; zstream->next_in = src; if (c->tmp && i915_memcpy_from_wc(c->tmp, src, PAGE_SIZE)) @@ -257,8 +258,11 @@ static int compress_page(struct compress *c, zstream->avail_out = PAGE_SIZE; } - if (zlib_deflate(zstream, Z_SYNC_FLUSH) != Z_OK) + if (zlib_deflate(zstream, flush) != Z_OK) return -EIO; + + if (zstream->avail_out) + flush = Z_SYNC_FLUSH; } while (zstream->avail_in); /* Fallback to uncompressed if we increase size? */ @@ -268,19 +272,43 @@ static int compress_page(struct compress *c, return 0; } -static void compress_fini(struct compress *c, +static int compress_flush(struct compress *c, struct drm_i915_error_object *dst) { struct z_stream_s *zstream = &c->zstream; + unsigned long page; - if (dst) { - zlib_deflate(zstream, Z_FINISH); - dst->unused = zstream->avail_out; - } + do { + switch (zlib_deflate(zstream, Z_FINISH)) { + case Z_OK: /* more space requested */ + page = __get_free_page(GFP_ATOMIC | __GFP_NOWARN); + if (!page) + return -ENOMEM; + + dst->pages[dst->page_count++] = (void *)page; + zstream->next_out = (void *)page; + zstream->avail_out = PAGE_SIZE; + break; + case Z_STREAM_END: + goto end; + default: /* any error */ + return -EIO; + } + } while (1); + +end: + memset(zstream->next_out, 0, zstream->avail_out); + dst->unused = zstream->avail_out; + return 0; +} + +static void compress_fini(struct compress *c, + struct drm_i915_error_object *dst) +{ + struct z_stream_s *zstream = &c->zstream; zlib_deflateEnd(zstream); kfree(zstream->workspace); - if (c->tmp) free_page((unsigned long)c->tmp); } @@ -319,6 +347,12 @@ static int compress_page(struct compress *c, return 0; } +static int compress_flush(struct compress *c, + struct drm_i915_error_object *dst) +{ + return 0; +} + static void compress_fini(struct compress *c, struct drm_i915_error_object *dst) { @@ -951,15 +985,15 @@ i915_error_object_create(struct drm_i915_private *i915, if (ret) goto unwind; } - goto out; + if (compress_flush(&compress, dst)) { unwind: - while (dst->page_count--) - free_page((unsigned long)dst->pages[dst->page_count]); - kfree(dst); - dst = NULL; + while (dst->page_count--) + free_page((unsigned long)dst->pages[dst->page_count]); + kfree(dst); + dst = NULL; + } -out: compress_fini(&compress, dst); ggtt->vm.clear_range(&ggtt->vm, slot, PAGE_SIZE); return dst; -- 2.19.0

7 years, 1 month

2
4
0 0

[git:media_tree/fixes] media: v4l: event: Prevent freeing event subscriptions while accessed

by Mauro Carvalho Chehab

This is an automatic generated email to let you know that the following patch were queued: Subject: media: v4l: event: Prevent freeing event subscriptions while accessed Author: Sakari Ailus <sakari.ailus(a)linux.intel.com> Date: Tue Sep 11 05:32:37 2018 -0400 The event subscriptions are added to the subscribed event list while holding a spinlock, but that lock is subsequently released while still accessing the subscription object. This makes it possible to unsubscribe the event --- and freeing the subscription object's memory --- while the subscription object is simultaneously accessed. Prevent this by adding a mutex to serialise the event subscription and unsubscription. This also gives a guarantee to the callback ops that the add op has returned before the del op is called. This change also results in making the elems field less special: subscriptions are only added to the event list once they are fully initialised. Signed-off-by: Sakari Ailus <sakari.ailus(a)linux.intel.com> Reviewed-by: Hans Verkuil <hans.verkuil(a)cisco.com> Reviewed-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> Cc: stable(a)vger.kernel.org # for 4.14 and up Fixes: c3b5b0241f62 ("V4L/DVB: V4L: Events: Add backend") Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> drivers/media/v4l2-core/v4l2-event.c | 38 +++++++++++++++++++----------------- drivers/media/v4l2-core/v4l2-fh.c | 2 ++ include/media/v4l2-fh.h | 4 ++++ 3 files changed, 26 insertions(+), 18 deletions(-) --- diff --git a/drivers/media/v4l2-core/v4l2-event.c b/drivers/media/v4l2-core/v4l2-event.c index 127fe6eb91d9..a3ef1f50a4b3 100644 --- a/drivers/media/v4l2-core/v4l2-event.c +++ b/drivers/media/v4l2-core/v4l2-event.c @@ -115,14 +115,6 @@ static void __v4l2_event_queue_fh(struct v4l2_fh *fh, const struct v4l2_event *e if (sev == NULL) return; - /* - * If the event has been added to the fh->subscribed list, but its - * add op has not completed yet elems will be 0, treat this as - * not being subscribed. - */ - if (!sev->elems) - return; - /* Increase event sequence number on fh. */ fh->sequence++; @@ -208,6 +200,7 @@ int v4l2_event_subscribe(struct v4l2_fh *fh, struct v4l2_subscribed_event *sev, *found_ev; unsigned long flags; unsigned i; + int ret = 0; if (sub->type == V4L2_EVENT_ALL) return -EINVAL; @@ -225,31 +218,36 @@ int v4l2_event_subscribe(struct v4l2_fh *fh, sev->flags = sub->flags; sev->fh = fh; sev->ops = ops; + sev->elems = elems; + + mutex_lock(&fh->subscribe_lock); spin_lock_irqsave(&fh->vdev->fh_lock, flags); found_ev = v4l2_event_subscribed(fh, sub->type, sub->id); - if (!found_ev) - list_add(&sev->list, &fh->subscribed); spin_unlock_irqrestore(&fh->vdev->fh_lock, flags); if (found_ev) { + /* Already listening */ kvfree(sev); - return 0; /* Already listening */ + goto out_unlock; } if (sev->ops && sev->ops->add) { - int ret = sev->ops->add(sev, elems); + ret = sev->ops->add(sev, elems); if (ret) { - sev->ops = NULL; - v4l2_event_unsubscribe(fh, sub); - return ret; + kvfree(sev); + goto out_unlock; } } - /* Mark as ready for use */ - sev->elems = elems; + spin_lock_irqsave(&fh->vdev->fh_lock, flags); + list_add(&sev->list, &fh->subscribed); + spin_unlock_irqrestore(&fh->vdev->fh_lock, flags); - return 0; +out_unlock: + mutex_unlock(&fh->subscribe_lock); + + return ret; } EXPORT_SYMBOL_GPL(v4l2_event_subscribe); @@ -288,6 +286,8 @@ int v4l2_event_unsubscribe(struct v4l2_fh *fh, return 0; } + mutex_lock(&fh->subscribe_lock); + spin_lock_irqsave(&fh->vdev->fh_lock, flags); sev = v4l2_event_subscribed(fh, sub->type, sub->id); @@ -305,6 +305,8 @@ int v4l2_event_unsubscribe(struct v4l2_fh *fh, if (sev && sev->ops && sev->ops->del) sev->ops->del(sev); + mutex_unlock(&fh->subscribe_lock); + kvfree(sev); return 0; diff --git a/drivers/media/v4l2-core/v4l2-fh.c b/drivers/media/v4l2-core/v4l2-fh.c index 3895999bf880..c91a7bd3ecfc 100644 --- a/drivers/media/v4l2-core/v4l2-fh.c +++ b/drivers/media/v4l2-core/v4l2-fh.c @@ -45,6 +45,7 @@ void v4l2_fh_init(struct v4l2_fh *fh, struct video_device *vdev) INIT_LIST_HEAD(&fh->available); INIT_LIST_HEAD(&fh->subscribed); fh->sequence = -1; + mutex_init(&fh->subscribe_lock); } EXPORT_SYMBOL_GPL(v4l2_fh_init); @@ -90,6 +91,7 @@ void v4l2_fh_exit(struct v4l2_fh *fh) return; v4l_disable_media_source(fh->vdev); v4l2_event_unsubscribe_all(fh); + mutex_destroy(&fh->subscribe_lock); fh->vdev = NULL; } EXPORT_SYMBOL_GPL(v4l2_fh_exit); diff --git a/include/media/v4l2-fh.h b/include/media/v4l2-fh.h index ea73fef8bdc0..8586cfb49828 100644 --- a/include/media/v4l2-fh.h +++ b/include/media/v4l2-fh.h @@ -38,10 +38,13 @@ struct v4l2_ctrl_handler; * @prio: priority of the file handler, as defined by &enum v4l2_priority * * @wait: event' s wait queue + * @subscribe_lock: serialise changes to the subscribed list; guarantee that + * the add and del event callbacks are orderly called * @subscribed: list of subscribed events * @available: list of events waiting to be dequeued * @navailable: number of available events at @available list * @sequence: event sequence number + * * @m2m_ctx: pointer to &struct v4l2_m2m_ctx */ struct v4l2_fh { @@ -52,6 +55,7 @@ struct v4l2_fh { /* Events */ wait_queue_head_t wait; + struct mutex subscribe_lock; struct list_head subscribed; struct list_head available; unsigned int navailable;

7 years, 1 month

1
0
0 0

[PATCH 4.14 000/165] 4.14.68-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.14.68 release. There are 165 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed Sep 5 16:56:19 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.68-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.14.68-rc1 Kees Cook <keescook(a)chromium.org> gcc-plugins: Use dynamic initializers Valdis Kletnieks <valdis.kletnieks(a)vt.edu> gcc-plugins: Add include required by GCC release 8 Scott Bauer <scott.bauer(a)intel.com> cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status Vincent Whitchurch <vincent.whitchurch(a)axis.com> watchdog: Mark watchdog touch functions as notrace H. Nikolaus Schaller <hns(a)goldelico.com> power: generic-adc-battery: check for duplicate properties copied from iio channels H. Nikolaus Schaller <hns(a)goldelico.com> power: generic-adc-battery: fix out-of-bounds write when copying channel properties Dan Carpenter <dan.carpenter(a)oracle.com> PM / clk: signedness bug in of_pm_clk_add_clks() Alberto Panizzo <alberto(a)amarulasolutions.com> clk: rockchip: fix clk_i2sout parent selection bits on rk3399 Mike Christie <mchristi(a)redhat.com> iscsi target: fix session creation failure handling Bart Van Assche <bart.vanassche(a)wdc.com> scsi: core: Avoid that SCSI device removal through sysfs triggers a deadlock Bart Van Assche <bart.vanassche(a)wdc.com> scsi: sysfs: Introduce sysfs_{un,}break_active_protection() Bart Van Assche <bart.vanassche(a)wdc.com> scsi: mpt3sas: Fix _transport_smp_handler() error path Ricardo Schwarzmeier <Ricardo.Schwarzmeier(a)infineon.com> tpm: Return the actual size when receiving an unsupported command Paul Burton <paul.burton(a)mips.com> MIPS: lib: Provide MIPS64r6 __multi3() for GCC < 7 Huacai Chen <chenhc(a)lemote.com> MIPS: Change definition of cpu_relax() for Loongson-3 Paul Burton <paul.burton(a)mips.com> MIPS: Always use -march=<arch>, not -<arch> shortcuts Maciej W. Rozycki <macro(a)mips.com> MIPS: Correct the 64-bit DSP accumulator register size Masami Hiramatsu <mhiramat(a)kernel.org> kprobes: Make list and blacklist root user read only Masami Hiramatsu <mhiramat(a)kernel.org> kprobes/arm: Fix %p uses in error messages Sebastian Ott <sebott(a)linux.ibm.com> s390/pci: fix out of bounds access during irq setup Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390/numa: move initial setup of node_to_cpumask_map Julian Wiedmann <jwi(a)linux.ibm.com> s390/qdio: reset old sbal_state flags Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390: fix br_r1_trampoline for machines without exrl Gerald Schaefer <gerald.schaefer(a)de.ibm.com> s390/mm: fix addressing exception after suspend/resume Jann Horn <jannh(a)google.com> x86/entry/64: Wipe KASAN stack shadow before rewind_stack_do_exit() Gustavo A. R. Silva <gustavo(a)embeddedor.com> hwmon: (nct6775) Fix potential Spectre v1 Andi Kleen <ak(a)linux.intel.com> x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ Andi Kleen <ak(a)linux.intel.com> x86/spectre: Add missing family 6 check to microcode check Nick Desaulniers <ndesaulniers(a)google.com> x86/irqflags: Mark native_restore_fl extern inline Andy Lutomirski <luto(a)kernel.org> x86/nmi: Fix NMI uaccess race against CR3 switching Samuel Neves <sneves(a)dei.uc.pt> x86/vdso: Fix lsl operand order Dan Carpenter <dan.carpenter(a)oracle.com> pinctrl: freescale: off by one in imx1_pinconf_group_dbg_show() Gustavo A. R. Silva <gustavo(a)embeddedor.com> ASoC: sirf: Fix potential NULL pointer dereference Takashi Iwai <tiwai(a)suse.de> ASoC: zte: Fix incorrect PCM format bit usages Jerome Brunet <jbrunet(a)baylibre.com> ASoC: dpcm: don't merge format from invalid codec dai Michael Buesch <m(a)bues.ch> b43/leds: Ensure NUL-termination of LED name string Michael Buesch <m(a)bues.ch> b43legacy/leds: Ensure NUL-termination of LED name string Mikulas Patocka <mpatocka(a)redhat.com> udl-kms: avoid division Mikulas Patocka <mpatocka(a)redhat.com> udl-kms: fix crash due to uninitialized memory Mikulas Patocka <mpatocka(a)redhat.com> udl-kms: handle allocation failure Mikulas Patocka <mpatocka(a)redhat.com> udl-kms: change down_interruptible to down Kirill Tkhai <ktkhai(a)virtuozzo.com> fuse: Add missed unlock_page() to fuse_readpages_fill() Miklos Szeredi <mszeredi(a)redhat.com> fuse: Fix oops at process_init_reply() Miklos Szeredi <mszeredi(a)redhat.com> fuse: umount should wait for all requests Miklos Szeredi <mszeredi(a)redhat.com> fuse: fix unlocked access to processing queue Miklos Szeredi <mszeredi(a)redhat.com> fuse: fix double request_end() Miklos Szeredi <mszeredi(a)redhat.com> fuse: fix initial parallel dirops Andrey Ryabinin <aryabinin(a)virtuozzo.com> fuse: Don't access pipe->buffers without pipe_lock() Josh Poimboeuf <jpoimboe(a)redhat.com> x86/kvm/vmx: Remove duplicate l1d flush definitions Thomas Gleixner <tglx@xxxxxxxxxxxxx> KVM: x86: SVM: Call x86_spec_ctrl_set_guest/host() with interrupts disabled Rian Hunter <rian(a)alum.mit.edu> x86/process: Re-export start_thread() Andy Lutomirski <luto(a)kernel.org> x86/vdso: Fix vDSO build if a retpoline is emitted Vlastimil Babka <vbabka(a)suse.cz> x86/speculation/l1tf: Suggest what to do on systems with too much RAM Vlastimil Babka <vbabka(a)suse.cz> x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM Vlastimil Babka <vbabka(a)suse.cz> x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit Peter Zijlstra <peterz(a)infradead.org> mm/tlb, x86/mm: Support invalidating TLB caches for RCU_TABLE_FREE Takashi Iwai <tiwai(a)suse.de> platform/x86: ideapad-laptop: Apply no_hw_rfkill to Y20-15IKBM, too Michal Wnukowski <wnukowski(a)google.com> nvme-pci: add a memory barrier to nvme_dbbuf_update_and_check_event Eric Sandeen <sandeen(a)redhat.com> ext4: reset error code in ext4_find_entry in fallback Arnd Bergmann <arnd(a)arndb.de> ext4: sysfs: print ext4_super_block fields as little-endian Theodore Ts'o <tytso(a)mit.edu> ext4: check for NUL characters in extended attribute's name Prasad Sodagudi <psodagud(a)codeaurora.org> stop_machine: Atomically queue and wake stopper threads Peter Zijlstra <peterz(a)infradead.org> stop_machine: Reflow cpu_stop_queue_two_works() Claudio Imbrenda <imbrenda(a)linux.vnet.ibm.com> s390/kvm: fix deadlock when killed by oom Punit Agrawal <punit.agrawal(a)arm.com> KVM: arm/arm64: Skip updating PTE entry if no change Punit Agrawal <punit.agrawal(a)arm.com> KVM: arm/arm64: Skip updating PMD entry if no change Huibin Hong <huibin.hong(a)rock-chips.com> arm64: dts: rockchip: corrected uart1 clock-names for rk3328 Greg Hackmann <ghackmann(a)android.com> arm64: mm: check for upper PAGE_SHIFT bits in pfn_valid() Masami Hiramatsu <mhiramat(a)kernel.org> kprobes/arm64: Fix %p uses in error messages Petr Mladek <pmladek(a)suse.com> printk/nmi: Prevent deadlock when accessing the main log buffer in NMI Petr Mladek <pmladek(a)suse.com> printk: Create helper function to queue deferred console handling Petr Mladek <pmladek(a)suse.com> printk: Split the code for storing a message into the log buffer Vivek Gautam <vivek.gautam(a)codeaurora.org> iommu/arm-smmu: Error out only if not enough context interrupts Josef Bacik <jbacik(a)fb.com> Btrfs: fix btrfs_write_inode vs delayed iput deadlock Josef Bacik <josef(a)toxicpanda.com> btrfs: don't leak ret from do_chunk_alloc Ethan Lien <ethanlien(a)synology.com> btrfs: use correct compare function of dirty_metadata_bytes Steve French <stfrench(a)microsoft.com> smb3: fill in statfs fsid and correct namelen Steve French <stfrench(a)microsoft.com> smb3: don't request leases in symlink creation and query Steve French <stfrench(a)microsoft.com> smb3: Do not send SMB3 SET_INFO if nothing changed Steve French <stfrench(a)microsoft.com> smb3: enumerating snapshots was leaving part of the data off end Nicholas Mc Guire <hofrat(a)osadl.org> cifs: check kmalloc before use Steve French <stfrench(a)microsoft.com> cifs: add missing debug entries for kconfig options Alexander Usyskin <alexander.usyskin(a)intel.com> mei: don't update offset in write jie@chenjie6@huwei.com <jie@chenjie6@huwei.com> mm/memory.c: check return value of ioremap_prot Jim Gill <jgill(a)vmware.com> scsi: vmw_pvscsi: Return DID_RESET for status SAM_STAT_COMMAND_TERMINATED Johannes Thumshirn <jthumshirn(a)suse.de> scsi: fcoe: clear FC_RP_STARTED flags when receiving a LOGO Johannes Thumshirn <jthumshirn(a)suse.de> scsi: fcoe: drop frames in ELS LOGO error path Johannes Thumshirn <jthumshirn(a)suse.de> scsi: fcoe: fix use-after-free in fcoe_ctlr_els_send Benjamin Tissoires <benjamin.tissoires(a)redhat.com> gpiolib-acpi: make sure we trigger edge events at least once on boot Kirill Tkhai <ktkhai(a)virtuozzo.com> memcg: remove memcg_cgroup::id from IDR on mem_cgroup_css_alloc() failure Colin Ian King <colin.king(a)canonical.com> drivers: net: lmc: fix case value for target abort error Phillip Lougher <phillip(a)squashfs.org.uk> Squashfs: Compute expected length from inode size rather than block length Hugh Dickins <hughd(a)google.com> mm: delete historical BUG from zap_pmd_range() Linus Torvalds <torvalds(a)linux-foundation.org> squashfs metadata 2: electric boogaloo Govindarajulu Varadarajan <gvaradar(a)cisco.com> enic: do not call enic_change_mtu in enic_probe Thomas Petazzoni <thomas.petazzoni(a)bootlin.com> sparc: use asm-generic version of msi.h Steven Rostedt (VMware) <rostedt(a)goodmis.org> sparc/time: Add missing __init to init_tick_ops() Randy Dunlap <rdunlap(a)infradead.org> arc: fix type warnings in arc/mm/cache.c Randy Dunlap <rdunlap(a)infradead.org> arc: fix build errors in arc/include/asm/delay.h Randy Dunlap <rdunlap(a)infradead.org> arc: [plat-eznps] fix printk warning in arc/plat-eznps/mtm.c Randy Dunlap <rdunlap(a)infradead.org> arc: [plat-eznps] fix data type errors in platform headers Ofer Levi <oferle(a)mellanox.com> ARC: [plat-eznps] Add missing struct nps_host_reg_aux_dpc Govindarajulu Varadarajan <gvaradar(a)cisco.com> enic: handle mtu change for vf properly John Hurley <john.hurley(a)netronome.com> nfp: flower: fix port metadata conversion bug Taehee Yoo <ap420073(a)gmail.com> bpf: use GFP_ATOMIC instead of GFP_KERNEL in bpf_parse_prog() Eugeniy Paltsev <Eugeniy.Paltsev(a)synopsys.com> ARC: dma [non-IOC] setup SMP_CACHE_BYTES and cache_line_size Rafał Miłecki <rafal(a)milecki.pl> Revert "MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum" Calvin Walton <calvin.walton(a)kepstin.ca> tools/power turbostat: Read extended processor family from CPUID Li Wang <liwang(a)redhat.com> zswap: re-check zswap_is_full() after do zswap_shrink() Davidlohr Bueso <dave(a)stgolabs.net> ipc/sem.c: prevent queue.status tearing in semop dann frazier <dann.frazier(a)canonical.com> hinic: Link the logical network device to the pci device in sysfs Masami Hiramatsu <mhiramat(a)kernel.org> selftests/ftrace: Add snapshot and tracing_on test case Kiran Kumar Modukuri <kiran.modukuri(a)gmail.com> cachefiles: Wait rather than BUG'ing on "Unexpected object collision" Kiran Kumar Modukuri <kiran.modukuri(a)gmail.com> cachefiles: Fix refcounting bug in backing-file read monitoring Kiran Kumar Modukuri <kiran.modukuri(a)gmail.com> fscache: Allow cancelled operations to be enqueued Kees Cook <keescook(a)chromium.org> x86/boot: Fix if_changed build flip/flop bug Hailong Liu <liu.hailong6(a)zte.com.cn> sched/rt: Restore rt_runtime after disabling RT_RUNTIME_SHARE Peter Rosin <peda(a)axentia.se> i2c/mux, locking/core: Annotate the nested rt_mutex usage Peter Rosin <peda(a)axentia.se> locking/rtmutex: Allow specifying a subclass for nested locking Shubhrajyoti Datta <shubhrajyoti.datta(a)xilinx.com> net: axienet: Fix double deregister of mdio Aleksander Morgado <aleksander(a)aleksander.es> qmi_wwan: fix interface number for DW5821e production firmware Sudarsana Reddy Kalluru <sudarsana.kalluru(a)cavium.com> bnx2x: Fix invalid memory access in rss hash config path. Guenter Roeck <linux(a)roeck-us.net> media: staging: omap4iss: Include asm/cacheflush.h after generic includes Thomas Gleixner <tglx(a)linutronix.de> perf/x86/amd/ibs: Don't access non-started event Alexander Sverdlin <alexander.sverdlin(a)nokia.com> i2c: davinci: Avoid zero value of CLKH Faiz Abbas <faiz_abbas(a)ti.com> can: m_can: Move accessing of message ram to after clocks are enabled Nicholas Mc Guire <hofrat(a)osadl.org> can: mpc5xxx_can: check of_iomap return before use Randy Dunlap <rdunlap(a)infradead.org> net: prevent ISA drivers from building on PPC32 Florian Westphal <fw(a)strlen.de> atl1c: reserve min skb headroom Sudarsana Reddy Kalluru <sudarsana.kalluru(a)cavium.com> qed: Correct Multicast API to reflect existence of 256 approximate buckets. Sudarsana Reddy Kalluru <sudarsana.kalluru(a)cavium.com> qed: Fix possible race for the link state value. Sudarsana Reddy Kalluru <sudarsana.kalluru(a)cavium.com> qed: Fix link flap issue due to mismatching EEE capabilities. YueHaibing <yuehaibing(a)huawei.com> net: caif: Add a missing rcu_read_unlock() in caif_flow_cb Len Brown <len.brown(a)intel.com> tools/power turbostat: fix -S on UP systems Sean Christopherson <sean.j.christopherson(a)intel.com> KVM: vmx: use local variable for current_vmptr when emulating VMPTRST Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: don't allow to rename to already-pending name Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: fix memory leaks on chain rename Daniel Borkmann <daniel(a)iogearbox.net> bpf, ppc64: fix unexpected r0=0 exit path inside bpf_xadd Taehee Yoo <ap420073(a)gmail.com> netfilter: nft_set_hash: add rcu_barrier() in the nft_rhash_destroy() Eugeniu Rosca <roscaeugeniu(a)gmail.com> usb: gadget: f_uac2: fix endianness of 'struct cntrl_*_lay3' Peter Senna Tschudin <peter.senna(a)gmail.com> tools: usb: ffs-test: Fix build on big endian systems Randy Dunlap <rdunlap(a)infradead.org> usb/phy: fix PPC64 build errors in phy-fsl-usb.c Vladimir Zapolskiy <vladimir_zapolskiy(a)mentor.com> usb: gadget: u_audio: protect stream runtime fields with stream spinlock Vladimir Zapolskiy <vladimir_zapolskiy(a)mentor.com> usb: gadget: u_audio: remove cached period bytes value Vladimir Zapolskiy <vladimir_zapolskiy(a)mentor.com> usb: gadget: u_audio: remove caching of stream buffer parameters Joshua Frkuska <joshua_frkuska(a)mentor.com> usb: gadget: u_audio: update hw_ptr in iso_complete after data copied Eugeniu Rosca <erosca(a)de.adit-jv.com> usb: gadget: u_audio: fix pcm/card naming in g_audio_setup() Eugeniu Rosca <erosca(a)de.adit-jv.com> usb: gadget: f_uac2: fix error handling in afunc_bind (again) Jia-Ju Bai <baijiaju1990(a)gmail.com> usb: gadget: r8a66597: Fix a possible sleep-in-atomic-context bugs in r8a66597_queue() Jia-Ju Bai <baijiaju1990(a)gmail.com> usb: gadget: r8a66597: Fix two possible sleep-in-atomic-context bugs in init_controller() Josef Bacik <josef(a)toxicpanda.com> nbd: handle unexpected replies better Josef Bacik <josef(a)toxicpanda.com> nbd: don't requeue the same request twice. Lucas Stach <l.stach(a)pengutronix.de> drm/imx: imx-ldb: check if channel is enabled before printing warning Lucas Stach <l.stach(a)pengutronix.de> drm/imx: imx-ldb: disable LDB on driver bind Varun Prakash <varun(a)chelsio.com> scsi: libiscsi: fix possible NULL pointer dereference in case of TMF Varun Prakash <varun(a)chelsio.com> scsi: target: iscsi: cxgbit: fix max iso npdu calculation Sean Paul <seanpaul(a)chromium.org> drm/bridge: adv7511: Reset registers on hotplug Bernd Edlinger <bernd.edlinger(a)hotmail.de> nl80211: Add a missing break in parse_station_flags Theodore Ts'o <tytso(a)mit.edu> ext4: clear mmp sequence number when remounting read-only mpubbise(a)codeaurora.org <mpubbise(a)codeaurora.org> mac80211: add stations tied to AP_VLANs during hw reconfig Zhen Lei <thunder.leizhen(a)huawei.com> esp6: fix memleak on error path in esp6_input Florian Westphal <fw(a)strlen.de> xfrm: free skb if nlsk pointer is NULL Tommi Rantala <tommi.t.rantala(a)nokia.com> xfrm: fix missing dst_release() after policy blocking lbcast and multicast Eyal Birger <eyal.birger(a)gmail.com> vti6: fix PMTU caching and reporting on xmit Paulo Flabiano Smorigo <pfsmorigo(a)linux.vnet.ibm.com> crypto: vmx - Use skcipher for ctr fallback ------------- Diffstat: Makefile | 8 +- arch/Kconfig | 3 + arch/arc/Kconfig | 3 + arch/arc/include/asm/cache.h | 4 +- arch/arc/include/asm/delay.h | 3 + arch/arc/mm/cache.c | 7 +- arch/arc/plat-eznps/include/plat/ctop.h | 10 +++ arch/arc/plat-eznps/mtm.c | 6 +- arch/arm/probes/kprobes/core.c | 4 +- arch/arm/probes/kprobes/test-core.c | 1 - arch/arm64/boot/dts/rockchip/rk3328.dtsi | 2 +- arch/arm64/kernel/probes/kprobes.c | 2 +- arch/arm64/mm/init.c | 6 +- arch/mips/Makefile | 12 +-- arch/mips/bcm47xx/setup.c | 6 -- arch/mips/include/asm/mipsregs.h | 3 - arch/mips/include/asm/processor.h | 15 +++- arch/mips/kernel/ptrace.c | 2 +- arch/mips/kernel/ptrace32.c | 2 +- arch/mips/lib/multi3.c | 6 +- arch/powerpc/net/bpf_jit_comp64.c | 29 ++----- arch/s390/include/asm/qdio.h | 1 - arch/s390/mm/fault.c | 2 + arch/s390/mm/page-states.c | 2 +- arch/s390/net/bpf_jit_comp.c | 2 - arch/s390/numa/numa.c | 16 +--- arch/s390/pci/pci.c | 2 + arch/sparc/include/asm/Kbuild | 1 + arch/sparc/kernel/time_64.c | 2 +- arch/x86/Kconfig | 1 + arch/x86/boot/compressed/Makefile | 8 +- arch/x86/entry/vdso/Makefile | 6 +- arch/x86/events/amd/ibs.c | 6 +- arch/x86/events/core.c | 2 +- arch/x86/include/asm/irqflags.h | 3 +- arch/x86/include/asm/processor.h | 6 +- arch/x86/include/asm/tlbflush.h | 40 +++++++++ arch/x86/include/asm/vgtod.h | 2 +- arch/x86/kernel/cpu/bugs.c | 50 +++++++++-- arch/x86/kernel/cpu/common.c | 1 + arch/x86/kernel/cpu/intel.c | 3 + arch/x86/kernel/dumpstack.c | 4 + arch/x86/kernel/process_64.c | 1 + arch/x86/kvm/svm.c | 8 +- arch/x86/kvm/vmx.c | 18 ++-- arch/x86/lib/usercopy.c | 5 ++ arch/x86/mm/init.c | 4 +- arch/x86/mm/mmap.c | 2 +- arch/x86/mm/tlb.c | 7 ++ drivers/base/power/clock_ops.c | 2 +- drivers/block/nbd.c | 96 ++++++++++++++++++---- drivers/cdrom/cdrom.c | 2 +- drivers/char/tpm/tpm-interface.c | 2 +- drivers/clk/rockchip/clk-rk3399.c | 2 +- drivers/crypto/vmx/aes_ctr.c | 31 +++---- drivers/gpio/gpiolib-acpi.c | 56 ++++++++++++- drivers/gpu/drm/bridge/adv7511/adv7511_drv.c | 12 +++ drivers/gpu/drm/imx/imx-ldb.c | 9 +- drivers/gpu/drm/udl/udl_drv.h | 2 +- drivers/gpu/drm/udl/udl_fb.c | 17 ++-- drivers/gpu/drm/udl/udl_main.c | 35 ++++---- drivers/gpu/drm/udl/udl_transfer.c | 39 ++++----- drivers/hwmon/nct6775.c | 2 + drivers/i2c/busses/i2c-davinci.c | 8 +- drivers/i2c/i2c-core-base.c | 2 +- drivers/i2c/i2c-mux.c | 4 +- drivers/iommu/arm-smmu.c | 16 ++-- drivers/misc/mei/main.c | 1 - drivers/net/can/m_can/m_can.c | 7 +- drivers/net/can/mscan/mpc5xxx_can.c | 5 ++ drivers/net/ethernet/3com/Kconfig | 2 +- drivers/net/ethernet/amd/Kconfig | 4 +- drivers/net/ethernet/atheros/atl1c/atl1c_main.c | 1 + .../net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c | 13 ++- drivers/net/ethernet/cirrus/Kconfig | 1 + drivers/net/ethernet/cisco/enic/enic_main.c | 80 +++++++----------- drivers/net/ethernet/huawei/hinic/hinic_main.c | 1 + drivers/net/ethernet/netronome/nfp/flower/main.c | 4 +- drivers/net/ethernet/qlogic/qed/qed_l2.c | 15 ++-- drivers/net/ethernet/qlogic/qed/qed_l2.h | 2 +- drivers/net/ethernet/qlogic/qed/qed_mcp.c | 13 ++- drivers/net/ethernet/qlogic/qed/qed_sriov.c | 2 +- drivers/net/ethernet/qlogic/qed/qed_vf.c | 4 +- drivers/net/ethernet/qlogic/qed/qed_vf.h | 7 +- drivers/net/ethernet/xilinx/xilinx_axienet_mdio.c | 1 + drivers/net/usb/qmi_wwan.c | 2 +- drivers/net/wan/lmc/lmc_main.c | 2 +- drivers/net/wireless/broadcom/b43/leds.c | 2 +- drivers/net/wireless/broadcom/b43legacy/leds.c | 2 +- drivers/nvme/host/pci.c | 8 ++ drivers/pinctrl/freescale/pinctrl-imx1-core.c | 2 +- drivers/platform/x86/ideapad-laptop.c | 4 +- drivers/power/supply/generic-adc-battery.c | 25 +++--- drivers/s390/cio/qdio_main.c | 5 +- drivers/scsi/fcoe/fcoe_ctlr.c | 6 +- drivers/scsi/libfc/fc_rport.c | 1 + drivers/scsi/libiscsi.c | 12 +-- drivers/scsi/mpt3sas/mpt3sas_transport.c | 5 +- drivers/scsi/scsi_sysfs.c | 20 ++++- drivers/scsi/vmw_pvscsi.c | 11 ++- drivers/staging/media/omap4iss/iss_video.c | 3 +- drivers/target/iscsi/cxgbit/cxgbit_target.c | 16 ++-- drivers/target/iscsi/iscsi_target_login.c | 35 ++++---- drivers/usb/gadget/function/f_uac2.c | 24 +++--- drivers/usb/gadget/function/u_audio.c | 88 ++++++++------------ drivers/usb/gadget/udc/r8a66597-udc.c | 6 +- drivers/usb/phy/phy-fsl-usb.c | 4 +- fs/btrfs/disk-io.c | 10 ++- fs/btrfs/extent-tree.c | 2 +- fs/btrfs/inode.c | 26 ------ fs/btrfs/super.c | 1 - fs/cachefiles/namei.c | 1 - fs/cachefiles/rdwr.c | 17 ++-- fs/cifs/cifs_debug.c | 30 +++++-- fs/cifs/cifsfs.c | 18 ++-- fs/cifs/inode.c | 2 + fs/cifs/link.c | 4 +- fs/cifs/sess.c | 6 ++ fs/cifs/smb2inode.c | 2 +- fs/cifs/smb2ops.c | 36 ++++++-- fs/cifs/smb2pdu.c | 8 ++ fs/cifs/smb2pdu.h | 11 +++ fs/ext4/mmp.c | 7 +- fs/ext4/namei.c | 1 + fs/ext4/super.c | 2 + fs/ext4/sysfs.c | 13 ++- fs/ext4/xattr.c | 2 + fs/fscache/operation.c | 6 +- fs/fuse/dev.c | 39 +++++++-- fs/fuse/dir.c | 10 ++- fs/fuse/file.c | 1 + fs/fuse/fuse_i.h | 5 +- fs/fuse/inode.c | 37 +++++---- fs/squashfs/file.c | 50 ++++++----- fs/squashfs/file_cache.c | 4 +- fs/squashfs/file_direct.c | 24 +++--- fs/squashfs/squashfs.h | 3 +- fs/sysfs/file.c | 44 ++++++++++ include/linux/printk.h | 4 + include/linux/rtmutex.h | 7 ++ include/linux/sysfs.h | 14 ++++ ipc/sem.c | 2 +- kernel/kprobes.c | 4 +- kernel/locking/rtmutex.c | 29 ++++++- kernel/printk/internal.h | 9 +- kernel/printk/printk.c | 57 ++++++++----- kernel/printk/printk_safe.c | 58 ++++++++----- kernel/sched/rt.c | 2 + kernel/stop_machine.c | 43 ++++++---- kernel/trace/trace.c | 4 +- kernel/watchdog.c | 4 +- kernel/watchdog_hld.c | 2 +- kernel/workqueue.c | 2 +- lib/nmi_backtrace.c | 3 - mm/memcontrol.c | 15 +++- mm/memory.c | 27 +++++- mm/zswap.c | 9 ++ net/caif/caif_dev.c | 4 +- net/core/lwt_bpf.c | 2 +- net/ipv6/esp6.c | 4 +- net/ipv6/ip6_vti.c | 11 +-- net/mac80211/util.c | 3 +- net/netfilter/nf_tables_api.c | 59 ++++++++----- net/netfilter/nft_set_hash.c | 1 + net/wireless/nl80211.c | 1 + net/xfrm/xfrm_policy.c | 3 + net/xfrm/xfrm_user.c | 10 ++- scripts/gcc-plugins/gcc-common.h | 4 + scripts/gcc-plugins/latent_entropy_plugin.c | 17 ++-- scripts/gcc-plugins/randomize_layout_plugin.c | 75 +++++------------ scripts/gcc-plugins/structleak_plugin.c | 19 ++--- sound/soc/sirf/sirf-usp.c | 7 +- sound/soc/soc-pcm.c | 8 ++ sound/soc/zte/zx-tdm.c | 4 +- tools/power/x86/turbostat/turbostat.c | 8 +- .../selftests/ftrace/test.d/00basic/snapshot.tc | 28 +++++++ tools/usb/ffs-test.c | 19 ++++- virt/kvm/arm/mmu.c | 42 +++++++--- 178 files changed, 1394 insertions(+), 774 deletions(-)

7 years, 1 month

7
172
0 0

[PATCH] drm/edid: Add 6 bpc quirk for BOE panel in HP Pavilion 15-n233sl

by Kai-Heng Feng

There's another panel that reports "DFP 1.x compliant TMDS" but it supports 6bpc instead of 8 bpc. Apply 6 bpc quirk for the panel to fix it. BugLink: https://bugs.launchpad.net/bugs/1794387 Cc: <stable(a)vger.kernel.org> # v4.8+ Signed-off-by: Kai-Heng Feng <kai.heng.feng(a)canonical.com> --- drivers/gpu/drm/drm_edid.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/gpu/drm/drm_edid.c b/drivers/gpu/drm/drm_edid.c index 3c9fc99648b7..1e2b9407c8d0 100644 --- a/drivers/gpu/drm/drm_edid.c +++ b/drivers/gpu/drm/drm_edid.c @@ -113,6 +113,9 @@ static const struct edid_quirk { /* AEO model 0 reports 8 bpc, but is a 6 bpc panel */ { "AEO", 0, EDID_QUIRK_FORCE_6BPC }, + /* BOE model on HP Pavilion 15-n233sl reports 8 bpc, but is a 6 bpc panel */ + { "BOE", 0x78b, EDID_QUIRK_FORCE_6BPC }, + /* CPT panel of Asus UX303LA reports 8 bpc, but is a 6 bpc panel */ { "CPT", 0x17df, EDID_QUIRK_FORCE_6BPC }, -- 2.17.1

7 years, 1 month

2
1
0 0

[PATCH v2] mtd: rawnand: marvell: check for RDY bits after enabling the IRQ

by Daniel Mack

At least on PXA3xx platforms, enabling RDY interrupts in the NDCR register will only cause the IRQ to latch when the RDY lanes are changing, and not in case they are already asserted. This means that if the controller finished the command in flight before marvell_nfc_wait_op() is called, that function will wait for a change in the bit that can't ever happen as it is already set. To address this race, check for the RDY bits after the IRQ was enabled, and complete the completion immediately if the condition is already met. This fixes a bug that was observed with a NAND chip that holds a UBIFS parition on which file system stress tests were executed. When marvell_nfc_wait_op() reports an error, UBI/UBIFS will eventually mount the filesystem read-only, reporting lots of warnings along the way. Fixes: 02f26ecf8c77 mtd: nand: add reworked Marvell NAND controller driver Cc: stable(a)vger.kernel.org Signed-off-by: Daniel Mack <daniel(a)zonque.org> --- v1 → v2: * Use complete(&nfc->complete) when the condition is met, and do wait_for_completion_timeout() in all cases. Suggested by Boris Brezillon. drivers/mtd/nand/raw/marvell_nand.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/drivers/mtd/nand/raw/marvell_nand.c b/drivers/mtd/nand/raw/marvell_nand.c index 666f34b58dec..4870b5bae296 100644 --- a/drivers/mtd/nand/raw/marvell_nand.c +++ b/drivers/mtd/nand/raw/marvell_nand.c @@ -614,6 +614,7 @@ static int marvell_nfc_wait_op(struct nand_chip *chip, unsigned int timeout_ms) { struct marvell_nfc *nfc = to_marvell_nfc(chip->controller); int ret; + u32 st; /* Timeout is expressed in ms */ if (!timeout_ms) @@ -622,6 +623,15 @@ static int marvell_nfc_wait_op(struct nand_chip *chip, unsigned int timeout_ms) init_completion(&nfc->complete); marvell_nfc_enable_int(nfc, NDCR_RDYM); + + /* + * Check if the NDSR_RDY bits have already been set before the + * interrupt was enabled. + */ + st = readl_relaxed(nfc->regs + NDSR); + if (st & (NDSR_RDY(0) | NDSR_RDY(1))) + complete(&nfc->complete); + ret = wait_for_completion_timeout(&nfc->complete, msecs_to_jiffies(timeout_ms)); marvell_nfc_disable_int(nfc, NDCR_RDYM); -- 2.17.1

7 years, 1 month

4
27
0 0

[PATCH] mtd: spi-nor: fsl-quadspi: Don't let -EINVAL on the bus

by Ahmad Fatoum

fsl_qspi_get_seqid() may return -EINVAL, but fsl_qspi_init_ahb_read() doesn't check for error codes with the result that -EINVAL could find itself signalled over the bus. In conjunction with the LS1046A SoC's A-009283 errata ("Illegal accesses to SPI flash memory can result in a system hang") this illegal access to SPI flash memory results in a system hang if userspace attempts reading later on. Avoid this by always checking fsl_qspi_get_seqid()'s return value and bail out otherwise. Cc: stable(a)vger.kernel.org Signed-off-by: Ahmad Fatoum <a.fatoum(a)pengutronix.de> --- drivers/mtd/spi-nor/fsl-quadspi.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/drivers/mtd/spi-nor/fsl-quadspi.c b/drivers/mtd/spi-nor/fsl-quadspi.c index 7d9620c7ff6c..1bb42e40c38b 100644 --- a/drivers/mtd/spi-nor/fsl-quadspi.c +++ b/drivers/mtd/spi-nor/fsl-quadspi.c @@ -543,6 +543,9 @@ fsl_qspi_runcmd(struct fsl_qspi *q, u8 cmd, unsigned int addr, int len) /* trigger the LUT now */ seqid = fsl_qspi_get_seqid(q, cmd); + if (seqid < 0) + return seqid; + qspi_writel(q, (seqid << QUADSPI_IPCR_SEQID_SHIFT) | len, base + QUADSPI_IPCR); @@ -671,7 +674,7 @@ static void fsl_qspi_set_map_addr(struct fsl_qspi *q) * causes the controller to clear the buffer, and use the sequence pointed * by the QUADSPI_BFGENCR[SEQID] to initiate a read from the flash. */ -static void fsl_qspi_init_ahb_read(struct fsl_qspi *q) +static int fsl_qspi_init_ahb_read(struct fsl_qspi *q) { void __iomem *base = q->iobase; int seqid; @@ -696,8 +699,12 @@ static void fsl_qspi_init_ahb_read(struct fsl_qspi *q) /* Set the default lut sequence for AHB Read. */ seqid = fsl_qspi_get_seqid(q, q->nor[0].read_opcode); + if (seqid < 0) + return seqid; + qspi_writel(q, seqid << QUADSPI_BFGENCR_SEQID_SHIFT, q->iobase + QUADSPI_BFGENCR); + return 0; } /* This function was used to prepare and enable QSPI clock */ @@ -805,9 +812,7 @@ static int fsl_qspi_nor_setup_last(struct fsl_qspi *q) fsl_qspi_init_lut(q); /* Init for AHB read */ - fsl_qspi_init_ahb_read(q); - - return 0; + return fsl_qspi_init_ahb_read(q); } static const struct of_device_id fsl_qspi_dt_ids[] = { -- 2.19.0

7 years, 1 month

2
1
0 0

[PATCH] x86/vdso: Only enable vDSO retpolines when enabled and supported

by Andy Lutomirski

When I fixed the vDSO build to use inline retpolines, I messed up the Makefile logic and made it unconditional. It should have depended on CONFIG_RETPOLINE and on the availability of compiler support. This broke the build on some older compilers. Fixes: 2e549b2ee0e3 ("x86/vdso: Fix vDSO build if a retpoline is emitted") Cc: stable(a)vger.kernel.org Reported-by: nikola.ciprich(a)linuxbox.cz Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Matt Rickard <matt(a)softrans.com.au> Cc: Borislav Petkov <bp(a)alien8.de> Cc: jason.vas.dias(a)gmail.com Cc: David Woodhouse <dwmw2(a)infradead.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Andi Kleen <ak(a)linux.intel.com> Cc: nikola.ciprich(a)linuxbox.cz Signed-off-by: Andy Lutomirski <luto(a)kernel.org> --- arch/x86/entry/vdso/Makefile | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/arch/x86/entry/vdso/Makefile b/arch/x86/entry/vdso/Makefile index fa3f439f0a92..141d415a8c80 100644 --- a/arch/x86/entry/vdso/Makefile +++ b/arch/x86/entry/vdso/Makefile @@ -68,7 +68,13 @@ $(obj)/vdso-image-%.c: $(obj)/vdso%.so.dbg $(obj)/vdso%.so $(obj)/vdso2c FORCE CFL := $(PROFILING) -mcmodel=small -fPIC -O2 -fasynchronous-unwind-tables -m64 \ $(filter -g%,$(KBUILD_CFLAGS)) $(call cc-option, -fno-stack-protector) \ -fno-omit-frame-pointer -foptimize-sibling-calls \ - -DDISABLE_BRANCH_PROFILING -DBUILD_VDSO $(RETPOLINE_VDSO_CFLAGS) + -DDISABLE_BRANCH_PROFILING -DBUILD_VDSO + +ifdef CONFIG_RETPOLINE +ifneq ($(RETPOLINE_VDSO_CFLAGS),) + CFL += $(RETPOLINE_VDSO_CFLAGS) +endif +endif $(vobjs): KBUILD_CFLAGS := $(filter-out $(GCC_PLUGINS_CFLAGS) $(RETPOLINE_CFLAGS),$(KBUILD_CFLAGS)) $(CFL) @@ -138,7 +144,13 @@ KBUILD_CFLAGS_32 += $(call cc-option, -fno-stack-protector) KBUILD_CFLAGS_32 += $(call cc-option, -foptimize-sibling-calls) KBUILD_CFLAGS_32 += -fno-omit-frame-pointer KBUILD_CFLAGS_32 += -DDISABLE_BRANCH_PROFILING -KBUILD_CFLAGS_32 += $(RETPOLINE_VDSO_CFLAGS) + +ifdef CONFIG_RETPOLINE +ifneq ($(RETPOLINE_VDSO_CFLAGS),) + KBUILD_CFLAGS_32 += $(RETPOLINE_VDSO_CFLAGS) +endif +endif + $(obj)/vdso32.so.dbg: KBUILD_CFLAGS = $(KBUILD_CFLAGS_32) $(obj)/vdso32.so.dbg: FORCE \ -- 2.17.1

7 years, 1 month

1
0
0 0

[PATCH v2 1/1] pinctrl: mcp23s08: fix irq and irqchip setup order

by Marco Felsch

Since 'commit 02e389e63e35 ("pinctrl: mcp23s08: fix irq setup order")' the irq request isn't the last devm_* allocation. Without a deeper look at the irq and testing this isn't a good solution. Since this driver relies on the devm mechanism, requesting a interrupt should be the last thing to avoid memory corruptions during unbinding. 'Commit 02e389e63e35 ("pinctrl: mcp23s08: fix irq setup order")' fixed the order for the interrupt-controller use case only. The mcp23s08_irq_setup() must be split into two to fix it for the interrupt-controller use case and to register the irq at last. So the irq will be freed first during unbind. Cc: stable(a)vger.kernel.org Cc: Phil Reid <preid(a)electromag.com.au> Cc: Jan Kundrát <jan.kundrat(a)cesnet.cz> Cc: Dmitry Mastykin <mastichi(a)gmail.com> Cc: Sebastian Reichel <sebastian.reichel(a)collabora.co.uk> Fixes: 82039d244f87 ("pinctrl: mcp23s08: add pinconf support") Fixes: 02e389e63e35 ("pinctrl: mcp23s08: fix irq setup order") Signed-off-by: Marco Felsch <m.felsch(a)pengutronix.de> --- drivers/pinctrl/pinctrl-mcp23s08.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/drivers/pinctrl/pinctrl-mcp23s08.c b/drivers/pinctrl/pinctrl-mcp23s08.c index 4a8a8efadefa..cf73a403d22d 100644 --- a/drivers/pinctrl/pinctrl-mcp23s08.c +++ b/drivers/pinctrl/pinctrl-mcp23s08.c @@ -636,6 +636,14 @@ static int mcp23s08_irq_setup(struct mcp23s08 *mcp) return err; } + return 0; +} + +static int mcp23s08_irqchip_setup(struct mcp23s08 *mcp) +{ + struct gpio_chip *chip = &mcp->chip; + int err; + err = gpiochip_irqchip_add_nested(chip, &mcp23s08_irq_chip, 0, @@ -912,7 +920,7 @@ static int mcp23s08_probe_one(struct mcp23s08 *mcp, struct device *dev, } if (mcp->irq && mcp->irq_controller) { - ret = mcp23s08_irq_setup(mcp); + ret = mcp23s08_irqchip_setup(mcp); if (ret) goto fail; } @@ -944,6 +952,9 @@ static int mcp23s08_probe_one(struct mcp23s08 *mcp, struct device *dev, goto fail; } + if (mcp->irq) + ret = mcp23s08_irq_setup(mcp); + fail: if (ret < 0) dev_dbg(dev, "can't setup chip %d, --> %d\n", addr, ret); -- 2.19.0

7 years, 1 month

2
1
0 0

[PATCH] f2fs: fix to recover cold bit of inode block during POR

by Chao Yu

From: Chao Yu <yuchao0(a)huawei.com> Testcase to reproduce this bug: 1. mkfs.f2fs /dev/sdd 2. mount -t f2fs /dev/sdd /mnt/f2fs 3. touch /mnt/f2fs/file 4. sync 5. chattr +A /mnt/f2fs/file 6. xfs_io -f /mnt/f2fs/file -c "fsync" 7. godown /mnt/f2fs 8. umount /mnt/f2fs 9. mount -t f2fs /dev/sdd /mnt/f2fs 10. chattr -A /mnt/f2fs/file 11. xfs_io -f /mnt/f2fs/file -c "fsync" 12. umount /mnt/f2fs 13. mount -t f2fs /dev/sdd /mnt/f2fs 14. lsattr /mnt/f2fs/file -----------------N- /mnt/f2fs/file But actually, we expect the corrct result is: -------A---------N- /mnt/f2fs/file The reason is in step 9) we missed to recover cold bit flag in inode block, so later, in fsync, we will skip write inode block due to below condition check, result in lossing data in another SPOR. f2fs_fsync_node_pages() if (!IS_DNODE(page) || !is_cold_node(page)) continue; Note that, I guess that some non-dir inode has already lost cold bit during POR, so in order to reenable recovery for those inode, let's try to recover cold bit in f2fs_iget() to save more fsynced data. Fixes: c56675750d7c ("f2fs: remove unneeded set_cold_node()") Cc: <stable(a)vger.kernel.org> 4.17+ Signed-off-by: Chao Yu <yuchao0(a)huawei.com> --- fs/f2fs/inode.c | 4 ++++ fs/f2fs/node.c | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/fs/f2fs/inode.c b/fs/f2fs/inode.c index 3c278e63d1a3..4ce4d6b298f9 100644 --- a/fs/f2fs/inode.c +++ b/fs/f2fs/inode.c @@ -365,6 +365,10 @@ static int do_read_inode(struct inode *inode) if (f2fs_has_inline_data(inode) && !f2fs_exist_data(inode)) __recover_inline_status(inode, node_page); + /* try to recover cold bit for non-dir inode */ + if (!S_ISDIR(inode->i_mode) && !is_cold_node(node_page)) + set_cold_node(node_page, false); + /* get rdev by using inline_info */ __get_inode_rdev(inode, ri); diff --git a/fs/f2fs/node.c b/fs/f2fs/node.c index b3cf18eb12f0..b1edc7525597 100644 --- a/fs/f2fs/node.c +++ b/fs/f2fs/node.c @@ -2549,7 +2549,7 @@ int f2fs_recover_inode_page(struct f2fs_sb_info *sbi, struct page *page) if (!PageUptodate(ipage)) SetPageUptodate(ipage); fill_node_footer(ipage, ino, ino, 0, true); - set_cold_node(page, false); + set_cold_node(ipage, false); src = F2FS_INODE(page); dst = F2FS_INODE(ipage); -- 2.18.0

7 years, 1 month

2
1
0 0

+ ocfs2-fix-locking-for-res-tracking-and-dlm-tracking_list.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: ocfs2: fix locking for res->tracking and dlm->tracking_list has been added to the -mm tree. Its filename is ocfs2-fix-locking-for-res-tracking-and-dlm-tracking_list.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/ocfs2-fix-locking-for-res-tracking… and later at http://ozlabs.org/~akpm/mmotm/broken-out/ocfs2-fix-locking-for-res-tracking… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Ashish Samant <ashish.samant(a)oracle.com> Subject: ocfs2: fix locking for res->tracking and dlm->tracking_list In dlm_init_lockres() we access and modify res->tracking and dlm->tracking_list without holding dlm->track_lock. This can cause list corruptions and can end up in kernel panic. Fix this by locking res->tracking and dlm->tracking_list with dlm->track_lock instead of dlm->spinlock. Link: http://lkml.kernel.org/r/1529951192-4686-1-git-send-email-ashish.samant@ora… Signed-off-by: Ashish Samant <ashish.samant(a)oracle.com> Reviewed-by: Changwei Ge <ge.changwei(a)h3c.com> Acked-by: Joseph Qi <jiangqi903(a)gmail.com> Acked-by: Jun Piao <piaojun(a)huawei.com> Cc: Mark Fasheh <mark(a)fasheh.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Changwei Ge <ge.changwei(a)h3c.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/ocfs2/dlm/dlmmaster.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/fs/ocfs2/dlm/dlmmaster.c~ocfs2-fix-locking-for-res-tracking-and-dlm-tracking_list +++ a/fs/ocfs2/dlm/dlmmaster.c @@ -584,9 +584,9 @@ static void dlm_init_lockres(struct dlm_ res->last_used = 0; - spin_lock(&dlm->spinlock); + spin_lock(&dlm->track_lock); list_add_tail(&res->tracking, &dlm->tracking_list); - spin_unlock(&dlm->spinlock); + spin_unlock(&dlm->track_lock); memset(res->lvb, 0, DLM_LVB_LEN); memset(res->refmap, 0, sizeof(res->refmap)); _ Patches currently in -mm which might be from ashish.samant(a)oracle.com are ocfs2-fix-locking-for-res-tracking-and-dlm-tracking_list.patch

7 years, 1 month

1
0
0 0

patch "Drivers: hv: kvp: Fix two "this statement may fall through" warnings" added to char-misc-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled Drivers: hv: kvp: Fix two "this statement may fall through" warnings to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the char-misc-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. >From fc62c3b1977d62e6374fd6e28d371bb42dfa5c9d Mon Sep 17 00:00:00 2001 From: Dexuan Cui <decui(a)microsoft.com> Date: Sun, 23 Sep 2018 21:10:43 +0000 Subject: Drivers: hv: kvp: Fix two "this statement may fall through" warnings We don't need to call process_ib_ipinfo() if message->kvp_hdr.operation is KVP_OP_GET_IP_INFO in kvp_send_key(), because here we just need to pass on the op code from the host to the userspace; when the userspace returns the info requested by the host, we pass the info on to the host in kvp_respond_to_host() -> process_ob_ipinfo(). BTW, the current buggy code actually doesn't cause any harm, because only message->kvp_hdr.operation is used by the userspace, in the case of KVP_OP_GET_IP_INFO. The patch also adds a missing "break;" in kvp_send_key(). BTW, the current buggy code actually doesn't cause any harm, because in the case of KVP_OP_SET, the unexpected fall-through corrupts message->body.kvp_set.data.key_size, but that is not really used: see the definition of struct hv_kvp_exchg_msg_value. Signed-off-by: Dexuan Cui <decui(a)microsoft.com> Cc: K. Y. Srinivasan <kys(a)microsoft.com> Cc: Haiyang Zhang <haiyangz(a)microsoft.com> Cc: Stephen Hemminger <sthemmin(a)microsoft.com> Cc: <Stable(a)vger.kernel.org> Signed-off-by: K. Y. Srinivasan <kys(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/hv/hv_kvp.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/hv/hv_kvp.c b/drivers/hv/hv_kvp.c index 023bd185d21a..a7513a8a8e37 100644 --- a/drivers/hv/hv_kvp.c +++ b/drivers/hv/hv_kvp.c @@ -353,7 +353,6 @@ static void process_ib_ipinfo(void *in_msg, void *out_msg, int op) out->body.kvp_ip_val.dhcp_enabled = in->kvp_ip_val.dhcp_enabled; - default: utf16s_to_utf8s((wchar_t *)in->kvp_ip_val.adapter_id, MAX_ADAPTER_ID_SIZE, UTF16_LITTLE_ENDIAN, @@ -406,7 +405,7 @@ kvp_send_key(struct work_struct *dummy) process_ib_ipinfo(in_msg, message, KVP_OP_SET_IP_INFO); break; case KVP_OP_GET_IP_INFO: - process_ib_ipinfo(in_msg, message, KVP_OP_GET_IP_INFO); + /* We only need to pass on message->kvp_hdr.operation. */ break; case KVP_OP_SET: switch (in_msg->body.kvp_set.data.value_type) { @@ -446,6 +445,9 @@ kvp_send_key(struct work_struct *dummy) break; } + + break; + case KVP_OP_GET: message->body.kvp_set.data.key_size = utf16s_to_utf8s( -- 2.19.0

7 years, 1 month

1
0
0 0

patch "Drivers: hv: vmbus: Use cpumask_var_t for on-stack cpu mask" added to char-misc-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled Drivers: hv: vmbus: Use cpumask_var_t for on-stack cpu mask to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the char-misc-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. >From 25355252607ca288f329ee033f387764883393f6 Mon Sep 17 00:00:00 2001 From: Dexuan Cui <decui(a)microsoft.com> Date: Sun, 23 Sep 2018 21:10:44 +0000 Subject: Drivers: hv: vmbus: Use cpumask_var_t for on-stack cpu mask MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit A cpumask structure on the stack can cause a warning with CONFIG_NR_CPUS=8192 (e.g. Ubuntu 16.04 and 18.04 use this): drivers/hv//channel_mgmt.c: In function ‘init_vp_index’: drivers/hv//channel_mgmt.c:702:1: warning: the frame size of 1032 bytes is larger than 1024 bytes [-Wframe-larger-than=] Nowadays it looks most distros enable CONFIG_CPUMASK_OFFSTACK=y, and hence we can work around the warning by using cpumask_var_t. Signed-off-by: Dexuan Cui <decui(a)microsoft.com> Cc: K. Y. Srinivasan <kys(a)microsoft.com> Cc: Haiyang Zhang <haiyangz(a)microsoft.com> Cc: Stephen Hemminger <sthemmin(a)microsoft.com> Cc: <Stable(a)vger.kernel.org> Signed-off-by: K. Y. Srinivasan <kys(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/hv/channel_mgmt.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/drivers/hv/channel_mgmt.c b/drivers/hv/channel_mgmt.c index 6f3e6af5e891..6277597d3d58 100644 --- a/drivers/hv/channel_mgmt.c +++ b/drivers/hv/channel_mgmt.c @@ -594,16 +594,18 @@ static void init_vp_index(struct vmbus_channel *channel, u16 dev_type) bool perf_chn = vmbus_devs[dev_type].perf_device; struct vmbus_channel *primary = channel->primary_channel; int next_node; - struct cpumask available_mask; + cpumask_var_t available_mask; struct cpumask *alloced_mask; if ((vmbus_proto_version == VERSION_WS2008) || - (vmbus_proto_version == VERSION_WIN7) || (!perf_chn)) { + (vmbus_proto_version == VERSION_WIN7) || (!perf_chn) || + !alloc_cpumask_var(&available_mask, GFP_KERNEL)) { /* * Prior to win8, all channel interrupts are * delivered on cpu 0. * Also if the channel is not a performance critical * channel, bind it to cpu 0. + * In case alloc_cpumask_var() fails, bind it to cpu 0. */ channel->numa_node = 0; channel->target_cpu = 0; @@ -641,7 +643,7 @@ static void init_vp_index(struct vmbus_channel *channel, u16 dev_type) cpumask_clear(alloced_mask); } - cpumask_xor(&available_mask, alloced_mask, + cpumask_xor(available_mask, alloced_mask, cpumask_of_node(primary->numa_node)); cur_cpu = -1; @@ -659,10 +661,10 @@ static void init_vp_index(struct vmbus_channel *channel, u16 dev_type) } while (true) { - cur_cpu = cpumask_next(cur_cpu, &available_mask); + cur_cpu = cpumask_next(cur_cpu, available_mask); if (cur_cpu >= nr_cpu_ids) { cur_cpu = -1; - cpumask_copy(&available_mask, + cpumask_copy(available_mask, cpumask_of_node(primary->numa_node)); continue; } @@ -692,6 +694,8 @@ static void init_vp_index(struct vmbus_channel *channel, u16 dev_type) channel->target_cpu = cur_cpu; channel->target_vp = hv_cpu_number_to_vp_number(cur_cpu); + + free_cpumask_var(available_mask); } static void vmbus_wait_for_unload(void) -- 2.19.0

7 years, 1 month

1
0
0 0

patch "w1: omap-hdq: fix missing bus unregister at removal" added to char-misc-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled w1: omap-hdq: fix missing bus unregister at removal to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the char-misc-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. >From a007734618fee1bf35556c04fa498d41d42c7301 Mon Sep 17 00:00:00 2001 From: Andreas Kemnade <andreas(a)kemnade.info> Date: Sat, 22 Sep 2018 21:20:54 +0200 Subject: w1: omap-hdq: fix missing bus unregister at removal The bus master was not removed after unloading the module or unbinding the driver. That lead to oopses like this [ 127.842987] Unable to handle kernel paging request at virtual address bf01d04c [ 127.850646] pgd = 70e3cd9a [ 127.853698] [bf01d04c] *pgd=8f908811, *pte=00000000, *ppte=00000000 [ 127.860412] Internal error: Oops: 80000007 [#1] PREEMPT SMP ARM [ 127.866668] Modules linked in: bq27xxx_battery overlay [last unloaded: omap_hdq] [ 127.874542] CPU: 0 PID: 1022 Comm: w1_bus_master1 Not tainted 4.19.0-rc4-00001-g2d51da718324 #12 [ 127.883819] Hardware name: Generic OMAP36xx (Flattened Device Tree) [ 127.890441] PC is at 0xbf01d04c [ 127.893798] LR is at w1_search_process_cb+0x4c/0xfc [ 127.898956] pc : [<bf01d04c>] lr : [<c05f9580>] psr: a0070013 [ 127.905609] sp : cf885f48 ip : bf01d04c fp : ddf1e11c [ 127.911132] r10: cf8fe040 r9 : c05f8d00 r8 : cf8fe040 [ 127.916656] r7 : 000000f0 r6 : cf8fe02c r5 : cf8fe000 r4 : cf8fe01c [ 127.923553] r3 : c05f8d00 r2 : 000000f0 r1 : cf8fe000 r0 : dde1ef10 [ 127.930450] Flags: NzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none [ 127.938018] Control: 10c5387d Table: 8f8f0019 DAC: 00000051 [ 127.944091] Process w1_bus_master1 (pid: 1022, stack limit = 0x9135699f) [ 127.951171] Stack: (0xcf885f48 to 0xcf886000) [ 127.955810] 5f40: cf8fe000 00000000 cf884000 cf8fe090 000003e8 c05f8d00 [ 127.964477] 5f60: dde5fc34 c05f9700 ddf1e100 ddf1e540 cf884000 cf8fe000 c05f9694 00000000 [ 127.973114] 5f80: dde5fc34 c01499a4 00000000 ddf1e540 c0149874 00000000 00000000 00000000 [ 127.981781] 5fa0: 00000000 00000000 00000000 c01010e8 00000000 00000000 00000000 00000000 [ 127.990447] 5fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 127.999114] 5fe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000 [ 128.007781] [<c05f9580>] (w1_search_process_cb) from [<c05f9700>] (w1_process+0x6c/0x118) [ 128.016479] [<c05f9700>] (w1_process) from [<c01499a4>] (kthread+0x130/0x148) [ 128.024047] [<c01499a4>] (kthread) from [<c01010e8>] (ret_from_fork+0x14/0x2c) [ 128.031677] Exception stack(0xcf885fb0 to 0xcf885ff8) [ 128.037017] 5fa0: 00000000 00000000 00000000 00000000 [ 128.045684] 5fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 128.054351] 5fe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 128.061340] Code: bad PC value [ 128.064697] ---[ end trace af066e33c0e14119 ]--- Cc: <stable(a)vger.kernel.org> Signed-off-by: Andreas Kemnade <andreas(a)kemnade.info> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/w1/masters/omap_hdq.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/w1/masters/omap_hdq.c b/drivers/w1/masters/omap_hdq.c index 83fc9aab34e8..3099052e1243 100644 --- a/drivers/w1/masters/omap_hdq.c +++ b/drivers/w1/masters/omap_hdq.c @@ -763,6 +763,8 @@ static int omap_hdq_remove(struct platform_device *pdev) /* remove module dependency */ pm_runtime_disable(&pdev->dev); + w1_remove_master_device(&omap_w1_master); + return 0; } -- 2.19.0

7 years, 1 month

1
0
0 0

+ mm-vmstat-skip-nr_tlb_remote_flush-properly.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly has been added to the -mm tree. Its filename is mm-vmstat-skip-nr_tlb_remote_flush-properly.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/mm-vmstat-skip-nr_tlb_remote_flush… and later at http://ozlabs.org/~akpm/mmotm/broken-out/mm-vmstat-skip-nr_tlb_remote_flush… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Jann Horn <jannh(a)google.com> Subject: mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly 5dd0b16cdaff ("mm/vmstat: Make NR_TLB_REMOTE_FLUSH_RECEIVED available even on UP") made the availability of the NR_TLB_REMOTE_FLUSH* counters inside the kernel unconditional to reduce #ifdef soup, but (either to avoid showing dummy zero counters to userspace, or because that code was missed) didn't update the vmstat_array, meaning that all following counters would be shown with incorrect values. This only affects kernel builds with CONFIG_VM_EVENT_COUNTERS=y && CONFIG_DEBUG_TLBFLUSH=y && CONFIG_SMP=n. Link: http://lkml.kernel.org/r/20181001143138.95119-2-jannh@google.com Fixes: 5dd0b16cdaff ("mm/vmstat: Make NR_TLB_REMOTE_FLUSH_RECEIVED available even on UP") Signed-off-by: Jann Horn <jannh(a)google.com> Reviewed-by: Kees Cook <keescook(a)chromium.org> Reviewed-by: Andrew Morton <akpm(a)linux-foundation.org> Cc: Davidlohr Bueso <dave(a)stgolabs.net> Cc: Oleg Nesterov <oleg(a)redhat.com> Cc: Christoph Lameter <clameter(a)sgi.com> Cc: Roman Gushchin <guro(a)fb.com> Cc: Kemi Wang <kemi.wang(a)intel.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Ingo Molnar <mingo(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/vmstat.c | 3 +++ 1 file changed, 3 insertions(+) --- a/mm/vmstat.c~mm-vmstat-skip-nr_tlb_remote_flush-properly +++ a/mm/vmstat.c @@ -1275,6 +1275,9 @@ const char * const vmstat_text[] = { #ifdef CONFIG_SMP "nr_tlb_remote_flush", "nr_tlb_remote_flush_received", +#else + "", /* nr_tlb_remote_flush */ + "", /* nr_tlb_remote_flush_received */ #endif /* CONFIG_SMP */ "nr_tlb_local_flush_all", "nr_tlb_local_flush_one", _ Patches currently in -mm which might be from jannh(a)google.com are proc-restrict-kernel-stack-dumps-to-root.patch mm-vmstat-fix-outdated-vmstat_text.patch mm-vmstat-skip-nr_tlb_remote_flush-properly.patch mm-vmstat-assert-that-vmstat_text-is-in-sync-with-stat_items_size.patch reiserfs-propagate-errors-from-fill_with_dentries-properly.patch

7 years, 1 month

1
0
0 0

FAILED: patch "[PATCH] powerpc/pseries: Fix unitialized timer reset on migration" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 8604895a34d92f5e186ceb931b0d1b384030ea3d Mon Sep 17 00:00:00 2001 From: Michael Bringmann <mwb(a)linux.vnet.ibm.com> Date: Thu, 20 Sep 2018 11:45:13 -0500 Subject: [PATCH] powerpc/pseries: Fix unitialized timer reset on migration After migration of a powerpc LPAR, the kernel executes code to update the system state to reflect new platform characteristics. Such changes include modifications to device tree properties provided to the system by PHYP. Property notifications received by the post_mobility_fixup() code are passed along to the kernel in general through a call to of_update_property() which in turn passes such events back to all modules through entries like the '.notifier_call' function within the NUMA module. When the NUMA module updates its state, it resets its event timer. If this occurs after a previous call to stop_topology_update() or on a system without VPHN enabled, the code runs into an unitialized timer structure and crashes. This patch adds a safety check along this path toward the problem code. An example crash log is as follows. ibmvscsi 30000081: Re-enabling adapter! ------------[ cut here ]------------ kernel BUG at kernel/time/timer.c:958! Oops: Exception in kernel mode, sig: 5 [#1] LE SMP NR_CPUS=2048 NUMA pSeries Modules linked in: nfsv3 nfs_acl nfs tcp_diag udp_diag inet_diag lockd unix_diag af_packet_diag netlink_diag grace fscache sunrpc xts vmx_crypto pseries_rng sg binfmt_misc ip_tables xfs libcrc32c sd_mod ibmvscsi ibmveth scsi_transport_srp dm_mirror dm_region_hash dm_log dm_mod CPU: 11 PID: 3067 Comm: drmgr Not tainted 4.17.0+ #179 ... NIP mod_timer+0x4c/0x400 LR reset_topology_timer+0x40/0x60 Call Trace: 0xc0000003f9407830 (unreliable) reset_topology_timer+0x40/0x60 dt_update_callback+0x100/0x120 notifier_call_chain+0x90/0x100 __blocking_notifier_call_chain+0x60/0x90 of_property_notify+0x90/0xd0 of_update_property+0x104/0x150 update_dt_property+0xdc/0x1f0 pseries_devicetree_update+0x2d0/0x510 post_mobility_fixup+0x7c/0xf0 migration_store+0xa4/0xc0 kobj_attr_store+0x30/0x60 sysfs_kf_write+0x64/0xa0 kernfs_fop_write+0x16c/0x240 __vfs_write+0x40/0x200 vfs_write+0xc8/0x240 ksys_write+0x5c/0x100 system_call+0x58/0x6c Fixes: 5d88aa85c00b ("powerpc/pseries: Update CPU maps when device tree is updated") Cc: stable(a)vger.kernel.org # v3.10+ Signed-off-by: Michael Bringmann <mwb(a)linux.vnet.ibm.com> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> diff --git a/arch/powerpc/mm/numa.c b/arch/powerpc/mm/numa.c index 35ac5422903a..b5a71baedbc2 100644 --- a/arch/powerpc/mm/numa.c +++ b/arch/powerpc/mm/numa.c @@ -1452,7 +1452,8 @@ static struct timer_list topology_timer; static void reset_topology_timer(void) { - mod_timer(&topology_timer, jiffies + topology_timer_secs * HZ); + if (vphn_enabled) + mod_timer(&topology_timer, jiffies + topology_timer_secs * HZ); } #ifdef CONFIG_SMP

7 years, 1 month

3
6
0 0

patch "usb: typec: tcpm: Fix APDO PPS order checking to be based on voltage" added to usb-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: typec: tcpm: Fix APDO PPS order checking to be based on voltage to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the usb-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. >From 1b6af2f58c2b1522e0804b150ca95e50a9e80ea7 Mon Sep 17 00:00:00 2001 From: Adam Thomson <Adam.Thomson.Opensource(a)diasemi.com> Date: Fri, 21 Sep 2018 16:04:11 +0100 Subject: usb: typec: tcpm: Fix APDO PPS order checking to be based on voltage Current code mistakenly checks against max current to determine order but this should be max voltage. This commit fixes the issue so order is correctly determined, thus avoiding failure based on a higher voltage PPS APDO having a lower maximum current output, which is actually valid. Fixes: 2eadc33f40d4 ("typec: tcpm: Add core support for sink side PPS") Cc: <stable(a)vger.kernel.org> Signed-off-by: Adam Thomson <Adam.Thomson.Opensource(a)diasemi.com> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Reviewed-by: Guenter Roeck <linux(a)roeck-us.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/typec/tcpm/tcpm.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index 4f1f4215f3d6..c11b3befa87f 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -1430,8 +1430,8 @@ static enum pdo_err tcpm_caps_err(struct tcpm_port *port, const u32 *pdo, if (pdo_apdo_type(pdo[i]) != APDO_TYPE_PPS) break; - if (pdo_pps_apdo_max_current(pdo[i]) < - pdo_pps_apdo_max_current(pdo[i - 1])) + if (pdo_pps_apdo_max_voltage(pdo[i]) < + pdo_pps_apdo_max_voltage(pdo[i - 1])) return PDO_ERR_PPS_APDO_NOT_SORTED; else if (pdo_pps_apdo_min_voltage(pdo[i]) == pdo_pps_apdo_min_voltage(pdo[i - 1]) && -- 2.19.0

7 years, 1 month

1
0
0 0

[PATCH 3.18-stable] arm64: KVM: Sanitize PSTATE.M when being set from userspace

by Marc Zyngier

commit 2a3f93459d689d990b3ecfbe782fec89b97d3279 upstream. Not all execution modes are valid for a guest, and some of them depend on what the HW actually supports. Let's verify that what userspace provides is compatible with both the VM settings and the HW capabilities. Cc: <stable(a)vger.kernel.org> Fixes: 0d854a60b1d7 ("arm64: KVM: enable initialization of a 32bit vcpu") Reviewed-by: Christoffer Dall <christoffer.dall(a)arm.com> Reviewed-by: Mark Rutland <mark.rutland(a)arm.com> Reviewed-by: Dave Martin <Dave.Martin(a)arm.com> Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> --- arch/arm64/include/asm/kvm_emulate.h | 5 +++++ arch/arm64/kvm/guest.c | 10 +++++++++- 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/arch/arm64/include/asm/kvm_emulate.h b/arch/arm64/include/asm/kvm_emulate.h index 865a7e28ea2d..3d0098d7b47e 100644 --- a/arch/arm64/include/asm/kvm_emulate.h +++ b/arch/arm64/include/asm/kvm_emulate.h @@ -38,6 +38,11 @@ void kvm_inject_undefined(struct kvm_vcpu *vcpu); void kvm_inject_dabt(struct kvm_vcpu *vcpu, unsigned long addr); void kvm_inject_pabt(struct kvm_vcpu *vcpu, unsigned long addr); +static inline bool vcpu_el1_is_32bit(struct kvm_vcpu *vcpu) +{ + return !(vcpu->arch.hcr_el2 & HCR_RW); +} + static inline void vcpu_reset_hcr(struct kvm_vcpu *vcpu) { vcpu->arch.hcr_el2 = HCR_GUEST_FLAGS; diff --git a/arch/arm64/kvm/guest.c b/arch/arm64/kvm/guest.c index 5d93c9f24847..286453f462df 100644 --- a/arch/arm64/kvm/guest.c +++ b/arch/arm64/kvm/guest.c @@ -141,17 +141,25 @@ static int set_core_reg(struct kvm_vcpu *vcpu, const struct kvm_one_reg *reg) } if (off == KVM_REG_ARM_CORE_REG(regs.pstate)) { - u32 mode = (*(u32 *)valp) & COMPAT_PSR_MODE_MASK; + u64 mode = (*(u64 *)valp) & COMPAT_PSR_MODE_MASK; switch (mode) { case COMPAT_PSR_MODE_USR: + if ((read_cpuid(ID_AA64PFR0_EL1) & 0xf) != 2) + return -EINVAL; + break; case COMPAT_PSR_MODE_FIQ: case COMPAT_PSR_MODE_IRQ: case COMPAT_PSR_MODE_SVC: case COMPAT_PSR_MODE_ABT: case COMPAT_PSR_MODE_UND: + if (!vcpu_el1_is_32bit(vcpu)) + return -EINVAL; + break; case PSR_MODE_EL0t: case PSR_MODE_EL1t: case PSR_MODE_EL1h: + if (vcpu_el1_is_32bit(vcpu)) + return -EINVAL; break; default: err = -EINVAL; -- 2.19.0

7 years, 1 month

2
1
0 0

[PATCH 4.4-stable 0/2] arm64: KVM: PSTATE.M sanitization

by Marc Zyngier

This is a backport of 2a3f93459d689d990b3ecfbe782fec89b97d3279 ("arm64: KVM: Sanitize PSTATE.M when being set from userspace") to 4.4-stable. It requires a backport of 042446a31e3803d81c7e618dd80928dc3dce70c5 ("arm64: cpufeature: Track 32bit EL0 support") as a dependency. Marc Zyngier (1): arm64: KVM: Sanitize PSTATE.M when being set from userspace Suzuki K Poulose (1): arm64: cpufeature: Track 32bit EL0 support arch/arm64/include/asm/cpufeature.h | 8 +++++++- arch/arm64/include/asm/kvm_emulate.h | 5 +++++ arch/arm64/include/asm/sysreg.h | 1 + arch/arm64/kernel/cpufeature.c | 8 ++++++++ arch/arm64/kvm/guest.c | 10 +++++++++- 5 files changed, 30 insertions(+), 2 deletions(-) -- 2.19.0

7 years, 1 month

2
3
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror