- Linux-stable-mirror - lists.linaro.org

FAILED: patch "[PATCH] Btrfs: fix send failure when root has deleted files still" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 46b2f4590aab71d31088a265c86026b1e96c9de4 Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Tue, 24 Jul 2018 11:54:04 +0100 Subject: [PATCH] Btrfs: fix send failure when root has deleted files still open The more common use case of send involves creating a RO snapshot and then use it for a send operation. In this case it's not possible to have inodes in the snapshot that have a link count of zero (inode with an orphan item) since during snapshot creation we do the orphan cleanup. However, other less common use cases for send can end up seeing inodes with a link count of zero and in this case the send operation fails with a ENOENT error because any attempt to generate a path for the inode, with the purpose of creating it or updating it at the receiver, fails since there are no inode reference items. One use case it to use a regular subvolume for a send operation after turning it to RO mode or turning a RW snapshot into RO mode and then using it for a send operation. In both cases, if a file gets all its hard links deleted while there is an open file descriptor before turning the subvolume/snapshot into RO mode, the send operation will encounter an inode with a link count of zero and then fail with errno ENOENT. Example using a full send with a subvolume: $ mkfs.btrfs -f /dev/sdb $ mount /dev/sdb /mnt $ btrfs subvolume create /mnt/sv1 $ touch /mnt/sv1/foo $ touch /mnt/sv1/bar # keep an open file descriptor on file bar $ exec 73</mnt/sv1/bar $ unlink /mnt/sv1/bar # Turn the subvolume to RO mode and use it for a full send, while # holding the open file descriptor. $ btrfs property set /mnt/sv1 ro true $ btrfs send -f /tmp/full.send /mnt/sv1 At subvol /mnt/sv1 ERROR: send ioctl failed with -2: No such file or directory Example using an incremental send with snapshots: $ mkfs.btrfs -f /dev/sdb $ mount /dev/sdb /mnt $ btrfs subvolume create /mnt/sv1 $ touch /mnt/sv1/foo $ touch /mnt/sv1/bar $ btrfs subvolume snapshot -r /mnt/sv1 /mnt/snap1 $ echo "hello world" >> /mnt/sv1/bar $ btrfs subvolume snapshot -r /mnt/sv1 /mnt/snap2 # Turn the second snapshot to RW mode and delete file foo while # holding an open file descriptor on it. $ btrfs property set /mnt/snap2 ro false $ exec 73</mnt/snap2/foo $ unlink /mnt/snap2/foo # Set the second snapshot back to RO mode and do an incremental send. $ btrfs property set /mnt/snap2 ro true $ btrfs send -f /tmp/inc.send -p /mnt/snap1 /mnt/snap2 At subvol /mnt/snap2 ERROR: send ioctl failed with -2: No such file or directory So fix this by ignoring inodes with a link count of zero if we are either doing a full send or if they do not exist in the parent snapshot (they are new in the send snapshot), and unlink all paths found in the parent snapshot when doing an incremental send (and ignoring all other inode items, such as xattrs and extents). A test case for fstests follows soon. CC: stable(a)vger.kernel.org # 4.4+ Reported-by: Martin Wilck <martin.wilck(a)suse.com> Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/send.c b/fs/btrfs/send.c index 42e04cd3cd95..551294a6c9e2 100644 --- a/fs/btrfs/send.c +++ b/fs/btrfs/send.c @@ -100,6 +100,7 @@ struct send_ctx { u64 cur_inode_rdev; u64 cur_inode_last_extent; u64 cur_inode_next_write_offset; + bool ignore_cur_inode; u64 send_progress; @@ -5796,6 +5797,9 @@ static int finish_inode_if_needed(struct send_ctx *sctx, int at_end) int pending_move = 0; int refs_processed = 0; + if (sctx->ignore_cur_inode) + return 0; + ret = process_recorded_refs_if_needed(sctx, at_end, &pending_move, &refs_processed); if (ret < 0) @@ -5914,6 +5918,93 @@ static int finish_inode_if_needed(struct send_ctx *sctx, int at_end) return ret; } +struct parent_paths_ctx { + struct list_head *refs; + struct send_ctx *sctx; +}; + +static int record_parent_ref(int num, u64 dir, int index, struct fs_path *name, + void *ctx) +{ + struct parent_paths_ctx *ppctx = ctx; + + return record_ref(ppctx->sctx->parent_root, dir, name, ppctx->sctx, + ppctx->refs); +} + +/* + * Issue unlink operations for all paths of the current inode found in the + * parent snapshot. + */ +static int btrfs_unlink_all_paths(struct send_ctx *sctx) +{ + LIST_HEAD(deleted_refs); + struct btrfs_path *path; + struct btrfs_key key; + struct parent_paths_ctx ctx; + int ret; + + path = alloc_path_for_send(); + if (!path) + return -ENOMEM; + + key.objectid = sctx->cur_ino; + key.type = BTRFS_INODE_REF_KEY; + key.offset = 0; + ret = btrfs_search_slot(NULL, sctx->parent_root, &key, path, 0, 0); + if (ret < 0) + goto out; + + ctx.refs = &deleted_refs; + ctx.sctx = sctx; + + while (true) { + struct extent_buffer *eb = path->nodes[0]; + int slot = path->slots[0]; + + if (slot >= btrfs_header_nritems(eb)) { + ret = btrfs_next_leaf(sctx->parent_root, path); + if (ret < 0) + goto out; + else if (ret > 0) + break; + continue; + } + + btrfs_item_key_to_cpu(eb, &key, slot); + if (key.objectid != sctx->cur_ino) + break; + if (key.type != BTRFS_INODE_REF_KEY && + key.type != BTRFS_INODE_EXTREF_KEY) + break; + + ret = iterate_inode_ref(sctx->parent_root, path, &key, 1, + record_parent_ref, &ctx); + if (ret < 0) + goto out; + + path->slots[0]++; + } + + while (!list_empty(&deleted_refs)) { + struct recorded_ref *ref; + + ref = list_first_entry(&deleted_refs, struct recorded_ref, list); + ret = send_unlink(sctx, ref->full_path); + if (ret < 0) + goto out; + fs_path_free(ref->full_path); + list_del(&ref->list); + kfree(ref); + } + ret = 0; +out: + btrfs_free_path(path); + if (ret) + __free_recorded_refs(&deleted_refs); + return ret; +} + static int changed_inode(struct send_ctx *sctx, enum btrfs_compare_tree_result result) { @@ -5928,6 +6019,7 @@ static int changed_inode(struct send_ctx *sctx, sctx->cur_inode_new_gen = 0; sctx->cur_inode_last_extent = (u64)-1; sctx->cur_inode_next_write_offset = 0; + sctx->ignore_cur_inode = false; /* * Set send_progress to current inode. This will tell all get_cur_xxx @@ -5968,6 +6060,33 @@ static int changed_inode(struct send_ctx *sctx, sctx->cur_inode_new_gen = 1; } + /* + * Normally we do not find inodes with a link count of zero (orphans) + * because the most common case is to create a snapshot and use it + * for a send operation. However other less common use cases involve + * using a subvolume and send it after turning it to RO mode just + * after deleting all hard links of a file while holding an open + * file descriptor against it or turning a RO snapshot into RW mode, + * keep an open file descriptor against a file, delete it and then + * turn the snapshot back to RO mode before using it for a send + * operation. So if we find such cases, ignore the inode and all its + * items completely if it's a new inode, or if it's a changed inode + * make sure all its previous paths (from the parent snapshot) are all + * unlinked and all other the inode items are ignored. + */ + if (result == BTRFS_COMPARE_TREE_NEW || + result == BTRFS_COMPARE_TREE_CHANGED) { + u32 nlinks; + + nlinks = btrfs_inode_nlink(sctx->left_path->nodes[0], left_ii); + if (nlinks == 0) { + sctx->ignore_cur_inode = true; + if (result == BTRFS_COMPARE_TREE_CHANGED) + ret = btrfs_unlink_all_paths(sctx); + goto out; + } + } + if (result == BTRFS_COMPARE_TREE_NEW) { sctx->cur_inode_gen = left_gen; sctx->cur_inode_new = 1; @@ -6306,15 +6425,17 @@ static int changed_cb(struct btrfs_path *left_path, key->objectid == BTRFS_FREE_SPACE_OBJECTID) goto out; - if (key->type == BTRFS_INODE_ITEM_KEY) + if (key->type == BTRFS_INODE_ITEM_KEY) { ret = changed_inode(sctx, result); - else if (key->type == BTRFS_INODE_REF_KEY || - key->type == BTRFS_INODE_EXTREF_KEY) - ret = changed_ref(sctx, result); - else if (key->type == BTRFS_XATTR_ITEM_KEY) - ret = changed_xattr(sctx, result); - else if (key->type == BTRFS_EXTENT_DATA_KEY) - ret = changed_extent(sctx, result); + } else if (!sctx->ignore_cur_inode) { + if (key->type == BTRFS_INODE_REF_KEY || + key->type == BTRFS_INODE_EXTREF_KEY) + ret = changed_ref(sctx, result); + else if (key->type == BTRFS_XATTR_ITEM_KEY) + ret = changed_xattr(sctx, result); + else if (key->type == BTRFS_EXTENT_DATA_KEY) + ret = changed_extent(sctx, result); + } out: return ret;

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] Btrfs: fix send failure when root has deleted files still" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 46b2f4590aab71d31088a265c86026b1e96c9de4 Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Tue, 24 Jul 2018 11:54:04 +0100 Subject: [PATCH] Btrfs: fix send failure when root has deleted files still open The more common use case of send involves creating a RO snapshot and then use it for a send operation. In this case it's not possible to have inodes in the snapshot that have a link count of zero (inode with an orphan item) since during snapshot creation we do the orphan cleanup. However, other less common use cases for send can end up seeing inodes with a link count of zero and in this case the send operation fails with a ENOENT error because any attempt to generate a path for the inode, with the purpose of creating it or updating it at the receiver, fails since there are no inode reference items. One use case it to use a regular subvolume for a send operation after turning it to RO mode or turning a RW snapshot into RO mode and then using it for a send operation. In both cases, if a file gets all its hard links deleted while there is an open file descriptor before turning the subvolume/snapshot into RO mode, the send operation will encounter an inode with a link count of zero and then fail with errno ENOENT. Example using a full send with a subvolume: $ mkfs.btrfs -f /dev/sdb $ mount /dev/sdb /mnt $ btrfs subvolume create /mnt/sv1 $ touch /mnt/sv1/foo $ touch /mnt/sv1/bar # keep an open file descriptor on file bar $ exec 73</mnt/sv1/bar $ unlink /mnt/sv1/bar # Turn the subvolume to RO mode and use it for a full send, while # holding the open file descriptor. $ btrfs property set /mnt/sv1 ro true $ btrfs send -f /tmp/full.send /mnt/sv1 At subvol /mnt/sv1 ERROR: send ioctl failed with -2: No such file or directory Example using an incremental send with snapshots: $ mkfs.btrfs -f /dev/sdb $ mount /dev/sdb /mnt $ btrfs subvolume create /mnt/sv1 $ touch /mnt/sv1/foo $ touch /mnt/sv1/bar $ btrfs subvolume snapshot -r /mnt/sv1 /mnt/snap1 $ echo "hello world" >> /mnt/sv1/bar $ btrfs subvolume snapshot -r /mnt/sv1 /mnt/snap2 # Turn the second snapshot to RW mode and delete file foo while # holding an open file descriptor on it. $ btrfs property set /mnt/snap2 ro false $ exec 73</mnt/snap2/foo $ unlink /mnt/snap2/foo # Set the second snapshot back to RO mode and do an incremental send. $ btrfs property set /mnt/snap2 ro true $ btrfs send -f /tmp/inc.send -p /mnt/snap1 /mnt/snap2 At subvol /mnt/snap2 ERROR: send ioctl failed with -2: No such file or directory So fix this by ignoring inodes with a link count of zero if we are either doing a full send or if they do not exist in the parent snapshot (they are new in the send snapshot), and unlink all paths found in the parent snapshot when doing an incremental send (and ignoring all other inode items, such as xattrs and extents). A test case for fstests follows soon. CC: stable(a)vger.kernel.org # 4.4+ Reported-by: Martin Wilck <martin.wilck(a)suse.com> Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/send.c b/fs/btrfs/send.c index 42e04cd3cd95..551294a6c9e2 100644 --- a/fs/btrfs/send.c +++ b/fs/btrfs/send.c @@ -100,6 +100,7 @@ struct send_ctx { u64 cur_inode_rdev; u64 cur_inode_last_extent; u64 cur_inode_next_write_offset; + bool ignore_cur_inode; u64 send_progress; @@ -5796,6 +5797,9 @@ static int finish_inode_if_needed(struct send_ctx *sctx, int at_end) int pending_move = 0; int refs_processed = 0; + if (sctx->ignore_cur_inode) + return 0; + ret = process_recorded_refs_if_needed(sctx, at_end, &pending_move, &refs_processed); if (ret < 0) @@ -5914,6 +5918,93 @@ static int finish_inode_if_needed(struct send_ctx *sctx, int at_end) return ret; } +struct parent_paths_ctx { + struct list_head *refs; + struct send_ctx *sctx; +}; + +static int record_parent_ref(int num, u64 dir, int index, struct fs_path *name, + void *ctx) +{ + struct parent_paths_ctx *ppctx = ctx; + + return record_ref(ppctx->sctx->parent_root, dir, name, ppctx->sctx, + ppctx->refs); +} + +/* + * Issue unlink operations for all paths of the current inode found in the + * parent snapshot. + */ +static int btrfs_unlink_all_paths(struct send_ctx *sctx) +{ + LIST_HEAD(deleted_refs); + struct btrfs_path *path; + struct btrfs_key key; + struct parent_paths_ctx ctx; + int ret; + + path = alloc_path_for_send(); + if (!path) + return -ENOMEM; + + key.objectid = sctx->cur_ino; + key.type = BTRFS_INODE_REF_KEY; + key.offset = 0; + ret = btrfs_search_slot(NULL, sctx->parent_root, &key, path, 0, 0); + if (ret < 0) + goto out; + + ctx.refs = &deleted_refs; + ctx.sctx = sctx; + + while (true) { + struct extent_buffer *eb = path->nodes[0]; + int slot = path->slots[0]; + + if (slot >= btrfs_header_nritems(eb)) { + ret = btrfs_next_leaf(sctx->parent_root, path); + if (ret < 0) + goto out; + else if (ret > 0) + break; + continue; + } + + btrfs_item_key_to_cpu(eb, &key, slot); + if (key.objectid != sctx->cur_ino) + break; + if (key.type != BTRFS_INODE_REF_KEY && + key.type != BTRFS_INODE_EXTREF_KEY) + break; + + ret = iterate_inode_ref(sctx->parent_root, path, &key, 1, + record_parent_ref, &ctx); + if (ret < 0) + goto out; + + path->slots[0]++; + } + + while (!list_empty(&deleted_refs)) { + struct recorded_ref *ref; + + ref = list_first_entry(&deleted_refs, struct recorded_ref, list); + ret = send_unlink(sctx, ref->full_path); + if (ret < 0) + goto out; + fs_path_free(ref->full_path); + list_del(&ref->list); + kfree(ref); + } + ret = 0; +out: + btrfs_free_path(path); + if (ret) + __free_recorded_refs(&deleted_refs); + return ret; +} + static int changed_inode(struct send_ctx *sctx, enum btrfs_compare_tree_result result) { @@ -5928,6 +6019,7 @@ static int changed_inode(struct send_ctx *sctx, sctx->cur_inode_new_gen = 0; sctx->cur_inode_last_extent = (u64)-1; sctx->cur_inode_next_write_offset = 0; + sctx->ignore_cur_inode = false; /* * Set send_progress to current inode. This will tell all get_cur_xxx @@ -5968,6 +6060,33 @@ static int changed_inode(struct send_ctx *sctx, sctx->cur_inode_new_gen = 1; } + /* + * Normally we do not find inodes with a link count of zero (orphans) + * because the most common case is to create a snapshot and use it + * for a send operation. However other less common use cases involve + * using a subvolume and send it after turning it to RO mode just + * after deleting all hard links of a file while holding an open + * file descriptor against it or turning a RO snapshot into RW mode, + * keep an open file descriptor against a file, delete it and then + * turn the snapshot back to RO mode before using it for a send + * operation. So if we find such cases, ignore the inode and all its + * items completely if it's a new inode, or if it's a changed inode + * make sure all its previous paths (from the parent snapshot) are all + * unlinked and all other the inode items are ignored. + */ + if (result == BTRFS_COMPARE_TREE_NEW || + result == BTRFS_COMPARE_TREE_CHANGED) { + u32 nlinks; + + nlinks = btrfs_inode_nlink(sctx->left_path->nodes[0], left_ii); + if (nlinks == 0) { + sctx->ignore_cur_inode = true; + if (result == BTRFS_COMPARE_TREE_CHANGED) + ret = btrfs_unlink_all_paths(sctx); + goto out; + } + } + if (result == BTRFS_COMPARE_TREE_NEW) { sctx->cur_inode_gen = left_gen; sctx->cur_inode_new = 1; @@ -6306,15 +6425,17 @@ static int changed_cb(struct btrfs_path *left_path, key->objectid == BTRFS_FREE_SPACE_OBJECTID) goto out; - if (key->type == BTRFS_INODE_ITEM_KEY) + if (key->type == BTRFS_INODE_ITEM_KEY) { ret = changed_inode(sctx, result); - else if (key->type == BTRFS_INODE_REF_KEY || - key->type == BTRFS_INODE_EXTREF_KEY) - ret = changed_ref(sctx, result); - else if (key->type == BTRFS_XATTR_ITEM_KEY) - ret = changed_xattr(sctx, result); - else if (key->type == BTRFS_EXTENT_DATA_KEY) - ret = changed_extent(sctx, result); + } else if (!sctx->ignore_cur_inode) { + if (key->type == BTRFS_INODE_REF_KEY || + key->type == BTRFS_INODE_EXTREF_KEY) + ret = changed_ref(sctx, result); + else if (key->type == BTRFS_XATTR_ITEM_KEY) + ret = changed_xattr(sctx, result); + else if (key->type == BTRFS_EXTENT_DATA_KEY) + ret = changed_extent(sctx, result); + } out: return ret;

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] Btrfs: fix send failure when root has deleted files still" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 46b2f4590aab71d31088a265c86026b1e96c9de4 Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Tue, 24 Jul 2018 11:54:04 +0100 Subject: [PATCH] Btrfs: fix send failure when root has deleted files still open The more common use case of send involves creating a RO snapshot and then use it for a send operation. In this case it's not possible to have inodes in the snapshot that have a link count of zero (inode with an orphan item) since during snapshot creation we do the orphan cleanup. However, other less common use cases for send can end up seeing inodes with a link count of zero and in this case the send operation fails with a ENOENT error because any attempt to generate a path for the inode, with the purpose of creating it or updating it at the receiver, fails since there are no inode reference items. One use case it to use a regular subvolume for a send operation after turning it to RO mode or turning a RW snapshot into RO mode and then using it for a send operation. In both cases, if a file gets all its hard links deleted while there is an open file descriptor before turning the subvolume/snapshot into RO mode, the send operation will encounter an inode with a link count of zero and then fail with errno ENOENT. Example using a full send with a subvolume: $ mkfs.btrfs -f /dev/sdb $ mount /dev/sdb /mnt $ btrfs subvolume create /mnt/sv1 $ touch /mnt/sv1/foo $ touch /mnt/sv1/bar # keep an open file descriptor on file bar $ exec 73</mnt/sv1/bar $ unlink /mnt/sv1/bar # Turn the subvolume to RO mode and use it for a full send, while # holding the open file descriptor. $ btrfs property set /mnt/sv1 ro true $ btrfs send -f /tmp/full.send /mnt/sv1 At subvol /mnt/sv1 ERROR: send ioctl failed with -2: No such file or directory Example using an incremental send with snapshots: $ mkfs.btrfs -f /dev/sdb $ mount /dev/sdb /mnt $ btrfs subvolume create /mnt/sv1 $ touch /mnt/sv1/foo $ touch /mnt/sv1/bar $ btrfs subvolume snapshot -r /mnt/sv1 /mnt/snap1 $ echo "hello world" >> /mnt/sv1/bar $ btrfs subvolume snapshot -r /mnt/sv1 /mnt/snap2 # Turn the second snapshot to RW mode and delete file foo while # holding an open file descriptor on it. $ btrfs property set /mnt/snap2 ro false $ exec 73</mnt/snap2/foo $ unlink /mnt/snap2/foo # Set the second snapshot back to RO mode and do an incremental send. $ btrfs property set /mnt/snap2 ro true $ btrfs send -f /tmp/inc.send -p /mnt/snap1 /mnt/snap2 At subvol /mnt/snap2 ERROR: send ioctl failed with -2: No such file or directory So fix this by ignoring inodes with a link count of zero if we are either doing a full send or if they do not exist in the parent snapshot (they are new in the send snapshot), and unlink all paths found in the parent snapshot when doing an incremental send (and ignoring all other inode items, such as xattrs and extents). A test case for fstests follows soon. CC: stable(a)vger.kernel.org # 4.4+ Reported-by: Martin Wilck <martin.wilck(a)suse.com> Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/send.c b/fs/btrfs/send.c index 42e04cd3cd95..551294a6c9e2 100644 --- a/fs/btrfs/send.c +++ b/fs/btrfs/send.c @@ -100,6 +100,7 @@ struct send_ctx { u64 cur_inode_rdev; u64 cur_inode_last_extent; u64 cur_inode_next_write_offset; + bool ignore_cur_inode; u64 send_progress; @@ -5796,6 +5797,9 @@ static int finish_inode_if_needed(struct send_ctx *sctx, int at_end) int pending_move = 0; int refs_processed = 0; + if (sctx->ignore_cur_inode) + return 0; + ret = process_recorded_refs_if_needed(sctx, at_end, &pending_move, &refs_processed); if (ret < 0) @@ -5914,6 +5918,93 @@ static int finish_inode_if_needed(struct send_ctx *sctx, int at_end) return ret; } +struct parent_paths_ctx { + struct list_head *refs; + struct send_ctx *sctx; +}; + +static int record_parent_ref(int num, u64 dir, int index, struct fs_path *name, + void *ctx) +{ + struct parent_paths_ctx *ppctx = ctx; + + return record_ref(ppctx->sctx->parent_root, dir, name, ppctx->sctx, + ppctx->refs); +} + +/* + * Issue unlink operations for all paths of the current inode found in the + * parent snapshot. + */ +static int btrfs_unlink_all_paths(struct send_ctx *sctx) +{ + LIST_HEAD(deleted_refs); + struct btrfs_path *path; + struct btrfs_key key; + struct parent_paths_ctx ctx; + int ret; + + path = alloc_path_for_send(); + if (!path) + return -ENOMEM; + + key.objectid = sctx->cur_ino; + key.type = BTRFS_INODE_REF_KEY; + key.offset = 0; + ret = btrfs_search_slot(NULL, sctx->parent_root, &key, path, 0, 0); + if (ret < 0) + goto out; + + ctx.refs = &deleted_refs; + ctx.sctx = sctx; + + while (true) { + struct extent_buffer *eb = path->nodes[0]; + int slot = path->slots[0]; + + if (slot >= btrfs_header_nritems(eb)) { + ret = btrfs_next_leaf(sctx->parent_root, path); + if (ret < 0) + goto out; + else if (ret > 0) + break; + continue; + } + + btrfs_item_key_to_cpu(eb, &key, slot); + if (key.objectid != sctx->cur_ino) + break; + if (key.type != BTRFS_INODE_REF_KEY && + key.type != BTRFS_INODE_EXTREF_KEY) + break; + + ret = iterate_inode_ref(sctx->parent_root, path, &key, 1, + record_parent_ref, &ctx); + if (ret < 0) + goto out; + + path->slots[0]++; + } + + while (!list_empty(&deleted_refs)) { + struct recorded_ref *ref; + + ref = list_first_entry(&deleted_refs, struct recorded_ref, list); + ret = send_unlink(sctx, ref->full_path); + if (ret < 0) + goto out; + fs_path_free(ref->full_path); + list_del(&ref->list); + kfree(ref); + } + ret = 0; +out: + btrfs_free_path(path); + if (ret) + __free_recorded_refs(&deleted_refs); + return ret; +} + static int changed_inode(struct send_ctx *sctx, enum btrfs_compare_tree_result result) { @@ -5928,6 +6019,7 @@ static int changed_inode(struct send_ctx *sctx, sctx->cur_inode_new_gen = 0; sctx->cur_inode_last_extent = (u64)-1; sctx->cur_inode_next_write_offset = 0; + sctx->ignore_cur_inode = false; /* * Set send_progress to current inode. This will tell all get_cur_xxx @@ -5968,6 +6060,33 @@ static int changed_inode(struct send_ctx *sctx, sctx->cur_inode_new_gen = 1; } + /* + * Normally we do not find inodes with a link count of zero (orphans) + * because the most common case is to create a snapshot and use it + * for a send operation. However other less common use cases involve + * using a subvolume and send it after turning it to RO mode just + * after deleting all hard links of a file while holding an open + * file descriptor against it or turning a RO snapshot into RW mode, + * keep an open file descriptor against a file, delete it and then + * turn the snapshot back to RO mode before using it for a send + * operation. So if we find such cases, ignore the inode and all its + * items completely if it's a new inode, or if it's a changed inode + * make sure all its previous paths (from the parent snapshot) are all + * unlinked and all other the inode items are ignored. + */ + if (result == BTRFS_COMPARE_TREE_NEW || + result == BTRFS_COMPARE_TREE_CHANGED) { + u32 nlinks; + + nlinks = btrfs_inode_nlink(sctx->left_path->nodes[0], left_ii); + if (nlinks == 0) { + sctx->ignore_cur_inode = true; + if (result == BTRFS_COMPARE_TREE_CHANGED) + ret = btrfs_unlink_all_paths(sctx); + goto out; + } + } + if (result == BTRFS_COMPARE_TREE_NEW) { sctx->cur_inode_gen = left_gen; sctx->cur_inode_new = 1; @@ -6306,15 +6425,17 @@ static int changed_cb(struct btrfs_path *left_path, key->objectid == BTRFS_FREE_SPACE_OBJECTID) goto out; - if (key->type == BTRFS_INODE_ITEM_KEY) + if (key->type == BTRFS_INODE_ITEM_KEY) { ret = changed_inode(sctx, result); - else if (key->type == BTRFS_INODE_REF_KEY || - key->type == BTRFS_INODE_EXTREF_KEY) - ret = changed_ref(sctx, result); - else if (key->type == BTRFS_XATTR_ITEM_KEY) - ret = changed_xattr(sctx, result); - else if (key->type == BTRFS_EXTENT_DATA_KEY) - ret = changed_extent(sctx, result); + } else if (!sctx->ignore_cur_inode) { + if (key->type == BTRFS_INODE_REF_KEY || + key->type == BTRFS_INODE_EXTREF_KEY) + ret = changed_ref(sctx, result); + else if (key->type == BTRFS_XATTR_ITEM_KEY) + ret = changed_xattr(sctx, result); + else if (key->type == BTRFS_EXTENT_DATA_KEY) + ret = changed_extent(sctx, result); + } out: return ret;

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] Btrfs: fix btrfs_write_inode vs delayed iput deadlock" failed to apply to 3.18-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 3.18-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 3c4276936f6fbe52884b4ea4e6cc120b890a0f9f Mon Sep 17 00:00:00 2001 From: Josef Bacik <jbacik(a)fb.com> Date: Fri, 20 Jul 2018 11:46:10 -0700 Subject: [PATCH] Btrfs: fix btrfs_write_inode vs delayed iput deadlock We recently ran into the following deadlock involving btrfs_write_inode(): [ +0.005066] __schedule+0x38e/0x8c0 [ +0.007144] schedule+0x36/0x80 [ +0.006447] bit_wait+0x11/0x60 [ +0.006446] __wait_on_bit+0xbe/0x110 [ +0.007487] ? bit_wait_io+0x60/0x60 [ +0.007319] __inode_wait_for_writeback+0x96/0xc0 [ +0.009568] ? autoremove_wake_function+0x40/0x40 [ +0.009565] inode_wait_for_writeback+0x21/0x30 [ +0.009224] evict+0xb0/0x190 [ +0.006099] iput+0x1a8/0x210 [ +0.006103] btrfs_run_delayed_iputs+0x73/0xc0 [ +0.009047] btrfs_commit_transaction+0x799/0x8c0 [ +0.009567] btrfs_write_inode+0x81/0xb0 [ +0.008008] __writeback_single_inode+0x267/0x320 [ +0.009569] writeback_sb_inodes+0x25b/0x4e0 [ +0.008702] wb_writeback+0x102/0x2d0 [ +0.007487] wb_workfn+0xa4/0x310 [ +0.006794] ? wb_workfn+0xa4/0x310 [ +0.007143] process_one_work+0x150/0x410 [ +0.008179] worker_thread+0x6d/0x520 [ +0.007490] kthread+0x12c/0x160 [ +0.006620] ? put_pwq_unlocked+0x80/0x80 [ +0.008185] ? kthread_park+0xa0/0xa0 [ +0.007484] ? do_syscall_64+0x53/0x150 [ +0.007837] ret_from_fork+0x29/0x40 Writeback calls: btrfs_write_inode btrfs_commit_transaction btrfs_run_delayed_iputs If iput() is called on that same inode, evict() will wait for writeback forever. btrfs_write_inode() was originally added way back in 4730a4bc5bf3 ("btrfs_dirty_inode") to support O_SYNC writes. However, ->write_inode() hasn't been used for O_SYNC since 148f948ba877 ("vfs: Introduce new helpers for syncing after writing to O_SYNC file or IS_SYNC inode"), so btrfs_write_inode() is actually unnecessary (and leads to a bunch of unnecessary commits). Get rid of it, which also gets rid of the deadlock. CC: stable(a)vger.kernel.org # 3.2+ Signed-off-by: Josef Bacik <jbacik(a)fb.com> [Omar: new commit message] Signed-off-by: Omar Sandoval <osandov(a)fb.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index 4955e04da4c8..472457795486 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -6021,32 +6021,6 @@ static int btrfs_real_readdir(struct file *file, struct dir_context *ctx) return ret; } -int btrfs_write_inode(struct inode *inode, struct writeback_control *wbc) -{ - struct btrfs_root *root = BTRFS_I(inode)->root; - struct btrfs_trans_handle *trans; - int ret = 0; - bool nolock = false; - - if (test_bit(BTRFS_INODE_DUMMY, &BTRFS_I(inode)->runtime_flags)) - return 0; - - if (btrfs_fs_closing(root->fs_info) && - btrfs_is_free_space_inode(BTRFS_I(inode))) - nolock = true; - - if (wbc->sync_mode == WB_SYNC_ALL) { - if (nolock) - trans = btrfs_join_transaction_nolock(root); - else - trans = btrfs_join_transaction(root); - if (IS_ERR(trans)) - return PTR_ERR(trans); - ret = btrfs_commit_transaction(trans); - } - return ret; -} - /* * This is somewhat expensive, updating the tree every time the * inode changes. But, it is most likely to find the inode in cache. diff --git a/fs/btrfs/super.c b/fs/btrfs/super.c index efe8b03ce380..67de3c0fc85b 100644 --- a/fs/btrfs/super.c +++ b/fs/btrfs/super.c @@ -2344,7 +2344,6 @@ static const struct super_operations btrfs_super_ops = { .sync_fs = btrfs_sync_fs, .show_options = btrfs_show_options, .show_devname = btrfs_show_devname, - .write_inode = btrfs_write_inode, .alloc_inode = btrfs_alloc_inode, .destroy_inode = btrfs_destroy_inode, .statfs = btrfs_statfs,

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] Btrfs: fix btrfs_write_inode vs delayed iput deadlock" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 3c4276936f6fbe52884b4ea4e6cc120b890a0f9f Mon Sep 17 00:00:00 2001 From: Josef Bacik <jbacik(a)fb.com> Date: Fri, 20 Jul 2018 11:46:10 -0700 Subject: [PATCH] Btrfs: fix btrfs_write_inode vs delayed iput deadlock We recently ran into the following deadlock involving btrfs_write_inode(): [ +0.005066] __schedule+0x38e/0x8c0 [ +0.007144] schedule+0x36/0x80 [ +0.006447] bit_wait+0x11/0x60 [ +0.006446] __wait_on_bit+0xbe/0x110 [ +0.007487] ? bit_wait_io+0x60/0x60 [ +0.007319] __inode_wait_for_writeback+0x96/0xc0 [ +0.009568] ? autoremove_wake_function+0x40/0x40 [ +0.009565] inode_wait_for_writeback+0x21/0x30 [ +0.009224] evict+0xb0/0x190 [ +0.006099] iput+0x1a8/0x210 [ +0.006103] btrfs_run_delayed_iputs+0x73/0xc0 [ +0.009047] btrfs_commit_transaction+0x799/0x8c0 [ +0.009567] btrfs_write_inode+0x81/0xb0 [ +0.008008] __writeback_single_inode+0x267/0x320 [ +0.009569] writeback_sb_inodes+0x25b/0x4e0 [ +0.008702] wb_writeback+0x102/0x2d0 [ +0.007487] wb_workfn+0xa4/0x310 [ +0.006794] ? wb_workfn+0xa4/0x310 [ +0.007143] process_one_work+0x150/0x410 [ +0.008179] worker_thread+0x6d/0x520 [ +0.007490] kthread+0x12c/0x160 [ +0.006620] ? put_pwq_unlocked+0x80/0x80 [ +0.008185] ? kthread_park+0xa0/0xa0 [ +0.007484] ? do_syscall_64+0x53/0x150 [ +0.007837] ret_from_fork+0x29/0x40 Writeback calls: btrfs_write_inode btrfs_commit_transaction btrfs_run_delayed_iputs If iput() is called on that same inode, evict() will wait for writeback forever. btrfs_write_inode() was originally added way back in 4730a4bc5bf3 ("btrfs_dirty_inode") to support O_SYNC writes. However, ->write_inode() hasn't been used for O_SYNC since 148f948ba877 ("vfs: Introduce new helpers for syncing after writing to O_SYNC file or IS_SYNC inode"), so btrfs_write_inode() is actually unnecessary (and leads to a bunch of unnecessary commits). Get rid of it, which also gets rid of the deadlock. CC: stable(a)vger.kernel.org # 3.2+ Signed-off-by: Josef Bacik <jbacik(a)fb.com> [Omar: new commit message] Signed-off-by: Omar Sandoval <osandov(a)fb.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index 4955e04da4c8..472457795486 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -6021,32 +6021,6 @@ static int btrfs_real_readdir(struct file *file, struct dir_context *ctx) return ret; } -int btrfs_write_inode(struct inode *inode, struct writeback_control *wbc) -{ - struct btrfs_root *root = BTRFS_I(inode)->root; - struct btrfs_trans_handle *trans; - int ret = 0; - bool nolock = false; - - if (test_bit(BTRFS_INODE_DUMMY, &BTRFS_I(inode)->runtime_flags)) - return 0; - - if (btrfs_fs_closing(root->fs_info) && - btrfs_is_free_space_inode(BTRFS_I(inode))) - nolock = true; - - if (wbc->sync_mode == WB_SYNC_ALL) { - if (nolock) - trans = btrfs_join_transaction_nolock(root); - else - trans = btrfs_join_transaction(root); - if (IS_ERR(trans)) - return PTR_ERR(trans); - ret = btrfs_commit_transaction(trans); - } - return ret; -} - /* * This is somewhat expensive, updating the tree every time the * inode changes. But, it is most likely to find the inode in cache. diff --git a/fs/btrfs/super.c b/fs/btrfs/super.c index efe8b03ce380..67de3c0fc85b 100644 --- a/fs/btrfs/super.c +++ b/fs/btrfs/super.c @@ -2344,7 +2344,6 @@ static const struct super_operations btrfs_super_ops = { .sync_fs = btrfs_sync_fs, .show_options = btrfs_show_options, .show_devname = btrfs_show_devname, - .write_inode = btrfs_write_inode, .alloc_inode = btrfs_alloc_inode, .destroy_inode = btrfs_destroy_inode, .statfs = btrfs_statfs,

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] Btrfs: fix btrfs_write_inode vs delayed iput deadlock" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 3c4276936f6fbe52884b4ea4e6cc120b890a0f9f Mon Sep 17 00:00:00 2001 From: Josef Bacik <jbacik(a)fb.com> Date: Fri, 20 Jul 2018 11:46:10 -0700 Subject: [PATCH] Btrfs: fix btrfs_write_inode vs delayed iput deadlock We recently ran into the following deadlock involving btrfs_write_inode(): [ +0.005066] __schedule+0x38e/0x8c0 [ +0.007144] schedule+0x36/0x80 [ +0.006447] bit_wait+0x11/0x60 [ +0.006446] __wait_on_bit+0xbe/0x110 [ +0.007487] ? bit_wait_io+0x60/0x60 [ +0.007319] __inode_wait_for_writeback+0x96/0xc0 [ +0.009568] ? autoremove_wake_function+0x40/0x40 [ +0.009565] inode_wait_for_writeback+0x21/0x30 [ +0.009224] evict+0xb0/0x190 [ +0.006099] iput+0x1a8/0x210 [ +0.006103] btrfs_run_delayed_iputs+0x73/0xc0 [ +0.009047] btrfs_commit_transaction+0x799/0x8c0 [ +0.009567] btrfs_write_inode+0x81/0xb0 [ +0.008008] __writeback_single_inode+0x267/0x320 [ +0.009569] writeback_sb_inodes+0x25b/0x4e0 [ +0.008702] wb_writeback+0x102/0x2d0 [ +0.007487] wb_workfn+0xa4/0x310 [ +0.006794] ? wb_workfn+0xa4/0x310 [ +0.007143] process_one_work+0x150/0x410 [ +0.008179] worker_thread+0x6d/0x520 [ +0.007490] kthread+0x12c/0x160 [ +0.006620] ? put_pwq_unlocked+0x80/0x80 [ +0.008185] ? kthread_park+0xa0/0xa0 [ +0.007484] ? do_syscall_64+0x53/0x150 [ +0.007837] ret_from_fork+0x29/0x40 Writeback calls: btrfs_write_inode btrfs_commit_transaction btrfs_run_delayed_iputs If iput() is called on that same inode, evict() will wait for writeback forever. btrfs_write_inode() was originally added way back in 4730a4bc5bf3 ("btrfs_dirty_inode") to support O_SYNC writes. However, ->write_inode() hasn't been used for O_SYNC since 148f948ba877 ("vfs: Introduce new helpers for syncing after writing to O_SYNC file or IS_SYNC inode"), so btrfs_write_inode() is actually unnecessary (and leads to a bunch of unnecessary commits). Get rid of it, which also gets rid of the deadlock. CC: stable(a)vger.kernel.org # 3.2+ Signed-off-by: Josef Bacik <jbacik(a)fb.com> [Omar: new commit message] Signed-off-by: Omar Sandoval <osandov(a)fb.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index 4955e04da4c8..472457795486 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -6021,32 +6021,6 @@ static int btrfs_real_readdir(struct file *file, struct dir_context *ctx) return ret; } -int btrfs_write_inode(struct inode *inode, struct writeback_control *wbc) -{ - struct btrfs_root *root = BTRFS_I(inode)->root; - struct btrfs_trans_handle *trans; - int ret = 0; - bool nolock = false; - - if (test_bit(BTRFS_INODE_DUMMY, &BTRFS_I(inode)->runtime_flags)) - return 0; - - if (btrfs_fs_closing(root->fs_info) && - btrfs_is_free_space_inode(BTRFS_I(inode))) - nolock = true; - - if (wbc->sync_mode == WB_SYNC_ALL) { - if (nolock) - trans = btrfs_join_transaction_nolock(root); - else - trans = btrfs_join_transaction(root); - if (IS_ERR(trans)) - return PTR_ERR(trans); - ret = btrfs_commit_transaction(trans); - } - return ret; -} - /* * This is somewhat expensive, updating the tree every time the * inode changes. But, it is most likely to find the inode in cache. diff --git a/fs/btrfs/super.c b/fs/btrfs/super.c index efe8b03ce380..67de3c0fc85b 100644 --- a/fs/btrfs/super.c +++ b/fs/btrfs/super.c @@ -2344,7 +2344,6 @@ static const struct super_operations btrfs_super_ops = { .sync_fs = btrfs_sync_fs, .show_options = btrfs_show_options, .show_devname = btrfs_show_devname, - .write_inode = btrfs_write_inode, .alloc_inode = btrfs_alloc_inode, .destroy_inode = btrfs_destroy_inode, .statfs = btrfs_statfs,

7 years, 2 months

1
0
0 0

[gregkh@linuxfoundation.org: Patch "drm: re-enable error handling" has been added to the 3.18-stable tree]

by Nicholas Mc Guire

Hi ! this is also the wrong version of the patch - the proper version is below. This has been posted to lkml https://lkml.org/lkml/2018/7/18/191 "[PATCH V3] drm: handle error values properly" but there was no review yet The version you have here though is for sure broken. So maybe this should be simply dropped until the above, presumably correct fix, is confirmed. thx! hofrat ----- Forwarded message from gregkh(a)linuxfoundation.org ----- Date: Tue, 28 Aug 2018 16:09:59 +0200 From: gregkh(a)linuxfoundation.org To: 1531571532-22733-1-git-send-email-hofrat(a)osadl.org, alexander.levin(a)microsoft.com, gregkh(a)linuxfoundation.org, hofrat(a)osadl.org, seanpaul(a)chromium.org Cc: stable-commits(a)vger.kernel.org Subject: Patch "drm: re-enable error handling" has been added to the 3.18-stable tree This is a note to let you know that I've just added the patch titled drm: re-enable error handling to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: drm-re-enable-error-handling.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Aug 28 16:08:28 CEST 2018 From: Nicholas Mc Guire <hofrat(a)osadl.org> Date: Sat, 14 Jul 2018 14:32:12 +0200 Subject: drm: re-enable error handling From: Nicholas Mc Guire <hofrat(a)osadl.org> [ Upstream commit d530b5f1ca0bb66958a2b714bebe40a1248b9c15 ] drm_legacy_ctxbitmap_next() returns idr_alloc() which can return -ENOMEM, -EINVAL or -ENOSPC none of which are -1 . but the call sites of drm_legacy_ctxbitmap_next() seem to be assuming that the error case would be -1 (original return of drm_ctxbitmap_next() prior to 2.6.23 was actually -1). Thus reenable error handling by checking for < 0. Signed-off-by: Nicholas Mc Guire <hofrat(a)osadl.org> Fixes: 62968144e673 ("drm: convert drm context code to use Linux idr") Signed-off-by: Sean Paul <seanpaul(a)chromium.org> Link: https://patchwork.freedesktop.org/patch/msgid/1531571532-22733-1-git-send-e… Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/gpu/drm/drm_context.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/gpu/drm/drm_context.c +++ b/drivers/gpu/drm/drm_context.c @@ -341,7 +341,7 @@ int drm_legacy_addctx(struct drm_device ctx->handle = drm_legacy_ctxbitmap_next(dev); } DRM_DEBUG("%d\n", ctx->handle); - if (ctx->handle == -1) { + if (ctx->handle < 0) { DRM_DEBUG("Not enough free contexts.\n"); /* Should this return -EBUSY instead? */ return -ENOMEM; Patches currently in stable-queue which might be from hofrat(a)osadl.org are queue-3.18/drm-re-enable-error-handling.patch queue-3.18/can-mpc5xxx_can-check-of_iomap-return-before-use.patch ----- End forwarded message -----

7 years, 2 months

2
1
0 0

[PATCH] x86/nmi: Fix some races in NMI uaccess

by Andy Lutomirski

In NMI context, we might be in the middle of context switching or in the middle of switch_mm_irqs_off(). In either case, CR3 might not match current->mm, which could cause copy_from_user_nmi() and friends to read the wrong memory. Fix it by adding a new nmi_uaccess_okay() helper and checking it in copy_from_user_nmi() and in __copy_from_user_nmi()'s callers. Cc: stable(a)vger.kernel.org Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Nadav Amit <nadav.amit(a)gmail.com> Signed-off-by: Andy Lutomirski <luto(a)kernel.org> --- The 0day bot is still chewing on this, but I've tested it a bit locally and it seems to do the right thing. I've never observed the bug it fixes, but it does appear to fix a bug unless I've missed something. It's also a prerequisite for Nadav's fixmap bugfix. arch/x86/events/core.c | 2 +- arch/x86/include/asm/tlbflush.h | 16 ++++++++++++++++ arch/x86/lib/usercopy.c | 5 +++++ arch/x86/mm/tlb.c | 3 +++ 4 files changed, 25 insertions(+), 1 deletion(-) diff --git a/arch/x86/events/core.c b/arch/x86/events/core.c index 5f4829f10129..dfb2f7c0d019 100644 --- a/arch/x86/events/core.c +++ b/arch/x86/events/core.c @@ -2465,7 +2465,7 @@ perf_callchain_user(struct perf_callchain_entry_ctx *entry, struct pt_regs *regs perf_callchain_store(entry, regs->ip); - if (!current->mm) + if (!nmi_uaccess_okay()) return; if (perf_callchain_user32(regs, entry)) diff --git a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h index 89a73bc31622..b23b2625793b 100644 --- a/arch/x86/include/asm/tlbflush.h +++ b/arch/x86/include/asm/tlbflush.h @@ -230,6 +230,22 @@ struct tlb_state { }; DECLARE_PER_CPU_SHARED_ALIGNED(struct tlb_state, cpu_tlbstate); +/* + * Blindly accessing user memory from NMI context can be dangerous + * if we're in the middle of switching the current user task or + * switching the loaded mm. It can also be dangerous if we + * interrupted some kernel code that was temporarily using a + * different mm. + */ +static inline bool nmi_uaccess_okay(void) +{ + struct mm_struct *loaded_mm = this_cpu_read(cpu_tlbstate.loaded_mm); + struct mm_struct *current_mm = current->mm; + + return current_mm && loaded_mm == current_mm && + loaded_mm->pgd == __va(read_cr3_pa()); +} + /* Initialize cr4 shadow for this CPU. */ static inline void cr4_init_shadow(void) { diff --git a/arch/x86/lib/usercopy.c b/arch/x86/lib/usercopy.c index c8c6ad0d58b8..3f435d7fca5e 100644 --- a/arch/x86/lib/usercopy.c +++ b/arch/x86/lib/usercopy.c @@ -7,6 +7,8 @@ #include <linux/uaccess.h> #include <linux/export.h> +#include <asm/tlbflush.h> + /* * We rely on the nested NMI work to allow atomic faults from the NMI path; the * nested NMI paths are careful to preserve CR2. @@ -19,6 +21,9 @@ copy_from_user_nmi(void *to, const void __user *from, unsigned long n) if (__range_not_ok(from, n, TASK_SIZE)) return n; + if (!nmi_uaccess_okay()) + return n; + /* * Even though this function is typically called from NMI/IRQ context * disable pagefaults so that its behaviour is consistent even when diff --git a/arch/x86/mm/tlb.c b/arch/x86/mm/tlb.c index 457b281b9339..f4b41d5a93dd 100644 --- a/arch/x86/mm/tlb.c +++ b/arch/x86/mm/tlb.c @@ -345,6 +345,9 @@ void switch_mm_irqs_off(struct mm_struct *prev, struct mm_struct *next, */ trace_tlb_flush_rcuidle(TLB_FLUSH_ON_TASK_SWITCH, TLB_FLUSH_ALL); } else { + /* Let NMI code know that CR3 may not match expectations. */ + this_cpu_write(cpu_tlbstate.loaded_mm, NULL); + /* The new ASID is already up to date. */ load_new_mm_cr3(next->pgd, new_asid, false); -- 2.17.1

7 years, 2 months

3
12
0 0

Applied "regulator: bd71837: Disable voltage monitoring for LDO3/4" to the regulator tree

by Mark Brown

The patch regulator: bd71837: Disable voltage monitoring for LDO3/4 has been applied to the regulator tree at https://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator.git All being well this means that it will be integrated into the linux-next tree (usually sometime in the next 24 hours) and sent to Linus during the next merge window (or sooner if it is a bug fix), however if problems are discovered then the patch may be dropped or reverted. You may get further e-mails resulting from automated or manual testing and review of the tree, please engage with people reporting problems and send followup patches addressing any issues that are reported if needed. If any updates are required or you are submitting further changes they should be sent as incremental updates against current git, existing patches will not be replaced. Please add any relevant lists and maintainers to the CCs when replying to this mail. Thanks, Mark >From 823f18f8b860526fc099c222619a126d57d2ad8c Mon Sep 17 00:00:00 2001 From: Matti Vaittinen <matti.vaittinen(a)fi.rohmeurope.com> Date: Wed, 29 Aug 2018 15:36:10 +0300 Subject: [PATCH] regulator: bd71837: Disable voltage monitoring for LDO3/4 There is a HW quirk in BD71837. The shutdown sequence timings for bucks/LDOs which are enabled via register interface are changed. At PMIC poweroff the voltage for BUCK6/7 is cut immediately at the beginning of shut-down sequence. This causes LDO5/6 voltage monitoring to detect under voltage and force PMIC to emergency state instead of poweroff. Disable voltage monitoring for LDO5 and LDO6 at probe to avoid this. Signed-off-by: Matti Vaittinen <matti.vaittinen(a)fi.rohmeurope.com> Signed-off-by: Mark Brown <broonie(a)kernel.org> Cc: stable(a)vger.kernel.org --- drivers/regulator/bd71837-regulator.c | 19 +++++++++++++++ include/linux/mfd/rohm-bd718x7.h | 33 ++++++++++++++++++++++++--- 2 files changed, 49 insertions(+), 3 deletions(-) diff --git a/drivers/regulator/bd71837-regulator.c b/drivers/regulator/bd71837-regulator.c index 0f8ac8dec3e1..a1bd8aaf4d98 100644 --- a/drivers/regulator/bd71837-regulator.c +++ b/drivers/regulator/bd71837-regulator.c @@ -569,6 +569,25 @@ static int bd71837_probe(struct platform_device *pdev) BD71837_REG_REGLOCK); } + /* + * There is a HW quirk in BD71837. The shutdown sequence timings for + * bucks/LDOs which are controlled via register interface are changed. + * At PMIC poweroff the voltage for BUCK6/7 is cut immediately at the + * beginning of shut-down sequence. As bucks 6 and 7 are parent + * supplies for LDO5 and LDO6 - this causes LDO5/6 voltage + * monitoring to errorneously detect under voltage and force PMIC to + * emergency state instead of poweroff. In order to avoid this we + * disable voltage monitoring for LDO5 and LDO6 + */ + err = regmap_update_bits(pmic->mfd->regmap, BD718XX_REG_MVRFLTMASK2, + BD718XX_LDO5_VRMON80 | BD718XX_LDO6_VRMON80, + BD718XX_LDO5_VRMON80 | BD718XX_LDO6_VRMON80); + if (err) { + dev_err(&pmic->pdev->dev, + "Failed to disable voltage monitoring\n"); + goto err; + } + for (i = 0; i < ARRAY_SIZE(pmic_regulator_inits); i++) { struct regulator_desc *desc; diff --git a/include/linux/mfd/rohm-bd718x7.h b/include/linux/mfd/rohm-bd718x7.h index a528747f8aed..e8338e5dc10b 100644 --- a/include/linux/mfd/rohm-bd718x7.h +++ b/include/linux/mfd/rohm-bd718x7.h @@ -78,9 +78,9 @@ enum { BD71837_REG_TRANS_COND0 = 0x1F, BD71837_REG_TRANS_COND1 = 0x20, BD71837_REG_VRFAULTEN = 0x21, - BD71837_REG_MVRFLTMASK0 = 0x22, - BD71837_REG_MVRFLTMASK1 = 0x23, - BD71837_REG_MVRFLTMASK2 = 0x24, + BD718XX_REG_MVRFLTMASK0 = 0x22, + BD718XX_REG_MVRFLTMASK1 = 0x23, + BD718XX_REG_MVRFLTMASK2 = 0x24, BD71837_REG_RCVCFG = 0x25, BD71837_REG_RCVNUM = 0x26, BD71837_REG_PWRONCONFIG0 = 0x27, @@ -159,6 +159,33 @@ enum { #define BUCK8_MASK 0x3F #define BUCK8_DEFAULT 0x1E +/* BD718XX Voltage monitoring masks */ +#define BD718XX_BUCK1_VRMON80 0x1 +#define BD718XX_BUCK1_VRMON130 0x2 +#define BD718XX_BUCK2_VRMON80 0x4 +#define BD718XX_BUCK2_VRMON130 0x8 +#define BD718XX_1ST_NODVS_BUCK_VRMON80 0x1 +#define BD718XX_1ST_NODVS_BUCK_VRMON130 0x2 +#define BD718XX_2ND_NODVS_BUCK_VRMON80 0x4 +#define BD718XX_2ND_NODVS_BUCK_VRMON130 0x8 +#define BD718XX_3RD_NODVS_BUCK_VRMON80 0x10 +#define BD718XX_3RD_NODVS_BUCK_VRMON130 0x20 +#define BD718XX_4TH_NODVS_BUCK_VRMON80 0x40 +#define BD718XX_4TH_NODVS_BUCK_VRMON130 0x80 +#define BD718XX_LDO1_VRMON80 0x1 +#define BD718XX_LDO2_VRMON80 0x2 +#define BD718XX_LDO3_VRMON80 0x4 +#define BD718XX_LDO4_VRMON80 0x8 +#define BD718XX_LDO5_VRMON80 0x10 +#define BD718XX_LDO6_VRMON80 0x20 + +/* BD71837 specific voltage monitoring masks */ +#define BD71837_BUCK3_VRMON80 0x10 +#define BD71837_BUCK3_VRMON130 0x20 +#define BD71837_BUCK4_VRMON80 0x40 +#define BD71837_BUCK4_VRMON130 0x80 +#define BD71837_LDO7_VRMON80 0x40 + /* BD71837_REG_IRQ bits */ #define IRQ_SWRST 0x40 #define IRQ_PWRON_S 0x20 -- 2.18.0

7 years, 2 months

1
0
0 0

[PATCH v3 2/2] btrfs: Ensure btrfs_trim_fs can trim the whole fs

by Qu Wenruo

[BUG] fstrim on some btrfs only trims the unallocated space, not trimming any space in existing block groups. [CAUSE] Before fstrim_range passed to btrfs_trim_fs(), it get truncated to range [0, super->total_bytes). So later btrfs_trim_fs() will only be able to trim block groups in range [0, super->total_bytes). While for btrfs, any bytenr aligned to sector size is valid, since btrfs use its logical address space, there is nothing limiting the location where we put block groups. For btrfs with routine balance, it's quite easy to relocate all block groups and bytenr of block groups will start beyond super->total_bytes. In that case, btrfs will not trim existing block groups. [FIX] Just remove the truncation in btrfs_ioctl_fitrim(), so btrfs_trim_fs() can get the unmodified range, which is normally set to [0, U64_MAX]. Reported-by: Chris Murphy <lists(a)colorremedies.com> Fixes: f4c697e6406d ("btrfs: return EINVAL if start > total_bytes in fitrim ioctl") Cc: <stable(a)vger.kernel.org> # v4.0+ Signed-off-by: Qu Wenruo <wqu(a)suse.com> --- fs/btrfs/extent-tree.c | 10 +--------- fs/btrfs/ioctl.c | 11 +++++++---- 2 files changed, 8 insertions(+), 13 deletions(-) diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c index 7768f206196a..d1478d66c7a5 100644 --- a/fs/btrfs/extent-tree.c +++ b/fs/btrfs/extent-tree.c @@ -10851,21 +10851,13 @@ int btrfs_trim_fs(struct btrfs_fs_info *fs_info, struct fstrim_range *range) u64 start; u64 end; u64 trimmed = 0; - u64 total_bytes = btrfs_super_total_bytes(fs_info->super_copy); u64 bg_failed = 0; u64 dev_failed = 0; int bg_ret = 0; int dev_ret = 0; int ret = 0; - /* - * try to trim all FS space, our block group may start from non-zero. - */ - if (range->len == total_bytes) - cache = btrfs_lookup_first_block_group(fs_info, range->start); - else - cache = btrfs_lookup_block_group(fs_info, range->start); - + cache = btrfs_lookup_first_block_group(fs_info, range->start); for (; cache; cache = next_block_group(fs_info, cache)) { if (cache->key.objectid >= (range->start + range->len)) { btrfs_put_block_group(cache); diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c index 63600dc2ac4c..8165a4bfa579 100644 --- a/fs/btrfs/ioctl.c +++ b/fs/btrfs/ioctl.c @@ -491,7 +491,6 @@ static noinline int btrfs_ioctl_fitrim(struct file *file, void __user *arg) struct fstrim_range range; u64 minlen = ULLONG_MAX; u64 num_devices = 0; - u64 total_bytes = btrfs_super_total_bytes(fs_info->super_copy); int ret; if (!capable(CAP_SYS_ADMIN)) @@ -515,11 +514,15 @@ static noinline int btrfs_ioctl_fitrim(struct file *file, void __user *arg) return -EOPNOTSUPP; if (copy_from_user(&range, arg, sizeof(range))) return -EFAULT; - if (range.start > total_bytes || - range.len < fs_info->sb->s_blocksize) + + /* + * NOTE: Don't truncate the range using super->total_bytes. + * Bytenr of btrfs block group is in btrfs logical address space, + * which can be any sector size aligned bytenr in [0, U64_MAX]. + */ + if (range.len < fs_info->sb->s_blocksize) return -EINVAL; - range.len = min(range.len, total_bytes - range.start); range.minlen = max(range.minlen, minlen); ret = btrfs_trim_fs(fs_info, &range); if (ret < 0) -- 2.18.0

7 years, 2 months

2
1
0 0

[PATCH] cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status

by Scott Bauer

Like d88b6d04: "cdrom: information leak in cdrom_ioctl_media_changed()" There is another cast from unsigned long to int which causes a bounds check to fail with specially crafted input. The value is then used as an index in the slot array in cdrom_slot_status(). Signed-off-by: Scott Bauer <scott.bauer(a)intel.com> Signed-off-by: Scott Bauer <sbauer(a)plzdonthack.me> Cc: stable(a)vger.kernel.org --- drivers/cdrom/cdrom.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/cdrom/cdrom.c b/drivers/cdrom/cdrom.c index bfc566d3f31a..8cfa10ab7abc 100644 --- a/drivers/cdrom/cdrom.c +++ b/drivers/cdrom/cdrom.c @@ -2542,7 +2542,7 @@ static int cdrom_ioctl_drive_status(struct cdrom_device_info *cdi, if (!CDROM_CAN(CDC_SELECT_DISC) || (arg == CDSL_CURRENT || arg == CDSL_NONE)) return cdi->ops->drive_status(cdi, CDSL_CURRENT); - if (((int)arg >= cdi->capacity)) + if (arg >= cdi->capacity) return -EINVAL; return cdrom_slot_status(cdi, arg); } -- 2.14.1

7 years, 2 months

3
3
0 0

reboot on wandboard fails with v4.14.67 (bisected to 2059e527a6)

by Rasmus Villemoes

We're using imx_v6_v7_defconfig on our Wandboards. After upgrading to v4.14.67, reboot no longer works (or, well, takes a very long time when the watchdog is configured). v4.14.66 works fine, the breakage bisects to 2059e527a659cf16d6bb709f1c8509f7a7623fc4 (ARM: imx_v6_v7_defconfig: Select ULPI support), and reverting that on top of v4.14.67 again works. Rasmus

7 years, 2 months

1
2
0 0

[PATCH v2 1/3] x86/mm: Restructure sme_encrypt_kernel()

by Brijesh Singh

Re-arrange the sme_encrypt_kernel() by moving the workarea map/unmap logic in a separate static function. There are no logical changes in this patch. The restructuring will allow us to expand the sme_encrypt_kernel in future. Signed-off-by: Brijesh Singh <brijesh.singh(a)amd.com> Cc: stable(a)vger.kernel.org Cc: Tom Lendacky <thomas.lendacky(a)amd.com> Cc: kvm(a)vger.kernel.org Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Borislav Petkov <bp(a)suse.de> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: linux-kernel(a)vger.kernel.org Cc: Paolo Bonzini <pbonzini(a)redhat.com> Cc: Sean Christopherson <sean.j.christopherson(a)intel.com> Cc: kvm(a)vger.kernel.org Cc: "Radim Krčmář" <rkrcmar(a)redhat.com> --- arch/x86/mm/mem_encrypt_identity.c | 160 ++++++++++++++++++++++++------------- 1 file changed, 104 insertions(+), 56 deletions(-) diff --git a/arch/x86/mm/mem_encrypt_identity.c b/arch/x86/mm/mem_encrypt_identity.c index 7ae3686..bf6097e 100644 --- a/arch/x86/mm/mem_encrypt_identity.c +++ b/arch/x86/mm/mem_encrypt_identity.c @@ -72,6 +72,22 @@ struct sme_populate_pgd_data { unsigned long vaddr_end; }; +struct sme_workarea_data { + unsigned long kernel_start; + unsigned long kernel_end; + unsigned long kernel_len; + + unsigned long initrd_start; + unsigned long initrd_end; + unsigned long initrd_len; + + unsigned long workarea_start; + unsigned long workarea_end; + unsigned long workarea_len; + + unsigned long decrypted_base; +}; + static char sme_cmdline_arg[] __initdata = "mem_encrypt"; static char sme_cmdline_on[] __initdata = "on"; static char sme_cmdline_off[] __initdata = "off"; @@ -266,19 +282,17 @@ static unsigned long __init sme_pgtable_calc(unsigned long len) return entries + tables; } -void __init sme_encrypt_kernel(struct boot_params *bp) +static void __init build_workarea_map(struct boot_params *bp, + struct sme_workarea_data *wa, + struct sme_populate_pgd_data *ppd) { unsigned long workarea_start, workarea_end, workarea_len; unsigned long execute_start, execute_end, execute_len; unsigned long kernel_start, kernel_end, kernel_len; unsigned long initrd_start, initrd_end, initrd_len; - struct sme_populate_pgd_data ppd; unsigned long pgtable_area_len; unsigned long decrypted_base; - if (!sme_active()) - return; - /* * Prepare for encrypting the kernel and initrd by building new * pagetables with the necessary attributes needed to encrypt the @@ -358,17 +372,17 @@ void __init sme_encrypt_kernel(struct boot_params *bp) * pagetables and when the new encrypted and decrypted kernel * mappings are populated. */ - ppd.pgtable_area = (void *)execute_end; + ppd->pgtable_area = (void *)execute_end; /* * Make sure the current pagetable structure has entries for * addressing the workarea. */ - ppd.pgd = (pgd_t *)native_read_cr3_pa(); - ppd.paddr = workarea_start; - ppd.vaddr = workarea_start; - ppd.vaddr_end = workarea_end; - sme_map_range_decrypted(&ppd); + ppd->pgd = (pgd_t *)native_read_cr3_pa(); + ppd->paddr = workarea_start; + ppd->vaddr = workarea_start; + ppd->vaddr_end = workarea_end; + sme_map_range_decrypted(ppd); /* Flush the TLB - no globals so cr3 is enough */ native_write_cr3(__native_read_cr3()); @@ -379,9 +393,9 @@ void __init sme_encrypt_kernel(struct boot_params *bp) * then be populated with new PUDs and PMDs as the encrypted and * decrypted kernel mappings are created. */ - ppd.pgd = ppd.pgtable_area; - memset(ppd.pgd, 0, sizeof(pgd_t) * PTRS_PER_PGD); - ppd.pgtable_area += sizeof(pgd_t) * PTRS_PER_PGD; + ppd->pgd = ppd->pgtable_area; + memset(ppd->pgd, 0, sizeof(pgd_t) * PTRS_PER_PGD); + ppd->pgtable_area += sizeof(pgd_t) * PTRS_PER_PGD; /* * A different PGD index/entry must be used to get different @@ -399,75 +413,109 @@ void __init sme_encrypt_kernel(struct boot_params *bp) decrypted_base <<= PGDIR_SHIFT; /* Add encrypted kernel (identity) mappings */ - ppd.paddr = kernel_start; - ppd.vaddr = kernel_start; - ppd.vaddr_end = kernel_end; - sme_map_range_encrypted(&ppd); + ppd->paddr = kernel_start; + ppd->vaddr = kernel_start; + ppd->vaddr_end = kernel_end; + sme_map_range_encrypted(ppd); /* Add decrypted, write-protected kernel (non-identity) mappings */ - ppd.paddr = kernel_start; - ppd.vaddr = kernel_start + decrypted_base; - ppd.vaddr_end = kernel_end + decrypted_base; - sme_map_range_decrypted_wp(&ppd); + ppd->paddr = kernel_start; + ppd->vaddr = kernel_start + decrypted_base; + ppd->vaddr_end = kernel_end + decrypted_base; + sme_map_range_decrypted_wp(ppd); if (initrd_len) { /* Add encrypted initrd (identity) mappings */ - ppd.paddr = initrd_start; - ppd.vaddr = initrd_start; - ppd.vaddr_end = initrd_end; - sme_map_range_encrypted(&ppd); + ppd->paddr = initrd_start; + ppd->vaddr = initrd_start; + ppd->vaddr_end = initrd_end; + sme_map_range_encrypted(ppd); /* * Add decrypted, write-protected initrd (non-identity) mappings */ - ppd.paddr = initrd_start; - ppd.vaddr = initrd_start + decrypted_base; - ppd.vaddr_end = initrd_end + decrypted_base; - sme_map_range_decrypted_wp(&ppd); + ppd->paddr = initrd_start; + ppd->vaddr = initrd_start + decrypted_base; + ppd->vaddr_end = initrd_end + decrypted_base; + sme_map_range_decrypted_wp(ppd); } /* Add decrypted workarea mappings to both kernel mappings */ - ppd.paddr = workarea_start; - ppd.vaddr = workarea_start; - ppd.vaddr_end = workarea_end; - sme_map_range_decrypted(&ppd); + ppd->paddr = workarea_start; + ppd->vaddr = workarea_start; + ppd->vaddr_end = workarea_end; + sme_map_range_decrypted(ppd); - ppd.paddr = workarea_start; - ppd.vaddr = workarea_start + decrypted_base; - ppd.vaddr_end = workarea_end + decrypted_base; - sme_map_range_decrypted(&ppd); + ppd->paddr = workarea_start; + ppd->vaddr = workarea_start + decrypted_base; + ppd->vaddr_end = workarea_end + decrypted_base; + sme_map_range_decrypted(ppd); - /* Perform the encryption */ - sme_encrypt_execute(kernel_start, kernel_start + decrypted_base, - kernel_len, workarea_start, (unsigned long)ppd.pgd); + wa->kernel_start = kernel_start; + wa->kernel_end = kernel_end; + wa->kernel_len = kernel_len; - if (initrd_len) - sme_encrypt_execute(initrd_start, initrd_start + decrypted_base, - initrd_len, workarea_start, - (unsigned long)ppd.pgd); + wa->initrd_start = initrd_start; + wa->initrd_end = initrd_end; + wa->initrd_len = initrd_len; + + wa->workarea_start = workarea_start; + wa->workarea_end = workarea_end; + wa->workarea_len = workarea_len; + + wa->decrypted_base = decrypted_base; +} +static void __init remove_workarea_map(struct sme_workarea_data *wa, + struct sme_populate_pgd_data *ppd) +{ /* * At this point we are running encrypted. Remove the mappings for * the decrypted areas - all that is needed for this is to remove * the PGD entry/entries. */ - ppd.vaddr = kernel_start + decrypted_base; - ppd.vaddr_end = kernel_end + decrypted_base; - sme_clear_pgd(&ppd); - - if (initrd_len) { - ppd.vaddr = initrd_start + decrypted_base; - ppd.vaddr_end = initrd_end + decrypted_base; - sme_clear_pgd(&ppd); + ppd->vaddr = wa->kernel_start + wa->decrypted_base; + ppd->vaddr_end = wa->kernel_end + wa->decrypted_base; + sme_clear_pgd(ppd); + + if (wa->initrd_len) { + ppd->vaddr = wa->initrd_start + wa->decrypted_base; + ppd->vaddr_end = wa->initrd_end + wa->decrypted_base; + sme_clear_pgd(ppd); } - ppd.vaddr = workarea_start + decrypted_base; - ppd.vaddr_end = workarea_end + decrypted_base; - sme_clear_pgd(&ppd); + ppd->vaddr = wa->workarea_start + wa->decrypted_base; + ppd->vaddr_end = wa->workarea_end + wa->decrypted_base; + sme_clear_pgd(ppd); /* Flush the TLB - no globals so cr3 is enough */ native_write_cr3(__native_read_cr3()); } +void __init sme_encrypt_kernel(struct boot_params *bp) +{ + struct sme_populate_pgd_data ppd; + struct sme_workarea_data wa; + + if (!sme_active()) + return; + + build_workarea_map(bp, &wa, &ppd); + + /* When SEV is active, encrypt kernel and initrd */ + sme_encrypt_execute(wa.kernel_start, + wa.kernel_start + wa.decrypted_base, + wa.kernel_len, wa.workarea_start, + (unsigned long)ppd.pgd); + + if (wa.initrd_len) + sme_encrypt_execute(wa.initrd_start, + wa.initrd_start + wa.decrypted_base, + wa.initrd_len, wa.workarea_start, + (unsigned long)ppd.pgd); + + remove_workarea_map(&wa, &ppd); +} + void __init sme_enable(struct boot_params *bp) { const char *cmdline_ptr, *cmdline_arg, *cmdline_on, *cmdline_off; -- 2.7.4

7 years, 2 months

2
1
0 0

Applied "spi: spi-fsl-dspi: fix broken DSPI_EOQ_MODE" to the spi tree

by Mark Brown

The patch spi: spi-fsl-dspi: fix broken DSPI_EOQ_MODE has been applied to the spi tree at https://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi.git All being well this means that it will be integrated into the linux-next tree (usually sometime in the next 24 hours) and sent to Linus during the next merge window (or sooner if it is a bug fix), however if problems are discovered then the patch may be dropped or reverted. You may get further e-mails resulting from automated or manual testing and review of the tree, please engage with people reporting problems and send followup patches addressing any issues that are reported if needed. If any updates are required or you are submitting further changes they should be sent as incremental updates against current git, existing patches will not be replaced. Please add any relevant lists and maintainers to the CCs when replying to this mail. Thanks, Mark >From 5223c9c1cbfc0cd4d0a1b50758e0949af3290fa1 Mon Sep 17 00:00:00 2001 From: Angelo Dureghello <angelo(a)sysam.it> Date: Sat, 18 Aug 2018 01:51:58 +0200 Subject: [PATCH] spi: spi-fsl-dspi: fix broken DSPI_EOQ_MODE This patch fixes the dspi_eoq_write function used by the ColdFire mcf5441x family. The 16 bit cmd part must be re-set at each data transfer. Also, now that fifo_size variables are used for eoq_read/write, a proper fifo size must be set (16 slots for the ColdFire dspi module version). Signed-off-by: Angelo Dureghello <angelo(a)sysam.it> Acked-by: Esben Haabendal <esben(a)haabendal.dk> Signed-off-by: Mark Brown <broonie(a)kernel.org> Cc: stable(a)vger.kernel.org --- drivers/spi/spi-fsl-dspi.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/spi/spi-fsl-dspi.c b/drivers/spi/spi-fsl-dspi.c index 7cb3ab0a35a0..3082e72e4f6c 100644 --- a/drivers/spi/spi-fsl-dspi.c +++ b/drivers/spi/spi-fsl-dspi.c @@ -30,7 +30,11 @@ #define DRIVER_NAME "fsl-dspi" +#ifdef CONFIG_M5441x +#define DSPI_FIFO_SIZE 16 +#else #define DSPI_FIFO_SIZE 4 +#endif #define DSPI_DMA_BUFSIZE (DSPI_FIFO_SIZE * 1024) #define SPI_MCR 0x00 @@ -623,9 +627,11 @@ static void dspi_tcfq_read(struct fsl_dspi *dspi) static void dspi_eoq_write(struct fsl_dspi *dspi) { int fifo_size = DSPI_FIFO_SIZE; + u16 xfer_cmd = dspi->tx_cmd; /* Fill TX FIFO with as many transfers as possible */ while (dspi->len && fifo_size--) { + dspi->tx_cmd = xfer_cmd; /* Request EOQF for last transfer in FIFO */ if (dspi->len == dspi->bytes_per_word || fifo_size == 0) dspi->tx_cmd |= SPI_PUSHR_CMD_EOQ; -- 2.18.0

7 years, 2 months

1
0
0 0

Please apply commit d1e20222d537 to 4.14.y and 4.18.y

by Jitendra Bhivare

Subject of the patch: iommu/arm-smmu: Error out only if not enough context interrupts Commit ID: 42b88ec6530fd76f1ae06de7f09830bcbca5bbd6 Why: ARM SMMU does not initialize for Broadcom Stingray SoC if bootloader reserves few contexts. Kernel should not error out if there are enough context interrupts. Patch

7 years, 2 months

1
0
0 0

Profil.

by Thomas Weber

Sehr geehrte Damen und Herren. Nachdem wir Ihre Webseite besucht und das Profil Ihrer Geschäftstätigkeit analysiert haben, wissen wir schon, wie Sie neue Kunden ab sofort gewinnen können. Wir verfügen über mehr als 100 000 Adressenangaben der potentiellen Kunden. Diese Daten wurden nach Branchen gegliedert. http://www.gbc-at.net/?page=catalog *** 1. Österreich 2018 ( 104 000 ) - 149 EUR ( bis zum 29.08.2018 ) *** Bitte informieren Sie sich über die weiteren Details einmal unverbindlich auf unseren Webseite: http://www.gbc-at.net/?page=catalog Die Adressensortierung je nach der Branche findet KOSTENLOS im beigelegten DataManager-Programm statt. Zusätzlich bieten wir KOSTENLOS das Tool zum automatischen Verschicken der Angebote an. MfG Thomas Weber GC-Team

7 years, 2 months

1
0
0 0

[PATCH] drm/i915/gvt: move intel_runtime_pm_get out of spin_lock in stop_schedule

by hang.yuan＠linux.intel.com

From: Hang Yuan <hang.yuan(a)linux.intel.com> pm_runtime_get_sync in intel_runtime_pm_get might sleep if i915 device is not active. When stop vgpu schedule, the device may be inactive. So need to move runtime_pm_get out of spin_lock/unlock. Fixes: b24881e0b0b6("drm/i915/gvt: Add runtime_pm_get/put into gvt_switch_mmio Cc: <stable(a)vger.kernel.org> Signed-off-by: Hang Yuan <hang.yuan(a)linux.intel.com> Signed-off-by: Xiong Zhang <xiong.y.zhang(a)intel.com> --- drivers/gpu/drm/i915/gvt/mmio_context.c | 2 -- drivers/gpu/drm/i915/gvt/sched_policy.c | 3 +++ 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/i915/gvt/mmio_context.c b/drivers/gpu/drm/i915/gvt/mmio_context.c index 7e702c6..10e63ee 100644 --- a/drivers/gpu/drm/i915/gvt/mmio_context.c +++ b/drivers/gpu/drm/i915/gvt/mmio_context.c @@ -549,11 +549,9 @@ void intel_gvt_switch_mmio(struct intel_vgpu *pre, * performace for batch mmio read/write, so we need * handle forcewake mannually. */ - intel_runtime_pm_get(dev_priv); intel_uncore_forcewake_get(dev_priv, FORCEWAKE_ALL); switch_mmio(pre, next, ring_id); intel_uncore_forcewake_put(dev_priv, FORCEWAKE_ALL); - intel_runtime_pm_put(dev_priv); } /** diff --git a/drivers/gpu/drm/i915/gvt/sched_policy.c b/drivers/gpu/drm/i915/gvt/sched_policy.c index 09d7bb7..985fe81 100644 --- a/drivers/gpu/drm/i915/gvt/sched_policy.c +++ b/drivers/gpu/drm/i915/gvt/sched_policy.c @@ -426,6 +426,7 @@ void intel_vgpu_stop_schedule(struct intel_vgpu *vgpu) &vgpu->gvt->scheduler; int ring_id; struct vgpu_sched_data *vgpu_data = vgpu->sched_data; + struct drm_i915_private *dev_priv = vgpu->gvt->dev_priv; if (!vgpu_data->active) return; @@ -444,6 +445,7 @@ void intel_vgpu_stop_schedule(struct intel_vgpu *vgpu) scheduler->current_vgpu = NULL; } + intel_runtime_pm_get(dev_priv); spin_lock_bh(&scheduler->mmio_context_lock); for (ring_id = 0; ring_id < I915_NUM_ENGINES; ring_id++) { if (scheduler->engine_owner[ring_id] == vgpu) { @@ -452,5 +454,6 @@ void intel_vgpu_stop_schedule(struct intel_vgpu *vgpu) } } spin_unlock_bh(&scheduler->mmio_context_lock); + intel_runtime_pm_put(dev_priv); mutex_unlock(&vgpu->gvt->sched_lock); } -- 2.7.4

7 years, 2 months

1
0
0 0

[PATCH] option: Do not try to bind to ADB interfaces

by Romain Izard

Some modems now use the Android Debug Bridge to provide a debugging interface, and some phones can also export serial ports managed by the "option" driver. The ADB daemon running in userspace tries to use USB interfaces with bDeviceClass=0xFF, bDeviceSubClass=0x42, bDeviceProtocol=1 Prevent the option driver from binding to those interfaces, as they will not be serial ports. This can fix issues like: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781256 Signed-off-by: Romain Izard <romain.izard.pro(a)gmail.com> Cc: stable <stable(a)vger.kernel.org> --- drivers/usb/serial/option.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c index 664e61f16b6a..f98943a57ff0 100644 --- a/drivers/usb/serial/option.c +++ b/drivers/usb/serial/option.c @@ -1987,6 +1987,12 @@ static int option_probe(struct usb_serial *serial, if (iface_desc->bInterfaceClass == USB_CLASS_MASS_STORAGE) return -ENODEV; + /* Do not bind Android Debug Bridge interfaces */ + if (iface_desc->bInterfaceClass == USB_CLASS_VENDOR_SPEC && + iface_desc->bInterfaceSubClass == 0x42 && + iface_desc->bInterfaceProtocol == 1) + return -ENODEV; + /* * Don't bind reserved interfaces (like network ones) which often have * the same class/subclass/protocol as the serial interfaces. Look at -- 2.17.1

7 years, 2 months

5
7
0 0

[gregkh@linuxfoundation.org: Patch "drm: re-enable error handling" has been added to the 4.4-stable tree]

by Nicholas Mc Guire

Hi ! this is also the wrong version of the patch - the proper version is below. This has been posted to lkml https://lkml.org/lkml/2018/7/18/191 but there was no review yet - the version you have though is for sure broken. So maybe this should be simply dropped until the fix is confirmed thx! hofrat ----- Forwarded message from gregkh(a)linuxfoundation.org ----- Date: Tue, 28 Aug 2018 16:11:46 +0200 From: gregkh(a)linuxfoundation.org To: 1531571532-22733-1-git-send-email-hofrat(a)osadl.org, alexander.levin(a)microsoft.com, gregkh(a)linuxfoundation.org, hofrat(a)osadl.org, seanpaul(a)chromium.org Cc: stable-commits(a)vger.kernel.org Subject: Patch "drm: re-enable error handling" has been added to the 4.4-stable tree This is a note to let you know that I've just added the patch titled drm: re-enable error handling to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: drm-re-enable-error-handling.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Aug 28 16:10:37 CEST 2018 From: Nicholas Mc Guire <hofrat(a)osadl.org> Date: Sat, 14 Jul 2018 14:32:12 +0200 Subject: drm: re-enable error handling From: Nicholas Mc Guire <hofrat(a)osadl.org> [ Upstream commit d530b5f1ca0bb66958a2b714bebe40a1248b9c15 ] drm_legacy_ctxbitmap_next() returns idr_alloc() which can return -ENOMEM, -EINVAL or -ENOSPC none of which are -1 . but the call sites of drm_legacy_ctxbitmap_next() seem to be assuming that the error case would be -1 (original return of drm_ctxbitmap_next() prior to 2.6.23 was actually -1). Thus reenable error handling by checking for < 0. Signed-off-by: Nicholas Mc Guire <hofrat(a)osadl.org> Fixes: 62968144e673 ("drm: convert drm context code to use Linux idr") Signed-off-by: Sean Paul <seanpaul(a)chromium.org> Link: https://patchwork.freedesktop.org/patch/msgid/1531571532-22733-1-git-send-e… Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/gpu/drm/drm_context.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/gpu/drm/drm_context.c +++ b/drivers/gpu/drm/drm_context.c @@ -372,7 +372,7 @@ int drm_legacy_addctx(struct drm_device ctx->handle = drm_legacy_ctxbitmap_next(dev); } DRM_DEBUG("%d\n", ctx->handle); - if (ctx->handle == -1) { + if (ctx->handle < 0) { DRM_DEBUG("Not enough free contexts.\n"); /* Should this return -EBUSY instead? */ return -ENOMEM; Patches currently in stable-queue which might be from hofrat(a)osadl.org are queue-4.4/drm-re-enable-error-handling.patch queue-4.4/can-mpc5xxx_can-check-of_iomap-return-before-use.patch ----- End forwarded message -----

7 years, 2 months

1
0
0 0

[PATCH] x86/speculation/l1tf: fix off-by-one error when warning that system has too much RAM

by Vlastimil Babka

Two users have reported [1] that they have an "extremely unlikely" system with more than MAX_PA/2 memory and L1TF mitigation is not effective. In fact it's a CPU with 36bits phys limit (64GB) and 32GB memory, but due to holes in the e820 map, the main region is almost 500MB over the 32GB limit: [ 0.000000] BIOS-e820: [mem 0x0000000100000000-0x000000081effffff] usable Suggestions to use 'mem=32G' to prefer L1TF mitigation while losing the 500MB revealed, that there's an off-by-one error in the check in l1tf_select_mitigation(). l1tf_pfn_limit() returns the last usable pfn (inclusive), but it's more common and hopefully less error-prone to return the first pfn that's over limit, so this patch changes that and updates the other callers. [1] https://bugzilla.suse.com/show_bug.cgi?id=1105536 Reported-by: George Anchev <studio(a)anchev.net> Reported-by: Christopher Snowhill <kode54(a)gmail.com> Fixes: 17dbca119312 ("x86/speculation/l1tf: Add sysfs reporting for l1tf") Cc: stable(a)vger.kernel.org Signed-off-by: Vlastimil Babka <vbabka(a)suse.cz> --- arch/x86/include/asm/processor.h | 2 +- arch/x86/mm/init.c | 2 +- arch/x86/mm/mmap.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h index a0a52274cb4a..c24297268ebc 100644 --- a/arch/x86/include/asm/processor.h +++ b/arch/x86/include/asm/processor.h @@ -183,7 +183,7 @@ extern void cpu_detect(struct cpuinfo_x86 *c); static inline unsigned long long l1tf_pfn_limit(void) { - return BIT_ULL(boot_cpu_data.x86_phys_bits - 1 - PAGE_SHIFT) - 1; + return BIT_ULL(boot_cpu_data.x86_phys_bits - 1 - PAGE_SHIFT); } extern void early_cpu_init(void); diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c index 02de3d6065c4..63a6f9fcaf20 100644 --- a/arch/x86/mm/init.c +++ b/arch/x86/mm/init.c @@ -923,7 +923,7 @@ unsigned long max_swapfile_size(void) if (boot_cpu_has_bug(X86_BUG_L1TF)) { /* Limit the swap file size to MAX_PA/2 for L1TF workaround */ - unsigned long long l1tf_limit = l1tf_pfn_limit() + 1; + unsigned long long l1tf_limit = l1tf_pfn_limit(); /* * We encode swap offsets also with 3 bits below those for pfn * which makes the usable limit higher. diff --git a/arch/x86/mm/mmap.c b/arch/x86/mm/mmap.c index f40ab8185d94..1e95d57760cf 100644 --- a/arch/x86/mm/mmap.c +++ b/arch/x86/mm/mmap.c @@ -257,7 +257,7 @@ bool pfn_modify_allowed(unsigned long pfn, pgprot_t prot) /* If it's real memory always allow */ if (pfn_valid(pfn)) return true; - if (pfn > l1tf_pfn_limit() && !capable(CAP_SYS_ADMIN)) + if (pfn >= l1tf_pfn_limit() && !capable(CAP_SYS_ADMIN)) return false; return true; } -- 2.18.0

7 years, 2 months

7
20
0 0

perf/x86/intel/uncore: propose to support IIO free-running counters in 4.14

by Jin, Yao

Hi, The upstream kernel has supported IIO free-running counters on Skylake server. As of Skylake Server, there are a number of free running counters in each IIO Box that collect counts of per-box IO clocks and per-port Input/Output x BW/Utilization. There are three types of IIO free-running counters on Skylake server: 1. IO CLOCKS counter: a clock of IIO box. 2. BANDWIDTH counters: count inbound(PCIe->CPU)/outbound(CPU->PCIe) bandwidth. 3. UTILIZATION counters: count input/output utilization. With these IIO free-running counters, we can get good observation for IIO traffic on Skylake server. For example, we can see the IIO inbound bandwidth (PCIe->CPU). root@skx /sys/devices# perf stat -a -e uncore_iio_free_running_2/bw_in_port0/ ^C Performance counter stats for 'system wide': 153.19 MiB uncore_iio_free_running_2/bw_in_port0/ 8.037701069 seconds time elapsed I propose to backport the patches which support IIO free-running counters to 4.14 stable kernel. perf/x86/intel/uncore: Introduce customized event_read() for client IMC uncore 2da331465f44f9618abe8837d1a68405d550b66e perf/x86/intel/uncore: Add new data structures for free running counters 927b2deb067b8b4753fc09c7a42092f43fc0c1f6 perf/x86/intel/uncore: Add infrastructure for free running counters 0e0162dfcd1fbe4c711ee86f24f966c318999603 perf/x86/intel/uncore: Support IIO free-running counters on SKX 0f519f0352e37e7d71bdce5559517c74a35f6e33 perf/x86/intel/uncore: Expose uncore_pmu_event*() functions 5a6c9d94e9ed7410142bc6fcb638a4db1895aa0c perf/x86/intel/uncore: Clean up client IMC uncore 9aae1780e7e81e54edfb70ba33ead5b0b48be009 Thanks Jin Yao

7 years, 2 months

2
4
0 0

[PATCH v3] modules_install: make missing $DEPMOD a warning instead of an error

by Randy Dunlap

From: Randy Dunlap <rdunlap(a)infradead.org> When $DEPMOD is not found, only print a warning instead of exiting with an error message and error status. Warning: 'make modules_install' requires /sbin/depmod. Please install it. This is probably in the kmod package. Signed-off-by: Randy Dunlap <rdunlap(a)infradead.org> Fixes: 934193a654c1 ("kbuild: verify that $DEPMOD is installed") Cc: stable(a)vger.kernel.org Cc: Lucas De Marchi <lucas.demarchi(a)profusion.mobi> Cc: Lucas De Marchi <lucas.de.marchi(a)gmail.com> Cc: Michal Marek <michal.lkml(a)markovi.net> Cc: Jessica Yu <jeyu(a)kernel.org> Cc: Chih-Wei Huang <cwhuang(a)linux.org.tw> Cc: H. Nikolaus Schaller <hns(a)goldelico.com> --- v2: add missing "exit 0" and update the commit message (no Error). v3: add Fixes: and Cc: stable scripts/depmod.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- lnx-418.orig/scripts/depmod.sh +++ lnx-418/scripts/depmod.sh @@ -15,9 +15,9 @@ if ! test -r System.map ; then fi if [ -z $(command -v $DEPMOD) ]; then - echo "'make modules_install' requires $DEPMOD. Please install it." >&2 + echo "Warning: 'make modules_install' requires $DEPMOD. Please install it." >&2 echo "This is probably in the kmod package." >&2 - exit 1 + exit 0 fi # older versions of depmod require the version string to start with three

7 years, 2 months

3
4
0 0

+ uapi-linux-keyctlh-dont-use-c-reserved-keyword-as-a-struct-member-name.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: uapi/linux/keyctl.h: don't use C++ reserved keyword as a struct member name has been added to the -mm tree. Its filename is uapi-linux-keyctlh-dont-use-c-reserved-keyword-as-a-struct-member-name.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/uapi-linux-keyctlh-dont-use-c-rese… and later at http://ozlabs.org/~akpm/mmotm/broken-out/uapi-linux-keyctlh-dont-use-c-rese… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Randy Dunlap <rdunlap(a)infradead.org> Subject: uapi/linux/keyctl.h: don't use C++ reserved keyword as a struct member name Since this header is in "include/uapi/linux/", apparently people want to use it in userspace programs -- even in C++ ones. However, the header uses a C++ reserved keyword ("private"), so change that to "dh_private" instead to allow the header file to be used in C++ userspace. Fixes https://bugzilla.kernel.org/show_bug.cgi?id=191051 Link: http://lkml.kernel.org/r/0db6c314-1ef4-9bfa-1baa-7214dd2ee061@infradead.org Fixes: ddbb41148724 ("KEYS: Add KEYCTL_DH_COMPUTE command") Signed-off-by: Randy Dunlap <rdunlap(a)infradead.org> Reviewed-by: Andrew Morton <akpm(a)linux-foundation.org> Cc: David Howells <dhowells(a)redhat.com> Cc: James Morris <jmorris(a)namei.org> Cc: "Serge E. Hallyn" <serge(a)hallyn.com> Cc: Mat Martineau <mathew.j.martineau(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/uapi/linux/keyctl.h | 2 +- security/keys/dh.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) --- a/include/uapi/linux/keyctl.h~uapi-linux-keyctlh-dont-use-c-reserved-keyword-as-a-struct-member-name +++ a/include/uapi/linux/keyctl.h @@ -65,7 +65,7 @@ /* keyctl structures */ struct keyctl_dh_params { - __s32 private; + __s32 dh_private; __s32 prime; __s32 base; }; --- a/security/keys/dh.c~uapi-linux-keyctlh-dont-use-c-reserved-keyword-as-a-struct-member-name +++ a/security/keys/dh.c @@ -300,7 +300,7 @@ long __keyctl_dh_compute(struct keyctl_d } dh_inputs.g_size = dlen; - dlen = dh_data_from_key(pcopy.private, &dh_inputs.key); + dlen = dh_data_from_key(pcopy.dh_private, &dh_inputs.key); if (dlen < 0) { ret = dlen; goto out2; _ Patches currently in -mm which might be from rdunlap(a)infradead.org are uapi-linux-keyctlh-dont-use-c-reserved-keyword-as-a-struct-member-name.patch

7 years, 2 months

1
0
0 0

+ memory_hotplug-fix-kernel_panic-on-offline-page-processing.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: memory_hotplug: fix kernel_panic on offline page processing has been added to the -mm tree. Its filename is memory_hotplug-fix-kernel_panic-on-offline-page-processing.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/memory_hotplug-fix-kernel_panic-on… and later at http://ozlabs.org/~akpm/mmotm/broken-out/memory_hotplug-fix-kernel_panic-on… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Mikhail Zaslonko <zaslonko(a)linux.ibm.com> Subject: memory_hotplug: fix kernel_panic on offline page processing Within show_valid_zones() the function test_pages_in_a_zone() should be called for online memory blocks only. Otherwise it might lead to the VM_BUG_ON due to uninitialized struct pages (when CONFIG_DEBUG_VM_PGFLAGS kernel option is set): page dumped because: VM_BUG_ON_PAGE(PagePoisoned(p)) ------------[ cut here ]------------ Call Trace: ([<000000000038f91e>] test_pages_in_a_zone+0xe6/0x168) [<0000000000923472>] show_valid_zones+0x5a/0x1a8 [<0000000000900284>] dev_attr_show+0x3c/0x78 [<000000000046f6f0>] sysfs_kf_seq_show+0xd0/0x150 [<00000000003ef662>] seq_read+0x212/0x4b8 [<00000000003bf202>] __vfs_read+0x3a/0x178 [<00000000003bf3ca>] vfs_read+0x8a/0x148 [<00000000003bfa3a>] ksys_read+0x62/0xb8 [<0000000000bc2220>] system_call+0xdc/0x2d8 That VM_BUG_ON was triggered by the page poisoning introduced in mm/sparse.c with the git commit d0dc12e86b31 ("mm/memory_hotplug: optimize memory hotplug") With the same commit the new 'nid' field has been added to the struct memory_block in order to store and later on derive the node id for offline pages (instead of accessing struct page which might be uninitialized). But one reference to nid in show_valid_zones() function has been overlooked. Fixed with current commit. Also, nr_pages will not be used any more after test_pages_in_a_zone() call, do not update it. Link: http://lkml.kernel.org/r/20180828090539.41491-1-zaslonko@linux.ibm.com Fixes: d0dc12e86b31 ("mm/memory_hotplug: optimize memory hotplug") Signed-off-by: Mikhail Zaslonko <zaslonko(a)linux.ibm.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Reviewed-by: Pavel Tatashin <pavel.tatashin(a)microsoft.com> Cc: <stable(a)vger.kernel.org> [4.17+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- drivers/base/memory.c | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) --- a/drivers/base/memory.c~memory_hotplug-fix-kernel_panic-on-offline-page-processing +++ a/drivers/base/memory.c @@ -417,25 +417,23 @@ static ssize_t show_valid_zones(struct d int nid; /* - * The block contains more than one zone can not be offlined. - * This can happen e.g. for ZONE_DMA and ZONE_DMA32 - */ - if (!test_pages_in_a_zone(start_pfn, start_pfn + nr_pages, &valid_start_pfn, &valid_end_pfn)) - return sprintf(buf, "none\n"); - - start_pfn = valid_start_pfn; - nr_pages = valid_end_pfn - start_pfn; - - /* * Check the existing zone. Make sure that we do that only on the * online nodes otherwise the page_zone is not reliable */ if (mem->state == MEM_ONLINE) { + /* + * The block contains more than one zone can not be offlined. + * This can happen e.g. for ZONE_DMA and ZONE_DMA32 + */ + if (!test_pages_in_a_zone(start_pfn, start_pfn + nr_pages, + &valid_start_pfn, &valid_end_pfn)) + return sprintf(buf, "none\n"); + start_pfn = valid_start_pfn; strcat(buf, page_zone(pfn_to_page(start_pfn))->name); goto out; } - nid = pfn_to_nid(start_pfn); + nid = mem->nid; default_zone = zone_for_pfn_range(MMOP_ONLINE_KEEP, nid, start_pfn, nr_pages); strcat(buf, default_zone->name); _ Patches currently in -mm which might be from zaslonko(a)linux.ibm.com are memory_hotplug-fix-kernel_panic-on-offline-page-processing.patch

7 years, 2 months

1
0
0 0

[PATCH] x86/irqflags: mark native_restore_fl extern inline

by Nick Desaulniers

Fixes commit 208cbb325589 ("x86/irqflags: Provide a declaration for native_save_fl") This should have been marked extern inline in order to pick up the out of line definition in arch/x86/kernel/irqflags.S. Cc: stable(a)vger.kernel.org # 4.18, 4.14, 4.9, 4.4 Reported-by: Ben Hutchings <ben.hutchings(a)codethink.co.uk> Signed-off-by: Nick Desaulniers <ndesaulniers(a)google.com> --- arch/x86/include/asm/irqflags.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/irqflags.h b/arch/x86/include/asm/irqflags.h index c14f2a74b2be..15450a675031 100644 --- a/arch/x86/include/asm/irqflags.h +++ b/arch/x86/include/asm/irqflags.h @@ -33,7 +33,8 @@ extern inline unsigned long native_save_fl(void) return flags; } -static inline void native_restore_fl(unsigned long flags) +extern inline void native_restore_fl(unsigned long flags); +extern inline void native_restore_fl(unsigned long flags) { asm volatile("push %0 ; popf" : /* no output */ -- 2.19.0.rc0.228.g281dcd1b4d0-goog

7 years, 2 months

3
5
0 0

[PATCH v2 3/3] x86/kvm: use __decrypted attribute when declaring shared variables

by Brijesh Singh

The following commit: 368a540e0232 (x86/kvmclock: Remove memblock dependency) caused SEV guest regression. When SEV is active, we map the shared variables (wall_clock and hv_clock_boot) with C=0 to ensure that both the guest and the hypervisor is able to access the data. To map the variables we use kernel_physical_mapping_init() to split the large pages, but this routine fails to allocate a new page. Before the above commit, kvmclock initialization was called after memory allocator was available but now its called very early in the boot process. Recently we added a special .data..decrypted section to hold the shared variables. This section is mapped with C=0 very early. Use __decrypted attribute to put the wall_clock and hv_clock_boot in .data..decrypted section so that they are mapped with C=0. Signed-off-by: Brijesh Singh <brijesh.singh(a)amd.com> Fixes: 368a540e0232 ("x86/kvmclock: Remove memblock dependency") Cc: stable(a)vger.kernel.org Cc: Tom Lendacky <thomas.lendacky(a)amd.com> Cc: kvm(a)vger.kernel.org Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Borislav Petkov <bp(a)suse.de> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: linux-kernel(a)vger.kernel.org Cc: Paolo Bonzini <pbonzini(a)redhat.com> Cc: Sean Christopherson <sean.j.christopherson(a)intel.com> Cc: kvm(a)vger.kernel.org Cc: "Radim Krčmář" <rkrcmar(a)redhat.com> --- arch/x86/kernel/kvmclock.c | 30 +++++++++++++++++++++++++----- 1 file changed, 25 insertions(+), 5 deletions(-) diff --git a/arch/x86/kernel/kvmclock.c b/arch/x86/kernel/kvmclock.c index 1e67646..08f5f8a 100644 --- a/arch/x86/kernel/kvmclock.c +++ b/arch/x86/kernel/kvmclock.c @@ -28,6 +28,7 @@ #include <linux/sched/clock.h> #include <linux/mm.h> #include <linux/slab.h> +#include <linux/set_memory.h> #include <asm/hypervisor.h> #include <asm/mem_encrypt.h> @@ -61,8 +62,8 @@ early_param("no-kvmclock-vsyscall", parse_no_kvmclock_vsyscall); (PAGE_SIZE / sizeof(struct pvclock_vsyscall_time_info)) static struct pvclock_vsyscall_time_info - hv_clock_boot[HVC_BOOT_ARRAY_SIZE] __aligned(PAGE_SIZE); -static struct pvclock_wall_clock wall_clock; + hv_clock_boot[HVC_BOOT_ARRAY_SIZE] __decrypted __aligned(PAGE_SIZE); +static struct pvclock_wall_clock wall_clock __decrypted; static DEFINE_PER_CPU(struct pvclock_vsyscall_time_info *, hv_clock_per_cpu); static inline struct pvclock_vcpu_time_info *this_cpu_pvti(void) @@ -267,10 +268,29 @@ static int kvmclock_setup_percpu(unsigned int cpu) return 0; /* Use the static page for the first CPUs, allocate otherwise */ - if (cpu < HVC_BOOT_ARRAY_SIZE) + if (cpu < HVC_BOOT_ARRAY_SIZE) { p = &hv_clock_boot[cpu]; - else - p = kzalloc(sizeof(*p), GFP_KERNEL); + } else { + int rc; + unsigned int sz = sizeof(*p); + + if (sev_active()) + sz = PAGE_ALIGN(sz); + + p = kzalloc(sz, GFP_KERNEL); + + /* + * The physical address of per-cpu variable will be shared with + * the hypervisor. Let's clear the C-bit before we assign the + * memory to per_cpu variable. + */ + if (p && sev_active()) { + rc = set_memory_decrypted((unsigned long)p, sz >> PAGE_SHIFT); + if (rc) + return rc; + memset(p, 0, sz); + } + } per_cpu(hv_clock_per_cpu, cpu) = p; return p ? 0 : -ENOMEM; -- 2.7.4

7 years, 2 months

1
0
0 0

CAN I TRUST YOU?

by Ms CHIANG Lai Yuen JP

I have a business proposal for you

7 years, 2 months

1
0
0 0

[PATCH -next] spi: Fix double IDR allocation with DT aliases

by Geert Uytterhoeven

If the SPI bus number is provided by a DT alias, idr_alloc() is called twice, leading to: WARNING: CPU: 1 PID: 1 at drivers/spi/spi.c:2179 spi_register_controller+0x11c/0x5d8 couldn't get idr Fix this by moving the handling of fixed SPI bus numbers up, before the DT handling code fills in ctlr->bus_num. Fixes: 1a4327fbf4554d5b ("spi: fix IDR collision on systems with both fixed and dynamic SPI bus numbers") Signed-off-by: Geert Uytterhoeven <geert+renesas(a)glider.be> --- Seen on e.g. r8a7791/koelsch, breaking both RSPI and MSIOF. --- drivers/spi/spi.c | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/drivers/spi/spi.c b/drivers/spi/spi.c index a00d006d4c3a1c5a..9da0bc5a036cfff6 100644 --- a/drivers/spi/spi.c +++ b/drivers/spi/spi.c @@ -2143,8 +2143,17 @@ int spi_register_controller(struct spi_controller *ctlr) */ if (ctlr->num_chipselect == 0) return -EINVAL; - /* allocate dynamic bus number using Linux idr */ - if ((ctlr->bus_num < 0) && ctlr->dev.of_node) { + if (ctlr->bus_num >= 0) { + /* devices with a fixed bus num must check-in with the num */ + mutex_lock(&board_lock); + id = idr_alloc(&spi_master_idr, ctlr, ctlr->bus_num, + ctlr->bus_num + 1, GFP_KERNEL); + mutex_unlock(&board_lock); + if (WARN(id < 0, "couldn't get idr")) + return id == -ENOSPC ? -EBUSY : id; + ctlr->bus_num = id; + } else if (ctlr->dev.of_node) { + /* allocate dynamic bus number using Linux idr */ id = of_alias_get_id(ctlr->dev.of_node, "spi"); if (id >= 0) { ctlr->bus_num = id; @@ -2170,15 +2179,6 @@ int spi_register_controller(struct spi_controller *ctlr) if (WARN(id < 0, "couldn't get idr")) return id; ctlr->bus_num = id; - } else { - /* devices with a fixed bus num must check-in with the num */ - mutex_lock(&board_lock); - id = idr_alloc(&spi_master_idr, ctlr, ctlr->bus_num, - ctlr->bus_num + 1, GFP_KERNEL); - mutex_unlock(&board_lock); - if (WARN(id < 0, "couldn't get idr")) - return id == -ENOSPC ? -EBUSY : id; - ctlr->bus_num = id; } INIT_LIST_HEAD(&ctlr->queue); spin_lock_init(&ctlr->queue_lock); -- 2.17.1

7 years, 2 months

6
6
0 0

Applied "spi: spi-fsl-dspi: fix broken DSPI_EOQ_MODE" to the spi tree

by Mark Brown

The patch spi: spi-fsl-dspi: fix broken DSPI_EOQ_MODE has been applied to the spi tree at https://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi.git All being well this means that it will be integrated into the linux-next tree (usually sometime in the next 24 hours) and sent to Linus during the next merge window (or sooner if it is a bug fix), however if problems are discovered then the patch may be dropped or reverted. You may get further e-mails resulting from automated or manual testing and review of the tree, please engage with people reporting problems and send followup patches addressing any issues that are reported if needed. If any updates are required or you are submitting further changes they should be sent as incremental updates against current git, existing patches will not be replaced. Please add any relevant lists and maintainers to the CCs when replying to this mail. Thanks, Mark >From 5223c9c1cbfc0cd4d0a1b50758e0949af3290fa1 Mon Sep 17 00:00:00 2001 From: Angelo Dureghello <angelo(a)sysam.it> Date: Sat, 18 Aug 2018 01:51:58 +0200 Subject: [PATCH] spi: spi-fsl-dspi: fix broken DSPI_EOQ_MODE This patch fixes the dspi_eoq_write function used by the ColdFire mcf5441x family. The 16 bit cmd part must be re-set at each data transfer. Also, now that fifo_size variables are used for eoq_read/write, a proper fifo size must be set (16 slots for the ColdFire dspi module version). Signed-off-by: Angelo Dureghello <angelo(a)sysam.it> Acked-by: Esben Haabendal <esben(a)haabendal.dk> Signed-off-by: Mark Brown <broonie(a)kernel.org> Cc: stable(a)vger.kernel.org --- drivers/spi/spi-fsl-dspi.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/spi/spi-fsl-dspi.c b/drivers/spi/spi-fsl-dspi.c index 7cb3ab0a35a0..3082e72e4f6c 100644 --- a/drivers/spi/spi-fsl-dspi.c +++ b/drivers/spi/spi-fsl-dspi.c @@ -30,7 +30,11 @@ #define DRIVER_NAME "fsl-dspi" +#ifdef CONFIG_M5441x +#define DSPI_FIFO_SIZE 16 +#else #define DSPI_FIFO_SIZE 4 +#endif #define DSPI_DMA_BUFSIZE (DSPI_FIFO_SIZE * 1024) #define SPI_MCR 0x00 @@ -623,9 +627,11 @@ static void dspi_tcfq_read(struct fsl_dspi *dspi) static void dspi_eoq_write(struct fsl_dspi *dspi) { int fifo_size = DSPI_FIFO_SIZE; + u16 xfer_cmd = dspi->tx_cmd; /* Fill TX FIFO with as many transfers as possible */ while (dspi->len && fifo_size--) { + dspi->tx_cmd = xfer_cmd; /* Request EOQF for last transfer in FIFO */ if (dspi->len == dspi->bytes_per_word || fifo_size == 0) dspi->tx_cmd |= SPI_PUSHR_CMD_EOQ; -- 2.18.0

7 years, 2 months

1
0
0 0

Applied "ASoC: rt5682: Change DAC/ADC volume scale" to the asoc tree

by Mark Brown

The patch ASoC: rt5682: Change DAC/ADC volume scale has been applied to the asoc tree at https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound.git All being well this means that it will be integrated into the linux-next tree (usually sometime in the next 24 hours) and sent to Linus during the next merge window (or sooner if it is a bug fix), however if problems are discovered then the patch may be dropped or reverted. You may get further e-mails resulting from automated or manual testing and review of the tree, please engage with people reporting problems and send followup patches addressing any issues that are reported if needed. If any updates are required or you are submitting further changes they should be sent as incremental updates against current git, existing patches will not be replaced. Please add any relevant lists and maintainers to the CCs when replying to this mail. Thanks, Mark >From 7509487785d7a2bf3606cf26710f0ca29e9ca94d Mon Sep 17 00:00:00 2001 From: Shuming Fan <shumingf(a)realtek.com> Date: Fri, 24 Aug 2018 10:52:19 +0800 Subject: [PATCH] ASoC: rt5682: Change DAC/ADC volume scale The step of DAC/ADC volume scale changes from 0.375dB to 0.75dB Signed-off-by: Shuming Fan <shumingf(a)realtek.com> Signed-off-by: Mark Brown <broonie(a)kernel.org> Cc: stable(a)vger.kernel.org --- sound/soc/codecs/rt5682.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/sound/soc/codecs/rt5682.c b/sound/soc/codecs/rt5682.c index 640d400ca013..afe7d5b19313 100644 --- a/sound/soc/codecs/rt5682.c +++ b/sound/soc/codecs/rt5682.c @@ -750,8 +750,8 @@ static bool rt5682_readable_register(struct device *dev, unsigned int reg) } static const DECLARE_TLV_DB_SCALE(hp_vol_tlv, -2250, 150, 0); -static const DECLARE_TLV_DB_SCALE(dac_vol_tlv, -65625, 375, 0); -static const DECLARE_TLV_DB_SCALE(adc_vol_tlv, -17625, 375, 0); +static const DECLARE_TLV_DB_SCALE(dac_vol_tlv, -6525, 75, 0); +static const DECLARE_TLV_DB_SCALE(adc_vol_tlv, -1725, 75, 0); static const DECLARE_TLV_DB_SCALE(adc_bst_tlv, 0, 1200, 0); /* {0, +20, +24, +30, +35, +40, +44, +50, +52} dB */ @@ -1114,7 +1114,7 @@ static const struct snd_kcontrol_new rt5682_snd_controls[] = { /* DAC Digital Volume */ SOC_DOUBLE_TLV("DAC1 Playback Volume", RT5682_DAC1_DIG_VOL, - RT5682_L_VOL_SFT, RT5682_R_VOL_SFT, 175, 0, dac_vol_tlv), + RT5682_L_VOL_SFT + 1, RT5682_R_VOL_SFT + 1, 86, 0, dac_vol_tlv), /* IN Boost Volume */ SOC_SINGLE_TLV("CBJ Boost Volume", RT5682_CBJ_BST_CTRL, @@ -1124,7 +1124,7 @@ static const struct snd_kcontrol_new rt5682_snd_controls[] = { SOC_DOUBLE("STO1 ADC Capture Switch", RT5682_STO1_ADC_DIG_VOL, RT5682_L_MUTE_SFT, RT5682_R_MUTE_SFT, 1, 1), SOC_DOUBLE_TLV("STO1 ADC Capture Volume", RT5682_STO1_ADC_DIG_VOL, - RT5682_L_VOL_SFT, RT5682_R_VOL_SFT, 127, 0, adc_vol_tlv), + RT5682_L_VOL_SFT + 1, RT5682_R_VOL_SFT + 1, 63, 0, adc_vol_tlv), /* ADC Boost Volume Control */ SOC_DOUBLE_TLV("STO1 ADC Boost Gain Volume", RT5682_STO1_ADC_BOOST, -- 2.18.0

7 years, 2 months

1
0
0 0

[PATCH] drm/amdgpu: add missing CHIP_HAINAN in amdgpu_ucode_get_load_type

by Alex Deucher

This caused a confusing error message, but there is functionally no problem since the default method is DIRECT. Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.c index b419d6e33b3a..a942fd28dae8 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.c @@ -277,6 +277,7 @@ amdgpu_ucode_get_load_type(struct amdgpu_device *adev, int load_type) case CHIP_PITCAIRN: case CHIP_VERDE: case CHIP_OLAND: + case CHIP_HAINAN: return AMDGPU_FW_LOAD_DIRECT; #endif #ifdef CONFIG_DRM_AMDGPU_CIK -- 2.13.6

7 years, 2 months

1
0
0 0

Managed Service Providers (MSSPs)

by stella.colvin＠callflexnet.com

Hi, I just wanted to check if you would be interested in a list of Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs)? We also have the data intelligence of: • Managed Service Providers (MSP’s) • Managed Security Service Providers (MSSP’s) • IT Decision Makers – 6million across all industry • Business Decision Makers – 10 million across all industry • Value Added Resellers- VARs • Independent Software Vendors- ISVs • System Integrators- SIs • VoIP Service Providers. • Telecommunications Service Providers (TSPs) • Application Service Providers (ASPs) • IT Managed Services Providers (ITMSP) • Storage Service Providers (SSPs) Kindly review and let me know if I can share more information on this. I look forward to hearing from you. Regards, Stella Marketing Specialist If you don't want to include yourself in our mailing list, please reply back “Leave Out" in a subject line

7 years, 2 months

1
0
0 0

[PATCH 1/2] x86/mm: add .data..decrypted section to hold shared variables

by Brijesh Singh

kvmclock defines few static variables which are shared with hypervisor during the kvmclock initialization. When SEV is active, memory is encrypted with a guest-specific key, and if guest OS wants to share the memory region with hypervisor then it must clear the C-bit before sharing it. The '__decrypted' can be used to define a shared variables; the variables will be put in the .data.decryption section. This section is mapped with C=0 early in the boot, we also ensure that the initialized values are updated to match with C=0 (i.e peform an in-place decryption). The .data..decrypted section is PMD aligned and sized so that we avoid the need for spliting the pages when map with C=0. Signed-off-by: Brijesh Singh <brijesh.singh(a)amd.com> Fixes: 368a540e0232 ("x86/kvmclock: Remove memblock dependency") Cc: stable(a)vger.kernel.org Cc: Tom Lendacky <thomas.lendacky(a)amd.com> Cc: kvm(a)vger.kernel.org Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Borislav Petkov <bp(a)suse.de> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: linux-kernel(a)vger.kernel.org Cc: Paolo Bonzini <pbonzini(a)redhat.com> Cc: Sean Christopherson <sean.j.christopherson(a)intel.com> Cc: "Radim Krčmář" <rkrcmar(a)redhat.com> --- arch/x86/include/asm/mem_encrypt.h | 4 + arch/x86/kernel/head64.c | 12 ++ arch/x86/kernel/vmlinux.lds.S | 18 +++ arch/x86/mm/mem_encrypt_identity.c | 220 +++++++++++++++++++++++++++---------- 4 files changed, 197 insertions(+), 57 deletions(-) diff --git a/arch/x86/include/asm/mem_encrypt.h b/arch/x86/include/asm/mem_encrypt.h index c064383..3f7d9d3 100644 --- a/arch/x86/include/asm/mem_encrypt.h +++ b/arch/x86/include/asm/mem_encrypt.h @@ -52,6 +52,8 @@ void __init mem_encrypt_init(void); bool sme_active(void); bool sev_active(void); +#define __decrypted __attribute__((__section__(".data..decrypted"))) + #else /* !CONFIG_AMD_MEM_ENCRYPT */ #define sme_me_mask 0ULL @@ -77,6 +79,8 @@ early_set_memory_decrypted(unsigned long vaddr, unsigned long size) { return 0; static inline int __init early_set_memory_encrypted(unsigned long vaddr, unsigned long size) { return 0; } +#define __decrypted + #endif /* CONFIG_AMD_MEM_ENCRYPT */ /* diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c index 8047379..6a18297 100644 --- a/arch/x86/kernel/head64.c +++ b/arch/x86/kernel/head64.c @@ -43,6 +43,9 @@ extern pmd_t early_dynamic_pgts[EARLY_DYNAMIC_PAGE_TABLES][PTRS_PER_PMD]; static unsigned int __initdata next_early_pgt; pmdval_t early_pmd_flags = __PAGE_KERNEL_LARGE & ~(_PAGE_GLOBAL | _PAGE_NX); +/* To clear memory encryption mask from the decrypted section */ +extern char __start_data_decrypted[], __end_data_decrypted[]; + #ifdef CONFIG_X86_5LEVEL unsigned int __pgtable_l5_enabled __ro_after_init; unsigned int pgdir_shift __ro_after_init = 39; @@ -112,6 +115,7 @@ static bool __head check_la57_support(unsigned long physaddr) unsigned long __head __startup_64(unsigned long physaddr, struct boot_params *bp) { + unsigned long vaddr, vaddr_end; unsigned long load_delta, *p; unsigned long pgtable_flags; pgdval_t *pgd; @@ -234,6 +238,14 @@ unsigned long __head __startup_64(unsigned long physaddr, /* Encrypt the kernel and related (if SME is active) */ sme_encrypt_kernel(bp); + /* Clear the memory encryption mask from the decrypted section */ + vaddr = (unsigned long)__start_data_decrypted; + vaddr_end = (unsigned long)__end_data_decrypted; + for (; vaddr < vaddr_end; vaddr += PMD_SIZE) { + i = pmd_index(vaddr); + pmd[i] -= sme_get_me_mask(); + } + /* * Return the SME encryption mask (if SME is active) to be used as a * modifier for the initial pgdir entry programmed into CR3. diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S index 8bde0a4..511b875 100644 --- a/arch/x86/kernel/vmlinux.lds.S +++ b/arch/x86/kernel/vmlinux.lds.S @@ -89,6 +89,22 @@ PHDRS { note PT_NOTE FLAGS(0); /* ___ */ } +/* + * This section contains data which will be mapped as decrypted. Memory + * encryption operates on a page basis. But we make this section a pmd + * aligned to avoid spliting the pages while mapping the section early. + * + * Note: We use a separate section so that only this section gets + * decrypted to avoid exposing more than we wish. + */ +#define DATA_DECRYPTED_SECTION \ + . = ALIGN(PMD_SIZE); \ + __start_data_decrypted = .; \ + *(.data..decrypted); \ + __end_data_decrypted = .; \ + . = ALIGN(PMD_SIZE); \ + + SECTIONS { #ifdef CONFIG_X86_32 @@ -171,6 +187,8 @@ SECTIONS /* rarely changed data like cpu maps */ READ_MOSTLY_DATA(INTERNODE_CACHE_BYTES) + DATA_DECRYPTED_SECTION + /* End of data section */ _edata = .; } :data diff --git a/arch/x86/mm/mem_encrypt_identity.c b/arch/x86/mm/mem_encrypt_identity.c index 7ae3686..ccf6e2b 100644 --- a/arch/x86/mm/mem_encrypt_identity.c +++ b/arch/x86/mm/mem_encrypt_identity.c @@ -59,6 +59,8 @@ (_PAGE_PAT | _PAGE_PWT)) #define PTE_FLAGS_ENC (PTE_FLAGS | _PAGE_ENC) +#define PTE_FLAGS_ENC_WP ((PTE_FLAGS_ENC & ~_PAGE_CACHE_MASK) | \ + (_PAGE_PAT | _PAGE_PWT)) struct sme_populate_pgd_data { void *pgtable_area; @@ -72,10 +74,28 @@ struct sme_populate_pgd_data { unsigned long vaddr_end; }; +struct sme_workarea_data { + unsigned long kernel_start; + unsigned long kernel_end; + unsigned long kernel_len; + + unsigned long initrd_start; + unsigned long initrd_end; + unsigned long initrd_len; + + unsigned long workarea_start; + unsigned long workarea_end; + unsigned long workarea_len; + + unsigned long decrypted_base; +}; + static char sme_cmdline_arg[] __initdata = "mem_encrypt"; static char sme_cmdline_on[] __initdata = "on"; static char sme_cmdline_off[] __initdata = "off"; +extern char __start_data_decrypted[], __end_data_decrypted[]; + static void __init sme_clear_pgd(struct sme_populate_pgd_data *ppd) { unsigned long pgd_start, pgd_end, pgd_size; @@ -219,6 +239,11 @@ static void __init sme_map_range_encrypted(struct sme_populate_pgd_data *ppd) __sme_map_range(ppd, PMD_FLAGS_ENC, PTE_FLAGS_ENC); } +static void __init sme_map_range_encrypted_wp(struct sme_populate_pgd_data *ppd) +{ + __sme_map_range(ppd, PMD_FLAGS_ENC, PTE_FLAGS_ENC_WP); +} + static void __init sme_map_range_decrypted(struct sme_populate_pgd_data *ppd) { __sme_map_range(ppd, PMD_FLAGS_DEC, PTE_FLAGS_DEC); @@ -266,19 +291,17 @@ static unsigned long __init sme_pgtable_calc(unsigned long len) return entries + tables; } -void __init sme_encrypt_kernel(struct boot_params *bp) +static void __init build_workarea_map(struct boot_params *bp, + struct sme_workarea_data *wa, + struct sme_populate_pgd_data *ppd) { unsigned long workarea_start, workarea_end, workarea_len; unsigned long execute_start, execute_end, execute_len; unsigned long kernel_start, kernel_end, kernel_len; unsigned long initrd_start, initrd_end, initrd_len; - struct sme_populate_pgd_data ppd; unsigned long pgtable_area_len; unsigned long decrypted_base; - if (!sme_active()) - return; - /* * Prepare for encrypting the kernel and initrd by building new * pagetables with the necessary attributes needed to encrypt the @@ -358,17 +381,17 @@ void __init sme_encrypt_kernel(struct boot_params *bp) * pagetables and when the new encrypted and decrypted kernel * mappings are populated. */ - ppd.pgtable_area = (void *)execute_end; + ppd->pgtable_area = (void *)execute_end; /* * Make sure the current pagetable structure has entries for * addressing the workarea. */ - ppd.pgd = (pgd_t *)native_read_cr3_pa(); - ppd.paddr = workarea_start; - ppd.vaddr = workarea_start; - ppd.vaddr_end = workarea_end; - sme_map_range_decrypted(&ppd); + ppd->pgd = (pgd_t *)native_read_cr3_pa(); + ppd->paddr = workarea_start; + ppd->vaddr = workarea_start; + ppd->vaddr_end = workarea_end; + sme_map_range_decrypted(ppd); /* Flush the TLB - no globals so cr3 is enough */ native_write_cr3(__native_read_cr3()); @@ -379,9 +402,9 @@ void __init sme_encrypt_kernel(struct boot_params *bp) * then be populated with new PUDs and PMDs as the encrypted and * decrypted kernel mappings are created. */ - ppd.pgd = ppd.pgtable_area; - memset(ppd.pgd, 0, sizeof(pgd_t) * PTRS_PER_PGD); - ppd.pgtable_area += sizeof(pgd_t) * PTRS_PER_PGD; + ppd->pgd = ppd->pgtable_area; + memset(ppd->pgd, 0, sizeof(pgd_t) * PTRS_PER_PGD); + ppd->pgtable_area += sizeof(pgd_t) * PTRS_PER_PGD; /* * A different PGD index/entry must be used to get different @@ -399,75 +422,158 @@ void __init sme_encrypt_kernel(struct boot_params *bp) decrypted_base <<= PGDIR_SHIFT; /* Add encrypted kernel (identity) mappings */ - ppd.paddr = kernel_start; - ppd.vaddr = kernel_start; - ppd.vaddr_end = kernel_end; - sme_map_range_encrypted(&ppd); + ppd->paddr = kernel_start; + ppd->vaddr = kernel_start; + ppd->vaddr_end = kernel_end; + sme_map_range_encrypted(ppd); /* Add decrypted, write-protected kernel (non-identity) mappings */ - ppd.paddr = kernel_start; - ppd.vaddr = kernel_start + decrypted_base; - ppd.vaddr_end = kernel_end + decrypted_base; - sme_map_range_decrypted_wp(&ppd); + ppd->paddr = kernel_start; + ppd->vaddr = kernel_start + decrypted_base; + ppd->vaddr_end = kernel_end + decrypted_base; + sme_map_range_decrypted_wp(ppd); if (initrd_len) { /* Add encrypted initrd (identity) mappings */ - ppd.paddr = initrd_start; - ppd.vaddr = initrd_start; - ppd.vaddr_end = initrd_end; - sme_map_range_encrypted(&ppd); + ppd->paddr = initrd_start; + ppd->vaddr = initrd_start; + ppd->vaddr_end = initrd_end; + sme_map_range_encrypted(ppd); /* * Add decrypted, write-protected initrd (non-identity) mappings */ - ppd.paddr = initrd_start; - ppd.vaddr = initrd_start + decrypted_base; - ppd.vaddr_end = initrd_end + decrypted_base; - sme_map_range_decrypted_wp(&ppd); + ppd->paddr = initrd_start; + ppd->vaddr = initrd_start + decrypted_base; + ppd->vaddr_end = initrd_end + decrypted_base; + sme_map_range_decrypted_wp(ppd); } - /* Add decrypted workarea mappings to both kernel mappings */ - ppd.paddr = workarea_start; - ppd.vaddr = workarea_start; - ppd.vaddr_end = workarea_end; - sme_map_range_decrypted(&ppd); + /* + * When SEV is active, kernel is already encrypted hence mapping + * the initial workarea_start as encrypted. When SME is active, + * the kernel is not encrypted hence add a decrypted workarea + * mappings to both kernel mappings + */ + ppd->paddr = workarea_start; + ppd->vaddr = workarea_start; + ppd->vaddr_end = workarea_end; + if (sev_active()) + sme_map_range_encrypted(ppd); + else + sme_map_range_decrypted(ppd); + + ppd->paddr = workarea_start; + ppd->vaddr = workarea_start + decrypted_base; + ppd->vaddr_end = workarea_end + decrypted_base; + sme_map_range_decrypted(ppd); - ppd.paddr = workarea_start; - ppd.vaddr = workarea_start + decrypted_base; - ppd.vaddr_end = workarea_end + decrypted_base; - sme_map_range_decrypted(&ppd); + wa->kernel_start = kernel_start; + wa->kernel_end = kernel_end; + wa->kernel_len = kernel_len; - /* Perform the encryption */ - sme_encrypt_execute(kernel_start, kernel_start + decrypted_base, - kernel_len, workarea_start, (unsigned long)ppd.pgd); + wa->initrd_start = initrd_start; + wa->initrd_end = initrd_end; + wa->initrd_len = initrd_len; - if (initrd_len) - sme_encrypt_execute(initrd_start, initrd_start + decrypted_base, - initrd_len, workarea_start, - (unsigned long)ppd.pgd); + wa->workarea_start = workarea_start; + wa->workarea_end = workarea_end; + wa->workarea_len = workarea_len; + wa->decrypted_base = decrypted_base; +} + +static void __init remove_workarea_map(struct sme_workarea_data *wa, + struct sme_populate_pgd_data *ppd) +{ /* * At this point we are running encrypted. Remove the mappings for * the decrypted areas - all that is needed for this is to remove * the PGD entry/entries. */ - ppd.vaddr = kernel_start + decrypted_base; - ppd.vaddr_end = kernel_end + decrypted_base; - sme_clear_pgd(&ppd); - - if (initrd_len) { - ppd.vaddr = initrd_start + decrypted_base; - ppd.vaddr_end = initrd_end + decrypted_base; - sme_clear_pgd(&ppd); + ppd->vaddr = wa->kernel_start + wa->decrypted_base; + ppd->vaddr_end = wa->kernel_end + wa->decrypted_base; + sme_clear_pgd(ppd); + + if (wa->initrd_len) { + ppd->vaddr = wa->initrd_start + wa->decrypted_base; + ppd->vaddr_end = wa->initrd_end + wa->decrypted_base; + sme_clear_pgd(ppd); } - ppd.vaddr = workarea_start + decrypted_base; - ppd.vaddr_end = workarea_end + decrypted_base; - sme_clear_pgd(&ppd); + ppd->vaddr = wa->workarea_start + wa->decrypted_base; + ppd->vaddr_end = wa->workarea_end + wa->decrypted_base; + sme_clear_pgd(ppd); /* Flush the TLB - no globals so cr3 is enough */ native_write_cr3(__native_read_cr3()); } +static void __init decrypt_data_decrypted_section(struct sme_workarea_data *wa, + struct sme_populate_pgd_data *ppd) +{ + unsigned long decrypted_start, decrypted_end, decrypted_len; + + /* Physical addresses of decrypted data section */ + decrypted_start = __pa_symbol(__start_data_decrypted); + decrypted_end = __pa_symbol(__end_data_decrypted); + decrypted_len = decrypted_end - decrypted_start; + + if (!decrypted_len) + return; + + /* Add decrypted mapping for the section (identity) */ + ppd->paddr = decrypted_start; + ppd->vaddr = decrypted_start; + ppd->vaddr_end = decrypted_end; + sme_map_range_decrypted(ppd); + + /* Add encrypted-wp mapping for the section (non-identity) */ + ppd->paddr = decrypted_start; + ppd->vaddr = decrypted_start + wa->decrypted_base; + ppd->vaddr_end = decrypted_end + wa->decrypted_base; + sme_map_range_encrypted_wp(ppd); + + /* Perform in-place decryption */ + sme_encrypt_execute(decrypted_start + wa->decrypted_base, + decrypted_start, + decrypted_len, wa->workarea_start, + (unsigned long)ppd->pgd); + + ppd->vaddr = decrypted_start + wa->decrypted_base; + ppd->vaddr_end = decrypted_end + wa->decrypted_base; + sme_clear_pgd(ppd); +} + +void __init sme_encrypt_kernel(struct boot_params *bp) +{ + struct sme_populate_pgd_data ppd; + struct sme_workarea_data wa; + + if (!mem_encrypt_active()) + return; + + build_workarea_map(bp, &wa, &ppd); + + /* When SEV is active, encrypt kernel and initrd */ + if (sme_active()) { + sme_encrypt_execute(wa.kernel_start, + wa.kernel_start + wa.decrypted_base, + wa.kernel_len, wa.workarea_start, + (unsigned long)ppd.pgd); + + if (wa.initrd_len) + sme_encrypt_execute(wa.initrd_start, + wa.initrd_start + wa.decrypted_base, + wa.initrd_len, wa.workarea_start, + (unsigned long)ppd.pgd); + } + + /* Decrypt the contents of .data..decrypted section */ + decrypt_data_decrypted_section(&wa, &ppd); + + remove_workarea_map(&wa, &ppd); +} + void __init sme_enable(struct boot_params *bp) { const char *cmdline_ptr, *cmdline_arg, *cmdline_on, *cmdline_off; -- 2.7.4

7 years, 2 months

2
2
0 0

[PATCH v2] mtd: spi-nor: fsl-quadspi: fix read error for flash size larger than 16MB

by Liu Xiang

If the size of spi-nor flash is larger than 16MB, the read_opcode is set to SPINOR_OP_READ_1_1_4_4B, and fsl_qspi_get_seqid() will return -EINVAL when cmd is SPINOR_OP_READ_1_1_4_4B. This can cause read operation fail. --- v2: add Fixes tag and CC stable suggested by Boris. --- Fixes: e46ecda764dc ("mtd: spi-nor: Add Freescale QuadSPI driver") Cc: <stable(a)vger.kernel.org> Signed-off-by: Liu Xiang <liu.xiang6(a)zte.com.cn> --- drivers/mtd/spi-nor/fsl-quadspi.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/mtd/spi-nor/fsl-quadspi.c b/drivers/mtd/spi-nor/fsl-quadspi.c index 7d9620c..64304a3 100644 --- a/drivers/mtd/spi-nor/fsl-quadspi.c +++ b/drivers/mtd/spi-nor/fsl-quadspi.c @@ -478,6 +478,7 @@ static int fsl_qspi_get_seqid(struct fsl_qspi *q, u8 cmd) { switch (cmd) { case SPINOR_OP_READ_1_1_4: + case SPINOR_OP_READ_1_1_4_4B: return SEQID_READ; case SPINOR_OP_WREN: return SEQID_WREN; -- 1.9.1

7 years, 2 months

3
3
0 0

[GIT PULL] commits for Linux 4.4

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.4 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 7dc18ebc3101229d5238a2dc740804cd4836b383: Linux 4.4.150 (2018-08-18 10:45:38 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.4-14082018 for you to fetch changes up to 99f86ec21034d82ebdcfff3ed4010945e082ca04: mm/memory.c: check return value of ioremap_prot (2018-08-18 10:17:21 -0400) - ---------------------------------------------------------------- for-greg-4.4-14082018 - ---------------------------------------------------------------- Alexander Sverdlin (1): i2c: davinci: Avoid zero value of CLKH Alexey Kodanev (1): dccp: fix undefined behavior with 'cwnd' shift in ccid2_cwnd_restart() Bernd Edlinger (1): nl80211: Add a missing break in parse_station_flags Calvin Walton (1): tools/power turbostat: Read extended processor family from CPUID Colin Ian King (1): drivers: net: lmc: fix case value for target abort error Eric Dumazet (1): xfrm_user: prevent leaking 2 bytes of kernel memory Eugeniu Rosca (1): usb: gadget: f_uac2: fix endianness of 'struct cntrl_*_lay3' Eyal Birger (1): vti6: fix PMTU caching and reporting on xmit Florian Westphal (3): xfrm: free skb if nlsk pointer is NULL netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state atl1c: reserve min skb headroom Govindarajulu Varadarajan (1): enic: handle mtu change for vf properly Guenter Roeck (1): media: staging: omap4iss: Include asm/cacheflush.h after generic includes Jia-Ju Bai (2): usb: gadget: r8a66597: Fix two possible sleep-in-atomic-context bugs in init_controller() usb: gadget: r8a66597: Fix a possible sleep-in-atomic-context bugs in r8a66597_queue() Jim Gill (1): scsi: vmw_pvscsi: Return DID_RESET for status SAM_STAT_COMMAND_TERMINATED Johannes Thumshirn (1): scsi: fcoe: drop frames in ELS LOGO error path Kiran Kumar Modukuri (3): fscache: Allow cancelled operations to be enqueued cachefiles: Fix refcounting bug in backing-file read monitoring cachefiles: Wait rather than BUG'ing on "Unexpected object collision" Len Brown (1): tools/power turbostat: fix -S on UP systems Li Wang (1): zswap: re-check zswap_is_full() after do zswap_shrink() Lucas Stach (2): drm/imx: imx-ldb: disable LDB on driver bind drm/imx: imx-ldb: check if channel is enabled before printing warning Masami Hiramatsu (1): selftests/ftrace: Add snapshot and tracing_on test case Nicholas Mc Guire (2): drm: re-enable error handling can: mpc5xxx_can: check of_iomap return before use Peter Senna Tschudin (1): tools: usb: ffs-test: Fix build on big endian systems RafaÅ‚ MiÅ‚ecki (1): Revert "MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum" Randy Dunlap (4): usb/phy: fix PPC64 build errors in phy-fsl-usb.c net: prevent ISA drivers from building on PPC32 arc: fix build errors in arc/include/asm/delay.h arc: fix type warnings in arc/mm/cache.c Sean Paul (1): drm/bridge: adv7511: Reset registers on hotplug Shubhrajyoti Datta (1): net: axienet: Fix double deregister of mdio Sudarsana Reddy Kalluru (2): qed: Fix possible race for the link state value. bnx2x: Fix invalid memory access in rss hash config path. Tommi Rantala (1): xfrm: fix missing dst_release() after policy blocking lbcast and multicast Varun Prakash (1): scsi: libiscsi: fix possible NULL pointer dereference in case of TMF Willem de Bruijn (1): packet: refine ring v3 block size test to hold one frame YueHaibing (1): net: caif: Add a missing rcu_read_unlock() in caif_flow_cb jie@chenjie6@huwei.com (1): mm/memory.c: check return value of ioremap_prot mpubbise(a)codeaurora.org (1): mac80211: add stations tied to AP_VLANs during hw reconfig arch/arc/include/asm/delay.h | 3 + arch/arc/mm/cache.c | 7 +- arch/mips/bcm47xx/setup.c | 6 -- arch/mips/include/asm/mipsregs.h | 3 - drivers/gpu/drm/drm_context.c | 2 +- drivers/gpu/drm/i2c/adv7511.c | 12 ++++ drivers/gpu/drm/imx/imx-ldb.c | 9 ++- drivers/i2c/busses/i2c-davinci.c | 8 ++- drivers/net/can/mscan/mpc5xxx_can.c | 5 ++ drivers/net/ethernet/3com/Kconfig | 2 +- drivers/net/ethernet/amd/Kconfig | 4 +- drivers/net/ethernet/atheros/atl1c/atl1c_main.c | 1 + .../net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c | 13 +++- drivers/net/ethernet/cirrus/Kconfig | 1 + drivers/net/ethernet/cisco/enic/enic_main.c | 78 ++++++++-------------- drivers/net/ethernet/qlogic/qed/qed_mcp.c | 1 + drivers/net/ethernet/xilinx/xilinx_axienet_mdio.c | 1 + drivers/net/wan/lmc/lmc_main.c | 2 +- drivers/scsi/fcoe/fcoe_ctlr.c | 4 +- drivers/scsi/libiscsi.c | 12 ++-- drivers/scsi/vmw_pvscsi.c | 11 ++- drivers/staging/media/omap4iss/iss_video.c | 3 +- drivers/usb/gadget/function/f_uac2.c | 20 +++--- drivers/usb/gadget/udc/r8a66597-udc.c | 6 +- drivers/usb/phy/phy-fsl-usb.c | 4 +- fs/cachefiles/namei.c | 1 - fs/cachefiles/rdwr.c | 17 +++-- fs/fscache/operation.c | 6 +- mm/memory.c | 3 + mm/zswap.c | 9 +++ net/caif/caif_dev.c | 4 +- net/dccp/ccids/ccid2.c | 6 +- net/ipv6/ip6_vti.c | 11 +-- net/mac80211/util.c | 3 +- net/netfilter/nf_conntrack_proto_dccp.c | 8 +-- net/packet/af_packet.c | 10 +-- net/wireless/nl80211.c | 1 + net/xfrm/xfrm_policy.c | 3 + net/xfrm/xfrm_user.c | 18 +++-- tools/power/x86/turbostat/turbostat.c | 8 +-- .../selftests/ftrace/test.d/00basic/snapshot.tc | 28 ++++++++ tools/usb/ffs-test.c | 19 +++++- 42 files changed, 232 insertions(+), 141 deletions(-) create mode 100644 tools/testing/selftests/ftrace/test.d/00basic/snapshot.tc -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAluBcWAACgkQ3qZv95d3 LNzUvw/+JXEap2/Xn5LA446o2ugIgmxLj3cHKHrKGBjqntMdAnarbllkHN8cPmhB itp92E8NC6tkWrtuG78pXPI/KqyyfQQ9bdx/pX6ASEqlJVIToDBUv/qDAv9NKB2C Tvs0HjeU058qNZxxArIPDFQu0l8QuWlbSQ19wk5j9nyZYKLNjoK83IxktNA5eEOM UowNygI6SkhcWexcO+QzBheqgsGdk2lbiACuZQP2UfzNoj3B+jmkrjluKJeZHsp9 RC9Tt5iAaHWze6bqetDapqNiiVKamOh4RwFFb2auZSbi0njzHKLvYU/zIhbpBmB/ TWkIyzM7X384wyzDsCCIHi/OVmHPoWCN1cTPL5624qloNIG6VEFUNlB79q1R4htu fH680orPjCiRmavyCml9CA1CR9Qja8TvD9+Hj6LjLP4xxCCV3EGDzE85lYpOYxze EH/JldbaRGjhnxRtok+yKKcy/MoWFTB4BpsRxVrqALDZlV325uh2Eui6ku5vyQug I6CG+SWrjQ8E+BQgLGLEHF8KP6Si38LJMJyavuCTQquxH2uXNR8Z8gHqpX47YXOC gkuXOELTLw6dBxzLUWbv6FmOT7DZxC+swuKmOoXrFa877mIrC8RgFbSDL7MMjq9/ wuC1m/n0QmIIMOoMmZ0RIMwusNkAGOxqNW+DhPB4z7M298r+eHU= =mPDt -----END PGP SIGNATURE-----

7 years, 2 months

2
1
0 0

[GIT PULL] commits for Linux 3.18

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 3.18 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 18e6ee0440a7ab853e4ca0f1403eeef1803ed970: Linux 3.18.119 (2018-08-17 20:54:56 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-3.18-14082018 for you to fetch changes up to a4756ac848473e2142769e029251fa02abac9ef1: mm/memory.c: check return value of ioremap_prot (2018-08-18 10:18:24 -0400) - ---------------------------------------------------------------- for-greg-3.18-14082018 - ---------------------------------------------------------------- Alexey Kodanev (1): dccp: fix undefined behavior with 'cwnd' shift in ccid2_cwnd_restart() Bernd Edlinger (1): nl80211: Add a missing break in parse_station_flags Calvin Walton (1): tools/power turbostat: Read extended processor family from CPUID Colin Ian King (1): drivers: net: lmc: fix case value for target abort error Eric Dumazet (1): xfrm_user: prevent leaking 2 bytes of kernel memory Eugeniu Rosca (1): usb: gadget: f_uac2: fix endianness of 'struct cntrl_*_lay3' Florian Westphal (3): xfrm: free skb if nlsk pointer is NULL netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state atl1c: reserve min skb headroom Govindarajulu Varadarajan (1): enic: handle mtu change for vf properly Guenter Roeck (1): media: staging: omap4iss: Include asm/cacheflush.h after generic includes Jia-Ju Bai (2): usb: gadget: r8a66597: Fix two possible sleep-in-atomic-context bugs in init_controller() usb: gadget: r8a66597: Fix a possible sleep-in-atomic-context bugs in r8a66597_queue() Jim Gill (1): scsi: vmw_pvscsi: Return DID_RESET for status SAM_STAT_COMMAND_TERMINATED Johannes Thumshirn (1): scsi: fcoe: drop frames in ELS LOGO error path Kiran Kumar Modukuri (3): fscache: Allow cancelled operations to be enqueued cachefiles: Fix refcounting bug in backing-file read monitoring cachefiles: Wait rather than BUG'ing on "Unexpected object collision" Len Brown (1): tools/power turbostat: fix -S on UP systems Li Wang (1): zswap: re-check zswap_is_full() after do zswap_shrink() Lucas Stach (2): drm/imx: imx-ldb: disable LDB on driver bind drm/imx: imx-ldb: check if channel is enabled before printing warning Masami Hiramatsu (1): selftests/ftrace: Add snapshot and tracing_on test case Nicholas Mc Guire (2): drm: re-enable error handling can: mpc5xxx_can: check of_iomap return before use Peter Senna Tschudin (1): tools: usb: ffs-test: Fix build on big endian systems RafaÅ‚ MiÅ‚ecki (1): Revert "MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum" Randy Dunlap (3): usb/phy: fix PPC64 build errors in phy-fsl-usb.c arc: fix build errors in arc/include/asm/delay.h arc: fix type warnings in arc/mm/cache.c Shubhrajyoti Datta (1): net: axienet: Fix double deregister of mdio Sudarsana Reddy Kalluru (1): bnx2x: Fix invalid memory access in rss hash config path. Tommi Rantala (1): xfrm: fix missing dst_release() after policy blocking lbcast and multicast Varun Prakash (1): scsi: libiscsi: fix possible NULL pointer dereference in case of TMF Willem de Bruijn (1): packet: refine ring v3 block size test to hold one frame YueHaibing (1): net: caif: Add a missing rcu_read_unlock() in caif_flow_cb jie@chenjie6@huwei.com (1): mm/memory.c: check return value of ioremap_prot mpubbise(a)codeaurora.org (1): mac80211: add stations tied to AP_VLANs during hw reconfig arch/arc/include/asm/delay.h | 3 + arch/arc/mm/cache_arc700.c | 7 +- arch/mips/bcm47xx/setup.c | 6 -- arch/mips/include/asm/mipsregs.h | 3 - drivers/gpu/drm/drm_context.c | 2 +- drivers/net/can/mscan/mpc5xxx_can.c | 5 ++ drivers/net/ethernet/atheros/atl1c/atl1c_main.c | 1 + .../net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c | 13 +++- drivers/net/ethernet/cisco/enic/enic_main.c | 78 ++++++++-------------- drivers/net/ethernet/xilinx/xilinx_axienet_mdio.c | 1 + drivers/net/wan/lmc/lmc_main.c | 2 +- drivers/scsi/fcoe/fcoe_ctlr.c | 4 +- drivers/scsi/libiscsi.c | 12 ++-- drivers/scsi/vmw_pvscsi.c | 11 ++- drivers/staging/imx-drm/imx-ldb.c | 9 ++- drivers/staging/media/omap4iss/iss_video.c | 3 +- drivers/usb/gadget/function/f_uac2.c | 20 +++--- drivers/usb/gadget/udc/r8a66597-udc.c | 6 +- drivers/usb/phy/phy-fsl-usb.c | 4 +- fs/cachefiles/namei.c | 1 - fs/cachefiles/rdwr.c | 17 +++-- fs/fscache/operation.c | 6 +- mm/memory.c | 3 + mm/zswap.c | 9 +++ net/caif/caif_dev.c | 4 +- net/dccp/ccids/ccid2.c | 6 +- net/mac80211/util.c | 3 +- net/netfilter/nf_conntrack_proto_dccp.c | 8 +-- net/packet/af_packet.c | 10 +-- net/wireless/nl80211.c | 1 + net/xfrm/xfrm_policy.c | 3 + net/xfrm/xfrm_user.c | 18 +++-- tools/power/x86/turbostat/turbostat.c | 8 +-- .../selftests/ftrace/test.d/00basic/snapshot.tc | 28 ++++++++ tools/usb/ffs-test.c | 19 +++++- 35 files changed, 203 insertions(+), 131 deletions(-) create mode 100644 tools/testing/selftests/ftrace/test.d/00basic/snapshot.tc -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAluBcWcACgkQ3qZv95d3 LNyyQBAAuR/0/kaIUMqYPIXnnUXjUxhxiJmI5oCxGepVsD0XwATTk+gyu1niajDW dP+V4MjSsdZMtM4h5L52GGWFVNOppZFBd/xCci2nUAS4wmE9jLsTmnKyKWnPoGxo XiEz4OMXfhRCoir69kY3x+CN/F5XOcQJq4+F9RwMMGHFgJJ6fXng6m+UTtkjyFKQ uJaBk4iwtJUCa8yEC+L/5Uuqx7tM9J64J5zG5YxsWvd3LslUuXkE17xiFhoompNM dn/mT8mxY7P+SYb9FcLRoUu0Lz6aL82HW4zd55hlFIREBNaBfXIJOA7wPVo5UwBI HsyqCDBEaJ04gnfqaRo041wbl0CrX599r0sMQri3UUvKVZYFeBQvFYKim7UKdvzB bO1aKR+lOCnwsNIQGqFcgmYZzF4aDNe8xoeROTCC+MW6V++in0W/HALeqyoSW0Ko 74eQWDIXGBuWjM83H94rMeyxuL7L9qnBSA2vGT4YbK10F9X/lxq/MbxtGtKp/APL aLRXfl/NzRJW8AI73ej+eH8Nq3d3W749RYPHihvvv3izfWFyLxjj/0TncaXlPOO3 qVXf9LdHXrF+L9jJk5qpfFQ92xk57ssQXYocCPG/455oizsD8zpWk0WqQ2LMxzlY WJhSRaJjRBucU3mtCUq8fLZRaln91HIGISEPaRAlK5dAN0Tx7FU= =O1lO -----END PGP SIGNATURE-----

7 years, 2 months

2
1
0 0

Your reply

by Ruby

We provide photoshop services to some of the companies from around the world. We have worked on tons of images ever since our team establishment in 2009. Many online retail companies use our services for retouching electronics, jewelry, apparels, furniture etc. by getting the images of their products enhanced. Here are the details of what we provide: Clipping path; Deep etch process Image masking Remove background Portrait retouching Jewelry retouching Fashion retouching Please reply back for further info. We can provide testing for your photos if needed. Thanks, Ruby

7 years, 2 months

1
0
0 0

Linux 4.4.153

by Greg KH

I'm announcing the release of the 4.4.153 kernel. All users of the 4.4 kernel series must upgrade. The updated 4.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.4.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 +- arch/x86/include/asm/mmu_context.h | 3 +-- arch/x86/mm/pageattr.c | 2 +- fs/overlayfs/overlayfs.h | 1 + fs/overlayfs/readdir.c | 37 +++++++++++++++++++++++++++++++++++++ fs/overlayfs/super.c | 20 ++++++++++++++++++++ 6 files changed, 61 insertions(+), 4 deletions(-) Andi Kleen (1): x86/mm/pat: Fix L1TF stable backport for CPA Eric Biggers (1): x86/mm: Fix use-after-free of ldt_struct Greg Kroah-Hartman (1): Linux 4.4.153 Vivek Goyal (3): ovl: Ensure upper filesystem supports d_type ovl: Do d_type check only if work dir creation was successful ovl: warn instead of error if d_type is not supported

7 years, 2 months

1
1
0 0

Linux 3.18.120

by Greg KH

I'm announcing the release of the 3.18.120 kernel. All users of the 3.18 kernel series must upgrade. The updated 3.18.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-3.18.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/boot/dts/am3517.dtsi | 5 + arch/arm/boot/dts/am437x-sk-evm.dts | 2 arch/arm/boot/dts/da850.dtsi | 6 -- arch/arm/configs/imx_v4_v5_defconfig | 2 arch/arm/mach-pxa/irq.c | 4 - arch/arm64/kernel/smp.c | 2 arch/m68k/include/asm/mcf_pgalloc.h | 4 + drivers/dma/k3dma.c | 2 drivers/gpu/drm/armada/armada_hw.h | 1 drivers/gpu/drm/armada/armada_overlay.c | 30 +++++++--- drivers/gpu/drm/exynos/exynos_drm_gsc.c | 29 ++++++--- drivers/gpu/drm/exynos/regs-gsc.h | 1 drivers/isdn/i4l/isdn_common.c | 8 -- drivers/md/raid10.c | 7 ++ drivers/net/ethernet/broadcom/bnx2x/bnx2x.h | 1 drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 6 ++ drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 6 ++ drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 2 drivers/net/ethernet/cisco/enic/enic_clsf.c | 3 - drivers/net/ethernet/cisco/enic/enic_main.c | 3 - drivers/net/ethernet/intel/ixgbe/ixgbe_common.c | 12 +++- drivers/net/ethernet/qlogic/qlcnic/qlcnic_sysfs.c | 2 drivers/net/ethernet/qualcomm/qca_spi.c | 5 + drivers/net/ethernet/ti/davinci_emac.c | 4 + drivers/net/hamradio/bpqether.c | 8 -- drivers/net/usb/rtl8150.c | 2 drivers/net/usb/smsc75xx.c | 62 +++++++++++++++++++++ drivers/net/wireless/brcm80211/brcmfmac/dhd_sdio.c | 7 ++ drivers/pci/hotplug/pci_hotplug_core.c | 9 +++ drivers/staging/android/ion/ion.c | 17 ++++- drivers/tty/serial/8250/8250_dw.c | 2 drivers/usb/dwc2/hcd_intr.c | 3 - drivers/usb/gadget/composite.c | 3 + drivers/usb/serial/sierra.c | 4 - fs/reiserfs/xattr.c | 4 + include/net/af_vsock.h | 4 - include/net/llc.h | 5 + include/net/net_namespace.h | 1 include/net/netns/ipv6.h | 1 kernel/locking/lockdep.c | 12 ++-- kernel/trace/trace.c | 5 + net/bluetooth/sco.c | 3 - net/core/dev.c | 4 - net/dccp/ccids/ccid2.c | 6 +- net/ipv4/netfilter/ip_tables.c | 1 net/ipv4/tcp.c | 4 - net/ipv6/mcast.c | 9 ++- net/ipv6/netfilter/ip6_tables.c | 1 net/ipv6/netfilter/nf_conntrack_reasm.c | 6 +- net/l2tp/l2tp_core.c | 2 net/llc/llc_core.c | 4 - net/netfilter/nf_conntrack_proto_dccp.c | 8 +- net/packet/af_packet.c | 10 ++- net/sched/cls_tcindex.c | 8 +- net/vmw_vsock/af_vsock.c | 15 ++--- net/vmw_vsock/vmci_transport.c | 3 - net/xfrm/xfrm_user.c | 8 +- security/smack/smack_lsm.c | 1 sound/core/memalloc.c | 8 -- sound/core/seq/seq_virmidi.c | 10 +++ sound/pci/cs5535audio/cs5535audio.h | 6 +- sound/pci/cs5535audio/cs5535audio_pcm.c | 4 - sound/pci/vx222/vx222_ops.c | 8 +- sound/pcmcia/vx/vxp_ops.c | 10 +-- tools/perf/arch/powerpc/util/skip-callchain-idx.c | 2 tools/testing/selftests/sync/config | 4 + 67 files changed, 315 insertions(+), 128 deletions(-) Adam Ford (1): ARM: dts: am3517.dtsi: Disable reference to OMAP3 OTG controller Alexander Duyck (1): ixgbe: Be more careful when modifying MAC filters Alexey Kodanev (1): dccp: fix undefined behavior with 'cwnd' shift in ccid2_cwnd_restart() Bartosz Golaszewski (1): net: davinci_emac: match the mdio device against its compatible if possible BingJing Chang (1): md/raid10: fix that replacement cannot complete recovery after reassemble Casey Schaufler (1): Smack: Mark inode instant in smack_task_to_inode Chen Hu (1): serial: 8250_dw: always set baud rate in dw8250_set_termios Chunfeng Yun (1): usb: gadget: composite: fix delayed_status race condition when set_interface Cong Wang (2): llc: use refcount_inc_not_zero() for llc_sap_find() vsock: split dwork to avoid reinitializations Dan Carpenter (2): dmaengine: k3dma: Off by one in k3_of_dma_simple_xlate() qlogic: check kstrtoul() for errors Daniel Mack (2): ARM: dts: am437x: make edt-ft5x06 a wakeup source ARM: pxa: irq: fix handling of ICMR registers in suspend/resume Daniel Rosenberg (1): staging: android: ion: check for kref overflow David Lechner (1): net: usb: rtl8150: demote allmulti message to dev_dbg() Eric Dumazet (2): netfilter: ipv6: nf_defrag: reduce struct net memory waste xfrm_user: prevent leaking 2 bytes of kernel memory Fabio Estevam (1): ARM: imx_v4_v5_defconfig: Select ULPI support Fathi Boudra (1): selftests: sync: add config fragment for testing sync framework Florian Westphal (2): netfilter: x_tables: set module owner for icmp(6) matches netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state Ganesh Goudar (1): cxgb4: when disabling dcb set txq dcb priority to 0 Govindarajulu Varadarajan (1): enic: initialize enic->rfs_h.lock in enic_probe Greg Kroah-Hartman (1): Linux 3.18.120 Greg Ungerer (1): m68k: fix "bad page state" oops on ColdFire boot Hangbin Liu (3): net_sched: Fix missing res info when create new tc_index filter net_sched: fix NULL pointer dereference when delete tcindex filter ipv6: mcast: fix unsolicited report interval after receiving querys Jann Horn (1): reiserfs: fix broken xattr handling (heap corruption, bad retval) John Ogness (1): USB: serial: sierra: fix potential deadlock at close Keerthy (1): ARM: dts: da850: Fix interrups property for gpio Kees Cook (1): isdn: Disable IIOCDBGVAR Li RongQing (1): net: propagate dev_get_valid_name return code Lukas Wunner (1): PCI: hotplug: Don't leak pci_slot on registration failure Marek Szyprowski (1): drm/exynos: gsc: Fix support for NV16/61, YUV420/YVU420 and YUV422 modes Mathieu Malaterre (1): tracing: Use __printf markup to silence compiler Michael Trimarchi (1): brcmfmac: stop watchdog before detach and free everything Randy Dunlap (1): tcp: identify cryptic messages as TCP seq # bugs Russell King (1): drm/armada: fix colorkey mode property Sandipan Das (1): perf report powerpc: Fix crash if callchain is empty Stefan Agner (1): net: hamradio: use eth_broadcast_addr Stefan Wahren (2): net: qca_spi: Avoid packet drop during initial sync net: qca_spi: Make sure the QCA7000 reset is triggered Steven Rostedt (VMware) (1): locking/lockdep: Do not record IRQ state within lockdep code Sudarsana Reddy Kalluru (1): bnx2x: Fix receiving tx-timeout in error or recovery state. Sudip Mukherjee (1): Bluetooth: avoid killing an already killed socket Takashi Iwai (5): ALSA: vx222: Fix invalid endian conversions ALSA: virmidi: Fix too long output trigger loop ALSA: cs5535audio: Fix invalid endian conversion ALSA: memalloc: Don't exceed over the requested size ALSA: vxpocket: Fix invalid endian conversions Wei Wang (1): l2tp: use sk_dst_check() to avoid race on sk->sk_dst_cache Willem de Bruijn (1): packet: refine ring v3 block size test to hold one frame William Wu (1): usb: dwc2: fix isoc split in transfer with no data Yuiko Oshino (1): smsc75xx: Add workaround for gigabit link up hardware errata. Zhizhou Zhang (1): arm64: make secondary_start_kernel() notrace

7 years, 2 months

1
1
0 0

[PATCH] HID: input: fix leaking custom input node name

by Stefan Agner

Make sure to free the custom input node name on disconnect. Cc: stable(a)vger.kernel.org # v4.18+ Fixes: c554bb045511 ("HID: input: append a suffix matching the application") Signed-off-by: Stefan Agner <stefan(a)agner.ch> --- Found with kmemleak, after unplugging a Logitech Unifying receiver: unreferenced object 0xc2345b80 (size 64): comm "kworker/0:1", pid 20, jiffies 4294955181 (age 320.740s) hex dump (first 32 bytes): 4c 6f 67 69 74 65 63 68 20 55 53 42 20 52 65 63 Logitech USB Rec 65 69 76 65 72 20 53 79 73 74 65 6d 20 43 6f 6e eiver System Con backtrace: [<8fec5a71>] __kmalloc_track_caller+0x1dc/0x300 [<5b926275>] kvasprintf+0x60/0xcc [<21fc360f>] kasprintf+0x38/0x54 [<3b6ce9f0>] hidinput_connect+0x23a8/0x4c60 [<deaab707>] hid_connect+0x30c/0x38c [<5a28f7c9>] hid_hw_start+0x44/0x64 [<267d70e8>] hid_generic_probe+0x34/0x38 [<d68c31b1>] hid_device_probe+0xdc/0x13c [<09414e91>] really_probe+0x1d8/0x2c4 [<f9d7157f>] driver_probe_device+0x68/0x184 [<1def17c8>] __device_attach_driver+0xa0/0xd4 [<d3b2081b>] bus_for_each_drv+0x60/0xc0 [<379d02f8>] __device_attach+0xdc/0x144 [<7026ace5>] device_initial_probe+0x14/0x18 [<44527d01>] bus_probe_device+0x90/0x98 [<cf58bf2f>] device_add+0x424/0x62c drivers/hid/hid-input.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/hid/hid-input.c b/drivers/hid/hid-input.c index 4e94ea3e280a..ac201817a2dd 100644 --- a/drivers/hid/hid-input.c +++ b/drivers/hid/hid-input.c @@ -1815,6 +1815,7 @@ void hidinput_disconnect(struct hid_device *hid) input_unregister_device(hidinput->input); else input_free_device(hidinput->input); + kfree(hidinput->name); kfree(hidinput); } -- 2.18.0

7 years, 2 months

2
1
0 0

Editing is it

by Jason

Do you have photos for cutting out,or adding clipping path? We are here to help you for that also including retouching. Both for product photos and portrait photos. Yours, Jason

7 years, 2 months

1
0
0 0

v3.18.120 build: 0 failures 1 warnings (v3.18.120)

by Build bot for Mark Brown

Tree/Branch: v3.18.120 Git describe: v3.18.120 Commit: a5f9be3576 Linux 3.18.120 Build Time: 0 min 1 sec Passed: 7 / 7 (100.00 %) Failed: 0 / 7 ( 0.00 %) Errors: 0 Warnings: 1 Section Mismatches: 0 ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): 7 warnings 0 mismatches : x86_64-allmodconfig 2 warnings 0 mismatches : x86_64-defconfig ------------------------------------------------------------------------------- Warnings Summary: 1 9 ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- x86_64-allmodconfig : PASS, 0 errors, 7 warnings, 0 section mismatches Warnings: ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ------------------------------------------------------------------------------- x86_64-defconfig : PASS, 0 errors, 2 warnings, 0 section mismatches Warnings: ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches: x86_64-allnoconfig arm-multi_v7_defconfig arm-allmodconfig arm-allnoconfig arm-multi_v5_defconfig

7 years, 2 months

1
0
0 0

[PATCH] tty: serial: lpuart: avoid leaking struct tty_struct

by Stefan Agner

The function tty_port_tty_get() gets a reference to the tty. Since the code is not using tty_port_tty_set(), the reference is kept even after closing the tty. Avoid using tty_port_tty_get() by directly access the tty instance. Since lpuart_start_rx_dma() is called from the .startup() and .set_termios() callback, it is safe to assume the tty instance is valid. Cc: stable(a)vger.kernel.org # v4.9+ Fixes: 5887ad43ee02 ("tty: serial: fsl_lpuart: Use cyclic DMA for Rx") Signed-off-by: Stefan Agner <stefan(a)agner.ch> --- This fixes a memory leak observable when opening/closing the tty in a loop. This is also reported by kmemleak: unreferenced object 0xc9d17000 (size 1024): comm "(agetty)", pid 389, jiffies 4294943045 (age 100.670s) hex dump (first 32 bytes): 01 54 00 00 01 00 00 00 00 8c 9b c8 80 58 9b c8 .T...........X.. 48 58 c4 c0 00 00 00 00 00 00 00 00 00 00 00 00 HX.............. backtrace: [<(ptrval)>] kmem_cache_alloc_trace+0x160/0x2b8 [<(ptrval)>] alloc_tty_struct+0x44/0x254 [<(ptrval)>] tty_init_dev+0x44/0x1c8 [<(ptrval)>] tty_open+0x268/0x414 [<(ptrval)>] chrdev_open+0xb4/0x1bc [<(ptrval)>] do_dentry_open+0x1c0/0x388 [<(ptrval)>] vfs_open+0x34/0x38 [<(ptrval)>] path_openat+0x5b0/0x11bc [<(ptrval)>] do_filp_open+0x7c/0xe8 [<(ptrval)>] do_sys_open+0x188/0x20c [<(ptrval)>] sys_openat+0x14/0x18 [<(ptrval)>] ret_fast_syscall+0x0/0x28 [<(ptrval)>] 0xbee0a460 [<(ptrval)>] 0xffffffff I *think* the statement that accessing tty_struct without using tty_port_tty_get is safe in this case is true. It would be good if somebody with more TTY knowledge could review the change. -- Stefan drivers/tty/serial/fsl_lpuart.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/tty/serial/fsl_lpuart.c b/drivers/tty/serial/fsl_lpuart.c index 51e47a63d61a..3f8d1274fc85 100644 --- a/drivers/tty/serial/fsl_lpuart.c +++ b/drivers/tty/serial/fsl_lpuart.c @@ -979,7 +979,8 @@ static inline int lpuart_start_rx_dma(struct lpuart_port *sport) struct circ_buf *ring = &sport->rx_ring; int ret, nent; int bits, baud; - struct tty_struct *tty = tty_port_tty_get(&sport->port.state->port); + struct tty_port *port = &sport->port.state->port; + struct tty_struct *tty = port->tty; struct ktermios *termios = &tty->termios; baud = tty_get_baud_rate(tty); -- 2.18.0

7 years, 2 months

1
0
0 0

[PATCH] xprtrdma: Fix disconnect regression

by Chuck Lever

I found that injecting disconnects with v4.18-rc resulted in random failures of the multi-threaded git regression test. The root cause appears to be that, after a reconnect, the RPC/RDMA transport is waking pending RPCs before the transport has posted enough Receive buffers to receive the Replies. If a Reply arrives before enough Receive buffers are posted, the connection is dropped. A few connection drops happen in quick succession as the client and server struggle to regain credit synchronization. This regression was introduced with commit 7c8d9e7c8863 ("xprtrdma: Move Receive posting to Receive handler"). The client is supposed to post a single Receive when a connection is established because it's not supposed to send more than one RPC Call before it gets a fresh credit grant in the first RPC Reply [RFC 8166, Section 3.3.3]. Unfortunately there appears to be a longstanding bug in the Linux client's credit accounting mechanism. On connect, it simply dumps all pending RPC Calls onto the new connection. It's possible it has done this ever since the RPC/RDMA transport was added to the kernel ten years ago. Servers have so far been tolerant of this bad behavior. Currently no server implementation ever changes its credit grant over reconnects, and servers always repost enough Receives before connections are fully established. The Linux client implementation used to post a Receive before each of these Calls. This has covered up the flooding send behavior. I could try to correct this old bug so that the client sends exactly one RPC Call and waits for a Reply. Since we are so close to the next merge window, I'm going to instead provide a simple patch to post enough Receives before a reconnect completes (based on the number of credits granted to the previous connection). The spurious disconnects will be gone, but the client will still send multiple RPC Calls immediately after a reconnect. Addressing the latter problem will wait for a merge window because a) I expect it to be a large change requiring lots of testing, and b) obviously the Linux client has interoperated successfully since day zero while still being broken. Fixes: 7c8d9e7c8863 ("xprtrdma: Move Receive posting to ... ") Signed-off-by: Chuck Lever <chuck.lever(a)oracle.com> --- net/sunrpc/xprtrdma/verbs.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) Hi stable@ - This fix has been merged into v4.19 as upstream commit 8d4fb8ff427a ("xprtrdma: Fix disconnect regression"). It addresses a regression in v4.18. I expected it to go into late v4.18-rc, which is why there is no "cc: stable" on the original submission. Could you please apply it to 4.18.y ? Thank you! diff --git a/net/sunrpc/xprtrdma/verbs.c b/net/sunrpc/xprtrdma/verbs.c index 042bb24..1386c6e 100644 --- a/net/sunrpc/xprtrdma/verbs.c +++ b/net/sunrpc/xprtrdma/verbs.c @@ -279,7 +279,6 @@ ++xprt->rx_xprt.connect_cookie; connstate = -ECONNABORTED; connected: - xprt->rx_buf.rb_credits = 1; ep->rep_connected = connstate; rpcrdma_conn_func(ep); wake_up_all(&ep->rep_connect_wait); @@ -754,6 +753,7 @@ } ep->rep_connected = 0; + rpcrdma_post_recvs(r_xprt, true); rc = rdma_connect(ia->ri_id, &ep->rep_remote_cma); if (rc) { @@ -772,8 +772,6 @@ dprintk("RPC: %s: connected\n", __func__); - rpcrdma_post_recvs(r_xprt, true); - out: if (rc) ep->rep_connected = rc; @@ -1170,6 +1168,7 @@ struct rpcrdma_req * list_add(&req->rl_list, &buf->rb_send_bufs); } + buf->rb_credits = 1; buf->rb_posted_receives = 0; INIT_LIST_HEAD(&buf->rb_recv_bufs);

7 years, 2 months

2
1
0 0

[PATCH 4.4 0/5] 4.4.153-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.4.153 release. There are 5 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Tue Aug 28 06:40:50 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.153-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.4.153-rc1 Vivek Goyal <vgoyal(a)redhat.com> ovl: warn instead of error if d_type is not supported Vivek Goyal <vgoyal(a)redhat.com> ovl: Do d_type check only if work dir creation was successful Vivek Goyal <vgoyal(a)redhat.com> ovl: Ensure upper filesystem supports d_type Eric Biggers <ebiggers(a)google.com> x86/mm: Fix use-after-free of ldt_struct Andi Kleen <ak(a)linux.intel.com> x86/mm/pat: Fix L1TF stable backport for CPA ------------- Diffstat: Makefile | 4 ++-- arch/x86/include/asm/mmu_context.h | 3 +-- arch/x86/mm/pageattr.c | 2 +- fs/overlayfs/overlayfs.h | 1 + fs/overlayfs/readdir.c | 37 +++++++++++++++++++++++++++++++++++++ fs/overlayfs/super.c | 20 ++++++++++++++++++++ 6 files changed, 62 insertions(+), 5 deletions(-)

7 years, 2 months

4
8
0 0

[PATCH] soc: qcom: rmtfs-mem: Validate that scm is available

by Bjorn Andersson

The scm device must be present in order for the rmtfs driver to configure memory permissions for the rmtfs memory region, so check that it is probed before continuing. Cc: stable(a)vger.kernel.org Fixes: fa65f8045137 ("soc: qcom: rmtfs-mem: Add support for assigning memory to remote") Signed-off-by: Bjorn Andersson <bjorn.andersson(a)linaro.org> --- drivers/soc/qcom/rmtfs_mem.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/soc/qcom/rmtfs_mem.c b/drivers/soc/qcom/rmtfs_mem.c index 8a3678c2e83c..97bb5989aa21 100644 --- a/drivers/soc/qcom/rmtfs_mem.c +++ b/drivers/soc/qcom/rmtfs_mem.c @@ -212,6 +212,11 @@ static int qcom_rmtfs_mem_probe(struct platform_device *pdev) dev_err(&pdev->dev, "failed to parse qcom,vmid\n"); goto remove_cdev; } else if (!ret) { + if (!qcom_scm_is_available()) { + ret = -EPROBE_DEFER; + goto remove_cdev; + } + perms[0].vmid = QCOM_SCM_VMID_HLOS; perms[0].perm = QCOM_SCM_PERM_RW; perms[1].vmid = vmid; -- 2.18.0

7 years, 2 months

1
0
0 0

[PATCH v2] selftests: membarrier: fix test by checking supported commands

by Rafael David Tinoco

Makes membarrier_test compatible with older kernels (LTS) by checking if the membarrier features exist before running the tests. Link: https://bugs.linaro.org/show_bug.cgi?id=3771 Signed-off-by: Rafael David Tinoco <rafael.tinoco(a)linaro.org> Cc: <stable(a)vger.kernel.org> #v4.17 --- .../selftests/membarrier/membarrier_test.c | 71 +++++++++++-------- 1 file changed, 40 insertions(+), 31 deletions(-) diff --git a/tools/testing/selftests/membarrier/membarrier_test.c b/tools/testing/selftests/membarrier/membarrier_test.c index 6793f8ecc8e7..4dc263824bda 100644 --- a/tools/testing/selftests/membarrier/membarrier_test.c +++ b/tools/testing/selftests/membarrier/membarrier_test.c @@ -223,7 +223,7 @@ static int test_membarrier_global_expedited_success(void) return 0; } -static int test_membarrier(void) +static int test_membarrier(int supported) { int status; @@ -236,21 +236,22 @@ static int test_membarrier(void) status = test_membarrier_global_success(); if (status) return status; - status = test_membarrier_private_expedited_fail(); - if (status) - return status; - status = test_membarrier_register_private_expedited_success(); - if (status) - return status; - status = test_membarrier_private_expedited_success(); - if (status) - return status; - status = sys_membarrier(MEMBARRIER_CMD_QUERY, 0); - if (status < 0) { - ksft_test_result_fail("sys_membarrier() failed\n"); - return status; + + /* commit 22e4ebb975822833b083533035233d128b30e98f added this feature */ + if (supported & MEMBARRIER_CMD_PRIVATE_EXPEDITED) { + status = test_membarrier_private_expedited_fail(); + if (status) + return status; + status = test_membarrier_register_private_expedited_success(); + if (status) + return status; + status = test_membarrier_private_expedited_success(); + if (status) + return status; } - if (status & MEMBARRIER_CMD_PRIVATE_EXPEDITED_SYNC_CORE) { + + /* commit 70216e18e519a54a2f13569e8caff99a092a92d6 added this feature */ + if (supported & MEMBARRIER_CMD_PRIVATE_EXPEDITED_SYNC_CORE) { status = test_membarrier_private_expedited_sync_core_fail(); if (status) return status; @@ -261,23 +262,28 @@ static int test_membarrier(void) if (status) return status; } - /* - * It is valid to send a global membarrier from a non-registered - * process. - */ - status = test_membarrier_global_expedited_success(); - if (status) - return status; - status = test_membarrier_register_global_expedited_success(); - if (status) - return status; - status = test_membarrier_global_expedited_success(); - if (status) - return status; + + /* commit c5f58bd58f432be5d92df33c5458e0bcbee3aadf added this feature */ + if (supported & MEMBARRIER_CMD_GLOBAL_EXPEDITED) { + /* + * It is valid to send a global membarrier from a non-registered + * process. + */ + status = test_membarrier_global_expedited_success(); + if (status) + return status; + status = test_membarrier_register_global_expedited_success(); + if (status) + return status; + status = test_membarrier_global_expedited_success(); + if (status) + return status; + } + return 0; } -static int test_membarrier_query(void) +static int test_membarrier_query(int *supported) { int flags = 0, ret; @@ -297,16 +303,19 @@ static int test_membarrier_query(void) ksft_exit_skip( "sys_membarrier unsupported: CMD_GLOBAL not found.\n"); + *supported = ret; ksft_test_result_pass("sys_membarrier available\n"); return 0; } int main(int argc, char **argv) { + int supported; + ksft_print_header(); - test_membarrier_query(); - test_membarrier(); + test_membarrier_query(&supported); + test_membarrier(supported); return ksft_exit_pass(); } -- 2.18.0

7 years, 2 months

2
1
0 0

[char-misc for 4.9 2/2] mei: bus: need to unlink client before freeing

by Tomas Winkler

In case a client fails to connect in mei_cldev_enable(), the caller won't call the mei_cldev_disable leaving the client in a linked stated. Upon driver unload the client structure will be freed in mei_cl_bus_dev_release(), leaving a stale pointer on a fail_list. This will eventually end up in crash during power down flow in mei_cl_set_disonnected(). RIP: mei_cl_set_disconnected+0x5/0x260[mei] Call trace: mei_cl_all_disconnect+0x22/0x30 mei_reset+0x194/0x250 __synchronize_hardirq+0x43/0x50 _cond_resched+0x15/0x30 mei_me_intr_clear+0x20/0x100 mei_stop+0x76/0xb0 mei_me_shutdown+0x3f/0x80 pci_device_shutdown+0x34/0x60 kernel_restart+0x0e/0x30 Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=200455 Fixes: 'c110cdb17148 ("mei: bus: make a client pointer always available")' Cc: <stable(a)vger.kernel.org> 4.10+ Tested-by: Georg Müller <georgmueller(a)gmx.net> Signed-off-by: Tomas Winkler <tomas.winkler(a)intel.com> --- drivers/misc/mei/bus.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/drivers/misc/mei/bus.c b/drivers/misc/mei/bus.c index 13c6c9a2248a..fc3872fe7b25 100644 --- a/drivers/misc/mei/bus.c +++ b/drivers/misc/mei/bus.c @@ -521,17 +521,15 @@ int mei_cldev_enable(struct mei_cl_device *cldev) cl = cldev->cl; + mutex_lock(&bus->device_lock); if (cl->state == MEI_FILE_UNINITIALIZED) { - mutex_lock(&bus->device_lock); ret = mei_cl_link(cl); - mutex_unlock(&bus->device_lock); if (ret) - return ret; + goto out; /* update pointers */ cl->cldev = cldev; } - mutex_lock(&bus->device_lock); if (mei_cl_is_connected(cl)) { ret = 0; goto out; @@ -875,12 +873,13 @@ static void mei_cl_bus_dev_release(struct device *dev) mei_me_cl_put(cldev->me_cl); mei_dev_bus_put(cldev->bus); + mei_cl_unlink(cldev->cl); kfree(cldev->cl); kfree(cldev); } static const struct device_type mei_cl_device_type = { - .release = mei_cl_bus_dev_release, + .release = mei_cl_bus_dev_release, }; /** -- 2.14.4

7 years, 2 months

1
0
0 0

[char-misc for 4.9 1/2] mei: bus: fix hw module get/put balance

by Tomas Winkler

In case the device is not connected it doesn't 'get' hw module and hence should not 'put' it on disable. Cc: <stable(a)vger.kernel.org> 4.16+ Fixes:'commit 257355a44b99 ("mei: make module referencing local to the bus.c")' Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=200455 Tested-by: Georg Müller <georgmueller(a)gmx.net> Signed-off-by: Tomas Winkler <tomas.winkler(a)intel.com> --- drivers/misc/mei/bus.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/misc/mei/bus.c b/drivers/misc/mei/bus.c index 7bba62a72921..13c6c9a2248a 100644 --- a/drivers/misc/mei/bus.c +++ b/drivers/misc/mei/bus.c @@ -616,9 +616,8 @@ int mei_cldev_disable(struct mei_cl_device *cldev) if (err < 0) dev_err(bus->dev, "Could not disconnect from the ME client\n"); -out: mei_cl_bus_module_put(cldev); - +out: /* Flush queues and remove any pending read */ mei_cl_flush_queues(cl, NULL); mei_cl_unlink(cl); -- 2.14.4

7 years, 2 months

1
0
0 0

[PATCH 3.18 00/56] 3.18.120-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 3.18.120 release. There are 56 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Tue Aug 28 06:42:19 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v3.x/stable-review/patch-3.18.120-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-3.18.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 3.18.120-rc1 Jann Horn <jannh(a)google.com> reiserfs: fix broken xattr handling (heap corruption, bad retval) Lukas Wunner <lukas(a)wunner.de> PCI: hotplug: Don't leak pci_slot on registration failure Willem de Bruijn <willemb(a)google.com> packet: refine ring v3 block size test to hold one frame Florian Westphal <fw(a)strlen.de> netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state Eric Dumazet <edumazet(a)google.com> xfrm_user: prevent leaking 2 bytes of kernel memory Daniel Rosenberg <drosen(a)google.com> staging: android: ion: check for kref overflow Randy Dunlap <rdunlap(a)infradead.org> tcp: identify cryptic messages as TCP seq # bugs Stefan Wahren <stefan.wahren(a)i2se.com> net: qca_spi: Make sure the QCA7000 reset is triggered Stefan Wahren <stefan.wahren(a)i2se.com> net: qca_spi: Avoid packet drop during initial sync David Lechner <david(a)lechnology.com> net: usb: rtl8150: demote allmulti message to dev_dbg() Dan Carpenter <dan.carpenter(a)oracle.com> qlogic: check kstrtoul() for errors Alexander Duyck <alexander.h.duyck(a)intel.com> ixgbe: Be more careful when modifying MAC filters Adam Ford <aford173(a)gmail.com> ARM: dts: am3517.dtsi: Disable reference to OMAP3 OTG controller Russell King <rmk+kernel(a)armlinux.org.uk> drm/armada: fix colorkey mode property Daniel Mack <daniel(a)zonque.org> ARM: pxa: irq: fix handling of ICMR registers in suspend/resume Florian Westphal <fw(a)strlen.de> netfilter: x_tables: set module owner for icmp(6) matches Yuiko Oshino <yuiko.oshino(a)microchip.com> smsc75xx: Add workaround for gigabit link up hardware errata. Mathieu Malaterre <malat(a)debian.org> tracing: Use __printf markup to silence compiler Fabio Estevam <fabio.estevam(a)nxp.com> ARM: imx_v4_v5_defconfig: Select ULPI support Greg Ungerer <gerg(a)linux-m68k.org> m68k: fix "bad page state" oops on ColdFire boot Sudarsana Reddy Kalluru <sudarsana.kalluru(a)cavium.com> bnx2x: Fix receiving tx-timeout in error or recovery state. Marek Szyprowski <m.szyprowski(a)samsung.com> drm/exynos: gsc: Fix support for NV16/61, YUV420/YVU420 and YUV422 modes BingJing Chang <bingjingc(a)synology.com> md/raid10: fix that replacement cannot complete recovery after reassemble Dan Carpenter <dan.carpenter(a)oracle.com> dmaengine: k3dma: Off by one in k3_of_dma_simple_xlate() Keerthy <j-keerthy(a)ti.com> ARM: dts: da850: Fix interrups property for gpio Sandipan Das <sandipan(a)linux.ibm.com> perf report powerpc: Fix crash if callchain is empty Daniel Mack <daniel(a)zonque.org> ARM: dts: am437x: make edt-ft5x06 a wakeup source Michael Trimarchi <michael(a)amarulasolutions.com> brcmfmac: stop watchdog before detach and free everything Ganesh Goudar <ganeshgr(a)chelsio.com> cxgb4: when disabling dcb set txq dcb priority to 0 Casey Schaufler <casey(a)schaufler-ca.com> Smack: Mark inode instant in smack_task_to_inode Hangbin Liu <liuhangbin(a)gmail.com> ipv6: mcast: fix unsolicited report interval after receiving querys Steven Rostedt (VMware) <rostedt(a)goodmis.org> locking/lockdep: Do not record IRQ state within lockdep code Bartosz Golaszewski <bgolaszewski(a)baylibre.com> net: davinci_emac: match the mdio device against its compatible if possible Li RongQing <lirongqing(a)baidu.com> net: propagate dev_get_valid_name return code Stefan Agner <stefan(a)agner.ch> net: hamradio: use eth_broadcast_addr Govindarajulu Varadarajan <gvaradar(a)cisco.com> enic: initialize enic->rfs_h.lock in enic_probe Zhizhou Zhang <zhizhouzhang(a)asrmicro.com> arm64: make secondary_start_kernel() notrace Chunfeng Yun <chunfeng.yun(a)mediatek.com> usb: gadget: composite: fix delayed_status race condition when set_interface William Wu <william.wu(a)rock-chips.com> usb: dwc2: fix isoc split in transfer with no data Fathi Boudra <fathi.boudra(a)linaro.org> selftests: sync: add config fragment for testing sync framework Eric Dumazet <edumazet(a)google.com> netfilter: ipv6: nf_defrag: reduce struct net memory waste Kees Cook <keescook(a)chromium.org> isdn: Disable IIOCDBGVAR Sudip Mukherjee <sudipm.mukherjee(a)gmail.com> Bluetooth: avoid killing an already killed socket Chen Hu <hu1.chen(a)intel.com> serial: 8250_dw: always set baud rate in dw8250_set_termios John Ogness <john.ogness(a)linutronix.de> USB: serial: sierra: fix potential deadlock at close Takashi Iwai <tiwai(a)suse.de> ALSA: vxpocket: Fix invalid endian conversions Takashi Iwai <tiwai(a)suse.de> ALSA: memalloc: Don't exceed over the requested size Takashi Iwai <tiwai(a)suse.de> ALSA: cs5535audio: Fix invalid endian conversion Takashi Iwai <tiwai(a)suse.de> ALSA: virmidi: Fix too long output trigger loop Takashi Iwai <tiwai(a)suse.de> ALSA: vx222: Fix invalid endian conversions Cong Wang <xiyou.wangcong(a)gmail.com> vsock: split dwork to avoid reinitializations Hangbin Liu <liuhangbin(a)gmail.com> net_sched: fix NULL pointer dereference when delete tcindex filter Hangbin Liu <liuhangbin(a)gmail.com> net_sched: Fix missing res info when create new tc_index filter Cong Wang <xiyou.wangcong(a)gmail.com> llc: use refcount_inc_not_zero() for llc_sap_find() Wei Wang <weiwan(a)google.com> l2tp: use sk_dst_check() to avoid race on sk->sk_dst_cache Alexey Kodanev <alexey.kodanev(a)oracle.com> dccp: fix undefined behavior with 'cwnd' shift in ccid2_cwnd_restart() ------------- Diffstat: Makefile | 4 +- arch/arm/boot/dts/am3517.dtsi | 5 ++ arch/arm/boot/dts/am437x-sk-evm.dts | 2 + arch/arm/boot/dts/da850.dtsi | 6 +-- arch/arm/configs/imx_v4_v5_defconfig | 2 + arch/arm/mach-pxa/irq.c | 4 +- arch/arm64/kernel/smp.c | 2 +- arch/m68k/include/asm/mcf_pgalloc.h | 4 +- drivers/dma/k3dma.c | 2 +- drivers/gpu/drm/armada/armada_hw.h | 1 + drivers/gpu/drm/armada/armada_overlay.c | 30 ++++++++--- drivers/gpu/drm/exynos/exynos_drm_gsc.c | 29 ++++++---- drivers/gpu/drm/exynos/regs-gsc.h | 1 + drivers/isdn/i4l/isdn_common.c | 8 +-- drivers/md/raid10.c | 7 +++ drivers/net/ethernet/broadcom/bnx2x/bnx2x.h | 1 + drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 6 +++ drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 6 +++ drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 2 +- drivers/net/ethernet/cisco/enic/enic_clsf.c | 3 +- drivers/net/ethernet/cisco/enic/enic_main.c | 3 +- drivers/net/ethernet/intel/ixgbe/ixgbe_common.c | 12 ++++- drivers/net/ethernet/qlogic/qlcnic/qlcnic_sysfs.c | 2 + drivers/net/ethernet/qualcomm/qca_spi.c | 5 +- drivers/net/ethernet/ti/davinci_emac.c | 4 ++ drivers/net/hamradio/bpqether.c | 8 +-- drivers/net/usb/rtl8150.c | 2 +- drivers/net/usb/smsc75xx.c | 62 ++++++++++++++++++++++ drivers/net/wireless/brcm80211/brcmfmac/dhd_sdio.c | 7 +++ drivers/pci/hotplug/pci_hotplug_core.c | 9 ++++ drivers/staging/android/ion/ion.c | 17 ++++-- drivers/tty/serial/8250/8250_dw.c | 2 +- drivers/usb/dwc2/hcd_intr.c | 3 +- drivers/usb/gadget/composite.c | 3 ++ drivers/usb/serial/sierra.c | 4 +- fs/reiserfs/xattr.c | 4 +- include/net/af_vsock.h | 4 +- include/net/llc.h | 5 ++ include/net/net_namespace.h | 1 + include/net/netns/ipv6.h | 1 - kernel/locking/lockdep.c | 12 ++--- kernel/trace/trace.c | 5 ++ net/bluetooth/sco.c | 3 +- net/core/dev.c | 4 +- net/dccp/ccids/ccid2.c | 6 ++- net/ipv4/netfilter/ip_tables.c | 1 + net/ipv4/tcp.c | 4 +- net/ipv6/mcast.c | 9 ++-- net/ipv6/netfilter/ip6_tables.c | 1 + net/ipv6/netfilter/nf_conntrack_reasm.c | 6 +-- net/l2tp/l2tp_core.c | 2 +- net/llc/llc_core.c | 4 +- net/netfilter/nf_conntrack_proto_dccp.c | 8 +-- net/packet/af_packet.c | 10 ++-- net/sched/cls_tcindex.c | 8 ++- net/vmw_vsock/af_vsock.c | 15 +++--- net/vmw_vsock/vmci_transport.c | 3 +- net/xfrm/xfrm_user.c | 8 +-- security/smack/smack_lsm.c | 1 + sound/core/memalloc.c | 8 +-- sound/core/seq/seq_virmidi.c | 10 ++++ sound/pci/cs5535audio/cs5535audio.h | 6 +-- sound/pci/cs5535audio/cs5535audio_pcm.c | 4 +- sound/pci/vx222/vx222_ops.c | 8 +-- sound/pcmcia/vx/vxp_ops.c | 10 ++-- tools/perf/arch/powerpc/util/skip-callchain-idx.c | 2 +- tools/testing/selftests/sync/config | 4 ++ 67 files changed, 316 insertions(+), 129 deletions(-)

7 years, 2 months

4
57
0 0

Re: [PATCH v2 0/2] x86/xen: avoid 32-bit writes to PTEs in PV PAE guests

by Boris Ostrovsky

On 08/21/2018 11:37 AM, Juergen Gross wrote: > While the hypervisor emulates plain writes to PTEs happily, this is > much slower than issuing a hypercall for PTE modifcations. And writing > a PTE via two 32-bit write instructions (especially when clearing the > PTE) will result in an intermediate L1TF vulnerable PTE. > > Writes to PAE PTEs should always be done with 64-bit writes or via > hypercalls. > > Juergen Gross (2): > x86/xen: don't write ptes directly in 32-bit PV guests > x86/pae: use 64 bit atomic xchg function in native_ptep_get_and_clear > > arch/x86/include/asm/pgtable-3level.h | 7 +++---- > arch/x86/xen/mmu_pv.c | 7 +++---- > 2 files changed, 6 insertions(+), 8 deletions(-) > Applied to for-linus-19b. (+stable.) -boris

7 years, 2 months

1
0
0 0

request for 4.14-stable: 98112041bcca ("usb: dwc3: core: Fix ULPI PHYs and prevent phy_get/ulpi_init during suspend/resume")

by Sudip Mukherjee

Hi Greg, This was missing in 4.14-stable. Please apply to your queue. -- Regards Sudip

7 years, 2 months

1
0
0 0

request for 4.14-stable: 01cffe9ded15 ("HID: add quirk for another PIXART OEM mouse used by HP")

by Sudip Mukherjee

Hi Greg, This was missing in 4.14-stable. Please apply to your queue. -- Regards Sudip

7 years, 2 months

1
0
0 0

request for 4.14-stable: 77dd66a3c67c ("mm: Fix devm_memremap_pages() collision handling")

by Sudip Mukherjee

Hi Greg, This was missing in 4.14-stable. Please apply to your queue. -- Regards Sudip

7 years, 2 months

1
0
0 0

[PATCH] ext4: avoid buffer overrun when deleting inline directories

by Theodore Ts'o

A specially crafted file system can trick empty_inline_dir() into reading beyond the bounds of inline directory. Fix this by using the size of the inline directory instead of dir->i_size. Also clean up error reporting in __ext4_check_dir_entry so that the message is clearer and more understandable --- and avoids a potential division by zero trap if the size passed in is zero. (I'm not sure why we coded it that way in the first place; printing offset % size is actually more confusing and less useful.) https://bugzilla.kernel.org/show_bug.cgi?id=200933 Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Reported-by: Wen Xu <wen.xu(a)gatech.edu> Cc: stable(a)vger.kernel.org --- fs/ext4/dir.c | 20 +++++++++----------- fs/ext4/inline.c | 4 +++- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/fs/ext4/dir.c b/fs/ext4/dir.c index e2902d394f1b..f93f9881ec18 100644 --- a/fs/ext4/dir.c +++ b/fs/ext4/dir.c @@ -76,7 +76,7 @@ int __ext4_check_dir_entry(const char *function, unsigned int line, else if (unlikely(rlen < EXT4_DIR_REC_LEN(de->name_len))) error_msg = "rec_len is too small for name_len"; else if (unlikely(((char *) de - buf) + rlen > size)) - error_msg = "directory entry across range"; + error_msg = "directory entry overrun"; else if (unlikely(le32_to_cpu(de->inode) > le32_to_cpu(EXT4_SB(dir->i_sb)->s_es->s_inodes_count))) error_msg = "inode out of bounds"; @@ -85,18 +85,16 @@ int __ext4_check_dir_entry(const char *function, unsigned int line, if (filp) ext4_error_file(filp, function, line, bh->b_blocknr, - "bad entry in directory: %s - offset=%u(%u), " - "inode=%u, rec_len=%d, name_len=%d", - error_msg, (unsigned) (offset % size), - offset, le32_to_cpu(de->inode), - rlen, de->name_len); + "bad entry in directory: %s - offset=%u, " + "inode=%u, rec_len=%d, name_len=%d, size=%d", + error_msg, offset, le32_to_cpu(de->inode), + rlen, de->name_len, size); else ext4_error_inode(dir, function, line, bh->b_blocknr, - "bad entry in directory: %s - offset=%u(%u), " - "inode=%u, rec_len=%d, name_len=%d", - error_msg, (unsigned) (offset % size), - offset, le32_to_cpu(de->inode), - rlen, de->name_len); + "bad entry in directory: %s - offset=%u, " + "inode=%u, rec_len=%d, name_len=%d, size=%d", + error_msg, offset, le32_to_cpu(de->inode), + rlen, de->name_len, size); return 1; } diff --git a/fs/ext4/inline.c b/fs/ext4/inline.c index 3543fe80a3c4..7b4736022761 100644 --- a/fs/ext4/inline.c +++ b/fs/ext4/inline.c @@ -1753,6 +1753,7 @@ bool empty_inline_dir(struct inode *dir, int *has_inline_data) { int err, inline_size; struct ext4_iloc iloc; + size_t inline_len; void *inline_pos; unsigned int offset; struct ext4_dir_entry_2 *de; @@ -1780,8 +1781,9 @@ bool empty_inline_dir(struct inode *dir, int *has_inline_data) goto out; } + inline_len = ext4_get_inline_size(dir); offset = EXT4_INLINE_DOTDOT_SIZE; - while (offset < dir->i_size) { + while (offset < inline_len) { de = ext4_get_inline_entry(dir, &iloc, offset, &inline_pos, &inline_size); if (ext4_check_dir_entry(dir, NULL, de, -- 2.18.0.rc0

7 years, 2 months

1
0
0 0

Managed Service Providers (MSPs)

by page.brooks＠sharedstrikes.com

Hi, I just wanted to check if you would be interested in a list of Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs)? We also have the data intelligence of: • Managed Service Providers (MSP’s) • Managed Security Service Providers (MSSP’s • IT Decision Makers – 6million across all industry • Business Decision Makers – 10 million across all industry • Value Added Resellers- VARs • Independent Software Vendors- ISVs • System Integrators- SIs • VoIP Service Providers. • Telecommunications Service Providers (TSPs) • Application Service Providers (ASPs) • IT Managed Services Providers (ITMSP) • Storage Service Providers (SSPs) Kindly review and let me know if I can share more information on this. I look forward to hearing from you. Regards, Page Brooks Marketing Specialist If you don't want to include yourself in our mailing list, please reply back “Leave Out" in a subject line

7 years, 2 months

1
0
0 0

[PATCH 2/2] x86/kvm: use __decrypted attribute when declaring shared variables

by Brijesh Singh

The following commit: 368a540e0232 (x86/kvmclock: Remove memblock dependency) caused SEV guest regression. When SEV is active, we map the shared variables (wall_clock and hv_clock_boot) with C=0 to ensure that both the guest and the hypervisor is able to access the data. To map the variables we use kernel_physical_mapping_init() to split the large pages, but this routine fails to allocate a new page. Before the above commit, kvmclock initialization was called after memory allocator was available but now its called very early in the boot process. Recently we added a special .data..decrypted section to hold the shared variables. This section is mapped with C=0 very early. Use __decrypted attribute to put the wall_clock and hv_clock_boot in .data..decrypted section so that they are mapped with C=0. Signed-off-by: Brijesh Singh <brijesh.singh(a)amd.com> Fixes: 368a540e0232 ("x86/kvmclock: Remove memblock dependency") Cc: stable(a)vger.kernel.org Cc: Tom Lendacky <thomas.lendacky(a)amd.com> Cc: kvm(a)vger.kernel.org Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Borislav Petkov <bp(a)suse.de> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: linux-kernel(a)vger.kernel.org Cc: Paolo Bonzini <pbonzini(a)redhat.com> Cc: Sean Christopherson <sean.j.christopherson(a)intel.com> Cc: "Radim Krčmář" <rkrcmar(a)redhat.com> --- arch/x86/kernel/kvmclock.c | 26 +++++++++++++++++++++----- 1 file changed, 21 insertions(+), 5 deletions(-) diff --git a/arch/x86/kernel/kvmclock.c b/arch/x86/kernel/kvmclock.c index 1e67646..ae9188a 100644 --- a/arch/x86/kernel/kvmclock.c +++ b/arch/x86/kernel/kvmclock.c @@ -28,6 +28,7 @@ #include <linux/sched/clock.h> #include <linux/mm.h> #include <linux/slab.h> +#include <linux/set_memory.h> #include <asm/hypervisor.h> #include <asm/mem_encrypt.h> @@ -61,8 +62,8 @@ early_param("no-kvmclock-vsyscall", parse_no_kvmclock_vsyscall); (PAGE_SIZE / sizeof(struct pvclock_vsyscall_time_info)) static struct pvclock_vsyscall_time_info - hv_clock_boot[HVC_BOOT_ARRAY_SIZE] __aligned(PAGE_SIZE); -static struct pvclock_wall_clock wall_clock; + hv_clock_boot[HVC_BOOT_ARRAY_SIZE] __decrypted __aligned(PAGE_SIZE); +static struct pvclock_wall_clock wall_clock __decrypted; static DEFINE_PER_CPU(struct pvclock_vsyscall_time_info *, hv_clock_per_cpu); static inline struct pvclock_vcpu_time_info *this_cpu_pvti(void) @@ -267,10 +268,25 @@ static int kvmclock_setup_percpu(unsigned int cpu) return 0; /* Use the static page for the first CPUs, allocate otherwise */ - if (cpu < HVC_BOOT_ARRAY_SIZE) + if (cpu < HVC_BOOT_ARRAY_SIZE) { p = &hv_clock_boot[cpu]; - else - p = kzalloc(sizeof(*p), GFP_KERNEL); + } else { + int rc; + unsigned int sz = sizeof(*p); + + if (sev_active()) + sz = PAGE_ALIGN(sz); + + p = kzalloc(sz, GFP_KERNEL); + + /* When SEV is active the hv_clock need to be mapped as decrypted. */ + if (p && sev_active()) { + rc = set_memory_decrypted((unsigned long)p, sz >> PAGE_SHIFT); + if (rc) + return rc; + memset(p, 0, sz); + } + } per_cpu(hv_clock_per_cpu, cpu) = p; return p ? 0 : -ENOMEM; -- 2.7.4

7 years, 2 months

1
0
0 0

[PATCH v2 9/9] power: supply: twl4030-charger: fix OF sibling-node lookup

by Johan Hovold

Use the new of_get_compatible_child() helper to lookup the usb sibling node instead of using of_find_compatible_node(), which searches the entire tree from a given start node and thus can return an unrelated (non-sibling) node. This also addresses a potential use-after-free (e.g. after probe deferral) as the tree-wide helper drops a reference to its first argument (i.e. the parent device node). While at it, also fix the related phy-node reference leak. Fixes: f5e4edb8c888 ("power: twl4030_charger: find associated phy by more reliable means.") Cc: stable <stable(a)vger.kernel.org> # 4.2 Cc: NeilBrown <neilb(a)suse.de> Cc: Felipe Balbi <felipe.balbi(a)linux.intel.com> Cc: Sebastian Reichel <sre(a)kernel.org> Reviewed-by: Sebastian Reichel <sre(a)kernel.org> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/power/supply/twl4030_charger.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/power/supply/twl4030_charger.c b/drivers/power/supply/twl4030_charger.c index bbcaee56db9d..b6a7d9f74cf3 100644 --- a/drivers/power/supply/twl4030_charger.c +++ b/drivers/power/supply/twl4030_charger.c @@ -996,12 +996,13 @@ static int twl4030_bci_probe(struct platform_device *pdev) if (bci->dev->of_node) { struct device_node *phynode; - phynode = of_find_compatible_node(bci->dev->of_node->parent, - NULL, "ti,twl4030-usb"); + phynode = of_get_compatible_child(bci->dev->of_node->parent, + "ti,twl4030-usb"); if (phynode) { bci->usb_nb.notifier_call = twl4030_bci_usb_ncb; bci->transceiver = devm_usb_get_phy_by_node( bci->dev, phynode, &bci->usb_nb); + of_node_put(phynode); if (IS_ERR(bci->transceiver)) { ret = PTR_ERR(bci->transceiver); if (ret == -EPROBE_DEFER) -- 2.18.0

7 years, 2 months

1
0
0 0

[PATCH v2 8/9] NFC: nfcmrvl_uart: fix OF child-node lookup

by Johan Hovold

Use the new of_get_compatible_child() helper to lookup the nfc child node instead of using of_find_compatible_node(), which searches the entire tree from a given start node and thus can return an unrelated (i.e. non-child) node. This also addresses a potential use-after-free (e.g. after probe deferral) as the tree-wide helper drops a reference to its first argument (i.e. the parent node). Fixes: e097dc624f78 ("NFC: nfcmrvl: add UART driver") Fixes: d8e018c0b321 ("NFC: nfcmrvl: update device tree bindings for Marvell NFC") Cc: stable <stable(a)vger.kernel.org> # 4.2 Cc: Vincent Cuissard <cuissard(a)marvell.com> Cc: Samuel Ortiz <sameo(a)linux.intel.com> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/nfc/nfcmrvl/uart.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/drivers/nfc/nfcmrvl/uart.c b/drivers/nfc/nfcmrvl/uart.c index 91162f8e0366..9a22056e8d9e 100644 --- a/drivers/nfc/nfcmrvl/uart.c +++ b/drivers/nfc/nfcmrvl/uart.c @@ -73,10 +73,9 @@ static int nfcmrvl_uart_parse_dt(struct device_node *node, struct device_node *matched_node; int ret; - matched_node = of_find_compatible_node(node, NULL, "marvell,nfc-uart"); + matched_node = of_get_compatible_child(node, "marvell,nfc-uart"); if (!matched_node) { - matched_node = of_find_compatible_node(node, NULL, - "mrvl,nfc-uart"); + matched_node = of_get_compatible_child(node, "mrvl,nfc-uart"); if (!matched_node) return -ENODEV; } -- 2.18.0

7 years, 2 months

1
0
0 0

[PATCH v2 3/9] drm/msm: fix OF child-node lookup

by Johan Hovold

Use the new of_get_compatible_child() helper to lookup the legacy pwrlevels child node instead of using of_find_compatible_node(), which searches the entire tree from a given start node and thus can return an unrelated (i.e. non-child) node. This also addresses a potential use-after-free (e.g. after probe deferral) as the tree-wide helper drops a reference to its first argument (i.e. the probed device's node). While at it, also fix the related child-node reference leak. Fixes: e2af8b6b0ca1 ("drm/msm: gpu: Use OPP tables if we can") Cc: stable <stable(a)vger.kernel.org> # 4.12 Cc: Jordan Crouse <jcrouse(a)codeaurora.org> Cc: Rob Clark <robdclark(a)gmail.com> Cc: David Airlie <airlied(a)linux.ie> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/gpu/drm/msm/adreno/adreno_gpu.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/msm/adreno/adreno_gpu.c b/drivers/gpu/drm/msm/adreno/adreno_gpu.c index da1363a0c54d..93d70f4a2154 100644 --- a/drivers/gpu/drm/msm/adreno/adreno_gpu.c +++ b/drivers/gpu/drm/msm/adreno/adreno_gpu.c @@ -633,8 +633,7 @@ static int adreno_get_legacy_pwrlevels(struct device *dev) struct device_node *child, *node; int ret; - node = of_find_compatible_node(dev->of_node, NULL, - "qcom,gpu-pwrlevels"); + node = of_get_compatible_child(dev->of_node, "qcom,gpu-pwrlevels"); if (!node) { dev_err(dev, "Could not find the GPU powerlevels\n"); return -ENXIO; @@ -655,6 +654,8 @@ static int adreno_get_legacy_pwrlevels(struct device *dev) dev_pm_opp_add(dev, val, 0); } + of_node_put(node); + return 0; } -- 2.18.0

7 years, 2 months

1
0
0 0

[PATCH v2 2/9] drm/mediatek: fix OF sibling-node lookup

by Johan Hovold

Use the new of_get_compatible_child() helper to lookup the sibling instead of using of_find_compatible_node(), which searches the entire tree from a given start node and thus can return an unrelated (i.e. non-sibling) node. This also addresses a potential use-after-free (e.g. after probe deferral) as the tree-wide helper drops a reference to its first argument (i.e. the parent device node). While at it, also fix the related cec-node reference leak. Fixes: 8f83f26891e1 ("drm/mediatek: Add HDMI support") Cc: stable <stable(a)vger.kernel.org> # 4.8 Cc: Junzhi Zhao <junzhi.zhao(a)mediatek.com> Cc: Philipp Zabel <p.zabel(a)pengutronix.de> Cc: CK Hu <ck.hu(a)mediatek.com> Cc: David Airlie <airlied(a)linux.ie> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/gpu/drm/mediatek/mtk_hdmi.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/mediatek/mtk_hdmi.c b/drivers/gpu/drm/mediatek/mtk_hdmi.c index 2d45d1dd9554..643f5edd68fe 100644 --- a/drivers/gpu/drm/mediatek/mtk_hdmi.c +++ b/drivers/gpu/drm/mediatek/mtk_hdmi.c @@ -1446,8 +1446,7 @@ static int mtk_hdmi_dt_parse_pdata(struct mtk_hdmi *hdmi, } /* The CEC module handles HDMI hotplug detection */ - cec_np = of_find_compatible_node(np->parent, NULL, - "mediatek,mt8173-cec"); + cec_np = of_get_compatible_child(np->parent, "mediatek,mt8173-cec"); if (!cec_np) { dev_err(dev, "Failed to find CEC node\n"); return -EINVAL; @@ -1457,8 +1456,10 @@ static int mtk_hdmi_dt_parse_pdata(struct mtk_hdmi *hdmi, if (!cec_pdev) { dev_err(hdmi->dev, "Waiting for CEC device %pOF\n", cec_np); + of_node_put(cec_np); return -EPROBE_DEFER; } + of_node_put(cec_np); hdmi->cec_dev = &cec_pdev->dev; /* -- 2.18.0

7 years, 2 months

1
0
0 0

[PATCH v3] EDAC, amd64: Add Family 17h Model 10h support.

by Michael Jin

Add new device IDs for family 17h models 10h-2fh. This is required by amd64_edac_mod in order to properly detect PCI device functions 0 and 6. Link: https://lkml.kernel.org/r/20180815114107.29797-1-mikhail.jin@gmail.com Cc: <stable(a)vger.kernel.org> # 4.10.x Signed-off-by: Michael Jin <mikhail.jin(a)gmail.com> --- drivers/edac/amd64_edac.c | 14 ++++++++++++++ drivers/edac/amd64_edac.h | 3 +++ 2 files changed, 17 insertions(+) diff --git a/drivers/edac/amd64_edac.c b/drivers/edac/amd64_edac.c index 18aeabb1d5ee..e2addb2bca29 100644 --- a/drivers/edac/amd64_edac.c +++ b/drivers/edac/amd64_edac.c @@ -2200,6 +2200,15 @@ static struct amd64_family_type family_types[] = { .dbam_to_cs = f17_base_addr_to_cs_size, } }, + [F17_M10H_CPUS] = { + .ctl_name = "F17h_M10h", + .f0_id = PCI_DEVICE_ID_AMD_17H_M10H_DF_F0, + .f6_id = PCI_DEVICE_ID_AMD_17H_M10H_DF_F6, + .ops = { + .early_channel_count = f17_early_channel_count, + .dbam_to_cs = f17_base_addr_to_cs_size, + } + }, }; /* @@ -3188,6 +3197,11 @@ static struct amd64_family_type *per_family_init(struct amd64_pvt *pvt) break; case 0x17: + if (pvt->model >= 0x10 && pvt->model <= 0x2f) { + fam_type = &family_types[F17_M10H_CPUS]; + pvt->ops = &family_types[F17_M10H_CPUS].ops; + break; + } fam_type = &family_types[F17_CPUS]; pvt->ops = &family_types[F17_CPUS].ops; break; diff --git a/drivers/edac/amd64_edac.h b/drivers/edac/amd64_edac.h index 1d4b74e9a037..4242f8e39c18 100644 --- a/drivers/edac/amd64_edac.h +++ b/drivers/edac/amd64_edac.h @@ -115,6 +115,8 @@ #define PCI_DEVICE_ID_AMD_16H_M30H_NB_F2 0x1582 #define PCI_DEVICE_ID_AMD_17H_DF_F0 0x1460 #define PCI_DEVICE_ID_AMD_17H_DF_F6 0x1466 +#define PCI_DEVICE_ID_AMD_17H_M10H_DF_F0 0x15e8 +#define PCI_DEVICE_ID_AMD_17H_M10H_DF_F6 0x15ee /* * Function 1 - Address Map @@ -281,6 +283,7 @@ enum amd_families { F16_CPUS, F16_M30H_CPUS, F17_CPUS, + F17_M10H_CPUS, NUM_FAMILIES, }; -- 2.14.3 (Apple Git-98)

7 years, 2 months

3
4
0 0

Backport e666d4e9ceec crypto: vmx - Use skcipher for ctr fallback

by Petr Vorel

Hi, I wonder, it it makes sense to backport commit e666d4e9ceec crypto: vmx - Use skcipher for ctr fallback to v 4.14 stable kernel. I'm using it in 4.12+. These commits (somehow similar) has been backported to 4.10.2: 5839f555fa57 crypto: vmx - Use skcipher for xts fallback c96d0a1c47ab crypto: vmx - Use skcipher for cbc fallback Kind regards, Petr

7 years, 2 months

3
4
0 0

[PATCH 1/3] drm/i915: Handle incomplete Z_FINISH for compressed error states

by Chris Wilson

The final call to zlib_deflate(Z_FINISH) may require more output space to be allocated and so needs to re-invoked. Failure to do so in the current code leads to incomplete zlib streams (albeit intact due to the use of Z_SYNC_FLUSH) resulting in the occasional short object capture. Testcase: igt/i915-error-capture.js Fixes: 0a97015d45ee ("drm/i915: Compress GPU objects in error state") Signed-off-by: Chris Wilson <chris(a)chris-wilson.co.uk> Cc: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> # v4.10+ --- drivers/gpu/drm/i915/i915_gpu_error.c | 60 +++++++++++++++++++++------ 1 file changed, 47 insertions(+), 13 deletions(-) diff --git a/drivers/gpu/drm/i915/i915_gpu_error.c b/drivers/gpu/drm/i915/i915_gpu_error.c index f7f2aa71d8d9..2eb26ea38d7c 100644 --- a/drivers/gpu/drm/i915/i915_gpu_error.c +++ b/drivers/gpu/drm/i915/i915_gpu_error.c @@ -237,6 +237,7 @@ static int compress_page(struct compress *c, struct drm_i915_error_object *dst) { struct z_stream_s *zstream = &c->zstream; + int flush = Z_NO_FLUSH; zstream->next_in = src; if (c->tmp && i915_memcpy_from_wc(c->tmp, src, PAGE_SIZE)) @@ -257,8 +258,11 @@ static int compress_page(struct compress *c, zstream->avail_out = PAGE_SIZE; } - if (zlib_deflate(zstream, Z_SYNC_FLUSH) != Z_OK) + if (zlib_deflate(zstream, flush) != Z_OK) return -EIO; + + if (zstream->avail_out) + flush = Z_SYNC_FLUSH; } while (zstream->avail_in); /* Fallback to uncompressed if we increase size? */ @@ -268,19 +272,43 @@ static int compress_page(struct compress *c, return 0; } -static void compress_fini(struct compress *c, +static int compress_flush(struct compress *c, struct drm_i915_error_object *dst) { struct z_stream_s *zstream = &c->zstream; + unsigned long page; - if (dst) { - zlib_deflate(zstream, Z_FINISH); - dst->unused = zstream->avail_out; - } + do { + switch (zlib_deflate(zstream, Z_FINISH)) { + case Z_OK: /* more space requested */ + page = __get_free_page(GFP_ATOMIC | __GFP_NOWARN); + if (!page) + return -ENOMEM; + + dst->pages[dst->page_count++] = (void *)page; + zstream->next_out = (void *)page; + zstream->avail_out = PAGE_SIZE; + break; + case Z_STREAM_END: + goto end; + default: /* any error */ + return -EIO; + } + } while (1); + +end: + memset(zstream->next_out, 0, zstream->avail_out); + dst->unused = zstream->avail_out; + return 0; +} + +static void compress_fini(struct compress *c, + struct drm_i915_error_object *dst) +{ + struct z_stream_s *zstream = &c->zstream; zlib_deflateEnd(zstream); kfree(zstream->workspace); - if (c->tmp) free_page((unsigned long)c->tmp); } @@ -319,6 +347,12 @@ static int compress_page(struct compress *c, return 0; } +static int compress_flush(struct compress *c, + struct drm_i915_error_object *dst) +{ + return 0; +} + static void compress_fini(struct compress *c, struct drm_i915_error_object *dst) { @@ -951,15 +985,15 @@ i915_error_object_create(struct drm_i915_private *i915, if (ret) goto unwind; } - goto out; + if (compress_flush(&compress, dst)) { unwind: - while (dst->page_count--) - free_page((unsigned long)dst->pages[dst->page_count]); - kfree(dst); - dst = NULL; + while (dst->page_count--) + free_page((unsigned long)dst->pages[dst->page_count]); + kfree(dst); + dst = NULL; + } -out: compress_fini(&compress, dst); ggtt->vm.clear_range(&ggtt->vm, slot, PAGE_SIZE); return dst; -- 2.18.0

7 years, 2 months

1
0
0 0

request for 4.14-stable: cd8ddbf7a5e2 ("lightnvm: pblk: free padded entries in write buffer")

by Sudip Mukherjee

Hi Greg, This was not marked for stable but seems it should be. Please apply to your queue. -- Regards Sudip

7 years, 2 months

1
0
0 0

request for 4.14-stable: 295d6d5e3736 ("sched/deadline: Fix switching to -deadline")

by Sudip Mukherjee

Hi Greg, This was not marked for stable but seems it should be. Please apply to your queue. -- Regards Sudip

7 years, 2 months

1
0
0 0

Re: Patch "usb: gadget: u_audio: protect stream runtime fields with stream spinlock" has been added to the 4.14-stable tree

by Vladimir Zapolskiy

Hi Greg, On 08/26/2018 10:14 AM, gregkh(a)linuxfoundation.org wrote: > > This is a note to let you know that I've just added the patch titled > > usb: gadget: u_audio: protect stream runtime fields with stream spinlock > > to the 4.14-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > usb-gadget-u_audio-protect-stream-runtime-fields-with-stream-spinlock.patch > and it can be found in the queue-4.14 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > > From foo@baz Sun Aug 26 09:13:00 CEST 2018 > From: Vladimir Zapolskiy <vladimir_zapolskiy(a)mentor.com> > Date: Thu, 21 Jun 2018 17:22:52 +0200 > Subject: usb: gadget: u_audio: protect stream runtime fields with stream spinlock > > From: Vladimir Zapolskiy <vladimir_zapolskiy(a)mentor.com> > > [ Upstream commit 56bc61587daadef67712068f251c4ef2e3932d94 ] > > The change protects almost the whole body of u_audio_iso_complete() > function by PCM stream lock, this is mainly sufficient to avoid a race > between USB request completion and stream termination, the change > prevents a possibility of invalid memory access in interrupt context > by memcpy(): > > Unable to handle kernel paging request at virtual address 00004e80 > pgd = c0004000 > [00004e80] *pgd=00000000 > Internal error: Oops: 817 [#1] PREEMPT SMP ARM > CPU: 0 PID: 3 Comm: ksoftirqd/0 Tainted: G C 3.14.54+ #117 > task: da180b80 ti: da192000 task.ti: da192000 > PC is at memcpy+0x50/0x330 > LR is at 0xcdd92b0e > pc : [<c029ef30>] lr : [<cdd92b0e>] psr: 20000193 > sp : da193ce4 ip : dd86ae26 fp : 0000b180 > r10: daf81680 r9 : 00000000 r8 : d58a01ea > r7 : 2c0b43e4 r6 : acdfb08b r5 : 01a271cf r4 : 87389377 > r3 : 69469782 r2 : 00000020 r1 : daf82fe0 r0 : 00004e80 > Flags: nzCv IRQs off FIQs on Mode SVC_32 ISA ARM Segment kernel > Control: 10c5387d Table: 2b70804a DAC: 00000015 > Process ksoftirqd/0 (pid: 3, stack limit = 0xda192238) > > Also added a check for potential !runtime condition, commonly it is > done by PCM_RUNTIME_CHECK(substream) in the beginning, however this > does not completely prevent from oopses in u_audio_iso_complete(), > because the proper protection scheme must be implemented in PCM > library functions. > > An example of *not fixed* oops due to substream->runtime->* > dereference by snd_pcm_running(substream) from > snd_pcm_period_elapsed(), where substream->runtime is gone while > waiting the substream lock: > > Unable to handle kernel paging request at virtual address 6b6b6b6b > pgd = db7e4000 > [6b6b6b6b] *pgd=00000000 > CPU: 0 PID: 193 Comm: klogd Tainted: G C 3.14.54+ #118 > task: db5ac500 ti: db60c000 task.ti: db60c000 > PC is at snd_pcm_period_elapsed+0x48/0xd8 [snd_pcm] > LR is at snd_pcm_period_elapsed+0x40/0xd8 [snd_pcm] > pc : [<>] lr : [<>] psr: 60000193 > Flags: nZCv IRQs off FIQs on Mode SVC_32 ISA ARM Segment user > Control: 10c5387d Table: 2b7e404a DAC: 00000015 > Process klogd (pid: 193, stack limit = 0xdb60c238) > [<>] (snd_pcm_period_elapsed [snd_pcm]) from [<>] (udc_irq+0x500/0xbbc) > [<>] (udc_irq) from [<>] (ci_irq+0x280/0x304) > [<>] (ci_irq) from [<>] (handle_irq_event_percpu+0xa4/0x40c) > [<>] (handle_irq_event_percpu) from [<>] (handle_irq_event+0x3c/0x5c) > [<>] (handle_irq_event) from [<>] (handle_fasteoi_irq+0xc4/0x110) > [<>] (handle_fasteoi_irq) from [<>] (generic_handle_irq+0x20/0x30) > [<>] (generic_handle_irq) from [<>] (handle_IRQ+0x80/0xc0) > [<>] (handle_IRQ) from [<>] (gic_handle_irq+0x3c/0x60) > [<>] (gic_handle_irq) from [<>] (__irq_svc+0x44/0x78) > > Signed-off-by: Vladimir Zapolskiy <vladimir_zapolskiy(a)mentor.com> > [erosca: W/o this patch, with minimal instrumentation [1], I can > consistently reproduce BUG: KASAN: use-after-free [2]] > > [1] Instrumentation to reproduce issue [2]: > diff --git a/drivers/usb/gadget/function/u_audio.c b/drivers/usb/gadget/function/u_audio.c > index a72295c953bb..bd0b308024fe 100644 > --- a/drivers/usb/gadget/function/u_audio.c > +++ b/drivers/usb/gadget/function/u_audio.c > @@ -16,6 +16,7 @@ > #include <sound/core.h> > #include <sound/pcm.h> > #include <sound/pcm_params.h> > +#include <linux/delay.h> > > #include "u_audio.h" > > @@ -147,6 +148,8 @@ static void u_audio_iso_complete(struct usb_ep *ep, struct usb_request *req) > > spin_unlock_irqrestore(&prm->lock, flags); > > + udelay(500); //delay here to increase probability of parallel activities > + > /* Pack USB load in ALSA ring buffer */ > pending = prm->dma_bytes - hw_ptr; > > [2] After applying [1], below BUG occurs on Rcar-H3-Salvator-X board: > ================================================================== > BUG: KASAN: use-after-free in u_audio_iso_complete+0x24c/0x520 [u_audio] > Read of size 8 at addr ffff8006cafcc248 by task swapper/0/0 > > CPU: 0 PID: 0 Comm: swapper/0 Tainted: G WC 4.14.47+ #160 > Hardware name: Renesas Salvator-X board based on r8a7795 ES2.0+ (DT) > Call trace: > [<ffff2000080925ac>] dump_backtrace+0x0/0x364 > [<ffff200008092924>] show_stack+0x14/0x1c > [<ffff200008f8dbcc>] dump_stack+0x108/0x174 > [<ffff2000083c71b8>] print_address_description+0x7c/0x32c > [<ffff2000083c78e8>] kasan_report+0x324/0x354 > [<ffff2000083c6114>] __asan_load8+0x24/0x94 > [<ffff2000021d1b34>] u_audio_iso_complete+0x24c/0x520 [u_audio] > [<ffff20000152fe50>] usb_gadget_giveback_request+0x480/0x4d0 [udc_core] > [<ffff200001860ab8>] usbhsg_queue_done+0x100/0x130 [renesas_usbhs] > [<ffff20000185f814>] usbhsf_pkt_handler+0x1a4/0x298 [renesas_usbhs] > [<ffff20000185fb38>] usbhsf_irq_ready+0x128/0x178 [renesas_usbhs] > [<ffff200001859cc8>] usbhs_interrupt+0x440/0x490 [renesas_usbhs] > [<ffff2000081a0288>] __handle_irq_event_percpu+0x594/0xa58 > [<ffff2000081a07d0>] handle_irq_event_percpu+0x84/0x12c > [<ffff2000081a0928>] handle_irq_event+0xb0/0x10c > [<ffff2000081a8384>] handle_fasteoi_irq+0x1e0/0x2ec > [<ffff20000819e5f8>] generic_handle_irq+0x2c/0x44 > [<ffff20000819f0d0>] __handle_domain_irq+0x190/0x194 > [<ffff20000808177c>] gic_handle_irq+0x80/0xac > Exception stack(0xffff200009e97c80 to 0xffff200009e97dc0) > 7c80: 0000000000000000 0000000000000000 0000000000000003 ffff200008179298 > 7ca0: ffff20000ae1c180 dfff200000000000 0000000000000000 ffff2000081f9a88 > 7cc0: ffff200009eb5960 ffff200009e97cf0 0000000000001600 ffff0400041b064b > 7ce0: 0000000000000000 0000000000000002 0000000200000001 0000000000000001 > 7d00: ffff20000842197c 0000ffff958c4970 0000000000000000 ffff8006da0d5b80 > 7d20: ffff8006d4678498 0000000000000000 000000126bde0a8b ffff8006d4678480 > 7d40: 0000000000000000 000000126bdbea64 ffff200008fd0000 ffff8006fffff980 > 7d60: 00000000495f0018 ffff200009e97dc0 ffff200008b6c4ec ffff200009e97dc0 > 7d80: ffff200008b6c4f0 0000000020000145 ffff8006da0d5b80 ffff8006d4678498 > 7da0: ffffffffffffffff ffff8006d4678498 ffff200009e97dc0 ffff200008b6c4f0 > [<ffff200008084034>] el1_irq+0xb4/0x12c > [<ffff200008b6c4f0>] cpuidle_enter_state+0x818/0x844 > [<ffff200008b6c59c>] cpuidle_enter+0x18/0x20 > [<ffff20000815f2e4>] call_cpuidle+0x98/0x9c > [<ffff20000815f674>] do_idle+0x214/0x264 > [<ffff20000815facc>] cpu_startup_entry+0x20/0x24 > [<ffff200008fb09d8>] rest_init+0x30c/0x320 > [<ffff2000095f1338>] start_kernel+0x570/0x5b0 > ---<-snip->--- > > Fixes: 132fcb460839 ("usb: gadget: Add Audio Class 2.0 Driver") > Signed-off-by: Eugeniu Rosca <erosca(a)de.adit-jv.com> > > Signed-off-by: Felipe Balbi <felipe.balbi(a)linux.intel.com> > > Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> > Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> > --- > drivers/usb/gadget/function/u_audio.c | 13 ++++++++++++- > 1 file changed, 12 insertions(+), 1 deletion(-) > > --- a/drivers/usb/gadget/function/u_audio.c > +++ b/drivers/usb/gadget/function/u_audio.c > @@ -25,6 +25,7 @@ > #include <sound/core.h> > #include <sound/pcm.h> > #include <sound/pcm_params.h> > +#include <linux/delay.h> > See a comment below... > #include "u_audio.h" > > @@ -88,7 +89,7 @@ static const struct snd_pcm_hardware uac > static void u_audio_iso_complete(struct usb_ep *ep, struct usb_request *req) > { > unsigned pending; > - unsigned long flags; > + unsigned long flags, flags2; > unsigned int hw_ptr; > int status = req->status; > struct uac_req *ur = req->context; > @@ -115,7 +116,14 @@ static void u_audio_iso_complete(struct > if (!substream) > goto exit; > > + snd_pcm_stream_lock_irqsave(substream, flags2); > + > runtime = substream->runtime; > + if (!runtime || !snd_pcm_running(substream)) { > + snd_pcm_stream_unlock_irqrestore(substream, flags2); > + goto exit; > + } > + > spin_lock_irqsave(&prm->lock, flags); > > if (substream->stream == SNDRV_PCM_STREAM_PLAYBACK) { > @@ -146,6 +154,8 @@ static void u_audio_iso_complete(struct > > spin_unlock_irqrestore(&prm->lock, flags); > > + udelay(500); //delay here to increase probability of parallel activities > + ^^^^^ That part of the change came from the commit message, it just describes instrumentation, and adding it to the change itself is wrong. Note that the source commit 56bc61587daad does not have such issue. -- Best wishes, Vladimir

7 years, 2 months

2
1
0 0

request for 4.4-stable: 56656e960b555 ("ovl: rename is_merge to is_lowest")

by SZ Lin (林上智)

Hi Greg, This patch is not marked for 4.4-stable, but it's already in 4.9 and 4.14 stable. This is a trivial rename patch, but the naming would be more logical and makes backports easier. Please consider to apply this patch to 4.4-stable. -- SZ Lin (林上智)

7 years, 2 months

3
3
0 0

[GIT PULL] commits for Linux 4.9

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.9 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit ea101a702611f987c937a5fafe00f714fd9c1fe8: Linux 4.9.122 (2018-08-18 10:47:20 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.9-14082018 for you to fetch changes up to 9e73bb5b6b5317c1a0b3d722e36d306a5f7b5d1e: mm/memory.c: check return value of ioremap_prot (2018-08-18 10:17:02 -0400) - ---------------------------------------------------------------- for-greg-4.9-14082018 - ---------------------------------------------------------------- Aleksander Morgado (1): qmi_wwan: fix interface number for DW5821e production firmware Alexander Sverdlin (1): i2c: davinci: Avoid zero value of CLKH Alexey Kodanev (1): dccp: fix undefined behavior with 'cwnd' shift in ccid2_cwnd_restart() Bernd Edlinger (1): nl80211: Add a missing break in parse_station_flags Calvin Walton (1): tools/power turbostat: Read extended processor family from CPUID Colin Ian King (1): drivers: net: lmc: fix case value for target abort error Cong Wang (1): vsock: split dwork to avoid reinitializations Daniel Borkmann (1): bpf, ppc64: fix unexpected r0=0 exit path inside bpf_xadd Eric Dumazet (1): xfrm_user: prevent leaking 2 bytes of kernel memory Eugeniu Rosca (1): usb: gadget: f_uac2: fix endianness of 'struct cntrl_*_lay3' Eyal Birger (1): vti6: fix PMTU caching and reporting on xmit Florian Westphal (3): xfrm: free skb if nlsk pointer is NULL netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state atl1c: reserve min skb headroom Govindarajulu Varadarajan (1): enic: handle mtu change for vf properly Guenter Roeck (1): media: staging: omap4iss: Include asm/cacheflush.h after generic includes Jia-Ju Bai (2): usb: gadget: r8a66597: Fix two possible sleep-in-atomic-context bugs in init_controller() usb: gadget: r8a66597: Fix a possible sleep-in-atomic-context bugs in r8a66597_queue() Jim Gill (1): scsi: vmw_pvscsi: Return DID_RESET for status SAM_STAT_COMMAND_TERMINATED Johannes Thumshirn (2): scsi: fcoe: drop frames in ELS LOGO error path scsi: fcoe: clear FC_RP_STARTED flags when receiving a LOGO Kees Cook (1): x86/boot: Fix if_changed build flip/flop bug Kiran Kumar Modukuri (3): fscache: Allow cancelled operations to be enqueued cachefiles: Fix refcounting bug in backing-file read monitoring cachefiles: Wait rather than BUG'ing on "Unexpected object collision" Kirill Tkhai (1): memcg: remove memcg_cgroup::id from IDR on mem_cgroup_css_alloc() failure Len Brown (1): tools/power turbostat: fix -S on UP systems Li Wang (1): zswap: re-check zswap_is_full() after do zswap_shrink() Linus Torvalds (1): squashfs metadata 2: electric boogaloo Lucas Stach (2): drm/imx: imx-ldb: disable LDB on driver bind drm/imx: imx-ldb: check if channel is enabled before printing warning Masami Hiramatsu (1): selftests/ftrace: Add snapshot and tracing_on test case Nicholas Mc Guire (2): drm: re-enable error handling can: mpc5xxx_can: check of_iomap return before use Peter Senna Tschudin (1): tools: usb: ffs-test: Fix build on big endian systems Phillip Lougher (1): Squashfs: Compute expected length from inode size rather than block length RafaÅ‚ MiÅ‚ecki (1): Revert "MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum" Randy Dunlap (5): usb/phy: fix PPC64 build errors in phy-fsl-usb.c net: prevent ISA drivers from building on PPC32 arc: [plat-eznps] fix data type errors in platform headers arc: fix build errors in arc/include/asm/delay.h arc: fix type warnings in arc/mm/cache.c Sean Paul (1): drm/bridge: adv7511: Reset registers on hotplug Shubhrajyoti Datta (1): net: axienet: Fix double deregister of mdio Sudarsana Reddy Kalluru (3): qed: Fix possible race for the link state value. qed: Correct Multicast API to reflect existence of 256 approximate buckets. bnx2x: Fix invalid memory access in rss hash config path. Thomas Gleixner (1): perf/x86/amd/ibs: Don't access non-started event Tommi Rantala (1): xfrm: fix missing dst_release() after policy blocking lbcast and multicast Varun Prakash (1): scsi: libiscsi: fix possible NULL pointer dereference in case of TMF Willem de Bruijn (1): packet: refine ring v3 block size test to hold one frame Xin Long (1): ip6_tunnel: use the right value for ipv4 min mtu check in ip6_tnl_xmit YueHaibing (1): net: caif: Add a missing rcu_read_unlock() in caif_flow_cb jie@chenjie6@huwei.com (1): mm/memory.c: check return value of ioremap_prot mpubbise(a)codeaurora.org (1): mac80211: add stations tied to AP_VLANs during hw reconfig arch/arc/include/asm/delay.h | 3 + arch/arc/mm/cache.c | 7 +- arch/arc/plat-eznps/include/plat/ctop.h | 1 + arch/mips/bcm47xx/setup.c | 6 -- arch/mips/include/asm/mipsregs.h | 3 - arch/powerpc/net/bpf_jit_comp64.c | 29 ++------ arch/x86/boot/compressed/Makefile | 8 ++- arch/x86/events/amd/ibs.c | 6 +- drivers/gpu/drm/bridge/adv7511/adv7511_drv.c | 12 ++++ drivers/gpu/drm/drm_context.c | 2 +- drivers/gpu/drm/imx/imx-ldb.c | 9 ++- drivers/i2c/busses/i2c-davinci.c | 8 ++- drivers/net/can/mscan/mpc5xxx_can.c | 5 ++ drivers/net/ethernet/3com/Kconfig | 2 +- drivers/net/ethernet/amd/Kconfig | 4 +- drivers/net/ethernet/atheros/atl1c/atl1c_main.c | 1 + .../net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c | 13 +++- drivers/net/ethernet/cirrus/Kconfig | 1 + drivers/net/ethernet/cisco/enic/enic_main.c | 78 ++++++++-------------- drivers/net/ethernet/qlogic/qed/qed_l2.c | 15 ++--- drivers/net/ethernet/qlogic/qed/qed_l2.h | 2 +- drivers/net/ethernet/qlogic/qed/qed_mcp.c | 1 + drivers/net/ethernet/qlogic/qed/qed_sriov.c | 2 +- drivers/net/ethernet/qlogic/qed/qed_vf.c | 4 +- drivers/net/ethernet/qlogic/qed/qed_vf.h | 7 +- drivers/net/ethernet/xilinx/xilinx_axienet_mdio.c | 1 + drivers/net/usb/qmi_wwan.c | 2 +- drivers/net/wan/lmc/lmc_main.c | 2 +- drivers/scsi/fcoe/fcoe_ctlr.c | 4 +- drivers/scsi/libfc/fc_rport.c | 1 + drivers/scsi/libiscsi.c | 12 ++-- drivers/scsi/vmw_pvscsi.c | 11 ++- drivers/staging/media/omap4iss/iss_video.c | 3 +- drivers/usb/gadget/function/f_uac2.c | 20 +++--- drivers/usb/gadget/udc/r8a66597-udc.c | 6 +- drivers/usb/phy/phy-fsl-usb.c | 4 +- fs/cachefiles/namei.c | 1 - fs/cachefiles/rdwr.c | 17 +++-- fs/fscache/operation.c | 6 +- fs/squashfs/file.c | 50 ++++++++------ fs/squashfs/file_cache.c | 4 +- fs/squashfs/file_direct.c | 24 +++---- fs/squashfs/squashfs.h | 3 +- include/net/af_vsock.h | 4 +- mm/memcontrol.c | 15 +++-- mm/memory.c | 3 + mm/zswap.c | 9 +++ net/caif/caif_dev.c | 4 +- net/dccp/ccids/ccid2.c | 6 +- net/ipv6/ip6_tunnel.c | 8 +-- net/ipv6/ip6_vti.c | 11 +-- net/mac80211/util.c | 3 +- net/netfilter/nf_conntrack_proto_dccp.c | 8 +-- net/packet/af_packet.c | 10 +-- net/vmw_vsock/af_vsock.c | 15 +++-- net/vmw_vsock/vmci_transport.c | 3 +- net/wireless/nl80211.c | 1 + net/xfrm/xfrm_policy.c | 3 + net/xfrm/xfrm_user.c | 18 +++-- tools/power/x86/turbostat/turbostat.c | 8 +-- .../selftests/ftrace/test.d/00basic/snapshot.tc | 28 ++++++++ tools/usb/ffs-test.c | 19 +++++- 62 files changed, 336 insertions(+), 240 deletions(-) create mode 100644 tools/testing/selftests/ftrace/test.d/00basic/snapshot.tc -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAluBcVkACgkQ3qZv95d3 LNw9LhAAhYO1gSH1TU/L3yOt3RFvsIGSWqlDjl746dUkHgxwF0pZeFufDCN4hI8C Oi8iFRum4yScnvrm9Gj6ZMR4fvHjT3i0uixvFB8tyE6MGIOYoHyFd7FDHFLsFK4D UrA43Ow+cIjp+BuWJ/6fp0c9WwdcxDQUjqZS81Tc+FgQMiGLb0JpGLVuI+ftShdz PAdJqp4yg9oNb8xByyC5QDHm6CGC26BR+MJXsY8cmJIBcGihBy4UMZXYb8dasp9w 3qL4zLLBlHWRvH+JJJE0t2i9KrRf1TgfRuuu8f9B5Ey9YyilokpBZ7c9jFRfzLn9 TS+WW6xQqwmgLVp3/F+/r9xw2rCdZStlEPjcuiIU6nrSXf3yg41q50CQd3+gkCEy 1Rb9fWVWkRX/hyUCzCp1TBK++zPjC5DmxAxobvHKWElvdsP57CEV+0hPqyb6F/ve FPiH4u0BfdkToEDvL6mIi12CGcQV5eqW0bJv6OLbetvsGR/ATBzZfIXkm6TpWYri ayOJzIsRVmt3neACIY3iZR8lSoW7Lj4kO1q+iXzUoD5NDJYh3HVDG13cmMu7NzSC 8SLAWGA1N8i8YDTTXePQPd9Y43qRaF9D3mxlN45cDrfIYdt0cFrQ8/tjXukuaGKq Pc+jr4qfByVetWSHc7s+mPEzfHzRhO4lbCa+tZWL2sF7tTYYksw= =eZ0Z -----END PGP SIGNATURE-----

7 years, 2 months

2
1
0 0

[GIT PULL] commits for Linux 4.14

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.14 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 4cea13b66144903ae7310331b43e08f7b2d6aadb: Linux 4.14.65 (2018-08-18 10:48:00 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.14-14082018 for you to fetch changes up to a1145b9daa1f738d7aa941ebc14426db8ea4da5c: mm/memory.c: check return value of ioremap_prot (2018-08-18 10:16:43 -0400) - ---------------------------------------------------------------- for-greg-4.14-14082018 - ---------------------------------------------------------------- Aleksander Morgado (1): qmi_wwan: fix interface number for DW5821e production firmware Alexander Sverdlin (1): i2c: davinci: Avoid zero value of CLKH Alexey Kodanev (1): dccp: fix undefined behavior with 'cwnd' shift in ccid2_cwnd_restart() Benjamin Tissoires (1): gpiolib-acpi: make sure we trigger edge events at least once on boot Bernd Edlinger (1): nl80211: Add a missing break in parse_station_flags Calvin Walton (1): tools/power turbostat: Read extended processor family from CPUID Colin Ian King (1): drivers: net: lmc: fix case value for target abort error Cong Wang (2): vsock: split dwork to avoid reinitializations llc: use refcount_inc_not_zero() for llc_sap_find() Daniel Borkmann (1): bpf, ppc64: fix unexpected r0=0 exit path inside bpf_xadd Davidlohr Bueso (1): ipc/sem.c: prevent queue.status tearing in semop Eric Dumazet (1): xfrm_user: prevent leaking 2 bytes of kernel memory Eugeniu Rosca (3): usb: gadget: f_uac2: fix error handling in afunc_bind (again) usb: gadget: u_audio: fix pcm/card naming in g_audio_setup() usb: gadget: f_uac2: fix endianness of 'struct cntrl_*_lay3' Eugeniy Paltsev (1): ARC: dma [non-IOC] setup SMP_CACHE_BYTES and cache_line_size Eyal Birger (1): vti6: fix PMTU caching and reporting on xmit Faiz Abbas (1): can: m_can: Move accessing of message ram to after clocks are enabled Florian Westphal (5): xfrm: free skb if nlsk pointer is NULL netfilter: nf_tables: fix memory leaks on chain rename netfilter: nf_tables: don't allow to rename to already-pending name netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state atl1c: reserve min skb headroom Govindarajulu Varadarajan (2): enic: handle mtu change for vf properly enic: do not call enic_change_mtu in enic_probe Guenter Roeck (1): media: staging: omap4iss: Include asm/cacheflush.h after generic includes Hailong Liu (1): sched/rt: Restore rt_runtime after disabling RT_RUNTIME_SHARE Hugh Dickins (1): mm: delete historical BUG from zap_pmd_range() Jason Wang (1): vhost: reset metadata cache when initializing new IOTLB Jia-Ju Bai (2): usb: gadget: r8a66597: Fix two possible sleep-in-atomic-context bugs in init_controller() usb: gadget: r8a66597: Fix a possible sleep-in-atomic-context bugs in r8a66597_queue() Jim Gill (1): scsi: vmw_pvscsi: Return DID_RESET for status SAM_STAT_COMMAND_TERMINATED Johannes Thumshirn (3): scsi: fcoe: fix use-after-free in fcoe_ctlr_els_send scsi: fcoe: drop frames in ELS LOGO error path scsi: fcoe: clear FC_RP_STARTED flags when receiving a LOGO John Hurley (1): nfp: flower: fix port metadata conversion bug Josef Bacik (2): nbd: don't requeue the same request twice. nbd: handle unexpected replies better Joshua Frkuska (1): usb: gadget: u_audio: update hw_ptr in iso_complete after data copied Kees Cook (1): x86/boot: Fix if_changed build flip/flop bug Kiran Kumar Modukuri (3): fscache: Allow cancelled operations to be enqueued cachefiles: Fix refcounting bug in backing-file read monitoring cachefiles: Wait rather than BUG'ing on "Unexpected object collision" Kirill Tkhai (1): memcg: remove memcg_cgroup::id from IDR on mem_cgroup_css_alloc() failure Len Brown (1): tools/power turbostat: fix -S on UP systems Li Wang (1): zswap: re-check zswap_is_full() after do zswap_shrink() Linus Torvalds (1): squashfs metadata 2: electric boogaloo Lucas Stach (2): drm/imx: imx-ldb: disable LDB on driver bind drm/imx: imx-ldb: check if channel is enabled before printing warning Masami Hiramatsu (1): selftests/ftrace: Add snapshot and tracing_on test case Nicholas Mc Guire (2): drm: re-enable error handling can: mpc5xxx_can: check of_iomap return before use Ofer Levi (1): ARC: [plat-eznps] Add missing struct nps_host_reg_aux_dpc Peter Rosin (2): locking/rtmutex: Allow specifying a subclass for nested locking i2c/mux, locking/core: Annotate the nested rt_mutex usage Peter Senna Tschudin (1): tools: usb: ffs-test: Fix build on big endian systems Phillip Lougher (1): Squashfs: Compute expected length from inode size rather than block length RafaÅ‚ MiÅ‚ecki (1): Revert "MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum" Randy Dunlap (6): usb/phy: fix PPC64 build errors in phy-fsl-usb.c net: prevent ISA drivers from building on PPC32 arc: [plat-eznps] fix data type errors in platform headers arc: [plat-eznps] fix printk warning in arc/plat-eznps/mtm.c arc: fix build errors in arc/include/asm/delay.h arc: fix type warnings in arc/mm/cache.c Sean Christopherson (1): KVM: vmx: use local variable for current_vmptr when emulating VMPTRST Sean Paul (1): drm/bridge: adv7511: Reset registers on hotplug Shubhrajyoti Datta (1): net: axienet: Fix double deregister of mdio Steven Rostedt (VMware) (1): sparc/time: Add missing __init to init_tick_ops() Sudarsana Reddy Kalluru (4): qed: Fix link flap issue due to mismatching EEE capabilities. qed: Fix possible race for the link state value. qed: Correct Multicast API to reflect existence of 256 approximate buckets. bnx2x: Fix invalid memory access in rss hash config path. Taehee Yoo (2): netfilter: nft_set_hash: add rcu_barrier() in the nft_rhash_destroy() bpf: use GFP_ATOMIC instead of GFP_KERNEL in bpf_parse_prog() Theodore Ts'o (1): ext4: clear mmp sequence number when remounting read-only Thomas Gleixner (1): perf/x86/amd/ibs: Don't access non-started event Thomas Petazzoni (1): sparc: use asm-generic version of msi.h Tommi Rantala (1): xfrm: fix missing dst_release() after policy blocking lbcast and multicast Ursula Braun (1): net/smc: no shutdown in state SMC_LISTEN Varun Prakash (2): scsi: target: iscsi: cxgbit: fix max iso npdu calculation scsi: libiscsi: fix possible NULL pointer dereference in case of TMF Vladimir Zapolskiy (3): usb: gadget: u_audio: remove caching of stream buffer parameters usb: gadget: u_audio: remove cached period bytes value usb: gadget: u_audio: protect stream runtime fields with stream spinlock Willem de Bruijn (1): packet: refine ring v3 block size test to hold one frame Xin Long (1): ip6_tunnel: use the right value for ipv4 min mtu check in ip6_tnl_xmit YueHaibing (1): net: caif: Add a missing rcu_read_unlock() in caif_flow_cb Zhen Lei (1): esp6: fix memleak on error path in esp6_input dann frazier (1): hinic: Link the logical network device to the pci device in sysfs jie@chenjie6@huwei.com (1): mm/memory.c: check return value of ioremap_prot mpubbise(a)codeaurora.org (1): mac80211: add stations tied to AP_VLANs during hw reconfig arch/arc/Kconfig | 3 + arch/arc/include/asm/cache.h | 4 +- arch/arc/include/asm/delay.h | 3 + arch/arc/mm/cache.c | 7 +- arch/arc/plat-eznps/include/plat/ctop.h | 10 +++ arch/arc/plat-eznps/mtm.c | 6 +- arch/mips/bcm47xx/setup.c | 6 -- arch/mips/include/asm/mipsregs.h | 3 - arch/powerpc/net/bpf_jit_comp64.c | 29 ++----- arch/sparc/include/asm/Kbuild | 1 + arch/sparc/kernel/time_64.c | 2 +- arch/x86/boot/compressed/Makefile | 8 +- arch/x86/events/amd/ibs.c | 6 +- arch/x86/kvm/vmx.c | 15 ++-- drivers/block/nbd.c | 96 ++++++++++++++++++---- drivers/gpio/gpiolib-acpi.c | 56 ++++++++++++- drivers/gpu/drm/bridge/adv7511/adv7511_drv.c | 12 +++ drivers/gpu/drm/drm_context.c | 2 +- drivers/gpu/drm/imx/imx-ldb.c | 9 +- drivers/i2c/busses/i2c-davinci.c | 8 +- drivers/i2c/i2c-core-base.c | 2 +- drivers/i2c/i2c-mux.c | 4 +- drivers/net/can/m_can/m_can.c | 7 +- drivers/net/can/mscan/mpc5xxx_can.c | 5 ++ drivers/net/ethernet/3com/Kconfig | 2 +- drivers/net/ethernet/amd/Kconfig | 4 +- drivers/net/ethernet/atheros/atl1c/atl1c_main.c | 1 + .../net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c | 13 ++- drivers/net/ethernet/cirrus/Kconfig | 1 + drivers/net/ethernet/cisco/enic/enic_main.c | 80 +++++++----------- drivers/net/ethernet/huawei/hinic/hinic_main.c | 1 + drivers/net/ethernet/netronome/nfp/flower/main.c | 4 +- drivers/net/ethernet/qlogic/qed/qed_l2.c | 15 ++-- drivers/net/ethernet/qlogic/qed/qed_l2.h | 2 +- drivers/net/ethernet/qlogic/qed/qed_mcp.c | 13 ++- drivers/net/ethernet/qlogic/qed/qed_sriov.c | 2 +- drivers/net/ethernet/qlogic/qed/qed_vf.c | 4 +- drivers/net/ethernet/qlogic/qed/qed_vf.h | 7 +- drivers/net/ethernet/xilinx/xilinx_axienet_mdio.c | 1 + drivers/net/usb/qmi_wwan.c | 2 +- drivers/net/wan/lmc/lmc_main.c | 2 +- drivers/scsi/fcoe/fcoe_ctlr.c | 6 +- drivers/scsi/libfc/fc_rport.c | 1 + drivers/scsi/libiscsi.c | 12 +-- drivers/scsi/vmw_pvscsi.c | 11 ++- drivers/staging/media/omap4iss/iss_video.c | 3 +- drivers/target/iscsi/cxgbit/cxgbit_target.c | 16 ++-- drivers/usb/gadget/function/f_uac2.c | 24 +++--- drivers/usb/gadget/function/u_audio.c | 88 ++++++++------------ drivers/usb/gadget/udc/r8a66597-udc.c | 6 +- drivers/usb/phy/phy-fsl-usb.c | 4 +- drivers/vhost/vhost.c | 9 +- fs/cachefiles/namei.c | 1 - fs/cachefiles/rdwr.c | 17 ++-- fs/ext4/mmp.c | 7 +- fs/ext4/super.c | 2 + fs/fscache/operation.c | 6 +- fs/squashfs/file.c | 50 ++++++----- fs/squashfs/file_cache.c | 4 +- fs/squashfs/file_direct.c | 24 +++--- fs/squashfs/squashfs.h | 3 +- include/linux/rtmutex.h | 7 ++ include/net/af_vsock.h | 4 +- include/net/llc.h | 5 ++ ipc/sem.c | 2 +- kernel/locking/rtmutex.c | 29 ++++++- kernel/sched/rt.c | 2 + mm/memcontrol.c | 15 +++- mm/memory.c | 9 +- mm/zswap.c | 9 ++ net/caif/caif_dev.c | 4 +- net/core/lwt_bpf.c | 2 +- net/dccp/ccids/ccid2.c | 6 +- net/ipv6/esp6.c | 4 +- net/ipv6/ip6_tunnel.c | 8 +- net/ipv6/ip6_vti.c | 11 +-- net/llc/llc_core.c | 4 +- net/mac80211/util.c | 3 +- net/netfilter/nf_conntrack_proto_dccp.c | 8 +- net/netfilter/nf_tables_api.c | 59 ++++++++----- net/netfilter/nft_set_hash.c | 1 + net/packet/af_packet.c | 10 ++- net/smc/af_smc.c | 3 +- net/vmw_vsock/af_vsock.c | 15 ++-- net/vmw_vsock/vmci_transport.c | 3 +- net/wireless/nl80211.c | 1 + net/xfrm/xfrm_policy.c | 3 + net/xfrm/xfrm_user.c | 18 ++-- tools/power/x86/turbostat/turbostat.c | 8 +- .../selftests/ftrace/test.d/00basic/snapshot.tc | 28 +++++++ tools/usb/ffs-test.c | 19 ++++- 91 files changed, 663 insertions(+), 389 deletions(-) create mode 100644 tools/testing/selftests/ftrace/test.d/00basic/snapshot.tc -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAluBcUoACgkQ3qZv95d3 LNypkQ/+JcfYVO/MhrMr3Ipp3bPWoVw+jUJykP0m2EL6SB2eol2iG6Nvkn91Z4Z+ uYIwxkipZrkDiB6ojwThu6W1LXfvHyUwXPfUEerM6RhJnvWbNEL18hGX0TiPJJ2w vvhJj59hxD0hmRcIOZsUIEe0H/aNMNMrw/Ya3v1bpXdqGbtnmu4uDuqiLhY6UmjR 9gBnL047L4n0UVdq+GgbNSDKybTuRUeMiKO55gjfl2PHTsksIbrXsXY5LMpgZ5H9 YZ+t15l3wLgIBu+qGu05u9vbHMiwgFRZGfXHTRnj413DghZJix8mK8MQWpchV684 VE/aFiXnj2CmANAGPaTaakNyyqa0UT280+OQUPCSWrvzCTMFfrxUzT/h/HkrJqf9 PgJHXSOjb3GwVj7BGMcX+SREjk23pJYSwpsEPpq9OAOIlX9+I7ovM6axVxPR0goU Dhvfjb0VbIqsib8WUvZAylkZGhd+IzIjyGEYsiyjwf4tZiWhn+/8B+WKaHlBbXuC 98Fagd/ywH9BexhbmA4w6Q0EpC8WU4vMwZHQluxQmGp33JdiBket7flAl9trr2K8 slWozy4rzUBoa1K1t+wsMNInCqjEqqF93FQdMN9U0s3IXw0IVzicRARTa70fKoog 42Uw8k9Nt0GBuiE/k9ccuIv+NaE8WT9Vm0bI670isofrwP756ks= =pi0Q -----END PGP SIGNATURE-----

7 years, 2 months

2
1
0 0

request for 4.18-stable: 2fa4a32613c9 ("scsi: libsas: dynamically allocate and free ata host")

by Jason Yan

Hi Greg, This patch fixes a bug of libsas and is not in 4.18-stable yet. Please apply to your queue. Thanks -- Jason

7 years, 2 months

2
1
0 0

[PATCH v2] crypto: vmx - Fix sleep-in-atomic bugs

by Ondrej Mosnacek

This patch fixes sleep-in-atomic bugs in AES-CBC and AES-XTS VMX implementations. The problem is that the blkcipher_* functions should not be called in atomic context. The bugs can be reproduced via the AF_ALG interface by trying to encrypt/decrypt sufficiently large buffers (at least 64 KiB) using the VMX implementations of 'cbc(aes)' or 'xts(aes)'. Such operations then trigger BUG in crypto_yield(): [ 891.863680] BUG: sleeping function called from invalid context at include/crypto/algapi.h:424 [ 891.864622] in_atomic(): 1, irqs_disabled(): 0, pid: 12347, name: kcapi-enc [ 891.864739] 1 lock held by kcapi-enc/12347: [ 891.864811] #0: 00000000f5d42c46 (sk_lock-AF_ALG){+.+.}, at: skcipher_recvmsg+0x50/0x530 [ 891.865076] CPU: 5 PID: 12347 Comm: kcapi-enc Not tainted 4.19.0-0.rc0.git3.1.fc30.ppc64le #1 [ 891.865251] Call Trace: [ 891.865340] [c0000003387578c0] [c000000000d67ea4] dump_stack+0xe8/0x164 (unreliable) [ 891.865511] [c000000338757910] [c000000000172a58] ___might_sleep+0x2f8/0x310 [ 891.865679] [c000000338757990] [c0000000006bff74] blkcipher_walk_done+0x374/0x4a0 [ 891.865825] [c0000003387579e0] [d000000007e73e70] p8_aes_cbc_encrypt+0x1c8/0x260 [vmx_crypto] [ 891.865993] [c000000338757ad0] [c0000000006c0ee0] skcipher_encrypt_blkcipher+0x60/0x80 [ 891.866128] [c000000338757b10] [c0000000006ec504] skcipher_recvmsg+0x424/0x530 [ 891.866283] [c000000338757bd0] [c000000000b00654] sock_recvmsg+0x74/0xa0 [ 891.866403] [c000000338757c10] [c000000000b00f64] ___sys_recvmsg+0xf4/0x2f0 [ 891.866515] [c000000338757d90] [c000000000b02bb8] __sys_recvmsg+0x68/0xe0 [ 891.866631] [c000000338757e30] [c00000000000bbe4] system_call+0x5c/0x70 Fixes: 8c755ace357c ("crypto: vmx - Adding CBC routines for VMX module") Fixes: c07f5d3da643 ("crypto: vmx - Adding support for XTS") Cc: stable(a)vger.kernel.org Signed-off-by: Ondrej Mosnacek <omosnace(a)redhat.com> --- Still untested, please test and review if possible. Changes in v2: - fix leaving preemtption, etc. disabled when leaving the function (I switched to the more obvious and less efficient variant for the sake of clarity.) drivers/crypto/vmx/aes_cbc.c | 30 ++++++++++++++---------------- drivers/crypto/vmx/aes_xts.c | 21 ++++++++++++++------- 2 files changed, 28 insertions(+), 23 deletions(-) diff --git a/drivers/crypto/vmx/aes_cbc.c b/drivers/crypto/vmx/aes_cbc.c index 5285ece4f33a..b71895871be3 100644 --- a/drivers/crypto/vmx/aes_cbc.c +++ b/drivers/crypto/vmx/aes_cbc.c @@ -107,24 +107,23 @@ static int p8_aes_cbc_encrypt(struct blkcipher_desc *desc, ret = crypto_skcipher_encrypt(req); skcipher_request_zero(req); } else { - preempt_disable(); - pagefault_disable(); - enable_kernel_vsx(); - blkcipher_walk_init(&walk, dst, src, nbytes); ret = blkcipher_walk_virt(desc, &walk); while ((nbytes = walk.nbytes)) { + preempt_disable(); + pagefault_disable(); + enable_kernel_vsx(); aes_p8_cbc_encrypt(walk.src.virt.addr, walk.dst.virt.addr, nbytes & AES_BLOCK_MASK, &ctx->enc_key, walk.iv, 1); + disable_kernel_vsx(); + pagefault_enable(); + preempt_enable(); + nbytes &= AES_BLOCK_SIZE - 1; ret = blkcipher_walk_done(desc, &walk, nbytes); } - - disable_kernel_vsx(); - pagefault_enable(); - preempt_enable(); } return ret; @@ -147,24 +146,23 @@ static int p8_aes_cbc_decrypt(struct blkcipher_desc *desc, ret = crypto_skcipher_decrypt(req); skcipher_request_zero(req); } else { - preempt_disable(); - pagefault_disable(); - enable_kernel_vsx(); - blkcipher_walk_init(&walk, dst, src, nbytes); ret = blkcipher_walk_virt(desc, &walk); while ((nbytes = walk.nbytes)) { + preempt_disable(); + pagefault_disable(); + enable_kernel_vsx(); aes_p8_cbc_encrypt(walk.src.virt.addr, walk.dst.virt.addr, nbytes & AES_BLOCK_MASK, &ctx->dec_key, walk.iv, 0); + disable_kernel_vsx(); + pagefault_enable(); + preempt_enable(); + nbytes &= AES_BLOCK_SIZE - 1; ret = blkcipher_walk_done(desc, &walk, nbytes); } - - disable_kernel_vsx(); - pagefault_enable(); - preempt_enable(); } return ret; diff --git a/drivers/crypto/vmx/aes_xts.c b/drivers/crypto/vmx/aes_xts.c index 8bd9aff0f55f..e9954a7d4694 100644 --- a/drivers/crypto/vmx/aes_xts.c +++ b/drivers/crypto/vmx/aes_xts.c @@ -116,32 +116,39 @@ static int p8_aes_xts_crypt(struct blkcipher_desc *desc, ret = enc? crypto_skcipher_encrypt(req) : crypto_skcipher_decrypt(req); skcipher_request_zero(req); } else { + blkcipher_walk_init(&walk, dst, src, nbytes); + + ret = blkcipher_walk_virt(desc, &walk); + preempt_disable(); pagefault_disable(); enable_kernel_vsx(); - blkcipher_walk_init(&walk, dst, src, nbytes); - - ret = blkcipher_walk_virt(desc, &walk); iv = walk.iv; memset(tweak, 0, AES_BLOCK_SIZE); aes_p8_encrypt(iv, tweak, &ctx->tweak_key); + disable_kernel_vsx(); + pagefault_enable(); + preempt_enable(); + while ((nbytes = walk.nbytes)) { + preempt_disable(); + pagefault_disable(); + enable_kernel_vsx(); if (enc) aes_p8_xts_encrypt(walk.src.virt.addr, walk.dst.virt.addr, nbytes & AES_BLOCK_MASK, &ctx->enc_key, NULL, tweak); else aes_p8_xts_decrypt(walk.src.virt.addr, walk.dst.virt.addr, nbytes & AES_BLOCK_MASK, &ctx->dec_key, NULL, tweak); + disable_kernel_vsx(); + pagefault_enable(); + preempt_enable(); nbytes &= AES_BLOCK_SIZE - 1; ret = blkcipher_walk_done(desc, &walk, nbytes); } - - disable_kernel_vsx(); - pagefault_enable(); - preempt_enable(); } return ret; } -- 2.17.1

7 years, 2 months

4
5
0 0

Re: stable/linux-4.4.y boot: 124 boots: 3 failed, 117 passed with 2 offline, 1 untried/unknown, 1 conflict (v4.4.151)

by Guillaume Tucker

On 22/08/18 14:51, kernelci.org bot wrote: > stable/linux-4.4.y boot: 124 boots: 3 failed, 117 passed with 2 offline, 1 untried/unknown, 1 conflict (v4.4.151) > > Full Boot Summary: https://kernelci.org/boot/all/job/stable/branch/linux-4.4.y/kernel/v4.4.151/ > Full Build Summary: https://kernelci.org/build/stable/branch/linux-4.4.y/kernel/v4.4.151/ > > Tree: stable > Branch: linux-4.4.y > Git Describe: v4.4.151 > Git Commit: 78f654f6cce3442937b8c7eb4b640357871363c1 > Git URL: http://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git > Tested: 43 unique boards, 20 SoC families, 22 builds out of 191 > > Boot Regressions Detected: [...] > x86: > > defconfig+kvm_guest: > x86-x5-z8350: > lab-mhart: failing since 6 days (last pass: v4.4.147 - first fail: v4.4.148) > > x86_64_defconfig: > x86-x5-z8350: > lab-mhart: failing since 6 days (last pass: v4.4.147 - first fail: v4.4.148) We've had a couple of automated boot bisections pointing at the same commit on an x86 Atom x5-Z8350 platform (AAEON UP-CHT01), please see details below. The issue seems to have started with v4.4.148. Here's the boot details and log showing the issue on v4.4.151: https://kernelci.org/boot/id/5b7d39ea59b514c03796ba9c/ https://storage.kernelci.org/stable/linux-4.4.y/v4.4.151/x86/x86_64_defconf… [ 0.073668] swapper/0: Corrupted page table at address 5b95ef78 [ 0.080286] PGD 272a067 PUD 272d067 PMD 5b8000000e3 [ 0.085847] Bad pagetable: 0009 [#1] SMP Below is the result of the last kernelci.org automated bisection. I haven't done any further investigation, this is merely sharing the results so please take it with a pinch of salt! Hope this helps. Best wishes, Guillaume --------------------------------------8<-------------------------------------- Bisection result for stable/linux-4.4.y (v4.4.151) on x86-x5-z8350 Good: 8404ae6c8c9f Linux 4.4.147 Bad: 78f654f6cce3 Linux 4.4.151 Found: 02ff2769edbc x86/mm/pat: Make set_memory_np() L1TF safe Checks: revert: PASS verify: PASS Parameters: Tree: stable URL: http://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git Branch: linux-4.4.y Target: x86-x5-z8350 Lab: lab-mhart Config: x86_64_defconfig Plan: boot Breaking commit found: ------------------------------------------------------------------------------- commit 02ff2769edbce2261e981effbc3c4b98fae4faf0 Author: Andi Kleen <ak(a)linux.intel.com> Date: Tue Aug 7 15:09:39 2018 -0700 x86/mm/pat: Make set_memory_np() L1TF safe commit 958f79b9ee55dfaf00c8106ed1c22a2919e0028b upstream set_memory_np() is used to mark kernel mappings not present, but it has it's own open coded mechanism which does not have the L1TF protection of inverting the address bits. Replace the open coded PTE manipulation with the L1TF protecting low level PTE routines. Passes the CPA self test. Signed-off-by: Andi Kleen <ak(a)linux.intel.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> [ dwmw2: Pull in pud_mkhuge() from commit a00cc7d9dd, and pfn_pud() ] Signed-off-by: David Woodhouse <dwmw(a)amazon.co.uk> [groeck: port to 4.4] Signed-off-by: Guenter Roeck <linux(a)roeck-us.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h index b5e157c065ae..4de6c282c02a 100644 --- a/arch/x86/include/asm/pgtable.h +++ b/arch/x86/include/asm/pgtable.h @@ -378,12 +378,39 @@ static inline pmd_t pfn_pmd(unsigned long page_nr, pgprot_t pgprot) return __pmd(pfn | massage_pgprot(pgprot)); } +static inline pud_t pfn_pud(unsigned long page_nr, pgprot_t pgprot) +{ + phys_addr_t pfn = page_nr << PAGE_SHIFT; + pfn ^= protnone_mask(pgprot_val(pgprot)); + pfn &= PHYSICAL_PUD_PAGE_MASK; + return __pud(pfn | massage_pgprot(pgprot)); +} + static inline pmd_t pmd_mknotpresent(pmd_t pmd) { return pfn_pmd(pmd_pfn(pmd), __pgprot(pmd_flags(pmd) & ~(_PAGE_PRESENT|_PAGE_PROTNONE))); } +static inline pud_t pud_set_flags(pud_t pud, pudval_t set) +{ + pudval_t v = native_pud_val(pud); + + return __pud(v | set); +} + +static inline pud_t pud_clear_flags(pud_t pud, pudval_t clear) +{ + pudval_t v = native_pud_val(pud); + + return __pud(v & ~clear); +} + +static inline pud_t pud_mkhuge(pud_t pud) +{ + return pud_set_flags(pud, _PAGE_PSE); +} + static inline u64 flip_protnone_guard(u64 oldval, u64 val, u64 mask); static inline pte_t pte_modify(pte_t pte, pgprot_t newprot) diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c index 79377e2a7bcd..27610c2d1821 100644 --- a/arch/x86/mm/pageattr.c +++ b/arch/x86/mm/pageattr.c @@ -1006,8 +1006,8 @@ static int populate_pmd(struct cpa_data *cpa, pmd = pmd_offset(pud, start); - set_pmd(pmd, __pmd(cpa->pfn | _PAGE_PSE | - massage_pgprot(pmd_pgprot))); + set_pmd(pmd, pmd_mkhuge(pfn_pmd(cpa->pfn, + canon_pgprot(pmd_pgprot)))); start += PMD_SIZE; cpa->pfn += PMD_SIZE; @@ -1079,8 +1079,8 @@ static int populate_pud(struct cpa_data *cpa, unsigned long start, pgd_t *pgd, * Map everything starting from the Gb boundary, possibly with 1G pages */ while (end - start >= PUD_SIZE) { - set_pud(pud, __pud(cpa->pfn | _PAGE_PSE | - massage_pgprot(pud_pgprot))); + set_pud(pud, pud_mkhuge(pfn_pud(cpa->pfn, + canon_pgprot(pud_pgprot)))); start += PUD_SIZE; cpa->pfn += PUD_SIZE; ------------------------------------------------------------------------------- Git bisection log: ------------------------------------------------------------------------------- git bisect start # good: [8404ae6c8c9ff23a06cf38112e83002e1088bfe1] Linux 4.4.147 git bisect good 8404ae6c8c9ff23a06cf38112e83002e1088bfe1 # bad: [78f654f6cce3442937b8c7eb4b640357871363c1] Linux 4.4.151 git bisect bad 78f654f6cce3442937b8c7eb4b640357871363c1 # bad: [6b06f36f07e2c91ad0126f17d0fc8f933c827da8] x86/mm/kmmio: Make the tracer robust against L1TF git bisect bad 6b06f36f07e2c91ad0126f17d0fc8f933c827da8 # good: [90a231c63cc28d896ab353b027011a949e9884d3] x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT git bisect good 90a231c63cc28d896ab353b027011a949e9884d3 # good: [9ac0dc7d949db7afd4116d55fa4fcf6a66d820f0] mm: fix cache mode tracking in vm_insert_mixed() git bisect good 9ac0dc7d949db7afd4116d55fa4fcf6a66d820f0 # good: [dc48c1a2f45b628d3128ad4bb31d1bcd342c059d] x86/cpufeatures: Add detection of L1D cache flush support. git bisect good dc48c1a2f45b628d3128ad4bb31d1bcd342c059d # good: [0aae5fe8413dfcd949d0df1c7d6b835efecd5b3b] x86/speculation/l1tf: Invert all not present mappings git bisect good 0aae5fe8413dfcd949d0df1c7d6b835efecd5b3b # bad: [02ff2769edbce2261e981effbc3c4b98fae4faf0] x86/mm/pat: Make set_memory_np() L1TF safe git bisect bad 02ff2769edbce2261e981effbc3c4b98fae4faf0 # good: [9feecdb6cb73feaa55b0135aee8777eaac848c78] x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert git bisect good 9feecdb6cb73feaa55b0135aee8777eaac848c78 # first bad commit: [02ff2769edbce2261e981effbc3c4b98fae4faf0] x86/mm/pat: Make set_memory_np() L1TF safe ------------------------------------------------------------------------------- > For more info write to <info(a)kernelci.org> > > > > _______________________________________________ > Kernel-build-reports mailing list > Kernel-build-reports(a)lists.linaro.org > https://lists.linaro.org/mailman/listinfo/kernel-build-reports >

7 years, 2 months

3
7
0 0

+ mm-hugetlb-filter-out-hugetlb-pages-if-hugepage-migration-is-not-supported.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm/hugetlb: filter out hugetlb pages if HUGEPAGE migration is not supported. has been added to the -mm tree. Its filename is mm-hugetlb-filter-out-hugetlb-pages-if-hugepage-migration-is-not-supported.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/mm-hugetlb-filter-out-hugetlb-page… and later at http://ozlabs.org/~akpm/mmotm/broken-out/mm-hugetlb-filter-out-hugetlb-page… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: "Aneesh Kumar K.V" <aneesh.kumar(a)linux.ibm.com> Subject: mm/hugetlb: filter out hugetlb pages if HUGEPAGE migration is not supported. When scanning for movable pages, filter out Hugetlb pages if hugepage migration is not supported. Without this we hit infinte loop in __offline_pages() where we do pfn = scan_movable_pages(start_pfn, end_pfn); if (pfn) { /* We have movable pages */ ret = do_migrate_range(pfn, end_pfn); goto repeat; } Fix this by checking hugepage_migration_supported both in has_unmovable_pages which is the primary backoff mechanism for page offlining and for consistency reasons also into scan_movable_pages because it doesn't make any sense to return a pfn to non-migrateable huge page. This issue was revealed by, but not caused by 72b39cfc4d75 ("mm, memory_hotplug: do not fail offlining too early"). Link: http://lkml.kernel.org/r/20180824063314.21981-1-aneesh.kumar@linux.ibm.com Fixes: 72b39cfc4d75 ("mm, memory_hotplug: do not fail offlining too early") Signed-off-by: Aneesh Kumar K.V <aneesh.kumar(a)linux.ibm.com> Reported-by: Haren Myneni <haren(a)linux.vnet.ibm.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Reviewed-by: Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memory_hotplug.c | 3 ++- mm/page_alloc.c | 4 ++++ 2 files changed, 6 insertions(+), 1 deletion(-) --- a/mm/memory_hotplug.c~mm-hugetlb-filter-out-hugetlb-pages-if-hugepage-migration-is-not-supported +++ a/mm/memory_hotplug.c @@ -1333,7 +1333,8 @@ static unsigned long scan_movable_pages( if (__PageMovable(page)) return pfn; if (PageHuge(page)) { - if (page_huge_active(page)) + if (hugepage_migration_supported(page_hstate(page)) && + page_huge_active(page)) return pfn; else pfn = round_up(pfn + 1, --- a/mm/page_alloc.c~mm-hugetlb-filter-out-hugetlb-pages-if-hugepage-migration-is-not-supported +++ a/mm/page_alloc.c @@ -7709,6 +7709,10 @@ bool has_unmovable_pages(struct zone *zo * handle each tail page individually in migration. */ if (PageHuge(page)) { + + if (!hugepage_migration_supported(page_hstate(page))) + goto unmovable; + iter = round_up(iter + 1, 1<<compound_order(page)) - 1; continue; } _ Patches currently in -mm which might be from aneesh.kumar(a)linux.ibm.com are mm-hugetlb-filter-out-hugetlb-pages-if-hugepage-migration-is-not-supported.patch

7 years, 2 months

1
0
0 0

How to report kernel panic in 4.4.x

by Matthias B.

Hallo, 4.4.147 is the last kernel of the 4.4.x series that boots for me. All subsequent versions panic on boot. How do I report this bug? If I'm supposed to use https://bugzilla.kernel.org/ I don't know what to fill into the fields. I don't even know if the longterm kernel falls under "Mainline" or some other tree. MSB -- Fun chemistry experiments: Sodium chloride doubles its volume when combined with an equal amount of table salt.

7 years, 2 months

2
10
0 0

kernel-doc patches for 4.18

by Nathan Chancellor

Hi Greg, Arch Linux recently enabled building the kernel documentation in their PKGBUILD, which turned my normally peaceful build into a spamfest of unescaped braces warnings from Perl. These are fixed upstream with the following two patches: 701b3a3c0ac4 ("PATCH scripts/kernel-doc") 673bb2dfc364 ("scripts/kernel-doc: Escape all literal braces in regexes") Could they please be applied to 4.18? They should be clean cherry-picks. Thanks! Nathan

7 years, 2 months

3
2
0 0

Current LTS and their EOL

by Rodrigo Vivi

Hi Greg, Ben, and all Is https://www.kernel.org/category/releases.html updated in terms of EOL? Some news out of Linaro conference [2] generated a lot of doubts and questions around. Specially because on the way it was stated by the news 3.16 wouldn't be active anymore. So I'm not sure about the news, but I'd like confirmation from you about expected EOL. [2] https://itsfoss.com/linux-lts-kernel-six-years/ Thanks in advance, Rodrigo.

7 years, 2 months

4
4
0 0

[PATCH v2] avoid race condition between start_xmit and cm_rep_handler

by Aaron Knister

Inside of start_xmit() the call to check if the connection is up and the queueing of the packets for later transmission is not atomic which leaves a window where cm_rep_handler can run, set the connection up, dequeue pending packets and leave the subsequently queued packets by start_xmit() sitting on neigh->queue until they're dropped when the connection is torn down. This only applies to connected mode. These dropped packets can really upset TCP, for example, and cause multi-minute delays in transmission for open connections. Here's the code in start_xmit where we check to see if the connection is up: if (ipoib_cm_get(neigh)) { if (ipoib_cm_up(neigh)) { ipoib_cm_send(dev, skb, ipoib_cm_get(neigh)); goto unref; } } The race occurs if cm_rep_handler execution occurs after the above connection check (specifically if it gets to the point where it acquires priv->lock to dequeue pending skb's) but before the below code snippet in start_xmit where packets are queued. if (skb_queue_len(&neigh->queue) < IPOIB_MAX_PATH_REC_QUEUE) { push_pseudo_header(skb, phdr->hwaddr); spin_lock_irqsave(&priv->lock, flags); __skb_queue_tail(&neigh->queue, skb); spin_unlock_irqrestore(&priv->lock, flags); } else { ++dev->stats.tx_dropped; dev_kfree_skb_any(skb); } The patch re-checks ipoib_cm_up with priv->lock held to avoid this race condition. Since odds are the conn should be up most of the time (and thus the connection *not* down most of the time) we don't hold the lock for the first check attempt to avoid a slowdown from unecessary locking for the majority of the packets transmitted during the connection's life. Signed-off-by: Aaron Knister <aaron.s.knister(a)nasa.gov> --- drivers/infiniband/ulp/ipoib/ipoib_main.c | 46 ++++++++++++++++++++++++++----- 1 file changed, 39 insertions(+), 7 deletions(-) diff --git a/drivers/infiniband/ulp/ipoib/ipoib_main.c b/drivers/infiniband/ulp/ipoib/ipoib_main.c index 26cde95b..a950c916 100644 --- a/drivers/infiniband/ulp/ipoib/ipoib_main.c +++ b/drivers/infiniband/ulp/ipoib/ipoib_main.c @@ -1093,6 +1093,21 @@ static void unicast_arp_send(struct sk_buff *skb, struct net_device *dev, spin_unlock_irqrestore(&priv->lock, flags); } +static bool defer_neigh_skb(struct sk_buff *skb, + struct net_device *dev, + struct ipoib_neigh *neigh, + struct ipoib_pseudo_header *phdr) +{ + if (skb_queue_len(&neigh->queue) < IPOIB_MAX_PATH_REC_QUEUE) { + push_pseudo_header(skb, phdr->hwaddr); + __skb_queue_tail(&neigh->queue, skb); + return true; + } + + return false; +} + + static netdev_tx_t ipoib_start_xmit(struct sk_buff *skb, struct net_device *dev) { struct ipoib_dev_priv *priv = ipoib_priv(dev); @@ -1101,6 +1116,7 @@ static netdev_tx_t ipoib_start_xmit(struct sk_buff *skb, struct net_device *dev) struct ipoib_pseudo_header *phdr; struct ipoib_header *header; unsigned long flags; + bool deferred_pkt = true; phdr = (struct ipoib_pseudo_header *) skb->data; skb_pull(skb, sizeof(*phdr)); @@ -1160,6 +1176,23 @@ static netdev_tx_t ipoib_start_xmit(struct sk_buff *skb, struct net_device *dev) ipoib_cm_send(dev, skb, ipoib_cm_get(neigh)); goto unref; } + /* + * Re-check ipoib_cm_up with priv->lock held to avoid + * race condition between start_xmit and skb_dequeue in + * cm_rep_handler. Since odds are the conn should be up + * most of the time, we don't hold the lock for the + * first check above + */ + spin_lock_irqsave(&priv->lock, flags); + if (ipoib_cm_up(neigh)) { + spin_unlock_irqrestore(&priv->lock, flags); + ipoib_cm_send(dev, skb, ipoib_cm_get(neigh)); + } else { + deferred_pkt = defer_neigh_skb(skb, dev, neigh, phdr); + spin_unlock_irqrestore(&priv->lock, flags); + } + + goto unref; } else if (neigh->ah && neigh->ah->valid) { neigh->ah->last_send = rn->send(dev, skb, neigh->ah->ah, IPOIB_QPN(phdr->hwaddr)); @@ -1168,17 +1201,16 @@ static netdev_tx_t ipoib_start_xmit(struct sk_buff *skb, struct net_device *dev) neigh_refresh_path(neigh, phdr->hwaddr, dev); } - if (skb_queue_len(&neigh->queue) < IPOIB_MAX_PATH_REC_QUEUE) { - push_pseudo_header(skb, phdr->hwaddr); - spin_lock_irqsave(&priv->lock, flags); - __skb_queue_tail(&neigh->queue, skb); - spin_unlock_irqrestore(&priv->lock, flags); - } else { + spin_lock_irqsave(&priv->lock, flags); + deferred_pkt = defer_neigh_skb(skb, dev, neigh, phdr); + spin_unlock_irqrestore(&priv->lock, flags); + +unref: + if (!deferred_pkt) { ++dev->stats.tx_dropped; dev_kfree_skb_any(skb); } -unref: ipoib_neigh_put(neigh); return NETDEV_TX_OK; -- 2.12.3

7 years, 2 months

6
10
0 0

Linux 4.4.152

by Greg KH

I'm announcing the release of the 4.4.152 kernel. All users of the 4.4 kernel series must upgrade. The updated 4.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.4.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arc/Makefile | 15 --- arch/arc/include/asm/mach_desc.h | 2 arch/arc/kernel/irq.c | 2 arch/arm/boot/dts/am3517.dtsi | 5 + arch/arm/boot/dts/am437x-sk-evm.dts | 2 arch/arm/boot/dts/bcm-cygnus.dtsi | 4 - arch/arm/boot/dts/da850.dtsi | 6 - arch/arm/configs/imx_v4_v5_defconfig | 2 arch/arm/configs/imx_v6_v7_defconfig | 2 arch/arm/mach-pxa/irq.c | 4 - arch/arm/mm/init.c | 9 ++ arch/arm64/kernel/smp.c | 2 arch/m68k/include/asm/mcf_pgalloc.h | 4 - arch/parisc/include/asm/spinlock.h | 8 -- arch/parisc/kernel/syscall.S | 24 +++--- drivers/dma/k3dma.c | 2 drivers/gpu/drm/armada/armada_hw.h | 1 drivers/gpu/drm/armada/armada_overlay.c | 30 +++++-- drivers/gpu/drm/exynos/exynos5433_drm_decon.c | 6 - drivers/gpu/drm/exynos/exynos_drm_gsc.c | 29 +++++-- drivers/gpu/drm/exynos/regs-gsc.h | 1 drivers/gpu/drm/nouveau/nouveau_gem.c | 4 - drivers/hid/wacom_wac.c | 10 ++ drivers/i2c/busses/i2c-imx.c | 8 +- drivers/md/raid10.c | 7 + drivers/net/ethernet/broadcom/bnx2x/bnx2x.h | 1 drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 6 + drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 6 + drivers/net/ethernet/broadcom/bnxt/bnxt.c | 4 - drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 2 drivers/net/ethernet/cisco/enic/enic_clsf.c | 3 drivers/net/ethernet/cisco/enic/enic_main.c | 3 drivers/net/ethernet/intel/ixgbe/ixgbe_common.c | 12 ++- drivers/net/ethernet/qlogic/qed/qed_main.c | 12 ++- drivers/net/ethernet/qlogic/qlcnic/qlcnic_sysfs.c | 2 drivers/net/ethernet/qualcomm/qca_spi.c | 21 +++-- drivers/net/ethernet/ti/davinci_emac.c | 4 + drivers/net/hamradio/bpqether.c | 8 -- drivers/net/ieee802154/at86rf230.c | 15 +-- drivers/net/ieee802154/fakelb.c | 2 drivers/net/usb/rtl8150.c | 2 drivers/net/usb/smsc75xx.c | 62 ++++++++++++++++ drivers/net/wireless/brcm80211/brcmfmac/sdio.c | 7 + drivers/pci/hotplug/pci_hotplug_core.c | 9 ++ drivers/pci/hotplug/pciehp.h | 1 drivers/pci/hotplug/pciehp_core.c | 7 + drivers/pci/hotplug/pciehp_hpc.c | 5 - drivers/pci/probe.c | 4 + drivers/scsi/xen-scsifront.c | 33 ++++++-- drivers/staging/android/ion/ion.c | 17 +++- drivers/usb/dwc2/gadget.c | 7 + drivers/usb/dwc2/hcd_intr.c | 3 drivers/usb/gadget/composite.c | 3 drivers/usb/host/xhci.c | 7 + fs/ext4/mballoc.c | 4 - fs/reiserfs/xattr.c | 4 - include/linux/fsl/guts.h | 1 include/net/net_namespace.h | 1 include/net/netns/ipv6.h | 1 include/net/tcp.h | 2 kernel/locking/lockdep.c | 12 +-- kernel/trace/trace.c | 5 + mm/kasan/kasan.c | 5 - net/bridge/br_if.c | 11 ++ net/core/dev.c | 4 - net/ipv4/netfilter/ip_tables.c | 1 net/ipv4/tcp.c | 4 - net/ipv4/tcp_dctcp.c | 25 ------ net/ipv4/tcp_output.c | 4 - net/ipv6/mcast.c | 9 +- net/ipv6/netfilter/ip6_tables.c | 1 net/ipv6/netfilter/nf_conntrack_reasm.c | 6 - net/netfilter/nf_conntrack_proto_dccp.c | 8 +- net/packet/af_packet.c | 12 ++- net/xfrm/xfrm_user.c | 8 +- security/smack/smack_lsm.c | 1 tools/perf/arch/powerpc/util/skip-callchain-idx.c | 2 tools/perf/tests/topology.c | 1 tools/perf/util/llvm-utils.c | 6 - tools/testing/selftests/pstore/pstore_post_reboot_tests | 5 + tools/testing/selftests/static_keys/test_static_keys.sh | 13 +++ tools/testing/selftests/sync/config | 4 + tools/testing/selftests/user/test_user_copy.sh | 7 + tools/testing/selftests/x86/sigreturn.c | 46 +++++++---- tools/testing/selftests/zram/zram.sh | 5 + tools/testing/selftests/zram/zram_lib.sh | 5 + virt/kvm/eventfd.c | 11 +- 88 files changed, 471 insertions(+), 222 deletions(-) Adam Ford (1): ARM: dts: am3517.dtsi: Disable reference to OMAP3 OTG controller Ajay Gupta (1): usb: xhci: increase CRS timeout value Alexander Duyck (1): ixgbe: Be more careful when modifying MAC filters Alexey Brodkin (2): ARC: Explicitly add -mmedium-calls to CFLAGS ARC: Enable machine_desc->init_per_cpu for !CONFIG_SMP Andy Lutomirski (1): selftests/x86/sigreturn/64: Fix spurious failures on AMD CPUs Bartosz Golaszewski (1): net: davinci_emac: match the mdio device against its compatible if possible BingJing Chang (1): md/raid10: fix that replacement cannot complete recovery after reassemble Casey Schaufler (1): Smack: Mark inode instant in smack_task_to_inode Chunfeng Yun (1): usb: gadget: composite: fix delayed_status race condition when set_interface Dan Carpenter (3): dmaengine: k3dma: Off by one in k3_of_dma_simple_xlate() qlogic: check kstrtoul() for errors drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply() Daniel Mack (2): ARM: dts: am437x: make edt-ft5x06 a wakeup source ARM: pxa: irq: fix handling of ICMR registers in suspend/resume Daniel Rosenberg (1): staging: android: ion: check for kref overflow David Lechner (1): net: usb: rtl8150: demote allmulti message to dev_dbg() Elad Raz (1): bridge: Propagate vlan add failure to user Eric Dumazet (2): netfilter: ipv6: nf_defrag: reduce struct net memory waste xfrm_user: prevent leaking 2 bytes of kernel memory Esben Haabendal (1): i2c: imx: Fix race condition in dma read Fabio Estevam (2): ARM: imx_v6_v7_defconfig: Select ULPI support ARM: imx_v4_v5_defconfig: Select ULPI support Fathi Boudra (1): selftests: sync: add config fragment for testing sync framework Florian Westphal (2): netfilter: x_tables: set module owner for icmp(6) matches netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state Ganesh Goudar (1): cxgb4: when disabling dcb set txq dcb priority to 0 Govindarajulu Varadarajan (1): enic: initialize enic->rfs_h.lock in enic_probe Greg Kroah-Hartman (1): Linux 4.4.152 Greg Ungerer (1): m68k: fix "bad page state" oops on ColdFire boot Grigor Tovmasyan (1): usb: gadget: dwc2: fix memory leak in gadget_init() Hangbin Liu (1): ipv6: mcast: fix unsolicited report interval after receiving querys Jann Horn (1): reiserfs: fix broken xattr handling (heap corruption, bad retval) Jason Gerecke (1): HID: wacom: Correct touch maximum XY of 2nd-gen Intuos Jeremy Cline (1): ext4: fix spectre gadget in ext4_mb_regular_allocator() John David Anglin (2): parisc: Remove ordered stores from syscall.S parisc: Remove unnecessary barriers from spinlock.h Keerthy (1): ARM: dts: da850: Fix interrups property for gpio Kim Phillips (1): perf llvm-utils: Remove bashism from kernel include fetch script Li RongQing (1): net: propagate dev_get_valid_name return code Lukas Wunner (2): PCI: hotplug: Don't leak pci_slot on registration failure PCI: pciehp: Fix use-after-free on unplug Marek Szyprowski (3): drm/exynos: gsc: Fix support for NV16/61, YUV420/YVU420 and YUV422 modes drm/exynos: decon5433: Fix per-plane global alpha for XRGB modes drm/exynos: decon5433: Fix WINCONx reset value Mathieu Malaterre (1): tracing: Use __printf markup to silence compiler Michael Trimarchi (1): brcmfmac: stop watchdog before detach and free everything Myron Stowe (1): PCI: Skip MPS logic for Virtual Functions (VFs) Paolo Bonzini (1): KVM: irqfd: fix race between EPOLLHUP and irq_bypass_register_consumer Randy Dunlap (2): net/ethernet/freescale/fman: fix cross-build error tcp: identify cryptic messages as TCP seq # bugs Ray Jui (1): ARM: dts: Cygnus: Fix I2C controller interrupt type Russell King (1): drm/armada: fix colorkey mode property Sandipan Das (1): perf report powerpc: Fix crash if callchain is empty Shuah Khan (Samsung OSG) (4): selftests: pstore: return Kselftest Skip code for skipped tests selftests: static_keys: return Kselftest Skip code for skipped tests selftests: user: return Kselftest Skip code for skipped tests selftests: zram: return Kselftest Skip code for skipped tests Stefan Agner (1): net: hamradio: use eth_broadcast_addr Stefan Schmidt (3): ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem ieee802154: at86rf230: use __func__ macro for debug messages ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem Stefan Wahren (3): net: qca_spi: Avoid packet drop during initial sync net: qca_spi: Make sure the QCA7000 reset is triggered net: qca_spi: Fix log level if probe fails Steven Rostedt (VMware) (2): locking/lockdep: Do not record IRQ state within lockdep code ARM: 8780/1: ftrace: Only set kernel memory back to read-only after boot Sudarsana Reddy Kalluru (2): qed: Add sanity check for SIMD fastpath handler. bnx2x: Fix receiving tx-timeout in error or recovery state. Thomas Richter (1): perf test session topology: Fix test on s390 Vikas Gupta (1): bnxt_en: Fix for system hang if request_irq fails Willem de Bruijn (2): packet: reset network header if packet shorter than ll reserved space packet: refine ring v3 block size test to hold one frame William Wu (1): usb: dwc2: fix isoc split in transfer with no data Yuchung Cheng (1): tcp: remove DELAYED ACK events in DCTCP Yuiko Oshino (1): smsc75xx: Add workaround for gigabit link up hardware errata. Zhen Lei (1): kasan: fix shadow_size calculation error in kasan_module_alloc Zhizhou Zhang (1): arm64: make secondary_start_kernel() notrace Zhouyang Jia (1): scsi: xen-scsifront: add error handling for xenbus_printf

7 years, 2 months

1
1
0 0

Linux 4.9.124

by Greg KH

I'm announcing the release of the 4.9.124 kernel. All users of the 4.9 kernel series must upgrade. The updated 4.9.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.9.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arc/Makefile | 15 -- arch/arc/include/asm/mach_desc.h | 2 arch/arc/kernel/irq.c | 2 arch/arc/kernel/process.c | 47 +++++- arch/arm/boot/dts/am3517.dtsi | 5 arch/arm/boot/dts/am437x-sk-evm.dts | 2 arch/arm/boot/dts/bcm-cygnus.dtsi | 24 +-- arch/arm/boot/dts/bcm-nsp.dtsi | 32 ++-- arch/arm/boot/dts/da850.dtsi | 6 arch/arm/configs/imx_v4_v5_defconfig | 2 arch/arm/configs/imx_v6_v7_defconfig | 2 arch/arm/mach-omap2/omap-smp.c | 41 +++++ arch/arm/mach-pxa/irq.c | 4 arch/arm/mm/init.c | 9 + arch/arm64/boot/dts/broadcom/ns2.dtsi | 4 arch/arm64/kernel/smp.c | 2 arch/m68k/include/asm/mcf_pgalloc.h | 4 arch/parisc/include/asm/spinlock.h | 8 - arch/parisc/kernel/syscall.S | 24 +-- arch/s390/net/bpf_jit_comp.c | 1 arch/x86/entry/entry_64.S | 20 -- drivers/acpi/nfit/core.c | 4 drivers/ata/libahci.c | 7 - drivers/dma/k3dma.c | 2 drivers/dma/pl330.c | 2 drivers/gpu/drm/arm/malidp_hw.c | 3 drivers/gpu/drm/armada/armada_hw.h | 1 drivers/gpu/drm/armada/armada_overlay.c | 30 +++- drivers/gpu/drm/exynos/exynos5433_drm_decon.c | 6 drivers/gpu/drm/exynos/exynos_drm_gsc.c | 29 ++-- drivers/gpu/drm/exynos/regs-gsc.h | 1 drivers/gpu/drm/nouveau/nouveau_gem.c | 4 drivers/hid/wacom_wac.c | 10 + drivers/i2c/busses/i2c-imx.c | 8 - drivers/iio/pressure/bmp280-core.c | 5 drivers/infiniband/hw/mlx5/srq.c | 18 +- drivers/infiniband/sw/rxe/rxe_req.c | 3 drivers/md/raid10.c | 7 + drivers/net/ethernet/broadcom/bnx2x/bnx2x.h | 1 drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 6 drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 6 drivers/net/ethernet/broadcom/bnxt/bnxt.c | 8 - drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 2 drivers/net/ethernet/cisco/enic/enic_clsf.c | 3 drivers/net/ethernet/cisco/enic/enic_main.c | 3 drivers/net/ethernet/intel/ixgbe/ixgbe_common.c | 12 + drivers/net/ethernet/qlogic/qed/qed_main.c | 12 + drivers/net/ethernet/qlogic/qlcnic/qlcnic_sysfs.c | 2 drivers/net/ethernet/qualcomm/qca_spi.c | 21 +-- drivers/net/ethernet/renesas/ravb_main.c | 56 ++------ drivers/net/ethernet/renesas/sh_eth.c | 59 ++------ drivers/net/ethernet/stmicro/stmmac/Kconfig | 2 drivers/net/ethernet/stmicro/stmmac/dwmac-socfpga.c | 18 ++ drivers/net/ethernet/ti/davinci_emac.c | 4 drivers/net/hamradio/bpqether.c | 8 - drivers/net/ieee802154/at86rf230.c | 15 -- drivers/net/ieee802154/fakelb.c | 2 drivers/net/ipvlan/ipvlan_main.c | 36 ++++- drivers/net/usb/rtl8150.c | 2 drivers/net/usb/smsc75xx.c | 62 ++++++++ drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c | 7 + drivers/nfc/pn533/usb.c | 4 drivers/nvme/target/core.c | 8 + drivers/pci/host/pci-host-common.c | 2 drivers/pci/host/pci-versatile.c | 2 drivers/pci/host/pcie-rcar.c | 2 drivers/pci/host/pcie-xilinx-nwl.c | 2 drivers/pci/host/pcie-xilinx.c | 1 drivers/pci/hotplug/pci_hotplug_core.c | 9 + drivers/pci/hotplug/pciehp.h | 1 drivers/pci/hotplug/pciehp_core.c | 7 + drivers/pci/hotplug/pciehp_hpc.c | 18 -- drivers/pci/pci.c | 38 +++++ drivers/pci/probe.c | 4 drivers/pinctrl/bcm/pinctrl-nsp-mux.c | 6 drivers/scsi/xen-scsifront.c | 33 +++- drivers/usb/dwc2/gadget.c | 7 - drivers/usb/dwc2/hcd_intr.c | 3 drivers/usb/dwc3/dwc3-of-simple.c | 3 drivers/usb/gadget/composite.c | 3 drivers/usb/host/xhci-tegra.c | 2 drivers/usb/host/xhci.c | 7 - drivers/xen/manage.c | 18 ++ drivers/xen/xen-scsiback.c | 16 +- fs/ceph/inode.c | 1 fs/ext4/mballoc.c | 4 fs/reiserfs/xattr.c | 4 include/linux/fsl/guts.h | 1 include/linux/pci.h | 2 include/net/ipv6.h | 9 - include/net/net_namespace.h | 1 include/net/netns/ipv6.h | 1 include/net/tc_act/tc_tunnel_key.h | 1 include/net/tcp.h | 2 kernel/locking/lockdep.c | 12 - kernel/trace/trace.c | 5 mm/kasan/kasan.c | 5 net/batman-adv/bat_iv_ogm.c | 4 net/batman-adv/bat_v.c | 4 net/core/dev.c | 4 net/ieee802154/6lowpan/core.c | 6 net/ipv4/netfilter/ip_tables.c | 1 net/ipv4/tcp.c | 4 net/ipv4/tcp_dctcp.c | 25 --- net/ipv4/tcp_output.c | 4 net/ipv6/calipso.c | 9 - net/ipv6/exthdrs.c | 111 ++++------------ net/ipv6/ipv6_sockglue.c | 27 ++- net/ipv6/mcast.c | 9 - net/ipv6/netfilter/ip6_tables.c | 1 net/ipv6/netfilter/nf_conntrack_reasm.c | 6 net/netfilter/nf_conntrack_core.c | 2 net/netfilter/nf_conntrack_proto_dccp.c | 8 - net/netfilter/nf_log.c | 4 net/packet/af_packet.c | 12 + net/qrtr/qrtr.c | 4 net/sched/act_tunnel_key.c | 6 net/wireless/nl80211.c | 19 -- net/xfrm/xfrm_user.c | 8 - samples/bpf/parse_varlen.c | 6 samples/bpf/test_overhead_user.c | 19 ++ security/smack/smack_lsm.c | 1 sound/core/seq/seq_clientmgr.c | 3 tools/build/Makefile | 2 tools/objtool/elf.c | 41 ++++- tools/perf/arch/powerpc/util/skip-callchain-idx.c | 2 tools/perf/bench/numa.c | 5 tools/perf/tests/topology.c | 1 tools/perf/util/llvm-utils.c | 6 tools/testing/selftests/pstore/pstore_post_reboot_tests | 5 tools/testing/selftests/static_keys/test_static_keys.sh | 13 + tools/testing/selftests/sync/config | 4 tools/testing/selftests/user/test_user_copy.sh | 7 + tools/testing/selftests/x86/sigreturn.c | 59 +++++--- tools/testing/selftests/zram/zram.sh | 5 tools/testing/selftests/zram/zram_lib.sh | 5 virt/kvm/arm/vgic/vgic-v3.c | 5 virt/kvm/eventfd.c | 11 - 139 files changed, 894 insertions(+), 573 deletions(-) Adam Ford (1): ARM: dts: am3517.dtsi: Disable reference to OMAP3 OTG controller Ajay Gupta (1): usb: xhci: increase CRS timeout value Alexander Duyck (1): ixgbe: Be more careful when modifying MAC filters Alexey Brodkin (2): ARC: Explicitly add -mmedium-calls to CFLAGS ARC: Enable machine_desc->init_per_cpu for !CONFIG_SMP Alison Wang (1): drm: mali-dp: Enable Global SE interrupts mask for DP500 Andrey Ryabinin (1): netfilter: nf_conntrack: Fix possible possible crash on module loading. Andy Lutomirski (3): x86/entry/64: Remove %ebx handling from error_entry/exit selftests/x86/sigreturn/64: Fix spurious failures on AMD CPUs selftests/x86/sigreturn: Do minor cleanups Ard Biesheuvel (1): KVM: arm/arm64: Drop resource size check for GICV window Arun Kumar Neelakantam (1): net: qrtr: Broadcast messages only from control port Bartosz Golaszewski (1): net: davinci_emac: match the mdio device against its compatible if possible BingJing Chang (1): md/raid10: fix that replacement cannot complete recovery after reassemble Bob Copeland (1): nl80211: relax ht operation checks for mesh Casey Schaufler (1): Smack: Mark inode instant in smack_task_to_inode Chunfeng Yun (1): usb: gadget: composite: fix delayed_status race condition when set_interface Dan Carpenter (4): dmaengine: k3dma: Off by one in k3_of_dma_simple_xlate() qlogic: check kstrtoul() for errors pinctrl: nsp: off by ones in nsp_pinmux_enable() drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply() Daniel Borkmann (1): bpf, s390: fix potential memleak when later bpf_jit_prog fails Daniel Mack (2): ARM: dts: am437x: make edt-ft5x06 a wakeup source ARM: pxa: irq: fix handling of ICMR registers in suspend/resume Dave Jiang (2): acpi/nfit: fix cmd_rc for acpi_nfit_ctl to always return a value nfit: fix unchecked dereference in acpi_nfit_ctl David Lechner (1): net: usb: rtl8150: demote allmulti message to dev_dbg() Davide Caratti (1): net/sched: act_tunnel_key: fix NULL dereference when 'goto chain' is used Dinh Nguyen (1): net: stmmac: socfpga: add additional ocp reset line for Stratix10 Dongjiu Geng (1): usb: xhci: remove the code build warning Eric Dumazet (2): netfilter: ipv6: nf_defrag: reduce struct net memory waste xfrm_user: prevent leaking 2 bytes of kernel memory Esben Haabendal (1): i2c: imx: Fix race condition in dma read Fabio Estevam (2): ARM: imx_v6_v7_defconfig: Select ULPI support ARM: imx_v4_v5_defconfig: Select ULPI support Fathi Boudra (1): selftests: sync: add config fragment for testing sync framework Florian Fainelli (2): ARM: dts: NSP: Fix i2c controller interrupt type ARM: dts: NSP: Fix PCIe controllers interrupt types Florian Westphal (2): netfilter: x_tables: set module owner for icmp(6) matches netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state Ganesh Goudar (1): cxgb4: when disabling dcb set txq dcb priority to 0 Govindarajulu Varadarajan (1): enic: initialize enic->rfs_h.lock in enic_probe Greg Kroah-Hartman (1): Linux 4.9.124 Greg Ungerer (1): m68k: fix "bad page state" oops on ColdFire boot Grigor Tovmasyan (1): usb: gadget: dwc2: fix memory leak in gadget_init() Hangbin Liu (2): ipv6: mcast: fix unsolicited report interval after receiving querys ipvlan: call dev_change_flags when ipvlan mode is reset Hans de Goede (1): NFC: pn533: Fix wrong GFP flag usage Jann Horn (2): netfilter: nf_log: fix uninit read in nf_log_proc_dostring reiserfs: fix broken xattr handling (heap corruption, bad retval) Jason Gerecke (1): HID: wacom: Correct touch maximum XY of 2nd-gen Intuos Jeremy Cline (1): ext4: fix spectre gadget in ext4_mb_regular_allocator() Jiri Olsa (1): perf bench: Fix numa report output code Johan Hovold (1): usb: dwc3: of-simple: fix use-after-free on remove John David Anglin (2): parisc: Remove ordered stores from syscall.S parisc: Remove unnecessary barriers from spinlock.h John Garry (1): libahci: Fix possible Spectre-v1 pmp indexing in ahci_led_store() Josh Poimboeuf (1): objtool: Support GCC 8 '-fnoreorder-functions' Kamal Heib (1): RDMA/mlx5: Fix memory leak in mlx5_ib_create_srq() error path Keerthy (1): ARM: dts: da850: Fix interrups property for gpio Kim Phillips (1): perf llvm-utils: Remove bashism from kernel include fetch script Laura Abbott (1): tools: build: Use HOSTLDFLAGS with fixdep Li RongQing (1): net: propagate dev_get_valid_name return code Lubomir Rintel (1): ieee802154: 6lowpan: set IFLA_LINK Lukas Wunner (3): PCI: hotplug: Don't leak pci_slot on registration failure PCI: pciehp: Fix use-after-free on unplug PCI: pciehp: Fix unprotected list iteration in IRQ handler Marek Szyprowski (4): dmaengine: pl330: report BURST residue granularity drm/exynos: gsc: Fix support for NV16/61, YUV420/YVU420 and YUV422 modes drm/exynos: decon5433: Fix per-plane global alpha for XRGB modes drm/exynos: decon5433: Fix WINCONx reset value Mathieu Malaterre (1): tracing: Use __printf markup to silence compiler Max Gurtuvoy (1): nvmet: reset keep alive timer in controller enable Michael Chan (1): bnxt_en: Always set output parameters in bnxt_get_max_rings(). Michael Trimarchi (1): brcmfmac: stop watchdog before detach and free everything Myron Stowe (1): PCI: Skip MPS logic for Virtual Functions (VFs) Nicholas Mc Guire (2): PCI: xilinx: Add missing of_node_put() PCI: xilinx-nwl: Add missing of_node_put() Nishanth Menon (1): ARM: DRA7/OMAP5: Enable ACTLR[0] (Enable invalidates of BTB) for secondary cores Paolo Bonzini (1): KVM: irqfd: fix race between EPOLLHUP and irq_bypass_register_consumer Paul Moore (1): ipv6: make ipv6_renew_options() interrupt/kernel safe Peter Zijlstra (1): ARC: Improve cmpxchg syscall implementation Randy Dunlap (2): net/ethernet/freescale/fman: fix cross-build error tcp: identify cryptic messages as TCP seq # bugs Ray Jui (3): ARM: dts: Cygnus: Fix I2C controller interrupt type ARM: dts: Cygnus: Fix PCIe controller interrupt type arm64: dts: ns2: Fix I2C controller interrupt type Russell King (1): drm/armada: fix colorkey mode property Sandipan Das (1): perf report powerpc: Fix crash if callchain is empty Sergei Shtylyov (2): PCI: OF: Fix I/O space page leak PCI: versatile: Fix I/O space page leak Shuah Khan (Samsung OSG) (4): selftests: pstore: return Kselftest Skip code for skipped tests selftests: static_keys: return Kselftest Skip code for skipped tests selftests: user: return Kselftest Skip code for skipped tests selftests: zram: return Kselftest Skip code for skipped tests Stefan Agner (1): net: hamradio: use eth_broadcast_addr Stefan Schmidt (3): ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem ieee802154: at86rf230: use __func__ macro for debug messages ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem Stefan Wahren (3): net: qca_spi: Avoid packet drop during initial sync net: qca_spi: Make sure the QCA7000 reset is triggered net: qca_spi: Fix log level if probe fails Steven Rostedt (VMware) (2): locking/lockdep: Do not record IRQ state within lockdep code ARM: 8780/1: ftrace: Only set kernel memory back to read-only after boot Sudarsana Reddy Kalluru (2): qed: Add sanity check for SIMD fastpath handler. bnx2x: Fix receiving tx-timeout in error or recovery state. Sven Eckelmann (2): batman-adv: Fix bat_ogm_iv best gw refcnt after netlink dump batman-adv: Fix bat_v best gw refcnt after netlink dump Taeung Song (2): samples/bpf: add missing <linux/if_vlan.h> samples/bpf: Check the error of write() and read() Takashi Iwai (1): ALSA: seq: Fix UBSAN warning at SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT ioctl Thomas Richter (1): perf test session topology: Fix test on s390 Tomasz Duszynski (1): iio: pressure: bmp280: fix relative humidity unit Vijay Immanuel (1): IB/rxe: Fix missing completion for mem_reg work requests Vikas Gupta (1): bnxt_en: Fix for system hang if request_irq fails Vladimir Zapolskiy (4): sh_eth: fix invalid context bug while calling auto-negotiation by ethtool sh_eth: fix invalid context bug while changing link options by ethtool ravb: fix invalid context bug while calling auto-negotiation by ethtool ravb: fix invalid context bug while changing link options by ethtool Wei Yongjun (1): pinctrl: nsp: Fix potential NULL dereference Willem de Bruijn (2): packet: reset network header if packet shorter than ll reserved space packet: refine ring v3 block size test to hold one frame William Wu (1): usb: dwc2: fix isoc split in transfer with no data Yan, Zheng (1): ceph: fix dentry leak in splice_dentry() Yuchung Cheng (1): tcp: remove DELAYED ACK events in DCTCP Yuiko Oshino (1): smsc75xx: Add workaround for gigabit link up hardware errata. Zhen Lei (1): kasan: fix shadow_size calculation error in kasan_module_alloc Zhizhou Zhang (1): arm64: make secondary_start_kernel() notrace Zhouyang Jia (3): xen: add error handling for xenbus_printf scsi: xen-scsifront: add error handling for xenbus_printf xen/scsiback: add error handling for xenbus_printf

7 years, 2 months

1
1
0 0

Linux 4.14.67

by Greg KH

I'm announcing the release of the 4.14.67 kernel. All users of the 4.14 kernel series must upgrade. The updated 4.14.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.14.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 8 - arch/arc/Makefile | 15 -- arch/arc/include/asm/mach_desc.h | 2 arch/arc/kernel/irq.c | 2 arch/arc/kernel/process.c | 47 +++++- arch/arm/boot/dts/am3517.dtsi | 5 arch/arm/boot/dts/am437x-sk-evm.dts | 2 arch/arm/boot/dts/armada-385-synology-ds116.dts | 2 arch/arm/boot/dts/bcm-cygnus.dtsi | 24 +-- arch/arm/boot/dts/bcm-nsp.dtsi | 32 ++-- arch/arm/boot/dts/bcm5301x.dtsi | 2 arch/arm/boot/dts/da850.dtsi | 6 arch/arm/boot/dts/imx6qdl-zii-rdu2.dtsi | 2 arch/arm/configs/imx_v4_v5_defconfig | 2 arch/arm/configs/imx_v6_v7_defconfig | 2 arch/arm/mach-davinci/board-da850-evm.c | 2 arch/arm/mach-omap2/omap-smp.c | 41 +++++ arch/arm/mach-pxa/irq.c | 4 arch/arm/mm/init.c | 9 + arch/arm64/boot/dts/amlogic/meson-gxl-mali.dtsi | 2 arch/arm64/boot/dts/broadcom/northstar2/ns2.dtsi | 8 - arch/arm64/boot/dts/broadcom/stingray/bcm958742k.dts | 4 arch/arm64/boot/dts/broadcom/stingray/bcm958742t.dts | 4 arch/arm64/boot/dts/broadcom/stingray/stingray.dtsi | 4 arch/arm64/boot/dts/qcom/msm8916.dtsi | 4 arch/arm64/kernel/smp.c | 2 arch/arm64/mm/dma-mapping.c | 9 - arch/m68k/include/asm/mcf_pgalloc.h | 4 arch/openrisc/kernel/entry.S | 8 - arch/openrisc/kernel/head.S | 9 - arch/openrisc/kernel/traps.c | 2 arch/parisc/include/asm/spinlock.h | 8 - arch/parisc/kernel/syscall.S | 24 +-- arch/s390/net/bpf_jit_comp.c | 1 arch/x86/kernel/cpu/microcode/intel.c | 5 arch/x86/kernel/kvmclock.c | 1 arch/x86/kernel/smpboot.c | 5 block/sed-opal.c | 4 drivers/acpi/ec.c | 20 ++ drivers/acpi/nfit/core.c | 4 drivers/ata/libahci.c | 7 - drivers/block/drbd/drbd_req.c | 4 drivers/block/nbd.c | 40 ++++- drivers/dax/device.c | 12 + drivers/dma/k3dma.c | 2 drivers/dma/pl330.c | 2 drivers/edac/edac_mc.c | 1 drivers/gpu/drm/amd/amdgpu/vce_v3_0.c | 4 drivers/gpu/drm/arm/malidp_hw.c | 3 drivers/gpu/drm/arm/malidp_planes.c | 5 drivers/gpu/drm/armada/armada_crtc.c | 12 + drivers/gpu/drm/armada/armada_hw.h | 1 drivers/gpu/drm/armada/armada_overlay.c | 30 +++- drivers/gpu/drm/bridge/sil-sii8620.c | 41 +++-- drivers/gpu/drm/exynos/exynos5433_drm_decon.c | 6 drivers/gpu/drm/exynos/exynos_drm_gsc.c | 29 ++-- drivers/gpu/drm/exynos/regs-gsc.h | 1 drivers/gpu/drm/i915/gvt/kvmgt.c | 9 + drivers/gpu/drm/nouveau/nouveau_gem.c | 4 drivers/gpu/drm/tegra/drm.c | 2 drivers/gpu/host1x/job.c | 3 drivers/hid/wacom_wac.c | 10 + drivers/hwmon/nct6775.c | 2 drivers/i2c/busses/i2c-imx.c | 8 - drivers/i2c/i2c-core-acpi.c | 11 + drivers/iio/pressure/bmp280-core.c | 5 drivers/infiniband/hw/mlx4/mr.c | 7 - drivers/infiniband/hw/mlx5/srq.c | 18 +- drivers/infiniband/sw/rxe/rxe_req.c | 3 drivers/input/rmi4/rmi_2d_sensor.c | 34 ++-- drivers/md/raid10.c | 7 + drivers/mtd/devices/mtd_dataflash.c | 4 drivers/net/ethernet/broadcom/bnx2x/bnx2x.h | 1 drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 6 drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 6 drivers/net/ethernet/broadcom/bnxt/bnxt.c | 13 + drivers/net/ethernet/cavium/octeon/octeon_mgmt.c | 14 +- drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 2 drivers/net/ethernet/cisco/enic/enic_clsf.c | 3 drivers/net/ethernet/cisco/enic/enic_main.c | 3 drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 15 +- drivers/net/ethernet/freescale/fman/fman_port.c | 8 + drivers/net/ethernet/ibm/ibmvnic.c | 4 drivers/net/ethernet/intel/ixgbe/ixgbe_common.c | 12 + drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 12 - drivers/net/ethernet/mellanox/mlx5/core/vport.c | 2 drivers/net/ethernet/netronome/nfp/nfpcore/nfp_nffw.c | 2 drivers/net/ethernet/qlogic/qed/qed_dcbx.c | 11 - drivers/net/ethernet/qlogic/qed/qed_ll2.c | 11 + drivers/net/ethernet/qlogic/qed/qed_main.c | 12 + drivers/net/ethernet/qlogic/qlcnic/qlcnic_sysfs.c | 2 drivers/net/ethernet/qualcomm/qca_spi.c | 21 +-- drivers/net/ethernet/renesas/ravb_main.c | 56 ++------ drivers/net/ethernet/renesas/sh_eth.c | 59 ++------ drivers/net/ethernet/stmicro/stmmac/Kconfig | 2 drivers/net/ethernet/stmicro/stmmac/dwmac-socfpga.c | 18 ++ drivers/net/ethernet/ti/davinci_emac.c | 4 drivers/net/hamradio/bpqether.c | 8 - drivers/net/hyperv/rndis_filter.c | 1 drivers/net/ieee802154/at86rf230.c | 15 -- drivers/net/ieee802154/fakelb.c | 2 drivers/net/ipvlan/ipvlan_main.c | 36 ++++- drivers/net/usb/rtl8150.c | 2 drivers/net/usb/smsc75xx.c | 62 ++++++++ drivers/net/wireless/ath/ath10k/mac.c | 16 ++ drivers/net/wireless/ath/ath10k/wmi.h | 1 drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c | 7 + drivers/nfc/pn533/usb.c | 4 drivers/nvme/host/core.c | 2 drivers/nvme/target/core.c | 8 + drivers/nvmem/core.c | 4 drivers/pci/host/pci-ftpci100.c | 2 drivers/pci/host/pci-host-common.c | 2 drivers/pci/host/pci-versatile.c | 2 drivers/pci/host/pcie-rcar.c | 2 drivers/pci/host/pcie-xilinx-nwl.c | 2 drivers/pci/host/pcie-xilinx.c | 1 drivers/pci/hotplug/pci_hotplug_core.c | 9 + drivers/pci/hotplug/pciehp.h | 1 drivers/pci/hotplug/pciehp_core.c | 7 + drivers/pci/hotplug/pciehp_hpc.c | 18 -- drivers/pci/pci.c | 38 +++++ drivers/pci/probe.c | 4 drivers/perf/xgene_pmu.c | 2 drivers/pinctrl/bcm/pinctrl-nsp-mux.c | 6 drivers/pinctrl/pinctrl-ingenic.c | 2 drivers/s390/cio/vfio_ccw_drv.c | 5 drivers/scsi/qedf/qedf_main.c | 12 + drivers/scsi/qedi/qedi_main.c | 11 + drivers/scsi/xen-scsifront.c | 33 +++- drivers/soc/imx/gpc.c | 21 +++ drivers/soc/imx/gpcv2.c | 13 + drivers/staging/typec/tcpm.c | 3 drivers/tty/pty.c | 2 drivers/usb/dwc2/core.h | 3 drivers/usb/dwc2/gadget.c | 15 +- drivers/usb/dwc2/hcd.c | 89 ++++++++++++ drivers/usb/dwc2/hcd.h | 8 + drivers/usb/dwc2/hcd_intr.c | 11 + drivers/usb/dwc2/hcd_queue.c | 3 drivers/usb/dwc3/dwc3-of-simple.c | 3 drivers/usb/dwc3/dwc3-pci.c | 2 drivers/usb/gadget/composite.c | 3 drivers/usb/gadget/function/f_fs.c | 26 ++- drivers/usb/host/xhci-tegra.c | 2 drivers/usb/host/xhci.c | 7 - drivers/xen/manage.c | 18 ++ drivers/xen/xen-scsiback.c | 16 +- fs/btrfs/scrub.c | 17 +- fs/ceph/inode.c | 1 fs/ext4/mballoc.c | 4 fs/f2fs/segment.c | 32 ++++ fs/f2fs/segment.h | 22 ++- fs/nfs/nfs4proc.c | 17 +- fs/reiserfs/xattr.c | 4 include/linux/fsl/guts.h | 1 include/linux/pci.h | 2 include/net/ipv6.h | 9 - include/net/net_namespace.h | 1 include/net/netns/ipv6.h | 1 include/net/tc_act/tc_tunnel_key.h | 1 include/net/tcp.h | 2 include/uapi/linux/nbd.h | 3 kernel/bpf/hashtab.c | 16 +- kernel/locking/lockdep.c | 12 - kernel/trace/trace.c | 5 mm/kasan/kasan.c | 5 net/batman-adv/bat_iv_ogm.c | 4 net/batman-adv/bat_v.c | 4 net/batman-adv/translation-table.c | 7 - net/core/dev.c | 4 net/ieee802154/6lowpan/core.c | 6 net/ipv4/netfilter/ip_tables.c | 1 net/ipv4/tcp.c | 4 net/ipv4/tcp_dctcp.c | 25 --- net/ipv4/tcp_output.c | 4 net/ipv6/calipso.c | 9 - net/ipv6/exthdrs.c | 111 ++++------------ net/ipv6/ipv6_sockglue.c | 27 ++- net/ipv6/mcast.c | 9 - net/ipv6/netfilter/ip6_tables.c | 1 net/ipv6/netfilter/nf_conntrack_reasm.c | 6 net/netfilter/nf_conntrack_core.c | 2 net/netfilter/nf_conntrack_helper.c | 5 net/netfilter/nf_conntrack_proto_dccp.c | 8 - net/netfilter/nf_log.c | 4 net/netfilter/nft_compat.c | 13 + net/packet/af_packet.c | 12 + net/qrtr/qrtr.c | 4 net/sched/act_tunnel_key.c | 6 net/sctp/chunk.c | 4 net/smc/af_smc.c | 3 net/wireless/nl80211.c | 35 ++--- net/xfrm/xfrm_user.c | 8 - samples/bpf/parse_varlen.c | 6 samples/bpf/test_overhead_user.c | 19 ++ samples/bpf/trace_event_user.c | 27 +++ scripts/kconfig/zconf.y | 4 security/smack/smack_lsm.c | 1 sound/core/seq/seq_clientmgr.c | 3 tools/build/Makefile | 2 tools/objtool/elf.c | 41 ++++- tools/perf/arch/powerpc/util/skip-callchain-idx.c | 2 tools/perf/arch/x86/util/perf_regs.c | 2 tools/perf/bench/numa.c | 5 tools/perf/jvmti/jvmti_agent.c | 3 tools/perf/tests/topology.c | 1 tools/perf/util/c++/clang.cpp | 11 + tools/perf/util/header.c | 10 + tools/perf/util/llvm-utils.c | 6 tools/perf/util/parse-events.y | 5 tools/perf/util/scripting-engines/trace-event-python.c | 8 - tools/testing/selftests/bpf/test_kmod.sh | 9 + tools/testing/selftests/pstore/pstore_post_reboot_tests | 5 tools/testing/selftests/static_keys/test_static_keys.sh | 13 + tools/testing/selftests/sync/config | 4 tools/testing/selftests/sysctl/sysctl.sh | 20 +- tools/testing/selftests/user/test_user_copy.sh | 7 + tools/testing/selftests/vm/compaction_test.c | 4 tools/testing/selftests/vm/mlock2-tests.c | 12 + tools/testing/selftests/vm/run_vmtests | 5 tools/testing/selftests/vm/userfaultfd.c | 4 tools/testing/selftests/x86/sigreturn.c | 59 +++++--- tools/testing/selftests/zram/zram.sh | 5 tools/testing/selftests/zram/zram_lib.sh | 5 virt/kvm/arm/vgic/vgic-v3.c | 5 virt/kvm/eventfd.c | 11 - 227 files changed, 1565 insertions(+), 779 deletions(-) Adam Ford (2): ARM: davinci: board-da850-evm: fix WP pin polarity for MMC/SD ARM: dts: am3517.dtsi: Disable reference to OMAP3 OTG controller Ajay Gupta (1): usb: xhci: increase CRS timeout value Alex Deucher (1): drm/amdgpu: fix swapped emit_ib_size in vce3 Alexander Duyck (1): ixgbe: Be more careful when modifying MAC filters Alexander Sverdlin (1): octeon_mgmt: Fix MIX registers configuration on MTU setup Alexey Brodkin (2): ARC: Explicitly add -mmedium-calls to CFLAGS ARC: Enable machine_desc->init_per_cpu for !CONFIG_SMP Alison Wang (1): drm: mali-dp: Enable Global SE interrupts mask for DP500 Andrey Ryabinin (1): netfilter: nf_conntrack: Fix possible possible crash on module loading. Andrzej Hajda (1): drm/bridge/sii8620: fix loops in EDID fetch logic Andy Lutomirski (2): selftests/x86/sigreturn/64: Fix spurious failures on AMD CPUs selftests/x86/sigreturn: Do minor cleanups Anson Huang (2): soc: imx: gpcv2: correct PGC offset soc: imx: gpc: restrict register range for regmap access Ard Biesheuvel (1): KVM: arm/arm64: Drop resource size check for GICV window Arun Kumar Neelakantam (1): net: qrtr: Broadcast messages only from control port Ayan Kumar Halder (1): drm/arm/malidp: Preserve LAYER_FORMAT contents when setting format Bart Van Assche (1): drbd: Fix drbd_request_prepare() discard handling Bartosz Golaszewski (1): net: davinci_emac: match the mdio device against its compatible if possible BingJing Chang (1): md/raid10: fix that replacement cannot complete recovery after reassemble Bob Copeland (1): nl80211: relax ht operation checks for mesh Casey Schaufler (1): Smack: Mark inode instant in smack_task_to_inode Chengguang Xu (1): nfp: cast sizeof() to int when comparing with error code Christophe Jaillet (1): IB/mlx4: Fix an error handling path in 'mlx4_ib_rereg_user_mr()' Chunfeng Yun (1): usb: gadget: composite: fix delayed_status race condition when set_interface Dan Carpenter (6): block: sed-opal: Fix a couple off by one bugs typec: tcpm: Fix a msecs vs jiffies bug dmaengine: k3dma: Off by one in k3_of_dma_simple_xlate() qlogic: check kstrtoul() for errors pinctrl: nsp: off by ones in nsp_pinmux_enable() drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply() Daniel Borkmann (1): bpf, s390: fix potential memleak when later bpf_jit_prog fails Daniel Mack (2): ARM: dts: am437x: make edt-ft5x06 a wakeup source ARM: pxa: irq: fix handling of ICMR registers in suspend/resume Dave Jiang (2): acpi/nfit: fix cmd_rc for acpi_nfit_ctl to always return a value nfit: fix unchecked dereference in acpi_nfit_ctl David Lechner (1): net: usb: rtl8150: demote allmulti message to dev_dbg() Davide Caratti (1): net/sched: act_tunnel_key: fix NULL dereference when 'goto chain' is used Dinh Nguyen (1): net: stmmac: socfpga: add additional ocp reset line for Stratix10 Dirk Gouders (1): kconfig: fix line numbers for if-entries in menu tree Dmitry Osipenko (1): gpu: host1x: Check whether size of unpin isn't 0 Dong Jia Shi (1): vfio: ccw: fix error return in vfio_ccw_sch_event Dongjiu Geng (1): usb: xhci: remove the code build warning Doron Roberts-Kedes (1): nbd: Add the nbd NBD_DISCONNECT_ON_CLOSE config flag. Douglas Anderson (1): nvmem: Don't let a NULL cell_id for nvmem_cell_get() crash us Eli Cohen (1): net/mlx5: E-Switch, Disallow vlan/spoofcheck setup if not being esw manager Eric Dumazet (2): netfilter: ipv6: nf_defrag: reduce struct net memory waste xfrm_user: prevent leaking 2 bytes of kernel memory Esben Haabendal (1): i2c: imx: Fix race condition in dma read Fabio Estevam (2): ARM: imx_v6_v7_defconfig: Select ULPI support ARM: imx_v4_v5_defconfig: Select ULPI support Fathi Boudra (1): selftests: sync: add config fragment for testing sync framework Florian Fainelli (3): ARM: dts: NSP: Fix i2c controller interrupt type ARM: dts: NSP: Fix PCIe controllers interrupt types ARM: dts: BCM5301x: Fix i2c controller interrupt type Florian Westphal (3): netfilter: x_tables: set module owner for icmp(6) matches netfilter: nft_compat: explicitly reject ERROR and standard target netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state Ganesh Goudar (1): cxgb4: when disabling dcb set txq dcb priority to 0 Gao Feng (1): netfilter: nf_ct_helper: Fix possible panic after nf_conntrack_helper_unregister Geert Uytterhoeven (1): mtd: dataflash: Use ULL suffix for 64-bit constants Govindarajulu Varadarajan (1): enic: initialize enic->rfs_h.lock in enic_probe Greg Kroah-Hartman (1): Linux 4.14.67 Greg Ungerer (1): m68k: fix "bad page state" oops on ColdFire boot Grigor Tovmasyan (1): usb: gadget: dwc2: fix memory leak in gadget_init() Guenter Roeck (1): hwmon: (nct6775) Fix loop limit Gustavo A. R. Silva (1): drm/i915/kvmgt: Fix potential Spectre v1 Hangbin Liu (2): ipv6: mcast: fix unsolicited report interval after receiving querys ipvlan: call dev_change_flags when ipvlan mode is reset Hans de Goede (2): NFC: pn533: Fix wrong GFP flag usage i2c: core: ACPI: Properly set status byte to 0 for multi-byte writes Heikki Krogerus (1): usb: dwc3: pci: add support for Intel IceLake Hoan Tran (1): drivers/perf: xgene_pmu: Fix IOB SLOW PMU parser error Jaegeuk Kim (2): f2fs: return error during fill_super f2fs: sanity check for total valid node blocks Jann Horn (2): netfilter: nf_log: fix uninit read in nf_log_proc_dostring reiserfs: fix broken xattr handling (heap corruption, bad retval) Janne Huttunen (1): perf script python: Fix dict reference counting Jason Gerecke (1): HID: wacom: Correct touch maximum XY of 2nd-gen Intuos Jeff Moyer (1): dev-dax: check_vma: ratelimit dev_info-s Jeffrin Jose T (1): selftests: bpf: notification about privilege required to run test_kmod.sh testing script Jeremy Cline (1): ext4: fix spectre gadget in ext4_mb_regular_allocator() Jiri Olsa (3): perf tools: Fix error index for pmu event parser perf bench: Fix numa report output code perf tools: Fix compilation errors on gcc8 Johan Hovold (1): usb: dwc3: of-simple: fix use-after-free on remove Johannes Berg (1): nl80211: check nla_parse_nested() return values John Allen (1): ibmvnic: Fix error recovery on login failure John David Anglin (2): parisc: Remove ordered stores from syscall.S parisc: Remove unnecessary barriers from spinlock.h John Garry (1): libahci: Fix possible Spectre-v1 pmp indexing in ahci_led_store() Josh Poimboeuf (1): objtool: Support GCC 8 '-fnoreorder-functions' Kamal Heib (1): RDMA/mlx5: Fix memory leak in mlx5_ib_create_srq() error path Keerthy (1): ARM: dts: da850: Fix interrups property for gpio Kim Phillips (1): perf llvm-utils: Remove bashism from kernel include fetch script Laura Abbott (1): tools: build: Use HOSTLDFLAGS with fixdep Li RongQing (1): net: propagate dev_get_valid_name return code Linus Lüssing (2): batman-adv: Avoid storing non-TT-sync flags on singular entries too batman-adv: Fix multicast TT issues with bogus ROAM flags Lubomir Rintel (1): ieee802154: 6lowpan: set IFLA_LINK Lucas Stach (1): Input: synaptics-rmi4 - fix axis-swap behavior Lukas Wunner (3): PCI: hotplug: Don't leak pci_slot on registration failure PCI: pciehp: Fix use-after-free on unplug PCI: pciehp: Fix unprotected list iteration in IRQ handler Maciej Purski (3): drm/bridge/sii8620: fix potential buffer overflow drm/bridge/sii8620: fix display of packed pixel modes in MHL2 drm/bridge/sii8620: Fix display of packed pixel modes Madalin Bucur (2): fsl/fman: fix parser reporting bad checksum on short frames dpaa_eth: DPAA SGT needs to be 256B Manish Rangankar (1): scsi: qedi: Send driver state to MFW Marcelo Ricardo Leitner (1): sctp: fix erroneous inc of snmp SctpFragUsrMsgs Marek Szyprowski (5): arm64: dma-mapping: clear buffers allocated with FORCE_CONTIGUOUS flag dmaengine: pl330: report BURST residue granularity drm/exynos: gsc: Fix support for NV16/61, YUV420/YVU420 and YUV422 modes drm/exynos: decon5433: Fix per-plane global alpha for XRGB modes drm/exynos: decon5433: Fix WINCONx reset value Martin Blumenstingl (1): ARM64: dts: meson-gxl: fix Mali GPU compatible string Masahiro Yamada (1): kbuild: suppress warnings from 'getconf LFS_*' Mathieu Malaterre (1): tracing: Use __printf markup to silence compiler Matthijs van Duin (1): pty: fix O_CLOEXEC for TIOCGPTPEER Mauricio Vasquez B (1): bpf: hash map: decrement counter on error Max Gurtuvoy (1): nvmet: reset keep alive timer in controller enable Michael Chan (2): bnxt_en: Fix inconsistent BNXT_FLAG_AGG_RINGS logic. bnxt_en: Always set output parameters in bnxt_get_max_rings(). Michael Trimarchi (1): brcmfmac: stop watchdog before detach and free everything Mika Westerberg (1): ACPI / EC: Use ec_no_wakeup on Thinkpad X1 Carbon 6th Mikko Perttunen (1): drm/tegra: Fix comparison operator for buffer size Minas Harutyunyan (2): usb: dwc2: gadget: Fix issue in dwc2_gadget_start_isoc() dwc2: gadget: Fix ISOC IN DDMA PID bitfield value calculation Myron Stowe (1): PCI: Skip MPS logic for Virtual Functions (VFs) Nicholas Mc Guire (3): PCI: xilinx: Add missing of_node_put() PCI: xilinx-nwl: Add missing of_node_put() PCI: faraday: Add missing of_node_put() Nishanth Menon (1): ARM: DRA7/OMAP5: Enable ACTLR[0] (Enable invalidates of BTB) for secondary cores Paolo Bonzini (1): KVM: irqfd: fix race between EPOLLHUP and irq_bypass_register_consumer Paul Cercueil (1): pinctrl: ingenic: Fix inverted direction for < JZ4770 Paul Moore (1): ipv6: make ipv6_renew_options() interrupt/kernel safe Peng Hao (1): kvmclock: fix TSC calibration for nested guests Peter Zijlstra (1): ARC: Improve cmpxchg syscall implementation Qu Wenruo (1): btrfs: scrub: Don't use inode page cache in scrub_handle_errored_block() Randy Dunlap (2): net/ethernet/freescale/fman: fix cross-build error tcp: identify cryptic messages as TCP seq # bugs Ray Jui (5): ARM: dts: Cygnus: Fix I2C controller interrupt type ARM: dts: Cygnus: Fix PCIe controller interrupt type arm64: dts: ns2: Fix I2C controller interrupt type arm64: dts: ns2: Fix PCIe controller interrupt type arm64: dts: Stingray: Fix I2C controller interrupt type Rob Herring (1): arm64: dts: msm8916: fix Coresight ETF graph connections Robin H. Johnson (1): ACPI / EC: Use ec_no_wakeup on more Thinkpad X1 Carbon 6th systems Roland Dreier (1): nvme: fix handling of metadata_len for NVME_IOCTL_IO_CMD Russell King (2): drm/armada: fix colorkey mode property drm/armada: fix irq handling Ryan Hsu (1): ath10k: update the phymode along with bandwidth change request Sandipan Das (1): perf report powerpc: Fix crash if callchain is empty Saurav Kashyap (1): scsi: qedf: Send the driver state to MFW Scott Branden (2): arm64: dts: specify 1.8V EMMC capabilities for bcm958742k arm64: dts: specify 1.8V EMMC capabilities for bcm958742t Sergei Shtylyov (2): PCI: OF: Fix I/O space page leak PCI: versatile: Fix I/O space page leak Shuah Khan (Samsung OSG) (6): selftests: pstore: return Kselftest Skip code for skipped tests selftests: static_keys: return Kselftest Skip code for skipped tests selftests: sysctl: return Kselftest Skip code for skipped tests selftests: user: return Kselftest Skip code for skipped tests selftests: zram: return Kselftest Skip code for skipped tests selftests: vm: return Kselftest Skip code for skipped tests Stafford Horne (1): openrisc: entry: Fix delay slot exception detection Stefan Agner (1): net: hamradio: use eth_broadcast_addr Stefan Schmidt (3): ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem ieee802154: at86rf230: use __func__ macro for debug messages ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem Stefan Wahren (3): net: qca_spi: Avoid packet drop during initial sync net: qca_spi: Make sure the QCA7000 reset is triggered net: qca_spi: Fix log level if probe fails Stephen Hemminger (1): hv/netvsc: fix handling of fallback to single queue mode Steven Rostedt (VMware) (2): locking/lockdep: Do not record IRQ state within lockdep code ARM: 8780/1: ftrace: Only set kernel memory back to read-only after boot Sudarsana Reddy Kalluru (4): qed: Fix possible memory leak in Rx error path handling. qed: Add sanity check for SIMD fastpath handler. qed: Do not advertise DCBX_LLD_MANAGED capability. bnx2x: Fix receiving tx-timeout in error or recovery state. Sven Eckelmann (2): batman-adv: Fix bat_ogm_iv best gw refcnt after netlink dump batman-adv: Fix bat_v best gw refcnt after netlink dump Taeung Song (3): samples/bpf: add missing <linux/if_vlan.h> samples/bpf: Check the result of system() samples/bpf: Check the error of write() and read() Takashi Iwai (2): EDAC: Add missing MEM_LRDDR4 entry in edac_mem_types[] ALSA: seq: Fix UBSAN warning at SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT ioctl Thomas Richter (2): perf record: Support s390 random socket_id assignment perf test session topology: Fix test on s390 Tomasz Duszynski (1): iio: pressure: bmp280: fix relative humidity unit Trond Myklebust (1): pNFS: Always free the session slot on error in nfs4_layoutget_handle_exception Ursula Braun (1): net/smc: no shutdown in state SMC_LISTEN Uwe Kleine-König (1): ARM: dts: imx6: RDU2: fix irq type for mv88e6xxx switch Vijay Immanuel (1): IB/rxe: Fix missing completion for mem_reg work requests Vikas Gupta (1): bnxt_en: Fix for system hang if request_irq fails Vincent Pelletier (1): usb: gadget: ffs: Fix BUG when userland exits with submitted AIO transfers Viresh Kumar (1): arm: dts: armada: Fix "#cooling-cells" property's name Vladimir Zapolskiy (4): sh_eth: fix invalid context bug while calling auto-negotiation by ethtool sh_eth: fix invalid context bug while changing link options by ethtool ravb: fix invalid context bug while calling auto-negotiation by ethtool ravb: fix invalid context bug while changing link options by ethtool Wei Yongjun (1): pinctrl: nsp: Fix potential NULL dereference Willem de Bruijn (2): packet: reset network header if packet shorter than ll reserved space packet: refine ring v3 block size test to hold one frame William Wu (2): usb: dwc2: alloc dma aligned buffer for isoc split in usb: dwc2: fix isoc split in transfer with no data Yan, Zheng (1): ceph: fix dentry leak in splice_dentry() Yonghong Song (1): perf tools: Fix a clang 7.0 compilation error Yuchung Cheng (1): tcp: remove DELAYED ACK events in DCTCP Yuiko Oshino (1): smsc75xx: Add workaround for gigabit link up hardware errata. Zhen Lei (1): kasan: fix shadow_size calculation error in kasan_module_alloc Zhenzhong Duan (2): x86/microcode/intel: Fix memleak in save_microcode_patch() x86/mm/32: Initialize the CR4 shadow before __flush_tlb_all() Zhizhou Zhang (1): arm64: make secondary_start_kernel() notrace Zhouyang Jia (3): xen: add error handling for xenbus_printf scsi: xen-scsifront: add error handling for xenbus_printf xen/scsiback: add error handling for xenbus_printf

7 years, 2 months

1
1
0 0

Linux 4.17.19

by Greg KH

I'm announcing the release of the 4.17.19 kernel. Note, this is the LAST 4.17.y kernel to be released, it is now end-of-life. Pleas move to 4.18.y at this time. All users of the 4.17 kernel series must upgrade. The updated 4.17.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.17.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 8 - arch/arc/Makefile | 15 - arch/arc/include/asm/mach_desc.h | 2 arch/arc/kernel/irq.c | 2 arch/arc/kernel/process.c | 47 ++++-- arch/arc/plat-hsdk/platform.c | 62 ++++++++ arch/arm/boot/dts/am3517.dtsi | 5 arch/arm/boot/dts/am437x-sk-evm.dts | 2 arch/arm/boot/dts/armada-385-synology-ds116.dts | 2 arch/arm/boot/dts/bcm-cygnus.dtsi | 24 +-- arch/arm/boot/dts/bcm-hr2.dtsi | 24 +-- arch/arm/boot/dts/bcm-nsp.dtsi | 32 ++-- arch/arm/boot/dts/bcm5301x.dtsi | 2 arch/arm/boot/dts/da850.dtsi | 6 arch/arm/boot/dts/imx6qdl-zii-rdu2.dtsi | 2 arch/arm/boot/dts/omap4-droid4-xt894.dts | 9 - arch/arm/configs/imx_v4_v5_defconfig | 2 arch/arm/configs/imx_v6_v7_defconfig | 2 arch/arm/crypto/speck-neon-core.S | 6 arch/arm/mach-davinci/board-da850-evm.c | 2 arch/arm/mach-omap2/omap-smp.c | 41 +++++ arch/arm/mach-pxa/irq.c | 4 arch/arm/mm/init.c | 9 + arch/arm64/boot/dts/amlogic/meson-axg-s400.dts | 15 + arch/arm64/boot/dts/amlogic/meson-gxl-mali.dtsi | 2 arch/arm64/boot/dts/broadcom/northstar2/ns2.dtsi | 8 - arch/arm64/boot/dts/broadcom/stingray/bcm958742k.dts | 4 arch/arm64/boot/dts/broadcom/stingray/bcm958742t.dts | 4 arch/arm64/boot/dts/broadcom/stingray/stingray.dtsi | 4 arch/arm64/boot/dts/qcom/msm8916.dtsi | 4 arch/arm64/boot/dts/socionext/uniphier-ld11-global.dts | 2 arch/arm64/boot/dts/socionext/uniphier-ld20-global.dts | 2 arch/arm64/include/asm/alternative.h | 7 arch/arm64/kernel/alternative.c | 51 +++++- arch/arm64/kernel/module.c | 5 arch/arm64/kernel/smp.c | 2 arch/arm64/mm/dma-mapping.c | 9 - arch/ia64/kernel/perfmon.c | 6 arch/ia64/mm/init.c | 12 - arch/m68k/include/asm/mcf_pgalloc.h | 4 arch/nds32/kernel/setup.c | 3 arch/openrisc/kernel/entry.S | 8 - arch/openrisc/kernel/head.S | 9 - arch/openrisc/kernel/traps.c | 2 arch/parisc/include/asm/spinlock.h | 8 - arch/parisc/kernel/syscall.S | 24 +-- arch/powerpc/kernel/smp.c | 6 arch/riscv/kernel/irq.c | 4 arch/riscv/kernel/module.c | 4 arch/riscv/kernel/ptrace.c | 2 arch/s390/net/bpf_jit_comp.c | 1 arch/x86/include/asm/processor.h | 1 arch/x86/include/asm/set_memory.h | 1 arch/x86/kernel/cpu/microcode/intel.c | 5 arch/x86/kernel/kvmclock.c | 1 arch/x86/kernel/smpboot.c | 5 arch/x86/kvm/vmx.c | 9 - arch/x86/mm/init.c | 37 ++++ arch/x86/mm/init_64.c | 8 - arch/x86/mm/pageattr.c | 13 + block/blk-mq-debugfs.c | 2 block/blk-mq.c | 12 + block/sed-opal.c | 4 drivers/acpi/ec.c | 20 ++ drivers/acpi/nfit/core.c | 4 drivers/ata/libahci.c | 7 drivers/block/drbd/drbd_req.c | 4 drivers/block/nbd.c | 40 ++++- drivers/char/ipmi/kcs_bmc.c | 31 +--- drivers/clk/Makefile | 2 drivers/clk/davinci/da8xx-cfgchip.c | 2 drivers/clk/sunxi-ng/Makefile | 39 +---- drivers/clocksource/timer-stm32.c | 4 drivers/dax/device.c | 12 + drivers/dma/k3dma.c | 2 drivers/dma/omap-dma.c | 6 drivers/dma/pl330.c | 2 drivers/edac/edac_mc.c | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_pm.c | 3 drivers/gpu/drm/amd/amdgpu/vce_v3_0.c | 4 drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c | 19 ++ drivers/gpu/drm/amd/powerplay/hwmgr/vega12_hwmgr.c | 1 drivers/gpu/drm/arm/malidp_drv.c | 3 drivers/gpu/drm/arm/malidp_hw.c | 3 drivers/gpu/drm/arm/malidp_planes.c | 9 - drivers/gpu/drm/armada/armada_crtc.c | 12 + drivers/gpu/drm/armada/armada_hw.h | 1 drivers/gpu/drm/armada/armada_overlay.c | 30 ++- drivers/gpu/drm/bridge/sil-sii8620.c | 121 ++++++++-------- drivers/gpu/drm/exynos/exynos5433_drm_decon.c | 6 drivers/gpu/drm/exynos/exynos_drm_gsc.c | 29 ++- drivers/gpu/drm/exynos/regs-gsc.h | 1 drivers/gpu/drm/i915/gvt/kvmgt.c | 9 + drivers/gpu/drm/nouveau/nouveau_gem.c | 4 drivers/gpu/drm/sun4i/Makefile | 5 drivers/gpu/drm/tegra/drm.c | 2 drivers/gpu/host1x/dev.c | 3 drivers/gpu/host1x/job.c | 3 drivers/hid/hid-google-hammer.c | 2 drivers/hid/hid-ids.h | 1 drivers/hid/wacom_wac.c | 10 + drivers/hwmon/dell-smm-hwmon.c | 7 drivers/hwmon/nct6775.c | 2 drivers/i2c/busses/i2c-imx.c | 8 - drivers/i2c/i2c-core-acpi.c | 11 + drivers/iio/pressure/bmp280-core.c | 5 drivers/infiniband/hw/mlx4/mr.c | 7 drivers/infiniband/hw/mlx5/srq.c | 18 +- drivers/infiniband/hw/qedr/verbs.c | 3 drivers/infiniband/sw/rxe/rxe_req.c | 5 drivers/input/rmi4/rmi_2d_sensor.c | 34 ++-- drivers/irqchip/irq-gic-v2m.c | 2 drivers/irqchip/irq-gic-v3-its.c | 10 + drivers/md/raid10.c | 7 drivers/mtd/devices/mtd_dataflash.c | 4 drivers/net/ethernet/broadcom/bnx2x/bnx2x.h | 1 drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 6 drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 6 drivers/net/ethernet/broadcom/bnxt/bnxt.c | 15 + drivers/net/ethernet/broadcom/bnxt/bnxt.h | 1 drivers/net/ethernet/broadcom/bnxt/bnxt_tc.c | 30 +++ drivers/net/ethernet/broadcom/bnxt/bnxt_ulp.c | 2 drivers/net/ethernet/cadence/macb_main.c | 11 - drivers/net/ethernet/cavium/Kconfig | 12 - drivers/net/ethernet/cavium/octeon/octeon_mgmt.c | 14 + drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 2 drivers/net/ethernet/chelsio/cxgb4/t4_hw.c | 35 +--- drivers/net/ethernet/cisco/enic/enic_clsf.c | 3 drivers/net/ethernet/cisco/enic/enic_main.c | 3 drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 15 + drivers/net/ethernet/freescale/fman/fman_port.c | 8 + drivers/net/ethernet/ibm/ibmvnic.c | 43 +++-- drivers/net/ethernet/intel/ixgbe/ixgbe_common.c | 12 + drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 2 drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 12 - drivers/net/ethernet/mellanox/mlx5/core/vport.c | 2 drivers/net/ethernet/netronome/nfp/bpf/main.c | 6 drivers/net/ethernet/netronome/nfp/nfpcore/nfp_nffw.c | 2 drivers/net/ethernet/qlogic/qed/qed_dcbx.c | 11 - drivers/net/ethernet/qlogic/qed/qed_debug.c | 2 drivers/net/ethernet/qlogic/qed/qed_ll2.c | 11 + drivers/net/ethernet/qlogic/qed/qed_main.c | 12 + drivers/net/ethernet/qlogic/qlcnic/qlcnic_sysfs.c | 2 drivers/net/ethernet/qualcomm/qca_spi.c | 21 +- drivers/net/ethernet/realtek/r8169.c | 1 drivers/net/ethernet/renesas/ravb_main.c | 56 ++----- drivers/net/ethernet/renesas/sh_eth.c | 59 ++----- drivers/net/ethernet/sfc/ef10.c | 30 ++- drivers/net/ethernet/sfc/efx.c | 17 +- drivers/net/ethernet/stmicro/stmmac/Kconfig | 2 drivers/net/ethernet/stmicro/stmmac/dwmac-socfpga.c | 18 +- drivers/net/ethernet/ti/davinci_emac.c | 4 drivers/net/hamradio/bpqether.c | 8 - drivers/net/hyperv/rndis_filter.c | 1 drivers/net/ieee802154/adf7242.c | 34 ++++ drivers/net/ieee802154/at86rf230.c | 15 - drivers/net/ieee802154/fakelb.c | 2 drivers/net/ieee802154/mcr20a.c | 3 drivers/net/ipvlan/ipvlan_main.c | 36 +++- drivers/net/phy/marvell.c | 54 ++++--- drivers/net/phy/sfp-bus.c | 35 +++- drivers/net/usb/rtl8150.c | 2 drivers/net/usb/smsc75xx.c | 62 ++++++++ drivers/net/wireless/ath/ath10k/mac.c | 16 +- drivers/net/wireless/ath/ath10k/wmi.h | 1 drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c | 7 drivers/nfc/pn533/usb.c | 4 drivers/nvme/host/core.c | 52 +++--- drivers/nvme/host/pci.c | 2 drivers/nvme/host/rdma.c | 28 ++- drivers/nvme/target/core.c | 8 + drivers/nvmem/core.c | 4 drivers/of/base.c | 6 drivers/of/of_private.h | 2 drivers/of/overlay.c | 11 + drivers/pci/dwc/pcie-designware-host.c | 3 drivers/pci/host/pci-aardvark.c | 2 drivers/pci/host/pci-ftpci100.c | 4 drivers/pci/host/pci-v3-semi.c | 2 drivers/pci/host/pci-versatile.c | 2 drivers/pci/host/pci-xgene.c | 2 drivers/pci/host/pcie-mediatek.c | 2 drivers/pci/host/pcie-xilinx-nwl.c | 2 drivers/pci/host/pcie-xilinx.c | 1 drivers/pci/hotplug/pci_hotplug_core.c | 9 + drivers/pci/hotplug/pciehp.h | 1 drivers/pci/hotplug/pciehp_core.c | 7 drivers/pci/hotplug/pciehp_hpc.c | 18 -- drivers/pci/of.c | 2 drivers/pci/pci-acpi.c | 6 drivers/pci/pci.c | 66 ++++++++ drivers/pci/probe.c | 4 drivers/perf/xgene_pmu.c | 2 drivers/pinctrl/bcm/pinctrl-nsp-mux.c | 6 drivers/pinctrl/pinctrl-ingenic.c | 2 drivers/platform/x86/dell-laptop.c | 2 drivers/rtc/interface.c | 8 - drivers/s390/cio/vfio_ccw_drv.c | 5 drivers/s390/net/qeth_core.h | 2 drivers/s390/net/qeth_core_main.c | 23 +-- drivers/s390/net/qeth_l2_main.c | 5 drivers/s390/net/qeth_l3_main.c | 3 drivers/scsi/hpsa.c | 25 ++- drivers/scsi/hpsa.h | 1 drivers/scsi/qedf/qedf_main.c | 12 + drivers/scsi/qedi/qedi_main.c | 11 + drivers/scsi/xen-scsifront.c | 33 +++- drivers/soc/imx/gpc.c | 21 ++ drivers/soc/imx/gpcv2.c | 13 + drivers/tty/pty.c | 2 drivers/usb/chipidea/host.c | 5 drivers/usb/dwc2/core.h | 3 drivers/usb/dwc2/gadget.c | 15 + drivers/usb/dwc2/hcd.c | 93 +++++++++++- drivers/usb/dwc2/hcd.h | 8 + drivers/usb/dwc2/hcd_intr.c | 11 + drivers/usb/dwc2/hcd_queue.c | 3 drivers/usb/dwc3/dwc3-of-simple.c | 3 drivers/usb/dwc3/dwc3-pci.c | 2 drivers/usb/gadget/composite.c | 3 drivers/usb/gadget/function/f_fs.c | 26 ++- drivers/usb/host/xhci-dbgcap.c | 12 + drivers/usb/host/xhci-tegra.c | 2 drivers/usb/host/xhci.c | 7 drivers/usb/typec/tcpm.c | 3 drivers/xen/manage.c | 18 +- drivers/xen/xen-scsiback.c | 16 +- fs/btrfs/scrub.c | 17 +- fs/ceph/inode.c | 1 fs/cifs/smb2pdu.c | 5 fs/exec.c | 6 fs/ext4/mballoc.c | 4 fs/nfs/nfs4proc.c | 17 +- fs/reiserfs/xattr.c | 4 include/linux/fsl/guts.h | 1 include/linux/kthread.h | 1 include/linux/marvell_phy.h | 2 include/linux/mm.h | 4 include/linux/pci.h | 2 include/linux/sched.h | 2 include/net/ipv6.h | 9 - include/net/net_namespace.h | 1 include/net/netns/ipv6.h | 1 include/net/tc_act/tc_csum.h | 1 include/net/tc_act/tc_tunnel_key.h | 1 include/net/tcp.h | 2 include/uapi/linux/nbd.h | 3 kernel/bpf/hashtab.c | 16 +- kernel/fork.c | 35 +++- kernel/kthread.c | 30 +++ kernel/locking/lockdep.c | 12 - kernel/sched/core.c | 67 ++++---- kernel/sched/deadline.c | 11 + kernel/sched/fair.c | 30 +-- kernel/sched/sched.h | 6 kernel/trace/trace.c | 5 mm/kasan/kasan.c | 5 mm/mmap.c | 35 +--- mm/nommu.c | 10 - mm/page_alloc.c | 16 +- net/9p/client.c | 3 net/batman-adv/bat_iv_ogm.c | 4 net/batman-adv/bat_v.c | 4 net/batman-adv/debugfs.c | 40 +++++ net/batman-adv/debugfs.h | 11 + net/batman-adv/hard-interface.c | 37 ++++ net/batman-adv/translation-table.c | 7 net/core/dev.c | 4 net/core/filter.c | 3 net/ieee802154/6lowpan/core.c | 6 net/ipv4/inet_fragment.c | 2 net/ipv4/netfilter/ip_tables.c | 1 net/ipv4/tcp.c | 4 net/ipv4/tcp_dctcp.c | 25 --- net/ipv4/tcp_output.c | 4 net/ipv6/calipso.c | 9 - net/ipv6/exthdrs.c | 111 +++----------- net/ipv6/ipv6_sockglue.c | 27 ++- net/ipv6/mcast.c | 9 - net/ipv6/netfilter/ip6_tables.c | 1 net/ipv6/netfilter/nf_conntrack_reasm.c | 6 net/mac80211/tx.c | 2 net/netfilter/nf_conntrack_core.c | 2 net/netfilter/nf_conntrack_helper.c | 5 net/netfilter/nf_conntrack_proto_dccp.c | 8 - net/netfilter/nf_log.c | 4 net/netfilter/nft_compat.c | 13 + net/packet/af_packet.c | 12 + net/qrtr/qrtr.c | 13 + net/rds/connection.c | 11 + net/rds/loop.c | 56 +++++++ net/rds/loop.h | 2 net/sched/act_csum.c | 6 net/sched/act_tunnel_key.c | 6 net/sctp/chunk.c | 4 net/smc/af_smc.c | 3 net/smc/smc_clc.c | 3 net/tipc/discover.c | 18 +- net/tipc/net.c | 17 +- net/tipc/node.c | 7 net/tls/tls_sw.c | 5 net/wireless/nl80211.c | 35 +--- net/xfrm/xfrm_user.c | 8 - samples/bpf/parse_varlen.c | 6 samples/bpf/test_overhead_user.c | 19 +- samples/bpf/trace_event_user.c | 27 +++ samples/bpf/xdp2skb_meta.sh | 6 scripts/kconfig/zconf.y | 4 security/smack/smack_lsm.c | 1 sound/core/seq/seq_clientmgr.c | 3 tools/build/Build.include | 2 tools/build/Makefile | 2 tools/objtool/elf.c | 41 +++-- tools/perf/Makefile.config | 3 tools/perf/arch/powerpc/util/skip-callchain-idx.c | 2 tools/perf/arch/x86/util/perf_regs.c | 2 tools/perf/bench/numa.c | 5 tools/perf/builtin-annotate.c | 11 + tools/perf/builtin-report.c | 3 tools/perf/builtin-script.c | 25 +++ tools/perf/jvmti/jvmti_agent.c | 3 tools/perf/pmu-events/Build | 2 tools/perf/tests/builtin-test.c | 2 tools/perf/tests/parse-events.c | 8 - tools/perf/tests/topology.c | 1 tools/perf/util/c++/clang.cpp | 11 + tools/perf/util/header.c | 12 + tools/perf/util/llvm-utils.c | 6 tools/perf/util/parse-events.y | 5 tools/perf/util/scripting-engines/trace-event-python.c | 8 - tools/testing/nvdimm/test/nfit.c | 3 tools/testing/selftests/bpf/test_kmod.sh | 9 + tools/testing/selftests/bpf/test_offload.py | 12 + tools/testing/selftests/net/config | 2 tools/testing/selftests/pstore/pstore_post_reboot_tests | 5 tools/testing/selftests/static_keys/test_static_keys.sh | 13 + tools/testing/selftests/sync/config | 4 tools/testing/selftests/sysctl/sysctl.sh | 20 +- tools/testing/selftests/user/test_user_copy.sh | 7 tools/testing/selftests/vm/compaction_test.c | 4 tools/testing/selftests/vm/mlock2-tests.c | 12 - tools/testing/selftests/vm/run_vmtests | 5 tools/testing/selftests/vm/userfaultfd.c | 4 tools/testing/selftests/x86/sigreturn.c | 59 ++++--- tools/testing/selftests/zram/zram.sh | 5 tools/testing/selftests/zram/zram_lib.sh | 5 virt/kvm/arm/vgic/vgic-v3.c | 5 347 files changed, 2651 insertions(+), 1284 deletions(-) Adam Ford (2): ARM: davinci: board-da850-evm: fix WP pin polarity for MMC/SD ARM: dts: am3517.dtsi: Disable reference to OMAP3 OTG controller Ajay Gupta (1): usb: xhci: increase CRS timeout value Alex Deucher (1): drm/amdgpu: fix swapped emit_ib_size in vce3 Alexander Duyck (1): ixgbe: Be more careful when modifying MAC filters Alexander Sverdlin (2): octeon_mgmt: Fix MIX registers configuration on MTU setup net: cavium: Add fine-granular dependencies on PCI Alexandre Belloni (1): rtc: fix alarm read and set offset Alexey Brodkin (2): ARC: Explicitly add -mmedium-calls to CFLAGS ARC: Enable machine_desc->init_per_cpu for !CONFIG_SMP Alison Wang (1): drm: mali-dp: Enable Global SE interrupts mask for DP500 Anders Roxell (1): selftests: net: add config fragments Andreas Schwab (1): RISC-V: fix R_RISCV_ADD32/R_RISCV_SUB32 relocations Andrey Ryabinin (1): netfilter: nf_conntrack: Fix possible possible crash on module loading. Andrzej Hajda (1): drm/bridge/sii8620: fix loops in EDID fetch logic Andy Lutomirski (2): selftests/x86/sigreturn/64: Fix spurious failures on AMD CPUs selftests/x86/sigreturn: Do minor cleanups Anson Huang (2): soc: imx: gpcv2: correct PGC offset soc: imx: gpc: restrict register range for regmap access Ard Biesheuvel (1): KVM: arm/arm64: Drop resource size check for GICV window Arnd Bergmann (2): ieee802154: mcr20a: add missing includes drm/sun4i: link in front-end code if needed Artur Petrosyan (1): usb: dwc2: Fix host exit from hibernation flow. Arun Kumar Neelakantam (2): net: qrtr: Broadcast messages only from control port net: qrtr: Reset the node and port ID of broadcast messages Ayan Kumar Halder (3): drm/arm/malidp: Ensure that the crtcs are shutdown before removing any encoder/connector drm/arm/malidp: Preserve LAYER_FORMAT contents when setting format drm/mali-dp: Rectify the width and height passed to rotmem_required() Bart Van Assche (1): drbd: Fix drbd_request_prepare() discard handling Bartosz Golaszewski (1): net: davinci_emac: match the mdio device against its compatible if possible Bert Kenward (2): sfc: avoid hang from nested use of the filter_sem sfc: hold filter_sem consistently during reset BingJing Chang (1): md/raid10: fix that replacement cannot complete recovery after reassemble Bob Copeland (1): nl80211: relax ht operation checks for mesh Casey Leedom (1): cxgb4: assume flash part size to be 4MB, if it can't be determined Casey Schaufler (1): Smack: Mark inode instant in smack_task_to_inode Chengguang Xu (1): nfp: cast sizeof() to int when comparing with error code Christian König (1): PCI: Restore resized BAR state on resume Christophe Jaillet (1): IB/mlx4: Fix an error handling path in 'mlx4_ib_rereg_user_mr()' Chunfeng Yun (1): usb: gadget: composite: fix delayed_status race condition when set_interface Damien Thébault (1): platform/x86: dell-laptop: Fix backlight detection Dan Carpenter (10): blk-mq-debugfs: Off by one in blk_mq_rq_state_name() block: sed-opal: Fix a couple off by one bugs typec: tcpm: Fix a msecs vs jiffies bug clk: davinci: cfgchip: testing the wrong variable dmaengine: k3dma: Off by one in k3_of_dma_simple_xlate() qed: off by one in qed_parse_mcp_trace_buf() ixgbe: Off by one in ixgbe_ipsec_tx() qlogic: check kstrtoul() for errors pinctrl: nsp: off by ones in nsp_pinmux_enable() drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply() Daniel Borkmann (1): bpf, s390: fix potential memleak when later bpf_jit_prog fails Daniel Mack (2): ARM: dts: am437x: make edt-ft5x06 a wakeup source ARM: pxa: irq: fix handling of ICMR registers in suspend/resume Dave Hansen (4): mm: Allow non-direct-map arguments to free_reserved_area() x86/mm/init: Pass unconverted symbol addresses to free_init_pages() x86/mm/init: Add helper for freeing kernel image pages x86/mm/init: Remove freed kernel image areas from alias mapping Dave Jiang (2): acpi/nfit: fix cmd_rc for acpi_nfit_ctl to always return a value nfit: fix unchecked dereference in acpi_nfit_ctl David Francis (1): amd/dc/dce100: On dce100, set clocks to 0 on suspend David Lechner (1): net: usb: rtl8150: demote allmulti message to dev_dbg() Davide Caratti (2): net/sched: act_csum: fix NULL dereference when 'goto chain' is used net/sched: act_tunnel_key: fix NULL dereference when 'goto chain' is used Denis Kenzior (1): mac80211: disable BHs/preemption in ieee80211_tx_control_port() Dinh Nguyen (1): net: stmmac: socfpga: add additional ocp reset line for Stratix10 Dirk Gouders (1): kconfig: fix line numbers for if-entries in menu tree Dmitry Osipenko (2): gpu: host1x: Skip IOMMU initialization if firewall is enabled gpu: host1x: Check whether size of unpin isn't 0 Don Brace (1): scsi: hpsa: correct enclosure sas address Dong Jia Shi (1): vfio: ccw: fix error return in vfio_ccw_sch_event Dongjiu Geng (1): usb: xhci: remove the code build warning Doron Roberts-Kedes (2): nbd: Add the nbd NBD_DISCONNECT_ON_CLOSE config flag. tls: fix skb_to_sgvec returning unhandled error. Douglas Anderson (1): nvmem: Don't let a NULL cell_id for nvmem_cell_get() crash us Eli Cohen (1): net/mlx5: E-Switch, Disallow vlan/spoofcheck setup if not being esw manager Eric Biggers (1): crypto: arm/speck - fix building in Thumb2 mode Eric Dumazet (2): netfilter: ipv6: nf_defrag: reduce struct net memory waste xfrm_user: prevent leaking 2 bytes of kernel memory Esben Haabendal (1): i2c: imx: Fix race condition in dma read Evan Quan (1): drm/amd/powerplay: correct vega12 thermal support as true Fabio Estevam (2): ARM: imx_v6_v7_defconfig: Select ULPI support ARM: imx_v4_v5_defconfig: Select ULPI support Fathi Boudra (1): selftests: sync: add config fragment for testing sync framework Florian Fainelli (4): ARM: dts: NSP: Fix i2c controller interrupt type ARM: dts: NSP: Fix PCIe controllers interrupt types ARM: dts: HR2: Fix interrupt types for i2c and PCIe ARM: dts: BCM5301x: Fix i2c controller interrupt type Florian Westphal (3): netfilter: x_tables: set module owner for icmp(6) matches netfilter: nft_compat: explicitly reject ERROR and standard target netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state Frank Rowand (1): of: overlay: update phandle cache on overlay apply and remove Frederic Weisbecker (1): sched/nohz: Skip remote tick on idle task entirely Ganesh Goudar (1): cxgb4: when disabling dcb set txq dcb priority to 0 Gao Feng (1): netfilter: nf_ct_helper: Fix possible panic after nf_conntrack_helper_unregister Geert Uytterhoeven (1): mtd: dataflash: Use ULL suffix for 64-bit constants Govindarajulu Varadarajan (1): enic: initialize enic->rfs_h.lock in enic_probe Greentime Hu (1): nds32: Fix the dts pointer is not passed correctly issue. Greg Kroah-Hartman (1): Linux 4.17.19 Greg Ungerer (1): m68k: fix "bad page state" oops on ColdFire boot Grigor Tovmasyan (1): usb: gadget: dwc2: fix memory leak in gadget_init() Guenter Roeck (1): hwmon: (nct6775) Fix loop limit Gustavo A. R. Silva (2): drm/i915/kvmgt: Fix potential Spectre v1 drm/amdgpu/pm: Fix potential Spectre v1 Gustavo Pimentel (1): ARC: [plat-hsdk]: Configure APB GPIO controller on ARC HSDK platform Haiyue Wang (1): ipmi: kcs_bmc: fix IRQ exception if the channel is not open Hangbin Liu (2): ipv6: mcast: fix unsolicited report interval after receiving querys ipvlan: call dev_change_flags when ipvlan mode is reset Hans de Goede (2): NFC: pn533: Fix wrong GFP flag usage i2c: core: ACPI: Properly set status byte to 0 for multi-byte writes Harini Katakam (1): net: macb: Free RX ring for all queues Heikki Krogerus (1): usb: dwc3: pci: add support for Intel IceLake Heiner Kallweit (1): r8169: fix mac address change Helge Eichelberg (1): hwmon: (dell-smm) Disable fan support for Dell XPS13 9333 Hoan Tran (1): drivers/perf: xgene_pmu: Fix IOB SLOW PMU parser error Israel Rukshin (1): nvme-rdma: Fix command completion race at error recovery Jakub Kicinski (2): selftests/bpf: test offloads even with BPF programs present nfp: bpf: don't stop offload if replace failed Jann Horn (2): netfilter: nf_log: fix uninit read in nf_log_proc_dostring reiserfs: fix broken xattr handling (heap corruption, bad retval) Janne Huttunen (1): perf script python: Fix dict reference counting Janusz Krzysztofik (1): dmaengine: ti: omap-dma: Fix OMAP1510 incorrect residue_granularity Jason Gerecke (1): HID: wacom: Correct touch maximum XY of 2nd-gen Intuos Jeff Moyer (1): dev-dax: check_vma: ratelimit dev_info-s Jeffrin Jose T (1): selftests: bpf: notification about privilege required to run test_kmod.sh testing script Jens Axboe (1): blk-mq: don't queue more if we get a busy return Jeremy Cline (2): perf tools: Use python-config --includes rather than --cflags ext4: fix spectre gadget in ext4_mb_regular_allocator() Jerome Brunet (1): ARM64: dts: meson-axg: fix ethernet stability issue Jianchao Wang (1): nvme-pci: move nvme_kill_queues to nvme_remove_dead_ctrl Jim Mattson (1): kvm: nVMX: Restore exit qual for VM-entry failure due to MSR loading Jim Wilson (1): RISC-V: Fix PTRACE_SETREGSET bug. Jiri Olsa (4): perf tools: Fix error index for pmu event parser perf tests: Add event parsing error handling to parse events test perf bench: Fix numa report output code perf tools: Fix compilation errors on gcc8 Johan Hovold (1): usb: dwc3: of-simple: fix use-after-free on remove Johannes Berg (1): nl80211: check nla_parse_nested() return values John Allen (1): ibmvnic: Fix error recovery on login failure John David Anglin (2): parisc: Remove unnecessary barriers from spinlock.h parisc: Remove ordered stores from syscall.S John Fastabend (1): bpf: fix sk_skb programs without skb->dev assigned John Garry (1): libahci: Fix possible Spectre-v1 pmp indexing in ahci_led_store() Jon Maloy (4): tipc: fix wrong return value from function tipc_node_try_addr() tipc: correct discovery message handling during address trial period tipc: fix correct setting of message type in second discoverer tipc: make function tipc_net_finalize() thread safe Josh Poimboeuf (1): objtool: Support GCC 8 '-fnoreorder-functions' Julia Lawall (1): clocksource/drivers/stm32: Fix error return code Julian Wiedmann (1): s390/qeth: consistently re-enable device features Juri Lelli (1): sched/deadline: Fix switched_from_dl() warning Kai-Heng Feng (1): usb: xhci: dbc: Don't decrement runtime PM counter if DBC is not started Kalderon, Michal (1): RDMA/qedr: Fix NULL pointer dereference when running over iWARP without RDMA-CM Kamal Heib (1): RDMA/mlx5: Fix memory leak in mlx5_ib_create_srq() error path Karsten Graul (1): net/smc: reset recv timeout after clc handshake Katsuhiro Suzuki (1): arm64: dts: uniphier: fix widget name of headphone for LD11/LD20 boards Keerthy (1): ARM: dts: da850: Fix interrups property for gpio Kim Phillips (2): perf llvm-utils: Remove bashism from kernel include fetch script perf test shell: Prevent temporary editor files from being considered test scripts Laura Abbott (2): tools: build: Fixup host c flags tools: build: Use HOSTLDFLAGS with fixdep Li RongQing (1): net: propagate dev_get_valid_name return code Linus Lüssing (2): batman-adv: Avoid storing non-TT-sync flags on singular entries too batman-adv: Fix multicast TT issues with bogus ROAM flags Linus Torvalds (3): mm: use helper functions for allocating and freeing vm_area structs mm: make vm_area_dup() actually copy the old vma data mm: make vm_area_alloc() initialize core fields Lubomir Rintel (1): ieee802154: 6lowpan: set IFLA_LINK Lucas Stach (1): Input: synaptics-rmi4 - fix axis-swap behavior Lukas Wunner (3): PCI: hotplug: Don't leak pci_slot on registration failure PCI: pciehp: Fix use-after-free on unplug PCI: pciehp: Fix unprotected list iteration in IRQ handler Maciej Purski (4): drm/bridge/sii8620: fix display modes validation drm/bridge/sii8620: fix potential buffer overflow drm/bridge/sii8620: fix display of packed pixel modes in MHL2 drm/bridge/sii8620: Fix display of packed pixel modes Madalin Bucur (2): fsl/fman: fix parser reporting bad checksum on short frames dpaa_eth: DPAA SGT needs to be 256B Manish Rangankar (1): scsi: qedi: Send driver state to MFW Marc Zyngier (2): irqchip/gic-v2m: Fix SPI release on error path irqchip/gic-v3-its: Fix reprogramming of redistributors on CPU hotplug Marcelo Ricardo Leitner (1): sctp: fix erroneous inc of snmp SctpFragUsrMsgs Marek Szyprowski (5): arm64: dma-mapping: clear buffers allocated with FORCE_CONTIGUOUS flag dmaengine: pl330: report BURST residue granularity drm/exynos: gsc: Fix support for NV16/61, YUV420/YVU420 and YUV422 modes drm/exynos: decon5433: Fix per-plane global alpha for XRGB modes drm/exynos: decon5433: Fix WINCONx reset value Martin Blumenstingl (1): ARM64: dts: meson-gxl: fix Mali GPU compatible string Masahiro Yamada (2): clk: sunxi-ng: replace lib-y with obj-y kbuild: suppress warnings from 'getconf LFS_*' Mathieu Malaterre (1): tracing: Use __printf markup to silence compiler Matthijs van Duin (1): pty: fix O_CLOEXEC for TIOCGPTPEER Mauricio Vasquez B (1): bpf: hash map: decrement counter on error Max Gurtuvoy (1): nvmet: reset keep alive timer in controller enable Michael Chan (3): bnxt_en: Fix inconsistent BNXT_FLAG_AGG_RINGS logic. bnxt_en: Always set output parameters in bnxt_get_max_rings(). bnxt_en: Do not modify max IRQ count after RDMA driver requests/frees IRQs. Michael Hennerich (2): net: ieee802154: adf7242: Fix erroneous RX enable net: ieee802154: adf7242: Fix OCL calibration runs Michael Trimarchi (1): brcmfmac: stop watchdog before detach and free everything Mika Westerberg (1): ACPI / EC: Use ec_no_wakeup on Thinkpad X1 Carbon 6th Mikko Perttunen (1): drm/tegra: Fix comparison operator for buffer size Minas Harutyunyan (2): usb: dwc2: gadget: Fix issue in dwc2_gadget_start_isoc() dwc2: gadget: Fix ISOC IN DDMA PID bitfield value calculation Myron Stowe (1): PCI: Skip MPS logic for Virtual Functions (VFs) Nicholas Mc Guire (3): PCI: xilinx: Add missing of_node_put() PCI: xilinx-nwl: Add missing of_node_put() PCI: faraday: Add missing of_node_put() Nicholas Piggin (1): powerpc: smp_send_stop do not offline stopped CPUs Nicolas Boichat (1): HID: google: Add support for whiskers Nishanth Menon (1): ARM: DRA7/OMAP5: Enable ACTLR[0] (Enable invalidates of BTB) for secondary cores Palmer Dabbelt (1): RISC-V: Don't include irq-riscv-intc.h Paolo Abeni (1): ipfrag: really prevent allocation on netns exit Paul Cercueil (1): pinctrl: ingenic: Fix inverted direction for < JZ4770 Paul Moore (1): ipv6: make ipv6_renew_options() interrupt/kernel safe Pavel Machek (1): ARM: dts: omap4-droid4: fix dts w.r.t. pwm Peng Hao (1): kvmclock: fix TSC calibration for nested guests Peter Chen (1): usb: chipidea: host: fix disconnection detect issue Peter Zijlstra (2): kthread, sched/core: Fix kthread_parkme() (again...) ARC: Improve cmpxchg syscall implementation Qu Wenruo (1): btrfs: scrub: Don't use inode page cache in scrub_handle_errored_block() Rafael J. Wysocki (1): PCI / ACPI / PM: Resume all bridges on suspend-to-RAM Randy Dunlap (2): net/ethernet/freescale/fman: fix cross-build error tcp: identify cryptic messages as TCP seq # bugs Ravi Bangoria (2): perf script: Fix crash because of missing evsel->priv perf tools: Fix crash caused by accessing feat_ops[HEADER_LAST_FEATURE] Ray Jui (5): ARM: dts: Cygnus: Fix I2C controller interrupt type ARM: dts: Cygnus: Fix PCIe controller interrupt type arm64: dts: ns2: Fix I2C controller interrupt type arm64: dts: ns2: Fix PCIe controller interrupt type arm64: dts: Stingray: Fix I2C controller interrupt type Rob Herring (1): arm64: dts: msm8916: fix Coresight ETF graph connections Robin H. Johnson (1): ACPI / EC: Use ec_no_wakeup on more Thinkpad X1 Carbon 6th systems Roland Dreier (1): nvme: fix handling of metadata_len for NVME_IOCTL_IO_CMD Russell King (4): drm/armada: fix colorkey mode property drm/armada: fix irq handling sfp: ensure we clean up properly on bus registration failure sfp: fix module initialisation with netdev already up Ryan Hsu (1): ath10k: update the phymode along with bandwidth change request Sagi Grimberg (1): nvme-rdma: fix possible double free condition when failing to create a controller Sandipan Das (1): perf report powerpc: Fix crash if callchain is empty Saurav Kashyap (1): scsi: qedf: Send the driver state to MFW Scott Bauer (1): nvme: ensure forward progress during Admin passthru Scott Branden (2): arm64: dts: specify 1.8V EMMC capabilities for bcm958742k arm64: dts: specify 1.8V EMMC capabilities for bcm958742t Sergei Shtylyov (8): PCI: OF: Fix I/O space page leak PCI: xgene: Fix I/O space page leak PCI: versatile: Fix I/O space page leak PCI: designware: Fix I/O space page leak PCI: aardvark: Fix I/O space page leak PCI: faraday: Fix I/O space page leak PCI: mediatek: Fix I/O space page leak PCI: v3-semi: Fix I/O space page leak Shuah Khan (Samsung OSG) (6): selftests: pstore: return Kselftest Skip code for skipped tests selftests: static_keys: return Kselftest Skip code for skipped tests selftests: sysctl: return Kselftest Skip code for skipped tests selftests: user: return Kselftest Skip code for skipped tests selftests: zram: return Kselftest Skip code for skipped tests selftests: vm: return Kselftest Skip code for skipped tests Sowmini Varadhan (1): rds: clean up loopback rds_connections on netns deletion Stafford Horne (1): openrisc: entry: Fix delay slot exception detection Stefan Agner (1): net: hamradio: use eth_broadcast_addr Stefan Schmidt (3): ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem ieee802154: at86rf230: use __func__ macro for debug messages ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem Stefan Wahren (3): net: qca_spi: Avoid packet drop during initial sync net: qca_spi: Make sure the QCA7000 reset is triggered net: qca_spi: Fix log level if probe fails Stephen Hemminger (1): hv/netvsc: fix handling of fallback to single queue mode Steve French (1): smb3: increase initial number of credits requested to allow write Steven Rostedt (VMware) (2): locking/lockdep: Do not record IRQ state within lockdep code ARM: 8780/1: ftrace: Only set kernel memory back to read-only after boot Sudarsana Reddy Kalluru (4): qed: Fix possible memory leak in Rx error path handling. qed: Add sanity check for SIMD fastpath handler. qed: Do not advertise DCBX_LLD_MANAGED capability. bnx2x: Fix receiving tx-timeout in error or recovery state. Sven Eckelmann (4): batman-adv: Fix bat_ogm_iv best gw refcnt after netlink dump batman-adv: Fix bat_v best gw refcnt after netlink dump batman-adv: Fix debugfs path for renamed hardif batman-adv: Fix debugfs path for renamed softif Taeung Song (4): samples/bpf: add missing <linux/if_vlan.h> samples/bpf: Check the result of system() samples/bpf: Check the error of write() and read() samples/bpf: Fix tc and ip paths in xdp2skb_meta.sh Takashi Iwai (2): ALSA: seq: Fix UBSAN warning at SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT ioctl EDAC: Add missing MEM_LRDDR4 entry in edac_mem_types[] Thomas Falcon (1): ibmvnic: Revise RX/TX queue error messages Thomas Richter (2): perf record: Support s390 random socket_id assignment perf test session topology: Fix test on s390 Tomasz Duszynski (1): iio: pressure: bmp280: fix relative humidity unit Trond Myklebust (1): pNFS: Always free the session slot on error in nfs4_layoutget_handle_exception Ursula Braun (1): net/smc: no shutdown in state SMC_LISTEN Uwe Kleine-König (1): ARM: dts: imx6: RDU2: fix irq type for mv88e6xxx switch Venkat Duvvuru (1): bnxt_en: Fix the vlan_tci exact match check. Vijay Immanuel (1): IB/rxe: Fix missing completion for mem_reg work requests Vikas Gupta (1): bnxt_en: Fix for system hang if request_irq fails Vincent Guittot (1): sched/util_est: Fix util_est_dequeue() for throttled cfs_rq Vincent Pelletier (1): usb: gadget: ffs: Fix BUG when userland exits with submitted AIO transfers Viresh Kumar (1): arm: dts: armada: Fix "#cooling-cells" property's name Vishal Verma (1): tools/testing/nvdimm: advertise a write cache for nfit_test Vladimir Zapolskiy (4): sh_eth: fix invalid context bug while calling auto-negotiation by ethtool sh_eth: fix invalid context bug while changing link options by ethtool ravb: fix invalid context bug while calling auto-negotiation by ethtool ravb: fix invalid context bug while changing link options by ethtool Wang Dongsheng (1): net: phy: marvell: change default m88e1510 LED configuration Wei Yongjun (1): pinctrl: nsp: Fix potential NULL dereference Will Deacon (1): arm64: Avoid flush_icache_range() in alternatives patching code Willem de Bruijn (2): packet: reset network header if packet shorter than ll reserved space packet: refine ring v3 block size test to hold one frame William Wu (2): usb: dwc2: alloc dma aligned buffer for isoc split in usb: dwc2: fix isoc split in transfer with no data Xunlei Pang (1): sched/fair: Fix bandwidth timer clock drift condition Yan, Zheng (1): ceph: fix dentry leak in splice_dentry() Yonghong Song (1): perf tools: Fix a clang 7.0 compilation error Yuchung Cheng (1): tcp: remove DELAYED ACK events in DCTCP Yuiko Oshino (1): smsc75xx: Add workaround for gigabit link up hardware errata. Zhen Lei (1): kasan: fix shadow_size calculation error in kasan_module_alloc Zhenzhong Duan (2): x86/microcode/intel: Fix memleak in save_microcode_patch() x86/mm/32: Initialize the CR4 shadow before __flush_tlb_all() Zhizhou Zhang (1): arm64: make secondary_start_kernel() notrace Zhouyang Jia (3): xen: add error handling for xenbus_printf scsi: xen-scsifront: add error handling for xenbus_printf xen/scsiback: add error handling for xenbus_printf Zhu Yanjun (1): IB/rxe: avoid double kfree skb piaojun (1): net/9p/client.c: put refcount of trans_mod in error case in parse_opts()

7 years, 2 months

1
1
0 0

Linux 4.18.5

by Greg KH

I'm announcing the release of the 4.18.5 kernel. All users of the 4.18 kernel series must upgrade. The updated 4.18.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.18.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 - arch/parisc/include/asm/spinlock.h | 8 +------ arch/parisc/kernel/syscall.S | 24 ++++++++++----------- arch/powerpc/kernel/security.c | 27 +++++++++++++++--------- arch/x86/include/asm/processor.h | 1 arch/x86/include/asm/set_memory.h | 1 arch/x86/mm/init.c | 37 ++++++++++++++++++++++++++++++--- arch/x86/mm/init_64.c | 8 +------ arch/x86/mm/pageattr.c | 13 +++++++++++ drivers/edac/edac_mc.c | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_pm.c | 3 +- drivers/gpu/drm/i915/gvt/kvmgt.c | 9 +++++++- drivers/i2c/busses/i2c-imx.c | 8 +++---- drivers/i2c/i2c-core-acpi.c | 11 +++++++-- drivers/pci/controller/pci-aardvark.c | 1 drivers/pci/hotplug/pci_hotplug_core.c | 9 ++++++++ drivers/pci/hotplug/pciehp.h | 1 drivers/pci/hotplug/pciehp_core.c | 7 ++++++ drivers/pci/hotplug/pciehp_hpc.c | 18 ++++------------ drivers/pci/pci-acpi.c | 6 +---- drivers/pci/pci.c | 28 ++++++++++++++++++++++++ drivers/pci/probe.c | 4 +++ drivers/tty/pty.c | 2 - fs/ext4/mballoc.c | 4 ++- fs/reiserfs/xattr.c | 4 ++- mm/page_alloc.c | 16 ++++++++++++-- 26 files changed, 184 insertions(+), 69 deletions(-) Christian König (1): PCI: Restore resized BAR state on resume Dave Hansen (4): mm: Allow non-direct-map arguments to free_reserved_area() x86/mm/init: Pass unconverted symbol addresses to free_init_pages() x86/mm/init: Add helper for freeing kernel image pages x86/mm/init: Remove freed kernel image areas from alias mapping Esben Haabendal (1): i2c: imx: Fix race condition in dma read Greg Kroah-Hartman (1): Linux 4.18.5 Gustavo A. R. Silva (2): drm/i915/kvmgt: Fix potential Spectre v1 drm/amdgpu/pm: Fix potential Spectre v1 Hans de Goede (1): i2c: core: ACPI: Properly set status byte to 0 for multi-byte writes Jann Horn (1): reiserfs: fix broken xattr handling (heap corruption, bad retval) Jeremy Cline (1): ext4: fix spectre gadget in ext4_mb_regular_allocator() John David Anglin (2): parisc: Remove unnecessary barriers from spinlock.h parisc: Remove ordered stores from syscall.S Lukas Wunner (3): PCI: hotplug: Don't leak pci_slot on registration failure PCI: pciehp: Fix use-after-free on unplug PCI: pciehp: Fix unprotected list iteration in IRQ handler Matthijs van Duin (1): pty: fix O_CLOEXEC for TIOCGPTPEER Michael Ellerman (1): powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2 Myron Stowe (1): PCI: Skip MPS logic for Virtual Functions (VFs) Rafael J. Wysocki (1): PCI / ACPI / PM: Resume all bridges on suspend-to-RAM Takashi Iwai (1): EDAC: Add missing MEM_LRDDR4 entry in edac_mem_types[] Zachary Zhang (1): PCI: aardvark: Size bridges before resources allocation

7 years, 2 months

1
1
0 0

[PATCH 4.14.y] PCI: OF: Fix I/O space page leak

by Sergei Shtylyov

Commit a5fb9fb023a1435f2b42bccd7f547560f3a21dc3 upstream. When testing the R-Car PCIe driver on the Condor board, if the PCIe PHY driver was left disabled, the kernel crashed with this BUG: kernel BUG at lib/ioremap.c:72! Internal error: Oops - BUG: 0 [#1] PREEMPT SMP Modules linked in: CPU: 0 PID: 39 Comm: kworker/0:1 Not tainted 4.17.0-dirty #1092 Hardware name: Renesas Condor board based on r8a77980 (DT) Workqueue: events deferred_probe_work_func pstate: 80000005 (Nzcv daif -PAN -UAO) pc : ioremap_page_range+0x370/0x3c8 lr : ioremap_page_range+0x40/0x3c8 sp : ffff000008da39e0 x29: ffff000008da39e0 x28: 00e8000000000f07 x27: ffff7dfffee00000 x26: 0140000000000000 x25: ffff7dfffef00000 x24: 00000000000fe100 x23: ffff80007b906000 x22: ffff000008ab8000 x21: ffff000008bb1d58 x20: ffff7dfffef00000 x19: ffff800009c30fb8 x18: 0000000000000001 x17: 00000000000152d0 x16: 00000000014012d0 x15: 0000000000000000 x14: 0720072007200720 x13: 0720072007200720 x12: 0720072007200720 x11: 0720072007300730 x10: 00000000000000ae x9 : 0000000000000000 x8 : ffff7dffff000000 x7 : 0000000000000000 x6 : 0000000000000100 x5 : 0000000000000000 x4 : 000000007b906000 x3 : ffff80007c61a880 x2 : ffff7dfffeefffff x1 : 0000000040000000 x0 : 00e80000fe100f07 Process kworker/0:1 (pid: 39, stack limit = 0x (ptrval)) Call trace: ioremap_page_range+0x370/0x3c8 pci_remap_iospace+0x7c/0xac pci_parse_request_of_pci_ranges+0x13c/0x190 rcar_pcie_probe+0x4c/0xb04 platform_drv_probe+0x50/0xbc driver_probe_device+0x21c/0x308 __device_attach_driver+0x98/0xc8 bus_for_each_drv+0x54/0x94 __device_attach+0xc4/0x12c device_initial_probe+0x10/0x18 bus_probe_device+0x90/0x98 deferred_probe_work_func+0xb0/0x150 process_one_work+0x12c/0x29c worker_thread+0x200/0x3fc kthread+0x108/0x134 ret_from_fork+0x10/0x18 Code: f9004ba2 54000080 aa0003fb 17ffff48 (d4210000) It turned out that pci_remap_iospace() wasn't undone when the driver's probe failed, and since devm_phy_optional_get() returned -EPROBE_DEFER, the probe was retried, finally causing the BUG due to trying to remap already remapped pages. Introduce the devm_pci_remap_iospace() managed API and replace the pci_remap_iospace() call with it to fix the bug. Fixes: dbf9826d5797 ("PCI: generic: Convert to DT resource parsing API") Signed-off-by: Sergei Shtylyov <sergei.shtylyov(a)cogentembedded.com> [lorenzo.pieralisi(a)arm.com: split commit/updated the commit log] Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi(a)arm.com> Signed-off-by: Bjorn Helgaas <bhelgaas(a)google.com> Reviewed-by: Linus Walleij <linus.walleij(a)linaro.org> --- drivers/pci/host/pci-host-common.c | 2 - drivers/pci/host/pcie-rcar.c | 2 - drivers/pci/pci.c | 38 +++++++++++++++++++++++++++++++++++++ include/linux/pci.h | 2 + 4 files changed, 42 insertions(+), 2 deletions(-) Index: linux-stable/drivers/pci/host/pci-host-common.c =================================================================== --- linux-stable.orig/drivers/pci/host/pci-host-common.c +++ linux-stable/drivers/pci/host/pci-host-common.c @@ -45,7 +45,7 @@ static int gen_pci_parse_request_of_pci_ switch (resource_type(res)) { case IORESOURCE_IO: - err = pci_remap_iospace(res, iobase); + err = devm_pci_remap_iospace(dev, res, iobase); if (err) { dev_warn(dev, "error %d: failed to map resource %pR\n", err, res); Index: linux-stable/drivers/pci/host/pcie-rcar.c =================================================================== --- linux-stable.orig/drivers/pci/host/pcie-rcar.c +++ linux-stable/drivers/pci/host/pcie-rcar.c @@ -1105,7 +1105,7 @@ static int rcar_pcie_parse_request_of_pc struct resource *res = win->res; if (resource_type(res) == IORESOURCE_IO) { - err = pci_remap_iospace(res, iobase); + err = devm_pci_remap_iospace(dev, res, iobase); if (err) { dev_warn(dev, "error %d: failed to map resource %pR\n", err, res); Index: linux-stable/drivers/pci/pci.c =================================================================== --- linux-stable.orig/drivers/pci/pci.c +++ linux-stable/drivers/pci/pci.c @@ -3446,6 +3446,44 @@ void pci_unmap_iospace(struct resource * } EXPORT_SYMBOL(pci_unmap_iospace); +static void devm_pci_unmap_iospace(struct device *dev, void *ptr) +{ + struct resource **res = ptr; + + pci_unmap_iospace(*res); +} + +/** + * devm_pci_remap_iospace - Managed pci_remap_iospace() + * @dev: Generic device to remap IO address for + * @res: Resource describing the I/O space + * @phys_addr: physical address of range to be mapped + * + * Managed pci_remap_iospace(). Map is automatically unmapped on driver + * detach. + */ +int devm_pci_remap_iospace(struct device *dev, const struct resource *res, + phys_addr_t phys_addr) +{ + const struct resource **ptr; + int error; + + ptr = devres_alloc(devm_pci_unmap_iospace, sizeof(*ptr), GFP_KERNEL); + if (!ptr) + return -ENOMEM; + + error = pci_remap_iospace(res, phys_addr); + if (error) { + devres_free(ptr); + } else { + *ptr = res; + devres_add(dev, ptr); + } + + return error; +} +EXPORT_SYMBOL(devm_pci_remap_iospace); + /** * devm_pci_remap_cfgspace - Managed pci_remap_cfgspace() * @dev: Generic device to remap IO address for Index: linux-stable/include/linux/pci.h =================================================================== --- linux-stable.orig/include/linux/pci.h +++ linux-stable/include/linux/pci.h @@ -1235,6 +1235,8 @@ int pci_register_io_range(phys_addr_t ad unsigned long pci_address_to_pio(phys_addr_t addr); phys_addr_t pci_pio_to_address(unsigned long pio); int pci_remap_iospace(const struct resource *res, phys_addr_t phys_addr); +int devm_pci_remap_iospace(struct device *dev, const struct resource *res, + phys_addr_t phys_addr); void pci_unmap_iospace(struct resource *res); void __iomem *devm_pci_remap_cfgspace(struct device *dev, resource_size_t offset,

7 years, 2 months

2
1
0 0

[PATCH v2 4.9.y] PCI: OF: Fix I/O space page leak

by Sergei Shtylyov

Commit a5fb9fb023a1435f2b42bccd7f547560f3a21dc3 upstream. When testing the R-Car PCIe driver on the Condor board, if the PCIe PHY driver was left disabled, the kernel crashed with this BUG: kernel BUG at lib/ioremap.c:72! Internal error: Oops - BUG: 0 [#1] PREEMPT SMP Modules linked in: CPU: 0 PID: 39 Comm: kworker/0:1 Not tainted 4.17.0-dirty #1092 Hardware name: Renesas Condor board based on r8a77980 (DT) Workqueue: events deferred_probe_work_func pstate: 80000005 (Nzcv daif -PAN -UAO) pc : ioremap_page_range+0x370/0x3c8 lr : ioremap_page_range+0x40/0x3c8 sp : ffff000008da39e0 x29: ffff000008da39e0 x28: 00e8000000000f07 x27: ffff7dfffee00000 x26: 0140000000000000 x25: ffff7dfffef00000 x24: 00000000000fe100 x23: ffff80007b906000 x22: ffff000008ab8000 x21: ffff000008bb1d58 x20: ffff7dfffef00000 x19: ffff800009c30fb8 x18: 0000000000000001 x17: 00000000000152d0 x16: 00000000014012d0 x15: 0000000000000000 x14: 0720072007200720 x13: 0720072007200720 x12: 0720072007200720 x11: 0720072007300730 x10: 00000000000000ae x9 : 0000000000000000 x8 : ffff7dffff000000 x7 : 0000000000000000 x6 : 0000000000000100 x5 : 0000000000000000 x4 : 000000007b906000 x3 : ffff80007c61a880 x2 : ffff7dfffeefffff x1 : 0000000040000000 x0 : 00e80000fe100f07 Process kworker/0:1 (pid: 39, stack limit = 0x (ptrval)) Call trace: ioremap_page_range+0x370/0x3c8 pci_remap_iospace+0x7c/0xac pci_parse_request_of_pci_ranges+0x13c/0x190 rcar_pcie_probe+0x4c/0xb04 platform_drv_probe+0x50/0xbc driver_probe_device+0x21c/0x308 __device_attach_driver+0x98/0xc8 bus_for_each_drv+0x54/0x94 __device_attach+0xc4/0x12c device_initial_probe+0x10/0x18 bus_probe_device+0x90/0x98 deferred_probe_work_func+0xb0/0x150 process_one_work+0x12c/0x29c worker_thread+0x200/0x3fc kthread+0x108/0x134 ret_from_fork+0x10/0x18 Code: f9004ba2 54000080 aa0003fb 17ffff48 (d4210000) It turned out that pci_remap_iospace() wasn't undone when the driver's probe failed, and since devm_phy_optional_get() returned -EPROBE_DEFER, the probe was retried, finally causing the BUG due to trying to remap already remapped pages. Introduce the devm_pci_remap_iospace() managed API and replace the pci_remap_iospace() call with it to fix the bug. Fixes: dbf9826d5797 ("PCI: generic: Convert to DT resource parsing API") Signed-off-by: Sergei Shtylyov <sergei.shtylyov(a)cogentembedded.com> [lorenzo.pieralisi(a)arm.com: split commit/updated the commit log] Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi(a)arm.com> Signed-off-by: Bjorn Helgaas <bhelgaas(a)google.com> Reviewed-by: Linus Walleij <linus.walleij(a)linaro.org> --- drivers/pci/host/pci-host-common.c | 2 - drivers/pci/host/pcie-rcar.c | 2 - drivers/pci/pci.c | 38 +++++++++++++++++++++++++++++++++++++ include/linux/pci.h | 2 + 4 files changed, 42 insertions(+), 2 deletions(-) Index: linux-stable/drivers/pci/host/pci-host-common.c =================================================================== --- linux-stable.orig/drivers/pci/host/pci-host-common.c +++ linux-stable/drivers/pci/host/pci-host-common.c @@ -45,7 +45,7 @@ static int gen_pci_parse_request_of_pci_ switch (resource_type(res)) { case IORESOURCE_IO: - err = pci_remap_iospace(res, iobase); + err = devm_pci_remap_iospace(dev, res, iobase); if (err) { dev_warn(dev, "error %d: failed to map resource %pR\n", err, res); Index: linux-stable/drivers/pci/host/pcie-rcar.c =================================================================== --- linux-stable.orig/drivers/pci/host/pcie-rcar.c +++ linux-stable/drivers/pci/host/pcie-rcar.c @@ -1102,7 +1102,7 @@ static int rcar_pcie_parse_request_of_pc struct resource *res = win->res; if (resource_type(res) == IORESOURCE_IO) { - err = pci_remap_iospace(res, iobase); + err = devm_pci_remap_iospace(dev, res, iobase); if (err) { dev_warn(dev, "error %d: failed to map resource %pR\n", err, res); Index: linux-stable/drivers/pci/pci.c =================================================================== --- linux-stable.orig/drivers/pci/pci.c +++ linux-stable/drivers/pci/pci.c @@ -3407,6 +3407,44 @@ void pci_unmap_iospace(struct resource * #endif } +static void devm_pci_unmap_iospace(struct device *dev, void *ptr) +{ + struct resource **res = ptr; + + pci_unmap_iospace(*res); +} + +/** + * devm_pci_remap_iospace - Managed pci_remap_iospace() + * @dev: Generic device to remap IO address for + * @res: Resource describing the I/O space + * @phys_addr: physical address of range to be mapped + * + * Managed pci_remap_iospace(). Map is automatically unmapped on driver + * detach. + */ +int devm_pci_remap_iospace(struct device *dev, const struct resource *res, + phys_addr_t phys_addr) +{ + const struct resource **ptr; + int error; + + ptr = devres_alloc(devm_pci_unmap_iospace, sizeof(*ptr), GFP_KERNEL); + if (!ptr) + return -ENOMEM; + + error = pci_remap_iospace(res, phys_addr); + if (error) { + devres_free(ptr); + } else { + *ptr = res; + devres_add(dev, ptr); + } + + return error; +} +EXPORT_SYMBOL(devm_pci_remap_iospace); + static void __pci_set_master(struct pci_dev *dev, bool enable) { u16 old_cmd, cmd; Index: linux-stable/include/linux/pci.h =================================================================== --- linux-stable.orig/include/linux/pci.h +++ linux-stable/include/linux/pci.h @@ -1190,6 +1190,8 @@ int pci_register_io_range(phys_addr_t ad unsigned long pci_address_to_pio(phys_addr_t addr); phys_addr_t pci_pio_to_address(unsigned long pio); int pci_remap_iospace(const struct resource *res, phys_addr_t phys_addr); +int devm_pci_remap_iospace(struct device *dev, const struct resource *res, + phys_addr_t phys_addr); void pci_unmap_iospace(struct resource *res); static inline pci_bus_addr_t pci_bus_address(struct pci_dev *pdev, int bar)

7 years, 2 months

2
1
0 0

[PATCH 4/9] mmc: meson-mx-sdio: fix OF child-node lookup

by Johan Hovold

Use the new of_get_compatible_child() helper to lookup the slot child node instead of using of_find_compatible_node(), which searches the entire tree and thus can return an unrelated (i.e. non-child) node. This also addresses a potential use-after-free (e.g. after probe deferral) as the tree-wide helper drops a reference to its first argument (i.e. the node of the device being probed). While at it, also fix up the related slot-node reference leak. Fixes: ed80a13bb4c4 ("mmc: meson-mx-sdio: Add a driver for the Amlogic Meson8 and Meson8b SoCs") Cc: stable <stable(a)vger.kernel.org> # 4.15 Cc: Carlo Caione <carlo(a)endlessm.com> Cc: Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> Cc: Ulf Hansson <ulf.hansson(a)linaro.org> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/mmc/host/meson-mx-sdio.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/mmc/host/meson-mx-sdio.c b/drivers/mmc/host/meson-mx-sdio.c index 09cb89645d06..2cfec33178c1 100644 --- a/drivers/mmc/host/meson-mx-sdio.c +++ b/drivers/mmc/host/meson-mx-sdio.c @@ -517,19 +517,23 @@ static struct mmc_host_ops meson_mx_mmc_ops = { static struct platform_device *meson_mx_mmc_slot_pdev(struct device *parent) { struct device_node *slot_node; + struct platform_device *pdev; /* * TODO: the MMC core framework currently does not support * controllers with multiple slots properly. So we only register * the first slot for now */ - slot_node = of_find_compatible_node(parent->of_node, NULL, "mmc-slot"); + slot_node = of_get_compatible_child(parent->of_node, "mmc-slot"); if (!slot_node) { dev_warn(parent, "no 'mmc-slot' sub-node found\n"); return ERR_PTR(-ENOENT); } - return of_platform_device_create(slot_node, NULL, parent); + pdev = of_platform_device_create(slot_node, NULL, parent); + of_node_put(slot_node); + + return pdev; } static int meson_mx_mmc_add_host(struct meson_mx_mmc_host *host) -- 2.18.0

7 years, 2 months

2
2
0 0

[PATCH 4.18 00/22] 4.18.5-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.18.5 release. There are 22 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat Aug 25 07:47:43 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.18.5-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.18.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.18.5-rc1 Jann Horn <jannh(a)google.com> reiserfs: fix broken xattr handling (heap corruption, bad retval) Esben Haabendal <eha(a)deif.com> i2c: imx: Fix race condition in dma read Hans de Goede <hdegoede(a)redhat.com> i2c: core: ACPI: Properly set status byte to 0 for multi-byte writes Lukas Wunner <lukas(a)wunner.de> PCI: pciehp: Fix unprotected list iteration in IRQ handler Lukas Wunner <lukas(a)wunner.de> PCI: pciehp: Fix use-after-free on unplug Myron Stowe <myron.stowe(a)redhat.com> PCI: Skip MPS logic for Virtual Functions (VFs) Zachary Zhang <zhangzg(a)marvell.com> PCI: aardvark: Size bridges before resources allocation Lukas Wunner <lukas(a)wunner.de> PCI: hotplug: Don't leak pci_slot on registration failure Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PCI / ACPI / PM: Resume all bridges on suspend-to-RAM Christian König <ckoenig.leichtzumerken(a)gmail.com> PCI: Restore resized BAR state on resume John David Anglin <dave.anglin(a)bell.net> parisc: Remove ordered stores from syscall.S John David Anglin <dave.anglin(a)bell.net> parisc: Remove unnecessary barriers from spinlock.h Gustavo A. R. Silva <gustavo(a)embeddedor.com> drm/amdgpu/pm: Fix potential Spectre v1 Gustavo A. R. Silva <gustavo(a)embeddedor.com> drm/i915/kvmgt: Fix potential Spectre v1 Jeremy Cline <jcline(a)redhat.com> ext4: fix spectre gadget in ext4_mb_regular_allocator() Michael Ellerman <mpe(a)ellerman.id.au> powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2 Dave Hansen <dave.hansen(a)linux.intel.com> x86/mm/init: Remove freed kernel image areas from alias mapping Dave Hansen <dave.hansen(a)linux.intel.com> x86/mm/init: Add helper for freeing kernel image pages Dave Hansen <dave.hansen(a)linux.intel.com> x86/mm/init: Pass unconverted symbol addresses to free_init_pages() Dave Hansen <dave.hansen(a)linux.intel.com> mm: Allow non-direct-map arguments to free_reserved_area() Matthijs van Duin <matthijsvanduin(a)gmail.com> pty: fix O_CLOEXEC for TIOCGPTPEER Takashi Iwai <tiwai(a)suse.de> EDAC: Add missing MEM_LRDDR4 entry in edac_mem_types[] ------------- Diffstat: Makefile | 4 ++-- arch/parisc/include/asm/spinlock.h | 8 ++------ arch/parisc/kernel/syscall.S | 24 +++++++++++----------- arch/powerpc/kernel/security.c | 27 ++++++++++++++++--------- arch/x86/include/asm/processor.h | 1 + arch/x86/include/asm/set_memory.h | 1 + arch/x86/mm/init.c | 37 +++++++++++++++++++++++++++++++--- arch/x86/mm/init_64.c | 8 ++------ arch/x86/mm/pageattr.c | 13 ++++++++++++ drivers/edac/edac_mc.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_pm.c | 3 ++- drivers/gpu/drm/i915/gvt/kvmgt.c | 9 ++++++++- drivers/i2c/busses/i2c-imx.c | 8 ++++---- drivers/i2c/i2c-core-acpi.c | 11 +++++++--- drivers/pci/controller/pci-aardvark.c | 1 + drivers/pci/hotplug/pci_hotplug_core.c | 9 +++++++++ drivers/pci/hotplug/pciehp.h | 1 + drivers/pci/hotplug/pciehp_core.c | 7 +++++++ drivers/pci/hotplug/pciehp_hpc.c | 18 +++++------------ drivers/pci/pci-acpi.c | 6 ++---- drivers/pci/pci.c | 28 +++++++++++++++++++++++++ drivers/pci/probe.c | 4 ++++ drivers/tty/pty.c | 2 +- fs/ext4/mballoc.c | 4 +++- fs/reiserfs/xattr.c | 4 +++- mm/page_alloc.c | 16 +++++++++++++-- 26 files changed, 185 insertions(+), 70 deletions(-)

7 years, 2 months

4
24
0 0

[PATCH 4.9 000/130] 4.9.124-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.9.124 release. There are 130 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat Aug 25 07:48:45 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.124-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.9.124-rc1 Jann Horn <jannh(a)google.com> reiserfs: fix broken xattr handling (heap corruption, bad retval) Esben Haabendal <eha(a)deif.com> i2c: imx: Fix race condition in dma read Lukas Wunner <lukas(a)wunner.de> PCI: pciehp: Fix unprotected list iteration in IRQ handler Lukas Wunner <lukas(a)wunner.de> PCI: pciehp: Fix use-after-free on unplug Myron Stowe <myron.stowe(a)redhat.com> PCI: Skip MPS logic for Virtual Functions (VFs) Lukas Wunner <lukas(a)wunner.de> PCI: hotplug: Don't leak pci_slot on registration failure Sergei Shtylyov <sergei.shtylyov(a)cogentembedded.com> PCI: OF: Fix I/O space page leak John David Anglin <dave.anglin(a)bell.net> parisc: Remove unnecessary barriers from spinlock.h Willem de Bruijn <willemb(a)google.com> packet: refine ring v3 block size test to hold one frame Florian Westphal <fw(a)strlen.de> netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state Eric Dumazet <edumazet(a)google.com> xfrm_user: prevent leaking 2 bytes of kernel memory John David Anglin <dave.anglin(a)bell.net> parisc: Remove ordered stores from syscall.S Jeremy Cline <jcline(a)redhat.com> ext4: fix spectre gadget in ext4_mb_regular_allocator() Paolo Bonzini <pbonzini(a)redhat.com> KVM: irqfd: fix race between EPOLLHUP and irq_bypass_register_consumer Randy Dunlap <rdunlap(a)infradead.org> tcp: identify cryptic messages as TCP seq # bugs Stefan Wahren <stefan.wahren(a)i2se.com> net: qca_spi: Fix log level if probe fails Stefan Wahren <stefan.wahren(a)i2se.com> net: qca_spi: Make sure the QCA7000 reset is triggered Stefan Wahren <stefan.wahren(a)i2se.com> net: qca_spi: Avoid packet drop during initial sync Sergei Shtylyov <sergei.shtylyov(a)cogentembedded.com> PCI: versatile: Fix I/O space page leak David Lechner <david(a)lechnology.com> net: usb: rtl8150: demote allmulti message to dev_dbg() Randy Dunlap <rdunlap(a)infradead.org> net/ethernet/freescale/fman: fix cross-build error Dan Carpenter <dan.carpenter(a)oracle.com> drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply() Wei Yongjun <weiyongjun1(a)huawei.com> pinctrl: nsp: Fix potential NULL dereference Dan Carpenter <dan.carpenter(a)oracle.com> pinctrl: nsp: off by ones in nsp_pinmux_enable() Yuchung Cheng <ycheng(a)google.com> tcp: remove DELAYED ACK events in DCTCP Dan Carpenter <dan.carpenter(a)oracle.com> qlogic: check kstrtoul() for errors Willem de Bruijn <willemb(a)google.com> packet: reset network header if packet shorter than ll reserved space Laura Abbott <labbott(a)redhat.com> tools: build: Use HOSTLDFLAGS with fixdep Alexander Duyck <alexander.h.duyck(a)intel.com> ixgbe: Be more careful when modifying MAC filters Adam Ford <aford173(a)gmail.com> ARM: dts: am3517.dtsi: Disable reference to OMAP3 OTG controller Nishanth Menon <nm(a)ti.com> ARM: DRA7/OMAP5: Enable ACTLR[0] (Enable invalidates of BTB) for secondary cores Steven Rostedt (VMware) <rostedt(a)goodmis.org> ARM: 8780/1: ftrace: Only set kernel memory back to read-only after boot Kamal Heib <kamalheib1(a)gmail.com> RDMA/mlx5: Fix memory leak in mlx5_ib_create_srq() error path Dave Jiang <dave.jiang(a)intel.com> nfit: fix unchecked dereference in acpi_nfit_ctl Kim Phillips <kim.phillips(a)arm.com> perf llvm-utils: Remove bashism from kernel include fetch script Vikas Gupta <vikas.gupta(a)broadcom.com> bnxt_en: Fix for system hang if request_irq fails Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Always set output parameters in bnxt_get_max_rings(). Peter Zijlstra <peterz(a)infradead.org> ARC: Improve cmpxchg syscall implementation Andrey Ryabinin <aryabinin(a)virtuozzo.com> netfilter: nf_conntrack: Fix possible possible crash on module loading. Russell King <rmk+kernel(a)armlinux.org.uk> drm/armada: fix colorkey mode property Stefan Schmidt <stefan(a)datenfreihafen.org> ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem Stefan Schmidt <stefan(a)datenfreihafen.org> ieee802154: at86rf230: use __func__ macro for debug messages Stefan Schmidt <stefan(a)datenfreihafen.org> ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem Davide Caratti <dcaratti(a)redhat.com> net/sched: act_tunnel_key: fix NULL dereference when 'goto chain' is used Daniel Mack <daniel(a)zonque.org> ARM: pxa: irq: fix handling of ICMR registers in suspend/resume Vladimir Zapolskiy <vladimir_zapolskiy(a)mentor.com> ravb: fix invalid context bug while changing link options by ethtool Vladimir Zapolskiy <vladimir_zapolskiy(a)mentor.com> ravb: fix invalid context bug while calling auto-negotiation by ethtool Vladimir Zapolskiy <vladimir_zapolskiy(a)mentor.com> sh_eth: fix invalid context bug while changing link options by ethtool Vladimir Zapolskiy <vladimir_zapolskiy(a)mentor.com> sh_eth: fix invalid context bug while calling auto-negotiation by ethtool Arun Kumar Neelakantam <aneela(a)codeaurora.org> net: qrtr: Broadcast messages only from control port Paul Moore <paul(a)paul-moore.com> ipv6: make ipv6_renew_options() interrupt/kernel safe Florian Westphal <fw(a)strlen.de> netfilter: x_tables: set module owner for icmp(6) matches Lubomir Rintel <lkundrak(a)v3.sk> ieee802154: 6lowpan: set IFLA_LINK Taeung Song <treeze.taeung(a)gmail.com> samples/bpf: Check the error of write() and read() Taeung Song <treeze.taeung(a)gmail.com> samples/bpf: add missing <linux/if_vlan.h> Yuiko Oshino <yuiko.oshino(a)microchip.com> smsc75xx: Add workaround for gigabit link up hardware errata. Zhen Lei <thunder.leizhen(a)huawei.com> kasan: fix shadow_size calculation error in kasan_module_alloc Mathieu Malaterre <malat(a)debian.org> tracing: Use __printf markup to silence compiler Fabio Estevam <fabio.estevam(a)nxp.com> ARM: imx_v4_v5_defconfig: Select ULPI support Fabio Estevam <fabio.estevam(a)nxp.com> ARM: imx_v6_v7_defconfig: Select ULPI support Jason Gerecke <killertofu(a)gmail.com> HID: wacom: Correct touch maximum XY of 2nd-gen Intuos Hangbin Liu <liuhangbin(a)gmail.com> ipvlan: call dev_change_flags when ipvlan mode is reset Josh Poimboeuf <jpoimboe(a)redhat.com> objtool: Support GCC 8 '-fnoreorder-functions' Greg Ungerer <gerg(a)linux-m68k.org> m68k: fix "bad page state" oops on ColdFire boot Dave Jiang <dave.jiang(a)intel.com> acpi/nfit: fix cmd_rc for acpi_nfit_ctl to always return a value Sudarsana Reddy Kalluru <sudarsana.kalluru(a)cavium.com> bnx2x: Fix receiving tx-timeout in error or recovery state. Nicholas Mc Guire <hofrat(a)osadl.org> PCI: xilinx-nwl: Add missing of_node_put() Nicholas Mc Guire <hofrat(a)osadl.org> PCI: xilinx: Add missing of_node_put() Daniel Borkmann <daniel(a)iogearbox.net> bpf, s390: fix potential memleak when later bpf_jit_prog fails Marek Szyprowski <m.szyprowski(a)samsung.com> drm/exynos: decon5433: Fix WINCONx reset value Marek Szyprowski <m.szyprowski(a)samsung.com> drm/exynos: decon5433: Fix per-plane global alpha for XRGB modes Marek Szyprowski <m.szyprowski(a)samsung.com> drm/exynos: gsc: Fix support for NV16/61, YUV420/YVU420 and YUV422 modes Bob Copeland <me(a)bobcopeland.com> nl80211: relax ht operation checks for mesh BingJing Chang <bingjingc(a)synology.com> md/raid10: fix that replacement cannot complete recovery after reassemble Dan Carpenter <dan.carpenter(a)oracle.com> dmaengine: k3dma: Off by one in k3_of_dma_simple_xlate() Marek Szyprowski <m.szyprowski(a)samsung.com> dmaengine: pl330: report BURST residue granularity Keerthy <j-keerthy(a)ti.com> ARM: dts: da850: Fix interrups property for gpio Andy Lutomirski <luto(a)kernel.org> selftests/x86/sigreturn: Do minor cleanups Andy Lutomirski <luto(a)kernel.org> selftests/x86/sigreturn/64: Fix spurious failures on AMD CPUs Yan, Zheng <zyan(a)redhat.com> ceph: fix dentry leak in splice_dentry() Jann Horn <jannh(a)google.com> netfilter: nf_log: fix uninit read in nf_log_proc_dostring Jiri Olsa <jolsa(a)kernel.org> perf bench: Fix numa report output code Sandipan Das <sandipan(a)linux.ibm.com> perf report powerpc: Fix crash if callchain is empty Thomas Richter <tmricht(a)linux.ibm.com> perf test session topology: Fix test on s390 Hans de Goede <hdegoede(a)redhat.com> NFC: pn533: Fix wrong GFP flag usage Ajay Gupta <ajaykuee(a)gmail.com> usb: xhci: increase CRS timeout value Dongjiu Geng <gengdongjiu(a)huawei.com> usb: xhci: remove the code build warning Takashi Iwai <tiwai(a)suse.de> ALSA: seq: Fix UBSAN warning at SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT ioctl Daniel Mack <daniel(a)zonque.org> ARM: dts: am437x: make edt-ft5x06 a wakeup source Michael Trimarchi <michael(a)amarulasolutions.com> brcmfmac: stop watchdog before detach and free everything Tomasz Duszynski <tduszyns(a)gmail.com> iio: pressure: bmp280: fix relative humidity unit Ganesh Goudar <ganeshgr(a)chelsio.com> cxgb4: when disabling dcb set txq dcb priority to 0 Sven Eckelmann <sven(a)narfation.org> batman-adv: Fix bat_v best gw refcnt after netlink dump Sven Eckelmann <sven(a)narfation.org> batman-adv: Fix bat_ogm_iv best gw refcnt after netlink dump Casey Schaufler <casey(a)schaufler-ca.com> Smack: Mark inode instant in smack_task_to_inode Hangbin Liu <liuhangbin(a)gmail.com> ipv6: mcast: fix unsolicited report interval after receiving querys Steven Rostedt (VMware) <rostedt(a)goodmis.org> locking/lockdep: Do not record IRQ state within lockdep code Ard Biesheuvel <ard.biesheuvel(a)linaro.org> KVM: arm/arm64: Drop resource size check for GICV window Bartosz Golaszewski <bgolaszewski(a)baylibre.com> net: davinci_emac: match the mdio device against its compatible if possible Alexey Brodkin <Alexey.Brodkin(a)synopsys.com> ARC: Enable machine_desc->init_per_cpu for !CONFIG_SMP Max Gurtuvoy <maxg(a)mellanox.com> nvmet: reset keep alive timer in controller enable Dinh Nguyen <dinguyen(a)kernel.org> net: stmmac: socfpga: add additional ocp reset line for Stratix10 Li RongQing <lirongqing(a)baidu.com> net: propagate dev_get_valid_name return code Stefan Agner <stefan(a)agner.ch> net: hamradio: use eth_broadcast_addr Govindarajulu Varadarajan <gvaradar(a)cisco.com> enic: initialize enic->rfs_h.lock in enic_probe Sudarsana Reddy Kalluru <sudarsana.kalluru(a)cavium.com> qed: Add sanity check for SIMD fastpath handler. Zhizhou Zhang <zhizhouzhang(a)asrmicro.com> arm64: make secondary_start_kernel() notrace Zhouyang Jia <jiazhouyang09(a)gmail.com> xen/scsiback: add error handling for xenbus_printf Zhouyang Jia <jiazhouyang09(a)gmail.com> scsi: xen-scsifront: add error handling for xenbus_printf Zhouyang Jia <jiazhouyang09(a)gmail.com> xen: add error handling for xenbus_printf Grigor Tovmasyan <Grigor.Tovmasyan(a)synopsys.com> usb: gadget: dwc2: fix memory leak in gadget_init() Chunfeng Yun <chunfeng.yun(a)mediatek.com> usb: gadget: composite: fix delayed_status race condition when set_interface William Wu <william.wu(a)rock-chips.com> usb: dwc2: fix isoc split in transfer with no data John Garry <john.garry(a)huawei.com> libahci: Fix possible Spectre-v1 pmp indexing in ahci_led_store() Vijay Immanuel <vijayi(a)attalasystems.com> IB/rxe: Fix missing completion for mem_reg work requests Alison Wang <alison.wang(a)nxp.com> drm: mali-dp: Enable Global SE interrupts mask for DP500 Ray Jui <ray.jui(a)broadcom.com> arm64: dts: ns2: Fix I2C controller interrupt type Ray Jui <ray.jui(a)broadcom.com> ARM: dts: Cygnus: Fix PCIe controller interrupt type Ray Jui <ray.jui(a)broadcom.com> ARM: dts: Cygnus: Fix I2C controller interrupt type Florian Fainelli <f.fainelli(a)gmail.com> ARM: dts: NSP: Fix PCIe controllers interrupt types Florian Fainelli <f.fainelli(a)gmail.com> ARM: dts: NSP: Fix i2c controller interrupt type Fathi Boudra <fathi.boudra(a)linaro.org> selftests: sync: add config fragment for testing sync framework Shuah Khan (Samsung OSG) <shuah(a)kernel.org> selftests: zram: return Kselftest Skip code for skipped tests Shuah Khan (Samsung OSG) <shuah(a)kernel.org> selftests: user: return Kselftest Skip code for skipped tests Shuah Khan (Samsung OSG) <shuah(a)kernel.org> selftests: static_keys: return Kselftest Skip code for skipped tests Shuah Khan (Samsung OSG) <shuah(a)kernel.org> selftests: pstore: return Kselftest Skip code for skipped tests Eric Dumazet <edumazet(a)google.com> netfilter: ipv6: nf_defrag: reduce struct net memory waste Johan Hovold <johan(a)kernel.org> usb: dwc3: of-simple: fix use-after-free on remove Alexey Brodkin <abrodkin(a)synopsys.com> ARC: Explicitly add -mmedium-calls to CFLAGS Andy Lutomirski <luto(a)kernel.org> x86/entry/64: Remove %ebx handling from error_entry/exit ------------- Diffstat: Makefile | 4 +- arch/arc/Makefile | 15 +-- arch/arc/include/asm/mach_desc.h | 2 - arch/arc/kernel/irq.c | 2 +- arch/arc/kernel/process.c | 47 +++++++-- arch/arm/boot/dts/am3517.dtsi | 5 + arch/arm/boot/dts/am437x-sk-evm.dts | 2 + arch/arm/boot/dts/bcm-cygnus.dtsi | 24 ++--- arch/arm/boot/dts/bcm-nsp.dtsi | 32 +++--- arch/arm/boot/dts/da850.dtsi | 6 +- arch/arm/configs/imx_v4_v5_defconfig | 2 + arch/arm/configs/imx_v6_v7_defconfig | 2 + arch/arm/mach-omap2/omap-smp.c | 41 ++++++++ arch/arm/mach-pxa/irq.c | 4 +- arch/arm/mm/init.c | 9 ++ arch/arm64/boot/dts/broadcom/ns2.dtsi | 4 +- arch/arm64/kernel/smp.c | 2 +- arch/m68k/include/asm/mcf_pgalloc.h | 4 +- arch/parisc/include/asm/spinlock.h | 8 +- arch/parisc/kernel/syscall.S | 24 ++--- arch/s390/net/bpf_jit_comp.c | 1 + arch/x86/entry/entry_64.S | 20 +--- drivers/acpi/nfit/core.c | 4 + drivers/ata/libahci.c | 7 +- drivers/dma/k3dma.c | 2 +- drivers/dma/pl330.c | 2 +- drivers/gpu/drm/arm/malidp_hw.c | 3 +- drivers/gpu/drm/armada/armada_hw.h | 1 + drivers/gpu/drm/armada/armada_overlay.c | 30 ++++-- drivers/gpu/drm/exynos/exynos5433_drm_decon.c | 6 +- drivers/gpu/drm/exynos/exynos_drm_gsc.c | 29 ++++-- drivers/gpu/drm/exynos/regs-gsc.h | 1 + drivers/gpu/drm/nouveau/nouveau_gem.c | 4 +- drivers/hid/wacom_wac.c | 10 +- drivers/i2c/busses/i2c-imx.c | 8 +- drivers/iio/pressure/bmp280-core.c | 5 +- drivers/infiniband/hw/mlx5/srq.c | 18 ++-- drivers/infiniband/sw/rxe/rxe_req.c | 3 + drivers/md/raid10.c | 7 ++ drivers/net/ethernet/broadcom/bnx2x/bnx2x.h | 1 + drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 6 ++ drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 6 ++ drivers/net/ethernet/broadcom/bnxt/bnxt.c | 8 +- drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 2 +- drivers/net/ethernet/cisco/enic/enic_clsf.c | 3 +- drivers/net/ethernet/cisco/enic/enic_main.c | 3 +- drivers/net/ethernet/intel/ixgbe/ixgbe_common.c | 12 ++- drivers/net/ethernet/qlogic/qed/qed_main.c | 12 ++- drivers/net/ethernet/qlogic/qlcnic/qlcnic_sysfs.c | 2 + drivers/net/ethernet/qualcomm/qca_spi.c | 21 ++-- drivers/net/ethernet/renesas/ravb_main.c | 56 +++-------- drivers/net/ethernet/renesas/sh_eth.c | 59 +++-------- drivers/net/ethernet/stmicro/stmmac/Kconfig | 2 +- .../net/ethernet/stmicro/stmmac/dwmac-socfpga.c | 18 +++- drivers/net/ethernet/ti/davinci_emac.c | 4 + drivers/net/hamradio/bpqether.c | 8 +- drivers/net/ieee802154/at86rf230.c | 15 +-- drivers/net/ieee802154/fakelb.c | 2 +- drivers/net/ipvlan/ipvlan_main.c | 36 +++++-- drivers/net/usb/rtl8150.c | 2 +- drivers/net/usb/smsc75xx.c | 62 ++++++++++++ .../wireless/broadcom/brcm80211/brcmfmac/sdio.c | 7 ++ drivers/nfc/pn533/usb.c | 4 +- drivers/nvme/target/core.c | 8 ++ drivers/pci/host/pci-versatile.c | 2 +- drivers/pci/host/pcie-xilinx-nwl.c | 2 +- drivers/pci/host/pcie-xilinx.c | 1 + drivers/pci/hotplug/pci_hotplug_core.c | 9 ++ drivers/pci/hotplug/pciehp.h | 1 + drivers/pci/hotplug/pciehp_core.c | 7 ++ drivers/pci/hotplug/pciehp_hpc.c | 18 +--- drivers/pci/pci.c | 38 +++++++ drivers/pci/probe.c | 4 + drivers/pinctrl/bcm/pinctrl-nsp-mux.c | 6 +- drivers/scsi/xen-scsifront.c | 33 ++++-- drivers/usb/dwc2/gadget.c | 7 +- drivers/usb/dwc2/hcd_intr.c | 3 +- drivers/usb/dwc3/dwc3-of-simple.c | 3 +- drivers/usb/gadget/composite.c | 3 + drivers/usb/host/xhci-tegra.c | 2 +- drivers/usb/host/xhci.c | 7 +- drivers/xen/manage.c | 18 +++- drivers/xen/xen-scsiback.c | 16 ++- fs/ceph/inode.c | 1 + fs/ext4/mballoc.c | 4 +- fs/reiserfs/xattr.c | 4 +- include/linux/fsl/guts.h | 1 + include/linux/pci.h | 2 + include/net/ipv6.h | 9 +- include/net/net_namespace.h | 1 + include/net/netns/ipv6.h | 1 - include/net/tc_act/tc_tunnel_key.h | 1 - include/net/tcp.h | 2 - kernel/locking/lockdep.c | 12 +-- kernel/trace/trace.c | 5 + mm/kasan/kasan.c | 5 +- net/batman-adv/bat_iv_ogm.c | 4 +- net/batman-adv/bat_v.c | 4 +- net/core/dev.c | 4 +- net/ieee802154/6lowpan/core.c | 6 ++ net/ipv4/netfilter/ip_tables.c | 1 + net/ipv4/tcp.c | 4 +- net/ipv4/tcp_dctcp.c | 25 ----- net/ipv4/tcp_output.c | 4 - net/ipv6/calipso.c | 9 +- net/ipv6/exthdrs.c | 111 ++++++--------------- net/ipv6/ipv6_sockglue.c | 27 +++-- net/ipv6/mcast.c | 9 +- net/ipv6/netfilter/ip6_tables.c | 1 + net/ipv6/netfilter/nf_conntrack_reasm.c | 6 +- net/netfilter/nf_conntrack_core.c | 2 +- net/netfilter/nf_conntrack_proto_dccp.c | 8 +- net/netfilter/nf_log.c | 4 + net/packet/af_packet.c | 12 ++- net/qrtr/qrtr.c | 4 + net/sched/act_tunnel_key.c | 6 +- net/wireless/nl80211.c | 19 +--- net/xfrm/xfrm_user.c | 8 +- samples/bpf/parse_varlen.c | 6 +- samples/bpf/test_overhead_user.c | 19 +++- security/smack/smack_lsm.c | 1 + sound/core/seq/seq_clientmgr.c | 3 +- tools/build/Makefile | 2 +- tools/objtool/elf.c | 41 +++++--- tools/perf/arch/powerpc/util/skip-callchain-idx.c | 2 +- tools/perf/bench/numa.c | 5 +- tools/perf/tests/topology.c | 1 + tools/perf/util/llvm-utils.c | 6 +- .../selftests/pstore/pstore_post_reboot_tests | 5 +- .../selftests/static_keys/test_static_keys.sh | 13 +++ tools/testing/selftests/sync/config | 4 + tools/testing/selftests/user/test_user_copy.sh | 7 ++ tools/testing/selftests/x86/sigreturn.c | 59 ++++++----- tools/testing/selftests/zram/zram.sh | 5 +- tools/testing/selftests/zram/zram_lib.sh | 5 +- virt/kvm/arm/vgic/vgic-v3.c | 5 - virt/kvm/eventfd.c | 11 +- 137 files changed, 893 insertions(+), 572 deletions(-)

7 years, 2 months

6
129
0 0

[PATCH 4.14 000/217] 4.14.67-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.14.67 release. There are 217 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat Aug 25 07:54:25 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.67-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.14.67-rc1 Jann Horn <jannh(a)google.com> reiserfs: fix broken xattr handling (heap corruption, bad retval) Esben Haabendal <eha(a)deif.com> i2c: imx: Fix race condition in dma read Hans de Goede <hdegoede(a)redhat.com> i2c: core: ACPI: Properly set status byte to 0 for multi-byte writes Lukas Wunner <lukas(a)wunner.de> PCI: pciehp: Fix unprotected list iteration in IRQ handler Lukas Wunner <lukas(a)wunner.de> PCI: pciehp: Fix use-after-free on unplug Myron Stowe <myron.stowe(a)redhat.com> PCI: Skip MPS logic for Virtual Functions (VFs) Lukas Wunner <lukas(a)wunner.de> PCI: hotplug: Don't leak pci_slot on registration failure Sergei Shtylyov <sergei.shtylyov(a)cogentembedded.com> PCI: OF: Fix I/O space page leak John David Anglin <dave.anglin(a)bell.net> parisc: Remove unnecessary barriers from spinlock.h Ursula Braun <ubraun(a)linux.ibm.com> net/smc: no shutdown in state SMC_LISTEN Willem de Bruijn <willemb(a)google.com> packet: refine ring v3 block size test to hold one frame Florian Westphal <fw(a)strlen.de> netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state Eric Dumazet <edumazet(a)google.com> xfrm_user: prevent leaking 2 bytes of kernel memory John David Anglin <dave.anglin(a)bell.net> parisc: Remove ordered stores from syscall.S Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: sanity check for total valid node blocks Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: return error during fill_super Paolo Bonzini <pbonzini(a)redhat.com> KVM: irqfd: fix race between EPOLLHUP and irq_bypass_register_consumer Roland Dreier <roland(a)purestorage.com> nvme: fix handling of metadata_len for NVME_IOCTL_IO_CMD Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> ARM: dts: imx6: RDU2: fix irq type for mv88e6xxx switch Robin H. Johnson <robbat2(a)gentoo.org> ACPI / EC: Use ec_no_wakeup on more Thinkpad X1 Carbon 6th systems Anson Huang <Anson.Huang(a)nxp.com> soc: imx: gpc: restrict register range for regmap access Randy Dunlap <rdunlap(a)infradead.org> tcp: identify cryptic messages as TCP seq # bugs Stefan Wahren <stefan.wahren(a)i2se.com> net: qca_spi: Fix log level if probe fails Stefan Wahren <stefan.wahren(a)i2se.com> net: qca_spi: Make sure the QCA7000 reset is triggered Stefan Wahren <stefan.wahren(a)i2se.com> net: qca_spi: Avoid packet drop during initial sync Sergei Shtylyov <sergei.shtylyov(a)cogentembedded.com> PCI: versatile: Fix I/O space page leak Peng Hao <peng.hao2(a)zte.com.cn> kvmclock: fix TSC calibration for nested guests David Lechner <david(a)lechnology.com> net: usb: rtl8150: demote allmulti message to dev_dbg() Alexander Sverdlin <alexander.sverdlin(a)nsn.com> octeon_mgmt: Fix MIX registers configuration on MTU setup Qu Wenruo <wqu(a)suse.com> btrfs: scrub: Don't use inode page cache in scrub_handle_errored_block() John Allen <jallen(a)linux.ibm.com> ibmvnic: Fix error recovery on login failure Randy Dunlap <rdunlap(a)infradead.org> net/ethernet/freescale/fman: fix cross-build error Stephen Hemminger <stephen(a)networkplumber.org> hv/netvsc: fix handling of fallback to single queue mode Dan Carpenter <dan.carpenter(a)oracle.com> drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply() Wei Yongjun <weiyongjun1(a)huawei.com> pinctrl: nsp: Fix potential NULL dereference Dan Carpenter <dan.carpenter(a)oracle.com> pinctrl: nsp: off by ones in nsp_pinmux_enable() Paul Cercueil <paul(a)crapouillou.net> pinctrl: ingenic: Fix inverted direction for < JZ4770 Yuchung Cheng <ycheng(a)google.com> tcp: remove DELAYED ACK events in DCTCP Dan Carpenter <dan.carpenter(a)oracle.com> qlogic: check kstrtoul() for errors Willem de Bruijn <willemb(a)google.com> packet: reset network header if packet shorter than ll reserved space Masahiro Yamada <yamada.masahiro(a)socionext.com> kbuild: suppress warnings from 'getconf LFS_*' Laura Abbott <labbott(a)redhat.com> tools: build: Use HOSTLDFLAGS with fixdep Alexander Duyck <alexander.h.duyck(a)intel.com> ixgbe: Be more careful when modifying MAC filters Adam Ford <aford173(a)gmail.com> ARM: dts: am3517.dtsi: Disable reference to OMAP3 OTG controller Nishanth Menon <nm(a)ti.com> ARM: DRA7/OMAP5: Enable ACTLR[0] (Enable invalidates of BTB) for secondary cores Steven Rostedt (VMware) <rostedt(a)goodmis.org> ARM: 8780/1: ftrace: Only set kernel memory back to read-only after boot Kamal Heib <kamalheib1(a)gmail.com> RDMA/mlx5: Fix memory leak in mlx5_ib_create_srq() error path Dave Jiang <dave.jiang(a)intel.com> nfit: fix unchecked dereference in acpi_nfit_ctl Janne Huttunen <janne.huttunen(a)nokia.com> perf script python: Fix dict reference counting Jiri Olsa <jolsa(a)kernel.org> perf tools: Fix compilation errors on gcc8 Kim Phillips <kim.phillips(a)arm.com> perf llvm-utils: Remove bashism from kernel include fetch script Manish Rangankar <manish.rangankar(a)cavium.com> scsi: qedi: Send driver state to MFW Saurav Kashyap <saurav.kashyap(a)cavium.com> scsi: qedf: Send the driver state to MFW Vikas Gupta <vikas.gupta(a)broadcom.com> bnxt_en: Fix for system hang if request_irq fails Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Always set output parameters in bnxt_get_max_rings(). Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Fix inconsistent BNXT_FLAG_AGG_RINGS logic. Peter Zijlstra <peterz(a)infradead.org> ARC: Improve cmpxchg syscall implementation Andrey Ryabinin <aryabinin(a)virtuozzo.com> netfilter: nf_conntrack: Fix possible possible crash on module loading. Florian Westphal <fw(a)strlen.de> netfilter: nft_compat: explicitly reject ERROR and standard target Russell King <rmk+kernel(a)armlinux.org.uk> drm/armada: fix irq handling Russell King <rmk+kernel(a)armlinux.org.uk> drm/armada: fix colorkey mode property Mikko Perttunen <mperttunen(a)nvidia.com> drm/tegra: Fix comparison operator for buffer size Dmitry Osipenko <digetx(a)gmail.com> gpu: host1x: Check whether size of unpin isn't 0 Stefan Schmidt <stefan(a)datenfreihafen.org> ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem Stefan Schmidt <stefan(a)datenfreihafen.org> ieee802154: at86rf230: use __func__ macro for debug messages Stefan Schmidt <stefan(a)datenfreihafen.org> ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem Douglas Anderson <dianders(a)chromium.org> nvmem: Don't let a NULL cell_id for nvmem_cell_get() crash us Davide Caratti <dcaratti(a)redhat.com> net/sched: act_tunnel_key: fix NULL dereference when 'goto chain' is used Daniel Mack <daniel(a)zonque.org> ARM: pxa: irq: fix handling of ICMR registers in suspend/resume Vladimir Zapolskiy <vladimir_zapolskiy(a)mentor.com> ravb: fix invalid context bug while changing link options by ethtool Vladimir Zapolskiy <vladimir_zapolskiy(a)mentor.com> ravb: fix invalid context bug while calling auto-negotiation by ethtool Vladimir Zapolskiy <vladimir_zapolskiy(a)mentor.com> sh_eth: fix invalid context bug while changing link options by ethtool Vladimir Zapolskiy <vladimir_zapolskiy(a)mentor.com> sh_eth: fix invalid context bug while calling auto-negotiation by ethtool Arun Kumar Neelakantam <aneela(a)codeaurora.org> net: qrtr: Broadcast messages only from control port Paul Moore <paul(a)paul-moore.com> ipv6: make ipv6_renew_options() interrupt/kernel safe Florian Westphal <fw(a)strlen.de> netfilter: x_tables: set module owner for icmp(6) matches Lubomir Rintel <lkundrak(a)v3.sk> ieee802154: 6lowpan: set IFLA_LINK Taeung Song <treeze.taeung(a)gmail.com> samples/bpf: Check the error of write() and read() Taeung Song <treeze.taeung(a)gmail.com> samples/bpf: Check the result of system() Taeung Song <treeze.taeung(a)gmail.com> samples/bpf: add missing <linux/if_vlan.h> Maciej Purski <m.purski(a)samsung.com> drm/bridge/sii8620: Fix display of packed pixel modes Yuiko Oshino <yuiko.oshino(a)microchip.com> smsc75xx: Add workaround for gigabit link up hardware errata. Zhen Lei <thunder.leizhen(a)huawei.com> kasan: fix shadow_size calculation error in kasan_module_alloc Mathieu Malaterre <malat(a)debian.org> tracing: Use __printf markup to silence compiler Mauricio Vasquez B <mauricio.vasquez(a)polito.it> bpf: hash map: decrement counter on error Fabio Estevam <fabio.estevam(a)nxp.com> ARM: imx_v4_v5_defconfig: Select ULPI support Fabio Estevam <fabio.estevam(a)nxp.com> ARM: imx_v6_v7_defconfig: Select ULPI support Jason Gerecke <killertofu(a)gmail.com> HID: wacom: Correct touch maximum XY of 2nd-gen Intuos Zhenzhong Duan <zhenzhong.duan(a)oracle.com> x86/mm/32: Initialize the CR4 shadow before __flush_tlb_all() Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: fix swapped emit_ib_size in vce3 Hangbin Liu <liuhangbin(a)gmail.com> ipvlan: call dev_change_flags when ipvlan mode is reset Josh Poimboeuf <jpoimboe(a)redhat.com> objtool: Support GCC 8 '-fnoreorder-functions' Greg Ungerer <gerg(a)linux-m68k.org> m68k: fix "bad page state" oops on ColdFire boot Stafford Horne <shorne(a)gmail.com> openrisc: entry: Fix delay slot exception detection Dave Jiang <dave.jiang(a)intel.com> acpi/nfit: fix cmd_rc for acpi_nfit_ctl to always return a value Madalin Bucur <madalin.bucur(a)nxp.com> dpaa_eth: DPAA SGT needs to be 256B Madalin Bucur <madalin.bucur(a)nxp.com> fsl/fman: fix parser reporting bad checksum on short frames Sudarsana Reddy Kalluru <sudarsana.kalluru(a)cavium.com> bnx2x: Fix receiving tx-timeout in error or recovery state. Nicholas Mc Guire <hofrat(a)osadl.org> PCI: faraday: Add missing of_node_put() Nicholas Mc Guire <hofrat(a)osadl.org> PCI: xilinx-nwl: Add missing of_node_put() Nicholas Mc Guire <hofrat(a)osadl.org> PCI: xilinx: Add missing of_node_put() Daniel Borkmann <daniel(a)iogearbox.net> bpf, s390: fix potential memleak when later bpf_jit_prog fails Bart Van Assche <bart.vanassche(a)wdc.com> drbd: Fix drbd_request_prepare() discard handling Marek Szyprowski <m.szyprowski(a)samsung.com> drm/exynos: decon5433: Fix WINCONx reset value Marek Szyprowski <m.szyprowski(a)samsung.com> drm/exynos: decon5433: Fix per-plane global alpha for XRGB modes Marek Szyprowski <m.szyprowski(a)samsung.com> drm/exynos: gsc: Fix support for NV16/61, YUV420/YVU420 and YUV422 modes Johannes Berg <johannes.berg(a)intel.com> nl80211: check nla_parse_nested() return values Bob Copeland <me(a)bobcopeland.com> nl80211: relax ht operation checks for mesh Jeff Moyer <jmoyer(a)redhat.com> dev-dax: check_vma: ratelimit dev_info-s BingJing Chang <bingjingc(a)synology.com> md/raid10: fix that replacement cannot complete recovery after reassemble Ryan Hsu <ryanhsu(a)codeaurora.org> ath10k: update the phymode along with bandwidth change request Dan Carpenter <dan.carpenter(a)oracle.com> dmaengine: k3dma: Off by one in k3_of_dma_simple_xlate() Marek Szyprowski <m.szyprowski(a)samsung.com> dmaengine: pl330: report BURST residue granularity Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> ARM64: dts: meson-gxl: fix Mali GPU compatible string Keerthy <j-keerthy(a)ti.com> ARM: dts: da850: Fix interrups property for gpio Andy Lutomirski <luto(a)kernel.org> selftests/x86/sigreturn: Do minor cleanups Andy Lutomirski <luto(a)kernel.org> selftests/x86/sigreturn/64: Fix spurious failures on AMD CPUs Chengguang Xu <cgxu519(a)gmx.com> nfp: cast sizeof() to int when comparing with error code Eli Cohen <eli(a)mellanox.com> net/mlx5: E-Switch, Disallow vlan/spoofcheck setup if not being esw manager Yan, Zheng <zyan(a)redhat.com> ceph: fix dentry leak in splice_dentry() Jann Horn <jannh(a)google.com> netfilter: nf_log: fix uninit read in nf_log_proc_dostring Adam Ford <aford173(a)gmail.com> ARM: davinci: board-da850-evm: fix WP pin polarity for MMC/SD Jiri Olsa <jolsa(a)kernel.org> perf bench: Fix numa report output code Yonghong Song <yhs(a)fb.com> perf tools: Fix a clang 7.0 compilation error Sandipan Das <sandipan(a)linux.ibm.com> perf report powerpc: Fix crash if callchain is empty Thomas Richter <tmricht(a)linux.ibm.com> perf test session topology: Fix test on s390 Thomas Richter <tmricht(a)linux.ibm.com> perf record: Support s390 random socket_id assignment Dirk Gouders <dirk(a)gouders.net> kconfig: fix line numbers for if-entries in menu tree Dan Carpenter <dan.carpenter(a)oracle.com> typec: tcpm: Fix a msecs vs jiffies bug Hans de Goede <hdegoede(a)redhat.com> NFC: pn533: Fix wrong GFP flag usage Ajay Gupta <ajaykuee(a)gmail.com> usb: xhci: increase CRS timeout value Dongjiu Geng <gengdongjiu(a)huawei.com> usb: xhci: remove the code build warning Takashi Iwai <tiwai(a)suse.de> ALSA: seq: Fix UBSAN warning at SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT ioctl Daniel Mack <daniel(a)zonque.org> ARM: dts: am437x: make edt-ft5x06 a wakeup source Michael Trimarchi <michael(a)amarulasolutions.com> brcmfmac: stop watchdog before detach and free everything Tomasz Duszynski <tduszyns(a)gmail.com> iio: pressure: bmp280: fix relative humidity unit Ganesh Goudar <ganeshgr(a)chelsio.com> cxgb4: when disabling dcb set txq dcb priority to 0 Linus Lüssing <linus.luessing(a)c0d3.blue> batman-adv: Fix multicast TT issues with bogus ROAM flags Linus Lüssing <linus.luessing(a)c0d3.blue> batman-adv: Avoid storing non-TT-sync flags on singular entries too Sven Eckelmann <sven(a)narfation.org> batman-adv: Fix bat_v best gw refcnt after netlink dump Sven Eckelmann <sven(a)narfation.org> batman-adv: Fix bat_ogm_iv best gw refcnt after netlink dump Rob Herring <robh(a)kernel.org> arm64: dts: msm8916: fix Coresight ETF graph connections Casey Schaufler <casey(a)schaufler-ca.com> Smack: Mark inode instant in smack_task_to_inode Hangbin Liu <liuhangbin(a)gmail.com> ipv6: mcast: fix unsolicited report interval after receiving querys Zhenzhong Duan <zhenzhong.duan(a)oracle.com> x86/microcode/intel: Fix memleak in save_microcode_patch() Geert Uytterhoeven <geert(a)linux-m68k.org> mtd: dataflash: Use ULL suffix for 64-bit constants Jeffrin Jose T <ahiliation(a)gmail.com> selftests: bpf: notification about privilege required to run test_kmod.sh testing script Steven Rostedt (VMware) <rostedt(a)goodmis.org> locking/lockdep: Do not record IRQ state within lockdep code Maciej Purski <m.purski(a)samsung.com> drm/bridge/sii8620: fix display of packed pixel modes in MHL2 Ard Biesheuvel <ard.biesheuvel(a)linaro.org> KVM: arm/arm64: Drop resource size check for GICV window Marcelo Ricardo Leitner <marcelo.leitner(a)gmail.com> sctp: fix erroneous inc of snmp SctpFragUsrMsgs Bartosz Golaszewski <bgolaszewski(a)baylibre.com> net: davinci_emac: match the mdio device against its compatible if possible Doron Roberts-Kedes <doronrk(a)fb.com> nbd: Add the nbd NBD_DISCONNECT_ON_CLOSE config flag. Alexey Brodkin <Alexey.Brodkin(a)synopsys.com> ARC: Enable machine_desc->init_per_cpu for !CONFIG_SMP Dan Carpenter <dan.carpenter(a)oracle.com> block: sed-opal: Fix a couple off by one bugs Max Gurtuvoy <maxg(a)mellanox.com> nvmet: reset keep alive timer in controller enable Dinh Nguyen <dinguyen(a)kernel.org> net: stmmac: socfpga: add additional ocp reset line for Stratix10 Li RongQing <lirongqing(a)baidu.com> net: propagate dev_get_valid_name return code Stefan Agner <stefan(a)agner.ch> net: hamradio: use eth_broadcast_addr Govindarajulu Varadarajan <gvaradar(a)cisco.com> enic: initialize enic->rfs_h.lock in enic_probe Sudarsana Reddy Kalluru <sudarsana.kalluru(a)cavium.com> qed: Do not advertise DCBX_LLD_MANAGED capability. Sudarsana Reddy Kalluru <sudarsana.kalluru(a)cavium.com> qed: Add sanity check for SIMD fastpath handler. Sudarsana Reddy Kalluru <sudarsana.kalluru(a)cavium.com> qed: Fix possible memory leak in Rx error path handling. Zhizhou Zhang <zhizhouzhang(a)asrmicro.com> arm64: make secondary_start_kernel() notrace Marek Szyprowski <m.szyprowski(a)samsung.com> arm64: dma-mapping: clear buffers allocated with FORCE_CONTIGUOUS flag Zhouyang Jia <jiazhouyang09(a)gmail.com> xen/scsiback: add error handling for xenbus_printf Zhouyang Jia <jiazhouyang09(a)gmail.com> scsi: xen-scsifront: add error handling for xenbus_printf Trond Myklebust <trond.myklebust(a)hammerspace.com> pNFS: Always free the session slot on error in nfs4_layoutget_handle_exception Zhouyang Jia <jiazhouyang09(a)gmail.com> xen: add error handling for xenbus_printf Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> dwc2: gadget: Fix ISOC IN DDMA PID bitfield value calculation Grigor Tovmasyan <Grigor.Tovmasyan(a)synopsys.com> usb: gadget: dwc2: fix memory leak in gadget_init() Chunfeng Yun <chunfeng.yun(a)mediatek.com> usb: gadget: composite: fix delayed_status race condition when set_interface William Wu <william.wu(a)rock-chips.com> usb: dwc2: fix isoc split in transfer with no data William Wu <william.wu(a)rock-chips.com> usb: dwc2: alloc dma aligned buffer for isoc split in John Garry <john.garry(a)huawei.com> libahci: Fix possible Spectre-v1 pmp indexing in ahci_led_store() Vijay Immanuel <vijayi(a)attalasystems.com> IB/rxe: Fix missing completion for mem_reg work requests Ayan Kumar Halder <ayan.halder(a)arm.com> drm/arm/malidp: Preserve LAYER_FORMAT contents when setting format Alison Wang <alison.wang(a)nxp.com> drm: mali-dp: Enable Global SE interrupts mask for DP500 Hoan Tran <hoan.tran(a)amperecomputing.com> drivers/perf: xgene_pmu: Fix IOB SLOW PMU parser error Ray Jui <ray.jui(a)broadcom.com> arm64: dts: Stingray: Fix I2C controller interrupt type Ray Jui <ray.jui(a)broadcom.com> arm64: dts: ns2: Fix PCIe controller interrupt type Ray Jui <ray.jui(a)broadcom.com> arm64: dts: ns2: Fix I2C controller interrupt type Scott Branden <scott.branden(a)broadcom.com> arm64: dts: specify 1.8V EMMC capabilities for bcm958742t Scott Branden <scott.branden(a)broadcom.com> arm64: dts: specify 1.8V EMMC capabilities for bcm958742k Ray Jui <ray.jui(a)broadcom.com> ARM: dts: Cygnus: Fix PCIe controller interrupt type Ray Jui <ray.jui(a)broadcom.com> ARM: dts: Cygnus: Fix I2C controller interrupt type Florian Fainelli <f.fainelli(a)gmail.com> ARM: dts: BCM5301x: Fix i2c controller interrupt type Florian Fainelli <f.fainelli(a)gmail.com> ARM: dts: NSP: Fix PCIe controllers interrupt types Florian Fainelli <f.fainelli(a)gmail.com> ARM: dts: NSP: Fix i2c controller interrupt type Fathi Boudra <fathi.boudra(a)linaro.org> selftests: sync: add config fragment for testing sync framework Shuah Khan (Samsung OSG) <shuah(a)kernel.org> selftests: vm: return Kselftest Skip code for skipped tests Shuah Khan (Samsung OSG) <shuah(a)kernel.org> selftests: zram: return Kselftest Skip code for skipped tests Shuah Khan (Samsung OSG) <shuah(a)kernel.org> selftests: user: return Kselftest Skip code for skipped tests Shuah Khan (Samsung OSG) <shuah(a)kernel.org> selftests: sysctl: return Kselftest Skip code for skipped tests Shuah Khan (Samsung OSG) <shuah(a)kernel.org> selftests: static_keys: return Kselftest Skip code for skipped tests Shuah Khan (Samsung OSG) <shuah(a)kernel.org> selftests: pstore: return Kselftest Skip code for skipped tests Gao Feng <gfree.wind(a)vip.163.com> netfilter: nf_ct_helper: Fix possible panic after nf_conntrack_helper_unregister Eric Dumazet <edumazet(a)google.com> netfilter: ipv6: nf_defrag: reduce struct net memory waste Mika Westerberg <mika.westerberg(a)linux.intel.com> ACPI / EC: Use ec_no_wakeup on Thinkpad X1 Carbon 6th Johan Hovold <johan(a)kernel.org> usb: dwc3: of-simple: fix use-after-free on remove Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: gadget: Fix issue in dwc2_gadget_start_isoc() Vincent Pelletier <plr.vincent(a)gmail.com> usb: gadget: ffs: Fix BUG when userland exits with submitted AIO transfers Heikki Krogerus <heikki.krogerus(a)linux.intel.com> usb: dwc3: pci: add support for Intel IceLake Anson Huang <Anson.Huang(a)nxp.com> soc: imx: gpcv2: correct PGC offset Guenter Roeck <linux(a)roeck-us.net> hwmon: (nct6775) Fix loop limit Alexey Brodkin <abrodkin(a)synopsys.com> ARC: Explicitly add -mmedium-calls to CFLAGS Maciej Purski <m.purski(a)samsung.com> drm/bridge/sii8620: fix potential buffer overflow Andrzej Hajda <a.hajda(a)samsung.com> drm/bridge/sii8620: fix loops in EDID fetch logic Christophe Jaillet <christophe.jaillet(a)wanadoo.fr> IB/mlx4: Fix an error handling path in 'mlx4_ib_rereg_user_mr()' Lucas Stach <l.stach(a)pengutronix.de> Input: synaptics-rmi4 - fix axis-swap behavior Jiri Olsa <jolsa(a)kernel.org> perf tools: Fix error index for pmu event parser Dong Jia Shi <bjsdjshi(a)linux.vnet.ibm.com> vfio: ccw: fix error return in vfio_ccw_sch_event Viresh Kumar <viresh.kumar(a)linaro.org> arm: dts: armada: Fix "#cooling-cells" property's name Matthijs van Duin <matthijsvanduin(a)gmail.com> pty: fix O_CLOEXEC for TIOCGPTPEER Takashi Iwai <tiwai(a)suse.de> EDAC: Add missing MEM_LRDDR4 entry in edac_mem_types[] Gustavo A. R. Silva <gustavo(a)embeddedor.com> drm/i915/kvmgt: Fix potential Spectre v1 Jeremy Cline <jcline(a)redhat.com> ext4: fix spectre gadget in ext4_mb_regular_allocator() ------------- Diffstat: Makefile | 10 +- arch/arc/Makefile | 15 +-- arch/arc/include/asm/mach_desc.h | 2 - arch/arc/kernel/irq.c | 2 +- arch/arc/kernel/process.c | 47 +++++++-- arch/arm/boot/dts/am3517.dtsi | 5 + arch/arm/boot/dts/am437x-sk-evm.dts | 2 + arch/arm/boot/dts/armada-385-synology-ds116.dts | 2 +- arch/arm/boot/dts/bcm-cygnus.dtsi | 24 ++--- arch/arm/boot/dts/bcm-nsp.dtsi | 32 +++--- arch/arm/boot/dts/bcm5301x.dtsi | 2 +- arch/arm/boot/dts/da850.dtsi | 6 +- arch/arm/boot/dts/imx6qdl-zii-rdu2.dtsi | 2 +- arch/arm/configs/imx_v4_v5_defconfig | 2 + arch/arm/configs/imx_v6_v7_defconfig | 2 + arch/arm/mach-davinci/board-da850-evm.c | 2 +- arch/arm/mach-omap2/omap-smp.c | 41 ++++++++ arch/arm/mach-pxa/irq.c | 4 +- arch/arm/mm/init.c | 9 ++ arch/arm64/boot/dts/amlogic/meson-gxl-mali.dtsi | 2 +- arch/arm64/boot/dts/broadcom/northstar2/ns2.dtsi | 8 +- .../boot/dts/broadcom/stingray/bcm958742k.dts | 4 + .../boot/dts/broadcom/stingray/bcm958742t.dts | 4 + .../arm64/boot/dts/broadcom/stingray/stingray.dtsi | 4 +- arch/arm64/boot/dts/qcom/msm8916.dtsi | 4 +- arch/arm64/kernel/smp.c | 2 +- arch/arm64/mm/dma-mapping.c | 9 +- arch/m68k/include/asm/mcf_pgalloc.h | 4 +- arch/openrisc/kernel/entry.S | 8 +- arch/openrisc/kernel/head.S | 9 +- arch/openrisc/kernel/traps.c | 2 +- arch/parisc/include/asm/spinlock.h | 8 +- arch/parisc/kernel/syscall.S | 24 ++--- arch/s390/net/bpf_jit_comp.c | 1 + arch/x86/kernel/cpu/microcode/intel.c | 5 +- arch/x86/kernel/kvmclock.c | 1 + arch/x86/kernel/smpboot.c | 5 + block/sed-opal.c | 4 +- drivers/acpi/ec.c | 20 ++++ drivers/acpi/nfit/core.c | 4 + drivers/ata/libahci.c | 7 +- drivers/block/drbd/drbd_req.c | 4 +- drivers/block/nbd.c | 40 ++++++-- drivers/dax/device.c | 12 ++- drivers/dma/k3dma.c | 2 +- drivers/dma/pl330.c | 2 +- drivers/edac/edac_mc.c | 1 + drivers/gpu/drm/amd/amdgpu/vce_v3_0.c | 4 +- drivers/gpu/drm/arm/malidp_hw.c | 3 +- drivers/gpu/drm/arm/malidp_planes.c | 5 +- drivers/gpu/drm/armada/armada_crtc.c | 12 ++- drivers/gpu/drm/armada/armada_hw.h | 1 + drivers/gpu/drm/armada/armada_overlay.c | 30 ++++-- drivers/gpu/drm/bridge/sil-sii8620.c | 41 +++++--- drivers/gpu/drm/exynos/exynos5433_drm_decon.c | 6 +- drivers/gpu/drm/exynos/exynos_drm_gsc.c | 29 ++++-- drivers/gpu/drm/exynos/regs-gsc.h | 1 + drivers/gpu/drm/i915/gvt/kvmgt.c | 9 +- drivers/gpu/drm/nouveau/nouveau_gem.c | 4 +- drivers/gpu/drm/tegra/drm.c | 2 +- drivers/gpu/host1x/job.c | 3 +- drivers/hid/wacom_wac.c | 10 +- drivers/hwmon/nct6775.c | 2 +- drivers/i2c/busses/i2c-imx.c | 8 +- drivers/i2c/i2c-core-acpi.c | 11 +- drivers/iio/pressure/bmp280-core.c | 5 +- drivers/infiniband/hw/mlx4/mr.c | 7 +- drivers/infiniband/hw/mlx5/srq.c | 18 ++-- drivers/infiniband/sw/rxe/rxe_req.c | 3 + drivers/input/rmi4/rmi_2d_sensor.c | 34 +++---- drivers/md/raid10.c | 7 ++ drivers/mtd/devices/mtd_dataflash.c | 4 +- drivers/net/ethernet/broadcom/bnx2x/bnx2x.h | 1 + drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 6 ++ drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 6 ++ drivers/net/ethernet/broadcom/bnxt/bnxt.c | 13 ++- drivers/net/ethernet/cavium/octeon/octeon_mgmt.c | 14 ++- drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 2 +- drivers/net/ethernet/cisco/enic/enic_clsf.c | 3 +- drivers/net/ethernet/cisco/enic/enic_main.c | 3 +- drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 15 +-- drivers/net/ethernet/freescale/fman/fman_port.c | 8 ++ drivers/net/ethernet/ibm/ibmvnic.c | 4 +- drivers/net/ethernet/intel/ixgbe/ixgbe_common.c | 12 ++- drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 12 +-- drivers/net/ethernet/mellanox/mlx5/core/vport.c | 2 - .../net/ethernet/netronome/nfp/nfpcore/nfp_nffw.c | 2 +- drivers/net/ethernet/qlogic/qed/qed_dcbx.c | 11 +- drivers/net/ethernet/qlogic/qed/qed_ll2.c | 11 +- drivers/net/ethernet/qlogic/qed/qed_main.c | 12 ++- drivers/net/ethernet/qlogic/qlcnic/qlcnic_sysfs.c | 2 + drivers/net/ethernet/qualcomm/qca_spi.c | 21 ++-- drivers/net/ethernet/renesas/ravb_main.c | 56 +++-------- drivers/net/ethernet/renesas/sh_eth.c | 59 +++-------- drivers/net/ethernet/stmicro/stmmac/Kconfig | 2 +- .../net/ethernet/stmicro/stmmac/dwmac-socfpga.c | 18 +++- drivers/net/ethernet/ti/davinci_emac.c | 4 + drivers/net/hamradio/bpqether.c | 8 +- drivers/net/hyperv/rndis_filter.c | 1 + drivers/net/ieee802154/at86rf230.c | 15 +-- drivers/net/ieee802154/fakelb.c | 2 +- drivers/net/ipvlan/ipvlan_main.c | 36 +++++-- drivers/net/usb/rtl8150.c | 2 +- drivers/net/usb/smsc75xx.c | 62 ++++++++++++ drivers/net/wireless/ath/ath10k/mac.c | 16 ++- drivers/net/wireless/ath/ath10k/wmi.h | 1 + .../wireless/broadcom/brcm80211/brcmfmac/sdio.c | 7 ++ drivers/nfc/pn533/usb.c | 4 +- drivers/nvme/host/core.c | 2 +- drivers/nvme/target/core.c | 8 ++ drivers/nvmem/core.c | 4 + drivers/pci/host/pci-ftpci100.c | 2 + drivers/pci/host/pci-versatile.c | 2 +- drivers/pci/host/pcie-xilinx-nwl.c | 2 +- drivers/pci/host/pcie-xilinx.c | 1 + drivers/pci/hotplug/pci_hotplug_core.c | 9 ++ drivers/pci/hotplug/pciehp.h | 1 + drivers/pci/hotplug/pciehp_core.c | 7 ++ drivers/pci/hotplug/pciehp_hpc.c | 18 +--- drivers/pci/pci.c | 38 +++++++ drivers/pci/probe.c | 4 + drivers/perf/xgene_pmu.c | 2 +- drivers/pinctrl/bcm/pinctrl-nsp-mux.c | 6 +- drivers/pinctrl/pinctrl-ingenic.c | 2 +- drivers/s390/cio/vfio_ccw_drv.c | 5 +- drivers/scsi/qedf/qedf_main.c | 12 +++ drivers/scsi/qedi/qedi_main.c | 11 ++ drivers/scsi/xen-scsifront.c | 33 ++++-- drivers/soc/imx/gpc.c | 21 ++++ drivers/soc/imx/gpcv2.c | 13 ++- drivers/staging/typec/tcpm.c | 3 +- drivers/tty/pty.c | 2 +- drivers/usb/dwc2/core.h | 3 + drivers/usb/dwc2/gadget.c | 15 ++- drivers/usb/dwc2/hcd.c | 89 ++++++++++++++++- drivers/usb/dwc2/hcd.h | 8 ++ drivers/usb/dwc2/hcd_intr.c | 11 +- drivers/usb/dwc2/hcd_queue.c | 3 + drivers/usb/dwc3/dwc3-of-simple.c | 3 +- drivers/usb/dwc3/dwc3-pci.c | 2 + drivers/usb/gadget/composite.c | 3 + drivers/usb/gadget/function/f_fs.c | 26 +++-- drivers/usb/host/xhci-tegra.c | 2 +- drivers/usb/host/xhci.c | 7 +- drivers/xen/manage.c | 18 +++- drivers/xen/xen-scsiback.c | 16 ++- fs/btrfs/scrub.c | 17 ++-- fs/ceph/inode.c | 1 + fs/ext4/mballoc.c | 4 +- fs/f2fs/segment.c | 32 +++++- fs/f2fs/segment.h | 22 +++- fs/nfs/nfs4proc.c | 17 ++-- fs/reiserfs/xattr.c | 4 +- include/linux/fsl/guts.h | 1 + include/linux/pci.h | 2 + include/net/ipv6.h | 9 +- include/net/net_namespace.h | 1 + include/net/netns/ipv6.h | 1 - include/net/tc_act/tc_tunnel_key.h | 1 - include/net/tcp.h | 2 - include/uapi/linux/nbd.h | 3 + kernel/bpf/hashtab.c | 16 ++- kernel/locking/lockdep.c | 12 +-- kernel/trace/trace.c | 5 + mm/kasan/kasan.c | 5 +- net/batman-adv/bat_iv_ogm.c | 4 +- net/batman-adv/bat_v.c | 4 +- net/batman-adv/translation-table.c | 7 +- net/core/dev.c | 4 +- net/ieee802154/6lowpan/core.c | 6 ++ net/ipv4/netfilter/ip_tables.c | 1 + net/ipv4/tcp.c | 4 +- net/ipv4/tcp_dctcp.c | 25 ----- net/ipv4/tcp_output.c | 4 - net/ipv6/calipso.c | 9 +- net/ipv6/exthdrs.c | 111 ++++++--------------- net/ipv6/ipv6_sockglue.c | 27 +++-- net/ipv6/mcast.c | 9 +- net/ipv6/netfilter/ip6_tables.c | 1 + net/ipv6/netfilter/nf_conntrack_reasm.c | 6 +- net/netfilter/nf_conntrack_core.c | 2 +- net/netfilter/nf_conntrack_helper.c | 5 + net/netfilter/nf_conntrack_proto_dccp.c | 8 +- net/netfilter/nf_log.c | 4 + net/netfilter/nft_compat.c | 13 +++ net/packet/af_packet.c | 12 ++- net/qrtr/qrtr.c | 4 + net/sched/act_tunnel_key.c | 6 +- net/sctp/chunk.c | 4 +- net/smc/af_smc.c | 3 +- net/wireless/nl80211.c | 35 +++---- net/xfrm/xfrm_user.c | 8 +- samples/bpf/parse_varlen.c | 6 +- samples/bpf/test_overhead_user.c | 19 +++- samples/bpf/trace_event_user.c | 27 ++++- scripts/kconfig/zconf.y | 4 +- security/smack/smack_lsm.c | 1 + sound/core/seq/seq_clientmgr.c | 3 +- tools/build/Makefile | 2 +- tools/objtool/elf.c | 41 +++++--- tools/perf/arch/powerpc/util/skip-callchain-idx.c | 2 +- tools/perf/arch/x86/util/perf_regs.c | 2 +- tools/perf/bench/numa.c | 5 +- tools/perf/jvmti/jvmti_agent.c | 3 +- tools/perf/tests/topology.c | 1 + tools/perf/util/c++/clang.cpp | 11 +- tools/perf/util/header.c | 10 +- tools/perf/util/llvm-utils.c | 6 +- tools/perf/util/parse-events.y | 5 + .../util/scripting-engines/trace-event-python.c | 8 +- tools/testing/selftests/bpf/test_kmod.sh | 9 ++ .../selftests/pstore/pstore_post_reboot_tests | 5 +- .../selftests/static_keys/test_static_keys.sh | 13 +++ tools/testing/selftests/sync/config | 4 + tools/testing/selftests/sysctl/sysctl.sh | 20 ++-- tools/testing/selftests/user/test_user_copy.sh | 7 ++ tools/testing/selftests/vm/compaction_test.c | 4 +- tools/testing/selftests/vm/mlock2-tests.c | 12 ++- tools/testing/selftests/vm/run_vmtests | 5 +- tools/testing/selftests/vm/userfaultfd.c | 4 +- tools/testing/selftests/x86/sigreturn.c | 59 ++++++----- tools/testing/selftests/zram/zram.sh | 5 +- tools/testing/selftests/zram/zram_lib.sh | 5 +- virt/kvm/arm/vgic/vgic-v3.c | 5 - virt/kvm/eventfd.c | 11 +- 225 files changed, 1564 insertions(+), 778 deletions(-)

7 years, 2 months

5
212
0 0

[PATCH 4.17 000/324] 4.17.19-stable review

by Greg Kroah-Hartman

NOTE, this is going to be the LAST 4.17.y kernel release. Please move to the 4.18.y tree at this point in time if you have not already. After this release, 4.17.y will be end-of-life. This is the start of the stable review cycle for the 4.17.19 release. There are 324 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat Aug 25 07:48:40 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.17.19-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.17.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.17.19-rc1 Jann Horn <jannh(a)google.com> reiserfs: fix broken xattr handling (heap corruption, bad retval) Esben Haabendal <eha(a)deif.com> i2c: imx: Fix race condition in dma read Hans de Goede <hdegoede(a)redhat.com> i2c: core: ACPI: Properly set status byte to 0 for multi-byte writes Lukas Wunner <lukas(a)wunner.de> PCI: pciehp: Fix unprotected list iteration in IRQ handler Lukas Wunner <lukas(a)wunner.de> PCI: pciehp: Fix use-after-free on unplug Myron Stowe <myron.stowe(a)redhat.com> PCI: Skip MPS logic for Virtual Functions (VFs) Lukas Wunner <lukas(a)wunner.de> PCI: hotplug: Don't leak pci_slot on registration failure Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PCI / ACPI / PM: Resume all bridges on suspend-to-RAM Christian König <ckoenig.leichtzumerken(a)gmail.com> PCI: Restore resized BAR state on resume Ursula Braun <ubraun(a)linux.ibm.com> net/smc: no shutdown in state SMC_LISTEN Willem de Bruijn <willemb(a)google.com> packet: refine ring v3 block size test to hold one frame Florian Westphal <fw(a)strlen.de> netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state Eric Dumazet <edumazet(a)google.com> xfrm_user: prevent leaking 2 bytes of kernel memory John David Anglin <dave.anglin(a)bell.net> parisc: Remove ordered stores from syscall.S John David Anglin <dave.anglin(a)bell.net> parisc: Remove unnecessary barriers from spinlock.h Gustavo A. R. Silva <gustavo(a)embeddedor.com> drm/amdgpu/pm: Fix potential Spectre v1 Gustavo A. R. Silva <gustavo(a)embeddedor.com> drm/i915/kvmgt: Fix potential Spectre v1 Jeremy Cline <jcline(a)redhat.com> ext4: fix spectre gadget in ext4_mb_regular_allocator() Dave Hansen <dave.hansen(a)linux.intel.com> x86/mm/init: Remove freed kernel image areas from alias mapping Dave Hansen <dave.hansen(a)linux.intel.com> x86/mm/init: Add helper for freeing kernel image pages Dave Hansen <dave.hansen(a)linux.intel.com> x86/mm/init: Pass unconverted symbol addresses to free_init_pages() Dave Hansen <dave.hansen(a)linux.intel.com> mm: Allow non-direct-map arguments to free_reserved_area() Matthijs van Duin <matthijsvanduin(a)gmail.com> pty: fix O_CLOEXEC for TIOCGPTPEER Takashi Iwai <tiwai(a)suse.de> EDAC: Add missing MEM_LRDDR4 entry in edac_mem_types[] Linus Torvalds <torvalds(a)linux-foundation.org> mm: make vm_area_alloc() initialize core fields Linus Torvalds <torvalds(a)linux-foundation.org> mm: make vm_area_dup() actually copy the old vma data Linus Torvalds <torvalds(a)linux-foundation.org> mm: use helper functions for allocating and freeing vm_area structs Roland Dreier <roland(a)purestorage.com> nvme: fix handling of metadata_len for NVME_IOCTL_IO_CMD Damien Thébault <damien(a)dtbo.net> platform/x86: dell-laptop: Fix backlight detection Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> ARM: dts: imx6: RDU2: fix irq type for mv88e6xxx switch Robin H. Johnson <robbat2(a)gentoo.org> ACPI / EC: Use ec_no_wakeup on more Thinkpad X1 Carbon 6th systems Anson Huang <Anson.Huang(a)nxp.com> soc: imx: gpc: restrict register range for regmap access Randy Dunlap <rdunlap(a)infradead.org> tcp: identify cryptic messages as TCP seq # bugs Alexander Sverdlin <alexander.sverdlin(a)nokia.com> net: cavium: Add fine-granular dependencies on PCI Stefan Wahren <stefan.wahren(a)i2se.com> net: qca_spi: Fix log level if probe fails Stefan Wahren <stefan.wahren(a)i2se.com> net: qca_spi: Make sure the QCA7000 reset is triggered Stefan Wahren <stefan.wahren(a)i2se.com> net: qca_spi: Avoid packet drop during initial sync Sergei Shtylyov <sergei.shtylyov(a)cogentembedded.com> PCI: v3-semi: Fix I/O space page leak Sergei Shtylyov <sergei.shtylyov(a)cogentembedded.com> PCI: mediatek: Fix I/O space page leak Sergei Shtylyov <sergei.shtylyov(a)cogentembedded.com> PCI: faraday: Fix I/O space page leak Sergei Shtylyov <sergei.shtylyov(a)cogentembedded.com> PCI: aardvark: Fix I/O space page leak Sergei Shtylyov <sergei.shtylyov(a)cogentembedded.com> PCI: designware: Fix I/O space page leak Sergei Shtylyov <sergei.shtylyov(a)cogentembedded.com> PCI: versatile: Fix I/O space page leak Sergei Shtylyov <sergei.shtylyov(a)cogentembedded.com> PCI: xgene: Fix I/O space page leak Sergei Shtylyov <sergei.shtylyov(a)cogentembedded.com> PCI: OF: Fix I/O space page leak Karsten Graul <kgraul(a)linux.ibm.com> net/smc: reset recv timeout after clc handshake Peng Hao <peng.hao2(a)zte.com.cn> kvmclock: fix TSC calibration for nested guests David Lechner <david(a)lechnology.com> net: usb: rtl8150: demote allmulti message to dev_dbg() Alexander Sverdlin <alexander.sverdlin(a)nsn.com> octeon_mgmt: Fix MIX registers configuration on MTU setup Scott Bauer <scott.bauer(a)intel.com> nvme: ensure forward progress during Admin passthru Qu Wenruo <wqu(a)suse.com> btrfs: scrub: Don't use inode page cache in scrub_handle_errored_block() Pavel Machek <pavel(a)ucw.cz> ARM: dts: omap4-droid4: fix dts w.r.t. pwm John Allen <jallen(a)linux.ibm.com> ibmvnic: Fix error recovery on login failure Randy Dunlap <rdunlap(a)infradead.org> net/ethernet/freescale/fman: fix cross-build error Stephen Hemminger <stephen(a)networkplumber.org> hv/netvsc: fix handling of fallback to single queue mode Thomas Falcon <tlfalcon(a)linux.vnet.ibm.com> ibmvnic: Revise RX/TX queue error messages Frank Rowand <frank.rowand(a)sony.com> of: overlay: update phandle cache on overlay apply and remove Dan Carpenter <dan.carpenter(a)oracle.com> drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply() Juri Lelli <juri.lelli(a)redhat.com> sched/deadline: Fix switched_from_dl() warning Jim Mattson <jmattson(a)google.com> kvm: nVMX: Restore exit qual for VM-entry failure due to MSR loading piaojun <piaojun(a)huawei.com> net/9p/client.c: put refcount of trans_mod in error case in parse_opts() Wei Yongjun <weiyongjun1(a)huawei.com> pinctrl: nsp: Fix potential NULL dereference Dan Carpenter <dan.carpenter(a)oracle.com> pinctrl: nsp: off by ones in nsp_pinmux_enable() Paul Cercueil <paul(a)crapouillou.net> pinctrl: ingenic: Fix inverted direction for < JZ4770 Yuchung Cheng <ycheng(a)google.com> tcp: remove DELAYED ACK events in DCTCP Dan Carpenter <dan.carpenter(a)oracle.com> qlogic: check kstrtoul() for errors Alexandre Belloni <alexandre.belloni(a)bootlin.com> rtc: fix alarm read and set offset Willem de Bruijn <willemb(a)google.com> packet: reset network header if packet shorter than ll reserved space Bert Kenward <bkenward(a)solarflare.com> sfc: hold filter_sem consistently during reset Bert Kenward <bkenward(a)solarflare.com> sfc: avoid hang from nested use of the filter_sem Masahiro Yamada <yamada.masahiro(a)socionext.com> kbuild: suppress warnings from 'getconf LFS_*' Laura Abbott <labbott(a)redhat.com> tools: build: Use HOSTLDFLAGS with fixdep Laura Abbott <labbott(a)redhat.com> tools: build: Fixup host c flags Dan Carpenter <dan.carpenter(a)oracle.com> ixgbe: Off by one in ixgbe_ipsec_tx() David Francis <David.Francis(a)amd.com> amd/dc/dce100: On dce100, set clocks to 0 on suspend Alexander Duyck <alexander.h.duyck(a)intel.com> ixgbe: Be more careful when modifying MAC filters Adam Ford <aford173(a)gmail.com> ARM: dts: am3517.dtsi: Disable reference to OMAP3 OTG controller Nishanth Menon <nm(a)ti.com> ARM: DRA7/OMAP5: Enable ACTLR[0] (Enable invalidates of BTB) for secondary cores Russell King <rmk+kernel(a)armlinux.org.uk> sfp: fix module initialisation with netdev already up Russell King <rmk+kernel(a)armlinux.org.uk> sfp: ensure we clean up properly on bus registration failure Steven Rostedt (VMware) <rostedt(a)goodmis.org> ARM: 8780/1: ftrace: Only set kernel memory back to read-only after boot Kamal Heib <kamalheib1(a)gmail.com> RDMA/mlx5: Fix memory leak in mlx5_ib_create_srq() error path Dave Jiang <dave.jiang(a)intel.com> nfit: fix unchecked dereference in acpi_nfit_ctl Jeremy Cline <jcline(a)redhat.com> perf tools: Use python-config --includes rather than --cflags Janne Huttunen <janne.huttunen(a)nokia.com> perf script python: Fix dict reference counting Jiri Olsa <jolsa(a)kernel.org> perf tools: Fix compilation errors on gcc8 Kim Phillips <kim.phillips(a)arm.com> perf test shell: Prevent temporary editor files from being considered test scripts Kim Phillips <kim.phillips(a)arm.com> perf llvm-utils: Remove bashism from kernel include fetch script Manish Rangankar <manish.rangankar(a)cavium.com> scsi: qedi: Send driver state to MFW Saurav Kashyap <saurav.kashyap(a)cavium.com> scsi: qedf: Send the driver state to MFW Don Brace <don.brace(a)microsemi.com> scsi: hpsa: correct enclosure sas address Taeung Song <treeze.taeung(a)gmail.com> samples/bpf: Fix tc and ip paths in xdp2skb_meta.sh Vikas Gupta <vikas.gupta(a)broadcom.com> bnxt_en: Fix for system hang if request_irq fails Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Do not modify max IRQ count after RDMA driver requests/frees IRQs. Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Always set output parameters in bnxt_get_max_rings(). Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Fix inconsistent BNXT_FLAG_AGG_RINGS logic. Venkat Duvvuru <venkatkumar.duvvuru(a)broadcom.com> bnxt_en: Fix the vlan_tci exact match check. Peter Zijlstra <peterz(a)infradead.org> ARC: Improve cmpxchg syscall implementation Gustavo Pimentel <gustavo.pimentel(a)synopsys.com> ARC: [plat-hsdk]: Configure APB GPIO controller on ARC HSDK platform Andrey Ryabinin <aryabinin(a)virtuozzo.com> netfilter: nf_conntrack: Fix possible possible crash on module loading. Florian Westphal <fw(a)strlen.de> netfilter: nft_compat: explicitly reject ERROR and standard target Russell King <rmk+kernel(a)armlinux.org.uk> drm/armada: fix irq handling Russell King <rmk+kernel(a)armlinux.org.uk> drm/armada: fix colorkey mode property Michael Hennerich <michael.hennerich(a)analog.com> net: ieee802154: adf7242: Fix OCL calibration runs Michael Hennerich <michael.hennerich(a)analog.com> net: ieee802154: adf7242: Fix erroneous RX enable Mikko Perttunen <mperttunen(a)nvidia.com> drm/tegra: Fix comparison operator for buffer size Dmitry Osipenko <digetx(a)gmail.com> gpu: host1x: Check whether size of unpin isn't 0 Dmitry Osipenko <digetx(a)gmail.com> gpu: host1x: Skip IOMMU initialization if firewall is enabled Stefan Schmidt <stefan(a)datenfreihafen.org> ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem Stefan Schmidt <stefan(a)datenfreihafen.org> ieee802154: at86rf230: use __func__ macro for debug messages Stefan Schmidt <stefan(a)datenfreihafen.org> ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem Arnd Bergmann <arnd(a)arndb.de> drm/sun4i: link in front-end code if needed Paolo Abeni <pabeni(a)redhat.com> ipfrag: really prevent allocation on netns exit John Fastabend <john.fastabend(a)gmail.com> bpf: fix sk_skb programs without skb->dev assigned Douglas Anderson <dianders(a)chromium.org> nvmem: Don't let a NULL cell_id for nvmem_cell_get() crash us Davide Caratti <dcaratti(a)redhat.com> net/sched: act_tunnel_key: fix NULL dereference when 'goto chain' is used Davide Caratti <dcaratti(a)redhat.com> net/sched: act_csum: fix NULL dereference when 'goto chain' is used Harini Katakam <harini.katakam(a)xilinx.com> net: macb: Free RX ring for all queues Daniel Mack <daniel(a)zonque.org> ARM: pxa: irq: fix handling of ICMR registers in suspend/resume Casey Leedom <leedom(a)chelsio.com> cxgb4: assume flash part size to be 4MB, if it can't be determined Jon Maloy <jon.maloy(a)ericsson.com> tipc: make function tipc_net_finalize() thread safe Jon Maloy <jon.maloy(a)ericsson.com> tipc: fix correct setting of message type in second discoverer Jon Maloy <jon.maloy(a)ericsson.com> tipc: correct discovery message handling during address trial period Jon Maloy <jon.maloy(a)ericsson.com> tipc: fix wrong return value from function tipc_node_try_addr() Vladimir Zapolskiy <vladimir_zapolskiy(a)mentor.com> ravb: fix invalid context bug while changing link options by ethtool Vladimir Zapolskiy <vladimir_zapolskiy(a)mentor.com> ravb: fix invalid context bug while calling auto-negotiation by ethtool Vladimir Zapolskiy <vladimir_zapolskiy(a)mentor.com> sh_eth: fix invalid context bug while changing link options by ethtool Vladimir Zapolskiy <vladimir_zapolskiy(a)mentor.com> sh_eth: fix invalid context bug while calling auto-negotiation by ethtool Arun Kumar Neelakantam <aneela(a)codeaurora.org> net: qrtr: Reset the node and port ID of broadcast messages Arun Kumar Neelakantam <aneela(a)codeaurora.org> net: qrtr: Broadcast messages only from control port Paul Moore <paul(a)paul-moore.com> ipv6: make ipv6_renew_options() interrupt/kernel safe Dan Carpenter <dan.carpenter(a)oracle.com> qed: off by one in qed_parse_mcp_trace_buf() Florian Westphal <fw(a)strlen.de> netfilter: x_tables: set module owner for icmp(6) matches Lubomir Rintel <lkundrak(a)v3.sk> ieee802154: 6lowpan: set IFLA_LINK Arnd Bergmann <arnd(a)arndb.de> ieee802154: mcr20a: add missing includes Taeung Song <treeze.taeung(a)gmail.com> samples/bpf: Check the error of write() and read() Taeung Song <treeze.taeung(a)gmail.com> samples/bpf: Check the result of system() Taeung Song <treeze.taeung(a)gmail.com> samples/bpf: add missing <linux/if_vlan.h> Jim Wilson <jimw(a)sifive.com> RISC-V: Fix PTRACE_SETREGSET bug. Palmer Dabbelt <palmer(a)sifive.com> RISC-V: Don't include irq-riscv-intc.h Andreas Schwab <schwab(a)suse.de> RISC-V: fix R_RISCV_ADD32/R_RISCV_SUB32 relocations Maciej Purski <m.purski(a)samsung.com> drm/bridge/sii8620: Fix display of packed pixel modes Yuiko Oshino <yuiko.oshino(a)microchip.com> smsc75xx: Add workaround for gigabit link up hardware errata. Wang Dongsheng <dongsheng.wang(a)hxt-semitech.com> net: phy: marvell: change default m88e1510 LED configuration Zhen Lei <thunder.leizhen(a)huawei.com> kasan: fix shadow_size calculation error in kasan_module_alloc Mathieu Malaterre <malat(a)debian.org> tracing: Use __printf markup to silence compiler Mauricio Vasquez B <mauricio.vasquez(a)polito.it> bpf: hash map: decrement counter on error Heiner Kallweit <hkallweit1(a)gmail.com> r8169: fix mac address change Doron Roberts-Kedes <doronrk(a)fb.com> tls: fix skb_to_sgvec returning unhandled error. Fabio Estevam <fabio.estevam(a)nxp.com> ARM: imx_v4_v5_defconfig: Select ULPI support Fabio Estevam <fabio.estevam(a)nxp.com> ARM: imx_v6_v7_defconfig: Select ULPI support Jason Gerecke <killertofu(a)gmail.com> HID: wacom: Correct touch maximum XY of 2nd-gen Intuos Zhenzhong Duan <zhenzhong.duan(a)oracle.com> x86/mm/32: Initialize the CR4 shadow before __flush_tlb_all() Peter Zijlstra <peterz(a)infradead.org> kthread, sched/core: Fix kthread_parkme() (again...) Vincent Guittot <vincent.guittot(a)linaro.org> sched/util_est: Fix util_est_dequeue() for throttled cfs_rq Xunlei Pang <xlpang(a)linux.alibaba.com> sched/fair: Fix bandwidth timer clock drift condition Frederic Weisbecker <frederic(a)kernel.org> sched/nohz: Skip remote tick on idle task entirely Greentime Hu <greentime(a)andestech.com> nds32: Fix the dts pointer is not passed correctly issue. Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: fix swapped emit_ib_size in vce3 Kai-Heng Feng <kai.heng.feng(a)canonical.com> usb: xhci: dbc: Don't decrement runtime PM counter if DBC is not started Hangbin Liu <liuhangbin(a)gmail.com> ipvlan: call dev_change_flags when ipvlan mode is reset Josh Poimboeuf <jpoimboe(a)redhat.com> objtool: Support GCC 8 '-fnoreorder-functions' Greg Ungerer <gerg(a)linux-m68k.org> m68k: fix "bad page state" oops on ColdFire boot Eric Biggers <ebiggers(a)google.com> crypto: arm/speck - fix building in Thumb2 mode Stafford Horne <shorne(a)gmail.com> openrisc: entry: Fix delay slot exception detection Vishal Verma <vishal.l.verma(a)intel.com> tools/testing/nvdimm: advertise a write cache for nfit_test Dave Jiang <dave.jiang(a)intel.com> acpi/nfit: fix cmd_rc for acpi_nfit_ctl to always return a value Julian Wiedmann <jwi(a)linux.ibm.com> s390/qeth: consistently re-enable device features Madalin Bucur <madalin.bucur(a)nxp.com> dpaa_eth: DPAA SGT needs to be 256B Madalin Bucur <madalin.bucur(a)nxp.com> fsl/fman: fix parser reporting bad checksum on short frames Sudarsana Reddy Kalluru <sudarsana.kalluru(a)cavium.com> bnx2x: Fix receiving tx-timeout in error or recovery state. Nicholas Mc Guire <hofrat(a)osadl.org> PCI: faraday: Add missing of_node_put() Nicholas Mc Guire <hofrat(a)osadl.org> PCI: xilinx-nwl: Add missing of_node_put() Nicholas Mc Guire <hofrat(a)osadl.org> PCI: xilinx: Add missing of_node_put() Daniel Borkmann <daniel(a)iogearbox.net> bpf, s390: fix potential memleak when later bpf_jit_prog fails Bart Van Assche <bart.vanassche(a)wdc.com> drbd: Fix drbd_request_prepare() discard handling Jens Axboe <axboe(a)kernel.dk> blk-mq: don't queue more if we get a busy return Marek Szyprowski <m.szyprowski(a)samsung.com> drm/exynos: decon5433: Fix WINCONx reset value Marek Szyprowski <m.szyprowski(a)samsung.com> drm/exynos: decon5433: Fix per-plane global alpha for XRGB modes Marek Szyprowski <m.szyprowski(a)samsung.com> drm/exynos: gsc: Fix support for NV16/61, YUV420/YVU420 and YUV422 modes Johannes Berg <johannes.berg(a)intel.com> nl80211: check nla_parse_nested() return values Bob Copeland <me(a)bobcopeland.com> nl80211: relax ht operation checks for mesh Denis Kenzior <denkenz(a)gmail.com> mac80211: disable BHs/preemption in ieee80211_tx_control_port() Jeff Moyer <jmoyer(a)redhat.com> dev-dax: check_vma: ratelimit dev_info-s BingJing Chang <bingjingc(a)synology.com> md/raid10: fix that replacement cannot complete recovery after reassemble Evan Quan <evan.quan(a)amd.com> drm/amd/powerplay: correct vega12 thermal support as true Ryan Hsu <ryanhsu(a)codeaurora.org> ath10k: update the phymode along with bandwidth change request Dan Carpenter <dan.carpenter(a)oracle.com> dmaengine: k3dma: Off by one in k3_of_dma_simple_xlate() Marek Szyprowski <m.szyprowski(a)samsung.com> dmaengine: pl330: report BURST residue granularity Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> ARM64: dts: meson-gxl: fix Mali GPU compatible string Jerome Brunet <jbrunet(a)baylibre.com> ARM64: dts: meson-axg: fix ethernet stability issue Will Deacon <will.deacon(a)arm.com> arm64: Avoid flush_icache_range() in alternatives patching code Katsuhiro Suzuki <suzuki.katsuhiro(a)socionext.com> arm64: dts: uniphier: fix widget name of headphone for LD11/LD20 boards Keerthy <j-keerthy(a)ti.com> ARM: dts: da850: Fix interrups property for gpio Andy Lutomirski <luto(a)kernel.org> selftests/x86/sigreturn: Do minor cleanups Andy Lutomirski <luto(a)kernel.org> selftests/x86/sigreturn/64: Fix spurious failures on AMD CPUs Chengguang Xu <cgxu519(a)gmx.com> nfp: cast sizeof() to int when comparing with error code Sowmini Varadhan <sowmini.varadhan(a)oracle.com> rds: clean up loopback rds_connections on netns deletion Eli Cohen <eli(a)mellanox.com> net/mlx5: E-Switch, Disallow vlan/spoofcheck setup if not being esw manager Yan, Zheng <zyan(a)redhat.com> ceph: fix dentry leak in splice_dentry() Jann Horn <jannh(a)google.com> netfilter: nf_log: fix uninit read in nf_log_proc_dostring Adam Ford <aford173(a)gmail.com> ARM: davinci: board-da850-evm: fix WP pin polarity for MMC/SD Peter Chen <peter.chen(a)nxp.com> usb: chipidea: host: fix disconnection detect issue Dan Carpenter <dan.carpenter(a)oracle.com> clk: davinci: cfgchip: testing the wrong variable Ravi Bangoria <ravi.bangoria(a)linux.ibm.com> perf tools: Fix crash caused by accessing feat_ops[HEADER_LAST_FEATURE] Ravi Bangoria <ravi.bangoria(a)linux.ibm.com> perf script: Fix crash because of missing evsel->priv Jiri Olsa <jolsa(a)kernel.org> perf bench: Fix numa report output code Yonghong Song <yhs(a)fb.com> perf tools: Fix a clang 7.0 compilation error Jiri Olsa <jolsa(a)kernel.org> perf tests: Add event parsing error handling to parse events test Sandipan Das <sandipan(a)linux.ibm.com> perf report powerpc: Fix crash if callchain is empty Thomas Richter <tmricht(a)linux.ibm.com> perf test session topology: Fix test on s390 Thomas Richter <tmricht(a)linux.ibm.com> perf record: Support s390 random socket_id assignment Dirk Gouders <dirk(a)gouders.net> kconfig: fix line numbers for if-entries in menu tree Dan Carpenter <dan.carpenter(a)oracle.com> typec: tcpm: Fix a msecs vs jiffies bug Hans de Goede <hdegoede(a)redhat.com> NFC: pn533: Fix wrong GFP flag usage Ajay Gupta <ajaykuee(a)gmail.com> usb: xhci: increase CRS timeout value Dongjiu Geng <gengdongjiu(a)huawei.com> usb: xhci: remove the code build warning Jakub Kicinski <jakub.kicinski(a)netronome.com> nfp: bpf: don't stop offload if replace failed Takashi Iwai <tiwai(a)suse.de> ALSA: seq: Fix UBSAN warning at SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT ioctl Daniel Mack <daniel(a)zonque.org> ARM: dts: am437x: make edt-ft5x06 a wakeup source Haiyue Wang <haiyue.wang(a)linux.intel.com> ipmi: kcs_bmc: fix IRQ exception if the channel is not open Michael Trimarchi <michael(a)amarulasolutions.com> brcmfmac: stop watchdog before detach and free everything Tomasz Duszynski <tduszyns(a)gmail.com> iio: pressure: bmp280: fix relative humidity unit Ganesh Goudar <ganeshgr(a)chelsio.com> cxgb4: when disabling dcb set txq dcb priority to 0 Linus Lüssing <linus.luessing(a)c0d3.blue> batman-adv: Fix multicast TT issues with bogus ROAM flags Linus Lüssing <linus.luessing(a)c0d3.blue> batman-adv: Avoid storing non-TT-sync flags on singular entries too Sven Eckelmann <sven(a)narfation.org> batman-adv: Fix debugfs path for renamed softif Sven Eckelmann <sven(a)narfation.org> batman-adv: Fix debugfs path for renamed hardif Sven Eckelmann <sven(a)narfation.org> batman-adv: Fix bat_v best gw refcnt after netlink dump Sven Eckelmann <sven(a)narfation.org> batman-adv: Fix bat_ogm_iv best gw refcnt after netlink dump Rob Herring <robh(a)kernel.org> arm64: dts: msm8916: fix Coresight ETF graph connections Casey Schaufler <casey(a)schaufler-ca.com> Smack: Mark inode instant in smack_task_to_inode Hangbin Liu <liuhangbin(a)gmail.com> ipv6: mcast: fix unsolicited report interval after receiving querys Zhenzhong Duan <zhenzhong.duan(a)oracle.com> x86/microcode/intel: Fix memleak in save_microcode_patch() Marc Zyngier <marc.zyngier(a)arm.com> irqchip/gic-v3-its: Fix reprogramming of redistributors on CPU hotplug Marc Zyngier <marc.zyngier(a)arm.com> irqchip/gic-v2m: Fix SPI release on error path Geert Uytterhoeven <geert(a)linux-m68k.org> mtd: dataflash: Use ULL suffix for 64-bit constants Jeffrin Jose T <ahiliation(a)gmail.com> selftests: bpf: notification about privilege required to run test_kmod.sh testing script Steven Rostedt (VMware) <rostedt(a)goodmis.org> locking/lockdep: Do not record IRQ state within lockdep code Masahiro Yamada <yamada.masahiro(a)socionext.com> clk: sunxi-ng: replace lib-y with obj-y Jianchao Wang <jianchao.w.wang(a)oracle.com> nvme-pci: move nvme_kill_queues to nvme_remove_dead_ctrl Maciej Purski <m.purski(a)samsung.com> drm/bridge/sii8620: fix display of packed pixel modes in MHL2 Ard Biesheuvel <ard.biesheuvel(a)linaro.org> KVM: arm/arm64: Drop resource size check for GICV window Marcelo Ricardo Leitner <marcelo.leitner(a)gmail.com> sctp: fix erroneous inc of snmp SctpFragUsrMsgs Bartosz Golaszewski <bgolaszewski(a)baylibre.com> net: davinci_emac: match the mdio device against its compatible if possible Doron Roberts-Kedes <doronrk(a)fb.com> nbd: Add the nbd NBD_DISCONNECT_ON_CLOSE config flag. Anders Roxell <anders.roxell(a)linaro.org> selftests: net: add config fragments Alexey Brodkin <Alexey.Brodkin(a)synopsys.com> ARC: Enable machine_desc->init_per_cpu for !CONFIG_SMP Dan Carpenter <dan.carpenter(a)oracle.com> block: sed-opal: Fix a couple off by one bugs Dan Carpenter <dan.carpenter(a)oracle.com> blk-mq-debugfs: Off by one in blk_mq_rq_state_name() Max Gurtuvoy <maxg(a)mellanox.com> nvmet: reset keep alive timer in controller enable Israel Rukshin <israelr(a)mellanox.com> nvme-rdma: Fix command completion race at error recovery Sagi Grimberg <sagi(a)grimberg.me> nvme-rdma: fix possible double free condition when failing to create a controller Dinh Nguyen <dinguyen(a)kernel.org> net: stmmac: socfpga: add additional ocp reset line for Stratix10 Li RongQing <lirongqing(a)baidu.com> net: propagate dev_get_valid_name return code Stefan Agner <stefan(a)agner.ch> net: hamradio: use eth_broadcast_addr Govindarajulu Varadarajan <gvaradar(a)cisco.com> enic: initialize enic->rfs_h.lock in enic_probe Sudarsana Reddy Kalluru <sudarsana.kalluru(a)cavium.com> qed: Do not advertise DCBX_LLD_MANAGED capability. Sudarsana Reddy Kalluru <sudarsana.kalluru(a)cavium.com> qed: Add sanity check for SIMD fastpath handler. Sudarsana Reddy Kalluru <sudarsana.kalluru(a)cavium.com> qed: Fix possible memory leak in Rx error path handling. Zhizhou Zhang <zhizhouzhang(a)asrmicro.com> arm64: make secondary_start_kernel() notrace Marek Szyprowski <m.szyprowski(a)samsung.com> arm64: dma-mapping: clear buffers allocated with FORCE_CONTIGUOUS flag Zhouyang Jia <jiazhouyang09(a)gmail.com> xen/scsiback: add error handling for xenbus_printf Zhouyang Jia <jiazhouyang09(a)gmail.com> scsi: xen-scsifront: add error handling for xenbus_printf Trond Myklebust <trond.myklebust(a)hammerspace.com> pNFS: Always free the session slot on error in nfs4_layoutget_handle_exception Zhouyang Jia <jiazhouyang09(a)gmail.com> xen: add error handling for xenbus_printf Nicholas Piggin <npiggin(a)gmail.com> powerpc: smp_send_stop do not offline stopped CPUs Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> dwc2: gadget: Fix ISOC IN DDMA PID bitfield value calculation Grigor Tovmasyan <Grigor.Tovmasyan(a)synopsys.com> usb: gadget: dwc2: fix memory leak in gadget_init() Chunfeng Yun <chunfeng.yun(a)mediatek.com> usb: gadget: composite: fix delayed_status race condition when set_interface William Wu <william.wu(a)rock-chips.com> usb: dwc2: fix isoc split in transfer with no data William Wu <william.wu(a)rock-chips.com> usb: dwc2: alloc dma aligned buffer for isoc split in Artur Petrosyan <Arthur.Petrosyan(a)synopsys.com> usb: dwc2: Fix host exit from hibernation flow. Janusz Krzysztofik <jmkrzyszt(a)gmail.com> dmaengine: ti: omap-dma: Fix OMAP1510 incorrect residue_granularity John Garry <john.garry(a)huawei.com> libahci: Fix possible Spectre-v1 pmp indexing in ahci_led_store() Vijay Immanuel <vijayi(a)attalasystems.com> IB/rxe: Fix missing completion for mem_reg work requests Ayan Kumar Halder <ayan.halder(a)arm.com> drm/mali-dp: Rectify the width and height passed to rotmem_required() Ayan Kumar Halder <ayan.halder(a)arm.com> drm/arm/malidp: Preserve LAYER_FORMAT contents when setting format Alison Wang <alison.wang(a)nxp.com> drm: mali-dp: Enable Global SE interrupts mask for DP500 Ayan Kumar Halder <ayan.halder(a)arm.com> drm/arm/malidp: Ensure that the crtcs are shutdown before removing any encoder/connector Hoan Tran <hoan.tran(a)amperecomputing.com> drivers/perf: xgene_pmu: Fix IOB SLOW PMU parser error Ray Jui <ray.jui(a)broadcom.com> arm64: dts: Stingray: Fix I2C controller interrupt type Ray Jui <ray.jui(a)broadcom.com> arm64: dts: ns2: Fix PCIe controller interrupt type Ray Jui <ray.jui(a)broadcom.com> arm64: dts: ns2: Fix I2C controller interrupt type Scott Branden <scott.branden(a)broadcom.com> arm64: dts: specify 1.8V EMMC capabilities for bcm958742t Scott Branden <scott.branden(a)broadcom.com> arm64: dts: specify 1.8V EMMC capabilities for bcm958742k Ray Jui <ray.jui(a)broadcom.com> ARM: dts: Cygnus: Fix PCIe controller interrupt type Ray Jui <ray.jui(a)broadcom.com> ARM: dts: Cygnus: Fix I2C controller interrupt type Florian Fainelli <f.fainelli(a)gmail.com> ARM: dts: BCM5301x: Fix i2c controller interrupt type Florian Fainelli <f.fainelli(a)gmail.com> ARM: dts: HR2: Fix interrupt types for i2c and PCIe Florian Fainelli <f.fainelli(a)gmail.com> ARM: dts: NSP: Fix PCIe controllers interrupt types Florian Fainelli <f.fainelli(a)gmail.com> ARM: dts: NSP: Fix i2c controller interrupt type Fathi Boudra <fathi.boudra(a)linaro.org> selftests: sync: add config fragment for testing sync framework Shuah Khan (Samsung OSG) <shuah(a)kernel.org> selftests: vm: return Kselftest Skip code for skipped tests Shuah Khan (Samsung OSG) <shuah(a)kernel.org> selftests: zram: return Kselftest Skip code for skipped tests Shuah Khan (Samsung OSG) <shuah(a)kernel.org> selftests: user: return Kselftest Skip code for skipped tests Shuah Khan (Samsung OSG) <shuah(a)kernel.org> selftests: sysctl: return Kselftest Skip code for skipped tests Shuah Khan (Samsung OSG) <shuah(a)kernel.org> selftests: static_keys: return Kselftest Skip code for skipped tests Shuah Khan (Samsung OSG) <shuah(a)kernel.org> selftests: pstore: return Kselftest Skip code for skipped tests Gao Feng <gfree.wind(a)vip.163.com> netfilter: nf_ct_helper: Fix possible panic after nf_conntrack_helper_unregister Eric Dumazet <edumazet(a)google.com> netfilter: ipv6: nf_defrag: reduce struct net memory waste Mika Westerberg <mika.westerberg(a)linux.intel.com> ACPI / EC: Use ec_no_wakeup on Thinkpad X1 Carbon 6th Johan Hovold <johan(a)kernel.org> usb: dwc3: of-simple: fix use-after-free on remove Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: gadget: Fix issue in dwc2_gadget_start_isoc() Vincent Pelletier <plr.vincent(a)gmail.com> usb: gadget: ffs: Fix BUG when userland exits with submitted AIO transfers Heikki Krogerus <heikki.krogerus(a)linux.intel.com> usb: dwc3: pci: add support for Intel IceLake Anson Huang <Anson.Huang(a)nxp.com> soc: imx: gpcv2: correct PGC offset Guenter Roeck <linux(a)roeck-us.net> hwmon: (nct6775) Fix loop limit Helge Eichelberg <kernelorg(a)elchenberg.name> hwmon: (dell-smm) Disable fan support for Dell XPS13 9333 Steve French <stfrench(a)microsoft.com> smb3: increase initial number of credits requested to allow write Jakub Kicinski <jakub.kicinski(a)netronome.com> selftests/bpf: test offloads even with BPF programs present Alexey Brodkin <abrodkin(a)synopsys.com> ARC: Explicitly add -mmedium-calls to CFLAGS Maciej Purski <m.purski(a)samsung.com> drm/bridge/sii8620: fix potential buffer overflow Maciej Purski <m.purski(a)samsung.com> drm/bridge/sii8620: fix display modes validation Andrzej Hajda <a.hajda(a)samsung.com> drm/bridge/sii8620: fix loops in EDID fetch logic Julia Lawall <Julia.Lawall(a)lip6.fr> clocksource/drivers/stm32: Fix error return code Christophe Jaillet <christophe.jaillet(a)wanadoo.fr> IB/mlx4: Fix an error handling path in 'mlx4_ib_rereg_user_mr()' Lucas Stach <l.stach(a)pengutronix.de> Input: synaptics-rmi4 - fix axis-swap behavior Kalderon, Michal <Michal.Kalderon(a)cavium.com> RDMA/qedr: Fix NULL pointer dereference when running over iWARP without RDMA-CM Zhu Yanjun <yanjun.zhu(a)oracle.com> IB/rxe: avoid double kfree skb Nicolas Boichat <drinkcat(a)chromium.org> HID: google: Add support for whiskers Jiri Olsa <jolsa(a)kernel.org> perf tools: Fix error index for pmu event parser Dong Jia Shi <bjsdjshi(a)linux.vnet.ibm.com> vfio: ccw: fix error return in vfio_ccw_sch_event Viresh Kumar <viresh.kumar(a)linaro.org> arm: dts: armada: Fix "#cooling-cells" property's name ------------- Diffstat: Makefile | 10 +- arch/arc/Makefile | 15 +-- arch/arc/include/asm/mach_desc.h | 2 - arch/arc/kernel/irq.c | 2 +- arch/arc/kernel/process.c | 47 ++++++-- arch/arc/plat-hsdk/platform.c | 62 +++++++++++ arch/arm/boot/dts/am3517.dtsi | 5 + arch/arm/boot/dts/am437x-sk-evm.dts | 2 + arch/arm/boot/dts/armada-385-synology-ds116.dts | 2 +- arch/arm/boot/dts/bcm-cygnus.dtsi | 24 ++-- arch/arm/boot/dts/bcm-hr2.dtsi | 24 ++-- arch/arm/boot/dts/bcm-nsp.dtsi | 32 +++--- arch/arm/boot/dts/bcm5301x.dtsi | 2 +- arch/arm/boot/dts/da850.dtsi | 6 +- arch/arm/boot/dts/imx6qdl-zii-rdu2.dtsi | 2 +- arch/arm/boot/dts/omap4-droid4-xt894.dts | 9 +- arch/arm/configs/imx_v4_v5_defconfig | 2 + arch/arm/configs/imx_v6_v7_defconfig | 2 + arch/arm/crypto/speck-neon-core.S | 6 +- arch/arm/mach-davinci/board-da850-evm.c | 2 +- arch/arm/mach-omap2/omap-smp.c | 41 +++++++ arch/arm/mach-pxa/irq.c | 4 +- arch/arm/mm/init.c | 9 ++ arch/arm64/boot/dts/amlogic/meson-axg-s400.dts | 15 ++- arch/arm64/boot/dts/amlogic/meson-gxl-mali.dtsi | 2 +- arch/arm64/boot/dts/broadcom/northstar2/ns2.dtsi | 8 +- .../boot/dts/broadcom/stingray/bcm958742k.dts | 4 + .../boot/dts/broadcom/stingray/bcm958742t.dts | 4 + .../arm64/boot/dts/broadcom/stingray/stingray.dtsi | 4 +- arch/arm64/boot/dts/qcom/msm8916.dtsi | 4 +- .../boot/dts/socionext/uniphier-ld11-global.dts | 2 +- .../boot/dts/socionext/uniphier-ld20-global.dts | 2 +- arch/arm64/include/asm/alternative.h | 7 +- arch/arm64/kernel/alternative.c | 51 +++++++-- arch/arm64/kernel/module.c | 5 +- arch/arm64/kernel/smp.c | 2 +- arch/arm64/mm/dma-mapping.c | 9 +- arch/ia64/kernel/perfmon.c | 6 +- arch/ia64/mm/init.c | 12 +- arch/m68k/include/asm/mcf_pgalloc.h | 4 +- arch/nds32/kernel/setup.c | 3 +- arch/openrisc/kernel/entry.S | 8 +- arch/openrisc/kernel/head.S | 9 +- arch/openrisc/kernel/traps.c | 2 +- arch/parisc/include/asm/spinlock.h | 8 +- arch/parisc/kernel/syscall.S | 24 ++-- arch/powerpc/kernel/smp.c | 6 - arch/riscv/kernel/irq.c | 4 - arch/riscv/kernel/module.c | 4 +- arch/riscv/kernel/ptrace.c | 2 +- arch/s390/net/bpf_jit_comp.c | 1 + arch/x86/include/asm/processor.h | 1 + arch/x86/include/asm/set_memory.h | 1 + arch/x86/kernel/cpu/microcode/intel.c | 5 +- arch/x86/kernel/kvmclock.c | 1 + arch/x86/kernel/smpboot.c | 5 + arch/x86/kvm/vmx.c | 9 +- arch/x86/mm/init.c | 37 ++++++- arch/x86/mm/init_64.c | 8 +- arch/x86/mm/pageattr.c | 13 +++ block/blk-mq-debugfs.c | 2 +- block/blk-mq.c | 12 ++ block/sed-opal.c | 4 +- drivers/acpi/ec.c | 20 ++++ drivers/acpi/nfit/core.c | 4 + drivers/ata/libahci.c | 7 +- drivers/block/drbd/drbd_req.c | 4 +- drivers/block/nbd.c | 40 +++++-- drivers/char/ipmi/kcs_bmc.c | 31 ++---- drivers/clk/Makefile | 2 +- drivers/clk/davinci/da8xx-cfgchip.c | 2 +- drivers/clk/sunxi-ng/Makefile | 39 +++---- drivers/clocksource/timer-stm32.c | 4 +- drivers/dax/device.c | 12 +- drivers/dma/k3dma.c | 2 +- drivers/dma/omap-dma.c | 6 +- drivers/dma/pl330.c | 2 +- drivers/edac/edac_mc.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_pm.c | 3 +- drivers/gpu/drm/amd/amdgpu/vce_v3_0.c | 4 +- .../drm/amd/display/dc/dce100/dce100_resource.c | 19 +++- drivers/gpu/drm/amd/powerplay/hwmgr/vega12_hwmgr.c | 1 + drivers/gpu/drm/arm/malidp_drv.c | 3 +- drivers/gpu/drm/arm/malidp_hw.c | 3 +- drivers/gpu/drm/arm/malidp_planes.c | 9 +- drivers/gpu/drm/armada/armada_crtc.c | 12 +- drivers/gpu/drm/armada/armada_hw.h | 1 + drivers/gpu/drm/armada/armada_overlay.c | 30 +++-- drivers/gpu/drm/bridge/sil-sii8620.c | 121 +++++++++++---------- drivers/gpu/drm/exynos/exynos5433_drm_decon.c | 6 +- drivers/gpu/drm/exynos/exynos_drm_gsc.c | 29 +++-- drivers/gpu/drm/exynos/regs-gsc.h | 1 + drivers/gpu/drm/i915/gvt/kvmgt.c | 9 +- drivers/gpu/drm/nouveau/nouveau_gem.c | 4 +- drivers/gpu/drm/sun4i/Makefile | 5 +- drivers/gpu/drm/tegra/drm.c | 2 +- drivers/gpu/host1x/dev.c | 3 + drivers/gpu/host1x/job.c | 3 +- drivers/hid/hid-google-hammer.c | 2 + drivers/hid/hid-ids.h | 1 + drivers/hid/wacom_wac.c | 10 +- drivers/hwmon/dell-smm-hwmon.c | 7 ++ drivers/hwmon/nct6775.c | 2 +- drivers/i2c/busses/i2c-imx.c | 8 +- drivers/i2c/i2c-core-acpi.c | 11 +- drivers/iio/pressure/bmp280-core.c | 5 +- drivers/infiniband/hw/mlx4/mr.c | 7 +- drivers/infiniband/hw/mlx5/srq.c | 18 ++- drivers/infiniband/hw/qedr/verbs.c | 3 + drivers/infiniband/sw/rxe/rxe_req.c | 5 +- drivers/input/rmi4/rmi_2d_sensor.c | 34 +++--- drivers/irqchip/irq-gic-v2m.c | 2 +- drivers/irqchip/irq-gic-v3-its.c | 10 ++ drivers/md/raid10.c | 7 ++ drivers/mtd/devices/mtd_dataflash.c | 4 +- drivers/net/ethernet/broadcom/bnx2x/bnx2x.h | 1 + drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 6 + drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 6 + drivers/net/ethernet/broadcom/bnxt/bnxt.c | 15 ++- drivers/net/ethernet/broadcom/bnxt/bnxt.h | 1 - drivers/net/ethernet/broadcom/bnxt/bnxt_tc.c | 30 ++++- drivers/net/ethernet/broadcom/bnxt/bnxt_ulp.c | 2 - drivers/net/ethernet/cadence/macb_main.c | 11 +- drivers/net/ethernet/cavium/Kconfig | 12 +- drivers/net/ethernet/cavium/octeon/octeon_mgmt.c | 14 ++- drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 2 +- drivers/net/ethernet/chelsio/cxgb4/t4_hw.c | 35 +++--- drivers/net/ethernet/cisco/enic/enic_clsf.c | 3 +- drivers/net/ethernet/cisco/enic/enic_main.c | 3 +- drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 15 +-- drivers/net/ethernet/freescale/fman/fman_port.c | 8 ++ drivers/net/ethernet/ibm/ibmvnic.c | 43 +++++--- drivers/net/ethernet/intel/ixgbe/ixgbe_common.c | 12 +- drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 12 +- drivers/net/ethernet/mellanox/mlx5/core/vport.c | 2 - drivers/net/ethernet/netronome/nfp/bpf/main.c | 6 +- .../net/ethernet/netronome/nfp/nfpcore/nfp_nffw.c | 2 +- drivers/net/ethernet/qlogic/qed/qed_dcbx.c | 11 +- drivers/net/ethernet/qlogic/qed/qed_debug.c | 2 +- drivers/net/ethernet/qlogic/qed/qed_ll2.c | 11 +- drivers/net/ethernet/qlogic/qed/qed_main.c | 12 +- drivers/net/ethernet/qlogic/qlcnic/qlcnic_sysfs.c | 2 + drivers/net/ethernet/qualcomm/qca_spi.c | 21 ++-- drivers/net/ethernet/realtek/r8169.c | 1 + drivers/net/ethernet/renesas/ravb_main.c | 56 +++------- drivers/net/ethernet/renesas/sh_eth.c | 59 +++------- drivers/net/ethernet/sfc/ef10.c | 30 +++-- drivers/net/ethernet/sfc/efx.c | 17 ++- drivers/net/ethernet/stmicro/stmmac/Kconfig | 2 +- .../net/ethernet/stmicro/stmmac/dwmac-socfpga.c | 18 ++- drivers/net/ethernet/ti/davinci_emac.c | 4 + drivers/net/hamradio/bpqether.c | 8 +- drivers/net/hyperv/rndis_filter.c | 1 + drivers/net/ieee802154/adf7242.c | 34 +++++- drivers/net/ieee802154/at86rf230.c | 15 +-- drivers/net/ieee802154/fakelb.c | 2 +- drivers/net/ieee802154/mcr20a.c | 3 +- drivers/net/ipvlan/ipvlan_main.c | 36 ++++-- drivers/net/phy/marvell.c | 54 ++++++--- drivers/net/phy/sfp-bus.c | 35 ++++-- drivers/net/usb/rtl8150.c | 2 +- drivers/net/usb/smsc75xx.c | 62 +++++++++++ drivers/net/wireless/ath/ath10k/mac.c | 16 ++- drivers/net/wireless/ath/ath10k/wmi.h | 1 + .../wireless/broadcom/brcm80211/brcmfmac/sdio.c | 7 ++ drivers/nfc/pn533/usb.c | 4 +- drivers/nvme/host/core.c | 52 ++++----- drivers/nvme/host/pci.c | 2 +- drivers/nvme/host/rdma.c | 28 +++-- drivers/nvme/target/core.c | 8 ++ drivers/nvmem/core.c | 4 + drivers/of/base.c | 6 +- drivers/of/of_private.h | 2 + drivers/of/overlay.c | 11 ++ drivers/pci/dwc/pcie-designware-host.c | 3 +- drivers/pci/host/pci-aardvark.c | 2 +- drivers/pci/host/pci-ftpci100.c | 4 +- drivers/pci/host/pci-v3-semi.c | 2 +- drivers/pci/host/pci-versatile.c | 2 +- drivers/pci/host/pci-xgene.c | 2 +- drivers/pci/host/pcie-mediatek.c | 2 +- drivers/pci/host/pcie-xilinx-nwl.c | 2 +- drivers/pci/host/pcie-xilinx.c | 1 + drivers/pci/hotplug/pci_hotplug_core.c | 9 ++ drivers/pci/hotplug/pciehp.h | 1 + drivers/pci/hotplug/pciehp_core.c | 7 ++ drivers/pci/hotplug/pciehp_hpc.c | 18 +-- drivers/pci/of.c | 2 +- drivers/pci/pci-acpi.c | 6 +- drivers/pci/pci.c | 66 +++++++++++ drivers/pci/probe.c | 4 + drivers/perf/xgene_pmu.c | 2 +- drivers/pinctrl/bcm/pinctrl-nsp-mux.c | 6 +- drivers/pinctrl/pinctrl-ingenic.c | 2 +- drivers/platform/x86/dell-laptop.c | 2 +- drivers/rtc/interface.c | 8 +- drivers/s390/cio/vfio_ccw_drv.c | 5 +- drivers/s390/net/qeth_core.h | 2 +- drivers/s390/net/qeth_core_main.c | 23 ++-- drivers/s390/net/qeth_l2_main.c | 5 +- drivers/s390/net/qeth_l3_main.c | 3 +- drivers/scsi/hpsa.c | 25 ++++- drivers/scsi/hpsa.h | 1 + drivers/scsi/qedf/qedf_main.c | 12 ++ drivers/scsi/qedi/qedi_main.c | 11 ++ drivers/scsi/xen-scsifront.c | 33 ++++-- drivers/soc/imx/gpc.c | 21 ++++ drivers/soc/imx/gpcv2.c | 13 ++- drivers/tty/pty.c | 2 +- drivers/usb/chipidea/host.c | 5 +- drivers/usb/dwc2/core.h | 3 + drivers/usb/dwc2/gadget.c | 15 ++- drivers/usb/dwc2/hcd.c | 93 +++++++++++++++- drivers/usb/dwc2/hcd.h | 8 ++ drivers/usb/dwc2/hcd_intr.c | 11 +- drivers/usb/dwc2/hcd_queue.c | 3 + drivers/usb/dwc3/dwc3-of-simple.c | 3 +- drivers/usb/dwc3/dwc3-pci.c | 2 + drivers/usb/gadget/composite.c | 3 + drivers/usb/gadget/function/f_fs.c | 26 +++-- drivers/usb/host/xhci-dbgcap.c | 12 +- drivers/usb/host/xhci-tegra.c | 2 +- drivers/usb/host/xhci.c | 7 +- drivers/usb/typec/tcpm.c | 3 +- drivers/xen/manage.c | 18 ++- drivers/xen/xen-scsiback.c | 16 ++- fs/btrfs/scrub.c | 17 +-- fs/ceph/inode.c | 1 + fs/cifs/smb2pdu.c | 5 +- fs/exec.c | 6 +- fs/ext4/mballoc.c | 4 +- fs/nfs/nfs4proc.c | 17 +-- fs/reiserfs/xattr.c | 4 +- include/linux/fsl/guts.h | 1 + include/linux/kthread.h | 1 - include/linux/marvell_phy.h | 2 + include/linux/mm.h | 4 +- include/linux/pci.h | 2 + include/linux/sched.h | 2 +- include/net/ipv6.h | 9 +- include/net/net_namespace.h | 1 + include/net/netns/ipv6.h | 1 - include/net/tc_act/tc_csum.h | 1 - include/net/tc_act/tc_tunnel_key.h | 1 - include/net/tcp.h | 2 - include/uapi/linux/nbd.h | 3 + kernel/bpf/hashtab.c | 16 ++- kernel/fork.c | 35 +++++- kernel/kthread.c | 30 ++++- kernel/locking/lockdep.c | 12 +- kernel/sched/core.c | 67 ++++++------ kernel/sched/deadline.c | 11 +- kernel/sched/fair.c | 30 ++--- kernel/sched/sched.h | 6 +- kernel/trace/trace.c | 5 + mm/kasan/kasan.c | 5 +- mm/mmap.c | 35 ++---- mm/nommu.c | 10 +- mm/page_alloc.c | 16 ++- net/9p/client.c | 3 +- net/batman-adv/bat_iv_ogm.c | 4 +- net/batman-adv/bat_v.c | 4 +- net/batman-adv/debugfs.c | 40 +++++++ net/batman-adv/debugfs.h | 11 ++ net/batman-adv/hard-interface.c | 37 ++++++- net/batman-adv/translation-table.c | 7 +- net/core/dev.c | 4 +- net/core/filter.c | 3 +- net/ieee802154/6lowpan/core.c | 6 + net/ipv4/inet_fragment.c | 2 +- net/ipv4/netfilter/ip_tables.c | 1 + net/ipv4/tcp.c | 4 +- net/ipv4/tcp_dctcp.c | 25 ----- net/ipv4/tcp_output.c | 4 - net/ipv6/calipso.c | 9 +- net/ipv6/exthdrs.c | 111 +++++-------------- net/ipv6/ipv6_sockglue.c | 27 +++-- net/ipv6/mcast.c | 9 +- net/ipv6/netfilter/ip6_tables.c | 1 + net/ipv6/netfilter/nf_conntrack_reasm.c | 6 +- net/mac80211/tx.c | 2 + net/netfilter/nf_conntrack_core.c | 2 +- net/netfilter/nf_conntrack_helper.c | 5 + net/netfilter/nf_conntrack_proto_dccp.c | 8 +- net/netfilter/nf_log.c | 4 + net/netfilter/nft_compat.c | 13 +++ net/packet/af_packet.c | 12 +- net/qrtr/qrtr.c | 13 ++- net/rds/connection.c | 11 +- net/rds/loop.c | 56 ++++++++++ net/rds/loop.h | 2 + net/sched/act_csum.c | 6 +- net/sched/act_tunnel_key.c | 6 +- net/sctp/chunk.c | 4 +- net/smc/af_smc.c | 3 +- net/smc/smc_clc.c | 3 +- net/tipc/discover.c | 18 +-- net/tipc/net.c | 17 ++- net/tipc/node.c | 7 +- net/tls/tls_sw.c | 5 + net/wireless/nl80211.c | 35 +++--- net/xfrm/xfrm_user.c | 8 +- samples/bpf/parse_varlen.c | 6 +- samples/bpf/test_overhead_user.c | 19 +++- samples/bpf/trace_event_user.c | 27 ++++- samples/bpf/xdp2skb_meta.sh | 6 +- scripts/kconfig/zconf.y | 4 +- security/smack/smack_lsm.c | 1 + sound/core/seq/seq_clientmgr.c | 3 +- tools/build/Build.include | 2 +- tools/build/Makefile | 2 +- tools/objtool/elf.c | 41 ++++--- tools/perf/Makefile.config | 3 +- tools/perf/arch/powerpc/util/skip-callchain-idx.c | 2 +- tools/perf/arch/x86/util/perf_regs.c | 2 +- tools/perf/bench/numa.c | 5 +- tools/perf/builtin-annotate.c | 11 +- tools/perf/builtin-report.c | 3 +- tools/perf/builtin-script.c | 25 ++++- tools/perf/jvmti/jvmti_agent.c | 3 +- tools/perf/pmu-events/Build | 2 +- tools/perf/tests/builtin-test.c | 2 +- tools/perf/tests/parse-events.c | 8 +- tools/perf/tests/topology.c | 1 + tools/perf/util/c++/clang.cpp | 11 +- tools/perf/util/header.c | 12 +- tools/perf/util/llvm-utils.c | 6 +- tools/perf/util/parse-events.y | 5 + .../util/scripting-engines/trace-event-python.c | 8 +- tools/testing/nvdimm/test/nfit.c | 3 +- tools/testing/selftests/bpf/test_kmod.sh | 9 ++ tools/testing/selftests/bpf/test_offload.py | 12 +- tools/testing/selftests/net/config | 2 + .../selftests/pstore/pstore_post_reboot_tests | 5 +- .../selftests/static_keys/test_static_keys.sh | 13 +++ tools/testing/selftests/sync/config | 4 + tools/testing/selftests/sysctl/sysctl.sh | 20 ++-- tools/testing/selftests/user/test_user_copy.sh | 7 ++ tools/testing/selftests/vm/compaction_test.c | 4 +- tools/testing/selftests/vm/mlock2-tests.c | 12 +- tools/testing/selftests/vm/run_vmtests | 5 +- tools/testing/selftests/vm/userfaultfd.c | 4 +- tools/testing/selftests/x86/sigreturn.c | 59 ++++++---- tools/testing/selftests/zram/zram.sh | 5 +- tools/testing/selftests/zram/zram_lib.sh | 5 +- virt/kvm/arm/vgic/vgic-v3.c | 5 - 347 files changed, 2652 insertions(+), 1285 deletions(-)

7 years, 2 months

4
307
0 0

[PATCH] scsi: hpsa: limit transfer length to 1MB, not 512kB

by Martin Wilck

e2c7b43 was supposed to limit transfer length to 1MB, but got the unit of max_sectors wrong. Fixes: e2c7b433f729 ("scsi: hpsa: limit transfer length to 1MB") Signed-off-by: Martin Wilck <mwilck(a)suse.com> --- drivers/scsi/hpsa.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c index 58bb70b..c120929 100644 --- a/drivers/scsi/hpsa.c +++ b/drivers/scsi/hpsa.c @@ -976,7 +976,7 @@ static struct scsi_host_template hpsa_driver_template = { #endif .sdev_attrs = hpsa_sdev_attrs, .shost_attrs = hpsa_shost_attrs, - .max_sectors = 1024, + .max_sectors = 2048, .no_write_same = 1, }; -- 2.18.0

7 years, 2 months

3
2
0 0

[PATCH] lpfc: Correct MDS diag and nvmet configuration

by James Smart

A recent change added some MDS processing in the lpfc_drain_txq routine that relies on the fcp_wq being allocated. For nvmet operation the fcp_wq is not allocated because it can only be an nvme-target. When the original MDS support was added LS_MDS_LOOPBACK was defined wrong, (0x16) it should have been 0x10 (decimal value used for hex setting). This incorrect value allowed MDS_LOOPBACK to be set simultaneously with LS_NPIV_FAB_SUPPORTED, causing the driver to crash when it accesses the non-existent fcp_wq. Correct the bad value setting for LS_MDS_LOOPBACK. Fixes: ae9e28f36a6c ("lpfc: Add MDS Diagnostic support.") Cc: <stable(a)vger.kernel.org> # 4.12 Signed-off-by: Dick Kennedy <dick.kennedy(a)broadcom.com> Signed-off-by: James Smart <james.smart(a)broadcom.com> --- drivers/scsi/lpfc/lpfc.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/scsi/lpfc/lpfc.h b/drivers/scsi/lpfc/lpfc.h index e0d0da5f43d6..43732e8d1347 100644 --- a/drivers/scsi/lpfc/lpfc.h +++ b/drivers/scsi/lpfc/lpfc.h @@ -672,7 +672,7 @@ struct lpfc_hba { #define LS_NPIV_FAB_SUPPORTED 0x2 /* Fabric supports NPIV */ #define LS_IGNORE_ERATT 0x4 /* intr handler should ignore ERATT */ #define LS_MDS_LINK_DOWN 0x8 /* MDS Diagnostics Link Down */ -#define LS_MDS_LOOPBACK 0x16 /* MDS Diagnostics Link Up (Loopback) */ +#define LS_MDS_LOOPBACK 0x10 /* MDS Diagnostics Link Up (Loopback) */ uint32_t hba_flag; /* hba generic flags */ #define HBA_ERATT_HANDLED 0x1 /* This flag is set when eratt handled */ -- 2.13.1

7 years, 2 months

3
2
0 0

+ mm-respect-arch_dup_mmap-return-value.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm: respect arch_dup_mmap() return value has been added to the -mm tree. Its filename is mm-respect-arch_dup_mmap-return-value.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/mm-respect-arch_dup_mmap-return-va… and later at http://ozlabs.org/~akpm/mmotm/broken-out/mm-respect-arch_dup_mmap-return-va… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Nadav Amit <namit(a)vmware.com> Subject: mm: respect arch_dup_mmap() return value d70f2a14b72a4 ("include/linux/sched/mm.h: uninline mmdrop_async(), etc") ignored the return value of arch_dup_mmap(). As a result, on x86, a failure to duplicate the LDT (e.g., due to memory allocation error), would leave the duplicated memory mapping in an inconsistent state. Fix by regarding the return value, as it was before the change. Link: http://lkml.kernel.org/r/20180823051229.211856-1-namit@vmware.com Fixes: d70f2a14b72a4 ("include/linux/sched/mm.h: uninline mmdrop_async(), etc") Signed-off-by: Nadav Amit <namit(a)vmware.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- kernel/fork.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) --- a/kernel/fork.c~mm-respect-arch_dup_mmap-return-value +++ a/kernel/fork.c @@ -550,8 +550,7 @@ static __latent_entropy int dup_mmap(str goto out; } /* a new mm has just been created */ - arch_dup_mmap(oldmm, mm); - retval = 0; + retval = arch_dup_mmap(oldmm, mm); out: up_write(&mm->mmap_sem); flush_tlb_mm(oldmm); _ Patches currently in -mm which might be from namit(a)vmware.com are mm-respect-arch_dup_mmap-return-value.patch

7 years, 2 months

1
0
0 0

+ mm-migration-fix-migration-of-huge-pmd-shared-pages.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm: migration: fix migration of huge PMD shared pages has been added to the -mm tree. Its filename is mm-migration-fix-migration-of-huge-pmd-shared-pages.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/mm-migration-fix-migration-of-huge… and later at http://ozlabs.org/~akpm/mmotm/broken-out/mm-migration-fix-migration-of-huge… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Mike Kravetz <mike.kravetz(a)oracle.com> Subject: mm: migration: fix migration of huge PMD shared pages The page migration code employs try_to_unmap() to try and unmap the source page. This is accomplished by using rmap_walk to find all vmas where the page is mapped. This search stops when page mapcount is zero. For shared PMD huge pages, the page map count is always 1 no matter the number of mappings. Shared mappings are tracked via the reference count of the PMD page. Therefore, try_to_unmap stops prematurely and does not completely unmap all mappings of the source page. This problem can result is data corruption as writes to the original source page can happen after contents of the page are copied to the target page. Hence, data is lost. This problem was originally seen as DB corruption of shared global areas after a huge page was soft offlined due to ECC memory errors. DB developers noticed they could reproduce the issue by (hotplug) offlining memory used to back huge pages. A simple testcase can reproduce the problem by creating a shared PMD mapping (note that this must be at least PUD_SIZE in size and PUD_SIZE aligned (1GB on x86)), and using migrate_pages() to migrate process pages between nodes while continually writing to the huge pages being migrated. To fix, have the try_to_unmap_one routine check for huge PMD sharing by calling huge_pmd_unshare for hugetlbfs huge pages. If it is a shared mapping it will be 'unshared' which removes the page table entry and drops the reference on the PMD page. After this, flush caches and TLB. mmu notifiers are called before locking page tables, but we can not be sure of PMD sharing until page tables are locked. Therefore, check for the possibility of PMD sharing before locking so that notifiers can prepare for the worst possible case. Link: http://lkml.kernel.org/r/20180823205917.16297-2-mike.kravetz@oracle.com Fixes: 39dde65c9940 ("shared page table for hugetlb page") Signed-off-by: Mike Kravetz <mike.kravetz(a)oracle.com> Cc: "Kirill A . Shutemov" <kirill.shutemov(a)linux.intel.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> Cc: Davidlohr Bueso <dave(a)stgolabs.net> Cc: Michal Hocko <mhocko(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/hugetlb.h | 14 ++++++++++++ mm/hugetlb.c | 40 ++++++++++++++++++++++++++++++++++-- mm/rmap.c | 42 +++++++++++++++++++++++++++++++++++--- 3 files changed, 91 insertions(+), 5 deletions(-) --- a/include/linux/hugetlb.h~mm-migration-fix-migration-of-huge-pmd-shared-pages +++ a/include/linux/hugetlb.h @@ -140,6 +140,8 @@ pte_t *huge_pte_alloc(struct mm_struct * pte_t *huge_pte_offset(struct mm_struct *mm, unsigned long addr, unsigned long sz); int huge_pmd_unshare(struct mm_struct *mm, unsigned long *addr, pte_t *ptep); +void adjust_range_if_pmd_sharing_possible(struct vm_area_struct *vma, + unsigned long *start, unsigned long *end); struct page *follow_huge_addr(struct mm_struct *mm, unsigned long address, int write); struct page *follow_huge_pd(struct vm_area_struct *vma, @@ -170,6 +172,18 @@ static inline unsigned long hugetlb_tota return 0; } +static inline int huge_pmd_unshare(struct mm_struct *mm, unsigned long *addr, + pte_t *ptep) +{ + return 0; +} + +static inline void adjust_range_if_pmd_sharing_possible( + struct vm_area_struct *vma, + unsigned long *start, unsigned long *end) +{ +} + #define follow_hugetlb_page(m,v,p,vs,a,b,i,w,n) ({ BUG(); 0; }) #define follow_huge_addr(mm, addr, write) ERR_PTR(-EINVAL) #define copy_hugetlb_page_range(src, dst, vma) ({ BUG(); 0; }) --- a/mm/hugetlb.c~mm-migration-fix-migration-of-huge-pmd-shared-pages +++ a/mm/hugetlb.c @@ -4541,6 +4541,9 @@ static unsigned long page_table_shareabl return saddr; } +#define _range_in_vma(vma, start, end) \ + ((vma)->vm_start <= (start) && (end) <= (vma)->vm_end) + static bool vma_shareable(struct vm_area_struct *vma, unsigned long addr) { unsigned long base = addr & PUD_MASK; @@ -4549,13 +4552,41 @@ static bool vma_shareable(struct vm_area /* * check on proper vm_flags and page table alignment */ - if (vma->vm_flags & VM_MAYSHARE && - vma->vm_start <= base && end <= vma->vm_end) + if (vma->vm_flags & VM_MAYSHARE && _range_in_vma(vma, base, end)) return true; return false; } /* + * Determine if start,end range within vma could be mapped by shared pmd. + * If yes, adjust start and end to cover range associated with possible + * shared pmd mappings. + */ +void adjust_range_if_pmd_sharing_possible(struct vm_area_struct *vma, + unsigned long *start, unsigned long *end) +{ + unsigned long check_addr = *start; + + if (!(vma->vm_flags & VM_MAYSHARE)) + return; + + for (check_addr = *start; check_addr < *end; check_addr += PUD_SIZE) { + unsigned long a_start = check_addr & PUD_MASK; + unsigned long a_end = a_start + PUD_SIZE; + + /* + * If sharing is possible, adjust start/end if necessary. + */ + if (_range_in_vma(vma, a_start, a_end)) { + if (a_start < *start) + *start = a_start; + if (a_end > *end) + *end = a_end; + } + } +} + +/* * Search for a shareable pmd page for hugetlb. In any case calls pmd_alloc() * and returns the corresponding pte. While this is not necessary for the * !shared pmd case because we can allocate the pmd later as well, it makes the @@ -4652,6 +4683,11 @@ int huge_pmd_unshare(struct mm_struct *m { return 0; } + +void adjust_range_if_pmd_sharing_possible(struct vm_area_struct *vma, + unsigned long *start, unsigned long *end) +{ +} #define want_pmd_share() (0) #endif /* CONFIG_ARCH_WANT_HUGE_PMD_SHARE */ --- a/mm/rmap.c~mm-migration-fix-migration-of-huge-pmd-shared-pages +++ a/mm/rmap.c @@ -1362,11 +1362,21 @@ static bool try_to_unmap_one(struct page } /* - * We have to assume the worse case ie pmd for invalidation. Note that - * the page can not be free in this function as call of try_to_unmap() - * must hold a reference on the page. + * For THP, we have to assume the worse case ie pmd for invalidation. + * For hugetlb, it could be much worse if we need to do pud + * invalidation in the case of pmd sharing. + * + * Note that the page can not be free in this function as call of + * try_to_unmap() must hold a reference on the page. */ end = min(vma->vm_end, start + (PAGE_SIZE << compound_order(page))); + if (PageHuge(page)) { + /* + * If sharing is possible, start and end will be adjusted + * accordingly. + */ + adjust_range_if_pmd_sharing_possible(vma, &start, &end); + } mmu_notifier_invalidate_range_start(vma->vm_mm, start, end); while (page_vma_mapped_walk(&pvmw)) { @@ -1409,6 +1419,32 @@ static bool try_to_unmap_one(struct page subpage = page - page_to_pfn(page) + pte_pfn(*pvmw.pte); address = pvmw.address; + if (PageHuge(page)) { + if (huge_pmd_unshare(mm, &address, pvmw.pte)) { + /* + * huge_pmd_unshare unmapped an entire PMD + * page. There is no way of knowing exactly + * which PMDs may be cached for this mm, so + * we must flush them all. start/end were + * already adjusted above to cover this range. + */ + flush_cache_range(vma, start, end); + flush_tlb_range(vma, start, end); + mmu_notifier_invalidate_range(mm, start, end); + + /* + * The ref count of the PMD page was dropped + * which is part of the way map counting + * is done for shared PMDs. Return 'true' + * here. When there is no other sharing, + * huge_pmd_unshare returns false and we will + * unmap the actual page and drop map count + * to zero. + */ + page_vma_mapped_walk_done(&pvmw); + break; + } + } if (IS_ENABLED(CONFIG_MIGRATION) && (flags & TTU_MIGRATION) && _ Patches currently in -mm which might be from mike.kravetz(a)oracle.com are mm-migration-fix-migration-of-huge-pmd-shared-pages.patch hugetlb-take-pmd-sharing-into-account-when-flushing-tlb-caches.patch

7 years, 2 months

1
0
0 0

[PATCH] drm/i915: Free write_buf that we allocated with kzalloc.

by Rodrigo Vivi

We use kzalloc to allocate the write_buf that we use for i2c transfer on hdcp write. But it seems that we are forgetting to free the memory that is not needed after i2c transfer is completed. Reported-by: Brian J Wood <brian.j.wood(a)intel.com> Fixes: 2320175feb74 ("drm/i915: Implement HDCP for HDMI") Cc: Ramalingam C <ramalingam.c(a)intel.com> Cc: Sean Paul <seanpaul(a)chromium.org> Cc: Jani Nikula <jani.nikula(a)linux.intel.com> Cc: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Cc: <stable(a)vger.kernel.org> # v4.17+ Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> --- drivers/gpu/drm/i915/intel_hdmi.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_hdmi.c b/drivers/gpu/drm/i915/intel_hdmi.c index 8363fbd18ee8..a1799b5c12bb 100644 --- a/drivers/gpu/drm/i915/intel_hdmi.c +++ b/drivers/gpu/drm/i915/intel_hdmi.c @@ -943,8 +943,12 @@ static int intel_hdmi_hdcp_write(struct intel_digital_port *intel_dig_port, ret = i2c_transfer(adapter, &msg, 1); if (ret == 1) - return 0; - return ret >= 0 ? -EIO : ret; + ret = 0; + else if (ret >= 0) + ret = -EIO; + + kfree(write_buf); + return ret; } static -- 2.17.1

7 years, 2 months

2
2
0 0

[merged] reiserfs-fix-broken-xattr-handling-heap-corruption-bad-retval.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: reiserfs: fix broken xattr handling (heap corruption, bad retval) has been removed from the -mm tree. Its filename was reiserfs-fix-broken-xattr-handling-heap-corruption-bad-retval.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Jann Horn <jannh(a)google.com> Subject: reiserfs: fix broken xattr handling (heap corruption, bad retval) This fixes the following issues: - When a buffer size is supplied to reiserfs_listxattr() such that each individual name fits, but the concatenation of all names doesn't fit, reiserfs_listxattr() overflows the supplied buffer. This leads to a kernel heap overflow (verified using KASAN) followed by an out-of-bounds usercopy and is therefore a security bug. - When a buffer size is supplied to reiserfs_listxattr() such that a name doesn't fit, -ERANGE should be returned. But reiserfs instead just truncates the list of names; I have verified that if the only xattr on a file has a longer name than the supplied buffer length, listxattr() incorrectly returns zero. With my patch applied, -ERANGE is returned in both cases and the memory corruption doesn't happen anymore. Credit for making me clean this code up a bit goes to Al Viro, who pointed out that the ->actor calling convention is suboptimal and should be changed. Link: http://lkml.kernel.org/r/20180802151539.5373-1-jannh@google.com Fixes: 48b32a3553a5 ("reiserfs: use generic xattr handlers") Signed-off-by: Jann Horn <jannh(a)google.com> Acked-by: Jeff Mahoney <jeffm(a)suse.com> Cc: Eric Biggers <ebiggers(a)google.com> Cc: Al Viro <viro(a)zeniv.linux.org.uk> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/reiserfs/xattr.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/fs/reiserfs/xattr.c~reiserfs-fix-broken-xattr-handling-heap-corruption-bad-retval +++ a/fs/reiserfs/xattr.c @@ -792,8 +792,10 @@ static int listxattr_filler(struct dir_c return 0; size = namelen + 1; if (b->buf) { - if (size > b->size) + if (b->pos + size > b->size) { + b->pos = -ERANGE; return -ERANGE; + } memcpy(b->buf + b->pos, name, namelen); b->buf[b->pos + namelen] = 0; } _ Patches currently in -mm which might be from jannh(a)google.com are

7 years, 2 months

1
0
0 0

[merged] zram-fix-bug-storing-backing_dev.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: drivers/block/zram/zram_drv.c: fix bug storing backing_dev has been removed from the -mm tree. Its filename was zram-fix-bug-storing-backing_dev.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Peter Kalauskas <peskal(a)google.com> Subject: drivers/block/zram/zram_drv.c: fix bug storing backing_dev The call to strlcpy in backing_dev_store is incorrect. It should take the size of the destination buffer instead of the size of the source buffer. Additionally, ignore the newline character (\n) when reading the new file_name buffer. This makes it possible to set the backing_dev as follows: echo /dev/sdX > /sys/block/zram0/backing_dev The reason it worked before was the fact that strlcpy() copies 'len - 1' bytes, which is strlen(buf) - 1 in our case, so it accidentally didn't copy the trailing new line symbol. Which also means that "echo -n /dev/sdX" most likely was broken. Signed-off-by: Peter Kalauskas <peskal(a)google.com> Link: http://lkml.kernel.org/r/20180813061623.GC64836@rodete-desktop-imager.corp.… Acked-by: Minchan Kim <minchan(a)kernel.org> Reviewed-by: Sergey Senozhatsky <sergey.senozhatsky(a)gmail.com> Cc: <stable(a)vger.kernel.org> [4.14+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- drivers/block/zram/zram_drv.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) --- a/drivers/block/zram/zram_drv.c~zram-fix-bug-storing-backing_dev +++ a/drivers/block/zram/zram_drv.c @@ -337,6 +337,7 @@ static ssize_t backing_dev_store(struct struct device_attribute *attr, const char *buf, size_t len) { char *file_name; + size_t sz; struct file *backing_dev = NULL; struct inode *inode; struct address_space *mapping; @@ -357,7 +358,11 @@ static ssize_t backing_dev_store(struct goto out; } - strlcpy(file_name, buf, len); + strlcpy(file_name, buf, PATH_MAX); + /* ignore trailing newline */ + sz = strlen(file_name); + if (sz > 0 && file_name[sz - 1] == '\n') + file_name[sz - 1] = 0x00; backing_dev = filp_open(file_name, O_RDWR|O_LARGEFILE, 0); if (IS_ERR(backing_dev)) { _ Patches currently in -mm which might be from peskal(a)google.com are

7 years, 2 months

1
0
0 0

[PATCH 4.9.y] PCI: OF: Fix I/O space page leak

by Sergei Shtylyov

Commit a5fb9fb023a1435f2b42bccd7f547560f3a21dc3 upstream. When testing the R-Car PCIe driver on the Condor board, if the PCIe PHY driver was left disabled, the kernel crashed with this BUG: kernel BUG at lib/ioremap.c:72! Internal error: Oops - BUG: 0 [#1] PREEMPT SMP Modules linked in: CPU: 0 PID: 39 Comm: kworker/0:1 Not tainted 4.17.0-dirty #1092 Hardware name: Renesas Condor board based on r8a77980 (DT) Workqueue: events deferred_probe_work_func pstate: 80000005 (Nzcv daif -PAN -UAO) pc : ioremap_page_range+0x370/0x3c8 lr : ioremap_page_range+0x40/0x3c8 sp : ffff000008da39e0 x29: ffff000008da39e0 x28: 00e8000000000f07 x27: ffff7dfffee00000 x26: 0140000000000000 x25: ffff7dfffef00000 x24: 00000000000fe100 x23: ffff80007b906000 x22: ffff000008ab8000 x21: ffff000008bb1d58 x20: ffff7dfffef00000 x19: ffff800009c30fb8 x18: 0000000000000001 x17: 00000000000152d0 x16: 00000000014012d0 x15: 0000000000000000 x14: 0720072007200720 x13: 0720072007200720 x12: 0720072007200720 x11: 0720072007300730 x10: 00000000000000ae x9 : 0000000000000000 x8 : ffff7dffff000000 x7 : 0000000000000000 x6 : 0000000000000100 x5 : 0000000000000000 x4 : 000000007b906000 x3 : ffff80007c61a880 x2 : ffff7dfffeefffff x1 : 0000000040000000 x0 : 00e80000fe100f07 Process kworker/0:1 (pid: 39, stack limit = 0x (ptrval)) Call trace: ioremap_page_range+0x370/0x3c8 pci_remap_iospace+0x7c/0xac pci_parse_request_of_pci_ranges+0x13c/0x190 rcar_pcie_probe+0x4c/0xb04 platform_drv_probe+0x50/0xbc driver_probe_device+0x21c/0x308 __device_attach_driver+0x98/0xc8 bus_for_each_drv+0x54/0x94 __device_attach+0xc4/0x12c device_initial_probe+0x10/0x18 bus_probe_device+0x90/0x98 deferred_probe_work_func+0xb0/0x150 process_one_work+0x12c/0x29c worker_thread+0x200/0x3fc kthread+0x108/0x134 ret_from_fork+0x10/0x18 Code: f9004ba2 54000080 aa0003fb 17ffff48 (d4210000) It turned out that pci_remap_iospace() wasn't undone when the driver's probe failed, and since devm_phy_optional_get() returned -EPROBE_DEFER, the probe was retried, finally causing the BUG due to trying to remap already remapped pages. Introduce the devm_pci_remap_iospace() managed API and replace the pci_remap_iospace() call with it to fix the bug. Fixes: dbf9826d5797 ("PCI: generic: Convert to DT resource parsing API") Signed-off-by: Sergei Shtylyov <sergei.shtylyov(a)cogentembedded.com> [lorenzo.pieralisi(a)arm.com: split commit/updated the commit log] Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi(a)arm.com> Signed-off-by: Bjorn Helgaas <bhelgaas(a)google.com> Reviewed-by: Linus Walleij <linus.walleij(a)linaro.org> --- drivers/pci/host/pci-host-common.c | 2 - drivers/pci/host/pcie-rcar.c | 2 - drivers/pci/pci.c | 38 +++++++++++++++++++++++++++++++++++++ include/linux/pci.h | 2 + 4 files changed, 42 insertions(+), 2 deletions(-) Index: linux-stable/drivers/pci/host/pci-host-common.c =================================================================== --- linux-stable.orig/drivers/pci/host/pci-host-common.c +++ linux-stable/drivers/pci/host/pci-host-common.c @@ -45,7 +45,7 @@ static int gen_pci_parse_request_of_pci_ switch (resource_type(res)) { case IORESOURCE_IO: - err = pci_remap_iospace(res, iobase); + err = devm_pci_remap_iospace(dev, res, iobase); if (err) { dev_warn(dev, "error %d: failed to map resource %pR\n", err, res); Index: linux-stable/drivers/pci/host/pcie-rcar.c =================================================================== --- linux-stable.orig/drivers/pci/host/pcie-rcar.c +++ linux-stable/drivers/pci/host/pcie-rcar.c @@ -1102,7 +1102,7 @@ static int rcar_pcie_parse_request_of_pc struct resource *res = win->res; if (resource_type(res) == IORESOURCE_IO) { - err = pci_remap_iospace(res, iobase); + err = devm_pci_remap_iospace(dev, res, iobase); if (err) { dev_warn(dev, "error %d: failed to map resource %pR\n", err, res); Index: linux-stable/drivers/pci/pci.c =================================================================== --- linux-stable.orig/drivers/pci/pci.c +++ linux-stable/drivers/pci/pci.c @@ -3436,6 +3436,44 @@ char * __weak __init pcibios_setup(char return str; } +static void devm_pci_unmap_iospace(struct device *dev, void *ptr) +{ + struct resource **res = ptr; + + pci_unmap_iospace(*res); +} + +/** + * devm_pci_remap_iospace - Managed pci_remap_iospace() + * @dev: Generic device to remap IO address for + * @res: Resource describing the I/O space + * @phys_addr: physical address of range to be mapped + * + * Managed pci_remap_iospace(). Map is automatically unmapped on driver + * detach. + */ +int devm_pci_remap_iospace(struct device *dev, const struct resource *res, + phys_addr_t phys_addr) +{ + const struct resource **ptr; + int error; + + ptr = devres_alloc(devm_pci_unmap_iospace, sizeof(*ptr), GFP_KERNEL); + if (!ptr) + return -ENOMEM; + + error = pci_remap_iospace(res, phys_addr); + if (error) { + devres_free(ptr); + } else { + *ptr = res; + devres_add(dev, ptr); + } + + return error; +} +EXPORT_SYMBOL(devm_pci_remap_iospace); + /** * pcibios_set_master - enable PCI bus-mastering for device dev * @dev: the PCI device to enable Index: linux-stable/include/linux/pci.h =================================================================== --- linux-stable.orig/include/linux/pci.h +++ linux-stable/include/linux/pci.h @@ -1190,6 +1190,8 @@ int pci_register_io_range(phys_addr_t ad unsigned long pci_address_to_pio(phys_addr_t addr); phys_addr_t pci_pio_to_address(unsigned long pio); int pci_remap_iospace(const struct resource *res, phys_addr_t phys_addr); +int devm_pci_remap_iospace(struct device *dev, const struct resource *res, + phys_addr_t phys_addr); void pci_unmap_iospace(struct resource *res); static inline pci_bus_addr_t pci_bus_address(struct pci_dev *pdev, int bar)

7 years, 2 months

1
1
0 0

[PATCH v3 1/2] mm: migration: fix migration of huge PMD shared pages

by Mike Kravetz

The page migration code employs try_to_unmap() to try and unmap the source page. This is accomplished by using rmap_walk to find all vmas where the page is mapped. This search stops when page mapcount is zero. For shared PMD huge pages, the page map count is always 1 no matter the number of mappings. Shared mappings are tracked via the reference count of the PMD page. Therefore, try_to_unmap stops prematurely and does not completely unmap all mappings of the source page. This problem can result is data corruption as writes to the original source page can happen after contents of the page are copied to the target page. Hence, data is lost. This problem was originally seen as DB corruption of shared global areas after a huge page was soft offlined due to ECC memory errors. DB developers noticed they could reproduce the issue by (hotplug) offlining memory used to back huge pages. A simple testcase can reproduce the problem by creating a shared PMD mapping (note that this must be at least PUD_SIZE in size and PUD_SIZE aligned (1GB on x86)), and using migrate_pages() to migrate process pages between nodes while continually writing to the huge pages being migrated. To fix, have the try_to_unmap_one routine check for huge PMD sharing by calling huge_pmd_unshare for hugetlbfs huge pages. If it is a shared mapping it will be 'unshared' which removes the page table entry and drops the reference on the PMD page. After this, flush caches and TLB. mmu notifiers are called before locking page tables, but we can not be sure of PMD sharing until page tables are locked. Therefore, check for the possibility of PMD sharing before locking so that notifiers can prepare for the worst possible case. Fixes: 39dde65c9940 ("shared page table for hugetlb page") Cc: stable(a)vger.kernel.org Signed-off-by: Mike Kravetz <mike.kravetz(a)oracle.com> --- include/linux/hugetlb.h | 14 ++++++++++++++ mm/hugetlb.c | 40 +++++++++++++++++++++++++++++++++++++++ mm/rmap.c | 42 ++++++++++++++++++++++++++++++++++++++--- 3 files changed, 93 insertions(+), 3 deletions(-) diff --git a/include/linux/hugetlb.h b/include/linux/hugetlb.h index 36fa6a2a82e3..1c6cde68487f 100644 --- a/include/linux/hugetlb.h +++ b/include/linux/hugetlb.h @@ -140,6 +140,8 @@ pte_t *huge_pte_alloc(struct mm_struct *mm, pte_t *huge_pte_offset(struct mm_struct *mm, unsigned long addr, unsigned long sz); int huge_pmd_unshare(struct mm_struct *mm, unsigned long *addr, pte_t *ptep); +bool huge_pmd_sharing_possible(struct vm_area_struct *vma, + unsigned long *start, unsigned long *end); struct page *follow_huge_addr(struct mm_struct *mm, unsigned long address, int write); struct page *follow_huge_pd(struct vm_area_struct *vma, @@ -170,6 +172,18 @@ static inline unsigned long hugetlb_total_pages(void) return 0; } +static inline int huge_pmd_unshare(struct mm_struct *mm, unsigned long *addr, + pte_t *ptep) +{ + return 0; +} + +bool huge_pmd_sharing_possible(struct vm_area_struct *vma, + unsigned long *start, unsigned long *end) +{ + return false; +} + #define follow_hugetlb_page(m,v,p,vs,a,b,i,w,n) ({ BUG(); 0; }) #define follow_huge_addr(mm, addr, write) ERR_PTR(-EINVAL) #define copy_hugetlb_page_range(src, dst, vma) ({ BUG(); 0; }) diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 3103099f64fd..fd155dc52117 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -4555,6 +4555,9 @@ static bool vma_shareable(struct vm_area_struct *vma, unsigned long addr) /* * check on proper vm_flags and page table alignment + * + * Note that this is the same check used in huge_pmd_sharing_possible. + * If you change one, consider changing both. */ if (vma->vm_flags & VM_MAYSHARE && vma->vm_start <= base && end <= vma->vm_end) @@ -4562,6 +4565,43 @@ static bool vma_shareable(struct vm_area_struct *vma, unsigned long addr) return false; } +/* + * Determine if start,end range within vma could be mapped by shared pmd. + * If yes, adjust start and end to cover range associated with possible + * shared pmd mappings. + */ +bool huge_pmd_sharing_possible(struct vm_area_struct *vma, + unsigned long *start, unsigned long *end) +{ + unsigned long check_addr = *start; + bool ret = false; + + if (!(vma->vm_flags & VM_MAYSHARE)) + return ret; + + for (check_addr = *start; check_addr < *end; check_addr += PUD_SIZE) { + unsigned long a_start = check_addr & PUD_MASK; + unsigned long a_end = a_start + PUD_SIZE; + + /* + * If sharing is possible, adjust start/end if necessary. + * + * Note that this is the same check used in vma_shareable. If + * you change one, consider changing both. + */ + if (vma->vm_start <= a_start && a_end <= vma->vm_end) { + if (a_start < *start) + *start = a_start; + if (a_end > *end) + *end = a_end; + + ret = true; + } + } + + return ret; +} + /* * Search for a shareable pmd page for hugetlb. In any case calls pmd_alloc() * and returns the corresponding pte. While this is not necessary for the diff --git a/mm/rmap.c b/mm/rmap.c index eb477809a5c0..8cf853a4b093 100644 --- a/mm/rmap.c +++ b/mm/rmap.c @@ -1362,11 +1362,21 @@ static bool try_to_unmap_one(struct page *page, struct vm_area_struct *vma, } /* - * We have to assume the worse case ie pmd for invalidation. Note that - * the page can not be free in this function as call of try_to_unmap() - * must hold a reference on the page. + * For THP, we have to assume the worse case ie pmd for invalidation. + * For hugetlb, it could be much worse if we need to do pud + * invalidation in the case of pmd sharing. + * + * Note that the page can not be free in this function as call of + * try_to_unmap() must hold a reference on the page. */ end = min(vma->vm_end, start + (PAGE_SIZE << compound_order(page))); + if (PageHuge(page)) { + /* + * If sharing is possible, start and end will be adjusted + * accordingly. + */ + (void)huge_pmd_sharing_possible(vma, &start, &end); + } mmu_notifier_invalidate_range_start(vma->vm_mm, start, end); while (page_vma_mapped_walk(&pvmw)) { @@ -1409,6 +1419,32 @@ static bool try_to_unmap_one(struct page *page, struct vm_area_struct *vma, subpage = page - page_to_pfn(page) + pte_pfn(*pvmw.pte); address = pvmw.address; + if (PageHuge(page)) { + if (huge_pmd_unshare(mm, &address, pvmw.pte)) { + /* + * huge_pmd_unshare unmapped an entire PMD + * page. There is no way of knowing exactly + * which PMDs may be cached for this mm, so + * we must flush them all. start/end were + * already adjusted above to cover this range. + */ + flush_cache_range(vma, start, end); + flush_tlb_range(vma, start, end); + mmu_notifier_invalidate_range(mm, start, end); + + /* + * The ref count of the PMD page was dropped + * which is part of the way map counting + * is done for shared PMDs. Return 'true' + * here. When there is no other sharing, + * huge_pmd_unshare returns false and we will + * unmap the actual page and drop map count + * to zero. + */ + page_vma_mapped_walk_done(&pvmw); + break; + } + } if (IS_ENABLED(CONFIG_MIGRATION) && (flags & TTU_MIGRATION) && -- 2.17.1

7 years, 2 months

4
16
0 0

please revert commit ce8556cca6 "kbuild: verify that $DEPMOD is installed" introduced in v4.18.4.

by H. Nikolaus Schaller

This patch requires that /sbin/depmod is installed and installable on the build host. But not all build hosts for cross compiling Linux are Linux systems and are able to provide a working port of depmod, especially at the file patch /sbin/depmod. I use, for example, a Darwin system to cross compile Linux and I run depmod -a on the embedded system once, after installing a new Linux kernel there. I have no problem with seeing a warning, but aborting the build process is IMHO a bad idea since the previous behaviour didn't harm many people as far as I see. Probably 99% of people compiling Linux kernels do that on Linux and 99% of those have depmod installed for optimal operation of their build host. So IMHO printing the warning is good enough. BR and thanks, Nikolaus Schaller

7 years, 2 months

6
10
0 0

[PATCH 1/5] drm/nouveau: Check backlight IDs are >= 0, not > 0

by Lyude Paul

Remember, ida IDs start at 0, not 1! Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org Cc: Jeffery Miller <jmiller(a)neverware.com> Cc: Karol Herbst <kherbst(a)redhat.com> --- drivers/gpu/drm/nouveau/nouveau_backlight.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/nouveau/nouveau_backlight.c b/drivers/gpu/drm/nouveau/nouveau_backlight.c index 408b955e5c39..6dd72bc32897 100644 --- a/drivers/gpu/drm/nouveau/nouveau_backlight.c +++ b/drivers/gpu/drm/nouveau/nouveau_backlight.c @@ -116,7 +116,7 @@ nv40_backlight_init(struct drm_connector *connector) &nv40_bl_ops, &props); if (IS_ERR(bd)) { - if (bl_connector.id > 0) + if (bl_connector.id >= 0) ida_simple_remove(&bl_ida, bl_connector.id); return PTR_ERR(bd); } @@ -249,7 +249,7 @@ nv50_backlight_init(struct drm_connector *connector) nv_encoder, ops, &props); if (IS_ERR(bd)) { - if (bl_connector.id > 0) + if (bl_connector.id >= 0) ida_simple_remove(&bl_ida, bl_connector.id); return PTR_ERR(bd); } -- 2.17.1

7 years, 2 months

2
2
0 0

Re: [PATCH 4.17 015/324] smb3: increase initial number of credits requested to allow write

by Greg Kroah-Hartman

On Thu, Aug 23, 2018 at 09:38:31AM -0400, Scott French wrote: > Please remove the stfrench @ gmail address. I am not Steve Now removed, sorry for the noise. greg k-h

7 years, 2 months

1
0
0 0

[PATCH] powerpc/nohash: fix pte_access_permitted()

by Christophe Leroy

Commit 5769beaf180a8 ("powerpc/mm: Add proper pte access check helper for other platforms") replaced generic pte_access_permitted() by an arch specific one. The generic one is defined as (pte_present(pte) && (!(write) || pte_write(pte))) The arch specific one is open coded checking that _PAGE_USER and _PAGE_WRITE (_PAGE_RW) flags are set, but lacking to check that _PAGE_RO and _PAGE_PRIVILEGED are unset, leading to a useless test on targets like the 8xx which defines _PAGE_RW and _PAGE_USER as 0. Commit 5fa5b16be5b31 ("powerpc/mm/hugetlb: Use pte_access_permitted for hugetlb access check") replaced some tests performed with pte helpers by a call to pte_access_permitted(), leading to the same issue. This patch rewrites powerpc/nohash pte_access_permitted() using pte helpers. Fixes: 5769beaf180a8 ("powerpc/mm: Add proper pte access check helper for other platforms") Fixes: 5fa5b16be5b31 ("powerpc/mm/hugetlb: Use pte_access_permitted for hugetlb access check") Cc: stable(a)vger.kernel.org # v4.15+ Signed-off-by: Christophe Leroy <christophe.leroy(a)c-s.fr> --- arch/powerpc/include/asm/nohash/pgtable.h | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/arch/powerpc/include/asm/nohash/pgtable.h b/arch/powerpc/include/asm/nohash/pgtable.h index 2160be2e4339..b321c82b3624 100644 --- a/arch/powerpc/include/asm/nohash/pgtable.h +++ b/arch/powerpc/include/asm/nohash/pgtable.h @@ -51,17 +51,14 @@ static inline int pte_present(pte_t pte) #define pte_access_permitted pte_access_permitted static inline bool pte_access_permitted(pte_t pte, bool write) { - unsigned long pteval = pte_val(pte); /* * A read-only access is controlled by _PAGE_USER bit. * We have _PAGE_READ set for WRITE and EXECUTE */ - unsigned long need_pte_bits = _PAGE_PRESENT | _PAGE_USER; - - if (write) - need_pte_bits |= _PAGE_WRITE; + if (!pte_present(pte) || !pte_user(pte) || !pte_read(pte)) + return false; - if ((pteval & need_pte_bits) != need_pte_bits) + if (write && !pte_write(pte)) return false; return true; -- 2.13.3

7 years, 2 months

4
3
0 0

request for 4.4-stable: e7c0b5991dd1b ("ovl: warn instead of error if d_type is not supported")

by SZ Lin (林上智)

Hi Greg, This patch is not marked for 4.4-stable, but it's already in 4.9 and 4.14 stable. Please apply to 4.4-stable. This patch turned the status from error to warning if d_type is not supported, and thus operation won't be interrupted. -- SZ Lin (林上智)

7 years, 2 months

1
0
0 0

request for 4.4-stable: 21765194cecf2 ("ovl: Do d_type check only if work dir creation was successful")

by SZ Lin (林上智)

Hi Greg, This patch is not marked for 4.4-stable, but it's already in 4.9 and 4.14 stable. Please apply to 4.4-stable. This patch fixed check machanism for d_type to avoid returning d_type not supported even if underlying filesystem might be supporting it. -- SZ Lin (林上智)

7 years, 2 months

1
0
0 0

request for 4.4-stable: 45aebeaf4f674 ("ovl: Ensure upper filesystem supports d_type")

by SZ Lin (林上智)

Hi Greg, This patch is not marked for 4.4-stable, but it's already in 4.9 and 4.14 stable. Please apply to 4.4-stable. This patch added a check mechanism for d_type in upper layer of overlayfs to avoid whiteouts issue. -- SZ Lin (林上智)

7 years, 2 months

1
0
0 0

[PATCH] mm: respect arch_dup_mmap() return value

by Nadav Amit

Commit d70f2a14b72a4 ("include/linux/sched/mm.h: uninline mmdrop_async(), etc") ignored the return value of arch_dup_mmap(). As a result, on x86, a failure to duplicate the LDT (e.g., due to memory allocation error), would leave the duplicated memory mapping in an inconsistent state. Fix by regarding the return value, as it was before the change. Fixes: d70f2a14b72a4 ("include/linux/sched/mm.h: uninline mmdrop_async(), etc") Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: stable(a)vger.kernel.org Signed-off-by: Nadav Amit <namit(a)vmware.com> --- kernel/fork.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/kernel/fork.c b/kernel/fork.c index 1b27babc4c78..4527d1d331de 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -549,8 +549,7 @@ static __latent_entropy int dup_mmap(struct mm_struct *mm, goto out; } /* a new mm has just been created */ - arch_dup_mmap(oldmm, mm); - retval = 0; + retval = arch_dup_mmap(oldmm, mm); out: up_write(&mm->mmap_sem); flush_tlb_mm(oldmm); -- 2.17.1

7 years, 2 months

2
1
0 0

[PATCH] drm/edid: Add 6 bpc quirk for SDC panel in Lenovo B50-80

by Kai-Heng Feng

Another panel that reports "DFP 1.x compliant TMDS" but it supports 6bpc instead of 8 bpc. Apply 6 bpc quirk for the panel to fix it. BugLink: https://bugs.launchpad.net/bugs/1788308 Cc: <stable(a)vger.kernel.org> # v4.8+ Signed-off-by: Kai-Heng Feng <kai.heng.feng(a)canonical.com> --- drivers/gpu/drm/drm_edid.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/gpu/drm/drm_edid.c b/drivers/gpu/drm/drm_edid.c index 5dc742b27ca0..3c9fc99648b7 100644 --- a/drivers/gpu/drm/drm_edid.c +++ b/drivers/gpu/drm/drm_edid.c @@ -116,6 +116,9 @@ static const struct edid_quirk { /* CPT panel of Asus UX303LA reports 8 bpc, but is a 6 bpc panel */ { "CPT", 0x17df, EDID_QUIRK_FORCE_6BPC }, + /* SDC panel of Lenovo B50-80 reports 8 bpc, but is a 6 bpc panel */ + { "SDC", 0x3652, EDID_QUIRK_FORCE_6BPC }, + /* Belinea 10 15 55 */ { "MAX", 1516, EDID_QUIRK_PREFER_LARGE_60 }, { "MAX", 0x77e, EDID_QUIRK_PREFER_LARGE_60 }, -- 2.17.1

7 years, 2 months

2
1
0 0

[PATCH 9/9] power: supply: twl4030-charger: fix OF sibling-node lookup

by Johan Hovold

Use the new of_get_compatible_child() helper to lookup the usb sibling node instead of using of_find_compatible_node(), which searches the entire tree and thus can return an unrelated (non-sibling) node. This also addresses a potential use-after-free (e.g. after probe deferral) as the tree-wide helper drops a reference to its first argument (i.e. the parent device node). While at it, also fix the related phy-node reference leak. Fixes: f5e4edb8c888 ("power: twl4030_charger: find associated phy by more reliable means.") Cc: stable <stable(a)vger.kernel.org> # 4.2 Cc: NeilBrown <neilb(a)suse.de> Cc: Felipe Balbi <balbi(a)ti.com> Cc: Sebastian Reichel <sre(a)kernel.org> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/power/supply/twl4030_charger.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/power/supply/twl4030_charger.c b/drivers/power/supply/twl4030_charger.c index bbcaee56db9d..b6a7d9f74cf3 100644 --- a/drivers/power/supply/twl4030_charger.c +++ b/drivers/power/supply/twl4030_charger.c @@ -996,12 +996,13 @@ static int twl4030_bci_probe(struct platform_device *pdev) if (bci->dev->of_node) { struct device_node *phynode; - phynode = of_find_compatible_node(bci->dev->of_node->parent, - NULL, "ti,twl4030-usb"); + phynode = of_get_compatible_child(bci->dev->of_node->parent, + "ti,twl4030-usb"); if (phynode) { bci->usb_nb.notifier_call = twl4030_bci_usb_ncb; bci->transceiver = devm_usb_get_phy_by_node( bci->dev, phynode, &bci->usb_nb); + of_node_put(phynode); if (IS_ERR(bci->transceiver)) { ret = PTR_ERR(bci->transceiver); if (ret == -EPROBE_DEFER) -- 2.18.0

7 years, 2 months

2
2
0 0

qemu test failures (crashes) in v4.{14,17}.y-stable queues

by Guenter Roeck

Various mips64 and ppc64 qemu tests crash as follows in v4.14.y and v4.17.y (the log is from ppc64). ------------[ cut here ]------------ kernel BUG at kernel/time/hrtimer.c:1673! Oops: Exception in kernel mode, sig: 5 [#1] BE NUMA CoreNet Generic Modules linked in: CPU: 0 PID: 1 Comm: init Not tainted 4.17.19-rc1-00309-g8fe1830 #1 NIP: c000000000085d6c LR: c00000000089d840 CTR: c00000000000cd00 REGS: c00000003e1e7990 TRAP: 0700 Not tainted (4.17.19-rc1-00309-g8fe1830) MSR: 000000008002b000 <CE,EE,FP,ME> CR: 48000284 XER: 00000000 SOFTE: 0 GPR00: c00000000089d7ec c00000003e1e7c10 c000000000cb9c00 c00000003e1e8238 GPR04: c00000003e1e7c80 ffffffffffffffff 000000003b9aca00 0000000000000000 GPR08: 0000000031012c01 0000000031012c01 0000000000000002 0000000031012c01 GPR12: 0000000028000482 c000000000d35000 0000000000000000 0000000000000000 GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 GPR20: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 GPR24: 0000000000000000 0000000000000000 0000000000000016 00000000ffff9008 GPR28: c00000003e1e7e10 c00000003e1e8000 0000000000000000 000000009336eabb NIP [c000000000085d6c] .nanosleep_copyout+0x4c/0x50 LR [c00000000089d840] .do_nanosleep+0x160/0x190 Call Trace: [c00000003e1e7c10] [c00000000089d7ec] .do_nanosleep+0x10c/0x190 (unreliable) [c00000003e1e7cc0] [c000000000085e78] .hrtimer_nanosleep+0x108/0x1d0 [c00000003e1e7da0] [c000000000086068] .__se_compat_sys_nanosleep+0x78/0xb0 [c00000003e1e7e30] [c000000000000618] system_call+0x58/0x64 Instruction dump: 7c832378 e8890010 4bffbadd 60000000 38210070 e8010010 2fa30000 3940fff2 3860fdfc 7c63579e 7c0803a6 4e800020 <0fe00000> 7c0802a6 fb81ffe0 fbc1fff0 ---[ end trace 15c7fbc119007c42 ]--- I started to bisect, but abandoned it after finding commit 62d7ce7f40a9 ("posix-timers: Fix nanosleep_copyout() for CONFIG_COMPAT_32BIT_TIME") in both branches. Since there is no "config COMPAT_32BIT_TIME" in v4.14.y or v4.17.y, some relevant code is commented out by the commit, which in turn results in the crash. Guenter

7 years, 2 months

2
4
0 0

[GIT PULL] commits for Linux 4.17

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.17 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 128642b28a7de3171541132cf300e33a7a8e5f21: Linux 4.17.13 (2018-08-06 16:18:22 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.17-09082018 for you to fetch changes up to 3ad72f3a541e258f32da620840b8d4d62cecf18b: mm: make vm_area_alloc() initialize core fields (2018-08-07 02:31:10 -0400) - ---------------------------------------------------------------- for-greg-4.17-09082018 - ---------------------------------------------------------------- Adam Ford (2): ARM: davinci: board-da850-evm: fix WP pin polarity for MMC/SD ARM: dts: am3517.dtsi: Disable reference to OMAP3 OTG controller Ajay Gupta (1): usb: xhci: increase CRS timeout value Alex Deucher (1): drm/amdgpu: fix swapped emit_ib_size in vce3 Alexander Duyck (1): ixgbe: Be more careful when modifying MAC filters Alexander Sverdlin (2): octeon_mgmt: Fix MIX registers configuration on MTU setup net: cavium: Add fine-granular dependencies on PCI Alexandre Belloni (1): rtc: fix alarm read and set offset Alexey Brodkin (2): ARC: Explicitly add -mmedium-calls to CFLAGS ARC: Enable machine_desc->init_per_cpu for !CONFIG_SMP Alison Wang (1): drm: mali-dp: Enable Global SE interrupts mask for DP500 Anders Roxell (1): selftests: net: add config fragments Andreas Schwab (1): RISC-V: fix R_RISCV_ADD32/R_RISCV_SUB32 relocations Andrey Ryabinin (1): netfilter: nf_conntrack: Fix possible possible crash on module loading. Andrzej Hajda (1): drm/bridge/sii8620: fix loops in EDID fetch logic Andy Lutomirski (2): selftests/x86/sigreturn/64: Fix spurious failures on AMD CPUs selftests/x86/sigreturn: Do minor cleanups Anson Huang (2): soc: imx: gpcv2: correct PGC offset soc: imx: gpc: restrict register range for regmap access Ard Biesheuvel (1): KVM: arm/arm64: Drop resource size check for GICV window Arnaldo Carvalho de Melo (1): tools include uapi: Update if_link.h to pick IFLA_{BRPORT_ISOLATED,VXLAN_TTL_INHERIT} Arnd Bergmann (3): posix-timers: Fix nanosleep_copyout() for CONFIG_COMPAT_32BIT_TIME ieee802154: mcr20a: add missing includes drm/sun4i: link in front-end code if needed Artur Petrosyan (1): usb: dwc2: Fix host exit from hibernation flow. Arun Kumar Neelakantam (2): net: qrtr: Broadcast messages only from control port net: qrtr: Reset the node and port ID of broadcast messages Ayan Kumar Halder (3): drm/arm/malidp: Ensure that the crtcs are shutdown before removing any encoder/connector drm/arm/malidp: Preserve LAYER_FORMAT contents when setting format drm/mali-dp: Rectify the width and height passed to rotmem_required() Bart Van Assche (1): drbd: Fix drbd_request_prepare() discard handling Bartosz Golaszewski (1): net: davinci_emac: match the mdio device against its compatible if possible Bert Kenward (2): sfc: avoid hang from nested use of the filter_sem sfc: hold filter_sem consistently during reset BingJing Chang (1): md/raid10: fix that replacement cannot complete recovery after reassemble Bob Copeland (1): nl80211: relax ht operation checks for mesh Casey Leedom (1): cxgb4: assume flash part size to be 4MB, if it can't be determined Casey Schaufler (1): Smack: Mark inode instant in smack_task_to_inode Chengguang Xu (1): nfp: cast sizeof() to int when comparing with error code Christophe Jaillet (1): IB/mlx4: Fix an error handling path in 'mlx4_ib_rereg_user_mr()' Chunfeng Yun (1): usb: gadget: composite: fix delayed_status race condition when set_interface Damien ThÃ©bault (1): platform/x86: dell-laptop: Fix backlight detection Dan Carpenter (10): blk-mq-debugfs: Off by one in blk_mq_rq_state_name() block: sed-opal: Fix a couple off by one bugs typec: tcpm: Fix a msecs vs jiffies bug clk: davinci: cfgchip: testing the wrong variable dmaengine: k3dma: Off by one in k3_of_dma_simple_xlate() qed: off by one in qed_parse_mcp_trace_buf() ixgbe: Off by one in ixgbe_ipsec_tx() qlogic: check kstrtoul() for errors pinctrl: nsp: off by ones in nsp_pinmux_enable() drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply() Daniel Borkmann (1): bpf, s390: fix potential memleak when later bpf_jit_prog fails Daniel Mack (2): ARM: dts: am437x: make edt-ft5x06 a wakeup source ARM: pxa: irq: fix handling of ICMR registers in suspend/resume Dave Jiang (2): acpi/nfit: fix cmd_rc for acpi_nfit_ctl to always return a value nfit: fix unchecked dereference in acpi_nfit_ctl David Francis (1): amd/dc/dce100: On dce100, set clocks to 0 on suspend David Lechner (1): net: usb: rtl8150: demote allmulti message to dev_dbg() Davide Caratti (2): net/sched: act_csum: fix NULL dereference when 'goto chain' is used net/sched: act_tunnel_key: fix NULL dereference when 'goto chain' is used Denis Kenzior (1): mac80211: disable BHs/preemption in ieee80211_tx_control_port() Dinh Nguyen (1): net: stmmac: socfpga: add additional ocp reset line for Stratix10 Dirk Gouders (1): kconfig: fix line numbers for if-entries in menu tree Dmitry Osipenko (2): gpu: host1x: Skip IOMMU initialization if firewall is enabled gpu: host1x: Check whether size of unpin isn't 0 Don Brace (1): scsi: hpsa: correct enclosure sas address Dong Jia Shi (1): vfio: ccw: fix error return in vfio_ccw_sch_event Dongjiu Geng (1): usb: xhci: remove the code build warning Doron Roberts-Kedes (2): nbd: Add the nbd NBD_DISCONNECT_ON_CLOSE config flag. tls: fix skb_to_sgvec returning unhandled error. Douglas Anderson (1): nvmem: Don't let a NULL cell_id for nvmem_cell_get() crash us Eli Cohen (1): net/mlx5: E-Switch, Disallow vlan/spoofcheck setup if not being esw manager Eric Biggers (1): crypto: arm/speck - fix building in Thumb2 mode Eric Dumazet (1): netfilter: ipv6: nf_defrag: reduce struct net memory waste Evan Quan (1): drm/amd/powerplay: correct vega12 thermal support as true Fabio Estevam (2): ARM: imx_v6_v7_defconfig: Select ULPI support ARM: imx_v4_v5_defconfig: Select ULPI support Fathi Boudra (1): selftests: sync: add config fragment for testing sync framework Florian Fainelli (4): ARM: dts: NSP: Fix i2c controller interrupt type ARM: dts: NSP: Fix PCIe controllers interrupt types ARM: dts: HR2: Fix interrupt types for i2c and PCIe ARM: dts: BCM5301x: Fix i2c controller interrupt type Florian Westphal (2): netfilter: x_tables: set module owner for icmp(6) matches netfilter: nft_compat: explicitly reject ERROR and standard target Frank Rowand (1): of: overlay: update phandle cache on overlay apply and remove Frederic Weisbecker (1): sched/nohz: Skip remote tick on idle task entirely Ganesh Goudar (1): cxgb4: when disabling dcb set txq dcb priority to 0 Gao Feng (1): netfilter: nf_ct_helper: Fix possible panic after nf_conntrack_helper_unregister Geert Uytterhoeven (1): mtd: dataflash: Use ULL suffix for 64-bit constants Govindarajulu Varadarajan (1): enic: initialize enic->rfs_h.lock in enic_probe Greentime Hu (1): nds32: Fix the dts pointer is not passed correctly issue. Greg Ungerer (1): m68k: fix "bad page state" oops on ColdFire boot Grigor Tovmasyan (1): usb: gadget: dwc2: fix memory leak in gadget_init() Guenter Roeck (1): hwmon: (nct6775) Fix loop limit Gustavo Pimentel (1): ARC: [plat-hsdk]: Configure APB GPIO controller on ARC HSDK platform Haiyue Wang (1): ipmi: kcs_bmc: fix IRQ exception if the channel is not open Hangbin Liu (2): ipv6: mcast: fix unsolicited report interval after receiving querys ipvlan: call dev_change_flags when ipvlan mode is reset Hans de Goede (1): NFC: pn533: Fix wrong GFP flag usage Harini Katakam (1): net: macb: Free RX ring for all queues Heikki Krogerus (1): usb: dwc3: pci: add support for Intel IceLake Heiner Kallweit (1): r8169: fix mac address change Helge Eichelberg (1): hwmon: (dell-smm) Disable fan support for Dell XPS13 9333 Hoan Tran (1): drivers/perf: xgene_pmu: Fix IOB SLOW PMU parser error Israel Rukshin (1): nvme-rdma: Fix command completion race at error recovery Jakub Kicinski (2): selftests/bpf: test offloads even with BPF programs present nfp: bpf: don't stop offload if replace failed Jann Horn (1): netfilter: nf_log: fix uninit read in nf_log_proc_dostring Janne Huttunen (1): perf script python: Fix dict reference counting Janusz Krzysztofik (1): dmaengine: ti: omap-dma: Fix OMAP1510 incorrect residue_granularity Jason Gerecke (1): HID: wacom: Correct touch maximum XY of 2nd-gen Intuos Jeff Moyer (1): dev-dax: check_vma: ratelimit dev_info-s Jeffrin Jose T (1): selftests: bpf: notification about privilege required to run test_kmod.sh testing script Jens Axboe (1): blk-mq: don't queue more if we get a busy return Jeremy Cline (1): perf tools: Use python-config --includes rather than --cflags Jerome Brunet (1): ARM64: dts: meson-axg: fix ethernet stability issue Jianchao Wang (1): nvme-pci: move nvme_kill_queues to nvme_remove_dead_ctrl Jim Mattson (1): kvm: nVMX: Restore exit qual for VM-entry failure due to MSR loading Jim Wilson (1): RISC-V: Fix PTRACE_SETREGSET bug. Jiri Olsa (4): perf tools: Fix error index for pmu event parser perf tests: Add event parsing error handling to parse events test perf bench: Fix numa report output code perf tools: Fix compilation errors on gcc8 Johan Hovold (1): usb: dwc3: of-simple: fix use-after-free on remove Johannes Berg (1): nl80211: check nla_parse_nested() return values John Allen (1): ibmvnic: Fix error recovery on login failure John Fastabend (1): bpf: fix sk_skb programs without skb->dev assigned John Garry (1): libahci: Fix possible Spectre-v1 pmp indexing in ahci_led_store() Jon Maloy (4): tipc: fix wrong return value from function tipc_node_try_addr() tipc: correct discovery message handling during address trial period tipc: fix correct setting of message type in second discoverer tipc: make function tipc_net_finalize() thread safe Josh Poimboeuf (1): objtool: Support GCC 8 '-fnoreorder-functions' Julia Lawall (1): clocksource/drivers/stm32: Fix error return code Julian Wiedmann (1): s390/qeth: consistently re-enable device features Juri Lelli (1): sched/deadline: Fix switched_from_dl() warning Kai-Heng Feng (1): usb: xhci: dbc: Don't decrement runtime PM counter if DBC is not started Kalderon, Michal (1): RDMA/qedr: Fix NULL pointer dereference when running over iWARP without RDMA-CM Kamal Heib (1): RDMA/mlx5: Fix memory leak in mlx5_ib_create_srq() error path Karsten Graul (1): net/smc: reset recv timeout after clc handshake Katsuhiro Suzuki (1): arm64: dts: uniphier: fix widget name of headphone for LD11/LD20 boards Keerthy (1): ARM: dts: da850: Fix interrups property for gpio Kim Phillips (2): perf llvm-utils: Remove bashism from kernel include fetch script perf test shell: Prevent temporary editor files from being considered test scripts Laura Abbott (2): tools: build: Fixup host c flags tools: build: Use HOSTLDFLAGS with fixdep Li RongQing (1): net: propagate dev_get_valid_name return code Linus LÃ¼ssing (2): batman-adv: Avoid storing non-TT-sync flags on singular entries too batman-adv: Fix multicast TT issues with bogus ROAM flags Linus Torvalds (4): Mark HI and TASKLET softirq synchronous mm: use helper functions for allocating and freeing vm_area structs mm: make vm_area_dup() actually copy the old vma data mm: make vm_area_alloc() initialize core fields Lubomir Rintel (1): ieee802154: 6lowpan: set IFLA_LINK Lucas Stach (1): Input: synaptics-rmi4 - fix axis-swap behavior Maciej Purski (4): drm/bridge/sii8620: fix display modes validation drm/bridge/sii8620: fix potential buffer overflow drm/bridge/sii8620: fix display of packed pixel modes in MHL2 drm/bridge/sii8620: Fix display of packed pixel modes Madalin Bucur (2): fsl/fman: fix parser reporting bad checksum on short frames dpaa_eth: DPAA SGT needs to be 256B Manish Rangankar (1): scsi: qedi: Send driver state to MFW Marc Zyngier (2): irqchip/gic-v2m: Fix SPI release on error path irqchip/gic-v3-its: Fix reprogramming of redistributors on CPU hotplug Marcelo Ricardo Leitner (1): sctp: fix erroneous inc of snmp SctpFragUsrMsgs Marek Szyprowski (5): arm64: dma-mapping: clear buffers allocated with FORCE_CONTIGUOUS flag dmaengine: pl330: report BURST residue granularity drm/exynos: gsc: Fix support for NV16/61, YUV420/YVU420 and YUV422 modes drm/exynos: decon5433: Fix per-plane global alpha for XRGB modes drm/exynos: decon5433: Fix WINCONx reset value Martin Blumenstingl (1): ARM64: dts: meson-gxl: fix Mali GPU compatible string Masahiro Yamada (2): clk: sunxi-ng: replace lib-y with obj-y kbuild: suppress warnings from 'getconf LFS_*' Mathieu Malaterre (1): tracing: Use __printf markup to silence compiler Mauricio Vasquez B (1): bpf: hash map: decrement counter on error Max Gurtuvoy (1): nvmet: reset keep alive timer in controller enable Michael Chan (3): bnxt_en: Fix inconsistent BNXT_FLAG_AGG_RINGS logic. bnxt_en: Always set output parameters in bnxt_get_max_rings(). bnxt_en: Do not modify max IRQ count after RDMA driver requests/frees IRQs. Michael Hennerich (2): net: ieee802154: adf7242: Fix erroneous RX enable net: ieee802154: adf7242: Fix OCL calibration runs Michael Trimarchi (1): brcmfmac: stop watchdog before detach and free everything Mika Westerberg (1): ACPI / EC: Use ec_no_wakeup on Thinkpad X1 Carbon 6th Mikko Perttunen (1): drm/tegra: Fix comparison operator for buffer size Minas Harutyunyan (2): usb: dwc2: gadget: Fix issue in dwc2_gadget_start_isoc() dwc2: gadget: Fix ISOC IN DDMA PID bitfield value calculation Nicholas Mc Guire (3): PCI: xilinx: Add missing of_node_put() PCI: xilinx-nwl: Add missing of_node_put() PCI: faraday: Add missing of_node_put() Nicholas Piggin (1): powerpc: smp_send_stop do not offline stopped CPUs Nicolas Boichat (1): HID: google: Add support for whiskers Nishanth Menon (1): ARM: DRA7/OMAP5: Enable ACTLR[0] (Enable invalidates of BTB) for secondary cores Oleksij Rempel (1): ARM: dts: imx6sx: fix irq for pcie bridge Palmer Dabbelt (1): RISC-V: Don't include irq-riscv-intc.h Paolo Abeni (1): ipfrag: really prevent allocation on netns exit Paul Cercueil (1): pinctrl: ingenic: Fix inverted direction for < JZ4770 Paul Moore (1): ipv6: make ipv6_renew_options() interrupt/kernel safe Pavel Machek (1): ARM: dts: omap4-droid4: fix dts w.r.t. pwm Peng Hao (1): kvmclock: fix TSC calibration for nested guests Peter Chen (1): usb: chipidea: host: fix disconnection detect issue Peter Zijlstra (2): kthread, sched/core: Fix kthread_parkme() (again...) ARC: Improve cmpxchg syscall implementation Qu Wenruo (1): btrfs: scrub: Don't use inode page cache in scrub_handle_errored_block() Randy Dunlap (2): net/ethernet/freescale/fman: fix cross-build error tcp: identify cryptic messages as TCP seq # bugs Ravi Bangoria (2): perf script: Fix crash because of missing evsel->priv perf tools: Fix crash caused by accessing feat_ops[HEADER_LAST_FEATURE] Ray Jui (5): ARM: dts: Cygnus: Fix I2C controller interrupt type ARM: dts: Cygnus: Fix PCIe controller interrupt type arm64: dts: ns2: Fix I2C controller interrupt type arm64: dts: ns2: Fix PCIe controller interrupt type arm64: dts: Stingray: Fix I2C controller interrupt type Rob Herring (1): arm64: dts: msm8916: fix Coresight ETF graph connections Robin H. Johnson (1): ACPI / EC: Use ec_no_wakeup on more Thinkpad X1 Carbon 6th systems Roland Dreier (1): nvme: fix handling of metadata_len for NVME_IOCTL_IO_CMD Russell King (4): drm/armada: fix colorkey mode property drm/armada: fix irq handling sfp: ensure we clean up properly on bus registration failure sfp: fix module initialisation with netdev already up Ryan Hsu (1): ath10k: update the phymode along with bandwidth change request Sagi Grimberg (1): nvme-rdma: fix possible double free condition when failing to create a controller Sandipan Das (1): perf report powerpc: Fix crash if callchain is empty Saurav Kashyap (1): scsi: qedf: Send the driver state to MFW Scott Bauer (1): nvme: ensure forward progress during Admin passthru Scott Branden (2): arm64: dts: specify 1.8V EMMC capabilities for bcm958742k arm64: dts: specify 1.8V EMMC capabilities for bcm958742t Sergei Shtylyov (8): PCI: OF: Fix I/O space page leak PCI: xgene: Fix I/O space page leak PCI: versatile: Fix I/O space page leak PCI: designware: Fix I/O space page leak PCI: aardvark: Fix I/O space page leak PCI: faraday: Fix I/O space page leak PCI: mediatek: Fix I/O space page leak PCI: v3-semi: Fix I/O space page leak Shankara Pailoor (1): jfs: Fix inconsistency between memory allocation and ea_buf->max_size Shuah Khan (Samsung OSG) (6): selftests: pstore: return Kselftest Skip code for skipped tests selftests: static_keys: return Kselftest Skip code for skipped tests selftests: sysctl: return Kselftest Skip code for skipped tests selftests: user: return Kselftest Skip code for skipped tests selftests: zram: return Kselftest Skip code for skipped tests selftests: vm: return Kselftest Skip code for skipped tests Sowmini Varadhan (1): rds: clean up loopback rds_connections on netns deletion Stafford Horne (1): openrisc: entry: Fix delay slot exception detection Stefan Agner (1): net: hamradio: use eth_broadcast_addr Stefan Schmidt (3): ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem ieee802154: at86rf230: use __func__ macro for debug messages ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem Stefan Wahren (3): net: qca_spi: Avoid packet drop during initial sync net: qca_spi: Make sure the QCA7000 reset is triggered net: qca_spi: Fix log level if probe fails Stephen Hemminger (1): hv/netvsc: fix handling of fallback to single queue mode Steve French (1): smb3: increase initial number of credits requested to allow write Steven Rostedt (VMware) (2): locking/lockdep: Do not record IRQ state within lockdep code ARM: 8780/1: ftrace: Only set kernel memory back to read-only after boot Sudarsana Reddy Kalluru (4): qed: Fix possible memory leak in Rx error path handling. qed: Add sanity check for SIMD fastpath handler. qed: Do not advertise DCBX_LLD_MANAGED capability. bnx2x: Fix receiving tx-timeout in error or recovery state. Sven Eckelmann (4): batman-adv: Fix bat_ogm_iv best gw refcnt after netlink dump batman-adv: Fix bat_v best gw refcnt after netlink dump batman-adv: Fix debugfs path for renamed hardif batman-adv: Fix debugfs path for renamed softif Taeung Song (4): samples/bpf: add missing <linux/if_vlan.h> samples/bpf: Check the result of system() samples/bpf: Check the error of write() and read() samples/bpf: Fix tc and ip paths in xdp2skb_meta.sh Takashi Iwai (1): ALSA: seq: Fix UBSAN warning at SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT ioctl Thomas Falcon (1): ibmvnic: Revise RX/TX queue error messages Thomas Richter (2): perf record: Support s390 random socket_id assignment perf test session topology: Fix test on s390 Tomasz Duszynski (1): iio: pressure: bmp280: fix relative humidity unit Trond Myklebust (1): pNFS: Always free the session slot on error in nfs4_layoutget_handle_exception Uwe Kleine-KÃ¶nig (1): ARM: dts: imx6: RDU2: fix irq type for mv88e6xxx switch Venkat Duvvuru (1): bnxt_en: Fix the vlan_tci exact match check. Vijay Immanuel (1): IB/rxe: Fix missing completion for mem_reg work requests Vikas Gupta (1): bnxt_en: Fix for system hang if request_irq fails Vincent Guittot (1): sched/util_est: Fix util_est_dequeue() for throttled cfs_rq Vincent Pelletier (1): usb: gadget: ffs: Fix BUG when userland exits with submitted AIO transfers Viresh Kumar (1): arm: dts: armada: Fix "#cooling-cells" property's name Vishal Verma (1): tools/testing/nvdimm: advertise a write cache for nfit_test Vladimir Zapolskiy (4): sh_eth: fix invalid context bug while calling auto-negotiation by ethtool sh_eth: fix invalid context bug while changing link options by ethtool ravb: fix invalid context bug while calling auto-negotiation by ethtool ravb: fix invalid context bug while changing link options by ethtool Wang Dongsheng (1): net: phy: marvell: change default m88e1510 LED configuration Wei Yongjun (1): pinctrl: nsp: Fix potential NULL dereference Will Deacon (1): arm64: Avoid flush_icache_range() in alternatives patching code Willem de Bruijn (1): packet: reset network header if packet shorter than ll reserved space William Wu (2): usb: dwc2: alloc dma aligned buffer for isoc split in usb: dwc2: fix isoc split in transfer with no data Xunlei Pang (1): sched/fair: Fix bandwidth timer clock drift condition Yan, Zheng (1): ceph: fix dentry leak in splice_dentry() Yonghong Song (1): perf tools: Fix a clang 7.0 compilation error Yuchung Cheng (1): tcp: remove DELAYED ACK events in DCTCP Yuiko Oshino (1): smsc75xx: Add workaround for gigabit link up hardware errata. Zhen Lei (1): kasan: fix shadow_size calculation error in kasan_module_alloc Zhenzhong Duan (2): x86/microcode/intel: Fix memleak in save_microcode_patch() x86/mm/32: Initialize the CR4 shadow before __flush_tlb_all() Zhizhou Zhang (1): arm64: make secondary_start_kernel() notrace Zhouyang Jia (3): xen: add error handling for xenbus_printf scsi: xen-scsifront: add error handling for xenbus_printf xen/scsiback: add error handling for xenbus_printf Zhu Yanjun (1): IB/rxe: avoid double kfree skb piaojun (1): net/9p/client.c: put refcount of trans_mod in error case in parse_opts() Makefile | 6 +- arch/arc/Makefile | 15 +-- arch/arc/include/asm/mach_desc.h | 2 - arch/arc/kernel/irq.c | 2 +- arch/arc/kernel/process.c | 47 ++++++-- arch/arc/plat-hsdk/platform.c | 62 +++++++++++ arch/arm/boot/dts/am3517.dtsi | 5 + arch/arm/boot/dts/am437x-sk-evm.dts | 2 + arch/arm/boot/dts/armada-385-synology-ds116.dts | 2 +- arch/arm/boot/dts/bcm-cygnus.dtsi | 24 ++-- arch/arm/boot/dts/bcm-hr2.dtsi | 24 ++-- arch/arm/boot/dts/bcm-nsp.dtsi | 32 +++--- arch/arm/boot/dts/bcm5301x.dtsi | 2 +- arch/arm/boot/dts/da850.dtsi | 6 +- arch/arm/boot/dts/imx6qdl-zii-rdu2.dtsi | 2 +- arch/arm/boot/dts/imx6sx.dtsi | 2 +- arch/arm/boot/dts/omap4-droid4-xt894.dts | 9 +- arch/arm/configs/imx_v4_v5_defconfig | 2 + arch/arm/configs/imx_v6_v7_defconfig | 2 + arch/arm/crypto/speck-neon-core.S | 6 +- arch/arm/mach-davinci/board-da850-evm.c | 2 +- arch/arm/mach-omap2/omap-smp.c | 41 +++++++ arch/arm/mach-pxa/irq.c | 4 +- arch/arm/mm/init.c | 9 ++ arch/arm64/boot/dts/amlogic/meson-axg-s400.dts | 15 ++- arch/arm64/boot/dts/amlogic/meson-gxl-mali.dtsi | 2 +- arch/arm64/boot/dts/broadcom/northstar2/ns2.dtsi | 8 +- .../boot/dts/broadcom/stingray/bcm958742k.dts | 4 + .../boot/dts/broadcom/stingray/bcm958742t.dts | 4 + .../arm64/boot/dts/broadcom/stingray/stingray.dtsi | 4 +- arch/arm64/boot/dts/qcom/msm8916.dtsi | 4 +- .../boot/dts/socionext/uniphier-ld11-global.dts | 2 +- .../boot/dts/socionext/uniphier-ld20-global.dts | 2 +- arch/arm64/include/asm/alternative.h | 7 +- arch/arm64/kernel/alternative.c | 51 +++++++-- arch/arm64/kernel/module.c | 5 +- arch/arm64/kernel/smp.c | 2 +- arch/arm64/mm/dma-mapping.c | 9 +- arch/ia64/kernel/perfmon.c | 6 +- arch/ia64/mm/init.c | 12 +- arch/m68k/include/asm/mcf_pgalloc.h | 4 +- arch/nds32/kernel/setup.c | 3 +- arch/openrisc/kernel/entry.S | 8 +- arch/openrisc/kernel/head.S | 9 +- arch/openrisc/kernel/traps.c | 2 +- arch/powerpc/kernel/smp.c | 6 - arch/riscv/kernel/irq.c | 4 - arch/riscv/kernel/module.c | 4 +- arch/riscv/kernel/ptrace.c | 2 +- arch/s390/net/bpf_jit_comp.c | 1 + arch/x86/kernel/cpu/microcode/intel.c | 5 +- arch/x86/kernel/kvmclock.c | 1 + arch/x86/kernel/smpboot.c | 5 + arch/x86/kvm/vmx.c | 9 +- block/blk-mq-debugfs.c | 2 +- block/blk-mq.c | 12 ++ block/sed-opal.c | 4 +- drivers/acpi/ec.c | 20 ++++ drivers/acpi/nfit/core.c | 4 + drivers/ata/libahci.c | 7 +- drivers/block/drbd/drbd_req.c | 4 +- drivers/block/nbd.c | 40 +++++-- drivers/char/ipmi/kcs_bmc.c | 31 ++---- drivers/clk/Makefile | 2 +- drivers/clk/davinci/da8xx-cfgchip.c | 2 +- drivers/clk/sunxi-ng/Makefile | 39 +++---- drivers/clocksource/timer-stm32.c | 4 +- drivers/dax/device.c | 12 +- drivers/dma/k3dma.c | 2 +- drivers/dma/omap-dma.c | 6 +- drivers/dma/pl330.c | 2 +- drivers/gpu/drm/amd/amdgpu/vce_v3_0.c | 4 +- .../drm/amd/display/dc/dce100/dce100_resource.c | 19 +++- drivers/gpu/drm/amd/powerplay/hwmgr/vega12_hwmgr.c | 1 + drivers/gpu/drm/arm/malidp_drv.c | 3 +- drivers/gpu/drm/arm/malidp_hw.c | 3 +- drivers/gpu/drm/arm/malidp_planes.c | 9 +- drivers/gpu/drm/armada/armada_crtc.c | 12 +- drivers/gpu/drm/armada/armada_hw.h | 1 + drivers/gpu/drm/armada/armada_overlay.c | 30 +++-- drivers/gpu/drm/bridge/sil-sii8620.c | 121 +++++++++++---------- drivers/gpu/drm/exynos/exynos5433_drm_decon.c | 6 +- drivers/gpu/drm/exynos/exynos_drm_gsc.c | 29 +++-- drivers/gpu/drm/exynos/regs-gsc.h | 1 + drivers/gpu/drm/nouveau/nouveau_gem.c | 4 +- drivers/gpu/drm/sun4i/Makefile | 5 +- drivers/gpu/drm/tegra/drm.c | 2 +- drivers/gpu/host1x/dev.c | 3 + drivers/gpu/host1x/job.c | 3 +- drivers/hid/hid-google-hammer.c | 2 + drivers/hid/hid-ids.h | 1 + drivers/hid/wacom_wac.c | 10 +- drivers/hwmon/dell-smm-hwmon.c | 7 ++ drivers/hwmon/nct6775.c | 2 +- drivers/iio/pressure/bmp280-core.c | 5 +- drivers/infiniband/hw/mlx4/mr.c | 7 +- drivers/infiniband/hw/mlx5/srq.c | 18 ++- drivers/infiniband/hw/qedr/verbs.c | 3 + drivers/infiniband/sw/rxe/rxe_req.c | 5 +- drivers/input/rmi4/rmi_2d_sensor.c | 34 +++--- drivers/irqchip/irq-gic-v2m.c | 2 +- drivers/irqchip/irq-gic-v3-its.c | 10 ++ drivers/md/raid10.c | 7 ++ drivers/mtd/devices/mtd_dataflash.c | 4 +- drivers/net/ethernet/broadcom/bnx2x/bnx2x.h | 1 + drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 6 + drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 6 + drivers/net/ethernet/broadcom/bnxt/bnxt.c | 15 ++- drivers/net/ethernet/broadcom/bnxt/bnxt.h | 1 - drivers/net/ethernet/broadcom/bnxt/bnxt_tc.c | 30 ++++- drivers/net/ethernet/broadcom/bnxt/bnxt_ulp.c | 2 - drivers/net/ethernet/cadence/macb_main.c | 11 +- drivers/net/ethernet/cavium/Kconfig | 12 +- drivers/net/ethernet/cavium/octeon/octeon_mgmt.c | 14 ++- drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 2 +- drivers/net/ethernet/chelsio/cxgb4/t4_hw.c | 35 +++--- drivers/net/ethernet/cisco/enic/enic_clsf.c | 3 +- drivers/net/ethernet/cisco/enic/enic_main.c | 3 +- drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 15 +-- drivers/net/ethernet/freescale/fman/fman_port.c | 8 ++ drivers/net/ethernet/ibm/ibmvnic.c | 43 +++++--- drivers/net/ethernet/intel/ixgbe/ixgbe_common.c | 12 +- drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 12 +- drivers/net/ethernet/mellanox/mlx5/core/vport.c | 2 - drivers/net/ethernet/netronome/nfp/bpf/main.c | 6 +- .../net/ethernet/netronome/nfp/nfpcore/nfp_nffw.c | 2 +- drivers/net/ethernet/qlogic/qed/qed_dcbx.c | 11 +- drivers/net/ethernet/qlogic/qed/qed_debug.c | 2 +- drivers/net/ethernet/qlogic/qed/qed_ll2.c | 11 +- drivers/net/ethernet/qlogic/qed/qed_main.c | 12 +- drivers/net/ethernet/qlogic/qlcnic/qlcnic_sysfs.c | 2 + drivers/net/ethernet/qualcomm/qca_spi.c | 21 ++-- drivers/net/ethernet/realtek/r8169.c | 1 + drivers/net/ethernet/renesas/ravb_main.c | 56 +++------- drivers/net/ethernet/renesas/sh_eth.c | 59 +++------- drivers/net/ethernet/sfc/ef10.c | 30 +++-- drivers/net/ethernet/sfc/efx.c | 17 ++- drivers/net/ethernet/stmicro/stmmac/Kconfig | 2 +- .../net/ethernet/stmicro/stmmac/dwmac-socfpga.c | 18 ++- drivers/net/ethernet/ti/davinci_emac.c | 4 + drivers/net/hamradio/bpqether.c | 8 +- drivers/net/hyperv/rndis_filter.c | 1 + drivers/net/ieee802154/adf7242.c | 34 +++++- drivers/net/ieee802154/at86rf230.c | 15 +-- drivers/net/ieee802154/fakelb.c | 2 +- drivers/net/ieee802154/mcr20a.c | 3 +- drivers/net/ipvlan/ipvlan_main.c | 36 ++++-- drivers/net/phy/marvell.c | 54 ++++++--- drivers/net/phy/sfp-bus.c | 35 ++++-- drivers/net/usb/rtl8150.c | 2 +- drivers/net/usb/smsc75xx.c | 62 +++++++++++ drivers/net/wireless/ath/ath10k/mac.c | 16 ++- drivers/net/wireless/ath/ath10k/wmi.h | 1 + .../wireless/broadcom/brcm80211/brcmfmac/sdio.c | 7 ++ drivers/nfc/pn533/usb.c | 4 +- drivers/nvme/host/core.c | 52 ++++----- drivers/nvme/host/pci.c | 2 +- drivers/nvme/host/rdma.c | 28 +++-- drivers/nvme/target/core.c | 8 ++ drivers/nvmem/core.c | 4 + drivers/of/base.c | 6 +- drivers/of/of_private.h | 2 + drivers/of/overlay.c | 11 ++ drivers/pci/dwc/pcie-designware-host.c | 3 +- drivers/pci/host/pci-aardvark.c | 2 +- drivers/pci/host/pci-ftpci100.c | 4 +- drivers/pci/host/pci-v3-semi.c | 2 +- drivers/pci/host/pci-versatile.c | 2 +- drivers/pci/host/pci-xgene.c | 2 +- drivers/pci/host/pcie-mediatek.c | 2 +- drivers/pci/host/pcie-xilinx-nwl.c | 2 +- drivers/pci/host/pcie-xilinx.c | 1 + drivers/pci/of.c | 2 +- drivers/pci/pci.c | 38 +++++++ drivers/perf/xgene_pmu.c | 2 +- drivers/pinctrl/bcm/pinctrl-nsp-mux.c | 6 +- drivers/pinctrl/pinctrl-ingenic.c | 2 +- drivers/platform/x86/dell-laptop.c | 2 +- drivers/rtc/interface.c | 8 +- drivers/s390/cio/vfio_ccw_drv.c | 5 +- drivers/s390/net/qeth_core.h | 2 +- drivers/s390/net/qeth_core_main.c | 23 ++-- drivers/s390/net/qeth_l2_main.c | 5 +- drivers/s390/net/qeth_l3_main.c | 3 +- drivers/scsi/hpsa.c | 25 ++++- drivers/scsi/hpsa.h | 1 + drivers/scsi/qedf/qedf_main.c | 12 ++ drivers/scsi/qedi/qedi_main.c | 11 ++ drivers/scsi/xen-scsifront.c | 33 ++++-- drivers/soc/imx/gpc.c | 21 ++++ drivers/soc/imx/gpcv2.c | 13 ++- drivers/usb/chipidea/host.c | 5 +- drivers/usb/dwc2/core.h | 3 + drivers/usb/dwc2/gadget.c | 15 ++- drivers/usb/dwc2/hcd.c | 93 +++++++++++++++- drivers/usb/dwc2/hcd.h | 8 ++ drivers/usb/dwc2/hcd_intr.c | 11 +- drivers/usb/dwc2/hcd_queue.c | 3 + drivers/usb/dwc3/dwc3-of-simple.c | 3 +- drivers/usb/dwc3/dwc3-pci.c | 2 + drivers/usb/gadget/composite.c | 3 + drivers/usb/gadget/function/f_fs.c | 26 +++-- drivers/usb/host/xhci-dbgcap.c | 12 +- drivers/usb/host/xhci-tegra.c | 2 +- drivers/usb/host/xhci.c | 7 +- drivers/usb/typec/tcpm.c | 3 +- drivers/xen/manage.c | 18 ++- drivers/xen/xen-scsiback.c | 16 ++- fs/btrfs/scrub.c | 17 +-- fs/ceph/inode.c | 1 + fs/cifs/smb2pdu.c | 5 +- fs/exec.c | 6 +- fs/jfs/xattr.c | 10 +- fs/nfs/nfs4proc.c | 17 +-- include/linux/fsl/guts.h | 1 + include/linux/kthread.h | 1 - include/linux/marvell_phy.h | 2 + include/linux/mm.h | 4 +- include/linux/pci.h | 2 + include/linux/sched.h | 2 +- include/net/ipv6.h | 9 +- include/net/net_namespace.h | 1 + include/net/netns/ipv6.h | 1 - include/net/tc_act/tc_csum.h | 1 - include/net/tc_act/tc_tunnel_key.h | 1 - include/net/tcp.h | 2 - include/uapi/linux/nbd.h | 3 + kernel/bpf/hashtab.c | 16 ++- kernel/fork.c | 35 +++++- kernel/kthread.c | 30 ++++- kernel/locking/lockdep.c | 12 +- kernel/sched/core.c | 67 ++++++------ kernel/sched/deadline.c | 11 +- kernel/sched/fair.c | 30 ++--- kernel/sched/sched.h | 6 +- kernel/softirq.c | 12 +- kernel/time/hrtimer.c | 2 +- kernel/trace/trace.c | 5 + mm/kasan/kasan.c | 5 +- mm/mmap.c | 35 ++---- mm/nommu.c | 10 +- net/9p/client.c | 3 +- net/batman-adv/bat_iv_ogm.c | 4 +- net/batman-adv/bat_v.c | 4 +- net/batman-adv/debugfs.c | 40 +++++++ net/batman-adv/debugfs.h | 11 ++ net/batman-adv/hard-interface.c | 37 ++++++- net/batman-adv/translation-table.c | 7 +- net/core/dev.c | 4 +- net/core/filter.c | 3 +- net/ieee802154/6lowpan/core.c | 6 + net/ipv4/inet_fragment.c | 2 +- net/ipv4/netfilter/ip_tables.c | 1 + net/ipv4/tcp.c | 4 +- net/ipv4/tcp_dctcp.c | 25 ----- net/ipv4/tcp_output.c | 4 - net/ipv6/calipso.c | 9 +- net/ipv6/exthdrs.c | 111 +++++-------------- net/ipv6/ipv6_sockglue.c | 27 +++-- net/ipv6/mcast.c | 9 +- net/ipv6/netfilter/ip6_tables.c | 1 + net/ipv6/netfilter/nf_conntrack_reasm.c | 6 +- net/mac80211/tx.c | 2 + net/netfilter/nf_conntrack_core.c | 2 +- net/netfilter/nf_conntrack_helper.c | 5 + net/netfilter/nf_log.c | 4 + net/netfilter/nft_compat.c | 13 +++ net/packet/af_packet.c | 2 + net/qrtr/qrtr.c | 13 ++- net/rds/connection.c | 11 +- net/rds/loop.c | 56 ++++++++++ net/rds/loop.h | 2 + net/sched/act_csum.c | 6 +- net/sched/act_tunnel_key.c | 6 +- net/sctp/chunk.c | 4 +- net/smc/smc_clc.c | 3 +- net/tipc/discover.c | 18 +-- net/tipc/net.c | 17 ++- net/tipc/node.c | 7 +- net/tls/tls_sw.c | 5 + net/wireless/nl80211.c | 35 +++--- samples/bpf/parse_varlen.c | 6 +- samples/bpf/test_overhead_user.c | 19 +++- samples/bpf/trace_event_user.c | 27 ++++- samples/bpf/xdp2skb_meta.sh | 6 +- scripts/kconfig/zconf.y | 4 +- security/smack/smack_lsm.c | 1 + sound/core/seq/seq_clientmgr.c | 3 +- tools/build/Build.include | 2 +- tools/build/Makefile | 2 +- tools/include/uapi/linux/if_link.h | 2 + tools/objtool/elf.c | 41 ++++--- tools/perf/Makefile.config | 3 +- tools/perf/arch/powerpc/util/skip-callchain-idx.c | 2 +- tools/perf/arch/x86/util/perf_regs.c | 2 +- tools/perf/bench/numa.c | 5 +- tools/perf/builtin-annotate.c | 11 +- tools/perf/builtin-report.c | 3 +- tools/perf/builtin-script.c | 25 ++++- tools/perf/jvmti/jvmti_agent.c | 3 +- tools/perf/pmu-events/Build | 2 +- tools/perf/tests/builtin-test.c | 2 +- tools/perf/tests/parse-events.c | 8 +- tools/perf/tests/topology.c | 1 + tools/perf/util/c++/clang.cpp | 11 +- tools/perf/util/header.c | 12 +- tools/perf/util/llvm-utils.c | 6 +- tools/perf/util/parse-events.y | 5 + .../util/scripting-engines/trace-event-python.c | 8 +- tools/testing/nvdimm/test/nfit.c | 3 +- tools/testing/selftests/bpf/test_kmod.sh | 9 ++ tools/testing/selftests/bpf/test_offload.py | 12 +- tools/testing/selftests/net/config | 2 + .../selftests/pstore/pstore_post_reboot_tests | 5 +- .../selftests/static_keys/test_static_keys.sh | 13 +++ tools/testing/selftests/sync/config | 4 + tools/testing/selftests/sysctl/sysctl.sh | 20 ++-- tools/testing/selftests/user/test_user_copy.sh | 7 ++ tools/testing/selftests/vm/compaction_test.c | 4 +- tools/testing/selftests/vm/mlock2-tests.c | 12 +- tools/testing/selftests/vm/run_vmtests | 5 +- tools/testing/selftests/vm/userfaultfd.c | 4 +- tools/testing/selftests/x86/sigreturn.c | 59 ++++++---- tools/testing/selftests/zram/zram.sh | 5 +- tools/testing/selftests/zram/zram_lib.sh | 5 +- virt/kvm/arm/vgic/vgic-v3.c | 5 - 327 files changed, 2487 insertions(+), 1222 deletions(-) create mode 100644 tools/testing/selftests/sync/config -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlts2tYACgkQ3qZv95d3 LNybgg/+NZl+NRx12OH9XIZuNL2xVNUHOuPUs7z9NRLE/GiU4fwLV1B1wfnBhTOZ Im+kL3byVvrwdGrlFrbGsnk9vSElNS2IVSX4ORbKco9+9M/4xZgp070RU0WJHac6 sLUJh0zmnnU5JLtAIxKIZ7d67LsjuOoVa6KPM0mEZm3OBf3ilepIypihm+99vSuZ 6cLu4Cii/qKOSGenZ14IqiavNEc8IIXscTotAZcR/GXZr++dOLHyeGtsfjiXcDKf VL4FjTQusHZNoWspKZj6gZp2iyPeC1bulaBEPq6GGefWHK3FCjDoifZzlZ0y1XKA IgEN3xCDG/lxrIC1uj1VScUEOk9LXygE+6IPhT1tQ/f1ywkr+7tOY+uGvKHUpWQ4 qejpJFiltwPqM7SG78MrTKks7W5bi7FgrEHWchsYVylUY9STGhrj7WrEM/5SMs83 JtDbEbZhX4sSV0i0UDZVUebKajomjdmyJTFPrKh9LU25p6/jdFSdCC/Z6qGz+1Tp YDgcCTWm11rzWr14aRLEM3RRmLv1yeFsoLVx4J2eA8LpXZhKh0GMTBSo4QKQrDg9 JfvYAL70XZ5AUFYKW2Zs+/ftzibwFRWT4LG1Vu9xM1cQaxrE3toLaLnxpFbJNNlY P01Rp1qvKxvL55eII9AS9+kYdcT8vPOffHCpXMZrEQYfUDbBhdA= =w5qK -----END PGP SIGNATURE-----

7 years, 2 months

3
8
0 0

[GIT] Networking

by David Miller

Please queue up the following networking bug fixes for v4.17 and v4.18 -stable, respectively. Thank you!

7 years, 2 months

2
2
0 0

FAILED: patch "[PATCH] PCI: pciehp: Fix unprotected list iteration in IRQ handler" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 1204e35bedf4e5015cda559ed8c84789a6dae24e Mon Sep 17 00:00:00 2001 From: Lukas Wunner <lukas(a)wunner.de> Date: Thu, 19 Jul 2018 17:27:34 -0500 Subject: [PATCH] PCI: pciehp: Fix unprotected list iteration in IRQ handler Commit b440bde74f04 ("PCI: Add pci_ignore_hotplug() to ignore hotplug events for a device") iterates over the devices on a hotplug port's subordinate bus in pciehp's IRQ handler without acquiring pci_bus_sem. It is thus possible for a user to cause a crash by concurrently manipulating the device list, e.g. by disabling slot power via sysfs on a different CPU or by initiating a remove/rescan via sysfs. This can't be fixed by acquiring pci_bus_sem because it may sleep. The simplest fix is to avoid the list iteration altogether and just check the ignore_hotplug flag on the port itself. This works because pci_ignore_hotplug() sets the flag both on the device as well as on its parent bridge. We do lose the ability to print the name of the device blocking hotplug in the debug message, but that's probably bearable. Fixes: b440bde74f04 ("PCI: Add pci_ignore_hotplug() to ignore hotplug events for a device") Signed-off-by: Lukas Wunner <lukas(a)wunner.de> Signed-off-by: Bjorn Helgaas <bhelgaas(a)google.com> Cc: stable(a)vger.kernel.org diff --git a/drivers/pci/hotplug/pciehp_hpc.c b/drivers/pci/hotplug/pciehp_hpc.c index 84b3d421c083..aff191b4552c 100644 --- a/drivers/pci/hotplug/pciehp_hpc.c +++ b/drivers/pci/hotplug/pciehp_hpc.c @@ -539,8 +539,6 @@ static irqreturn_t pciehp_isr(int irq, void *dev_id) { struct controller *ctrl = (struct controller *)dev_id; struct pci_dev *pdev = ctrl_dev(ctrl); - struct pci_bus *subordinate = pdev->subordinate; - struct pci_dev *dev; struct slot *slot = ctrl->slot; u16 status, events; u8 present; @@ -588,14 +586,9 @@ static irqreturn_t pciehp_isr(int irq, void *dev_id) wake_up(&ctrl->queue); } - if (subordinate) { - list_for_each_entry(dev, &subordinate->devices, bus_list) { - if (dev->ignore_hotplug) { - ctrl_dbg(ctrl, "ignoring hotplug event %#06x (%s requested no hotplug)\n", - events, pci_name(dev)); - return IRQ_HANDLED; - } - } + if (pdev->ignore_hotplug) { + ctrl_dbg(ctrl, "ignoring hotplug event %#06x\n", events); + return IRQ_HANDLED; } /* Check Attention Button Pressed */

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] PCI: aardvark: Size bridges before resources allocation" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 91a2968e245d6ba616db37001fa1a043078b1a65 Mon Sep 17 00:00:00 2001 From: Zachary Zhang <zhangzg(a)marvell.com> Date: Fri, 29 Jun 2018 11:16:19 +0200 Subject: [PATCH] PCI: aardvark: Size bridges before resources allocation The PCIE I/O and MEM resource allocation mechanism is that root bus goes through the following steps: 1. Check PCI bridges' range and computes I/O and Mem base/limits. 2. Sort all subordinate devices I/O and MEM resource requirements and allocate the resources and writes/updates subordinate devices' requirements to PCI bridges I/O and Mem MEM/limits registers. Currently, PCI Aardvark driver only handles the second step and lacks the first step, so there is an I/O and MEM resource allocation failure when using a PCI switch. This commit fixes that by sizing bridges before doing the resource allocation. Fixes: 8c39d710363c1 ("PCI: aardvark: Add Aardvark PCI host controller driver") Signed-off-by: Zachary Zhang <zhangzg(a)marvell.com> [Thomas: edit commit log.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni(a)bootlin.com> Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi(a)arm.com> Cc: <stable(a)vger.kernel.org> diff --git a/drivers/pci/controller/pci-aardvark.c b/drivers/pci/controller/pci-aardvark.c index c9c72595bd20..10543ed7b500 100644 --- a/drivers/pci/controller/pci-aardvark.c +++ b/drivers/pci/controller/pci-aardvark.c @@ -906,6 +906,7 @@ static int advk_pcie_probe(struct platform_device *pdev) bus = bridge->bus; + pci_bus_size_bridges(bus); pci_bus_assign_resources(bus); list_for_each_entry(child, &bus->children, node)

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] PCI: aardvark: Size bridges before resources allocation" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 91a2968e245d6ba616db37001fa1a043078b1a65 Mon Sep 17 00:00:00 2001 From: Zachary Zhang <zhangzg(a)marvell.com> Date: Fri, 29 Jun 2018 11:16:19 +0200 Subject: [PATCH] PCI: aardvark: Size bridges before resources allocation The PCIE I/O and MEM resource allocation mechanism is that root bus goes through the following steps: 1. Check PCI bridges' range and computes I/O and Mem base/limits. 2. Sort all subordinate devices I/O and MEM resource requirements and allocate the resources and writes/updates subordinate devices' requirements to PCI bridges I/O and Mem MEM/limits registers. Currently, PCI Aardvark driver only handles the second step and lacks the first step, so there is an I/O and MEM resource allocation failure when using a PCI switch. This commit fixes that by sizing bridges before doing the resource allocation. Fixes: 8c39d710363c1 ("PCI: aardvark: Add Aardvark PCI host controller driver") Signed-off-by: Zachary Zhang <zhangzg(a)marvell.com> [Thomas: edit commit log.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni(a)bootlin.com> Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi(a)arm.com> Cc: <stable(a)vger.kernel.org> diff --git a/drivers/pci/controller/pci-aardvark.c b/drivers/pci/controller/pci-aardvark.c index c9c72595bd20..10543ed7b500 100644 --- a/drivers/pci/controller/pci-aardvark.c +++ b/drivers/pci/controller/pci-aardvark.c @@ -906,6 +906,7 @@ static int advk_pcie_probe(struct platform_device *pdev) bus = bridge->bus; + pci_bus_size_bridges(bus); pci_bus_assign_resources(bus); list_for_each_entry(child, &bus->children, node)

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] PCI: aardvark: Size bridges before resources allocation" failed to apply to 4.17-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.17-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 91a2968e245d6ba616db37001fa1a043078b1a65 Mon Sep 17 00:00:00 2001 From: Zachary Zhang <zhangzg(a)marvell.com> Date: Fri, 29 Jun 2018 11:16:19 +0200 Subject: [PATCH] PCI: aardvark: Size bridges before resources allocation The PCIE I/O and MEM resource allocation mechanism is that root bus goes through the following steps: 1. Check PCI bridges' range and computes I/O and Mem base/limits. 2. Sort all subordinate devices I/O and MEM resource requirements and allocate the resources and writes/updates subordinate devices' requirements to PCI bridges I/O and Mem MEM/limits registers. Currently, PCI Aardvark driver only handles the second step and lacks the first step, so there is an I/O and MEM resource allocation failure when using a PCI switch. This commit fixes that by sizing bridges before doing the resource allocation. Fixes: 8c39d710363c1 ("PCI: aardvark: Add Aardvark PCI host controller driver") Signed-off-by: Zachary Zhang <zhangzg(a)marvell.com> [Thomas: edit commit log.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni(a)bootlin.com> Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi(a)arm.com> Cc: <stable(a)vger.kernel.org> diff --git a/drivers/pci/controller/pci-aardvark.c b/drivers/pci/controller/pci-aardvark.c index c9c72595bd20..10543ed7b500 100644 --- a/drivers/pci/controller/pci-aardvark.c +++ b/drivers/pci/controller/pci-aardvark.c @@ -906,6 +906,7 @@ static int advk_pcie_probe(struct platform_device *pdev) bus = bridge->bus; + pci_bus_size_bridges(bus); pci_bus_assign_resources(bus); list_for_each_entry(child, &bus->children, node)

7 years, 2 months

1
0
0 0

[PATCH v2 for-4.4.y 0/5] net/sched: init failure fixes

by Amit Pundir

Hi Greg, Kindly consider/review following net/sched fixes for stable 4.4.y. This patchset is a follow-up of upstream fix 87b60cfacf9f ("net_sched: fix error recovery at qdisc creation") cherry-picked on stable 4.4.y. It fix null pointer dereferences due to uninitialized timer (qdisc watchdog) or double frees due to ->destroy cleaning up a second time. Here is the original submission https://www.mail-archive.com/netdev@vger.kernel.org/msg186003.html Cherry-picked and build tested on Linux 4.4.151 for ARCH=x86_64. Regards, Amit Pundir Change since v1: Rebased "sch_multiq: fix double free on init failure" patch and fixed "unused variable" build warning. Nikolay Aleksandrov (5): sch_htb: fix crash on init failure sch_multiq: fix double free on init failure sch_hhf: fix null pointer dereference on init failure sch_netem: avoid null pointer deref on init failure sch_tbf: fix two null pointer dereferences on init failure net/sched/sch_hhf.c | 3 +++ net/sched/sch_htb.c | 5 +++-- net/sched/sch_multiq.c | 9 ++------- net/sched/sch_netem.c | 4 ++-- net/sched/sch_tbf.c | 5 +++-- 5 files changed, 13 insertions(+), 13 deletions(-) -- 2.7.4

7 years, 2 months

1
5
0 0

[PATCH v5] spi: spi-mem: Adjust op len based on message/transfer size limitations

by Chuanhua Han

We need that to adjust the len of the 2nd transfer (called data in spi-mem) if it's too long to fit in a SPI message or SPI transfer. Fixes: c36ff266dc82 ("spi: Extend the core to ease integration of SPI memory controllers") Cc: <stable(a)vger.kernel.org> Signed-off-by: Chuanhua Han <chuanhua.han(a)nxp.com> Suggested-by: Boris Brezillon <boris.brezillon(a)bootlin.com> --- Changes in v5: -Add the validation check after the op->data.nbytes assignment -Assign the "len" variable after defining it -Remove the brackets on both sides of "opt-> data.nbytes" Changes in v4: -Rename variable name "opcode_addr_dummy_sum" to "len". -The comparison of "spi_max_message_size(mem->spi)" and "len" was removed. -Adjust their order when comparing the sizes of "spi_max_message_size(mem->spi)" and "len" -Changing the "unsigned long" type in the code to "size_t" Changes in v3: -Rename variable name "val" to "opcode_addr_dummy_sum". -Place the legitimacy of the transfer size(i.e., "spi_max_message_size(mem->spi)" and -"opcode_addr_dummy_sum") into "if (! ctlr - > mem_ops | |! ctlr-> mem_ops->exec_op) {" structure and add "spi_max_transfer_size(mem->spi) and opcode_addr_dummy_sum". -Adjust the formatting alignment of the code. -"(unsigned long)op->data.nbytes" was modified to "(unsigned long)(op->data.nbytes)". Changes in v2: -Place the adjusted transfer bytes code in spi_mem_adjust_op_size() and check spi_max_message_size(mem->spi) value before subtracting opcode, addr and dummy bytes. -Change the code from fsl-espi controller to generic code(The adjustment of spi transmission length was originally modified in the "drivers/spi/spi-fsl-espi.c" file, and now the adjustment of transfer length is made in the "drivers/spi/spi-mem.c" file) drivers/spi/spi-mem.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/drivers/spi/spi-mem.c b/drivers/spi/spi-mem.c index 990770d..6184fa1 100644 --- a/drivers/spi/spi-mem.c +++ b/drivers/spi/spi-mem.c @@ -328,10 +328,26 @@ EXPORT_SYMBOL_GPL(spi_mem_exec_op); int spi_mem_adjust_op_size(struct spi_mem *mem, struct spi_mem_op *op) { struct spi_controller *ctlr = mem->spi->controller; + size_t len; + + len = sizeof(op->cmd.opcode) + op->addr.nbytes + op->dummy.nbytes; if (ctlr->mem_ops && ctlr->mem_ops->adjust_op_size) return ctlr->mem_ops->adjust_op_size(mem, op); + if (!ctlr->mem_ops || !ctlr->mem_ops->exec_op) { + if (len > spi_max_transfer_size(mem->spi)) + return -EINVAL; + + op->data.nbytes = min3((size_t)op->data.nbytes, + spi_max_transfer_size(mem->spi), + spi_max_message_size(mem->spi) - + len); + + if (!op->data.nbytes) + return -EINVAL; + } + return 0; } EXPORT_SYMBOL_GPL(spi_mem_adjust_op_size); -- 2.7.4

7 years, 2 months

1
0
0 0

[PATCH 4.4 00/43] 4.4.141-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.4.141 release. There are 43 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed Jul 18 07:34:50 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.141-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.4.141-rc1 Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> loop: remember whether sysfs_create_group() was done Leon Romanovsky <leonro(a)mellanox.com> RDMA/ucm: Mark UCM interface as BROKEN Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> PM / hibernate: Fix oops at snapshot_write() Theodore Ts'o <tytso(a)mit.edu> loop: add recursion validation to LOOP_CHANGE_FD Florian Westphal <fw(a)strlen.de> netfilter: x_tables: initialise match/target check parameter struct Eric Dumazet <edumazet(a)google.com> netfilter: nf_queue: augment nfqa_cfg_policy Oleg Nesterov <oleg(a)redhat.com> uprobes/x86: Remove incorrect WARN_ON() in uprobe_init_insn() Dave Hansen <dave.hansen(a)linux.intel.com> x86/cpufeature: Add helper macro for mask check macros Dave Hansen <dave.hansen(a)linux.intel.com> x86/cpufeature: Make sure DISABLED/REQUIRED macros are updated Dave Hansen <dave.hansen(a)linux.intel.com> x86/cpufeature: Update cpufeaure macros Dave Hansen <dave.hansen(a)linux.intel.com> x86/cpufeature, x86/mm/pkeys: Fix broken compile-time disabling of pkeys Yazen Ghannam <Yazen.Ghannam(a)amd.com> x86/cpu: Add detection of AMD RAS Capabilities Dave Hansen <dave.hansen(a)linux.intel.com> x86/mm/pkeys: Fix mismerge of protection keys CPUID bits Dave Hansen <dave.hansen(a)linux.intel.com> x86/cpufeature, x86/mm/pkeys: Add protection keys related CPUID definitions Borislav Petkov <bp(a)suse.de> x86/cpufeature: Speed up cpu_feature_enabled() Alexander Kuleshov <kuleshovmail(a)gmail.com> x86/boot: Simplify kernel load address alignment check Borislav Petkov <bp(a)suse.de> x86/vdso: Use static_cpu_has() Brian Gerst <brgerst(a)gmail.com> x86/alternatives: Discard dynamic check after init Borislav Petkov <bp(a)suse.de> x86/alternatives: Add an auxilary section Borislav Petkov <bp(a)alien8.de> x86/cpufeature: Get rid of the non-asm goto variant Borislav Petkov <bp(a)suse.de> x86/cpufeature: Replace the old static_cpu_has() with safe variant Borislav Petkov <bp(a)suse.de> x86/cpufeature: Carve out X86_FEATURE_* Andi Kleen <ak(a)linux.intel.com> x86/headers: Don't include asm/processor.h in asm/atomic.h Borislav Petkov <bp(a)suse.de> x86/fpu: Get rid of xstate_fault() Borislav Petkov <bp(a)suse.de> x86/fpu: Add an XSTATE_OP() macro Borislav Petkov <bp(a)suse.de> x86/cpu: Provide a config option to disable static_cpu_has Borislav Petkov <bp(a)suse.de> x86/cpufeature: Cleanup get_cpu_cap() Borislav Petkov <bp(a)suse.de> x86/cpufeature: Move some of the scattered feature bits to x86_capability Steve Wise <swise(a)opengridcomputing.com> iw_cxgb4: correctly enforce the max reg_mr depth Paul Menzel <pmenzel(a)molgen.mpg.de> tools build: fix # escaping in .cmd files for future Make Linus Torvalds <torvalds(a)linux-foundation.org> Fix up non-directory creation in SGID directories Tomasz Kramkowski <tk(a)the-tk.com> HID: usbhid: add quirk for innomedia INNEX GENESIS/ATARI adapter Dan Carpenter <dan.carpenter(a)oracle.com> xhci: xhci-mem: off by one in xhci_stream_id_to_ring() Nico Sneck <snecknico(a)gmail.com> usb: quirks: add delay quirks for Corsair Strafe Johan Hovold <johan(a)kernel.org> USB: serial: mos7840: fix status-register error handling Jann Horn <jannh(a)google.com> USB: yurex: fix out-of-bounds uaccess in read handler Johan Hovold <johan(a)kernel.org> USB: serial: keyspan_pda: fix modem-status error handling Olli Salonen <olli.salonen(a)iki.fi> USB: serial: cp210x: add another USB ID for Qivicon ZigBee stick Dan Carpenter <dan.carpenter(a)oracle.com> USB: serial: ch341: fix type promotion bug in ch341_control_in() Hans de Goede <hdegoede(a)redhat.com> ahci: Disable LPM on Lenovo 50 series laptops with a too old BIOS Nadav Amit <namit(a)vmware.com> vmw_balloon: fix inflation with batching Jann Horn <jannh(a)google.com> ibmasm: don't write out of bounds in read handler Paul Burton <paul.burton(a)mips.com> MIPS: Fix ioremap() RAM check ------------- Diffstat: Documentation/kernel-parameters.txt | 2 +- Makefile | 4 +- arch/mips/mm/ioremap.c | 37 ++- arch/x86/Kconfig | 11 + arch/x86/Kconfig.debug | 10 - arch/x86/boot/cpuflags.h | 2 +- arch/x86/boot/mkcpustr.c | 2 +- arch/x86/crypto/crc32-pclmul_glue.c | 2 +- arch/x86/crypto/crc32c-intel_glue.c | 2 +- arch/x86/crypto/crct10dif-pclmul_glue.c | 2 +- arch/x86/entry/common.c | 1 + arch/x86/entry/entry_32.S | 2 +- arch/x86/entry/vdso/vdso32-setup.c | 1 - arch/x86/entry/vdso/vdso32/system_call.S | 2 +- arch/x86/entry/vdso/vma.c | 3 +- arch/x86/include/asm/alternative.h | 6 - arch/x86/include/asm/apic.h | 1 - arch/x86/include/asm/arch_hweight.h | 2 + arch/x86/include/asm/atomic.h | 1 - arch/x86/include/asm/atomic64_32.h | 1 - arch/x86/include/asm/cmpxchg.h | 1 + arch/x86/include/asm/cpufeature.h | 546 ++++++------------------------- arch/x86/include/asm/cpufeatures.h | 306 +++++++++++++++++ arch/x86/include/asm/disabled-features.h | 17 + arch/x86/include/asm/fpu/internal.h | 182 +++++------ arch/x86/include/asm/irq_work.h | 2 +- arch/x86/include/asm/mwait.h | 2 + arch/x86/include/asm/nospec-branch.h | 2 +- arch/x86/include/asm/processor.h | 3 +- arch/x86/include/asm/required-features.h | 9 + arch/x86/include/asm/smap.h | 2 +- arch/x86/include/asm/smp.h | 1 - arch/x86/include/asm/thread_info.h | 2 +- arch/x86/include/asm/tlbflush.h | 1 + arch/x86/include/asm/uaccess_64.h | 2 +- arch/x86/kernel/apic/apic_numachip.c | 4 +- arch/x86/kernel/cpu/Makefile | 2 +- arch/x86/kernel/cpu/centaur.c | 4 +- arch/x86/kernel/cpu/common.c | 71 ++-- arch/x86/kernel/cpu/cyrix.c | 1 + arch/x86/kernel/cpu/intel.c | 2 +- arch/x86/kernel/cpu/intel_cacheinfo.c | 2 +- arch/x86/kernel/cpu/match.c | 2 +- arch/x86/kernel/cpu/mkcapflags.sh | 6 +- arch/x86/kernel/cpu/mtrr/main.c | 2 +- arch/x86/kernel/cpu/scattered.c | 20 -- arch/x86/kernel/cpu/transmeta.c | 6 +- arch/x86/kernel/e820.c | 1 + arch/x86/kernel/head_32.S | 2 +- arch/x86/kernel/head_64.S | 4 +- arch/x86/kernel/hpet.c | 1 + arch/x86/kernel/msr.c | 2 +- arch/x86/kernel/uprobes.c | 2 +- arch/x86/kernel/verify_cpu.S | 2 +- arch/x86/kernel/vm86_32.c | 2 +- arch/x86/kernel/vmlinux.lds.S | 11 + arch/x86/lib/clear_page_64.S | 2 +- arch/x86/lib/copy_page_64.S | 2 +- arch/x86/lib/copy_user_64.S | 2 +- arch/x86/lib/memcpy_64.S | 2 +- arch/x86/lib/memmove_64.S | 2 +- arch/x86/lib/memset_64.S | 2 +- arch/x86/lib/retpoline.S | 2 +- arch/x86/mm/setup_nx.c | 1 + arch/x86/oprofile/op_model_amd.c | 1 - arch/x86/um/asm/barrier.h | 2 +- drivers/ata/ahci.c | 59 ++++ drivers/ata/libata-core.c | 3 + drivers/block/loop.c | 79 +++-- drivers/block/loop.h | 1 + drivers/hid/hid-ids.h | 3 + drivers/hid/usbhid/hid-quirks.c | 1 + drivers/infiniband/Kconfig | 12 + drivers/infiniband/core/Makefile | 4 +- drivers/infiniband/hw/cxgb4/mem.c | 2 +- drivers/misc/ibmasm/ibmasmfs.c | 27 +- drivers/misc/vmw_balloon.c | 4 +- drivers/usb/core/quirks.c | 4 + drivers/usb/host/xhci-mem.c | 2 +- drivers/usb/misc/yurex.c | 23 +- drivers/usb/serial/ch341.c | 2 +- drivers/usb/serial/cp210x.c | 1 + drivers/usb/serial/keyspan_pda.c | 4 +- drivers/usb/serial/mos7840.c | 3 + fs/btrfs/disk-io.c | 2 +- fs/inode.c | 6 + include/linux/libata.h | 1 + kernel/power/user.c | 5 + lib/atomic64_test.c | 4 + net/bridge/netfilter/ebtables.c | 2 + net/ipv4/netfilter/ip_tables.c | 1 + net/ipv6/netfilter/ip6_tables.c | 1 + net/netfilter/nfnetlink_queue.c | 3 + tools/build/Build.include | 4 +- 94 files changed, 831 insertions(+), 771 deletions(-)

7 years, 2 months

6
52
0 0

v4.17.18 build: 0 failures 1 warnings (v4.17.18)

by Build bot for Mark Brown

Tree/Branch: v4.17.18 Git describe: v4.17.18 Commit: 97f21471e8 Linux 4.17.18 Build Time: 0 min 13 sec Passed: 8 / 8 (100.00 %) Failed: 0 / 8 ( 0.00 %) Errors: 0 Warnings: 1 Section Mismatches: 0 ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): 1 warnings 0 mismatches : arm-allmodconfig 1 warnings 0 mismatches : arm-multi_v7_defconfig 1 warnings 0 mismatches : arm-multi_v5_defconfig ------------------------------------------------------------------------------- Warnings Summary: 1 3 ../include/net/ip6_route.h:71:12: warning: 'rt' may be used uninitialized in this function [-Wmaybe-uninitialized] =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- arm-allmodconfig : PASS, 0 errors, 1 warnings, 0 section mismatches Warnings: ../include/net/ip6_route.h:71:12: warning: 'rt' may be used uninitialized in this function [-Wmaybe-uninitialized] ------------------------------------------------------------------------------- arm-multi_v7_defconfig : PASS, 0 errors, 1 warnings, 0 section mismatches Warnings: ../include/net/ip6_route.h:71:12: warning: 'rt' may be used uninitialized in this function [-Wmaybe-uninitialized] ------------------------------------------------------------------------------- arm-multi_v5_defconfig : PASS, 0 errors, 1 warnings, 0 section mismatches Warnings: ../include/net/ip6_route.h:71:12: warning: 'rt' may be used uninitialized in this function [-Wmaybe-uninitialized] ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches: x86_64-allnoconfig arm-multi_v4t_defconfig x86_64-allmodconfig arm-allnoconfig x86_64-defconfig

7 years, 2 months

1
0
0 0

[PATCH v2] bcache: release dc->writeback_lock properly in bch_writeback_thread()

by Coly Li

From: Shan Hai <shan.hai(a)oracle.com> The writeback thread would exit with a lock held when the cache device is detached via sysfs interface, fix it by releasing the held lock before exiting the while-loop. Fixes: fadd94e05c02 (bcache: quit dc->writeback_thread when BCACHE_DEV_DETACHING is set) Signed-off-by: Shan Hai <shan.hai(a)oracle.com> Signed-off-by: Coly Li <colyli(a)suse.de> Tested-by: Shenghui Wang <shhuiw(a)foxmail.com> Cc: stable(a)vger.kernel.org #4.17+ --- Changelog: v2: add Fixes tag by Coly Li. v1: initial patch from Shan Hai. drivers/md/bcache/writeback.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/md/bcache/writeback.c b/drivers/md/bcache/writeback.c index 6be05bd7ca67..08c3a9f9676c 100644 --- a/drivers/md/bcache/writeback.c +++ b/drivers/md/bcache/writeback.c @@ -685,8 +685,10 @@ static int bch_writeback_thread(void *arg) * data on cache. BCACHE_DEV_DETACHING flag is set in * bch_cached_dev_detach(). */ - if (test_bit(BCACHE_DEV_DETACHING, &dc->disk.flags)) + if (test_bit(BCACHE_DEV_DETACHING, &dc->disk.flags)) { + up_write(&dc->writeback_lock); break; + } } up_write(&dc->writeback_lock); -- 2.18.0

7 years, 2 months

2
2
0 0

[PATCH] KVM: VMX: fixes for vmentry_l1d_flush module parameter

by Paolo Bonzini

Two bug fixes: 1) missing entries in the l1d_param array; this can cause a host crash if an access attempts to reach the missing entry. Future-proof the get function against any overflows as well. However, the two entries VMENTER_L1D_FLUSH_EPT_DISABLED and VMENTER_L1D_FLUSH_NOT_REQUIRED must not be accepted by the parse function, so disable them there. 2) invalid values must be rejected even if the CPU does not have the bug, so test for them before checking boot_cpu_has(X86_BUG_L1TF) ... and a small refactoring, since the .cmd field is redundant with the index in the array. Reported-by: Bandan Das <bsd(a)redhat.com> Cc: stable(a)vger.kernel.org Fixes: a7b9020b06ec6d7c3f3b0d4ef1a9eba12654f4f7 Signed-off-by: Paolo Bonzini <pbonzini(a)redhat.com> --- arch/x86/kvm/vmx.c | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c index c76ca8c4befa..8dae47e7267a 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -198,12 +198,14 @@ static const struct { const char *option; - enum vmx_l1d_flush_state cmd; + bool for_parse; } vmentry_l1d_param[] = { - {"auto", VMENTER_L1D_FLUSH_AUTO}, - {"never", VMENTER_L1D_FLUSH_NEVER}, - {"cond", VMENTER_L1D_FLUSH_COND}, - {"always", VMENTER_L1D_FLUSH_ALWAYS}, + [VMENTER_L1D_FLUSH_AUTO] = {"auto", true}, + [VMENTER_L1D_FLUSH_NEVER] = {"never", true}, + [VMENTER_L1D_FLUSH_COND] = {"cond", true}, + [VMENTER_L1D_FLUSH_ALWAYS] = {"always", true}, + [VMENTER_L1D_FLUSH_EPT_DISABLED] = {"EPT disabled", false}, + [VMENTER_L1D_FLUSH_NOT_REQUIRED] = {"not required", false}, }; #define L1D_CACHE_ORDER 4 @@ -287,8 +289,9 @@ static int vmentry_l1d_flush_parse(const char *s) if (s) { for (i = 0; i < ARRAY_SIZE(vmentry_l1d_param); i++) { - if (sysfs_streq(s, vmentry_l1d_param[i].option)) - return vmentry_l1d_param[i].cmd; + if (vmentry_l1d_param[i].for_parse && + sysfs_streq(s, vmentry_l1d_param[i].option)) + return i; } } return -EINVAL; @@ -298,13 +301,13 @@ static int vmentry_l1d_flush_set(const char *s, const struct kernel_param *kp) { int l1tf, ret; - if (!boot_cpu_has(X86_BUG_L1TF)) - return 0; - l1tf = vmentry_l1d_flush_parse(s); if (l1tf < 0) return l1tf; + if (!boot_cpu_has(X86_BUG_L1TF)) + return 0; + /* * Has vmx_init() run already? If not then this is the pre init * parameter parsing. In that case just store the value and let @@ -324,6 +327,9 @@ static int vmentry_l1d_flush_set(const char *s, const struct kernel_param *kp) static int vmentry_l1d_flush_get(char *s, const struct kernel_param *kp) { + if (WARN_ON_ONCE(l1tf_vmx_mitigation >= ARRAY_SIZE(vmentry_l1d_param))) + return sprintf(s, "???\n"); + return sprintf(s, "%s\n", vmentry_l1d_param[l1tf_vmx_mitigation].option); } -- 1.8.3.1

7 years, 2 months

3
3
0 0

Build failures in -stable queues

by Guenter Roeck

v4.4.y, v4.9.y: Building mips:cavium_octeon_defconfig ... failed -------------- Error log: /opt/buildbot/slave/stable-queue-4.4/build/drivers/net/ethernet/octeon/octeon_mgmt.c: In function 'octeon_mgmt_change_mtu': /opt/buildbot/slave/stable-queue-4.4/build/drivers/net/ethernet/octeon/octeon_mgmt.c:652:6: error: 'size_without_fcs' undeclared v4.9.y, v4.14.y: Building i386:tools/perf ... failed Building x86_64:tools/perf ... failed -------------- Error log: PERF_VERSION = 4.9.123.g5175d5 tests/parse-events.c: In function ‘test_event’: tests/parse-events.c:1681:3: error: implicit declaration of function ‘parse_events_print_error’ [-Werror=implicit-function-declaration] parse_events_print_error(&err, e->name); ^ tests/parse-events.c:1681:3: error: nested extern declaration of ‘parse_events_print_error’ This is just a snapshot; builds are still ongoing. I'll send another e-mail later if more errors are reported after the build is complete. Guenter

7 years, 2 months

3
6
0 0

[PATCH] bcache: release dc->writeback_lock properly in bch_writeback_thread()

by Coly Li

From: Shan Hai <shan.hai(a)oracle.com> The writeback thread would exit with a lock held when the cache device is detached via sysfs interface, fix it by releasing the held lock before exiting the while-loop. Signed-off-by: Shan Hai <shan.hai(a)oracle.com> Signed-off-by: Coly Li <colyli(a)suse.de> Tested-by: Shenghui Wang <shhuiw(a)foxmail.com> Cc: stable(a)vger.kernel.org #4.17+ --- drivers/md/bcache/writeback.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/md/bcache/writeback.c b/drivers/md/bcache/writeback.c index 6be05bd7ca67..08c3a9f9676c 100644 --- a/drivers/md/bcache/writeback.c +++ b/drivers/md/bcache/writeback.c @@ -685,8 +685,10 @@ static int bch_writeback_thread(void *arg) * data on cache. BCACHE_DEV_DETACHING flag is set in * bch_cached_dev_detach(). */ - if (test_bit(BCACHE_DEV_DETACHING, &dc->disk.flags)) + if (test_bit(BCACHE_DEV_DETACHING, &dc->disk.flags)) { + up_write(&dc->writeback_lock); break; + } } up_write(&dc->writeback_lock); -- 2.18.0

7 years, 2 months

1
0
0 0

[PATCH 2/2] fs/quota: Fix spectre gadget in do_quotactl

by Jeremy Cline

'type' is user-controlled, so sanitize it after the bounds check to avoid using it in speculative execution. This covers the following potential gadgets detected with the help of smatch: * fs/ext4/super.c:5741 ext4_quota_read() warn: potential spectre issue 'sb_dqopt(sb)->files' [r] * fs/ext4/super.c:5778 ext4_quota_write() warn: potential spectre issue 'sb_dqopt(sb)->files' [r] * fs/f2fs/super.c:1552 f2fs_quota_read() warn: potential spectre issue 'sb_dqopt(sb)->files' [r] * fs/f2fs/super.c:1608 f2fs_quota_write() warn: potential spectre issue 'sb_dqopt(sb)->files' [r] * fs/quota/dquot.c:412 mark_info_dirty() warn: potential spectre issue 'sb_dqopt(sb)->info' [w] * fs/quota/dquot.c:933 dqinit_needed() warn: potential spectre issue 'dquots' [r] * fs/quota/dquot.c:2112 dquot_commit_info() warn: potential spectre issue 'dqopt->ops' [r] * fs/quota/dquot.c:2362 vfs_load_quota_inode() warn: potential spectre issue 'dqopt->files' [w] (local cap) * fs/quota/dquot.c:2369 vfs_load_quota_inode() warn: potential spectre issue 'dqopt->ops' [w] (local cap) * fs/quota/dquot.c:2370 vfs_load_quota_inode() warn: potential spectre issue 'dqopt->info' [w] (local cap) * fs/quota/quota.c:110 quota_getfmt() warn: potential spectre issue 'sb_dqopt(sb)->info' [r] * fs/quota/quota_v2.c:84 v2_check_quota_file() warn: potential spectre issue 'quota_magics' [w] * fs/quota/quota_v2.c:85 v2_check_quota_file() warn: potential spectre issue 'quota_versions' [w] * fs/quota/quota_v2.c:96 v2_read_file_info() warn: potential spectre issue 'dqopt->info' [r] * fs/quota/quota_v2.c:172 v2_write_file_info() warn: potential spectre issue 'dqopt->info' [r] Additionally, a quick inspection indicates there are array accesses with 'type' in quota_on() and quota_off() functions which are also addressed by this. Cc: Josh Poimboeuf <jpoimboe(a)redhat.com> Cc: stable(a)vger.kernel.org Signed-off-by: Jeremy Cline <jcline(a)redhat.com> --- This patch isn't going to cleanly apply to stable without the "fs/quota: Replace XQM_MAXQUOTAS usage with MAXQUOTAS" patch, but I'm not sure that patch is really stable material and XQM_MAXQUOTAS has been 3 since pre-v4.4 so the end result will be the same even if that patch isn't backported. fs/quota/quota.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/quota/quota.c b/fs/quota/quota.c index d403392d8a0f..f0cbf58ad4da 100644 --- a/fs/quota/quota.c +++ b/fs/quota/quota.c @@ -18,6 +18,7 @@ #include <linux/quotaops.h> #include <linux/types.h> #include <linux/writeback.h> +#include <linux/nospec.h> static int check_quotactl_permission(struct super_block *sb, int type, int cmd, qid_t id) @@ -701,6 +702,7 @@ static int do_quotactl(struct super_block *sb, int type, int cmd, qid_t id, if (type >= MAXQUOTAS) return -EINVAL; + type = array_index_nospec(type, MAXQUOTAS); /* * Quota not supported on this fs? Check this before s_quota_types * since they needn't be set if quota is not supported at all. -- 2.17.1

7 years, 2 months

2
1
0 0

[PATCH 3/9] drm/msm: fix OF child-node lookup

by Johan Hovold

Use the new of_get_compatible_child() helper to lookup the legacy pwrlevels child node instead of using of_find_compatible_node(), which searches the entire tree and thus can return an unrelated (i.e. non-child) node. This also addresses a potential use-after-free (e.g. after probe deferral) as the tree-wide helper drops a reference to its first argument (i.e. the probed device's node). While at it, also fix the related child-node reference leak. Fixes: e2af8b6b0ca1 ("drm/msm: gpu: Use OPP tables if we can") Cc: stable <stable(a)vger.kernel.org> # 4.12 Cc: Jordan Crouse <jcrouse(a)codeaurora.org> Cc: Rob Clark <robdclark(a)gmail.com> Cc: David Airlie <airlied(a)linux.ie> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/gpu/drm/msm/adreno/adreno_gpu.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/msm/adreno/adreno_gpu.c b/drivers/gpu/drm/msm/adreno/adreno_gpu.c index da1363a0c54d..93d70f4a2154 100644 --- a/drivers/gpu/drm/msm/adreno/adreno_gpu.c +++ b/drivers/gpu/drm/msm/adreno/adreno_gpu.c @@ -633,8 +633,7 @@ static int adreno_get_legacy_pwrlevels(struct device *dev) struct device_node *child, *node; int ret; - node = of_find_compatible_node(dev->of_node, NULL, - "qcom,gpu-pwrlevels"); + node = of_get_compatible_child(dev->of_node, "qcom,gpu-pwrlevels"); if (!node) { dev_err(dev, "Could not find the GPU powerlevels\n"); return -ENXIO; @@ -655,6 +654,8 @@ static int adreno_get_legacy_pwrlevels(struct device *dev) dev_pm_opp_add(dev, val, 0); } + of_node_put(node); + return 0; } -- 2.18.0

7 years, 2 months

2
1
0 0

FAILED: patch "[PATCH] parisc: Remove unnecessary barriers from spinlock.h" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 3b885ac1dc35b87a39ee176a6c7e2af9c789d8b8 Mon Sep 17 00:00:00 2001 From: John David Anglin <dave.anglin(a)bell.net> Date: Sun, 12 Aug 2018 16:31:17 -0400 Subject: [PATCH] parisc: Remove unnecessary barriers from spinlock.h MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Now that mb() is an instruction barrier, it will slow performance if we issue unnecessary barriers. The spinlock defines have a number of unnecessary barriers. The __ldcw() define is both a hardware and compiler barrier. The mb() barriers in the routines using __ldcw() serve no purpose. The only barrier needed is the one in arch_spin_unlock(). We need to ensure all accesses are complete prior to releasing the lock. Signed-off-by: John David Anglin <dave.anglin(a)bell.net> Cc: stable(a)vger.kernel.org # 4.0+ Signed-off-by: Helge Deller <deller(a)gmx.de> diff --git a/arch/parisc/include/asm/spinlock.h b/arch/parisc/include/asm/spinlock.h index 6f84b6acc86e..8a63515f03bf 100644 --- a/arch/parisc/include/asm/spinlock.h +++ b/arch/parisc/include/asm/spinlock.h @@ -20,7 +20,6 @@ static inline void arch_spin_lock_flags(arch_spinlock_t *x, { volatile unsigned int *a; - mb(); a = __ldcw_align(x); while (__ldcw(a) == 0) while (*a == 0) @@ -30,17 +29,16 @@ static inline void arch_spin_lock_flags(arch_spinlock_t *x, local_irq_disable(); } else cpu_relax(); - mb(); } #define arch_spin_lock_flags arch_spin_lock_flags static inline void arch_spin_unlock(arch_spinlock_t *x) { volatile unsigned int *a; - mb(); + a = __ldcw_align(x); - *a = 1; mb(); + *a = 1; } static inline int arch_spin_trylock(arch_spinlock_t *x) @@ -48,10 +46,8 @@ static inline int arch_spin_trylock(arch_spinlock_t *x) volatile unsigned int *a; int ret; - mb(); a = __ldcw_align(x); ret = __ldcw(a) != 0; - mb(); return ret; }

7 years, 2 months

3
2
0 0

request for 4.4-stable: 08474cc1e6ea7 ("bridge: Propagate vlan add failure to user")

by SZ Lin (林上智)

Hi Greg, This patch is not marked for 4.4-stable, but it's already in 4.9 and 4.14 stable. Please apply to 4.4-stable. This patch fixed the kernel oops issue when executing bridge tool, please see reproducible steps with kernel 4.4 in below. # brctl addbr br0 # brctl addif br0 eth0 [ 1073.390028] device eth0 entered promiscuous mode [ 1073.395022] cpsw 4a100000.ethernet eth0: failed to initialize vlan filtering on this port # brctl addif br0 eth1 [ 1092.205685] net eth1: promiscuity not disabled as the other interface is still in promiscuity mode [ 1092.217541] device eth1 entered promiscuous mode [ 1092.222460] cpsw 4a100000.ethernet eth1: failed to initialize vlan filtering on this port # ifconfig br0 192.168.127.253 netmask 255.255.254.0 [ 1112.412740] br0: port 1(eth0) entered forwarding state [ 1112.417975] br0: port 1(eth0) entered forwarding state # brctl delif br0 eth0 [ 1137.645792] device eth0 left promiscuous mode [ 1137.650429] net eth0: promiscuity not disabled as the other interface is still in promiscuity mode [ 1137.663592] br0: port 1(eth0) entered disabled state [ 1137.668815] Unable to handle kernel NULL pointer dereference at virtual address 0000007a [ 1137.677026] pgd = dc58c000 [ 1137.679745] [0000007a] *pgd=00000000 [ 1137.683377] Internal error: Oops: 805 [#1] SMP ARM [ 1137.688189] Modules linked in: cryptodev omap_sham omap_aes omap_wdt sunrpc ip_tables x_tables autofs4 [ 1137.697598] CPU: 0 PID: 851 Comm: brctl Not tainted 4.4.0-cip-uc8100+ #1 [ 1137.704325] Hardware name: Generic AM33XX (Flattened Device Tree) [ 1137.710442] task: de580dc0 ti: dc574000 task.ti: dc574000 [ 1137.715883] PC is at __vlan_flush+0x18/0x54 [ 1137.720084] LR is at nbp_vlan_flush+0x28/0x60 [ 1137.724457] pc : [<c051ab3c>] lr : [<c051c2f4>] psr: 20080013 [ 1137.724457] sp : dc575dc8 ip : dc575de0 fp : dc575ddc [ 1137.735981] r10: 00000000 r9 : 00000000 r8 : 00000000 [ 1137.741226] r7 : dc5236d4 r6 : de239800 r5 : 00000000 r4 : 00000000 [ 1137.747779] r3 : 00000000 r2 : dc49e4c4 r1 : 00000200 r0 : 00000000 [ 1137.754333] Flags: nzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none [ 1137.761497] Control: 10c5387d Table: 9c58c019 DAC: 00000051 [ 1137.767264] Process brctl (pid: 851, stack limit = 0xdc574218) [ 1137.773119] Stack: (0xdc575dc8 to 0xdc576000) [ 1137.777496] 5dc0: 00000000 dc523600 dc575df4 dc575de0 c051c2f4 c051ab30 [ 1137.785711] 5de0: dc523600 dc49e4c0 dc575e14 dc575df8 c050e450 c051c2d8 dc49e4c0 dc49e4c0 [ 1137.793925] 5e00: 00000002 00000000 dc575e2c dc575e18 c050ebd8 c050e3d0 c0748380 dc49e4c0 [ 1137.802139] 5e20: dc575e4c dc575e30 c050f69c c050ebac dc575ea8 dc49e000 dc575ea8 c0596714 [ 1137.810353] 5e40: dc575e64 dc575e50 c05100f4 c050f650 000089a3 dc49e000 dc575e9c dc575e68 [ 1137.818567] 5e60: c04293d0 c05100a0 c0409b84 c0265738 dc575ea8 c0748380 000089a3 000089a3 [ 1137.826781] 5e80: c0748380 bee56bf4 dc575ea8 00000000 dc575ef4 dc575ea0 c0429828 c0429118 [ 1137.834995] 5ea0: 00000001 d543b3b8 00307262 00000000 00000000 00000000 00000002 00000003 [ 1137.843210] 5ec0: 7f5b0e34 bee56ebf c0147120 000089a3 fffffdfd bee56bf4 c0748380 bee56bf4 [ 1137.851424] 5ee0: 00000003 00000000 dc575f14 dc575ef8 c03f3230 c0429494 bee56bf4 ddb840a0 [ 1137.859638] 5f00: dc4ca340 00000003 dc575f7c dc575f18 c0142c08 c03f30b0 dc575f5c dc575f28 [ 1137.867852] 5f20: c0131f08 c01509ac 00000020 00000000 dc575f54 de581244 00000000 c0754108 [ 1137.876067] 5f40: de580dc0 c000fa64 dc574000 00000000 dc575f6c 00000000 dc4ca340 dc4ca340 [ 1137.884281] 5f60: 000089a3 bee56bf4 00000003 00000000 dc575fa4 dc575f80 c0142e98 c0142724 [ 1137.892495] 5f80: 7f5b10f0 b6f7ace8 00000002 00000036 c000fa64 dc574000 00000000 dc575fa8 [ 1137.900708] 5fa0: c000f8a0 c0142e30 7f5b10f0 b6f7ace8 00000003 000089a3 bee56bf4 000000cc [ 1137.908922] 5fc0: 7f5b10f0 b6f7ace8 00000002 00000036 bee56bf4 00000000 7f5b1000 00000000 [ 1137.917136] 5fe0: b6ef4711 bee56bdc 7f59f1ff b6ef4716 00080030 00000003 00000000 00000000 [ 1137.925343] Backtrace: [ 1137.927810] [<c051ab24>] (__vlan_flush) from [<c051c2f4>] (nbp_vlan_flush+0x28/0x60) [ 1137.935582] r5:dc523600 r4:00000000 [ 1137.939194] [<c051c2cc>] (nbp_vlan_flush) from [<c050e450>] (del_nbp+0x8c/0x110) [ 1137.946618] r5:dc49e4c0 r4:dc523600 [ 1137.950224] [<c050e3c4>] (del_nbp) from [<c050ebd8>] (br_del_if+0x38/0x9c) [ 1137.957125] r7:00000000 r6:00000002 r5:dc49e4c0 r4:dc49e4c0 [ 1137.962833] [<c050eba0>] (br_del_if) from [<c050f69c>] (add_del_if+0x58/0x74) [ 1137.969995] r5:dc49e4c0 r4:c0748380 [ 1137.973600] [<c050f644>] (add_del_if) from [<c05100f4>] (br_dev_ioctl+0x60/0x64) [ 1137.981023] r7:c0596714 r6:dc575ea8 r5:dc49e000 r4:dc575ea8 [ 1137.986731] [<c0510094>] (br_dev_ioctl) from [<c04293d0>] (dev_ifsioc+0x2c4/0x308) [ 1137.994330] r5:dc49e000 r4:000089a3 [ 1137.997930] [<c042910c>] (dev_ifsioc) from [<c0429828>] (dev_ioctl+0x3a0/0x8bc) [ 1138.005266] r8:00000000 r7:dc575ea8 r6:bee56bf4 r5:c0748380 r4:000089a3 [ 1138.012032] [<c0429488>] (dev_ioctl) from [<c03f3230>] (sock_ioctl+0x18c/0x2dc) [ 1138.019368] r10:00000000 r9:00000003 r8:bee56bf4 r7:c0748380 r6:bee56bf4 r5:fffffdfd [ 1138.027260] r4:000089a3 [ 1138.029817] [<c03f30a4>] (sock_ioctl) from [<c0142c08>] (do_vfs_ioctl+0x4f0/0x70c) [ 1138.037416] r7:00000003 r6:dc4ca340 r5:ddb840a0 r4:bee56bf4 [ 1138.043124] [<c0142718>] (do_vfs_ioctl) from [<c0142e98>] (SyS_ioctl+0x74/0x84) [ 1138.050460] r10:00000000 r9:00000003 r8:bee56bf4 r7:000089a3 r6:dc4ca340 r5:dc4ca340 [ 1138.058347] r4:00000000 [ 1138.060907] [<c0142e24>] (SyS_ioctl) from [<c000f8a0>] (ret_fast_syscall+0x0/0x44) [ 1138.068505] r9:dc574000 r8:c000fa64 r7:00000036 r6:00000002 r5:b6f7ace8 r4:7f5b10f0 [ 1138.076311] Code: e24cb004 f57ff05a e1a05000 e3a03000 (e1c037ba) [ 1138.082666] ---[ end trace d055796b6cd31311 ]--- Segmentation fault -- SZ Lin (林上智)

7 years, 2 months

2
1
0 0

FAILED: patch "[PATCH] parisc: Remove unnecessary barriers from spinlock.h" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 3b885ac1dc35b87a39ee176a6c7e2af9c789d8b8 Mon Sep 17 00:00:00 2001 From: John David Anglin <dave.anglin(a)bell.net> Date: Sun, 12 Aug 2018 16:31:17 -0400 Subject: [PATCH] parisc: Remove unnecessary barriers from spinlock.h MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Now that mb() is an instruction barrier, it will slow performance if we issue unnecessary barriers. The spinlock defines have a number of unnecessary barriers. The __ldcw() define is both a hardware and compiler barrier. The mb() barriers in the routines using __ldcw() serve no purpose. The only barrier needed is the one in arch_spin_unlock(). We need to ensure all accesses are complete prior to releasing the lock. Signed-off-by: John David Anglin <dave.anglin(a)bell.net> Cc: stable(a)vger.kernel.org # 4.0+ Signed-off-by: Helge Deller <deller(a)gmx.de> diff --git a/arch/parisc/include/asm/spinlock.h b/arch/parisc/include/asm/spinlock.h index 6f84b6acc86e..8a63515f03bf 100644 --- a/arch/parisc/include/asm/spinlock.h +++ b/arch/parisc/include/asm/spinlock.h @@ -20,7 +20,6 @@ static inline void arch_spin_lock_flags(arch_spinlock_t *x, { volatile unsigned int *a; - mb(); a = __ldcw_align(x); while (__ldcw(a) == 0) while (*a == 0) @@ -30,17 +29,16 @@ static inline void arch_spin_lock_flags(arch_spinlock_t *x, local_irq_disable(); } else cpu_relax(); - mb(); } #define arch_spin_lock_flags arch_spin_lock_flags static inline void arch_spin_unlock(arch_spinlock_t *x) { volatile unsigned int *a; - mb(); + a = __ldcw_align(x); - *a = 1; mb(); + *a = 1; } static inline int arch_spin_trylock(arch_spinlock_t *x) @@ -48,10 +46,8 @@ static inline int arch_spin_trylock(arch_spinlock_t *x) volatile unsigned int *a; int ret; - mb(); a = __ldcw_align(x); ret = __ldcw(a) != 0; - mb(); return ret; }

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] parisc: Remove unnecessary barriers from spinlock.h" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 3b885ac1dc35b87a39ee176a6c7e2af9c789d8b8 Mon Sep 17 00:00:00 2001 From: John David Anglin <dave.anglin(a)bell.net> Date: Sun, 12 Aug 2018 16:31:17 -0400 Subject: [PATCH] parisc: Remove unnecessary barriers from spinlock.h MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Now that mb() is an instruction barrier, it will slow performance if we issue unnecessary barriers. The spinlock defines have a number of unnecessary barriers. The __ldcw() define is both a hardware and compiler barrier. The mb() barriers in the routines using __ldcw() serve no purpose. The only barrier needed is the one in arch_spin_unlock(). We need to ensure all accesses are complete prior to releasing the lock. Signed-off-by: John David Anglin <dave.anglin(a)bell.net> Cc: stable(a)vger.kernel.org # 4.0+ Signed-off-by: Helge Deller <deller(a)gmx.de> diff --git a/arch/parisc/include/asm/spinlock.h b/arch/parisc/include/asm/spinlock.h index 6f84b6acc86e..8a63515f03bf 100644 --- a/arch/parisc/include/asm/spinlock.h +++ b/arch/parisc/include/asm/spinlock.h @@ -20,7 +20,6 @@ static inline void arch_spin_lock_flags(arch_spinlock_t *x, { volatile unsigned int *a; - mb(); a = __ldcw_align(x); while (__ldcw(a) == 0) while (*a == 0) @@ -30,17 +29,16 @@ static inline void arch_spin_lock_flags(arch_spinlock_t *x, local_irq_disable(); } else cpu_relax(); - mb(); } #define arch_spin_lock_flags arch_spin_lock_flags static inline void arch_spin_unlock(arch_spinlock_t *x) { volatile unsigned int *a; - mb(); + a = __ldcw_align(x); - *a = 1; mb(); + *a = 1; } static inline int arch_spin_trylock(arch_spinlock_t *x) @@ -48,10 +46,8 @@ static inline int arch_spin_trylock(arch_spinlock_t *x) volatile unsigned int *a; int ret; - mb(); a = __ldcw_align(x); ret = __ldcw(a) != 0; - mb(); return ret; }

7 years, 2 months

1
0
0 0

[PATCH 8/9] NFC: nfcmrvl_uart: fix OF child-node lookup

by Johan Hovold

Use the new of_get_compatible_child() helper to lookup the nfc child node instead of using of_find_compatible_node(), which searches the entire tree and thus can return an unrelated (i.e. non-child) node. This also addresses a potential use-after-free (e.g. after probe deferral) as the tree-wide helper drops a reference to its first argument (i.e. the parent node). Fixes: e097dc624f78 ("NFC: nfcmrvl: add UART driver") Fixes: d8e018c0b321 ("NFC: nfcmrvl: update device tree bindings for Marvell NFC") Cc: stable <stable(a)vger.kernel.org> # 4.2 Cc: Vincent Cuissard <cuissard(a)marvell.com> Cc: Samuel Ortiz <sameo(a)linux.intel.com> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/nfc/nfcmrvl/uart.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/drivers/nfc/nfcmrvl/uart.c b/drivers/nfc/nfcmrvl/uart.c index 91162f8e0366..9a22056e8d9e 100644 --- a/drivers/nfc/nfcmrvl/uart.c +++ b/drivers/nfc/nfcmrvl/uart.c @@ -73,10 +73,9 @@ static int nfcmrvl_uart_parse_dt(struct device_node *node, struct device_node *matched_node; int ret; - matched_node = of_find_compatible_node(node, NULL, "marvell,nfc-uart"); + matched_node = of_get_compatible_child(node, "marvell,nfc-uart"); if (!matched_node) { - matched_node = of_find_compatible_node(node, NULL, - "mrvl,nfc-uart"); + matched_node = of_get_compatible_child(node, "mrvl,nfc-uart"); if (!matched_node) return -ENODEV; } -- 2.18.0

7 years, 2 months

1
0
0 0

[PATCH 6/9] net: bcmgenet: fix OF child-node lookup

by Johan Hovold

Use the new of_get_compatible_child() helper to lookup the mdio child node instead of using of_find_compatible_node(), which searches the entire tree and thus can return an unrelated (i.e. non-child) node. This also addresses a potential use-after-free (e.g. after probe deferral) as the tree-wide helper drops a reference to its first argument (i.e. the node of the device being probed). Fixes: aa09677cba42 ("net: bcmgenet: add MDIO routines") Cc: stable <stable(a)vger.kernel.org> # 3.15 Cc: Florian Fainelli <f.fainelli(a)gmail.com> Cc: David S. Miller <davem(a)davemloft.net> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/net/ethernet/broadcom/genet/bcmmii.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/ethernet/broadcom/genet/bcmmii.c b/drivers/net/ethernet/broadcom/genet/bcmmii.c index 5333274a283c..87fc65560ceb 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmmii.c +++ b/drivers/net/ethernet/broadcom/genet/bcmmii.c @@ -333,7 +333,7 @@ static struct device_node *bcmgenet_mii_of_find_mdio(struct bcmgenet_priv *priv) if (!compat) return NULL; - priv->mdio_dn = of_find_compatible_node(dn, NULL, compat); + priv->mdio_dn = of_get_compatible_child(dn, compat); kfree(compat); if (!priv->mdio_dn) { dev_err(kdev, "unable to find MDIO bus node\n"); -- 2.18.0

7 years, 2 months

1
0
0 0

[PATCH 5/9] mtd: nand: atmel: fix OF child-node lookup

by Johan Hovold

Use the new of_get_compatible_child() helper to lookup the nfc child node instead of using of_find_compatible_node(), which searches the entire tree and thus can return an unrelated (i.e. non-child) node. This also addresses a potential use-after-free (e.g. after probe deferral) as the tree-wide helper drops a reference to its first argument (i.e. the node of the device being probed). While at it, also fix a related nfc-node reference leak. Fixes: f88fc122cc34 ("mtd: nand: Cleanup/rework the atmel_nand driver") Cc: stable <stable(a)vger.kernel.org> # 4.11 Cc: Nicolas Ferre <nicolas.ferre(a)microchip.com> Cc: Josh Wu <rainyfeeling(a)outlook.com> Cc: Boris Brezillon <boris.brezillon(a)bootlin.com> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/mtd/nand/raw/atmel/nand-controller.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/drivers/mtd/nand/raw/atmel/nand-controller.c b/drivers/mtd/nand/raw/atmel/nand-controller.c index a068b214ebaa..d3dfe63956ac 100644 --- a/drivers/mtd/nand/raw/atmel/nand-controller.c +++ b/drivers/mtd/nand/raw/atmel/nand-controller.c @@ -2061,8 +2061,7 @@ atmel_hsmc_nand_controller_legacy_init(struct atmel_hsmc_nand_controller *nc) int ret; nand_np = dev->of_node; - nfc_np = of_find_compatible_node(dev->of_node, NULL, - "atmel,sama5d3-nfc"); + nfc_np = of_get_compatible_child(dev->of_node, "atmel,sama5d3-nfc"); nc->clk = of_clk_get(nfc_np, 0); if (IS_ERR(nc->clk)) { @@ -2472,15 +2471,19 @@ static int atmel_nand_controller_probe(struct platform_device *pdev) } if (caps->legacy_of_bindings) { + struct device_node *nfc_node; u32 ale_offs = 21; /* * If we are parsing legacy DT props and the DT contains a * valid NFC node, forward the request to the sama5 logic. */ - if (of_find_compatible_node(pdev->dev.of_node, NULL, - "atmel,sama5d3-nfc")) + nfc_node = of_get_compatible_child(pdev->dev.of_node, + "atmel,sama5d3-nfc"); + if (nfc_node) { caps = &atmel_sama5_nand_caps; + of_node_put(nfc_node); + } /* * Even if the compatible says we are dealing with an -- 2.18.0

7 years, 2 months

1
0
0 0

[PATCH 2/9] drm/mediatek: fix OF sibling-node lookup

by Johan Hovold

Use the new of_get_compatible_child() helper to lookup the sibling instead of using of_find_compatible_node(), which searches the entire tree and thus can return an unrelated (i.e. non-sibling) node. This also addresses a potential use-after-free (e.g. after probe deferral) as the tree-wide helper drops a reference to its first argument (i.e. the parent device node). While at it, also fix the related cec-node reference leak. Fixes: 8f83f26891e1 ("drm/mediatek: Add HDMI support") Cc: stable <stable(a)vger.kernel.org> # 4.8 Cc: Jie Qiu <jie.qiu(a)mediatek.com> Cc: Junzhi Zhao <junzhi.zhao(a)mediatek.com> Cc: Philipp Zabel <p.zabel(a)pengutronix.de> Cc: CK Hu <ck.hu(a)mediatek.com> Cc: David Airlie <airlied(a)linux.ie> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/gpu/drm/mediatek/mtk_hdmi.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/mediatek/mtk_hdmi.c b/drivers/gpu/drm/mediatek/mtk_hdmi.c index 2d45d1dd9554..643f5edd68fe 100644 --- a/drivers/gpu/drm/mediatek/mtk_hdmi.c +++ b/drivers/gpu/drm/mediatek/mtk_hdmi.c @@ -1446,8 +1446,7 @@ static int mtk_hdmi_dt_parse_pdata(struct mtk_hdmi *hdmi, } /* The CEC module handles HDMI hotplug detection */ - cec_np = of_find_compatible_node(np->parent, NULL, - "mediatek,mt8173-cec"); + cec_np = of_get_compatible_child(np->parent, "mediatek,mt8173-cec"); if (!cec_np) { dev_err(dev, "Failed to find CEC node\n"); return -EINVAL; @@ -1457,8 +1456,10 @@ static int mtk_hdmi_dt_parse_pdata(struct mtk_hdmi *hdmi, if (!cec_pdev) { dev_err(hdmi->dev, "Waiting for CEC device %pOF\n", cec_np); + of_node_put(cec_np); return -EPROBE_DEFER; } + of_node_put(cec_np); hdmi->cec_dev = &cec_pdev->dev; /* -- 2.18.0

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] powerpc64s: Show ori31 availability in spectre_v1 sysfs file" failed to apply to 4.17-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.17-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 6d44acae1937b81cf8115ada8958e04f601f3f2e Mon Sep 17 00:00:00 2001 From: Michael Ellerman <mpe(a)ellerman.id.au> Date: Mon, 9 Jul 2018 16:25:21 +1000 Subject: [PATCH] powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2 When I added the spectre_v2 information in sysfs, I included the availability of the ori31 speculation barrier. Although the ori31 barrier can be used to mitigate v2, it's primarily intended as a spectre v1 mitigation. Spectre v2 is mitigated by hardware changes. So rework the sysfs files to show the ori31 information in the spectre_v1 file, rather than v2. Currently we display eg: $ grep . spectre_v* spectre_v1:Mitigation: __user pointer sanitization spectre_v2:Mitigation: Indirect branch cache disabled, ori31 speculation barrier enabled After: $ grep . spectre_v* spectre_v1:Mitigation: __user pointer sanitization, ori31 speculation barrier enabled spectre_v2:Mitigation: Indirect branch cache disabled Fixes: d6fbe1c55c55 ("powerpc/64s: Wire up cpu_show_spectre_v2()") Cc: stable(a)vger.kernel.org # v4.17+ Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c index a8b277362931..4cb8f1f7b593 100644 --- a/arch/powerpc/kernel/security.c +++ b/arch/powerpc/kernel/security.c @@ -117,25 +117,35 @@ ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr, cha ssize_t cpu_show_spectre_v1(struct device *dev, struct device_attribute *attr, char *buf) { - if (!security_ftr_enabled(SEC_FTR_BNDS_CHK_SPEC_BAR)) - return sprintf(buf, "Not affected\n"); + struct seq_buf s; + + seq_buf_init(&s, buf, PAGE_SIZE - 1); - if (barrier_nospec_enabled) - return sprintf(buf, "Mitigation: __user pointer sanitization\n"); + if (security_ftr_enabled(SEC_FTR_BNDS_CHK_SPEC_BAR)) { + if (barrier_nospec_enabled) + seq_buf_printf(&s, "Mitigation: __user pointer sanitization"); + else + seq_buf_printf(&s, "Vulnerable"); - return sprintf(buf, "Vulnerable\n"); + if (security_ftr_enabled(SEC_FTR_SPEC_BAR_ORI31)) + seq_buf_printf(&s, ", ori31 speculation barrier enabled"); + + seq_buf_printf(&s, "\n"); + } else + seq_buf_printf(&s, "Not affected\n"); + + return s.len; } ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, char *buf) { - bool bcs, ccd, ori; struct seq_buf s; + bool bcs, ccd; seq_buf_init(&s, buf, PAGE_SIZE - 1); bcs = security_ftr_enabled(SEC_FTR_BCCTRL_SERIALISED); ccd = security_ftr_enabled(SEC_FTR_COUNT_CACHE_DISABLED); - ori = security_ftr_enabled(SEC_FTR_SPEC_BAR_ORI31); if (bcs || ccd) { seq_buf_printf(&s, "Mitigation: "); @@ -151,9 +161,6 @@ ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, c } else seq_buf_printf(&s, "Vulnerable"); - if (ori) - seq_buf_printf(&s, ", ori31 speculation barrier enabled"); - seq_buf_printf(&s, "\n"); return s.len;

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] powerpc64s: Show ori31 availability in spectre_v1 sysfs file" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 6d44acae1937b81cf8115ada8958e04f601f3f2e Mon Sep 17 00:00:00 2001 From: Michael Ellerman <mpe(a)ellerman.id.au> Date: Mon, 9 Jul 2018 16:25:21 +1000 Subject: [PATCH] powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2 When I added the spectre_v2 information in sysfs, I included the availability of the ori31 speculation barrier. Although the ori31 barrier can be used to mitigate v2, it's primarily intended as a spectre v1 mitigation. Spectre v2 is mitigated by hardware changes. So rework the sysfs files to show the ori31 information in the spectre_v1 file, rather than v2. Currently we display eg: $ grep . spectre_v* spectre_v1:Mitigation: __user pointer sanitization spectre_v2:Mitigation: Indirect branch cache disabled, ori31 speculation barrier enabled After: $ grep . spectre_v* spectre_v1:Mitigation: __user pointer sanitization, ori31 speculation barrier enabled spectre_v2:Mitigation: Indirect branch cache disabled Fixes: d6fbe1c55c55 ("powerpc/64s: Wire up cpu_show_spectre_v2()") Cc: stable(a)vger.kernel.org # v4.17+ Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c index a8b277362931..4cb8f1f7b593 100644 --- a/arch/powerpc/kernel/security.c +++ b/arch/powerpc/kernel/security.c @@ -117,25 +117,35 @@ ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr, cha ssize_t cpu_show_spectre_v1(struct device *dev, struct device_attribute *attr, char *buf) { - if (!security_ftr_enabled(SEC_FTR_BNDS_CHK_SPEC_BAR)) - return sprintf(buf, "Not affected\n"); + struct seq_buf s; + + seq_buf_init(&s, buf, PAGE_SIZE - 1); - if (barrier_nospec_enabled) - return sprintf(buf, "Mitigation: __user pointer sanitization\n"); + if (security_ftr_enabled(SEC_FTR_BNDS_CHK_SPEC_BAR)) { + if (barrier_nospec_enabled) + seq_buf_printf(&s, "Mitigation: __user pointer sanitization"); + else + seq_buf_printf(&s, "Vulnerable"); - return sprintf(buf, "Vulnerable\n"); + if (security_ftr_enabled(SEC_FTR_SPEC_BAR_ORI31)) + seq_buf_printf(&s, ", ori31 speculation barrier enabled"); + + seq_buf_printf(&s, "\n"); + } else + seq_buf_printf(&s, "Not affected\n"); + + return s.len; } ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, char *buf) { - bool bcs, ccd, ori; struct seq_buf s; + bool bcs, ccd; seq_buf_init(&s, buf, PAGE_SIZE - 1); bcs = security_ftr_enabled(SEC_FTR_BCCTRL_SERIALISED); ccd = security_ftr_enabled(SEC_FTR_COUNT_CACHE_DISABLED); - ori = security_ftr_enabled(SEC_FTR_SPEC_BAR_ORI31); if (bcs || ccd) { seq_buf_printf(&s, "Mitigation: "); @@ -151,9 +161,6 @@ ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, c } else seq_buf_printf(&s, "Vulnerable"); - if (ori) - seq_buf_printf(&s, ", ori31 speculation barrier enabled"); - seq_buf_printf(&s, "\n"); return s.len;

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] powerpc64s: Show ori31 availability in spectre_v1 sysfs file" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 6d44acae1937b81cf8115ada8958e04f601f3f2e Mon Sep 17 00:00:00 2001 From: Michael Ellerman <mpe(a)ellerman.id.au> Date: Mon, 9 Jul 2018 16:25:21 +1000 Subject: [PATCH] powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2 When I added the spectre_v2 information in sysfs, I included the availability of the ori31 speculation barrier. Although the ori31 barrier can be used to mitigate v2, it's primarily intended as a spectre v1 mitigation. Spectre v2 is mitigated by hardware changes. So rework the sysfs files to show the ori31 information in the spectre_v1 file, rather than v2. Currently we display eg: $ grep . spectre_v* spectre_v1:Mitigation: __user pointer sanitization spectre_v2:Mitigation: Indirect branch cache disabled, ori31 speculation barrier enabled After: $ grep . spectre_v* spectre_v1:Mitigation: __user pointer sanitization, ori31 speculation barrier enabled spectre_v2:Mitigation: Indirect branch cache disabled Fixes: d6fbe1c55c55 ("powerpc/64s: Wire up cpu_show_spectre_v2()") Cc: stable(a)vger.kernel.org # v4.17+ Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c index a8b277362931..4cb8f1f7b593 100644 --- a/arch/powerpc/kernel/security.c +++ b/arch/powerpc/kernel/security.c @@ -117,25 +117,35 @@ ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr, cha ssize_t cpu_show_spectre_v1(struct device *dev, struct device_attribute *attr, char *buf) { - if (!security_ftr_enabled(SEC_FTR_BNDS_CHK_SPEC_BAR)) - return sprintf(buf, "Not affected\n"); + struct seq_buf s; + + seq_buf_init(&s, buf, PAGE_SIZE - 1); - if (barrier_nospec_enabled) - return sprintf(buf, "Mitigation: __user pointer sanitization\n"); + if (security_ftr_enabled(SEC_FTR_BNDS_CHK_SPEC_BAR)) { + if (barrier_nospec_enabled) + seq_buf_printf(&s, "Mitigation: __user pointer sanitization"); + else + seq_buf_printf(&s, "Vulnerable"); - return sprintf(buf, "Vulnerable\n"); + if (security_ftr_enabled(SEC_FTR_SPEC_BAR_ORI31)) + seq_buf_printf(&s, ", ori31 speculation barrier enabled"); + + seq_buf_printf(&s, "\n"); + } else + seq_buf_printf(&s, "Not affected\n"); + + return s.len; } ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, char *buf) { - bool bcs, ccd, ori; struct seq_buf s; + bool bcs, ccd; seq_buf_init(&s, buf, PAGE_SIZE - 1); bcs = security_ftr_enabled(SEC_FTR_BCCTRL_SERIALISED); ccd = security_ftr_enabled(SEC_FTR_COUNT_CACHE_DISABLED); - ori = security_ftr_enabled(SEC_FTR_SPEC_BAR_ORI31); if (bcs || ccd) { seq_buf_printf(&s, "Mitigation: "); @@ -151,9 +161,6 @@ ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, c } else seq_buf_printf(&s, "Vulnerable"); - if (ori) - seq_buf_printf(&s, ", ori31 speculation barrier enabled"); - seq_buf_printf(&s, "\n"); return s.len;

7 years, 2 months

1
0
0 0

We design apps

by Ray

Do you have needs for mobile apps design? We are the one who can help you. We are an India based software company. What we focus is mobile apps development. We have 125 staffs in office and have created over 350 apps so far. We work on many different platforms, such as iOS, Android and others. Please reply if interested, we will send you our portfolios. Thanks, Ray Charles

7 years, 2 months

1
0
0 0

Team for mobile apps

by Ray

Do you have needs for mobile apps design? We are the one who can help you. We are an India based software company. What we focus is mobile apps development. We have 125 staffs in office and have created over 350 apps so far. We work on many different platforms, such as iOS, Android and others. Please reply if interested, we will send you our portfolios. Thanks, Ray Charles

7 years, 2 months

1
0
0 0

Mobile apps for your company

by Ray

Do you have needs for mobile apps design? We are the one who can help you. We are an India based software company. What we focus is mobile apps development. We have 125 staffs in office and have created over 350 apps so far. We work on many different platforms, such as iOS, Android and others. Please reply if interested, we will send you our portfolios. Thanks, Ray Charles

7 years, 2 months

1
0
0 0

[PATCH v5] spi: spi-mem: Adjust op len based on message/transfer size limitations

by Chuanhua Han

We need that to adjust the len of the 2nd transfer (called data in spi-mem) if it's too long to fit in a SPI message or SPI transfer. Fixes: c36ff266dc82 ("spi: Extend the core to ease integration of SPI memory controllers") Cc: <stable(a)vger.kernel.org> Signed-off-by: Chuanhua Han <chuanhua.han(a)nxp.com> Suggested-by: Boris Brezillon <boris.brezillon(a)bootlin.com> --- Changes in v5: -Add the validation check after the op->data.nbytes assignment -Assign the "len" variable after defining it -Remove the brackets on both sides of "opt-> data.nbytes" Changes in v4: -Rename variable name "opcode_addr_dummy_sum" to "len". -The comparison of "spi_max_message_size(mem->spi)" and "len" was removed. -Adjust their order when comparing the sizes of "spi_max_message_size(mem->spi)" and "len" -Changing the "unsigned long" type in the code to "size_t" Changes in v3: -Rename variable name "val" to "opcode_addr_dummy_sum". -Place the legitimacy of the transfer size(i.e., "spi_max_message_size(mem->spi)" and -"opcode_addr_dummy_sum") into "if (! ctlr - > mem_ops | |! ctlr-> mem_ops->exec_op) {" structure and add "spi_max_transfer_size(mem->spi) and opcode_addr_dummy_sum". -Adjust the formatting alignment of the code. -"(unsigned long)op->data.nbytes" was modified to "(unsigned long)(op->data.nbytes)". Changes in v2: -Place the adjusted transfer bytes code in spi_mem_adjust_op_size() and check spi_max_message_size(mem->spi) value before subtracting opcode, addr and dummy bytes. -Change the code from fsl-espi controller to generic code(The adjustment of spi transmission length was originally modified in the "drivers/spi/spi-fsl-espi.c" file, and now the adjustment of transfer length is made in the "drivers/spi/spi-mem.c" file) drivers/spi/spi-mem.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/drivers/spi/spi-mem.c b/drivers/spi/spi-mem.c index 990770d..6184fa1 100644 --- a/drivers/spi/spi-mem.c +++ b/drivers/spi/spi-mem.c @@ -328,10 +328,26 @@ EXPORT_SYMBOL_GPL(spi_mem_exec_op); int spi_mem_adjust_op_size(struct spi_mem *mem, struct spi_mem_op *op) { struct spi_controller *ctlr = mem->spi->controller; + size_t len; + + len = sizeof(op->cmd.opcode) + op->addr.nbytes + op->dummy.nbytes; if (ctlr->mem_ops && ctlr->mem_ops->adjust_op_size) return ctlr->mem_ops->adjust_op_size(mem, op); + if (!ctlr->mem_ops || !ctlr->mem_ops->exec_op) { + if (len > spi_max_transfer_size(mem->spi)) + return -EINVAL; + + op->data.nbytes = min3((size_t)op->data.nbytes, + spi_max_transfer_size(mem->spi), + spi_max_message_size(mem->spi) - + len); + + if (!op->data.nbytes) + return -EINVAL; + } + return 0; } EXPORT_SYMBOL_GPL(spi_mem_adjust_op_size); -- 2.7.4

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] f2fs: sanity check for total valid node blocks" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 8a29c1260e24e7c9c6ab138aa0017558d8b28208 Mon Sep 17 00:00:00 2001 From: Jaegeuk Kim <jaegeuk(a)kernel.org> Date: Tue, 24 Apr 2018 21:34:05 -0600 Subject: [PATCH] f2fs: sanity check for total valid node blocks This patch enhances sanity check for SIT entries. syzbot hit the following crash on upstream commit 83beed7b2b26f232d782127792dd0cd4362fdc41 (Fri Apr 20 17:56:32 2018 +0000) Merge branch 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/evalenti/linux-soc-thermal syzbot dashboard link: https://syzkaller.appspot.com/bug?extid=bf9253040425feb155ad syzkaller reproducer: https://syzkaller.appspot.com/x/repro.syz?id=5692130282438656 Raw console output: https://syzkaller.appspot.com/x/log.txt?id=5095924598571008 Kernel config: https://syzkaller.appspot.com/x/.config?id=1808800213120130118 compiler: gcc (GCC) 8.0.1 20180413 (experimental) IMPORTANT: if you fix the bug, please add the following tag to the commit: Reported-by: syzbot+bf9253040425feb155ad(a)syzkaller.appspotmail.com It will help syzbot understand when the bug is fixed. See footer for details. If you forward the report, please keep this part and the footer. F2FS-fs (loop0): invalid crc value F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 F2FS-fs (loop0): Mounted with checkpoint version = d F2FS-fs (loop0): Bitmap was wrongly cleared, blk:9740 ------------[ cut here ]------------ kernel BUG at fs/f2fs/segment.c:1884! invalid opcode: 0000 [#1] SMP KASAN Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 1 PID: 4508 Comm: syz-executor0 Not tainted 4.17.0-rc1+ #10 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:update_sit_entry+0x1215/0x1590 fs/f2fs/segment.c:1882 RSP: 0018:ffff8801af526708 EFLAGS: 00010282 RAX: ffffed0035ea4cc0 RBX: ffff8801ad454f90 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff82eeb87e RDI: ffffed0035ea4cb6 RBP: ffff8801af526760 R08: ffff8801ad4a2480 R09: ffffed003b5e4f90 R10: ffffed003b5e4f90 R11: ffff8801daf27c87 R12: ffff8801adb8d380 R13: 0000000000000001 R14: 0000000000000008 R15: 00000000ffffffff FS: 00000000014af940(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f06bc223000 CR3: 00000001adb02000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: allocate_data_block+0x66f/0x2050 fs/f2fs/segment.c:2663 do_write_page+0x105/0x1b0 fs/f2fs/segment.c:2727 write_node_page+0x129/0x350 fs/f2fs/segment.c:2770 __write_node_page+0x7da/0x1370 fs/f2fs/node.c:1398 sync_node_pages+0x18cf/0x1eb0 fs/f2fs/node.c:1652 block_operations+0x429/0xa60 fs/f2fs/checkpoint.c:1088 write_checkpoint+0x3ba/0x5380 fs/f2fs/checkpoint.c:1405 f2fs_sync_fs+0x2fb/0x6a0 fs/f2fs/super.c:1077 __sync_filesystem fs/sync.c:39 [inline] sync_filesystem+0x265/0x310 fs/sync.c:67 generic_shutdown_super+0xd7/0x520 fs/super.c:429 kill_block_super+0xa4/0x100 fs/super.c:1191 kill_f2fs_super+0x9f/0xd0 fs/f2fs/super.c:3030 deactivate_locked_super+0x97/0x100 fs/super.c:316 deactivate_super+0x188/0x1b0 fs/super.c:347 cleanup_mnt+0xbf/0x160 fs/namespace.c:1174 __cleanup_mnt+0x16/0x20 fs/namespace.c:1181 task_work_run+0x1e4/0x290 kernel/task_work.c:113 tracehook_notify_resume include/linux/tracehook.h:191 [inline] exit_to_usermode_loop+0x2bd/0x310 arch/x86/entry/common.c:166 prepare_exit_to_usermode arch/x86/entry/common.c:196 [inline] syscall_return_slowpath arch/x86/entry/common.c:265 [inline] do_syscall_64+0x6ac/0x800 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x457d97 RSP: 002b:00007ffd46f9c8e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000457d97 RDX: 00000000014b09a3 RSI: 0000000000000002 RDI: 00007ffd46f9da50 RBP: 00007ffd46f9da50 R08: 0000000000000000 R09: 0000000000000009 R10: 0000000000000005 R11: 0000000000000246 R12: 00000000014b0940 R13: 0000000000000000 R14: 0000000000000002 R15: 000000000000658e RIP: update_sit_entry+0x1215/0x1590 fs/f2fs/segment.c:1882 RSP: ffff8801af526708 ---[ end trace f498328bb02610a2 ]--- Reported-and-tested-by: syzbot+bf9253040425feb155ad(a)syzkaller.appspotmail.com Reported-and-tested-by: syzbot+7d6d31d3bc702f566ce3(a)syzkaller.appspotmail.com Reported-and-tested-by: syzbot+0a725420475916460f12(a)syzkaller.appspotmail.com Reviewed-by: Chao Yu <yuchao0(a)huawei.com> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> diff --git a/fs/f2fs/segment.c b/fs/f2fs/segment.c index 3ba8a4a768c9..1576b9d9a172 100644 --- a/fs/f2fs/segment.c +++ b/fs/f2fs/segment.c @@ -3631,6 +3631,7 @@ static int build_sit_entries(struct f2fs_sb_info *sbi) unsigned int i, start, end; unsigned int readed, start_blk = 0; int err = 0; + block_t total_node_blocks = 0; do { readed = ra_meta_pages(sbi, start_blk, BIO_MAX_PAGES, @@ -3653,6 +3654,8 @@ static int build_sit_entries(struct f2fs_sb_info *sbi) if (err) return err; seg_info_from_raw_sit(se, &sit); + if (IS_NODESEG(se->type)) + total_node_blocks += se->valid_blocks; /* build discard map only one time */ if (f2fs_discard_en(sbi)) { @@ -3694,11 +3697,15 @@ static int build_sit_entries(struct f2fs_sb_info *sbi) sit = sit_in_journal(journal, i); old_valid_blocks = se->valid_blocks; + if (IS_NODESEG(se->type)) + total_node_blocks -= old_valid_blocks; err = check_block_count(sbi, start, &sit); if (err) break; seg_info_from_raw_sit(se, &sit); + if (IS_NODESEG(se->type)) + total_node_blocks += se->valid_blocks; if (f2fs_discard_en(sbi)) { if (is_set_ckpt_flags(sbi, CP_TRIMMED_FLAG)) { @@ -3717,6 +3724,15 @@ static int build_sit_entries(struct f2fs_sb_info *sbi) se->valid_blocks - old_valid_blocks; } up_read(&curseg->journal_rwsem); + + if (!err && total_node_blocks != valid_node_count(sbi)) { + f2fs_msg(sbi->sb, KERN_ERR, + "SIT is corrupted node# %u vs %u", + total_node_blocks, valid_node_count(sbi)); + set_sbi_flag(sbi, SBI_NEED_FSCK); + err = -EINVAL; + } + return err; }

7 years, 2 months

3
2
0 0

request for 4.14-stable: 9432a3175770 ("KVM: irqfd: fix race between EPOLLHUP and irq_bypass_register_consumer")

by Sudip Mukherjee

Hi Greg, This was missing in 4.14-stable. Please apply to your queue. -- Regards Sudip

7 years, 2 months

2
1
0 0

FAILED: patch "[PATCH] x86/mm/init: Remove freed kernel image areas from alias" failed to apply to 4.17-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.17-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From c40a56a7818cfe735fc93a69e1875f8bba834483 Mon Sep 17 00:00:00 2001 From: Dave Hansen <dave.hansen(a)linux.intel.com> Date: Thu, 2 Aug 2018 15:58:31 -0700 Subject: [PATCH] x86/mm/init: Remove freed kernel image areas from alias mapping The kernel image is mapped into two places in the virtual address space (addresses without KASLR, of course): 1. The kernel direct map (0xffff880000000000) 2. The "high kernel map" (0xffffffff81000000) We actually execute out of #2. If we get the address of a kernel symbol, it points to #2, but almost all physical-to-virtual translations point to Parts of the "high kernel map" alias are mapped in the userspace page tables with the Global bit for performance reasons. The parts that we map to userspace do not (er, should not) have secrets. When PTI is enabled then the global bit is usually not set in the high mapping and just used to compensate for poor performance on systems which lack PCID. This is fine, except that some areas in the kernel image that are adjacent to the non-secret-containing areas are unused holes. We free these holes back into the normal page allocator and reuse them as normal kernel memory. The memory will, of course, get *used* via the normal map, but the alias mapping is kept. This otherwise unused alias mapping of the holes will, by default keep the Global bit, be mapped out to userspace, and be vulnerable to Meltdown. Remove the alias mapping of these pages entirely. This is likely to fracture the 2M page mapping the kernel image near these areas, but this should affect a minority of the area. The pageattr code changes *all* aliases mapping the physical pages that it operates on (by default). We only want to modify a single alias, so we need to tweak its behavior. This unmapping behavior is currently dependent on PTI being in place. Going forward, we should at least consider doing this for all configurations. Having an extra read-write alias for memory is not exactly ideal for debugging things like random memory corruption and this does undercut features like DEBUG_PAGEALLOC or future work like eXclusive Page Frame Ownership (XPFO). Before this patch: current_kernel:---[ High Kernel Mapping ]--- current_kernel-0xffffffff80000000-0xffffffff81000000 16M pmd current_kernel-0xffffffff81000000-0xffffffff81e00000 14M ro PSE GLB x pmd current_kernel-0xffffffff81e00000-0xffffffff81e11000 68K ro GLB x pte current_kernel-0xffffffff81e11000-0xffffffff82000000 1980K RW NX pte current_kernel-0xffffffff82000000-0xffffffff82600000 6M ro PSE GLB NX pmd current_kernel-0xffffffff82600000-0xffffffff82c00000 6M RW PSE NX pmd current_kernel-0xffffffff82c00000-0xffffffff82e00000 2M RW NX pte current_kernel-0xffffffff82e00000-0xffffffff83200000 4M RW PSE NX pmd current_kernel-0xffffffff83200000-0xffffffffa0000000 462M pmd current_user:---[ High Kernel Mapping ]--- current_user-0xffffffff80000000-0xffffffff81000000 16M pmd current_user-0xffffffff81000000-0xffffffff81e00000 14M ro PSE GLB x pmd current_user-0xffffffff81e00000-0xffffffff81e11000 68K ro GLB x pte current_user-0xffffffff81e11000-0xffffffff82000000 1980K RW NX pte current_user-0xffffffff82000000-0xffffffff82600000 6M ro PSE GLB NX pmd current_user-0xffffffff82600000-0xffffffffa0000000 474M pmd After this patch: current_kernel:---[ High Kernel Mapping ]--- current_kernel-0xffffffff80000000-0xffffffff81000000 16M pmd current_kernel-0xffffffff81000000-0xffffffff81e00000 14M ro PSE GLB x pmd current_kernel-0xffffffff81e00000-0xffffffff81e11000 68K ro GLB x pte current_kernel-0xffffffff81e11000-0xffffffff82000000 1980K pte current_kernel-0xffffffff82000000-0xffffffff82400000 4M ro PSE GLB NX pmd current_kernel-0xffffffff82400000-0xffffffff82488000 544K ro NX pte current_kernel-0xffffffff82488000-0xffffffff82600000 1504K pte current_kernel-0xffffffff82600000-0xffffffff82c00000 6M RW PSE NX pmd current_kernel-0xffffffff82c00000-0xffffffff82c0d000 52K RW NX pte current_kernel-0xffffffff82c0d000-0xffffffff82dc0000 1740K pte current_user:---[ High Kernel Mapping ]--- current_user-0xffffffff80000000-0xffffffff81000000 16M pmd current_user-0xffffffff81000000-0xffffffff81e00000 14M ro PSE GLB x pmd current_user-0xffffffff81e00000-0xffffffff81e11000 68K ro GLB x pte current_user-0xffffffff81e11000-0xffffffff82000000 1980K pte current_user-0xffffffff82000000-0xffffffff82400000 4M ro PSE GLB NX pmd current_user-0xffffffff82400000-0xffffffff82488000 544K ro NX pte current_user-0xffffffff82488000-0xffffffff82600000 1504K pte current_user-0xffffffff82600000-0xffffffffa0000000 474M pmd [ tglx: Do not unmap on 32bit as there is only one mapping ] Fixes: 0f561fce4d69 ("x86/pti: Enable global pages for shared areas") Signed-off-by: Dave Hansen <dave.hansen(a)linux.intel.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: Kees Cook <keescook(a)google.com> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: Juergen Gross <jgross(a)suse.com> Cc: Josh Poimboeuf <jpoimboe(a)redhat.com> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Hugh Dickins <hughd(a)google.com> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Borislav Petkov <bp(a)alien8.de> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Andi Kleen <ak(a)linux.intel.com> Cc: Joerg Roedel <jroedel(a)suse.de> Link: https://lkml.kernel.org/r/20180802225831.5F6A2BFC@viggo.jf.intel.com diff --git a/arch/x86/include/asm/set_memory.h b/arch/x86/include/asm/set_memory.h index bd090367236c..34cffcef7375 100644 --- a/arch/x86/include/asm/set_memory.h +++ b/arch/x86/include/asm/set_memory.h @@ -46,6 +46,7 @@ int set_memory_np(unsigned long addr, int numpages); int set_memory_4k(unsigned long addr, int numpages); int set_memory_encrypted(unsigned long addr, int numpages); int set_memory_decrypted(unsigned long addr, int numpages); +int set_memory_np_noalias(unsigned long addr, int numpages); int set_memory_array_uc(unsigned long *addr, int addrinarray); int set_memory_array_wc(unsigned long *addr, int addrinarray); diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c index bc11dedffc45..74b157ac078d 100644 --- a/arch/x86/mm/init.c +++ b/arch/x86/mm/init.c @@ -780,8 +780,30 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end) */ void free_kernel_image_pages(void *begin, void *end) { - free_init_pages("unused kernel image", - (unsigned long)begin, (unsigned long)end); + unsigned long begin_ul = (unsigned long)begin; + unsigned long end_ul = (unsigned long)end; + unsigned long len_pages = (end_ul - begin_ul) >> PAGE_SHIFT; + + + free_init_pages("unused kernel image", begin_ul, end_ul); + + /* + * PTI maps some of the kernel into userspace. For performance, + * this includes some kernel areas that do not contain secrets. + * Those areas might be adjacent to the parts of the kernel image + * being freed, which may contain secrets. Remove the "high kernel + * image mapping" for these freed areas, ensuring they are not even + * potentially vulnerable to Meltdown regardless of the specific + * optimizations PTI is currently using. + * + * The "noalias" prevents unmapping the direct map alias which is + * needed to access the freed pages. + * + * This is only valid for 64bit kernels. 32bit has only one mapping + * which can't be treated in this way for obvious reasons. + */ + if (IS_ENABLED(CONFIG_X86_64) && cpu_feature_enabled(X86_FEATURE_PTI)) + set_memory_np_noalias(begin_ul, len_pages); } void __ref free_initmem(void) diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c index c04153796f61..0a74996a1149 100644 --- a/arch/x86/mm/pageattr.c +++ b/arch/x86/mm/pageattr.c @@ -53,6 +53,7 @@ static DEFINE_SPINLOCK(cpa_lock); #define CPA_FLUSHTLB 1 #define CPA_ARRAY 2 #define CPA_PAGES_ARRAY 4 +#define CPA_NO_CHECK_ALIAS 8 /* Do not search for aliases */ #ifdef CONFIG_PROC_FS static unsigned long direct_pages_count[PG_LEVEL_NUM]; @@ -1486,6 +1487,9 @@ static int change_page_attr_set_clr(unsigned long *addr, int numpages, /* No alias checking for _NX bit modifications */ checkalias = (pgprot_val(mask_set) | pgprot_val(mask_clr)) != _PAGE_NX; + /* Has caller explicitly disabled alias checking? */ + if (in_flag & CPA_NO_CHECK_ALIAS) + checkalias = 0; ret = __change_page_attr_set_clr(&cpa, checkalias); @@ -1772,6 +1776,15 @@ int set_memory_np(unsigned long addr, int numpages) return change_page_attr_clear(&addr, numpages, __pgprot(_PAGE_PRESENT), 0); } +int set_memory_np_noalias(unsigned long addr, int numpages) +{ + int cpa_flags = CPA_NO_CHECK_ALIAS; + + return change_page_attr_set_clr(&addr, numpages, __pgprot(0), + __pgprot(_PAGE_PRESENT), 0, + cpa_flags, NULL); +} + int set_memory_4k(unsigned long addr, int numpages) { return change_page_attr_set_clr(&addr, numpages, __pgprot(0),

7 years, 2 months

3
2
0 0

[GIT PULL] commits for Linux 3.18

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 3.18 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit dbba166b0e442d4d38ae0f244d32338c3e92d16f: Linux 3.18.117 (2018-07-28 07:43:19 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-3.18-09082018 for you to fetch changes up to 3ee02fbcdda812011ebb1f48caf7a0f90430dec3: tcp: identify cryptic messages as TCP seq # bugs (2018-08-09 13:05:31 -0400) - ---------------------------------------------------------------- for-greg-3.18-09082018 - ---------------------------------------------------------------- Adam Ford (1): ARM: dts: am3517.dtsi: Disable reference to OMAP3 OTG controller Alexander Duyck (1): ixgbe: Be more careful when modifying MAC filters Alexander Sverdlin (1): octeon_mgmt: Fix MIX registers configuration on MTU setup Bartosz Golaszewski (1): net: davinci_emac: match the mdio device against its compatible if possible BingJing Chang (1): md/raid10: fix that replacement cannot complete recovery after reassemble Casey Schaufler (1): Smack: Mark inode instant in smack_task_to_inode Chunfeng Yun (1): usb: gadget: composite: fix delayed_status race condition when set_interface Dan Carpenter (2): dmaengine: k3dma: Off by one in k3_of_dma_simple_xlate() qlogic: check kstrtoul() for errors Daniel Mack (2): ARM: dts: am437x: make edt-ft5x06 a wakeup source ARM: pxa: irq: fix handling of ICMR registers in suspend/resume David Lechner (1): net: usb: rtl8150: demote allmulti message to dev_dbg() Eric Dumazet (1): netfilter: ipv6: nf_defrag: reduce struct net memory waste Fabio Estevam (1): ARM: imx_v4_v5_defconfig: Select ULPI support Fathi Boudra (1): selftests: sync: add config fragment for testing sync framework Florian Westphal (1): netfilter: x_tables: set module owner for icmp(6) matches Ganesh Goudar (1): cxgb4: when disabling dcb set txq dcb priority to 0 Govindarajulu Varadarajan (1): enic: initialize enic->rfs_h.lock in enic_probe Greg Ungerer (1): m68k: fix "bad page state" oops on ColdFire boot Hangbin Liu (1): ipv6: mcast: fix unsolicited report interval after receiving querys Keerthy (1): ARM: dts: da850: Fix interrups property for gpio Li RongQing (1): net: propagate dev_get_valid_name return code Marek Szyprowski (1): drm/exynos: gsc: Fix support for NV16/61, YUV420/YVU420 and YUV422 modes Mathieu Malaterre (1): tracing: Use __printf markup to silence compiler Michael Trimarchi (1): brcmfmac: stop watchdog before detach and free everything Randy Dunlap (1): tcp: identify cryptic messages as TCP seq # bugs Russell King (1): drm/armada: fix colorkey mode property Sandipan Das (1): perf report powerpc: Fix crash if callchain is empty Shankara Pailoor (1): jfs: Fix inconsistency between memory allocation and ea_buf->max_size Stefan Agner (1): net: hamradio: use eth_broadcast_addr Stefan Wahren (2): net: qca_spi: Avoid packet drop during initial sync net: qca_spi: Make sure the QCA7000 reset is triggered Steven Rostedt (VMware) (1): locking/lockdep: Do not record IRQ state within lockdep code Sudarsana Reddy Kalluru (1): bnx2x: Fix receiving tx-timeout in error or recovery state. William Wu (1): usb: dwc2: fix isoc split in transfer with no data Yuiko Oshino (1): smsc75xx: Add workaround for gigabit link up hardware errata. Zhizhou Zhang (1): arm64: make secondary_start_kernel() notrace arch/arm/boot/dts/am3517.dtsi | 5 ++ arch/arm/boot/dts/am437x-sk-evm.dts | 2 + arch/arm/boot/dts/da850.dtsi | 6 +-- arch/arm/configs/imx_v4_v5_defconfig | 2 + arch/arm/mach-pxa/irq.c | 4 +- arch/arm64/kernel/smp.c | 2 +- arch/m68k/include/asm/mcf_pgalloc.h | 4 +- drivers/dma/k3dma.c | 2 +- drivers/gpu/drm/armada/armada_hw.h | 1 + drivers/gpu/drm/armada/armada_overlay.c | 30 ++++++++--- drivers/gpu/drm/exynos/exynos_drm_gsc.c | 29 ++++++---- drivers/gpu/drm/exynos/regs-gsc.h | 1 + drivers/md/raid10.c | 7 +++ drivers/net/ethernet/broadcom/bnx2x/bnx2x.h | 1 + drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 6 +++ drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 6 +++ drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 2 +- drivers/net/ethernet/cisco/enic/enic_clsf.c | 3 +- drivers/net/ethernet/cisco/enic/enic_main.c | 3 +- drivers/net/ethernet/intel/ixgbe/ixgbe_common.c | 12 ++++- drivers/net/ethernet/octeon/octeon_mgmt.c | 14 +++-- drivers/net/ethernet/qlogic/qlcnic/qlcnic_sysfs.c | 2 + drivers/net/ethernet/qualcomm/qca_spi.c | 5 +- drivers/net/ethernet/ti/davinci_emac.c | 4 ++ drivers/net/hamradio/bpqether.c | 8 +-- drivers/net/usb/rtl8150.c | 2 +- drivers/net/usb/smsc75xx.c | 62 ++++++++++++++++++++++ drivers/net/wireless/brcm80211/brcmfmac/dhd_sdio.c | 7 +++ drivers/usb/dwc2/hcd_intr.c | 3 +- drivers/usb/gadget/composite.c | 3 ++ fs/jfs/xattr.c | 10 ++-- include/net/net_namespace.h | 1 + include/net/netns/ipv6.h | 1 - kernel/locking/lockdep.c | 12 ++--- kernel/trace/trace.c | 5 ++ net/core/dev.c | 4 +- net/ipv4/netfilter/ip_tables.c | 1 + net/ipv4/tcp.c | 4 +- net/ipv6/mcast.c | 9 ++-- net/ipv6/netfilter/ip6_tables.c | 1 + net/ipv6/netfilter/nf_conntrack_reasm.c | 6 +-- security/smack/smack_lsm.c | 1 + tools/perf/arch/powerpc/util/skip-callchain-idx.c | 2 +- tools/testing/selftests/sync/config | 4 ++ 44 files changed, 232 insertions(+), 67 deletions(-) create mode 100644 tools/testing/selftests/sync/config -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlts2vsACgkQ3qZv95d3 LNwozhAAum/AUmq1jxFO2aqJdaQcnwLwyGw69kAZy+YRRR79s/+8MMVtrq/oE9Ux Iir2IAwdHKeHAl2mXy8NPbn0V7t4ne+bqnWKTZXoKQofFgFHE0VGhQ2Q3KWlK9Vl rKkjM4dioRr8nzEV0x6GH8GN2uTIB85SGQVHXnb6AcKsqWAL5tG96bhAU8i3Potg he80X6UtGDttYQNo6hBfKO9leT8iGg48PaqAZinjgupUvQNZSYIrxK+eJ9J2NFv2 FtkZAiK7z1hrnDeX5TLmLXxR0vTvubgvjv0+4a0yxn98N+7nbXhySSJONpeTFMqg Xg5dbn0Ey2bmVHJXvWVT5IetAKryzOkWvjzgtUsPFJNAtv38QrhB1gmHyOv+VnMr If5cJS5GmTVQRefWCdJjsMjyxqskONHNsHtSn6DTqXbE5O1cARaqXDHRyS6mQ7Iz oSBeONID3rgeepGOjkTRIvZ58wb2qwHdqPv6wCGif3DLDOaUznzWkFuIwB7YG014 wsqDGsdBe+Qo7vHyMn7kf1oprOaUZL8npLjUraZybBjBqg6kVbkpqsaA/EvsSl7M 1UFKKR1e72535DBYWE/dNO7l9ZvTYNzozg680wBRfDqdiX2TQgZcUK/kk0RisAMe IXKw9BRFLfMx1ULsER9oRA7Ffdg5rj9qdAn8sxYq4fUUSm0ZzJs= =VJfO -----END PGP SIGNATURE-----

7 years, 2 months

2
1
0 0

[GIT PULL] commits for Linux 4.4

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.4 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit bffa1e42b3713aa7911cc3f9a6e5a2dbbf1dc789: Linux 4.4.146 (2018-08-06 16:24:42 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.4-09082018 for you to fetch changes up to 2c2c878f0354bfe8d62b6e26d98fd5876ec7819a: tcp: identify cryptic messages as TCP seq # bugs (2018-08-09 11:02:47 -0400) - ---------------------------------------------------------------- for-greg-4.4-09082018 - ---------------------------------------------------------------- Adam Ford (1): ARM: dts: am3517.dtsi: Disable reference to OMAP3 OTG controller Ajay Gupta (1): usb: xhci: increase CRS timeout value Alexander Duyck (1): ixgbe: Be more careful when modifying MAC filters Alexander Sverdlin (1): octeon_mgmt: Fix MIX registers configuration on MTU setup Alexey Brodkin (2): ARC: Explicitly add -mmedium-calls to CFLAGS ARC: Enable machine_desc->init_per_cpu for !CONFIG_SMP Andy Lutomirski (1): selftests/x86/sigreturn/64: Fix spurious failures on AMD CPUs Bartosz Golaszewski (1): net: davinci_emac: match the mdio device against its compatible if possible BingJing Chang (1): md/raid10: fix that replacement cannot complete recovery after reassemble Casey Schaufler (1): Smack: Mark inode instant in smack_task_to_inode Chunfeng Yun (1): usb: gadget: composite: fix delayed_status race condition when set_interface Dan Carpenter (3): dmaengine: k3dma: Off by one in k3_of_dma_simple_xlate() qlogic: check kstrtoul() for errors drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply() Daniel Mack (2): ARM: dts: am437x: make edt-ft5x06 a wakeup source ARM: pxa: irq: fix handling of ICMR registers in suspend/resume David Lechner (1): net: usb: rtl8150: demote allmulti message to dev_dbg() Eric Dumazet (1): netfilter: ipv6: nf_defrag: reduce struct net memory waste Fabio Estevam (2): ARM: imx_v6_v7_defconfig: Select ULPI support ARM: imx_v4_v5_defconfig: Select ULPI support Fathi Boudra (1): selftests: sync: add config fragment for testing sync framework Florian Westphal (1): netfilter: x_tables: set module owner for icmp(6) matches Ganesh Goudar (1): cxgb4: when disabling dcb set txq dcb priority to 0 Govindarajulu Varadarajan (1): enic: initialize enic->rfs_h.lock in enic_probe Greg Ungerer (1): m68k: fix "bad page state" oops on ColdFire boot Grigor Tovmasyan (1): usb: gadget: dwc2: fix memory leak in gadget_init() Hangbin Liu (1): ipv6: mcast: fix unsolicited report interval after receiving querys Jason Gerecke (1): HID: wacom: Correct touch maximum XY of 2nd-gen Intuos Jiri Olsa (1): perf tests: Add event parsing error handling to parse events test Keerthy (1): ARM: dts: da850: Fix interrups property for gpio Kim Phillips (1): perf llvm-utils: Remove bashism from kernel include fetch script Li RongQing (1): net: propagate dev_get_valid_name return code Marek Szyprowski (3): drm/exynos: gsc: Fix support for NV16/61, YUV420/YVU420 and YUV422 modes drm/exynos: decon5433: Fix per-plane global alpha for XRGB modes drm/exynos: decon5433: Fix WINCONx reset value Mathieu Malaterre (1): tracing: Use __printf markup to silence compiler Michael Trimarchi (1): brcmfmac: stop watchdog before detach and free everything Randy Dunlap (2): net/ethernet/freescale/fman: fix cross-build error tcp: identify cryptic messages as TCP seq # bugs Ray Jui (1): ARM: dts: Cygnus: Fix I2C controller interrupt type Russell King (1): drm/armada: fix colorkey mode property Sandipan Das (1): perf report powerpc: Fix crash if callchain is empty Shankara Pailoor (1): jfs: Fix inconsistency between memory allocation and ea_buf->max_size Shuah Khan (Samsung OSG) (4): selftests: pstore: return Kselftest Skip code for skipped tests selftests: static_keys: return Kselftest Skip code for skipped tests selftests: user: return Kselftest Skip code for skipped tests selftests: zram: return Kselftest Skip code for skipped tests Stefan Agner (1): net: hamradio: use eth_broadcast_addr Stefan Schmidt (3): ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem ieee802154: at86rf230: use __func__ macro for debug messages ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem Stefan Wahren (3): net: qca_spi: Avoid packet drop during initial sync net: qca_spi: Make sure the QCA7000 reset is triggered net: qca_spi: Fix log level if probe fails Steven Rostedt (VMware) (2): locking/lockdep: Do not record IRQ state within lockdep code ARM: 8780/1: ftrace: Only set kernel memory back to read-only after boot Sudarsana Reddy Kalluru (2): qed: Add sanity check for SIMD fastpath handler. bnx2x: Fix receiving tx-timeout in error or recovery state. Thomas Richter (1): perf test session topology: Fix test on s390 Vikas Gupta (1): bnxt_en: Fix for system hang if request_irq fails Willem de Bruijn (1): packet: reset network header if packet shorter than ll reserved space William Wu (1): usb: dwc2: fix isoc split in transfer with no data Yuchung Cheng (1): tcp: remove DELAYED ACK events in DCTCP Yuiko Oshino (1): smsc75xx: Add workaround for gigabit link up hardware errata. Zhen Lei (1): kasan: fix shadow_size calculation error in kasan_module_alloc Zhizhou Zhang (1): arm64: make secondary_start_kernel() notrace Zhouyang Jia (1): scsi: xen-scsifront: add error handling for xenbus_printf arch/arc/Makefile | 15 +----- arch/arc/include/asm/mach_desc.h | 2 - arch/arc/kernel/irq.c | 2 +- arch/arm/boot/dts/am3517.dtsi | 5 ++ arch/arm/boot/dts/am437x-sk-evm.dts | 2 + arch/arm/boot/dts/bcm-cygnus.dtsi | 4 +- arch/arm/boot/dts/da850.dtsi | 6 +-- arch/arm/configs/imx_v4_v5_defconfig | 2 + arch/arm/configs/imx_v6_v7_defconfig | 2 + arch/arm/mach-pxa/irq.c | 4 +- arch/arm/mm/init.c | 9 ++++ arch/arm64/kernel/smp.c | 2 +- arch/m68k/include/asm/mcf_pgalloc.h | 4 +- drivers/dma/k3dma.c | 2 +- drivers/gpu/drm/armada/armada_hw.h | 1 + drivers/gpu/drm/armada/armada_overlay.c | 30 ++++++++--- drivers/gpu/drm/exynos/exynos5433_drm_decon.c | 6 +-- drivers/gpu/drm/exynos/exynos_drm_gsc.c | 29 ++++++---- drivers/gpu/drm/exynos/regs-gsc.h | 1 + drivers/gpu/drm/nouveau/nouveau_gem.c | 4 +- drivers/hid/wacom_wac.c | 10 +++- drivers/md/raid10.c | 7 +++ drivers/net/ethernet/broadcom/bnx2x/bnx2x.h | 1 + drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 6 +++ drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 6 +++ drivers/net/ethernet/broadcom/bnxt/bnxt.c | 4 +- drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 2 +- drivers/net/ethernet/cisco/enic/enic_clsf.c | 3 +- drivers/net/ethernet/cisco/enic/enic_main.c | 3 +- drivers/net/ethernet/intel/ixgbe/ixgbe_common.c | 12 ++++- drivers/net/ethernet/octeon/octeon_mgmt.c | 14 +++-- drivers/net/ethernet/qlogic/qed/qed_main.c | 12 ++++- drivers/net/ethernet/qlogic/qlcnic/qlcnic_sysfs.c | 2 + drivers/net/ethernet/qualcomm/qca_spi.c | 21 ++++---- drivers/net/ethernet/ti/davinci_emac.c | 4 ++ drivers/net/hamradio/bpqether.c | 8 +-- drivers/net/ieee802154/at86rf230.c | 15 ++---- drivers/net/ieee802154/fakelb.c | 2 +- drivers/net/usb/rtl8150.c | 2 +- drivers/net/usb/smsc75xx.c | 62 ++++++++++++++++++++++ drivers/net/wireless/brcm80211/brcmfmac/sdio.c | 7 +++ drivers/scsi/xen-scsifront.c | 33 +++++++++--- drivers/usb/dwc2/gadget.c | 7 ++- drivers/usb/dwc2/hcd_intr.c | 3 +- drivers/usb/gadget/composite.c | 3 ++ drivers/usb/host/xhci.c | 7 ++- fs/jfs/xattr.c | 10 ++-- include/linux/fsl/guts.h | 1 + include/net/net_namespace.h | 1 + include/net/netns/ipv6.h | 1 - include/net/tcp.h | 2 - kernel/locking/lockdep.c | 12 ++--- kernel/trace/trace.c | 5 ++ mm/kasan/kasan.c | 5 +- net/core/dev.c | 4 +- net/ipv4/netfilter/ip_tables.c | 1 + net/ipv4/tcp.c | 4 +- net/ipv4/tcp_dctcp.c | 25 --------- net/ipv4/tcp_output.c | 4 -- net/ipv6/mcast.c | 9 ++-- net/ipv6/netfilter/ip6_tables.c | 1 + net/ipv6/netfilter/nf_conntrack_reasm.c | 6 +-- net/packet/af_packet.c | 2 + security/smack/smack_lsm.c | 1 + tools/perf/arch/powerpc/util/skip-callchain-idx.c | 2 +- tools/perf/tests/parse-events.c | 8 +-- tools/perf/tests/topology.c | 1 + tools/perf/util/llvm-utils.c | 6 +-- .../selftests/pstore/pstore_post_reboot_tests | 5 +- .../selftests/static_keys/test_static_keys.sh | 13 +++++ tools/testing/selftests/sync/config | 4 ++ tools/testing/selftests/user/test_user_copy.sh | 7 +++ tools/testing/selftests/x86/sigreturn.c | 46 ++++++++++------ tools/testing/selftests/zram/zram.sh | 5 +- tools/testing/selftests/zram/zram_lib.sh | 5 +- 75 files changed, 400 insertions(+), 184 deletions(-) create mode 100644 tools/testing/selftests/sync/config -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlts2vIACgkQ3qZv95d3 LNx9Xg//TdPvFIiQ7oaj5YvGCRZPBv+vfAPCZ693m0fpIEmbFnNWc3t74FmeQwZC 66vMGt5L+1cuUGOxyydV+WQ8iOk8hh7PECZv5fgLX2S9eG9dCeIK64wQwB/olkk6 ea/JL6PlqtOxPr/w55R6KOw254/R6heEPVuDFxEjLD87TCkMEWGB1zdIVjwuiUM0 b/3M+8T+FQnd+z8hFet9P5RvOlPUnJvdR626Vo2zlCh441/paYrDKXY4AnA43Aqx E9iWvdVvNG9DpLjf7Vj+SrIM5JYbk1+0L6MjlbMlNQSOcbzmz6ViIWDpOx5PIQBg urqk2lOhSLJSmWWpHuP31b6bAODg0ZSB00bvJAyWEzAEGpCuTNaSBdFX0B8v2ojo 5agl87BBFTxp8PFRMjUnRfQmIdMnAtOdMdQrhTVnVK9wOsvo+IAW3z+ycOr30Wwa 4ZHK9vu+1maIcqqk+L0b05n5OGhCD+Z/GKxCCg0a1BpVSadX70Jh0OikOdzuzMsf gNZbvPkGYEo5P3zAsUDkPr03pdWIgp2qwOW9t1n0BIt+b0D0wE68QG0wRkiDeaeb aDflv16anTBmIiOB8MOdU33tDD7z7dHY5wTjKxg4sn6qBNxsLWRD0xTH5CxW1Rfx 504fmFXSybPf0dcsmy5Y7MWjDX3G+S5ywVVzVHTAe1rknP6IPb4= =O8w8 -----END PGP SIGNATURE-----

7 years, 2 months

2
1
0 0

[PATCH v5] spi: spi-mem: Adjust op len based on message/transfer size limitations

by Chuanhua Han

We need that to adjust the len of the 2nd transfer (called data in spi-mem) if it's too long to fit in a SPI message or SPI transfer. Fixes: c36ff266dc82 ("spi: Extend the core to ease integration of SPI memory controllers") Cc: <stable(a)vger.kernel.org> Signed-off-by: Chuanhua Han <chuanhua.han(a)nxp.com> Suggested-by: Boris Brezillon <boris.brezillon(a)bootlin.com> --- Changes in v5: -Add the validation check after the op->data.nbytes assignment -Assign the "len" variable after defining it -Remove the brackets on both sides of "opt-> data.nbytes" Changes in v4: -Rename variable name "opcode_addr_dummy_sum" to "len". -The comparison of "spi_max_message_size(mem->spi)" and "len" was removed. -Adjust their order when comparing the sizes of "spi_max_message_size(mem->spi)" and "len" -Changing the "unsigned long" type in the code to "size_t" Changes in v3: -Rename variable name "val" to "opcode_addr_dummy_sum". -Place the legitimacy of the transfer size(i.e., "spi_max_message_size(mem->spi)" and -"opcode_addr_dummy_sum") into "if (! ctlr - > mem_ops | |! ctlr-> mem_ops->exec_op) {" structure and add "spi_max_transfer_size(mem->spi) and opcode_addr_dummy_sum". -Adjust the formatting alignment of the code. -"(unsigned long)op->data.nbytes" was modified to "(unsigned long)(op->data.nbytes)". Changes in v2: -Place the adjusted transfer bytes code in spi_mem_adjust_op_size() and check spi_max_message_size(mem->spi) value before subtracting opcode, addr and dummy bytes. -Change the code from fsl-espi controller to generic code(The adjustment of spi transmission length was originally modified in the "drivers/spi/spi-fsl-espi.c" file, and now the adjustment of transfer length is made in the "drivers/spi/spi-mem.c" file) drivers/spi/spi-mem.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/drivers/spi/spi-mem.c b/drivers/spi/spi-mem.c index 990770d..6184fa1 100644 --- a/drivers/spi/spi-mem.c +++ b/drivers/spi/spi-mem.c @@ -328,10 +328,26 @@ EXPORT_SYMBOL_GPL(spi_mem_exec_op); int spi_mem_adjust_op_size(struct spi_mem *mem, struct spi_mem_op *op) { struct spi_controller *ctlr = mem->spi->controller; + size_t len; + + len = sizeof(op->cmd.opcode) + op->addr.nbytes + op->dummy.nbytes; if (ctlr->mem_ops && ctlr->mem_ops->adjust_op_size) return ctlr->mem_ops->adjust_op_size(mem, op); + if (!ctlr->mem_ops || !ctlr->mem_ops->exec_op) { + if (len > spi_max_transfer_size(mem->spi)) + return -EINVAL; + + op->data.nbytes = min3((size_t)op->data.nbytes, + spi_max_transfer_size(mem->spi), + spi_max_message_size(mem->spi) - + len); + + if (!op->data.nbytes) + return -EINVAL; + } + return 0; } EXPORT_SYMBOL_GPL(spi_mem_adjust_op_size); -- 2.7.4

7 years, 2 months

1
0
0 0

Re: [PATCH] x86/kvm/vmx: Fix GPF on reading vmentry_l1d_flush

by Jinpu Wang

> From: MINOURA Makoto / 箕浦真 <minoura(a)valinux.co.jp> > Date: 2018年8月22日周三上午9:50 > Subject: [PATCH] x86/kvm/vmx: Fix GPF on reading vmentry_l1d_flush > To: <kvm(a)vger.kernel.org> > Cc: <linux-kernel(a)vger.kernel.org> > > > > When EPT is not enabled, reading > /sys/module/kvm_intel/parameters/vmentry_l1d_flush causes > general protection fault in vmentry_l1d_flush_get() due to > access beyond the end of the array vmentry_l1d_param[]. > > Signed-off-by: Minoura Makoto <minoura(a)valinux.co.jp> > --- > arch/x86/include/asm/vmx.h | 1 + > arch/x86/kvm/vmx.c | 4 +++- > 2 files changed, 4 insertions(+), 1 deletion(-) > > diff --git a/arch/x86/include/asm/vmx.h b/arch/x86/include/asm/vmx.h > index 95f9107449bf..c4b834b05178 100644 > --- a/arch/x86/include/asm/vmx.h > +++ b/arch/x86/include/asm/vmx.h > @@ -581,6 +581,7 @@ enum vmx_l1d_flush_state { > VMENTER_L1D_FLUSH_NEVER, > VMENTER_L1D_FLUSH_COND, > VMENTER_L1D_FLUSH_ALWAYS, > + VMENTER_L1D_FLUSH_PARAM_MAX = VMENTER_L1D_FLUSH_ALWAYS, > VMENTER_L1D_FLUSH_EPT_DISABLED, > VMENTER_L1D_FLUSH_NOT_REQUIRED, > }; > diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c > index 1519f030fd73..155ba2a9139f 100644 > --- a/arch/x86/kvm/vmx.c > +++ b/arch/x86/kvm/vmx.c > @@ -204,6 +204,8 @@ static const struct { > {"never", VMENTER_L1D_FLUSH_NEVER}, > {"cond", VMENTER_L1D_FLUSH_COND}, > {"always", VMENTER_L1D_FLUSH_ALWAYS}, > + {"ept-disabled", VMENTER_L1D_FLUSH_EPT_DISABLED}, > + {"not-required", VMENTER_L1D_FLUSH_NOT_REQUIRED}, > }; > > #define L1D_CACHE_ORDER 4 > @@ -286,7 +288,7 @@ static int vmentry_l1d_flush_parse(const char *s) > unsigned int i; > > if (s) { > - for (i = 0; i < ARRAY_SIZE(vmentry_l1d_param); i++) { > + for (i = 0; i <= VMENTER_L1D_FLUSH_PARAM_MAX; i++) { > if (sysfs_streq(s, vmentry_l1d_param[i].option)) > return vmentry_l1d_param[i].cmd; > } Easy to reproduce. Thanks. Tested-by: Jack Wang <jinpu.wang(a)profitbricks.com> -- Jack Wang Linux Kernel Developer ProfitBricks GmbH Greifswalder Str. 207 D - 10405 Berlin Tel: +49 30 577 008 042 Fax: +49 30 577 008 299 Email: jinpu.wang(a)profitbricks.com URL: https://www.profitbricks.de Sitz der Gesellschaft: Berlin Registergericht: Amtsgericht Charlottenburg, HRB 125506 B Geschäftsführer: Achim Weiss, Matthias Steinberg, Christoph Steffens

7 years, 2 months

1
0
0 0

[GIT PULL] commits for Linux 4.14

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.14 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 2ae6c0413b4768f9d8fc6f718a732f9dae014b67: Linux 4.14.61 (2018-08-06 16:20:52 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.14-09082018 for you to fetch changes up to c0ea3dd048ecaa6156345a25031b5737e4f88a55: nvme: fix handling of metadata_len for NVME_IOCTL_IO_CMD (2018-08-08 09:32:40 -0400) - ---------------------------------------------------------------- for-greg-4.14-09082018 - ---------------------------------------------------------------- Adam Ford (2): ARM: davinci: board-da850-evm: fix WP pin polarity for MMC/SD ARM: dts: am3517.dtsi: Disable reference to OMAP3 OTG controller Ajay Gupta (1): usb: xhci: increase CRS timeout value Alex Deucher (1): drm/amdgpu: fix swapped emit_ib_size in vce3 Alexander Duyck (1): ixgbe: Be more careful when modifying MAC filters Alexander Sverdlin (1): octeon_mgmt: Fix MIX registers configuration on MTU setup Alexey Brodkin (2): ARC: Explicitly add -mmedium-calls to CFLAGS ARC: Enable machine_desc->init_per_cpu for !CONFIG_SMP Alison Wang (1): drm: mali-dp: Enable Global SE interrupts mask for DP500 Andrey Ryabinin (1): netfilter: nf_conntrack: Fix possible possible crash on module loading. Andrzej Hajda (1): drm/bridge/sii8620: fix loops in EDID fetch logic Andy Lutomirski (2): selftests/x86/sigreturn/64: Fix spurious failures on AMD CPUs selftests/x86/sigreturn: Do minor cleanups Anson Huang (2): soc: imx: gpcv2: correct PGC offset soc: imx: gpc: restrict register range for regmap access Ard Biesheuvel (1): KVM: arm/arm64: Drop resource size check for GICV window Arnd Bergmann (1): posix-timers: Fix nanosleep_copyout() for CONFIG_COMPAT_32BIT_TIME Arun Kumar Neelakantam (1): net: qrtr: Broadcast messages only from control port Ayan Kumar Halder (1): drm/arm/malidp: Preserve LAYER_FORMAT contents when setting format Bart Van Assche (1): drbd: Fix drbd_request_prepare() discard handling Bartosz Golaszewski (1): net: davinci_emac: match the mdio device against its compatible if possible BingJing Chang (1): md/raid10: fix that replacement cannot complete recovery after reassemble Bob Copeland (1): nl80211: relax ht operation checks for mesh Casey Schaufler (1): Smack: Mark inode instant in smack_task_to_inode Chengguang Xu (1): nfp: cast sizeof() to int when comparing with error code Christophe Jaillet (1): IB/mlx4: Fix an error handling path in 'mlx4_ib_rereg_user_mr()' Chunfeng Yun (1): usb: gadget: composite: fix delayed_status race condition when set_interface Dan Carpenter (6): block: sed-opal: Fix a couple off by one bugs typec: tcpm: Fix a msecs vs jiffies bug dmaengine: k3dma: Off by one in k3_of_dma_simple_xlate() qlogic: check kstrtoul() for errors pinctrl: nsp: off by ones in nsp_pinmux_enable() drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply() Daniel Borkmann (1): bpf, s390: fix potential memleak when later bpf_jit_prog fails Daniel Mack (2): ARM: dts: am437x: make edt-ft5x06 a wakeup source ARM: pxa: irq: fix handling of ICMR registers in suspend/resume Dave Jiang (2): acpi/nfit: fix cmd_rc for acpi_nfit_ctl to always return a value nfit: fix unchecked dereference in acpi_nfit_ctl David Lechner (1): net: usb: rtl8150: demote allmulti message to dev_dbg() Davide Caratti (1): net/sched: act_tunnel_key: fix NULL dereference when 'goto chain' is used Dinh Nguyen (1): net: stmmac: socfpga: add additional ocp reset line for Stratix10 Dirk Gouders (1): kconfig: fix line numbers for if-entries in menu tree Dmitry Osipenko (1): gpu: host1x: Check whether size of unpin isn't 0 Dong Jia Shi (1): vfio: ccw: fix error return in vfio_ccw_sch_event Dongjiu Geng (1): usb: xhci: remove the code build warning Doron Roberts-Kedes (1): nbd: Add the nbd NBD_DISCONNECT_ON_CLOSE config flag. Douglas Anderson (1): nvmem: Don't let a NULL cell_id for nvmem_cell_get() crash us Eli Cohen (1): net/mlx5: E-Switch, Disallow vlan/spoofcheck setup if not being esw manager Eric Dumazet (1): netfilter: ipv6: nf_defrag: reduce struct net memory waste Fabio Estevam (2): ARM: imx_v6_v7_defconfig: Select ULPI support ARM: imx_v4_v5_defconfig: Select ULPI support Fathi Boudra (1): selftests: sync: add config fragment for testing sync framework Florian Fainelli (3): ARM: dts: NSP: Fix i2c controller interrupt type ARM: dts: NSP: Fix PCIe controllers interrupt types ARM: dts: BCM5301x: Fix i2c controller interrupt type Florian Westphal (2): netfilter: x_tables: set module owner for icmp(6) matches netfilter: nft_compat: explicitly reject ERROR and standard target Ganesh Goudar (1): cxgb4: when disabling dcb set txq dcb priority to 0 Gao Feng (1): netfilter: nf_ct_helper: Fix possible panic after nf_conntrack_helper_unregister Geert Uytterhoeven (1): mtd: dataflash: Use ULL suffix for 64-bit constants Govindarajulu Varadarajan (1): enic: initialize enic->rfs_h.lock in enic_probe Greg Ungerer (1): m68k: fix "bad page state" oops on ColdFire boot Grigor Tovmasyan (1): usb: gadget: dwc2: fix memory leak in gadget_init() Guenter Roeck (1): hwmon: (nct6775) Fix loop limit Hangbin Liu (2): ipv6: mcast: fix unsolicited report interval after receiving querys ipvlan: call dev_change_flags when ipvlan mode is reset Hans de Goede (1): NFC: pn533: Fix wrong GFP flag usage Heikki Krogerus (1): usb: dwc3: pci: add support for Intel IceLake Hoan Tran (1): drivers/perf: xgene_pmu: Fix IOB SLOW PMU parser error Jann Horn (1): netfilter: nf_log: fix uninit read in nf_log_proc_dostring Janne Huttunen (1): perf script python: Fix dict reference counting Jason Gerecke (1): HID: wacom: Correct touch maximum XY of 2nd-gen Intuos Jeff Moyer (1): dev-dax: check_vma: ratelimit dev_info-s Jeffrin Jose T (1): selftests: bpf: notification about privilege required to run test_kmod.sh testing script Jiri Olsa (4): perf tools: Fix error index for pmu event parser perf tests: Add event parsing error handling to parse events test perf bench: Fix numa report output code perf tools: Fix compilation errors on gcc8 Johan Hovold (1): usb: dwc3: of-simple: fix use-after-free on remove Johannes Berg (1): nl80211: check nla_parse_nested() return values John Allen (1): ibmvnic: Fix error recovery on login failure John Garry (1): libahci: Fix possible Spectre-v1 pmp indexing in ahci_led_store() Josh Poimboeuf (1): objtool: Support GCC 8 '-fnoreorder-functions' Kamal Heib (1): RDMA/mlx5: Fix memory leak in mlx5_ib_create_srq() error path Keerthy (1): ARM: dts: da850: Fix interrups property for gpio Kim Phillips (1): perf llvm-utils: Remove bashism from kernel include fetch script Laura Abbott (1): tools: build: Use HOSTLDFLAGS with fixdep Li RongQing (1): net: propagate dev_get_valid_name return code Linus LÃ¼ssing (2): batman-adv: Avoid storing non-TT-sync flags on singular entries too batman-adv: Fix multicast TT issues with bogus ROAM flags Linus Torvalds (1): Mark HI and TASKLET softirq synchronous Lubomir Rintel (1): ieee802154: 6lowpan: set IFLA_LINK Lucas Stach (1): Input: synaptics-rmi4 - fix axis-swap behavior Maciej Purski (3): drm/bridge/sii8620: fix potential buffer overflow drm/bridge/sii8620: fix display of packed pixel modes in MHL2 drm/bridge/sii8620: Fix display of packed pixel modes Madalin Bucur (2): fsl/fman: fix parser reporting bad checksum on short frames dpaa_eth: DPAA SGT needs to be 256B Manish Rangankar (1): scsi: qedi: Send driver state to MFW Marcelo Ricardo Leitner (1): sctp: fix erroneous inc of snmp SctpFragUsrMsgs Marek Szyprowski (5): arm64: dma-mapping: clear buffers allocated with FORCE_CONTIGUOUS flag dmaengine: pl330: report BURST residue granularity drm/exynos: gsc: Fix support for NV16/61, YUV420/YVU420 and YUV422 modes drm/exynos: decon5433: Fix per-plane global alpha for XRGB modes drm/exynos: decon5433: Fix WINCONx reset value Martin Blumenstingl (1): ARM64: dts: meson-gxl: fix Mali GPU compatible string Masahiro Yamada (1): kbuild: suppress warnings from 'getconf LFS_*' Mathieu Malaterre (1): tracing: Use __printf markup to silence compiler Mauricio Vasquez B (1): bpf: hash map: decrement counter on error Max Gurtuvoy (1): nvmet: reset keep alive timer in controller enable Michael Chan (2): bnxt_en: Fix inconsistent BNXT_FLAG_AGG_RINGS logic. bnxt_en: Always set output parameters in bnxt_get_max_rings(). Michael Trimarchi (1): brcmfmac: stop watchdog before detach and free everything Mika Westerberg (1): ACPI / EC: Use ec_no_wakeup on Thinkpad X1 Carbon 6th Mikko Perttunen (1): drm/tegra: Fix comparison operator for buffer size Minas Harutyunyan (2): usb: dwc2: gadget: Fix issue in dwc2_gadget_start_isoc() dwc2: gadget: Fix ISOC IN DDMA PID bitfield value calculation Nicholas Mc Guire (3): PCI: xilinx: Add missing of_node_put() PCI: xilinx-nwl: Add missing of_node_put() PCI: faraday: Add missing of_node_put() Nishanth Menon (1): ARM: DRA7/OMAP5: Enable ACTLR[0] (Enable invalidates of BTB) for secondary cores Paul Cercueil (1): pinctrl: ingenic: Fix inverted direction for < JZ4770 Paul Moore (1): ipv6: make ipv6_renew_options() interrupt/kernel safe Peng Hao (1): kvmclock: fix TSC calibration for nested guests Peter Zijlstra (1): ARC: Improve cmpxchg syscall implementation Qu Wenruo (1): btrfs: scrub: Don't use inode page cache in scrub_handle_errored_block() Randy Dunlap (2): net/ethernet/freescale/fman: fix cross-build error tcp: identify cryptic messages as TCP seq # bugs Ray Jui (5): ARM: dts: Cygnus: Fix I2C controller interrupt type ARM: dts: Cygnus: Fix PCIe controller interrupt type arm64: dts: ns2: Fix I2C controller interrupt type arm64: dts: ns2: Fix PCIe controller interrupt type arm64: dts: Stingray: Fix I2C controller interrupt type Rob Herring (1): arm64: dts: msm8916: fix Coresight ETF graph connections Robin H. Johnson (1): ACPI / EC: Use ec_no_wakeup on more Thinkpad X1 Carbon 6th systems Roland Dreier (1): nvme: fix handling of metadata_len for NVME_IOCTL_IO_CMD Russell King (2): drm/armada: fix colorkey mode property drm/armada: fix irq handling Ryan Hsu (1): ath10k: update the phymode along with bandwidth change request Sandipan Das (1): perf report powerpc: Fix crash if callchain is empty Saurav Kashyap (1): scsi: qedf: Send the driver state to MFW Scott Branden (2): arm64: dts: specify 1.8V EMMC capabilities for bcm958742k arm64: dts: specify 1.8V EMMC capabilities for bcm958742t Sergei Shtylyov (1): PCI: versatile: Fix I/O space page leak Shankara Pailoor (1): jfs: Fix inconsistency between memory allocation and ea_buf->max_size Shuah Khan (Samsung OSG) (6): selftests: pstore: return Kselftest Skip code for skipped tests selftests: static_keys: return Kselftest Skip code for skipped tests selftests: sysctl: return Kselftest Skip code for skipped tests selftests: user: return Kselftest Skip code for skipped tests selftests: zram: return Kselftest Skip code for skipped tests selftests: vm: return Kselftest Skip code for skipped tests Stafford Horne (1): openrisc: entry: Fix delay slot exception detection Stefan Agner (1): net: hamradio: use eth_broadcast_addr Stefan Schmidt (3): ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem ieee802154: at86rf230: use __func__ macro for debug messages ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem Stefan Wahren (3): net: qca_spi: Avoid packet drop during initial sync net: qca_spi: Make sure the QCA7000 reset is triggered net: qca_spi: Fix log level if probe fails Stephen Hemminger (1): hv/netvsc: fix handling of fallback to single queue mode Steven Rostedt (VMware) (2): locking/lockdep: Do not record IRQ state within lockdep code ARM: 8780/1: ftrace: Only set kernel memory back to read-only after boot Sudarsana Reddy Kalluru (4): qed: Fix possible memory leak in Rx error path handling. qed: Add sanity check for SIMD fastpath handler. qed: Do not advertise DCBX_LLD_MANAGED capability. bnx2x: Fix receiving tx-timeout in error or recovery state. Sven Eckelmann (2): batman-adv: Fix bat_ogm_iv best gw refcnt after netlink dump batman-adv: Fix bat_v best gw refcnt after netlink dump Taeung Song (3): samples/bpf: add missing <linux/if_vlan.h> samples/bpf: Check the result of system() samples/bpf: Check the error of write() and read() Takashi Iwai (1): ALSA: seq: Fix UBSAN warning at SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT ioctl Thomas Richter (2): perf record: Support s390 random socket_id assignment perf test session topology: Fix test on s390 Tomasz Duszynski (1): iio: pressure: bmp280: fix relative humidity unit Trond Myklebust (1): pNFS: Always free the session slot on error in nfs4_layoutget_handle_exception Uwe Kleine-KÃ¶nig (1): ARM: dts: imx6: RDU2: fix irq type for mv88e6xxx switch Vijay Immanuel (1): IB/rxe: Fix missing completion for mem_reg work requests Vikas Gupta (1): bnxt_en: Fix for system hang if request_irq fails Vincent Pelletier (1): usb: gadget: ffs: Fix BUG when userland exits with submitted AIO transfers Viresh Kumar (1): arm: dts: armada: Fix "#cooling-cells" property's name Vladimir Zapolskiy (4): sh_eth: fix invalid context bug while calling auto-negotiation by ethtool sh_eth: fix invalid context bug while changing link options by ethtool ravb: fix invalid context bug while calling auto-negotiation by ethtool ravb: fix invalid context bug while changing link options by ethtool Wei Yongjun (1): pinctrl: nsp: Fix potential NULL dereference Willem de Bruijn (1): packet: reset network header if packet shorter than ll reserved space William Wu (2): usb: dwc2: alloc dma aligned buffer for isoc split in usb: dwc2: fix isoc split in transfer with no data Yan, Zheng (1): ceph: fix dentry leak in splice_dentry() Yonghong Song (1): perf tools: Fix a clang 7.0 compilation error Yuchung Cheng (1): tcp: remove DELAYED ACK events in DCTCP Yuiko Oshino (1): smsc75xx: Add workaround for gigabit link up hardware errata. Zhen Lei (1): kasan: fix shadow_size calculation error in kasan_module_alloc Zhenzhong Duan (2): x86/microcode/intel: Fix memleak in save_microcode_patch() x86/mm/32: Initialize the CR4 shadow before __flush_tlb_all() Zhizhou Zhang (1): arm64: make secondary_start_kernel() notrace Zhouyang Jia (3): xen: add error handling for xenbus_printf scsi: xen-scsifront: add error handling for xenbus_printf xen/scsiback: add error handling for xenbus_printf Makefile | 6 +- arch/arc/Makefile | 15 +-- arch/arc/include/asm/mach_desc.h | 2 - arch/arc/kernel/irq.c | 2 +- arch/arc/kernel/process.c | 47 +++++++-- arch/arm/boot/dts/am3517.dtsi | 5 + arch/arm/boot/dts/am437x-sk-evm.dts | 2 + arch/arm/boot/dts/armada-385-synology-ds116.dts | 2 +- arch/arm/boot/dts/bcm-cygnus.dtsi | 24 ++--- arch/arm/boot/dts/bcm-nsp.dtsi | 32 +++--- arch/arm/boot/dts/bcm5301x.dtsi | 2 +- arch/arm/boot/dts/da850.dtsi | 6 +- arch/arm/boot/dts/imx6qdl-zii-rdu2.dtsi | 2 +- arch/arm/configs/imx_v4_v5_defconfig | 2 + arch/arm/configs/imx_v6_v7_defconfig | 2 + arch/arm/mach-davinci/board-da850-evm.c | 2 +- arch/arm/mach-omap2/omap-smp.c | 41 ++++++++ arch/arm/mach-pxa/irq.c | 4 +- arch/arm/mm/init.c | 9 ++ arch/arm64/boot/dts/amlogic/meson-gxl-mali.dtsi | 2 +- arch/arm64/boot/dts/broadcom/northstar2/ns2.dtsi | 8 +- .../boot/dts/broadcom/stingray/bcm958742k.dts | 4 + .../boot/dts/broadcom/stingray/bcm958742t.dts | 4 + .../arm64/boot/dts/broadcom/stingray/stingray.dtsi | 4 +- arch/arm64/boot/dts/qcom/msm8916.dtsi | 4 +- arch/arm64/kernel/smp.c | 2 +- arch/arm64/mm/dma-mapping.c | 9 +- arch/m68k/include/asm/mcf_pgalloc.h | 4 +- arch/openrisc/kernel/entry.S | 8 +- arch/openrisc/kernel/head.S | 9 +- arch/openrisc/kernel/traps.c | 2 +- arch/s390/net/bpf_jit_comp.c | 1 + arch/x86/kernel/cpu/microcode/intel.c | 5 +- arch/x86/kernel/kvmclock.c | 1 + arch/x86/kernel/smpboot.c | 5 + block/sed-opal.c | 4 +- drivers/acpi/ec.c | 20 ++++ drivers/acpi/nfit/core.c | 4 + drivers/ata/libahci.c | 7 +- drivers/block/drbd/drbd_req.c | 4 +- drivers/block/nbd.c | 40 ++++++-- drivers/dax/device.c | 12 ++- drivers/dma/k3dma.c | 2 +- drivers/dma/pl330.c | 2 +- drivers/gpu/drm/amd/amdgpu/vce_v3_0.c | 4 +- drivers/gpu/drm/arm/malidp_hw.c | 3 +- drivers/gpu/drm/arm/malidp_planes.c | 5 +- drivers/gpu/drm/armada/armada_crtc.c | 12 ++- drivers/gpu/drm/armada/armada_hw.h | 1 + drivers/gpu/drm/armada/armada_overlay.c | 30 ++++-- drivers/gpu/drm/bridge/sil-sii8620.c | 41 +++++--- drivers/gpu/drm/exynos/exynos5433_drm_decon.c | 6 +- drivers/gpu/drm/exynos/exynos_drm_gsc.c | 29 ++++-- drivers/gpu/drm/exynos/regs-gsc.h | 1 + drivers/gpu/drm/nouveau/nouveau_gem.c | 4 +- drivers/gpu/drm/tegra/drm.c | 2 +- drivers/gpu/host1x/job.c | 3 +- drivers/hid/wacom_wac.c | 10 +- drivers/hwmon/nct6775.c | 2 +- drivers/iio/pressure/bmp280-core.c | 5 +- drivers/infiniband/hw/mlx4/mr.c | 7 +- drivers/infiniband/hw/mlx5/srq.c | 18 ++-- drivers/infiniband/sw/rxe/rxe_req.c | 3 + drivers/input/rmi4/rmi_2d_sensor.c | 34 +++---- drivers/md/raid10.c | 7 ++ drivers/mtd/devices/mtd_dataflash.c | 4 +- drivers/net/ethernet/broadcom/bnx2x/bnx2x.h | 1 + drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 6 ++ drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 6 ++ drivers/net/ethernet/broadcom/bnxt/bnxt.c | 13 ++- drivers/net/ethernet/cavium/octeon/octeon_mgmt.c | 14 ++- drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 2 +- drivers/net/ethernet/cisco/enic/enic_clsf.c | 3 +- drivers/net/ethernet/cisco/enic/enic_main.c | 3 +- drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 15 +-- drivers/net/ethernet/freescale/fman/fman_port.c | 8 ++ drivers/net/ethernet/ibm/ibmvnic.c | 4 +- drivers/net/ethernet/intel/ixgbe/ixgbe_common.c | 12 ++- drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 12 +-- drivers/net/ethernet/mellanox/mlx5/core/vport.c | 2 - .../net/ethernet/netronome/nfp/nfpcore/nfp_nffw.c | 2 +- drivers/net/ethernet/qlogic/qed/qed_dcbx.c | 11 +- drivers/net/ethernet/qlogic/qed/qed_ll2.c | 11 +- drivers/net/ethernet/qlogic/qed/qed_main.c | 12 ++- drivers/net/ethernet/qlogic/qlcnic/qlcnic_sysfs.c | 2 + drivers/net/ethernet/qualcomm/qca_spi.c | 21 ++-- drivers/net/ethernet/renesas/ravb_main.c | 56 +++-------- drivers/net/ethernet/renesas/sh_eth.c | 59 +++-------- drivers/net/ethernet/stmicro/stmmac/Kconfig | 2 +- .../net/ethernet/stmicro/stmmac/dwmac-socfpga.c | 18 +++- drivers/net/ethernet/ti/davinci_emac.c | 4 + drivers/net/hamradio/bpqether.c | 8 +- drivers/net/hyperv/rndis_filter.c | 1 + drivers/net/ieee802154/at86rf230.c | 15 +-- drivers/net/ieee802154/fakelb.c | 2 +- drivers/net/ipvlan/ipvlan_main.c | 36 +++++-- drivers/net/usb/rtl8150.c | 2 +- drivers/net/usb/smsc75xx.c | 62 ++++++++++++ drivers/net/wireless/ath/ath10k/mac.c | 16 ++- drivers/net/wireless/ath/ath10k/wmi.h | 1 + .../wireless/broadcom/brcm80211/brcmfmac/sdio.c | 7 ++ drivers/nfc/pn533/usb.c | 4 +- drivers/nvme/host/core.c | 2 +- drivers/nvme/target/core.c | 8 ++ drivers/nvmem/core.c | 4 + drivers/pci/host/pci-ftpci100.c | 2 + drivers/pci/host/pci-versatile.c | 2 +- drivers/pci/host/pcie-xilinx-nwl.c | 2 +- drivers/pci/host/pcie-xilinx.c | 1 + drivers/perf/xgene_pmu.c | 2 +- drivers/pinctrl/bcm/pinctrl-nsp-mux.c | 6 +- drivers/pinctrl/pinctrl-ingenic.c | 2 +- drivers/s390/cio/vfio_ccw_drv.c | 5 +- drivers/scsi/qedf/qedf_main.c | 12 +++ drivers/scsi/qedi/qedi_main.c | 11 ++ drivers/scsi/xen-scsifront.c | 33 ++++-- drivers/soc/imx/gpc.c | 21 ++++ drivers/soc/imx/gpcv2.c | 13 ++- drivers/staging/typec/tcpm.c | 3 +- drivers/usb/dwc2/core.h | 3 + drivers/usb/dwc2/gadget.c | 15 ++- drivers/usb/dwc2/hcd.c | 89 ++++++++++++++++- drivers/usb/dwc2/hcd.h | 8 ++ drivers/usb/dwc2/hcd_intr.c | 11 +- drivers/usb/dwc2/hcd_queue.c | 3 + drivers/usb/dwc3/dwc3-of-simple.c | 3 +- drivers/usb/dwc3/dwc3-pci.c | 2 + drivers/usb/gadget/composite.c | 3 + drivers/usb/gadget/function/f_fs.c | 26 +++-- drivers/usb/host/xhci-tegra.c | 2 +- drivers/usb/host/xhci.c | 7 +- drivers/xen/manage.c | 18 +++- drivers/xen/xen-scsiback.c | 16 ++- fs/btrfs/scrub.c | 17 ++-- fs/ceph/inode.c | 1 + fs/jfs/xattr.c | 10 +- fs/nfs/nfs4proc.c | 17 ++-- include/linux/fsl/guts.h | 1 + include/net/ipv6.h | 9 +- include/net/net_namespace.h | 1 + include/net/netns/ipv6.h | 1 - include/net/tc_act/tc_tunnel_key.h | 1 - include/net/tcp.h | 2 - include/uapi/linux/nbd.h | 3 + kernel/bpf/hashtab.c | 16 ++- kernel/locking/lockdep.c | 12 +-- kernel/softirq.c | 12 ++- kernel/time/hrtimer.c | 2 +- kernel/trace/trace.c | 5 + mm/kasan/kasan.c | 5 +- net/batman-adv/bat_iv_ogm.c | 4 +- net/batman-adv/bat_v.c | 4 +- net/batman-adv/translation-table.c | 7 +- net/core/dev.c | 4 +- net/ieee802154/6lowpan/core.c | 6 ++ net/ipv4/netfilter/ip_tables.c | 1 + net/ipv4/tcp.c | 4 +- net/ipv4/tcp_dctcp.c | 25 ----- net/ipv4/tcp_output.c | 4 - net/ipv6/calipso.c | 9 +- net/ipv6/exthdrs.c | 111 ++++++--------------- net/ipv6/ipv6_sockglue.c | 27 +++-- net/ipv6/mcast.c | 9 +- net/ipv6/netfilter/ip6_tables.c | 1 + net/ipv6/netfilter/nf_conntrack_reasm.c | 6 +- net/netfilter/nf_conntrack_core.c | 2 +- net/netfilter/nf_conntrack_helper.c | 5 + net/netfilter/nf_log.c | 4 + net/netfilter/nft_compat.c | 13 +++ net/packet/af_packet.c | 2 + net/qrtr/qrtr.c | 4 + net/sched/act_tunnel_key.c | 6 +- net/sctp/chunk.c | 4 +- net/wireless/nl80211.c | 35 +++---- samples/bpf/parse_varlen.c | 6 +- samples/bpf/test_overhead_user.c | 19 +++- samples/bpf/trace_event_user.c | 27 ++++- scripts/kconfig/zconf.y | 4 +- security/smack/smack_lsm.c | 1 + sound/core/seq/seq_clientmgr.c | 3 +- tools/build/Makefile | 2 +- tools/objtool/elf.c | 41 +++++--- tools/perf/arch/powerpc/util/skip-callchain-idx.c | 2 +- tools/perf/arch/x86/util/perf_regs.c | 2 +- tools/perf/bench/numa.c | 5 +- tools/perf/jvmti/jvmti_agent.c | 3 +- tools/perf/tests/parse-events.c | 8 +- tools/perf/tests/topology.c | 1 + tools/perf/util/c++/clang.cpp | 11 +- tools/perf/util/header.c | 10 +- tools/perf/util/llvm-utils.c | 6 +- tools/perf/util/parse-events.y | 5 + .../util/scripting-engines/trace-event-python.c | 8 +- tools/testing/selftests/bpf/test_kmod.sh | 9 ++ .../selftests/pstore/pstore_post_reboot_tests | 5 +- .../selftests/static_keys/test_static_keys.sh | 13 +++ tools/testing/selftests/sync/config | 4 + tools/testing/selftests/sysctl/sysctl.sh | 20 ++-- tools/testing/selftests/user/test_user_copy.sh | 7 ++ tools/testing/selftests/vm/compaction_test.c | 4 +- tools/testing/selftests/vm/mlock2-tests.c | 12 ++- tools/testing/selftests/vm/run_vmtests | 5 +- tools/testing/selftests/vm/userfaultfd.c | 4 +- tools/testing/selftests/x86/sigreturn.c | 59 ++++++----- tools/testing/selftests/zram/zram.sh | 5 +- tools/testing/selftests/zram/zram_lib.sh | 5 +- virt/kvm/arm/vgic/vgic-v3.c | 5 - 207 files changed, 1406 insertions(+), 720 deletions(-) create mode 100644 tools/testing/selftests/sync/config -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlts2uIACgkQ3qZv95d3 LNxfhA/8Ca2g1Ce2k19mjQuGJFSKBhGinRaheyjIzxHnUUFIvzzx795kX7aViAPZ MA0gamCYrPzXXKdx/sf6ZmMy9H8IRIS4rrHXE1XdHWUVqdYO6teMGSYg4BqX+pZW sCZccaXGFYme+CHqawK3q9xPWuSvKp3YSD/rjzyocQdhxUHLN0KM1NgZ55BrMQ57 +rJ6PH4GykQsOIsAQtYgW288ZsPDDWz1EYzRQwqfRcGFJ+Ut2W5RQHTUD18jUvMN qi2JQPGvLY+a/2IWxAg3cFTwAf/+UE7vyIzTeTl81/g/fWkhclebqKasBYQTU2br Yv0fB5U6GTXaWlsnChl4xtuMhfGR33qFB00XbHCLCvpiI3RXZQjdJgkdmfBmF84L EWnuZzZ0ZPwkBO+JOhC1faZdduFQ82juonqKko00DMa20qDcCiI7nuBf0b++hzeY 7zW7KlkxKSFole6F+7P0DnAWXNpnaWW3xU1fiZcrjK88QAhpe0ad5IuZSbjWyn9i itzIn+7VQxbqrCsIZ/AnOtcJpZKHiOhnnuZQ1t6Nu0QhUWiPx8WfhEqHZbp5tUj1 kGADJ+/QbZeV1mC95F2pEF3qzhnrgVtAC45ktBXXbqxmfYEwGBN0wjGB5zowGkJN 6K6xr8gvO67DSHo44xvAEWg3iUIc9DyBe1I40yFjTrQzby0iTEY= =rcQm -----END PGP SIGNATURE-----

7 years, 2 months

2
1
0 0

[GIT PULL] commits for Linux 4.9

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.9 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit e01202b36f03f9284ffb51e911f6710d0a62c815: Linux 4.9.118 (2018-08-06 16:23:04 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.9-09082018 for you to fetch changes up to 6cdd0e8d2c6e85ce4e69ba830da2bf27f0a5dff4: tcp: identify cryptic messages as TCP seq # bugs (2018-08-09 09:17:10 -0400) - ---------------------------------------------------------------- for-greg-4.9-09082018 - ---------------------------------------------------------------- Adam Ford (1): ARM: dts: am3517.dtsi: Disable reference to OMAP3 OTG controller Ajay Gupta (1): usb: xhci: increase CRS timeout value Alexander Duyck (1): ixgbe: Be more careful when modifying MAC filters Alexander Sverdlin (1): octeon_mgmt: Fix MIX registers configuration on MTU setup Alexey Brodkin (2): ARC: Explicitly add -mmedium-calls to CFLAGS ARC: Enable machine_desc->init_per_cpu for !CONFIG_SMP Alison Wang (1): drm: mali-dp: Enable Global SE interrupts mask for DP500 Andrey Ryabinin (1): netfilter: nf_conntrack: Fix possible possible crash on module loading. Andy Lutomirski (2): selftests/x86/sigreturn/64: Fix spurious failures on AMD CPUs selftests/x86/sigreturn: Do minor cleanups Ard Biesheuvel (1): KVM: arm/arm64: Drop resource size check for GICV window Arun Kumar Neelakantam (1): net: qrtr: Broadcast messages only from control port Bartosz Golaszewski (1): net: davinci_emac: match the mdio device against its compatible if possible BingJing Chang (1): md/raid10: fix that replacement cannot complete recovery after reassemble Bob Copeland (1): nl80211: relax ht operation checks for mesh Casey Schaufler (1): Smack: Mark inode instant in smack_task_to_inode Chunfeng Yun (1): usb: gadget: composite: fix delayed_status race condition when set_interface Dan Carpenter (4): dmaengine: k3dma: Off by one in k3_of_dma_simple_xlate() qlogic: check kstrtoul() for errors pinctrl: nsp: off by ones in nsp_pinmux_enable() drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply() Daniel Borkmann (1): bpf, s390: fix potential memleak when later bpf_jit_prog fails Daniel Mack (2): ARM: dts: am437x: make edt-ft5x06 a wakeup source ARM: pxa: irq: fix handling of ICMR registers in suspend/resume Dave Jiang (2): acpi/nfit: fix cmd_rc for acpi_nfit_ctl to always return a value nfit: fix unchecked dereference in acpi_nfit_ctl David Lechner (1): net: usb: rtl8150: demote allmulti message to dev_dbg() Davide Caratti (1): net/sched: act_tunnel_key: fix NULL dereference when 'goto chain' is used Dinh Nguyen (1): net: stmmac: socfpga: add additional ocp reset line for Stratix10 Dongjiu Geng (1): usb: xhci: remove the code build warning Eric Dumazet (1): netfilter: ipv6: nf_defrag: reduce struct net memory waste Fabio Estevam (2): ARM: imx_v6_v7_defconfig: Select ULPI support ARM: imx_v4_v5_defconfig: Select ULPI support Fathi Boudra (1): selftests: sync: add config fragment for testing sync framework Florian Fainelli (2): ARM: dts: NSP: Fix i2c controller interrupt type ARM: dts: NSP: Fix PCIe controllers interrupt types Florian Westphal (1): netfilter: x_tables: set module owner for icmp(6) matches Ganesh Goudar (1): cxgb4: when disabling dcb set txq dcb priority to 0 Govindarajulu Varadarajan (1): enic: initialize enic->rfs_h.lock in enic_probe Greg Ungerer (1): m68k: fix "bad page state" oops on ColdFire boot Grigor Tovmasyan (1): usb: gadget: dwc2: fix memory leak in gadget_init() Hangbin Liu (2): ipv6: mcast: fix unsolicited report interval after receiving querys ipvlan: call dev_change_flags when ipvlan mode is reset Hans de Goede (1): NFC: pn533: Fix wrong GFP flag usage Jann Horn (1): netfilter: nf_log: fix uninit read in nf_log_proc_dostring Jason Gerecke (1): HID: wacom: Correct touch maximum XY of 2nd-gen Intuos Jiri Olsa (2): perf tests: Add event parsing error handling to parse events test perf bench: Fix numa report output code Johan Hovold (1): usb: dwc3: of-simple: fix use-after-free on remove John Garry (1): libahci: Fix possible Spectre-v1 pmp indexing in ahci_led_store() Josh Poimboeuf (1): objtool: Support GCC 8 '-fnoreorder-functions' Kamal Heib (1): RDMA/mlx5: Fix memory leak in mlx5_ib_create_srq() error path Keerthy (1): ARM: dts: da850: Fix interrups property for gpio Kim Phillips (1): perf llvm-utils: Remove bashism from kernel include fetch script Laura Abbott (1): tools: build: Use HOSTLDFLAGS with fixdep Li RongQing (1): net: propagate dev_get_valid_name return code Linus Torvalds (1): Mark HI and TASKLET softirq synchronous Lubomir Rintel (1): ieee802154: 6lowpan: set IFLA_LINK Marek Szyprowski (4): dmaengine: pl330: report BURST residue granularity drm/exynos: gsc: Fix support for NV16/61, YUV420/YVU420 and YUV422 modes drm/exynos: decon5433: Fix per-plane global alpha for XRGB modes drm/exynos: decon5433: Fix WINCONx reset value Mathieu Malaterre (1): tracing: Use __printf markup to silence compiler Max Gurtuvoy (1): nvmet: reset keep alive timer in controller enable Michael Chan (1): bnxt_en: Always set output parameters in bnxt_get_max_rings(). Michael Trimarchi (1): brcmfmac: stop watchdog before detach and free everything Nicholas Mc Guire (2): PCI: xilinx: Add missing of_node_put() PCI: xilinx-nwl: Add missing of_node_put() Nishanth Menon (1): ARM: DRA7/OMAP5: Enable ACTLR[0] (Enable invalidates of BTB) for secondary cores Paul Moore (1): ipv6: make ipv6_renew_options() interrupt/kernel safe Peter Zijlstra (1): ARC: Improve cmpxchg syscall implementation Randy Dunlap (2): net/ethernet/freescale/fman: fix cross-build error tcp: identify cryptic messages as TCP seq # bugs Ray Jui (3): ARM: dts: Cygnus: Fix I2C controller interrupt type ARM: dts: Cygnus: Fix PCIe controller interrupt type arm64: dts: ns2: Fix I2C controller interrupt type Russell King (1): drm/armada: fix colorkey mode property Sandipan Das (1): perf report powerpc: Fix crash if callchain is empty Sergei Shtylyov (1): PCI: versatile: Fix I/O space page leak Shankara Pailoor (1): jfs: Fix inconsistency between memory allocation and ea_buf->max_size Shuah Khan (Samsung OSG) (4): selftests: pstore: return Kselftest Skip code for skipped tests selftests: static_keys: return Kselftest Skip code for skipped tests selftests: user: return Kselftest Skip code for skipped tests selftests: zram: return Kselftest Skip code for skipped tests Stefan Agner (1): net: hamradio: use eth_broadcast_addr Stefan Schmidt (3): ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem ieee802154: at86rf230: use __func__ macro for debug messages ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem Stefan Wahren (3): net: qca_spi: Avoid packet drop during initial sync net: qca_spi: Make sure the QCA7000 reset is triggered net: qca_spi: Fix log level if probe fails Steven Rostedt (VMware) (2): locking/lockdep: Do not record IRQ state within lockdep code ARM: 8780/1: ftrace: Only set kernel memory back to read-only after boot Sudarsana Reddy Kalluru (2): qed: Add sanity check for SIMD fastpath handler. bnx2x: Fix receiving tx-timeout in error or recovery state. Sven Eckelmann (2): batman-adv: Fix bat_ogm_iv best gw refcnt after netlink dump batman-adv: Fix bat_v best gw refcnt after netlink dump Taeung Song (2): samples/bpf: add missing <linux/if_vlan.h> samples/bpf: Check the error of write() and read() Takashi Iwai (1): ALSA: seq: Fix UBSAN warning at SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT ioctl Thomas Richter (1): perf test session topology: Fix test on s390 Tomasz Duszynski (1): iio: pressure: bmp280: fix relative humidity unit Vijay Immanuel (1): IB/rxe: Fix missing completion for mem_reg work requests Vikas Gupta (1): bnxt_en: Fix for system hang if request_irq fails Vladimir Zapolskiy (4): sh_eth: fix invalid context bug while calling auto-negotiation by ethtool sh_eth: fix invalid context bug while changing link options by ethtool ravb: fix invalid context bug while calling auto-negotiation by ethtool ravb: fix invalid context bug while changing link options by ethtool Wei Yongjun (1): pinctrl: nsp: Fix potential NULL dereference Willem de Bruijn (1): packet: reset network header if packet shorter than ll reserved space William Wu (1): usb: dwc2: fix isoc split in transfer with no data Yan, Zheng (1): ceph: fix dentry leak in splice_dentry() Yuchung Cheng (1): tcp: remove DELAYED ACK events in DCTCP Yuiko Oshino (1): smsc75xx: Add workaround for gigabit link up hardware errata. Zhen Lei (1): kasan: fix shadow_size calculation error in kasan_module_alloc Zhizhou Zhang (1): arm64: make secondary_start_kernel() notrace Zhouyang Jia (3): xen: add error handling for xenbus_printf scsi: xen-scsifront: add error handling for xenbus_printf xen/scsiback: add error handling for xenbus_printf arch/arc/Makefile | 15 +-- arch/arc/include/asm/mach_desc.h | 2 - arch/arc/kernel/irq.c | 2 +- arch/arc/kernel/process.c | 47 +++++++-- arch/arm/boot/dts/am3517.dtsi | 5 + arch/arm/boot/dts/am437x-sk-evm.dts | 2 + arch/arm/boot/dts/bcm-cygnus.dtsi | 24 ++--- arch/arm/boot/dts/bcm-nsp.dtsi | 32 +++--- arch/arm/boot/dts/da850.dtsi | 6 +- arch/arm/configs/imx_v4_v5_defconfig | 2 + arch/arm/configs/imx_v6_v7_defconfig | 2 + arch/arm/mach-omap2/omap-smp.c | 41 ++++++++ arch/arm/mach-pxa/irq.c | 4 +- arch/arm/mm/init.c | 9 ++ arch/arm64/boot/dts/broadcom/ns2.dtsi | 4 +- arch/arm64/kernel/smp.c | 2 +- arch/m68k/include/asm/mcf_pgalloc.h | 4 +- arch/s390/net/bpf_jit_comp.c | 1 + drivers/acpi/nfit/core.c | 4 + drivers/ata/libahci.c | 7 +- drivers/dma/k3dma.c | 2 +- drivers/dma/pl330.c | 2 +- drivers/gpu/drm/arm/malidp_hw.c | 3 +- drivers/gpu/drm/armada/armada_hw.h | 1 + drivers/gpu/drm/armada/armada_overlay.c | 30 ++++-- drivers/gpu/drm/exynos/exynos5433_drm_decon.c | 6 +- drivers/gpu/drm/exynos/exynos_drm_gsc.c | 29 ++++-- drivers/gpu/drm/exynos/regs-gsc.h | 1 + drivers/gpu/drm/nouveau/nouveau_gem.c | 4 +- drivers/hid/wacom_wac.c | 10 +- drivers/iio/pressure/bmp280-core.c | 5 +- drivers/infiniband/hw/mlx5/srq.c | 18 ++-- drivers/infiniband/sw/rxe/rxe_req.c | 3 + drivers/md/raid10.c | 7 ++ drivers/net/ethernet/broadcom/bnx2x/bnx2x.h | 1 + drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 6 ++ drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 6 ++ drivers/net/ethernet/broadcom/bnxt/bnxt.c | 8 +- drivers/net/ethernet/cavium/octeon/octeon_mgmt.c | 14 ++- drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 2 +- drivers/net/ethernet/cisco/enic/enic_clsf.c | 3 +- drivers/net/ethernet/cisco/enic/enic_main.c | 3 +- drivers/net/ethernet/intel/ixgbe/ixgbe_common.c | 12 ++- drivers/net/ethernet/qlogic/qed/qed_main.c | 12 ++- drivers/net/ethernet/qlogic/qlcnic/qlcnic_sysfs.c | 2 + drivers/net/ethernet/qualcomm/qca_spi.c | 21 ++-- drivers/net/ethernet/renesas/ravb_main.c | 56 +++-------- drivers/net/ethernet/renesas/sh_eth.c | 59 +++-------- drivers/net/ethernet/stmicro/stmmac/Kconfig | 2 +- .../net/ethernet/stmicro/stmmac/dwmac-socfpga.c | 18 +++- drivers/net/ethernet/ti/davinci_emac.c | 4 + drivers/net/hamradio/bpqether.c | 8 +- drivers/net/ieee802154/at86rf230.c | 15 +-- drivers/net/ieee802154/fakelb.c | 2 +- drivers/net/ipvlan/ipvlan_main.c | 36 +++++-- drivers/net/usb/rtl8150.c | 2 +- drivers/net/usb/smsc75xx.c | 62 ++++++++++++ .../wireless/broadcom/brcm80211/brcmfmac/sdio.c | 7 ++ drivers/nfc/pn533/usb.c | 4 +- drivers/nvme/target/core.c | 8 ++ drivers/pci/host/pci-versatile.c | 2 +- drivers/pci/host/pcie-xilinx-nwl.c | 2 +- drivers/pci/host/pcie-xilinx.c | 1 + drivers/pinctrl/bcm/pinctrl-nsp-mux.c | 6 +- drivers/scsi/xen-scsifront.c | 33 ++++-- drivers/usb/dwc2/gadget.c | 7 +- drivers/usb/dwc2/hcd_intr.c | 3 +- drivers/usb/dwc3/dwc3-of-simple.c | 3 +- drivers/usb/gadget/composite.c | 3 + drivers/usb/host/xhci-tegra.c | 2 +- drivers/usb/host/xhci.c | 7 +- drivers/xen/manage.c | 18 +++- drivers/xen/xen-scsiback.c | 16 ++- fs/ceph/inode.c | 1 + fs/jfs/xattr.c | 10 +- include/linux/fsl/guts.h | 1 + include/net/ipv6.h | 9 +- include/net/net_namespace.h | 1 + include/net/netns/ipv6.h | 1 - include/net/tc_act/tc_tunnel_key.h | 1 - include/net/tcp.h | 2 - kernel/locking/lockdep.c | 12 +-- kernel/softirq.c | 12 ++- kernel/trace/trace.c | 5 + mm/kasan/kasan.c | 5 +- net/batman-adv/bat_iv_ogm.c | 4 +- net/batman-adv/bat_v.c | 4 +- net/core/dev.c | 4 +- net/ieee802154/6lowpan/core.c | 6 ++ net/ipv4/netfilter/ip_tables.c | 1 + net/ipv4/tcp.c | 4 +- net/ipv4/tcp_dctcp.c | 25 ----- net/ipv4/tcp_output.c | 4 - net/ipv6/calipso.c | 9 +- net/ipv6/exthdrs.c | 111 ++++++--------------- net/ipv6/ipv6_sockglue.c | 27 +++-- net/ipv6/mcast.c | 9 +- net/ipv6/netfilter/ip6_tables.c | 1 + net/ipv6/netfilter/nf_conntrack_reasm.c | 6 +- net/netfilter/nf_conntrack_core.c | 2 +- net/netfilter/nf_log.c | 4 + net/packet/af_packet.c | 2 + net/qrtr/qrtr.c | 4 + net/sched/act_tunnel_key.c | 6 +- net/wireless/nl80211.c | 19 +--- samples/bpf/parse_varlen.c | 6 +- samples/bpf/test_overhead_user.c | 19 +++- security/smack/smack_lsm.c | 1 + sound/core/seq/seq_clientmgr.c | 3 +- tools/build/Makefile | 2 +- tools/objtool/elf.c | 41 +++++--- tools/perf/arch/powerpc/util/skip-callchain-idx.c | 2 +- tools/perf/bench/numa.c | 5 +- tools/perf/tests/parse-events.c | 8 +- tools/perf/tests/topology.c | 1 + tools/perf/util/llvm-utils.c | 6 +- .../selftests/pstore/pstore_post_reboot_tests | 5 +- .../selftests/static_keys/test_static_keys.sh | 13 +++ tools/testing/selftests/sync/config | 4 + tools/testing/selftests/user/test_user_copy.sh | 7 ++ tools/testing/selftests/x86/sigreturn.c | 59 ++++++----- tools/testing/selftests/zram/zram.sh | 5 +- tools/testing/selftests/zram/zram_lib.sh | 5 +- virt/kvm/arm/vgic/vgic-v3.c | 5 - 124 files changed, 806 insertions(+), 515 deletions(-) create mode 100644 tools/testing/selftests/sync/config -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlts2usACgkQ3qZv95d3 LNxV7xAAlEmyDj0Q1HQltbYnQ8/Cqgoi01FPohvxpugyeaZwELoP6W/vHAxSTw6M 51RaNEliEN27CY175G5+xLBgnVzm79/Z5NGm64Ve2OCfPYTeuSlvkJgy7IYJG7s4 nOkBP/rJSyOvtoV8vIBXm0nzwOW5/O4LamV82BRZIIeMoY1qf8KCpzsEp8ErEc/s Wx9T98dFzC0DVkVmccXByq/gTe57aLpAHtRmvMmC3FLSS4sohKRJN/6jHQbWfEcG W41zY7RYD4gOAy16wUZ87ycRDmxDBIDGgcIeVr0Drf+9hubErSUZecoFJ8lwWguC +U/WjSWzPJQSL+yL8oX9ErGzCxdU51BUVEJSVTVsQYGsrUyac2sVjDdq7vM8ltdE Jd7NROubsCPRevWcoJDJ98LSYpEbE7ibucUzg9nk39Mb0pREC3UGLEo2ULugaPRQ Zds3vdF7wSRWAY/zO4cL77uQxDEQrgqS2oEdAXOXJym26KWLDjnyGy9IrSy9WhGX nX3pGz0Cswl8qa2fSHX4LJTXG9Y3yteC/FIrpZh+FciWqWez0IV0IJDFVOpBf+8l AdabU2GBJXF7AptkaP7UDhYzGMLZTTLcPEkslM01kd7gIgDQOdZVIp+884dGR6Uh WbpwjrGX+gyAKbtrFiNqpV3xAy9ZI7zSEskiby02320dQjZ6bZQ= =XJ7Y -----END PGP SIGNATURE-----

7 years, 2 months

2
1
0 0

[PATCH for-4.9.y 0/5] net/sched: init failure fixes

by Amit Pundir

Hi Greg, Kindly consider/review following net/sched fixes for stable 4.9.y. This patchset is a follow-up of upstream fix 87b60cfacf9f ("net_sched: fix error recovery at qdisc creation") cherry-picked on stable 4.9.y. It fix null pointer dereferences due to uninitialized timer (qdisc watchdog) or double frees due to ->destroy cleaning up a second time. Here is the original submission https://www.mail-archive.com/netdev@vger.kernel.org/msg186003.html Cherry-picked and build tested on Linux 4.9.116 for ARCH=arm/arm64. These fixes are applicable for stable 4.4.y kernel as well, but one of the patches needed a minor rebasing, so I'm resending this series for 4.4.y in a separate thread to avoid any confusion. Regards, Amit Pundir Nikolay Aleksandrov (5): sch_htb: fix crash on init failure sch_multiq: fix double free on init failure sch_hhf: fix null pointer dereference on init failure sch_netem: avoid null pointer deref on init failure sch_tbf: fix two null pointer dereferences on init failure net/sched/sch_hhf.c | 3 +++ net/sched/sch_htb.c | 5 +++-- net/sched/sch_multiq.c | 7 +------ net/sched/sch_netem.c | 4 ++-- net/sched/sch_tbf.c | 5 +++-- 5 files changed, 12 insertions(+), 12 deletions(-) -- 2.7.4

7 years, 2 months

3
10
0 0

[PATCH v2] x86/entry/64: Remove %ebx handling from error_entry/exit

by Sarah Newman

commit b3681dd548d06deb2e1573890829dff4b15abf46 upstream. This version applies to v4.9. >From Andy Lutomirski, original author: error_entry and error_exit communicate the user vs kernel status of the frame using %ebx. This is unnecessary -- the information is in regs->cs. Just use regs->cs. This makes error_entry simpler and makes error_exit more robust. It also fixes a nasty bug. Before all the Spectre nonsense, The xen_failsafe_callback entry point returned like this: ALLOC_PT_GPREGS_ON_STACK SAVE_C_REGS SAVE_EXTRA_REGS ENCODE_FRAME_POINTER jmp error_exit And it did not go through error_entry. This was bogus: RBX contained garbage, and error_exit expected a flag in RBX. Fortunately, it generally contained *nonzero* garbage, so the correct code path was used. As part of the Spectre fixes, code was added to clear RBX to mitigate certain speculation attacks. Now, depending on kernel configuration, RBX got zeroed and, when running some Wine workloads, the kernel crashes. This was introduced by: commit 3ac6d8c787b8 ("x86/entry/64: Clear registers for exceptions/interrupts, to reduce speculation attack surface") With this patch applied, RBX is no longer needed as a flag, and the problem goes away. I suspect that malicious userspace could use this bug to crash the kernel even without the offending patch applied, though. [Historical note: I wrote this patch as a cleanup before I was aware of the bug it fixed.] [Note to stable maintainers: this should probably get applied to all kernels.] Cc: Brian Gerst <brgerst(a)gmail.com> Cc: Borislav Petkov <bp(a)alien8.de> Cc: Dominik Brodowski <linux(a)dominikbrodowski.net> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Boris Ostrovsky <boris.ostrovsky(a)oracle.com> Cc: Juergen Gross <jgross(a)suse.com> Cc: xen-devel(a)lists.xenproject.org Cc: x86(a)kernel.org Cc: stable(a)vger.kernel.org Cc: Andy Lutomirski <luto(a)kernel.org> Fixes: 3ac6d8c787b8 ("x86/entry/64: Clear registers for exceptions/interrupts, to reduce speculation attack surface") Reported-and-tested-by: "M. Vefa Bicakci" <m.v.b(a)runbox.com> Signed-off-by: Andy Lutomirski <luto(a)kernel.org> Signed-off-by: Sarah Newman <srn(a)prgmr.com> --- arch/x86/entry/entry_64.S | 20 ++++---------------- 1 file changed, 4 insertions(+), 16 deletions(-) diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S index d58d8dc..76c1d85e 100644 --- a/arch/x86/entry/entry_64.S +++ b/arch/x86/entry/entry_64.S @@ -774,7 +774,7 @@ ENTRY(\sym) call \do_sym - jmp error_exit /* %ebx: no swapgs flag */ + jmp error_exit .endif END(\sym) .endm @@ -1043,7 +1043,6 @@ END(paranoid_exit) /* * Save all registers in pt_regs, and switch gs if needed. - * Return: EBX=0: came from user mode; EBX=1: otherwise */ ENTRY(error_entry) cld @@ -1056,7 +1055,6 @@ ENTRY(error_entry) * the kernel CR3 here. */ SWITCH_KERNEL_CR3 - xorl %ebx, %ebx testb $3, CS+8(%rsp) jz .Lerror_kernelspace @@ -1087,7 +1085,6 @@ ENTRY(error_entry) * for these here too. */ .Lerror_kernelspace: - incl %ebx leaq native_irq_return_iret(%rip), %rcx cmpq %rcx, RIP+8(%rsp) je .Lerror_bad_iret @@ -1119,28 +1116,19 @@ ENTRY(error_entry) /* * Pretend that the exception came from user mode: set up pt_regs - * as if we faulted immediately after IRET and clear EBX so that - * error_exit knows that we will be returning to user mode. + * as if we faulted immediately after IRET. */ mov %rsp, %rdi call fixup_bad_iret mov %rax, %rsp - decl %ebx jmp .Lerror_entry_from_usermode_after_swapgs END(error_entry) - -/* - * On entry, EBX is a "return to kernel mode" flag: - * 1: already in kernel mode, don't need SWAPGS - * 0: user gsbase is loaded, we need SWAPGS and standard preparation for return to usermode - */ ENTRY(error_exit) - movl %ebx, %eax DISABLE_INTERRUPTS(CLBR_NONE) TRACE_IRQS_OFF - testl %eax, %eax - jnz retint_kernel + testb $3, CS(%rsp) + jz retint_kernel jmp retint_user END(error_exit) -- 1.9.1

7 years, 2 months

3
2
0 0

Linux 4.4.151

by Greg KH

I'm announcing the release of the 4.4.151 kernel. All users of the 4.4 kernel series must upgrade. The updated 4.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.4.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 +- arch/x86/include/asm/pgtable.h | 13 ++++++++----- drivers/acpi/sleep.c | 27 +++++++++++++++++++++++++++ drivers/isdn/i4l/isdn_common.c | 8 +------- drivers/tty/serial/8250/8250_dw.c | 2 +- drivers/usb/serial/option.c | 4 ++++ drivers/usb/serial/sierra.c | 4 ++-- include/net/af_vsock.h | 4 ++-- include/net/llc.h | 5 +++++ net/bluetooth/sco.c | 3 ++- net/dccp/ccids/ccid2.c | 6 ++++-- net/l2tp/l2tp_core.c | 2 +- net/llc/llc_core.c | 4 ++-- net/sched/cls_tcindex.c | 8 +++----- net/vmw_vsock/af_vsock.c | 15 ++++++++------- net/vmw_vsock/vmci_transport.c | 3 +-- sound/core/memalloc.c | 8 ++------ sound/core/seq/seq_virmidi.c | 10 ++++++++++ sound/pci/cs5535audio/cs5535audio.h | 6 +++--- sound/pci/cs5535audio/cs5535audio_pcm.c | 4 ++-- sound/pci/hda/hda_intel.c | 2 +- sound/pci/hda/patch_conexant.c | 4 +++- sound/pci/vx222/vx222_ops.c | 8 ++++---- sound/pcmcia/vx/vxp_ops.c | 10 +++++----- 24 files changed, 102 insertions(+), 60 deletions(-) Aleksander Morgado (1): USB: option: add support for DW5821e Alexey Kodanev (1): dccp: fix undefined behavior with 'cwnd' shift in ccid2_cwnd_restart() Chen Hu (1): serial: 8250_dw: always set baud rate in dw8250_set_termios Cong Wang (2): llc: use refcount_inc_not_zero() for llc_sap_find() vsock: split dwork to avoid reinitializations Greg Kroah-Hartman (1): Linux 4.4.151 Hangbin Liu (2): net_sched: Fix missing res info when create new tc_index filter net_sched: fix NULL pointer dereference when delete tcindex filter Hans de Goede (1): ALSA: hda: Correct Asrock B85M-ITX power_save blacklist entry John Ogness (1): USB: serial: sierra: fix potential deadlock at close Kees Cook (1): isdn: Disable IIOCDBGVAR Park Ju Hyung (2): ALSA: hda - Sleep for 10ms after entering D3 on Conexant codecs ALSA: hda - Turn CX8200 into D3 as well upon reboot Sudip Mukherjee (1): Bluetooth: avoid killing an already killed socket Takashi Iwai (5): ALSA: vx222: Fix invalid endian conversions ALSA: virmidi: Fix too long output trigger loop ALSA: cs5535audio: Fix invalid endian conversion ALSA: memalloc: Don't exceed over the requested size ALSA: vxpocket: Fix invalid endian conversions Tom Lendacky (1): x86/mm: Simplify p[g4um]d_page() macros Wei Wang (1): l2tp: use sk_dst_check() to avoid race on sk->sk_dst_cache Willy Tarreau (1): ACPI / PM: save NVS memory for ASUS 1025C laptop Zhang Rui (1): ACPI: save NVS memory for Lenovo G50-45

7 years, 2 months

1
1
0 0

Linux 4.9.123

by Greg KH

I'm announcing the release of the 4.9.123 kernel. All users of the 4.9 kernel series must upgrade. The updated 4.9.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.9.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 +- arch/x86/include/asm/pgtable.h | 13 ++++++++----- drivers/acpi/sleep.c | 8 ++++++++ drivers/isdn/i4l/isdn_common.c | 8 +------- drivers/tty/serial/8250/8250_dw.c | 3 ++- drivers/tty/serial/8250/8250_port.c | 3 +-- drivers/usb/serial/option.c | 4 ++++ drivers/usb/serial/sierra.c | 4 ++-- include/net/af_vsock.h | 4 ++-- include/net/llc.h | 5 +++++ net/bluetooth/sco.c | 3 ++- net/dccp/ccids/ccid2.c | 6 ++++-- net/ipv6/ip6_tunnel.c | 8 ++------ net/l2tp/l2tp_core.c | 2 +- net/llc/llc_core.c | 4 ++-- net/sched/cls_matchall.c | 2 ++ net/sched/cls_tcindex.c | 8 +++----- net/vmw_vsock/af_vsock.c | 15 ++++++++------- net/vmw_vsock/vmci_transport.c | 3 +-- sound/core/memalloc.c | 8 ++------ sound/core/seq/seq_virmidi.c | 10 ++++++++++ sound/pci/cs5535audio/cs5535audio.h | 6 +++--- sound/pci/cs5535audio/cs5535audio_pcm.c | 4 ++-- sound/pci/hda/hda_intel.c | 2 +- sound/pci/hda/patch_conexant.c | 4 +++- sound/pci/vx222/vx222_ops.c | 8 ++++---- sound/pcmcia/vx/vxp_ops.c | 10 +++++----- 27 files changed, 89 insertions(+), 68 deletions(-) Aleksander Morgado (1): USB: option: add support for DW5821e Alexey Kodanev (1): dccp: fix undefined behavior with 'cwnd' shift in ccid2_cwnd_restart() Chen Hu (1): serial: 8250_dw: always set baud rate in dw8250_set_termios Cong Wang (2): llc: use refcount_inc_not_zero() for llc_sap_find() vsock: split dwork to avoid reinitializations Greg Kroah-Hartman (1): Linux 4.9.123 Hangbin Liu (3): net_sched: Fix missing res info when create new tc_index filter net_sched: fix NULL pointer dereference when delete tcindex filter cls_matchall: fix tcf_unbind_filter missing Hans de Goede (1): ALSA: hda: Correct Asrock B85M-ITX power_save blacklist entry John Ogness (1): USB: serial: sierra: fix potential deadlock at close Kees Cook (1): isdn: Disable IIOCDBGVAR Mark (1): tty: serial: 8250: Revert NXP SC16C2552 workaround Park Ju Hyung (2): ALSA: hda - Sleep for 10ms after entering D3 on Conexant codecs ALSA: hda - Turn CX8200 into D3 as well upon reboot Srinath Mannam (1): serial: 8250_dw: Add ACPI support for uart on Broadcom SoC Sudip Mukherjee (1): Bluetooth: avoid killing an already killed socket Takashi Iwai (5): ALSA: vx222: Fix invalid endian conversions ALSA: virmidi: Fix too long output trigger loop ALSA: cs5535audio: Fix invalid endian conversion ALSA: memalloc: Don't exceed over the requested size ALSA: vxpocket: Fix invalid endian conversions Tom Lendacky (1): x86/mm: Simplify p[g4um]d_page() macros Wei Wang (1): l2tp: use sk_dst_check() to avoid race on sk->sk_dst_cache Willy Tarreau (1): ACPI / PM: save NVS memory for ASUS 1025C laptop Xin Long (1): ip6_tunnel: use the right value for ipv4 min mtu check in ip6_tnl_xmit

7 years, 2 months

1
1
0 0

Linux 4.14.66

by Greg KH

I'm announcing the release of the 4.14.66 kernel. All users of the 4.14 kernel series must upgrade. The updated 4.14.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.14.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 - drivers/acpi/sleep.c | 8 +++++++ drivers/isdn/i4l/isdn_common.c | 8 ------- drivers/misc/sram.c | 9 +++++++- drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_b0.c | 2 - drivers/tty/serial/8250/8250_dw.c | 3 +- drivers/tty/serial/8250/8250_exar.c | 6 ++++- drivers/tty/serial/8250/8250_port.c | 3 -- drivers/usb/serial/option.c | 4 +++ drivers/usb/serial/pl2303.c | 2 + drivers/usb/serial/pl2303.h | 1 drivers/usb/serial/sierra.c | 4 +-- drivers/vhost/vhost.c | 9 +++++--- include/net/af_vsock.h | 4 +-- include/net/llc.h | 5 ++++ net/bluetooth/sco.c | 3 +- net/dccp/ccids/ccid2.c | 6 +++-- net/ipv6/ip6_tunnel.c | 8 +------ net/l2tp/l2tp_core.c | 2 - net/llc/llc_core.c | 4 +-- net/sched/cls_matchall.c | 2 + net/sched/cls_tcindex.c | 8 ++----- net/vmw_vsock/af_vsock.c | 15 +++++++------- net/vmw_vsock/vmci_transport.c | 3 -- sound/core/memalloc.c | 8 +------ sound/core/seq/seq_virmidi.c | 10 +++++++++ sound/pci/cs5535audio/cs5535audio.h | 6 ++--- sound/pci/cs5535audio/cs5535audio_pcm.c | 4 +-- sound/pci/hda/hda_intel.c | 2 - sound/pci/hda/patch_conexant.c | 4 ++- sound/pci/vx222/vx222_ops.c | 8 +++---- sound/pcmcia/vx/vxp_ops.c | 10 ++++----- 32 files changed, 104 insertions(+), 69 deletions(-) Aaron Sierra (1): serial: 8250_exar: Read INT0 from slave device, too Aleksander Morgado (1): USB: option: add support for DW5821e Alexey Kodanev (1): dccp: fix undefined behavior with 'cwnd' shift in ccid2_cwnd_restart() Chen Hu (1): serial: 8250_dw: always set baud rate in dw8250_set_termios Cong Wang (2): llc: use refcount_inc_not_zero() for llc_sap_find() vsock: split dwork to avoid reinitializations Dmitry Bogdanov (1): net: aquantia: Fix IFF_ALLMULTI flag functionality Greg Kroah-Hartman (1): Linux 4.14.66 Hangbin Liu (3): net_sched: fix NULL pointer dereference when delete tcindex filter net_sched: Fix missing res info when create new tc_index filter cls_matchall: fix tcf_unbind_filter missing Hans de Goede (1): ALSA: hda: Correct Asrock B85M-ITX power_save blacklist entry Jason Wang (1): vhost: reset metadata cache when initializing new IOTLB Johan Hovold (1): misc: sram: fix resource leaks in probe error path John Ogness (1): USB: serial: sierra: fix potential deadlock at close Kees Cook (1): isdn: Disable IIOCDBGVAR Mark (1): tty: serial: 8250: Revert NXP SC16C2552 workaround Movie Song (1): USB: serial: pl2303: add a new device id for ATEN Park Ju Hyung (2): ALSA: hda - Sleep for 10ms after entering D3 on Conexant codecs ALSA: hda - Turn CX8200 into D3 as well upon reboot Srinath Mannam (1): serial: 8250_dw: Add ACPI support for uart on Broadcom SoC Sudip Mukherjee (1): Bluetooth: avoid killing an already killed socket Takashi Iwai (5): ALSA: vx222: Fix invalid endian conversions ALSA: virmidi: Fix too long output trigger loop ALSA: cs5535audio: Fix invalid endian conversion ALSA: memalloc: Don't exceed over the requested size ALSA: vxpocket: Fix invalid endian conversions Wei Wang (1): l2tp: use sk_dst_check() to avoid race on sk->sk_dst_cache Willy Tarreau (1): ACPI / PM: save NVS memory for ASUS 1025C laptop Xin Long (1): ip6_tunnel: use the right value for ipv4 min mtu check in ip6_tnl_xmit

7 years, 2 months

1
1
0 0

Linux 4.17.18

by Greg KH

I'm announcing the release of the 4.17.18 kernel. All users of the 4.17 kernel series must upgrade. The updated 4.17.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.17.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 drivers/acpi/sleep.c | 8 drivers/isdn/i4l/isdn_common.c | 8 drivers/misc/sram.c | 9 drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_b0.c | 2 drivers/net/ethernet/marvell/mvneta.c | 53 ++-- drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 8 drivers/net/ethernet/mellanox/mlxsw/core_acl_flex_actions.c | 51 ++- drivers/net/ethernet/realtek/r8169.c | 12 drivers/tty/serial/8250/8250_dw.c | 3 drivers/tty/serial/8250/8250_exar.c | 6 drivers/tty/serial/8250/8250_port.c | 3 drivers/usb/serial/option.c | 4 drivers/usb/serial/pl2303.c | 2 drivers/usb/serial/pl2303.h | 1 drivers/usb/serial/sierra.c | 4 drivers/vhost/vhost.c | 9 include/net/af_vsock.h | 4 include/net/llc.h | 5 net/bluetooth/sco.c | 3 net/core/sock_diag.c | 2 net/dccp/ccids/ccid2.c | 6 net/ipv4/ip_vti.c | 3 net/ipv6/ip6_tunnel.c | 8 net/l2tp/l2tp_core.c | 2 net/llc/llc_core.c | 4 net/rxrpc/ar-internal.h | 8 net/rxrpc/conn_event.c | 4 net/rxrpc/net_ns.c | 6 net/rxrpc/output.c | 12 net/rxrpc/peer_event.c | 156 ++++++------ net/rxrpc/peer_object.c | 8 net/rxrpc/rxkad.c | 4 net/sched/cls_matchall.c | 2 net/sched/cls_tcindex.c | 8 net/socket.c | 3 net/vmw_vsock/af_vsock.c | 15 - net/vmw_vsock/vmci_transport.c | 3 sound/core/memalloc.c | 8 sound/core/seq/oss/seq_oss.c | 2 sound/core/seq/seq_clientmgr.c | 2 sound/core/seq/seq_virmidi.c | 10 sound/pci/cs5535audio/cs5535audio.h | 6 sound/pci/cs5535audio/cs5535audio_pcm.c | 4 sound/pci/hda/hda_intel.c | 2 sound/pci/hda/patch_conexant.c | 4 sound/pci/vx222/vx222_ops.c | 8 sound/pcmcia/vx/vxp_ops.c | 10 48 files changed, 295 insertions(+), 212 deletions(-) Aaron Sierra (1): serial: 8250_exar: Read INT0 from slave device, too Aleksander Morgado (1): USB: option: add support for DW5821e Alexey Kodanev (1): dccp: fix undefined behavior with 'cwnd' shift in ccid2_cwnd_restart() Andrew Lunn (1): net: ethernet: mvneta: Fix napi structure mixup on armada 3700 Chen Hu (1): serial: 8250_dw: always set baud rate in dw8250_set_termios Cong Wang (2): llc: use refcount_inc_not_zero() for llc_sap_find() vsock: split dwork to avoid reinitializations David Howells (1): rxrpc: Fix the keepalive generator [ver #2] Dmitry Bogdanov (1): net: aquantia: Fix IFF_ALLMULTI flag functionality Greg Kroah-Hartman (1): Linux 4.17.18 Haishuang Yan (1): ip_vti: fix a null pointer deferrence when create vti fallback tunnel Hangbin Liu (3): net_sched: fix NULL pointer dereference when delete tcindex filter net_sched: Fix missing res info when create new tc_index filter cls_matchall: fix tcf_unbind_filter missing Hans de Goede (1): ALSA: hda: Correct Asrock B85M-ITX power_save blacklist entry Heiner Kallweit (1): r8169: don't use MSI-X on RTL8168g Jason Wang (1): vhost: reset metadata cache when initializing new IOTLB Jeremy Cline (1): net: sock_diag: Fix spectre v1 gadget in __sock_diag_cmd() Jian-Hong Pan (1): r8169: don't use MSI-X on RTL8106e Jisheng Zhang (1): net: mvneta: fix mvneta_config_rss on armada 3700 Johan Hovold (1): misc: sram: fix resource leaks in probe error path John Ogness (1): USB: serial: sierra: fix potential deadlock at close Kees Cook (1): isdn: Disable IIOCDBGVAR Mark (1): tty: serial: 8250: Revert NXP SC16C2552 workaround Movie Song (1): USB: serial: pl2303: add a new device id for ATEN Nir Dotan (4): mlxsw: core_acl_flex_actions: Return error for conflicting actions mlxsw: core_acl_flex_actions: Remove redundant resource destruction mlxsw: core_acl_flex_actions: Remove redundant counter destruction mlxsw: core_acl_flex_actions: Remove redundant mirror resource destruction Or Gerlitz (1): net/mlx5e: Properly check if hairpin is possible between two functions Park Ju Hyung (2): ALSA: hda - Sleep for 10ms after entering D3 on Conexant codecs ALSA: hda - Turn CX8200 into D3 as well upon reboot Srinath Mannam (1): serial: 8250_dw: Add ACPI support for uart on Broadcom SoC Sudip Mukherjee (1): Bluetooth: avoid killing an already killed socket Takashi Iwai (6): ALSA: vx222: Fix invalid endian conversions ALSA: virmidi: Fix too long output trigger loop ALSA: cs5535audio: Fix invalid endian conversion ALSA: memalloc: Don't exceed over the requested size ALSA: vxpocket: Fix invalid endian conversions ALSA: seq: Fix poll() error return Wei Wang (1): l2tp: use sk_dst_check() to avoid race on sk->sk_dst_cache Willy Tarreau (1): ACPI / PM: save NVS memory for ASUS 1025C laptop Xin Long (1): ip6_tunnel: use the right value for ipv4 min mtu check in ip6_tnl_xmit

7 years, 2 months

1
1
0 0

Linux 4.18.4

by Greg KH

I'm announcing the release of the 4.18.4 kernel. All users of the 4.18 kernel series must upgrade. The updated 4.18.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.18.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 - drivers/acpi/sleep.c | 8 ++++ drivers/isdn/i4l/isdn_common.c | 8 ---- drivers/media/usb/dvb-usb-v2/gl861.c | 21 ++++++------ drivers/misc/sram.c | 9 ++++- drivers/net/ethernet/marvell/mvneta.c | 53 +++++++++++++++++++------------- drivers/net/ethernet/realtek/r8169.c | 12 ++++++- drivers/net/hyperv/rndis_filter.c | 2 - drivers/tty/serial/8250/8250_dw.c | 3 + drivers/tty/serial/8250/8250_exar.c | 6 +++ drivers/tty/serial/8250/8250_port.c | 3 - drivers/uio/uio.c | 10 +----- drivers/usb/serial/option.c | 4 ++ drivers/usb/serial/pl2303.c | 2 + drivers/usb/serial/pl2303.h | 1 drivers/usb/serial/sierra.c | 4 +- net/bluetooth/sco.c | 3 + net/core/sock_diag.c | 2 + net/ipv4/ip_vti.c | 3 + net/l2tp/l2tp_core.c | 2 - net/sched/cls_matchall.c | 2 + net/sched/cls_tcindex.c | 8 +--- net/socket.c | 3 - sound/core/memalloc.c | 8 +--- sound/core/seq/oss/seq_oss.c | 2 - sound/core/seq/seq_clientmgr.c | 2 - sound/core/seq/seq_virmidi.c | 10 ++++++ sound/firewire/dice/dice-alesis.c | 2 - sound/pci/cs5535audio/cs5535audio.h | 6 +-- sound/pci/cs5535audio/cs5535audio_pcm.c | 4 +- sound/pci/hda/hda_intel.c | 2 - sound/pci/hda/patch_conexant.c | 4 +- sound/pci/vx222/vx222_ops.c | 8 ++-- sound/pcmcia/vx/vxp_ops.c | 10 +++--- 34 files changed, 137 insertions(+), 92 deletions(-) Aaron Sierra (1): serial: 8250_exar: Read INT0 from slave device, too Aleksander Morgado (1): USB: option: add support for DW5821e Andrew Lunn (1): net: ethernet: mvneta: Fix napi structure mixup on armada 3700 Chen Hu (1): serial: 8250_dw: always set baud rate in dw8250_set_termios Greg Kroah-Hartman (1): Linux 4.18.4 Hailong Liu (1): uio: fix wrong return value from uio_mmap() Haishuang Yan (1): ip_vti: fix a null pointer deferrence when create vti fallback tunnel Hangbin Liu (3): net_sched: fix NULL pointer dereference when delete tcindex filter net_sched: Fix missing res info when create new tc_index filter cls_matchall: fix tcf_unbind_filter missing Hans de Goede (1): ALSA: hda: Correct Asrock B85M-ITX power_save blacklist entry Heiner Kallweit (1): r8169: don't use MSI-X on RTL8168g Jeremy Cline (1): net: sock_diag: Fix spectre v1 gadget in __sock_diag_cmd() Jian-Hong Pan (1): r8169: don't use MSI-X on RTL8106e Jisheng Zhang (1): net: mvneta: fix mvneta_config_rss on armada 3700 Johan Hovold (1): misc: sram: fix resource leaks in probe error path John Ogness (1): USB: serial: sierra: fix potential deadlock at close Kees Cook (1): isdn: Disable IIOCDBGVAR Mark (1): tty: serial: 8250: Revert NXP SC16C2552 workaround Mika Båtsman (1): media: gl861: fix probe of dvb_usb_gl861 Movie Song (1): USB: serial: pl2303: add a new device id for ATEN Park Ju Hyung (2): ALSA: hda - Sleep for 10ms after entering D3 on Conexant codecs ALSA: hda - Turn CX8200 into D3 as well upon reboot Srinath Mannam (1): serial: 8250_dw: Add ACPI support for uart on Broadcom SoC Sudip Mukherjee (1): Bluetooth: avoid killing an already killed socket Takashi Iwai (7): ALSA: vx222: Fix invalid endian conversions ALSA: virmidi: Fix too long output trigger loop ALSA: cs5535audio: Fix invalid endian conversion ALSA: memalloc: Don't exceed over the requested size ALSA: vxpocket: Fix invalid endian conversions ALSA: seq: Fix poll() error return hv/netvsc: Fix NULL dereference at single queue mode fallback Takashi Sakamoto (1): ALSA: dice: fix wrong copy to rx parameters for Alesis iO26 Wei Wang (1): l2tp: use sk_dst_check() to avoid race on sk->sk_dst_cache Willy Tarreau (1): ACPI / PM: save NVS memory for ASUS 1025C laptop Xiubo Li (1): Revert "uio: use request_threaded_irq instead"

7 years, 2 months

1
1
0 0

Re: [PATCH] crypto: vmx - Fix sleep-in-atomic bugs

by Marcelo Henrique Cerri

On Tue, Aug 21, 2018 at 05:24:45PM +0200, Ondrej Mosnáček wrote: > CC: Paulo Flabiano Smorigo <pfsmorigo(a)linux.vnet.ibm.com>, > linuxppc-dev(a)lists.ozlabs.org > > (Sorry, sent this before reading new e-mails in the thread...) > > ut 21. 8. 2018 o 17:18 Ondrej Mosnacek <omosnace(a)redhat.com> napísal(a): > > > > This patch fixes sleep-in-atomic bugs in AES-CBC and AES-XTS VMX > > implementations. The problem is that the blkcipher_* functions should > > not be called in atomic context. > > > > The bugs can be reproduced via the AF_ALG interface by trying to > > encrypt/decrypt sufficiently large buffers (at least 64 KiB) using the > > VMX implementations of 'cbc(aes)' or 'xts(aes)'. Such operations then > > trigger BUG in crypto_yield(): > > > > [ 891.863680] BUG: sleeping function called from invalid context at include/crypto/algapi.h:424 > > [ 891.864622] in_atomic(): 1, irqs_disabled(): 0, pid: 12347, name: kcapi-enc > > [ 891.864739] 1 lock held by kcapi-enc/12347: > > [ 891.864811] #0: 00000000f5d42c46 (sk_lock-AF_ALG){+.+.}, at: skcipher_recvmsg+0x50/0x530 > > [ 891.865076] CPU: 5 PID: 12347 Comm: kcapi-enc Not tainted 4.19.0-0.rc0.git3.1.fc30.ppc64le #1 > > [ 891.865251] Call Trace: > > [ 891.865340] [c0000003387578c0] [c000000000d67ea4] dump_stack+0xe8/0x164 (unreliable) > > [ 891.865511] [c000000338757910] [c000000000172a58] ___might_sleep+0x2f8/0x310 > > [ 891.865679] [c000000338757990] [c0000000006bff74] blkcipher_walk_done+0x374/0x4a0 > > [ 891.865825] [c0000003387579e0] [d000000007e73e70] p8_aes_cbc_encrypt+0x1c8/0x260 [vmx_crypto] > > [ 891.865993] [c000000338757ad0] [c0000000006c0ee0] skcipher_encrypt_blkcipher+0x60/0x80 > > [ 891.866128] [c000000338757b10] [c0000000006ec504] skcipher_recvmsg+0x424/0x530 > > [ 891.866283] [c000000338757bd0] [c000000000b00654] sock_recvmsg+0x74/0xa0 > > [ 891.866403] [c000000338757c10] [c000000000b00f64] ___sys_recvmsg+0xf4/0x2f0 > > [ 891.866515] [c000000338757d90] [c000000000b02bb8] __sys_recvmsg+0x68/0xe0 > > [ 891.866631] [c000000338757e30] [c00000000000bbe4] system_call+0x5c/0x70 > > > > Fixes: 8c755ace357c ("crypto: vmx - Adding CBC routines for VMX module") > > Fixes: c07f5d3da643 ("crypto: vmx - Adding support for XTS") > > Cc: stable(a)vger.kernel.org > > Signed-off-by: Ondrej Mosnacek <omosnace(a)redhat.com> > > --- > > This patch should fix the issue, but I didn't test it. (I'll see if I > > can find some time tomorrow to try and recompile the kernel on a PPC > > machine... in the meantime please review :) > > > > drivers/crypto/vmx/aes_cbc.c | 30 ++++++++++++++---------------- > > drivers/crypto/vmx/aes_xts.c | 19 ++++++++++++------- > > 2 files changed, 26 insertions(+), 23 deletions(-) > > > > diff --git a/drivers/crypto/vmx/aes_cbc.c b/drivers/crypto/vmx/aes_cbc.c > > index 5285ece4f33a..b71895871be3 100644 > > --- a/drivers/crypto/vmx/aes_cbc.c > > +++ b/drivers/crypto/vmx/aes_cbc.c > > @@ -107,24 +107,23 @@ static int p8_aes_cbc_encrypt(struct blkcipher_desc *desc, > > ret = crypto_skcipher_encrypt(req); > > skcipher_request_zero(req); > > } else { > > - preempt_disable(); > > - pagefault_disable(); > > - enable_kernel_vsx(); > > - > > blkcipher_walk_init(&walk, dst, src, nbytes); > > ret = blkcipher_walk_virt(desc, &walk); > > while ((nbytes = walk.nbytes)) { > > + preempt_disable(); > > + pagefault_disable(); > > + enable_kernel_vsx(); > > aes_p8_cbc_encrypt(walk.src.virt.addr, > > walk.dst.virt.addr, > > nbytes & AES_BLOCK_MASK, > > &ctx->enc_key, walk.iv, 1); > > + disable_kernel_vsx(); > > + pagefault_enable(); > > + preempt_enable(); > > + > > nbytes &= AES_BLOCK_SIZE - 1; > > ret = blkcipher_walk_done(desc, &walk, nbytes); > > } > > - > > - disable_kernel_vsx(); > > - pagefault_enable(); > > - preempt_enable(); > > } > > > > return ret; > > @@ -147,24 +146,23 @@ static int p8_aes_cbc_decrypt(struct blkcipher_desc *desc, > > ret = crypto_skcipher_decrypt(req); > > skcipher_request_zero(req); > > } else { > > - preempt_disable(); > > - pagefault_disable(); > > - enable_kernel_vsx(); > > - > > blkcipher_walk_init(&walk, dst, src, nbytes); > > ret = blkcipher_walk_virt(desc, &walk); > > while ((nbytes = walk.nbytes)) { > > + preempt_disable(); > > + pagefault_disable(); > > + enable_kernel_vsx(); > > aes_p8_cbc_encrypt(walk.src.virt.addr, > > walk.dst.virt.addr, > > nbytes & AES_BLOCK_MASK, > > &ctx->dec_key, walk.iv, 0); > > + disable_kernel_vsx(); > > + pagefault_enable(); > > + preempt_enable(); > > + > > nbytes &= AES_BLOCK_SIZE - 1; > > ret = blkcipher_walk_done(desc, &walk, nbytes); > > } > > - > > - disable_kernel_vsx(); > > - pagefault_enable(); > > - preempt_enable(); > > } > > > > return ret; > > diff --git a/drivers/crypto/vmx/aes_xts.c b/drivers/crypto/vmx/aes_xts.c > > index 8bd9aff0f55f..016ef52390c9 100644 > > --- a/drivers/crypto/vmx/aes_xts.c > > +++ b/drivers/crypto/vmx/aes_xts.c > > @@ -116,13 +116,14 @@ static int p8_aes_xts_crypt(struct blkcipher_desc *desc, > > ret = enc? crypto_skcipher_encrypt(req) : crypto_skcipher_decrypt(req); > > skcipher_request_zero(req); > > } else { > > + blkcipher_walk_init(&walk, dst, src, nbytes); > > + > > + ret = blkcipher_walk_virt(desc, &walk); > > + > > preempt_disable(); > > pagefault_disable(); > > enable_kernel_vsx(); > > > > - blkcipher_walk_init(&walk, dst, src, nbytes); > > - > > - ret = blkcipher_walk_virt(desc, &walk); > > iv = walk.iv; > > memset(tweak, 0, AES_BLOCK_SIZE); > > aes_p8_encrypt(iv, tweak, &ctx->tweak_key); > > @@ -135,13 +136,17 @@ static int p8_aes_xts_crypt(struct blkcipher_desc *desc, > > aes_p8_xts_decrypt(walk.src.virt.addr, walk.dst.virt.addr, > > nbytes & AES_BLOCK_MASK, &ctx->dec_key, NULL, tweak); > > > > + disable_kernel_vsx(); > > + pagefault_enable(); > > + preempt_enable(); > > + > > nbytes &= AES_BLOCK_SIZE - 1; > > ret = blkcipher_walk_done(desc, &walk, nbytes); > > - } > > > > - disable_kernel_vsx(); > > - pagefault_enable(); > > - preempt_enable(); > > + preempt_disable(); > > + pagefault_disable(); > > + enable_kernel_vsx(); > > + } That doesn't seem right. It would leave preemption disabled when leaving the function. > > } > > return ret; > > } > > -- > > 2.17.1 > > -- Regards, Marcelo

7 years, 2 months

2
1
0 0

[patch 129/167] reiserfs: fix broken xattr handling (heap corruption, bad retval)

by akpm＠linux-foundation.org

From: Jann Horn <jannh(a)google.com> Subject: reiserfs: fix broken xattr handling (heap corruption, bad retval) This fixes the following issues: - When a buffer size is supplied to reiserfs_listxattr() such that each individual name fits, but the concatenation of all names doesn't fit, reiserfs_listxattr() overflows the supplied buffer. This leads to a kernel heap overflow (verified using KASAN) followed by an out-of-bounds usercopy and is therefore a security bug. - When a buffer size is supplied to reiserfs_listxattr() such that a name doesn't fit, -ERANGE should be returned. But reiserfs instead just truncates the list of names; I have verified that if the only xattr on a file has a longer name than the supplied buffer length, listxattr() incorrectly returns zero. With my patch applied, -ERANGE is returned in both cases and the memory corruption doesn't happen anymore. Credit for making me clean this code up a bit goes to Al Viro, who pointed out that the ->actor calling convention is suboptimal and should be changed. Link: http://lkml.kernel.org/r/20180802151539.5373-1-jannh@google.com Fixes: 48b32a3553a5 ("reiserfs: use generic xattr handlers") Signed-off-by: Jann Horn <jannh(a)google.com> Acked-by: Jeff Mahoney <jeffm(a)suse.com> Cc: Eric Biggers <ebiggers(a)google.com> Cc: Al Viro <viro(a)zeniv.linux.org.uk> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/reiserfs/xattr.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/fs/reiserfs/xattr.c~reiserfs-fix-broken-xattr-handling-heap-corruption-bad-retval +++ a/fs/reiserfs/xattr.c @@ -792,8 +792,10 @@ static int listxattr_filler(struct dir_c return 0; size = namelen + 1; if (b->buf) { - if (size > b->size) + if (b->pos + size > b->size) { + b->pos = -ERANGE; return -ERANGE; + } memcpy(b->buf + b->pos, name, namelen); b->buf[b->pos + namelen] = 0; } _

7 years, 2 months

1
0
0 0

[patch 037/167] drivers/block/zram/zram_drv.c: fix bug storing backing_dev

by akpm＠linux-foundation.org

From: Peter Kalauskas <peskal(a)google.com> Subject: drivers/block/zram/zram_drv.c: fix bug storing backing_dev The call to strlcpy in backing_dev_store is incorrect. It should take the size of the destination buffer instead of the size of the source buffer. Additionally, ignore the newline character (\n) when reading the new file_name buffer. This makes it possible to set the backing_dev as follows: echo /dev/sdX > /sys/block/zram0/backing_dev The reason it worked before was the fact that strlcpy() copies 'len - 1' bytes, which is strlen(buf) - 1 in our case, so it accidentally didn't copy the trailing new line symbol. Which also means that "echo -n /dev/sdX" most likely was broken. Signed-off-by: Peter Kalauskas <peskal(a)google.com> Link: http://lkml.kernel.org/r/20180813061623.GC64836@rodete-desktop-imager.corp.… Acked-by: Minchan Kim <minchan(a)kernel.org> Reviewed-by: Sergey Senozhatsky <sergey.senozhatsky(a)gmail.com> Cc: <stable(a)vger.kernel.org> [4.14+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- drivers/block/zram/zram_drv.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) --- a/drivers/block/zram/zram_drv.c~zram-fix-bug-storing-backing_dev +++ a/drivers/block/zram/zram_drv.c @@ -337,6 +337,7 @@ static ssize_t backing_dev_store(struct struct device_attribute *attr, const char *buf, size_t len) { char *file_name; + size_t sz; struct file *backing_dev = NULL; struct inode *inode; struct address_space *mapping; @@ -357,7 +358,11 @@ static ssize_t backing_dev_store(struct goto out; } - strlcpy(file_name, buf, len); + strlcpy(file_name, buf, PATH_MAX); + /* ignore trailing newline */ + sz = strlen(file_name); + if (sz > 0 && file_name[sz - 1] == '\n') + file_name[sz - 1] = 0x00; backing_dev = filp_open(file_name, O_RDWR|O_LARGEFILE, 0); if (IS_ERR(backing_dev)) { _

7 years, 2 months

1
0
0 0

[PATCH v5] spi: spi-mem: Adjust op len based on message/transfer size limitations

by Chuanhua Han

We need that to adjust the len of the 2nd transfer (called data in spi-mem) if it's too long to fit in a SPI message or SPI transfer. Fixes: c36ff266dc82 ("spi: Extend the core to ease integration of SPI memory controllers") Cc: <stable(a)vger.kernel.org> Signed-off-by: Chuanhua Han <chuanhua.han(a)nxp.com> Suggested-by: Boris Brezillon <boris.brezillon(a)bootlin.com> --- Changes in v5: -Add the validation check after the op->data.nbytes assignment -Assign the "len" variable after defining it Changes in v4: -Rename variable name "opcode_addr_dummy_sum" to "len". -The comparison of "spi_max_message_size(mem->spi)" and "len" was removed. -Adjust their order when comparing the sizes of "spi_max_message_size(mem->spi)" and "len" -Changing the "unsigned long" type in the code to "size_t" Changes in v3: -Rename variable name "val" to "opcode_addr_dummy_sum". -Place the legitimacy of the transfer size(i.e., "spi_max_message_size(mem->spi)" and -"opcode_addr_dummy_sum") into "if (! ctlr - > mem_ops | |! ctlr-> mem_ops->exec_op) {" structure and add "spi_max_transfer_size(mem->spi) and opcode_addr_dummy_sum". -Adjust the formatting alignment of the code. -"(unsigned long)op->data.nbytes" was modified to "(unsigned long)(op->data.nbytes)". Changes in v2: -Place the adjusted transfer bytes code in spi_mem_adjust_op_size() and check spi_max_message_size(mem->spi) value before subtracting opcode, addr and dummy bytes. -Change the code from fsl-espi controller to generic code(The adjustment of spi transmission length was originally modified in the "drivers/spi/spi-fsl-espi.c" file, and now the adjustment of transfer length is made in the "drivers/spi/spi-mem.c" file) drivers/spi/spi-mem.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/drivers/spi/spi-mem.c b/drivers/spi/spi-mem.c index 990770d..6184fa1 100644 --- a/drivers/spi/spi-mem.c +++ b/drivers/spi/spi-mem.c @@ -328,10 +328,26 @@ EXPORT_SYMBOL_GPL(spi_mem_exec_op); int spi_mem_adjust_op_size(struct spi_mem *mem, struct spi_mem_op *op) { struct spi_controller *ctlr = mem->spi->controller; + size_t len; + + len = sizeof(op->cmd.opcode) + op->addr.nbytes + op->dummy.nbytes; if (ctlr->mem_ops && ctlr->mem_ops->adjust_op_size) return ctlr->mem_ops->adjust_op_size(mem, op); + if (!ctlr->mem_ops || !ctlr->mem_ops->exec_op) { + if (len > spi_max_transfer_size(mem->spi)) + return -EINVAL; + + op->data.nbytes = min3((size_t)(op->data.nbytes), + spi_max_transfer_size(mem->spi), + spi_max_message_size(mem->spi) - + len); + + if (!op->data.nbytes) + return -EINVAL; + } + return 0; } EXPORT_SYMBOL_GPL(spi_mem_adjust_op_size); -- 2.7.4

7 years, 2 months

1
0
0 0

[PATCH v2] mm: shmem: Correctly annotate new inodes for lockdep

by Joel Fernandes

From: "Joel Fernandes (Google)" <joel(a)joelfernandes.org> Directories and inodes don't necessarily need to be in the same lockdep class. For ex, hugetlbfs splits them out too to prevent false positives in lockdep. Annotate correctly after new inode creation. If its a directory inode, it will be put into a different class. This should fix a lockdep splat reported by syzbot: > ====================================================== > WARNING: possible circular locking dependency detected > 4.18.0-rc8-next-20180810+ #36 Not tainted > ------------------------------------------------------ > syz-executor900/4483 is trying to acquire lock: > 00000000d2bfc8fe (&sb->s_type->i_mutex_key#9){++++}, at: inode_lock > include/linux/fs.h:765 [inline] > 00000000d2bfc8fe (&sb->s_type->i_mutex_key#9){++++}, at: > shmem_fallocate+0x18b/0x12e0 mm/shmem.c:2602 > > but task is already holding lock: > 0000000025208078 (ashmem_mutex){+.+.}, at: ashmem_shrink_scan+0xb4/0x630 > drivers/staging/android/ashmem.c:448 > > which lock already depends on the new lock. > > -> #2 (ashmem_mutex){+.+.}: > __mutex_lock_common kernel/locking/mutex.c:925 [inline] > __mutex_lock+0x171/0x1700 kernel/locking/mutex.c:1073 > mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1088 > ashmem_mmap+0x55/0x520 drivers/staging/android/ashmem.c:361 > call_mmap include/linux/fs.h:1844 [inline] > mmap_region+0xf27/0x1c50 mm/mmap.c:1762 > do_mmap+0xa10/0x1220 mm/mmap.c:1535 > do_mmap_pgoff include/linux/mm.h:2298 [inline] > vm_mmap_pgoff+0x213/0x2c0 mm/util.c:357 > ksys_mmap_pgoff+0x4da/0x660 mm/mmap.c:1585 > __do_sys_mmap arch/x86/kernel/sys_x86_64.c:100 [inline] > __se_sys_mmap arch/x86/kernel/sys_x86_64.c:91 [inline] > __x64_sys_mmap+0xe9/0x1b0 arch/x86/kernel/sys_x86_64.c:91 > do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 > entry_SYSCALL_64_after_hwframe+0x49/0xbe > > -> #1 (&mm->mmap_sem){++++}: > __might_fault+0x155/0x1e0 mm/memory.c:4568 > _copy_to_user+0x30/0x110 lib/usercopy.c:25 > copy_to_user include/linux/uaccess.h:155 [inline] > filldir+0x1ea/0x3a0 fs/readdir.c:196 > dir_emit_dot include/linux/fs.h:3464 [inline] > dir_emit_dots include/linux/fs.h:3475 [inline] > dcache_readdir+0x13a/0x620 fs/libfs.c:193 > iterate_dir+0x48b/0x5d0 fs/readdir.c:51 > __do_sys_getdents fs/readdir.c:231 [inline] > __se_sys_getdents fs/readdir.c:212 [inline] > __x64_sys_getdents+0x29f/0x510 fs/readdir.c:212 > do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 > entry_SYSCALL_64_after_hwframe+0x49/0xbe > > -> #0 (&sb->s_type->i_mutex_key#9){++++}: > lock_acquire+0x1e4/0x540 kernel/locking/lockdep.c:3924 > down_write+0x8f/0x130 kernel/locking/rwsem.c:70 > inode_lock include/linux/fs.h:765 [inline] > shmem_fallocate+0x18b/0x12e0 mm/shmem.c:2602 > ashmem_shrink_scan+0x236/0x630 drivers/staging/android/ashmem.c:455 > ashmem_ioctl+0x3ae/0x13a0 drivers/staging/android/ashmem.c:797 > vfs_ioctl fs/ioctl.c:46 [inline] > file_ioctl fs/ioctl.c:501 [inline] > do_vfs_ioctl+0x1de/0x1720 fs/ioctl.c:685 > ksys_ioctl+0xa9/0xd0 fs/ioctl.c:702 > __do_sys_ioctl fs/ioctl.c:709 [inline] > __se_sys_ioctl fs/ioctl.c:707 [inline] > __x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:707 > do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 > entry_SYSCALL_64_after_hwframe+0x49/0xbe > > other info that might help us debug this: > > Chain exists of: > &sb->s_type->i_mutex_key#9 --> &mm->mmap_sem --> ashmem_mutex > > Possible unsafe locking scenario: > > CPU0 CPU1 > ---- ---- > lock(ashmem_mutex); > lock(&mm->mmap_sem); > lock(ashmem_mutex); > lock(&sb->s_type->i_mutex_key#9); > > *** DEADLOCK *** > > 1 lock held by syz-executor900/4483: > #0: 0000000025208078 (ashmem_mutex){+.+.}, at: > ashmem_shrink_scan+0xb4/0x630 drivers/staging/android/ashmem.c:448 Reported-by: syzbot <syzkaller(a)googlegroups.com> Cc: willy(a)infradead.org Cc: stable(a)vger.kernel.org Cc: peterz(a)infradead.org Cc: Andrew Morton <akpm(a)linux-foundation.org> Reviewed-by: NeilBrown <neilb(a)suse.com> Suggested-by: NeilBrown <neilb(a)suse.com> Signed-off-by: Joel Fernandes (Google) <joel(a)joelfernandes.org> --- v1->v2: Added Reviewed-by of NeilBrown and CC Andrew. mm/shmem.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/mm/shmem.c b/mm/shmem.c index 41b9bbf24e16..8264bbdbb6a5 100644 --- a/mm/shmem.c +++ b/mm/shmem.c @@ -2226,6 +2226,8 @@ static struct inode *shmem_get_inode(struct super_block *sb, const struct inode mpol_shared_policy_init(&info->policy, NULL); break; } + + lockdep_annotate_inode_mutex_key(inode); } else shmem_free_inode(sb); return inode; -- 2.18.0.1017.ga543ac7ca45-goog

7 years, 2 months

1
0
0 0

[PATCH] mm: shmem: Correctly annotate new inodes

by Joel Fernandes (Google)

Directories and inodes don't necessarily need to be in the same lockdep class. For ex, hugetlbfs splits them out too to prevent false positives in lockdep. Annotate correctly after new inode creation. If its a directory inode, it will be put into a different class. This should fix a lockdep splat reported by syzbot: > ====================================================== > WARNING: possible circular locking dependency detected > 4.18.0-rc8-next-20180810+ #36 Not tainted > ------------------------------------------------------ > syz-executor900/4483 is trying to acquire lock: > 00000000d2bfc8fe (&sb->s_type->i_mutex_key#9){++++}, at: inode_lock > include/linux/fs.h:765 [inline] > 00000000d2bfc8fe (&sb->s_type->i_mutex_key#9){++++}, at: > shmem_fallocate+0x18b/0x12e0 mm/shmem.c:2602 > > but task is already holding lock: > 0000000025208078 (ashmem_mutex){+.+.}, at: ashmem_shrink_scan+0xb4/0x630 > drivers/staging/android/ashmem.c:448 > > which lock already depends on the new lock. > > -> #2 (ashmem_mutex){+.+.}: > __mutex_lock_common kernel/locking/mutex.c:925 [inline] > __mutex_lock+0x171/0x1700 kernel/locking/mutex.c:1073 > mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1088 > ashmem_mmap+0x55/0x520 drivers/staging/android/ashmem.c:361 > call_mmap include/linux/fs.h:1844 [inline] > mmap_region+0xf27/0x1c50 mm/mmap.c:1762 > do_mmap+0xa10/0x1220 mm/mmap.c:1535 > do_mmap_pgoff include/linux/mm.h:2298 [inline] > vm_mmap_pgoff+0x213/0x2c0 mm/util.c:357 > ksys_mmap_pgoff+0x4da/0x660 mm/mmap.c:1585 > __do_sys_mmap arch/x86/kernel/sys_x86_64.c:100 [inline] > __se_sys_mmap arch/x86/kernel/sys_x86_64.c:91 [inline] > __x64_sys_mmap+0xe9/0x1b0 arch/x86/kernel/sys_x86_64.c:91 > do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 > entry_SYSCALL_64_after_hwframe+0x49/0xbe > > -> #1 (&mm->mmap_sem){++++}: > __might_fault+0x155/0x1e0 mm/memory.c:4568 > _copy_to_user+0x30/0x110 lib/usercopy.c:25 > copy_to_user include/linux/uaccess.h:155 [inline] > filldir+0x1ea/0x3a0 fs/readdir.c:196 > dir_emit_dot include/linux/fs.h:3464 [inline] > dir_emit_dots include/linux/fs.h:3475 [inline] > dcache_readdir+0x13a/0x620 fs/libfs.c:193 > iterate_dir+0x48b/0x5d0 fs/readdir.c:51 > __do_sys_getdents fs/readdir.c:231 [inline] > __se_sys_getdents fs/readdir.c:212 [inline] > __x64_sys_getdents+0x29f/0x510 fs/readdir.c:212 > do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 > entry_SYSCALL_64_after_hwframe+0x49/0xbe > > -> #0 (&sb->s_type->i_mutex_key#9){++++}: > lock_acquire+0x1e4/0x540 kernel/locking/lockdep.c:3924 > down_write+0x8f/0x130 kernel/locking/rwsem.c:70 > inode_lock include/linux/fs.h:765 [inline] > shmem_fallocate+0x18b/0x12e0 mm/shmem.c:2602 > ashmem_shrink_scan+0x236/0x630 drivers/staging/android/ashmem.c:455 > ashmem_ioctl+0x3ae/0x13a0 drivers/staging/android/ashmem.c:797 > vfs_ioctl fs/ioctl.c:46 [inline] > file_ioctl fs/ioctl.c:501 [inline] > do_vfs_ioctl+0x1de/0x1720 fs/ioctl.c:685 > ksys_ioctl+0xa9/0xd0 fs/ioctl.c:702 > __do_sys_ioctl fs/ioctl.c:709 [inline] > __se_sys_ioctl fs/ioctl.c:707 [inline] > __x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:707 > do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 > entry_SYSCALL_64_after_hwframe+0x49/0xbe > > other info that might help us debug this: > > Chain exists of: > &sb->s_type->i_mutex_key#9 --> &mm->mmap_sem --> ashmem_mutex > > Possible unsafe locking scenario: > > CPU0 CPU1 > ---- ---- > lock(ashmem_mutex); > lock(&mm->mmap_sem); > lock(ashmem_mutex); > lock(&sb->s_type->i_mutex_key#9); > > *** DEADLOCK *** > > 1 lock held by syz-executor900/4483: > #0: 0000000025208078 (ashmem_mutex){+.+.}, at: > ashmem_shrink_scan+0xb4/0x630 drivers/staging/android/ashmem.c:448 Reported-by: syzbot <syzkaller(a)googlegroups.com> Cc: willy(a)infradead.org Cc: stable(a)vger.kernel.org Cc: peterz(a)infradead.org Suggested-by: Neil Brown <neilb(a)suse.com> Signed-off-by: Joel Fernandes (Google) <joel(a)joelfernandes.org> --- mm/shmem.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/mm/shmem.c b/mm/shmem.c index 2cab84403055..4429a8fd932d 100644 --- a/mm/shmem.c +++ b/mm/shmem.c @@ -2225,6 +2225,8 @@ static struct inode *shmem_get_inode(struct super_block *sb, const struct inode mpol_shared_policy_init(&info->policy, NULL); break; } + + lockdep_annotate_inode_mutex_key(inode); } else shmem_free_inode(sb); return inode; -- 2.18.0.597.ga71716f1ad-goog

7 years, 2 months

2
1
0 0

[PATCH 4.4 00/22] 4.4.151-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.4.151 release. There are 22 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu Aug 23 05:51:31 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.151-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.4.151-rc1 Kees Cook <keescook(a)chromium.org> isdn: Disable IIOCDBGVAR Sudip Mukherjee <sudipm.mukherjee(a)gmail.com> Bluetooth: avoid killing an already killed socket Tom Lendacky <thomas.lendacky(a)amd.com> x86/mm: Simplify p[g4um]d_page() macros Chen Hu <hu1.chen(a)intel.com> serial: 8250_dw: always set baud rate in dw8250_set_termios Willy Tarreau <w(a)1wt.eu> ACPI / PM: save NVS memory for ASUS 1025C laptop Zhang Rui <rui.zhang(a)intel.com> ACPI: save NVS memory for Lenovo G50-45 Aleksander Morgado <aleksander(a)aleksander.es> USB: option: add support for DW5821e John Ogness <john.ogness(a)linutronix.de> USB: serial: sierra: fix potential deadlock at close Takashi Iwai <tiwai(a)suse.de> ALSA: vxpocket: Fix invalid endian conversions Takashi Iwai <tiwai(a)suse.de> ALSA: memalloc: Don't exceed over the requested size Hans de Goede <hdegoede(a)redhat.com> ALSA: hda: Correct Asrock B85M-ITX power_save blacklist entry Takashi Iwai <tiwai(a)suse.de> ALSA: cs5535audio: Fix invalid endian conversion Takashi Iwai <tiwai(a)suse.de> ALSA: virmidi: Fix too long output trigger loop Takashi Iwai <tiwai(a)suse.de> ALSA: vx222: Fix invalid endian conversions Park Ju Hyung <qkrwngud825(a)gmail.com> ALSA: hda - Turn CX8200 into D3 as well upon reboot Park Ju Hyung <qkrwngud825(a)gmail.com> ALSA: hda - Sleep for 10ms after entering D3 on Conexant codecs Hangbin Liu <liuhangbin(a)gmail.com> net_sched: fix NULL pointer dereference when delete tcindex filter Cong Wang <xiyou.wangcong(a)gmail.com> vsock: split dwork to avoid reinitializations Hangbin Liu <liuhangbin(a)gmail.com> net_sched: Fix missing res info when create new tc_index filter Cong Wang <xiyou.wangcong(a)gmail.com> llc: use refcount_inc_not_zero() for llc_sap_find() Wei Wang <weiwan(a)google.com> l2tp: use sk_dst_check() to avoid race on sk->sk_dst_cache Alexey Kodanev <alexey.kodanev(a)oracle.com> dccp: fix undefined behavior with 'cwnd' shift in ccid2_cwnd_restart() ------------- Diffstat: Makefile | 4 ++-- arch/x86/include/asm/pgtable.h | 13 ++++++++----- drivers/acpi/sleep.c | 27 +++++++++++++++++++++++++++ drivers/isdn/i4l/isdn_common.c | 8 +------- drivers/tty/serial/8250/8250_dw.c | 2 +- drivers/usb/serial/option.c | 4 ++++ drivers/usb/serial/sierra.c | 4 ++-- include/net/af_vsock.h | 4 ++-- include/net/llc.h | 5 +++++ net/bluetooth/sco.c | 3 ++- net/dccp/ccids/ccid2.c | 6 ++++-- net/l2tp/l2tp_core.c | 2 +- net/llc/llc_core.c | 4 ++-- net/sched/cls_tcindex.c | 8 +++----- net/vmw_vsock/af_vsock.c | 15 ++++++++------- net/vmw_vsock/vmci_transport.c | 3 +-- sound/core/memalloc.c | 8 ++------ sound/core/seq/seq_virmidi.c | 10 ++++++++++ sound/pci/cs5535audio/cs5535audio.h | 6 +++--- sound/pci/cs5535audio/cs5535audio_pcm.c | 4 ++-- sound/pci/hda/hda_intel.c | 2 +- sound/pci/hda/patch_conexant.c | 4 +++- sound/pci/vx222/vx222_ops.c | 8 ++++---- sound/pcmcia/vx/vxp_ops.c | 10 +++++----- 24 files changed, 103 insertions(+), 61 deletions(-)

7 years, 2 months

4
24
0 0

[PATCH 4.9 00/25] 4.9.123-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.9.123 release. There are 25 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu Aug 23 05:51:15 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.123-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.9.123-rc1 Sudip Mukherjee <sudipm.mukherjee(a)gmail.com> Bluetooth: avoid killing an already killed socket Tom Lendacky <thomas.lendacky(a)amd.com> x86/mm: Simplify p[g4um]d_page() macros Srinath Mannam <srinath.mannam(a)broadcom.com> serial: 8250_dw: Add ACPI support for uart on Broadcom SoC Chen Hu <hu1.chen(a)intel.com> serial: 8250_dw: always set baud rate in dw8250_set_termios Mark <dmarkh(a)cfl.rr.com> tty: serial: 8250: Revert NXP SC16C2552 workaround Willy Tarreau <w(a)1wt.eu> ACPI / PM: save NVS memory for ASUS 1025C laptop Aleksander Morgado <aleksander(a)aleksander.es> USB: option: add support for DW5821e John Ogness <john.ogness(a)linutronix.de> USB: serial: sierra: fix potential deadlock at close Hangbin Liu <liuhangbin(a)gmail.com> cls_matchall: fix tcf_unbind_filter missing Kees Cook <keescook(a)chromium.org> isdn: Disable IIOCDBGVAR Takashi Iwai <tiwai(a)suse.de> ALSA: vxpocket: Fix invalid endian conversions Takashi Iwai <tiwai(a)suse.de> ALSA: memalloc: Don't exceed over the requested size Hans de Goede <hdegoede(a)redhat.com> ALSA: hda: Correct Asrock B85M-ITX power_save blacklist entry Takashi Iwai <tiwai(a)suse.de> ALSA: cs5535audio: Fix invalid endian conversion Takashi Iwai <tiwai(a)suse.de> ALSA: virmidi: Fix too long output trigger loop Takashi Iwai <tiwai(a)suse.de> ALSA: vx222: Fix invalid endian conversions Park Ju Hyung <qkrwngud825(a)gmail.com> ALSA: hda - Turn CX8200 into D3 as well upon reboot Park Ju Hyung <qkrwngud825(a)gmail.com> ALSA: hda - Sleep for 10ms after entering D3 on Conexant codecs Hangbin Liu <liuhangbin(a)gmail.com> net_sched: fix NULL pointer dereference when delete tcindex filter Hangbin Liu <liuhangbin(a)gmail.com> net_sched: Fix missing res info when create new tc_index filter Xin Long <lucien.xin(a)gmail.com> ip6_tunnel: use the right value for ipv4 min mtu check in ip6_tnl_xmit Cong Wang <xiyou.wangcong(a)gmail.com> vsock: split dwork to avoid reinitializations Cong Wang <xiyou.wangcong(a)gmail.com> llc: use refcount_inc_not_zero() for llc_sap_find() Wei Wang <weiwan(a)google.com> l2tp: use sk_dst_check() to avoid race on sk->sk_dst_cache Alexey Kodanev <alexey.kodanev(a)oracle.com> dccp: fix undefined behavior with 'cwnd' shift in ccid2_cwnd_restart() ------------- Diffstat: Makefile | 4 ++-- arch/x86/include/asm/pgtable.h | 13 ++++++++----- drivers/acpi/sleep.c | 8 ++++++++ drivers/isdn/i4l/isdn_common.c | 8 +------- drivers/tty/serial/8250/8250_dw.c | 3 ++- drivers/tty/serial/8250/8250_port.c | 3 +-- drivers/usb/serial/option.c | 4 ++++ drivers/usb/serial/sierra.c | 4 ++-- include/net/af_vsock.h | 4 ++-- include/net/llc.h | 5 +++++ net/bluetooth/sco.c | 3 ++- net/dccp/ccids/ccid2.c | 6 ++++-- net/ipv6/ip6_tunnel.c | 8 ++------ net/l2tp/l2tp_core.c | 2 +- net/llc/llc_core.c | 4 ++-- net/sched/cls_matchall.c | 2 ++ net/sched/cls_tcindex.c | 8 +++----- net/vmw_vsock/af_vsock.c | 15 ++++++++------- net/vmw_vsock/vmci_transport.c | 3 +-- sound/core/memalloc.c | 8 ++------ sound/core/seq/seq_virmidi.c | 10 ++++++++++ sound/pci/cs5535audio/cs5535audio.h | 6 +++--- sound/pci/cs5535audio/cs5535audio_pcm.c | 4 ++-- sound/pci/hda/hda_intel.c | 2 +- sound/pci/hda/patch_conexant.c | 4 +++- sound/pci/vx222/vx222_ops.c | 8 ++++---- sound/pcmcia/vx/vxp_ops.c | 10 +++++----- 27 files changed, 90 insertions(+), 69 deletions(-)

7 years, 2 months

5
29
0 0

[BUG] madvise05 leads kernel panic on 4.9.122

by Yang Shi

Hi folks, I just ran some regression test on stable 4.9.122 with LTP. madvise05 triggers the below kernel panic: [ 6785.089994] BUG: unable to handle kernel paging request at ffffeaff44488020 [ 6785.097952] IP: [] page_remove_rmap+0x27/0x580 [ 6785.104810] PGD 0 [ 6785.106859] [ 6785.108526] Oops: 0000 [#1] SMP [ 6785.112029] Modules linked in: mptctl(E) mptbase(E) tun(E) fuse(E) vfat(E) fat(E) btrfs(E) xor(E) raid6_pq(E) xfs(E) [ 6785.123905] CPU: 14 PID: 77983 Comm: madvise05 Tainted: G E 4.9.122-001.ali3000_nightly_cov_20180820_193.test.alios7.x86_64 #1 [ 6785.137880] Hardware name: Dell Inc. PowerEdge R720xd/0X6FFV, BIOS 1.3.6 09/11/2012 [ 6785.146425] task: ffff882daeb78000 task.stack: ffffc9001b438000 [ 6785.153031] RIP: 0010:[] [] page_remove_rmap+0x27/0x580 [ 6785.162461] RSP: 0018:ffffc9001b43bc50 EFLAGS: 00010246 [ 6785.168388] RAX: 0000000000000000 RBX: ffffeaff44488000 RCX: 0000000000000080 [ 6785.176351] RDX: ffffeaff44488000 RSI: 0000000000000001 RDI: ffffeaff44488000 [ 6785.184315] RBP: ffffc9001b43bc80 R08: ffff882f9d4a6540 R09: ffffffff84bcdf60 [ 6785.192277] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001 [ 6785.200241] R13: ffff882db6996910 R14: ffffea00b6da65b0 R15: 00003fffffe00000 [ 6785.208205] FS: 00002ae5a3dfbb80(0000) GS:ffff882fbf180000(0000) knlGS:0000000000000000 [ 6785.217234] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 6785.223646] CR2: ffffeaff44488020 CR3: 0000002f9d51c000 CR4: 00000000000606f0 [ 6785.231610] Stack: [ 6785.233851] 0000000000000000 00003ffffd6b3320 0434f9415ac47f2c ffffeaff44488000 [ 6785.242143] ffffc9001b43bdd8 ffff882db6996910 ffffc9001b43bcc0 ffffffff81355aaa [ 6785.250438] ffff882f9d4a6540 00002ae5a4400000 00002ae5a4600000 ffffffff84bcd7a0 [ 6785.258728] Call Trace: [ 6785.261460] [] zap_huge_pmd+0x28a/0x640 [ 6785.267585] [] unmap_page_range+0x532/0x630 [ 6785.274087] [] unmap_single_vma+0xa9/0x160 [ 6785.280501] [] unmap_vmas+0x5f/0xe0 [ 6785.286236] [] unmap_region+0xe4/0x1e0 [ 6785.292263] [] ? blk_finish_plug+0x3c/0x60 [ 6785.298669] [] ? SYSC_madvise+0x69b/0xed0 [ 6785.304985] [] do_munmap+0x39b/0x5b0 [ 6785.310818] [] SyS_munmap+0x78/0xb0 [ 6785.316552] [] do_syscall_64+0xf4/0x350 [ 6785.322676] [] entry_SYSCALL_64_after_swapgs+0x58/0xca [ 6785.330244] Code: 00 00 00 00 66 66 66 66 90 55 <48> 8b 57 20 48 89 f8 f6 c2 01 0f [ 6785.339011] RIP [] page_remove_rmap+0x27/0x580 [ 6785.345825] RSP [ 6785.349715] CR2: ffffeaff44488020 The same test case works well on both 4.9.119 and the latest Linus's tree. So, it looks it is caused by the L1TF patches on the stable tree. And, the madvise05 test case can be simplified to the below test program: #include <sys/mman.h> #include <stdio.h> void main() { void *addr; int err; addr = mmap(NULL, 32 * 1024 * 1024, PROT_READ, MAP_PRIVATE | MAP_ANONYMOUS | MAP_POPULATE, -1, 0); if (addr == MAP_FAILED) { printf("mmap failed\n"); return; } err = mprotect(addr, 32 * 1024 * 1024, PROT_NONE); if (err < 0) { printf("mprotect failed\n"); return; } munmap(addr, 32 * 1024 * 1024); } You may be already aware of this problem or any hint is appreciated. Thanks, Yang

7 years, 2 months

3
4
0 0

[PATCH v2] staging: android: ion: check for kref overflow

by Daniel Rosenberg

Userspace can cause the kref to handles to increment arbitrarily high. Ensure it does not overflow. Signed-off-by: Daniel Rosenberg <drosen(a)google.com> --- v2: Fixed patch corruption :( This patch is against 4.4. It does not apply to master due to a large rework of ion in 4.12 which removed the affected functions altogther. 4c23cbff073f3b9b ("staging: android: ion: Remove import interface") It applies from 3.18 to 4.11, although with a trivial conflict resolution for the later branches. drivers/staging/android/ion/ion.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/drivers/staging/android/ion/ion.c b/drivers/staging/android/ion/ion.c index 374f840f31a48..47cb163da9a07 100644 --- a/drivers/staging/android/ion/ion.c +++ b/drivers/staging/android/ion/ion.c @@ -15,6 +15,7 @@ * */ +#include <linux/atomic.h> #include <linux/device.h> #include <linux/err.h> #include <linux/file.h> @@ -387,6 +388,16 @@ static void ion_handle_get(struct ion_handle *handle) kref_get(&handle->ref); } +/* Must hold the client lock */ +static struct ion_handle *ion_handle_get_check_overflow( + struct ion_handle *handle) +{ + if (atomic_read(&handle->ref.refcount) + 1 == 0) + return ERR_PTR(-EOVERFLOW); + ion_handle_get(handle); + return handle; +} + static int ion_handle_put_nolock(struct ion_handle *handle) { int ret; @@ -433,9 +444,9 @@ static struct ion_handle *ion_handle_get_by_id_nolock(struct ion_client *client, handle = idr_find(&client->idr, id); if (handle) - ion_handle_get(handle); + return ion_handle_get_check_overflow(handle); - return handle ? handle : ERR_PTR(-EINVAL); + return ERR_PTR(-EINVAL); } struct ion_handle *ion_handle_get_by_id(struct ion_client *client, @@ -1202,7 +1213,7 @@ struct ion_handle *ion_import_dma_buf(struct ion_client *client, int fd) /* if a handle exists for this buffer just take a reference to it */ handle = ion_handle_lookup(client, buffer); if (!IS_ERR(handle)) { - ion_handle_get(handle); + handle = ion_handle_get_check_overflow(handle); mutex_unlock(&client->lock); goto end; } -- 2.18.0.865.gffc8e1a3cd6-goog

7 years, 2 months

1
0
0 0

[PATCH 4.18 00/35] 4.18.4-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.18.4 release. There are 35 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu Aug 23 05:50:07 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.18.4-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.18.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.18.4-rc1 Hangbin Liu <liuhangbin(a)gmail.com> cls_matchall: fix tcf_unbind_filter missing Jisheng Zhang <Jisheng.Zhang(a)synaptics.com> net: mvneta: fix mvneta_config_rss on armada 3700 Andrew Lunn <andrew(a)lunn.ch> net: ethernet: mvneta: Fix napi structure mixup on armada 3700 Haishuang Yan <yanhaishuang(a)cmss.chinamobile.com> ip_vti: fix a null pointer deferrence when create vti fallback tunnel Jian-Hong Pan <jian-hong(a)endlessm.com> r8169: don't use MSI-X on RTL8106e Takashi Iwai <tiwai(a)suse.de> hv/netvsc: Fix NULL dereference at single queue mode fallback Jeremy Cline <jcline(a)redhat.com> net: sock_diag: Fix spectre v1 gadget in __sock_diag_cmd() Kees Cook <keescook(a)chromium.org> isdn: Disable IIOCDBGVAR Sudip Mukherjee <sudipm.mukherjee(a)gmail.com> Bluetooth: avoid killing an already killed socket Xiubo Li <xiubli(a)redhat.com> Revert "uio: use request_threaded_irq instead" Johan Hovold <johan(a)kernel.org> misc: sram: fix resource leaks in probe error path Hailong Liu <liu.hailong6(a)zte.com.cn> uio: fix wrong return value from uio_mmap() Srinath Mannam <srinath.mannam(a)broadcom.com> serial: 8250_dw: Add ACPI support for uart on Broadcom SoC Chen Hu <hu1.chen(a)intel.com> serial: 8250_dw: always set baud rate in dw8250_set_termios Aaron Sierra <asierra(a)xes-inc.com> serial: 8250_exar: Read INT0 from slave device, too Mark <dmarkh(a)cfl.rr.com> tty: serial: 8250: Revert NXP SC16C2552 workaround Willy Tarreau <w(a)1wt.eu> ACPI / PM: save NVS memory for ASUS 1025C laptop Aleksander Morgado <aleksander(a)aleksander.es> USB: option: add support for DW5821e Movie Song <MovieSong(a)aten-itlab.cn> USB: serial: pl2303: add a new device id for ATEN John Ogness <john.ogness(a)linutronix.de> USB: serial: sierra: fix potential deadlock at close Mika Båtsman <mika.batsman(a)gmail.com> media: gl861: fix probe of dvb_usb_gl861 Takashi Iwai <tiwai(a)suse.de> ALSA: seq: Fix poll() error return Takashi Iwai <tiwai(a)suse.de> ALSA: vxpocket: Fix invalid endian conversions Takashi Iwai <tiwai(a)suse.de> ALSA: memalloc: Don't exceed over the requested size Hans de Goede <hdegoede(a)redhat.com> ALSA: hda: Correct Asrock B85M-ITX power_save blacklist entry Takashi Sakamoto <o-takashi(a)sakamocchi.jp> ALSA: dice: fix wrong copy to rx parameters for Alesis iO26 Takashi Iwai <tiwai(a)suse.de> ALSA: cs5535audio: Fix invalid endian conversion Takashi Iwai <tiwai(a)suse.de> ALSA: virmidi: Fix too long output trigger loop Takashi Iwai <tiwai(a)suse.de> ALSA: vx222: Fix invalid endian conversions Park Ju Hyung <qkrwngud825(a)gmail.com> ALSA: hda - Turn CX8200 into D3 as well upon reboot Park Ju Hyung <qkrwngud825(a)gmail.com> ALSA: hda - Sleep for 10ms after entering D3 on Conexant codecs Heiner Kallweit <hkallweit1(a)gmail.com> r8169: don't use MSI-X on RTL8168g Hangbin Liu <liuhangbin(a)gmail.com> net_sched: Fix missing res info when create new tc_index filter Hangbin Liu <liuhangbin(a)gmail.com> net_sched: fix NULL pointer dereference when delete tcindex filter Wei Wang <weiwan(a)google.com> l2tp: use sk_dst_check() to avoid race on sk->sk_dst_cache ------------- Diffstat: Makefile | 4 +-- drivers/acpi/sleep.c | 8 +++++ drivers/isdn/i4l/isdn_common.c | 8 +---- drivers/media/usb/dvb-usb-v2/gl861.c | 21 +++++++------ drivers/misc/sram.c | 9 +++++- drivers/net/ethernet/marvell/mvneta.c | 53 ++++++++++++++++++++------------- drivers/net/ethernet/realtek/r8169.c | 12 ++++++-- drivers/net/hyperv/rndis_filter.c | 2 +- drivers/tty/serial/8250/8250_dw.c | 3 +- drivers/tty/serial/8250/8250_exar.c | 6 +++- drivers/tty/serial/8250/8250_port.c | 3 +- drivers/uio/uio.c | 10 ++----- drivers/usb/serial/option.c | 4 +++ drivers/usb/serial/pl2303.c | 2 ++ drivers/usb/serial/pl2303.h | 1 + drivers/usb/serial/sierra.c | 4 +-- net/bluetooth/sco.c | 3 +- net/core/sock_diag.c | 2 ++ net/ipv4/ip_vti.c | 3 +- net/l2tp/l2tp_core.c | 2 +- net/sched/cls_matchall.c | 2 ++ net/sched/cls_tcindex.c | 8 ++--- net/socket.c | 3 +- sound/core/memalloc.c | 8 ++--- sound/core/seq/oss/seq_oss.c | 2 +- sound/core/seq/seq_clientmgr.c | 2 +- sound/core/seq/seq_virmidi.c | 10 +++++++ sound/firewire/dice/dice-alesis.c | 2 +- sound/pci/cs5535audio/cs5535audio.h | 6 ++-- sound/pci/cs5535audio/cs5535audio_pcm.c | 4 +-- sound/pci/hda/hda_intel.c | 2 +- sound/pci/hda/patch_conexant.c | 4 ++- sound/pci/vx222/vx222_ops.c | 8 ++--- sound/pcmcia/vx/vxp_ops.c | 10 +++---- 34 files changed, 138 insertions(+), 93 deletions(-)

7 years, 2 months

4
40
0 0

[PATCH 4.14 00/29] 4.14.66-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.14.66 release. There are 29 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu Aug 23 05:50:58 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.66-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.14.66-rc1 Hangbin Liu <liuhangbin(a)gmail.com> cls_matchall: fix tcf_unbind_filter missing Kees Cook <keescook(a)chromium.org> isdn: Disable IIOCDBGVAR Sudip Mukherjee <sudipm.mukherjee(a)gmail.com> Bluetooth: avoid killing an already killed socket Johan Hovold <johan(a)kernel.org> misc: sram: fix resource leaks in probe error path Srinath Mannam <srinath.mannam(a)broadcom.com> serial: 8250_dw: Add ACPI support for uart on Broadcom SoC Chen Hu <hu1.chen(a)intel.com> serial: 8250_dw: always set baud rate in dw8250_set_termios Aaron Sierra <asierra(a)xes-inc.com> serial: 8250_exar: Read INT0 from slave device, too Mark <dmarkh(a)cfl.rr.com> tty: serial: 8250: Revert NXP SC16C2552 workaround Willy Tarreau <w(a)1wt.eu> ACPI / PM: save NVS memory for ASUS 1025C laptop Aleksander Morgado <aleksander(a)aleksander.es> USB: option: add support for DW5821e Movie Song <MovieSong(a)aten-itlab.cn> USB: serial: pl2303: add a new device id for ATEN John Ogness <john.ogness(a)linutronix.de> USB: serial: sierra: fix potential deadlock at close Takashi Iwai <tiwai(a)suse.de> ALSA: vxpocket: Fix invalid endian conversions Takashi Iwai <tiwai(a)suse.de> ALSA: memalloc: Don't exceed over the requested size Hans de Goede <hdegoede(a)redhat.com> ALSA: hda: Correct Asrock B85M-ITX power_save blacklist entry Takashi Iwai <tiwai(a)suse.de> ALSA: cs5535audio: Fix invalid endian conversion Takashi Iwai <tiwai(a)suse.de> ALSA: virmidi: Fix too long output trigger loop Takashi Iwai <tiwai(a)suse.de> ALSA: vx222: Fix invalid endian conversions Park Ju Hyung <qkrwngud825(a)gmail.com> ALSA: hda - Turn CX8200 into D3 as well upon reboot Park Ju Hyung <qkrwngud825(a)gmail.com> ALSA: hda - Sleep for 10ms after entering D3 on Conexant codecs Dmitry Bogdanov <dmitry.bogdanov(a)aquantia.com> net: aquantia: Fix IFF_ALLMULTI flag functionality Xin Long <lucien.xin(a)gmail.com> ip6_tunnel: use the right value for ipv4 min mtu check in ip6_tnl_xmit Jason Wang <jasowang(a)redhat.com> vhost: reset metadata cache when initializing new IOTLB Hangbin Liu <liuhangbin(a)gmail.com> net_sched: Fix missing res info when create new tc_index filter Cong Wang <xiyou.wangcong(a)gmail.com> vsock: split dwork to avoid reinitializations Hangbin Liu <liuhangbin(a)gmail.com> net_sched: fix NULL pointer dereference when delete tcindex filter Cong Wang <xiyou.wangcong(a)gmail.com> llc: use refcount_inc_not_zero() for llc_sap_find() Wei Wang <weiwan(a)google.com> l2tp: use sk_dst_check() to avoid race on sk->sk_dst_cache Alexey Kodanev <alexey.kodanev(a)oracle.com> dccp: fix undefined behavior with 'cwnd' shift in ccid2_cwnd_restart() ------------- Diffstat: Makefile | 4 ++-- drivers/acpi/sleep.c | 8 ++++++++ drivers/isdn/i4l/isdn_common.c | 8 +------- drivers/misc/sram.c | 9 ++++++++- drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_b0.c | 2 +- drivers/tty/serial/8250/8250_dw.c | 3 ++- drivers/tty/serial/8250/8250_exar.c | 6 +++++- drivers/tty/serial/8250/8250_port.c | 3 +-- drivers/usb/serial/option.c | 4 ++++ drivers/usb/serial/pl2303.c | 2 ++ drivers/usb/serial/pl2303.h | 1 + drivers/usb/serial/sierra.c | 4 ++-- drivers/vhost/vhost.c | 9 ++++++--- include/net/af_vsock.h | 4 ++-- include/net/llc.h | 5 +++++ net/bluetooth/sco.c | 3 ++- net/dccp/ccids/ccid2.c | 6 ++++-- net/ipv6/ip6_tunnel.c | 8 ++------ net/l2tp/l2tp_core.c | 2 +- net/llc/llc_core.c | 4 ++-- net/sched/cls_matchall.c | 2 ++ net/sched/cls_tcindex.c | 8 +++----- net/vmw_vsock/af_vsock.c | 15 ++++++++------- net/vmw_vsock/vmci_transport.c | 3 +-- sound/core/memalloc.c | 8 ++------ sound/core/seq/seq_virmidi.c | 10 ++++++++++ sound/pci/cs5535audio/cs5535audio.h | 6 +++--- sound/pci/cs5535audio/cs5535audio_pcm.c | 4 ++-- sound/pci/hda/hda_intel.c | 2 +- sound/pci/hda/patch_conexant.c | 4 +++- sound/pci/vx222/vx222_ops.c | 8 ++++---- sound/pcmcia/vx/vxp_ops.c | 10 +++++----- 32 files changed, 105 insertions(+), 70 deletions(-)

7 years, 2 months

4
32
0 0

[PATCH 4.17 00/42] 4.17.18-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.17.18 release. There are 42 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu Aug 23 05:50:04 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.17.18-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.17.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.17.18-rc1 Jisheng Zhang <Jisheng.Zhang(a)synaptics.com> net: mvneta: fix mvneta_config_rss on armada 3700 Andrew Lunn <andrew(a)lunn.ch> net: ethernet: mvneta: Fix napi structure mixup on armada 3700 Hangbin Liu <liuhangbin(a)gmail.com> cls_matchall: fix tcf_unbind_filter missing Haishuang Yan <yanhaishuang(a)cmss.chinamobile.com> ip_vti: fix a null pointer deferrence when create vti fallback tunnel Jian-Hong Pan <jian-hong(a)endlessm.com> r8169: don't use MSI-X on RTL8106e Jeremy Cline <jcline(a)redhat.com> net: sock_diag: Fix spectre v1 gadget in __sock_diag_cmd() Kees Cook <keescook(a)chromium.org> isdn: Disable IIOCDBGVAR Sudip Mukherjee <sudipm.mukherjee(a)gmail.com> Bluetooth: avoid killing an already killed socket Johan Hovold <johan(a)kernel.org> misc: sram: fix resource leaks in probe error path Srinath Mannam <srinath.mannam(a)broadcom.com> serial: 8250_dw: Add ACPI support for uart on Broadcom SoC Chen Hu <hu1.chen(a)intel.com> serial: 8250_dw: always set baud rate in dw8250_set_termios Aaron Sierra <asierra(a)xes-inc.com> serial: 8250_exar: Read INT0 from slave device, too Mark <dmarkh(a)cfl.rr.com> tty: serial: 8250: Revert NXP SC16C2552 workaround Willy Tarreau <w(a)1wt.eu> ACPI / PM: save NVS memory for ASUS 1025C laptop Aleksander Morgado <aleksander(a)aleksander.es> USB: option: add support for DW5821e Movie Song <MovieSong(a)aten-itlab.cn> USB: serial: pl2303: add a new device id for ATEN John Ogness <john.ogness(a)linutronix.de> USB: serial: sierra: fix potential deadlock at close Takashi Iwai <tiwai(a)suse.de> ALSA: seq: Fix poll() error return Takashi Iwai <tiwai(a)suse.de> ALSA: vxpocket: Fix invalid endian conversions Takashi Iwai <tiwai(a)suse.de> ALSA: memalloc: Don't exceed over the requested size Hans de Goede <hdegoede(a)redhat.com> ALSA: hda: Correct Asrock B85M-ITX power_save blacklist entry Takashi Iwai <tiwai(a)suse.de> ALSA: cs5535audio: Fix invalid endian conversion Takashi Iwai <tiwai(a)suse.de> ALSA: virmidi: Fix too long output trigger loop Takashi Iwai <tiwai(a)suse.de> ALSA: vx222: Fix invalid endian conversions Park Ju Hyung <qkrwngud825(a)gmail.com> ALSA: hda - Turn CX8200 into D3 as well upon reboot Park Ju Hyung <qkrwngud825(a)gmail.com> ALSA: hda - Sleep for 10ms after entering D3 on Conexant codecs David Howells <dhowells(a)redhat.com> rxrpc: Fix the keepalive generator [ver #2] Heiner Kallweit <hkallweit1(a)gmail.com> r8169: don't use MSI-X on RTL8168g Or Gerlitz <ogerlitz(a)mellanox.com> net/mlx5e: Properly check if hairpin is possible between two functions Nir Dotan <nird(a)mellanox.com> mlxsw: core_acl_flex_actions: Remove redundant mirror resource destruction Nir Dotan <nird(a)mellanox.com> mlxsw: core_acl_flex_actions: Remove redundant counter destruction Nir Dotan <nird(a)mellanox.com> mlxsw: core_acl_flex_actions: Remove redundant resource destruction Xin Long <lucien.xin(a)gmail.com> ip6_tunnel: use the right value for ipv4 min mtu check in ip6_tnl_xmit Dmitry Bogdanov <dmitry.bogdanov(a)aquantia.com> net: aquantia: Fix IFF_ALLMULTI flag functionality Nir Dotan <nird(a)mellanox.com> mlxsw: core_acl_flex_actions: Return error for conflicting actions Jason Wang <jasowang(a)redhat.com> vhost: reset metadata cache when initializing new IOTLB Hangbin Liu <liuhangbin(a)gmail.com> net_sched: Fix missing res info when create new tc_index filter Cong Wang <xiyou.wangcong(a)gmail.com> vsock: split dwork to avoid reinitializations Hangbin Liu <liuhangbin(a)gmail.com> net_sched: fix NULL pointer dereference when delete tcindex filter Cong Wang <xiyou.wangcong(a)gmail.com> llc: use refcount_inc_not_zero() for llc_sap_find() Wei Wang <weiwan(a)google.com> l2tp: use sk_dst_check() to avoid race on sk->sk_dst_cache Alexey Kodanev <alexey.kodanev(a)oracle.com> dccp: fix undefined behavior with 'cwnd' shift in ccid2_cwnd_restart() ------------- Diffstat: Makefile | 4 +- drivers/acpi/sleep.c | 8 ++ drivers/isdn/i4l/isdn_common.c | 8 +- drivers/misc/sram.c | 9 +- .../ethernet/aquantia/atlantic/hw_atl/hw_atl_b0.c | 2 +- drivers/net/ethernet/marvell/mvneta.c | 53 ++++--- drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 8 +- .../mellanox/mlxsw/core_acl_flex_actions.c | 51 ++++--- drivers/net/ethernet/realtek/r8169.c | 12 +- drivers/tty/serial/8250/8250_dw.c | 3 +- drivers/tty/serial/8250/8250_exar.c | 6 +- drivers/tty/serial/8250/8250_port.c | 3 +- drivers/usb/serial/option.c | 4 + drivers/usb/serial/pl2303.c | 2 + drivers/usb/serial/pl2303.h | 1 + drivers/usb/serial/sierra.c | 4 +- drivers/vhost/vhost.c | 9 +- include/net/af_vsock.h | 4 +- include/net/llc.h | 5 + net/bluetooth/sco.c | 3 +- net/core/sock_diag.c | 2 + net/dccp/ccids/ccid2.c | 6 +- net/ipv4/ip_vti.c | 3 +- net/ipv6/ip6_tunnel.c | 8 +- net/l2tp/l2tp_core.c | 2 +- net/llc/llc_core.c | 4 +- net/rxrpc/ar-internal.h | 8 +- net/rxrpc/conn_event.c | 4 +- net/rxrpc/net_ns.c | 6 +- net/rxrpc/output.c | 12 +- net/rxrpc/peer_event.c | 156 ++++++++++++--------- net/rxrpc/peer_object.c | 8 +- net/rxrpc/rxkad.c | 4 +- net/sched/cls_matchall.c | 2 + net/sched/cls_tcindex.c | 8 +- net/socket.c | 3 +- net/vmw_vsock/af_vsock.c | 15 +- net/vmw_vsock/vmci_transport.c | 3 +- sound/core/memalloc.c | 8 +- sound/core/seq/oss/seq_oss.c | 2 +- sound/core/seq/seq_clientmgr.c | 2 +- sound/core/seq/seq_virmidi.c | 10 ++ sound/pci/cs5535audio/cs5535audio.h | 6 +- sound/pci/cs5535audio/cs5535audio_pcm.c | 4 +- sound/pci/hda/hda_intel.c | 2 +- sound/pci/hda/patch_conexant.c | 4 +- sound/pci/vx222/vx222_ops.c | 8 +- sound/pcmcia/vx/vxp_ops.c | 10 +- 48 files changed, 296 insertions(+), 213 deletions(-)

7 years, 2 months

4
45
0 0

[PATCH] MIPS: lib: Provide MIPS64r6 __multi3() for GCC < 7

by Paul Burton

Some versions of GCC suboptimally generate calls to the __multi3() intrinsic for MIPS64r6 builds, resulting in link failures due to the missing function: LD vmlinux.o MODPOST vmlinux.o kernel/bpf/verifier.o: In function `kmalloc_array': include/linux/slab.h:631: undefined reference to `__multi3' fs/select.o: In function `kmalloc_array': include/linux/slab.h:631: undefined reference to `__multi3' ... We already have a workaround for this in which we provide the instrinsic, but we do so selectively for GCC 7 only. Unfortunately the issue occurs with older GCC versions too - it has been observed with both GCC 5.4.0 & GCC 6.4.0. MIPSr6 support was introduced in GCC 5, so all major GCC versions prior to GCC 8 are affected and we extend our workaround accordingly to all MIPS64r6 builds using GCC versions older than GCC 8. Signed-off-by: Paul Burton <paul.burton(a)mips.com> Reported-by: Vladimir Kondratiev <vladimir.kondratiev(a)intel.com> Fixes: ebabcf17bcd7 ("MIPS: Implement __multi3 for GCC7 MIPS64r6 builds") Cc: James Hogan <jhogan(a)kernel.org> Cc: Ralf Baechle <ralf(a)linux-mips.org> Cc: linux-mips(a)linux-mips.org Cc: stable(a)vger.kernel.org # 4.15+ --- arch/mips/lib/multi3.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/mips/lib/multi3.c b/arch/mips/lib/multi3.c index 111ad475aa0c..4c2483f410c2 100644 --- a/arch/mips/lib/multi3.c +++ b/arch/mips/lib/multi3.c @@ -4,12 +4,12 @@ #include "libgcc.h" /* - * GCC 7 suboptimally generates __multi3 calls for mips64r6, so for that - * specific case only we'll implement it here. + * GCC 7 & older can suboptimally generate __multi3 calls for mips64r6, so for + * that specific case only we implement that intrinsic here. * * See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82981 */ -#if defined(CONFIG_64BIT) && defined(CONFIG_CPU_MIPSR6) && (__GNUC__ == 7) +#if defined(CONFIG_64BIT) && defined(CONFIG_CPU_MIPSR6) && (__GNUC__ < 8) /* multiply 64-bit values, low 64-bits returned */ static inline long long notrace dmulu(long long a, long long b) -- 2.18.0

7 years, 2 months

1
0
0 0

[PATCH 2/2] drm/nouveau: Fix GM107 disp dmac chan init on ThinkPad P50

by Lyude Paul

Just like how the P50 will occasionally leave the disp's core channel on before nouveau starts initializing, it will occasionally do the same thing with the rest of the dmac channel in addition to the core channel. Example: [ 1.604375] nouveau 0000:01:00.0: disp: outp 04:0006:0f81: no heads (0 3 4) [ 1.604858] nouveau 0000:01:00.0: disp: outp 04:0006:0f81: aux power -> always [ 1.605354] nouveau 0000:01:00.0: disp: outp 04:0006:0f81: aux power -> demand [ 1.605815] nouveau 0000:01:00.0: disp: outp 05:0002:0f81: no heads (0 3 2) [ 1.607289] nouveau 0000:01:00.0: disp: chid 0 mthd 0000 data 00000400 00001000 00000002 [ 1.608818] nouveau 0000:01:00.0: disp: chid 1 mthd 0000 data 00000400 00001000 00000002 [ 1.609500] nouveau 0000:01:00.0: disp: chid 2 mthd 0000 data 00000400 00001000 00000002 Which of course, later causes other parts of the card to start timing out and failing. Closer inspection shows the same thing happening as with our core channel; 0x610490 + (ctrl * 0x10) always has the same unknown 0x000a0000 mask set when the phantom mthd failures start appearing. So, implement the same workaround we use for the core disp channel to the rest of the disp channels. This along with the previous patch fix random initialization failures observed with the Thinkpad P50. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: Karol Herbst <karolherbst(a)gmail.com> Cc: stable(a)vger.kernel.org --- .../drm/nouveau/nvkm/engine/disp/dmacgf119.c | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/nouveau/nvkm/engine/disp/dmacgf119.c b/drivers/gpu/drm/nouveau/nvkm/engine/disp/dmacgf119.c index edf7dd0d931d..7bc91f260e27 100644 --- a/drivers/gpu/drm/nouveau/nvkm/engine/disp/dmacgf119.c +++ b/drivers/gpu/drm/nouveau/nvkm/engine/disp/dmacgf119.c @@ -35,8 +35,8 @@ gf119_disp_dmac_bind(struct nv50_disp_chan *chan, chan->chid.user << 27 | 0x00000001); } -void -gf119_disp_dmac_fini(struct nv50_disp_chan *chan) +static bool +gf119_disp_dmac_deactivate(struct nv50_disp_chan *chan) { struct nvkm_subdev *subdev = &chan->disp->base.engine.subdev; struct nvkm_device *device = subdev->device; @@ -52,7 +52,16 @@ gf119_disp_dmac_fini(struct nv50_disp_chan *chan) ) < 0) { nvkm_error(subdev, "ch %d fini: %08x\n", user, nvkm_rd32(device, 0x610490 + (ctrl * 0x10))); + return false; } + + return true; +} + +void +gf119_disp_dmac_fini(struct nv50_disp_chan *chan) +{ + gf119_disp_dmac_deactivate(chan); } static int @@ -63,6 +72,12 @@ gf119_disp_dmac_init(struct nv50_disp_chan *chan) int ctrl = chan->chid.ctrl; int user = chan->chid.user; + /* shut down the channel if it was left on, probably by the VBIOS */ + if ((nvkm_rd32(device, 0x610490 + (ctrl * 0x10)) & 0x000a0000) == 0x000a0000 && + WARN_ON(!gf119_disp_dmac_deactivate(chan))) { + return -EBUSY; + } + /* initialise channel for dma command submission */ nvkm_wr32(device, 0x610494 + (ctrl * 0x0010), chan->push); nvkm_wr32(device, 0x610498 + (ctrl * 0x0010), 0x00010000); -- 2.17.1

7 years, 2 months

1
1
0 0

[PATCH] crypto: vmx - Fix sleep-in-atomic bugs

by Ondrej Mosnacek

This patch fixes sleep-in-atomic bugs in AES-CBC and AES-XTS VMX implementations. The problem is that the blkcipher_* functions should not be called in atomic context. The bugs can be reproduced via the AF_ALG interface by trying to encrypt/decrypt sufficiently large buffers (at least 64 KiB) using the VMX implementations of 'cbc(aes)' or 'xts(aes)'. Such operations then trigger BUG in crypto_yield(): [ 891.863680] BUG: sleeping function called from invalid context at include/crypto/algapi.h:424 [ 891.864622] in_atomic(): 1, irqs_disabled(): 0, pid: 12347, name: kcapi-enc [ 891.864739] 1 lock held by kcapi-enc/12347: [ 891.864811] #0: 00000000f5d42c46 (sk_lock-AF_ALG){+.+.}, at: skcipher_recvmsg+0x50/0x530 [ 891.865076] CPU: 5 PID: 12347 Comm: kcapi-enc Not tainted 4.19.0-0.rc0.git3.1.fc30.ppc64le #1 [ 891.865251] Call Trace: [ 891.865340] [c0000003387578c0] [c000000000d67ea4] dump_stack+0xe8/0x164 (unreliable) [ 891.865511] [c000000338757910] [c000000000172a58] ___might_sleep+0x2f8/0x310 [ 891.865679] [c000000338757990] [c0000000006bff74] blkcipher_walk_done+0x374/0x4a0 [ 891.865825] [c0000003387579e0] [d000000007e73e70] p8_aes_cbc_encrypt+0x1c8/0x260 [vmx_crypto] [ 891.865993] [c000000338757ad0] [c0000000006c0ee0] skcipher_encrypt_blkcipher+0x60/0x80 [ 891.866128] [c000000338757b10] [c0000000006ec504] skcipher_recvmsg+0x424/0x530 [ 891.866283] [c000000338757bd0] [c000000000b00654] sock_recvmsg+0x74/0xa0 [ 891.866403] [c000000338757c10] [c000000000b00f64] ___sys_recvmsg+0xf4/0x2f0 [ 891.866515] [c000000338757d90] [c000000000b02bb8] __sys_recvmsg+0x68/0xe0 [ 891.866631] [c000000338757e30] [c00000000000bbe4] system_call+0x5c/0x70 Fixes: 8c755ace357c ("crypto: vmx - Adding CBC routines for VMX module") Fixes: c07f5d3da643 ("crypto: vmx - Adding support for XTS") Cc: stable(a)vger.kernel.org Signed-off-by: Ondrej Mosnacek <omosnace(a)redhat.com> --- This patch should fix the issue, but I didn't test it. (I'll see if I can find some time tomorrow to try and recompile the kernel on a PPC machine... in the meantime please review :) drivers/crypto/vmx/aes_cbc.c | 30 ++++++++++++++---------------- drivers/crypto/vmx/aes_xts.c | 19 ++++++++++++------- 2 files changed, 26 insertions(+), 23 deletions(-) diff --git a/drivers/crypto/vmx/aes_cbc.c b/drivers/crypto/vmx/aes_cbc.c index 5285ece4f33a..b71895871be3 100644 --- a/drivers/crypto/vmx/aes_cbc.c +++ b/drivers/crypto/vmx/aes_cbc.c @@ -107,24 +107,23 @@ static int p8_aes_cbc_encrypt(struct blkcipher_desc *desc, ret = crypto_skcipher_encrypt(req); skcipher_request_zero(req); } else { - preempt_disable(); - pagefault_disable(); - enable_kernel_vsx(); - blkcipher_walk_init(&walk, dst, src, nbytes); ret = blkcipher_walk_virt(desc, &walk); while ((nbytes = walk.nbytes)) { + preempt_disable(); + pagefault_disable(); + enable_kernel_vsx(); aes_p8_cbc_encrypt(walk.src.virt.addr, walk.dst.virt.addr, nbytes & AES_BLOCK_MASK, &ctx->enc_key, walk.iv, 1); + disable_kernel_vsx(); + pagefault_enable(); + preempt_enable(); + nbytes &= AES_BLOCK_SIZE - 1; ret = blkcipher_walk_done(desc, &walk, nbytes); } - - disable_kernel_vsx(); - pagefault_enable(); - preempt_enable(); } return ret; @@ -147,24 +146,23 @@ static int p8_aes_cbc_decrypt(struct blkcipher_desc *desc, ret = crypto_skcipher_decrypt(req); skcipher_request_zero(req); } else { - preempt_disable(); - pagefault_disable(); - enable_kernel_vsx(); - blkcipher_walk_init(&walk, dst, src, nbytes); ret = blkcipher_walk_virt(desc, &walk); while ((nbytes = walk.nbytes)) { + preempt_disable(); + pagefault_disable(); + enable_kernel_vsx(); aes_p8_cbc_encrypt(walk.src.virt.addr, walk.dst.virt.addr, nbytes & AES_BLOCK_MASK, &ctx->dec_key, walk.iv, 0); + disable_kernel_vsx(); + pagefault_enable(); + preempt_enable(); + nbytes &= AES_BLOCK_SIZE - 1; ret = blkcipher_walk_done(desc, &walk, nbytes); } - - disable_kernel_vsx(); - pagefault_enable(); - preempt_enable(); } return ret; diff --git a/drivers/crypto/vmx/aes_xts.c b/drivers/crypto/vmx/aes_xts.c index 8bd9aff0f55f..016ef52390c9 100644 --- a/drivers/crypto/vmx/aes_xts.c +++ b/drivers/crypto/vmx/aes_xts.c @@ -116,13 +116,14 @@ static int p8_aes_xts_crypt(struct blkcipher_desc *desc, ret = enc? crypto_skcipher_encrypt(req) : crypto_skcipher_decrypt(req); skcipher_request_zero(req); } else { + blkcipher_walk_init(&walk, dst, src, nbytes); + + ret = blkcipher_walk_virt(desc, &walk); + preempt_disable(); pagefault_disable(); enable_kernel_vsx(); - blkcipher_walk_init(&walk, dst, src, nbytes); - - ret = blkcipher_walk_virt(desc, &walk); iv = walk.iv; memset(tweak, 0, AES_BLOCK_SIZE); aes_p8_encrypt(iv, tweak, &ctx->tweak_key); @@ -135,13 +136,17 @@ static int p8_aes_xts_crypt(struct blkcipher_desc *desc, aes_p8_xts_decrypt(walk.src.virt.addr, walk.dst.virt.addr, nbytes & AES_BLOCK_MASK, &ctx->dec_key, NULL, tweak); + disable_kernel_vsx(); + pagefault_enable(); + preempt_enable(); + nbytes &= AES_BLOCK_SIZE - 1; ret = blkcipher_walk_done(desc, &walk, nbytes); - } - disable_kernel_vsx(); - pagefault_enable(); - preempt_enable(); + preempt_disable(); + pagefault_disable(); + enable_kernel_vsx(); + } } return ret; } -- 2.17.1

7 years, 2 months

1
0
0 0

[PATCH] arm64: fix for bad_mode() handler to always result in panic

by Hari Vyas

bad_mode() handler is called for invalid or undefined instruction in el1 level or when irq,fiq,sync or error situation happen in el1 or el0 level. As per latest code, above abnormal situation may not result in panic always due to die() call if user mode is determined at that moment. That will just result in kill of current process and panic will be avoided which it must not. Link: https://bugzilla.kernel.org/show_bug.cgi?id=200637 Signed-off-by: Hari Vyas <hari.vyas(a)broadcom.com> --- arch/arm64/kernel/traps.c | 1 - 1 file changed, 1 deletion(-) diff --git a/arch/arm64/kernel/traps.c b/arch/arm64/kernel/traps.c index d399d45..716ee73 100644 --- a/arch/arm64/kernel/traps.c +++ b/arch/arm64/kernel/traps.c @@ -621,7 +621,6 @@ asmlinkage void bad_mode(struct pt_regs *regs, int reason, unsigned int esr) handler[reason], smp_processor_id(), esr, esr_get_class_string(esr)); - die("Oops - bad mode", regs, 0); local_daif_mask(); panic("bad mode"); } -- 1.9.1

7 years, 2 months

3
5
0 0

[PATCH 2/2] udf: Fix mounting of Win7 created UDF filesystems

by Jan Kara

Win7 is creating UDF filesystems with single partition with number 8192. Current partition descriptor scanning code does not handle this well as it incorrectly assumes that partition numbers will form mostly contiguous space of small numbers. This results in unmountable media due to errors like: UDF-fs: error (device dm-1): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 UDF-fs: warning (device dm-1): udf_fill_super: No fileset found Fix the problem by handling partition descriptors in a way that sparse partition numbering does not matter. Reported-by: jean-luc malet <jeanluc.malet(a)gmail.com> CC: stable(a)vger.kernel.org Fixes: 7b78fd02fb19530fd101ae137a1f46aa466d9bb6 Signed-off-by: Jan Kara <jack(a)suse.cz> --- fs/udf/super.c | 31 +++++++++++++++++++------------ 1 file changed, 19 insertions(+), 12 deletions(-) diff --git a/fs/udf/super.c b/fs/udf/super.c index 68d57b61f3af..6f515651a2c2 100644 --- a/fs/udf/super.c +++ b/fs/udf/super.c @@ -1510,10 +1510,16 @@ static void udf_load_logicalvolint(struct super_block *sb, struct kernel_extent_ */ #define PART_DESC_ALLOC_STEP 32 +struct part_desc_seq_scan_data { + struct udf_vds_record rec; + u32 partnum; +}; + struct desc_seq_scan_data { struct udf_vds_record vds[VDS_POS_LENGTH]; unsigned int size_part_descs; - struct udf_vds_record *part_descs_loc; + unsigned int num_part_descs; + struct part_desc_seq_scan_data *part_descs_loc; }; static struct udf_vds_record *handle_partition_descriptor( @@ -1522,10 +1528,14 @@ static struct udf_vds_record *handle_partition_descriptor( { struct partitionDesc *desc = (struct partitionDesc *)bh->b_data; int partnum; + int i; partnum = le16_to_cpu(desc->partitionNumber); - if (partnum >= data->size_part_descs) { - struct udf_vds_record *new_loc; + for (i = 0; i < data->num_part_descs; i++) + if (partnum == data->part_descs_loc[i].partnum) + return &(data->part_descs_loc[i].rec); + if (data->num_part_descs >= data->size_part_descs) { + struct part_desc_seq_scan_data *new_loc; unsigned int new_size = ALIGN(partnum, PART_DESC_ALLOC_STEP); new_loc = kcalloc(new_size, sizeof(*new_loc), GFP_KERNEL); @@ -1537,7 +1547,7 @@ static struct udf_vds_record *handle_partition_descriptor( data->part_descs_loc = new_loc; data->size_part_descs = new_size; } - return &(data->part_descs_loc[partnum]); + return &(data->part_descs_loc[data->num_part_descs++].rec); } @@ -1587,6 +1597,7 @@ static noinline int udf_process_sequence( memset(data.vds, 0, sizeof(struct udf_vds_record) * VDS_POS_LENGTH); data.size_part_descs = PART_DESC_ALLOC_STEP; + data.num_part_descs = 0; data.part_descs_loc = kcalloc(data.size_part_descs, sizeof(*data.part_descs_loc), GFP_KERNEL); @@ -1598,7 +1609,6 @@ static noinline int udf_process_sequence( * are in it. */ for (; (!done && block <= lastblock); block++) { - bh = udf_read_tagged(sb, block, block, &ident); if (!bh) break; @@ -1670,13 +1680,10 @@ static noinline int udf_process_sequence( } /* Now handle prevailing Partition Descriptors */ - for (i = 0; i < data.size_part_descs; i++) { - if (data.part_descs_loc[i].block) { - ret = udf_load_partdesc(sb, - data.part_descs_loc[i].block); - if (ret < 0) - return ret; - } + for (i = 0; i < data.num_part_descs; i++) { + ret = udf_load_partdesc(sb, data.part_descs_loc[i].rec.block); + if (ret < 0) + return ret; } return 0; -- 2.16.4

7 years, 2 months

1
0
0 0

[PATCH 1/2] USB: serial: io_ti: fix array underflow in completion handler

by Johan Hovold

As reported by Dan Carpenter, a malicious USB device could set port_number to -3 and we would underflow the port array in the interrupt completion handler. As these devices only have one or two ports, fix this by making sure we only consider the seventh bit when determining the port number (and ignore bits 0xb0 which are typically set to 0x30). Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable <stable(a)vger.kernel.org> Reported-by: Dan Carpenter <dan.carpenter(a)oracle.com> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/usb/serial/io_ti.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/usb/serial/io_ti.h b/drivers/usb/serial/io_ti.h index e53c68261017..9bbcee37524e 100644 --- a/drivers/usb/serial/io_ti.h +++ b/drivers/usb/serial/io_ti.h @@ -173,7 +173,7 @@ struct ump_interrupt { } __attribute__((packed)); -#define TIUMP_GET_PORT_FROM_CODE(c) (((c) >> 4) - 3) +#define TIUMP_GET_PORT_FROM_CODE(c) (((c) >> 6) & 0x01) #define TIUMP_GET_FUNC_FROM_CODE(c) ((c) & 0x0f) #define TIUMP_INTERRUPT_CODE_LSR 0x03 #define TIUMP_INTERRUPT_CODE_MSR 0x04 -- 2.18.0

7 years, 2 months

1
1
0 0

[PATCH v4] mtd: spi-mem: Add the default transfer length adjustments

by Chuanhua Han

We need that to adjust the len of the 2nd transfer (called data in spi-mem) if it's too long to fit in a SPI message or SPI transfer. Fixes: c36ff266dc82 ("spi: Extend the core to ease integration of SPI memory controllers") Cc: <stable(a)vger.kernel.org> Signed-off-by: Boris Brezillon <boris.brezillon(a)bootlin.com> Signed-off-by: Chuanhua Han <chuanhua.han(a)nxp.com> --- Changes in v4: -Rename variable name "opcode_addr_dummy_sum" to "len". -The comparison of "spi_max_message_size(mem->spi)" and "len" was removed. -Adjust their order when comparing the sizes of "spi_max_message_size(mem->spi)" and "len". -Changing the "unsigned long" type in the code to "size_t". Changes in v3: -Rename variable name "val" to "opcode_addr_dummy_sum". -Place the legitimacy of the transfer size(i.e., "spi_max_message_size(mem->spi)" and -"opcode_addr_dummy_sum") into "if (! ctlr - > mem_ops | |! ctlr-> mem_ops->exec_op) {" structure and add "spi_max_transfer_size(mem->spi) and opcode_addr_dummy_sum". -Adjust the formatting alignment of the code. -"(unsigned long)op->data.nbytes" was modified to "(unsigned long)(op->data.nbytes)". Changes in v2: -Place the adjusted transfer bytes code in spi_mem_adjust_op_size() and check spi_max_message_size(mem->spi) value before subtracting opcode, addr and dummy bytes. -Change the code from fsl-espi controller to generic code(The adjustment of spi transmission length was originally modified in the "drivers/spi/spi-fsl-espi.c" file, and now the adjustment of transfer length is made in the "drivers/spi/spi-mem.c" file). drivers/spi/spi-mem.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/drivers/spi/spi-mem.c b/drivers/spi/spi-mem.c index 990770d..5374606 100644 --- a/drivers/spi/spi-mem.c +++ b/drivers/spi/spi-mem.c @@ -328,10 +328,23 @@ EXPORT_SYMBOL_GPL(spi_mem_exec_op); int spi_mem_adjust_op_size(struct spi_mem *mem, struct spi_mem_op *op) { struct spi_controller *ctlr = mem->spi->controller; + size_t len = sizeof(op->cmd.opcode) + + op->addr.nbytes + + op->dummy.nbytes; if (ctlr->mem_ops && ctlr->mem_ops->adjust_op_size) return ctlr->mem_ops->adjust_op_size(mem, op); + if (!ctlr->mem_ops || !ctlr->mem_ops->exec_op) { + if (len > spi_max_transfer_size(mem->spi)) + return -EINVAL; + + op->data.nbytes = min3((size_t)(op->data.nbytes), + spi_max_transfer_size(mem->spi), + spi_max_message_size(mem->spi) - + len); + } + return 0; } EXPORT_SYMBOL_GPL(spi_mem_adjust_op_size); -- 2.7.4

7 years, 2 months

2
1
0 0

[PATCH v4] mtd: spi-mem: Add the default transfer length adjustments

by Chuanhua Han

We need that to adjust the len of the 2nd transfer (called data in spi-mem) if it's too long to fit in a SPI message or SPI transfer. Fixes: c36ff266dc82 ("spi: Extend the core to ease integration of SPI memory controllers") Cc: <stable(a)vger.kernel.org> Signed-off-by: Boris Brezillon <boris.brezillon(a)bootlin.com> Signed-off-by: Chuanhua Han <chuanhua.han(a)nxp.com> --- Changes in v4: -Rename variable name "opcode_addr_dummy_sum" to "len". -The comparison of "spi_max_message_size(mem->spi)" and "len" was removed. -Adjust their order when comparing the sizes of "spi_max_message_size(mem->spi)" and "len". -Changing the "unsigned long" type in the code to "size_t". Changes in v3: -Rename variable name "val" to "opcode_addr_dummy_sum". -Place the legitimacy of the transfer size(i.e., "spi_max_message_size(mem->spi)" and -"opcode_addr_dummy_sum") into "if (! ctlr - > mem_ops | |! ctlr-> mem_ops->exec_op) {" structure and add "spi_max_transfer_size(mem->spi) and opcode_addr_dummy_sum". -Adjust the formatting alignment of the code. -"(unsigned long)op->data.nbytes" was modified to "(unsigned long)(op->data.nbytes)". Changes in v2: -Place the adjusted transfer bytes code in spi_mem_adjust_op_size() and check spi_max_message_size(mem->spi) value before subtracting opcode, addr and dummy bytes. -Change the code from fsl-espi controller to generic code(The adjustment of spi transmission length was originally modified in the "drivers/spi/spi-fsl-espi.c" file, and now the adjustment of transfer length is made in the "drivers/spi/spi-mem.c" file). drivers/spi/spi-mem.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/drivers/spi/spi-mem.c b/drivers/spi/spi-mem.c index 990770d..5374606 100644 --- a/drivers/spi/spi-mem.c +++ b/drivers/spi/spi-mem.c @@ -328,10 +328,23 @@ EXPORT_SYMBOL_GPL(spi_mem_exec_op); int spi_mem_adjust_op_size(struct spi_mem *mem, struct spi_mem_op *op) { struct spi_controller *ctlr = mem->spi->controller; + size_t len = sizeof(op->cmd.opcode) + + op->addr.nbytes + + op->dummy.nbytes; if (ctlr->mem_ops && ctlr->mem_ops->adjust_op_size) return ctlr->mem_ops->adjust_op_size(mem, op); + if (!ctlr->mem_ops || !ctlr->mem_ops->exec_op) { + if (len > spi_max_transfer_size(mem->spi)) + return -EINVAL; + + op->data.nbytes = min3((size_t)(op->data.nbytes), + spi_max_transfer_size(mem->spi), + spi_max_message_size(mem->spi) - + len); + } + return 0; } EXPORT_SYMBOL_GPL(spi_mem_adjust_op_size); -- 2.7.4

7 years, 2 months

1
0
0 0

[PATCH v4] mtd: spi-mem: Add the default transfer length adjustments

by Chuanhua Han

We need that to adjust the len of the 2nd transfer (called data in spi-mem) if it's too long to fit in a SPI message or SPI transfer. Fixes: c36ff266dc82 ("spi: Extend the core to ease integration of SPI memory controllers") Cc: <stable(a)vger.kernel.org> Signed-off-by: Boris Brezillon <boris.brezillon(a)bootlin.com> Signed-off-by: Chuanhua Han <chuanhua.han(a)nxp.com> --- Changes in v4: -Rename variable name "opcode_addr_dummy_sum" to "len". -The comparison of "spi_max_message_size(mem->spi)" and "len" was removed. -Adjust their order when comparing the sizes of "spi_max_message_size(mem->spi)" and "len". -Changing the "unsigned long" type in the code to "size_t". Changes in v3: -Rename variable name "val" to "opcode_addr_dummy_sum". -Place the legitimacy of the transfer size(i.e., "spi_max_message_size(mem->spi)" and -"opcode_addr_dummy_sum") into "if (! ctlr - > mem_ops | |! ctlr-> mem_ops->exec_op) {" structure and add "spi_max_transfer_size(mem->spi) and opcode_addr_dummy_sum". -Adjust the formatting alignment of the code. -"(unsigned long)op->data.nbytes" was modified to "(unsigned long)(op->data.nbytes)". Changes in v2: -Place the adjusted transfer bytes code in spi_mem_adjust_op_size() and check spi_max_message_size(mem->spi) value before subtracting opcode, addr and dummy bytes. -Change the code from fsl-espi controller to generic code(The adjustment of spi transmission length was originally modified in the "drivers/spi/spi-fsl-espi.c" file, and now the adjustment of transfer length is made in the "drivers/spi/spi-mem.c" file). drivers/spi/spi-mem.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/drivers/spi/spi-mem.c b/drivers/spi/spi-mem.c index 990770d..5374606 100644 --- a/drivers/spi/spi-mem.c +++ b/drivers/spi/spi-mem.c @@ -328,10 +328,23 @@ EXPORT_SYMBOL_GPL(spi_mem_exec_op); int spi_mem_adjust_op_size(struct spi_mem *mem, struct spi_mem_op *op) { struct spi_controller *ctlr = mem->spi->controller; + size_t len = sizeof(op->cmd.opcode) + + op->addr.nbytes + + op->dummy.nbytes; if (ctlr->mem_ops && ctlr->mem_ops->adjust_op_size) return ctlr->mem_ops->adjust_op_size(mem, op); + if (!ctlr->mem_ops || !ctlr->mem_ops->exec_op) { + if (len > spi_max_transfer_size(mem->spi)) + return -EINVAL; + + op->data.nbytes = min3((size_t)(op->data.nbytes), + spi_max_transfer_size(mem->spi), + spi_max_message_size(mem->spi) - + len); + } + return 0; } EXPORT_SYMBOL_GPL(spi_mem_adjust_op_size); -- 2.7.4

7 years, 2 months

1
0
0 0

4.14-stable-queue build failure

by Sudip Mukherjee

Hi Greg, My build is failing with v4.14.65 + stable queue patches. It fails with the error: sound/core/seq/seq_clientmgr.c: In function ‘snd_seq_poll’: sound/core/seq/seq_clientmgr.c:1100:10: error: ‘EPOLLERR’ undeclared (first use in this function) return EPOLLERR; ^~~~~~~~ -- Regards Sudip

7 years, 2 months

2
2
0 0

request for 4.14-stable: 4e1a720d0312 ("Bluetooth: avoid killing an already killed socket")

by Sudip Mukherjee

Hi Greg, This was not marked for stable but should be in stable. Please apply to your queue of 4.14-stable. Actually this should be applied to all stable trees. -- Regards Sudip

7 years, 2 months

2
1
0 0

4.4 and 4.9 stable fixes for l1tf patches

by Andi Kleen

There was a report that syzkaller can causes crashes in 4.4 and 4.9 stable with the L1TF patches applied. In my tests this is fixed with applying the following backport from mainline too, as suggested by Michael Hocko.

7 years, 2 months

3
4
0 0

[PATCH] staging: android: ion: check for kref overflow

by Daniel Rosenberg

Userspace can cause the kref to handles to increment arbitrarily high. Ensure it does not overflow. Signed-off-by: Daniel Rosenberg <drosen(a)google.com> --- This patch is against 4.4. It does not apply to master due to a large rework of ion in 4.12 which removed the affected functions altogther. It applies from 3.18 to 4.11, although with a trivial conflict resolution for the later branches. 4c23cbff073f3b9b ("staging: android: ion: Remove import interface") drivers/staging/android/ion/ion.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/drivers/staging/android/ion/ion.c b/drivers/staging/android/ion/ion.c index 374f840f31a48..11f93a6314fdb 100644 --- a/drivers/staging/android/ion/ion.c +++ b/drivers/staging/android/ion/ion.c @@ -15,6 +15,7 @@ * */ +#include <linux/atomic.h> #include <linux/device.h> #include <linux/err.h> #include <linux/file.h> @@ -387,6 +388,15 @@ static void ion_handle_get(struct ion_handle *handle) kref_get(&handle->ref); } +/* Must hold the client lock */ +static struct ion_handle *ion_handle_get_check_overflow( + struct ion_handle *handle) +{ + if (atomic_read(&handle->ref.refcount) + 1 == 0) + return ERR_PTR(-EOVERFLOW); + ion_handle_get(handle); + return handle; +} + static int ion_handle_put_nolock(struct ion_handle *handle) { int ret; @@ -433,9 +443,9 @@ static struct ion_handle *ion_handle_get_by_id_nolock(struct ion_client *client, handle = idr_find(&client->idr, id); if (handle) - ion_handle_get(handle); + return ion_handle_get_check_overflow(handle); - return handle ? handle : ERR_PTR(-EINVAL); + return ERR_PTR(-EINVAL); } struct ion_handle *ion_handle_get_by_id(struct ion_client *client, @@ -1202,7 +1212,7 @@ struct ion_handle *ion_import_dma_buf(struct ion_client *client, int fd) /* if a handle exists for this buffer just take a reference to it */ handle = ion_handle_lookup(client, buffer); if (!IS_ERR(handle)) { - ion_handle_get(handle); + handle = ion_handle_get_check_overflow(handle); mutex_unlock(&client->lock); goto end; } -- 2.18.0.865.gffc8e1a3cd6-goog

7 years, 2 months

2
1
0 0

[PATCH v3] MIPS: Fix memory reservation in bootmem_init for certain non-usermem setups

by Tobias Wolf

Commit 67a3ba25aa95 ("MIPS: Fix incorrect mem=X@Y handling") introduced a new issue for rt288x where "PHYS_OFFSET" is 0x0 but the calculated "ramstart" is not. As the prerequisite of custom memory map has been removed, this results in the full memory range of 0x0 - 0x8000000 to be marked as reserved for this platform. This patch adds the originally intended prerequisite again. Signed-off-by: Tobias Wolf <dev-NTEO(a)vplace.de> --- arch/mips/kernel/setup.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/mips/kernel/setup.c b/arch/mips/kernel/setup.c index 563188ac6fa2..c3ca55128926 100644 v2: Correctly compare that usermem is not null. v3: Added/changed position of changelog and fixed sender address. --- a/arch/mips/kernel/setup.c +++ b/arch/mips/kernel/setup.c @@ -371,6 +371,8 @@ static unsigned long __init bootmap_bytes(unsigned long pages) return ALIGN(bytes, sizeof(long)); } +static int usermem __initdata; + static void __init bootmem_init(void) { unsigned long reserved_end; @@ -444,7 +446,7 @@ static void __init bootmem_init(void) /* * Reserve any memory between the start of RAM and PHYS_OFFSET */ - if (ramstart > PHYS_OFFSET) + if (usermem && ramstart > PHYS_OFFSET) add_memory_region(PHYS_OFFSET, ramstart - PHYS_OFFSET, BOOT_MEM_RESERVED); @@ -654,8 +656,6 @@ static void __init bootmem_init(void) * initialization hook for anything else was introduced. */ -static int usermem __initdata; - static int __init early_parse_mem(char *p) { phys_addr_t start, size;

7 years, 2 months

4
3
0 0

[PATCH] x86/mm: Simplify p[g4um]d_page() macros

by Andi Kleen

From: Tom Lendacky <thomas.lendacky(a)amd.com> [backport of fd7e315988b78 from mainline for stable to fix stable crashes suggested by Michael Hocko. Should be applied to 4.9 and 4.4.] Create a pgd_pfn() macro similar to the p[4um]d_pfn() macros and then use the p[g4um]d_pfn() macros in the p[g4um]d_page() macros instead of duplicating the code. Signed-off-by: Tom Lendacky <thomas.lendacky(a)amd.com> Reviewed-by: Thomas Gleixner <tglx(a)linutronix.de> Reviewed-by: Borislav Petkov <bp(a)suse.de> Cc: Alexander Potapenko <glider(a)google.com> Cc: Andrey Ryabinin <aryabinin(a)virtuozzo.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Arnd Bergmann <arnd(a)arndb.de> Cc: Borislav Petkov <bp(a)alien8.de> Cc: Brijesh Singh <brijesh.singh(a)amd.com> Cc: Dave Young <dyoung(a)redhat.com> Cc: Dmitry Vyukov <dvyukov(a)google.com> Cc: Jonathan Corbet <corbet(a)lwn.net> Cc: Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> Cc: Larry Woodman <lwoodman(a)redhat.com> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Matt Fleming <matt(a)codeblueprint.co.uk> Cc: Michael S. Tsirkin <mst(a)redhat.com> Cc: Paolo Bonzini <pbonzini(a)redhat.com> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Radim Krčmář <rkrcmar(a)redhat.com> Cc: Rik van Riel <riel(a)redhat.com> Cc: Toshimitsu Kani <toshi.kani(a)hpe.com> Cc: kasan-dev(a)googlegroups.com Cc: kvm(a)vger.kernel.org Cc: linux-arch(a)vger.kernel.org Cc: linux-doc(a)vger.kernel.org Cc: linux-efi(a)vger.kernel.org Cc: linux-mm(a)kvack.org Link: http://lkml.kernel.org/r/e61eb533a6d0aac941db2723d8aa63ef6b882dee.150031921… [Backported to 4.9 stable by AK, suggested by Michael Hocko] Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Signed-off-by: Andi Kleen <ak(a)linux.intel.com> --- arch/x86/include/asm/pgtable.h | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h index 4de6c282c02a..68a55273ce0f 100644 --- a/arch/x86/include/asm/pgtable.h +++ b/arch/x86/include/asm/pgtable.h @@ -173,6 +173,11 @@ static inline unsigned long pud_pfn(pud_t pud) return (pfn & pud_pfn_mask(pud)) >> PAGE_SHIFT; } +static inline unsigned long pgd_pfn(pgd_t pgd) +{ + return (pgd_val(pgd) & PTE_PFN_MASK) >> PAGE_SHIFT; +} + #define pte_page(pte) pfn_to_page(pte_pfn(pte)) static inline int pmd_large(pmd_t pte) @@ -578,8 +583,7 @@ static inline unsigned long pmd_page_vaddr(pmd_t pmd) * Currently stuck as a macro due to indirect forward reference to * linux/mmzone.h's __section_mem_map_addr() definition: */ -#define pmd_page(pmd) \ - pfn_to_page((pmd_val(pmd) & pmd_pfn_mask(pmd)) >> PAGE_SHIFT) +#define pmd_page(pmd) pfn_to_page(pmd_pfn(pmd)) /* * the pmd page can be thought of an array like this: pmd_t[PTRS_PER_PMD] @@ -647,8 +651,7 @@ static inline unsigned long pud_page_vaddr(pud_t pud) * Currently stuck as a macro due to indirect forward reference to * linux/mmzone.h's __section_mem_map_addr() definition: */ -#define pud_page(pud) \ - pfn_to_page((pud_val(pud) & pud_pfn_mask(pud)) >> PAGE_SHIFT) +#define pud_page(pud) pfn_to_page(pud_pfn(pud)) /* Find an entry in the second-level page table.. */ static inline pmd_t *pmd_offset(pud_t *pud, unsigned long address) @@ -688,7 +691,7 @@ static inline unsigned long pgd_page_vaddr(pgd_t pgd) * Currently stuck as a macro due to indirect forward reference to * linux/mmzone.h's __section_mem_map_addr() definition: */ -#define pgd_page(pgd) pfn_to_page(pgd_val(pgd) >> PAGE_SHIFT) +#define pgd_page(pgd) pfn_to_page(pgd_pfn(pgd)) /* to find an entry in a page-table-directory. */ static inline unsigned long pud_index(unsigned long address) -- 2.17.1

7 years, 2 months

1
0
0 0

[PATCH 1/4] net: macb: Fix regression breaking non-MDIO fixed-link PHYs

by Ahmad Fatoum

The referenced commit broke initializing macb on the EVB-KSZ9477 eval board. There, of_mdiobus_register was called even for the fixed-link representing the SPI-connected switch PHY, with the result that the driver attempts to enumerate PHYs on a non-existent MDIO bus: libphy: MACB_mii_bus: probed mdio_bus f0028000.ethernet-ffffffff: fixed-link has invalid PHY address mdio_bus f0028000.ethernet-ffffffff: scan phy fixed-link at address 0 [snip] mdio_bus f0028000.ethernet-ffffffff: scan phy fixed-link at address 31 macb f0028000.ethernet: broken fixed-link specification Cc: <stable(a)vger.kernel.org> Fixes: 739de9a1563a ("net: macb: Reorganize macb_mii bringup") Signed-off-by: Ahmad Fatoum <a.fatoum(a)pengutronix.de> --- drivers/net/ethernet/cadence/macb_main.c | 27 +++++++++++++++--------- 1 file changed, 17 insertions(+), 10 deletions(-) Fixes since v1: Added one more error path for failing to register fixed-link Fixed a whitespace issue diff --git a/drivers/net/ethernet/cadence/macb_main.c b/drivers/net/ethernet/cadence/macb_main.c index dc09f9a8a49b..ef6ce8691443 100644 --- a/drivers/net/ethernet/cadence/macb_main.c +++ b/drivers/net/ethernet/cadence/macb_main.c @@ -482,11 +482,6 @@ static int macb_mii_probe(struct net_device *dev) if (np) { if (of_phy_is_fixed_link(np)) { - if (of_phy_register_fixed_link(np) < 0) { - dev_err(&bp->pdev->dev, - "broken fixed-link specification\n"); - return -ENODEV; - } bp->phy_node = of_node_get(np); } else { bp->phy_node = of_parse_phandle(np, "phy-handle", 0); @@ -569,7 +564,7 @@ static int macb_mii_init(struct macb *bp) { struct macb_platform_data *pdata; struct device_node *np; - int err; + int err = -ENXIO; /* Enable management port */ macb_writel(bp, NCR, MACB_BIT(MPE)); @@ -592,12 +587,23 @@ static int macb_mii_init(struct macb *bp) dev_set_drvdata(&bp->dev->dev, bp->mii_bus); np = bp->pdev->dev.of_node; - if (pdata) - bp->mii_bus->phy_mask = pdata->phy_mask; + if (np && of_phy_is_fixed_link(np)) { + if (of_phy_register_fixed_link(np) < 0) { + dev_err(&bp->pdev->dev, + "broken fixed-link specification\n"); + goto err_out_free_mdiobus; + } + + err = mdiobus_register(bp->mii_bus); + } else { + if (pdata) + bp->mii_bus->phy_mask = pdata->phy_mask; + + err = of_mdiobus_register(bp->mii_bus, np); + } - err = of_mdiobus_register(bp->mii_bus, np); if (err) - goto err_out_free_mdiobus; + goto err_out_free_fixed_link; err = macb_mii_probe(bp->dev); if (err) @@ -607,6 +613,7 @@ static int macb_mii_init(struct macb *bp) err_out_unregister_bus: mdiobus_unregister(bp->mii_bus); +err_out_free_fixed_link: if (np && of_phy_is_fixed_link(np)) of_phy_deregister_fixed_link(np); err_out_free_mdiobus: -- 2.18.0

7 years, 2 months

2
3
0 0

[PATCH 1/2] drm/nouveau: Fix GM107 disp core chan init on ThinkPad P50

by Lyude Paul

I've been experiencing a rather strange looking bug on the P50 I've got for work. After a number of reboots, nouveau will fail to initialize the dedicated GPU on the system at boot properly. Things start off with this disp mthd failure: ... [ 2.088505] nouveau 0000:01:00.0: disp: outp 04:0006:0f81: aux power -> demand [ 2.088516] nouveau 0000:01:00.0: disp: outp 05:0002:0f81: no heads (0 3 2) [ 2.088620] nouveau 0000:01:00.0: disp: init completed in 329us [ 2.088957] nouveau 0000:01:00.0: disp: chid 0 mthd 0000 data 00000400 00001000 00000002 the failure ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ [ 2.151517] [drm] Supports vblank timestamp caching Rev 2 (21.10.2013). [ 2.151517] [drm] Driver supports precise vblank timestamp query. [ 2.151521] 0088 1 core507d_init [ 2.151522] f0000000 After the error happens, parts of the card start timing out and eventually the GR fails to hold it's golden context and starts timing out: [ 10.163137] ------------[ cut here ]------------ [ 10.163169] nouveau 0000:01:00.0: timeout [ 10.163218] WARNING: CPU: 4 PID: 98 at drivers/gpu/drm/nouveau/nvkm/engine/disp/coregf119.c:181 gf119_disp_core_fini+0xe6/0x140 [nouveau] [ 10.163246] Modules linked in: joydev vfat fat intel_rapl iTCO_wdt x86_pkg_temp_thermal coretemp crc32_pclmul psmouse wmi_bmof i2c_i801 mei_me tpm_tis mei tpm_tis_core tpm thinkpad_acpi pcc_cpufreq ax88179_178a usbnet mii nouveau mxm_wmi i915 ttm i2c_algo_bit drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops crc32c_intel serio_raw xhci_pci drm xhci_hcd i2c_core wmi video [ 10.163330] CPU: 4 PID: 98 Comm: kworker/4:1 Kdump: loaded Not tainted 4.18.0-rc8Lyude-Test+ #7 [ 10.163349] Hardware name: LENOVO 20EQS64N0B/20EQS64N0B, BIOS N1EET78W (1.51 ) 05/18/2018 [ 10.163370] Workqueue: pm pm_runtime_work [ 10.163404] RIP: 0010:gf119_disp_core_fini+0xe6/0x140 [nouveau] [ 10.163418] Code: 5e 41 5f 5d c3 49 8b 7c 24 10 48 8b 5f 50 48 85 db 74 5f e8 1c 5b 0f e1 48 89 da 48 c7 c7 b3 b2 4e a0 48 89 c6 e8 5c bf c8 e0 <0f> 0b 41 8b 47 50 85 c0 74 c6 49 8b 7c 24 78 48 81 c7 90 04 61 00 [ 10.163476] RSP: 0018:ffffc90000a83b00 EFLAGS: 00010286 [ 10.163489] RAX: 0000000000000000 RBX: ffff8808773c6bd0 RCX: 0000000000000006 [ 10.163506] RDX: 0000000000000007 RSI: 0000000000000096 RDI: ffff88089b515570 [ 10.163523] RBP: ffffc90000a83b28 R08: 0000000000000000 R09: 0000000000aaaaaa [ 10.163539] R10: 0000000000000000 R11: 0000000000000001 R12: ffff8808715b2c00 [ 10.163556] R13: ffff88087779d780 R14: 00000001e68f0200 R15: ffff88086f91b000 [ 10.163573] FS: 0000000000000000(0000) GS:ffff88089b500000(0000) knlGS:0000000000000000 [ 10.163591] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 10.163605] CR2: 00007f3d7953d180 CR3: 000000000200a003 CR4: 00000000003606e0 [ 10.163622] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 10.163639] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 10.163655] Call Trace: [ 10.163686] nv50_disp_chan_fini+0x23/0x40 [nouveau] [ 10.163711] nvkm_object_fini+0xbf/0x150 [nouveau] [ 10.163735] nvkm_object_fini+0x76/0x150 [nouveau] [ 10.163759] nvkm_object_fini+0x76/0x150 [nouveau] [ 10.163783] nvkm_object_fini+0x76/0x150 [nouveau] [ 10.163807] nvkm_object_fini+0x76/0x150 [nouveau] [ 10.163840] nvkm_client_suspend+0x13/0x20 [nouveau] [ 10.163864] nvif_client_suspend+0x1d/0x20 [nouveau] [ 10.163898] nouveau_do_suspend+0x113/0x310 [nouveau] [ 10.163931] nouveau_pmops_runtime_suspend+0x57/0xe0 [nouveau] [ 10.163947] ? pci_has_legacy_pm_support+0x70/0x70 [ 10.163960] pci_pm_runtime_suspend+0x6b/0x180 [ 10.163972] ? pci_has_legacy_pm_support+0x70/0x70 [ 10.163985] ? pci_has_legacy_pm_support+0x70/0x70 [ 10.163997] __rpm_callback+0xcc/0x1e0 [ 10.164009] ? __switch_to_asm+0x40/0x70 [ 10.164020] ? pci_has_legacy_pm_support+0x70/0x70 [ 10.164033] rpm_callback+0x24/0x80 [ 10.164043] ? pci_has_legacy_pm_support+0x70/0x70 [ 10.164055] rpm_suspend+0x142/0x600 [ 10.164066] ? __switch_to_asm+0x40/0x70 [ 10.164100] pm_runtime_work+0x79/0x90 [ 10.164112] process_one_work+0x1b2/0x370 [ 10.164140] worker_thread+0x37/0x3a0 [ 10.164150] kthread+0x120/0x140 [ 10.164160] ? wq_update_unbound_numa+0x10/0x10 [ 10.164172] ? kthread_create_worker_on_cpu+0x70/0x70 [ 10.164186] ret_from_fork+0x35/0x40 [ 10.164196] ---[ end trace d5c556c207f0c26b ]--- You'll notice from those traces that the very first evo kick happens /after/ the mthd failure on the display channel, not before. Additionally, there is no point at this part of the initialization process where we actually call mthd 0000 from nouveau. Upon closer inspection, I discovered that this mysterious phantom disp failure seems to be the result of someone else (probably the VBIOS or the BIOS of the P50) leaving the disp core channel enabled by the time nouveau begins to start initializing it. This was confirmed by observing that the 0x610490 register holds a value of 0x490a009b when the card is in this broken state, as opposed to the usual 0x48070088 or 0x48000088 observed on most cards pre-init. It appears we can fix this by checking for the unknown mask 0x000a0000, and simply shutting down the channel like we normally would on suspend or driver unload before we start trying to initialize it. This appears to be close to what nouveau does for older cards, as a similar workaround can be seen in nv50_disp_core_init(). Unfortunately, I'm still not entirely clear on what conditions actually cause this problem to be reproduced. Everyone else I've talked to so far with a P50 doesn't report ever having hit this issue. As well, I haven't managed to find a clear reproducer for this besides rebooting the machine until the bug happens, while alternating between booting while docked and while on battery every so often. This fixes most random initialization errors on my ThinkPad P50 with a GM107 GPU. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: Karol Herbst <kherbst(a)redhat.com> Cc: stable(a)vger.kernel.org --- .../drm/nouveau/nvkm/engine/disp/coregf119.c | 21 +++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/nouveau/nvkm/engine/disp/coregf119.c b/drivers/gpu/drm/nouveau/nvkm/engine/disp/coregf119.c index d162b9cf4eac..7534b5e9246f 100644 --- a/drivers/gpu/drm/nouveau/nvkm/engine/disp/coregf119.c +++ b/drivers/gpu/drm/nouveau/nvkm/engine/disp/coregf119.c @@ -166,8 +166,8 @@ gf119_disp_core_mthd = { } }; -void -gf119_disp_core_fini(struct nv50_disp_chan *chan) +static bool +gf119_disp_core_deactivate(struct nv50_disp_chan *chan) { struct nvkm_subdev *subdev = &chan->disp->base.engine.subdev; struct nvkm_device *device = subdev->device; @@ -181,7 +181,16 @@ gf119_disp_core_fini(struct nv50_disp_chan *chan) ) < 0) { nvkm_error(subdev, "core fini: %08x\n", nvkm_rd32(device, 0x610490)); + return false; } + + return true; +} + +void +gf119_disp_core_fini(struct nv50_disp_chan *chan) +{ + gf119_disp_core_deactivate(chan); } static int @@ -190,6 +199,14 @@ gf119_disp_core_init(struct nv50_disp_chan *chan) struct nvkm_subdev *subdev = &chan->disp->base.engine.subdev; struct nvkm_device *device = subdev->device; + /* attempt to unstick the channel from some unknown state */ + if ((nvkm_rd32(device, 0x610490) & 0x000a0000) == 0x000a0000 && + WARN_ON(!gf119_disp_core_deactivate(chan))) { + + nvkm_error(subdev, "core won't shut down, aborting\n"); + return -EBUSY; + } + /* initialise channel for dma command submission */ nvkm_wr32(device, 0x610494, chan->push); nvkm_wr32(device, 0x610498, 0x00010000); -- 2.17.1

7 years, 2 months

1
0
0 0

[PATCH] mtd: m25p80: consider max message size when use the spi_mem_xx() API

by Chuanhua Han

Signed-off-by: Chuanhua Han <chuanhua.han(a)nxp.com> --- Changes in v2: - Place the adjusted transfer bytes code in spi_mem_adjust_op_size() and check spi_max_message_size(mem->spi) value before subtracting opcode, addr and dummy bytes. *fixes: spi: Extend the core to ease integration of SPI memory controllers --- drivers/spi/spi-mem.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/drivers/spi/spi-mem.c b/drivers/spi/spi-mem.c index 990770d..f5e75d1 100644 --- a/drivers/spi/spi-mem.c +++ b/drivers/spi/spi-mem.c @@ -328,10 +328,21 @@ EXPORT_SYMBOL_GPL(spi_mem_exec_op); int spi_mem_adjust_op_size(struct spi_mem *mem, struct spi_mem_op *op) { struct spi_controller *ctlr = mem->spi->controller; + unsigned long val = sizeof(op->cmd.opcode) + + op->addr.nbytes + + op->dummy.nbytes; if (ctlr->mem_ops && ctlr->mem_ops->adjust_op_size) return ctlr->mem_ops->adjust_op_size(mem, op); + if (spi_max_message_size(mem->spi) < val) + return -EINVAL; + + if (!ctlr->mem_ops || !ctlr->mem_ops->exec_op) + op->data.nbytes = min3((unsigned long)op->data.nbytes, + spi_max_transfer_size(mem->spi), + spi_max_message_size(mem->spi) - val); + return 0; } EXPORT_SYMBOL_GPL(spi_mem_adjust_op_size); -- 2.7.4

7 years, 2 months

4
3
0 0

[PATCH] x86/speculation/l1tf: fix overflow on l1tf_pfn_limit() on 32bit

by Vlastimil Babka

On 32bit PAE kernels on 64bit hardware with enough physical bits, l1tf_pfn_limit() will overflow unsigned long. This in turn affects max_swapfile_size() and can lead to swapon returning -EINVAL. This has been observed in a 32bit guest with 42 bits physical address size, where max_swapfile_size() overflows exactly to 1 << 32, thus zero, and produces the following warning to dmesg: [ 6.396845] Truncating oversized swap area, only using 0k out of 2047996k Fix this by using unsigned long long instead. Reported-by: Dominique Leuenberger <dimstar(a)suse.de> Reported-by: Adrian Schroeter <adrian(a)suse.de> Fixes: 17dbca119312 ("x86/speculation/l1tf: Add sysfs reporting for l1tf") Fixes: 377eeaa8e11f ("x86/speculation/l1tf: Limit swap file size to MAX_PA/2") Cc: stable(a)vger.kernel.org Signed-off-by: Vlastimil Babka <vbabka(a)suse.cz> --- arch/x86/include/asm/processor.h | 4 ++-- arch/x86/mm/init.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h index 682286aca881..a0a52274cb4a 100644 --- a/arch/x86/include/asm/processor.h +++ b/arch/x86/include/asm/processor.h @@ -181,9 +181,9 @@ extern const struct seq_operations cpuinfo_op; extern void cpu_detect(struct cpuinfo_x86 *c); -static inline unsigned long l1tf_pfn_limit(void) +static inline unsigned long long l1tf_pfn_limit(void) { - return BIT(boot_cpu_data.x86_phys_bits - 1 - PAGE_SHIFT) - 1; + return BIT_ULL(boot_cpu_data.x86_phys_bits - 1 - PAGE_SHIFT) - 1; } extern void early_cpu_init(void); diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c index acfab322fbe0..02de3d6065c4 100644 --- a/arch/x86/mm/init.c +++ b/arch/x86/mm/init.c @@ -923,7 +923,7 @@ unsigned long max_swapfile_size(void) if (boot_cpu_has_bug(X86_BUG_L1TF)) { /* Limit the swap file size to MAX_PA/2 for L1TF workaround */ - unsigned long l1tf_limit = l1tf_pfn_limit() + 1; + unsigned long long l1tf_limit = l1tf_pfn_limit() + 1; /* * We encode swap offsets also with 3 bits below those for pfn * which makes the usable limit higher. @@ -931,7 +931,7 @@ unsigned long max_swapfile_size(void) #if CONFIG_PGTABLE_LEVELS > 2 l1tf_limit <<= PAGE_SHIFT - SWP_OFFSET_FIRST_BIT; #endif - pages = min_t(unsigned long, l1tf_limit, pages); + pages = min_t(unsigned long long, l1tf_limit, pages); } return pages; } -- 2.18.0

7 years, 2 months

3
6
0 0

[BUG]smt sysfs dir missing on 4.4.148 and 4.14.63

by Jinpu Wang

Hi Greg, hi Thomas, I noticed /sys/devices/system/cpu/smt dir is missing on 4.4.148 and 4.14.63, default setting. Tried stable/master branch 31130a16d459 ("Merge tag 'for-linus-4.19-rc1-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip") It's the same there. When boot with 'nosmt' kernel paramter kernel 4.14.63 panic during boot, 4.4.148 boot fine. The call trace seem irq related, is it known bug? Thanks -- Jack Wang Linux Kernel Developer ProfitBricks GmbH Greifswalder Str. 207 D - 10405 Berlin Tel: +49 30 577 008 042 Fax: +49 30 577 008 299 Email: jinpu.wang(a)profitbricks.com URL: https://www.profitbricks.de Sitz der Gesellschaft: Berlin Registergericht: Amtsgericht Charlottenburg, HRB 125506 B Geschäftsführer: Achim Weiss, Matthias Steinberg, Christoph Steffens

7 years, 2 months

3
12
0 0

[PATCH] mtd: m25p80: consider max message size when use the spi_mem_xx() API

by Chuanhua Han

Signed-off-by: Chuanhua Han <chuanhua.han(a)nxp.com> --- Changes in v3: Rename variable name "val" to "opcode_addr_dummy_sum". Place the legitimacy of the transfer size(i.e., "pi_max_message_size(mem->spi)" and "opcode_addr_dummy_sum") into "if (! ctlr - > mem_ops | |! ctlr-> mem_ops->exec_op) {" structure and add "spi_max_transfer_size(mem->spi) and opcode_addr_dummy_sum". Adjust the formatting alignment of your code. "(unsigned long)op->data.nbytes" was modified to "(unsigned long)(op->data.nbytes)". Fixes: c36ff266dc82 ("spi: Extend the core to ease integration of SPI memory controllers") --- drivers/spi/spi-mem.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/drivers/spi/spi-mem.c b/drivers/spi/spi-mem.c index 990770d..5ec2bc9 100644 --- a/drivers/spi/spi-mem.c +++ b/drivers/spi/spi-mem.c @@ -328,10 +328,24 @@ EXPORT_SYMBOL_GPL(spi_mem_exec_op); int spi_mem_adjust_op_size(struct spi_mem *mem, struct spi_mem_op *op) { struct spi_controller *ctlr = mem->spi->controller; + unsigned long opcode_addr_dummy_sum = sizeof(op->cmd.opcode) + + op->addr.nbytes + + op->dummy.nbytes; if (ctlr->mem_ops && ctlr->mem_ops->adjust_op_size) return ctlr->mem_ops->adjust_op_size(mem, op); + if (!ctlr->mem_ops || !ctlr->mem_ops->exec_op) { + if (spi_max_message_size(mem->spi) < opcode_addr_dummy_sum || + spi_max_transfer_size(mem->spi) < opcode_addr_dummy_sum) + return -EINVAL; + + op->data.nbytes = min3((unsigned long)(op->data.nbytes), + spi_max_transfer_size(mem->spi), + spi_max_message_size(mem->spi) - + opcode_addr_dummy_sum); + } + return 0; } EXPORT_SYMBOL_GPL(spi_mem_adjust_op_size); -- 2.7.4

7 years, 2 months

3
2
0 0

[PATCH] net: macb: Fix regression breaking non-MDIO fixed-link PHYs

by Ahmad Fatoum

The referenced commit broke initializing macb on the EVB-KSZ9477 eval board. There, of_mdiobus_register was called even for the fixed-link representing the SPI-connected switch PHY, with the result that the driver attempts to enumerate PHYs on a non-existent MDIO bus: libphy: MACB_mii_bus: probed mdio_bus f0028000.ethernet-ffffffff: fixed-link has invalid PHY address mdio_bus f0028000.ethernet-ffffffff: scan phy fixed-link at address 0 [snip] mdio_bus f0028000.ethernet-ffffffff: scan phy fixed-link at address 31 macb f0028000.ethernet: broken fixed-link specification Cc: <stable(a)vger.kernel.org> Fixes: 739de9a1563a ("net: macb: Reorganize macb_mii bringup") Signed-off-by: Ahmad Fatoum <a.fatoum(a)pengutronix.de> --- drivers/net/ethernet/cadence/macb_main.c | 26 +++++++++++++++--------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/drivers/net/ethernet/cadence/macb_main.c b/drivers/net/ethernet/cadence/macb_main.c index a6c911bb5ce2..d202a03c42ed 100644 --- a/drivers/net/ethernet/cadence/macb_main.c +++ b/drivers/net/ethernet/cadence/macb_main.c @@ -481,11 +481,6 @@ static int macb_mii_probe(struct net_device *dev) if (np) { if (of_phy_is_fixed_link(np)) { - if (of_phy_register_fixed_link(np) < 0) { - dev_err(&bp->pdev->dev, - "broken fixed-link specification\n"); - return -ENODEV; - } bp->phy_node = of_node_get(np); } else { bp->phy_node = of_parse_phandle(np, "phy-handle", 0); @@ -568,7 +563,7 @@ static int macb_mii_init(struct macb *bp) { struct macb_platform_data *pdata; struct device_node *np; - int err; + int err = -ENXIO; /* Enable management port */ macb_writel(bp, NCR, MACB_BIT(MPE)); @@ -591,10 +586,21 @@ static int macb_mii_init(struct macb *bp) dev_set_drvdata(&bp->dev->dev, bp->mii_bus); np = bp->pdev->dev.of_node; - if (pdata) - bp->mii_bus->phy_mask = pdata->phy_mask; + if (np && of_phy_is_fixed_link(np)) { + if (of_phy_register_fixed_link(np) < 0) { + dev_err(&bp->pdev->dev, + "broken fixed-link specification\n"); + goto err_out_free_mdiobus; + } + + err = mdiobus_register(bp->mii_bus); + } else { + if (pdata) + bp->mii_bus->phy_mask = pdata->phy_mask; + + err = of_mdiobus_register(bp->mii_bus, np); + } - err = of_mdiobus_register(bp->mii_bus, np); if (err) goto err_out_free_mdiobus; @@ -606,9 +612,9 @@ static int macb_mii_init(struct macb *bp) err_out_unregister_bus: mdiobus_unregister(bp->mii_bus); +err_out_free_mdiobus: if (np && of_phy_is_fixed_link(np)) of_phy_deregister_fixed_link(np); -err_out_free_mdiobus: of_node_put(bp->phy_node); mdiobus_free(bp->mii_bus); err_out: -- 2.18.0

7 years, 2 months

5
8
0 0

[PATCH v2 1/2] i2c: core: ACPI: Properly set status byte to 0 for multi-byte writes

by Hans de Goede

acpi_gsb_i2c_write_bytes() returns i2c_transfer()'s return value, which is the number of transfers executed on success, so 1. The ACPI code expects us to store 0 in gsb->status for success, not 1. Specifically this breaks the following code in the Thinkpad 8 DSDT: ECWR = I2CW = ECWR /* \_SB_.I2C1.BAT0.ECWR */ If ((ECST == Zero)) { ECRD = I2CR /* \_SB_.I2C1.I2CR */ } Before this commit we set ECST to 1, causing the read to never happen breaking battery monitoring on the Thinkpad 8. This commit makes acpi_gsb_i2c_write_bytes() return 0 when i2c_transfer() returns 1, so the single write transfer completed successfully, and makes it return -EIO on for other (unexpected) return values >= 0. Cc: stable(a)vger.kernel.org Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> --- Changes in v2: -Modify the value which acpi_gsb_i2c_write_bytes() returns instead of checking + modifying the return value in its caller --- drivers/i2c/i2c-core-acpi.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/drivers/i2c/i2c-core-acpi.c b/drivers/i2c/i2c-core-acpi.c index 7c3b4740b94b..b8f303dea305 100644 --- a/drivers/i2c/i2c-core-acpi.c +++ b/drivers/i2c/i2c-core-acpi.c @@ -482,11 +482,16 @@ static int acpi_gsb_i2c_write_bytes(struct i2c_client *client, msgs[0].buf = buffer; ret = i2c_transfer(client->adapter, msgs, ARRAY_SIZE(msgs)); - if (ret < 0) - dev_err(&client->adapter->dev, "i2c write failed\n"); kfree(buffer); - return ret; + + if (ret < 0) { + dev_err(&client->adapter->dev, "i2c write failed: %d\n", ret); + return ret; + } + + /* 1 transfer must have completed successfully */ + return (ret == 1) ? 0 : -EIO; } static acpi_status -- 2.18.0

7 years, 2 months

4
4
0 0

[PATCH] drm: sun4i: exclusively set HDMI-related clocks for dw-hdmi

by Icenowy Zheng

The glue in sun4i-drm of dw-hdmi currently doesn't set the clocks of dw-hdmi exclusively, which will lead the display fails to initialize in some situations. Add the exclusivity to sun8i-dw-hdmi and sun8i-hdmi-phy. Cc: stable(a)vger.kernel.org # v4.17+ Signed-off-by: Icenowy Zheng <icenowy(a)aosc.io> --- drivers/gpu/drm/sun4i/sun8i_dw_hdmi.c | 11 ++++++++++- drivers/gpu/drm/sun4i/sun8i_hdmi_phy.c | 7 +++++-- 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/drivers/gpu/drm/sun4i/sun8i_dw_hdmi.c b/drivers/gpu/drm/sun4i/sun8i_dw_hdmi.c index 31875b636434..a10220518548 100644 --- a/drivers/gpu/drm/sun4i/sun8i_dw_hdmi.c +++ b/drivers/gpu/drm/sun4i/sun8i_dw_hdmi.c @@ -137,10 +137,16 @@ static int sun8i_dw_hdmi_bind(struct device *dev, struct device *master, goto err_assert_ctrl_reset; } + ret = clk_rate_exclusive_get(hdmi->clk_tmds); + if (ret) { + dev_err(dev, "Could not get exclusivity over the tmds clock\n"); + goto err_disable_clk_tmds; + } + phy_node = of_parse_phandle(dev->of_node, "phys", 0); if (!phy_node) { dev_err(dev, "Can't found PHY phandle\n"); - goto err_disable_clk_tmds; + goto err_put_clk_tmds_exclusivity; } ret = sun8i_hdmi_phy_probe(hdmi, phy_node); @@ -179,6 +185,8 @@ static int sun8i_dw_hdmi_bind(struct device *dev, struct device *master, cleanup_encoder: drm_encoder_cleanup(encoder); sun8i_hdmi_phy_remove(hdmi); +err_put_clk_tmds_exclusivity: + clk_rate_exclusive_put(hdmi->clk_tmds); err_disable_clk_tmds: clk_disable_unprepare(hdmi->clk_tmds); err_assert_ctrl_reset: @@ -194,6 +202,7 @@ static void sun8i_dw_hdmi_unbind(struct device *dev, struct device *master, dw_hdmi_unbind(hdmi->hdmi); sun8i_hdmi_phy_remove(hdmi); + clk_rate_exclusive_put(hdmi->clk_tmds); clk_disable_unprepare(hdmi->clk_tmds); reset_control_assert(hdmi->rst_ctrl); } diff --git a/drivers/gpu/drm/sun4i/sun8i_hdmi_phy.c b/drivers/gpu/drm/sun4i/sun8i_hdmi_phy.c index 82502b351aec..1e0b1d9bc0fb 100644 --- a/drivers/gpu/drm/sun4i/sun8i_hdmi_phy.c +++ b/drivers/gpu/drm/sun4i/sun8i_hdmi_phy.c @@ -511,13 +511,14 @@ int sun8i_hdmi_phy_probe(struct sun8i_dw_hdmi *hdmi, struct device_node *node) } clk_prepare_enable(phy->clk_phy); + clk_rate_exclusive_get(phy->clk_phy); } phy->rst_phy = of_reset_control_get_shared(node, "phy"); if (IS_ERR(phy->rst_phy)) { dev_err(dev, "Could not get phy reset control\n"); ret = PTR_ERR(phy->rst_phy); - goto err_disable_clk_phy; + goto err_put_clk_phy_exclusivity; } ret = reset_control_deassert(phy->rst_phy); @@ -548,7 +549,8 @@ int sun8i_hdmi_phy_probe(struct sun8i_dw_hdmi *hdmi, struct device_node *node) reset_control_assert(phy->rst_phy); err_put_rst_phy: reset_control_put(phy->rst_phy); -err_disable_clk_phy: +err_put_clk_phy_exclusivity: + clk_rate_exclusive_put(phy->clk_phy); clk_disable_unprepare(phy->clk_phy); err_put_clk_pll1: clk_put(phy->clk_pll1); @@ -568,6 +570,7 @@ void sun8i_hdmi_phy_remove(struct sun8i_dw_hdmi *hdmi) clk_disable_unprepare(phy->clk_mod); clk_disable_unprepare(phy->clk_bus); + clk_rate_exclusive_put(phy->clk_phy); clk_disable_unprepare(phy->clk_phy); reset_control_assert(phy->rst_phy); -- 2.18.0

7 years, 2 months

3
5
0 0

[PATCH v2] drm/i915: Increase LSPCON timeout

by Fredrik Schön

100 ms is not enough time for the LSPCON adapter on Intel NUC devices to settle. This causes dropped display modes at boot or screen reconfiguration. Empirical testing can reproduce the error up to a timeout of 190 ms. Basic boot and stress testing at 200 ms has not (yet) failed. Increase timeout to 400 ms to get some margin of error. Changes from v1: The initial suggestion of 1000 ms was lowered due to concerns about delaying valid timeout cases. Update patch metadata. Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=107503 Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1570392 Fixes: 357c0ae9198a ("drm/i915/lspcon: Wait for expected LSPCON mode to settle") Cc: Shashank Sharma <shashank.sharma(a)intel.com> Cc: Imre Deak <imre.deak(a)intel.com> Cc: Jani Nikula <jani.nikula(a)intel.com> Cc: <stable(a)vger.kernel.org> # v4.11+ Reviewed-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Signed-off-by: Fredrik Schön <fredrik.schon(a)gmail.com> --- drivers/gpu/drm/i915/intel_lspcon.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/i915/intel_lspcon.c b/drivers/gpu/drm/i915/intel_lspcon.c index 8ae8f42f430a..6b6758419fb3 100644 --- a/drivers/gpu/drm/i915/intel_lspcon.c +++ b/drivers/gpu/drm/i915/intel_lspcon.c @@ -74,7 +74,7 @@ static enum drm_lspcon_mode lspcon_wait_mode(struct intel_lspcon *lspcon, DRM_DEBUG_KMS("Waiting for LSPCON mode %s to settle\n", lspcon_mode_name(mode)); - wait_for((current_mode = lspcon_get_current_mode(lspcon)) == mode, 100); + wait_for((current_mode = lspcon_get_current_mode(lspcon)) == mode, 400); if (current_mode != mode) DRM_ERROR("LSPCON mode hasn't settled\n"); -- 2.17.1

7 years, 2 months

3
2
0 0

[PATCH] mac80211: don't update the PM state of a peer upon a multicast frame

by Emmanuel Grumbach

I changed the way mac80211 updates the PM state of the peer. I forgot that we could also have multicast frames from the peer and that those frame should of course not change the PM state of the peer: A peer goes to power save when it needs to scan, but it won't send the broadcast Probe Request with the PM bit set. This made us mark the peer as awake when it wasn't and then Intel's firmware would fail to transmit because the peer is asleep according to its database. The driver warned about this and it looked like this: WARNING: CPU: 0 PID: 184 at /usr/src/linux-4.16.14/drivers/net/wireless/intel/iwlwifi/mvm/tx.c:1369 iwl_mvm_rx_tx_cmd+0x53b/0x860 CPU: 0 PID: 184 Comm: irq/124-iwlwifi Not tainted 4.16.14 #1 RIP: 0010:iwl_mvm_rx_tx_cmd+0x53b/0x860 Call Trace: iwl_pcie_rx_handle+0x220/0x880 iwl_pcie_irq_handler+0x6c9/0xa20 ? irq_forced_thread_fn+0x60/0x60 ? irq_thread_dtor+0x90/0x90 The relevant code that spits the WARNING is: case TX_STATUS_FAIL_DEST_PS: /* the FW should have stopped the queue and not * return this status */ WARN_ON(1); info->flags |= IEEE80211_TX_STAT_TX_FILTERED; This fixes https://bugzilla.kernel.org/show_bug.cgi?id=199967. Fixes: 9fef65443388 ("mac80211: always update the PM state of a peer on MGMT / DATA frames") Cc: <stable(a)vger.kernel.org> #4.16+ Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> --- net/mac80211/rx.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c index a16ba56..3cf6027 100644 --- a/net/mac80211/rx.c +++ b/net/mac80211/rx.c @@ -1728,6 +1728,7 @@ ieee80211_rx_h_sta_process(struct ieee80211_rx_data *rx) */ if (!ieee80211_hw_check(&sta->local->hw, AP_LINK_PS) && !ieee80211_has_morefrags(hdr->frame_control) && + !is_multicast_ether_addr(hdr->addr1) && (ieee80211_is_mgmt(hdr->frame_control) || ieee80211_is_data(hdr->frame_control)) && !(status->rx_flags & IEEE80211_RX_DEFERRED_RELEASE) && -- 2.7.4

7 years, 2 months

1
0
0 0

Add "regulator: arizona-ldo1: Use correct device to get enable GPIO" to 4.18 stable tree

by Matthias Reichl

It seems the arizona-ldo1 ldoena fix hasn't made it into 4.18. It was added to 4.19/mainline, though: commit a9191579ba1086d91842199263e6fe6bb5eec1ba Author: Charles Keepax <ckeepax(a)opensource.cirrus.com> Date: Tue Jun 19 16:10:00 2018 +0100 regulator: arizona-ldo1: Use correct device to get enable GPIO Could you please add this commit to the 4.18 stable queue? Without this fix LDO control via GPIO is broken and Arizona devices can't be used as no power is applied. I tested locally with a WM5102 (Cirrus Logic Audio Card on RPi), with stock 4.18 tree device detection fails: [ 6.075981] arizona spi0.1: Unknown device ID: 0 with this commit added to 4.18 the WM5102 is detected fine: [ 6.060887] arizona spi0.1: WM5102 revision C so long & thanks, Hias

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] media: gl861: fix probe of dvb_usb_gl861" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 48db0089bff6f9154f6bd98ce7a6ae3786fa8ebe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mika=20B=C3=A5tsman?= <mika.batsman(a)gmail.com> Date: Wed, 16 May 2018 16:32:19 -0400 Subject: [PATCH] media: gl861: fix probe of dvb_usb_gl861 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Probe of dvb_usb_gl861 was working at least with v4.4. Noticed the issue with v4.13 but according to similar issues the problem started with v4.9. [ 15.288065] transfer buffer not dma capable [ 15.288090] WARNING: CPU: 2 PID: 493 at drivers/usb/core/hcd.c:1595 usb_hcd_map_urb_for_dma+0x4e2/0x640 ...CUT... [ 15.288791] dvb_usb_gl861: probe of 3-7:1.0 failed with error -5 Tested with MSI Mega Sky 580 DVB-T Tuner [GL861] [mchehab+samsung(a)kernel.org: rebased on the top of upstream] Cc: stable(a)vger.kernel.org Signed-off-by: Mika Båtsman <mika.batsman(a)gmail.com> Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> diff --git a/drivers/media/usb/dvb-usb-v2/gl861.c b/drivers/media/usb/dvb-usb-v2/gl861.c index 9d154fdae45b..fee4b30df778 100644 --- a/drivers/media/usb/dvb-usb-v2/gl861.c +++ b/drivers/media/usb/dvb-usb-v2/gl861.c @@ -26,10 +26,14 @@ static int gl861_i2c_msg(struct dvb_usb_device *d, u8 addr, if (wo) { req = GL861_REQ_I2C_WRITE; type = GL861_WRITE; + buf = kmemdup(wbuf, wlen, GFP_KERNEL); } else { /* rw */ req = GL861_REQ_I2C_READ; type = GL861_READ; + buf = kmalloc(rlen, GFP_KERNEL); } + if (!buf) + return -ENOMEM; switch (wlen) { case 1: @@ -42,24 +46,19 @@ static int gl861_i2c_msg(struct dvb_usb_device *d, u8 addr, default: dev_err(&d->udev->dev, "%s: wlen=%d, aborting\n", KBUILD_MODNAME, wlen); + kfree(buf); return -EINVAL; } - buf = NULL; - if (rlen > 0) { - buf = kmalloc(rlen, GFP_KERNEL); - if (!buf) - return -ENOMEM; - } + usleep_range(1000, 2000); /* avoid I2C errors */ ret = usb_control_msg(d->udev, usb_rcvctrlpipe(d->udev, 0), req, type, value, index, buf, rlen, 2000); - if (rlen > 0) { - if (ret > 0) - memcpy(rbuf, buf, rlen); - kfree(buf); - } + if (!wo && ret > 0) + memcpy(rbuf, buf, rlen); + + kfree(buf); return ret; }

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] media: gl861: fix probe of dvb_usb_gl861" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 48db0089bff6f9154f6bd98ce7a6ae3786fa8ebe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mika=20B=C3=A5tsman?= <mika.batsman(a)gmail.com> Date: Wed, 16 May 2018 16:32:19 -0400 Subject: [PATCH] media: gl861: fix probe of dvb_usb_gl861 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Probe of dvb_usb_gl861 was working at least with v4.4. Noticed the issue with v4.13 but according to similar issues the problem started with v4.9. [ 15.288065] transfer buffer not dma capable [ 15.288090] WARNING: CPU: 2 PID: 493 at drivers/usb/core/hcd.c:1595 usb_hcd_map_urb_for_dma+0x4e2/0x640 ...CUT... [ 15.288791] dvb_usb_gl861: probe of 3-7:1.0 failed with error -5 Tested with MSI Mega Sky 580 DVB-T Tuner [GL861] [mchehab+samsung(a)kernel.org: rebased on the top of upstream] Cc: stable(a)vger.kernel.org Signed-off-by: Mika Båtsman <mika.batsman(a)gmail.com> Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> diff --git a/drivers/media/usb/dvb-usb-v2/gl861.c b/drivers/media/usb/dvb-usb-v2/gl861.c index 9d154fdae45b..fee4b30df778 100644 --- a/drivers/media/usb/dvb-usb-v2/gl861.c +++ b/drivers/media/usb/dvb-usb-v2/gl861.c @@ -26,10 +26,14 @@ static int gl861_i2c_msg(struct dvb_usb_device *d, u8 addr, if (wo) { req = GL861_REQ_I2C_WRITE; type = GL861_WRITE; + buf = kmemdup(wbuf, wlen, GFP_KERNEL); } else { /* rw */ req = GL861_REQ_I2C_READ; type = GL861_READ; + buf = kmalloc(rlen, GFP_KERNEL); } + if (!buf) + return -ENOMEM; switch (wlen) { case 1: @@ -42,24 +46,19 @@ static int gl861_i2c_msg(struct dvb_usb_device *d, u8 addr, default: dev_err(&d->udev->dev, "%s: wlen=%d, aborting\n", KBUILD_MODNAME, wlen); + kfree(buf); return -EINVAL; } - buf = NULL; - if (rlen > 0) { - buf = kmalloc(rlen, GFP_KERNEL); - if (!buf) - return -ENOMEM; - } + usleep_range(1000, 2000); /* avoid I2C errors */ ret = usb_control_msg(d->udev, usb_rcvctrlpipe(d->udev, 0), req, type, value, index, buf, rlen, 2000); - if (rlen > 0) { - if (ret > 0) - memcpy(rbuf, buf, rlen); - kfree(buf); - } + if (!wo && ret > 0) + memcpy(rbuf, buf, rlen); + + kfree(buf); return ret; }

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] media: gl861: fix probe of dvb_usb_gl861" failed to apply to 4.17-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.17-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 48db0089bff6f9154f6bd98ce7a6ae3786fa8ebe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mika=20B=C3=A5tsman?= <mika.batsman(a)gmail.com> Date: Wed, 16 May 2018 16:32:19 -0400 Subject: [PATCH] media: gl861: fix probe of dvb_usb_gl861 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Probe of dvb_usb_gl861 was working at least with v4.4. Noticed the issue with v4.13 but according to similar issues the problem started with v4.9. [ 15.288065] transfer buffer not dma capable [ 15.288090] WARNING: CPU: 2 PID: 493 at drivers/usb/core/hcd.c:1595 usb_hcd_map_urb_for_dma+0x4e2/0x640 ...CUT... [ 15.288791] dvb_usb_gl861: probe of 3-7:1.0 failed with error -5 Tested with MSI Mega Sky 580 DVB-T Tuner [GL861] [mchehab+samsung(a)kernel.org: rebased on the top of upstream] Cc: stable(a)vger.kernel.org Signed-off-by: Mika Båtsman <mika.batsman(a)gmail.com> Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> diff --git a/drivers/media/usb/dvb-usb-v2/gl861.c b/drivers/media/usb/dvb-usb-v2/gl861.c index 9d154fdae45b..fee4b30df778 100644 --- a/drivers/media/usb/dvb-usb-v2/gl861.c +++ b/drivers/media/usb/dvb-usb-v2/gl861.c @@ -26,10 +26,14 @@ static int gl861_i2c_msg(struct dvb_usb_device *d, u8 addr, if (wo) { req = GL861_REQ_I2C_WRITE; type = GL861_WRITE; + buf = kmemdup(wbuf, wlen, GFP_KERNEL); } else { /* rw */ req = GL861_REQ_I2C_READ; type = GL861_READ; + buf = kmalloc(rlen, GFP_KERNEL); } + if (!buf) + return -ENOMEM; switch (wlen) { case 1: @@ -42,24 +46,19 @@ static int gl861_i2c_msg(struct dvb_usb_device *d, u8 addr, default: dev_err(&d->udev->dev, "%s: wlen=%d, aborting\n", KBUILD_MODNAME, wlen); + kfree(buf); return -EINVAL; } - buf = NULL; - if (rlen > 0) { - buf = kmalloc(rlen, GFP_KERNEL); - if (!buf) - return -ENOMEM; - } + usleep_range(1000, 2000); /* avoid I2C errors */ ret = usb_control_msg(d->udev, usb_rcvctrlpipe(d->udev, 0), req, type, value, index, buf, rlen, 2000); - if (rlen > 0) { - if (ret > 0) - memcpy(rbuf, buf, rlen); - kfree(buf); - } + if (!wo && ret > 0) + memcpy(rbuf, buf, rlen); + + kfree(buf); return ret; }

7 years, 2 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror