- Linux-stable-mirror - lists.linaro.org

[PATCH 4.18 000/168] 4.18.13-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.18.13 release. There are 168 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed Oct 10 17:55:44 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.18.13-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.18.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.18.13-rc1 Song Liu <songliubraving(a)fb.com> ixgbe: check return value of napi_complete_done() Anisse Astier <anisse(a)astier.eu> HID: i2c-hid: disable runtime PM operations on hantick touchpad Ashish Samant <ashish.samant(a)oracle.com> ocfs2: fix locking for res->tracking and dlm->tracking_list Jann Horn <jannh(a)google.com> proc: restrict kernel stack dumps to root Vitaly Kuznetsov <vkuznets(a)redhat.com> tools: hv: fcopy: set 'error' in case an unknown operation was requested Dexuan Cui <decui(a)microsoft.com> Drivers: hv: vmbus: Use get/put_cpu() in vmbus_connect() Ricardo Ribalda Delgado <ricardo.ribalda(a)gmail.com> gpiolib: Free the last requested descriptor Horia Geantă <horia.geanta(a)nxp.com> crypto: caam/jr - fix ablkcipher_edesc pointer arithmetic Leonard Crestez <leonard.crestez(a)nxp.com> crypto: mxs-dcp - Fix wait logic on chan threads Harsh Jain <harsh(a)chelsio.com> crypto: chelsio - Fix memory corruption in DMA Mapped buffers. Waiman Long <longman(a)redhat.com> crypto: qat - Fix KASAN stack-out-of-bounds bug in adf_probe() Kai-Heng Feng <kai.heng.feng(a)canonical.com> ALSA: hda/realtek - Cannot adjust speaker's volume on Dell XPS 27 7760 Singh, Brijesh <brijesh.singh(a)amd.com> iommu/amd: Clear memory encryption mask from physical address Aurelien Aptel <aaptel(a)suse.com> smb2: fix missing files in root share directory listing Nathan Chancellor <natechancellor(a)gmail.com> cpufreq: qcom-kryo: Fix section annotations Bjorn Andersson <bjorn.andersson(a)linaro.org> firmware: Always initialize the fw_priv list object Rishabh Bhatnagar <rishabhb(a)codeaurora.org> firmware: Fix security issue with request_firmware_into_buf() Larry Finger <Larry.Finger(a)lwfinger.net> b43: fix DMA error related regression with proprietary firmware Andreas Gruenbacher <agruenba(a)redhat.com> sysfs: Do not return POSIX ACL xattrs via listxattr Miklos Szeredi <mszeredi(a)redhat.com> ovl: fix format of setxattr debug Amir Goldstein <amir73il(a)gmail.com> ovl: fix memory leak on unlink of indexed file Amir Goldstein <amir73il(a)gmail.com> ovl: fix access beyond unterminated strings Miklos Szeredi <miklos(a)szeredi.hu> ovl: set I_CREATING on inode being created Miklos Szeredi <mszeredi(a)redhat.com> vfs: don't evict uninitialized inode Al Viro <viro(a)zeniv.linux.org.uk> new primitive: discard_new_inode() Randy Dunlap <rdunlap(a)infradead.org> x86/APM: Fix build warning when PROC_FS is not enabled Josh Abraham <j.abraham1776(a)gmail.com> xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage Olaf Hering <olaf(a)aepfle.de> xen: avoid crash in disable_hotplug_cpu Vitaly Kuznetsov <vkuznets(a)redhat.com> xen/manage: don't complain about an empty value in control/sysrq node Andrew Murray <andrew.murray(a)arm.com> asm-generic: io: Fix ioport_map() for !CONFIG_GENERIC_IOMAP && CONFIG_INDIRECT_PIO Dan Carpenter <dan.carpenter(a)oracle.com> cifs: read overflow in is_valid_oplock_break() Julian Wiedmann <jwi(a)linux.ibm.com> s390/qeth: don't dump past end of unknown HW header Wenjia Zhang <wenjia(a)linux.ibm.com> s390/qeth: use vzalloc for QUERY OAT buffer Kai-Heng Feng <kai.heng.feng(a)canonical.com> r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED Christian König <christian.koenig(a)amd.com> drm/amdgpu: fix error handling in amdgpu_cs_user_fence_chunk Miguel Ojeda <miguel.ojeda.sandonis(a)gmail.com> arm64: jump_label.h: use asm_volatile_goto macro instead of "asm goto" Tao Zhou <tao.zhou1(a)amd.com> drm/amdgpu: Fix SDMA hang in prt mode v2 Randy Dunlap <rdunlap(a)infradead.org> hexagon: modify ffs() and fls() to return int Randy Dunlap <rdunlap(a)infradead.org> arch/hexagon: fix kernel/dma.c build warning Cong Wang <xiyou.wangcong(a)gmail.com> netfilter: xt_hashlimit: use s->file instead of s->private Michal 'vorner' Vaner <michal.vaner(a)avast.com> netfilter: nfnetlink_queue: Solve the NFQUEUE/conntrack clash for NF_REPEAT Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: conntrack: timeout interface depend on CONFIG_NF_CONNTRACK_TIMEOUT Joe Thornber <ejt(a)redhat.com> dm thin metadata: try to avoid ever aborting transactions Srikar Dronamraju <srikar(a)linux.vnet.ibm.com> sched/topology: Set correct NUMA topology type Jacek Tomaka <jacek.tomaka(a)poczta.fm> perf/x86/intel: Add support/quirk for the MISPREDICT bit on Knights Landing CPUs Netanel Belgazal <netanel(a)amazon.com> net: ena: fix missing calls to READ_ONCE Netanel Belgazal <netanel(a)amazon.com> net: ena: fix missing lock during device destruction Netanel Belgazal <netanel(a)amazon.com> net: ena: fix potential double ena_destroy_device() Netanel Belgazal <netanel(a)amazon.com> net: ena: fix device destruction to gracefully free resources Netanel Belgazal <netanel(a)amazon.com> net: ena: fix driver when PAGE_SIZE == 64kB Netanel Belgazal <netanel(a)amazon.com> net: ena: fix surprise unplug NULL dereference kernel crash Stephen Rothwell <sfr(a)canb.auug.org.au> fs/cifs: suppress a string overflow warning Maciej S. Szmigiero <mail(a)maciej.szmigiero.name> r8169: set TxConfig register after TX / RX is enabled, just like RxConfig Heinz Mauelshagen <heinzm(a)redhat.com> dm raid: fix RAID leg rebuild errors Heinz Mauelshagen <heinzm(a)redhat.com> dm raid: fix rebuild of specific devices by updating superblock Heinz Mauelshagen <heinzm(a)redhat.com> dm raid: fix stripe adding reshape deadlock Ben Skeggs <bskeggs(a)redhat.com> drm/nouveau/disp/gm200-: enforce identity-mapped SOR assignment for LVDS/eDP panels Ben Skeggs <bskeggs(a)redhat.com> drm/nouveau/disp: fix DP disable race Ben Skeggs <bskeggs(a)redhat.com> drm/nouveau/TBDdevinit: don't fail when PMU/PRE_OS is missing from VBIOS Ben Skeggs <bskeggs(a)redhat.com> drm/nouveau/mmu: don't attempt to dereference vmm without valid instance pointer Ben Skeggs <bskeggs(a)redhat.com> drm/nouveau: fix oops in client init failure path Heinz Mauelshagen <heinzm(a)redhat.com> dm raid: fix reshape race on small devices Kai-Heng Feng <kai.heng.feng(a)canonical.com> HID: i2c-hid: Don't reset device upon system resume Daniel Jurgens <danielj(a)mellanox.com> net/mlx5: Consider PCI domain in search for next dev Somnath Kotur <somnath.kotur(a)broadcom.com> bnxt_re: Fix couple of memory leaks that could lead to IOMMU call traces Sagi Grimberg <sagi(a)grimberg.me> nvmet-rdma: fix possible bogus dereference under heavy load Ben Hutchings <ben.hutchings(a)codethink.co.uk> USB: yurex: Check for truncation in yurex_read() Anurag Kumar Vulisha <anurag.kumar.vulisha(a)xilinx.com> usb: host: xhci-plat: Iterate over parent nodes for finding quirks Hans de Goede <hdegoede(a)redhat.com> HID: sensor-hub: Restore fixup for Lenovo ThinkPad Helix 2 sensor hub report Guenter Roeck <linux(a)roeck-us.net> riscv: Do not overwrite initrd_start and initrd_end Jann Horn <jannh(a)google.com> RDMA/ucma: check fd type in ucma_migrate_id() Lorenzo Bianconi <lorenzo.bianconi(a)redhat.com> iio: imu: st_lsm6dsx: take into account ts samples in wm configuration Matt Ranostay <matt.ranostay(a)konsulko.com> Revert "iio: temperature: maxim_thermocouple: add MAX31856 part" Taehee Yoo <ap420073(a)gmail.com> netfilter: nf_tables: release chain in flushing set Florian Westphal <fw(a)strlen.de> netfilter: kconfig: nat related expression depend on nftables core Kim Phillips <kim.phillips(a)arm.com> perf annotate: Fix parsing aarch64 branch instructions after objdump update Sandipan Das <sandipan(a)linux.ibm.com> perf probe powerpc: Ignore SyS symbols irrespective of endianness Chris Phlipot <cphlipot0(a)gmail.com> perf util: Fix bad memory access in trace info. Hisao Tanabe <xtanabe(a)gmail.com> perf evsel: Fix potential null pointer dereference in perf_evsel__new_idx() Martin Liška <mliska(a)suse.cz> perf annotate: Properly interpret indirect call Nilesh Javali <nilesh.javali(a)cavium.com> scsi: qedi: Add the CRC size within iSCSI NVM image Mike Christie <mchristi(a)redhat.com> scsi: iscsi: target: Fix conn_ops double free Vincent Pelletier <plr.vincent(a)gmail.com> scsi: iscsi: target: Set conn->sess to NULL when iscsi_login_set_conn_values fails Harry Mallon <hjmallon(a)gmail.com> HID: hid-saitek: Add device ID for RAT 7 Contagion Stephen Boyd <swboyd(a)chromium.org> pinctrl: msm: Really mask level interrupts to prevent latching Anton Vasilyev <vasilyev(a)ispras.ru> usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i] Sean O'Brien <seobrien(a)chromium.org> HID: add support for Apple Magic Keyboards Andreas Bosch <linux(a)progandy.de> HID: intel-ish-hid: Enable Sunrise Point-H ish driver Florian Westphal <fw(a)strlen.de> netfilter: xt_checksum: ignore gso skbs Martin Willi <martin(a)strongswan.org> netfilter: xt_cluster: add dependency on conntrack module Jann Horn <jannh(a)google.com> bpf: 32-bit RSH verification must truncate input before the ALU op Daniel Black <daniel(a)linux.ibm.com> mm: madvise(MADV_DODUMP): allow hugetlbfs pages David Howells <dhowells(a)redhat.com> afs: Fix cell specification to permit an empty address list Sudeep Holla <sudeep.holla(a)arm.com> firmware: arm_scmi: fix divide by zero when sustained_perf_level is zero Ilya Dryomov <idryomov(a)gmail.com> ceph: avoid a use-after-free in ceph_destroy_options() Greentime Hu <greentime(a)andestech.com> nds32: linker script: GCOV kernel may refers data in __exit Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> tools/vm/page-types.c: fix "defined but not used" warning Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> tools/vm/slabinfo.c: fix sign-compare warning Greentime Hu <greentime(a)andestech.com> nds32: fix build error because of wrong semicolon Zong Li <zong(a)andestech.com> nds32: Fix get_user/put_user macro expand pointer problem Zong Li <zong(a)andestech.com> nds32: Fix empty call trace YueHaibing <yuehaibing(a)huawei.com> nds32: add NULL entry to the end of_device_id array Greentime Hu <greentime(a)andestech.com> nds32: fix logic for module Ivan Mikhaylov <ivan(a)de.ibm.com> net/ibm/emac: wrong emac_calc_base call was used by typo Amir Goldstein <amir73il(a)gmail.com> fsnotify: fix ignore mask logic in fsnotify() Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> mac80211: shorten the IBSS debug messages Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> mac80211: don't Tx a deauth frame if the AP forbade Tx Ilan Peer <ilan.peer(a)intel.com> mac80211: Fix station bandwidth setting after channel switch Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> mac80211: fix a race between restart and CSA flows Dreyfuss, Haim <haim.dreyfuss(a)intel.com> mac80211: fix WMM TXOP calculation Dan Carpenter <dan.carpenter(a)oracle.com> cfg80211: fix a type issue in ieee80211_chandef_to_operating_class() Lorenzo Bianconi <lorenzo.bianconi(a)redhat.com> mac80211: fix an off-by-one issue in A-MSDU max_subframe computation Jon Kuhn <jkuhn(a)barracuda.com> fs/cifs: don't translate SFM_SLASH (U+F026) to backslash Jia-Ju Bai <baijiaju1990(a)gmail.com> net: cadence: Fix a sleep-in-atomic-context bug in macb_halt_tx() Masahiro Yamada <yamada.masahiro(a)socionext.com> i2c: uniphier-f: issue STOP only for last message or I2C_M_STOP Masahiro Yamada <yamada.masahiro(a)socionext.com> i2c: uniphier: issue STOP only for last message or I2C_M_STOP John Fastabend <john.fastabend(a)gmail.com> bpf: avoid misuse of psock when TCP_ULP_BPF collides with another ULP Tushar Dave <tushar.n.dave(a)oracle.com> bpf: Fix bpf_msg_pull_data() Thomas Falcon <tlfalcon(a)linux.vnet.ibm.com> ibmvnic: Include missing return code checks in reset function Sabrina Dubroca <sd(a)queasysnail.net> selftests: pmtu: detect correct binary to ping ipv6 addresses Sabrina Dubroca <sd(a)queasysnail.net> selftests: pmtu: maximum MTU for vti4 is 2^16-1-20 Xiao Ni <xni(a)redhat.com> RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0 Shaohua Li <shli(a)fb.com> md/raid5-cache: disable reshape completely Dennis Zhou (Facebook) <dennisszhou(a)gmail.com> Revert "blk-throttle: fix race between blkcg_bio_issue_check() and cgroup_rmdir()" Will Deacon <will.deacon(a)arm.com> ARC: atomics: unbork atomic_fetch_##op() Vincent Whitchurch <vincent.whitchurch(a)axis.com> gpio: Fix crash due to registration race Stefan Raspl <stefan.raspl(a)de.ibm.com> tools/kvm_stat: fix updates for dead guests Stefan Raspl <stefan.raspl(a)de.ibm.com> tools/kvm_stat: fix handling of invalid paths in debugfs provider Stefan Raspl <stefan.raspl(a)de.ibm.com> tools/kvm_stat: fix python3 issues Johannes Berg <johannes.berg(a)intel.com> mac80211: always account for A-MSDU header changes Lorenzo Bianconi <lorenzo.bianconi(a)redhat.com> mac80211: do not convert to A-MSDU if frag/subframe limited Arunk Khandavalli <akhandav(a)codeaurora.org> cfg80211: nl80211_update_ft_ies() to validate NL80211_ATTR_IE Paolo Abeni <pabeni(a)redhat.com> tc-testing: add test-cases for numeric and invalid control action Baruch Siach <baruch(a)tkos.co.il> net: mvpp2: initialize port of_node pointer Chris Brandt <chris.brandt(a)renesas.com> sh_eth: Add R7S9210 support Peng Li <lipeng321(a)huawei.com> net: hns: add netif_carrier_off before change speed and duplex Peng Li <lipeng321(a)huawei.com> net: hns: add the code for cleaning pkt in chip Cong Wang <xiyou.wangcong(a)gmail.com> tipc: switch to rhashtable iterator Daniel Borkmann <daniel(a)iogearbox.net> bpf: fix sg shift repair start offset in bpf_msg_pull_data Daniel Borkmann <daniel(a)iogearbox.net> bpf: fix shift upon scatterlist ring wrap-around in bpf_msg_pull_data Daniel Borkmann <daniel(a)iogearbox.net> bpf: fix msg->data/data_end after sg shift repair in bpf_msg_pull_data Alexey Khoroshilov <khoroshilov(a)ispras.ru> gpio: dwapb: Fix error handling in dwapb_gpio_probe() Hans de Goede <hdegoede(a)redhat.com> gpiolib-acpi: Register GpioInt ACPI event handlers from a late_initcall Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpiolib: acpi: Switch to cansleep version of GPIO library call Sara Sharon <sara.sharon(a)intel.com> mac80211: avoid kernel panic when building AMSDU from non-linear SKB Yuan-Chi Pang <fu3mo6goo(a)gmail.com> mac80211: mesh: fix HWMP sequence numbering to follow standard Michael Hennerich <michael.hennerich(a)analog.com> gpio: adp5588: Fix sleep-in-atomic-context bug Daniel Borkmann <daniel(a)iogearbox.net> bpf: fix several offset tests in bpf_msg_pull_data Haim Dreyfuss <haim.dreyfuss(a)intel.com> nl80211: Pass center frequency in kHz instead of MHz Haim Dreyfuss <haim.dreyfuss(a)intel.com> nl80211: Fix nla_put_u8 to u16 for NL80211_WMMR_TXOP Jinbum Park <jinb.park7(a)gmail.com> mac80211_hwsim: Fix possible Spectre-v1 for hwsim_world_regdom_custom Stanislaw Gruszka <sgruszka(a)redhat.com> cfg80211: make wmm_rule part of the reg_rule structure Danek Duvall <duvall(a)comfychair.org> mac80211_hwsim: correct use of IEEE80211_VHT_CAP_RXSTBC_X Danek Duvall <duvall(a)comfychair.org> mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X John Fastabend <john.fastabend(a)gmail.com> bpf: sockmap, decrement copied count correctly in redirect error case Daniel Borkmann <daniel(a)iogearbox.net> bpf, sockmap: fix psock refcount leak in bpf_tcp_recvmsg Daniel Borkmann <daniel(a)iogearbox.net> bpf, sockmap: fix potential use after free in bpf_tcp_close Dan Carpenter <dan.carpenter(a)oracle.com> scsi: aacraid: fix a signedness bug Geert Uytterhoeven <geert(a)linux-m68k.org> scsi: libata: Add missing newline at end of file Varun Prakash <varun(a)chelsio.com> scsi: csiostor: fix incorrect port capabilities Varun Prakash <varun(a)chelsio.com> scsi: csiostor: add a check for NULL pointer after kmalloc() Anand Jain <anand.jain(a)oracle.com> btrfs: btrfs_shrink_device should call commit transaction at the end Johannes Berg <johannes.berg(a)intel.com> cfg80211: remove division by size of sizeof(struct ieee80211_wmm_rule) Paul Mackerras <paulus(a)ozlabs.org> KVM: PPC: Book3S HV: Don't truncate HPTE index in xlate function Robbie Ko <robbieko(a)synology.com> Btrfs: fix unexpected failure of nocow buffered writes after snapshotting when low on space Johannes Berg <johannes.berg(a)intel.com> mac80211_hwsim: require at least one channel Toke Høiland-Jørgensen <toke(a)toke.dk> mac80211: Run TXQ teardown code before de-registering interfaces Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> rseq/selftests: fix parametrized test with -fpie ------------- Diffstat: Documentation/devicetree/bindings/net/sh_eth.txt | 1 + Makefile | 4 +- arch/arc/include/asm/atomic.h | 2 +- arch/arm64/include/asm/jump_label.h | 4 +- arch/hexagon/include/asm/bitops.h | 4 +- arch/hexagon/kernel/dma.c | 2 +- arch/nds32/include/asm/elf.h | 4 +- arch/nds32/include/asm/uaccess.h | 26 ++-- arch/nds32/kernel/atl2c.c | 3 +- arch/nds32/kernel/module.c | 4 +- arch/nds32/kernel/traps.c | 2 +- arch/nds32/kernel/vmlinux.lds.S | 12 ++ arch/powerpc/kvm/book3s_64_mmu_hv.c | 2 +- arch/riscv/kernel/setup.c | 7 - arch/x86/events/intel/lbr.c | 4 + arch/x86/kernel/apm_32.c | 2 + block/blk-cgroup.c | 78 +++-------- drivers/ata/libata-core.c | 2 +- drivers/base/firmware_loader/main.c | 35 +++-- drivers/cpufreq/qcom-cpufreq-kryo.c | 4 +- drivers/crypto/caam/caamalg.c | 8 +- drivers/crypto/chelsio/chcr_algo.c | 32 +++-- drivers/crypto/chelsio/chcr_crypto.h | 2 + drivers/crypto/mxs-dcp.c | 53 ++++---- drivers/crypto/qat/qat_c3xxx/adf_drv.c | 6 +- drivers/crypto/qat/qat_c3xxxvf/adf_drv.c | 6 +- drivers/crypto/qat/qat_c62x/adf_drv.c | 6 +- drivers/crypto/qat/qat_c62xvf/adf_drv.c | 6 +- drivers/crypto/qat/qat_dh895xcc/adf_drv.c | 6 +- drivers/crypto/qat/qat_dh895xccvf/adf_drv.c | 6 +- drivers/firmware/arm_scmi/perf.c | 8 +- drivers/gpio/gpio-adp5588.c | 24 +++- drivers/gpio/gpio-dwapb.c | 1 + drivers/gpio/gpiolib-acpi.c | 86 +++++++----- drivers/gpio/gpiolib-of.c | 1 + drivers/gpio/gpiolib.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 23 ++-- drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c | 7 +- drivers/gpu/drm/nouveau/nouveau_drm.c | 14 +- drivers/gpu/drm/nouveau/nvkm/engine/disp/base.c | 14 ++ drivers/gpu/drm/nouveau/nvkm/engine/disp/dp.c | 17 ++- drivers/gpu/drm/nouveau/nvkm/engine/disp/ior.h | 1 + drivers/gpu/drm/nouveau/nvkm/engine/disp/nv50.c | 6 +- drivers/gpu/drm/nouveau/nvkm/engine/disp/outp.c | 17 ++- drivers/gpu/drm/nouveau/nvkm/engine/disp/outp.h | 4 +- .../gpu/drm/nouveau/nvkm/subdev/devinit/gm200.c | 3 +- drivers/gpu/drm/nouveau/nvkm/subdev/mmu/vmm.c | 2 +- drivers/hid/hid-apple.c | 9 +- drivers/hid/hid-ids.h | 7 +- drivers/hid/hid-saitek.c | 2 + drivers/hid/hid-sensor-hub.c | 23 ++++ drivers/hid/i2c-hid/i2c-hid.c | 24 ++-- drivers/hid/intel-ish-hid/ipc/hw-ish.h | 1 + drivers/hid/intel-ish-hid/ipc/pci-ish.c | 1 + drivers/hv/connection.c | 8 +- drivers/i2c/busses/i2c-uniphier-f.c | 7 +- drivers/i2c/busses/i2c-uniphier.c | 7 +- drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_buffer.c | 13 +- drivers/iio/temperature/maxim_thermocouple.c | 1 - drivers/infiniband/core/ucma.c | 6 + drivers/infiniband/hw/bnxt_re/ib_verbs.c | 2 + drivers/infiniband/hw/bnxt_re/qplib_fp.c | 2 +- drivers/iommu/amd_iommu.c | 2 +- drivers/md/dm-raid.c | 144 ++++++++------------ drivers/md/dm-thin-metadata.c | 36 ++++- drivers/md/dm-thin.c | 73 ++++++++-- drivers/md/raid10.c | 5 +- drivers/md/raid5-log.h | 5 + drivers/md/raid5.c | 6 +- drivers/net/ethernet/amazon/ena/ena_com.c | 8 +- drivers/net/ethernet/amazon/ena/ena_netdev.c | 52 +++---- drivers/net/ethernet/amazon/ena/ena_netdev.h | 11 ++ drivers/net/ethernet/cadence/macb_main.c | 2 +- drivers/net/ethernet/hisilicon/hns/hnae.h | 2 + drivers/net/ethernet/hisilicon/hns/hns_ae_adapt.c | 67 ++++++++- drivers/net/ethernet/hisilicon/hns/hns_dsaf_gmac.c | 36 +++++ drivers/net/ethernet/hisilicon/hns/hns_dsaf_mac.c | 44 ++++++ drivers/net/ethernet/hisilicon/hns/hns_dsaf_mac.h | 8 ++ drivers/net/ethernet/hisilicon/hns/hns_dsaf_main.c | 29 ++++ drivers/net/ethernet/hisilicon/hns/hns_dsaf_main.h | 3 + drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.c | 23 ++++ drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.h | 1 + drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.c | 23 ++++ drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.h | 1 + drivers/net/ethernet/hisilicon/hns/hns_dsaf_reg.h | 1 + drivers/net/ethernet/hisilicon/hns/hns_enet.c | 21 ++- drivers/net/ethernet/hisilicon/hns/hns_ethtool.c | 2 + drivers/net/ethernet/ibm/emac/core.c | 6 +- drivers/net/ethernet/ibm/ibmvnic.c | 12 +- drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 12 +- drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 1 + drivers/net/ethernet/mellanox/mlx5/core/dev.c | 7 +- drivers/net/ethernet/realtek/r8169.c | 11 +- drivers/net/ethernet/renesas/sh_eth.c | 36 +++++ drivers/net/wireless/broadcom/b43/dma.c | 6 +- drivers/net/wireless/intel/iwlwifi/iwl-nvm-parse.c | 50 +------ drivers/net/wireless/mac80211_hwsim.c | 12 +- drivers/nvme/target/rdma.c | 27 +++- drivers/pinctrl/qcom/pinctrl-msm.c | 24 ++++ drivers/s390/net/qeth_core_main.c | 5 +- drivers/s390/net/qeth_l2_main.c | 2 +- drivers/s390/net/qeth_l3_main.c | 2 +- drivers/scsi/aacraid/aacraid.h | 2 +- drivers/scsi/csiostor/csio_hw.c | 71 +++++++--- drivers/scsi/csiostor/csio_hw.h | 1 + drivers/scsi/csiostor/csio_mb.c | 6 +- drivers/scsi/qedi/qedi.h | 7 +- drivers/scsi/qedi/qedi_main.c | 28 ++-- drivers/target/iscsi/iscsi_target.c | 9 +- drivers/target/iscsi/iscsi_target_login.c | 149 +++++++++++---------- drivers/target/iscsi/iscsi_target_login.h | 2 +- drivers/usb/gadget/udc/fotg210-udc.c | 15 ++- drivers/usb/host/xhci-plat.c | 27 ++-- drivers/usb/misc/yurex.c | 3 + drivers/xen/cpu_hotplug.c | 15 ++- drivers/xen/events/events_base.c | 2 +- drivers/xen/manage.c | 6 +- fs/afs/proc.c | 15 +-- fs/btrfs/ctree.h | 1 + fs/btrfs/disk-io.c | 1 + fs/btrfs/inode.c | 25 +--- fs/btrfs/ioctl.c | 16 +++ fs/btrfs/volumes.c | 7 +- fs/ceph/super.c | 16 ++- fs/cifs/cifs_unicode.c | 3 - fs/cifs/cifssmb.c | 11 +- fs/cifs/misc.c | 8 ++ fs/cifs/smb2ops.c | 2 +- fs/dcache.c | 2 +- fs/inode.c | 53 +++++++- fs/notify/fsnotify.c | 13 +- fs/ocfs2/dlm/dlmmaster.c | 4 +- fs/overlayfs/dir.c | 4 + fs/overlayfs/namei.c | 2 +- fs/overlayfs/overlayfs.h | 4 +- fs/overlayfs/util.c | 3 +- fs/proc/base.c | 14 ++ fs/xattr.c | 24 ++-- include/asm-generic/io.h | 3 +- include/linux/blk-cgroup.h | 1 - include/linux/fs.h | 6 +- include/net/cfg80211.h | 4 +- include/net/regulatory.h | 4 +- kernel/bpf/sockmap.c | 64 +++++---- kernel/bpf/verifier.c | 10 +- kernel/sched/topology.c | 5 +- mm/madvise.c | 2 +- net/core/filter.c | 57 ++++---- net/ipv4/netfilter/Kconfig | 8 +- net/ipv4/netfilter/nf_conntrack_proto_icmp.c | 8 +- net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c | 8 +- net/mac80211/ibss.c | 22 +-- net/mac80211/main.c | 28 +++- net/mac80211/mesh_hwmp.c | 4 + net/mac80211/mlme.c | 70 +++++++++- net/mac80211/tx.c | 54 ++++---- net/mac80211/util.c | 11 +- net/netfilter/Kconfig | 12 +- net/netfilter/nf_conntrack_proto_dccp.c | 12 +- net/netfilter/nf_conntrack_proto_generic.c | 8 +- net/netfilter/nf_conntrack_proto_gre.c | 8 +- net/netfilter/nf_conntrack_proto_sctp.c | 14 +- net/netfilter/nf_conntrack_proto_tcp.c | 12 +- net/netfilter/nf_conntrack_proto_udp.c | 20 +-- net/netfilter/nf_tables_api.c | 1 + net/netfilter/nfnetlink_queue.c | 1 + net/netfilter/xt_CHECKSUM.c | 22 ++- net/netfilter/xt_cluster.c | 14 +- net/netfilter/xt_hashlimit.c | 18 +-- net/tipc/diag.c | 2 + net/tipc/netlink.c | 2 + net/tipc/socket.c | 76 +++++++---- net/tipc/socket.h | 2 + net/wireless/nl80211.c | 15 ++- net/wireless/reg.c | 91 ++----------- net/wireless/util.c | 2 +- sound/pci/hda/patch_realtek.c | 1 + tools/hv/hv_fcopy_daemon.c | 1 + tools/kvm/kvm_stat/kvm_stat | 25 +++- tools/perf/arch/powerpc/util/sym-handling.c | 4 +- tools/perf/util/annotate.c | 32 ++++- tools/perf/util/annotate.h | 1 + tools/perf/util/evsel.c | 5 +- tools/perf/util/trace-event-info.c | 2 +- tools/testing/selftests/net/pmtu.sh | 7 +- tools/testing/selftests/rseq/param_test.c | 19 +-- .../tc-testing/tc-tests/actions/police.json | 48 +++++++ tools/vm/page-types.c | 6 - tools/vm/slabinfo.c | 4 +- 189 files changed, 1892 insertions(+), 1029 deletions(-)

7 years, 1 month

6
180
0 0

[PATCH 4.9 00/59] 4.9.132-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.9.132 release. There are 59 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed Oct 10 17:55:28 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.132-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.9.132-rc1 Ashish Samant <ashish.samant(a)oracle.com> ocfs2: fix locking for res->tracking and dlm->tracking_list Jann Horn <jannh(a)google.com> proc: restrict kernel stack dumps to root Ricardo Ribalda Delgado <ricardo.ribalda(a)gmail.com> gpiolib: Free the last requested descriptor Leonard Crestez <leonard.crestez(a)nxp.com> crypto: mxs-dcp - Fix wait logic on chan threads Waiman Long <longman(a)redhat.com> crypto: qat - Fix KASAN stack-out-of-bounds bug in adf_probe() Kai-Heng Feng <kai.heng.feng(a)canonical.com> ALSA: hda/realtek - Cannot adjust speaker's volume on Dell XPS 27 7760 Aurelien Aptel <aaptel(a)suse.com> smb2: fix missing files in root share directory listing Andreas Gruenbacher <agruenba(a)redhat.com> sysfs: Do not return POSIX ACL xattrs via listxattr Josh Abraham <j.abraham1776(a)gmail.com> xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage Olaf Hering <olaf(a)aepfle.de> xen: avoid crash in disable_hotplug_cpu Vitaly Kuznetsov <vkuznets(a)redhat.com> xen/manage: don't complain about an empty value in control/sysrq node Dan Carpenter <dan.carpenter(a)oracle.com> cifs: read overflow in is_valid_oplock_break() Julian Wiedmann <jwi(a)linux.ibm.com> s390/qeth: don't dump past end of unknown HW header Wenjia Zhang <wenjia(a)linux.ibm.com> s390/qeth: use vzalloc for QUERY OAT buffer Kai-Heng Feng <kai.heng.feng(a)canonical.com> r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED Miguel Ojeda <miguel.ojeda.sandonis(a)gmail.com> arm64: jump_label.h: use asm_volatile_goto macro instead of "asm goto" Randy Dunlap <rdunlap(a)infradead.org> hexagon: modify ffs() and fls() to return int Randy Dunlap <rdunlap(a)infradead.org> arch/hexagon: fix kernel/dma.c build warning Joe Thornber <ejt(a)redhat.com> dm thin metadata: try to avoid ever aborting transactions Jacek Tomaka <jacek.tomaka(a)poczta.fm> perf/x86/intel: Add support/quirk for the MISPREDICT bit on Knights Landing CPUs Netanel Belgazal <netanel(a)amazon.com> net: ena: fix driver when PAGE_SIZE == 64kB Stephen Rothwell <sfr(a)canb.auug.org.au> fs/cifs: suppress a string overflow warning Heinz Mauelshagen <heinzm(a)redhat.com> dm raid: fix rebuild of specific devices by updating superblock Ben Skeggs <bskeggs(a)redhat.com> drm/nouveau/TBDdevinit: don't fail when PMU/PRE_OS is missing from VBIOS Daniel Jurgens <danielj(a)mellanox.com> net/mlx5: Consider PCI domain in search for next dev Sagi Grimberg <sagi(a)grimberg.me> nvmet-rdma: fix possible bogus dereference under heavy load Ben Hutchings <ben.hutchings(a)codethink.co.uk> USB: yurex: Check for truncation in yurex_read() Jann Horn <jannh(a)google.com> RDMA/ucma: check fd type in ucma_migrate_id() Sandipan Das <sandipan(a)linux.ibm.com> perf probe powerpc: Ignore SyS symbols irrespective of endianness Hisao Tanabe <xtanabe(a)gmail.com> perf evsel: Fix potential null pointer dereference in perf_evsel__new_idx() Harry Mallon <hjmallon(a)gmail.com> HID: hid-saitek: Add device ID for RAT 7 Contagion Stephen Boyd <swboyd(a)chromium.org> pinctrl: msm: Really mask level interrupts to prevent latching Anton Vasilyev <vasilyev(a)ispras.ru> usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i] Sean O'Brien <seobrien(a)chromium.org> HID: add support for Apple Magic Keyboards Daniel Black <daniel(a)linux.ibm.com> mm: madvise(MADV_DODUMP): allow hugetlbfs pages Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> tools/vm/page-types.c: fix "defined but not used" warning Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> tools/vm/slabinfo.c: fix sign-compare warning Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> mac80211: shorten the IBSS debug messages Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> mac80211: don't Tx a deauth frame if the AP forbade Tx Ilan Peer <ilan.peer(a)intel.com> mac80211: Fix station bandwidth setting after channel switch Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> mac80211: fix a race between restart and CSA flows Dan Carpenter <dan.carpenter(a)oracle.com> cfg80211: fix a type issue in ieee80211_chandef_to_operating_class() Jon Kuhn <jkuhn(a)barracuda.com> fs/cifs: don't translate SFM_SLASH (U+F026) to backslash Jia-Ju Bai <baijiaju1990(a)gmail.com> net: cadence: Fix a sleep-in-atomic-context bug in macb_halt_tx() Masahiro Yamada <yamada.masahiro(a)socionext.com> i2c: uniphier-f: issue STOP only for last message or I2C_M_STOP Masahiro Yamada <yamada.masahiro(a)socionext.com> i2c: uniphier: issue STOP only for last message or I2C_M_STOP Xiao Ni <xni(a)redhat.com> RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0 Will Deacon <will.deacon(a)arm.com> ARC: atomics: unbork atomic_fetch_##op() Vincent Whitchurch <vincent.whitchurch(a)axis.com> gpio: Fix crash due to registration race Arunk Khandavalli <akhandav(a)codeaurora.org> cfg80211: nl80211_update_ft_ies() to validate NL80211_ATTR_IE Peng Li <lipeng321(a)huawei.com> net: hns: add netif_carrier_off before change speed and duplex Yuan-Chi Pang <fu3mo6goo(a)gmail.com> mac80211: mesh: fix HWMP sequence numbering to follow standard Michael Hennerich <michael.hennerich(a)analog.com> gpio: adp5588: Fix sleep-in-atomic-context bug Danek Duvall <duvall(a)comfychair.org> mac80211_hwsim: correct use of IEEE80211_VHT_CAP_RXSTBC_X Danek Duvall <duvall(a)comfychair.org> mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X Paul Mackerras <paulus(a)ozlabs.org> KVM: PPC: Book3S HV: Don't truncate HPTE index in xlate function Toke Høiland-Jørgensen <toke(a)toke.dk> mac80211: Run TXQ teardown code before de-registering interfaces Frederic Weisbecker <fweisbec(a)gmail.com> time: Introduce jiffies64_to_nsecs() Jan Kiszka <jan.kiszka(a)siemens.com> serial: mvebu-uart: Fix reporting of effective CSIZE to userspace ------------- Diffstat: Makefile | 4 +- arch/arc/include/asm/atomic.h | 2 +- arch/arm64/include/asm/jump_label.h | 4 +- arch/hexagon/include/asm/bitops.h | 4 +- arch/hexagon/kernel/dma.c | 2 +- arch/powerpc/kvm/book3s_64_mmu_hv.c | 2 +- arch/x86/events/intel/lbr.c | 4 ++ drivers/crypto/mxs-dcp.c | 53 +++++++++------- drivers/crypto/qat/qat_c3xxx/adf_drv.c | 6 +- drivers/crypto/qat/qat_c3xxxvf/adf_drv.c | 6 +- drivers/crypto/qat/qat_c62x/adf_drv.c | 6 +- drivers/crypto/qat/qat_c62xvf/adf_drv.c | 6 +- drivers/crypto/qat/qat_dh895xcc/adf_drv.c | 6 +- drivers/crypto/qat/qat_dh895xccvf/adf_drv.c | 6 +- drivers/gpio/gpio-adp5588.c | 24 +++++-- drivers/gpio/gpiolib-of.c | 1 + drivers/gpio/gpiolib.c | 2 +- .../gpu/drm/nouveau/nvkm/subdev/devinit/gm200.c | 3 +- drivers/hid/hid-apple.c | 9 ++- drivers/hid/hid-ids.h | 3 + drivers/hid/hid-saitek.c | 2 + drivers/i2c/busses/i2c-uniphier-f.c | 7 +-- drivers/i2c/busses/i2c-uniphier.c | 7 +-- drivers/infiniband/core/ucma.c | 6 ++ drivers/md/dm-raid.c | 5 ++ drivers/md/dm-thin-metadata.c | 36 ++++++++++- drivers/md/dm-thin.c | 73 +++++++++++++++++++--- drivers/md/raid10.c | 5 +- drivers/net/ethernet/amazon/ena/ena_netdev.c | 10 +-- drivers/net/ethernet/amazon/ena/ena_netdev.h | 11 ++++ drivers/net/ethernet/cadence/macb.c | 2 +- drivers/net/ethernet/hisilicon/hns/hns_ethtool.c | 2 + drivers/net/ethernet/mellanox/mlx5/core/dev.c | 7 ++- drivers/net/ethernet/realtek/r8169.c | 9 ++- drivers/net/wireless/mac80211_hwsim.c | 3 - drivers/nvme/target/rdma.c | 27 +++++++- drivers/pinctrl/qcom/pinctrl-msm.c | 24 +++++++ drivers/s390/net/qeth_core_main.c | 5 +- drivers/s390/net/qeth_l2_main.c | 2 +- drivers/s390/net/qeth_l3_main.c | 2 +- drivers/tty/serial/mvebu-uart.c | 4 +- drivers/usb/gadget/udc/fotg210-udc.c | 15 +++-- drivers/usb/misc/yurex.c | 3 + drivers/xen/cpu_hotplug.c | 15 ++--- drivers/xen/events/events_base.c | 2 +- drivers/xen/manage.c | 6 +- fs/cifs/cifs_unicode.c | 3 - fs/cifs/cifssmb.c | 11 +++- fs/cifs/misc.c | 8 +++ fs/cifs/smb2ops.c | 2 +- fs/ocfs2/dlm/dlmmaster.c | 4 +- fs/proc/base.c | 14 +++++ fs/xattr.c | 24 +++---- include/linux/jiffies.h | 2 + kernel/time/time.c | 10 +++ kernel/time/timeconst.bc | 6 ++ mm/madvise.c | 2 +- net/mac80211/ibss.c | 22 +++---- net/mac80211/main.c | 28 +++++++-- net/mac80211/mesh_hwmp.c | 4 ++ net/mac80211/mlme.c | 70 ++++++++++++++++++++- net/wireless/nl80211.c | 1 + net/wireless/util.c | 2 +- sound/pci/hda/patch_realtek.c | 1 + tools/perf/arch/powerpc/util/sym-handling.c | 4 +- tools/perf/util/evsel.c | 5 +- tools/vm/page-types.c | 6 -- tools/vm/slabinfo.c | 4 +- 68 files changed, 510 insertions(+), 166 deletions(-)

7 years, 1 month

5
64
0 0

[PATCH] drm/vc4: Set ->is_yuv to false when num_planes == 1

by Boris Brezillon

When vc4_plane_state is duplicated ->is_yuv is left assigned to its previous value, and we never set it back to false when switching to a non-YUV format. Fix that by setting ->is_yuv to false in the 'num_planes == 1' branch of the vc4_plane_setup_clipping_and_scaling() function. Fixes: fc04023fafecf ("drm/vc4: Add support for YUV planes.") Cc: <stable(a)vger.kernel.org> Signed-off-by: Boris Brezillon <boris.brezillon(a)bootlin.com> --- drivers/gpu/drm/vc4/vc4_plane.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/gpu/drm/vc4/vc4_plane.c b/drivers/gpu/drm/vc4/vc4_plane.c index d04b3c3246ba..60d5ad19cedd 100644 --- a/drivers/gpu/drm/vc4/vc4_plane.c +++ b/drivers/gpu/drm/vc4/vc4_plane.c @@ -321,6 +321,7 @@ static int vc4_plane_setup_clipping_and_scaling(struct drm_plane_state *state) if (vc4_state->is_unity) vc4_state->x_scaling[0] = VC4_SCALING_PPF; } else { + vc4_state->is_yuv = false; vc4_state->x_scaling[1] = VC4_SCALING_NONE; vc4_state->y_scaling[1] = VC4_SCALING_NONE; } -- 2.14.1

7 years, 1 month

2
1
0 0

[PATCH] usb: dwc3: gadget: Properly check last unaligned/zero chain TRB

by Thinh Nguyen

Current check for the last extra TRB for zero and unaligned transfers does not account for isoc OUT. The last TRB of the Buffer Descriptor for isoc OUT transfers will be retired with HWO=0. As a result, we won't return early. The req->remaining will be updated to include the BUFSIZ count of the extra TRB, and the actual number of transferred bytes calculation will be wrong. To fix this, check whether it's a short or zero packet and the last TRB chain bit to return early. Cc: stable(a)vger.kernel.org Fixes: c6267a51639b ("usb: dwc3: gadget: align transfers to wMaxPacketSize") Signed-off-by: Thinh Nguyen <thinhn(a)synopsys.com> --- drivers/usb/dwc3/gadget.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c index 032ea7d709ba..c09e4f784810 100644 --- a/drivers/usb/dwc3/gadget.c +++ b/drivers/usb/dwc3/gadget.c @@ -2251,7 +2251,7 @@ static int dwc3_gadget_ep_reclaim_completed_trb(struct dwc3_ep *dep, * with one TRB pending in the ring. We need to manually clear HWO bit * from that TRB. */ - if ((req->zero || req->unaligned) && (trb->ctrl & DWC3_TRB_CTRL_HWO)) { + if ((req->zero || req->unaligned) && !(trb->ctrl & DWC3_TRB_CTRL_CHN)) { trb->ctrl &= ~DWC3_TRB_CTRL_HWO; return 1; } -- 2.11.0

7 years, 1 month

2
1
0 0

[PATCH 4.18 000/235] 4.18.10-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.18.10 release. There are 235 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed Sep 26 11:30:01 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.18.10-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.18.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.18.10-rc1 Brijesh Singh <brijesh.singh(a)amd.com> crypto: ccp - add timeout support in the SEV command Dan Carpenter <dan.carpenter(a)oracle.com> mei: bus: type promotion bug in mei_nfc_if_version() Mikko Perttunen <mperttunen(a)nvidia.com> clk: tegra: bpmp: Don't crash when a clock fails to register Douglas Anderson <dianders(a)chromium.org> pinctrl: qcom: spmi-gpio: Fix pmic_gpio_config_get() to be compliant Douglas Anderson <dianders(a)chromium.org> pinctrl: msm: Fix msm_config_group_get() to be compliant Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpiolib: Respect error code of ->get_direction() Ming Lei <ming.lei(a)redhat.com> blk-mq: avoid to synchronize rcu inside blk_cleanup_queue() Ming Lei <ming.lei(a)redhat.com> blk-mq: only attempt to merge bio if there is rq in sw queue Jann Horn <jannh(a)google.com> IB/mlx5: fix uaccess beyond "count" in debugfs read/write handlers Randy Dunlap <rdunlap(a)infradead.org> block/DAC960.c: fix defined but not used build warnings Bart Van Assche <bart.vanassche(a)wdc.com> IB/nes: Fix a compiler warning Ioana Radulescu <ruxandra.radulescu(a)nxp.com> staging: fsl-dpaa2/eth: Fix DMA mapping direction Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> dmaengine: sh: rcar-dmac: avoid to write CHCR.TE to 1 if TCR is set to 0 Harry Wentland <harry.wentland(a)amd.com> drm/amd/pp: Send khz clock values to DC for smu7/8 Suzuki K Poulose <suzuki.poulose(a)arm.com> arm64: perf: Disable PMU while processing counter overflows Dan Carpenter <dan.carpenter(a)oracle.com> drm/panel: type promotion bug in s6e8aa0_read_mtp_id() Hans de Goede <hdegoede(a)redhat.com> ASoC: rt5651: Fix workqueue cancel vs irq free race on remove John Stultz <john.stultz(a)linaro.org> selftest: timers: Tweak raw_skew to SKIP when ADJ_OFFSET/other clock adjustments are in progress Sibi Sankar <sibis(a)codeaurora.org> remoteproc: qcom: q6v5-pil: fix modem hang on SDM845 after axis2 clk unvote James Smart <jsmart2021(a)gmail.com> scsi: lpfc: Fix panic if driver unloaded when port is offline James Smart <jsmart2021(a)gmail.com> scsi: lpfc: Fix NVME Target crash in defer rcv logic Hannes Reinecke <hare(a)suse.de> scsi: libfc: fixup 'sleeping function called from invalid context' Timo Wischer <twischer(a)de.adit-jv.com> ALSA: pcm: Fix snd_interval_refine first/last with open min/max Li Zhijian <lizhijian(a)cn.fujitsu.com> selftests/android: initialize heap_type to avoid compiling warning Shuah Khan (Samsung OSG) <shuah(a)kernel.org> selftests: vDSO - fix to return KSFT_SKIP when test couldn't be run Zhouyang Jia <jiazhouyang09(a)gmail.com> rtc: bq4802: add error handling for devm_ioremap Wei Lu <wei.lu2(a)amd.com> drm/amdkfd: Fix error codes in kfd_get_process Shaoyun Liu <Shaoyun.Liu(a)amd.com> drm/amdkfd: Fix kernel queue 64 bit doorbell offset calculation Paul E. McKenney <paulmck(a)linux.vnet.ibm.com> rcu: Fix grace-period hangs due to race with CPU offline Peter Rosin <peda(a)axentia.se> input: rohm_bu21023: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT) Peter Rosin <peda(a)axentia.se> mfd: 88pm860x-i2c: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT) Arnd Bergmann <arnd(a)arndb.de> rcutorture: Use monotonic timestamp for stall detection Maxime Chevallier <maxime.chevallier(a)bootlin.com> net: mvpp2: make sure we use single queue mode on PPv2.1 Linus Walleij <linus.walleij(a)linaro.org> net: gemini: Allow multiple ports to instantiate Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpiolib: Mark gpio_suffixes array with __maybe_unused Wei Yongjun <weiyongjun1(a)huawei.com> gpio: pxa: Fix potential NULL dereference Tuomas Tynkkynen <tuomas(a)tuxera.com> staging: bcm2835-audio: Don't leak workqueue if open fails Matias Bjørling <mb(a)lightnvm.io> lightnvm: pblk: enable line minor version detection Hans Holmberg <hans.holmberg(a)cnexlabs.com> lightnvm: pblk: assume that chunks are closed on 1.2 devices Dan Carpenter <dan.carpenter(a)oracle.com> ASoC: qdsp6: q6afe-dai: fix a range check in of_q6afe_parse_dai_data() Eric Yang <Eric.Yang2(a)amd.com> drm/amd/display: support access ddc for mst branch Dan Williams <dan.j.williams(a)intel.com> tools/testing/nvdimm: Fix support for emulating controller temperature Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: do checkpoint in kill_sb Suzuki K Poulose <suzuki.poulose(a)arm.com> coresight: ETM: Add support for Arm Cortex-A73 and Cortex-A35 Robin Murphy <robin.murphy(a)arm.com> coresight: tpiu: Fix disabling timeouts Suzuki K Poulose <suzuki.poulose(a)arm.com> coresight: Handle errors in finding input/output ports Quentin Perret <quentin.perret(a)arm.com> sched/fair: Fix util_avg of new tasks for asymmetric systems Julia Lawall <Julia.Lawall(a)lip6.fr> parport: sunbpp: fix error return code Boris Pismenny <borisp(a)mellanox.com> tls: Fix zerocopy_from_iter iov handling Thierry Reding <treding(a)nvidia.com> drm/nouveau: tegra: Detach from ARM DMA/IOMMU mapping Karol Herbst <karolherbst(a)gmail.com> drm/nouveau/debugfs: Wake up GPU before doing any reclocking Lyude Paul <lyude(a)redhat.com> drm/nouveau: Fix runtime PM leak in drm_open() Stefan Agner <stefan(a)agner.ch> mmc: sdhci: do not try to use 3.3V signaling if not supported Stefan Agner <stefan(a)agner.ch> mmc: tegra: prevent HS200 on Tegra 3 Laurentiu Tudor <laurentiu.tudor(a)nxp.com> mmc: sdhci-of-esdhc: set proper dma mask for ls104x chips Johan Hovold <johan(a)kernel.org> tty: fix termios input-speed encoding Johan Hovold <johan(a)kernel.org> tty: fix termios input-speed encoding when using BOTHER Alexander Sverdlin <alexander.sverdlin(a)nokia.com> serial: 8250: of: Correct of_platform_serial_setup() error handling Bartosz Golaszewski <brgl(a)bgdev.pl> gpiolib: don't allow userspace to set values of input lines Russell King <rmk+kernel(a)armlinux.org.uk> ASoC: hdmi-codec: fix routing Enrico Scholz <enrico.scholz(a)sigma-chemnitz.de> gpu: ipu-v3: csi: pass back mbus_code_to_bus_cfg error codes Rick Farrington <ricardo.farrington(a)cavium.com> liquidio: fix hang when re-binding VF host drv after running DPDK VF driver Nicholas Mc Guire <hofrat(a)osadl.org> ARM: hisi: check of_iomap and fix missing of_node_put Huazhong Tan <tanhuazhong(a)huawei.com> net: hns3: Fix return value error in hns3_reset_notify_down_enet Nicholas Mc Guire <hofrat(a)osadl.org> ARM: hisi: fix error handling and missing of_node_put Nicholas Mc Guire <hofrat(a)osadl.org> ARM: hisi: handle of_iomap and fix missing of_node_put Yunsheng Lin <linyunsheng(a)huawei.com> net: hns3: Fix for reset_level default assignment probelm Huazhong Tan <tanhuazhong(a)huawei.com> net: hns3: Reset net device with rtnl_lock Ard Biesheuvel <ard.biesheuvel(a)linaro.org> efi/esrt: Only call efi_mem_reserve() for boot services memory Andrea Parri <andrea.parri(a)amarulasolutions.com> sched/core: Use smp_mb() in wake_woken_function() Ryder Lee <ryder.lee(a)mediatek.com> arm64: dts: mt7622: update a clock property for UART0 Tony Lindgren <tony(a)atomide.com> pinctrl: pinmux: Return selector to the pinctrl driver Tony Lindgren <tony(a)atomide.com> pinctrl: rza1: Fix selector use for groups and functions Sean Wang <sean.wang(a)mediatek.com> pinctrl: mt7622: Fix probe fail by misuse the selector Mike Christie <mchristi(a)redhat.com> configfs: fix registered group removal Paul Burton <paul.burton(a)mips.com> MIPS: loongson64: cs5536: Fix PCI_OHCI_INT_REG reads Alexey Kardashevskiy <aik(a)ozlabs.ru> KVM: PPC: Book3S: Fix matching of hardware and emulated TCE tables Arvind Yadav <arvind.yadav.cs(a)gmail.com> PM / devfreq: use put_device() instead of kfree() Eric Biggers <ebiggers(a)google.com> security: check for kstrdup() failure in lsm_append() Nicholas Mc Guire <hofrat(a)osadl.org> KVM: PPC: Book3S HV: Add of_node_put() in success path Matthew Garrett <mjg59(a)google.com> evm: Don't deadlock if a crypto algorithm is unavailable Philipp Puschmann <pp(a)emlix.com> Bluetooth: Use lock_sock_nested in bt_accept_enqueue Alexandre Belloni <alexandre.belloni(a)bootlin.com> spi: dw: fix possible race condition Roman Gushchin <guro(a)fb.com> bpf: fix rcu annotations in compute_effective_progs() Miklos Szeredi <mszeredi(a)redhat.com> vfs: fix freeze protection in mnt_want_write_file() for overlayfs Jann Horn <jannh(a)google.com> mtdchar: fix overflows in adjustment of `count` Ronny Chevalier <ronny.chevalier(a)hp.com> audit: fix use-after-free in audit_add_watch Viresh Kumar <viresh.kumar(a)linaro.org> arm64: dts: uniphier: Add missing cooling device properties for CPUs Noa Osherovich <noaos(a)mellanox.com> net/mlx5: Add missing SET_DRIVER_VERSION command translation Maciej W. Rozycki <macro(a)mips.com> binfmt_elf: Respect error return from `regset->active' Johan Hovold <johan(a)kernel.org> mmc: meson-mx-sdio: fix OF child-node lookup Johan Hovold <johan(a)kernel.org> of: add helper to lookup compatible child node Trond Myklebust <trondmy(a)gmail.com> NFSv4.1 fix infinite loop on I/O. Trond Myklebust <trondmy(a)gmail.com> NFSv4: Fix a tracepoint Oops in initiate_file_draining() Boris Ostrovsky <boris.ostrovsky(a)oracle.com> x86/EISA: Don't probe EISA bus for Xen PV guests Rob Herring <robh(a)kernel.org> of: fix phandle cache creation for DTs with no phandles Adrian Hunter <adrian.hunter(a)intel.com> perf tools: Fix maps__find_symbol_by_name() Yabin Cui <yabinc(a)google.com> perf/core: Force USER_DS when recording user stack data Max Filippov <jcmvbkbc(a)gmail.com> xtensa: ISS: don't allocate memory in platform_setup Dan Carpenter <dan.carpenter(a)oracle.com> cifs: integer overflow in in SMB2_ioctl() Dan Carpenter <dan.carpenter(a)oracle.com> CIFS: fix wrapping bugs in num_entries() Dan Carpenter <dan.carpenter(a)oracle.com> cifs: prevent integer overflow in nxt_dir_entry() Oliver Neukum <oneukum(a)suse.com> Revert "cdc-acm: implement put_char() and flush_chars()" Jia-Ju Bai <baijiaju1990(a)gmail.com> usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt() Ben Hutchings <ben.hutchings(a)codethink.co.uk> USB: yurex: Fix buffer over-read in yurex_write() Johan Hovold <johan(a)kernel.org> USB: serial: ti_usb_3410_5052: fix array underflow in completion handler Jia-Ju Bai <baijiaju1990(a)gmail.com> usb: misc: uss720: Fix two sleep-in-atomic-context bugs Johan Hovold <johan(a)kernel.org> USB: serial: io_ti: fix array underflow in completion handler Alan Stern <stern(a)rowland.harvard.edu> USB: net2280: Fix erroneous synchronization change Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> usb: gadget: udc: renesas_usb3: fix maxpacket size of ep0 Maxence Duprès <xpros64(a)hotmail.fr> USB: add quirk for WORLDE Controller KS49 or Prodipe MIDI 49C USB controller Jia-Ju Bai <baijiaju1990(a)gmail.com> usb: host: u132-hcd: Fix a sleep-in-atomic-context bug in u132_get_frame() Mathias Nyman <mathias.nyman(a)linux.intel.com> usb: Avoid use-after-free by flushing endpoints early in usb_set_interface() Oliver Neukum <oneukum(a)suse.com> usb: uas: add support for more quirk flags Tim Anderson <tsa(a)biglakesoftware.com> USB: Add quirk to support DJI CineSSD Mikulas Patocka <mpatocka(a)redhat.com> dm verity: fix crash on bufio buffer that was allocated with vmalloc Tomas Winkler <tomas.winkler(a)intel.com> mei: bus: need to unlink client before freeing Tomas Winkler <tomas.winkler(a)intel.com> mei: bus: fix hw module get/put balance Alexander Usyskin <alexander.usyskin(a)intel.com> mei: ignore not found client in the enumeration Chunfeng Yun <chunfeng.yun(a)mediatek.com> usb: mtu3: fix error of xhci port id when enable U3 dual role Chunfeng Yun <chunfeng.yun(a)mediatek.com> usb: xhci: fix interrupt transfer error happened on MTK platforms Mathias Nyman <mathias.nyman(a)linux.intel.com> usb: Don't die twice if PCI xhci host is not responding in resume Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Fix use after free for URB cancellation on a reallocated endpoint Gustavo A. R. Silva <gustavo(a)embeddedor.com> misc: hmc6352: fix potential Spectre v1 Bryant G. Ly <bryantly(a)linux.ibm.com> misc: ibmvsm: Fix wrong assignment of return code K. Y. Srinivasan <kys(a)microsoft.com> Tools: hv: Fix a bug in the key delete code Stephen Hemminger <stephen(a)networkplumber.org> vmbus: don't return values for uninitalized channels Miklos Szeredi <mszeredi(a)redhat.com> ovl: fix oopses in ovl_fill_super() failure paths Corey Minyard <cminyard(a)mvista.com> ipmi: Fix I2C client removal in the SSIF driver Corey Minyard <cminyard(a)mvista.com> ipmi: Move BT capabilities detection to the detect call Corey Minyard <cminyard(a)mvista.com> ipmi: Rework SMI registration failure Andreas Kemnade <andreas(a)kemnade.info> mmc: omap_hsmmc: fix wakeirq handling on removal Ingo Franzki <ifranzki(a)linux.ibm.com> s390/crypto: Fix return code checking in cbc_paes_crypt() Aaron Knister <aaron.s.knister(a)nasa.gov> IB/ipoib: Avoid a race condition between start_xmit and cm_rep_handler Juergen Gross <jgross(a)suse.com> xen/netfront: fix waiting for xenbus state change Bin Yang <bin.yang(a)intel.com> pstore: Fix incorrect persistent ram buffer mapping Parav Pandit <parav(a)mellanox.com> RDMA/cma: Protect cma dev list with lock Xiao Liang <xiliang(a)redhat.com> xen-netfront: fix warn message as irq device name has '/' Alexandru Gagniuc <mr.nuke.me(a)gmail.com> PCI/AER: Honor "pcie_ports=native" even if HEST sets FIRMWARE_FIRST Joerg Roedel <jroedel(a)suse.de> x86/mm/pti: Add an overflow check to pti_clone_pmds() Jiang Biao <jiang.biao2(a)zte.com.cn> x86/pti: Check the return value of pti_user_pagetable_walk_pmd() Jiang Biao <jiang.biao2(a)zte.com.cn> x86/pti: Check the return value of pti_user_pagetable_walk_p4d() Michael Müller <michael(a)fds-team.de> crypto: sharah - Unregister correct algorithms for SAHARA 3 Hanna Hawa <hannah(a)marvell.com> dmaengine: mv_xor_v2: kill the tasklets upon exit Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> iommu/ipmmu-vmsa: IMUCTRn.TTSEL needs a special usage on R-Car Gen3 Niklas Cassel <niklas.cassel(a)linaro.org> regulator: qcom_spmi: Fix warning Bad of_node_put() Niklas Cassel <niklas.cassel(a)linaro.org> regulator: qcom_spmi: Use correct regmap when checking for error Rex Zhu <rex.zhu(a)amd.com> drm/amd/pp: Set Max clock level to display by default Jae Hyun Yoo <jae.hyun.yoo(a)linux.intel.com> i2c: aspeed: Fix initial values of master and slave state Pingfan Liu <kernelfans(a)gmail.com> drivers/base: stop new probing during shutdown Christoffer Dall <christoffer.dall(a)arm.com> KVM: arm/arm64: Fix vgic init race Randy Dunlap <rdunlap(a)infradead.org> platform/x86: toshiba_acpi: Fix defined but not used build warnings Julian Wiedmann <jwi(a)linux.ibm.com> s390/qeth: reset layer2 attribute on layer switch Julian Wiedmann <jwi(a)linux.ibm.com> s390/qeth: fix race in used-buffer accounting Bjorn Andersson <bjorn.andersson(a)linaro.org> soc: qcom: smem: Correct check for global partition Bhushan Shah <bshah(a)kde.org> ARM: dts: qcom: msm8974-hammerhead: increase load on l20 for sdhci Loic Poulain <loic.poulain(a)linaro.org> arm64: dts: qcom: db410c: Fix Bluetooth LED trigger Vitaly Kuznetsov <vkuznets(a)redhat.com> xen-netfront: fix queue name setting Jakub Kicinski <jakub.kicinski(a)netronome.com> nfp: avoid buffer leak when FW communication fails Yue Wang <yuleopen(a)gmail.com> ALSA: usb-audio: Generic DSD detection for Thesycon-based implementations Ard Biesheuvel <ard.biesheuvel(a)linaro.org> efi/arm: preserve early mapping of UEFI memory map longer for BGRT Leonard Crestez <leonard.crestez(a)nxp.com> reset: imx7: Fix always writing bits as 0 Mark Rutland <mark.rutland(a)arm.com> arm64: fix possible spectre-v1 write in ptrace_hbp_set_event() YueHaibing <yuehaibing(a)huawei.com> wan/fsl_ucc_hdlc: use IS_ERR_VALUE() to check return value of qe_muram_alloc Piotr Sawicki <p.sawicki2(a)partner.samsung.com> Smack: Fix handling of IPv4 traffic received by PF_INET6 sockets Manikanta Pubbisetty <mpubbise(a)codeaurora.org> mac80211: restrict delayed tailroom needed decrement Paul Cercueil <paul(a)crapouillou.net> MIPS: jz4740: Bump zload address Oder Chiou <oder_chiou(a)realtek.com> ASoC: rt5514: Fix the issue of the delay volume applied Nicholas Mc Guire <hofrat(a)osadl.org> staging: bcm2835-camera: handle wait_for_completion_timeout return properly Nicholas Mc Guire <hofrat(a)osadl.org> staging: bcm2835-camera: fix timeout handling in wait_for_completion_timeout Sandipan Das <sandipan(a)linux.ibm.com> perf script: Show correct offsets for DWARF-based unwinding Nicholas Piggin <npiggin(a)gmail.com> powerpc/powernv: opal_put_chars partial write fix Mark Rutland <mark.rutland(a)arm.com> KVM: arm/arm64: vgic: Fix possible spectre-v1 write in vgic_mmio_write_apr() Sagi Grimberg <sagi(a)grimberg.me> nvme-rdma: unquiesce queues when deleting the controller Sagi Grimberg <sagi(a)grimberg.me> nvmet: fix file discard return status Sandipan Das <sandipan(a)linux.ibm.com> perf powerpc: Fix callchain ip filtering Krzysztof Kozlowski <krzk(a)kernel.org> ARM: exynos: Clear global variable on init error path Arnd Bergmann <arnd(a)arndb.de> omapfb: rename omap2 module to omap2fb.ko Fredrik Noring <noring(a)nocrew.org> fbdev: Distinguish between interlaced and progressive modes Daniel Mack <daniel(a)zonque.org> video: fbdev: pxafb: clear allocated memory for video modes Sandipan Das <sandipan(a)linux.ibm.com> perf powerpc: Fix callchain ip filtering when return address is in a register Randy Dunlap <rdunlap(a)infradead.org> fbdev/via: fix defined but not used warning Anton Vasilyev <vasilyev(a)ispras.ru> video: goldfishfb: fix memory leak on driver remove Jiri Olsa <jolsa(a)redhat.com> perf tools: Fix struct comm_str removal crash Dan Carpenter <dan.carpenter(a)oracle.com> fbdev: omapfb: off by one in omapfb_register_client() Sandipan Das <sandipan(a)linux.ibm.com> perf tests: Fix record+probe_libc_inet_pton.sh to ensure cleanups Sandipan Das <sandipan(a)linux.ibm.com> perf tests: Fix record+probe_libc_inet_pton.sh when event exists Sandipan Das <sandipan(a)linux.ibm.com> perf tests: Fix record+probe_libc_inet_pton.sh for powerpc64 Jiri Olsa <jolsa(a)kernel.org> perf tools: Synthesize GROUP_DESC feature in pipe mode Bob Peterson <rpeterso(a)redhat.com> gfs2: Don't reject a supposedly full bitmap if we have blocks reserved Thomas Richter <tmricht(a)linux.ibm.com> perf test: Fix subtest number when showing results Todor Tomov <todor.tomov(a)linaro.org> media: ov5645: Supported external clock is 24MHz Randy Dunlap <rdunlap(a)infradead.org> mtd/maps: fix solutionengine.c printk format warnings Wei Yongjun <weiyongjun1(a)huawei.com> IB/ipoib: Fix error return code in ipoib_dev_init() Mike Snitzer <snitzer(a)redhat.com> block: allow max_discard_segments to be stacked Zhu Yanjun <yanjun.zhu(a)oracle.com> IB/rxe: Drop QP0 silently Hans Verkuil <hverkuil(a)xs4all.nl> media: videobuf2-core: check for q->error in vb2_core_qbuf() Felix Fietkau <nbd(a)nbd.name> MIPS: ath79: fix system restart John Keeping <john(a)metanate.com> dmaengine: pl330: fix irq race with terminate_all Krzysztof Ha?asa <khalasa(a)piap.pl> media: tw686x: Fix oops on buffer alloc failure Masahiro Yamada <yamada.masahiro(a)socionext.com> kbuild: do not update config when running install targets Masahiro Yamada <yamada.masahiro(a)socionext.com> kbuild: add .DELETE_ON_ERROR special target Rajan Vaja <rajan.vaja(a)xilinx.com> clk: clk-fixed-factor: Clear OF_POPULATED flag in case of failure Mikko Perttunen <mperttunen(a)nvidia.com> clk: core: Potentially free connection id Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: pxrc - fix freeing URB on device teardown Gregory CLEMENT <gregory.clement(a)bootlin.com> clk: mvebu: armada-37xx-periph: Fix wrong return value in get_parent Nicholas Mc Guire <hofrat(a)osadl.org> clk: imx6sll: fix missing of_node_put() Nicholas Mc Guire <hofrat(a)osadl.org> clk: imx6ul: fix missing of_node_put() Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Special-case rindex for gfs2_grow Golan Ben Ami <golan.ben.ami(a)intel.com> iwlwifi: cancel the injective function between hw pointers to tfd entry index Jakub Kicinski <jakub.kicinski(a)netronome.com> nfp: don't fail probe on pci_sriov_set_totalvfs() errors YueHaibing <yuehaibing(a)huawei.com> amd-xgbe: use dma_mapping_error to check map errors YueHaibing <yuehaibing(a)huawei.com> xfrm: fix 'passing zero to ERR_PTR()' warning Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Fix multiple definitions in AU0828_DEVICE() macro Jeff Crukley <jcrukley(a)gmail.com> ALSA: usb-audio: Add support for Encore mDSD USB DAC Takashi Iwai <tiwai(a)suse.de> ALSA: msnd: Fix the default sample sizes Jean-Philippe Brucker <jean-philippe.brucker(a)arm.com> iommu/io-pgtable-arm: Fix pgtable allocation in selftest Jean-Philippe Brucker <jean-philippe.brucker(a)arm.com> iommu/io-pgtable-arm-v7s: Abort allocation when table address overflows the PTE Miao Zhong <zhongmiao(a)hisilicon.com> iommu/arm-smmu-v3: sync the OVACKFLG to PRIQ consumer register Erich E. Hoover <ehoover(a)sweptlaser.com> usb: dwc3: change stream event enable bit back to 13 Tariq Toukan <tariqt(a)mellanox.com> net/mlx5: Use u16 for Work Queue buffer fragment size Roi Dayan <roid(a)mellanox.com> net/mlx5: Fix possible deadlock from lockdep when adding fte to fg Roi Dayan <roid(a)mellanox.com> net/mlx5: Fix not releasing read lock when adding flow rules Vincent Whitchurch <vincent.whitchurch(a)axis.com> tcp: really ignore MSG_ZEROCOPY if no SO_ZEROCOPY Haishuang Yan <yanhaishuang(a)cmss.chinamobile.com> erspan: return PACKET_REJECT when the appropriate tunnel is not found Haishuang Yan <yanhaishuang(a)cmss.chinamobile.com> erspan: fix error handling for erspan tunnel Jack Morgenstein <jackm(a)dev.mellanox.co.il> net/mlx5: Fix debugfs cleanup in the device init/remove flow Huy Nguyen <huyn(a)mellanox.com> net/mlx5: Check for error in mlx5_attach_interface Vakul Garg <vakul.garg(a)nxp.com> net/tls: Set count of SG entries if sk_alloc_sg returns -ENOSPC Raed Salem <raeds(a)mellanox.com> net/mlx5: E-Switch, Fix memory leak when creating switchdev mode FDB tables Cong Wang <xiyou.wangcong(a)gmail.com> tipc: orphan sock in tipc_release() Cong Wang <xiyou.wangcong(a)gmail.com> rds: fix two RCU related problems Stefan Wahren <stefan.wahren(a)i2se.com> net: qca_spi: Fix race condition in spi transfers Jack Morgenstein <jackm(a)dev.mellanox.co.il> net/mlx5: Fix use-after-free in self-healing flow Petr Oros <poros(a)redhat.com> be2net: Fix memory leak in be_cmd_get_profile_config() ------------- Diffstat: Makefile | 31 ++++-- .../dts/qcom-msm8974-lge-nexus5-hammerhead.dts | 2 + arch/arm/mach-exynos/suspend.c | 1 + arch/arm/mach-hisi/hotplug.c | 41 +++++--- arch/arm64/boot/dts/mediatek/mt7622.dtsi | 2 +- arch/arm64/boot/dts/qcom/apq8016-sbc.dtsi | 2 +- arch/arm64/boot/dts/socionext/uniphier-ld20.dtsi | 2 + arch/arm64/kernel/perf_event.c | 50 +++++----- arch/arm64/kernel/ptrace.c | 19 ++-- arch/mips/ath79/setup.c | 1 + arch/mips/include/asm/mach-ath79/ath79.h | 1 + arch/mips/jz4740/Platform | 2 +- arch/mips/loongson64/common/cs5536/cs5536_ohci.c | 2 +- arch/powerpc/kvm/book3s_64_vio.c | 5 +- arch/powerpc/kvm/book3s_hv.c | 2 + arch/powerpc/platforms/powernv/opal.c | 2 +- arch/s390/crypto/paes_s390.c | 2 +- arch/x86/kernel/eisa.c | 10 +- arch/x86/mm/pti.c | 25 ++++- arch/xtensa/platforms/iss/setup.c | 25 +++-- block/blk-core.c | 8 +- block/blk-mq-sched.c | 3 +- block/blk-settings.c | 2 +- crypto/api.c | 2 +- drivers/base/core.c | 3 + drivers/block/DAC960.c | 9 +- drivers/char/ipmi/ipmi_bt_sm.c | 92 ++++++++--------- drivers/char/ipmi/ipmi_msghandler.c | 53 +++++----- drivers/char/ipmi/ipmi_si_intf.c | 17 +--- drivers/char/ipmi/ipmi_ssif.c | 30 ++---- drivers/clk/clk-fixed-factor.c | 9 +- drivers/clk/clk.c | 3 + drivers/clk/imx/clk-imx6sll.c | 1 + drivers/clk/imx/clk-imx6ul.c | 1 + drivers/clk/mvebu/armada-37xx-periph.c | 3 - drivers/clk/tegra/clk-bpmp.c | 12 ++- drivers/crypto/ccp/psp-dev.c | 46 ++++++++- drivers/crypto/sahara.c | 4 +- drivers/devfreq/devfreq.c | 4 +- drivers/dma/mv_xor_v2.c | 2 + drivers/dma/pl330.c | 5 +- drivers/dma/sh/rcar-dmac.c | 5 +- drivers/firmware/efi/arm-init.c | 1 - drivers/firmware/efi/arm-runtime.c | 4 +- drivers/firmware/efi/esrt.c | 3 +- drivers/gpio/gpio-pxa.c | 2 + drivers/gpio/gpiolib.c | 14 ++- drivers/gpio/gpiolib.h | 2 +- drivers/gpu/drm/amd/amdkfd/kfd_doorbell.c | 9 +- drivers/gpu/drm/amd/amdkfd/kfd_process.c | 2 + drivers/gpu/drm/amd/display/dc/core/dc_link.c | 4 + drivers/gpu/drm/amd/powerplay/amd_powerplay.c | 9 +- drivers/gpu/drm/amd/powerplay/hwmgr/smu7_hwmgr.c | 8 +- drivers/gpu/drm/amd/powerplay/hwmgr/smu8_hwmgr.c | 6 +- drivers/gpu/drm/nouveau/nouveau_debugfs.c | 4 + drivers/gpu/drm/nouveau/nouveau_drm.c | 6 +- drivers/gpu/drm/nouveau/nvkm/engine/device/tegra.c | 13 +++ drivers/gpu/drm/panel/panel-samsung-s6e8aa0.c | 2 +- drivers/gpu/ipu-v3/ipu-csi.c | 20 +++- drivers/hv/vmbus_drv.c | 3 + drivers/hwtracing/coresight/coresight-etm4x.c | 31 +++--- drivers/hwtracing/coresight/coresight-tpiu.c | 7 +- drivers/hwtracing/coresight/coresight.c | 7 +- drivers/i2c/busses/i2c-aspeed.c | 4 +- drivers/infiniband/core/cma.c | 12 ++- drivers/infiniband/hw/mlx5/cong.c | 9 +- drivers/infiniband/hw/mlx5/mr.c | 32 ++---- drivers/infiniband/hw/nes/nes.h | 2 +- drivers/infiniband/sw/rxe/rxe_recv.c | 9 +- drivers/infiniband/ulp/ipoib/ipoib_cm.c | 2 + drivers/infiniband/ulp/ipoib/ipoib_main.c | 3 +- drivers/input/joystick/pxrc.c | 66 ++++++------- drivers/input/touchscreen/rohm_bu21023.c | 4 +- drivers/iommu/arm-smmu-v3.c | 1 + drivers/iommu/io-pgtable-arm-v7s.c | 7 +- drivers/iommu/io-pgtable-arm.c | 3 +- drivers/iommu/ipmmu-vmsa.c | 8 ++ drivers/lightnvm/pblk-init.c | 5 +- drivers/lightnvm/pblk-recovery.c | 5 +- drivers/md/dm-verity-target.c | 24 ++++- drivers/media/common/videobuf2/videobuf2-core.c | 5 + drivers/media/i2c/ov5645.c | 13 +-- drivers/media/pci/tw686x/tw686x-video.c | 11 ++- drivers/mfd/88pm860x-i2c.c | 8 +- drivers/misc/hmc6352.c | 2 + drivers/misc/ibmvmc.c | 2 +- drivers/misc/mei/bus-fixup.c | 2 +- drivers/misc/mei/bus.c | 12 +-- drivers/misc/mei/hbm.c | 9 +- drivers/mmc/host/meson-mx-sdio.c | 8 +- drivers/mmc/host/omap_hsmmc.c | 1 + drivers/mmc/host/sdhci-of-esdhc.c | 6 ++ drivers/mmc/host/sdhci-tegra.c | 3 +- drivers/mmc/host/sdhci.c | 9 +- drivers/mtd/maps/solutionengine.c | 6 +- drivers/mtd/mtdchar.c | 10 +- drivers/net/ethernet/amd/xgbe/xgbe-desc.c | 7 +- .../ethernet/cavium/liquidio/cn23xx_pf_device.c | 3 + .../ethernet/cavium/liquidio/cn23xx_vf_device.c | 3 + drivers/net/ethernet/cortina/gemini.c | 5 +- drivers/net/ethernet/emulex/benet/be_cmds.c | 2 +- drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 8 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 5 +- drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 6 ++ drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 1 + drivers/net/ethernet/mellanox/mlx5/core/dev.c | 15 ++- .../ethernet/mellanox/mlx5/core/eswitch_offloads.c | 1 + drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 76 +++++++------- drivers/net/ethernet/mellanox/mlx5/core/health.c | 10 +- drivers/net/ethernet/mellanox/mlx5/core/main.c | 12 ++- drivers/net/ethernet/mellanox/mlx5/core/wq.c | 4 +- drivers/net/ethernet/mellanox/mlx5/core/wq.h | 2 +- drivers/net/ethernet/netronome/nfp/nfp_main.c | 20 ++-- .../net/ethernet/netronome/nfp/nfp_net_common.c | 13 ++- drivers/net/ethernet/qualcomm/qca_7k.c | 76 +++++++------- drivers/net/ethernet/qualcomm/qca_spi.c | 110 +++++++++++---------- drivers/net/ethernet/qualcomm/qca_spi.h | 5 - drivers/net/wan/fsl_ucc_hdlc.c | 6 +- drivers/net/wireless/intel/iwlwifi/pcie/internal.h | 12 ++- drivers/net/wireless/intel/iwlwifi/pcie/tx.c | 11 ++- drivers/net/xen-netfront.c | 30 +++--- drivers/nvme/host/rdma.c | 2 + drivers/nvme/target/io-cmd-file.c | 18 ++-- drivers/of/base.c | 28 ++++++ drivers/parport/parport_sunbpp.c | 8 +- drivers/pci/pcie/aer.c | 6 ++ drivers/pinctrl/mediatek/pinctrl-mt7622.c | 4 +- drivers/pinctrl/pinctrl-rza1.c | 24 ++--- drivers/pinctrl/pinmux.c | 16 ++- drivers/pinctrl/qcom/pinctrl-msm.c | 14 ++- drivers/pinctrl/qcom/pinctrl-spmi-gpio.c | 32 ++++-- drivers/platform/x86/toshiba_acpi.c | 3 +- drivers/regulator/qcom_spmi-regulator.c | 34 ++++--- drivers/remoteproc/qcom_q6v5_pil.c | 1 - drivers/reset/reset-imx7.c | 2 +- drivers/rtc/rtc-bq4802.c | 4 + drivers/s390/net/qeth_core_main.c | 3 +- drivers/s390/net/qeth_core_sys.c | 1 + drivers/scsi/libfc/fc_disc.c | 7 +- drivers/scsi/lpfc/lpfc_nvme.c | 5 +- drivers/scsi/lpfc/lpfc_nvmet.c | 12 ++- drivers/soc/qcom/smem.c | 10 +- drivers/spi/spi-dw.c | 3 +- drivers/staging/fsl-dpaa2/ethernet/dpaa2-eth.c | 2 +- .../vc04_services/bcm2835-audio/bcm2835-vchiq.c | 16 +-- .../vc04_services/bcm2835-camera/bcm2835-camera.c | 7 +- .../vc04_services/bcm2835-camera/mmal-vchiq.c | 11 ++- drivers/tty/serial/8250/8250_of.c | 2 +- drivers/tty/tty_baudrate.c | 13 ++- drivers/usb/class/cdc-acm.c | 73 -------------- drivers/usb/class/cdc-acm.h | 1 - drivers/usb/class/cdc-wdm.c | 2 +- drivers/usb/core/hcd-pci.c | 2 - drivers/usb/core/message.c | 11 +++ drivers/usb/core/quirks.c | 7 ++ drivers/usb/dwc3/gadget.h | 2 +- drivers/usb/gadget/udc/net2280.c | 16 ++- drivers/usb/gadget/udc/renesas_usb3.c | 5 +- drivers/usb/host/u132-hcd.c | 2 +- drivers/usb/host/xhci-mem.c | 4 + drivers/usb/host/xhci.c | 30 ++++++ drivers/usb/misc/uss720.c | 4 +- drivers/usb/misc/yurex.c | 5 +- drivers/usb/mtu3/mtu3_core.c | 6 +- drivers/usb/mtu3/mtu3_hw_regs.h | 1 + drivers/usb/serial/io_ti.h | 2 +- drivers/usb/serial/ti_usb_3410_5052.c | 2 +- drivers/usb/storage/scsiglue.c | 9 ++ drivers/usb/storage/uas.c | 21 ++++ drivers/usb/storage/unusual_devs.h | 7 ++ drivers/video/fbdev/core/modedb.c | 41 +++++--- drivers/video/fbdev/goldfishfb.c | 1 + drivers/video/fbdev/omap/omapfb_main.c | 2 +- drivers/video/fbdev/omap2/omapfb/Makefile | 4 +- drivers/video/fbdev/pxafb.c | 4 +- drivers/video/fbdev/via/viafbdev.c | 3 +- fs/binfmt_elf.c | 2 +- fs/cifs/readdir.c | 11 ++- fs/cifs/smb2pdu.c | 29 +++--- fs/configfs/dir.c | 11 +++ fs/f2fs/super.c | 16 ++- fs/gfs2/bmap.c | 2 +- fs/gfs2/rgrp.c | 3 +- fs/namespace.c | 7 +- fs/nfs/nfs4proc.c | 10 +- fs/nfs/nfs4state.c | 2 + fs/nfs/nfs4trace.h | 2 +- fs/overlayfs/super.c | 26 ++--- fs/pstore/ram_core.c | 17 +++- include/linux/crypto.h | 5 + include/linux/mlx5/driver.h | 4 +- include/linux/of.h | 8 ++ kernel/audit_watch.c | 12 ++- kernel/bpf/cgroup.c | 7 +- kernel/events/core.c | 4 + kernel/rcu/rcutorture.c | 5 +- kernel/rcu/tree.c | 6 ++ kernel/rcu/tree.h | 4 + kernel/sched/fair.c | 10 +- kernel/sched/wait.c | 47 ++++----- net/bluetooth/af_bluetooth.c | 2 +- net/core/skbuff.c | 3 - net/ipv4/ip_gre.c | 5 + net/ipv4/tcp.c | 2 +- net/mac80211/cfg.c | 2 +- net/mac80211/key.c | 24 +++-- net/rds/bind.c | 5 +- net/tipc/socket.c | 1 + net/tls/tls_sw.c | 14 ++- net/xfrm/xfrm_policy.c | 5 +- scripts/Kbuild.include | 3 + security/integrity/evm/evm_crypto.c | 3 +- security/security.c | 2 + security/smack/smack_lsm.c | 14 ++- sound/core/pcm_lib.c | 14 ++- sound/isa/msnd/msnd_pinnacle.c | 4 +- sound/soc/codecs/hdmi-codec.c | 21 ++-- sound/soc/codecs/rt5514.c | 8 +- sound/soc/codecs/rt5651.c | 22 +++-- sound/soc/qcom/qdsp6/q6afe-dai.c | 2 +- sound/usb/quirks-table.h | 3 +- sound/usb/quirks.c | 2 + tools/hv/hv_kvp_daemon.c | 2 +- tools/perf/arch/powerpc/util/skip-callchain-idx.c | 10 +- tools/perf/tests/builtin-test.c | 2 +- .../tests/shell/record+probe_libc_inet_pton.sh | 36 ++++++- tools/perf/util/comm.c | 16 ++- tools/perf/util/header.c | 2 +- tools/perf/util/machine.c | 9 +- tools/perf/util/map.c | 11 +++ tools/perf/util/unwind-libdw.c | 2 +- tools/perf/util/unwind-libunwind-local.c | 2 +- tools/testing/nvdimm/test/nfit.c | 3 +- .../testing/selftests/android/ion/ionapp_export.c | 1 + tools/testing/selftests/timers/raw_skew.c | 5 + tools/testing/selftests/vDSO/vdso_test.c | 7 +- virt/kvm/arm/vgic/vgic-init.c | 4 + virt/kvm/arm/vgic/vgic-mmio-v2.c | 3 + 238 files changed, 1599 insertions(+), 926 deletions(-)

7 years, 1 month

10
260
0 0

[git:media_tree/master] media: v4l2-tpg: fix kernel oops when enabling HFLIP and OSD

by Mauro Carvalho Chehab

This is an automatic generated email to let you know that the following patch were queued: Subject: media: v4l2-tpg: fix kernel oops when enabling HFLIP and OSD Author: Hans Verkuil <hverkuil(a)xs4all.nl> Date: Mon Oct 8 15:08:27 2018 -0400 When the OSD is on (i.e. vivid displays text on top of the test pattern), and you enable hflip, then the driver crashes. The cause turned out to be a division of a negative number by an unsigned value. You expect that -8 / 2U would be -4, but in reality it is 2147483644 :-( Fixes: 3e14e7a82c1ef ("vivid-tpg: add hor/vert downsampling support to tpg_gen_text") Signed-off-by: Hans Verkuil <hans.verkuil(a)cisco.com> Reported-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> Cc: <stable(a)vger.kernel.org> # for v4.1 and up Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> drivers/media/common/v4l2-tpg/v4l2-tpg-core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- diff --git a/drivers/media/common/v4l2-tpg/v4l2-tpg-core.c b/drivers/media/common/v4l2-tpg/v4l2-tpg-core.c index 76b125ebee6d..fa483b95bc5a 100644 --- a/drivers/media/common/v4l2-tpg/v4l2-tpg-core.c +++ b/drivers/media/common/v4l2-tpg/v4l2-tpg-core.c @@ -1801,7 +1801,7 @@ typedef struct { u16 __; u8 _; } __packed x24; pos[7] = (chr & (0x01 << 0) ? fg : bg); \ } \ \ - pos += (tpg->hflip ? -8 : 8) / hdiv; \ + pos += (tpg->hflip ? -8 : 8) / (int)hdiv; \ } \ } \ } while (0)

7 years, 1 month

1
0
0 0

[PATCH v4 1/3] x86/xen: fix boot loader version reported for pvh guests

by Juergen Gross

The boot loader version reported via sysfs is wrong in case of the kernel being booted via the Xen PVH boot entry. it should be 2.12 (0x020c), but it is reported to be 2.18 (0x0212). As the current way to set the version is error prone use the more readable variant (2 << 8) | 12. Cc: <stable(a)vger.kernel.org> # 4.12 Signed-off-by: Juergen Gross <jgross(a)suse.com> --- arch/x86/xen/enlighten_pvh.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/xen/enlighten_pvh.c b/arch/x86/xen/enlighten_pvh.c index c85d1a88f476..f7f77023288a 100644 --- a/arch/x86/xen/enlighten_pvh.c +++ b/arch/x86/xen/enlighten_pvh.c @@ -75,7 +75,7 @@ static void __init init_pvh_bootparams(void) * Version 2.12 supports Xen entry point but we will use default x86/PC * environment (i.e. hardware_subarch 0). */ - pvh_bootparams.hdr.version = 0x212; + pvh_bootparams.hdr.version = (2 << 8) | 12; pvh_bootparams.hdr.type_of_loader = (9 << 4) | 0; /* Xen loader */ x86_init.acpi.get_root_pointer = pvh_get_root_pointer; -- 2.16.4

7 years, 1 month

1
0
0 0

FAILED: patch "[PATCH] firmware: Always initialize the fw_priv list object" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 7012040576c6ae25a47035659ee48673612c2c27 Mon Sep 17 00:00:00 2001 From: Bjorn Andersson <bjorn.andersson(a)linaro.org> Date: Wed, 19 Sep 2018 18:09:38 -0700 Subject: [PATCH] firmware: Always initialize the fw_priv list object When freeing the fw_priv the item is taken off the list. This causes an oops in the FW_OPT_NOCACHE case as the list object is not initialized. Make sure to initialize the list object regardless of this flag. Fixes: 422b3db2a503 ("firmware: Fix security issue with request_firmware_into_buf()") Cc: stable(a)vger.kernel.org Cc: Rishabh Bhatnagar <rishabhb(a)codeaurora.org> Signed-off-by: Bjorn Andersson <bjorn.andersson(a)linaro.org> Reviewed-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/base/firmware_loader/main.c b/drivers/base/firmware_loader/main.c index b3c0498ee433..8e9213b36e31 100644 --- a/drivers/base/firmware_loader/main.c +++ b/drivers/base/firmware_loader/main.c @@ -226,8 +226,11 @@ static int alloc_lookup_fw_priv(const char *fw_name, } tmp = __allocate_fw_priv(fw_name, fwc, dbuf, size); - if (tmp && !(opt_flags & FW_OPT_NOCACHE)) - list_add(&tmp->list, &fwc->head); + if (tmp) { + INIT_LIST_HEAD(&tmp->list); + if (!(opt_flags & FW_OPT_NOCACHE)) + list_add(&tmp->list, &fwc->head); + } spin_unlock(&fwc->lock); *fw_priv = tmp;

7 years, 1 month

3
2
0 0

[PATCH net-next] net/ipv6: stop leaking percpu memory in fib6 info

by Mike Rapoport

The fib6_info_alloc() function allocates percpu memory to hold per CPU pointers to rt6_info, but this memory is never freed. Fix it. Fixes: a64efe142f5e ("net/ipv6: introduce fib6_info struct and helpers") Signed-off-by: Mike Rapoport <rppt(a)linux.vnet.ibm.com> Cc: stable(a)vger.kernel.org --- net/ipv6/ip6_fib.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/ipv6/ip6_fib.c b/net/ipv6/ip6_fib.c index cf709eadc932..cc7de7eb8b9c 100644 --- a/net/ipv6/ip6_fib.c +++ b/net/ipv6/ip6_fib.c @@ -194,6 +194,8 @@ void fib6_info_destroy_rcu(struct rcu_head *head) *ppcpu_rt = NULL; } } + + free_percpu(f6i->rt6i_pcpu); } lwtstate_put(f6i->fib6_nh.nh_lwtstate); -- 2.7.4

7 years, 1 month

3
3
0 0

[merged] ocfs2-fix-locking-for-res-tracking-and-dlm-tracking_list.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: ocfs2: fix locking for res->tracking and dlm->tracking_list has been removed from the -mm tree. Its filename was ocfs2-fix-locking-for-res-tracking-and-dlm-tracking_list.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Ashish Samant <ashish.samant(a)oracle.com> Subject: ocfs2: fix locking for res->tracking and dlm->tracking_list In dlm_init_lockres() we access and modify res->tracking and dlm->tracking_list without holding dlm->track_lock. This can cause list corruptions and can end up in kernel panic. Fix this by locking res->tracking and dlm->tracking_list with dlm->track_lock instead of dlm->spinlock. Link: http://lkml.kernel.org/r/1529951192-4686-1-git-send-email-ashish.samant@ora… Signed-off-by: Ashish Samant <ashish.samant(a)oracle.com> Reviewed-by: Changwei Ge <ge.changwei(a)h3c.com> Acked-by: Joseph Qi <jiangqi903(a)gmail.com> Acked-by: Jun Piao <piaojun(a)huawei.com> Cc: Mark Fasheh <mark(a)fasheh.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Changwei Ge <ge.changwei(a)h3c.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/ocfs2/dlm/dlmmaster.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/fs/ocfs2/dlm/dlmmaster.c~ocfs2-fix-locking-for-res-tracking-and-dlm-tracking_list +++ a/fs/ocfs2/dlm/dlmmaster.c @@ -584,9 +584,9 @@ static void dlm_init_lockres(struct dlm_ res->last_used = 0; - spin_lock(&dlm->spinlock); + spin_lock(&dlm->track_lock); list_add_tail(&res->tracking, &dlm->tracking_list); - spin_unlock(&dlm->spinlock); + spin_unlock(&dlm->track_lock); memset(res->lvb, 0, DLM_LVB_LEN); memset(res->refmap, 0, sizeof(res->refmap)); _ Patches currently in -mm which might be from ashish.samant(a)oracle.com are

7 years, 1 month

1
0
0 0

[merged] mm-vmstat-skip-nr_tlb_remote_flush-properly.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly has been removed from the -mm tree. Its filename was mm-vmstat-skip-nr_tlb_remote_flush-properly.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Jann Horn <jannh(a)google.com> Subject: mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly 5dd0b16cdaff ("mm/vmstat: Make NR_TLB_REMOTE_FLUSH_RECEIVED available even on UP") made the availability of the NR_TLB_REMOTE_FLUSH* counters inside the kernel unconditional to reduce #ifdef soup, but (either to avoid showing dummy zero counters to userspace, or because that code was missed) didn't update the vmstat_array, meaning that all following counters would be shown with incorrect values. This only affects kernel builds with CONFIG_VM_EVENT_COUNTERS=y && CONFIG_DEBUG_TLBFLUSH=y && CONFIG_SMP=n. Link: http://lkml.kernel.org/r/20181001143138.95119-2-jannh@google.com Fixes: 5dd0b16cdaff ("mm/vmstat: Make NR_TLB_REMOTE_FLUSH_RECEIVED available even on UP") Signed-off-by: Jann Horn <jannh(a)google.com> Reviewed-by: Kees Cook <keescook(a)chromium.org> Reviewed-by: Andrew Morton <akpm(a)linux-foundation.org> Acked-by: Michal Hocko <mhocko(a)suse.com> Acked-by: Roman Gushchin <guro(a)fb.com> Cc: Davidlohr Bueso <dave(a)stgolabs.net> Cc: Oleg Nesterov <oleg(a)redhat.com> Cc: Christoph Lameter <clameter(a)sgi.com> Cc: Kemi Wang <kemi.wang(a)intel.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Ingo Molnar <mingo(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/vmstat.c | 3 +++ 1 file changed, 3 insertions(+) --- a/mm/vmstat.c~mm-vmstat-skip-nr_tlb_remote_flush-properly +++ a/mm/vmstat.c @@ -1275,6 +1275,9 @@ const char * const vmstat_text[] = { #ifdef CONFIG_SMP "nr_tlb_remote_flush", "nr_tlb_remote_flush_received", +#else + "", /* nr_tlb_remote_flush */ + "", /* nr_tlb_remote_flush_received */ #endif /* CONFIG_SMP */ "nr_tlb_local_flush_all", "nr_tlb_local_flush_one", _ Patches currently in -mm which might be from jannh(a)google.com are mm-vmstat-assert-that-vmstat_text-is-in-sync-with-stat_items_size.patch reiserfs-propagate-errors-from-fill_with_dentries-properly.patch

7 years, 1 month

1
0
0 0

[merged] proc-restrict-kernel-stack-dumps-to-root.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: proc: restrict kernel stack dumps to root has been removed from the -mm tree. Its filename was proc-restrict-kernel-stack-dumps-to-root.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Jann Horn <jannh(a)google.com> Subject: proc: restrict kernel stack dumps to root Currently, you can use /proc/self/task/*/stack to cause a stack walk on a task you control while it is running on another CPU. That means that the stack can change under the stack walker. The stack walker does have guards against going completely off the rails and into random kernel memory, but it can interpret random data from your kernel stack as instruction pointers and stack pointers. This can cause exposure of kernel stack contents to userspace. Restrict the ability to inspect kernel stacks of arbitrary tasks to root in order to prevent a local attacker from exploiting racy stack unwinding to leak kernel task stack contents. See the added comment for a longer rationale. There don't seem to be any users of this userspace API that can't gracefully bail out if reading from the file fails. Therefore, I believe that this change is unlikely to break things. In the case that this patch does end up needing a revert, the next-best solution might be to fake a single-entry stack based on wchan. Link: http://lkml.kernel.org/r/20180927153316.200286-1-jannh@google.com Fixes: 2ec220e27f50 ("proc: add /proc/*/stack") Signed-off-by: Jann Horn <jannh(a)google.com> Acked-by: Kees Cook <keescook(a)chromium.org> Cc: Alexey Dobriyan <adobriyan(a)gmail.com> Cc: Ken Chen <kenchen(a)google.com> Cc: Will Deacon <will.deacon(a)arm.com> Cc: Laura Abbott <labbott(a)redhat.com> Cc: Andy Lutomirski <luto(a)amacapital.net> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Josh Poimboeuf <jpoimboe(a)redhat.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: "H . Peter Anvin" <hpa(a)zytor.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/proc/base.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) --- a/fs/proc/base.c~proc-restrict-kernel-stack-dumps-to-root +++ a/fs/proc/base.c @@ -407,6 +407,20 @@ static int proc_pid_stack(struct seq_fil unsigned long *entries; int err; + /* + * The ability to racily run the kernel stack unwinder on a running task + * and then observe the unwinder output is scary; while it is useful for + * debugging kernel issues, it can also allow an attacker to leak kernel + * stack contents. + * Doing this in a manner that is at least safe from races would require + * some work to ensure that the remote task can not be scheduled; and + * even then, this would still expose the unwinder as local attack + * surface. + * Therefore, this interface is restricted to root. + */ + if (!file_ns_capable(m->file, &init_user_ns, CAP_SYS_ADMIN)) + return -EACCES; + entries = kmalloc_array(MAX_STACK_TRACE_DEPTH, sizeof(*entries), GFP_KERNEL); if (!entries) _ Patches currently in -mm which might be from jannh(a)google.com are mm-vmstat-assert-that-vmstat_text-is-in-sync-with-stat_items_size.patch reiserfs-propagate-errors-from-fill_with_dentries-properly.patch

7 years, 1 month

1
0
0 0

[merged] mm-thp-fix-mlocking-thp-page-with-migration-enabled.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm, thp: fix mlocking THP page with migration enabled has been removed from the -mm tree. Its filename was mm-thp-fix-mlocking-thp-page-with-migration-enabled.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: "Kirill A. Shutemov" <kirill.shutemov(a)linux.intel.com> Subject: mm, thp: fix mlocking THP page with migration enabled A transparent huge page is represented by a single entry on an LRU list. Therefore, we can only make unevictable an entire compound page, not individual subpages. If a user tries to mlock() part of a huge page, we want the rest of the page to be reclaimable. We handle this by keeping PTE-mapped huge pages on normal LRU lists: the PMD on border of VM_LOCKED VMA will be split into PTE table. Introduction of THP migration breaks[1] the rules around mlocking THP pages. If we had a single PMD mapping of the page in mlocked VMA, the page will get mlocked, regardless of PTE mappings of the page. For tmpfs/shmem it's easy to fix by checking PageDoubleMap() in remove_migration_pmd(). Anon THP pages can only be shared between processes via fork(). Mlocked page can only be shared if parent mlocked it before forking, otherwise CoW will be triggered on mlock(). For Anon-THP, we can fix the issue by munlocking the page on removing PTE migration entry for the page. PTEs for the page will always come after mlocked PMD: rmap walks VMAs from oldest to newest. Test-case: #include <unistd.h> #include <sys/mman.h> #include <sys/wait.h> #include <linux/mempolicy.h> #include <numaif.h> int main(void) { unsigned long nodemask = 4; void *addr; addr = mmap((void *)0x20000000UL, 2UL << 20, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS | MAP_LOCKED, -1, 0); if (fork()) { wait(NULL); return 0; } mlock(addr, 4UL << 10); mbind(addr, 2UL << 20, MPOL_PREFERRED | MPOL_F_RELATIVE_NODES, &nodemask, 4, MPOL_MF_MOVE); return 0; } [1] https://lkml.kernel.org/r/CAOMGZ=G52R-30rZvhGxEbkTw7rLLwBGadVYeo--iizcD3upL… Link: http://lkml.kernel.org/r/20180917133816.43995-1-kirill.shutemov@linux.intel… Fixes: 616b8371539a ("mm: thp: enable thp migration in generic path") Signed-off-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Reported-by: Vegard Nossum <vegard.nossum(a)oracle.com> Reviewed-by: Zi Yan <zi.yan(a)cs.rutgers.edu> Cc: Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: <stable(a)vger.kernel.org> [4.14+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/huge_memory.c | 2 +- mm/migrate.c | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) --- a/mm/huge_memory.c~mm-thp-fix-mlocking-thp-page-with-migration-enabled +++ a/mm/huge_memory.c @@ -2931,7 +2931,7 @@ void remove_migration_pmd(struct page_vm else page_add_file_rmap(new, true); set_pmd_at(mm, mmun_start, pvmw->pmd, pmde); - if (vma->vm_flags & VM_LOCKED) + if ((vma->vm_flags & VM_LOCKED) && !PageDoubleMap(new)) mlock_vma_page(new); update_mmu_cache_pmd(vma, address, pvmw->pmd); } --- a/mm/migrate.c~mm-thp-fix-mlocking-thp-page-with-migration-enabled +++ a/mm/migrate.c @@ -275,6 +275,9 @@ static bool remove_migration_pte(struct if (vma->vm_flags & VM_LOCKED && !PageTransCompound(new)) mlock_vma_page(new); + if (PageTransHuge(page) && PageMlocked(page)) + clear_page_mlock(page); + /* No need to invalidate - it was non-present before */ update_mmu_cache(vma, pvmw.address, pvmw.pte); } _ Patches currently in -mm which might be from kirill.shutemov(a)linux.intel.com are

7 years, 1 month

1
0
0 0

[merged] mm-migration-fix-migration-of-huge-pmd-shared-pages.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm: migration: fix migration of huge PMD shared pages has been removed from the -mm tree. Its filename was mm-migration-fix-migration-of-huge-pmd-shared-pages.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Mike Kravetz <mike.kravetz(a)oracle.com> Subject: mm: migration: fix migration of huge PMD shared pages The page migration code employs try_to_unmap() to try and unmap the source page. This is accomplished by using rmap_walk to find all vmas where the page is mapped. This search stops when page mapcount is zero. For shared PMD huge pages, the page map count is always 1 no matter the number of mappings. Shared mappings are tracked via the reference count of the PMD page. Therefore, try_to_unmap stops prematurely and does not completely unmap all mappings of the source page. This problem can result is data corruption as writes to the original source page can happen after contents of the page are copied to the target page. Hence, data is lost. This problem was originally seen as DB corruption of shared global areas after a huge page was soft offlined due to ECC memory errors. DB developers noticed they could reproduce the issue by (hotplug) offlining memory used to back huge pages. A simple testcase can reproduce the problem by creating a shared PMD mapping (note that this must be at least PUD_SIZE in size and PUD_SIZE aligned (1GB on x86)), and using migrate_pages() to migrate process pages between nodes while continually writing to the huge pages being migrated. To fix, have the try_to_unmap_one routine check for huge PMD sharing by calling huge_pmd_unshare for hugetlbfs huge pages. If it is a shared mapping it will be 'unshared' which removes the page table entry and drops the reference on the PMD page. After this, flush caches and TLB. mmu notifiers are called before locking page tables, but we can not be sure of PMD sharing until page tables are locked. Therefore, check for the possibility of PMD sharing before locking so that notifiers can prepare for the worst possible case. Link: http://lkml.kernel.org/r/20180823205917.16297-2-mike.kravetz@oracle.com [mike.kravetz(a)oracle.com: make _range_in_vma() a static inline] Link: http://lkml.kernel.org/r/6063f215-a5c8-2f0c-465a-2c515ddc952d@oracle.com Fixes: 39dde65c9940 ("shared page table for hugetlb page") Signed-off-by: Mike Kravetz <mike.kravetz(a)oracle.com> Acked-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Reviewed-by: Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Davidlohr Bueso <dave(a)stgolabs.net> Cc: Jerome Glisse <jglisse(a)redhat.com> Cc: Mike Kravetz <mike.kravetz(a)oracle.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/hugetlb.h | 14 ++++++++++++ include/linux/mm.h | 6 +++++ mm/hugetlb.c | 37 +++++++++++++++++++++++++++++++-- mm/rmap.c | 42 +++++++++++++++++++++++++++++++++++--- 4 files changed, 94 insertions(+), 5 deletions(-) --- a/include/linux/hugetlb.h~mm-migration-fix-migration-of-huge-pmd-shared-pages +++ a/include/linux/hugetlb.h @@ -140,6 +140,8 @@ pte_t *huge_pte_alloc(struct mm_struct * pte_t *huge_pte_offset(struct mm_struct *mm, unsigned long addr, unsigned long sz); int huge_pmd_unshare(struct mm_struct *mm, unsigned long *addr, pte_t *ptep); +void adjust_range_if_pmd_sharing_possible(struct vm_area_struct *vma, + unsigned long *start, unsigned long *end); struct page *follow_huge_addr(struct mm_struct *mm, unsigned long address, int write); struct page *follow_huge_pd(struct vm_area_struct *vma, @@ -170,6 +172,18 @@ static inline unsigned long hugetlb_tota return 0; } +static inline int huge_pmd_unshare(struct mm_struct *mm, unsigned long *addr, + pte_t *ptep) +{ + return 0; +} + +static inline void adjust_range_if_pmd_sharing_possible( + struct vm_area_struct *vma, + unsigned long *start, unsigned long *end) +{ +} + #define follow_hugetlb_page(m,v,p,vs,a,b,i,w,n) ({ BUG(); 0; }) #define follow_huge_addr(mm, addr, write) ERR_PTR(-EINVAL) #define copy_hugetlb_page_range(src, dst, vma) ({ BUG(); 0; }) --- a/include/linux/mm.h~mm-migration-fix-migration-of-huge-pmd-shared-pages +++ a/include/linux/mm.h @@ -2455,6 +2455,12 @@ static inline struct vm_area_struct *fin return vma; } +static inline bool range_in_vma(struct vm_area_struct *vma, + unsigned long start, unsigned long end) +{ + return (vma && vma->vm_start <= start && end <= vma->vm_end); +} + #ifdef CONFIG_MMU pgprot_t vm_get_page_prot(unsigned long vm_flags); void vma_set_page_prot(struct vm_area_struct *vma); --- a/mm/hugetlb.c~mm-migration-fix-migration-of-huge-pmd-shared-pages +++ a/mm/hugetlb.c @@ -4545,13 +4545,41 @@ static bool vma_shareable(struct vm_area /* * check on proper vm_flags and page table alignment */ - if (vma->vm_flags & VM_MAYSHARE && - vma->vm_start <= base && end <= vma->vm_end) + if (vma->vm_flags & VM_MAYSHARE && range_in_vma(vma, base, end)) return true; return false; } /* + * Determine if start,end range within vma could be mapped by shared pmd. + * If yes, adjust start and end to cover range associated with possible + * shared pmd mappings. + */ +void adjust_range_if_pmd_sharing_possible(struct vm_area_struct *vma, + unsigned long *start, unsigned long *end) +{ + unsigned long check_addr = *start; + + if (!(vma->vm_flags & VM_MAYSHARE)) + return; + + for (check_addr = *start; check_addr < *end; check_addr += PUD_SIZE) { + unsigned long a_start = check_addr & PUD_MASK; + unsigned long a_end = a_start + PUD_SIZE; + + /* + * If sharing is possible, adjust start/end if necessary. + */ + if (range_in_vma(vma, a_start, a_end)) { + if (a_start < *start) + *start = a_start; + if (a_end > *end) + *end = a_end; + } + } +} + +/* * Search for a shareable pmd page for hugetlb. In any case calls pmd_alloc() * and returns the corresponding pte. While this is not necessary for the * !shared pmd case because we can allocate the pmd later as well, it makes the @@ -4648,6 +4676,11 @@ int huge_pmd_unshare(struct mm_struct *m { return 0; } + +void adjust_range_if_pmd_sharing_possible(struct vm_area_struct *vma, + unsigned long *start, unsigned long *end) +{ +} #define want_pmd_share() (0) #endif /* CONFIG_ARCH_WANT_HUGE_PMD_SHARE */ --- a/mm/rmap.c~mm-migration-fix-migration-of-huge-pmd-shared-pages +++ a/mm/rmap.c @@ -1362,11 +1362,21 @@ static bool try_to_unmap_one(struct page } /* - * We have to assume the worse case ie pmd for invalidation. Note that - * the page can not be free in this function as call of try_to_unmap() - * must hold a reference on the page. + * For THP, we have to assume the worse case ie pmd for invalidation. + * For hugetlb, it could be much worse if we need to do pud + * invalidation in the case of pmd sharing. + * + * Note that the page can not be free in this function as call of + * try_to_unmap() must hold a reference on the page. */ end = min(vma->vm_end, start + (PAGE_SIZE << compound_order(page))); + if (PageHuge(page)) { + /* + * If sharing is possible, start and end will be adjusted + * accordingly. + */ + adjust_range_if_pmd_sharing_possible(vma, &start, &end); + } mmu_notifier_invalidate_range_start(vma->vm_mm, start, end); while (page_vma_mapped_walk(&pvmw)) { @@ -1409,6 +1419,32 @@ static bool try_to_unmap_one(struct page subpage = page - page_to_pfn(page) + pte_pfn(*pvmw.pte); address = pvmw.address; + if (PageHuge(page)) { + if (huge_pmd_unshare(mm, &address, pvmw.pte)) { + /* + * huge_pmd_unshare unmapped an entire PMD + * page. There is no way of knowing exactly + * which PMDs may be cached for this mm, so + * we must flush them all. start/end were + * already adjusted above to cover this range. + */ + flush_cache_range(vma, start, end); + flush_tlb_range(vma, start, end); + mmu_notifier_invalidate_range(mm, start, end); + + /* + * The ref count of the PMD page was dropped + * which is part of the way map counting + * is done for shared PMDs. Return 'true' + * here. When there is no other sharing, + * huge_pmd_unshare returns false and we will + * unmap the actual page and drop map count + * to zero. + */ + page_vma_mapped_walk_done(&pvmw); + break; + } + } if (IS_ENABLED(CONFIG_MIGRATION) && (flags & TTU_MIGRATION) && _ Patches currently in -mm which might be from mike.kravetz(a)oracle.com are

7 years, 1 month

1
0
0 0

[PATCH v7 5/5] drm/i915: Fix intel_dp_mst_best_encoder()

by Lyude Paul

Currently, i915 appears to rely on blocking modesets on no-longer-present MSTB ports by simply returning NULL for ->best_encoder(), which in turn causes any new atomic commits that don't disable the CRTC to fail. This is wrong however, since we still want to allow userspace to disable CRTCs on no-longer-present MSTB ports by changing the DPMS state to off and this still requires that we retrieve an encoder. So, fix this by always returning a valid encoder regardless of the state of the MST port. Changes since v1: - Remove mst atomic helper, since this got replaced with a much simpler solution Signed-off-by: Lyude Paul <lyude(a)redhat.com> Reviewed-by: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/i915/intel_dp_mst.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_dp_mst.c b/drivers/gpu/drm/i915/intel_dp_mst.c index 0f14c0d1669c..7f155b4f1a7d 100644 --- a/drivers/gpu/drm/i915/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/intel_dp_mst.c @@ -404,8 +404,6 @@ static struct drm_encoder *intel_mst_atomic_best_encoder(struct drm_connector *c struct intel_dp *intel_dp = intel_connector->mst_port; struct intel_crtc *crtc = to_intel_crtc(state->crtc); - if (!READ_ONCE(connector->registered)) - return NULL; return &intel_dp->mst_encoders[crtc->pipe]->base.base; } -- 2.17.1

7 years, 1 month

1
0
0 0

[PATCH v7 4/5] drm/i915: Skip vcpi allocation for MSTB ports that are gone

by Lyude Paul

Since we need to be able to allow DPMS on->off prop changes after an MST port has disappeared from the system, we need to be able to make sure we can compute a config for the resulting atomic commit. Currently this is impossible when the port has disappeared, since the VCPI slot searching we try to do in intel_dp_mst_compute_config() will fail with -EINVAL. Since the only commits we want to allow on no-longer-present MST ports are ones that shut off display hardware, we already know that no VCPI allocations are needed. So, hardcode the VCPI slot count to 0 when intel_dp_mst_compute_config() is called on an MST port that's gone. Changes since V4: - Don't use mst_port_gone at all, just check whether or not the drm connector is registered - Daniel Vetter Signed-off-by: Lyude Paul <lyude(a)redhat.com> Reviewed-by: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/i915/intel_dp_mst.c | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_dp_mst.c b/drivers/gpu/drm/i915/intel_dp_mst.c index aa21742d8634..0f14c0d1669c 100644 --- a/drivers/gpu/drm/i915/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/intel_dp_mst.c @@ -38,11 +38,11 @@ static bool intel_dp_mst_compute_config(struct intel_encoder *encoder, struct intel_dp_mst_encoder *intel_mst = enc_to_mst(&encoder->base); struct intel_digital_port *intel_dig_port = intel_mst->primary; struct intel_dp *intel_dp = &intel_dig_port->dp; - struct intel_connector *connector = - to_intel_connector(conn_state->connector); + struct drm_connector *connector = conn_state->connector; + void *port = to_intel_connector(connector)->port; struct drm_atomic_state *state = pipe_config->base.state; int bpp; - int lane_count, slots; + int lane_count, slots = 0; const struct drm_display_mode *adjusted_mode = &pipe_config->base.adjusted_mode; int mst_pbn; bool constant_n = drm_dp_has_quirk(&intel_dp->desc, @@ -70,17 +70,23 @@ static bool intel_dp_mst_compute_config(struct intel_encoder *encoder, pipe_config->port_clock = intel_dp_max_link_rate(intel_dp); - if (drm_dp_mst_port_has_audio(&intel_dp->mst_mgr, connector->port)) + if (drm_dp_mst_port_has_audio(&intel_dp->mst_mgr, port)) pipe_config->has_audio = true; mst_pbn = drm_dp_calc_pbn_mode(adjusted_mode->crtc_clock, bpp); pipe_config->pbn = mst_pbn; - slots = drm_dp_atomic_find_vcpi_slots(state, &intel_dp->mst_mgr, - connector->port, mst_pbn); - if (slots < 0) { - DRM_DEBUG_KMS("failed finding vcpi slots:%d\n", slots); - return false; + /* Zombie connectors can't have VCPI slots */ + if (READ_ONCE(connector->registered)) { + slots = drm_dp_atomic_find_vcpi_slots(state, + &intel_dp->mst_mgr, + port, + mst_pbn); + if (slots < 0) { + DRM_DEBUG_KMS("failed finding vcpi slots:%d\n", + slots); + return false; + } } intel_link_compute_m_n(bpp, lane_count, -- 2.17.1

7 years, 1 month

1
0
0 0

[PATCH v7 3/5] drm/i915: Don't unset intel_connector->mst_port

by Lyude Paul

Currently we set intel_connector->mst_port to NULL to signify that the MST port has been removed from the system so that we can prevent further action on the port such as connector probes, mode probing, etc. However, we're going to need access to intel_connector->mst_port in order to fixup ->best_encoder() so that it can always return the correct encoder for an MST port to prevent legacy DPMS prop changes from failing. This should be safe, so instead keep intel_connector->mst_port always set and instead just check the status of drm_connector->regustered to signify whether or not the connector has disappeared from the system. Changes since v2: - Add a comment to mst_port_gone (Jani Nikula) - Change mst_port_gone to a u8 instead of a bool, per the kernel bot. Apparently bool is discouraged in structs these days Changes since v4: - Don't use mst_port_gone at all! Just check if the connector is registered or not - Daniel Vetter Signed-off-by: Lyude Paul <lyude(a)redhat.com> Reviewed-by: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/i915/intel_dp_mst.c | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_dp_mst.c b/drivers/gpu/drm/i915/intel_dp_mst.c index 43db2e9ac575..aa21742d8634 100644 --- a/drivers/gpu/drm/i915/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/intel_dp_mst.c @@ -307,9 +307,8 @@ static int intel_dp_mst_get_ddc_modes(struct drm_connector *connector) struct edid *edid; int ret; - if (!intel_dp) { + if (!READ_ONCE(connector->registered)) return intel_connector_update_modes(connector, NULL); - } edid = drm_dp_mst_get_edid(connector, &intel_dp->mst_mgr, intel_connector->port); ret = intel_connector_update_modes(connector, edid); @@ -324,9 +323,10 @@ intel_dp_mst_detect(struct drm_connector *connector, bool force) struct intel_connector *intel_connector = to_intel_connector(connector); struct intel_dp *intel_dp = intel_connector->mst_port; - if (!intel_dp) + if (!READ_ONCE(connector->registered)) return connector_status_disconnected; - return drm_dp_mst_detect_port(connector, &intel_dp->mst_mgr, intel_connector->port); + return drm_dp_mst_detect_port(connector, &intel_dp->mst_mgr, + intel_connector->port); } static void @@ -366,7 +366,7 @@ intel_dp_mst_mode_valid(struct drm_connector *connector, int bpp = 24; /* MST uses fixed bpp */ int max_rate, mode_rate, max_lanes, max_link_clock; - if (!intel_dp) + if (!READ_ONCE(connector->registered)) return MODE_ERROR; if (mode->flags & DRM_MODE_FLAG_DBLSCAN) @@ -398,7 +398,7 @@ static struct drm_encoder *intel_mst_atomic_best_encoder(struct drm_connector *c struct intel_dp *intel_dp = intel_connector->mst_port; struct intel_crtc *crtc = to_intel_crtc(state->crtc); - if (!intel_dp) + if (!READ_ONCE(connector->registered)) return NULL; return &intel_dp->mst_encoders[crtc->pipe]->base.base; } @@ -499,7 +499,6 @@ static void intel_dp_register_mst_connector(struct drm_connector *connector) static void intel_dp_destroy_mst_connector(struct drm_dp_mst_topology_mgr *mgr, struct drm_connector *connector) { - struct intel_connector *intel_connector = to_intel_connector(connector); struct drm_i915_private *dev_priv = to_i915(connector->dev); DRM_DEBUG_KMS("[CONNECTOR:%d:%s]\n", connector->base.id, connector->name); @@ -508,10 +507,6 @@ static void intel_dp_destroy_mst_connector(struct drm_dp_mst_topology_mgr *mgr, if (dev_priv->fbdev) drm_fb_helper_remove_one_connector(&dev_priv->fbdev->helper, connector); - /* prevent race with the check in ->detect */ - drm_modeset_lock(&connector->dev->mode_config.connection_mutex, NULL); - intel_connector->mst_port = NULL; - drm_modeset_unlock(&connector->dev->mode_config.connection_mutex); drm_connector_put(connector); } -- 2.17.1

7 years, 1 month

1
0
0 0

[PATCH v7 2/5] drm/nouveau: Fix nv50_mstc->best_encoder()

by Lyude Paul

As mentioned in the previous commit, we currently prevent new modesets on recently-removed MST connectors by returning no encoder from our ->best_encoder() callback once the MST port has disappeared. This is wrong however, because it prevents legacy modesetting users from being able to disable CRTCs on MST connectors after the connector's respective topology has disappeared. So, fix this by instead by just always returning a valid encoder. Changes since v2: - Remove usage of atomic MST helper for now, since that got replaced with a much simpler solution Signed-off-by: Lyude Paul <lyude(a)redhat.com> Reviewed-by: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/nouveau/dispnv50/disp.c | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/drivers/gpu/drm/nouveau/dispnv50/disp.c b/drivers/gpu/drm/nouveau/dispnv50/disp.c index 9f32b10c7c29..31b94bc9ec90 100644 --- a/drivers/gpu/drm/nouveau/dispnv50/disp.c +++ b/drivers/gpu/drm/nouveau/dispnv50/disp.c @@ -843,22 +843,16 @@ nv50_mstc_atomic_best_encoder(struct drm_connector *connector, { struct nv50_head *head = nv50_head(connector_state->crtc); struct nv50_mstc *mstc = nv50_mstc(connector); - if (mstc->port) { - struct nv50_mstm *mstm = mstc->mstm; - return &mstm->msto[head->base.index]->encoder; - } - return NULL; + + return &mstc->mstm->msto[head->base.index]->encoder; } static struct drm_encoder * nv50_mstc_best_encoder(struct drm_connector *connector) { struct nv50_mstc *mstc = nv50_mstc(connector); - if (mstc->port) { - struct nv50_mstm *mstm = mstc->mstm; - return &mstm->msto[0]->encoder; - } - return NULL; + + return &mstc->mstm->msto[0]->encoder; } static enum drm_mode_status -- 2.17.1

7 years, 1 month

1
0
0 0

FAILED: patch "[PATCH] powerpc: Avoid code patching freed init sections" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 51c3c62b58b357e8d35e4cc32f7b4ec907426fe3 Mon Sep 17 00:00:00 2001 From: Michael Neuling <mikey(a)neuling.org> Date: Fri, 14 Sep 2018 11:14:11 +1000 Subject: [PATCH] powerpc: Avoid code patching freed init sections This stops us from doing code patching in init sections after they've been freed. In this chain: kvm_guest_init() -> kvm_use_magic_page() -> fault_in_pages_readable() -> __get_user() -> __get_user_nocheck() -> barrier_nospec(); We have a code patching location at barrier_nospec() and kvm_guest_init() is an init function. This whole chain gets inlined, so when we free the init section (hence kvm_guest_init()), this code goes away and hence should no longer be patched. We seen this as userspace memory corruption when using a memory checker while doing partition migration testing on powervm (this starts the code patching post migration via /sys/kernel/mobility/migration). In theory, it could also happen when using /sys/kernel/debug/powerpc/barrier_nospec. Cc: stable(a)vger.kernel.org # 4.13+ Signed-off-by: Michael Neuling <mikey(a)neuling.org> Reviewed-by: Nicholas Piggin <npiggin(a)gmail.com> Reviewed-by: Christophe Leroy <christophe.leroy(a)c-s.fr> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> diff --git a/arch/powerpc/include/asm/setup.h b/arch/powerpc/include/asm/setup.h index 1a951b00465d..1fffbba8d6a5 100644 --- a/arch/powerpc/include/asm/setup.h +++ b/arch/powerpc/include/asm/setup.h @@ -9,6 +9,7 @@ extern void ppc_printk_progress(char *s, unsigned short hex); extern unsigned int rtas_data; extern unsigned long long memory_limit; +extern bool init_mem_is_free; extern unsigned long klimit; extern void *zalloc_maybe_bootmem(size_t size, gfp_t mask); diff --git a/arch/powerpc/lib/code-patching.c b/arch/powerpc/lib/code-patching.c index 850f3b8f4da5..6ae2777c220d 100644 --- a/arch/powerpc/lib/code-patching.c +++ b/arch/powerpc/lib/code-patching.c @@ -28,6 +28,12 @@ static int __patch_instruction(unsigned int *exec_addr, unsigned int instr, { int err; + /* Make sure we aren't patching a freed init section */ + if (init_mem_is_free && init_section_contains(exec_addr, 4)) { + pr_debug("Skipping init section patching addr: 0x%px\n", exec_addr); + return 0; + } + __put_user_size(instr, patch_addr, 4, err); if (err) return err; diff --git a/arch/powerpc/mm/mem.c b/arch/powerpc/mm/mem.c index 5c8530d0c611..04ccb274a620 100644 --- a/arch/powerpc/mm/mem.c +++ b/arch/powerpc/mm/mem.c @@ -63,6 +63,7 @@ #endif unsigned long long memory_limit; +bool init_mem_is_free; #ifdef CONFIG_HIGHMEM pte_t *kmap_pte; @@ -396,6 +397,7 @@ void free_initmem(void) { ppc_md.progress = ppc_printk_progress; mark_initmem_nx(); + init_mem_is_free = true; free_initmem_default(POISON_FREE_INITMEM); }

7 years, 1 month

2
1
0 0

[PATCH v6 5/5] drm/i915: Fix intel_dp_mst_best_encoder()

by Lyude Paul

Currently, i915 appears to rely on blocking modesets on no-longer-present MSTB ports by simply returning NULL for ->best_encoder(), which in turn causes any new atomic commits that don't disable the CRTC to fail. This is wrong however, since we still want to allow userspace to disable CRTCs on no-longer-present MSTB ports by changing the DPMS state to off and this still requires that we retrieve an encoder. So, fix this by always returning a valid encoder regardless of the state of the MST port. Changes since v1: - Remove mst atomic helper, since this got replaced with a much simpler solution Signed-off-by: Lyude Paul <lyude(a)redhat.com> Reviewed-by: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/i915/intel_dp_mst.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_dp_mst.c b/drivers/gpu/drm/i915/intel_dp_mst.c index 0f14c0d1669c..7f155b4f1a7d 100644 --- a/drivers/gpu/drm/i915/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/intel_dp_mst.c @@ -404,8 +404,6 @@ static struct drm_encoder *intel_mst_atomic_best_encoder(struct drm_connector *c struct intel_dp *intel_dp = intel_connector->mst_port; struct intel_crtc *crtc = to_intel_crtc(state->crtc); - if (!READ_ONCE(connector->registered)) - return NULL; return &intel_dp->mst_encoders[crtc->pipe]->base.base; } -- 2.17.1

7 years, 1 month

1
0
0 0

[PATCH v6 4/5] drm/i915: Skip vcpi allocation for MSTB ports that are gone

by Lyude Paul

Since we need to be able to allow DPMS on->off prop changes after an MST port has disappeared from the system, we need to be able to make sure we can compute a config for the resulting atomic commit. Currently this is impossible when the port has disappeared, since the VCPI slot searching we try to do in intel_dp_mst_compute_config() will fail with -EINVAL. Since the only commits we want to allow on no-longer-present MST ports are ones that shut off display hardware, we already know that no VCPI allocations are needed. So, hardcode the VCPI slot count to 0 when intel_dp_mst_compute_config() is called on an MST port that's gone. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Reviewed-by: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: stable(a)vger.kernel.org Changes since V4: - Don't use mst_port_gone at all, just check whether or not the drm connector is registered - Daniel Vetter Signed-off-by: Lyude Paul <lyude(a)redhat.com> --- drivers/gpu/drm/i915/intel_dp_mst.c | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_dp_mst.c b/drivers/gpu/drm/i915/intel_dp_mst.c index aa21742d8634..0f14c0d1669c 100644 --- a/drivers/gpu/drm/i915/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/intel_dp_mst.c @@ -38,11 +38,11 @@ static bool intel_dp_mst_compute_config(struct intel_encoder *encoder, struct intel_dp_mst_encoder *intel_mst = enc_to_mst(&encoder->base); struct intel_digital_port *intel_dig_port = intel_mst->primary; struct intel_dp *intel_dp = &intel_dig_port->dp; - struct intel_connector *connector = - to_intel_connector(conn_state->connector); + struct drm_connector *connector = conn_state->connector; + void *port = to_intel_connector(connector)->port; struct drm_atomic_state *state = pipe_config->base.state; int bpp; - int lane_count, slots; + int lane_count, slots = 0; const struct drm_display_mode *adjusted_mode = &pipe_config->base.adjusted_mode; int mst_pbn; bool constant_n = drm_dp_has_quirk(&intel_dp->desc, @@ -70,17 +70,23 @@ static bool intel_dp_mst_compute_config(struct intel_encoder *encoder, pipe_config->port_clock = intel_dp_max_link_rate(intel_dp); - if (drm_dp_mst_port_has_audio(&intel_dp->mst_mgr, connector->port)) + if (drm_dp_mst_port_has_audio(&intel_dp->mst_mgr, port)) pipe_config->has_audio = true; mst_pbn = drm_dp_calc_pbn_mode(adjusted_mode->crtc_clock, bpp); pipe_config->pbn = mst_pbn; - slots = drm_dp_atomic_find_vcpi_slots(state, &intel_dp->mst_mgr, - connector->port, mst_pbn); - if (slots < 0) { - DRM_DEBUG_KMS("failed finding vcpi slots:%d\n", slots); - return false; + /* Zombie connectors can't have VCPI slots */ + if (READ_ONCE(connector->registered)) { + slots = drm_dp_atomic_find_vcpi_slots(state, + &intel_dp->mst_mgr, + port, + mst_pbn); + if (slots < 0) { + DRM_DEBUG_KMS("failed finding vcpi slots:%d\n", + slots); + return false; + } } intel_link_compute_m_n(bpp, lane_count, -- 2.17.1

7 years, 1 month

1
0
0 0

[PATCH v6 3/5] drm/i915: Don't unset intel_connector->mst_port

by Lyude Paul

Currently we set intel_connector->mst_port to NULL to signify that the MST port has been removed from the system so that we can prevent further action on the port such as connector probes, mode probing, etc. However, we're going to need access to intel_connector->mst_port in order to fixup ->best_encoder() so that it can always return the correct encoder for an MST port to prevent legacy DPMS prop changes from failing. This should be safe, so instead keep intel_connector->mst_port always set and instead just check the status of drm_connector->regustered to signify whether or not the connector has disappeared from the system. Changes since v2: - Add a comment to mst_port_gone (Jani Nikula) - Change mst_port_gone to a u8 instead of a bool, per the kernel bot. Apparently bool is discouraged in structs these days Changes since v4: - Don't use mst_port_gone at all! Just check if the connector is registered or not - Daniel Vetter Signed-off-by: Lyude Paul <lyude(a)redhat.com> Reviewed-by: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/i915/intel_dp_mst.c | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_dp_mst.c b/drivers/gpu/drm/i915/intel_dp_mst.c index 43db2e9ac575..aa21742d8634 100644 --- a/drivers/gpu/drm/i915/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/intel_dp_mst.c @@ -307,9 +307,8 @@ static int intel_dp_mst_get_ddc_modes(struct drm_connector *connector) struct edid *edid; int ret; - if (!intel_dp) { + if (!READ_ONCE(connector->registered)) return intel_connector_update_modes(connector, NULL); - } edid = drm_dp_mst_get_edid(connector, &intel_dp->mst_mgr, intel_connector->port); ret = intel_connector_update_modes(connector, edid); @@ -324,9 +323,10 @@ intel_dp_mst_detect(struct drm_connector *connector, bool force) struct intel_connector *intel_connector = to_intel_connector(connector); struct intel_dp *intel_dp = intel_connector->mst_port; - if (!intel_dp) + if (!READ_ONCE(connector->registered)) return connector_status_disconnected; - return drm_dp_mst_detect_port(connector, &intel_dp->mst_mgr, intel_connector->port); + return drm_dp_mst_detect_port(connector, &intel_dp->mst_mgr, + intel_connector->port); } static void @@ -366,7 +366,7 @@ intel_dp_mst_mode_valid(struct drm_connector *connector, int bpp = 24; /* MST uses fixed bpp */ int max_rate, mode_rate, max_lanes, max_link_clock; - if (!intel_dp) + if (!READ_ONCE(connector->registered)) return MODE_ERROR; if (mode->flags & DRM_MODE_FLAG_DBLSCAN) @@ -398,7 +398,7 @@ static struct drm_encoder *intel_mst_atomic_best_encoder(struct drm_connector *c struct intel_dp *intel_dp = intel_connector->mst_port; struct intel_crtc *crtc = to_intel_crtc(state->crtc); - if (!intel_dp) + if (!READ_ONCE(connector->registered)) return NULL; return &intel_dp->mst_encoders[crtc->pipe]->base.base; } @@ -499,7 +499,6 @@ static void intel_dp_register_mst_connector(struct drm_connector *connector) static void intel_dp_destroy_mst_connector(struct drm_dp_mst_topology_mgr *mgr, struct drm_connector *connector) { - struct intel_connector *intel_connector = to_intel_connector(connector); struct drm_i915_private *dev_priv = to_i915(connector->dev); DRM_DEBUG_KMS("[CONNECTOR:%d:%s]\n", connector->base.id, connector->name); @@ -508,10 +507,6 @@ static void intel_dp_destroy_mst_connector(struct drm_dp_mst_topology_mgr *mgr, if (dev_priv->fbdev) drm_fb_helper_remove_one_connector(&dev_priv->fbdev->helper, connector); - /* prevent race with the check in ->detect */ - drm_modeset_lock(&connector->dev->mode_config.connection_mutex, NULL); - intel_connector->mst_port = NULL; - drm_modeset_unlock(&connector->dev->mode_config.connection_mutex); drm_connector_put(connector); } -- 2.17.1

7 years, 1 month

1
0
0 0

[PATCH v6 2/5] drm/nouveau: Fix nv50_mstc->best_encoder()

by Lyude Paul

As mentioned in the previous commit, we currently prevent new modesets on recently-removed MST connectors by returning no encoder from our ->best_encoder() callback once the MST port has disappeared. This is wrong however, because it prevents legacy modesetting users from being able to disable CRTCs on MST connectors after the connector's respective topology has disappeared. So, fix this by instead by just always returning a valid encoder. Changes since v2: - Remove usage of atomic MST helper for now, since that got replaced with a much simpler solution Signed-off-by: Lyude Paul <lyude(a)redhat.com> Reviewed-by: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/nouveau/dispnv50/disp.c | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/drivers/gpu/drm/nouveau/dispnv50/disp.c b/drivers/gpu/drm/nouveau/dispnv50/disp.c index 9f32b10c7c29..31b94bc9ec90 100644 --- a/drivers/gpu/drm/nouveau/dispnv50/disp.c +++ b/drivers/gpu/drm/nouveau/dispnv50/disp.c @@ -843,22 +843,16 @@ nv50_mstc_atomic_best_encoder(struct drm_connector *connector, { struct nv50_head *head = nv50_head(connector_state->crtc); struct nv50_mstc *mstc = nv50_mstc(connector); - if (mstc->port) { - struct nv50_mstm *mstm = mstc->mstm; - return &mstm->msto[head->base.index]->encoder; - } - return NULL; + + return &mstc->mstm->msto[head->base.index]->encoder; } static struct drm_encoder * nv50_mstc_best_encoder(struct drm_connector *connector) { struct nv50_mstc *mstc = nv50_mstc(connector); - if (mstc->port) { - struct nv50_mstm *mstm = mstc->mstm; - return &mstm->msto[0]->encoder; - } - return NULL; + + return &mstc->mstm->msto[0]->encoder; } static enum drm_mode_status -- 2.17.1

7 years, 1 month

1
0
0 0

[PATCH v6 1/5] drm/atomic_helper: Disallow new modesets on unregistered connectors

by Lyude Paul

With the exception of modesets which would switch the DPMS state of a connector from on to off, we want to make sure that we disallow all modesets which would result in enabling a new monitor or a new mode configuration on a monitor if the connector for the display in question is no longer registered. This allows us to stop userspace from trying to enable new displays on connectors for an MST topology that were just removed from the system, without preventing userspace from disabling DPMS on those connectors. Changes since v5: - Fix typo in comment, nothing else Signed-off-by: Lyude Paul <lyude(a)redhat.com> Reviewed-by: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/drm_atomic_helper.c | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/drm_atomic_helper.c b/drivers/gpu/drm/drm_atomic_helper.c index 6f66777dca4b..e6a2cf72de5e 100644 --- a/drivers/gpu/drm/drm_atomic_helper.c +++ b/drivers/gpu/drm/drm_atomic_helper.c @@ -319,6 +319,26 @@ update_connector_routing(struct drm_atomic_state *state, return 0; } + crtc_state = drm_atomic_get_new_crtc_state(state, + new_connector_state->crtc); + /* + * For compatibility with legacy users, we want to make sure that + * we allow DPMS On->Off modesets on unregistered connectors. Modesets + * which would result in anything else must be considered invalid, to + * avoid turning on new displays on dead connectors. + * + * Since the connector can be unregistered at any point during an + * atomic check or commit, this is racy. But that's OK: all we care + * about is ensuring that userspace can't do anything but shut off the + * display on a connector that was destroyed after its been notified, + * not before. + */ + if (!READ_ONCE(connector->registered) && crtc_state->active) { + DRM_DEBUG_ATOMIC("[CONNECTOR:%d:%s] is not registered\n", + connector->base.id, connector->name); + return -EINVAL; + } + funcs = connector->helper_private; if (funcs->atomic_best_encoder) @@ -363,7 +383,6 @@ update_connector_routing(struct drm_atomic_state *state, set_best_encoder(state, new_connector_state, new_encoder); - crtc_state = drm_atomic_get_new_crtc_state(state, new_connector_state->crtc); crtc_state->connectors_changed = true; DRM_DEBUG_ATOMIC("[CONNECTOR:%d:%s] using [ENCODER:%d:%s] on [CRTC:%d:%s]\n", -- 2.17.1

7 years, 1 month

1
0
0 0

[PATCH v5 5/5] drm/i915: Fix intel_dp_mst_best_encoder()

by Lyude Paul

Currently, i915 appears to rely on blocking modesets on no-longer-present MSTB ports by simply returning NULL for ->best_encoder(), which in turn causes any new atomic commits that don't disable the CRTC to fail. This is wrong however, since we still want to allow userspace to disable CRTCs on no-longer-present MSTB ports by changing the DPMS state to off and this still requires that we retrieve an encoder. So, fix this by always returning a valid encoder regardless of the state of the MST port. Changes since v1: - Remove mst atomic helper, since this got replaced with a much simpler solution Signed-off-by: Lyude Paul <lyude(a)redhat.com> Reviewed-by: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/i915/intel_dp_mst.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_dp_mst.c b/drivers/gpu/drm/i915/intel_dp_mst.c index 0f14c0d1669c..7f155b4f1a7d 100644 --- a/drivers/gpu/drm/i915/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/intel_dp_mst.c @@ -404,8 +404,6 @@ static struct drm_encoder *intel_mst_atomic_best_encoder(struct drm_connector *c struct intel_dp *intel_dp = intel_connector->mst_port; struct intel_crtc *crtc = to_intel_crtc(state->crtc); - if (!READ_ONCE(connector->registered)) - return NULL; return &intel_dp->mst_encoders[crtc->pipe]->base.base; } -- 2.17.1

7 years, 1 month

1
0
0 0

[PATCH v5 4/5] drm/i915: Skip vcpi allocation for MSTB ports that are gone

by Lyude Paul

Since we need to be able to allow DPMS on->off prop changes after an MST port has disappeared from the system, we need to be able to make sure we can compute a config for the resulting atomic commit. Currently this is impossible when the port has disappeared, since the VCPI slot searching we try to do in intel_dp_mst_compute_config() will fail with -EINVAL. Since the only commits we want to allow on no-longer-present MST ports are ones that shut off display hardware, we already know that no VCPI allocations are needed. So, hardcode the VCPI slot count to 0 when intel_dp_mst_compute_config() is called on an MST port that's gone. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Reviewed-by: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: stable(a)vger.kernel.org Changes since V4: - Don't use mst_port_gone at all, just check whether or not the drm connector is registered - Daniel Vetter Signed-off-by: Lyude Paul <lyude(a)redhat.com> --- drivers/gpu/drm/i915/intel_dp_mst.c | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_dp_mst.c b/drivers/gpu/drm/i915/intel_dp_mst.c index aa21742d8634..0f14c0d1669c 100644 --- a/drivers/gpu/drm/i915/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/intel_dp_mst.c @@ -38,11 +38,11 @@ static bool intel_dp_mst_compute_config(struct intel_encoder *encoder, struct intel_dp_mst_encoder *intel_mst = enc_to_mst(&encoder->base); struct intel_digital_port *intel_dig_port = intel_mst->primary; struct intel_dp *intel_dp = &intel_dig_port->dp; - struct intel_connector *connector = - to_intel_connector(conn_state->connector); + struct drm_connector *connector = conn_state->connector; + void *port = to_intel_connector(connector)->port; struct drm_atomic_state *state = pipe_config->base.state; int bpp; - int lane_count, slots; + int lane_count, slots = 0; const struct drm_display_mode *adjusted_mode = &pipe_config->base.adjusted_mode; int mst_pbn; bool constant_n = drm_dp_has_quirk(&intel_dp->desc, @@ -70,17 +70,23 @@ static bool intel_dp_mst_compute_config(struct intel_encoder *encoder, pipe_config->port_clock = intel_dp_max_link_rate(intel_dp); - if (drm_dp_mst_port_has_audio(&intel_dp->mst_mgr, connector->port)) + if (drm_dp_mst_port_has_audio(&intel_dp->mst_mgr, port)) pipe_config->has_audio = true; mst_pbn = drm_dp_calc_pbn_mode(adjusted_mode->crtc_clock, bpp); pipe_config->pbn = mst_pbn; - slots = drm_dp_atomic_find_vcpi_slots(state, &intel_dp->mst_mgr, - connector->port, mst_pbn); - if (slots < 0) { - DRM_DEBUG_KMS("failed finding vcpi slots:%d\n", slots); - return false; + /* Zombie connectors can't have VCPI slots */ + if (READ_ONCE(connector->registered)) { + slots = drm_dp_atomic_find_vcpi_slots(state, + &intel_dp->mst_mgr, + port, + mst_pbn); + if (slots < 0) { + DRM_DEBUG_KMS("failed finding vcpi slots:%d\n", + slots); + return false; + } } intel_link_compute_m_n(bpp, lane_count, -- 2.17.1

7 years, 1 month

1
0
0 0

[PATCH v5 3/5] drm/i915: Don't unset intel_connector->mst_port

by Lyude Paul

Currently we set intel_connector->mst_port to NULL to signify that the MST port has been removed from the system so that we can prevent further action on the port such as connector probes, mode probing, etc. However, we're going to need access to intel_connector->mst_port in order to fixup ->best_encoder() so that it can always return the correct encoder for an MST port to prevent legacy DPMS prop changes from failing. This should be safe, so instead keep intel_connector->mst_port always set and instead just check the status of drm_connector->regustered to signify whether or not the connector has disappeared from the system. Changes since v2: - Add a comment to mst_port_gone (Jani Nikula) - Change mst_port_gone to a u8 instead of a bool, per the kernel bot. Apparently bool is discouraged in structs these days Changes since v4: - Don't use mst_port_gone at all! Just check if the connector is registered or not - Daniel Vetter Signed-off-by: Lyude Paul <lyude(a)redhat.com> Reviewed-by: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/i915/intel_dp_mst.c | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_dp_mst.c b/drivers/gpu/drm/i915/intel_dp_mst.c index 43db2e9ac575..aa21742d8634 100644 --- a/drivers/gpu/drm/i915/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/intel_dp_mst.c @@ -307,9 +307,8 @@ static int intel_dp_mst_get_ddc_modes(struct drm_connector *connector) struct edid *edid; int ret; - if (!intel_dp) { + if (!READ_ONCE(connector->registered)) return intel_connector_update_modes(connector, NULL); - } edid = drm_dp_mst_get_edid(connector, &intel_dp->mst_mgr, intel_connector->port); ret = intel_connector_update_modes(connector, edid); @@ -324,9 +323,10 @@ intel_dp_mst_detect(struct drm_connector *connector, bool force) struct intel_connector *intel_connector = to_intel_connector(connector); struct intel_dp *intel_dp = intel_connector->mst_port; - if (!intel_dp) + if (!READ_ONCE(connector->registered)) return connector_status_disconnected; - return drm_dp_mst_detect_port(connector, &intel_dp->mst_mgr, intel_connector->port); + return drm_dp_mst_detect_port(connector, &intel_dp->mst_mgr, + intel_connector->port); } static void @@ -366,7 +366,7 @@ intel_dp_mst_mode_valid(struct drm_connector *connector, int bpp = 24; /* MST uses fixed bpp */ int max_rate, mode_rate, max_lanes, max_link_clock; - if (!intel_dp) + if (!READ_ONCE(connector->registered)) return MODE_ERROR; if (mode->flags & DRM_MODE_FLAG_DBLSCAN) @@ -398,7 +398,7 @@ static struct drm_encoder *intel_mst_atomic_best_encoder(struct drm_connector *c struct intel_dp *intel_dp = intel_connector->mst_port; struct intel_crtc *crtc = to_intel_crtc(state->crtc); - if (!intel_dp) + if (!READ_ONCE(connector->registered)) return NULL; return &intel_dp->mst_encoders[crtc->pipe]->base.base; } @@ -499,7 +499,6 @@ static void intel_dp_register_mst_connector(struct drm_connector *connector) static void intel_dp_destroy_mst_connector(struct drm_dp_mst_topology_mgr *mgr, struct drm_connector *connector) { - struct intel_connector *intel_connector = to_intel_connector(connector); struct drm_i915_private *dev_priv = to_i915(connector->dev); DRM_DEBUG_KMS("[CONNECTOR:%d:%s]\n", connector->base.id, connector->name); @@ -508,10 +507,6 @@ static void intel_dp_destroy_mst_connector(struct drm_dp_mst_topology_mgr *mgr, if (dev_priv->fbdev) drm_fb_helper_remove_one_connector(&dev_priv->fbdev->helper, connector); - /* prevent race with the check in ->detect */ - drm_modeset_lock(&connector->dev->mode_config.connection_mutex, NULL); - intel_connector->mst_port = NULL; - drm_modeset_unlock(&connector->dev->mode_config.connection_mutex); drm_connector_put(connector); } -- 2.17.1

7 years, 1 month

1
0
0 0

[PATCH v5 2/5] drm/nouveau: Fix nv50_mstc->best_encoder()

by Lyude Paul

As mentioned in the previous commit, we currently prevent new modesets on recently-removed MST connectors by returning no encoder from our ->best_encoder() callback once the MST port has disappeared. This is wrong however, because it prevents legacy modesetting users from being able to disable CRTCs on MST connectors after the connector's respective topology has disappeared. So, fix this by instead by just always returning a valid encoder. Changes since v2: - Remove usage of atomic MST helper for now, since that got replaced with a much simpler solution Signed-off-by: Lyude Paul <lyude(a)redhat.com> Reviewed-by: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/nouveau/dispnv50/disp.c | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/drivers/gpu/drm/nouveau/dispnv50/disp.c b/drivers/gpu/drm/nouveau/dispnv50/disp.c index 9f32b10c7c29..31b94bc9ec90 100644 --- a/drivers/gpu/drm/nouveau/dispnv50/disp.c +++ b/drivers/gpu/drm/nouveau/dispnv50/disp.c @@ -843,22 +843,16 @@ nv50_mstc_atomic_best_encoder(struct drm_connector *connector, { struct nv50_head *head = nv50_head(connector_state->crtc); struct nv50_mstc *mstc = nv50_mstc(connector); - if (mstc->port) { - struct nv50_mstm *mstm = mstc->mstm; - return &mstm->msto[head->base.index]->encoder; - } - return NULL; + + return &mstc->mstm->msto[head->base.index]->encoder; } static struct drm_encoder * nv50_mstc_best_encoder(struct drm_connector *connector) { struct nv50_mstc *mstc = nv50_mstc(connector); - if (mstc->port) { - struct nv50_mstm *mstm = mstc->mstm; - return &mstm->msto[0]->encoder; - } - return NULL; + + return &mstc->mstm->msto[0]->encoder; } static enum drm_mode_status -- 2.17.1

7 years, 1 month

1
0
0 0

[PATCH v5 1/5] drm/atomic_helper: Disallow new modesets on unregistered connectors

by Lyude Paul

With the exception of modesets which would switch the DPMS state of a connector from on to off, we want to make sure that we disallow all modesets which would result in enabling a new monitor or a new mode configuration on a monitor if the connector for the display in question is no longer registered. This allows us to stop userspace from trying to enable new displays on connectors for an MST topology that were just removed from the system, without preventing userspace from disabling DPMS on those connectors. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Reviewed-by: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/drm_atomic_helper.c | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/drm_atomic_helper.c b/drivers/gpu/drm/drm_atomic_helper.c index 6f66777dca4b..788749021ac9 100644 --- a/drivers/gpu/drm/drm_atomic_helper.c +++ b/drivers/gpu/drm/drm_atomic_helper.c @@ -319,6 +319,26 @@ update_connector_routing(struct drm_atomic_state *state, return 0; } + crtc_state = drm_atomic_get_new_crtc_state(state, + new_connector_state->crtc); + /* + * For compatibility with legacy users, we want to make sure that + * we allow DPMS On->Off modesets on unregistered connectors. Modesets + * which would result in anything else must be considered invalid, to + * avoid turning on new displays on dead connectors. + * + * Since the connector can be unregistered at any point during an + * atomic check or commit, this is racy. But that's OK: all we care + * about is ensuring that userspace can't do anything but shut off the + * display on a connector that was destroyed after it's been notified, + * not before. + */ + if (!READ_ONCE(connector->registered) && crtc_state->active) { + DRM_DEBUG_ATOMIC("[CONNECTOR:%d:%s] is not registered\n", + connector->base.id, connector->name); + return -EINVAL; + } + funcs = connector->helper_private; if (funcs->atomic_best_encoder) @@ -363,7 +383,6 @@ update_connector_routing(struct drm_atomic_state *state, set_best_encoder(state, new_connector_state, new_encoder); - crtc_state = drm_atomic_get_new_crtc_state(state, new_connector_state->crtc); crtc_state->connectors_changed = true; DRM_DEBUG_ATOMIC("[CONNECTOR:%d:%s] using [ENCODER:%d:%s] on [CRTC:%d:%s]\n", -- 2.17.1

7 years, 1 month

1
0
0 0

[PATCH] usbip: vhci_hcd: check port number before using

by Sudip Mukherjee

From: Sudip Mukherjee <sudipm.mukherjee(a)gmail.com> The port number is checked and it just prints an error message but it still continues to use the invalid port. And as a result it accesses memory which is not its resulting in BUG report from KASAN. Reported-by: syzbot+600b03e0cf1b73bb23c4(a)syzkaller.appspotmail.com Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Sudip Mukherjee <sudipm.mukherjee(a)gmail.com> --- drivers/usb/usbip/vhci_hcd.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/usb/usbip/vhci_hcd.c b/drivers/usb/usbip/vhci_hcd.c index d11f3f8dad40..71883aa788ac 100644 --- a/drivers/usb/usbip/vhci_hcd.c +++ b/drivers/usb/usbip/vhci_hcd.c @@ -334,8 +334,10 @@ static int vhci_hub_control(struct usb_hcd *hcd, u16 typeReq, u16 wValue, usbip_dbg_vhci_rh("typeReq %x wValue %x wIndex %x\n", typeReq, wValue, wIndex); - if (wIndex > VHCI_HC_PORTS) + if (wIndex > VHCI_HC_PORTS) { pr_err("invalid port number %d\n", wIndex); + return -ENODEV; + } rhport = wIndex - 1; vhci_hcd = hcd_to_vhci_hcd(hcd); -- 2.11.0

7 years, 1 month

2
3
0 0

[PATCH 4.18 000/228] 4.18.12-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.18.12 release. There are 228 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu Oct 4 13:24:08 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.18.12-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.18.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.18.12-rc1 Michael Bringmann <mwb(a)linux.vnet.ibm.com> powerpc/pseries: Fix unitialized timer reset on migration Thiago Jung Bauermann <bauerman(a)linux.ibm.com> powerpc/pkeys: Fix reading of ibm, processor-storage-keys property Christophe Leroy <christophe.leroy(a)c-s.fr> powerpc: fix csum_ipv6_magic() on little endian platforms Michael Neuling <mikey(a)neuling.org> KVM: PPC: Book3S HV: Fix guest r11 corruption with POWER9 TM workarounds Randy Dunlap <rdunlap(a)infradead.org> x86/pti: Fix section mismatch warning/error Akshu Agrawal <akshu.agrawal(a)amd.com> clk: x86: Set default parent to 48Mhz Mika Westerberg <mika.westerberg(a)linux.intel.com> i2c: i801: Allow ACPI AML access I/O ports not reserved for SMBus Marc Zyngier <marc.zyngier(a)arm.com> arm/arm64: smccc-1.1: Handle function result as parameters Marc Zyngier <marc.zyngier(a)arm.com> arm/arm64: smccc-1.1: Make return values unsigned long Emily Deng <Emily.Deng(a)amd.com> drm/amdgpu: Need to set moved to true when evict bo Tony Lindgren <tony(a)atomide.com> ARM: dts: omap4-droid4: Fix emmc errors seen on some devices James Smart <jsmart2021(a)gmail.com> nvme-fcloop: Fix dropped LS's to removed target port Linus Walleij <linus.walleij(a)linaro.org> ata: ftide010: Add a quirk for SQ201 Rex Zhu <Rex.Zhu(a)amd.com> drm/amdgpu: Update power state at the end of smu hw_init. Rex Zhu <Rex.Zhu(a)amd.com> drm/amdgpu: Enable/disable gfx PG feature in rlc safe mode Leonard Crestez <leonard.crestez(a)nxp.com> Revert "ARM: dts: imx7d: Invert legacy PCI irq mapping" Dan Carpenter <dan.carpenter(a)oracle.com> hwmon: (adt7475) Make adt7475_read_word() return errors Lothar Felten <lothar.felten(a)gmail.com> hwmon: (ina2xx) fix sysfs shunt resistor read access Srikanth Jampala <Jampala.Srikanth(a)cavium.com> crypto: cavium/nitrox - fix for command corruption in queue full case with backlog submissions. Ganesh Goudar <ganeshgr(a)chelsio.com> crypto: chtls - fix null dereference chtls_free_uld() Jacob Keller <jacob.e.keller(a)intel.com> i40e: fix condition of WARN_ONCE for stat strings Martyna Szapar <martyna.szapar(a)intel.com> i40e: Fix for Tx timeouts when interface is brought up if DCB is enabled Sebastian Basierski <sebastianx.basierski(a)intel.com> ixgbe: fix driver behaviour after issuing VFLR Bo Chen <chenbo(a)pdx.edu> e1000: ensure to free old tx/rx rings in set_ringparam() Bo Chen <chenbo(a)pdx.edu> e1000: check on netif_running() before calling e1000_up() Jesse Brandeburg <jesse.brandeburg(a)intel.com> ice: Fix potential return of uninitialized value Anirudh Venkataramanan <anirudh.venkataramanan(a)intel.com> ice: Fix a few null pointer dereference issues Quentin Monnet <quentin.monnet(a)netronome.com> tools: bpftool: return from do_event_pipe() on bad arguments Brett Creeley <brett.creeley(a)intel.com> ice: Set VLAN flags correctly Jacob Keller <jacob.e.keller(a)intel.com> ice: Use order_base_2 to calculate higher power of 2 Anirudh Venkataramanan <anirudh.venkataramanan(a)intel.com> ice: Fix bugs in control queue processing Preethi Banala <preethi.banala(a)intel.com> ice: Clean control queues only when they are initialized Jacob Keller <jacob.e.keller(a)intel.com> ice: Report stats for allocated queues via ethtool stats Anirudh Venkataramanan <anirudh.venkataramanan(a)intel.com> ice: Fix multiple static analyser warnings Huazhong Tan <tanhuazhong(a)huawei.com> net: hns3: fix page_offset overflow when CONFIG_ARM64_64K_PAGES Huazhong Tan <tanhuazhong(a)huawei.com> net: hns: fix skb->truesize underestimation Huazhong Tan <tanhuazhong(a)huawei.com> net: hns: fix length and page_offset overflow when CONFIG_ARM64_64K_PAGES Kevin Yang <yyd(a)google.com> tcp_bbr: in restart from idle, see if we should exit PROBE_RTT Kevin Yang <yyd(a)google.com> tcp_bbr: add bbr_check_probe_rtt_done() helper Samuel Mendoza-Jonas <sam(a)mendozajonas.com> net/ncsi: Fixup .dumpit message flags and ID check in Netlink handler Emily Deng <Emily.Deng(a)amd.com> amdgpu: fix multi-process hang issue Christian König <christian.koenig(a)amd.com> drm/amdgpu: fix preamble handling Christian König <christian.koenig(a)amd.com> drm/amdgpu: fix VM clearing for the root PD John Fastabend <john.fastabend(a)gmail.com> bpf: sockmap: write_space events need to be passed to TCP handler John Fastabend <john.fastabend(a)gmail.com> tls: possible hang when do_tcp_sendpages hits sndbuf is full case Daniel Borkmann <daniel(a)iogearbox.net> bpf, sockmap: fix sock hash count in alloc_sock_hash_elem Daniel Borkmann <daniel(a)iogearbox.net> bpf, sockmap: fix sock_hash_alloc and reject zero-sized keys Pavel Machek <pavel(a)ucw.cz> ARM: dts: omap4-droid4: fix vibrations on Droid 4 Tony Lindgren <tony(a)atomide.com> bus: ti-sysc: Fix no_console_suspend handling Ludovic Desroches <ludovic.desroches(a)microchip.com> mmc: android-goldfish: fix bad logic of sg_copy_{from,to}_buffer conversion Ludovic Desroches <ludovic.desroches(a)microchip.com> mmc: atmel-mci: fix bad logic of sg_copy_{from,to}_buffer conversion Eric Sandeen <sandeen(a)redhat.com> isofs: reject hardware sector size > 2048 bytes Anson Huang <Anson.Huang(a)nxp.com> thermal: of-thermal: disable passive polling when thermal zone is disabled Tomer Tayar <Tomer.Tayar(a)cavium.com> qed: Avoid sending mailbox commands when MFW is not responsive Tomer Tayar <Tomer.Tayar(a)cavium.com> qed: Prevent a possible deadlock during driver load and unload Tomer Tayar <Tomer.Tayar(a)cavium.com> qed: Wait for MCP halt and resume commands to take place Tomer Tayar <Tomer.Tayar(a)cavium.com> qed: Wait for ready indication before rereading the shmem Tony Lindgren <tony(a)atomide.com> bus: ti-sysc: Fix module register ioremap for larger offsets Tony Lindgren <tony(a)atomide.com> ARM: OMAP2+: Fix module address for modules using mpu_rt_idx Tony Lindgren <tony(a)atomide.com> ARM: OMAP2+: Fix null hwmod for ti-sysc debug Dave Martin <Dave.Martin(a)arm.com> arm64: KVM: Tighten guest core register access from userspace Steve Wise <swise(a)opengridcomputing.com> RDMA/uverbs: Atomically flush and mark closed the comp event queue Mika Westerberg <mika.westerberg(a)linux.intel.com> ACPI / hotplug / PCI: Don't scan for non-hotplug bridges if slot is not bridge Michael J. Ruhl <michael.j.ruhl(a)intel.com> IB/hfi1: Fix destroy_qp hang after a link down Michael J. Ruhl <michael.j.ruhl(a)intel.com> IB/hfi1: Fix context recovery when PBC has an UnsupportedVL Michael J. Ruhl <michael.j.ruhl(a)intel.com> IB/hfi1: Invalid user input can result in crash Ira Weiny <ira.weiny(a)intel.com> IB/hfi1: Fix SL array bounds check Bart Van Assche <bvanassche(a)acm.org> IB/srp: Avoid that sg_reset -d ${srp_device} triggers an infinite loop Aaron Ma <aaron.ma(a)canonical.com> Input: elantech - enable middle button of touchpad on ThinkPad P72 Matthew Wilcox <willy(a)infradead.org> filesystem-dax: Fix use of zero page Toshi Kani <toshi.kani(a)hpe.com> ext2, dax: set ext2_dax_aops for dax files Dave Jiang <dave.jiang(a)intel.com> uaccess: Fix is_source param for check_copy_size() in copy_to_iter_mcsafe() Alan Stern <stern(a)rowland.harvard.edu> USB: remove LPM management from usb_driver_claim_interface() Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> Revert "usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt()" Oliver Neukum <oneukum(a)suse.com> USB: usbdevfs: restore warning for nonsensical flags Oliver Neukum <oneukum(a)suse.com> USB: usbdevfs: sanitize flags more Bin Liu <b-liu(a)ti.com> usb: musb: dsps: do not disable CPPI41 irq in driver teardown Harry Pan <harry.pan(a)intel.com> usb: core: safely deal with the dynamic quirk lists Heikki Krogerus <heikki.krogerus(a)linux.intel.com> usb: roles: Take care of driver module reference counting Alan Stern <stern(a)rowland.harvard.edu> USB: handle NULL config in usb_find_alt_setting() Alan Stern <stern(a)rowland.harvard.edu> USB: fix error handling in usb_driver_claim_interface() Marek Szyprowski <m.szyprowski(a)samsung.com> regulator: Fix 'do-nothing' value for regulators without suspend state Yu Zhao <yuzhao(a)google.com> regulator: fix crash caused by null driver data Geert Uytterhoeven <geert+renesas(a)glider.be> spi: rspi: Fix interrupted DMA transfers Geert Uytterhoeven <geert+renesas(a)glider.be> spi: rspi: Fix invalid SPI use during system suspend Hiromitsu Yamasaki <hiromitsu.yamasaki.ym(a)renesas.com> spi: sh-msiof: Fix handling of write value for SISTR register Gaku Inami <gaku.inami.xw(a)bp.renesas.com> spi: sh-msiof: Fix invalid SPI use during system suspend Marcel Ziswiler <marcel.ziswiler(a)toradex.com> spi: tegra20-slink: explicitly enable/disable clock Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: Fix resource handling for ACPI glue layer Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: Fix device removal logic Christophe Leroy <christophe.leroy(a)c-s.fr> serial: cpm_uart: return immediately from console poll Jan Kiszka <jan.kiszka(a)siemens.com> serial: mvebu-uart: Fix reporting of effective CSIZE to userspace Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> serial: imx: restore handshaking irq for imx1 Stefan Agner <stefan(a)agner.ch> tty: serial: lpuart: avoid leaking struct tty_struct Feng Tang <feng.tang(a)intel.com> x86/mm: Expand static page table for fixmap space Damien Le Moal <damien.lemoal(a)wdc.com> block: fix deadline elevator drain for zoned block devices Andy Whitcroft <apw(a)canonical.com> floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl Dmitry Osipenko <digetx(a)gmail.com> gpio: tegra: Fix tegra_gpio_irq_set_type() Sandipan Das <sandipan(a)linux.ibm.com> perf tests: Fix indexing when invoking subtests Maxime Ripard <maxime.ripard(a)bootlin.com> drm/vc4: plane: Expand the lower bits by repeating the higher bits Kevin Hilman <khilman(a)baylibre.com> ARM: dts: dra7: fix DCAN node addresses Eric Anholt <eric(a)anholt.net> drm/vc4: Add missing formats to vc4_format_mod_supported(). William Breathitt Gray <vilhelm.gray(a)gmail.com> iio: 104-quad-8: Fix off-by-one error in register selection Oleksandr Andrushchenko <oleksandr_andrushchenko(a)epam.com> Input: xen-kbdfront - fix multi-touch XenStore node's locations Colin Ian King <colin.king(a)canonical.com> ath10k: fix memory leak of tpc_stats Konstantin Khorenko <khorenko(a)virtuozzo.com> fs/lock: skip lock owner pid translation in case we are in init_pid_ns Brian Norris <briannorris(a)chromium.org> ath10k: snoc: use correct bus-specific pointer in RX retry YueHaibing <yuehaibing(a)huawei.com> ath10k: fix incorrect size of dma_free_coherent in ath10k_ce_alloc_src_ring_64 Hugo Lefeuvre <hle(a)owl.eu.com> staging: pi433: fix race condition in pi433_ioctl Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> EDAC, altera: Fix an error handling path in altr_s10_sdram_probe() Johan Hovold <johan(a)kernel.org> EDAC: Fix memleak in module init error path J. Bruce Fields <bfields(a)redhat.com> nfsd: fix corrupted reply to badly ordered compound Nadav Amit <namit(a)vmware.com> gpio: Fix wrong rounding in gpio-menz127 Jessica Yu <jeyu(a)kernel.org> module: exclude SHN_UNDEF symbols from kallsyms api Liam Girdwood <liam.r.girdwood(a)linux.intel.com> ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs Johan Hovold <johan(a)kernel.org> EDAC, i7core: Fix memleaks and use-after-free on probe and remove Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: rsnd: SSI parent cares SWSP bit Geert Uytterhoeven <geert(a)linux-m68k.org> ASoC: rt1305: Use ULL suffixes for 64-bit constants Hans de Goede <hdegoede(a)redhat.com> ASoC: Intel: bytcr_rt5640: Fix Acer Iconia 8 over-current detect threshold Shivasharan S <shivasharan.srikanteshwara(a)broadcom.com> scsi: megaraid_sas: Update controller info during resume Jan Kundrát <jan.kundrat(a)cesnet.cz> spi: orion: fix CS GPIO handling again Xiaofei Tan <tanxiaofei(a)huawei.com> scsi: hisi_sas: Fix the conflict between dev gone and host reset Andreas Gruenbacher <agruenba(a)redhat.com> iomap: complete partial direct I/O writes synchronously Zhouyang Jia <jiazhouyang09(a)gmail.com> scsi: bnx2i: add error handling for ioremap_nocache Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel/lbr: Fix incomplete LBR call stack Eric Anholt <eric(a)anholt.net> drm/v3d: Take a lock across GPU scheduler job creation and queuing. Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> arm64: dts: renesas: Fix VSPD registers range Masahiro Yamada <yamada.masahiro(a)socionext.com> MIPS: boot: fix build rule of vmlinux.its.S Stephen Boyd <swboyd(a)chromium.org> HID: i2c-hid: Use devm to allocate i2c_hid struct Zhouyang Jia <jiazhouyang09(a)gmail.com> HID: hid-ntrig: add error handling for sysfs_create_group Viresh Kumar <viresh.kumar(a)linaro.org> arm: dts: mediatek: Add missing cooling device properties for CPUs Frederic Weisbecker <frederic(a)kernel.org> perf/hw_breakpoint: Split attribute parse and commit Randy Dunlap <rdunlap(a)infradead.org> Documentation/process: fix reST table border error Leon Romanovsky <leon(a)kernel.org> RDMA/uverbs: Don't overwrite NULL pointer with ZERO_SIZE_PTR Ethan Tuttle <ethan(a)ethantuttle.com> ARM: mvebu: declare asm symbols as character arrays in pmsu.c Daniel Vetter <daniel.vetter(a)ffwll.ch> drm/omap: gem: Fix mm_list locking Tony Lindgren <tony(a)atomide.com> wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout() Johannes Berg <johannes(a)sipsolutions.net> bitfield: fix *_encode_bits() Stefan Agner <stefan(a)agner.ch> brcmsmac: fix wrap around in conversion from constant to s16 Dan Carpenter <dan.carpenter(a)oracle.com> rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication() Lorenzo Bianconi <lorenzo.bianconi(a)redhat.com> mt76x2: fix mrr idx/count estimation in mt76x2_mac_fill_tx_status() Niklas Cassel <niklas.cassel(a)linaro.org> ath10k: transmit queued frames after processing rx packets Jernej Skrabec <jernej.skrabec(a)siol.net> drm/sun4i: Fix releasing node when enumerating enpoints Brandon Maier <brandon.maier(a)rockwellcollins.com> net: phy: xgmiitorgmii: Check phy_driver ready before accessing Jernej Skrabec <jernej.skrabec(a)siol.net> drm/sun4i: Enable DW HDMI PHY clock Ben Greear <greearb(a)candelatech.com> ath10k: protect ath10k_htt_rx_ring_free with rx_ring.lock Brandon Maier <brandon.maier(a)rockwellcollins.com> net: phy: xgmiitorgmii: Check read_status results Kai-Heng Feng <kai.heng.feng(a)canonical.com> ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge Dan Carpenter <dan.carpenter(a)oracle.com> ASoC: qdsp6: qdafe: fix some off by one bugs Zhouyang Jia <jiazhouyang09(a)gmail.com> media: tm6000: add error handling for dvb_register_adapter Rosen Penev <rosenp(a)gmail.com> staging: mt7621-dts: Fix remaining pcie warnings Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> serial: pxa: Fix an error handling path in 'serial_pxa_probe()' Geert Uytterhoeven <geert+renesas(a)glider.be> arm64: dts: renesas: salvator-common: Fix adv7482 decimal unit addresses Zhouyang Jia <jiazhouyang09(a)gmail.com> drivers/tty: add error handling for pcmcia_loop_config Kamal Heib <kamalheib1(a)gmail.com> staging: mt7621-eth: Fix memory leak in mtk_add_mac() error path Akinobu Mita <akinobu.mita(a)gmail.com> media: ov772x: allow i2c controllers without I2C_FUNC_PROTOCOL_MANGLING Alistair Strachan <astrachan(a)google.com> staging: android: ashmem: Fix mmap size validation Akinobu Mita <akinobu.mita(a)gmail.com> media: ov772x: add checks for register read errors Javier Martinez Canillas <javierm(a)redhat.com> media: omap3isp: zero-initialize the isp cam_xclk{a,b} initial data Akinobu Mita <akinobu.mita(a)gmail.com> media: soc_camera: ov772x: correct setting of banding filter Akinobu Mita <akinobu.mita(a)gmail.com> media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power Bob Copeland <me(a)bobcopeland.com> ath10k: use locked skb_dequeue for rx completions Petr Machata <petrm(a)mellanox.com> selftests: forwarding: Tweak tc filters for mirror-to-gretap tests Nicholas Mc Guire <hofrat(a)osadl.org> ALSA: snd-aoa: add of_node_put() in error path Thomas Gleixner <tglx(a)linutronix.de> posix-timers: Sanitize overrun handling Thomas Gleixner <tglx(a)linutronix.de> posix-timers: Make forward callback return s64 Akinobu Mita <akinobu.mita(a)gmail.com> iio: accel: adxl345: convert address field usage in iio_chan_spec Peter Rosin <peda(a)axentia.se> mtd: rawnand: atmel: add module param to avoid using dma Vasily Gorbik <gor(a)linux.ibm.com> s390/extmem: fix gcc 8 stringop-overflow warning Vasily Gorbik <gor(a)linux.ibm.com> s390/scm_blk: correct numa_node in scm_blk_dev_setup Vasily Gorbik <gor(a)linux.ibm.com> s390/dasd: correct numa_node in dasd_alloc_queue Thomas Gleixner <tglx(a)linutronix.de> alarmtimer: Prevent overflow for relative nanosleep Heiko Carstens <heiko.carstens(a)de.ibm.com> s390/sysinfo: add missing #ifdef CONFIG_PROC_FS Ravi Chandra Sadineni <ravisadineni(a)chromium.org> ACPI / button: increment wakeup count only when notified João Paulo Rechi Vita <jprvita(a)endlessm.com> platform/x86: asus-wireless: Fix uninitialized symbol usage Alexey Kardashevskiy <aik(a)ozlabs.ru> powerpc/powernv/ioda2: Reduce upper limit for DMA window size Alagu Sankar <alagusankar(a)silex-india.com> ath10k: sdio: set skb len for all rx packets Alagu Sankar <alagusankar(a)silex-india.com> ath10k: sdio: use same endpoint id for all packets in a bundle Julia Lawall <Julia.Lawall(a)lip6.fr> usb: wusbcore: security: cast sizeof to int for comparison Bart Van Assche <bart.vanassche(a)wdc.com> scsi: target: Avoid that EXTENDED COPY commands trigger lock inversion Breno Leitao <leitao(a)debian.org> scsi: ibmvscsi: Improve strings handling Bart Van Assche <bart.vanassche(a)wdc.com> scsi: klist: Make it safe to use klists in atomic context Jean-Christophe Dubois <jcd(a)tribudubois.net> thermal: i.MX: Allow thermal probe to fail gracefully in case of bad calibration. Bart Van Assche <bart.vanassche(a)wdc.com> scsi: target/iscsi: Make iscsit_ta_authentication() respect the output buffer size Viresh Kumar <viresh.kumar(a)linaro.org> ARM: dts: ls1021a: Add missing cooling device properties for CPUs Jan Beulich <JBeulich(a)suse.com> x86/entry/64: Add two more instruction suffixes Dave Gerlach <d-gerlach(a)ti.com> ARM: hwmod: RTC: Don't assume lock/unlock will be called with irq enabled Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> x86/tsc: Add missing header to tsc_msr.c Bart Van Assche <bart.vanassche(a)wdc.com> include/rdma/opa_addr.h: Fix an endianness issue Maor Gottlieb <maorg(a)mellanox.com> IB/mlx5: Fix GRE flow specification Peter Seiderer <ps.report(a)gmx.net> media: staging/imx: fill vb2_v4l2_buffer field entry Toshiaki Makita <makita.toshiaki(a)lab.ntt.co.jp> vhost_net: Avoid tx vring kicks during busyloop Alexey Khoroshilov <khoroshilov(a)ispras.ru> media: fsl-viu: fix error handling in viu_of_probe() Hari Bathini <hbathini(a)linux.ibm.com> powerpc/kdump: Handle crashkernel memory reservation failure Tarick Bedeir <tarick(a)google.com> IB/mlx4: Test port number before querying type. Sylwester Nawrocki <s.nawrocki(a)samsung.com> media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt() Dan Carpenter <dan.carpenter(a)oracle.com> IB/core: type promotion bug in rdma_rw_init_one_mr() Dan Carpenter <dan.carpenter(a)oracle.com> RDMA/bnxt_re: Fix a bunch of off by one bugs in qplib_fp.c Leon Romanovsky <leon(a)kernel.org> RDMA/i40w: Hold read semaphore while looking after VMA Dan Carpenter <dan.carpenter(a)oracle.com> RDMA/bnxt_re: Fix a couple off by one bugs Ganesh Goudar <ganeshgr(a)chelsio.com> cxgb4: Fix the condition to check if the card is T5 Guoqing Jiang <gqjiang(a)suse.com> md-cluster: clear another node's suspend_area after the copy is finished Wesley Chalmers <Wesley.Chalmers(a)amd.com> drm/amd/display: fix use of uninitialized memory Gustavo A. R. Silva <gustavo(a)embeddedor.com> drm/amd/display/dc/dce: Fix multiple potential integer overflows Benjamin Tissoires <benjamin.tissoires(a)redhat.com> power: remove possible deadlock when unregistering power_supply Vasily Gorbik <gor(a)linux.ibm.com> s390/mm: correct allocate_pgste proc_handler callback Niklas Cassel <niklas.cassel(a)linaro.org> iommu/msm: Don't call iommu_device_{,un}link from atomic context Michael Scott <michael(a)opensourcefoundries.com> 6lowpan: iphc: reset mac_header after decompress to fix panic Johan Hovold <johan(a)kernel.org> USB: serial: kobil_sct: fix modem-status error handling Jian-Hong Pan <jian-hong(a)endlessm.com> Bluetooth: Add a new Realtek 8723DE ID 0bda:b009 Zhen Lei <thunder.leizhen(a)huawei.com> iommu/amd: make sure TLB to be flushed before IOVA freed Sudeep Holla <sudeep.holla(a)arm.com> power: vexpress: fix corruption in notifier registration Anton Vasilyev <vasilyev(a)ispras.ru> uwb: hwa-rc: fix memory leak at probe Geert Uytterhoeven <geert+renesas(a)glider.be> serial: sh-sci: Stop RX FIFO timer during port shutdown Johan Hovold <johan(a)kernel.org> misc: sram: enable clock before registering regions Hans de Goede <hdegoede(a)redhat.com> power: supply: axp288_charger: Fix initial constant_charge_current value Colin Ian King <colin.king(a)canonical.com> staging: rts5208: fix missing error check on call to rtsx_write_register Dan Williams <dan.j.williams(a)intel.com> x86/numa_emulation: Fix emulated-to-physical node mapping Yunsheng Lin <linyunsheng(a)huawei.com> net: hns3: Fix get_vector ops in hclgevf_main module Yunsheng Lin <linyunsheng(a)huawei.com> net: hns3: Fix warning bug when doing lp selftest Yunsheng Lin <linyunsheng(a)huawei.com> net: hns3: Fix for mac pause not disable in pfc mode Fuyun Liang <liangfuyun1(a)huawei.com> net: hns3: Fix for mailbox message truncated problem Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> siox: don't create a thread without starting it Dan Carpenter <dan.carpenter(a)oracle.com> vmci: type promotion bug in qp_host_get_user_memory() Wei Yongjun <weiyongjun1(a)huawei.com> misc: ibmvmc: Use GFP_ATOMIC under spin lock Matt Ranostay <matt.ranostay(a)konsulko.com> tsl2550: fix lux1_input error in low light Akinobu Mita <akinobu.mita(a)gmail.com> iio: adc: ina2xx: avoid kthread_stop() with stale task_struct Stafford Horne <shorne(a)gmail.com> crypto: skcipher - Fix -Wstringop-truncation warnings ------------- Diffstat: Documentation/hwmon/ina2xx | 2 +- Documentation/process/2.Process.rst | 2 +- Makefile | 4 +- arch/arm/boot/dts/dra7.dtsi | 4 +- arch/arm/boot/dts/imx7d.dtsi | 12 +- arch/arm/boot/dts/ls1021a.dtsi | 1 + arch/arm/boot/dts/mt7623.dtsi | 3 + arch/arm/boot/dts/omap4-droid4-xt894.dts | 20 +-- arch/arm/mach-mvebu/pmsu.c | 6 +- arch/arm/mach-omap2/omap_hwmod.c | 39 ++++- arch/arm/mach-omap2/omap_hwmod_reset.c | 12 +- arch/arm64/boot/dts/renesas/r8a7795-es1.dtsi | 2 +- arch/arm64/boot/dts/renesas/r8a7795.dtsi | 6 +- arch/arm64/boot/dts/renesas/r8a7796.dtsi | 6 +- arch/arm64/boot/dts/renesas/r8a77965.dtsi | 4 +- arch/arm64/boot/dts/renesas/r8a77970.dtsi | 2 +- arch/arm64/boot/dts/renesas/r8a77995.dtsi | 4 +- arch/arm64/boot/dts/renesas/salvator-common.dtsi | 4 +- arch/arm64/kvm/guest.c | 45 +++++ arch/mips/boot/Makefile | 6 +- arch/powerpc/kernel/exceptions-64s.S | 4 +- arch/powerpc/kernel/machine_kexec.c | 7 +- arch/powerpc/lib/checksum_64.S | 3 + arch/powerpc/mm/numa.c | 3 +- arch/powerpc/mm/pkeys.c | 2 +- arch/powerpc/platforms/powernv/pci-ioda.c | 2 +- arch/s390/kernel/sysinfo.c | 4 + arch/s390/mm/extmem.c | 4 +- arch/s390/mm/pgalloc.c | 2 +- arch/x86/entry/entry_64.S | 4 +- arch/x86/events/intel/lbr.c | 32 +++- arch/x86/events/perf_event.h | 1 + arch/x86/include/asm/fixmap.h | 10 ++ arch/x86/include/asm/pgtable_64.h | 3 +- arch/x86/kernel/head64.c | 4 +- arch/x86/kernel/head_64.S | 16 +- arch/x86/kernel/tsc_msr.c | 1 + arch/x86/mm/numa_emulation.c | 2 +- arch/x86/mm/pgtable.c | 9 + arch/x86/mm/pti.c | 2 +- arch/x86/xen/mmu_pv.c | 8 +- block/elevator.c | 2 +- crypto/ablkcipher.c | 2 + crypto/blkcipher.c | 1 + drivers/acpi/button.c | 13 +- drivers/ata/pata_ftide010.c | 27 +-- drivers/block/floppy.c | 3 + drivers/bluetooth/btusb.c | 1 + drivers/bus/ti-sysc.c | 37 ++-- drivers/clk/x86/clk-st.c | 2 +- drivers/crypto/cavium/nitrox/nitrox_dev.h | 3 +- drivers/crypto/cavium/nitrox/nitrox_lib.c | 1 + drivers/crypto/cavium/nitrox/nitrox_reqmgr.c | 57 ++++--- drivers/crypto/chelsio/chtls/chtls.h | 5 + drivers/crypto/chelsio/chtls/chtls_main.c | 7 +- drivers/edac/altera_edac.c | 3 +- drivers/edac/edac_mc_sysfs.c | 6 +- drivers/edac/i7core_edac.c | 22 ++- drivers/gpio/gpio-menz127.c | 4 +- drivers/gpio/gpio-tegra.c | 15 +- drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 16 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ib.c | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 3 +- drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c | 11 +- drivers/gpu/drm/amd/amdgpu/kv_dpm.c | 4 +- drivers/gpu/drm/amd/amdgpu/si_dpm.c | 3 +- .../gpu/drm/amd/display/dc/dce/dce_clock_source.c | 10 +- .../amd/display/dc/dml/dml1_display_rq_dlg_calc.c | 2 + drivers/gpu/drm/omapdrm/omap_debugfs.c | 2 + drivers/gpu/drm/omapdrm/omap_drv.c | 2 +- drivers/gpu/drm/omapdrm/omap_drv.h | 2 +- drivers/gpu/drm/omapdrm/omap_gem.c | 15 +- drivers/gpu/drm/sun4i/sun4i_drv.c | 3 +- drivers/gpu/drm/sun4i/sun8i_hdmi_phy.c | 7 +- drivers/gpu/drm/v3d/v3d_drv.h | 5 + drivers/gpu/drm/v3d/v3d_gem.c | 4 + drivers/gpu/drm/vc4/vc4_plane.c | 3 + drivers/hid/hid-ntrig.c | 2 + drivers/hid/i2c-hid/i2c-hid.c | 9 +- drivers/hwmon/adt7475.c | 14 +- drivers/hwmon/ina2xx.c | 13 +- drivers/hwtracing/intel_th/core.c | 16 +- drivers/i2c/busses/i2c-i801.c | 9 +- drivers/iio/accel/adxl345_core.c | 21 ++- drivers/iio/adc/ina2xx-adc.c | 17 +- drivers/iio/counter/104-quad-8.c | 2 +- drivers/infiniband/core/rw.c | 2 +- drivers/infiniband/core/uverbs_cmd.c | 5 +- drivers/infiniband/core/uverbs_main.c | 1 + drivers/infiniband/hw/bnxt_re/qplib_fp.c | 12 +- drivers/infiniband/hw/bnxt_re/qplib_sp.c | 4 +- drivers/infiniband/hw/hfi1/chip.c | 6 +- drivers/infiniband/hw/hfi1/pio.c | 51 ++++-- drivers/infiniband/hw/hfi1/pio.h | 2 + drivers/infiniband/hw/hfi1/user_sdma.c | 2 +- drivers/infiniband/hw/hfi1/verbs.c | 8 +- drivers/infiniband/hw/i40iw/i40iw_verbs.c | 2 + drivers/infiniband/hw/mlx4/qp.c | 2 +- drivers/infiniband/hw/mlx5/main.c | 2 +- drivers/infiniband/ulp/srp/ib_srp.c | 6 +- drivers/input/misc/xen-kbdfront.c | 8 +- drivers/input/mouse/elantech.c | 2 + drivers/iommu/amd_iommu.c | 2 +- drivers/iommu/msm_iommu.c | 16 +- drivers/md/md-cluster.c | 19 ++- drivers/media/i2c/ov772x.c | 40 +++-- drivers/media/i2c/soc_camera/ov772x.c | 2 +- drivers/media/platform/exynos4-is/fimc-isp-video.c | 11 +- drivers/media/platform/fsl-viu.c | 38 +++-- drivers/media/platform/omap3isp/isp.c | 2 +- drivers/media/platform/s3c-camif/camif-capture.c | 2 + drivers/media/usb/tm6000/tm6000-dvb.c | 5 + drivers/misc/ibmvmc.c | 2 +- drivers/misc/sram.c | 13 +- drivers/misc/tsl2550.c | 2 +- drivers/misc/vmw_vmci/vmci_queue_pair.c | 4 +- drivers/mmc/host/android-goldfish.c | 4 +- drivers/mmc/host/atmel-mci.c | 12 +- drivers/mtd/nand/raw/atmel/nand-controller.c | 7 +- drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 2 +- drivers/net/ethernet/hisilicon/hns/hnae.h | 6 +- drivers/net/ethernet/hisilicon/hns/hns_enet.c | 2 +- drivers/net/ethernet/hisilicon/hns3/hns3_enet.h | 6 +- drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c | 2 + .../net/ethernet/hisilicon/hns3/hns3pf/hclge_tm.c | 9 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 11 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_mbx.c | 3 +- drivers/net/ethernet/intel/e1000/e1000_ethtool.c | 7 +- drivers/net/ethernet/intel/i40e/i40e_ethtool.c | 2 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 15 +- drivers/net/ethernet/intel/ice/ice.h | 7 + drivers/net/ethernet/intel/ice/ice_adminq_cmd.h | 25 +-- drivers/net/ethernet/intel/ice/ice_common.c | 27 +-- drivers/net/ethernet/intel/ice/ice_controlq.c | 29 +++- drivers/net/ethernet/intel/ice/ice_ethtool.c | 52 ++++-- drivers/net/ethernet/intel/ice/ice_main.c | 98 ++++++----- drivers/net/ethernet/intel/ice/ice_switch.c | 4 +- drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 26 +++ drivers/net/ethernet/intel/ixgbe/ixgbe_type.h | 1 + drivers/net/ethernet/qlogic/qed/qed_mcp.c | 187 +++++++++++++++++---- drivers/net/ethernet/qlogic/qed/qed_mcp.h | 27 ++- drivers/net/ethernet/qlogic/qed/qed_reg_addr.h | 2 + drivers/net/phy/xilinx_gmii2rgmii.c | 10 +- drivers/net/wireless/ath/ath10k/ce.c | 2 +- drivers/net/wireless/ath/ath10k/htt_rx.c | 13 +- drivers/net/wireless/ath/ath10k/mac.c | 1 + drivers/net/wireless/ath/ath10k/sdio.c | 9 +- drivers/net/wireless/ath/ath10k/snoc.c | 2 +- drivers/net/wireless/ath/ath10k/wmi.c | 8 +- .../broadcom/brcm80211/brcmsmac/phy/phy_qmath.c | 2 +- drivers/net/wireless/mediatek/mt76/mt76x2_mac.c | 6 +- drivers/net/wireless/rndis_wlan.c | 2 + drivers/net/wireless/ti/wlcore/cmd.c | 6 + drivers/nvme/target/fcloop.c | 3 +- drivers/pci/hotplug/acpiphp_glue.c | 11 +- drivers/platform/x86/asus-wireless.c | 23 +-- drivers/power/reset/vexpress-poweroff.c | 12 +- drivers/power/supply/axp288_charger.c | 2 +- drivers/power/supply/power_supply_core.c | 11 +- drivers/regulator/core.c | 4 +- drivers/regulator/of_regulator.c | 2 - drivers/s390/block/dasd.c | 1 + drivers/s390/block/scm_blk.c | 1 + drivers/scsi/bnx2i/bnx2i_hwi.c | 2 + drivers/scsi/hisi_sas/hisi_sas.h | 1 + drivers/scsi/hisi_sas/hisi_sas_main.c | 6 + drivers/scsi/ibmvscsi/ibmvscsi.c | 4 +- drivers/scsi/megaraid/megaraid_sas_base.c | 3 + drivers/siox/siox-core.c | 10 +- drivers/spi/spi-orion.c | 77 +++++---- drivers/spi/spi-rspi.c | 34 +++- drivers/spi/spi-sh-msiof.c | 28 ++- drivers/spi/spi-tegra20-slink.c | 31 +++- drivers/staging/android/ashmem.c | 6 + drivers/staging/media/imx/imx-ic-prpencvf.c | 1 + drivers/staging/media/imx/imx-media-csi.c | 1 + drivers/staging/mt7621-dts/gbpc1.dts | 2 + drivers/staging/mt7621-dts/mt7621.dtsi | 21 +-- drivers/staging/mt7621-eth/mtk_eth_soc.c | 13 +- drivers/staging/pi433/pi433_if.c | 7 +- drivers/staging/rts5208/sd.c | 2 +- drivers/target/iscsi/iscsi_target_tpg.c | 3 +- drivers/target/target_core_device.c | 22 ++- drivers/thermal/imx_thermal.c | 5 +- drivers/thermal/of-thermal.c | 7 +- drivers/tty/serial/8250/serial_cs.c | 6 +- drivers/tty/serial/cpm_uart/cpm_uart_core.c | 10 +- drivers/tty/serial/fsl_lpuart.c | 3 +- drivers/tty/serial/imx.c | 8 + drivers/tty/serial/mvebu-uart.c | 1 + drivers/tty/serial/pxa.c | 3 +- drivers/tty/serial/sh-sci.c | 2 + drivers/usb/class/cdc-wdm.c | 2 +- drivers/usb/common/roles.c | 15 +- drivers/usb/core/devio.c | 24 ++- drivers/usb/core/driver.c | 28 +-- drivers/usb/core/quirks.c | 3 +- drivers/usb/core/usb.c | 2 + drivers/usb/musb/musb_dsps.c | 12 +- drivers/usb/serial/kobil_sct.c | 12 +- drivers/usb/wusbcore/security.c | 2 +- drivers/uwb/hwa-rc.c | 1 + drivers/vhost/net.c | 35 ++-- fs/dax.c | 13 +- fs/ext2/inode.c | 2 +- fs/iomap.c | 21 +-- fs/isofs/inode.c | 7 + fs/locks.c | 7 + fs/nfsd/nfs4proc.c | 1 + include/linux/arm-smccc.h | 38 +++-- include/linux/bitfield.h | 6 +- include/linux/platform_data/ina2xx.h | 2 +- include/linux/posix-timers.h | 4 +- include/linux/power_supply.h | 1 + include/linux/regulator/machine.h | 6 +- include/linux/uio.h | 2 +- include/rdma/opa_addr.h | 2 +- kernel/bpf/sockmap.c | 11 +- kernel/events/hw_breakpoint.c | 57 +++++-- kernel/module.c | 6 +- kernel/time/alarmtimer.c | 7 +- kernel/time/posix-cpu-timers.c | 2 +- kernel/time/posix-timers.c | 33 ++-- kernel/time/posix-timers.h | 2 +- lib/klist.c | 10 +- net/6lowpan/iphc.c | 1 + net/ipv4/tcp_bbr.c | 38 +++-- net/ncsi/ncsi-netlink.c | 4 +- net/tls/tls_main.c | 9 +- sound/aoa/core/gpio-feature.c | 4 +- sound/pci/hda/hda_intel.c | 3 +- sound/soc/codecs/rt1305.c | 4 +- sound/soc/intel/boards/bytcr_rt5640.c | 2 +- sound/soc/qcom/qdsp6/q6afe.c | 6 +- sound/soc/sh/rcar/ssi.c | 32 ++-- sound/soc/soc-dapm.c | 7 + tools/bpf/bpftool/map_perf_ring.c | 5 +- tools/perf/tests/builtin-test.c | 2 +- .../net/forwarding/mirror_gre_bridge_1d_vlan.sh | 6 +- .../selftests/net/forwarding/mirror_gre_lib.sh | 2 +- .../net/forwarding/mirror_gre_vlan_bridge_1q.sh | 6 +- 241 files changed, 1730 insertions(+), 789 deletions(-)

7 years, 1 month

6
242
0 0

FAILED: patch "[PATCH] crypto: chelsio - Fix memory corruption in DMA Mapped" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From add92a817e60e308a419693413a38d9d1e663aff Mon Sep 17 00:00:00 2001 From: Harsh Jain <harsh(a)chelsio.com> Date: Wed, 19 Sep 2018 22:42:16 +0530 Subject: [PATCH] crypto: chelsio - Fix memory corruption in DMA Mapped buffers. Update PCI Id in "cpl_rx_phys_dsgl" header. In case pci_chan_id and tx_chan_id are not derived from same queue, H/W can send request completion indication before completing DMA Transfer. Herbert, It would be good if fix can be merge to stable tree. For 4.14 kernel, It requires some update to avoid mege conficts. Cc: <stable(a)vger.kernel.org> Signed-off-by: Harsh Jain <harsh(a)chelsio.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/drivers/crypto/chelsio/chcr_algo.c b/drivers/crypto/chelsio/chcr_algo.c index 5c539af8ed60..010bbf607797 100644 --- a/drivers/crypto/chelsio/chcr_algo.c +++ b/drivers/crypto/chelsio/chcr_algo.c @@ -367,7 +367,8 @@ static inline void dsgl_walk_init(struct dsgl_walk *walk, walk->to = (struct phys_sge_pairs *)(dsgl + 1); } -static inline void dsgl_walk_end(struct dsgl_walk *walk, unsigned short qid) +static inline void dsgl_walk_end(struct dsgl_walk *walk, unsigned short qid, + int pci_chan_id) { struct cpl_rx_phys_dsgl *phys_cpl; @@ -385,6 +386,7 @@ static inline void dsgl_walk_end(struct dsgl_walk *walk, unsigned short qid) phys_cpl->rss_hdr_int.opcode = CPL_RX_PHYS_ADDR; phys_cpl->rss_hdr_int.qid = htons(qid); phys_cpl->rss_hdr_int.hash_val = 0; + phys_cpl->rss_hdr_int.channel = pci_chan_id; } static inline void dsgl_walk_add_page(struct dsgl_walk *walk, @@ -718,7 +720,7 @@ static inline void create_wreq(struct chcr_context *ctx, FILL_WR_RX_Q_ID(ctx->dev->rx_channel_id, qid, !!lcb, ctx->tx_qidx); - chcr_req->ulptx.cmd_dest = FILL_ULPTX_CMD_DEST(ctx->dev->tx_channel_id, + chcr_req->ulptx.cmd_dest = FILL_ULPTX_CMD_DEST(ctx->tx_chan_id, qid); chcr_req->ulptx.len = htonl((DIV_ROUND_UP(len16, 16) - ((sizeof(chcr_req->wreq)) >> 4))); @@ -1339,16 +1341,23 @@ static int chcr_device_init(struct chcr_context *ctx) adap->vres.ncrypto_fc); rxq_perchan = u_ctx->lldi.nrxq / u_ctx->lldi.nchan; txq_perchan = ntxq / u_ctx->lldi.nchan; - rxq_idx = ctx->dev->tx_channel_id * rxq_perchan; - rxq_idx += id % rxq_perchan; - txq_idx = ctx->dev->tx_channel_id * txq_perchan; - txq_idx += id % txq_perchan; spin_lock(&ctx->dev->lock_chcr_dev); - ctx->rx_qidx = rxq_idx; - ctx->tx_qidx = txq_idx; + ctx->tx_chan_id = ctx->dev->tx_channel_id; ctx->dev->tx_channel_id = !ctx->dev->tx_channel_id; ctx->dev->rx_channel_id = 0; spin_unlock(&ctx->dev->lock_chcr_dev); + rxq_idx = ctx->tx_chan_id * rxq_perchan; + rxq_idx += id % rxq_perchan; + txq_idx = ctx->tx_chan_id * txq_perchan; + txq_idx += id % txq_perchan; + ctx->rx_qidx = rxq_idx; + ctx->tx_qidx = txq_idx; + /* Channel Id used by SGE to forward packet to Host. + * Same value should be used in cpl_fw6_pld RSS_CH field + * by FW. Driver programs PCI channel ID to be used in fw + * at the time of queue allocation with value "pi->tx_chan" + */ + ctx->pci_chan_id = txq_idx / txq_perchan; } out: return err; @@ -2503,6 +2512,7 @@ void chcr_add_aead_dst_ent(struct aead_request *req, struct crypto_aead *tfm = crypto_aead_reqtfm(req); struct dsgl_walk dsgl_walk; unsigned int authsize = crypto_aead_authsize(tfm); + struct chcr_context *ctx = a_ctx(tfm); u32 temp; dsgl_walk_init(&dsgl_walk, phys_cpl); @@ -2512,7 +2522,7 @@ void chcr_add_aead_dst_ent(struct aead_request *req, dsgl_walk_add_page(&dsgl_walk, IV, &reqctx->iv_dma); temp = req->cryptlen + (reqctx->op ? -authsize : authsize); dsgl_walk_add_sg(&dsgl_walk, req->dst, temp, req->assoclen); - dsgl_walk_end(&dsgl_walk, qid); + dsgl_walk_end(&dsgl_walk, qid, ctx->pci_chan_id); } void chcr_add_cipher_src_ent(struct ablkcipher_request *req, @@ -2544,6 +2554,8 @@ void chcr_add_cipher_dst_ent(struct ablkcipher_request *req, unsigned short qid) { struct chcr_blkcipher_req_ctx *reqctx = ablkcipher_request_ctx(req); + struct crypto_ablkcipher *tfm = crypto_ablkcipher_reqtfm(wrparam->req); + struct chcr_context *ctx = c_ctx(tfm); struct dsgl_walk dsgl_walk; dsgl_walk_init(&dsgl_walk, phys_cpl); @@ -2552,7 +2564,7 @@ void chcr_add_cipher_dst_ent(struct ablkcipher_request *req, reqctx->dstsg = dsgl_walk.last_sg; reqctx->dst_ofst = dsgl_walk.last_sg_len; - dsgl_walk_end(&dsgl_walk, qid); + dsgl_walk_end(&dsgl_walk, qid, ctx->pci_chan_id); } void chcr_add_hash_src_ent(struct ahash_request *req, diff --git a/drivers/crypto/chelsio/chcr_crypto.h b/drivers/crypto/chelsio/chcr_crypto.h index 54835cb109e5..0d2c70c344f3 100644 --- a/drivers/crypto/chelsio/chcr_crypto.h +++ b/drivers/crypto/chelsio/chcr_crypto.h @@ -255,6 +255,8 @@ struct chcr_context { struct chcr_dev *dev; unsigned char tx_qidx; unsigned char rx_qidx; + unsigned char tx_chan_id; + unsigned char pci_chan_id; struct __crypto_ctx crypto_ctx[0]; };

7 years, 1 month

1
0
0 0

FAILED: patch "[PATCH] crypto: chelsio - Fix memory corruption in DMA Mapped" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From add92a817e60e308a419693413a38d9d1e663aff Mon Sep 17 00:00:00 2001 From: Harsh Jain <harsh(a)chelsio.com> Date: Wed, 19 Sep 2018 22:42:16 +0530 Subject: [PATCH] crypto: chelsio - Fix memory corruption in DMA Mapped buffers. Update PCI Id in "cpl_rx_phys_dsgl" header. In case pci_chan_id and tx_chan_id are not derived from same queue, H/W can send request completion indication before completing DMA Transfer. Herbert, It would be good if fix can be merge to stable tree. For 4.14 kernel, It requires some update to avoid mege conficts. Cc: <stable(a)vger.kernel.org> Signed-off-by: Harsh Jain <harsh(a)chelsio.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/drivers/crypto/chelsio/chcr_algo.c b/drivers/crypto/chelsio/chcr_algo.c index 5c539af8ed60..010bbf607797 100644 --- a/drivers/crypto/chelsio/chcr_algo.c +++ b/drivers/crypto/chelsio/chcr_algo.c @@ -367,7 +367,8 @@ static inline void dsgl_walk_init(struct dsgl_walk *walk, walk->to = (struct phys_sge_pairs *)(dsgl + 1); } -static inline void dsgl_walk_end(struct dsgl_walk *walk, unsigned short qid) +static inline void dsgl_walk_end(struct dsgl_walk *walk, unsigned short qid, + int pci_chan_id) { struct cpl_rx_phys_dsgl *phys_cpl; @@ -385,6 +386,7 @@ static inline void dsgl_walk_end(struct dsgl_walk *walk, unsigned short qid) phys_cpl->rss_hdr_int.opcode = CPL_RX_PHYS_ADDR; phys_cpl->rss_hdr_int.qid = htons(qid); phys_cpl->rss_hdr_int.hash_val = 0; + phys_cpl->rss_hdr_int.channel = pci_chan_id; } static inline void dsgl_walk_add_page(struct dsgl_walk *walk, @@ -718,7 +720,7 @@ static inline void create_wreq(struct chcr_context *ctx, FILL_WR_RX_Q_ID(ctx->dev->rx_channel_id, qid, !!lcb, ctx->tx_qidx); - chcr_req->ulptx.cmd_dest = FILL_ULPTX_CMD_DEST(ctx->dev->tx_channel_id, + chcr_req->ulptx.cmd_dest = FILL_ULPTX_CMD_DEST(ctx->tx_chan_id, qid); chcr_req->ulptx.len = htonl((DIV_ROUND_UP(len16, 16) - ((sizeof(chcr_req->wreq)) >> 4))); @@ -1339,16 +1341,23 @@ static int chcr_device_init(struct chcr_context *ctx) adap->vres.ncrypto_fc); rxq_perchan = u_ctx->lldi.nrxq / u_ctx->lldi.nchan; txq_perchan = ntxq / u_ctx->lldi.nchan; - rxq_idx = ctx->dev->tx_channel_id * rxq_perchan; - rxq_idx += id % rxq_perchan; - txq_idx = ctx->dev->tx_channel_id * txq_perchan; - txq_idx += id % txq_perchan; spin_lock(&ctx->dev->lock_chcr_dev); - ctx->rx_qidx = rxq_idx; - ctx->tx_qidx = txq_idx; + ctx->tx_chan_id = ctx->dev->tx_channel_id; ctx->dev->tx_channel_id = !ctx->dev->tx_channel_id; ctx->dev->rx_channel_id = 0; spin_unlock(&ctx->dev->lock_chcr_dev); + rxq_idx = ctx->tx_chan_id * rxq_perchan; + rxq_idx += id % rxq_perchan; + txq_idx = ctx->tx_chan_id * txq_perchan; + txq_idx += id % txq_perchan; + ctx->rx_qidx = rxq_idx; + ctx->tx_qidx = txq_idx; + /* Channel Id used by SGE to forward packet to Host. + * Same value should be used in cpl_fw6_pld RSS_CH field + * by FW. Driver programs PCI channel ID to be used in fw + * at the time of queue allocation with value "pi->tx_chan" + */ + ctx->pci_chan_id = txq_idx / txq_perchan; } out: return err; @@ -2503,6 +2512,7 @@ void chcr_add_aead_dst_ent(struct aead_request *req, struct crypto_aead *tfm = crypto_aead_reqtfm(req); struct dsgl_walk dsgl_walk; unsigned int authsize = crypto_aead_authsize(tfm); + struct chcr_context *ctx = a_ctx(tfm); u32 temp; dsgl_walk_init(&dsgl_walk, phys_cpl); @@ -2512,7 +2522,7 @@ void chcr_add_aead_dst_ent(struct aead_request *req, dsgl_walk_add_page(&dsgl_walk, IV, &reqctx->iv_dma); temp = req->cryptlen + (reqctx->op ? -authsize : authsize); dsgl_walk_add_sg(&dsgl_walk, req->dst, temp, req->assoclen); - dsgl_walk_end(&dsgl_walk, qid); + dsgl_walk_end(&dsgl_walk, qid, ctx->pci_chan_id); } void chcr_add_cipher_src_ent(struct ablkcipher_request *req, @@ -2544,6 +2554,8 @@ void chcr_add_cipher_dst_ent(struct ablkcipher_request *req, unsigned short qid) { struct chcr_blkcipher_req_ctx *reqctx = ablkcipher_request_ctx(req); + struct crypto_ablkcipher *tfm = crypto_ablkcipher_reqtfm(wrparam->req); + struct chcr_context *ctx = c_ctx(tfm); struct dsgl_walk dsgl_walk; dsgl_walk_init(&dsgl_walk, phys_cpl); @@ -2552,7 +2564,7 @@ void chcr_add_cipher_dst_ent(struct ablkcipher_request *req, reqctx->dstsg = dsgl_walk.last_sg; reqctx->dst_ofst = dsgl_walk.last_sg_len; - dsgl_walk_end(&dsgl_walk, qid); + dsgl_walk_end(&dsgl_walk, qid, ctx->pci_chan_id); } void chcr_add_hash_src_ent(struct ahash_request *req, diff --git a/drivers/crypto/chelsio/chcr_crypto.h b/drivers/crypto/chelsio/chcr_crypto.h index 54835cb109e5..0d2c70c344f3 100644 --- a/drivers/crypto/chelsio/chcr_crypto.h +++ b/drivers/crypto/chelsio/chcr_crypto.h @@ -255,6 +255,8 @@ struct chcr_context { struct chcr_dev *dev; unsigned char tx_qidx; unsigned char rx_qidx; + unsigned char tx_chan_id; + unsigned char pci_chan_id; struct __crypto_ctx crypto_ctx[0]; };

7 years, 1 month

1
0
0 0

FAILED: patch "[PATCH] firmware: Always initialize the fw_priv list object" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 7012040576c6ae25a47035659ee48673612c2c27 Mon Sep 17 00:00:00 2001 From: Bjorn Andersson <bjorn.andersson(a)linaro.org> Date: Wed, 19 Sep 2018 18:09:38 -0700 Subject: [PATCH] firmware: Always initialize the fw_priv list object When freeing the fw_priv the item is taken off the list. This causes an oops in the FW_OPT_NOCACHE case as the list object is not initialized. Make sure to initialize the list object regardless of this flag. Fixes: 422b3db2a503 ("firmware: Fix security issue with request_firmware_into_buf()") Cc: stable(a)vger.kernel.org Cc: Rishabh Bhatnagar <rishabhb(a)codeaurora.org> Signed-off-by: Bjorn Andersson <bjorn.andersson(a)linaro.org> Reviewed-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/base/firmware_loader/main.c b/drivers/base/firmware_loader/main.c index b3c0498ee433..8e9213b36e31 100644 --- a/drivers/base/firmware_loader/main.c +++ b/drivers/base/firmware_loader/main.c @@ -226,8 +226,11 @@ static int alloc_lookup_fw_priv(const char *fw_name, } tmp = __allocate_fw_priv(fw_name, fwc, dbuf, size); - if (tmp && !(opt_flags & FW_OPT_NOCACHE)) - list_add(&tmp->list, &fwc->head); + if (tmp) { + INIT_LIST_HEAD(&tmp->list); + if (!(opt_flags & FW_OPT_NOCACHE)) + list_add(&tmp->list, &fwc->head); + } spin_unlock(&fwc->lock); *fw_priv = tmp;

7 years, 1 month

1
0
0 0

FAILED: patch "[PATCH] firmware: Fix security issue with request_firmware_into_buf()" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 422b3db2a5036add39a82425b1dd9fb6c96481e8 Mon Sep 17 00:00:00 2001 From: Rishabh Bhatnagar <rishabhb(a)codeaurora.org> Date: Fri, 31 Aug 2018 08:43:31 -0700 Subject: [PATCH] firmware: Fix security issue with request_firmware_into_buf() When calling request_firmware_into_buf() with the FW_OPT_NOCACHE flag it is expected that firmware is loaded into buffer from memory. But inside alloc_lookup_fw_priv every new firmware that is loaded is added to the firmware cache (fwc) list head. So if any driver requests a firmware that is already loaded the code iterates over the above mentioned list and it can end up giving a pointer to other device driver's firmware buffer. Also the existing copy may either be modified by drivers, remote processors or even freed. This causes a potential security issue with batched requests when using request_firmware_into_buf. Fix alloc_lookup_fw_priv to not add to the fwc head list if FW_OPT_NOCACHE is set, and also don't do the lookup in the list. Fixes: 0e742e9275 ("firmware: provide infrastructure to make fw caching optional") [mcgrof: broken since feature introduction on v4.8] Cc: stable(a)vger.kernel.org # v4.8+ Signed-off-by: Vikram Mulukutla <markivx(a)codeaurora.org> Signed-off-by: Rishabh Bhatnagar <rishabhb(a)codeaurora.org> Signed-off-by: Luis Chamberlain <mcgrof(a)kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/base/firmware_loader/main.c b/drivers/base/firmware_loader/main.c index 0943e7065e0e..b3c0498ee433 100644 --- a/drivers/base/firmware_loader/main.c +++ b/drivers/base/firmware_loader/main.c @@ -209,21 +209,24 @@ static struct fw_priv *__lookup_fw_priv(const char *fw_name) static int alloc_lookup_fw_priv(const char *fw_name, struct firmware_cache *fwc, struct fw_priv **fw_priv, void *dbuf, - size_t size) + size_t size, enum fw_opt opt_flags) { struct fw_priv *tmp; spin_lock(&fwc->lock); - tmp = __lookup_fw_priv(fw_name); - if (tmp) { - kref_get(&tmp->ref); - spin_unlock(&fwc->lock); - *fw_priv = tmp; - pr_debug("batched request - sharing the same struct fw_priv and lookup for multiple requests\n"); - return 1; + if (!(opt_flags & FW_OPT_NOCACHE)) { + tmp = __lookup_fw_priv(fw_name); + if (tmp) { + kref_get(&tmp->ref); + spin_unlock(&fwc->lock); + *fw_priv = tmp; + pr_debug("batched request - sharing the same struct fw_priv and lookup for multiple requests\n"); + return 1; + } } + tmp = __allocate_fw_priv(fw_name, fwc, dbuf, size); - if (tmp) + if (tmp && !(opt_flags & FW_OPT_NOCACHE)) list_add(&tmp->list, &fwc->head); spin_unlock(&fwc->lock); @@ -493,7 +496,8 @@ int assign_fw(struct firmware *fw, struct device *device, */ static int _request_firmware_prepare(struct firmware **firmware_p, const char *name, - struct device *device, void *dbuf, size_t size) + struct device *device, void *dbuf, size_t size, + enum fw_opt opt_flags) { struct firmware *firmware; struct fw_priv *fw_priv; @@ -511,7 +515,8 @@ _request_firmware_prepare(struct firmware **firmware_p, const char *name, return 0; /* assigned */ } - ret = alloc_lookup_fw_priv(name, &fw_cache, &fw_priv, dbuf, size); + ret = alloc_lookup_fw_priv(name, &fw_cache, &fw_priv, dbuf, size, + opt_flags); /* * bind with 'priv' now to avoid warning in failure path @@ -571,7 +576,8 @@ _request_firmware(const struct firmware **firmware_p, const char *name, goto out; } - ret = _request_firmware_prepare(&fw, name, device, buf, size); + ret = _request_firmware_prepare(&fw, name, device, buf, size, + opt_flags); if (ret <= 0) /* error or already assigned */ goto out;

7 years, 1 month

1
0
0 0

FAILED: patch "[PATCH] firmware: Fix security issue with request_firmware_into_buf()" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 422b3db2a5036add39a82425b1dd9fb6c96481e8 Mon Sep 17 00:00:00 2001 From: Rishabh Bhatnagar <rishabhb(a)codeaurora.org> Date: Fri, 31 Aug 2018 08:43:31 -0700 Subject: [PATCH] firmware: Fix security issue with request_firmware_into_buf() When calling request_firmware_into_buf() with the FW_OPT_NOCACHE flag it is expected that firmware is loaded into buffer from memory. But inside alloc_lookup_fw_priv every new firmware that is loaded is added to the firmware cache (fwc) list head. So if any driver requests a firmware that is already loaded the code iterates over the above mentioned list and it can end up giving a pointer to other device driver's firmware buffer. Also the existing copy may either be modified by drivers, remote processors or even freed. This causes a potential security issue with batched requests when using request_firmware_into_buf. Fix alloc_lookup_fw_priv to not add to the fwc head list if FW_OPT_NOCACHE is set, and also don't do the lookup in the list. Fixes: 0e742e9275 ("firmware: provide infrastructure to make fw caching optional") [mcgrof: broken since feature introduction on v4.8] Cc: stable(a)vger.kernel.org # v4.8+ Signed-off-by: Vikram Mulukutla <markivx(a)codeaurora.org> Signed-off-by: Rishabh Bhatnagar <rishabhb(a)codeaurora.org> Signed-off-by: Luis Chamberlain <mcgrof(a)kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/base/firmware_loader/main.c b/drivers/base/firmware_loader/main.c index 0943e7065e0e..b3c0498ee433 100644 --- a/drivers/base/firmware_loader/main.c +++ b/drivers/base/firmware_loader/main.c @@ -209,21 +209,24 @@ static struct fw_priv *__lookup_fw_priv(const char *fw_name) static int alloc_lookup_fw_priv(const char *fw_name, struct firmware_cache *fwc, struct fw_priv **fw_priv, void *dbuf, - size_t size) + size_t size, enum fw_opt opt_flags) { struct fw_priv *tmp; spin_lock(&fwc->lock); - tmp = __lookup_fw_priv(fw_name); - if (tmp) { - kref_get(&tmp->ref); - spin_unlock(&fwc->lock); - *fw_priv = tmp; - pr_debug("batched request - sharing the same struct fw_priv and lookup for multiple requests\n"); - return 1; + if (!(opt_flags & FW_OPT_NOCACHE)) { + tmp = __lookup_fw_priv(fw_name); + if (tmp) { + kref_get(&tmp->ref); + spin_unlock(&fwc->lock); + *fw_priv = tmp; + pr_debug("batched request - sharing the same struct fw_priv and lookup for multiple requests\n"); + return 1; + } } + tmp = __allocate_fw_priv(fw_name, fwc, dbuf, size); - if (tmp) + if (tmp && !(opt_flags & FW_OPT_NOCACHE)) list_add(&tmp->list, &fwc->head); spin_unlock(&fwc->lock); @@ -493,7 +496,8 @@ int assign_fw(struct firmware *fw, struct device *device, */ static int _request_firmware_prepare(struct firmware **firmware_p, const char *name, - struct device *device, void *dbuf, size_t size) + struct device *device, void *dbuf, size_t size, + enum fw_opt opt_flags) { struct firmware *firmware; struct fw_priv *fw_priv; @@ -511,7 +515,8 @@ _request_firmware_prepare(struct firmware **firmware_p, const char *name, return 0; /* assigned */ } - ret = alloc_lookup_fw_priv(name, &fw_cache, &fw_priv, dbuf, size); + ret = alloc_lookup_fw_priv(name, &fw_cache, &fw_priv, dbuf, size, + opt_flags); /* * bind with 'priv' now to avoid warning in failure path @@ -571,7 +576,8 @@ _request_firmware(const struct firmware **firmware_p, const char *name, goto out; } - ret = _request_firmware_prepare(&fw, name, device, buf, size); + ret = _request_firmware_prepare(&fw, name, device, buf, size, + opt_flags); if (ret <= 0) /* error or already assigned */ goto out;

7 years, 1 month

1
0
0 0

[PATCH stable v2 0/2] termios: Alpha BOTHER/IBSHIFT, tty_baudrate fix

by H. Peter Anvin

From: "H. Peter Anvin (Intel)" <hpa(a)zytor.com> It turns out that Alpha is the only architecture that never implemented BOTHER and IBSHIFT, which is otherwise ages old. This is one thing that has held up glibc support for this feature (all other architectures have supported these for about a decade, at least before the current 3.2 glibc cutoff.) Furthermore, in the process of dealing with this, I discovered that the current code in tty_baudrate.c can read past the end of the baud_table[] on Alpha and PowerPC. The second patch in this series fixes that, but it also cleans up the code substantially by auto-generating the table and, since all architectures now have them, removing all conditionals for BOTHER and IBSHIFT existing. Tagging for stable because these are concrete and immediate problems. I have a much bigger update in process, nearly done, which will clean up a lot of duplicated code and make the uapi headers usable for libc, but that is not critical on the same level. Tested on x86, compile-tested on Alpha. SPARC, and PowerPC. v2: the CBAUDEX masking-as-fallback code was wrong, but it could never be exercised on any architecture anyway (gcc would not even emit it) so just remove it. There are thus no object code changes from v1. --- arch/alpha/include/asm/termios.h | 8 +- arch/alpha/include/uapi/asm/ioctls.h | 5 + arch/alpha/include/uapi/asm/termbits.h | 17 +++ drivers/tty/.gitignore | 1 + drivers/tty/Makefile | 16 +++ drivers/tty/bmacros.c | 2 + drivers/tty/tty_baudrate.c | 182 ++++++++++++--------------------- 7 files changed, 114 insertions(+), 117 deletions(-) Signed-off-by: H. Peter Anvin (Intel) <hpa(a)zytor.com> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Jiri Slaby <jslaby(a)suse.com> Cc: Al Viro <viro(a)zeniv.linux.org.uk> Cc: Richard Henderson <rth(a)twiddle.net> Cc: Ivan Kokshaysky <ink(a)jurassic.park.msu.ru> Cc: Matt Turner <mattst88(a)gmail.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Kate Stewart <kstewart(a)linuxfoundation.org> Cc: Philippe Ombredanne <pombredanne(a)nexb.com> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Eugene Syromiatnikov <esyr(a)redhat.com> Cc: <linux-alpha(a)vger.kernel.org> Cc: <linux-serial(a)vger.kernel.org> Cc: Johan Hovold <johan(a)kernel.org> Cc: Alan Cox <alan(a)lxorguk.ukuu.org.uk> Cc: Benjamin Herrenschmidt <benh(a)kernel.crashing.org> Cc: Paul Mackerras <paulus(a)samba.org> Cc: Michael Ellerman <mpe(a)ellerman.id.au> Cc: <stable(a)vger.kernel.org>

7 years, 1 month

2
7
0 0

[GIT PULL] commits for Linux 4.18

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.18 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 7da07a3216a00aa3c523db4539fc6914497d0576: Linux 4.18.12 (2018-10-03 16:59:28 -0700) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.18-08102018 for you to fetch changes up to 880c04da777b6fab0bb97d8fccf7aed9c223db5e: x86/APM: Fix build warning when PROC_FS is not enabled (2018-10-03 22:23:29 -0400) - ---------------------------------------------------------------- for-greg-4.18-08102018 - ---------------------------------------------------------------- Andreas Bosch (1): HID: intel-ish-hid: Enable Sunrise Point-H ish driver Andrew Murray (1): asm-generic: io: Fix ioport_map() for !CONFIG_GENERIC_IOMAP && CONFIG_INDIRECT_PIO Anton Vasilyev (1): usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i] Anurag Kumar Vulisha (1): usb: host: xhci-plat: Iterate over parent nodes for finding quirks Ben Hutchings (1): USB: yurex: Check for truncation in yurex_read() Ben Skeggs (5): drm/nouveau: fix oops in client init failure path drm/nouveau/mmu: don't attempt to dereference vmm without valid instance pointer drm/nouveau/TBDdevinit: don't fail when PMU/PRE_OS is missing from VBIOS drm/nouveau/disp: fix DP disable race drm/nouveau/disp/gm200-: enforce identity-mapped SOR assignment for LVDS/eDP panels Chris Phlipot (1): perf util: Fix bad memory access in trace info. Christian König (1): drm/amdgpu: fix error handling in amdgpu_cs_user_fence_chunk Cong Wang (1): netfilter: xt_hashlimit: use s->file instead of s->private Dan Carpenter (1): cifs: read overflow in is_valid_oplock_break() Daniel Jurgens (1): net/mlx5: Consider PCI domain in search for next dev Florian Westphal (2): netfilter: xt_checksum: ignore gso skbs netfilter: kconfig: nat related expression depend on nftables core Guenter Roeck (1): riscv: Do not overwrite initrd_start and initrd_end Hans de Goede (1): HID: sensor-hub: Restore fixup for Lenovo ThinkPad Helix 2 sensor hub report Harry Mallon (1): HID: hid-saitek: Add device ID for RAT 7 Contagion Heinz Mauelshagen (4): dm raid: fix reshape race on small devices dm raid: fix stripe adding reshape deadlock dm raid: fix rebuild of specific devices by updating superblock dm raid: fix RAID leg rebuild errors Hisao Tanabe (1): perf evsel: Fix potential null pointer dereference in perf_evsel__new_idx() Jacek Tomaka (1): perf/x86/intel: Add support/quirk for the MISPREDICT bit on Knights Landing CPUs Jann Horn (1): RDMA/ucma: check fd type in ucma_migrate_id() Joe Thornber (1): dm thin metadata: try to avoid ever aborting transactions Josh Abraham (1): xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage Julian Wiedmann (1): s390/qeth: don't dump past end of unknown HW header Kai-Heng Feng (2): HID: i2c-hid: Don't reset device upon system resume r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED Kim Phillips (1): perf annotate: Fix parsing aarch64 branch instructions after objdump update Lorenzo Bianconi (1): iio: imu: st_lsm6dsx: take into account ts samples in wm configuration Maciej S. Szmigiero (1): r8169: set TxConfig register after TX / RX is enabled, just like RxConfig Martin Liška (1): perf annotate: Properly interpret indirect call Martin Willi (1): netfilter: xt_cluster: add dependency on conntrack module Matt Ranostay (1): Revert "iio: temperature: maxim_thermocouple: add MAX31856 part" Michal 'vorner' Vaner (1): netfilter: nfnetlink_queue: Solve the NFQUEUE/conntrack clash for NF_REPEAT Miguel Ojeda (1): arm64: jump_label.h: use asm_volatile_goto macro instead of "asm goto" Mike Christie (1): scsi: iscsi: target: Fix conn_ops double free Netanel Belgazal (6): net: ena: fix surprise unplug NULL dereference kernel crash net: ena: fix driver when PAGE_SIZE == 64kB net: ena: fix device destruction to gracefully free resources net: ena: fix potential double ena_destroy_device() net: ena: fix missing lock during device destruction net: ena: fix missing calls to READ_ONCE Nilesh Javali (1): scsi: qedi: Add the CRC size within iSCSI NVM image Olaf Hering (1): xen: avoid crash in disable_hotplug_cpu Pablo Neira Ayuso (1): netfilter: conntrack: timeout interface depend on CONFIG_NF_CONNTRACK_TIMEOUT Randy Dunlap (3): arch/hexagon: fix kernel/dma.c build warning hexagon: modify ffs() and fls() to return int x86/APM: Fix build warning when PROC_FS is not enabled Sagi Grimberg (1): nvmet-rdma: fix possible bogus dereference under heavy load Sandipan Das (1): perf probe powerpc: Ignore SyS symbols irrespective of endianness Sean O'Brien (1): HID: add support for Apple Magic Keyboards Somnath Kotur (1): bnxt_re: Fix couple of memory leaks that could lead to IOMMU call traces Srikar Dronamraju (1): sched/topology: Set correct NUMA topology type Stephen Boyd (1): pinctrl: msm: Really mask level interrupts to prevent latching Stephen Rothwell (1): fs/cifs: suppress a string overflow warning Taehee Yoo (1): netfilter: nf_tables: release chain in flushing set Tao Zhou (1): drm/amdgpu: Fix SDMA hang in prt mode v2 Vincent Pelletier (1): scsi: iscsi: target: Set conn->sess to NULL when iscsi_login_set_conn_values fails Vitaly Kuznetsov (1): xen/manage: don't complain about an empty value in control/sysrq node Wenjia Zhang (1): s390/qeth: use vzalloc for QUERY OAT buffer arch/arm64/include/asm/jump_label.h | 4 +- arch/hexagon/include/asm/bitops.h | 4 +- arch/hexagon/kernel/dma.c | 2 +- arch/riscv/kernel/setup.c | 7 - arch/x86/events/intel/lbr.c | 4 + arch/x86/kernel/apm_32.c | 2 + drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 23 ++-- drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c | 7 +- drivers/gpu/drm/nouveau/nouveau_drm.c | 14 +- drivers/gpu/drm/nouveau/nvkm/engine/disp/base.c | 14 ++ drivers/gpu/drm/nouveau/nvkm/engine/disp/dp.c | 17 ++- drivers/gpu/drm/nouveau/nvkm/engine/disp/ior.h | 1 + drivers/gpu/drm/nouveau/nvkm/engine/disp/nv50.c | 6 +- drivers/gpu/drm/nouveau/nvkm/engine/disp/outp.c | 17 ++- drivers/gpu/drm/nouveau/nvkm/engine/disp/outp.h | 4 +- .../gpu/drm/nouveau/nvkm/subdev/devinit/gm200.c | 3 +- drivers/gpu/drm/nouveau/nvkm/subdev/mmu/vmm.c | 2 +- drivers/hid/hid-apple.c | 9 +- drivers/hid/hid-ids.h | 7 +- drivers/hid/hid-saitek.c | 2 + drivers/hid/hid-sensor-hub.c | 23 ++++ drivers/hid/i2c-hid/i2c-hid.c | 13 +- drivers/hid/intel-ish-hid/ipc/hw-ish.h | 1 + drivers/hid/intel-ish-hid/ipc/pci-ish.c | 1 + drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_buffer.c | 13 +- drivers/iio/temperature/maxim_thermocouple.c | 1 - drivers/infiniband/core/ucma.c | 6 + drivers/infiniband/hw/bnxt_re/ib_verbs.c | 2 + drivers/infiniband/hw/bnxt_re/qplib_fp.c | 2 +- drivers/md/dm-raid.c | 144 ++++++++------------ drivers/md/dm-thin-metadata.c | 36 ++++- drivers/md/dm-thin.c | 73 ++++++++-- drivers/net/ethernet/amazon/ena/ena_com.c | 8 +- drivers/net/ethernet/amazon/ena/ena_netdev.c | 52 +++---- drivers/net/ethernet/amazon/ena/ena_netdev.h | 11 ++ drivers/net/ethernet/mellanox/mlx5/core/dev.c | 7 +- drivers/net/ethernet/realtek/r8169.c | 11 +- drivers/nvme/target/rdma.c | 27 +++- drivers/pinctrl/qcom/pinctrl-msm.c | 24 ++++ drivers/s390/net/qeth_core_main.c | 5 +- drivers/s390/net/qeth_l2_main.c | 2 +- drivers/s390/net/qeth_l3_main.c | 2 +- drivers/scsi/qedi/qedi.h | 7 +- drivers/scsi/qedi/qedi_main.c | 28 ++-- drivers/target/iscsi/iscsi_target.c | 9 +- drivers/target/iscsi/iscsi_target_login.c | 149 +++++++++++---------- drivers/target/iscsi/iscsi_target_login.h | 2 +- drivers/usb/gadget/udc/fotg210-udc.c | 15 ++- drivers/usb/host/xhci-plat.c | 27 ++-- drivers/usb/misc/yurex.c | 3 + drivers/xen/cpu_hotplug.c | 15 ++- drivers/xen/events/events_base.c | 2 +- drivers/xen/manage.c | 6 +- fs/cifs/cifssmb.c | 11 +- fs/cifs/misc.c | 8 ++ include/asm-generic/io.h | 3 +- kernel/sched/topology.c | 5 +- net/ipv4/netfilter/Kconfig | 8 +- net/ipv4/netfilter/nf_conntrack_proto_icmp.c | 8 +- net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c | 8 +- net/netfilter/Kconfig | 12 +- net/netfilter/nf_conntrack_proto_dccp.c | 12 +- net/netfilter/nf_conntrack_proto_generic.c | 8 +- net/netfilter/nf_conntrack_proto_gre.c | 8 +- net/netfilter/nf_conntrack_proto_sctp.c | 14 +- net/netfilter/nf_conntrack_proto_tcp.c | 12 +- net/netfilter/nf_conntrack_proto_udp.c | 20 +-- net/netfilter/nf_tables_api.c | 1 + net/netfilter/nfnetlink_queue.c | 1 + net/netfilter/xt_CHECKSUM.c | 22 ++- net/netfilter/xt_cluster.c | 14 +- net/netfilter/xt_hashlimit.c | 18 +-- tools/perf/arch/powerpc/util/sym-handling.c | 4 +- tools/perf/util/annotate.c | 32 ++++- tools/perf/util/annotate.h | 1 + tools/perf/util/evsel.c | 5 +- tools/perf/util/trace-event-info.c | 2 +- 77 files changed, 709 insertions(+), 404 deletions(-) -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlu7cW8ACgkQ3qZv95d3 LNxYhQ/+IIWI+gqynHl33wBHO24BHgCzM0qUdEfofRfQe3sz4Fhs16b4mK8Yeaw0 Yag+8wh7fVccHI4VBIWkldzAyDm8+NQRuuqvE0JCofVNYm4C5lUmO+gf3inVwLmh FRdiWyk6EdcXFn3C540rfj9PXXkO8Kdn2iDHd0cQJx1+3rrBN1CwFzCv1pWozJVh 2bIoutp13EbiS3RxFoxEI0GLzVy6lyRV6v2Qrv+2bpHkfRBl3lZlLUpSZy9V+Kza kKDZTJC99F3jOj7Wy2kGzCdToDtk0Q4V9XTuB09Rdgj28rxoVSxSdx6qGvV73qxG 4PEV0tbpdJW2pUbGx2bvfx6LMkADxcFykujg4dYenErXbLTHnh2597Ryc6VXUdiL bZtbBbWNBx1OPx29vvghj1364O8rnpXRzU4aIT/P0fSofB2QTQsVEKjadNASDz0B OsMAKlsu4Z/6W5UGeG4Uoz7B6Qi3QKxxa/pt2OM8rdHMb8L6LY6g5j4RGUEbXspq 7vbzGWiibD1cPT+k/xtgRZ2mWwrRu0Ivx73vHp/Pm2TdKj2J7WwUXh6xaXnXWN5M TknNELY/rcZw35ThhKNCvpqgoYb+hoWTjL5amvY+JgduVcxxQG8fETlTZoYIoDOt HdV4RAKwlydKV9QUhiotaH6Gqir4VjY4cew8j8XTw6HjKJ+SOJc= =pn2C -----END PGP SIGNATURE-----

7 years, 1 month

2
1
0 0

[PATCH AUTOSEL 3.18 1/4] media: af9035: prevent buffer overflow on write

by Sasha Levin

From: Jozef Balga <jozef.balga(a)gmail.com> [ Upstream commit 312f73b648626a0526a3aceebb0a3192aaba05ce ] When less than 3 bytes are written to the device, memcpy is called with negative array size which leads to buffer overflow and kernel panic. This patch adds a condition and returns -EOPNOTSUPP instead. Fixes bugzilla issue 64871 [mchehab+samsung(a)kernel.org: fix a merge conflict and changed the condition to match the patch's comment, e. g. len == 3 could also be valid] Signed-off-by: Jozef Balga <jozef.balga(a)gmail.com> Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- drivers/media/usb/dvb-usb-v2/af9035.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/media/usb/dvb-usb-v2/af9035.c b/drivers/media/usb/dvb-usb-v2/af9035.c index 1896ab218b11..efc1545bf29e 100644 --- a/drivers/media/usb/dvb-usb-v2/af9035.c +++ b/drivers/media/usb/dvb-usb-v2/af9035.c @@ -389,8 +389,10 @@ static int af9035_i2c_master_xfer(struct i2c_adapter *adap, msg[0].addr == (state->af9033_i2c_addr[1] >> 1)) reg |= 0x100000; - ret = af9035_wr_regs(d, reg, &msg[0].buf[3], - msg[0].len - 3); + ret = (msg[0].len >= 3) ? af9035_wr_regs(d, reg, + &msg[0].buf[3], + msg[0].len - 3) + : -EOPNOTSUPP; } else { /* I2C write */ u8 buf[MAX_XFER_SIZE]; -- 2.17.1

7 years, 1 month

1
3
0 0

[PATCH AUTOSEL 4.4 1/9] media: af9035: prevent buffer overflow on write

by Sasha Levin

From: Jozef Balga <jozef.balga(a)gmail.com> [ Upstream commit 312f73b648626a0526a3aceebb0a3192aaba05ce ] When less than 3 bytes are written to the device, memcpy is called with negative array size which leads to buffer overflow and kernel panic. This patch adds a condition and returns -EOPNOTSUPP instead. Fixes bugzilla issue 64871 [mchehab+samsung(a)kernel.org: fix a merge conflict and changed the condition to match the patch's comment, e. g. len == 3 could also be valid] Signed-off-by: Jozef Balga <jozef.balga(a)gmail.com> Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- drivers/media/usb/dvb-usb-v2/af9035.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/media/usb/dvb-usb-v2/af9035.c b/drivers/media/usb/dvb-usb-v2/af9035.c index 6e02a15d39ce..abddb621d9e6 100644 --- a/drivers/media/usb/dvb-usb-v2/af9035.c +++ b/drivers/media/usb/dvb-usb-v2/af9035.c @@ -389,8 +389,10 @@ static int af9035_i2c_master_xfer(struct i2c_adapter *adap, msg[0].addr == (state->af9033_i2c_addr[1] >> 1)) reg |= 0x100000; - ret = af9035_wr_regs(d, reg, &msg[0].buf[3], - msg[0].len - 3); + ret = (msg[0].len >= 3) ? af9035_wr_regs(d, reg, + &msg[0].buf[3], + msg[0].len - 3) + : -EOPNOTSUPP; } else { /* I2C write */ u8 buf[MAX_XFER_SIZE]; -- 2.17.1

7 years, 1 month

1
8
0 0

[PATCH AUTOSEL 4.9 01/23] media: af9035: prevent buffer overflow on write

by Sasha Levin

From: Jozef Balga <jozef.balga(a)gmail.com> [ Upstream commit 312f73b648626a0526a3aceebb0a3192aaba05ce ] When less than 3 bytes are written to the device, memcpy is called with negative array size which leads to buffer overflow and kernel panic. This patch adds a condition and returns -EOPNOTSUPP instead. Fixes bugzilla issue 64871 [mchehab+samsung(a)kernel.org: fix a merge conflict and changed the condition to match the patch's comment, e. g. len == 3 could also be valid] Signed-off-by: Jozef Balga <jozef.balga(a)gmail.com> Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- drivers/media/usb/dvb-usb-v2/af9035.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/media/usb/dvb-usb-v2/af9035.c b/drivers/media/usb/dvb-usb-v2/af9035.c index 8961dd732522..64be30d53847 100644 --- a/drivers/media/usb/dvb-usb-v2/af9035.c +++ b/drivers/media/usb/dvb-usb-v2/af9035.c @@ -406,8 +406,10 @@ static int af9035_i2c_master_xfer(struct i2c_adapter *adap, msg[0].addr == (state->af9033_i2c_addr[1] >> 1)) reg |= 0x100000; - ret = af9035_wr_regs(d, reg, &msg[0].buf[3], - msg[0].len - 3); + ret = (msg[0].len >= 3) ? af9035_wr_regs(d, reg, + &msg[0].buf[3], + msg[0].len - 3) + : -EOPNOTSUPP; } else { /* I2C write */ u8 buf[MAX_XFER_SIZE]; -- 2.17.1

7 years, 1 month

1
22
0 0

[PATCH AUTOSEL 4.14 01/32] media: af9035: prevent buffer overflow on write

by Sasha Levin

From: Jozef Balga <jozef.balga(a)gmail.com> [ Upstream commit 312f73b648626a0526a3aceebb0a3192aaba05ce ] When less than 3 bytes are written to the device, memcpy is called with negative array size which leads to buffer overflow and kernel panic. This patch adds a condition and returns -EOPNOTSUPP instead. Fixes bugzilla issue 64871 [mchehab+samsung(a)kernel.org: fix a merge conflict and changed the condition to match the patch's comment, e. g. len == 3 could also be valid] Signed-off-by: Jozef Balga <jozef.balga(a)gmail.com> Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- drivers/media/usb/dvb-usb-v2/af9035.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/media/usb/dvb-usb-v2/af9035.c b/drivers/media/usb/dvb-usb-v2/af9035.c index 666d319d3d1a..1f6c1eefe389 100644 --- a/drivers/media/usb/dvb-usb-v2/af9035.c +++ b/drivers/media/usb/dvb-usb-v2/af9035.c @@ -402,8 +402,10 @@ static int af9035_i2c_master_xfer(struct i2c_adapter *adap, if (msg[0].addr == state->af9033_i2c_addr[1]) reg |= 0x100000; - ret = af9035_wr_regs(d, reg, &msg[0].buf[3], - msg[0].len - 3); + ret = (msg[0].len >= 3) ? af9035_wr_regs(d, reg, + &msg[0].buf[3], + msg[0].len - 3) + : -EOPNOTSUPP; } else { /* I2C write */ u8 buf[MAX_XFER_SIZE]; -- 2.17.1

7 years, 1 month

1
31
0 0

[GIT PULL] commits for Linux 3.18

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 3.18 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 921b2fed6a79439ef1609ef4af0ada5cccb3555c: Linux 3.18.123 (2018-09-26 08:33:59 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-3.18-08102018 for you to fetch changes up to 9ea48c2937d91b2c0d6ce1a7c047798298de6701: xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage (2018-09-28 10:16:27 -0400) - ---------------------------------------------------------------- for-greg-3.18-08102018 - ---------------------------------------------------------------- Anton Vasilyev (1): usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i] Ben Hutchings (1): USB: yurex: Check for truncation in yurex_read() Dan Carpenter (1): cifs: read overflow in is_valid_oplock_break() Jann Horn (1): RDMA/ucma: check fd type in ucma_migrate_id() Joe Thornber (1): dm thin metadata: try to avoid ever aborting transactions Josh Abraham (1): xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage Julian Wiedmann (1): s390/qeth: don't dump past end of unknown HW header Kai-Heng Feng (1): r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED Randy Dunlap (2): arch/hexagon: fix kernel/dma.c build warning hexagon: modify ffs() and fls() to return int Stephen Boyd (1): pinctrl: msm: Really mask level interrupts to prevent latching Stephen Rothwell (1): fs/cifs: suppress a string overflow warning Vitaly Kuznetsov (1): xen/manage: don't complain about an empty value in control/sysrq node arch/hexagon/include/asm/bitops.h | 4 +- arch/hexagon/kernel/dma.c | 2 +- drivers/infiniband/core/ucma.c | 6 +++ drivers/md/dm-thin-metadata.c | 36 +++++++++++++++++- drivers/md/dm-thin.c | 73 ++++++++++++++++++++++++++++++++---- drivers/net/ethernet/realtek/r8169.c | 9 +++-- drivers/pinctrl/qcom/pinctrl-msm.c | 24 ++++++++++++ drivers/s390/net/qeth_l2_main.c | 2 +- drivers/s390/net/qeth_l3_main.c | 2 +- drivers/usb/gadget/udc/fotg210-udc.c | 15 +++++--- drivers/usb/misc/yurex.c | 3 ++ drivers/xen/events/events_base.c | 2 +- drivers/xen/manage.c | 6 ++- fs/cifs/cifssmb.c | 11 ++++-- fs/cifs/misc.c | 8 ++++ 15 files changed, 175 insertions(+), 28 deletions(-) -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlu7caEACgkQ3qZv95d3 LNwjIRAAg+Kz3Igp9uJpAc9uUri/IxF3qwXL00FZT92BJTi0FqUEyJIQqtCbu7mo hyTNwNjw0PBQfrXcnDGWHTFcl5vICdd4KiFm5NRZB3UNdhYy+ATaBPWFA56Y7dSK oFd/IBWt9XQT/OWLJslul1PXR+JsulaRhFHYJPWJ0K9oys8jbTyTVBSvos1Wshzk wMJ9X3tTtQ/NfoXega1xdxgHIIwV9L4gR2jfTSMz0t5DnypGddUDlAR8/800yJGH J23tXprXRI7AZ5sf9qM2ybhL6MGvgU/86nd4DsA3Igkspi9jQDjXiV9FMGFx+PiB BjQraiLfXVI0bPsswsWBYKWwuZwheTf0WxlofAjO/Ct5aAZ14zlwg/HVOvFOpU5O PpxLGrJ2e28lsinhVSd8aLbJu1Jc4GpkAwp+0OHuolWqZlUTrbLrfKHho+SMANNs Y6smRnSYpgzhYI1l/9W8xoFMyP7CNRqihPGAZY2PKbPRPy4CXgQcGMC0OM8hLA+e Mf/g+GglCwqUZw3l6V8wZY83+X6gB/qhoSryrPgi2n2u9onA/aXtUOWynjmzXOKY oU0lW2CW5yThgo73pBTKLDW8bc5Vy9QuMFmnuXoaUsMIXJ3FjR799pFsyRaZMd/1 AuRnQ16Uw2N+W9xZLRTE3F8l9eapA47N+DTbOKVgJRFmhNjv7xM= =dYwu -----END PGP SIGNATURE-----

7 years, 1 month

1
0
0 0

[GIT PULL] commits for Linux 4.4

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.4 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 9c6cd3f3a4b8194e82fa927bc00028c7a505e3b3: Linux 4.4.159 (2018-09-29 03:08:55 -0700) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.4-08102018 for you to fetch changes up to 78c9795a56513a101b1620f0e34d89c114a7a59a: xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage (2018-09-29 13:03:41 -0400) - ---------------------------------------------------------------- for-greg-4.4-08102018 - ---------------------------------------------------------------- Anton Vasilyev (1): usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i] Ben Hutchings (1): USB: yurex: Check for truncation in yurex_read() Ben Skeggs (1): drm/nouveau/TBDdevinit: don't fail when PMU/PRE_OS is missing from VBIOS Dan Carpenter (1): cifs: read overflow in is_valid_oplock_break() Jann Horn (1): RDMA/ucma: check fd type in ucma_migrate_id() Joe Thornber (1): dm thin metadata: try to avoid ever aborting transactions Josh Abraham (1): xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage Julian Wiedmann (1): s390/qeth: don't dump past end of unknown HW header Kai-Heng Feng (1): r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED Miguel Ojeda (1): arm64: jump_label.h: use asm_volatile_goto macro instead of "asm goto" Olaf Hering (1): xen: avoid crash in disable_hotplug_cpu Randy Dunlap (2): arch/hexagon: fix kernel/dma.c build warning hexagon: modify ffs() and fls() to return int Sandipan Das (1): perf probe powerpc: Ignore SyS symbols irrespective of endianness Stephen Boyd (1): pinctrl: msm: Really mask level interrupts to prevent latching Stephen Rothwell (1): fs/cifs: suppress a string overflow warning Vitaly Kuznetsov (1): xen/manage: don't complain about an empty value in control/sysrq node arch/arm64/include/asm/jump_label.h | 4 +- arch/hexagon/include/asm/bitops.h | 4 +- arch/hexagon/kernel/dma.c | 2 +- .../gpu/drm/nouveau/nvkm/subdev/devinit/gm204.c | 3 +- drivers/infiniband/core/ucma.c | 6 ++ drivers/md/dm-thin-metadata.c | 36 ++++++++++- drivers/md/dm-thin.c | 73 +++++++++++++++++++--- drivers/net/ethernet/realtek/r8169.c | 9 ++- drivers/pinctrl/qcom/pinctrl-msm.c | 24 +++++++ drivers/s390/net/qeth_l2_main.c | 2 +- drivers/s390/net/qeth_l3_main.c | 2 +- drivers/usb/gadget/udc/fotg210-udc.c | 15 +++-- drivers/usb/misc/yurex.c | 3 + drivers/xen/cpu_hotplug.c | 15 ++--- drivers/xen/events/events_base.c | 2 +- drivers/xen/manage.c | 6 +- fs/cifs/cifssmb.c | 11 +++- fs/cifs/misc.c | 8 +++ tools/perf/arch/powerpc/util/sym-handling.c | 4 +- 19 files changed, 190 insertions(+), 39 deletions(-) -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlu7cZoACgkQ3qZv95d3 LNwdwQ//dsOKScH3qjTVEsX+fIwRTTnw9qTnQeCobQm2C2ibPnoVKST+oqaXoffQ 7QwdtrIXxNc/i4Ga4JuqV4AZUSuyrgsppueoHwoF+8v5Pa5hiwexlbSBJ0CmtTg9 mma8c6QGjyObaxtytWohX0AZ/1awLrmh2RYYngGTeMyTyfylRDwZoj9DA1lzT1Vv M9Qm+aDV7IApjiQW0Jb7UHZVGV8pyps0NRm0MUiwzNeoTTTOBW+s3uY1yu7pytpt +Gw1s39pmaAwmPfrxsjyzZMbFVogK9KFa/0nSVN56oo+qamq3IzvFYFIj78GJv1P hPhCH1T1OVprZPt3FAdYPnpuWvb/4maogGyrEu1LME09erC9NpLs9ovTiORTmc5h ucUJmgtHF7EXb53R//m8jLcWKWnlIRPezKxIGv/vUx5N86LOWixX/yFtZU3QanMj yKbQBz/eBYhe0Mj8G+roI3kIN0naplH5FuluissaMWRzdBXTDUMe+YKmEEYWVIHs V2KX2aiYbaAojv4/JLaKnPV0HMIG6+DUJq/h8yFDxMn8kUeiKyW7JVpNWrNgz38p oIYK5qf/JO9RqKbQK1qLOi8HkFNTq9VOFoEBz9SnEHwiJq39wLs3W3wZIAGcLnhd sfy1yJM5ihbGX51oSAbc4O/5bxzmnPzycq8AA84JnYfN65zYBjw= =+003 -----END PGP SIGNATURE-----

7 years, 1 month

1
0
0 0

[GIT PULL] commits for Linux 4.9

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.9 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit cdd48f386d7e6671e7cc21e517ae258b298ec877: Linux 4.9.131 (2018-10-03 17:01:55 -0700) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.9-08102018 for you to fetch changes up to 3c29b011970e1edb3d203e2e2517daad893c8ed4: xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage (2018-10-03 22:23:44 -0400) - ---------------------------------------------------------------- for-greg-4.9-08102018 - ---------------------------------------------------------------- Anton Vasilyev (1): usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i] Ben Hutchings (1): USB: yurex: Check for truncation in yurex_read() Ben Skeggs (1): drm/nouveau/TBDdevinit: don't fail when PMU/PRE_OS is missing from VBIOS Dan Carpenter (1): cifs: read overflow in is_valid_oplock_break() Daniel Jurgens (1): net/mlx5: Consider PCI domain in search for next dev Harry Mallon (1): HID: hid-saitek: Add device ID for RAT 7 Contagion Heinz Mauelshagen (1): dm raid: fix rebuild of specific devices by updating superblock Hisao Tanabe (1): perf evsel: Fix potential null pointer dereference in perf_evsel__new_idx() Jacek Tomaka (1): perf/x86/intel: Add support/quirk for the MISPREDICT bit on Knights Landing CPUs Jann Horn (1): RDMA/ucma: check fd type in ucma_migrate_id() Joe Thornber (1): dm thin metadata: try to avoid ever aborting transactions Josh Abraham (1): xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage Julian Wiedmann (1): s390/qeth: don't dump past end of unknown HW header Kai-Heng Feng (1): r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED Miguel Ojeda (1): arm64: jump_label.h: use asm_volatile_goto macro instead of "asm goto" Netanel Belgazal (1): net: ena: fix driver when PAGE_SIZE == 64kB Olaf Hering (1): xen: avoid crash in disable_hotplug_cpu Randy Dunlap (2): arch/hexagon: fix kernel/dma.c build warning hexagon: modify ffs() and fls() to return int Sagi Grimberg (1): nvmet-rdma: fix possible bogus dereference under heavy load Sandipan Das (1): perf probe powerpc: Ignore SyS symbols irrespective of endianness Sean O'Brien (1): HID: add support for Apple Magic Keyboards Stephen Boyd (1): pinctrl: msm: Really mask level interrupts to prevent latching Stephen Rothwell (1): fs/cifs: suppress a string overflow warning Vitaly Kuznetsov (1): xen/manage: don't complain about an empty value in control/sysrq node Wenjia Zhang (1): s390/qeth: use vzalloc for QUERY OAT buffer arch/arm64/include/asm/jump_label.h | 4 +- arch/hexagon/include/asm/bitops.h | 4 +- arch/hexagon/kernel/dma.c | 2 +- arch/x86/events/intel/lbr.c | 4 ++ .../gpu/drm/nouveau/nvkm/subdev/devinit/gm200.c | 3 +- drivers/hid/hid-apple.c | 9 ++- drivers/hid/hid-ids.h | 3 + drivers/hid/hid-saitek.c | 2 + drivers/infiniband/core/ucma.c | 6 ++ drivers/md/dm-raid.c | 5 ++ drivers/md/dm-thin-metadata.c | 36 ++++++++++- drivers/md/dm-thin.c | 73 +++++++++++++++++++--- drivers/net/ethernet/amazon/ena/ena_netdev.c | 10 +-- drivers/net/ethernet/amazon/ena/ena_netdev.h | 11 ++++ drivers/net/ethernet/mellanox/mlx5/core/dev.c | 7 ++- drivers/net/ethernet/realtek/r8169.c | 9 ++- drivers/nvme/target/rdma.c | 27 +++++++- drivers/pinctrl/qcom/pinctrl-msm.c | 24 +++++++ drivers/s390/net/qeth_core_main.c | 5 +- drivers/s390/net/qeth_l2_main.c | 2 +- drivers/s390/net/qeth_l3_main.c | 2 +- drivers/usb/gadget/udc/fotg210-udc.c | 15 +++-- drivers/usb/misc/yurex.c | 3 + drivers/xen/cpu_hotplug.c | 15 ++--- drivers/xen/events/events_base.c | 2 +- drivers/xen/manage.c | 6 +- fs/cifs/cifssmb.c | 11 +++- fs/cifs/misc.c | 8 +++ tools/perf/arch/powerpc/util/sym-handling.c | 4 +- tools/perf/util/evsel.c | 5 +- 30 files changed, 263 insertions(+), 54 deletions(-) -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlu7cZMACgkQ3qZv95d3 LNyMbQ//fC/jcjVOdeQmwRDBUo13zt25Eb/MeXdLdAS2NleK44wY+/e804oq3CBV qACG1CIWtP0tV0V295NrblM6xWxroPnGU8X3GdXgfT97MIByGkGEv3kU+4Nsc4c6 Gv/QlBRHcZM5QFLAk6J6nOwzEk5BKNh/XyJuaniz9DNnQGTfDMLFpN4xpFJHIZlU 5NFlcTeycPnU8ljPFxfupGQ78XVQp1QCJKT3Zrc9iPnMUDlxMdW3ERHIi3uYkyva RXrYIZJ8KYSq2RqLT8nMMiNybKy3F+20/UdfTIl7uk71AkLUB75JjWFMu9MkOWCm k0KRJ89whIN9pH5imEt7pcqFKwkyjyVT0Zk+SJQJ4Xi6+Yc0Q8p2uBteopcerwJ9 tShMyUcOSgmEctg4ujchfUalOXB2CWewV+CKyblhiiURqSTBjPZFxKtwwQF8SF/r 28MlCx8gHL9zjNpGL6z0TEp9CSPlrCjggdKca07aYZj/XJz9rV0zXh7DHNa1gUTt s7mYPZDK9RryNHVaJMss/W5eIfdy2JE1vpsQlyFgVxWxkFKmWT4iZgZwO+NqTtjd 1x1nVtw1KRnGQP748d3iBtUApsH9jS1PDer9ZJXyjVEy2jfiK6exHRcC7HGkCtz4 UTLoqw65N+bTUfGvAnlOJ8EqD9hjqLFZyTKNQ1uiK19/UDzhdp0= =nX+I -----END PGP SIGNATURE-----

7 years, 1 month

1
0
0 0

[GIT PULL] commits for Linux 4.14

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.14 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit e6abbe80c8838e9c0bdb51835e6218008fa49386: Linux 4.14.74 (2018-10-03 17:01:00 -0700) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.14-08102018 for you to fetch changes up to 3ab4f07c10e5c704c2c46d772debf0b2fb7c3467: xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage (2018-10-03 22:23:37 -0400) - ---------------------------------------------------------------- for-greg-4.14-08102018 - ---------------------------------------------------------------- Anton Vasilyev (1): usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i] Ben Hutchings (1): USB: yurex: Check for truncation in yurex_read() Ben Skeggs (2): drm/nouveau/TBDdevinit: don't fail when PMU/PRE_OS is missing from VBIOS drm/nouveau/disp: fix DP disable race Chris Phlipot (1): perf util: Fix bad memory access in trace info. Christian König (1): drm/amdgpu: fix error handling in amdgpu_cs_user_fence_chunk Dan Carpenter (1): cifs: read overflow in is_valid_oplock_break() Daniel Jurgens (1): net/mlx5: Consider PCI domain in search for next dev Hans de Goede (1): HID: sensor-hub: Restore fixup for Lenovo ThinkPad Helix 2 sensor hub report Harry Mallon (1): HID: hid-saitek: Add device ID for RAT 7 Contagion Heinz Mauelshagen (1): dm raid: fix rebuild of specific devices by updating superblock Hisao Tanabe (1): perf evsel: Fix potential null pointer dereference in perf_evsel__new_idx() Jacek Tomaka (1): perf/x86/intel: Add support/quirk for the MISPREDICT bit on Knights Landing CPUs Jann Horn (1): RDMA/ucma: check fd type in ucma_migrate_id() Joe Thornber (1): dm thin metadata: try to avoid ever aborting transactions Josh Abraham (1): xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage Julian Wiedmann (1): s390/qeth: don't dump past end of unknown HW header Kai-Heng Feng (1): r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED Martin Willi (1): netfilter: xt_cluster: add dependency on conntrack module Matt Ranostay (1): Revert "iio: temperature: maxim_thermocouple: add MAX31856 part" Miguel Ojeda (1): arm64: jump_label.h: use asm_volatile_goto macro instead of "asm goto" Netanel Belgazal (2): net: ena: fix driver when PAGE_SIZE == 64kB net: ena: fix missing calls to READ_ONCE Nilesh Javali (1): scsi: qedi: Add the CRC size within iSCSI NVM image Olaf Hering (1): xen: avoid crash in disable_hotplug_cpu Pablo Neira Ayuso (1): netfilter: conntrack: timeout interface depend on CONFIG_NF_CONNTRACK_TIMEOUT Randy Dunlap (2): arch/hexagon: fix kernel/dma.c build warning hexagon: modify ffs() and fls() to return int Sagi Grimberg (1): nvmet-rdma: fix possible bogus dereference under heavy load Sandipan Das (1): perf probe powerpc: Ignore SyS symbols irrespective of endianness Sean O'Brien (1): HID: add support for Apple Magic Keyboards Stephen Boyd (1): pinctrl: msm: Really mask level interrupts to prevent latching Stephen Rothwell (1): fs/cifs: suppress a string overflow warning Taehee Yoo (1): netfilter: nf_tables: release chain in flushing set Vincent Pelletier (1): scsi: iscsi: target: Set conn->sess to NULL when iscsi_login_set_conn_values fails Vitaly Kuznetsov (1): xen/manage: don't complain about an empty value in control/sysrq node Wenjia Zhang (1): s390/qeth: use vzalloc for QUERY OAT buffer arch/arm64/include/asm/jump_label.h | 4 +- arch/hexagon/include/asm/bitops.h | 4 +- arch/hexagon/kernel/dma.c | 2 +- arch/x86/events/intel/lbr.c | 4 ++ drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 23 ++++--- drivers/gpu/drm/nouveau/nvkm/engine/disp/dp.c | 17 +++-- drivers/gpu/drm/nouveau/nvkm/engine/disp/nv50.c | 6 +- drivers/gpu/drm/nouveau/nvkm/engine/disp/outp.c | 2 + drivers/gpu/drm/nouveau/nvkm/engine/disp/outp.h | 3 +- .../gpu/drm/nouveau/nvkm/subdev/devinit/gm200.c | 3 +- drivers/hid/hid-apple.c | 9 ++- drivers/hid/hid-ids.h | 3 + drivers/hid/hid-saitek.c | 2 + drivers/hid/hid-sensor-hub.c | 23 +++++++ drivers/iio/temperature/maxim_thermocouple.c | 1 - drivers/infiniband/core/ucma.c | 6 ++ drivers/md/dm-raid.c | 5 ++ drivers/md/dm-thin-metadata.c | 36 ++++++++++- drivers/md/dm-thin.c | 73 +++++++++++++++++++--- drivers/net/ethernet/amazon/ena/ena_com.c | 8 +-- drivers/net/ethernet/amazon/ena/ena_netdev.c | 10 +-- drivers/net/ethernet/amazon/ena/ena_netdev.h | 11 ++++ drivers/net/ethernet/mellanox/mlx5/core/dev.c | 7 ++- drivers/net/ethernet/realtek/r8169.c | 9 ++- drivers/nvme/target/rdma.c | 27 +++++++- drivers/pinctrl/qcom/pinctrl-msm.c | 24 +++++++ drivers/s390/net/qeth_core_main.c | 5 +- drivers/s390/net/qeth_l2_main.c | 2 +- drivers/s390/net/qeth_l3_main.c | 2 +- drivers/scsi/qedi/qedi.h | 7 ++- drivers/scsi/qedi/qedi_main.c | 28 +++++---- drivers/target/iscsi/iscsi_target_login.c | 8 +-- drivers/usb/gadget/udc/fotg210-udc.c | 15 +++-- drivers/usb/misc/yurex.c | 3 + drivers/xen/cpu_hotplug.c | 15 ++--- drivers/xen/events/events_base.c | 2 +- drivers/xen/manage.c | 6 +- fs/cifs/cifssmb.c | 11 +++- fs/cifs/misc.c | 8 +++ net/ipv4/netfilter/nf_conntrack_proto_icmp.c | 8 +-- net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c | 8 +-- net/netfilter/nf_conntrack_proto_dccp.c | 12 ++-- net/netfilter/nf_conntrack_proto_generic.c | 8 +-- net/netfilter/nf_conntrack_proto_gre.c | 8 +-- net/netfilter/nf_conntrack_proto_sctp.c | 14 ++--- net/netfilter/nf_conntrack_proto_tcp.c | 12 ++-- net/netfilter/nf_conntrack_proto_udp.c | 20 +++--- net/netfilter/nf_tables_api.c | 1 + net/netfilter/xt_cluster.c | 14 ++++- tools/perf/arch/powerpc/util/sym-handling.c | 4 +- tools/perf/util/evsel.c | 5 +- tools/perf/util/trace-event-info.c | 2 +- 52 files changed, 408 insertions(+), 142 deletions(-) -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlu7cYwACgkQ3qZv95d3 LNwxIg//XuOMBAUlGyM9sgqUgbHSoTCeq+NssR49ijpiK/Qa068KIBCcBFUHd9SX fBdxDbF80d56CVC34EbdltN7OjafPlVPbOnA2MAUel64pvrNNkBEEecXKXk7rOrq xnSX4wbQX/vJcdbPf1RgE4RQuSCLhRVpbCSL74W+MP9FZv9gHlF9Cfle6tVnWR6j nSVYw8Uyh4Hh3vAncf8tdBwrm2+eg7QEAalssD2mGiNdVnxWcuw30y8eUDyPI8p9 iBYhmLMrXKdrcupBHRMYv7bA/BA3fW9fBb2iOQYiuWCRe82dyFrcp6Zqu0MlzGQn TzgxnROGvujDMkRyMTcwPEISrirDWnMwUyyk4cCKl+K/sxsT+PTW/yMkLgluldLv KHmyeYNGyTXxOozTUSUmF3VcXanxM++xUGVsEP/zGn5UjO919iVjF71mqgZPUXpC bUfdcI0bdmpDnbayVQDoztidg+Ru9aRKA1DmMdBX2B/MSE6/xAZ8my3FPUJ+/Nkq YH8SypNLG4v45KGwLaVO4mPZqhMW6bFc8l/edrtNoaPuDtSwd/2YREvIY0W039Ux 6PkWPwrIa+L4eW8MjpCCmRstgma3CrMFfOwHNmvtvsvCgtxMMnSvrdqqm3PtE3Pv FylEUBHdkuU0XUJAV2kd5XwiczsokrN7G1WENuvylWYwJ+39io0= =jkO/ -----END PGP SIGNATURE-----

7 years, 1 month

1
0
0 0

[PATCH] kernel/bounds: Provide prototype for foo

by Kieran Bingham

kernel/bounds.c is recompiled on every build, and shows the following warning when compiling with W=1: CC kernel/bounds.s linux/kernel/bounds.c:16:6: warning: no previous prototype for ‘foo’ [-Wmissing-prototypes] void foo(void) ^~~ Provide a prototype to satisfy the compiler. Signed-off-by: Kieran Bingham <kieran.bingham+renesas(a)ideasonboard.com> Cc: stable(a)vger.kernel.org --- I compile all of my incremental builds with W=1, which allows me to know instantly if I add a new compiler warning in code I generate. This warning always comes up and seems trivial to clean up. --- kernel/bounds.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/kernel/bounds.c b/kernel/bounds.c index c373e887c066..60136d937800 100644 --- a/kernel/bounds.c +++ b/kernel/bounds.c @@ -13,6 +13,8 @@ #include <linux/log2.h> #include <linux/spinlock_types.h> +void foo(void); + void foo(void) { /* The enum constants to put into include/generated/bounds.h */ -- 2.17.1

7 years, 1 month

7
16
0 0

[PATCH v2] filesystem-dax: Fix dax_layout_busy_page() livelock

by Dan Williams

In the presence of multi-order entries the typical pagevec_lookup_entries() pattern may loop forever: while (index < end && pagevec_lookup_entries(&pvec, mapping, index, min(end - index, (pgoff_t)PAGEVEC_SIZE), indices)) { ... for (i = 0; i < pagevec_count(&pvec); i++) { index = indices[i]; ... } index++; /* BUG */ } The loop updates 'index' for each index found and then increments to the next possible page to continue the lookup. However, if the last entry in the pagevec is multi-order then the next possible page index is more than 1 page away. Fix this locally for the filesystem-dax case by checking for dax-multi-order entries. Going forward new users of multi-order entries need to be similarly careful, or we need a generic way to report the page increment in the radix iterator. Fixes: 5fac7408d828 ("mm, fs, dax: handle layout changes to pinned dax...") Cc: <stable(a)vger.kernel.org> Cc: Jan Kara <jack(a)suse.cz> Cc: Ross Zwisler <zwisler(a)kernel.org> Cc: Matthew Wilcox <willy(a)infradead.org> Signed-off-by: Dan Williams <dan.j.williams(a)intel.com> --- Changes in v2: * Only update nr_pages if the last entry in the pagevec is multi-order. fs/dax.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/fs/dax.c b/fs/dax.c index 4becbf168b7f..0fb270f0a0ef 100644 --- a/fs/dax.c +++ b/fs/dax.c @@ -666,6 +666,8 @@ struct page *dax_layout_busy_page(struct address_space *mapping) while (index < end && pagevec_lookup_entries(&pvec, mapping, index, min(end - index, (pgoff_t)PAGEVEC_SIZE), indices)) { + pgoff_t nr_pages = 1; + for (i = 0; i < pagevec_count(&pvec); i++) { struct page *pvec_ent = pvec.pages[i]; void *entry; @@ -680,8 +682,15 @@ struct page *dax_layout_busy_page(struct address_space *mapping) xa_lock_irq(&mapping->i_pages); entry = get_unlocked_mapping_entry(mapping, index, NULL); - if (entry) + if (entry) { page = dax_busy_page(entry); + /* + * Account for multi-order entries at + * the end of the pagevec. + */ + if (i + 1 >= pagevec_count(&pvec)) + nr_pages = 1UL << dax_radix_order(entry); + } put_unlocked_mapping_entry(mapping, index, entry); xa_unlock_irq(&mapping->i_pages); if (page) @@ -696,7 +705,7 @@ struct page *dax_layout_busy_page(struct address_space *mapping) */ pagevec_remove_exceptionals(&pvec); pagevec_release(&pvec); - index++; + index += nr_pages; if (page) break;

7 years, 1 month

2
1
0 0

FAILED: patch "[PATCH] powerpc/lib: fix book3s/32 boot failure due to code patching" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From b45ba4a51cde29b2939365ef0c07ad34c8321789 Mon Sep 17 00:00:00 2001 From: Christophe Leroy <christophe.leroy(a)c-s.fr> Date: Mon, 1 Oct 2018 12:21:10 +0000 Subject: [PATCH] powerpc/lib: fix book3s/32 boot failure due to code patching Commit 51c3c62b58b3 ("powerpc: Avoid code patching freed init sections") accesses 'init_mem_is_free' flag too early, before the kernel is relocated. This provokes early boot failure (before the console is active). As it is not necessary to do this verification that early, this patch moves the test into patch_instruction() instead of __patch_instruction(). This modification also has the advantage of avoiding unnecessary remappings. Fixes: 51c3c62b58b3 ("powerpc: Avoid code patching freed init sections") Cc: stable(a)vger.kernel.org # 4.13+ Signed-off-by: Christophe Leroy <christophe.leroy(a)c-s.fr> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> diff --git a/arch/powerpc/lib/code-patching.c b/arch/powerpc/lib/code-patching.c index 6ae2777c220d..5ffee298745f 100644 --- a/arch/powerpc/lib/code-patching.c +++ b/arch/powerpc/lib/code-patching.c @@ -28,12 +28,6 @@ static int __patch_instruction(unsigned int *exec_addr, unsigned int instr, { int err; - /* Make sure we aren't patching a freed init section */ - if (init_mem_is_free && init_section_contains(exec_addr, 4)) { - pr_debug("Skipping init section patching addr: 0x%px\n", exec_addr); - return 0; - } - __put_user_size(instr, patch_addr, 4, err); if (err) return err; @@ -148,7 +142,7 @@ static inline int unmap_patch_area(unsigned long addr) return 0; } -int patch_instruction(unsigned int *addr, unsigned int instr) +static int do_patch_instruction(unsigned int *addr, unsigned int instr) { int err; unsigned int *patch_addr = NULL; @@ -188,12 +182,22 @@ out: } #else /* !CONFIG_STRICT_KERNEL_RWX */ -int patch_instruction(unsigned int *addr, unsigned int instr) +static int do_patch_instruction(unsigned int *addr, unsigned int instr) { return raw_patch_instruction(addr, instr); } #endif /* CONFIG_STRICT_KERNEL_RWX */ + +int patch_instruction(unsigned int *addr, unsigned int instr) +{ + /* Make sure we aren't patching a freed init section */ + if (init_mem_is_free && init_section_contains(addr, 4)) { + pr_debug("Skipping init section patching addr: 0x%px\n", addr); + return 0; + } + return do_patch_instruction(addr, instr); +} NOKPROBE_SYMBOL(patch_instruction); int patch_branch(unsigned int *addr, unsigned long target, int flags)

7 years, 1 month

1
0
0 0

[PATCH stable 4.14, 4.18] bpf: 32-bit RSH verification must truncate input before the ALU op

by Daniel Borkmann

From: Jann Horn <jannh(a)google.com> [ upstream commit b799207e1e1816b09e7a5920fbb2d5fcf6edd681 ] When I wrote commit 468f6eafa6c4 ("bpf: fix 32-bit ALU op verification"), I assumed that, in order to emulate 64-bit arithmetic with 32-bit logic, it is sufficient to just truncate the output to 32 bits; and so I just moved the register size coercion that used to be at the start of the function to the end of the function. That assumption is true for almost every op, but not for 32-bit right shifts, because those can propagate information towards the least significant bit. Fix it by always truncating inputs for 32-bit ops to 32 bits. Also get rid of the coerce_reg_to_size() after the ALU op, since that has no effect. Fixes: 468f6eafa6c4 ("bpf: fix 32-bit ALU op verification") Acked-by: Daniel Borkmann <daniel(a)iogearbox.net> Signed-off-by: Jann Horn <jannh(a)google.com> Signed-off-by: Daniel Borkmann <daniel(a)iogearbox.net> --- kernel/bpf/verifier.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index adbe21c..82e8ede 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -2865,6 +2865,15 @@ static int adjust_scalar_min_max_vals(struct bpf_verifier_env *env, u64 umin_val, umax_val; u64 insn_bitness = (BPF_CLASS(insn->code) == BPF_ALU64) ? 64 : 32; + if (insn_bitness == 32) { + /* Relevant for 32-bit RSH: Information can propagate towards + * LSB, so it isn't sufficient to only truncate the output to + * 32 bits. + */ + coerce_reg_to_size(dst_reg, 4); + coerce_reg_to_size(&src_reg, 4); + } + smin_val = src_reg.smin_value; smax_val = src_reg.smax_value; umin_val = src_reg.umin_value; @@ -3100,7 +3109,6 @@ static int adjust_scalar_min_max_vals(struct bpf_verifier_env *env, if (BPF_CLASS(insn->code) != BPF_ALU64) { /* 32-bit ALU ops are (32,32)->32 */ coerce_reg_to_size(dst_reg, 4); - coerce_reg_to_size(&src_reg, 4); } __reg_deduce_bounds(dst_reg); -- 2.9.5

7 years, 1 month

2
1
0 0

Re: [PATCH 03/16] vfs: don't evict uninitialized inode

by Amir Goldstein

> Miklos, > > Seeing that it wasn't fixed in 4.18.. > > > I've nothing against applying "new primitive: discard_new_inode() now > > + this patch, but if it is deemed too risky at this point, we could > > just revert the buggy commit 80ea09a002bf ("vfs: factor out > > inode_insert5()") and its dependencies. > > > > Should we propose for stable the upstream commits: > e950564b97fd vfs: don't evict uninitialized inode > c2b6d621c4ff new primitive: discard_new_inode() > > Or should we go with the independent v1 patch: > https://patchwork.kernel.org/patch/10511969/ > Greg, To fix a 4.18 overlayfs regression please apply the following 3 upstream commits (in apply order): c2b6d621c4ff new primitive: discard_new_inode() e950564b97fd vfs: don't evict uninitialized inode 6faf05c2b2b4 ovl: set I_CREATING on inode being created Thanks, Amir.

7 years, 1 month

3
2
0 0

[PATCH 08/15] bcache: fix miss key refill->end in writeback

by Coly Li

From: Tang Junhui <tang.junhui.linux(a)gmail.com> refill->end record the last key of writeback, for example, at the first time, keys (1,128K) to (1,1024K) are flush to the backend device, but the end key (1,1024K) is not included, since the bellow code: if (bkey_cmp(k, refill->end) >= 0) { ret = MAP_DONE; goto out; } And in the next time when we refill writeback keybuf again, we searched key start from (1,1024K), and got a key bigger than it, so the key (1,1024K) missed. This patch modify the above code, and let the end key to be included to the writeback key buffer. Signed-off-by: Tang Junhui <tang.junhui.linux(a)gmail.com> Cc: stable(a)vger.kernel.org Signed-off-by: Coly Li <colyli(a)suse.de> --- drivers/md/bcache/btree.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/md/bcache/btree.c b/drivers/md/bcache/btree.c index e7d4817681f2..3f4211b5cd33 100644 --- a/drivers/md/bcache/btree.c +++ b/drivers/md/bcache/btree.c @@ -2434,7 +2434,7 @@ static int refill_keybuf_fn(struct btree_op *op, struct btree *b, struct keybuf *buf = refill->buf; int ret = MAP_CONTINUE; - if (bkey_cmp(k, refill->end) >= 0) { + if (bkey_cmp(k, refill->end) > 0) { ret = MAP_DONE; goto out; } -- 2.19.0

7 years, 1 month

1
0
0 0

[PATCH 06/15] bcache: correct dirty data statistics

by Coly Li

From: Tang Junhui <tang.junhui.linux(a)gmail.com> When bcache device is clean, dirty keys may still exist after journal replay, so we need to count these dirty keys even device in clean status, otherwise after writeback, the amount of dirty data would be incorrect. Signed-off-by: Tang Junhui <tang.junhui.linux(a)gmail.com> Cc: stable(a)vger.kernel.org Signed-off-by: Coly Li <colyli(a)suse.de> --- drivers/md/bcache/super.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/md/bcache/super.c b/drivers/md/bcache/super.c index a99af19d2f91..4989c7d4d4d0 100644 --- a/drivers/md/bcache/super.c +++ b/drivers/md/bcache/super.c @@ -1152,11 +1152,12 @@ int bch_cached_dev_attach(struct cached_dev *dc, struct cache_set *c, } if (BDEV_STATE(&dc->sb) == BDEV_STATE_DIRTY) { - bch_sectors_dirty_init(&dc->disk); atomic_set(&dc->has_dirty, 1); bch_writeback_queue(dc); } + bch_sectors_dirty_init(&dc->disk); + bch_cached_dev_run(dc); bcache_device_link(&dc->disk, c, "bdev"); atomic_inc(&c->attached_dev_nr); -- 2.19.0

7 years, 1 month

1
0
0 0

[PATCH 04/15] bcache: fix ioctl in flash device

by Coly Li

From: Tang Junhui <tang.junhui.linux(a)gmail.com> When doing ioctl in flash device, it will call ioctl_dev() in super.c, then we should not to get cached device since flash only device has no backend device. This patch just move the jugement dc->io_disable to cached_dev_ioctl() to make ioctl in flash device correctly. Fixes: 0f0709e6bfc3c ("bcache: stop bcache device when backing device is offline") Signed-off-by: Tang Junhui <tang.junhui.linux(a)gmail.com> Cc: stable(a)vger.kernel.org Signed-off-by: Coly Li <colyli(a)suse.de> --- drivers/md/bcache/request.c | 3 +++ drivers/md/bcache/super.c | 4 ---- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/drivers/md/bcache/request.c b/drivers/md/bcache/request.c index ee15fb039fd0..3bf35914bb57 100644 --- a/drivers/md/bcache/request.c +++ b/drivers/md/bcache/request.c @@ -1218,6 +1218,9 @@ static int cached_dev_ioctl(struct bcache_device *d, fmode_t mode, { struct cached_dev *dc = container_of(d, struct cached_dev, disk); + if (dc->io_disable) + return -EIO; + return __blkdev_driver_ioctl(dc->bdev, mode, cmd, arg); } diff --git a/drivers/md/bcache/super.c b/drivers/md/bcache/super.c index 448e531e8c2d..a99af19d2f91 100644 --- a/drivers/md/bcache/super.c +++ b/drivers/md/bcache/super.c @@ -647,10 +647,6 @@ static int ioctl_dev(struct block_device *b, fmode_t mode, unsigned int cmd, unsigned long arg) { struct bcache_device *d = b->bd_disk->private_data; - struct cached_dev *dc = container_of(d, struct cached_dev, disk); - - if (dc->io_disable) - return -EIO; return d->ioctl(d, mode, cmd, arg); } -- 2.19.0

7 years, 1 month

1
0
0 0

[PATCH 02/15] bcache: trace missed reading by cache_missed

by Coly Li

From: Tang Junhui <tang.junhui.linux(a)gmail.com> Missed reading IOs are identified by s->cache_missed, not the s->cache_miss, so in trace_bcache_read() using trace_bcache_read to identify whether the IO is missed or not. Signed-off-by: Tang Junhui <tang.junhui.linux(a)gmail.com> Cc: stable(a)vger.kernel.org Signed-off-by: Coly Li <colyli(a)suse.de> --- drivers/md/bcache/request.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/md/bcache/request.c b/drivers/md/bcache/request.c index 51be355a3309..4946d486f734 100644 --- a/drivers/md/bcache/request.c +++ b/drivers/md/bcache/request.c @@ -850,7 +850,7 @@ static void cached_dev_read_done_bh(struct closure *cl) bch_mark_cache_accounting(s->iop.c, s->d, !s->cache_missed, s->iop.bypass); - trace_bcache_read(s->orig_bio, !s->cache_miss, s->iop.bypass); + trace_bcache_read(s->orig_bio, !s->cache_missed, s->iop.bypass); if (s->iop.status) continue_at_nobarrier(cl, cached_dev_read_error, bcache_wq); -- 2.19.0

7 years, 1 month

1
0
0 0

[PATCH AUTOSEL 4.18 01/48] ASoC: dapm: Fix NULL pointer deference on CODEC to CODEC DAIs

by Sasha Levin

From: Charles Keepax <ckeepax(a)opensource.cirrus.com> [ Upstream commit 249dc49576fc953a7378b916c6a6d47ea81e4da2 ] Commit a655de808cbde ("ASoC: core: Allow topology to override machine driver FE DAI link config.") caused soc_dai_hw_params to be come dependent on the substream private_data being set with a pointer to the snd_soc_pcm_runtime. Currently, CODEC to CODEC links don't set this, which causes a NULL pointer dereference: [<4069de54>] (soc_dai_hw_params) from [<40694b68>] (snd_soc_dai_link_event+0x1a0/0x380) Since the ASoC core in general assumes that the substream private_data will be set to a pointer to the snd_soc_pcm_runtime, update the CODEC to CODEC links to respect this. Signed-off-by: Charles Keepax <ckeepax(a)opensource.cirrus.com> Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- include/sound/soc-dapm.h | 1 + sound/soc/soc-core.c | 4 ++-- sound/soc/soc-dapm.c | 4 ++++ 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/include/sound/soc-dapm.h b/include/sound/soc-dapm.h index a6ce2de4e20a..be3bee1cf91f 100644 --- a/include/sound/soc-dapm.h +++ b/include/sound/soc-dapm.h @@ -410,6 +410,7 @@ int snd_soc_dapm_new_dai_widgets(struct snd_soc_dapm_context *dapm, int snd_soc_dapm_link_dai_widgets(struct snd_soc_card *card); void snd_soc_dapm_connect_dai_link_widgets(struct snd_soc_card *card); int snd_soc_dapm_new_pcm(struct snd_soc_card *card, + struct snd_soc_pcm_runtime *rtd, const struct snd_soc_pcm_stream *params, unsigned int num_params, struct snd_soc_dapm_widget *source, diff --git a/sound/soc/soc-core.c b/sound/soc/soc-core.c index 4663de3cf495..0b4896d411f9 100644 --- a/sound/soc/soc-core.c +++ b/sound/soc/soc-core.c @@ -1430,7 +1430,7 @@ static int soc_link_dai_widgets(struct snd_soc_card *card, sink = codec_dai->playback_widget; source = cpu_dai->capture_widget; if (sink && source) { - ret = snd_soc_dapm_new_pcm(card, dai_link->params, + ret = snd_soc_dapm_new_pcm(card, rtd, dai_link->params, dai_link->num_params, source, sink); if (ret != 0) { @@ -1443,7 +1443,7 @@ static int soc_link_dai_widgets(struct snd_soc_card *card, sink = cpu_dai->playback_widget; source = codec_dai->capture_widget; if (sink && source) { - ret = snd_soc_dapm_new_pcm(card, dai_link->params, + ret = snd_soc_dapm_new_pcm(card, rtd, dai_link->params, dai_link->num_params, source, sink); if (ret != 0) { diff --git a/sound/soc/soc-dapm.c b/sound/soc/soc-dapm.c index a099c3e45504..577f6178af57 100644 --- a/sound/soc/soc-dapm.c +++ b/sound/soc/soc-dapm.c @@ -3658,6 +3658,7 @@ static int snd_soc_dai_link_event(struct snd_soc_dapm_widget *w, { struct snd_soc_dapm_path *source_p, *sink_p; struct snd_soc_dai *source, *sink; + struct snd_soc_pcm_runtime *rtd = w->priv; const struct snd_soc_pcm_stream *config = w->params + w->params_select; struct snd_pcm_substream substream; struct snd_pcm_hw_params *params = NULL; @@ -3717,6 +3718,7 @@ static int snd_soc_dai_link_event(struct snd_soc_dapm_widget *w, goto out; } substream.runtime = runtime; + substream.private_data = rtd; switch (event) { case SND_SOC_DAPM_PRE_PMU: @@ -3901,6 +3903,7 @@ snd_soc_dapm_alloc_kcontrol(struct snd_soc_card *card, } int snd_soc_dapm_new_pcm(struct snd_soc_card *card, + struct snd_soc_pcm_runtime *rtd, const struct snd_soc_pcm_stream *params, unsigned int num_params, struct snd_soc_dapm_widget *source, @@ -3969,6 +3972,7 @@ int snd_soc_dapm_new_pcm(struct snd_soc_card *card, w->params = params; w->num_params = num_params; + w->priv = rtd; ret = snd_soc_dapm_add_path(&card->dapm, source, w, NULL, NULL); if (ret) -- 2.17.1

7 years, 1 month

3
51
0 0

[PATCH] percpu: stop leaking bitmap metadata blocks

by Mike Rapoport

The commit ca460b3c9627 ("percpu: introduce bitmap metadata blocks") introduced bitmap metadata blocks. These metadata blocks are allocated whenever a new chunk is created, but they are never freed. Fix it. Fixes: ca460b3c9627 ("percpu: introduce bitmap metadata blocks") Signed-off-by: Mike Rapoport <rppt(a)linux.vnet.ibm.com> Cc: stable(a)vger.kernel.org --- mm/percpu.c | 1 + 1 file changed, 1 insertion(+) diff --git a/mm/percpu.c b/mm/percpu.c index d21cb13..25104cd 100644 --- a/mm/percpu.c +++ b/mm/percpu.c @@ -1212,6 +1212,7 @@ static void pcpu_free_chunk(struct pcpu_chunk *chunk) { if (!chunk) return; + pcpu_mem_free(chunk->md_blocks); pcpu_mem_free(chunk->bound_map); pcpu_mem_free(chunk->alloc_map); pcpu_mem_free(chunk); -- 2.7.4

7 years, 1 month

2
1
0 0

[PATCH v2 03/29] clk: sunxi-ng: Use u64 for calculation of NM rate

by Jernej Skrabec

Allwinner H6 SoC has multiplier N range between 1 and 254. Since parent rate is 24MHz, intermediate result when calculating final rate easily overflows 32 bit variable. Because of that, introduce function for calculating clock rate which uses 64 bit variable for intermediate result. Fixes: 6174a1e24b0d ("clk: sunxi-ng: Add N-M-factor clock support") Fixes: ee28648cb2b4 ("clk: sunxi-ng: Remove the use of rational computations") CC: <stable(a)vger.kernel.org> Signed-off-by: Jernej Skrabec <jernej.skrabec(a)siol.net> --- drivers/clk/sunxi-ng/ccu_nm.c | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/drivers/clk/sunxi-ng/ccu_nm.c b/drivers/clk/sunxi-ng/ccu_nm.c index 6fe3c14f7b2d..424d8635b053 100644 --- a/drivers/clk/sunxi-ng/ccu_nm.c +++ b/drivers/clk/sunxi-ng/ccu_nm.c @@ -19,6 +19,17 @@ struct _ccu_nm { unsigned long m, min_m, max_m; }; +static unsigned long ccu_nm_calc_rate(unsigned long parent, + unsigned long n, unsigned long m) +{ + u64 rate = parent; + + rate *= n; + do_div(rate, m); + + return rate; +} + static void ccu_nm_find_best(unsigned long parent, unsigned long rate, struct _ccu_nm *nm) { @@ -28,7 +39,8 @@ static void ccu_nm_find_best(unsigned long parent, unsigned long rate, for (_n = nm->min_n; _n <= nm->max_n; _n++) { for (_m = nm->min_m; _m <= nm->max_m; _m++) { - unsigned long tmp_rate = parent * _n / _m; + unsigned long tmp_rate = ccu_nm_calc_rate(parent, + _n, _m); if (tmp_rate > rate) continue; @@ -100,7 +112,7 @@ static unsigned long ccu_nm_recalc_rate(struct clk_hw *hw, if (ccu_sdm_helper_is_enabled(&nm->common, &nm->sdm)) rate = ccu_sdm_helper_read_rate(&nm->common, &nm->sdm, m, n); else - rate = parent_rate * n / m; + rate = ccu_nm_calc_rate(parent_rate, n, m); if (nm->common.features & CCU_FEATURE_FIXED_POSTDIV) rate /= nm->fixed_post_div; @@ -149,7 +161,7 @@ static long ccu_nm_round_rate(struct clk_hw *hw, unsigned long rate, _nm.max_m = nm->m.max ?: 1 << nm->m.width; ccu_nm_find_best(*parent_rate, rate, &_nm); - rate = *parent_rate * _nm.n / _nm.m; + rate = ccu_nm_calc_rate(*parent_rate, _nm.n, _nm.m); if (nm->common.features & CCU_FEATURE_FIXED_POSTDIV) rate /= nm->fixed_post_div; -- 2.19.0

7 years, 1 month

1
0
0 0

[PATCH] filesystem-dax: Fix dax_layout_busy_page() livelock

by Dan Williams

In the presence of multi-order entries the typical pagevec_lookup_entries() pattern may loop forever: while (index < end && pagevec_lookup_entries(&pvec, mapping, index, min(end - index, (pgoff_t)PAGEVEC_SIZE), indices)) { ... for (i = 0; i < pagevec_count(&pvec); i++) { index = indices[i]; ... } index++; /* BUG */ } The loop updates 'index' for each index found and then increments to the next possible page to continue the lookup. However, if the last entry in the pagevec is multi-order then the next possible page index is more than 1 page away. Fix this locally for the filesystem-dax case by checking for dax-multi-order entries. Going forward new users of multi-order entries need to be similarly careful, or we need a generic way to report the page increment in the radix iterator. Fixes: 5fac7408d828 ("mm, fs, dax: handle layout changes to pinned dax...") Cc: <stable(a)vger.kernel.org> Cc: Jan Kara <jack(a)suse.cz> Cc: Ross Zwisler <zwisler(a)kernel.org> Cc: Matthew Wilcox <willy(a)infradead.org> Signed-off-by: Dan Williams <dan.j.williams(a)intel.com> --- fs/dax.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/fs/dax.c b/fs/dax.c index 4becbf168b7f..c1472eede1f7 100644 --- a/fs/dax.c +++ b/fs/dax.c @@ -666,6 +666,8 @@ struct page *dax_layout_busy_page(struct address_space *mapping) while (index < end && pagevec_lookup_entries(&pvec, mapping, index, min(end - index, (pgoff_t)PAGEVEC_SIZE), indices)) { + pgoff_t nr_pages = 1; + for (i = 0; i < pagevec_count(&pvec); i++) { struct page *pvec_ent = pvec.pages[i]; void *entry; @@ -680,8 +682,11 @@ struct page *dax_layout_busy_page(struct address_space *mapping) xa_lock_irq(&mapping->i_pages); entry = get_unlocked_mapping_entry(mapping, index, NULL); - if (entry) + if (entry) { page = dax_busy_page(entry); + /* account for multi-order entries */ + nr_pages = 1UL << dax_radix_order(entry); + } put_unlocked_mapping_entry(mapping, index, entry); xa_unlock_irq(&mapping->i_pages); if (page) @@ -696,7 +701,7 @@ struct page *dax_layout_busy_page(struct address_space *mapping) */ pagevec_remove_exceptionals(&pvec); pagevec_release(&pvec); - index++; + index += nr_pages; if (page) break;

7 years, 1 month

1
1
0 0

please apply d41aa5252394 ("mm: madvise(MADV_DODUMP): allow hugetlbfs pages")

by Daniel Black

This is a bugfix on 0103bd16fb90 which exists in 3.16+ stable trees Mike Kravetz confirmed this as a regression: https://marc.info/?l=linux-mm&m=153843190414206&w=2 Thanks -- Daniel Black

7 years, 1 month

2
1
0 0

[PATCH stable 0/2] termios: Alpha BOTHER/IBSHIFT, tty_baudrate fix

by H. Peter Anvin

From: "H. Peter Anvin (Intel)" <hpa(a)zytor.com> It turns out that Alpha is the only architecture that never implemented BOTHER and IBSHIFT, which is otherwise ages old. This is one thing that has held up glibc support for this feature (all other architectures have supported these for about a decade, at least before the current 3.2 glibc cutoff.) Furthermore, in the process of dealing with this, I discovered that the current code in tty_baudrate.c can read past the end of the baud_table[] on Alpha and PowerPC. The second patch in this series fixes that, but it also cleans up the code substantially by auto-generating the table and, since all architectures now have them, removing all conditionals for BOTHER and IBSHIFT existing. Tagging for stable because these are concrete problems. I have a much bigger update in process, nearly done, which will clean up a lot of duplicated code and make the uapi headers usable for libc, but that is not critical on the same level. Tested on x86, compile-tested on Alpha. Signed-off-by: H. Peter Anvin (Intel) <hpa(a)zytor.com> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Jiri Slaby <jslaby(a)suse.com> Cc: Al Viro <viro(a)zeniv.linux.org.uk> Cc: Richard Henderson <rth(a)twiddle.net> Cc: Ivan Kokshaysky <ink(a)jurassic.park.msu.ru> Cc: Matt Turner <mattst88(a)gmail.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Kate Stewart <kstewart(a)linuxfoundation.org> Cc: Philippe Ombredanne <pombredanne(a)nexb.com> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Eugene Syromiatnikov <esyr(a)redhat.com> Cc: <linux-alpha(a)vger.kernel.org> Cc: <linux-serial(a)vger.kernel.org> Cc: Johan Hovold <johan(a)kernel.org> Cc: Alan Cox <alan(a)lxorguk.ukuu.org.uk> Cc: Benjamin Herrenschmidt <benh(a)kernel.crashing.org> Cc: Paul Mackerras <paulus(a)samba.org> Cc: Michael Ellerman <mpe(a)ellerman.id.au> Cc: <stable(a)vger.kernel.org> --- arch/alpha/include/asm/termios.h | 8 +- arch/alpha/include/uapi/asm/ioctls.h | 5 + arch/alpha/include/uapi/asm/termbits.h | 17 +++ drivers/tty/.gitignore | 1 + drivers/tty/Makefile | 16 +++ drivers/tty/bmacros.c | 2 + drivers/tty/tty_baudrate.c | 190 +++++++++++++-------------------- 7 files changed, 122 insertions(+), 117 deletions(-)

7 years, 1 month

1
2
0 0

[PATCH] remoteproc: qcom: q6v5: Propagate EPROBE_DEFER

by Bjorn Andersson

In the case that the interrupts fail to result because of the interrupt-controller not yet being registered the platform_get_irq_byname() call will fail with -EPROBE_DEFER, but passing this into devm_request_threaded_irq() will result in -EINVAL being returned, the driver is therefor not reprobed later. Fixes: 3b415c8fb263 ("remoteproc: q6v5: Extract common resource handling") Cc: stable(a)vger.kernel.org Signed-off-by: Bjorn Andersson <bjorn.andersson(a)linaro.org> --- drivers/remoteproc/qcom_q6v5.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/drivers/remoteproc/qcom_q6v5.c b/drivers/remoteproc/qcom_q6v5.c index 61a760ee4aac..e9ab90c19304 100644 --- a/drivers/remoteproc/qcom_q6v5.c +++ b/drivers/remoteproc/qcom_q6v5.c @@ -198,6 +198,9 @@ int qcom_q6v5_init(struct qcom_q6v5 *q6v5, struct platform_device *pdev, } q6v5->fatal_irq = platform_get_irq_byname(pdev, "fatal"); + if (q6v5->fatal_irq == -EPROBE_DEFER) + return -EPROBE_DEFER; + ret = devm_request_threaded_irq(&pdev->dev, q6v5->fatal_irq, NULL, q6v5_fatal_interrupt, IRQF_TRIGGER_RISING | IRQF_ONESHOT, @@ -208,6 +211,9 @@ int qcom_q6v5_init(struct qcom_q6v5 *q6v5, struct platform_device *pdev, } q6v5->ready_irq = platform_get_irq_byname(pdev, "ready"); + if (q6v5->ready_irq == -EPROBE_DEFER) + return -EPROBE_DEFER; + ret = devm_request_threaded_irq(&pdev->dev, q6v5->ready_irq, NULL, q6v5_ready_interrupt, IRQF_TRIGGER_RISING | IRQF_ONESHOT, @@ -218,6 +224,9 @@ int qcom_q6v5_init(struct qcom_q6v5 *q6v5, struct platform_device *pdev, } q6v5->handover_irq = platform_get_irq_byname(pdev, "handover"); + if (q6v5->handover_irq == -EPROBE_DEFER) + return -EPROBE_DEFER; + ret = devm_request_threaded_irq(&pdev->dev, q6v5->handover_irq, NULL, q6v5_handover_interrupt, IRQF_TRIGGER_RISING | IRQF_ONESHOT, @@ -229,6 +238,9 @@ int qcom_q6v5_init(struct qcom_q6v5 *q6v5, struct platform_device *pdev, disable_irq(q6v5->handover_irq); q6v5->stop_irq = platform_get_irq_byname(pdev, "stop-ack"); + if (q6v5->stop_irq == -EPROBE_DEFER) + return -EPROBE_DEFER; + ret = devm_request_threaded_irq(&pdev->dev, q6v5->stop_irq, NULL, q6v5_stop_interrupt, IRQF_TRIGGER_RISING | IRQF_ONESHOT, -- 2.18.0

7 years, 1 month

2
2
0 0

[PATCH] jbd2: Fix use after free in jbd2_log_do_checkpoint()

by Jan Kara

The code cleaning transaction's lists of checkpoint buffers has a bug where it increases bh refcount only after releasing journal->j_list_lock. Thus the following race is possible: CPU0 CPU1 jbd2_log_do_checkpoint() jbd2_journal_try_to_free_buffers() __journal_try_to_free_buffer(bh) ... while (transaction->t_checkpoint_io_list) ... if (buffer_locked(bh)) { <-- IO completes now, buffer gets unlocked --> spin_unlock(&journal->j_list_lock); spin_lock(&journal->j_list_lock); __jbd2_journal_remove_checkpoint(jh); spin_unlock(&journal->j_list_lock); try_to_free_buffers(page); get_bh(bh) <-- accesses freed bh Fix the problem by grabbing bh reference before unlocking journal->j_list_lock. Fixes: dc6e8d669cf5cb3ff84707c372c0a2a8a5e80845 Fixes: be1158cc615fd723552f0d9912087423c7cadda5 Reported-by: syzbot+7f4a27091759e2fe7453(a)syzkaller.appspotmail.com CC: stable(a)vger.kernel.org Signed-off-by: Jan Kara <jack(a)suse.cz> --- fs/jbd2/checkpoint.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/jbd2/checkpoint.c b/fs/jbd2/checkpoint.c index c125d662777c..26f8d7e46462 100644 --- a/fs/jbd2/checkpoint.c +++ b/fs/jbd2/checkpoint.c @@ -251,8 +251,8 @@ int jbd2_log_do_checkpoint(journal_t *journal) bh = jh2bh(jh); if (buffer_locked(bh)) { - spin_unlock(&journal->j_list_lock); get_bh(bh); + spin_unlock(&journal->j_list_lock); wait_on_buffer(bh); /* the journal_head may have gone by now */ BUFFER_TRACE(bh, "brelse"); @@ -333,8 +333,8 @@ int jbd2_log_do_checkpoint(journal_t *journal) jh = transaction->t_checkpoint_io_list; bh = jh2bh(jh); if (buffer_locked(bh)) { - spin_unlock(&journal->j_list_lock); get_bh(bh); + spin_unlock(&journal->j_list_lock); wait_on_buffer(bh); /* the journal_head may have gone by now */ BUFFER_TRACE(bh, "brelse"); -- 2.16.4

7 years, 1 month

4
8
0 0

[patch 13/14] ocfs2: fix locking for res->tracking and dlm->tracking_list

by akpm＠linux-foundation.org

From: Ashish Samant <ashish.samant(a)oracle.com> Subject: ocfs2: fix locking for res->tracking and dlm->tracking_list In dlm_init_lockres() we access and modify res->tracking and dlm->tracking_list without holding dlm->track_lock. This can cause list corruptions and can end up in kernel panic. Fix this by locking res->tracking and dlm->tracking_list with dlm->track_lock instead of dlm->spinlock. Link: http://lkml.kernel.org/r/1529951192-4686-1-git-send-email-ashish.samant@ora… Signed-off-by: Ashish Samant <ashish.samant(a)oracle.com> Reviewed-by: Changwei Ge <ge.changwei(a)h3c.com> Acked-by: Joseph Qi <jiangqi903(a)gmail.com> Acked-by: Jun Piao <piaojun(a)huawei.com> Cc: Mark Fasheh <mark(a)fasheh.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Changwei Ge <ge.changwei(a)h3c.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/ocfs2/dlm/dlmmaster.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/fs/ocfs2/dlm/dlmmaster.c~ocfs2-fix-locking-for-res-tracking-and-dlm-tracking_list +++ a/fs/ocfs2/dlm/dlmmaster.c @@ -584,9 +584,9 @@ static void dlm_init_lockres(struct dlm_ res->last_used = 0; - spin_lock(&dlm->spinlock); + spin_lock(&dlm->track_lock); list_add_tail(&res->tracking, &dlm->tracking_list); - spin_unlock(&dlm->spinlock); + spin_unlock(&dlm->track_lock); memset(res->lvb, 0, DLM_LVB_LEN); memset(res->refmap, 0, sizeof(res->refmap)); _

7 years, 1 month

1
0
0 0

[patch 11/14] mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly

by akpm＠linux-foundation.org

From: Jann Horn <jannh(a)google.com> Subject: mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly 5dd0b16cdaff ("mm/vmstat: Make NR_TLB_REMOTE_FLUSH_RECEIVED available even on UP") made the availability of the NR_TLB_REMOTE_FLUSH* counters inside the kernel unconditional to reduce #ifdef soup, but (either to avoid showing dummy zero counters to userspace, or because that code was missed) didn't update the vmstat_array, meaning that all following counters would be shown with incorrect values. This only affects kernel builds with CONFIG_VM_EVENT_COUNTERS=y && CONFIG_DEBUG_TLBFLUSH=y && CONFIG_SMP=n. Link: http://lkml.kernel.org/r/20181001143138.95119-2-jannh@google.com Fixes: 5dd0b16cdaff ("mm/vmstat: Make NR_TLB_REMOTE_FLUSH_RECEIVED available even on UP") Signed-off-by: Jann Horn <jannh(a)google.com> Reviewed-by: Kees Cook <keescook(a)chromium.org> Reviewed-by: Andrew Morton <akpm(a)linux-foundation.org> Acked-by: Michal Hocko <mhocko(a)suse.com> Acked-by: Roman Gushchin <guro(a)fb.com> Cc: Davidlohr Bueso <dave(a)stgolabs.net> Cc: Oleg Nesterov <oleg(a)redhat.com> Cc: Christoph Lameter <clameter(a)sgi.com> Cc: Kemi Wang <kemi.wang(a)intel.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Ingo Molnar <mingo(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/vmstat.c | 3 +++ 1 file changed, 3 insertions(+) --- a/mm/vmstat.c~mm-vmstat-skip-nr_tlb_remote_flush-properly +++ a/mm/vmstat.c @@ -1275,6 +1275,9 @@ const char * const vmstat_text[] = { #ifdef CONFIG_SMP "nr_tlb_remote_flush", "nr_tlb_remote_flush_received", +#else + "", /* nr_tlb_remote_flush */ + "", /* nr_tlb_remote_flush_received */ #endif /* CONFIG_SMP */ "nr_tlb_local_flush_all", "nr_tlb_local_flush_one", _

7 years, 1 month

1
0
0 0

[patch 09/14] proc: restrict kernel stack dumps to root

by akpm＠linux-foundation.org

From: Jann Horn <jannh(a)google.com> Subject: proc: restrict kernel stack dumps to root Currently, you can use /proc/self/task/*/stack to cause a stack walk on a task you control while it is running on another CPU. That means that the stack can change under the stack walker. The stack walker does have guards against going completely off the rails and into random kernel memory, but it can interpret random data from your kernel stack as instruction pointers and stack pointers. This can cause exposure of kernel stack contents to userspace. Restrict the ability to inspect kernel stacks of arbitrary tasks to root in order to prevent a local attacker from exploiting racy stack unwinding to leak kernel task stack contents. See the added comment for a longer rationale. There don't seem to be any users of this userspace API that can't gracefully bail out if reading from the file fails. Therefore, I believe that this change is unlikely to break things. In the case that this patch does end up needing a revert, the next-best solution might be to fake a single-entry stack based on wchan. Link: http://lkml.kernel.org/r/20180927153316.200286-1-jannh@google.com Fixes: 2ec220e27f50 ("proc: add /proc/*/stack") Signed-off-by: Jann Horn <jannh(a)google.com> Acked-by: Kees Cook <keescook(a)chromium.org> Cc: Alexey Dobriyan <adobriyan(a)gmail.com> Cc: Ken Chen <kenchen(a)google.com> Cc: Will Deacon <will.deacon(a)arm.com> Cc: Laura Abbott <labbott(a)redhat.com> Cc: Andy Lutomirski <luto(a)amacapital.net> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Josh Poimboeuf <jpoimboe(a)redhat.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: "H . Peter Anvin" <hpa(a)zytor.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/proc/base.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) --- a/fs/proc/base.c~proc-restrict-kernel-stack-dumps-to-root +++ a/fs/proc/base.c @@ -407,6 +407,20 @@ static int proc_pid_stack(struct seq_fil unsigned long *entries; int err; + /* + * The ability to racily run the kernel stack unwinder on a running task + * and then observe the unwinder output is scary; while it is useful for + * debugging kernel issues, it can also allow an attacker to leak kernel + * stack contents. + * Doing this in a manner that is at least safe from races would require + * some work to ensure that the remote task can not be scheduled; and + * even then, this would still expose the unwinder as local attack + * surface. + * Therefore, this interface is restricted to root. + */ + if (!file_ns_capable(m->file, &init_user_ns, CAP_SYS_ADMIN)) + return -EACCES; + entries = kmalloc_array(MAX_STACK_TRACE_DEPTH, sizeof(*entries), GFP_KERNEL); if (!entries) _

7 years, 1 month

1
0
0 0

[patch 04/14] mm, thp: fix mlocking THP page with migration enabled

by akpm＠linux-foundation.org

From: "Kirill A. Shutemov" <kirill.shutemov(a)linux.intel.com> Subject: mm, thp: fix mlocking THP page with migration enabled A transparent huge page is represented by a single entry on an LRU list. Therefore, we can only make unevictable an entire compound page, not individual subpages. If a user tries to mlock() part of a huge page, we want the rest of the page to be reclaimable. We handle this by keeping PTE-mapped huge pages on normal LRU lists: the PMD on border of VM_LOCKED VMA will be split into PTE table. Introduction of THP migration breaks[1] the rules around mlocking THP pages. If we had a single PMD mapping of the page in mlocked VMA, the page will get mlocked, regardless of PTE mappings of the page. For tmpfs/shmem it's easy to fix by checking PageDoubleMap() in remove_migration_pmd(). Anon THP pages can only be shared between processes via fork(). Mlocked page can only be shared if parent mlocked it before forking, otherwise CoW will be triggered on mlock(). For Anon-THP, we can fix the issue by munlocking the page on removing PTE migration entry for the page. PTEs for the page will always come after mlocked PMD: rmap walks VMAs from oldest to newest. Test-case: #include <unistd.h> #include <sys/mman.h> #include <sys/wait.h> #include <linux/mempolicy.h> #include <numaif.h> int main(void) { unsigned long nodemask = 4; void *addr; addr = mmap((void *)0x20000000UL, 2UL << 20, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS | MAP_LOCKED, -1, 0); if (fork()) { wait(NULL); return 0; } mlock(addr, 4UL << 10); mbind(addr, 2UL << 20, MPOL_PREFERRED | MPOL_F_RELATIVE_NODES, &nodemask, 4, MPOL_MF_MOVE); return 0; } [1] https://lkml.kernel.org/r/CAOMGZ=G52R-30rZvhGxEbkTw7rLLwBGadVYeo--iizcD3upL… Link: http://lkml.kernel.org/r/20180917133816.43995-1-kirill.shutemov@linux.intel… Fixes: 616b8371539a ("mm: thp: enable thp migration in generic path") Signed-off-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Reported-by: Vegard Nossum <vegard.nossum(a)oracle.com> Reviewed-by: Zi Yan <zi.yan(a)cs.rutgers.edu> Cc: Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: <stable(a)vger.kernel.org> [4.14+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/huge_memory.c | 2 +- mm/migrate.c | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) --- a/mm/huge_memory.c~mm-thp-fix-mlocking-thp-page-with-migration-enabled +++ a/mm/huge_memory.c @@ -2931,7 +2931,7 @@ void remove_migration_pmd(struct page_vm else page_add_file_rmap(new, true); set_pmd_at(mm, mmun_start, pvmw->pmd, pmde); - if (vma->vm_flags & VM_LOCKED) + if ((vma->vm_flags & VM_LOCKED) && !PageDoubleMap(new)) mlock_vma_page(new); update_mmu_cache_pmd(vma, address, pvmw->pmd); } --- a/mm/migrate.c~mm-thp-fix-mlocking-thp-page-with-migration-enabled +++ a/mm/migrate.c @@ -275,6 +275,9 @@ static bool remove_migration_pte(struct if (vma->vm_flags & VM_LOCKED && !PageTransCompound(new)) mlock_vma_page(new); + if (PageTransHuge(page) && PageMlocked(page)) + clear_page_mlock(page); + /* No need to invalidate - it was non-present before */ update_mmu_cache(vma, pvmw.address, pvmw.pte); } _

7 years, 1 month

1
0
0 0

[patch 01/14] mm: migration: fix migration of huge PMD shared pages

by akpm＠linux-foundation.org

From: Mike Kravetz <mike.kravetz(a)oracle.com> Subject: mm: migration: fix migration of huge PMD shared pages The page migration code employs try_to_unmap() to try and unmap the source page. This is accomplished by using rmap_walk to find all vmas where the page is mapped. This search stops when page mapcount is zero. For shared PMD huge pages, the page map count is always 1 no matter the number of mappings. Shared mappings are tracked via the reference count of the PMD page. Therefore, try_to_unmap stops prematurely and does not completely unmap all mappings of the source page. This problem can result is data corruption as writes to the original source page can happen after contents of the page are copied to the target page. Hence, data is lost. This problem was originally seen as DB corruption of shared global areas after a huge page was soft offlined due to ECC memory errors. DB developers noticed they could reproduce the issue by (hotplug) offlining memory used to back huge pages. A simple testcase can reproduce the problem by creating a shared PMD mapping (note that this must be at least PUD_SIZE in size and PUD_SIZE aligned (1GB on x86)), and using migrate_pages() to migrate process pages between nodes while continually writing to the huge pages being migrated. To fix, have the try_to_unmap_one routine check for huge PMD sharing by calling huge_pmd_unshare for hugetlbfs huge pages. If it is a shared mapping it will be 'unshared' which removes the page table entry and drops the reference on the PMD page. After this, flush caches and TLB. mmu notifiers are called before locking page tables, but we can not be sure of PMD sharing until page tables are locked. Therefore, check for the possibility of PMD sharing before locking so that notifiers can prepare for the worst possible case. Link: http://lkml.kernel.org/r/20180823205917.16297-2-mike.kravetz@oracle.com [mike.kravetz(a)oracle.com: make _range_in_vma() a static inline] Link: http://lkml.kernel.org/r/6063f215-a5c8-2f0c-465a-2c515ddc952d@oracle.com Fixes: 39dde65c9940 ("shared page table for hugetlb page") Signed-off-by: Mike Kravetz <mike.kravetz(a)oracle.com> Acked-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Reviewed-by: Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Davidlohr Bueso <dave(a)stgolabs.net> Cc: Jerome Glisse <jglisse(a)redhat.com> Cc: Mike Kravetz <mike.kravetz(a)oracle.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/hugetlb.h | 14 ++++++++++++ include/linux/mm.h | 6 +++++ mm/hugetlb.c | 37 +++++++++++++++++++++++++++++++-- mm/rmap.c | 42 +++++++++++++++++++++++++++++++++++--- 4 files changed, 94 insertions(+), 5 deletions(-) --- a/include/linux/hugetlb.h~mm-migration-fix-migration-of-huge-pmd-shared-pages +++ a/include/linux/hugetlb.h @@ -140,6 +140,8 @@ pte_t *huge_pte_alloc(struct mm_struct * pte_t *huge_pte_offset(struct mm_struct *mm, unsigned long addr, unsigned long sz); int huge_pmd_unshare(struct mm_struct *mm, unsigned long *addr, pte_t *ptep); +void adjust_range_if_pmd_sharing_possible(struct vm_area_struct *vma, + unsigned long *start, unsigned long *end); struct page *follow_huge_addr(struct mm_struct *mm, unsigned long address, int write); struct page *follow_huge_pd(struct vm_area_struct *vma, @@ -170,6 +172,18 @@ static inline unsigned long hugetlb_tota return 0; } +static inline int huge_pmd_unshare(struct mm_struct *mm, unsigned long *addr, + pte_t *ptep) +{ + return 0; +} + +static inline void adjust_range_if_pmd_sharing_possible( + struct vm_area_struct *vma, + unsigned long *start, unsigned long *end) +{ +} + #define follow_hugetlb_page(m,v,p,vs,a,b,i,w,n) ({ BUG(); 0; }) #define follow_huge_addr(mm, addr, write) ERR_PTR(-EINVAL) #define copy_hugetlb_page_range(src, dst, vma) ({ BUG(); 0; }) --- a/include/linux/mm.h~mm-migration-fix-migration-of-huge-pmd-shared-pages +++ a/include/linux/mm.h @@ -2455,6 +2455,12 @@ static inline struct vm_area_struct *fin return vma; } +static inline bool range_in_vma(struct vm_area_struct *vma, + unsigned long start, unsigned long end) +{ + return (vma && vma->vm_start <= start && end <= vma->vm_end); +} + #ifdef CONFIG_MMU pgprot_t vm_get_page_prot(unsigned long vm_flags); void vma_set_page_prot(struct vm_area_struct *vma); --- a/mm/hugetlb.c~mm-migration-fix-migration-of-huge-pmd-shared-pages +++ a/mm/hugetlb.c @@ -4545,13 +4545,41 @@ static bool vma_shareable(struct vm_area /* * check on proper vm_flags and page table alignment */ - if (vma->vm_flags & VM_MAYSHARE && - vma->vm_start <= base && end <= vma->vm_end) + if (vma->vm_flags & VM_MAYSHARE && range_in_vma(vma, base, end)) return true; return false; } /* + * Determine if start,end range within vma could be mapped by shared pmd. + * If yes, adjust start and end to cover range associated with possible + * shared pmd mappings. + */ +void adjust_range_if_pmd_sharing_possible(struct vm_area_struct *vma, + unsigned long *start, unsigned long *end) +{ + unsigned long check_addr = *start; + + if (!(vma->vm_flags & VM_MAYSHARE)) + return; + + for (check_addr = *start; check_addr < *end; check_addr += PUD_SIZE) { + unsigned long a_start = check_addr & PUD_MASK; + unsigned long a_end = a_start + PUD_SIZE; + + /* + * If sharing is possible, adjust start/end if necessary. + */ + if (range_in_vma(vma, a_start, a_end)) { + if (a_start < *start) + *start = a_start; + if (a_end > *end) + *end = a_end; + } + } +} + +/* * Search for a shareable pmd page for hugetlb. In any case calls pmd_alloc() * and returns the corresponding pte. While this is not necessary for the * !shared pmd case because we can allocate the pmd later as well, it makes the @@ -4648,6 +4676,11 @@ int huge_pmd_unshare(struct mm_struct *m { return 0; } + +void adjust_range_if_pmd_sharing_possible(struct vm_area_struct *vma, + unsigned long *start, unsigned long *end) +{ +} #define want_pmd_share() (0) #endif /* CONFIG_ARCH_WANT_HUGE_PMD_SHARE */ --- a/mm/rmap.c~mm-migration-fix-migration-of-huge-pmd-shared-pages +++ a/mm/rmap.c @@ -1362,11 +1362,21 @@ static bool try_to_unmap_one(struct page } /* - * We have to assume the worse case ie pmd for invalidation. Note that - * the page can not be free in this function as call of try_to_unmap() - * must hold a reference on the page. + * For THP, we have to assume the worse case ie pmd for invalidation. + * For hugetlb, it could be much worse if we need to do pud + * invalidation in the case of pmd sharing. + * + * Note that the page can not be free in this function as call of + * try_to_unmap() must hold a reference on the page. */ end = min(vma->vm_end, start + (PAGE_SIZE << compound_order(page))); + if (PageHuge(page)) { + /* + * If sharing is possible, start and end will be adjusted + * accordingly. + */ + adjust_range_if_pmd_sharing_possible(vma, &start, &end); + } mmu_notifier_invalidate_range_start(vma->vm_mm, start, end); while (page_vma_mapped_walk(&pvmw)) { @@ -1409,6 +1419,32 @@ static bool try_to_unmap_one(struct page subpage = page - page_to_pfn(page) + pte_pfn(*pvmw.pte); address = pvmw.address; + if (PageHuge(page)) { + if (huge_pmd_unshare(mm, &address, pvmw.pte)) { + /* + * huge_pmd_unshare unmapped an entire PMD + * page. There is no way of knowing exactly + * which PMDs may be cached for this mm, so + * we must flush them all. start/end were + * already adjusted above to cover this range. + */ + flush_cache_range(vma, start, end); + flush_tlb_range(vma, start, end); + mmu_notifier_invalidate_range(mm, start, end); + + /* + * The ref count of the PMD page was dropped + * which is part of the way map counting + * is done for shared PMDs. Return 'true' + * here. When there is no other sharing, + * huge_pmd_unshare returns false and we will + * unmap the actual page and drop map count + * to zero. + */ + page_vma_mapped_walk_done(&pvmw); + break; + } + } if (IS_ENABLED(CONFIG_MIGRATION) && (flags & TTU_MIGRATION) && _

7 years, 1 month

1
0
0 0

[PATCH] ARC: clone syscall to setp r25 as thread pointer

by Vineet Gupta

Per ARC TLS ABI, r25 is designated TP (thread pointer register). However so far kernel didn't do any special treatment, like setting up usermode r25, even for CLONE_SETTLS. We instead relied on libc runtime to do this, in say clone libc wrapper [1]. This was deliberate to keep kernel ABI agnostic (userspace could potentially change TP, specially for different ARC ISA say ARCompact vs. ARCv2 with different spare registers etc) However userspace setting up r25, after clone syscall opens a race, if child is not scheduled and gets a signal instead. It starts off in userspace not in clone but in a signal handler and anything TP sepcific there such as pthread_self() fails which showed up with uClibc testsuite nptl/tst-kill6 [2] Fix this by having kernel populate r25 to TP value. So this locks in ABI, but it was not going to change anyways, and fwiw is same for both ARCompact (arc700 core) and ARCvs (HS3x cores) [1] https://cgit.uclibc-ng.org/cgi/cgit/uclibc-ng.git/tree/libc/sysdeps/linux/a… [2] https://github.com/wbx-github/uclibc-ng-test/blob/master/test/nptl/tst-kill… Fixes: ARC STAR 9001378481 Cc: stable(a)vger.kernel.org Reported-by: Nikita Sobolev <sobolev(a)synopsys.com> Signed-off-by: Vineet Gupta <vgupta(a)synopsys.com> --- arch/arc/kernel/process.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/arch/arc/kernel/process.c b/arch/arc/kernel/process.c index 4674541eba3f..c29fa8ceb2d6 100644 --- a/arch/arc/kernel/process.c +++ b/arch/arc/kernel/process.c @@ -241,6 +241,26 @@ int copy_thread(unsigned long clone_flags, task_thread_info(current)->thr_ptr; } + + /* + * setup usermode thread pointer #1: + * when child is picked by scheduler, __switch_to() uses @c_callee to + * populate usermode callee regs: this is fine even despite being in a + * kernel function since special return path for child @ret_from_fork() + * ensures those regs are not clobbered all the way to RTIE to usermode + */ + c_callee->r25 = task_thread_info(p)->thr_ptr; + +#ifdef CONFIG_ARC_CURR_IN_REG + /* + * setup usermode thread pointer #2: + * however for this special use of r25 in kernel, __switch_to() sets + * r25 for kernel needs and only in the final return path is usermode + * r25 setup, from pt_regs->user_r25. So set that up as well + */ + c_regs->user_r25 = c_callee->r25; +#endif + return 0; } -- 2.7.4

7 years, 1 month

1
0
0 0

+ kbuild-fix-kernel-boundsc-w=1-warning.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: kbuild: fix kernel/bounds.c 'W=1' warning has been added to the -mm tree. Its filename is kbuild-fix-kernel-boundsc-w=1-warning.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/kbuild-fix-kernel-boundsc-w%3D1-wa… and later at http://ozlabs.org/~akpm/mmotm/broken-out/kbuild-fix-kernel-boundsc-w%3D1-wa… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Arnd Bergmann <arnd(a)arndb.de> Subject: kbuild: fix kernel/bounds.c 'W=1' warning Building any configuration with 'make W=1' produces a warning: kernel/bounds.c:16:6: warning: no previous prototype for 'foo' [-Wmissing-prototypes] When also passing -Werror, this prevents us from building any other files. Nobody ever calls the function, but we can't make it 'static' either since we want the compiler output. Calling it 'main' instead however avoids the warning, because gcc does not insist on having a declaration for main. Link: http://lkml.kernel.org/r/20181005083313.2088252-1-arnd@arndb.de Signed-off-by: Arnd Bergmann <arnd(a)arndb.de> Reported-by: Kieran Bingham <kieran.bingham+renesas(a)ideasonboard.com> Reviewed-by: Kieran Bingham <kieran.bingham+renesas(a)ideasonboard.com> Cc: David Laight <David.Laight(a)ACULAB.COM> Cc: Masahiro Yamada <yamada.masahiro(a)socionext.com> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- kernel/bounds.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/kernel/bounds.c~kbuild-fix-kernel-boundsc-w=1-warning +++ a/kernel/bounds.c @@ -13,7 +13,7 @@ #include <linux/log2.h> #include <linux/spinlock_types.h> -void foo(void) +int main(void) { /* The enum constants to put into include/generated/bounds.h */ DEFINE(NR_PAGEFLAGS, __NR_PAGEFLAGS); @@ -23,4 +23,6 @@ void foo(void) #endif DEFINE(SPINLOCK_SIZE, sizeof(spinlock_t)); /* End of constants */ + + return 0; } _ Patches currently in -mm which might be from arnd(a)arndb.de are ocfs2-dlmglue-clean-up-timestamp-handling.patch hugetlb-introduce-generic-version-of-huge_ptep_get-fix.patch kbuild-fix-kernel-boundsc-w=1-warning.patch vfs-replace-current_kernel_time64-with-ktime-equivalent.patch

7 years, 1 month

1
0
0 0

[PATCH] lib/bch: fix possible stack overrun

by Arnd Bergmann

The previous patch introduced very large kernel stack usage and a Makefile change to hide the warning about it. >From what I can tell, a number of things went wrong here: - The BCH_MAX_T constant was set to the maximum value for 'n', not the maximum for 't', which is much smaller. - The stack usage is actually larger than the entire kernel stack on some architectures that can use 4KB stacks (m68k, sh, c6x), which leads to an immediate overrun. - The justification in the patch description claimed that nothing changed, however that is not the case even without the two points above: the configuration is machine specific, and most boards never use the maximum BCH_ECC_WORDS() length but instead have something much smaller. That maximum would only apply to machines that use both the maximum block size and the maximum ECC strength. The largest value for 't' that I could find is '32', which in turn leads to a 60 byte array instead of 2048 bytes. With that changed, the warning can be enabled again. Fixes: 02361bc77888 ("lib/bch: Remove VLA usage") Reported-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Cc: stable(a)vger.kernel.org Signed-off-by: Arnd Bergmann <arnd(a)arndb.de> --- Please review carefully to ensure my logic is correct. I spent a long time trying to understand what is going on here, but I'm not too familiar with this algorithm, and it's possible I still got it wrong as well. In particular, I'm not 100% sure if '32' is the maximum ECC strength we can support, or if a larger one (which?) might be possible. --- lib/Makefile | 1 - lib/bch.c | 10 ++++++---- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/lib/Makefile b/lib/Makefile index 8c9647fa271a..12c479dd46e0 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -122,7 +122,6 @@ obj-$(CONFIG_ZLIB_INFLATE) += zlib_inflate/ obj-$(CONFIG_ZLIB_DEFLATE) += zlib_deflate/ obj-$(CONFIG_REED_SOLOMON) += reed_solomon/ obj-$(CONFIG_BCH) += bch.o -CFLAGS_bch.o := $(call cc-option,-Wframe-larger-than=4500) obj-$(CONFIG_LZO_COMPRESS) += lzo/ obj-$(CONFIG_LZO_DECOMPRESS) += lzo/ obj-$(CONFIG_LZ4_COMPRESS) += lz4/ diff --git a/lib/bch.c b/lib/bch.c index 7b0f2006698b..3ef1a3467e7b 100644 --- a/lib/bch.c +++ b/lib/bch.c @@ -79,20 +79,19 @@ #define GF_T(_p) (CONFIG_BCH_CONST_T) #define GF_N(_p) ((1 << (CONFIG_BCH_CONST_M))-1) #define BCH_MAX_M (CONFIG_BCH_CONST_M) +#define BCH_MAX_T (CONFIG_BCH_CONST_T) #else #define GF_M(_p) ((_p)->m) #define GF_T(_p) ((_p)->t) #define GF_N(_p) ((_p)->n) -#define BCH_MAX_M 15 +#define BCH_MAX_M 15 /* 2KB */ +#define BCH_MAX_T 32 /* 32 bit correction */ #endif -#define BCH_MAX_T (((1 << BCH_MAX_M) - 1) / BCH_MAX_M) - #define BCH_ECC_WORDS(_p) DIV_ROUND_UP(GF_M(_p)*GF_T(_p), 32) #define BCH_ECC_BYTES(_p) DIV_ROUND_UP(GF_M(_p)*GF_T(_p), 8) #define BCH_ECC_MAX_WORDS DIV_ROUND_UP(BCH_MAX_M * BCH_MAX_T, 32) -#define BCH_ECC_MAX_BYTES DIV_ROUND_UP(BCH_MAX_M * BCH_MAX_T, 8) #ifndef dbg #define dbg(_fmt, args...) do {} while (0) @@ -202,6 +201,9 @@ void encode_bch(struct bch_control *bch, const uint8_t *data, const uint32_t * const tab3 = tab2 + 256*(l+1); const uint32_t *pdata, *p0, *p1, *p2, *p3; + if (WARN_ON(r_bytes > sizeof(r))) + return; + if (ecc) { /* load ecc parity bytes into internal 32-bit buffer */ load_ecc8(bch, bch->ecc_buf, ecc); -- 2.18.0

7 years, 1 month

2
1
0 0

[PATCH AUTOSEL 4.4 01/11] ASoC: wm8804: Add ACPI support

by Sasha Levin

From: Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> [ Upstream commit 960cdd50ca9fdfeb82c2757107bcb7f93c8d7d41 ] HID made of either Wolfson/CirrusLogic PCI ID + 8804 identifier. This helps enumerate the HifiBerry Digi+ HAT boards on the Up2 platform. The scripts at https://github.com/thesofproject/acpi-scripts can be used to add the ACPI initrd overlays. Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> Acked-by: Charles Keepax <ckeepax(a)opensource.cirrus.com> Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- sound/soc/codecs/wm8804-i2c.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/sound/soc/codecs/wm8804-i2c.c b/sound/soc/codecs/wm8804-i2c.c index f27464c2c5ba..79541960f45d 100644 --- a/sound/soc/codecs/wm8804-i2c.c +++ b/sound/soc/codecs/wm8804-i2c.c @@ -13,6 +13,7 @@ #include <linux/init.h> #include <linux/module.h> #include <linux/i2c.h> +#include <linux/acpi.h> #include "wm8804.h" @@ -40,17 +41,29 @@ static const struct i2c_device_id wm8804_i2c_id[] = { }; MODULE_DEVICE_TABLE(i2c, wm8804_i2c_id); +#if defined(CONFIG_OF) static const struct of_device_id wm8804_of_match[] = { { .compatible = "wlf,wm8804", }, { } }; MODULE_DEVICE_TABLE(of, wm8804_of_match); +#endif + +#ifdef CONFIG_ACPI +static const struct acpi_device_id wm8804_acpi_match[] = { + { "1AEC8804", 0 }, /* Wolfson PCI ID + part ID */ + { "10138804", 0 }, /* Cirrus Logic PCI ID + part ID */ + { }, +}; +MODULE_DEVICE_TABLE(acpi, wm8804_acpi_match); +#endif static struct i2c_driver wm8804_i2c_driver = { .driver = { .name = "wm8804", .pm = &wm8804_pm, - .of_match_table = wm8804_of_match, + .of_match_table = of_match_ptr(wm8804_of_match), + .acpi_match_table = ACPI_PTR(wm8804_acpi_match), }, .probe = wm8804_i2c_probe, .remove = wm8804_i2c_remove, -- 2.17.1

7 years, 1 month

1
10
0 0

[PATCH AUTOSEL 4.9 01/14] ASoC: wm8804: Add ACPI support

by Sasha Levin

From: Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> [ Upstream commit 960cdd50ca9fdfeb82c2757107bcb7f93c8d7d41 ] HID made of either Wolfson/CirrusLogic PCI ID + 8804 identifier. This helps enumerate the HifiBerry Digi+ HAT boards on the Up2 platform. The scripts at https://github.com/thesofproject/acpi-scripts can be used to add the ACPI initrd overlays. Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> Acked-by: Charles Keepax <ckeepax(a)opensource.cirrus.com> Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- sound/soc/codecs/wm8804-i2c.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/sound/soc/codecs/wm8804-i2c.c b/sound/soc/codecs/wm8804-i2c.c index f27464c2c5ba..79541960f45d 100644 --- a/sound/soc/codecs/wm8804-i2c.c +++ b/sound/soc/codecs/wm8804-i2c.c @@ -13,6 +13,7 @@ #include <linux/init.h> #include <linux/module.h> #include <linux/i2c.h> +#include <linux/acpi.h> #include "wm8804.h" @@ -40,17 +41,29 @@ static const struct i2c_device_id wm8804_i2c_id[] = { }; MODULE_DEVICE_TABLE(i2c, wm8804_i2c_id); +#if defined(CONFIG_OF) static const struct of_device_id wm8804_of_match[] = { { .compatible = "wlf,wm8804", }, { } }; MODULE_DEVICE_TABLE(of, wm8804_of_match); +#endif + +#ifdef CONFIG_ACPI +static const struct acpi_device_id wm8804_acpi_match[] = { + { "1AEC8804", 0 }, /* Wolfson PCI ID + part ID */ + { "10138804", 0 }, /* Cirrus Logic PCI ID + part ID */ + { }, +}; +MODULE_DEVICE_TABLE(acpi, wm8804_acpi_match); +#endif static struct i2c_driver wm8804_i2c_driver = { .driver = { .name = "wm8804", .pm = &wm8804_pm, - .of_match_table = wm8804_of_match, + .of_match_table = of_match_ptr(wm8804_of_match), + .acpi_match_table = ACPI_PTR(wm8804_acpi_match), }, .probe = wm8804_i2c_probe, .remove = wm8804_i2c_remove, -- 2.17.1

7 years, 1 month

1
13
0 0

[PATCH AUTOSEL 4.14 01/23] ASoC: rt5514: Fix the issue of the delay volume applied again

by Sasha Levin

From: Oder Chiou <oder_chiou(a)realtek.com> [ Upstream commit 6f0a256253f48095ba2e5bcdfbed41f21643c105 ] After our evaluation, we need to modify the default values to make sure the volume applied immediately. Signed-off-by: Oder Chiou <oder_chiou(a)realtek.com> Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- sound/soc/codecs/rt5514.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/sound/soc/codecs/rt5514.c b/sound/soc/codecs/rt5514.c index 1bfc8db1826a..56ddab43da7e 100644 --- a/sound/soc/codecs/rt5514.c +++ b/sound/soc/codecs/rt5514.c @@ -64,8 +64,8 @@ static const struct reg_sequence rt5514_patch[] = { {RT5514_ANA_CTRL_LDO10, 0x00028604}, {RT5514_ANA_CTRL_ADCFED, 0x00000800}, {RT5514_ASRC_IN_CTRL1, 0x00000003}, - {RT5514_DOWNFILTER0_CTRL3, 0x10000352}, - {RT5514_DOWNFILTER1_CTRL3, 0x10000352}, + {RT5514_DOWNFILTER0_CTRL3, 0x10000342}, + {RT5514_DOWNFILTER1_CTRL3, 0x10000342}, }; static const struct reg_default rt5514_reg[] = { @@ -92,10 +92,10 @@ static const struct reg_default rt5514_reg[] = { {RT5514_ASRC_IN_CTRL1, 0x00000003}, {RT5514_DOWNFILTER0_CTRL1, 0x00020c2f}, {RT5514_DOWNFILTER0_CTRL2, 0x00020c2f}, - {RT5514_DOWNFILTER0_CTRL3, 0x10000352}, + {RT5514_DOWNFILTER0_CTRL3, 0x10000342}, {RT5514_DOWNFILTER1_CTRL1, 0x00020c2f}, {RT5514_DOWNFILTER1_CTRL2, 0x00020c2f}, - {RT5514_DOWNFILTER1_CTRL3, 0x10000352}, + {RT5514_DOWNFILTER1_CTRL3, 0x10000342}, {RT5514_ANA_CTRL_LDO10, 0x00028604}, {RT5514_ANA_CTRL_LDO18_16, 0x02000345}, {RT5514_ANA_CTRL_ADC12, 0x0000a2a8}, -- 2.17.1

7 years, 1 month

1
22
0 0

[GIT PULL 0/5] perf/urgent fixes

by Arnaldo Carvalho de Melo

Hi Ingo, Please consider pulling, - Arnaldo Test results at the end of this message, as usual. The following changes since commit 5d05dfd13f20b01a3cd5d293058baa7d5c1583b6: Merge tag 'perf-urgent-for-mingo-4.19-20180918' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux into perf/urgent (2018-09-19 13:25:35 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux.git tags/perf-urgent-for-mingo-4.19-20181005 for you to fetch changes up to 7a8a8fcf7b860e4b2d4edc787c844d41cad9dfcf: perf record: Use unmapped IP for inline callchain cursors (2018-10-05 11:18:09 -0300) ---------------------------------------------------------------- perf/urgent fixes: - Fix the build on Clear Linux, coping with redundant declarations of function prototypes in python3 header files by adding -Wno-redundant-decls to build with PYTHON=python3 (Arnaldo Carvalho de Melo) - Fixes for processing inline frames in backtraces using DWARF based unwinding (Milian Wolff) - Cope with bad DWARF info for function names for inline frames,not trying to demangle this symbol. Problem reported with rust but reproduced as well with C++. Problem reported to the libbpf maintainers (Milian Wolff) - Fix python export to postgresql and sqlite code (Adrian Hunter) Signed-off-by: Arnaldo Carvalho de Melo <acme(a)redhat.com> ---------------------------------------------------------------- Adrian Hunter (2): perf script python: Fix export-to-postgresql.py occasional failure perf script python: Fix export-to-sqlite.py sample columns Arnaldo Carvalho de Melo (1): perf python: Use -Wno-redundant-decls to build with PYTHON=python3 Milian Wolff (2): perf report: Don't try to map ip to invalid map perf record: Use unmapped IP for inline callchain cursors tools/perf/scripts/python/export-to-postgresql.py | 9 +++++++++ tools/perf/scripts/python/export-to-sqlite.py | 6 +++++- tools/perf/util/machine.c | 8 +++++--- tools/perf/util/setup.py | 2 +- 4 files changed, 20 insertions(+), 5 deletions(-) Test results: The first ones are container (docker) based builds of tools/perf with and without libelf support. Where clang is available, it is also used to build perf with/without libelf, and building with LIBCLANGLLVM=1 (built-in clang) with gcc and clang when clang and its devel libraries are installed. The objtool and samples/bpf/ builds are disabled now that I'm switching from using the sources in a local volume to fetching them from a http server to build it inside the container, to make it easier to build in a container cluster. Those will come back later. Several are cross builds, the ones with -x-ARCH and the android one, and those may not have all the features built, due to lack of multi-arch devel packages, available and being used so far on just a few, like debian:experimental-x-{arm64,mipsel}. The 'perf test' one will perform a variety of tests exercising tools/perf/util/, tools/lib/{bpf,traceevent,etc}, as well as run perf commands with a variety of command line event specifications to then intercept the sys_perf_event syscall to check that the perf_event_attr fields are set up as expected, among a variety of other unit tests. Then there is the 'make -C tools/perf build-test' ones, that build tools/perf/ with a variety of feature sets, exercising the build with an incomplete set of features as well as with a complete one. It is planned to have it run on each of the containers mentioned above, using some container orchestration infrastructure. Get in contact if interested in helping having this in place. The Clear Linux container is building with NO_CLANG=1, the problem preventing its use when building for python3 has been identified and the next builds will build in ClearLinux with both gcc and clang. This time around only gcc was used. # dm 1 alpine:3.4 : Ok gcc (Alpine 5.3.0) 5.3.0 2 alpine:3.5 : Ok gcc (Alpine 6.2.1) 6.2.1 20160822 3 alpine:3.6 : Ok gcc (Alpine 6.3.0) 6.3.0 4 alpine:3.7 : Ok gcc (Alpine 6.4.0) 6.4.0 5 alpine:3.8 : Ok gcc (Alpine 6.4.0) 6.4.0 6 alpine:edge : Ok gcc (Alpine 6.4.0) 6.4.0 7 amazonlinux:1 : Ok gcc (GCC) 4.8.5 20150623 (Red Hat 4.8.5-28) 8 amazonlinux:2 : Ok gcc (GCC) 7.3.1 20180303 (Red Hat 7.3.1-5) 9 android-ndk:r12b-arm : Ok arm-linux-androideabi-gcc (GCC) 4.9.x 20150123 (prerelease) 10 android-ndk:r15c-arm : Ok arm-linux-androideabi-gcc (GCC) 4.9.x 20150123 (prerelease) 11 centos:5 : Ok gcc (GCC) 4.1.2 20080704 (Red Hat 4.1.2-55) 12 centos:6 : Ok gcc (GCC) 4.4.7 20120313 (Red Hat 4.4.7-23) 13 centos:7 : Ok gcc (GCC) 4.8.5 20150623 (Red Hat 4.8.5-28) 14 clearlinux:latest : Ok gcc (Clear Linux OS for Intel Architecture) 8.2.1 20180502 15 debian:7 : Ok gcc (Debian 4.7.2-5) 4.7.2 16 debian:8 : Ok gcc (Debian 4.9.2-10+deb8u1) 4.9.2 17 debian:9 : Ok gcc (Debian 6.3.0-18+deb9u1) 6.3.0 20170516 18 debian:experimental : Ok gcc (Debian 8.2.0-7) 8.2.0 19 debian:experimental-x-arm64 : Ok aarch64-linux-gnu-gcc (Debian 8.2.0-4) 8.2.0 20 debian:experimental-x-mips : Ok mips-linux-gnu-gcc (Debian 8.1.0-12) 8.1.0 21 debian:experimental-x-mips64 : Ok mips64-linux-gnuabi64-gcc (Debian 8.1.0-12) 8.1.0 22 debian:experimental-x-mipsel : Ok mipsel-linux-gnu-gcc (Debian 8.1.0-12) 8.1.0 23 fedora:20 : Ok gcc (GCC) 4.8.3 20140911 (Red Hat 4.8.3-7) 24 fedora:21 : Ok gcc (GCC) 4.9.2 20150212 (Red Hat 4.9.2-6) 25 fedora:22 : Ok gcc (GCC) 5.3.1 20160406 (Red Hat 5.3.1-6) 26 fedora:23 : Ok gcc (GCC) 5.3.1 20160406 (Red Hat 5.3.1-6) 27 fedora:24 : Ok gcc (GCC) 6.3.1 20161221 (Red Hat 6.3.1-1) 28 fedora:24-x-ARC-uClibc : Ok arc-linux-gcc (ARCompact ISA Linux uClibc toolchain 2017.09-rc2) 7.1.1 20170710 29 fedora:25 : Ok gcc (GCC) 6.4.1 20170727 (Red Hat 6.4.1-1) 30 fedora:26 : Ok gcc (GCC) 7.3.1 20180130 (Red Hat 7.3.1-2) 31 fedora:27 : Ok gcc (GCC) 7.3.1 20180712 (Red Hat 7.3.1-6) 32 fedora:28 : Ok gcc (GCC) 8.1.1 20180712 (Red Hat 8.1.1-5) 33 fedora:rawhide : Ok gcc (GCC) 8.2.1 20180905 (Red Hat 8.2.1-3) 34 gentoo-stage3-amd64:latest : Ok gcc (Gentoo 7.3.0-r3 p1.4) 7.3.0 35 mageia:5 : Ok gcc (GCC) 4.9.2 36 mageia:6 : Ok gcc (Mageia 5.5.0-1.mga6) 5.5.0 37 opensuse:13.2 : Ok gcc (SUSE Linux) 4.8.3 20140627 [gcc-4_8-branch revision 212064] 38 opensuse:42.1 : Ok gcc (SUSE Linux) 4.8.5 39 opensuse:42.2 : Ok gcc (SUSE Linux) 4.8.5 40 opensuse:42.3 : Ok gcc (SUSE Linux) 4.8.5 41 opensuse:tumbleweed : Ok gcc (SUSE Linux) 7.3.1 20180323 [gcc-7-branch revision 258812] 42 oraclelinux:6 : Ok gcc (GCC) 4.4.7 20120313 (Red Hat 4.4.7-23.0.1) 43 oraclelinux:7 : Ok gcc (GCC) 4.8.5 20150623 (Red Hat 4.8.5-28.0.1) 44 ubuntu:12.04.5 : Ok gcc (Ubuntu/Linaro 4.6.3-1ubuntu5) 4.6.3 45 ubuntu:14.04.4 : Ok gcc (Ubuntu 4.8.4-2ubuntu1~14.04.3) 4.8.4 46 ubuntu:14.04.4-x-linaro-arm64 : Ok aarch64-linux-gnu-gcc (Linaro GCC 5.5-2017.10) 5.5.0 47 ubuntu:16.04 : Ok gcc (Ubuntu 5.4.0-6ubuntu1~16.04.10) 5.4.0 20160609 48 ubuntu:16.04-x-arm : Ok arm-linux-gnueabihf-gcc (Ubuntu/Linaro 5.4.0-6ubuntu1~16.04.9) 5.4.0 20160609 49 ubuntu:16.04-x-arm64 : Ok aarch64-linux-gnu-gcc (Ubuntu/Linaro 5.4.0-6ubuntu1~16.04.9) 5.4.0 20160609 50 ubuntu:16.04-x-powerpc : Ok powerpc-linux-gnu-gcc (Ubuntu 5.4.0-6ubuntu1~16.04.9) 5.4.0 20160609 51 ubuntu:16.04-x-powerpc64 : Ok powerpc64-linux-gnu-gcc (Ubuntu/IBM 5.4.0-6ubuntu1~16.04.9) 5.4.0 20160609 52 ubuntu:16.04-x-powerpc64el : Ok powerpc64le-linux-gnu-gcc (Ubuntu/IBM 5.4.0-6ubuntu1~16.04.9) 5.4.0 20160609 53 ubuntu:16.04-x-s390 : Ok s390x-linux-gnu-gcc (Ubuntu 5.4.0-6ubuntu1~16.04.9) 5.4.0 20160609 54 ubuntu:16.10 : Ok gcc (Ubuntu 6.2.0-5ubuntu12) 6.2.0 20161005 55 ubuntu:17.10 : Ok gcc (Ubuntu 7.2.0-8ubuntu3.2) 7.2.0 56 ubuntu:18.04 : Ok gcc (Ubuntu 7.3.0-16ubuntu3) 7.3.0 57 ubuntu:18.04-x-arm : Ok arm-linux-gnueabihf-gcc (Ubuntu/Linaro 7.3.0-16ubuntu3) 7.3.0 58 ubuntu:18.04-x-arm64 : Ok aarch64-linux-gnu-gcc (Ubuntu/Linaro 7.3.0-16ubuntu3) 7.3.0 59 ubuntu:18.04-x-m68k : Ok m68k-linux-gnu-gcc (Ubuntu 7.3.0-16ubuntu3) 7.3.0 60 ubuntu:18.04-x-powerpc : Ok powerpc-linux-gnu-gcc (Ubuntu 7.3.0-16ubuntu3) 7.3.0 61 ubuntu:18.04-x-powerpc64 : Ok powerpc64-linux-gnu-gcc (Ubuntu 7.3.0-16ubuntu3) 7.3.0 62 ubuntu:18.04-x-powerpc64el : Ok powerpc64le-linux-gnu-gcc (Ubuntu 7.3.0-16ubuntu3) 7.3.0 63 ubuntu:18.04-x-riscv64 : Ok riscv64-linux-gnu-gcc (Ubuntu 7.3.0-16ubuntu3) 7.3.0 64 ubuntu:18.04-x-s390 : Ok s390x-linux-gnu-gcc (Ubuntu 7.3.0-16ubuntu3) 7.3.0 65 ubuntu:18.04-x-sh4 : Ok sh4-linux-gnu-gcc (Ubuntu 7.3.0-16ubuntu3) 7.3.0 66 ubuntu:18.04-x-sparc64 : Ok sparc64-linux-gnu-gcc (Ubuntu 7.3.0-16ubuntu3) 7.3.0 67 ubuntu:18.10 : Ok gcc (Ubuntu 8.2.0-4ubuntu1) 8.2.0 # uname -a Linux jouet 4.19.0-rc4-00022-gad3273d5f1b9 #1 SMP Mon Sep 17 17:18:22 -03 2018 x86_64 x86_64 x86_64 GNU/Linux # git log --oneline -1 7a8a8fcf7b86 perf record: Use unmapped IP for inline callchain cursors # perf version --build-options perf version 4.19.rc4.g7a8a8f dwarf: [ on ] # HAVE_DWARF_SUPPORT dwarf_getlocations: [ on ] # HAVE_DWARF_GETLOCATIONS_SUPPORT glibc: [ on ] # HAVE_GLIBC_SUPPORT gtk2: [ on ] # HAVE_GTK2_SUPPORT syscall_table: [ on ] # HAVE_SYSCALL_TABLE_SUPPORT libbfd: [ on ] # HAVE_LIBBFD_SUPPORT libelf: [ on ] # HAVE_LIBELF_SUPPORT libnuma: [ on ] # HAVE_LIBNUMA_SUPPORT numa_num_possible_cpus: [ on ] # HAVE_LIBNUMA_SUPPORT libperl: [ on ] # HAVE_LIBPERL_SUPPORT libpython: [ on ] # HAVE_LIBPYTHON_SUPPORT libslang: [ on ] # HAVE_SLANG_SUPPORT libcrypto: [ on ] # HAVE_LIBCRYPTO_SUPPORT libunwind: [ on ] # HAVE_LIBUNWIND_SUPPORT libdw-dwarf-unwind: [ on ] # HAVE_DWARF_SUPPORT zlib: [ on ] # HAVE_ZLIB_SUPPORT lzma: [ on ] # HAVE_LZMA_SUPPORT get_cpuid: [ on ] # HAVE_AUXTRACE_SUPPORT bpf: [ on ] # HAVE_LIBBPF_SUPPORT # perf test 1: vmlinux symtab matches kallsyms : Ok 2: Detect openat syscall event : Ok 3: Detect openat syscall event on all cpus : Ok 4: Read samples using the mmap interface : Ok 5: Test data source output : Ok 6: Parse event definition strings : Ok 7: Simple expression parser : Ok 8: PERF_RECORD_* events & perf_sample fields : Ok 9: Parse perf pmu format : Ok 10: DSO data read : Ok 11: DSO data cache : Ok 12: DSO data reopen : Ok 13: Roundtrip evsel->name : Ok 14: Parse sched tracepoints fields : Ok 15: syscalls:sys_enter_openat event fields : Ok 16: Setup struct perf_event_attr : Ok 17: Match and link multiple hists : Ok 18: 'import perf' in python : Ok 19: Breakpoint overflow signal handler : Ok 20: Breakpoint overflow sampling : Ok 21: Breakpoint accounting : Ok 22: Number of exit events of a simple workload : Ok 23: Software clock events period values : Ok 24: Object code reading : Ok 25: Sample parsing : Ok 26: Use a dummy software event to keep tracking : Ok 27: Parse with no sample_id_all bit set : Ok 28: Filter hist entries : Ok 29: Lookup mmap thread : Ok 30: Share thread mg : Ok 31: Sort output of hist entries : Ok 32: Cumulate child hist entries : Ok 33: Track with sched_switch : Ok 34: Filter fds with revents mask in a fdarray : Ok 35: Add fd to a fdarray, making it autogrow : Ok 36: kmod_path__parse : Ok 37: Thread map : Ok 38: LLVM search and compile : 38.1: Basic BPF llvm compile : Ok 38.2: kbuild searching : Ok 38.3: Compile source for BPF prologue generation : Ok 38.4: Compile source for BPF relocation : Ok 39: Session topology : Ok 40: BPF filter : 40.1: Basic BPF filtering : Ok 40.2: BPF pinning : Ok 40.3: BPF prologue generation : Ok 40.4: BPF relocation checker : Ok 41: Synthesize thread map : Ok 42: Remove thread map : Ok 43: Synthesize cpu map : Ok 44: Synthesize stat config : Ok 45: Synthesize stat : Ok 46: Synthesize stat round : Ok 47: Synthesize attr update : Ok 48: Event times : Ok 49: Read backward ring buffer : Ok 50: Print cpu map : Ok 51: Probe SDT events : Ok 52: is_printable_array : Ok 53: Print bitmap : Ok 54: perf hooks : Ok 55: builtin clang support : Skip (not compiled in) 56: unit_number__scnprintf : Ok 57: mem2node : Ok 58: x86 rdpmc : Ok 59: Convert perf time to TSC : Ok 60: DWARF unwind : Ok 61: x86 instruction decoder - new instructions : Ok 62: x86 bp modify : Ok 63: Use vfs_getname probe to get syscall args filenames : Ok 64: Check open filename arg using perf trace + vfs_getname: Ok 65: probe libc's inet_pton & backtrace it with ping : Ok 66: Add vfs_getname probe to get syscall args filenames : Ok $ make -C tools/perf build-test make: Entering directory '/home/acme/git/perf/tools/perf' - tarpkg: ./tests/perf-targz-src-pkg . make_with_clangllvm_O: make LIBCLANGLLVM=1 make_install_prefix_slash_O: make install prefix=/tmp/krava/ make_minimal_O: make NO_LIBPERL=1 NO_LIBPYTHON=1 NO_NEWT=1 NO_GTK2=1 NO_DEMANGLE=1 NO_LIBELF=1 NO_LIBUNWIND=1 NO_BACKTRACE=1 NO_LIBNUMA=1 NO_LIBAUDIT=1 NO_LIBBIONIC=1 NO_LIBDW_DWARF_UNWIND=1 NO_AUXTRACE=1 NO_LIBBPF=1 NO_LIBCRYPTO=1 NO_SDT=1 NO_JVMTI=1 make_no_ui_O: make NO_NEWT=1 NO_SLANG=1 NO_GTK2=1 make_pure_O: make - /home/acme/git/perf/tools/perf/BUILD_TEST_FEATURE_DUMP_STATIC: make FEATURE_DUMP_COPY=/home/acme/git/perf/tools/perf/BUILD_TEST_FEATURE_DUMP_STATIC LDFLAGS='-static' feature-dump make_static_O: make LDFLAGS=-static make_perf_o_O: make perf.o make_no_scripts_O: make NO_LIBPYTHON=1 NO_LIBPERL=1 make_clean_all_O: make clean all make_no_libbpf_O: make NO_LIBBPF=1 make_install_prefix_O: make install prefix=/tmp/krava make_no_newt_O: make NO_NEWT=1 make_no_backtrace_O: make NO_BACKTRACE=1 make_no_auxtrace_O: make NO_AUXTRACE=1 make_with_babeltrace_O: make LIBBABELTRACE=1 make_no_libnuma_O: make NO_LIBNUMA=1 make_debug_O: make DEBUG=1 make_no_libaudit_O: make NO_LIBAUDIT=1 make_util_map_o_O: make util/map.o make_tags_O: make tags make_no_libbionic_O: make NO_LIBBIONIC=1 make_no_libelf_O: make NO_LIBELF=1 make_no_libpython_O: make NO_LIBPYTHON=1 make_no_libperl_O: make NO_LIBPERL=1 make_no_demangle_O: make NO_DEMANGLE=1 make_no_slang_O: make NO_SLANG=1 make_no_libunwind_O: make NO_LIBUNWIND=1 make_install_O: make install make_util_pmu_bison_o_O: make util/pmu-bison.o make_install_bin_O: make install-bin make_no_gtk2_O: make NO_GTK2=1 make_doc_O: make doc make_help_O: make help make_no_libdw_dwarf_unwind_O: make NO_LIBDW_DWARF_UNWIND=1 OK make: Leaving directory '/home/acme/git/perf/tools/perf' $

7 years, 1 month

2
3
0 0

[git:media_tree/master] media: cec: fix the Signal Free Time calculation

by Mauro Carvalho Chehab

This is an automatic generated email to let you know that the following patch were queued: Subject: media: cec: fix the Signal Free Time calculation Author: Hans Verkuil <hans.verkuil(a)cisco.com> Date: Fri Oct 5 08:00:21 2018 -0400 The calculation of the Signal Free Time in the framework was not correct. If a message was received, then the next transmit should be considered a New Initiator and use a shorter SFT value. This was not done with the result that if both sides where continually sending messages, they both could use the same SFT value and one side could deny the other side access to the bus. Note that this fix does not take the corner case into account where a receive is in progress when you call adap_transmit. Signed-off-by: Hans Verkuil <hans.verkuil(a)cisco.com> Cc: <stable(a)vger.kernel.org> # for v4.18 and up Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> drivers/media/cec/cec-adap.c | 26 +++++++------------------- include/media/cec.h | 2 +- 2 files changed, 8 insertions(+), 20 deletions(-) --- diff --git a/drivers/media/cec/cec-adap.c b/drivers/media/cec/cec-adap.c index e6e82b504e56..0c0d9107383e 100644 --- a/drivers/media/cec/cec-adap.c +++ b/drivers/media/cec/cec-adap.c @@ -526,9 +526,11 @@ int cec_thread_func(void *_adap) if (data->attempts) { /* should be >= 3 data bit periods for a retry */ signal_free_time = CEC_SIGNAL_FREE_TIME_RETRY; - } else if (data->new_initiator) { + } else if (adap->last_initiator != + cec_msg_initiator(&data->msg)) { /* should be >= 5 data bit periods for new initiator */ signal_free_time = CEC_SIGNAL_FREE_TIME_NEW_INITIATOR; + adap->last_initiator = cec_msg_initiator(&data->msg); } else { /* * should be >= 7 data bit periods for sending another @@ -713,7 +715,6 @@ int cec_transmit_msg_fh(struct cec_adapter *adap, struct cec_msg *msg, struct cec_fh *fh, bool block) { struct cec_data *data; - u8 last_initiator = 0xff; msg->rx_ts = 0; msg->tx_ts = 0; @@ -823,23 +824,6 @@ int cec_transmit_msg_fh(struct cec_adapter *adap, struct cec_msg *msg, data->adap = adap; data->blocking = block; - /* - * Determine if this message follows a message from the same - * initiator. Needed to determine the free signal time later on. - */ - if (msg->len > 1) { - if (!(list_empty(&adap->transmit_queue))) { - const struct cec_data *last; - - last = list_last_entry(&adap->transmit_queue, - const struct cec_data, list); - last_initiator = cec_msg_initiator(&last->msg); - } else if (adap->transmitting) { - last_initiator = - cec_msg_initiator(&adap->transmitting->msg); - } - } - data->new_initiator = last_initiator != cec_msg_initiator(msg); init_completion(&data->c); INIT_DELAYED_WORK(&data->work, cec_wait_timeout); @@ -1027,6 +1011,8 @@ void cec_received_msg_ts(struct cec_adapter *adap, mutex_lock(&adap->lock); dprintk(2, "%s: %*ph\n", __func__, msg->len, msg->msg); + adap->last_initiator = 0xff; + /* Check if this message was for us (directed or broadcast). */ if (!cec_msg_is_broadcast(msg)) valid_la = cec_has_log_addr(adap, msg_dest); @@ -1489,6 +1475,8 @@ void __cec_s_phys_addr(struct cec_adapter *adap, u16 phys_addr, bool block) } mutex_lock(&adap->devnode.lock); + adap->last_initiator = 0xff; + if ((adap->needs_hpd || list_empty(&adap->devnode.fhs)) && adap->ops->adap_enable(adap, true)) { mutex_unlock(&adap->devnode.lock); diff --git a/include/media/cec.h b/include/media/cec.h index 9f382f0c2970..254a610b9aa5 100644 --- a/include/media/cec.h +++ b/include/media/cec.h @@ -63,7 +63,6 @@ struct cec_data { struct delayed_work work; struct completion c; u8 attempts; - bool new_initiator; bool blocking; bool completed; }; @@ -174,6 +173,7 @@ struct cec_adapter { bool is_configuring; bool is_configured; bool cec_pin_is_high; + u8 last_initiator; u32 monitor_all_cnt; u32 monitor_pin_cnt; u32 follower_cnt;

7 years, 1 month

1
0
0 0

[git:media_tree/master] media: adv7842: when the EDID is cleared, unconfigure CEC as well

by Mauro Carvalho Chehab

This is an automatic generated email to let you know that the following patch were queued: Subject: media: adv7842: when the EDID is cleared, unconfigure CEC as well Author: Hans Verkuil <hans.verkuil(a)cisco.com> Date: Thu Oct 4 03:58:34 2018 -0400 When there is no EDID the CEC adapter should be unconfigured as well. So call cec_phys_addr_invalidate() when this happens. Signed-off-by: Hans Verkuil <hans.verkuil(a)cisco.com> Cc: <stable(a)vger.kernel.org> # for v4.18 and up Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> drivers/media/i2c/adv7842.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- diff --git a/drivers/media/i2c/adv7842.c b/drivers/media/i2c/adv7842.c index cd63cc6564e9..4721d49dcf0f 100644 --- a/drivers/media/i2c/adv7842.c +++ b/drivers/media/i2c/adv7842.c @@ -786,8 +786,10 @@ static int edid_write_hdmi_segment(struct v4l2_subdev *sd, u8 port) /* Disable I2C access to internal EDID ram from HDMI DDC ports */ rep_write_and_or(sd, 0x77, 0xf3, 0x00); - if (!state->hdmi_edid.present) + if (!state->hdmi_edid.present) { + cec_phys_addr_invalidate(state->cec_adap); return 0; + } pa = v4l2_get_edid_phys_addr(edid, 256, &spa_loc); err = v4l2_phys_addr_validate(pa, &pa, NULL);

7 years, 1 month

1
0
0 0

[git:media_tree/master] media: adv7604: when the EDID is cleared, unconfigure CEC as well

by Mauro Carvalho Chehab

This is an automatic generated email to let you know that the following patch were queued: Subject: media: adv7604: when the EDID is cleared, unconfigure CEC as well Author: Hans Verkuil <hans.verkuil(a)cisco.com> Date: Thu Oct 4 03:57:06 2018 -0400 When there is no EDID the CEC adapter should be unconfigured as well. So call cec_phys_addr_invalidate() when this happens. Signed-off-by: Hans Verkuil <hans.verkuil(a)cisco.com> Cc: <stable(a)vger.kernel.org> # for v4.18 and up Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> drivers/media/i2c/adv7604.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- diff --git a/drivers/media/i2c/adv7604.c b/drivers/media/i2c/adv7604.c index 1c89959b1509..9eb7c70a7712 100644 --- a/drivers/media/i2c/adv7604.c +++ b/drivers/media/i2c/adv7604.c @@ -2284,8 +2284,10 @@ static int adv76xx_set_edid(struct v4l2_subdev *sd, struct v4l2_edid *edid) state->aspect_ratio.numerator = 16; state->aspect_ratio.denominator = 9; - if (!state->edid.present) + if (!state->edid.present) { state->edid.blocks = 0; + cec_phys_addr_invalidate(state->cec_adap); + } v4l2_dbg(2, debug, sd, "%s: clear EDID pad %d, edid.present = 0x%x\n", __func__, edid->pad, state->edid.present);

7 years, 1 month

1
0
0 0

[git:media_tree/master] media: cec: add new tx/rx status bits to detect aborts/timeouts

by Mauro Carvalho Chehab

This is an automatic generated email to let you know that the following patch were queued: Subject: media: cec: add new tx/rx status bits to detect aborts/timeouts Author: Hans Verkuil <hans.verkuil(a)cisco.com> Date: Thu Oct 4 03:28:21 2018 -0400 If the HDMI cable is disconnected or the CEC adapter is manually unconfigured, then all pending transmits and wait-for-replies are aborted. Signal this with new status bits (CEC_RX/TX_STATUS_ABORTED). If due to (usually) a driver bug a transmit never ends (i.e. the transmit_done was never called by the driver), then when this times out the message is marked with CEC_TX_STATUS_TIMEOUT. This should not happen and is an indication of a driver bug. Without a separate status bit for this it was impossible to detect this from userspace. The 'transmit timed out' kernel message is now a warning, so this should be more prominent in the kernel log as well. Signed-off-by: Hans Verkuil <hans.verkuil(a)cisco.com> Cc: <stable(a)vger.kernel.org> # for v4.18 and up Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> Documentation/media/uapi/cec/cec-ioc-receive.rst | 25 ++++++++- drivers/media/cec/cec-adap.c | 66 +++++++----------------- include/uapi/linux/cec.h | 3 ++ 3 files changed, 44 insertions(+), 50 deletions(-) --- diff --git a/Documentation/media/uapi/cec/cec-ioc-receive.rst b/Documentation/media/uapi/cec/cec-ioc-receive.rst index e964074cd15b..b25e48afaa08 100644 --- a/Documentation/media/uapi/cec/cec-ioc-receive.rst +++ b/Documentation/media/uapi/cec/cec-ioc-receive.rst @@ -16,10 +16,10 @@ CEC_RECEIVE, CEC_TRANSMIT - Receive or transmit a CEC message Synopsis ======== -.. c:function:: int ioctl( int fd, CEC_RECEIVE, struct cec_msg *argp ) +.. c:function:: int ioctl( int fd, CEC_RECEIVE, struct cec_msg \*argp ) :name: CEC_RECEIVE -.. c:function:: int ioctl( int fd, CEC_TRANSMIT, struct cec_msg *argp ) +.. c:function:: int ioctl( int fd, CEC_TRANSMIT, struct cec_msg \*argp ) :name: CEC_TRANSMIT Arguments @@ -272,6 +272,19 @@ View On' messages from initiator 0xf ('Unregistered') to destination 0 ('TV'). - The transmit failed after one or more retries. This status bit is mutually exclusive with :ref:`CEC_TX_STATUS_OK <CEC-TX-STATUS-OK>`. Other bits can still be set to explain which failures were seen. + * .. _`CEC-TX-STATUS-ABORTED`: + + - ``CEC_TX_STATUS_ABORTED`` + - 0x40 + - The transmit was aborted due to an HDMI disconnect, or the adapter + was unconfigured, or a transmit was interrupted, or the driver + returned an error when attempting to start a transmit. + * .. _`CEC-TX-STATUS-TIMEOUT`: + + - ``CEC_TX_STATUS_TIMEOUT`` + - 0x80 + - The transmit timed out. This should not normally happen and this + indicates a driver problem. .. tabularcolumns:: |p{5.6cm}|p{0.9cm}|p{11.0cm}| @@ -300,6 +313,14 @@ View On' messages from initiator 0xf ('Unregistered') to destination 0 ('TV'). - The message was received successfully but the reply was ``CEC_MSG_FEATURE_ABORT``. This status is only set if this message was the reply to an earlier transmitted message. + * .. _`CEC-RX-STATUS-ABORTED`: + + - ``CEC_RX_STATUS_ABORTED`` + - 0x08 + - The wait for a reply to an earlier transmitted message was aborted + because the HDMI cable was disconnected, the adapter was unconfigured + or the :ref:`CEC_TRANSMIT <CEC_RECEIVE>` that waited for a + reply was interrupted. diff --git a/drivers/media/cec/cec-adap.c b/drivers/media/cec/cec-adap.c index 829878356e1e..e6e82b504e56 100644 --- a/drivers/media/cec/cec-adap.c +++ b/drivers/media/cec/cec-adap.c @@ -354,7 +354,7 @@ static void cec_data_completed(struct cec_data *data) * * This function is called with adap->lock held. */ -static void cec_data_cancel(struct cec_data *data) +static void cec_data_cancel(struct cec_data *data, u8 tx_status) { /* * It's either the current transmit, or it is a pending @@ -369,13 +369,11 @@ static void cec_data_cancel(struct cec_data *data) } if (data->msg.tx_status & CEC_TX_STATUS_OK) { - /* Mark the canceled RX as a timeout */ data->msg.rx_ts = ktime_get_ns(); - data->msg.rx_status = CEC_RX_STATUS_TIMEOUT; + data->msg.rx_status = CEC_RX_STATUS_ABORTED; } else { - /* Mark the canceled TX as an error */ data->msg.tx_ts = ktime_get_ns(); - data->msg.tx_status |= CEC_TX_STATUS_ERROR | + data->msg.tx_status |= tx_status | CEC_TX_STATUS_MAX_RETRIES; data->msg.tx_error_cnt++; data->attempts = 0; @@ -403,15 +401,15 @@ static void cec_flush(struct cec_adapter *adap) while (!list_empty(&adap->transmit_queue)) { data = list_first_entry(&adap->transmit_queue, struct cec_data, list); - cec_data_cancel(data); + cec_data_cancel(data, CEC_TX_STATUS_ABORTED); } if (adap->transmitting) - cec_data_cancel(adap->transmitting); + cec_data_cancel(adap->transmitting, CEC_TX_STATUS_ABORTED); /* Cancel the pending timeout work. */ list_for_each_entry_safe(data, n, &adap->wait_queue, list) { if (cancel_delayed_work(&data->work)) - cec_data_cancel(data); + cec_data_cancel(data, CEC_TX_STATUS_OK); /* * If cancel_delayed_work returned false, then * the cec_wait_timeout function is running, @@ -487,12 +485,13 @@ int cec_thread_func(void *_adap) * so much traffic on the bus that the adapter was * unable to transmit for CEC_XFER_TIMEOUT_MS (2.1s). */ - dprintk(1, "%s: message %*ph timed out\n", __func__, + pr_warn("cec-%s: message %*ph timed out\n", adap->name, adap->transmitting->msg.len, adap->transmitting->msg.msg); adap->tx_timeouts++; /* Just give up on this. */ - cec_data_cancel(adap->transmitting); + cec_data_cancel(adap->transmitting, + CEC_TX_STATUS_TIMEOUT); goto unlock; } @@ -543,7 +542,7 @@ int cec_thread_func(void *_adap) /* Tell the adapter to transmit, cancel on error */ if (adap->ops->adap_transmit(adap, data->attempts, signal_free_time, &data->msg)) - cec_data_cancel(data); + cec_data_cancel(data, CEC_TX_STATUS_ABORTED); unlock: mutex_unlock(&adap->lock); @@ -715,8 +714,6 @@ int cec_transmit_msg_fh(struct cec_adapter *adap, struct cec_msg *msg, { struct cec_data *data; u8 last_initiator = 0xff; - unsigned int timeout; - int res = 0; msg->rx_ts = 0; msg->tx_ts = 0; @@ -859,47 +856,20 @@ int cec_transmit_msg_fh(struct cec_adapter *adap, struct cec_msg *msg, return 0; /* - * If we don't get a completion before this time something is really - * wrong and we time out. - */ - timeout = CEC_XFER_TIMEOUT_MS; - /* Add the requested timeout if we have to wait for a reply as well */ - if (msg->timeout) - timeout += msg->timeout; - - /* * Release the lock and wait, retake the lock afterwards. */ mutex_unlock(&adap->lock); - res = wait_for_completion_killable_timeout(&data->c, - msecs_to_jiffies(timeout)); + wait_for_completion_killable(&data->c); mutex_lock(&adap->lock); - if (data->completed) { - /* The transmit completed (possibly with an error) */ - *msg = data->msg; - kfree(data); - return 0; - } - /* - * The wait for completion timed out or was interrupted, so mark this - * as non-blocking and disconnect from the filehandle since it is - * still 'in flight'. When it finally completes it will just drop the - * result silently. - */ - data->blocking = false; - if (data->fh) - list_del(&data->xfer_list); - data->fh = NULL; + /* Cancel the transmit if it was interrupted */ + if (!data->completed) + cec_data_cancel(data, CEC_TX_STATUS_ABORTED); - if (res == 0) { /* timed out */ - /* Check if the reply or the transmit failed */ - if (msg->timeout && (msg->tx_status & CEC_TX_STATUS_OK)) - msg->rx_status = CEC_RX_STATUS_TIMEOUT; - else - msg->tx_status = CEC_TX_STATUS_MAX_RETRIES; - } - return res > 0 ? 0 : res; + /* The transmit completed (possibly with an error) */ + *msg = data->msg; + kfree(data); + return 0; } /* Helper function to be used by drivers and this framework. */ diff --git a/include/uapi/linux/cec.h b/include/uapi/linux/cec.h index 097fcd812471..3094af68b6e7 100644 --- a/include/uapi/linux/cec.h +++ b/include/uapi/linux/cec.h @@ -152,10 +152,13 @@ static inline void cec_msg_set_reply_to(struct cec_msg *msg, #define CEC_TX_STATUS_LOW_DRIVE (1 << 3) #define CEC_TX_STATUS_ERROR (1 << 4) #define CEC_TX_STATUS_MAX_RETRIES (1 << 5) +#define CEC_TX_STATUS_ABORTED (1 << 6) +#define CEC_TX_STATUS_TIMEOUT (1 << 7) #define CEC_RX_STATUS_OK (1 << 0) #define CEC_RX_STATUS_TIMEOUT (1 << 1) #define CEC_RX_STATUS_FEATURE_ABORT (1 << 2) +#define CEC_RX_STATUS_ABORTED (1 << 3) static inline int cec_msg_status_is_ok(const struct cec_msg *msg) {

7 years, 1 month

1
0
0 0

[git:media_tree/master] media: ov7670: make "xclk" clock optional

by Mauro Carvalho Chehab

This is an automatic generated email to let you know that the following patch were queued: Subject: media: ov7670: make "xclk" clock optional Author: Lubomir Rintel <lkundrak(a)v3.sk> Date: Thu Oct 4 17:29:03 2018 -0400 When the "xclk" clock was added, it was made mandatory. This broke the driver on an OLPC plaform which doesn't know such clock. Make it optional. Tested on a OLPC XO-1 laptop. Fixes: 0a024d634cee ("[media] ov7670: get xclk") Cc: stable(a)vger.kernel.org # 4.11+ Signed-off-by: Lubomir Rintel <lkundrak(a)v3.sk> Signed-off-by: Sakari Ailus <sakari.ailus(a)linux.intel.com> Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> drivers/media/i2c/ov7670.c | 27 +++++++++++++++++---------- 1 file changed, 17 insertions(+), 10 deletions(-) --- diff --git a/drivers/media/i2c/ov7670.c b/drivers/media/i2c/ov7670.c index 92f59ae1b624..bc68a3a5b4ec 100644 --- a/drivers/media/i2c/ov7670.c +++ b/drivers/media/i2c/ov7670.c @@ -1808,17 +1808,24 @@ static int ov7670_probe(struct i2c_client *client, info->pclk_hb_disable = true; } - info->clk = devm_clk_get(&client->dev, "xclk"); - if (IS_ERR(info->clk)) - return PTR_ERR(info->clk); - ret = clk_prepare_enable(info->clk); - if (ret) - return ret; + info->clk = devm_clk_get(&client->dev, "xclk"); /* optional */ + if (IS_ERR(info->clk)) { + ret = PTR_ERR(info->clk); + if (ret == -ENOENT) + info->clk = NULL; + else + return ret; + } + if (info->clk) { + ret = clk_prepare_enable(info->clk); + if (ret) + return ret; - info->clock_speed = clk_get_rate(info->clk) / 1000000; - if (info->clock_speed < 10 || info->clock_speed > 48) { - ret = -EINVAL; - goto clk_disable; + info->clock_speed = clk_get_rate(info->clk) / 1000000; + if (info->clock_speed < 10 || info->clock_speed > 48) { + ret = -EINVAL; + goto clk_disable; + } } ret = ov7670_init_gpio(client, info);

7 years, 1 month

1
0
0 0

[git:media_tree/master] Revert "media: dvbsky: use just one mutex for serializing device R/W ops"

by Mauro Carvalho Chehab

This is an automatic generated email to let you know that the following patch were queued: Subject: Revert "media: dvbsky: use just one mutex for serializing device R/W ops" Author: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> Date: Fri Oct 5 10:21:25 2018 -0400 As pointed at: https://bugzilla.kernel.org/show_bug.cgi?id=199323 This patch causes a bad effect on RPi. I suspect that the root cause is at the USB out of tree RPi driver, with uses high priority interrupts instead of normal ones. Anyway, as this patch is mostly a cleanup, better to revert it. This reverts commit 7d95fb746c4eece67308f1642a666ea1ebdbd2cc. Cc: stable(a)vger.kernel.org # For Kernel 4.18 Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> drivers/media/usb/dvb-usb-v2/dvbsky.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) --- diff --git a/drivers/media/usb/dvb-usb-v2/dvbsky.c b/drivers/media/usb/dvb-usb-v2/dvbsky.c index 1aa88d94e57f..e28bd8836751 100644 --- a/drivers/media/usb/dvb-usb-v2/dvbsky.c +++ b/drivers/media/usb/dvb-usb-v2/dvbsky.c @@ -31,6 +31,7 @@ MODULE_PARM_DESC(disable_rc, "Disable inbuilt IR receiver."); DVB_DEFINE_MOD_OPT_ADAPTER_NR(adapter_nr); struct dvbsky_state { + struct mutex stream_mutex; u8 ibuf[DVBSKY_BUF_LEN]; u8 obuf[DVBSKY_BUF_LEN]; u8 last_lock; @@ -67,17 +68,18 @@ static int dvbsky_usb_generic_rw(struct dvb_usb_device *d, static int dvbsky_stream_ctrl(struct dvb_usb_device *d, u8 onoff) { + struct dvbsky_state *state = d_to_priv(d); int ret; - static u8 obuf_pre[3] = { 0x37, 0, 0 }; - static u8 obuf_post[3] = { 0x36, 3, 0 }; + u8 obuf_pre[3] = { 0x37, 0, 0 }; + u8 obuf_post[3] = { 0x36, 3, 0 }; - mutex_lock(&d->usb_mutex); - ret = dvb_usbv2_generic_rw_locked(d, obuf_pre, 3, NULL, 0); + mutex_lock(&state->stream_mutex); + ret = dvbsky_usb_generic_rw(d, obuf_pre, 3, NULL, 0); if (!ret && onoff) { msleep(20); - ret = dvb_usbv2_generic_rw_locked(d, obuf_post, 3, NULL, 0); + ret = dvbsky_usb_generic_rw(d, obuf_post, 3, NULL, 0); } - mutex_unlock(&d->usb_mutex); + mutex_unlock(&state->stream_mutex); return ret; } @@ -606,6 +608,8 @@ static int dvbsky_init(struct dvb_usb_device *d) if (ret) return ret; */ + mutex_init(&state->stream_mutex); + state->last_lock = 0; return 0;

7 years, 1 month

1
0
0 0

[PATCH] mtd: rawnand: marvell: fix the IRQ handler complete() condition

by Miquel Raynal

With the current implementation, the complete() in the IRQ handler is supposed to be called only if the register status has one or the other RDY bit set. Other events might trigger an interrupt as well if enabled, but should not end-up with a complete() call. For this purpose, the code was checking if the other bits were set, in this case complete() was not called. This is wrong as two events might happen in a very tight time-frame and if the NDSR status read reports two bits set (eg. RDY(0) and RDDREQ) at the same time, complete() was not called. This logic would lead to timeouts in marvell_nfc_wait_op() and has been observed on PXA boards (NFCv1) in the Hamming write path. Fixes: 02f26ecf8c77 ("mtd: nand: add reworked Marvell NAND controller driver") Cc: stable(a)vger.kernel.org Reported-by: Daniel Mack <daniel(a)zonque.org> Signed-off-by: Miquel Raynal <miquel.raynal(a)bootlin.com> Tested-by: Daniel Mack <daniel(a)zonque.org> --- drivers/mtd/nand/raw/marvell_nand.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/mtd/nand/raw/marvell_nand.c b/drivers/mtd/nand/raw/marvell_nand.c index bc2ef5209783..c7573ccdbacd 100644 --- a/drivers/mtd/nand/raw/marvell_nand.c +++ b/drivers/mtd/nand/raw/marvell_nand.c @@ -686,7 +686,7 @@ static irqreturn_t marvell_nfc_isr(int irq, void *dev_id) marvell_nfc_disable_int(nfc, st & NDCR_ALL_INT); - if (!(st & (NDSR_RDDREQ | NDSR_WRDREQ | NDSR_WRCMDREQ))) + if (st & (NDSR_RDY(0) | NDSR_RDY(1))) complete(&nfc->complete); return IRQ_HANDLED; -- 2.17.1

7 years, 1 month

2
2
0 0

[PATCH RESEND] Revert "media: dvbsky: use just one mutex for serializing device R/W ops"

by Mauro Carvalho Chehab

As pointed at: https://bugzilla.kernel.org/show_bug.cgi?id=199323 This patch causes a bad effect on RPi. I suspect that the root cause is at the USB RPi driver, with uses high priority interrupts instead of normal ones. Anyway, as this patch is mostly a cleanup, better to revert it. This reverts commit 7d95fb746c4eece67308f1642a666ea1ebdbd2cc. Cc: stable(a)vger.kernel.org # For Kernel 4.18 Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> --- Re-sending it with the right message ID drivers/media/usb/dvb-usb-v2/dvbsky.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/drivers/media/usb/dvb-usb-v2/dvbsky.c b/drivers/media/usb/dvb-usb-v2/dvbsky.c index 1aa88d94e57f..e28bd8836751 100644 --- a/drivers/media/usb/dvb-usb-v2/dvbsky.c +++ b/drivers/media/usb/dvb-usb-v2/dvbsky.c @@ -31,6 +31,7 @@ MODULE_PARM_DESC(disable_rc, "Disable inbuilt IR receiver."); DVB_DEFINE_MOD_OPT_ADAPTER_NR(adapter_nr); struct dvbsky_state { + struct mutex stream_mutex; u8 ibuf[DVBSKY_BUF_LEN]; u8 obuf[DVBSKY_BUF_LEN]; u8 last_lock; @@ -67,17 +68,18 @@ static int dvbsky_usb_generic_rw(struct dvb_usb_device *d, static int dvbsky_stream_ctrl(struct dvb_usb_device *d, u8 onoff) { + struct dvbsky_state *state = d_to_priv(d); int ret; - static u8 obuf_pre[3] = { 0x37, 0, 0 }; - static u8 obuf_post[3] = { 0x36, 3, 0 }; + u8 obuf_pre[3] = { 0x37, 0, 0 }; + u8 obuf_post[3] = { 0x36, 3, 0 }; - mutex_lock(&d->usb_mutex); - ret = dvb_usbv2_generic_rw_locked(d, obuf_pre, 3, NULL, 0); + mutex_lock(&state->stream_mutex); + ret = dvbsky_usb_generic_rw(d, obuf_pre, 3, NULL, 0); if (!ret && onoff) { msleep(20); - ret = dvb_usbv2_generic_rw_locked(d, obuf_post, 3, NULL, 0); + ret = dvbsky_usb_generic_rw(d, obuf_post, 3, NULL, 0); } - mutex_unlock(&d->usb_mutex); + mutex_unlock(&state->stream_mutex); return ret; } @@ -606,6 +608,8 @@ static int dvbsky_init(struct dvb_usb_device *d) if (ret) return ret; */ + mutex_init(&state->stream_mutex); + state->last_lock = 0; return 0; -- 2.17.1

7 years, 1 month

1
0
0 0

[PATCH] Revert "media: dvbsky: use just one mutex for serializing device R/W ops"

by Mauro Carvalho Chehab

As pointed at: https://bugzilla.kernel.org/show_bug.cgi?id=199323 This patch causes a bad effect on RPi. I suspect that the root cause is at the USB RPi driver, with uses high priority interrupts instead of normal ones. Anyway, as this patch is mostly a cleanup, better to revert it. This reverts commit 7d95fb746c4eece67308f1642a666ea1ebdbd2cc. Cc: stable(a)vger.kernel.org # For Kernel 4.18 Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> --- drivers/media/usb/dvb-usb-v2/dvbsky.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/drivers/media/usb/dvb-usb-v2/dvbsky.c b/drivers/media/usb/dvb-usb-v2/dvbsky.c index 1aa88d94e57f..e28bd8836751 100644 --- a/drivers/media/usb/dvb-usb-v2/dvbsky.c +++ b/drivers/media/usb/dvb-usb-v2/dvbsky.c @@ -31,6 +31,7 @@ MODULE_PARM_DESC(disable_rc, "Disable inbuilt IR receiver."); DVB_DEFINE_MOD_OPT_ADAPTER_NR(adapter_nr); struct dvbsky_state { + struct mutex stream_mutex; u8 ibuf[DVBSKY_BUF_LEN]; u8 obuf[DVBSKY_BUF_LEN]; u8 last_lock; @@ -67,17 +68,18 @@ static int dvbsky_usb_generic_rw(struct dvb_usb_device *d, static int dvbsky_stream_ctrl(struct dvb_usb_device *d, u8 onoff) { + struct dvbsky_state *state = d_to_priv(d); int ret; - static u8 obuf_pre[3] = { 0x37, 0, 0 }; - static u8 obuf_post[3] = { 0x36, 3, 0 }; + u8 obuf_pre[3] = { 0x37, 0, 0 }; + u8 obuf_post[3] = { 0x36, 3, 0 }; - mutex_lock(&d->usb_mutex); - ret = dvb_usbv2_generic_rw_locked(d, obuf_pre, 3, NULL, 0); + mutex_lock(&state->stream_mutex); + ret = dvbsky_usb_generic_rw(d, obuf_pre, 3, NULL, 0); if (!ret && onoff) { msleep(20); - ret = dvb_usbv2_generic_rw_locked(d, obuf_post, 3, NULL, 0); + ret = dvbsky_usb_generic_rw(d, obuf_post, 3, NULL, 0); } - mutex_unlock(&d->usb_mutex); + mutex_unlock(&state->stream_mutex); return ret; } @@ -606,6 +608,8 @@ static int dvbsky_init(struct dvb_usb_device *d) if (ret) return ret; */ + mutex_init(&state->stream_mutex); + state->last_lock = 0; return 0; -- 2.17.1

7 years, 1 month

1
0
0 0

[PATCH] i2c: designware: Call i2c_dw_clk_rate() only when calculating timings

by Jarkko Nikula

There are platforms which don't provide input clock rate but provide I2C timing parameters. Commit 3bd4f277274b ("i2c: designware: Call i2c_dw_clk_rate() only once in i2c_dw_init_master()") causes needless warning during probe on those platforms since i2c_dw_clk_rate(), which causes the warning when input clock is unknown, is called even when there is no need to calculate timing parameters. Fixes: 3bd4f277274b ("i2c: designware: Call i2c_dw_clk_rate() only once in i2c_dw_init_master()") Reported-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Cc: <stable(a)vger.kernel.org> # 4.19 Signed-off-by: Jarkko Nikula <jarkko.nikula(a)linux.intel.com> --- for current 4.19-rc6. I Cc'ed stable just in case this doesn't hit the v4.19. --- drivers/i2c/busses/i2c-designware-master.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/i2c/busses/i2c-designware-master.c b/drivers/i2c/busses/i2c-designware-master.c index 94d94b4a9a0d..18cc324f3ca9 100644 --- a/drivers/i2c/busses/i2c-designware-master.c +++ b/drivers/i2c/busses/i2c-designware-master.c @@ -34,11 +34,11 @@ static void i2c_dw_configure_fifo_master(struct dw_i2c_dev *dev) static int i2c_dw_set_timings_master(struct dw_i2c_dev *dev) { - u32 ic_clk = i2c_dw_clk_rate(dev); const char *mode_str, *fp_str = ""; u32 comp_param1; u32 sda_falling_time, scl_falling_time; struct i2c_timings *t = &dev->timings; + u32 ic_clk; int ret; ret = i2c_dw_acquire_lock(dev); @@ -53,6 +53,7 @@ static int i2c_dw_set_timings_master(struct dw_i2c_dev *dev) /* Calculate SCL timing parameters for standard mode if not set */ if (!dev->ss_hcnt || !dev->ss_lcnt) { + ic_clk = i2c_dw_clk_rate(dev); dev->ss_hcnt = i2c_dw_scl_hcnt(ic_clk, 4000, /* tHD;STA = tHIGH = 4.0 us */ @@ -89,6 +90,7 @@ static int i2c_dw_set_timings_master(struct dw_i2c_dev *dev) * needed also in high speed mode. */ if (!dev->fs_hcnt || !dev->fs_lcnt) { + ic_clk = i2c_dw_clk_rate(dev); dev->fs_hcnt = i2c_dw_scl_hcnt(ic_clk, 600, /* tHD;STA = tHIGH = 0.6 us */ -- 2.19.0

7 years, 1 month

3
2
0 0

[PATCH] dm: Fix report zone remapping

by Damien Le Moal

If dm-linear or dm-flakey have targets on top of a partition of a zoned block device, remapping of the start sector and write pointer position of the zones reported by a report zones BIO must be modified to not only account for the target table entry mapping, but also to account for the partition first sector. This start sector must be substracted to the start sector of all zones reported. The write pointer position of sequential zones must also be reduced by this offset. Since there is no easy way to access the underlying bdev of the target table entry from the dm_target or dm_target_io pointers, modify the interface of the function dm_remap_zone_report() to allow a target to pass the partition block device starting sector (offset). Fixes: 10999307c14e ("dm: introduce dm_remap_zone_report()") Signed-off-by: Damien Le Moal <damien.lemoal(a)wdc.com> Cc: <stable(a)vger.kernel.org> --- drivers/md/dm-flakey.c | 3 ++- drivers/md/dm-linear.c | 3 ++- drivers/md/dm.c | 16 ++++++++++++---- include/linux/device-mapper.h | 2 +- 4 files changed, 17 insertions(+), 7 deletions(-) diff --git a/drivers/md/dm-flakey.c b/drivers/md/dm-flakey.c index 21d126a5078c..c68c2e9cde6b 100644 --- a/drivers/md/dm-flakey.c +++ b/drivers/md/dm-flakey.c @@ -381,7 +381,8 @@ static int flakey_end_io(struct dm_target *ti, struct bio *bio, return DM_ENDIO_DONE; if (bio_op(bio) == REQ_OP_ZONE_REPORT) { - dm_remap_zone_report(ti, bio, fc->start); + dm_remap_zone_report(ti, bio, get_start_sect(fc->dev->bdev), + fc->start); return DM_ENDIO_DONE; } diff --git a/drivers/md/dm-linear.c b/drivers/md/dm-linear.c index d10964d41fd7..f8cd367abbf6 100644 --- a/drivers/md/dm-linear.c +++ b/drivers/md/dm-linear.c @@ -108,7 +108,8 @@ static int linear_end_io(struct dm_target *ti, struct bio *bio, struct linear_c *lc = ti->private; if (!*error && bio_op(bio) == REQ_OP_ZONE_REPORT) - dm_remap_zone_report(ti, bio, lc->start); + dm_remap_zone_report(ti, bio, get_start_sect(lc->dev->bdev), + lc->start); return DM_ENDIO_DONE; } diff --git a/drivers/md/dm.c b/drivers/md/dm.c index 20f7e4ef5342..ffd8544eedd8 100644 --- a/drivers/md/dm.c +++ b/drivers/md/dm.c @@ -1162,7 +1162,8 @@ EXPORT_SYMBOL_GPL(dm_accept_partial_bio); * REQ_OP_ZONE_REPORT bio to remap the zone descriptors obtained * from the target device mapping to the dm device. */ -void dm_remap_zone_report(struct dm_target *ti, struct bio *bio, sector_t start) +void dm_remap_zone_report(struct dm_target *ti, struct bio *bio, + sector_t dev_offset, sector_t start) { #ifdef CONFIG_BLK_DEV_ZONED struct dm_target_io *tio = container_of(bio, struct dm_target_io, clone); @@ -1195,18 +1196,25 @@ void dm_remap_zone_report(struct dm_target *ti, struct bio *bio, sector_t start) /* Set zones start sector */ while (hdr->nr_zones && ofst < bvec.bv_len) { zone = addr + ofst; + zone->start -= dev_offset; if (zone->start >= start + ti->len) { hdr->nr_zones = 0; break; } zone->start = zone->start + ti->begin - start; if (zone->type != BLK_ZONE_TYPE_CONVENTIONAL) { - if (zone->cond == BLK_ZONE_COND_FULL) + switch (zone->cond) { + case BLK_ZONE_COND_FULL: zone->wp = zone->start + zone->len; - else if (zone->cond == BLK_ZONE_COND_EMPTY) + break; + case BLK_ZONE_COND_EMPTY: zone->wp = zone->start; - else + break; + default: + zone->wp -= dev_offset; zone->wp = zone->wp + ti->begin - start; + break; + } } ofst += sizeof(struct blk_zone); hdr->nr_zones--; diff --git a/include/linux/device-mapper.h b/include/linux/device-mapper.h index 6fb0808e87c8..22c1924c0ee8 100644 --- a/include/linux/device-mapper.h +++ b/include/linux/device-mapper.h @@ -421,7 +421,7 @@ int dm_suspended(struct dm_target *ti); int dm_noflush_suspending(struct dm_target *ti); void dm_accept_partial_bio(struct bio *bio, unsigned n_sectors); void dm_remap_zone_report(struct dm_target *ti, struct bio *bio, - sector_t start); + sector_t dev_offset, sector_t start); union map_info *dm_get_rq_mapinfo(struct request *rq); struct queue_limits *dm_get_queue_limits(struct mapped_device *md); -- 2.17.1

7 years, 1 month

1
0
0 0

[PATCH] iommu/amd: Clear memory encryption mask from physical address

by Singh, Brijesh

Boris Ostrovsky reported a memory leak with device passthrough when SME is active. The VFIO driver uses iommu_iova_to_phys() to get the physical address for an iova. This physical address is later passed into vfio_unmap_unpin() to unpin the memory. The vfio_unmap_unpin() uses pfn_valid() before unpinning the memory. The pfn_valid() check was failing because encryption mask was part of the physical address returned. This resulted in the memory not being unpinned and therefore leaked after the guest terminates. The memory encryption mask must be cleared from the physical address in iommu_iova_to_phys(). Fixes: 2543a786aa25 ("iommu/amd: Allow the AMD IOMMU to work with memory encryption") Reported-by: Boris Ostrovsky <boris.ostrovsky(a)oracle.com> Cc: Tom Lendacky <thomas.lendacky(a)amd.com> Cc: Joerg Roedel <joro(a)8bytes.org> Cc: <iommu(a)lists.linux-foundation.org> Cc: Borislav Petkov <bp(a)suse.de> Cc: Paolo Bonzini <pbonzini(a)redhat.com> Cc: Radim Krčmář <rkrcmar(a)redhat.com> Cc: kvm(a)vger.kernel.org Cc: Boris Ostrovsky <boris.ostrovsky(a)oracle.com> Cc: <stable(a)vger.kernel.org> # 4.14+ Signed-off-by: Brijesh Singh <brijesh.singh(a)amd.com> --- drivers/iommu/amd_iommu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/iommu/amd_iommu.c b/drivers/iommu/amd_iommu.c index 73e47d9..bee0dfb 100644 --- a/drivers/iommu/amd_iommu.c +++ b/drivers/iommu/amd_iommu.c @@ -3069,7 +3069,7 @@ static phys_addr_t amd_iommu_iova_to_phys(struct iommu_domain *dom, return 0; offset_mask = pte_pgsize - 1; - __pte = *pte & PM_ADDR_MASK; + __pte = __sme_clr(*pte & PM_ADDR_MASK); return (__pte & ~offset_mask) | (iova & offset_mask); } -- 2.7.4

7 years, 1 month

2
1
0 0

[PATCH v4 5/5] drm/i915: Fix intel_dp_mst_best_encoder()

by Lyude Paul

Currently, i915 appears to rely on blocking modesets on no-longer-present MSTB ports by simply returning NULL for ->best_encoder(), which in turn causes any new atomic commits that don't disable the CRTC to fail. This is wrong however, since we still want to allow userspace to disable CRTCs on no-longer-present MSTB ports by changing the DPMS state to off and this still requires that we retrieve an encoder. So, fix this by always returning a valid encoder regardless of the state of the MST port. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org Changes since v1: - Remove mst atomic helper, since this got replaced with a much simpler solution Signed-off-by: Lyude Paul <lyude(a)redhat.com> --- drivers/gpu/drm/i915/intel_dp_mst.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_dp_mst.c b/drivers/gpu/drm/i915/intel_dp_mst.c index a366f32b048a..daade60c5714 100644 --- a/drivers/gpu/drm/i915/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/intel_dp_mst.c @@ -407,8 +407,6 @@ static struct drm_encoder *intel_mst_atomic_best_encoder(struct drm_connector *c struct intel_dp *intel_dp = intel_connector->mst_port; struct intel_crtc *crtc = to_intel_crtc(state->crtc); - if (intel_connector->mst_port_gone) - return NULL; return &intel_dp->mst_encoders[crtc->pipe]->base.base; } -- 2.17.1

7 years, 1 month

2
1
0 0

[PATCH v4 4/5] drm/i915: Skip vcpi allocation for MSTB ports that are gone

by Lyude Paul

Since we need to be able to allow DPMS on->off prop changes after an MST port has disappeared from the system, we need to be able to make sure we can compute a config for the resulting atomic commit. Currently this is impossible when the port has disappeared, since the VCPI slot searching we try to do in intel_dp_mst_compute_config() will fail with -EINVAL. Since the only commits we want to allow on no-longer-present MST ports are ones that shut off display hardware, we already know that no VCPI allocations are needed. So, hardcode the VCPI slot count to 0 when intel_dp_mst_compute_config() is called on an MST port that's gone. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/i915/intel_dp_mst.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_dp_mst.c b/drivers/gpu/drm/i915/intel_dp_mst.c index fcb9b87b9339..a366f32b048a 100644 --- a/drivers/gpu/drm/i915/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/intel_dp_mst.c @@ -42,7 +42,7 @@ static bool intel_dp_mst_compute_config(struct intel_encoder *encoder, to_intel_connector(conn_state->connector); struct drm_atomic_state *state = pipe_config->base.state; int bpp; - int lane_count, slots; + int lane_count, slots = 0; const struct drm_display_mode *adjusted_mode = &pipe_config->base.adjusted_mode; int mst_pbn; bool reduce_m_n = drm_dp_has_quirk(&intel_dp->desc, @@ -76,11 +76,16 @@ static bool intel_dp_mst_compute_config(struct intel_encoder *encoder, mst_pbn = drm_dp_calc_pbn_mode(adjusted_mode->crtc_clock, bpp); pipe_config->pbn = mst_pbn; - slots = drm_dp_atomic_find_vcpi_slots(state, &intel_dp->mst_mgr, - connector->port, mst_pbn); - if (slots < 0) { - DRM_DEBUG_KMS("failed finding vcpi slots:%d\n", slots); - return false; + if (!connector->mst_port_gone) { + slots = drm_dp_atomic_find_vcpi_slots(state, + &intel_dp->mst_mgr, + connector->port, + mst_pbn); + if (slots < 0) { + DRM_DEBUG_KMS("failed finding vcpi slots:%d\n", + slots); + return false; + } } intel_link_compute_m_n(bpp, lane_count, -- 2.17.1

7 years, 1 month

2
1
0 0

[PATCH v4 3/5] drm/i915: Leave intel_conn->mst_port set, use mst_port_gone instead

by Lyude Paul

Currently we set intel_connector->mst_port to NULL to signify that the MST port has been removed from the system so that we can prevent further action on the port such as connector probes, mode probing, etc. However, we're going to need access to intel_connector->mst_port in order to fixup ->best_encoder() so that it can always return the correct encoder for an MST port to prevent legacy DPMS prop changes from failing. This should be safe, so instead keep intel_connector->mst_port always set and instead add intel_connector->mst_port_gone in order to signify whether or not the connector has disappeared from the system. Changes since v2: - Add a comment to mst_port_gone (Jani Nikula) - Change mst_port_gone to a u8 instead of a bool, per the kernel bot. Apparently bool is discouraged in structs these days Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/i915/intel_dp_mst.c | 14 +++++++------- drivers/gpu/drm/i915/intel_drv.h | 6 ++++++ 2 files changed, 13 insertions(+), 7 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_dp_mst.c b/drivers/gpu/drm/i915/intel_dp_mst.c index 4ecd65375603..fcb9b87b9339 100644 --- a/drivers/gpu/drm/i915/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/intel_dp_mst.c @@ -311,9 +311,8 @@ static int intel_dp_mst_get_ddc_modes(struct drm_connector *connector) struct edid *edid; int ret; - if (!intel_dp) { + if (intel_connector->mst_port_gone) return intel_connector_update_modes(connector, NULL); - } edid = drm_dp_mst_get_edid(connector, &intel_dp->mst_mgr, intel_connector->port); ret = intel_connector_update_modes(connector, edid); @@ -328,9 +327,10 @@ intel_dp_mst_detect(struct drm_connector *connector, bool force) struct intel_connector *intel_connector = to_intel_connector(connector); struct intel_dp *intel_dp = intel_connector->mst_port; - if (!intel_dp) + if (intel_connector->mst_port_gone) return connector_status_disconnected; - return drm_dp_mst_detect_port(connector, &intel_dp->mst_mgr, intel_connector->port); + return drm_dp_mst_detect_port(connector, &intel_dp->mst_mgr, + intel_connector->port); } static void @@ -370,7 +370,7 @@ intel_dp_mst_mode_valid(struct drm_connector *connector, int bpp = 24; /* MST uses fixed bpp */ int max_rate, mode_rate, max_lanes, max_link_clock; - if (!intel_dp) + if (intel_connector->mst_port_gone) return MODE_ERROR; if (mode->flags & DRM_MODE_FLAG_DBLSCAN) @@ -402,7 +402,7 @@ static struct drm_encoder *intel_mst_atomic_best_encoder(struct drm_connector *c struct intel_dp *intel_dp = intel_connector->mst_port; struct intel_crtc *crtc = to_intel_crtc(state->crtc); - if (!intel_dp) + if (intel_connector->mst_port_gone) return NULL; return &intel_dp->mst_encoders[crtc->pipe]->base.base; } @@ -514,7 +514,7 @@ static void intel_dp_destroy_mst_connector(struct drm_dp_mst_topology_mgr *mgr, connector); /* prevent race with the check in ->detect */ drm_modeset_lock(&connector->dev->mode_config.connection_mutex, NULL); - intel_connector->mst_port = NULL; + intel_connector->mst_port_gone = true; drm_modeset_unlock(&connector->dev->mode_config.connection_mutex); drm_connector_put(connector); diff --git a/drivers/gpu/drm/i915/intel_drv.h b/drivers/gpu/drm/i915/intel_drv.h index 8fc61e96754f..8261d4579452 100644 --- a/drivers/gpu/drm/i915/intel_drv.h +++ b/drivers/gpu/drm/i915/intel_drv.h @@ -410,6 +410,12 @@ struct intel_connector { struct intel_dp *mst_port; + /* + * Set to 1 if this is an MST connector that was removed from the + * system and unregistered from sysfs + */ + u8 mst_port_gone; + /* Work struct to schedule a uevent on link train failure */ struct work_struct modeset_retry_work; -- 2.17.1

7 years, 1 month

2
1
0 0

[PATCH v4 2/5] drm/nouveau: Fix nv50_mstc->best_encoder()

by Lyude Paul

As mentioned in the previous commit, we currently prevent new modesets on recently-removed MST connectors by returning no encoder from our ->best_encoder() callback once the MST port has disappeared. This is wrong however, because it prevents legacy modesetting users from being able to disable CRTCs on MST connectors after the connector's respective topology has disappeared. So, fix this by instead by just always returning a valid encoder. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org Changes since v2: - Remove usage of atomic MST helper for now, since that got replaced with a much simpler solution Signed-off-by: Lyude Paul <lyude(a)redhat.com> --- drivers/gpu/drm/nouveau/dispnv50/disp.c | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/drivers/gpu/drm/nouveau/dispnv50/disp.c b/drivers/gpu/drm/nouveau/dispnv50/disp.c index 5691dfa1db6f..63a23a80f279 100644 --- a/drivers/gpu/drm/nouveau/dispnv50/disp.c +++ b/drivers/gpu/drm/nouveau/dispnv50/disp.c @@ -843,22 +843,16 @@ nv50_mstc_atomic_best_encoder(struct drm_connector *connector, { struct nv50_head *head = nv50_head(connector_state->crtc); struct nv50_mstc *mstc = nv50_mstc(connector); - if (mstc->port) { - struct nv50_mstm *mstm = mstc->mstm; - return &mstm->msto[head->base.index]->encoder; - } - return NULL; + + return &mstc->mstm->msto[head->base.index]->encoder; } static struct drm_encoder * nv50_mstc_best_encoder(struct drm_connector *connector) { struct nv50_mstc *mstc = nv50_mstc(connector); - if (mstc->port) { - struct nv50_mstm *mstm = mstc->mstm; - return &mstm->msto[0]->encoder; - } - return NULL; + + return &mstc->mstm->msto[0]->encoder; } static enum drm_mode_status -- 2.17.1

7 years, 1 month

2
1
0 0

[PATCH v4 1/5] drm/atomic_helper: Disallow new modesets on unregistered connectors

by Lyude Paul

With the exception of modesets which would switch the DPMS state of a connector from on to off, we want to make sure that we disallow all modesets which would result in enabling a new monitor or a new mode configuration on a monitor if the connector for the display in question is no longer registered. This allows us to stop userspace from trying to enable new displays on connectors for an MST topology that were just removed from the system, without preventing userspace from disabling DPMS on those connectors. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/drm_atomic_helper.c | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/drm_atomic_helper.c b/drivers/gpu/drm/drm_atomic_helper.c index 80be74df7ba6..ce2decfc6826 100644 --- a/drivers/gpu/drm/drm_atomic_helper.c +++ b/drivers/gpu/drm/drm_atomic_helper.c @@ -307,6 +307,26 @@ update_connector_routing(struct drm_atomic_state *state, return 0; } + crtc_state = drm_atomic_get_new_crtc_state(state, + new_connector_state->crtc); + /* + * For compatibility with legacy users, we want to make sure that + * we allow DPMS On->Off modesets on unregistered connectors. Modesets + * which would result in anything else must be considered invalid, to + * avoid turning on new displays on dead connectors. + * + * Since the connector can be unregistered at any point during an + * atomic check or commit, this is racy. But that's OK: all we care + * about is ensuring that userspace can't do anything but shut off the + * display on a connector that was destroyed after it's been notified, + * not before. + */ + if (!READ_ONCE(connector->registered) && crtc_state->active) { + DRM_DEBUG_ATOMIC("[CONNECTOR:%d:%s] is not registered\n", + connector->base.id, connector->name); + return -EINVAL; + } + funcs = connector->helper_private; if (funcs->atomic_best_encoder) @@ -351,7 +371,6 @@ update_connector_routing(struct drm_atomic_state *state, set_best_encoder(state, new_connector_state, new_encoder); - crtc_state = drm_atomic_get_new_crtc_state(state, new_connector_state->crtc); crtc_state->connectors_changed = true; DRM_DEBUG_ATOMIC("[CONNECTOR:%d:%s] using [ENCODER:%d:%s] on [CRTC:%d:%s]\n", -- 2.17.1

7 years, 1 month

2
1
0 0

[PATCH] power: supply: olpc_battery: correct the temperature units

by Lubomir Rintel

According to [1] and [2], the temperature values are in tenths of degree Celsius. Exposing the Celsius value makes the battery appear on fire: $ upower -i /org/freedesktop/UPower/devices/battery_olpc_battery ... temperature: 236.9 degrees C Tested on OLPC XO-1 and OLPC XO-1.75 laptops. [1] include/linux/power_supply.h [2] Documentation/power/power_supply_class.txt Cc: stable(a)vger.kernel.org Signed-off-by: Lubomir Rintel <lkundrak(a)v3.sk> --- drivers/power/supply/olpc_battery.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/power/supply/olpc_battery.c b/drivers/power/supply/olpc_battery.c index 6da79ae14860..5a97e42a3547 100644 --- a/drivers/power/supply/olpc_battery.c +++ b/drivers/power/supply/olpc_battery.c @@ -428,14 +428,14 @@ static int olpc_bat_get_property(struct power_supply *psy, if (ret) return ret; - val->intval = (s16)be16_to_cpu(ec_word) * 100 / 256; + val->intval = (s16)be16_to_cpu(ec_word) * 10 / 256; break; case POWER_SUPPLY_PROP_TEMP_AMBIENT: ret = olpc_ec_cmd(EC_AMB_TEMP, NULL, 0, (void *)&ec_word, 2); if (ret) return ret; - val->intval = (int)be16_to_cpu(ec_word) * 100 / 256; + val->intval = (int)be16_to_cpu(ec_word) * 10 / 256; break; case POWER_SUPPLY_PROP_CHARGE_COUNTER: ret = olpc_ec_cmd(EC_BAT_ACR, NULL, 0, (void *)&ec_word, 2); -- 2.19.0

7 years, 1 month

1
0
0 0

[PATCH] libnvdimm, pmem: Fix badblocks population for 'raw' namespaces

by Dan Williams

The driver is only initializing bb_res in the devm_memremap_pages() paths, but the raw namespace case is passing an uninitialized bb_res to nvdimm_badblocks_populate(). Fixes: e8d513483300 ("memremap: change devm_memremap_pages interface...") Cc: <stable(a)vger.kernel.org> Cc: Christoph Hellwig <hch(a)lst.de> Reported-by: Jacek Zloch <jacek.zloch(a)intel.com> Reported-by: Krzysztof Rusocki <krzysztof.rusocki(a)intel.com> Signed-off-by: Dan Williams <dan.j.williams(a)intel.com> --- drivers/nvdimm/pmem.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/nvdimm/pmem.c b/drivers/nvdimm/pmem.c index 6071e2942053..2082ae01b9c8 100644 --- a/drivers/nvdimm/pmem.c +++ b/drivers/nvdimm/pmem.c @@ -421,9 +421,11 @@ static int pmem_attach_disk(struct device *dev, addr = devm_memremap_pages(dev, &pmem->pgmap); pmem->pfn_flags |= PFN_MAP; memcpy(&bb_res, &pmem->pgmap.res, sizeof(bb_res)); - } else + } else { addr = devm_memremap(dev, pmem->phys_addr, pmem->size, ARCH_MEMREMAP_PMEM); + memcpy(&bb_res, &nsio->res, sizeof(bb_res)); + } /* * At release time the queue must be frozen before

7 years, 1 month

2
1
0 0

[PATCH v3 5/5] drm/i915: Fix intel_dp_mst_best_encoder()

by Lyude Paul

Currently, i915 appears to rely on blocking modesets on no-longer-present MSTB ports by simply returning NULL for ->best_encoder(), which in turn causes any new atomic commits that don't disable the CRTC to fail. This is wrong however, since we still want to allow userspace to disable CRTCs on no-longer-present MSTB ports by changing the DPMS state to off and this still requires that we retrieve an encoder. So, fix this by always returning a valid encoder regardless of the state of the MST port. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org Changes since v1: - Remove mst atomic helper, since this got replaced with a much simpler solution Signed-off-by: Lyude Paul <lyude(a)redhat.com> --- drivers/gpu/drm/i915/intel_dp_mst.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_dp_mst.c b/drivers/gpu/drm/i915/intel_dp_mst.c index a366f32b048a..daade60c5714 100644 --- a/drivers/gpu/drm/i915/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/intel_dp_mst.c @@ -407,8 +407,6 @@ static struct drm_encoder *intel_mst_atomic_best_encoder(struct drm_connector *c struct intel_dp *intel_dp = intel_connector->mst_port; struct intel_crtc *crtc = to_intel_crtc(state->crtc); - if (intel_connector->mst_port_gone) - return NULL; return &intel_dp->mst_encoders[crtc->pipe]->base.base; } -- 2.17.1

7 years, 1 month

1
0
0 0

[PATCH v3 4/5] drm/i915: Skip vcpi allocation for MSTB ports that are gone

by Lyude Paul

Since we need to be able to allow DPMS on->off prop changes after an MST port has disappeared from the system, we need to be able to make sure we can compute a config for the resulting atomic commit. Currently this is impossible when the port has disappeared, since the VCPI slot searching we try to do in intel_dp_mst_compute_config() will fail with -EINVAL. Since the only commits we want to allow on no-longer-present MST ports are ones that shut off display hardware, we already know that no VCPI allocations are needed. So, hardcode the VCPI slot count to 0 when intel_dp_mst_compute_config() is called on an MST port that's gone. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/i915/intel_dp_mst.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_dp_mst.c b/drivers/gpu/drm/i915/intel_dp_mst.c index fcb9b87b9339..a366f32b048a 100644 --- a/drivers/gpu/drm/i915/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/intel_dp_mst.c @@ -42,7 +42,7 @@ static bool intel_dp_mst_compute_config(struct intel_encoder *encoder, to_intel_connector(conn_state->connector); struct drm_atomic_state *state = pipe_config->base.state; int bpp; - int lane_count, slots; + int lane_count, slots = 0; const struct drm_display_mode *adjusted_mode = &pipe_config->base.adjusted_mode; int mst_pbn; bool reduce_m_n = drm_dp_has_quirk(&intel_dp->desc, @@ -76,11 +76,16 @@ static bool intel_dp_mst_compute_config(struct intel_encoder *encoder, mst_pbn = drm_dp_calc_pbn_mode(adjusted_mode->crtc_clock, bpp); pipe_config->pbn = mst_pbn; - slots = drm_dp_atomic_find_vcpi_slots(state, &intel_dp->mst_mgr, - connector->port, mst_pbn); - if (slots < 0) { - DRM_DEBUG_KMS("failed finding vcpi slots:%d\n", slots); - return false; + if (!connector->mst_port_gone) { + slots = drm_dp_atomic_find_vcpi_slots(state, + &intel_dp->mst_mgr, + connector->port, + mst_pbn); + if (slots < 0) { + DRM_DEBUG_KMS("failed finding vcpi slots:%d\n", + slots); + return false; + } } intel_link_compute_m_n(bpp, lane_count, -- 2.17.1

7 years, 1 month

1
0
0 0

[PATCH v3 3/5] drm/i915: Leave intel_conn->mst_port set, use mst_port_gone instead

by Lyude Paul

Currently we set intel_connector->mst_port to NULL to signify that the MST port has been removed from the system so that we can prevent further action on the port such as connector probes, mode probing, etc. However, we're going to need access to intel_connector->mst_port in order to fixup ->best_encoder() so that it can always return the correct encoder for an MST port to prevent legacy DPMS prop changes from failing. This should be safe, so instead keep intel_connector->mst_port always set and instead add intel_connector->mst_port_gone in order to signify whether or not the connector has disappeared from the system. Changes since v2: - Add a comment to mst_port_gone (Jani Nikula) - Change mst_port_gone to a u8 instead of a bool, per the kernel bot. Apparently bool is discouraged in structs these days Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/i915/intel_dp_mst.c | 14 +++++++------- drivers/gpu/drm/i915/intel_drv.h | 6 ++++++ 2 files changed, 13 insertions(+), 7 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_dp_mst.c b/drivers/gpu/drm/i915/intel_dp_mst.c index 4ecd65375603..fcb9b87b9339 100644 --- a/drivers/gpu/drm/i915/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/intel_dp_mst.c @@ -311,9 +311,8 @@ static int intel_dp_mst_get_ddc_modes(struct drm_connector *connector) struct edid *edid; int ret; - if (!intel_dp) { + if (intel_connector->mst_port_gone) return intel_connector_update_modes(connector, NULL); - } edid = drm_dp_mst_get_edid(connector, &intel_dp->mst_mgr, intel_connector->port); ret = intel_connector_update_modes(connector, edid); @@ -328,9 +327,10 @@ intel_dp_mst_detect(struct drm_connector *connector, bool force) struct intel_connector *intel_connector = to_intel_connector(connector); struct intel_dp *intel_dp = intel_connector->mst_port; - if (!intel_dp) + if (intel_connector->mst_port_gone) return connector_status_disconnected; - return drm_dp_mst_detect_port(connector, &intel_dp->mst_mgr, intel_connector->port); + return drm_dp_mst_detect_port(connector, &intel_dp->mst_mgr, + intel_connector->port); } static void @@ -370,7 +370,7 @@ intel_dp_mst_mode_valid(struct drm_connector *connector, int bpp = 24; /* MST uses fixed bpp */ int max_rate, mode_rate, max_lanes, max_link_clock; - if (!intel_dp) + if (intel_connector->mst_port_gone) return MODE_ERROR; if (mode->flags & DRM_MODE_FLAG_DBLSCAN) @@ -402,7 +402,7 @@ static struct drm_encoder *intel_mst_atomic_best_encoder(struct drm_connector *c struct intel_dp *intel_dp = intel_connector->mst_port; struct intel_crtc *crtc = to_intel_crtc(state->crtc); - if (!intel_dp) + if (intel_connector->mst_port_gone) return NULL; return &intel_dp->mst_encoders[crtc->pipe]->base.base; } @@ -514,7 +514,7 @@ static void intel_dp_destroy_mst_connector(struct drm_dp_mst_topology_mgr *mgr, connector); /* prevent race with the check in ->detect */ drm_modeset_lock(&connector->dev->mode_config.connection_mutex, NULL); - intel_connector->mst_port = NULL; + intel_connector->mst_port_gone = true; drm_modeset_unlock(&connector->dev->mode_config.connection_mutex); drm_connector_put(connector); diff --git a/drivers/gpu/drm/i915/intel_drv.h b/drivers/gpu/drm/i915/intel_drv.h index 8fc61e96754f..8261d4579452 100644 --- a/drivers/gpu/drm/i915/intel_drv.h +++ b/drivers/gpu/drm/i915/intel_drv.h @@ -410,6 +410,12 @@ struct intel_connector { struct intel_dp *mst_port; + /* + * Set to 1 if this is an MST connector that was removed from the + * system and unregistered from sysfs + */ + u8 mst_port_gone; + /* Work struct to schedule a uevent on link train failure */ struct work_struct modeset_retry_work; -- 2.17.1

7 years, 1 month

1
0
0 0

[PATCH v3 2/5] drm/nouveau: Fix nv50_mstc->best_encoder()

by Lyude Paul

As mentioned in the previous commit, we currently prevent new modesets on recently-removed MST connectors by returning no encoder from our ->best_encoder() callback once the MST port has disappeared. This is wrong however, because it prevents legacy modesetting users from being able to disable CRTCs on MST connectors after the connector's respective topology has disappeared. So, fix this by instead by just always returning a valid encoder. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org Changes since v2: - Remove usage of atomic MST helper for now, since that got replaced with a much simpler solution Signed-off-by: Lyude Paul <lyude(a)redhat.com> --- drivers/gpu/drm/nouveau/dispnv50/disp.c | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/drivers/gpu/drm/nouveau/dispnv50/disp.c b/drivers/gpu/drm/nouveau/dispnv50/disp.c index 9da0bdfe1e1c..f58fc12f0a07 100644 --- a/drivers/gpu/drm/nouveau/dispnv50/disp.c +++ b/drivers/gpu/drm/nouveau/dispnv50/disp.c @@ -881,22 +881,16 @@ nv50_mstc_atomic_best_encoder(struct drm_connector *connector, { struct nv50_head *head = nv50_head(connector_state->crtc); struct nv50_mstc *mstc = nv50_mstc(connector); - if (mstc->port) { - struct nv50_mstm *mstm = mstc->mstm; - return &mstm->msto[head->base.index]->encoder; - } - return NULL; + + return &mstc->mstm->msto[head->base.index]->encoder; } static struct drm_encoder * nv50_mstc_best_encoder(struct drm_connector *connector) { struct nv50_mstc *mstc = nv50_mstc(connector); - if (mstc->port) { - struct nv50_mstm *mstm = mstc->mstm; - return &mstm->msto[0]->encoder; - } - return NULL; + + return &mstc->mstm->msto[0]->encoder; } static enum drm_mode_status -- 2.17.1

7 years, 1 month

1
0
0 0

[PATCH v3 1/5] drm/atomic_helper: Disallow new modesets on unregistered connectors

by Lyude Paul

With the exception of modesets which would switch the DPMS state of a connector from on to off, we want to make sure that we disallow all modesets which would result in enabling a new monitor or a new mode configuration on a monitor if the connector for the display in question is no longer registered. This allows us to stop userspace from trying to enable new displays on connectors for an MST topology that were just removed from the system, without preventing userspace from disabling DPMS on those connectors. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/drm_atomic_helper.c | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/drm_atomic_helper.c b/drivers/gpu/drm/drm_atomic_helper.c index 80be74df7ba6..ce2decfc6826 100644 --- a/drivers/gpu/drm/drm_atomic_helper.c +++ b/drivers/gpu/drm/drm_atomic_helper.c @@ -307,6 +307,26 @@ update_connector_routing(struct drm_atomic_state *state, return 0; } + crtc_state = drm_atomic_get_new_crtc_state(state, + new_connector_state->crtc); + /* + * For compatibility with legacy users, we want to make sure that + * we allow DPMS On->Off modesets on unregistered connectors. Modesets + * which would result in anything else must be considered invalid, to + * avoid turning on new displays on dead connectors. + * + * Since the connector can be unregistered at any point during an + * atomic check or commit, this is racy. But that's OK: all we care + * about is ensuring that userspace can't do anything but shut off the + * display on a connector that was destroyed after it's been notified, + * not before. + */ + if (!READ_ONCE(connector->registered) && crtc_state->active) { + DRM_DEBUG_ATOMIC("[CONNECTOR:%d:%s] is not registered\n", + connector->base.id, connector->name); + return -EINVAL; + } + funcs = connector->helper_private; if (funcs->atomic_best_encoder) @@ -351,7 +371,6 @@ update_connector_routing(struct drm_atomic_state *state, set_best_encoder(state, new_connector_state, new_encoder); - crtc_state = drm_atomic_get_new_crtc_state(state, new_connector_state->crtc); crtc_state->connectors_changed = true; DRM_DEBUG_ATOMIC("[CONNECTOR:%d:%s] using [ENCODER:%d:%s] on [CRTC:%d:%s]\n", -- 2.17.1

7 years, 1 month

1
0
0 0

v4.9.131 build: 0 failures 0 warnings (v4.9.131)

by Build bot for Mark Brown

Tree/Branch: v4.9.131 Git describe: v4.9.131 Commit: cdd48f386d Linux 4.9.131 Build Time: 95 min 25 sec Passed: 11 / 11 (100.00 %) Failed: 0 / 11 ( 0.00 %) Errors: 0 Warnings: 0 Section Mismatches: 0 ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): ------------------------------------------------------------------------------- =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches: arm64-allnoconfig arm64-allmodconfig arm-multi_v5_defconfig arm-multi_v7_defconfig x86_64-defconfig arm-allmodconfig arm-allnoconfig x86_64-allnoconfig arm-multi_v4t_defconfig x86_64-allmodconfig arm64-defconfig close failed in file object destructor: sys.excepthook is missing lost sys.stderr

7 years, 1 month

1
0
0 0

Re: [GIT PULL] commits for Linux 4.18

by Greg KH

On Thu, Oct 04, 2018 at 02:07:45PM -0400, Sasha Levin wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > Hi Greg, > > Pleae pull commits for Linux 4.18 . > > I've sent a review request for all commits over a week ago and all > comments were addressed. Thanks for these, all 5 trees now pulled in. greg k-h

7 years, 1 month

1
0
0 0

[PATCH backport for 4.18] rseq/selftests: fix parametrized test with -fpie

by Mathieu Desnoyers

commit ce01a1575f45bf319e374592656441021a7f5823 upstream. On x86-64, the parametrized selftest code for rseq crashes with a segmentation fault when compiled with -fpie. This happens when the param_test binary is loaded at an address beyond 32-bit on x86-64. The issue is caused by use of a 32-bit register to hold the address of the loop counter variable. Fix this by using a 64-bit register to calculate the address of the loop counter variables as an offset from rip. Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Acked-by: "Paul E . McKenney" <paulmck(a)linux.vnet.ibm.com> Cc: <stable(a)vger.kernel.org> # v4.18 Cc: Shuah Khan <shuah(a)kernel.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Joel Fernandes <joelaf(a)google.com> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Dave Watson <davejwatson(a)fb.com> Cc: Will Deacon <will.deacon(a)arm.com> Cc: Andi Kleen <andi(a)firstfloor.org> Cc: linux-kselftest(a)vger.kernel.org Cc: "H . Peter Anvin" <hpa(a)zytor.com> Cc: Chris Lameter <cl(a)linux.com> Cc: Russell King <linux(a)arm.linux.org.uk> Cc: Michael Kerrisk <mtk.manpages(a)gmail.com> Cc: "Paul E . McKenney" <paulmck(a)linux.vnet.ibm.com> Cc: Paul Turner <pjt(a)google.com> Cc: Boqun Feng <boqun.feng(a)gmail.com> Cc: Josh Triplett <josh(a)joshtriplett.org> Cc: Steven Rostedt <rostedt(a)goodmis.org> Cc: Ben Maurer <bmaurer(a)fb.com> Cc: Andy Lutomirski <luto(a)amacapital.net> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> --- tools/testing/selftests/rseq/param_test.c | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/tools/testing/selftests/rseq/param_test.c b/tools/testing/selftests/rseq/param_test.c index 615252331813..4bc071525bf7 100644 --- a/tools/testing/selftests/rseq/param_test.c +++ b/tools/testing/selftests/rseq/param_test.c @@ -56,15 +56,13 @@ unsigned int yield_mod_cnt, nr_abort; printf(fmt, ## __VA_ARGS__); \ } while (0) -#if defined(__x86_64__) || defined(__i386__) +#ifdef __i386__ #define INJECT_ASM_REG "eax" #define RSEQ_INJECT_CLOBBER \ , INJECT_ASM_REG -#ifdef __i386__ - #define RSEQ_INJECT_ASM(n) \ "mov asm_loop_cnt_" #n ", %%" INJECT_ASM_REG "\n\t" \ "test %%" INJECT_ASM_REG ",%%" INJECT_ASM_REG "\n\t" \ @@ -76,9 +74,16 @@ unsigned int yield_mod_cnt, nr_abort; #elif defined(__x86_64__) +#define INJECT_ASM_REG_P "rax" +#define INJECT_ASM_REG "eax" + +#define RSEQ_INJECT_CLOBBER \ + , INJECT_ASM_REG_P \ + , INJECT_ASM_REG + #define RSEQ_INJECT_ASM(n) \ - "lea asm_loop_cnt_" #n "(%%rip), %%" INJECT_ASM_REG "\n\t" \ - "mov (%%" INJECT_ASM_REG "), %%" INJECT_ASM_REG "\n\t" \ + "lea asm_loop_cnt_" #n "(%%rip), %%" INJECT_ASM_REG_P "\n\t" \ + "mov (%%" INJECT_ASM_REG_P "), %%" INJECT_ASM_REG "\n\t" \ "test %%" INJECT_ASM_REG ",%%" INJECT_ASM_REG "\n\t" \ "jz 333f\n\t" \ "222:\n\t" \ @@ -86,10 +91,6 @@ unsigned int yield_mod_cnt, nr_abort; "jnz 222b\n\t" \ "333:\n\t" -#else -#error "Unsupported architecture" -#endif - #elif defined(__ARMEL__) #define RSEQ_INJECT_INPUT \ -- 2.17.1

7 years, 1 month

3
2
0 0

Requests for inclusion on linux-4.14.y

by Alakesh Haloi

Hello Greg, Can you please consider including the following patch in the stable linux-4.14.y branch? This is to fix a possible sprintf buffer overflow 46c2797826cc ("tools/power turbostat: fix possible sprintf buffer overflow") Thanks Alakesh Haloi

7 years, 1 month

2
1
0 0

v4.18.12 build: 0 failures 4 warnings (v4.18.12)

by Build bot for Mark Brown

Tree/Branch: v4.18.12 Git describe: v4.18.12 Commit: 7da07a3216 Linux 4.18.12 Build Time: 123 min 36 sec Passed: 11 / 11 (100.00 %) Failed: 0 / 11 ( 0.00 %) Errors: 0 Warnings: 4 Section Mismatches: 0 ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): 1 warnings 0 mismatches : arm64-allnoconfig 4 warnings 0 mismatches : arm64-allmodconfig 2 warnings 0 mismatches : arm-multi_v5_defconfig 2 warnings 0 mismatches : arm-multi_v7_defconfig 2 warnings 0 mismatches : arm-allmodconfig 1 warnings 0 mismatches : arm-allnoconfig 1 warnings 0 mismatches : arm-multi_v4t_defconfig 3 warnings 0 mismatches : arm64-defconfig ------------------------------------------------------------------------------- Warnings Summary: 4 8 <stdin>:1332:2: warning: #warning syscall io_pgetevents not implemented [-Wcpp] 5 <stdin>:1335:2: warning: #warning syscall rseq not implemented [-Wcpp] 2 ../drivers/clk/mvebu/armada-37xx-periph.c:422:6: warning: unused variable 'num_parents' [-Wunused-variable] 1 ../drivers/isdn/hardware/eicon/message.c:5985:1: warning: the frame size of 2064 bytes is larger than 2048 bytes [-Wframe-larger-than=] =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- arm64-allnoconfig : PASS, 0 errors, 1 warnings, 0 section mismatches Warnings: <stdin>:1335:2: warning: #warning syscall rseq not implemented [-Wcpp] ------------------------------------------------------------------------------- arm64-allmodconfig : PASS, 0 errors, 4 warnings, 0 section mismatches Warnings: <stdin>:1335:2: warning: #warning syscall rseq not implemented [-Wcpp] ../drivers/clk/mvebu/armada-37xx-periph.c:422:6: warning: unused variable 'num_parents' [-Wunused-variable] ../drivers/isdn/hardware/eicon/message.c:5985:1: warning: the frame size of 2064 bytes is larger than 2048 bytes [-Wframe-larger-than=] <stdin>:1335:2: warning: #warning syscall rseq not implemented [-Wcpp] ------------------------------------------------------------------------------- arm-multi_v5_defconfig : PASS, 0 errors, 2 warnings, 0 section mismatches Warnings: <stdin>:1332:2: warning: #warning syscall io_pgetevents not implemented [-Wcpp] <stdin>:1332:2: warning: #warning syscall io_pgetevents not implemented [-Wcpp] ------------------------------------------------------------------------------- arm-multi_v7_defconfig : PASS, 0 errors, 2 warnings, 0 section mismatches Warnings: <stdin>:1332:2: warning: #warning syscall io_pgetevents not implemented [-Wcpp] <stdin>:1332:2: warning: #warning syscall io_pgetevents not implemented [-Wcpp] ------------------------------------------------------------------------------- arm-allmodconfig : PASS, 0 errors, 2 warnings, 0 section mismatches Warnings: <stdin>:1332:2: warning: #warning syscall io_pgetevents not implemented [-Wcpp] <stdin>:1332:2: warning: #warning syscall io_pgetevents not implemented [-Wcpp] ------------------------------------------------------------------------------- arm-allnoconfig : PASS, 0 errors, 1 warnings, 0 section mismatches Warnings: <stdin>:1332:2: warning: #warning syscall io_pgetevents not implemented [-Wcpp] ------------------------------------------------------------------------------- arm-multi_v4t_defconfig : PASS, 0 errors, 1 warnings, 0 section mismatches Warnings: <stdin>:1332:2: warning: #warning syscall io_pgetevents not implemented [-Wcpp] ------------------------------------------------------------------------------- arm64-defconfig : PASS, 0 errors, 3 warnings, 0 section mismatches Warnings: <stdin>:1335:2: warning: #warning syscall rseq not implemented [-Wcpp] ../drivers/clk/mvebu/armada-37xx-periph.c:422:6: warning: unused variable 'num_parents' [-Wunused-variable] <stdin>:1335:2: warning: #warning syscall rseq not implemented [-Wcpp] ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches: x86_64-allnoconfig x86_64-allmodconfig x86_64-defconfig

7 years, 1 month

1
0
0 0

FAILED: patch "[PATCH] serial: mvebu-uart: Fix reporting of effective CSIZE to" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From e0bf2d4982fe7d9ddaf550dd023803ea286f47fc Mon Sep 17 00:00:00 2001 From: Jan Kiszka <jan.kiszka(a)siemens.com> Date: Sun, 26 Aug 2018 19:49:32 +0200 Subject: [PATCH] serial: mvebu-uart: Fix reporting of effective CSIZE to userspace Apparently, this driver (or the hardware) does not support character length settings. It's apparently running in 8-bit mode, but it makes userspace believe it's in 5-bit mode. That makes tcsetattr with CS8 incorrectly fail, breaking e.g. getty from busybox, thus the login shell on ttyMVx. Fix by hard-wiring CS8 into c_cflag. Signed-off-by: Jan Kiszka <jan.kiszka(a)siemens.com> Fixes: 30530791a7a0 ("serial: mvebu-uart: initial support for Armada-3700 serial port") Cc: stable <stable(a)vger.kernel.org> # 4.6+ Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/mvebu-uart.c b/drivers/tty/serial/mvebu-uart.c index d04b5eeea3c6..170e446a2f62 100644 --- a/drivers/tty/serial/mvebu-uart.c +++ b/drivers/tty/serial/mvebu-uart.c @@ -511,6 +511,7 @@ static void mvebu_uart_set_termios(struct uart_port *port, termios->c_iflag |= old->c_iflag & ~(INPCK | IGNPAR); termios->c_cflag &= CREAD | CBAUD; termios->c_cflag |= old->c_cflag & ~(CREAD | CBAUD); + termios->c_cflag |= CS8; } spin_unlock_irqrestore(&port->lock, flags);

7 years, 1 month

3
2
0 0

FAILED: patch "[PATCH] drm/amdgpu: add another ATPX quirk for TOPAZ" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From b3fc2ab37e27f8d6588a4755382346ba2335a7c7 Mon Sep 17 00:00:00 2001 From: Alex Deucher <alexander.deucher(a)amd.com> Date: Tue, 17 Jul 2018 10:52:29 -0500 Subject: [PATCH] drm/amdgpu: add another ATPX quirk for TOPAZ Needs ATPX rather than _PR3. Bug: https://bugzilla.kernel.org/show_bug.cgi?id=200517 Reviewed-by: Junwei Zhang <Jerry.Zhang(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_atpx_handler.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_atpx_handler.c index 9ab89371d9e8..ca8bf1c9a98e 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_atpx_handler.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_atpx_handler.c @@ -575,6 +575,7 @@ static const struct amdgpu_px_quirk amdgpu_px_quirk_list[] = { { 0x1002, 0x6900, 0x1002, 0x0124, AMDGPU_PX_QUIRK_FORCE_ATPX }, { 0x1002, 0x6900, 0x1028, 0x0812, AMDGPU_PX_QUIRK_FORCE_ATPX }, { 0x1002, 0x6900, 0x1028, 0x0813, AMDGPU_PX_QUIRK_FORCE_ATPX }, + { 0x1002, 0x6900, 0x1025, 0x125A, AMDGPU_PX_QUIRK_FORCE_ATPX }, { 0, 0, 0, 0, 0 }, };

7 years, 1 month

3
2
0 0

FAILED: patch "[PATCH] drm/amd/pp: initialize result to before or'ing in data" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From c4ff91dd40e2253ab6dd028011469c2c694e1e19 Mon Sep 17 00:00:00 2001 From: Colin Ian King <colin.king(a)canonical.com> Date: Wed, 6 Jun 2018 13:18:31 +0100 Subject: [PATCH] drm/amd/pp: initialize result to before or'ing in data The current use of result is or'ing in values and checking for a non-zero result, however, result is not initialized to zero so it potentially contains garbage to start with. Fix this by initializing it to the first return from the call to vega10_program_didt_config_registers. Detected by cppcheck: "(error) Uninitialized variable: result" Fixes: 9b7b8154cdb8 ("drm/amd/powerplay: added didt support for vega10") Signed-off-by: Colin Ian King <colin.king(a)canonical.com> Acked-by: Huang Rui <ray.huang(a)amd.com> [Fix the subject as Colin's comment] Signed-off-by: Huang Rui <ray.huang(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/powerplay/hwmgr/vega10_powertune.c b/drivers/gpu/drm/amd/powerplay/hwmgr/vega10_powertune.c index a9efd8554fbc..dbe4b1f66784 100644 --- a/drivers/gpu/drm/amd/powerplay/hwmgr/vega10_powertune.c +++ b/drivers/gpu/drm/amd/powerplay/hwmgr/vega10_powertune.c @@ -1104,7 +1104,7 @@ static int vega10_enable_psm_gc_edc_config(struct pp_hwmgr *hwmgr) for (count = 0; count < num_se; count++) { data = GRBM_GFX_INDEX__INSTANCE_BROADCAST_WRITES_MASK | GRBM_GFX_INDEX__SH_BROADCAST_WRITES_MASK | ( count << GRBM_GFX_INDEX__SE_INDEX__SHIFT); WREG32_SOC15(GC, 0, mmGRBM_GFX_INDEX, data); - result |= vega10_program_didt_config_registers(hwmgr, PSMSEEDCStallPatternConfig_Vega10, VEGA10_CONFIGREG_DIDT); + result = vega10_program_didt_config_registers(hwmgr, PSMSEEDCStallPatternConfig_Vega10, VEGA10_CONFIGREG_DIDT); result |= vega10_program_didt_config_registers(hwmgr, PSMSEEDCStallDelayConfig_Vega10, VEGA10_CONFIGREG_DIDT); result |= vega10_program_didt_config_registers(hwmgr, PSMSEEDCCtrlResetConfig_Vega10, VEGA10_CONFIGREG_DIDT); result |= vega10_program_didt_config_registers(hwmgr, PSMSEEDCCtrlConfig_Vega10, VEGA10_CONFIGREG_DIDT);

7 years, 1 month

3
2
0 0

FAILED: patch "[PATCH] rseq/selftests: fix parametrized test with -fpie" failed to apply to 4.18-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.18-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From ce01a1575f45bf319e374592656441021a7f5823 Mon Sep 17 00:00:00 2001 From: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Date: Thu, 27 Sep 2018 14:39:19 -0400 Subject: [PATCH] rseq/selftests: fix parametrized test with -fpie On x86-64, the parametrized selftest code for rseq crashes with a segmentation fault when compiled with -fpie. This happens when the param_test binary is loaded at an address beyond 32-bit on x86-64. The issue is caused by use of a 32-bit register to hold the address of the loop counter variable. Fix this by using a 64-bit register to calculate the address of the loop counter variables as an offset from rip. Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Acked-by: "Paul E . McKenney" <paulmck(a)linux.vnet.ibm.com> Cc: <stable(a)vger.kernel.org> # v4.18 Cc: Shuah Khan <shuah(a)kernel.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Joel Fernandes <joelaf(a)google.com> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Dave Watson <davejwatson(a)fb.com> Cc: Will Deacon <will.deacon(a)arm.com> Cc: Andi Kleen <andi(a)firstfloor.org> Cc: linux-kselftest(a)vger.kernel.org Cc: "H . Peter Anvin" <hpa(a)zytor.com> Cc: Chris Lameter <cl(a)linux.com> Cc: Russell King <linux(a)arm.linux.org.uk> Cc: Michael Kerrisk <mtk.manpages(a)gmail.com> Cc: "Paul E . McKenney" <paulmck(a)linux.vnet.ibm.com> Cc: Paul Turner <pjt(a)google.com> Cc: Boqun Feng <boqun.feng(a)gmail.com> Cc: Josh Triplett <josh(a)joshtriplett.org> Cc: Steven Rostedt <rostedt(a)goodmis.org> Cc: Ben Maurer <bmaurer(a)fb.com> Cc: Andy Lutomirski <luto(a)amacapital.net> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Signed-off-by: Shuah Khan (Samsung OSG) <shuah(a)kernel.org> diff --git a/tools/testing/selftests/rseq/param_test.c b/tools/testing/selftests/rseq/param_test.c index 642d4e12abea..eec2663261f2 100644 --- a/tools/testing/selftests/rseq/param_test.c +++ b/tools/testing/selftests/rseq/param_test.c @@ -56,15 +56,13 @@ unsigned int yield_mod_cnt, nr_abort; printf(fmt, ## __VA_ARGS__); \ } while (0) -#if defined(__x86_64__) || defined(__i386__) +#ifdef __i386__ #define INJECT_ASM_REG "eax" #define RSEQ_INJECT_CLOBBER \ , INJECT_ASM_REG -#ifdef __i386__ - #define RSEQ_INJECT_ASM(n) \ "mov asm_loop_cnt_" #n ", %%" INJECT_ASM_REG "\n\t" \ "test %%" INJECT_ASM_REG ",%%" INJECT_ASM_REG "\n\t" \ @@ -76,9 +74,16 @@ unsigned int yield_mod_cnt, nr_abort; #elif defined(__x86_64__) +#define INJECT_ASM_REG_P "rax" +#define INJECT_ASM_REG "eax" + +#define RSEQ_INJECT_CLOBBER \ + , INJECT_ASM_REG_P \ + , INJECT_ASM_REG + #define RSEQ_INJECT_ASM(n) \ - "lea asm_loop_cnt_" #n "(%%rip), %%" INJECT_ASM_REG "\n\t" \ - "mov (%%" INJECT_ASM_REG "), %%" INJECT_ASM_REG "\n\t" \ + "lea asm_loop_cnt_" #n "(%%rip), %%" INJECT_ASM_REG_P "\n\t" \ + "mov (%%" INJECT_ASM_REG_P "), %%" INJECT_ASM_REG "\n\t" \ "test %%" INJECT_ASM_REG ",%%" INJECT_ASM_REG "\n\t" \ "jz 333f\n\t" \ "222:\n\t" \ @@ -86,10 +91,6 @@ unsigned int yield_mod_cnt, nr_abort; "jnz 222b\n\t" \ "333:\n\t" -#else -#error "Unsupported architecture" -#endif - #elif defined(__s390__) #define RSEQ_INJECT_INPUT \

7 years, 1 month

1
0
0 0

[PATCH 1/3] drm/i915: Restore vblank interrupts earlier

by Ville Syrjala

From: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Plane sanitation needs vblank interrupts (on account of CxSR disable). So let's restore vblank interrupts earlier. v2: Make it actually build Cc: stable(a)vger.kernel.org Cc: Dennis <dennis.nezic(a)utoronto.ca> Tested-by: Dennis <dennis.nezic(a)utoronto.ca> Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=105637 Fixes: b1e01595a66d ("drm/i915: Redo plane sanitation during readout") Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> --- drivers/gpu/drm/i915/intel_display.c | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c index 4c5c2b39e65c..e018b37bed39 100644 --- a/drivers/gpu/drm/i915/intel_display.c +++ b/drivers/gpu/drm/i915/intel_display.c @@ -15551,13 +15551,9 @@ static void intel_sanitize_crtc(struct intel_crtc *crtc, I915_READ(reg) & ~PIPECONF_FRAME_START_DELAY_MASK); } - /* restore vblank interrupts to correct state */ - drm_crtc_vblank_reset(&crtc->base); if (crtc->active) { struct intel_plane *plane; - drm_crtc_vblank_on(&crtc->base); - /* Disable everything but the primary plane */ for_each_intel_plane_on_crtc(dev, crtc, plane) { const struct intel_plane_state *plane_state = @@ -15899,7 +15895,6 @@ intel_modeset_setup_hw_state(struct drm_device *dev, struct drm_modeset_acquire_ctx *ctx) { struct drm_i915_private *dev_priv = to_i915(dev); - enum pipe pipe; struct intel_crtc *crtc; struct intel_encoder *encoder; int i; @@ -15912,15 +15907,19 @@ intel_modeset_setup_hw_state(struct drm_device *dev, /* HW state is read out, now we need to sanitize this mess. */ get_encoder_power_domains(dev_priv); - intel_sanitize_plane_mapping(dev_priv); + for_each_intel_crtc(&dev_priv->drm, crtc) { + drm_crtc_vblank_reset(&crtc->base); - for_each_intel_encoder(dev, encoder) { - intel_sanitize_encoder(encoder); + if (crtc->active) + drm_crtc_vblank_on(&crtc->base); } - for_each_pipe(dev_priv, pipe) { - crtc = intel_get_crtc_for_pipe(dev_priv, pipe); + intel_sanitize_plane_mapping(dev_priv); + for_each_intel_encoder(dev, encoder) + intel_sanitize_encoder(encoder); + + for_each_intel_crtc(&dev_priv->drm, crtc) { intel_sanitize_crtc(crtc, ctx); intel_dump_pipe_config(crtc, crtc->config, "[setup_hw_state]"); -- 2.16.4

7 years, 1 month

3
10
0 0

[PATCH v3] devres: Explicitly align datai[] to 64-bit

by Alexey Brodkin

data[] must be 64-bit aligned even on 32-bit architectures because it might be accessed by instructions that require aligned memory arguments. One example is "atomic64_t" type accessed by special atomic instructions which may read/write entire 64-bit word. Atomic instructions are a bit special compared to normal loads and stores. Even if normal loads and stores may deal with unaligned data, atomic instructions still require data to be aligned because it's hard to manage atomic value that spans through multiple cache lines or even MMU pages. And hardware just raises an alignment fault exception. The problem with previously used approach is that depending on ABI "long long" type of a particular 32-bit CPU might be aligned to 8-, 16-, 32- or 64-bit boundary. Which will get in the way of mentioned above atomic instructions. Consider the following snippet: | struct mystruct { | atomic64_t myvar; | } | | struct mystruct *p; | p = devm_kzalloc(dev, sizeof(*p), GFP_KERNEL); Here address of "myvar" will match data[] in "struct devres", that said if "data" is not 64-bit aligned atomic instruction will fail on the first access to "myvar". Signed-off-by: Alexey Brodkin <abrodkin(a)synopsys.com> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Geert Uytterhoeven <geert(a)linux-m68k.org> Cc: David Laight <David.Laight(a)ACULAB.COM> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Will Deacon <will.deacon(a)arm.com> Cc: Greg KH <greg(a)kroah.com> Cc: <stable(a)vger.kernel.org> # 4.8+ --- Changes v2 -> v3: * Align explicitly to 8 bytes [David] * Rephrased in-line comment [David] * Added more techinical details to commit message [Greg] * Mention more alignment options in commit message [Geert] Changes v1 -> v2: * Reworded commit message * Inserted comment right in source [Thomas] drivers/base/devres.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/base/devres.c b/drivers/base/devres.c index f98a097e73f2..d65327cb83c9 100644 --- a/drivers/base/devres.c +++ b/drivers/base/devres.c @@ -24,8 +24,12 @@ struct devres_node { struct devres { struct devres_node node; - /* -- 3 pointers */ - unsigned long long data[]; /* guarantee ull alignment */ + /* + * data[] must be 64 bit aligned even on 32 bit architectures + * because it might be accessed by instructions that require + * aligned memory arguments such as atomic64_t. + */ + u8 __aligned(8) data[]; }; struct devres_group { -- 2.17.1

7 years, 1 month

7
18
0 0

Linux 4.18.12

by Greg KH

I'm announcing the release of the 4.18.12 kernel. All users of the 4.18 kernel series must upgrade. The updated 4.18.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.18.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/hwmon/ina2xx | 2 Documentation/process/2.Process.rst | 2 Makefile | 2 arch/arm/boot/dts/dra7.dtsi | 4 arch/arm/boot/dts/imx7d.dtsi | 12 arch/arm/boot/dts/ls1021a.dtsi | 1 arch/arm/boot/dts/mt7623.dtsi | 3 arch/arm/boot/dts/omap4-droid4-xt894.dts | 20 - arch/arm/mach-mvebu/pmsu.c | 6 arch/arm/mach-omap2/omap_hwmod.c | 39 ++ arch/arm/mach-omap2/omap_hwmod_reset.c | 12 arch/arm64/boot/dts/renesas/r8a7795-es1.dtsi | 2 arch/arm64/boot/dts/renesas/r8a7795.dtsi | 6 arch/arm64/boot/dts/renesas/r8a7796.dtsi | 6 arch/arm64/boot/dts/renesas/r8a77965.dtsi | 4 arch/arm64/boot/dts/renesas/r8a77970.dtsi | 2 arch/arm64/boot/dts/renesas/r8a77995.dtsi | 4 arch/arm64/boot/dts/renesas/salvator-common.dtsi | 4 arch/arm64/kvm/guest.c | 55 ++ arch/mips/boot/Makefile | 6 arch/powerpc/kernel/exceptions-64s.S | 4 arch/powerpc/kernel/machine_kexec.c | 7 arch/powerpc/lib/checksum_64.S | 3 arch/powerpc/mm/numa.c | 3 arch/powerpc/mm/pkeys.c | 2 arch/powerpc/platforms/powernv/pci-ioda.c | 2 arch/s390/kernel/sysinfo.c | 4 arch/s390/mm/extmem.c | 4 arch/s390/mm/pgalloc.c | 2 arch/x86/entry/entry_64.S | 4 arch/x86/events/intel/lbr.c | 32 + arch/x86/events/perf_event.h | 1 arch/x86/include/asm/fixmap.h | 10 arch/x86/include/asm/pgtable_64.h | 3 arch/x86/kernel/head64.c | 4 arch/x86/kernel/head_64.S | 16 arch/x86/kernel/tsc_msr.c | 1 arch/x86/mm/numa_emulation.c | 2 arch/x86/mm/pgtable.c | 9 arch/x86/mm/pti.c | 2 arch/x86/xen/mmu_pv.c | 8 block/elevator.c | 2 crypto/ablkcipher.c | 2 crypto/blkcipher.c | 1 drivers/acpi/button.c | 13 drivers/ata/pata_ftide010.c | 27 - drivers/block/floppy.c | 3 drivers/bluetooth/btusb.c | 1 drivers/bus/ti-sysc.c | 37 - drivers/clk/x86/clk-st.c | 2 drivers/crypto/cavium/nitrox/nitrox_dev.h | 3 drivers/crypto/cavium/nitrox/nitrox_lib.c | 1 drivers/crypto/cavium/nitrox/nitrox_reqmgr.c | 57 +-- drivers/crypto/chelsio/chtls/chtls.h | 5 drivers/crypto/chelsio/chtls/chtls_main.c | 7 drivers/edac/altera_edac.c | 3 drivers/edac/edac_mc_sysfs.c | 6 drivers/edac/i7core_edac.c | 22 - drivers/gpio/gpio-menz127.c | 4 drivers/gpio/gpio-tegra.c | 15 drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 16 drivers/gpu/drm/amd/amdgpu/amdgpu_ib.c | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 3 drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c | 11 drivers/gpu/drm/amd/amdgpu/kv_dpm.c | 4 drivers/gpu/drm/amd/amdgpu/si_dpm.c | 3 drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c | 10 drivers/gpu/drm/amd/display/dc/dml/dml1_display_rq_dlg_calc.c | 2 drivers/gpu/drm/omapdrm/omap_debugfs.c | 2 drivers/gpu/drm/omapdrm/omap_drv.c | 2 drivers/gpu/drm/omapdrm/omap_drv.h | 2 drivers/gpu/drm/omapdrm/omap_gem.c | 15 drivers/gpu/drm/sun4i/sun4i_drv.c | 3 drivers/gpu/drm/sun4i/sun8i_hdmi_phy.c | 7 drivers/gpu/drm/v3d/v3d_drv.h | 5 drivers/gpu/drm/v3d/v3d_gem.c | 4 drivers/gpu/drm/vc4/vc4_plane.c | 3 drivers/hid/hid-ntrig.c | 2 drivers/hid/i2c-hid/i2c-hid.c | 9 drivers/hwmon/adt7475.c | 14 drivers/hwmon/ina2xx.c | 13 drivers/hwtracing/intel_th/core.c | 16 drivers/i2c/busses/i2c-i801.c | 9 drivers/iio/accel/adxl345_core.c | 21 - drivers/iio/adc/ina2xx-adc.c | 17 drivers/iio/counter/104-quad-8.c | 2 drivers/infiniband/core/rw.c | 2 drivers/infiniband/core/uverbs_cmd.c | 5 drivers/infiniband/core/uverbs_main.c | 1 drivers/infiniband/hw/bnxt_re/qplib_fp.c | 12 drivers/infiniband/hw/bnxt_re/qplib_sp.c | 4 drivers/infiniband/hw/hfi1/chip.c | 6 drivers/infiniband/hw/hfi1/pio.c | 51 ++ drivers/infiniband/hw/hfi1/pio.h | 2 drivers/infiniband/hw/hfi1/user_sdma.c | 2 drivers/infiniband/hw/hfi1/verbs.c | 8 drivers/infiniband/hw/i40iw/i40iw_verbs.c | 2 drivers/infiniband/hw/mlx4/qp.c | 2 drivers/infiniband/hw/mlx5/main.c | 2 drivers/infiniband/ulp/srp/ib_srp.c | 6 drivers/input/misc/xen-kbdfront.c | 8 drivers/input/mouse/elantech.c | 2 drivers/iommu/amd_iommu.c | 2 drivers/iommu/msm_iommu.c | 16 drivers/md/md-cluster.c | 19 - drivers/media/i2c/ov772x.c | 40 +- drivers/media/i2c/soc_camera/ov772x.c | 2 drivers/media/platform/exynos4-is/fimc-isp-video.c | 11 drivers/media/platform/fsl-viu.c | 38 +- drivers/media/platform/omap3isp/isp.c | 2 drivers/media/platform/s3c-camif/camif-capture.c | 2 drivers/media/usb/tm6000/tm6000-dvb.c | 5 drivers/media/v4l2-core/v4l2-event.c | 38 +- drivers/media/v4l2-core/v4l2-fh.c | 2 drivers/misc/ibmvmc.c | 2 drivers/misc/sram.c | 13 drivers/misc/tsl2550.c | 2 drivers/misc/vmw_vmci/vmci_queue_pair.c | 4 drivers/mmc/host/android-goldfish.c | 4 drivers/mmc/host/atmel-mci.c | 12 drivers/mtd/nand/raw/atmel/nand-controller.c | 7 drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 2 drivers/net/ethernet/hisilicon/hns/hnae.h | 6 drivers/net/ethernet/hisilicon/hns/hns_enet.c | 2 drivers/net/ethernet/hisilicon/hns3/hns3_enet.h | 6 drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c | 2 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_tm.c | 9 drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 11 drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_mbx.c | 3 drivers/net/ethernet/intel/e1000/e1000_ethtool.c | 7 drivers/net/ethernet/intel/i40e/i40e_ethtool.c | 2 drivers/net/ethernet/intel/i40e/i40e_main.c | 15 drivers/net/ethernet/intel/ice/ice.h | 7 drivers/net/ethernet/intel/ice/ice_adminq_cmd.h | 25 - drivers/net/ethernet/intel/ice/ice_common.c | 27 - drivers/net/ethernet/intel/ice/ice_controlq.c | 29 + drivers/net/ethernet/intel/ice/ice_ethtool.c | 52 ++ drivers/net/ethernet/intel/ice/ice_main.c | 98 +++-- drivers/net/ethernet/intel/ice/ice_switch.c | 4 drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 26 + drivers/net/ethernet/intel/ixgbe/ixgbe_type.h | 1 drivers/net/ethernet/qlogic/qed/qed_mcp.c | 187 ++++++++-- drivers/net/ethernet/qlogic/qed/qed_mcp.h | 27 - drivers/net/ethernet/qlogic/qed/qed_reg_addr.h | 2 drivers/net/phy/xilinx_gmii2rgmii.c | 10 drivers/net/wireless/ath/ath10k/ce.c | 2 drivers/net/wireless/ath/ath10k/htt_rx.c | 13 drivers/net/wireless/ath/ath10k/mac.c | 1 drivers/net/wireless/ath/ath10k/sdio.c | 9 drivers/net/wireless/ath/ath10k/snoc.c | 2 drivers/net/wireless/ath/ath10k/wmi.c | 8 drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_qmath.c | 2 drivers/net/wireless/mediatek/mt76/mt76x2_mac.c | 6 drivers/net/wireless/rndis_wlan.c | 2 drivers/net/wireless/ti/wlcore/cmd.c | 6 drivers/nvme/target/fcloop.c | 3 drivers/pci/hotplug/acpiphp_glue.c | 11 drivers/platform/x86/asus-wireless.c | 23 - drivers/power/reset/vexpress-poweroff.c | 12 drivers/power/supply/axp288_charger.c | 2 drivers/power/supply/power_supply_core.c | 11 drivers/regulator/core.c | 4 drivers/regulator/of_regulator.c | 2 drivers/s390/block/dasd.c | 1 drivers/s390/block/scm_blk.c | 1 drivers/scsi/bnx2i/bnx2i_hwi.c | 2 drivers/scsi/hisi_sas/hisi_sas.h | 1 drivers/scsi/hisi_sas/hisi_sas_main.c | 6 drivers/scsi/ibmvscsi/ibmvscsi.c | 4 drivers/scsi/megaraid/megaraid_sas_base.c | 3 drivers/siox/siox-core.c | 10 drivers/spi/spi-orion.c | 77 ++-- drivers/spi/spi-rspi.c | 34 + drivers/spi/spi-sh-msiof.c | 28 + drivers/spi/spi-tegra20-slink.c | 31 + drivers/staging/android/ashmem.c | 6 drivers/staging/media/imx/imx-ic-prpencvf.c | 1 drivers/staging/media/imx/imx-media-csi.c | 1 drivers/staging/mt7621-dts/gbpc1.dts | 2 drivers/staging/mt7621-dts/mt7621.dtsi | 21 - drivers/staging/mt7621-eth/mtk_eth_soc.c | 13 drivers/staging/pi433/pi433_if.c | 7 drivers/staging/rts5208/sd.c | 2 drivers/target/iscsi/iscsi_target_tpg.c | 3 drivers/target/target_core_device.c | 22 - drivers/thermal/imx_thermal.c | 5 drivers/thermal/of-thermal.c | 7 drivers/tty/serial/8250/serial_cs.c | 6 drivers/tty/serial/cpm_uart/cpm_uart_core.c | 10 drivers/tty/serial/fsl_lpuart.c | 3 drivers/tty/serial/imx.c | 8 drivers/tty/serial/mvebu-uart.c | 1 drivers/tty/serial/pxa.c | 3 drivers/tty/serial/sh-sci.c | 2 drivers/usb/class/cdc-wdm.c | 2 drivers/usb/common/roles.c | 15 drivers/usb/core/devio.c | 24 + drivers/usb/core/driver.c | 28 - drivers/usb/core/quirks.c | 3 drivers/usb/core/usb.c | 2 drivers/usb/musb/musb_dsps.c | 12 drivers/usb/serial/kobil_sct.c | 12 drivers/usb/wusbcore/security.c | 2 drivers/uwb/hwa-rc.c | 1 drivers/vhost/net.c | 35 + fs/dax.c | 13 fs/ext2/inode.c | 2 fs/iomap.c | 21 - fs/isofs/inode.c | 7 fs/locks.c | 7 fs/nfsd/nfs4proc.c | 1 include/linux/arm-smccc.h | 38 +- include/linux/bitfield.h | 6 include/linux/platform_data/ina2xx.h | 2 include/linux/posix-timers.h | 4 include/linux/power_supply.h | 1 include/linux/regulator/machine.h | 6 include/linux/uio.h | 2 include/media/v4l2-fh.h | 4 include/rdma/opa_addr.h | 2 kernel/bpf/sockmap.c | 11 kernel/events/hw_breakpoint.c | 57 ++- kernel/module.c | 6 kernel/time/alarmtimer.c | 7 kernel/time/posix-cpu-timers.c | 2 kernel/time/posix-timers.c | 33 + kernel/time/posix-timers.h | 2 lib/klist.c | 10 net/6lowpan/iphc.c | 1 net/ipv4/tcp_bbr.c | 38 +- net/ncsi/ncsi-netlink.c | 4 net/tls/tls_main.c | 9 sound/aoa/core/gpio-feature.c | 4 sound/pci/hda/hda_intel.c | 3 sound/soc/codecs/rt1305.c | 4 sound/soc/intel/boards/bytcr_rt5640.c | 2 sound/soc/qcom/qdsp6/q6afe.c | 6 sound/soc/sh/rcar/ssi.c | 32 + sound/soc/soc-dapm.c | 7 tools/bpf/bpftool/map_perf_ring.c | 5 tools/perf/tests/builtin-test.c | 2 tools/testing/selftests/net/forwarding/mirror_gre_bridge_1d_vlan.sh | 6 tools/testing/selftests/net/forwarding/mirror_gre_lib.sh | 2 tools/testing/selftests/net/forwarding/mirror_gre_vlan_bridge_1q.sh | 6 244 files changed, 1764 insertions(+), 807 deletions(-) Aaron Ma (1): Input: elantech - enable middle button of touchpad on ThinkPad P72 Akinobu Mita (6): iio: adc: ina2xx: avoid kthread_stop() with stale task_struct iio: accel: adxl345: convert address field usage in iio_chan_spec media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power media: soc_camera: ov772x: correct setting of banding filter media: ov772x: add checks for register read errors media: ov772x: allow i2c controllers without I2C_FUNC_PROTOCOL_MANGLING Akshu Agrawal (1): clk: x86: Set default parent to 48Mhz Alagu Sankar (2): ath10k: sdio: use same endpoint id for all packets in a bundle ath10k: sdio: set skb len for all rx packets Alan Stern (3): USB: fix error handling in usb_driver_claim_interface() USB: handle NULL config in usb_find_alt_setting() USB: remove LPM management from usb_driver_claim_interface() Alexander Shishkin (2): intel_th: Fix device removal logic intel_th: Fix resource handling for ACPI glue layer Alexey Kardashevskiy (1): powerpc/powernv/ioda2: Reduce upper limit for DMA window size Alexey Khoroshilov (1): media: fsl-viu: fix error handling in viu_of_probe() Alistair Strachan (1): staging: android: ashmem: Fix mmap size validation Andreas Gruenbacher (1): iomap: complete partial direct I/O writes synchronously Andy Shevchenko (1): x86/tsc: Add missing header to tsc_msr.c Andy Whitcroft (1): floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl Anirudh Venkataramanan (3): ice: Fix multiple static analyser warnings ice: Fix bugs in control queue processing ice: Fix a few null pointer dereference issues Anson Huang (1): thermal: of-thermal: disable passive polling when thermal zone is disabled Anton Vasilyev (1): uwb: hwa-rc: fix memory leak at probe Bart Van Assche (5): include/rdma/opa_addr.h: Fix an endianness issue scsi: target/iscsi: Make iscsit_ta_authentication() respect the output buffer size scsi: klist: Make it safe to use klists in atomic context scsi: target: Avoid that EXTENDED COPY commands trigger lock inversion IB/srp: Avoid that sg_reset -d ${srp_device} triggers an infinite loop Ben Greear (1): ath10k: protect ath10k_htt_rx_ring_free with rx_ring.lock Benjamin Tissoires (1): power: remove possible deadlock when unregistering power_supply Bin Liu (1): usb: musb: dsps: do not disable CPPI41 irq in driver teardown Bo Chen (2): e1000: check on netif_running() before calling e1000_up() e1000: ensure to free old tx/rx rings in set_ringparam() Bob Copeland (1): ath10k: use locked skb_dequeue for rx completions Brandon Maier (2): net: phy: xgmiitorgmii: Check read_status results net: phy: xgmiitorgmii: Check phy_driver ready before accessing Breno Leitao (1): scsi: ibmvscsi: Improve strings handling Brett Creeley (1): ice: Set VLAN flags correctly Brian Norris (1): ath10k: snoc: use correct bus-specific pointer in RX retry Christian König (2): drm/amdgpu: fix VM clearing for the root PD drm/amdgpu: fix preamble handling Christophe JAILLET (2): serial: pxa: Fix an error handling path in 'serial_pxa_probe()' EDAC, altera: Fix an error handling path in altr_s10_sdram_probe() Christophe Leroy (2): serial: cpm_uart: return immediately from console poll powerpc: fix csum_ipv6_magic() on little endian platforms Colin Ian King (2): staging: rts5208: fix missing error check on call to rtsx_write_register ath10k: fix memory leak of tpc_stats Damien Le Moal (1): block: fix deadline elevator drain for zoned block devices Dan Carpenter (7): vmci: type promotion bug in qp_host_get_user_memory() RDMA/bnxt_re: Fix a couple off by one bugs RDMA/bnxt_re: Fix a bunch of off by one bugs in qplib_fp.c IB/core: type promotion bug in rdma_rw_init_one_mr() ASoC: qdsp6: qdafe: fix some off by one bugs rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication() hwmon: (adt7475) Make adt7475_read_word() return errors Dan Williams (1): x86/numa_emulation: Fix emulated-to-physical node mapping Daniel Borkmann (2): bpf, sockmap: fix sock_hash_alloc and reject zero-sized keys bpf, sockmap: fix sock hash count in alloc_sock_hash_elem Daniel Vetter (1): drm/omap: gem: Fix mm_list locking Dave Gerlach (1): ARM: hwmod: RTC: Don't assume lock/unlock will be called with irq enabled Dave Jiang (1): uaccess: Fix is_source param for check_copy_size() in copy_to_iter_mcsafe() Dave Martin (1): arm64: KVM: Tighten guest core register access from userspace Dmitry Osipenko (1): gpio: tegra: Fix tegra_gpio_irq_set_type() Emily Deng (2): amdgpu: fix multi-process hang issue drm/amdgpu: Need to set moved to true when evict bo Eric Anholt (2): drm/v3d: Take a lock across GPU scheduler job creation and queuing. drm/vc4: Add missing formats to vc4_format_mod_supported(). Eric Sandeen (1): isofs: reject hardware sector size > 2048 bytes Ethan Tuttle (1): ARM: mvebu: declare asm symbols as character arrays in pmsu.c Feng Tang (1): x86/mm: Expand static page table for fixmap space Frederic Weisbecker (1): perf/hw_breakpoint: Split attribute parse and commit Fuyun Liang (1): net: hns3: Fix for mailbox message truncated problem Gaku Inami (1): spi: sh-msiof: Fix invalid SPI use during system suspend Ganesh Goudar (2): cxgb4: Fix the condition to check if the card is T5 crypto: chtls - fix null dereference chtls_free_uld() Geert Uytterhoeven (5): serial: sh-sci: Stop RX FIFO timer during port shutdown arm64: dts: renesas: salvator-common: Fix adv7482 decimal unit addresses ASoC: rt1305: Use ULL suffixes for 64-bit constants spi: rspi: Fix invalid SPI use during system suspend spi: rspi: Fix interrupted DMA transfers Greg Kroah-Hartman (1): Linux 4.18.12 Guoqing Jiang (1): md-cluster: clear another node's suspend_area after the copy is finished Gustavo A. R. Silva (1): drm/amd/display/dc/dce: Fix multiple potential integer overflows Hans de Goede (2): power: supply: axp288_charger: Fix initial constant_charge_current value ASoC: Intel: bytcr_rt5640: Fix Acer Iconia 8 over-current detect threshold Hari Bathini (1): powerpc/kdump: Handle crashkernel memory reservation failure Harry Pan (1): usb: core: safely deal with the dynamic quirk lists Heikki Krogerus (1): usb: roles: Take care of driver module reference counting Heiko Carstens (1): s390/sysinfo: add missing #ifdef CONFIG_PROC_FS Hiromitsu Yamasaki (1): spi: sh-msiof: Fix handling of write value for SISTR register Huazhong Tan (3): net: hns: fix length and page_offset overflow when CONFIG_ARM64_64K_PAGES net: hns: fix skb->truesize underestimation net: hns3: fix page_offset overflow when CONFIG_ARM64_64K_PAGES Hugo Lefeuvre (1): staging: pi433: fix race condition in pi433_ioctl Ira Weiny (1): IB/hfi1: Fix SL array bounds check J. Bruce Fields (1): nfsd: fix corrupted reply to badly ordered compound Jacob Keller (3): ice: Report stats for allocated queues via ethtool stats ice: Use order_base_2 to calculate higher power of 2 i40e: fix condition of WARN_ONCE for stat strings James Smart (1): nvme-fcloop: Fix dropped LS's to removed target port Jan Beulich (1): x86/entry/64: Add two more instruction suffixes Jan Kiszka (1): serial: mvebu-uart: Fix reporting of effective CSIZE to userspace Jan Kundrát (1): spi: orion: fix CS GPIO handling again Javier Martinez Canillas (1): media: omap3isp: zero-initialize the isp cam_xclk{a,b} initial data Jean-Christophe Dubois (1): thermal: i.MX: Allow thermal probe to fail gracefully in case of bad calibration. Jernej Skrabec (2): drm/sun4i: Enable DW HDMI PHY clock drm/sun4i: Fix releasing node when enumerating enpoints Jesse Brandeburg (1): ice: Fix potential return of uninitialized value Jessica Yu (1): module: exclude SHN_UNDEF symbols from kallsyms api Jian-Hong Pan (1): Bluetooth: Add a new Realtek 8723DE ID 0bda:b009 Johan Hovold (4): misc: sram: enable clock before registering regions USB: serial: kobil_sct: fix modem-status error handling EDAC, i7core: Fix memleaks and use-after-free on probe and remove EDAC: Fix memleak in module init error path Johannes Berg (1): bitfield: fix *_encode_bits() John Fastabend (2): tls: possible hang when do_tcp_sendpages hits sndbuf is full case bpf: sockmap: write_space events need to be passed to TCP handler João Paulo Rechi Vita (1): platform/x86: asus-wireless: Fix uninitialized symbol usage Julia Lawall (1): usb: wusbcore: security: cast sizeof to int for comparison Kai-Heng Feng (1): ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge Kamal Heib (1): staging: mt7621-eth: Fix memory leak in mtk_add_mac() error path Kan Liang (1): perf/x86/intel/lbr: Fix incomplete LBR call stack Kevin Hilman (1): ARM: dts: dra7: fix DCAN node addresses Kevin Yang (2): tcp_bbr: add bbr_check_probe_rtt_done() helper tcp_bbr: in restart from idle, see if we should exit PROBE_RTT Konstantin Khorenko (1): fs/lock: skip lock owner pid translation in case we are in init_pid_ns Kuninori Morimoto (1): ASoC: rsnd: SSI parent cares SWSP bit Laurent Pinchart (1): arm64: dts: renesas: Fix VSPD registers range Leon Romanovsky (2): RDMA/i40w: Hold read semaphore while looking after VMA RDMA/uverbs: Don't overwrite NULL pointer with ZERO_SIZE_PTR Leonard Crestez (1): Revert "ARM: dts: imx7d: Invert legacy PCI irq mapping" Liam Girdwood (1): ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs Linus Walleij (1): ata: ftide010: Add a quirk for SQ201 Lorenzo Bianconi (1): mt76x2: fix mrr idx/count estimation in mt76x2_mac_fill_tx_status() Lothar Felten (1): hwmon: (ina2xx) fix sysfs shunt resistor read access Ludovic Desroches (2): mmc: atmel-mci: fix bad logic of sg_copy_{from,to}_buffer conversion mmc: android-goldfish: fix bad logic of sg_copy_{from,to}_buffer conversion Maor Gottlieb (1): IB/mlx5: Fix GRE flow specification Marc Zyngier (3): arm/arm64: smccc-1.1: Make return values unsigned long arm/arm64: smccc-1.1: Handle function result as parameters arm64: KVM: Sanitize PSTATE.M when being set from userspace Marcel Ziswiler (1): spi: tegra20-slink: explicitly enable/disable clock Marek Szyprowski (1): regulator: Fix 'do-nothing' value for regulators without suspend state Martyna Szapar (1): i40e: Fix for Tx timeouts when interface is brought up if DCB is enabled Masahiro Yamada (1): MIPS: boot: fix build rule of vmlinux.its.S Matt Ranostay (1): tsl2550: fix lux1_input error in low light Matthew Wilcox (1): filesystem-dax: Fix use of zero page Maxime Ripard (1): drm/vc4: plane: Expand the lower bits by repeating the higher bits Michael Bringmann (1): powerpc/pseries: Fix unitialized timer reset on migration Michael J. Ruhl (3): IB/hfi1: Invalid user input can result in crash IB/hfi1: Fix context recovery when PBC has an UnsupportedVL IB/hfi1: Fix destroy_qp hang after a link down Michael Neuling (1): KVM: PPC: Book3S HV: Fix guest r11 corruption with POWER9 TM workarounds Michael Scott (1): 6lowpan: iphc: reset mac_header after decompress to fix panic Mika Westerberg (2): ACPI / hotplug / PCI: Don't scan for non-hotplug bridges if slot is not bridge i2c: i801: Allow ACPI AML access I/O ports not reserved for SMBus Nadav Amit (1): gpio: Fix wrong rounding in gpio-menz127 Nicholas Mc Guire (1): ALSA: snd-aoa: add of_node_put() in error path Niklas Cassel (2): iommu/msm: Don't call iommu_device_{,un}link from atomic context ath10k: transmit queued frames after processing rx packets Oleksandr Andrushchenko (1): Input: xen-kbdfront - fix multi-touch XenStore node's locations Oliver Neukum (2): USB: usbdevfs: sanitize flags more USB: usbdevfs: restore warning for nonsensical flags Pavel Machek (1): ARM: dts: omap4-droid4: fix vibrations on Droid 4 Peter Rosin (1): mtd: rawnand: atmel: add module param to avoid using dma Peter Seiderer (1): media: staging/imx: fill vb2_v4l2_buffer field entry Petr Machata (1): selftests: forwarding: Tweak tc filters for mirror-to-gretap tests Preethi Banala (1): ice: Clean control queues only when they are initialized Quentin Monnet (1): tools: bpftool: return from do_event_pipe() on bad arguments Randy Dunlap (2): Documentation/process: fix reST table border error x86/pti: Fix section mismatch warning/error Ravi Chandra Sadineni (1): ACPI / button: increment wakeup count only when notified Rex Zhu (2): drm/amdgpu: Enable/disable gfx PG feature in rlc safe mode drm/amdgpu: Update power state at the end of smu hw_init. Rosen Penev (1): staging: mt7621-dts: Fix remaining pcie warnings Sakari Ailus (1): media: v4l: event: Prevent freeing event subscriptions while accessed Samuel Mendoza-Jonas (1): net/ncsi: Fixup .dumpit message flags and ID check in Netlink handler Sandipan Das (1): perf tests: Fix indexing when invoking subtests Sebastian Andrzej Siewior (1): Revert "usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt()" Sebastian Basierski (1): ixgbe: fix driver behaviour after issuing VFLR Shivasharan S (1): scsi: megaraid_sas: Update controller info during resume Srikanth Jampala (1): crypto: cavium/nitrox - fix for command corruption in queue full case with backlog submissions. Stafford Horne (1): crypto: skcipher - Fix -Wstringop-truncation warnings Stefan Agner (2): brcmsmac: fix wrap around in conversion from constant to s16 tty: serial: lpuart: avoid leaking struct tty_struct Stephen Boyd (1): HID: i2c-hid: Use devm to allocate i2c_hid struct Steve Wise (1): RDMA/uverbs: Atomically flush and mark closed the comp event queue Sudeep Holla (1): power: vexpress: fix corruption in notifier registration Sylwester Nawrocki (1): media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt() Tarick Bedeir (1): IB/mlx4: Test port number before querying type. Thiago Jung Bauermann (1): powerpc/pkeys: Fix reading of ibm, processor-storage-keys property Thomas Gleixner (3): alarmtimer: Prevent overflow for relative nanosleep posix-timers: Make forward callback return s64 posix-timers: Sanitize overrun handling Tomer Tayar (4): qed: Wait for ready indication before rereading the shmem qed: Wait for MCP halt and resume commands to take place qed: Prevent a possible deadlock during driver load and unload qed: Avoid sending mailbox commands when MFW is not responsive Tony Lindgren (6): wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout() ARM: OMAP2+: Fix null hwmod for ti-sysc debug ARM: OMAP2+: Fix module address for modules using mpu_rt_idx bus: ti-sysc: Fix module register ioremap for larger offsets bus: ti-sysc: Fix no_console_suspend handling ARM: dts: omap4-droid4: Fix emmc errors seen on some devices Toshi Kani (1): ext2, dax: set ext2_dax_aops for dax files Toshiaki Makita (1): vhost_net: Avoid tx vring kicks during busyloop Uwe Kleine-König (2): siox: don't create a thread without starting it serial: imx: restore handshaking irq for imx1 Vasily Gorbik (4): s390/mm: correct allocate_pgste proc_handler callback s390/dasd: correct numa_node in dasd_alloc_queue s390/scm_blk: correct numa_node in scm_blk_dev_setup s390/extmem: fix gcc 8 stringop-overflow warning Viresh Kumar (2): ARM: dts: ls1021a: Add missing cooling device properties for CPUs arm: dts: mediatek: Add missing cooling device properties for CPUs Wei Yongjun (1): misc: ibmvmc: Use GFP_ATOMIC under spin lock Wesley Chalmers (1): drm/amd/display: fix use of uninitialized memory William Breathitt Gray (1): iio: 104-quad-8: Fix off-by-one error in register selection Xiaofei Tan (1): scsi: hisi_sas: Fix the conflict between dev gone and host reset Yu Zhao (1): regulator: fix crash caused by null driver data YueHaibing (1): ath10k: fix incorrect size of dma_free_coherent in ath10k_ce_alloc_src_ring_64 Yunsheng Lin (3): net: hns3: Fix for mac pause not disable in pfc mode net: hns3: Fix warning bug when doing lp selftest net: hns3: Fix get_vector ops in hclgevf_main module Zhen Lei (1): iommu/amd: make sure TLB to be flushed before IOVA freed Zhouyang Jia (4): drivers/tty: add error handling for pcmcia_loop_config media: tm6000: add error handling for dvb_register_adapter HID: hid-ntrig: add error handling for sysfs_create_group scsi: bnx2i: add error handling for ioremap_nocache

7 years, 1 month

1
1
0 0

Linux 4.14.74

by Greg KH

I'm announcing the release of the 4.14.74 kernel. All users of the 4.14 kernel series must upgrade. The updated 4.14.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.14.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/hwmon/ina2xx | 2 Makefile | 2 arch/arm/boot/dts/dra7.dtsi | 4 arch/arm/boot/dts/imx7d.dtsi | 12 arch/arm/boot/dts/ls1021a.dtsi | 1 arch/arm/boot/dts/mt7623.dtsi | 3 arch/arm/boot/dts/omap4-droid4-xt894.dts | 2 arch/arm/mach-mvebu/pmsu.c | 6 arch/arm/mach-omap2/omap_hwmod_reset.c | 12 arch/arm64/include/asm/kvm_emulate.h | 5 arch/arm64/kvm/guest.c | 55 ++ arch/mips/boot/Makefile | 6 arch/powerpc/kernel/machine_kexec.c | 7 arch/powerpc/platforms/powernv/pci-ioda.c | 2 arch/s390/kernel/sysinfo.c | 4 arch/s390/mm/extmem.c | 4 arch/s390/mm/pgalloc.c | 2 arch/x86/entry/entry_64.S | 4 arch/x86/events/intel/lbr.c | 32 + arch/x86/events/perf_event.h | 1 arch/x86/include/asm/fixmap.h | 10 arch/x86/include/asm/pgtable_64.h | 3 arch/x86/kernel/head64.c | 4 arch/x86/kernel/head_64.S | 16 arch/x86/kernel/tsc_msr.c | 1 arch/x86/mm/numa_emulation.c | 2 arch/x86/mm/pgtable.c | 9 arch/x86/mm/pti.c | 2 arch/x86/xen/mmu_pv.c | 8 crypto/ablkcipher.c | 2 crypto/blkcipher.c | 1 drivers/ata/pata_ftide010.c | 27 - drivers/block/floppy.c | 3 drivers/bluetooth/btusb.c | 1 drivers/crypto/cavium/nitrox/nitrox_dev.h | 3 drivers/crypto/cavium/nitrox/nitrox_lib.c | 1 drivers/crypto/cavium/nitrox/nitrox_reqmgr.c | 57 +-- drivers/edac/edac_mc_sysfs.c | 6 drivers/edac/i7core_edac.c | 22 - drivers/gpio/gpio-menz127.c | 4 drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c | 11 drivers/gpu/drm/amd/amdgpu/kv_dpm.c | 4 drivers/gpu/drm/amd/amdgpu/si_dpm.c | 3 drivers/gpu/drm/i915/i915_gem.c | 3 drivers/gpu/drm/i915/i915_vma.c | 4 drivers/gpu/drm/sun4i/sun4i_drv.c | 3 drivers/hid/hid-ntrig.c | 2 drivers/hwmon/adt7475.c | 14 drivers/hwmon/ina2xx.c | 13 drivers/hwtracing/intel_th/core.c | 3 drivers/i2c/busses/i2c-i801.c | 9 drivers/iio/accel/adxl345_core.c | 21 - drivers/iio/adc/ina2xx-adc.c | 17 drivers/iio/counter/104-quad-8.c | 2 drivers/infiniband/core/rw.c | 2 drivers/infiniband/core/uverbs_main.c | 1 drivers/infiniband/hw/bnxt_re/qplib_sp.c | 4 drivers/infiniband/hw/hfi1/pio.c | 9 drivers/infiniband/hw/hfi1/user_sdma.c | 2 drivers/infiniband/hw/hfi1/verbs.c | 8 drivers/infiniband/hw/i40iw/i40iw_verbs.c | 2 drivers/infiniband/hw/mlx4/qp.c | 2 drivers/infiniband/ulp/srp/ib_srp.c | 6 drivers/input/misc/xen-kbdfront.c | 8 drivers/input/mouse/elantech.c | 2 drivers/iommu/amd_iommu.c | 2 drivers/iommu/msm_iommu.c | 16 drivers/md/md-cluster.c | 19 - drivers/media/i2c/soc_camera/ov772x.c | 2 drivers/media/platform/exynos4-is/fimc-isp-video.c | 11 drivers/media/platform/fsl-viu.c | 38 +- drivers/media/platform/omap3isp/isp.c | 2 drivers/media/platform/s3c-camif/camif-capture.c | 2 drivers/media/usb/tm6000/tm6000-dvb.c | 5 drivers/media/usb/uvc/uvc_video.c | 24 - drivers/media/v4l2-core/v4l2-event.c | 38 +- drivers/media/v4l2-core/v4l2-fh.c | 2 drivers/misc/sram.c | 13 drivers/misc/tsl2550.c | 2 drivers/misc/vmw_vmci/vmci_queue_pair.c | 4 drivers/mtd/nand/atmel/nand-controller.c | 7 drivers/net/ethernet/hisilicon/hns/hnae.h | 6 drivers/net/ethernet/hisilicon/hns/hns_enet.c | 2 drivers/net/ethernet/intel/e1000/e1000_ethtool.c | 7 drivers/net/ethernet/qlogic/qed/qed_mcp.c | 187 ++++++++-- drivers/net/ethernet/qlogic/qed/qed_mcp.h | 27 - drivers/net/ethernet/qlogic/qed/qed_reg_addr.h | 2 drivers/net/phy/xilinx_gmii2rgmii.c | 10 drivers/net/wireless/ath/ath10k/htt_rx.c | 5 drivers/net/wireless/ath/ath10k/mac.c | 1 drivers/net/wireless/ath/ath10k/sdio.c | 9 drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_qmath.c | 2 drivers/net/wireless/rndis_wlan.c | 2 drivers/net/wireless/ti/wlcore/cmd.c | 6 drivers/nvme/target/fcloop.c | 3 drivers/power/reset/vexpress-poweroff.c | 12 drivers/power/supply/axp288_charger.c | 2 drivers/power/supply/power_supply_core.c | 11 drivers/regulator/core.c | 2 drivers/s390/block/dasd.c | 1 drivers/s390/block/scm_blk.c | 1 drivers/scsi/bnx2i/bnx2i_hwi.c | 2 drivers/scsi/ibmvscsi/ibmvscsi.c | 4 drivers/scsi/megaraid/megaraid_sas_base.c | 3 drivers/spi/spi-rspi.c | 34 + drivers/spi/spi-sh-msiof.c | 28 + drivers/spi/spi-tegra20-slink.c | 31 + drivers/staging/android/ashmem.c | 6 drivers/staging/media/imx/imx-ic-prpencvf.c | 1 drivers/staging/media/imx/imx-media-csi.c | 1 drivers/staging/rts5208/sd.c | 2 drivers/target/iscsi/iscsi_target_tpg.c | 3 drivers/target/target_core_device.c | 22 - drivers/thermal/of-thermal.c | 7 drivers/tty/serial/8250/serial_cs.c | 6 drivers/tty/serial/cpm_uart/cpm_uart_core.c | 10 drivers/tty/serial/fsl_lpuart.c | 3 drivers/tty/serial/imx.c | 8 drivers/tty/serial/sh-sci.c | 2 drivers/usb/class/cdc-wdm.c | 2 drivers/usb/core/devio.c | 24 + drivers/usb/core/driver.c | 28 - drivers/usb/core/usb.c | 2 drivers/usb/musb/musb_dsps.c | 12 drivers/usb/serial/kobil_sct.c | 12 drivers/usb/wusbcore/security.c | 2 drivers/uwb/hwa-rc.c | 1 fs/iomap.c | 21 - fs/isofs/inode.c | 7 fs/locks.c | 7 fs/nfsd/nfs4proc.c | 1 fs/overlayfs/inode.c | 62 ++- include/linux/arm-smccc.h | 38 +- include/linux/platform_data/ina2xx.h | 2 include/linux/posix-timers.h | 4 include/linux/power_supply.h | 1 include/linux/slub_def.h | 3 include/media/v4l2-fh.h | 4 kernel/bpf/sockmap.c | 3 kernel/module.c | 6 kernel/time/alarmtimer.c | 7 kernel/time/posix-cpu-timers.c | 2 kernel/time/posix-timers.c | 33 + kernel/time/posix-timers.h | 2 lib/klist.c | 10 mm/slub.c | 6 net/6lowpan/iphc.c | 1 net/tls/tls_main.c | 9 sound/aoa/core/gpio-feature.c | 4 sound/pci/hda/hda_intel.c | 3 sound/soc/soc-dapm.c | 7 151 files changed, 1079 insertions(+), 408 deletions(-) Aaron Ma (1): Input: elantech - enable middle button of touchpad on ThinkPad P72 Akinobu Mita (4): iio: adc: ina2xx: avoid kthread_stop() with stale task_struct iio: accel: adxl345: convert address field usage in iio_chan_spec media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power media: soc_camera: ov772x: correct setting of banding filter Alagu Sankar (2): ath10k: sdio: use same endpoint id for all packets in a bundle ath10k: sdio: set skb len for all rx packets Alan Stern (3): USB: fix error handling in usb_driver_claim_interface() USB: handle NULL config in usb_find_alt_setting() USB: remove LPM management from usb_driver_claim_interface() Alexander Shishkin (1): intel_th: Fix device removal logic Alexey Dobriyan (1): slub: make ->cpu_partial unsigned int Alexey Kardashevskiy (1): powerpc/powernv/ioda2: Reduce upper limit for DMA window size Alexey Khoroshilov (1): media: fsl-viu: fix error handling in viu_of_probe() Alistair Strachan (1): staging: android: ashmem: Fix mmap size validation Amir Goldstein (1): ovl: hash non-dir by lower inode for fsnotify Andreas Gruenbacher (1): iomap: complete partial direct I/O writes synchronously Andy Shevchenko (1): x86/tsc: Add missing header to tsc_msr.c Andy Whitcroft (1): floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl Anson Huang (1): thermal: of-thermal: disable passive polling when thermal zone is disabled Anton Vasilyev (1): uwb: hwa-rc: fix memory leak at probe Bart Van Assche (4): scsi: target/iscsi: Make iscsit_ta_authentication() respect the output buffer size scsi: klist: Make it safe to use klists in atomic context scsi: target: Avoid that EXTENDED COPY commands trigger lock inversion IB/srp: Avoid that sg_reset -d ${srp_device} triggers an infinite loop Ben Greear (1): ath10k: protect ath10k_htt_rx_ring_free with rx_ring.lock Benjamin Tissoires (1): power: remove possible deadlock when unregistering power_supply Bin Liu (1): usb: musb: dsps: do not disable CPPI41 irq in driver teardown Bo Chen (2): e1000: check on netif_running() before calling e1000_up() e1000: ensure to free old tx/rx rings in set_ringparam() Brandon Maier (2): net: phy: xgmiitorgmii: Check read_status results net: phy: xgmiitorgmii: Check phy_driver ready before accessing Breno Leitao (1): scsi: ibmvscsi: Improve strings handling Chris Wilson (1): drm/i915: Remove vma from object on destroy, not close Christophe Leroy (1): serial: cpm_uart: return immediately from console poll Colin Ian King (1): staging: rts5208: fix missing error check on call to rtsx_write_register Dan Carpenter (5): vmci: type promotion bug in qp_host_get_user_memory() RDMA/bnxt_re: Fix a couple off by one bugs IB/core: type promotion bug in rdma_rw_init_one_mr() rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication() hwmon: (adt7475) Make adt7475_read_word() return errors Dan Williams (1): x86/numa_emulation: Fix emulated-to-physical node mapping Dave Gerlach (1): ARM: hwmod: RTC: Don't assume lock/unlock will be called with irq enabled Dave Martin (1): arm64: KVM: Tighten guest core register access from userspace Eric Sandeen (1): isofs: reject hardware sector size > 2048 bytes Ethan Tuttle (1): ARM: mvebu: declare asm symbols as character arrays in pmsu.c Feng Tang (1): x86/mm: Expand static page table for fixmap space Gaku Inami (1): spi: sh-msiof: Fix invalid SPI use during system suspend Geert Uytterhoeven (3): serial: sh-sci: Stop RX FIFO timer during port shutdown spi: rspi: Fix invalid SPI use during system suspend spi: rspi: Fix interrupted DMA transfers Greg Kroah-Hartman (1): Linux 4.14.74 Guoqing Jiang (1): md-cluster: clear another node's suspend_area after the copy is finished Hans de Goede (1): power: supply: axp288_charger: Fix initial constant_charge_current value Hari Bathini (1): powerpc/kdump: Handle crashkernel memory reservation failure Heiko Carstens (1): s390/sysinfo: add missing #ifdef CONFIG_PROC_FS Hiromitsu Yamasaki (1): spi: sh-msiof: Fix handling of write value for SISTR register Huazhong Tan (2): net: hns: fix length and page_offset overflow when CONFIG_ARM64_64K_PAGES net: hns: fix skb->truesize underestimation Ira Weiny (1): IB/hfi1: Fix SL array bounds check J. Bruce Fields (1): nfsd: fix corrupted reply to badly ordered compound James Smart (1): nvme-fcloop: Fix dropped LS's to removed target port Jan Beulich (1): x86/entry/64: Add two more instruction suffixes Javier Martinez Canillas (1): media: omap3isp: zero-initialize the isp cam_xclk{a,b} initial data Jernej Skrabec (1): drm/sun4i: Fix releasing node when enumerating enpoints Jessica Yu (1): module: exclude SHN_UNDEF symbols from kallsyms api Jian-Hong Pan (1): Bluetooth: Add a new Realtek 8723DE ID 0bda:b009 Johan Hovold (4): misc: sram: enable clock before registering regions USB: serial: kobil_sct: fix modem-status error handling EDAC, i7core: Fix memleaks and use-after-free on probe and remove EDAC: Fix memleak in module init error path John Fastabend (2): tls: possible hang when do_tcp_sendpages hits sndbuf is full case bpf: sockmap: write_space events need to be passed to TCP handler Julia Lawall (1): usb: wusbcore: security: cast sizeof to int for comparison Kai-Heng Feng (1): ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge Kan Liang (1): perf/x86/intel/lbr: Fix incomplete LBR call stack Kevin Hilman (1): ARM: dts: dra7: fix DCAN node addresses Konstantin Khorenko (1): fs/lock: skip lock owner pid translation in case we are in init_pid_ns Leon Romanovsky (1): RDMA/i40w: Hold read semaphore while looking after VMA Leonard Crestez (1): Revert "ARM: dts: imx7d: Invert legacy PCI irq mapping" Liam Girdwood (1): ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs Linus Walleij (1): ata: ftide010: Add a quirk for SQ201 Lothar Felten (1): hwmon: (ina2xx) fix sysfs shunt resistor read access Marc Zyngier (3): arm/arm64: smccc-1.1: Make return values unsigned long arm/arm64: smccc-1.1: Handle function result as parameters arm64: KVM: Sanitize PSTATE.M when being set from userspace Marcel Ziswiler (1): spi: tegra20-slink: explicitly enable/disable clock Masahiro Yamada (1): MIPS: boot: fix build rule of vmlinux.its.S Matt Ranostay (1): tsl2550: fix lux1_input error in low light Michael J. Ruhl (2): IB/hfi1: Invalid user input can result in crash IB/hfi1: Fix context recovery when PBC has an UnsupportedVL Michael Scott (1): 6lowpan: iphc: reset mac_header after decompress to fix panic Mika Westerberg (1): i2c: i801: Allow ACPI AML access I/O ports not reserved for SMBus Nadav Amit (1): gpio: Fix wrong rounding in gpio-menz127 Nicholas Mc Guire (1): ALSA: snd-aoa: add of_node_put() in error path Niklas Cassel (2): iommu/msm: Don't call iommu_device_{,un}link from atomic context ath10k: transmit queued frames after processing rx packets Oleksandr Andrushchenko (1): Input: xen-kbdfront - fix multi-touch XenStore node's locations Oliver Neukum (2): USB: usbdevfs: sanitize flags more USB: usbdevfs: restore warning for nonsensical flags Peter Rosin (1): mtd: rawnand: atmel: add module param to avoid using dma Peter Seiderer (1): media: staging/imx: fill vb2_v4l2_buffer field entry Randy Dunlap (1): x86/pti: Fix section mismatch warning/error Rex Zhu (2): drm/amdgpu: Enable/disable gfx PG feature in rlc safe mode drm/amdgpu: Update power state at the end of smu hw_init. Sakari Ailus (1): media: v4l: event: Prevent freeing event subscriptions while accessed Sebastian Andrzej Siewior (1): Revert "usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt()" Shivasharan S (1): scsi: megaraid_sas: Update controller info during resume Srikanth Jampala (1): crypto: cavium/nitrox - fix for command corruption in queue full case with backlog submissions. Stafford Horne (1): crypto: skcipher - Fix -Wstringop-truncation warnings Stefan Agner (2): brcmsmac: fix wrap around in conversion from constant to s16 tty: serial: lpuart: avoid leaking struct tty_struct Steve Wise (1): RDMA/uverbs: Atomically flush and mark closed the comp event queue Sudeep Holla (1): power: vexpress: fix corruption in notifier registration Sylwester Nawrocki (1): media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt() Tarick Bedeir (1): IB/mlx4: Test port number before querying type. Thomas Gleixner (3): alarmtimer: Prevent overflow for relative nanosleep posix-timers: Make forward callback return s64 posix-timers: Sanitize overrun handling Tomer Tayar (4): qed: Wait for ready indication before rereading the shmem qed: Wait for MCP halt and resume commands to take place qed: Prevent a possible deadlock during driver load and unload qed: Avoid sending mailbox commands when MFW is not responsive Tony Lindgren (2): wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout() ARM: dts: omap4-droid4: Fix emmc errors seen on some devices Uwe Kleine-König (1): serial: imx: restore handshaking irq for imx1 Vasily Gorbik (4): s390/mm: correct allocate_pgste proc_handler callback s390/dasd: correct numa_node in dasd_alloc_queue s390/scm_blk: correct numa_node in scm_blk_dev_setup s390/extmem: fix gcc 8 stringop-overflow warning Viresh Kumar (2): ARM: dts: ls1021a: Add missing cooling device properties for CPUs arm: dts: mediatek: Add missing cooling device properties for CPUs William Breathitt Gray (1): iio: 104-quad-8: Fix off-by-one error in register selection Yu Zhao (1): regulator: fix crash caused by null driver data Zhen Lei (1): iommu/amd: make sure TLB to be flushed before IOVA freed Zhouyang Jia (4): drivers/tty: add error handling for pcmcia_loop_config media: tm6000: add error handling for dvb_register_adapter HID: hid-ntrig: add error handling for sysfs_create_group scsi: bnx2i: add error handling for ioremap_nocache ming_qian (1): media: uvcvideo: Support realtek's UVC 1.5 device

7 years, 1 month

1
1
0 0

Linux 4.9.131

by Greg KH

I'm announcing the release of the 4.9.131 kernel. All users of the 4.9 kernel series must upgrade. The updated 4.9.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.9.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/hwmon/ina2xx | 2 Makefile | 2 arch/arm/boot/dts/dra7.dtsi | 4 arch/arm/mach-mvebu/pmsu.c | 6 - arch/arm/mach-omap2/omap_hwmod_reset.c | 12 +- arch/arm64/include/asm/kvm_emulate.h | 5 + arch/arm64/kvm/guest.c | 55 +++++++++++- arch/powerpc/kernel/machine_kexec.c | 7 + arch/powerpc/platforms/powernv/pci-ioda.c | 2 arch/s390/mm/extmem.c | 4 arch/s390/mm/pgalloc.c | 2 arch/x86/entry/entry_64.S | 4 arch/x86/events/intel/lbr.c | 32 +++++-- arch/x86/events/perf_event.h | 1 arch/x86/kernel/tsc_msr.c | 1 arch/x86/mm/numa_emulation.c | 2 crypto/ablkcipher.c | 2 crypto/blkcipher.c | 1 drivers/block/floppy.c | 3 drivers/bluetooth/btusb.c | 1 drivers/edac/edac_mc_sysfs.c | 6 - drivers/edac/i7core_edac.c | 22 +++- drivers/gpio/gpio-menz127.c | 4 drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c | 11 ++ drivers/gpu/drm/amd/amdgpu/kv_dpm.c | 4 drivers/gpu/drm/amd/amdgpu/si_dpm.c | 3 drivers/gpu/drm/sun4i/sun4i_drv.c | 3 drivers/hid/hid-ntrig.c | 2 drivers/hwmon/adt7475.c | 14 +-- drivers/hwmon/ina2xx.c | 13 ++ drivers/i2c/busses/i2c-i801.c | 9 + drivers/infiniband/core/rw.c | 2 drivers/infiniband/hw/hfi1/pio.c | 9 + drivers/infiniband/hw/hfi1/user_sdma.c | 2 drivers/infiniband/hw/hfi1/verbs.c | 8 + drivers/infiniband/ulp/srp/ib_srp.c | 6 - drivers/input/mouse/elantech.c | 2 drivers/iommu/amd_iommu.c | 2 drivers/md/md-cluster.c | 19 ++-- drivers/media/i2c/soc_camera/ov772x.c | 2 drivers/media/platform/exynos4-is/fimc-isp-video.c | 11 +- drivers/media/platform/fsl-viu.c | 38 +++++--- drivers/media/platform/omap3isp/isp.c | 2 drivers/media/platform/s3c-camif/camif-capture.c | 2 drivers/media/usb/tm6000/tm6000-dvb.c | 5 + drivers/media/usb/uvc/uvc_video.c | 24 +++-- drivers/media/v4l2-core/v4l2-event.c | 38 ++++---- drivers/media/v4l2-core/v4l2-fh.c | 2 drivers/misc/tsl2550.c | 2 drivers/misc/vmw_vmci/vmci_queue_pair.c | 4 drivers/net/ethernet/hisilicon/hns/hnae.h | 6 - drivers/net/ethernet/hisilicon/hns/hns_enet.c | 2 drivers/net/ethernet/intel/e1000/e1000_ethtool.c | 7 - drivers/net/ethernet/qlogic/qed/qed_mcp.c | 96 +++++++++++++++++---- drivers/net/ethernet/qlogic/qed/qed_reg_addr.h | 1 drivers/net/phy/xilinx_gmii2rgmii.c | 10 +- drivers/net/wireless/ath/ath10k/htt_rx.c | 5 - drivers/net/wireless/rndis_wlan.c | 2 drivers/net/wireless/ti/wlcore/cmd.c | 6 + drivers/power/reset/vexpress-poweroff.c | 12 +- drivers/power/supply/power_supply_core.c | 11 +- drivers/regulator/core.c | 2 drivers/scsi/bnx2i/bnx2i_hwi.c | 2 drivers/scsi/ibmvscsi/ibmvscsi.c | 4 drivers/scsi/megaraid/megaraid_sas_base.c | 3 drivers/spi/spi-rspi.c | 34 ++++++- drivers/spi/spi-sh-msiof.c | 28 +++++- drivers/spi/spi-tegra20-slink.c | 31 +++++- drivers/staging/android/ashmem.c | 6 + drivers/staging/rts5208/sd.c | 2 drivers/target/iscsi/iscsi_target_auth.c | 15 --- drivers/target/iscsi/iscsi_target_tpg.c | 3 drivers/thermal/of-thermal.c | 7 + drivers/tty/serial/8250/serial_cs.c | 6 - drivers/tty/serial/cpm_uart/cpm_uart_core.c | 10 +- drivers/tty/serial/fsl_lpuart.c | 3 drivers/tty/serial/imx.c | 8 + drivers/usb/class/cdc-wdm.c | 2 drivers/usb/core/devio.c | 24 ++++- drivers/usb/core/driver.c | 28 +++--- drivers/usb/core/usb.c | 2 drivers/usb/serial/kobil_sct.c | 12 ++ drivers/usb/wusbcore/security.c | 2 drivers/uwb/hwa-rc.c | 1 fs/ext4/xattr.c | 5 + fs/nfsd/nfs4proc.c | 1 include/linux/arm-smccc.h | 38 +++++--- include/linux/platform_data/ina2xx.h | 2 include/linux/power_supply.h | 1 include/linux/slub_def.h | 3 include/media/v4l2-fh.h | 4 kernel/module.c | 6 + kernel/time/alarmtimer.c | 3 lib/klist.c | 10 +- mm/slub.c | 6 - net/6lowpan/iphc.c | 1 sound/aoa/core/gpio-feature.c | 4 sound/pci/hda/hda_intel.c | 3 sound/soc/soc-dapm.c | 7 + 99 files changed, 669 insertions(+), 237 deletions(-) Aaron Ma (1): Input: elantech - enable middle button of touchpad on ThinkPad P72 Akinobu Mita (2): media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power media: soc_camera: ov772x: correct setting of banding filter Alan Stern (3): USB: fix error handling in usb_driver_claim_interface() USB: handle NULL config in usb_find_alt_setting() USB: remove LPM management from usb_driver_claim_interface() Alexey Dobriyan (1): slub: make ->cpu_partial unsigned int Alexey Kardashevskiy (1): powerpc/powernv/ioda2: Reduce upper limit for DMA window size Alexey Khoroshilov (1): media: fsl-viu: fix error handling in viu_of_probe() Alistair Strachan (1): staging: android: ashmem: Fix mmap size validation Andy Shevchenko (1): x86/tsc: Add missing header to tsc_msr.c Andy Whitcroft (1): floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl Anson Huang (1): thermal: of-thermal: disable passive polling when thermal zone is disabled Anton Vasilyev (1): uwb: hwa-rc: fix memory leak at probe Bart Van Assche (3): scsi: target/iscsi: Make iscsit_ta_authentication() respect the output buffer size scsi: klist: Make it safe to use klists in atomic context IB/srp: Avoid that sg_reset -d ${srp_device} triggers an infinite loop Ben Greear (1): ath10k: protect ath10k_htt_rx_ring_free with rx_ring.lock Benjamin Tissoires (1): power: remove possible deadlock when unregistering power_supply Bo Chen (2): e1000: check on netif_running() before calling e1000_up() e1000: ensure to free old tx/rx rings in set_ringparam() Brandon Maier (2): net: phy: xgmiitorgmii: Check read_status results net: phy: xgmiitorgmii: Check phy_driver ready before accessing Breno Leitao (1): scsi: ibmvscsi: Improve strings handling Christophe Leroy (1): serial: cpm_uart: return immediately from console poll Colin Ian King (1): staging: rts5208: fix missing error check on call to rtsx_write_register Dan Carpenter (4): vmci: type promotion bug in qp_host_get_user_memory() IB/core: type promotion bug in rdma_rw_init_one_mr() rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication() hwmon: (adt7475) Make adt7475_read_word() return errors Dan Williams (1): x86/numa_emulation: Fix emulated-to-physical node mapping Dave Gerlach (1): ARM: hwmod: RTC: Don't assume lock/unlock will be called with irq enabled Dave Martin (1): arm64: KVM: Tighten guest core register access from userspace Ethan Tuttle (1): ARM: mvebu: declare asm symbols as character arrays in pmsu.c Gaku Inami (1): spi: sh-msiof: Fix invalid SPI use during system suspend Geert Uytterhoeven (2): spi: rspi: Fix invalid SPI use during system suspend spi: rspi: Fix interrupted DMA transfers Greg Kroah-Hartman (1): Linux 4.9.131 Guoqing Jiang (1): md-cluster: clear another node's suspend_area after the copy is finished Hari Bathini (1): powerpc/kdump: Handle crashkernel memory reservation failure Hiromitsu Yamasaki (1): spi: sh-msiof: Fix handling of write value for SISTR register Huazhong Tan (2): net: hns: fix length and page_offset overflow when CONFIG_ARM64_64K_PAGES net: hns: fix skb->truesize underestimation Ira Weiny (1): IB/hfi1: Fix SL array bounds check J. Bruce Fields (1): nfsd: fix corrupted reply to badly ordered compound Jan Beulich (1): x86/entry/64: Add two more instruction suffixes Javier Martinez Canillas (1): media: omap3isp: zero-initialize the isp cam_xclk{a,b} initial data Jernej Skrabec (1): drm/sun4i: Fix releasing node when enumerating enpoints Jessica Yu (1): module: exclude SHN_UNDEF symbols from kallsyms api Jian-Hong Pan (1): Bluetooth: Add a new Realtek 8723DE ID 0bda:b009 Johan Hovold (3): USB: serial: kobil_sct: fix modem-status error handling EDAC, i7core: Fix memleaks and use-after-free on probe and remove EDAC: Fix memleak in module init error path Julia Lawall (1): usb: wusbcore: security: cast sizeof to int for comparison Kai-Heng Feng (1): ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge Kan Liang (1): perf/x86/intel/lbr: Fix incomplete LBR call stack Kevin Hilman (1): ARM: dts: dra7: fix DCAN node addresses Liam Girdwood (1): ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs Lothar Felten (1): hwmon: (ina2xx) fix sysfs shunt resistor read access Marc Zyngier (3): arm/arm64: smccc-1.1: Make return values unsigned long arm/arm64: smccc-1.1: Handle function result as parameters arm64: KVM: Sanitize PSTATE.M when being set from userspace Marcel Ziswiler (1): spi: tegra20-slink: explicitly enable/disable clock Matt Ranostay (1): tsl2550: fix lux1_input error in low light Michael J. Ruhl (2): IB/hfi1: Invalid user input can result in crash IB/hfi1: Fix context recovery when PBC has an UnsupportedVL Michael Scott (1): 6lowpan: iphc: reset mac_header after decompress to fix panic Mika Westerberg (1): i2c: i801: Allow ACPI AML access I/O ports not reserved for SMBus Nadav Amit (1): gpio: Fix wrong rounding in gpio-menz127 Nicholas Mc Guire (1): ALSA: snd-aoa: add of_node_put() in error path Oliver Neukum (2): USB: usbdevfs: sanitize flags more USB: usbdevfs: restore warning for nonsensical flags Rex Zhu (2): drm/amdgpu: Enable/disable gfx PG feature in rlc safe mode drm/amdgpu: Update power state at the end of smu hw_init. Sakari Ailus (1): media: v4l: event: Prevent freeing event subscriptions while accessed Sebastian Andrzej Siewior (1): Revert "usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt()" Shivasharan S (1): scsi: megaraid_sas: Update controller info during resume Stafford Horne (1): crypto: skcipher - Fix -Wstringop-truncation warnings Stefan Agner (1): tty: serial: lpuart: avoid leaking struct tty_struct Sudeep Holla (1): power: vexpress: fix corruption in notifier registration Sylwester Nawrocki (1): media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt() Theodore Ts'o (1): ext4: never move the system.data xattr out of the inode body Thomas Gleixner (1): alarmtimer: Prevent overflow for relative nanosleep Tomer Tayar (2): qed: Wait for ready indication before rereading the shmem qed: Wait for MCP halt and resume commands to take place Tony Lindgren (1): wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout() Uwe Kleine-König (1): serial: imx: restore handshaking irq for imx1 Vasily Gorbik (2): s390/mm: correct allocate_pgste proc_handler callback s390/extmem: fix gcc 8 stringop-overflow warning Vincent Pelletier (1): scsi: target: iscsi: Use bin2hex instead of a re-implementation Yu Zhao (1): regulator: fix crash caused by null driver data Zhen Lei (1): iommu/amd: make sure TLB to be flushed before IOVA freed Zhouyang Jia (4): drivers/tty: add error handling for pcmcia_loop_config media: tm6000: add error handling for dvb_register_adapter HID: hid-ntrig: add error handling for sysfs_create_group scsi: bnx2i: add error handling for ioremap_nocache ming_qian (1): media: uvcvideo: Support realtek's UVC 1.5 device

7 years, 1 month

1
1
0 0

[PATCH 4.14 000/137] 4.14.74-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.14.74 release. There are 137 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu Oct 4 13:24:18 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.74-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.14.74-rc1 Randy Dunlap <rdunlap(a)infradead.org> x86/pti: Fix section mismatch warning/error Mika Westerberg <mika.westerberg(a)linux.intel.com> i2c: i801: Allow ACPI AML access I/O ports not reserved for SMBus Marc Zyngier <marc.zyngier(a)arm.com> arm/arm64: smccc-1.1: Handle function result as parameters Marc Zyngier <marc.zyngier(a)arm.com> arm/arm64: smccc-1.1: Make return values unsigned long Tony Lindgren <tony(a)atomide.com> ARM: dts: omap4-droid4: Fix emmc errors seen on some devices James Smart <jsmart2021(a)gmail.com> nvme-fcloop: Fix dropped LS's to removed target port Linus Walleij <linus.walleij(a)linaro.org> ata: ftide010: Add a quirk for SQ201 Rex Zhu <Rex.Zhu(a)amd.com> drm/amdgpu: Update power state at the end of smu hw_init. Rex Zhu <Rex.Zhu(a)amd.com> drm/amdgpu: Enable/disable gfx PG feature in rlc safe mode Leonard Crestez <leonard.crestez(a)nxp.com> Revert "ARM: dts: imx7d: Invert legacy PCI irq mapping" Dan Carpenter <dan.carpenter(a)oracle.com> hwmon: (adt7475) Make adt7475_read_word() return errors Lothar Felten <lothar.felten(a)gmail.com> hwmon: (ina2xx) fix sysfs shunt resistor read access Srikanth Jampala <Jampala.Srikanth(a)cavium.com> crypto: cavium/nitrox - fix for command corruption in queue full case with backlog submissions. Bo Chen <chenbo(a)pdx.edu> e1000: ensure to free old tx/rx rings in set_ringparam() Bo Chen <chenbo(a)pdx.edu> e1000: check on netif_running() before calling e1000_up() Huazhong Tan <tanhuazhong(a)huawei.com> net: hns: fix skb->truesize underestimation Huazhong Tan <tanhuazhong(a)huawei.com> net: hns: fix length and page_offset overflow when CONFIG_ARM64_64K_PAGES John Fastabend <john.fastabend(a)gmail.com> bpf: sockmap: write_space events need to be passed to TCP handler John Fastabend <john.fastabend(a)gmail.com> tls: possible hang when do_tcp_sendpages hits sndbuf is full case Eric Sandeen <sandeen(a)redhat.com> isofs: reject hardware sector size > 2048 bytes Anson Huang <Anson.Huang(a)nxp.com> thermal: of-thermal: disable passive polling when thermal zone is disabled Tomer Tayar <Tomer.Tayar(a)cavium.com> qed: Avoid sending mailbox commands when MFW is not responsive Tomer Tayar <Tomer.Tayar(a)cavium.com> qed: Prevent a possible deadlock during driver load and unload Tomer Tayar <Tomer.Tayar(a)cavium.com> qed: Wait for MCP halt and resume commands to take place Tomer Tayar <Tomer.Tayar(a)cavium.com> qed: Wait for ready indication before rereading the shmem Dave Martin <Dave.Martin(a)arm.com> arm64: KVM: Tighten guest core register access from userspace Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> serial: imx: restore handshaking irq for imx1 Chris Wilson <chris(a)chris-wilson.co.uk> drm/i915: Remove vma from object on destroy, not close Amir Goldstein <amir73il(a)gmail.com> ovl: hash non-dir by lower inode for fsnotify Steve Wise <swise(a)opengridcomputing.com> RDMA/uverbs: Atomically flush and mark closed the comp event queue Michael J. Ruhl <michael.j.ruhl(a)intel.com> IB/hfi1: Fix context recovery when PBC has an UnsupportedVL Michael J. Ruhl <michael.j.ruhl(a)intel.com> IB/hfi1: Invalid user input can result in crash Ira Weiny <ira.weiny(a)intel.com> IB/hfi1: Fix SL array bounds check Bart Van Assche <bvanassche(a)acm.org> IB/srp: Avoid that sg_reset -d ${srp_device} triggers an infinite loop Aaron Ma <aaron.ma(a)canonical.com> Input: elantech - enable middle button of touchpad on ThinkPad P72 Alan Stern <stern(a)rowland.harvard.edu> USB: remove LPM management from usb_driver_claim_interface() Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> Revert "usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt()" Oliver Neukum <oneukum(a)suse.com> USB: usbdevfs: restore warning for nonsensical flags Oliver Neukum <oneukum(a)suse.com> USB: usbdevfs: sanitize flags more ming_qian <ming_qian(a)realsil.com.cn> media: uvcvideo: Support realtek's UVC 1.5 device Alexey Dobriyan <adobriyan(a)gmail.com> slub: make ->cpu_partial unsigned int Bin Liu <b-liu(a)ti.com> usb: musb: dsps: do not disable CPPI41 irq in driver teardown Alan Stern <stern(a)rowland.harvard.edu> USB: handle NULL config in usb_find_alt_setting() Alan Stern <stern(a)rowland.harvard.edu> USB: fix error handling in usb_driver_claim_interface() Yu Zhao <yuzhao(a)google.com> regulator: fix crash caused by null driver data Geert Uytterhoeven <geert+renesas(a)glider.be> spi: rspi: Fix interrupted DMA transfers Geert Uytterhoeven <geert+renesas(a)glider.be> spi: rspi: Fix invalid SPI use during system suspend Hiromitsu Yamasaki <hiromitsu.yamasaki.ym(a)renesas.com> spi: sh-msiof: Fix handling of write value for SISTR register Gaku Inami <gaku.inami.xw(a)bp.renesas.com> spi: sh-msiof: Fix invalid SPI use during system suspend Marcel Ziswiler <marcel.ziswiler(a)toradex.com> spi: tegra20-slink: explicitly enable/disable clock Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: Fix device removal logic Christophe Leroy <christophe.leroy(a)c-s.fr> serial: cpm_uart: return immediately from console poll Stefan Agner <stefan(a)agner.ch> tty: serial: lpuart: avoid leaking struct tty_struct Feng Tang <feng.tang(a)intel.com> x86/mm: Expand static page table for fixmap space Andy Whitcroft <apw(a)canonical.com> floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl Kevin Hilman <khilman(a)baylibre.com> ARM: dts: dra7: fix DCAN node addresses William Breathitt Gray <vilhelm.gray(a)gmail.com> iio: 104-quad-8: Fix off-by-one error in register selection Oleksandr Andrushchenko <oleksandr_andrushchenko(a)epam.com> Input: xen-kbdfront - fix multi-touch XenStore node's locations Konstantin Khorenko <khorenko(a)virtuozzo.com> fs/lock: skip lock owner pid translation in case we are in init_pid_ns Johan Hovold <johan(a)kernel.org> EDAC: Fix memleak in module init error path J. Bruce Fields <bfields(a)redhat.com> nfsd: fix corrupted reply to badly ordered compound Nadav Amit <namit(a)vmware.com> gpio: Fix wrong rounding in gpio-menz127 Jessica Yu <jeyu(a)kernel.org> module: exclude SHN_UNDEF symbols from kallsyms api Liam Girdwood <liam.r.girdwood(a)linux.intel.com> ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs Johan Hovold <johan(a)kernel.org> EDAC, i7core: Fix memleaks and use-after-free on probe and remove Shivasharan S <shivasharan.srikanteshwara(a)broadcom.com> scsi: megaraid_sas: Update controller info during resume Andreas Gruenbacher <agruenba(a)redhat.com> iomap: complete partial direct I/O writes synchronously Zhouyang Jia <jiazhouyang09(a)gmail.com> scsi: bnx2i: add error handling for ioremap_nocache Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel/lbr: Fix incomplete LBR call stack Masahiro Yamada <yamada.masahiro(a)socionext.com> MIPS: boot: fix build rule of vmlinux.its.S Zhouyang Jia <jiazhouyang09(a)gmail.com> HID: hid-ntrig: add error handling for sysfs_create_group Viresh Kumar <viresh.kumar(a)linaro.org> arm: dts: mediatek: Add missing cooling device properties for CPUs Ethan Tuttle <ethan(a)ethantuttle.com> ARM: mvebu: declare asm symbols as character arrays in pmsu.c Tony Lindgren <tony(a)atomide.com> wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout() Stefan Agner <stefan(a)agner.ch> brcmsmac: fix wrap around in conversion from constant to s16 Dan Carpenter <dan.carpenter(a)oracle.com> rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication() Niklas Cassel <niklas.cassel(a)linaro.org> ath10k: transmit queued frames after processing rx packets Jernej Skrabec <jernej.skrabec(a)siol.net> drm/sun4i: Fix releasing node when enumerating enpoints Brandon Maier <brandon.maier(a)rockwellcollins.com> net: phy: xgmiitorgmii: Check phy_driver ready before accessing Ben Greear <greearb(a)candelatech.com> ath10k: protect ath10k_htt_rx_ring_free with rx_ring.lock Brandon Maier <brandon.maier(a)rockwellcollins.com> net: phy: xgmiitorgmii: Check read_status results Kai-Heng Feng <kai.heng.feng(a)canonical.com> ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge Zhouyang Jia <jiazhouyang09(a)gmail.com> media: tm6000: add error handling for dvb_register_adapter Zhouyang Jia <jiazhouyang09(a)gmail.com> drivers/tty: add error handling for pcmcia_loop_config Alistair Strachan <astrachan(a)google.com> staging: android: ashmem: Fix mmap size validation Javier Martinez Canillas <javierm(a)redhat.com> media: omap3isp: zero-initialize the isp cam_xclk{a,b} initial data Akinobu Mita <akinobu.mita(a)gmail.com> media: soc_camera: ov772x: correct setting of banding filter Akinobu Mita <akinobu.mita(a)gmail.com> media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power Nicholas Mc Guire <hofrat(a)osadl.org> ALSA: snd-aoa: add of_node_put() in error path Thomas Gleixner <tglx(a)linutronix.de> posix-timers: Sanitize overrun handling Thomas Gleixner <tglx(a)linutronix.de> posix-timers: Make forward callback return s64 Akinobu Mita <akinobu.mita(a)gmail.com> iio: accel: adxl345: convert address field usage in iio_chan_spec Peter Rosin <peda(a)axentia.se> mtd: rawnand: atmel: add module param to avoid using dma Vasily Gorbik <gor(a)linux.ibm.com> s390/extmem: fix gcc 8 stringop-overflow warning Vasily Gorbik <gor(a)linux.ibm.com> s390/scm_blk: correct numa_node in scm_blk_dev_setup Vasily Gorbik <gor(a)linux.ibm.com> s390/dasd: correct numa_node in dasd_alloc_queue Thomas Gleixner <tglx(a)linutronix.de> alarmtimer: Prevent overflow for relative nanosleep Heiko Carstens <heiko.carstens(a)de.ibm.com> s390/sysinfo: add missing #ifdef CONFIG_PROC_FS Alexey Kardashevskiy <aik(a)ozlabs.ru> powerpc/powernv/ioda2: Reduce upper limit for DMA window size Alagu Sankar <alagusankar(a)silex-india.com> ath10k: sdio: set skb len for all rx packets Alagu Sankar <alagusankar(a)silex-india.com> ath10k: sdio: use same endpoint id for all packets in a bundle Julia Lawall <Julia.Lawall(a)lip6.fr> usb: wusbcore: security: cast sizeof to int for comparison Bart Van Assche <bart.vanassche(a)wdc.com> scsi: target: Avoid that EXTENDED COPY commands trigger lock inversion Breno Leitao <leitao(a)debian.org> scsi: ibmvscsi: Improve strings handling Bart Van Assche <bart.vanassche(a)wdc.com> scsi: klist: Make it safe to use klists in atomic context Bart Van Assche <bart.vanassche(a)wdc.com> scsi: target/iscsi: Make iscsit_ta_authentication() respect the output buffer size Viresh Kumar <viresh.kumar(a)linaro.org> ARM: dts: ls1021a: Add missing cooling device properties for CPUs Jan Beulich <JBeulich(a)suse.com> x86/entry/64: Add two more instruction suffixes Dave Gerlach <d-gerlach(a)ti.com> ARM: hwmod: RTC: Don't assume lock/unlock will be called with irq enabled Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> x86/tsc: Add missing header to tsc_msr.c Peter Seiderer <ps.report(a)gmx.net> media: staging/imx: fill vb2_v4l2_buffer field entry Alexey Khoroshilov <khoroshilov(a)ispras.ru> media: fsl-viu: fix error handling in viu_of_probe() Hari Bathini <hbathini(a)linux.ibm.com> powerpc/kdump: Handle crashkernel memory reservation failure Tarick Bedeir <tarick(a)google.com> IB/mlx4: Test port number before querying type. Sylwester Nawrocki <s.nawrocki(a)samsung.com> media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt() Dan Carpenter <dan.carpenter(a)oracle.com> IB/core: type promotion bug in rdma_rw_init_one_mr() Leon Romanovsky <leonro(a)mellanox.com> RDMA/i40w: Hold read semaphore while looking after VMA Dan Carpenter <dan.carpenter(a)oracle.com> RDMA/bnxt_re: Fix a couple off by one bugs Guoqing Jiang <gqjiang(a)suse.com> md-cluster: clear another node's suspend_area after the copy is finished Benjamin Tissoires <benjamin.tissoires(a)redhat.com> power: remove possible deadlock when unregistering power_supply Vasily Gorbik <gor(a)linux.ibm.com> s390/mm: correct allocate_pgste proc_handler callback Niklas Cassel <niklas.cassel(a)linaro.org> iommu/msm: Don't call iommu_device_{,un}link from atomic context Michael Scott <michael(a)opensourcefoundries.com> 6lowpan: iphc: reset mac_header after decompress to fix panic Johan Hovold <johan(a)kernel.org> USB: serial: kobil_sct: fix modem-status error handling Jian-Hong Pan <jian-hong(a)endlessm.com> Bluetooth: Add a new Realtek 8723DE ID 0bda:b009 Zhen Lei <thunder.leizhen(a)huawei.com> iommu/amd: make sure TLB to be flushed before IOVA freed Sudeep Holla <sudeep.holla(a)arm.com> power: vexpress: fix corruption in notifier registration Anton Vasilyev <vasilyev(a)ispras.ru> uwb: hwa-rc: fix memory leak at probe Geert Uytterhoeven <geert+renesas(a)glider.be> serial: sh-sci: Stop RX FIFO timer during port shutdown Johan Hovold <johan(a)kernel.org> misc: sram: enable clock before registering regions Hans de Goede <hdegoede(a)redhat.com> power: supply: axp288_charger: Fix initial constant_charge_current value Colin Ian King <colin.king(a)canonical.com> staging: rts5208: fix missing error check on call to rtsx_write_register Dan Williams <dan.j.williams(a)intel.com> x86/numa_emulation: Fix emulated-to-physical node mapping Dan Carpenter <dan.carpenter(a)oracle.com> vmci: type promotion bug in qp_host_get_user_memory() Matt Ranostay <matt.ranostay(a)konsulko.com> tsl2550: fix lux1_input error in low light Akinobu Mita <akinobu.mita(a)gmail.com> iio: adc: ina2xx: avoid kthread_stop() with stale task_struct Stafford Horne <shorne(a)gmail.com> crypto: skcipher - Fix -Wstringop-truncation warnings ------------- Diffstat: Documentation/hwmon/ina2xx | 2 +- Makefile | 4 +- arch/arm/boot/dts/dra7.dtsi | 4 +- arch/arm/boot/dts/imx7d.dtsi | 12 +- arch/arm/boot/dts/ls1021a.dtsi | 1 + arch/arm/boot/dts/mt7623.dtsi | 3 + arch/arm/boot/dts/omap4-droid4-xt894.dts | 2 +- arch/arm/mach-mvebu/pmsu.c | 6 +- arch/arm/mach-omap2/omap_hwmod_reset.c | 12 +- arch/arm64/kvm/guest.c | 45 +++++ arch/mips/boot/Makefile | 6 +- arch/powerpc/kernel/machine_kexec.c | 7 +- arch/powerpc/platforms/powernv/pci-ioda.c | 2 +- arch/s390/kernel/sysinfo.c | 4 + arch/s390/mm/extmem.c | 4 +- arch/s390/mm/pgalloc.c | 2 +- arch/x86/entry/entry_64.S | 4 +- arch/x86/events/intel/lbr.c | 32 +++- arch/x86/events/perf_event.h | 1 + arch/x86/include/asm/fixmap.h | 10 ++ arch/x86/include/asm/pgtable_64.h | 3 +- arch/x86/kernel/head64.c | 4 +- arch/x86/kernel/head_64.S | 16 +- arch/x86/kernel/tsc_msr.c | 1 + arch/x86/mm/numa_emulation.c | 2 +- arch/x86/mm/pgtable.c | 9 + arch/x86/mm/pti.c | 2 +- arch/x86/xen/mmu_pv.c | 8 +- crypto/ablkcipher.c | 2 + crypto/blkcipher.c | 1 + drivers/ata/pata_ftide010.c | 27 +-- drivers/block/floppy.c | 3 + drivers/bluetooth/btusb.c | 1 + drivers/crypto/cavium/nitrox/nitrox_dev.h | 3 +- drivers/crypto/cavium/nitrox/nitrox_lib.c | 1 + drivers/crypto/cavium/nitrox/nitrox_reqmgr.c | 57 ++++--- drivers/edac/edac_mc_sysfs.c | 6 +- drivers/edac/i7core_edac.c | 22 ++- drivers/gpio/gpio-menz127.c | 4 +- drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c | 11 +- drivers/gpu/drm/amd/amdgpu/kv_dpm.c | 4 +- drivers/gpu/drm/amd/amdgpu/si_dpm.c | 3 +- drivers/gpu/drm/i915/i915_gem.c | 3 +- drivers/gpu/drm/i915/i915_vma.c | 4 +- drivers/gpu/drm/sun4i/sun4i_drv.c | 3 +- drivers/hid/hid-ntrig.c | 2 + drivers/hwmon/adt7475.c | 14 +- drivers/hwmon/ina2xx.c | 13 +- drivers/hwtracing/intel_th/core.c | 3 +- drivers/i2c/busses/i2c-i801.c | 9 +- drivers/iio/accel/adxl345_core.c | 21 ++- drivers/iio/adc/ina2xx-adc.c | 17 +- drivers/iio/counter/104-quad-8.c | 2 +- drivers/infiniband/core/rw.c | 2 +- drivers/infiniband/core/uverbs_main.c | 1 + drivers/infiniband/hw/bnxt_re/qplib_sp.c | 4 +- drivers/infiniband/hw/hfi1/pio.c | 9 +- drivers/infiniband/hw/hfi1/user_sdma.c | 2 +- drivers/infiniband/hw/hfi1/verbs.c | 8 +- drivers/infiniband/hw/i40iw/i40iw_verbs.c | 2 + drivers/infiniband/hw/mlx4/qp.c | 2 +- drivers/infiniband/ulp/srp/ib_srp.c | 6 +- drivers/input/misc/xen-kbdfront.c | 8 +- drivers/input/mouse/elantech.c | 2 + drivers/iommu/amd_iommu.c | 2 +- drivers/iommu/msm_iommu.c | 16 +- drivers/md/md-cluster.c | 19 ++- drivers/media/i2c/soc_camera/ov772x.c | 2 +- drivers/media/platform/exynos4-is/fimc-isp-video.c | 11 +- drivers/media/platform/fsl-viu.c | 38 +++-- drivers/media/platform/omap3isp/isp.c | 2 +- drivers/media/platform/s3c-camif/camif-capture.c | 2 + drivers/media/usb/tm6000/tm6000-dvb.c | 5 + drivers/media/usb/uvc/uvc_video.c | 24 ++- drivers/misc/sram.c | 13 +- drivers/misc/tsl2550.c | 2 +- drivers/misc/vmw_vmci/vmci_queue_pair.c | 4 +- drivers/mtd/nand/atmel/nand-controller.c | 7 +- drivers/net/ethernet/hisilicon/hns/hnae.h | 6 +- drivers/net/ethernet/hisilicon/hns/hns_enet.c | 2 +- drivers/net/ethernet/intel/e1000/e1000_ethtool.c | 7 +- drivers/net/ethernet/qlogic/qed/qed_mcp.c | 187 +++++++++++++++++---- drivers/net/ethernet/qlogic/qed/qed_mcp.h | 27 ++- drivers/net/ethernet/qlogic/qed/qed_reg_addr.h | 2 + drivers/net/phy/xilinx_gmii2rgmii.c | 10 +- drivers/net/wireless/ath/ath10k/htt_rx.c | 5 +- drivers/net/wireless/ath/ath10k/mac.c | 1 + drivers/net/wireless/ath/ath10k/sdio.c | 9 +- .../broadcom/brcm80211/brcmsmac/phy/phy_qmath.c | 2 +- drivers/net/wireless/rndis_wlan.c | 2 + drivers/net/wireless/ti/wlcore/cmd.c | 6 + drivers/nvme/target/fcloop.c | 3 +- drivers/power/reset/vexpress-poweroff.c | 12 +- drivers/power/supply/axp288_charger.c | 2 +- drivers/power/supply/power_supply_core.c | 11 +- drivers/regulator/core.c | 2 +- drivers/s390/block/dasd.c | 1 + drivers/s390/block/scm_blk.c | 1 + drivers/scsi/bnx2i/bnx2i_hwi.c | 2 + drivers/scsi/ibmvscsi/ibmvscsi.c | 4 +- drivers/scsi/megaraid/megaraid_sas_base.c | 3 + drivers/spi/spi-rspi.c | 34 +++- drivers/spi/spi-sh-msiof.c | 28 ++- drivers/spi/spi-tegra20-slink.c | 31 +++- drivers/staging/android/ashmem.c | 6 + drivers/staging/media/imx/imx-ic-prpencvf.c | 1 + drivers/staging/media/imx/imx-media-csi.c | 1 + drivers/staging/rts5208/sd.c | 2 +- drivers/target/iscsi/iscsi_target_tpg.c | 3 +- drivers/target/target_core_device.c | 22 ++- drivers/thermal/of-thermal.c | 7 +- drivers/tty/serial/8250/serial_cs.c | 6 +- drivers/tty/serial/cpm_uart/cpm_uart_core.c | 10 +- drivers/tty/serial/fsl_lpuart.c | 3 +- drivers/tty/serial/imx.c | 8 + drivers/tty/serial/sh-sci.c | 2 + drivers/usb/class/cdc-wdm.c | 2 +- drivers/usb/core/devio.c | 24 ++- drivers/usb/core/driver.c | 28 +-- drivers/usb/core/usb.c | 2 + drivers/usb/musb/musb_dsps.c | 12 +- drivers/usb/serial/kobil_sct.c | 12 +- drivers/usb/wusbcore/security.c | 2 +- drivers/uwb/hwa-rc.c | 1 + fs/iomap.c | 21 +-- fs/isofs/inode.c | 7 + fs/locks.c | 7 + fs/nfsd/nfs4proc.c | 1 + fs/overlayfs/inode.c | 62 +++++-- include/linux/arm-smccc.h | 38 +++-- include/linux/platform_data/ina2xx.h | 2 +- include/linux/posix-timers.h | 4 +- include/linux/power_supply.h | 1 + include/linux/slub_def.h | 3 +- kernel/bpf/sockmap.c | 3 + kernel/module.c | 6 +- kernel/time/alarmtimer.c | 7 +- kernel/time/posix-cpu-timers.c | 2 +- kernel/time/posix-timers.c | 33 ++-- kernel/time/posix-timers.h | 2 +- lib/klist.c | 10 +- mm/slub.c | 6 +- net/6lowpan/iphc.c | 1 + net/tls/tls_main.c | 9 +- sound/aoa/core/gpio-feature.c | 4 +- sound/pci/hda/hda_intel.c | 3 +- sound/soc/soc-dapm.c | 7 + 147 files changed, 1040 insertions(+), 390 deletions(-)

7 years, 1 month

6
144
0 0

[PATCH v6 04/10] mtd: maps: gpio-addr-flash: Fix ioremapped size

by Ricardo Ribalda Delgado

We should only iomap the area of the chip that is memory mapped. Otherwise we could be mapping devices beyond the memory space or that belong to other devices. Signed-off-by: Ricardo Ribalda Delgado <ricardo.ribalda(a)gmail.com> Fixes: ebd71e3a4861 ("mtd: maps: gpio-addr-flash: fix warnings and make more portable") Cc: <stable(a)vger.kernel.org> --- drivers/mtd/maps/gpio-addr-flash.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/mtd/maps/gpio-addr-flash.c b/drivers/mtd/maps/gpio-addr-flash.c index 17be47f72973..6de16e81994c 100644 --- a/drivers/mtd/maps/gpio-addr-flash.c +++ b/drivers/mtd/maps/gpio-addr-flash.c @@ -234,7 +234,7 @@ static int gpio_flash_probe(struct platform_device *pdev) state->map.copy_to = gf_copy_to; state->map.bankwidth = pdata->width; state->map.size = state->win_size * (1 << state->gpio_count); - state->map.virt = ioremap_nocache(memory->start, state->map.size); + state->map.virt = ioremap_nocache(memory->start, state->win_size); if (!state->map.virt) return -ENOMEM; -- 2.19.0

7 years, 1 month

1
0
0 0

Your images 24

by Joanna

Have photos for cutting out or retouching? We are one image team and we do editing for your the e-commerce photos, industry photos or portrait photo. If you need test editing then let me know. Waiting for your reply and the photo work. Thanks, Joanna

7 years, 1 month

1
0
0 0

[PATCH v2] drm: fb-helper: Reject all pixel format changing requests

by Eugeniy Paltsev

drm fbdev emulation doesn't support changing the pixel format at all, so reject all pixel format changing requests. Cc: stable(a)vger.kernel.org Signed-off-by: Eugeniy Paltsev <Eugeniy.Paltsev(a)synopsys.com> --- Changes v1->v2: * Reject all pixel format changing request, not just the invalid ones. drivers/gpu/drm/drm_fb_helper.c | 91 ++++++++++++----------------------------- 1 file changed, 26 insertions(+), 65 deletions(-) diff --git a/drivers/gpu/drm/drm_fb_helper.c b/drivers/gpu/drm/drm_fb_helper.c index 16ec93b75dbf..48598d7f673f 100644 --- a/drivers/gpu/drm/drm_fb_helper.c +++ b/drivers/gpu/drm/drm_fb_helper.c @@ -1580,6 +1580,25 @@ int drm_fb_helper_ioctl(struct fb_info *info, unsigned int cmd, } EXPORT_SYMBOL(drm_fb_helper_ioctl); +static bool drm_fb_pixel_format_equal(const struct fb_var_screeninfo *var_1, + const struct fb_var_screeninfo *var_2) +{ + return var_1->bits_per_pixel == var_2->bits_per_pixel && + var_1->grayscale == var_2->grayscale && + var_1->red.offset == var_2->red.offset && + var_1->red.length == var_2->red.length && + var_1->red.msb_right == var_2->red.msb_right && + var_1->green.offset == var_2->green.offset && + var_1->green.length == var_2->green.length && + var_1->green.msb_right == var_2->green.msb_right && + var_1->blue.offset == var_2->blue.offset && + var_1->blue.length == var_2->blue.length && + var_1->blue.msb_right == var_2->blue.msb_right && + var_1->transp.offset == var_2->transp.offset && + var_1->transp.length == var_2->transp.length && + var_1->transp.msb_right == var_2->transp.msb_right; +} + /** * drm_fb_helper_check_var - implementation for &fb_ops.fb_check_var * @var: screeninfo to check @@ -1590,7 +1609,6 @@ int drm_fb_helper_check_var(struct fb_var_screeninfo *var, { struct drm_fb_helper *fb_helper = info->par; struct drm_framebuffer *fb = fb_helper->fb; - int depth; if (var->pixclock != 0 || in_dbg_master()) return -EINVAL; @@ -1610,72 +1628,15 @@ int drm_fb_helper_check_var(struct fb_var_screeninfo *var, return -EINVAL; } - switch (var->bits_per_pixel) { - case 16: - depth = (var->green.length == 6) ? 16 : 15; - break; - case 32: - depth = (var->transp.length > 0) ? 32 : 24; - break; - default: - depth = var->bits_per_pixel; - break; - } - - switch (depth) { - case 8: - var->red.offset = 0; - var->green.offset = 0; - var->blue.offset = 0; - var->red.length = 8; - var->green.length = 8; - var->blue.length = 8; - var->transp.length = 0; - var->transp.offset = 0; - break; - case 15: - var->red.offset = 10; - var->green.offset = 5; - var->blue.offset = 0; - var->red.length = 5; - var->green.length = 5; - var->blue.length = 5; - var->transp.length = 1; - var->transp.offset = 15; - break; - case 16: - var->red.offset = 11; - var->green.offset = 5; - var->blue.offset = 0; - var->red.length = 5; - var->green.length = 6; - var->blue.length = 5; - var->transp.length = 0; - var->transp.offset = 0; - break; - case 24: - var->red.offset = 16; - var->green.offset = 8; - var->blue.offset = 0; - var->red.length = 8; - var->green.length = 8; - var->blue.length = 8; - var->transp.length = 0; - var->transp.offset = 0; - break; - case 32: - var->red.offset = 16; - var->green.offset = 8; - var->blue.offset = 0; - var->red.length = 8; - var->green.length = 8; - var->blue.length = 8; - var->transp.length = 8; - var->transp.offset = 24; - break; - default: + /* + * drm fbdev emulation doesn't support changing the pixel format at all, + * so reject all pixel format changing requests. + */ + if (!drm_fb_pixel_format_equal(var, &info->var)) { + DRM_DEBUG("fbdev emulation doesn't support changing the pixel format\n"); return -EINVAL; } + return 0; } EXPORT_SYMBOL(drm_fb_helper_check_var); -- 2.14.4

7 years, 1 month

3
4
0 0

Applied "ASoC: intel: skylake: Add missing break in skl_tplg_get_token()" to the asoc tree

by Mark Brown

The patch ASoC: intel: skylake: Add missing break in skl_tplg_get_token() has been applied to the asoc tree at https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound.git All being well this means that it will be integrated into the linux-next tree (usually sometime in the next 24 hours) and sent to Linus during the next merge window (or sooner if it is a bug fix), however if problems are discovered then the patch may be dropped or reverted. You may get further e-mails resulting from automated or manual testing and review of the tree, please engage with people reporting problems and send followup patches addressing any issues that are reported if needed. If any updates are required or you are submitting further changes they should be sent as incremental updates against current git, existing patches will not be replaced. Please add any relevant lists and maintainers to the CCs when replying to this mail. Thanks, Mark >From 9c80c5a8831471e0a3e139aad1b0d4c0fdc50b2f Mon Sep 17 00:00:00 2001 From: Takashi Iwai <tiwai(a)suse.de> Date: Wed, 3 Oct 2018 19:31:44 +0200 Subject: [PATCH] ASoC: intel: skylake: Add missing break in skl_tplg_get_token() skl_tplg_get_token() misses a break in the big switch() block for SKL_TKN_U8_CORE_ID entry. Spotted nicely by -Wimplicit-fallthrough compiler option. Fixes: 6277e83292a2 ("ASoC: Intel: Skylake: Parse vendor tokens to build module data") Cc: <stable(a)vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai(a)suse.de> Signed-off-by: Mark Brown <broonie(a)kernel.org> --- sound/soc/intel/skylake/skl-topology.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sound/soc/intel/skylake/skl-topology.c b/sound/soc/intel/skylake/skl-topology.c index 52a9915da0f5..cf8848b779dc 100644 --- a/sound/soc/intel/skylake/skl-topology.c +++ b/sound/soc/intel/skylake/skl-topology.c @@ -2460,6 +2460,7 @@ static int skl_tplg_get_token(struct device *dev, case SKL_TKN_U8_CORE_ID: mconfig->core_id = tkn_elem->value; + break; case SKL_TKN_U8_MOD_TYPE: mconfig->m_type = tkn_elem->value; -- 2.19.0.rc2

7 years, 1 month

1
0
0 0

[PATCH] usb: gadget: udc: renesas_usb3: Fix b-device mode for "workaround"

by Yoshihiro Shimoda

If the "workaround_for_vbus" is true, the driver will not call usb_disconnect(). So, since the controller keeps some registers' value, the driver doesn't re-enumarate suitable speed after the b-device mode is disabled. To fix the issue, this patch adds usb_disconnect() calling in renesas_usb3_b_device_write() if workaround_for_vbus is true. Fixes: 43ba968b00ea ("usb: gadget: udc: renesas_usb3: add debugfs to set the b-device mode") Cc: <stable(a)vger.kernel.org> # v4.14+ Signed-off-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> --- drivers/usb/gadget/udc/renesas_usb3.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/usb/gadget/udc/renesas_usb3.c b/drivers/usb/gadget/udc/renesas_usb3.c index e1656f3..67d8a50 100644 --- a/drivers/usb/gadget/udc/renesas_usb3.c +++ b/drivers/usb/gadget/udc/renesas_usb3.c @@ -2437,6 +2437,9 @@ static ssize_t renesas_usb3_b_device_write(struct file *file, else usb3->forced_b_device = false; + if (usb3->workaround_for_vbus) + usb3_disconnect(usb3); + /* Let this driver call usb3_connect() anyway */ usb3_check_id(usb3); -- 1.9.1

7 years, 1 month

2
1
0 0

[PATCH 1/3] ARM: socfpga: Clean unused functions

by Clément Péron

These functions are unused externally, removed them and declare the one used locally as static. Signed-off-by: Clément Péron <peron.clem(a)gmail.com> --- arch/arm/mach-socfpga/core.h | 2 -- arch/arm/mach-socfpga/socfpga.c | 2 +- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/arch/arm/mach-socfpga/core.h b/arch/arm/mach-socfpga/core.h index 65e1817d8afe..92cae0a9213f 100644 --- a/arch/arm/mach-socfpga/core.h +++ b/arch/arm/mach-socfpga/core.h @@ -34,8 +34,6 @@ #define RSTMGR_MPUMODRST_CPU1 0x2 /* CPU1 Reset */ -extern void socfpga_init_clocks(void); -extern void socfpga_sysmgr_init(void); void socfpga_init_l2_ecc(void); void socfpga_init_ocram_ecc(void); void socfpga_init_arria10_l2_ecc(void); diff --git a/arch/arm/mach-socfpga/socfpga.c b/arch/arm/mach-socfpga/socfpga.c index dde14f7bf2c3..5fb6f79059a8 100644 --- a/arch/arm/mach-socfpga/socfpga.c +++ b/arch/arm/mach-socfpga/socfpga.c @@ -32,7 +32,7 @@ void __iomem *rst_manager_base_addr; void __iomem *sdr_ctl_base_addr; unsigned long socfpga_cpu1start_addr; -void __init socfpga_sysmgr_init(void) +static void __init socfpga_sysmgr_init(void) { struct device_node *np; -- 2.17.1

7 years, 1 month

2
4
0 0

[PATCH] x86/vdso: Fix vDSO syscall fallback asm constraint regression

by Andy Lutomirski

When I added the missing memory outputs, I failed to update the index of the first argument (ebx) on 32-bit builds, which broke the fallbacks. Somehow I must have screwed up my testing or gotten lucky. Add another test to cover gettimeofday() as well. Cc: stable(a)vger.kernel.org Fixes: 715bd9d12f84 ("x86/vdso: Fix asm constraints on vDSO syscall fallbacks") Cc: Thomas Gleixner <tglx(a)linutronix.de> Signed-off-by: Andy Lutomirski <luto(a)kernel.org> --- arch/x86/entry/vdso/vclock_gettime.c | 8 +-- tools/testing/selftests/x86/test_vdso.c | 73 +++++++++++++++++++++++++ 2 files changed, 77 insertions(+), 4 deletions(-) diff --git a/arch/x86/entry/vdso/vclock_gettime.c b/arch/x86/entry/vdso/vclock_gettime.c index 134e2d2e8add..e48ca3afa091 100644 --- a/arch/x86/entry/vdso/vclock_gettime.c +++ b/arch/x86/entry/vdso/vclock_gettime.c @@ -68,11 +68,11 @@ notrace static long vdso_fallback_gettime(long clock, struct timespec *ts) asm ( "mov %%ebx, %%edx \n" - "mov %2, %%ebx \n" + "mov %[clock], %%ebx \n" "call __kernel_vsyscall \n" "mov %%edx, %%ebx \n" : "=a" (ret), "=m" (*ts) - : "0" (__NR_clock_gettime), "g" (clock), "c" (ts) + : "0" (__NR_clock_gettime), [clock] "g" (clock), "c" (ts) : "memory", "edx"); return ret; } @@ -83,11 +83,11 @@ notrace static long vdso_fallback_gtod(struct timeval *tv, struct timezone *tz) asm ( "mov %%ebx, %%edx \n" - "mov %2, %%ebx \n" + "mov %[tv], %%ebx \n" "call __kernel_vsyscall \n" "mov %%edx, %%ebx \n" : "=a" (ret), "=m" (*tv), "=m" (*tz) - : "0" (__NR_gettimeofday), "g" (tv), "c" (tz) + : "0" (__NR_gettimeofday), [tv] "g" (tv), "c" (tz) : "memory", "edx"); return ret; } diff --git a/tools/testing/selftests/x86/test_vdso.c b/tools/testing/selftests/x86/test_vdso.c index 49f7294fb382..35edd61d1663 100644 --- a/tools/testing/selftests/x86/test_vdso.c +++ b/tools/testing/selftests/x86/test_vdso.c @@ -36,6 +36,10 @@ typedef int (*vgettime_t)(clockid_t, struct timespec *); vgettime_t vdso_clock_gettime; +typedef long (*vgtod_t)(struct timeval *tv, struct timezone *tz); + +vgtod_t vdso_gettimeofday; + typedef long (*getcpu_t)(unsigned *, unsigned *, void *); getcpu_t vgetcpu; @@ -104,6 +108,11 @@ static void fill_function_pointers() vdso_clock_gettime = (vgettime_t)dlsym(vdso, "__vdso_clock_gettime"); if (!vdso_clock_gettime) printf("Warning: failed to find clock_gettime in vDSO\n"); + + vdso_gettimeofday = (vgtod_t)dlsym(vdso, "__vdso_gettimeofday"); + if (!vdso_gettimeofday) + printf("Warning: failed to find gettimeofday in vDSO\n"); + } static long sys_getcpu(unsigned * cpu, unsigned * node, @@ -117,6 +126,11 @@ static inline int sys_clock_gettime(clockid_t id, struct timespec *ts) return syscall(__NR_clock_gettime, id, ts); } +static inline int sys_gettimeofday(struct timeval *tv, struct timezone *tz) +{ + return syscall(__NR_gettimeofday, tv, tz); +} + static void test_getcpu(void) { printf("[RUN]\tTesting getcpu...\n"); @@ -177,6 +191,14 @@ static bool ts_leq(const struct timespec *a, const struct timespec *b) return a->tv_nsec <= b->tv_nsec; } +static bool tv_leq(const struct timeval *a, const struct timeval *b) +{ + if (a->tv_sec != b->tv_sec) + return a->tv_sec < b->tv_sec; + else + return a->tv_usec <= b->tv_usec; +} + static char const * const clocknames[] = { [0] = "CLOCK_REALTIME", [1] = "CLOCK_MONOTONIC", @@ -248,11 +270,62 @@ static void test_clock_gettime(void) test_one_clock_gettime(INT_MAX, "invalid"); } +static void test_gettimeofday(void) +{ + struct timeval start, vdso, end; + struct timezone sys_tz, vdso_tz; + int vdso_ret, end_ret; + + if (!vdso_gettimeofday) + return; + + printf("[RUN]\tTesting gettimeofday...\n"); + + if (sys_gettimeofday(&start, &sys_tz) < 0) { + printf("[FAIL]\tsys_gettimeofday failed (%d)\n", errno); + nerrs++; + return; + } + + vdso_ret = vdso_gettimeofday(&vdso, &vdso_tz); + end_ret = sys_gettimeofday(&end, NULL); + + if (vdso_ret != 0 || end_ret != 0) { + printf("[FAIL]\tvDSO returned %d, syscall errno=%d\n", + vdso_ret, errno); + nerrs++; + return; + } + + printf("\t%llu.%06ld %llu.%06ld %llu.%06ld\n", + (unsigned long long)start.tv_sec, start.tv_usec, + (unsigned long long)vdso.tv_sec, vdso.tv_usec, + (unsigned long long)end.tv_sec, end.tv_usec); + + if (!tv_leq(&start, &vdso) || !tv_leq(&vdso, &end)) { + printf("[FAIL]\tTimes are out of sequence\n"); + nerrs++; + } + + if (sys_tz.tz_minuteswest == vdso_tz.tz_minuteswest && + sys_tz.tz_dsttime == vdso_tz.tz_dsttime) { + printf("[OK]\ttimezones match: minuteswest=%d, dsttime=%d\n", + sys_tz.tz_minuteswest, sys_tz.tz_dsttime); + } else { + printf("[FAIL]\ttimezones do not match\n"); + nerrs++; + } + + /* And make sure that passing NULL for tz doesn't crash. */ + vdso_gettimeofday(&vdso, NULL); +} + int main(int argc, char **argv) { fill_function_pointers(); test_clock_gettime(); + test_gettimeofday(); /* * Test getcpu() last so that, if something goes wrong setting affinity, -- 2.17.1

7 years, 1 month

1
0
0 0

[net] ixgbe: check return value of napi_complete_done()

by Jeff Kirsher

From: Song Liu <songliubraving(a)fb.com> The NIC driver should only enable interrupts when napi_complete_done() returns true. This patch adds the check for ixgbe. Cc: stable(a)vger.kernel.org # 4.10+ Suggested-by: Eric Dumazet <edumazet(a)google.com> Signed-off-by: Song Liu <songliubraving(a)fb.com> Tested-by: Andrew Bowers <andrewx.bowers(a)intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher(a)intel.com> --- drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c index f27d73a7bf16..6cdd58d9d461 100644 --- a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c +++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c @@ -3196,11 +3196,13 @@ int ixgbe_poll(struct napi_struct *napi, int budget) return budget; /* all work done, exit the polling mode */ - napi_complete_done(napi, work_done); - if (adapter->rx_itr_setting & 1) - ixgbe_set_itr(q_vector); - if (!test_bit(__IXGBE_DOWN, &adapter->state)) - ixgbe_irq_enable_queues(adapter, BIT_ULL(q_vector->v_idx)); + if (likely(napi_complete_done(napi, work_done))) { + if (adapter->rx_itr_setting & 1) + ixgbe_set_itr(q_vector); + if (!test_bit(__IXGBE_DOWN, &adapter->state)) + ixgbe_irq_enable_queues(adapter, + BIT_ULL(q_vector->v_idx)); + } return min(work_done, budget - 1); } -- 2.17.1

7 years, 1 month

2
1
0 0

[PATCH 4.9 00/94] 4.9.131-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.9.131 release. There are 94 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu Oct 4 13:24:37 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.131-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.9.131-rc1 Mika Westerberg <mika.westerberg(a)linux.intel.com> i2c: i801: Allow ACPI AML access I/O ports not reserved for SMBus Marc Zyngier <marc.zyngier(a)arm.com> arm/arm64: smccc-1.1: Handle function result as parameters Marc Zyngier <marc.zyngier(a)arm.com> arm/arm64: smccc-1.1: Make return values unsigned long Rex Zhu <Rex.Zhu(a)amd.com> drm/amdgpu: Update power state at the end of smu hw_init. Rex Zhu <Rex.Zhu(a)amd.com> drm/amdgpu: Enable/disable gfx PG feature in rlc safe mode Dan Carpenter <dan.carpenter(a)oracle.com> hwmon: (adt7475) Make adt7475_read_word() return errors Lothar Felten <lothar.felten(a)gmail.com> hwmon: (ina2xx) fix sysfs shunt resistor read access Bo Chen <chenbo(a)pdx.edu> e1000: ensure to free old tx/rx rings in set_ringparam() Bo Chen <chenbo(a)pdx.edu> e1000: check on netif_running() before calling e1000_up() Huazhong Tan <tanhuazhong(a)huawei.com> net: hns: fix skb->truesize underestimation Huazhong Tan <tanhuazhong(a)huawei.com> net: hns: fix length and page_offset overflow when CONFIG_ARM64_64K_PAGES Anson Huang <Anson.Huang(a)nxp.com> thermal: of-thermal: disable passive polling when thermal zone is disabled Tomer Tayar <Tomer.Tayar(a)cavium.com> qed: Wait for MCP halt and resume commands to take place Tomer Tayar <Tomer.Tayar(a)cavium.com> qed: Wait for ready indication before rereading the shmem Theodore Ts'o <tytso(a)mit.edu> ext4: never move the system.data xattr out of the inode body Dave Martin <Dave.Martin(a)arm.com> arm64: KVM: Tighten guest core register access from userspace Ira Weiny <ira.weiny(a)intel.com> IB/hfi1: Fix SL array bounds check Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> serial: imx: restore handshaking irq for imx1 Vincent Pelletier <plr.vincent(a)gmail.com> scsi: target: iscsi: Use bin2hex instead of a re-implementation Michael J. Ruhl <michael.j.ruhl(a)intel.com> IB/hfi1: Fix context recovery when PBC has an UnsupportedVL Michael J. Ruhl <michael.j.ruhl(a)intel.com> IB/hfi1: Invalid user input can result in crash Bart Van Assche <bvanassche(a)acm.org> IB/srp: Avoid that sg_reset -d ${srp_device} triggers an infinite loop Aaron Ma <aaron.ma(a)canonical.com> Input: elantech - enable middle button of touchpad on ThinkPad P72 Alan Stern <stern(a)rowland.harvard.edu> USB: remove LPM management from usb_driver_claim_interface() Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> Revert "usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt()" Oliver Neukum <oneukum(a)suse.com> USB: usbdevfs: restore warning for nonsensical flags Oliver Neukum <oneukum(a)suse.com> USB: usbdevfs: sanitize flags more ming_qian <ming_qian(a)realsil.com.cn> media: uvcvideo: Support realtek's UVC 1.5 device Alexey Dobriyan <adobriyan(a)gmail.com> slub: make ->cpu_partial unsigned int Alan Stern <stern(a)rowland.harvard.edu> USB: handle NULL config in usb_find_alt_setting() Alan Stern <stern(a)rowland.harvard.edu> USB: fix error handling in usb_driver_claim_interface() Yu Zhao <yuzhao(a)google.com> regulator: fix crash caused by null driver data Geert Uytterhoeven <geert+renesas(a)glider.be> spi: rspi: Fix interrupted DMA transfers Geert Uytterhoeven <geert+renesas(a)glider.be> spi: rspi: Fix invalid SPI use during system suspend Hiromitsu Yamasaki <hiromitsu.yamasaki.ym(a)renesas.com> spi: sh-msiof: Fix handling of write value for SISTR register Gaku Inami <gaku.inami.xw(a)bp.renesas.com> spi: sh-msiof: Fix invalid SPI use during system suspend Marcel Ziswiler <marcel.ziswiler(a)toradex.com> spi: tegra20-slink: explicitly enable/disable clock Christophe Leroy <christophe.leroy(a)c-s.fr> serial: cpm_uart: return immediately from console poll Stefan Agner <stefan(a)agner.ch> tty: serial: lpuart: avoid leaking struct tty_struct Andy Whitcroft <apw(a)canonical.com> floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl Kevin Hilman <khilman(a)baylibre.com> ARM: dts: dra7: fix DCAN node addresses Johan Hovold <johan(a)kernel.org> EDAC: Fix memleak in module init error path J. Bruce Fields <bfields(a)redhat.com> nfsd: fix corrupted reply to badly ordered compound Nadav Amit <namit(a)vmware.com> gpio: Fix wrong rounding in gpio-menz127 Jessica Yu <jeyu(a)kernel.org> module: exclude SHN_UNDEF symbols from kallsyms api Liam Girdwood <liam.r.girdwood(a)linux.intel.com> ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs Johan Hovold <johan(a)kernel.org> EDAC, i7core: Fix memleaks and use-after-free on probe and remove Shivasharan S <shivasharan.srikanteshwara(a)broadcom.com> scsi: megaraid_sas: Update controller info during resume Zhouyang Jia <jiazhouyang09(a)gmail.com> scsi: bnx2i: add error handling for ioremap_nocache Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel/lbr: Fix incomplete LBR call stack Zhouyang Jia <jiazhouyang09(a)gmail.com> HID: hid-ntrig: add error handling for sysfs_create_group Ethan Tuttle <ethan(a)ethantuttle.com> ARM: mvebu: declare asm symbols as character arrays in pmsu.c Tony Lindgren <tony(a)atomide.com> wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout() Dan Carpenter <dan.carpenter(a)oracle.com> rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication() Jernej Skrabec <jernej.skrabec(a)siol.net> drm/sun4i: Fix releasing node when enumerating enpoints Brandon Maier <brandon.maier(a)rockwellcollins.com> net: phy: xgmiitorgmii: Check phy_driver ready before accessing Ben Greear <greearb(a)candelatech.com> ath10k: protect ath10k_htt_rx_ring_free with rx_ring.lock Brandon Maier <brandon.maier(a)rockwellcollins.com> net: phy: xgmiitorgmii: Check read_status results Kai-Heng Feng <kai.heng.feng(a)canonical.com> ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge Zhouyang Jia <jiazhouyang09(a)gmail.com> media: tm6000: add error handling for dvb_register_adapter Zhouyang Jia <jiazhouyang09(a)gmail.com> drivers/tty: add error handling for pcmcia_loop_config Alistair Strachan <astrachan(a)google.com> staging: android: ashmem: Fix mmap size validation Javier Martinez Canillas <javierm(a)redhat.com> media: omap3isp: zero-initialize the isp cam_xclk{a,b} initial data Akinobu Mita <akinobu.mita(a)gmail.com> media: soc_camera: ov772x: correct setting of banding filter Akinobu Mita <akinobu.mita(a)gmail.com> media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power Nicholas Mc Guire <hofrat(a)osadl.org> ALSA: snd-aoa: add of_node_put() in error path Vasily Gorbik <gor(a)linux.ibm.com> s390/extmem: fix gcc 8 stringop-overflow warning Thomas Gleixner <tglx(a)linutronix.de> alarmtimer: Prevent overflow for relative nanosleep Alexey Kardashevskiy <aik(a)ozlabs.ru> powerpc/powernv/ioda2: Reduce upper limit for DMA window size Julia Lawall <Julia.Lawall(a)lip6.fr> usb: wusbcore: security: cast sizeof to int for comparison Breno Leitao <leitao(a)debian.org> scsi: ibmvscsi: Improve strings handling Bart Van Assche <bart.vanassche(a)wdc.com> scsi: klist: Make it safe to use klists in atomic context Bart Van Assche <bart.vanassche(a)wdc.com> scsi: target/iscsi: Make iscsit_ta_authentication() respect the output buffer size Jan Beulich <JBeulich(a)suse.com> x86/entry/64: Add two more instruction suffixes Dave Gerlach <d-gerlach(a)ti.com> ARM: hwmod: RTC: Don't assume lock/unlock will be called with irq enabled Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> x86/tsc: Add missing header to tsc_msr.c Alexey Khoroshilov <khoroshilov(a)ispras.ru> media: fsl-viu: fix error handling in viu_of_probe() Hari Bathini <hbathini(a)linux.ibm.com> powerpc/kdump: Handle crashkernel memory reservation failure Sylwester Nawrocki <s.nawrocki(a)samsung.com> media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt() Dan Carpenter <dan.carpenter(a)oracle.com> IB/core: type promotion bug in rdma_rw_init_one_mr() Guoqing Jiang <gqjiang(a)suse.com> md-cluster: clear another node's suspend_area after the copy is finished Benjamin Tissoires <benjamin.tissoires(a)redhat.com> power: remove possible deadlock when unregistering power_supply Vasily Gorbik <gor(a)linux.ibm.com> s390/mm: correct allocate_pgste proc_handler callback Michael Scott <michael(a)opensourcefoundries.com> 6lowpan: iphc: reset mac_header after decompress to fix panic Johan Hovold <johan(a)kernel.org> USB: serial: kobil_sct: fix modem-status error handling Jian-Hong Pan <jian-hong(a)endlessm.com> Bluetooth: Add a new Realtek 8723DE ID 0bda:b009 Zhen Lei <thunder.leizhen(a)huawei.com> iommu/amd: make sure TLB to be flushed before IOVA freed Sudeep Holla <sudeep.holla(a)arm.com> power: vexpress: fix corruption in notifier registration Anton Vasilyev <vasilyev(a)ispras.ru> uwb: hwa-rc: fix memory leak at probe Colin Ian King <colin.king(a)canonical.com> staging: rts5208: fix missing error check on call to rtsx_write_register Dan Williams <dan.j.williams(a)intel.com> x86/numa_emulation: Fix emulated-to-physical node mapping Dan Carpenter <dan.carpenter(a)oracle.com> vmci: type promotion bug in qp_host_get_user_memory() Matt Ranostay <matt.ranostay(a)konsulko.com> tsl2550: fix lux1_input error in low light Stafford Horne <shorne(a)gmail.com> crypto: skcipher - Fix -Wstringop-truncation warnings ------------- Diffstat: Documentation/hwmon/ina2xx | 2 +- Makefile | 4 +- arch/arm/boot/dts/dra7.dtsi | 4 +- arch/arm/mach-mvebu/pmsu.c | 6 +- arch/arm/mach-omap2/omap_hwmod_reset.c | 12 ++- arch/arm64/kvm/guest.c | 45 ++++++++++ arch/powerpc/kernel/machine_kexec.c | 7 +- arch/powerpc/platforms/powernv/pci-ioda.c | 2 +- arch/s390/mm/extmem.c | 4 +- arch/s390/mm/pgalloc.c | 2 +- arch/x86/entry/entry_64.S | 4 +- arch/x86/events/intel/lbr.c | 32 ++++++-- arch/x86/events/perf_event.h | 1 + arch/x86/kernel/tsc_msr.c | 1 + arch/x86/mm/numa_emulation.c | 2 +- crypto/ablkcipher.c | 2 + crypto/blkcipher.c | 1 + drivers/block/floppy.c | 3 + drivers/bluetooth/btusb.c | 1 + drivers/edac/edac_mc_sysfs.c | 6 +- drivers/edac/i7core_edac.c | 22 +++-- drivers/gpio/gpio-menz127.c | 4 +- drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c | 11 ++- drivers/gpu/drm/amd/amdgpu/kv_dpm.c | 4 +- drivers/gpu/drm/amd/amdgpu/si_dpm.c | 3 +- drivers/gpu/drm/sun4i/sun4i_drv.c | 3 +- drivers/hid/hid-ntrig.c | 2 + drivers/hwmon/adt7475.c | 14 ++-- drivers/hwmon/ina2xx.c | 13 ++- drivers/i2c/busses/i2c-i801.c | 9 +- drivers/infiniband/core/rw.c | 2 +- drivers/infiniband/hw/hfi1/pio.c | 9 +- drivers/infiniband/hw/hfi1/user_sdma.c | 2 +- drivers/infiniband/hw/hfi1/verbs.c | 8 +- drivers/infiniband/ulp/srp/ib_srp.c | 6 +- drivers/input/mouse/elantech.c | 2 + drivers/iommu/amd_iommu.c | 2 +- drivers/md/md-cluster.c | 19 +++-- drivers/media/i2c/soc_camera/ov772x.c | 2 +- drivers/media/platform/exynos4-is/fimc-isp-video.c | 11 ++- drivers/media/platform/fsl-viu.c | 38 +++++---- drivers/media/platform/omap3isp/isp.c | 2 +- drivers/media/platform/s3c-camif/camif-capture.c | 2 + drivers/media/usb/tm6000/tm6000-dvb.c | 5 ++ drivers/media/usb/uvc/uvc_video.c | 24 ++++-- drivers/misc/tsl2550.c | 2 +- drivers/misc/vmw_vmci/vmci_queue_pair.c | 4 +- drivers/net/ethernet/hisilicon/hns/hnae.h | 6 +- drivers/net/ethernet/hisilicon/hns/hns_enet.c | 2 +- drivers/net/ethernet/intel/e1000/e1000_ethtool.c | 7 +- drivers/net/ethernet/qlogic/qed/qed_mcp.c | 96 ++++++++++++++++++---- drivers/net/ethernet/qlogic/qed/qed_reg_addr.h | 1 + drivers/net/phy/xilinx_gmii2rgmii.c | 10 ++- drivers/net/wireless/ath/ath10k/htt_rx.c | 5 +- drivers/net/wireless/rndis_wlan.c | 2 + drivers/net/wireless/ti/wlcore/cmd.c | 6 ++ drivers/power/reset/vexpress-poweroff.c | 12 ++- drivers/power/supply/power_supply_core.c | 11 ++- drivers/regulator/core.c | 2 +- drivers/scsi/bnx2i/bnx2i_hwi.c | 2 + drivers/scsi/ibmvscsi/ibmvscsi.c | 4 +- drivers/scsi/megaraid/megaraid_sas_base.c | 3 + drivers/spi/spi-rspi.c | 34 +++++++- drivers/spi/spi-sh-msiof.c | 28 ++++++- drivers/spi/spi-tegra20-slink.c | 31 +++++-- drivers/staging/android/ashmem.c | 6 ++ drivers/staging/rts5208/sd.c | 2 +- drivers/target/iscsi/iscsi_target_auth.c | 15 +--- drivers/target/iscsi/iscsi_target_tpg.c | 3 +- drivers/thermal/of-thermal.c | 7 +- drivers/tty/serial/8250/serial_cs.c | 6 +- drivers/tty/serial/cpm_uart/cpm_uart_core.c | 10 ++- drivers/tty/serial/fsl_lpuart.c | 3 +- drivers/tty/serial/imx.c | 8 ++ drivers/usb/class/cdc-wdm.c | 2 +- drivers/usb/core/devio.c | 24 +++++- drivers/usb/core/driver.c | 28 +++---- drivers/usb/core/usb.c | 2 + drivers/usb/serial/kobil_sct.c | 12 ++- drivers/usb/wusbcore/security.c | 2 +- drivers/uwb/hwa-rc.c | 1 + fs/ext4/xattr.c | 5 ++ fs/nfsd/nfs4proc.c | 1 + include/linux/arm-smccc.h | 38 +++++---- include/linux/platform_data/ina2xx.h | 2 +- include/linux/power_supply.h | 1 + include/linux/slub_def.h | 3 +- kernel/module.c | 6 +- kernel/time/alarmtimer.c | 3 +- lib/klist.c | 10 ++- mm/slub.c | 6 +- net/6lowpan/iphc.c | 1 + sound/aoa/core/gpio-feature.c | 4 +- sound/pci/hda/hda_intel.c | 3 +- sound/soc/soc-dapm.c | 7 ++ 95 files changed, 630 insertions(+), 219 deletions(-)

7 years, 1 month

5
98
0 0

[PATCH v5 2/8] mtd: maps: gpio-addr-flash: Fix ioremapped size

by Ricardo Ribalda Delgado

We should only iomap the area of the chip that is memory mapped. Otherwise we could be mapping devices beyond the memory space or that belong to other devices. Signed-off-by: Ricardo Ribalda Delgado <ricardo.ribalda(a)gmail.com> Fixes: ebd71e3a4861 ("mtd: maps: gpio-addr-flash: fix warnings and make more portable") Cc: <stable(a)vger.kernel.org> --- drivers/mtd/maps/gpio-addr-flash.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/mtd/maps/gpio-addr-flash.c b/drivers/mtd/maps/gpio-addr-flash.c index 17be47f72973..6de16e81994c 100644 --- a/drivers/mtd/maps/gpio-addr-flash.c +++ b/drivers/mtd/maps/gpio-addr-flash.c @@ -234,7 +234,7 @@ static int gpio_flash_probe(struct platform_device *pdev) state->map.copy_to = gf_copy_to; state->map.bankwidth = pdata->width; state->map.size = state->win_size * (1 << state->gpio_count); - state->map.virt = ioremap_nocache(memory->start, state->map.size); + state->map.virt = ioremap_nocache(memory->start, state->win_size); if (!state->map.virt) return -ENOMEM; -- 2.19.0

7 years, 1 month

1
0
0 0

patch "usb: typec: tcpm: Fix APDO PPS order checking to be based on voltage" added to usb-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: typec: tcpm: Fix APDO PPS order checking to be based on voltage to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. >From 1b6af2f58c2b1522e0804b150ca95e50a9e80ea7 Mon Sep 17 00:00:00 2001 From: Adam Thomson <Adam.Thomson.Opensource(a)diasemi.com> Date: Fri, 21 Sep 2018 16:04:11 +0100 Subject: usb: typec: tcpm: Fix APDO PPS order checking to be based on voltage Current code mistakenly checks against max current to determine order but this should be max voltage. This commit fixes the issue so order is correctly determined, thus avoiding failure based on a higher voltage PPS APDO having a lower maximum current output, which is actually valid. Fixes: 2eadc33f40d4 ("typec: tcpm: Add core support for sink side PPS") Cc: <stable(a)vger.kernel.org> Signed-off-by: Adam Thomson <Adam.Thomson.Opensource(a)diasemi.com> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Reviewed-by: Guenter Roeck <linux(a)roeck-us.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/typec/tcpm/tcpm.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index 4f1f4215f3d6..c11b3befa87f 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -1430,8 +1430,8 @@ static enum pdo_err tcpm_caps_err(struct tcpm_port *port, const u32 *pdo, if (pdo_apdo_type(pdo[i]) != APDO_TYPE_PPS) break; - if (pdo_pps_apdo_max_current(pdo[i]) < - pdo_pps_apdo_max_current(pdo[i - 1])) + if (pdo_pps_apdo_max_voltage(pdo[i]) < + pdo_pps_apdo_max_voltage(pdo[i - 1])) return PDO_ERR_PPS_APDO_NOT_SORTED; else if (pdo_pps_apdo_min_voltage(pdo[i]) == pdo_pps_apdo_min_voltage(pdo[i - 1]) && -- 2.19.0

7 years, 1 month

1
0
0 0

patch "iio: ad5064: Fix regulator handling" added to staging-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: ad5064: Fix regulator handling to my staging git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git in the staging-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. >From 8911a43bc198877fad9f4b0246a866b26bb547ab Mon Sep 17 00:00:00 2001 From: Lars-Peter Clausen <lars(a)metafoo.de> Date: Fri, 28 Sep 2018 11:23:40 +0200 Subject: iio: ad5064: Fix regulator handling The correct way to handle errors returned by regualtor_get() and friends is to propagate the error since that means that an regulator was specified, but something went wrong when requesting it. For handling optional regulators, e.g. when the device has an internal vref, regulator_get_optional() should be used to avoid getting the dummy regulator that the regulator core otherwise provides. Signed-off-by: Lars-Peter Clausen <lars(a)metafoo.de> Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/dac/ad5064.c | 53 ++++++++++++++++++++++++++++------------ 1 file changed, 38 insertions(+), 15 deletions(-) diff --git a/drivers/iio/dac/ad5064.c b/drivers/iio/dac/ad5064.c index bf4fc40ec84d..2f98cb2a3b96 100644 --- a/drivers/iio/dac/ad5064.c +++ b/drivers/iio/dac/ad5064.c @@ -808,6 +808,40 @@ static int ad5064_set_config(struct ad5064_state *st, unsigned int val) return ad5064_write(st, cmd, 0, val, 0); } +static int ad5064_request_vref(struct ad5064_state *st, struct device *dev) +{ + unsigned int i; + int ret; + + for (i = 0; i < ad5064_num_vref(st); ++i) + st->vref_reg[i].supply = ad5064_vref_name(st, i); + + if (!st->chip_info->internal_vref) + return devm_regulator_bulk_get(dev, ad5064_num_vref(st), + st->vref_reg); + + /* + * This assumes that when the regulator has an internal VREF + * there is only one external VREF connection, which is + * currently the case for all supported devices. + */ + st->vref_reg[0].consumer = devm_regulator_get_optional(dev, "vref"); + if (!IS_ERR(st->vref_reg[0].consumer)) + return 0; + + ret = PTR_ERR(st->vref_reg[0].consumer); + if (ret != -ENODEV) + return ret; + + /* If no external regulator was supplied use the internal VREF */ + st->use_internal_vref = true; + ret = ad5064_set_config(st, AD5064_CONFIG_INT_VREF_ENABLE); + if (ret) + dev_err(dev, "Failed to enable internal vref: %d\n", ret); + + return ret; +} + static int ad5064_probe(struct device *dev, enum ad5064_type type, const char *name, ad5064_write_func write) { @@ -828,22 +862,11 @@ static int ad5064_probe(struct device *dev, enum ad5064_type type, st->dev = dev; st->write = write; - for (i = 0; i < ad5064_num_vref(st); ++i) - st->vref_reg[i].supply = ad5064_vref_name(st, i); + ret = ad5064_request_vref(st, dev); + if (ret) + return ret; - ret = devm_regulator_bulk_get(dev, ad5064_num_vref(st), - st->vref_reg); - if (ret) { - if (!st->chip_info->internal_vref) - return ret; - st->use_internal_vref = true; - ret = ad5064_set_config(st, AD5064_CONFIG_INT_VREF_ENABLE); - if (ret) { - dev_err(dev, "Failed to enable internal vref: %d\n", - ret); - return ret; - } - } else { + if (!st->use_internal_vref) { ret = regulator_bulk_enable(ad5064_num_vref(st), st->vref_reg); if (ret) return ret; -- 2.19.0

7 years, 1 month

1
0
0 0

patch "iio: adc: at91: fix wrong channel number in triggered buffer mode" added to staging-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: adc: at91: fix wrong channel number in triggered buffer mode to my staging git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git in the staging-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. >From aea835f2dc8a682942b859179c49ad1841a6c8b9 Mon Sep 17 00:00:00 2001 From: Eugen Hristev <eugen.hristev(a)microchip.com> Date: Mon, 24 Sep 2018 10:51:44 +0300 Subject: iio: adc: at91: fix wrong channel number in triggered buffer mode When channels are registered, the hardware channel number is not the actual iio channel number. This is because the driver is probed with a certain number of accessible channels. Some pins are routed and some not, depending on the description of the board in the DT. Because of that, channels 0,1,2,3 can correspond to hardware channels 2,3,4,5 for example. In the buffered triggered case, we need to do the translation accordingly. Fixed the channel number to stop reading the wrong channel. Fixes: 0e589d5fb ("ARM: AT91: IIO: Add AT91 ADC driver.") Cc: Maxime Ripard <maxime.ripard(a)bootlin.com> Signed-off-by: Eugen Hristev <eugen.hristev(a)microchip.com> Acked-by: Ludovic Desroches <ludovic.desroches(a)microchip.com> Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/adc/at91_adc.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/iio/adc/at91_adc.c b/drivers/iio/adc/at91_adc.c index e3be88e7192c..75d2f73582a3 100644 --- a/drivers/iio/adc/at91_adc.c +++ b/drivers/iio/adc/at91_adc.c @@ -248,12 +248,14 @@ static irqreturn_t at91_adc_trigger_handler(int irq, void *p) struct iio_poll_func *pf = p; struct iio_dev *idev = pf->indio_dev; struct at91_adc_state *st = iio_priv(idev); + struct iio_chan_spec const *chan; int i, j = 0; for (i = 0; i < idev->masklength; i++) { if (!test_bit(i, idev->active_scan_mask)) continue; - st->buffer[j] = at91_adc_readl(st, AT91_ADC_CHAN(st, i)); + chan = idev->channels + i; + st->buffer[j] = at91_adc_readl(st, AT91_ADC_CHAN(st, chan->channel)); j++; } -- 2.19.0

7 years, 1 month

1
0
0 0

patch "iio: adc: at91: fix acking DRDY irq on simple conversions" added to staging-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: adc: at91: fix acking DRDY irq on simple conversions to my staging git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git in the staging-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. >From bc1b45326223e7e890053cf6266357adfa61942d Mon Sep 17 00:00:00 2001 From: Eugen Hristev <eugen.hristev(a)microchip.com> Date: Mon, 24 Sep 2018 10:51:43 +0300 Subject: iio: adc: at91: fix acking DRDY irq on simple conversions When doing simple conversions, the driver did not acknowledge the DRDY irq. If this irq status is not acked, it will be left pending, and as soon as a trigger is enabled, the irq handler will be called, it doesn't know why this status has occurred because no channel is pending, and then it will go int a irq loop and board will hang. To avoid this situation, read the LCDR after a raw conversion is done. Fixes: 0e589d5fb ("ARM: AT91: IIO: Add AT91 ADC driver.") Cc: Maxime Ripard <maxime.ripard(a)bootlin.com> Signed-off-by: Eugen Hristev <eugen.hristev(a)microchip.com> Acked-by: Ludovic Desroches <ludovic.desroches(a)microchip.com> Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/adc/at91_adc.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/iio/adc/at91_adc.c b/drivers/iio/adc/at91_adc.c index 44b516863c9d..e3be88e7192c 100644 --- a/drivers/iio/adc/at91_adc.c +++ b/drivers/iio/adc/at91_adc.c @@ -279,6 +279,8 @@ static void handle_adc_eoc_trigger(int irq, struct iio_dev *idev) iio_trigger_poll(idev->trig); } else { st->last_value = at91_adc_readl(st, AT91_ADC_CHAN(st, st->chnb)); + /* Needed to ACK the DRDY interruption */ + at91_adc_readl(st, AT91_ADC_LCDR); st->done = true; wake_up_interruptible(&st->wq_data_avail); } -- 2.19.0

7 years, 1 month

1
0
0 0

patch "iio: adc: imx25-gcq: Fix leak of device_node in mx25_gcq_setup_cfgs()" added to staging-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: adc: imx25-gcq: Fix leak of device_node in mx25_gcq_setup_cfgs() to my staging git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git in the staging-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. >From d3fa21c73c391975488818b085b894c2980ea052 Mon Sep 17 00:00:00 2001 From: Alexey Khoroshilov <khoroshilov(a)ispras.ru> Date: Sat, 22 Sep 2018 00:58:02 +0300 Subject: iio: adc: imx25-gcq: Fix leak of device_node in mx25_gcq_setup_cfgs() Leaving for_each_child_of_node loop we should release child device node, if it is not stored for future use. Found by Linux Driver Verification project (linuxtesting.org). JC: I'm not sending this as a quick fix as it's been wrong for years, but good to pick up for stable after the merge window. Signed-off-by: Alexey Khoroshilov <khoroshilov(a)ispras.ru> Fixes: 6df2e98c3ea56 ("iio: adc: Add imx25-gcq ADC driver") Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/adc/fsl-imx25-gcq.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/iio/adc/fsl-imx25-gcq.c b/drivers/iio/adc/fsl-imx25-gcq.c index ea264fa9e567..929c617db364 100644 --- a/drivers/iio/adc/fsl-imx25-gcq.c +++ b/drivers/iio/adc/fsl-imx25-gcq.c @@ -209,12 +209,14 @@ static int mx25_gcq_setup_cfgs(struct platform_device *pdev, ret = of_property_read_u32(child, "reg", &reg); if (ret) { dev_err(dev, "Failed to get reg property\n"); + of_node_put(child); return ret; } if (reg >= MX25_NUM_CFGS) { dev_err(dev, "reg value is greater than the number of available configuration registers\n"); + of_node_put(child); return -EINVAL; } @@ -228,6 +230,7 @@ static int mx25_gcq_setup_cfgs(struct platform_device *pdev, if (IS_ERR(priv->vref[refp])) { dev_err(dev, "Error, trying to use external voltage reference without a vref-%s regulator.", mx25_gcq_refp_names[refp]); + of_node_put(child); return PTR_ERR(priv->vref[refp]); } priv->channel_vref_mv[reg] = @@ -240,6 +243,7 @@ static int mx25_gcq_setup_cfgs(struct platform_device *pdev, break; default: dev_err(dev, "Invalid positive reference %d\n", refp); + of_node_put(child); return -EINVAL; } @@ -254,10 +258,12 @@ static int mx25_gcq_setup_cfgs(struct platform_device *pdev, if ((refp & MX25_ADCQ_CFG_REFP_MASK) != refp) { dev_err(dev, "Invalid fsl,adc-refp property value\n"); + of_node_put(child); return -EINVAL; } if ((refn & MX25_ADCQ_CFG_REFN_MASK) != refn) { dev_err(dev, "Invalid fsl,adc-refn property value\n"); + of_node_put(child); return -EINVAL; } -- 2.19.0

7 years, 1 month

1
0
0 0

patch "Drivers: hv: vmbus: Use cpumask_var_t for on-stack cpu mask" added to char-misc-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled Drivers: hv: vmbus: Use cpumask_var_t for on-stack cpu mask to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. >From 25355252607ca288f329ee033f387764883393f6 Mon Sep 17 00:00:00 2001 From: Dexuan Cui <decui(a)microsoft.com> Date: Sun, 23 Sep 2018 21:10:44 +0000 Subject: Drivers: hv: vmbus: Use cpumask_var_t for on-stack cpu mask MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit A cpumask structure on the stack can cause a warning with CONFIG_NR_CPUS=8192 (e.g. Ubuntu 16.04 and 18.04 use this): drivers/hv//channel_mgmt.c: In function ‘init_vp_index’: drivers/hv//channel_mgmt.c:702:1: warning: the frame size of 1032 bytes is larger than 1024 bytes [-Wframe-larger-than=] Nowadays it looks most distros enable CONFIG_CPUMASK_OFFSTACK=y, and hence we can work around the warning by using cpumask_var_t. Signed-off-by: Dexuan Cui <decui(a)microsoft.com> Cc: K. Y. Srinivasan <kys(a)microsoft.com> Cc: Haiyang Zhang <haiyangz(a)microsoft.com> Cc: Stephen Hemminger <sthemmin(a)microsoft.com> Cc: <Stable(a)vger.kernel.org> Signed-off-by: K. Y. Srinivasan <kys(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/hv/channel_mgmt.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/drivers/hv/channel_mgmt.c b/drivers/hv/channel_mgmt.c index 6f3e6af5e891..6277597d3d58 100644 --- a/drivers/hv/channel_mgmt.c +++ b/drivers/hv/channel_mgmt.c @@ -594,16 +594,18 @@ static void init_vp_index(struct vmbus_channel *channel, u16 dev_type) bool perf_chn = vmbus_devs[dev_type].perf_device; struct vmbus_channel *primary = channel->primary_channel; int next_node; - struct cpumask available_mask; + cpumask_var_t available_mask; struct cpumask *alloced_mask; if ((vmbus_proto_version == VERSION_WS2008) || - (vmbus_proto_version == VERSION_WIN7) || (!perf_chn)) { + (vmbus_proto_version == VERSION_WIN7) || (!perf_chn) || + !alloc_cpumask_var(&available_mask, GFP_KERNEL)) { /* * Prior to win8, all channel interrupts are * delivered on cpu 0. * Also if the channel is not a performance critical * channel, bind it to cpu 0. + * In case alloc_cpumask_var() fails, bind it to cpu 0. */ channel->numa_node = 0; channel->target_cpu = 0; @@ -641,7 +643,7 @@ static void init_vp_index(struct vmbus_channel *channel, u16 dev_type) cpumask_clear(alloced_mask); } - cpumask_xor(&available_mask, alloced_mask, + cpumask_xor(available_mask, alloced_mask, cpumask_of_node(primary->numa_node)); cur_cpu = -1; @@ -659,10 +661,10 @@ static void init_vp_index(struct vmbus_channel *channel, u16 dev_type) } while (true) { - cur_cpu = cpumask_next(cur_cpu, &available_mask); + cur_cpu = cpumask_next(cur_cpu, available_mask); if (cur_cpu >= nr_cpu_ids) { cur_cpu = -1; - cpumask_copy(&available_mask, + cpumask_copy(available_mask, cpumask_of_node(primary->numa_node)); continue; } @@ -692,6 +694,8 @@ static void init_vp_index(struct vmbus_channel *channel, u16 dev_type) channel->target_cpu = cur_cpu; channel->target_vp = hv_cpu_number_to_vp_number(cur_cpu); + + free_cpumask_var(available_mask); } static void vmbus_wait_for_unload(void) -- 2.19.0

7 years, 1 month

1
0
0 0

patch "Drivers: hv: kvp: Fix two "this statement may fall through" warnings" added to char-misc-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled Drivers: hv: kvp: Fix two "this statement may fall through" warnings to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. >From fc62c3b1977d62e6374fd6e28d371bb42dfa5c9d Mon Sep 17 00:00:00 2001 From: Dexuan Cui <decui(a)microsoft.com> Date: Sun, 23 Sep 2018 21:10:43 +0000 Subject: Drivers: hv: kvp: Fix two "this statement may fall through" warnings We don't need to call process_ib_ipinfo() if message->kvp_hdr.operation is KVP_OP_GET_IP_INFO in kvp_send_key(), because here we just need to pass on the op code from the host to the userspace; when the userspace returns the info requested by the host, we pass the info on to the host in kvp_respond_to_host() -> process_ob_ipinfo(). BTW, the current buggy code actually doesn't cause any harm, because only message->kvp_hdr.operation is used by the userspace, in the case of KVP_OP_GET_IP_INFO. The patch also adds a missing "break;" in kvp_send_key(). BTW, the current buggy code actually doesn't cause any harm, because in the case of KVP_OP_SET, the unexpected fall-through corrupts message->body.kvp_set.data.key_size, but that is not really used: see the definition of struct hv_kvp_exchg_msg_value. Signed-off-by: Dexuan Cui <decui(a)microsoft.com> Cc: K. Y. Srinivasan <kys(a)microsoft.com> Cc: Haiyang Zhang <haiyangz(a)microsoft.com> Cc: Stephen Hemminger <sthemmin(a)microsoft.com> Cc: <Stable(a)vger.kernel.org> Signed-off-by: K. Y. Srinivasan <kys(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/hv/hv_kvp.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/hv/hv_kvp.c b/drivers/hv/hv_kvp.c index 023bd185d21a..a7513a8a8e37 100644 --- a/drivers/hv/hv_kvp.c +++ b/drivers/hv/hv_kvp.c @@ -353,7 +353,6 @@ static void process_ib_ipinfo(void *in_msg, void *out_msg, int op) out->body.kvp_ip_val.dhcp_enabled = in->kvp_ip_val.dhcp_enabled; - default: utf16s_to_utf8s((wchar_t *)in->kvp_ip_val.adapter_id, MAX_ADAPTER_ID_SIZE, UTF16_LITTLE_ENDIAN, @@ -406,7 +405,7 @@ kvp_send_key(struct work_struct *dummy) process_ib_ipinfo(in_msg, message, KVP_OP_SET_IP_INFO); break; case KVP_OP_GET_IP_INFO: - process_ib_ipinfo(in_msg, message, KVP_OP_GET_IP_INFO); + /* We only need to pass on message->kvp_hdr.operation. */ break; case KVP_OP_SET: switch (in_msg->body.kvp_set.data.value_type) { @@ -446,6 +445,9 @@ kvp_send_key(struct work_struct *dummy) break; } + + break; + case KVP_OP_GET: message->body.kvp_set.data.key_size = utf16s_to_utf8s( -- 2.19.0

7 years, 1 month

1
0
0 0

patch "w1: omap-hdq: fix missing bus unregister at removal" added to char-misc-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled w1: omap-hdq: fix missing bus unregister at removal to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. >From a007734618fee1bf35556c04fa498d41d42c7301 Mon Sep 17 00:00:00 2001 From: Andreas Kemnade <andreas(a)kemnade.info> Date: Sat, 22 Sep 2018 21:20:54 +0200 Subject: w1: omap-hdq: fix missing bus unregister at removal The bus master was not removed after unloading the module or unbinding the driver. That lead to oopses like this [ 127.842987] Unable to handle kernel paging request at virtual address bf01d04c [ 127.850646] pgd = 70e3cd9a [ 127.853698] [bf01d04c] *pgd=8f908811, *pte=00000000, *ppte=00000000 [ 127.860412] Internal error: Oops: 80000007 [#1] PREEMPT SMP ARM [ 127.866668] Modules linked in: bq27xxx_battery overlay [last unloaded: omap_hdq] [ 127.874542] CPU: 0 PID: 1022 Comm: w1_bus_master1 Not tainted 4.19.0-rc4-00001-g2d51da718324 #12 [ 127.883819] Hardware name: Generic OMAP36xx (Flattened Device Tree) [ 127.890441] PC is at 0xbf01d04c [ 127.893798] LR is at w1_search_process_cb+0x4c/0xfc [ 127.898956] pc : [<bf01d04c>] lr : [<c05f9580>] psr: a0070013 [ 127.905609] sp : cf885f48 ip : bf01d04c fp : ddf1e11c [ 127.911132] r10: cf8fe040 r9 : c05f8d00 r8 : cf8fe040 [ 127.916656] r7 : 000000f0 r6 : cf8fe02c r5 : cf8fe000 r4 : cf8fe01c [ 127.923553] r3 : c05f8d00 r2 : 000000f0 r1 : cf8fe000 r0 : dde1ef10 [ 127.930450] Flags: NzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none [ 127.938018] Control: 10c5387d Table: 8f8f0019 DAC: 00000051 [ 127.944091] Process w1_bus_master1 (pid: 1022, stack limit = 0x9135699f) [ 127.951171] Stack: (0xcf885f48 to 0xcf886000) [ 127.955810] 5f40: cf8fe000 00000000 cf884000 cf8fe090 000003e8 c05f8d00 [ 127.964477] 5f60: dde5fc34 c05f9700 ddf1e100 ddf1e540 cf884000 cf8fe000 c05f9694 00000000 [ 127.973114] 5f80: dde5fc34 c01499a4 00000000 ddf1e540 c0149874 00000000 00000000 00000000 [ 127.981781] 5fa0: 00000000 00000000 00000000 c01010e8 00000000 00000000 00000000 00000000 [ 127.990447] 5fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 127.999114] 5fe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000 [ 128.007781] [<c05f9580>] (w1_search_process_cb) from [<c05f9700>] (w1_process+0x6c/0x118) [ 128.016479] [<c05f9700>] (w1_process) from [<c01499a4>] (kthread+0x130/0x148) [ 128.024047] [<c01499a4>] (kthread) from [<c01010e8>] (ret_from_fork+0x14/0x2c) [ 128.031677] Exception stack(0xcf885fb0 to 0xcf885ff8) [ 128.037017] 5fa0: 00000000 00000000 00000000 00000000 [ 128.045684] 5fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 128.054351] 5fe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 128.061340] Code: bad PC value [ 128.064697] ---[ end trace af066e33c0e14119 ]--- Cc: <stable(a)vger.kernel.org> Signed-off-by: Andreas Kemnade <andreas(a)kemnade.info> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/w1/masters/omap_hdq.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/w1/masters/omap_hdq.c b/drivers/w1/masters/omap_hdq.c index 83fc9aab34e8..3099052e1243 100644 --- a/drivers/w1/masters/omap_hdq.c +++ b/drivers/w1/masters/omap_hdq.c @@ -763,6 +763,8 @@ static int omap_hdq_remove(struct platform_device *pdev) /* remove module dependency */ pm_runtime_disable(&pdev->dev); + w1_remove_master_device(&omap_w1_master); + return 0; } -- 2.19.0

7 years, 1 month

1
0
0 0

[PATCH] drm: fb-helper: Validate requested pixel format against bpp

by Eugeniy Paltsev

Validate requested pixel format against bits_per_pixel to reject invalid formats with subcomponents length sum is greater than requested bits_per_pixel. weston 5.0.0 with fbdev backend tries to set up an ARGB x8r8g8b8 pixel format without bits_per_pixel updating. So it can request x8r8g8b8 with 16 bpp which is obviously incorrect and should be rejected. Cc: stable(a)vger.kernel.org Signed-off-by: Eugeniy Paltsev <Eugeniy.Paltsev(a)synopsys.com> --- drivers/gpu/drm/drm_fb_helper.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/drivers/gpu/drm/drm_fb_helper.c b/drivers/gpu/drm/drm_fb_helper.c index 16ec93b75dbf..4f39da07f053 100644 --- a/drivers/gpu/drm/drm_fb_helper.c +++ b/drivers/gpu/drm/drm_fb_helper.c @@ -1610,6 +1610,13 @@ int drm_fb_helper_check_var(struct fb_var_screeninfo *var, return -EINVAL; } + if ((var->green.length + var->blue.length + var->red.length + + var->transp.length) > var->bits_per_pixel) { + DRM_DEBUG("fb requested pixel format can't fit in %d bpp\n", + var->bits_per_pixel); + return -EINVAL; + } + switch (var->bits_per_pixel) { case 16: depth = (var->green.length == 6) ? 16 : 15; -- 2.14.4

7 years, 1 month

4
5
0 0

Linux 3.16.59

by Ben Hutchings

I'm announcing the release of the 3.16.59 kernel. All users of the 3.16 kernel series should upgrade. The updated 3.16.y git tree can be found at: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-3.16.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git The diff from 3.16.58 is attached to this message. Ben. ------------ Documentation/ABI/testing/sysfs-devices-system-cpu | 1 + Documentation/cachetlb.txt | 8 +- Documentation/kernel-parameters.txt | 45 +++ Documentation/spec_ctrl.rst | 94 +++++ Documentation/vm/remap_file_pages.txt | 7 +- Makefile | 2 +- arch/alpha/include/asm/pgtable.h | 7 - arch/arc/include/asm/pgtable.h | 13 +- arch/arm/include/asm/pgtable-2level.h | 1 - arch/arm/include/asm/pgtable-3level.h | 1 - arch/arm/include/asm/pgtable-nommu.h | 2 - arch/arm/include/asm/pgtable.h | 20 +- arch/arm/mm/proc-macros.S | 2 +- arch/arm64/include/asm/pgtable.h | 22 +- arch/avr32/include/asm/pgtable.h | 25 -- arch/blackfin/include/asm/pgtable.h | 5 - arch/c6x/include/asm/pgtable.h | 5 - arch/cris/include/arch-v10/arch/mmu.h | 3 - arch/cris/include/arch-v32/arch/mmu.h | 3 - arch/cris/include/asm/pgtable.h | 4 - arch/frv/include/asm/pgtable.h | 27 +- arch/hexagon/include/asm/pgtable.h | 60 +-- arch/ia64/include/asm/pgtable.h | 25 +- arch/m32r/include/asm/pgtable-2level.h | 4 - arch/m32r/include/asm/pgtable.h | 11 - arch/m68k/include/asm/mcf_pgtable.h | 23 +- arch/m68k/include/asm/motorola_pgtable.h | 15 - arch/m68k/include/asm/pgtable_no.h | 2 - arch/m68k/include/asm/sun3_pgtable.h | 15 - arch/metag/include/asm/pgtable.h | 6 - arch/microblaze/include/asm/pgtable.h | 11 - arch/mips/include/asm/pgtable-32.h | 39 -- arch/mips/include/asm/pgtable-64.h | 9 - arch/mips/include/asm/pgtable-bits.h | 10 - arch/mips/include/asm/pgtable.h | 2 - arch/mn10300/include/asm/pgtable.h | 17 +- arch/openrisc/include/asm/pgtable.h | 8 - arch/openrisc/kernel/head.S | 5 - arch/parisc/include/asm/pgtable.h | 10 - arch/powerpc/include/asm/pgtable-ppc32.h | 9 +- arch/powerpc/include/asm/pgtable-ppc64.h | 5 +- arch/powerpc/include/asm/pgtable.h | 1 - arch/powerpc/include/asm/pte-40x.h | 1 - arch/powerpc/include/asm/pte-44x.h | 5 - arch/powerpc/include/asm/pte-8xx.h | 1 - arch/powerpc/include/asm/pte-book3e.h | 1 - arch/powerpc/include/asm/pte-fsl-booke.h | 3 - arch/powerpc/include/asm/pte-hash32.h | 1 - arch/powerpc/include/asm/pte-hash64.h | 1 - arch/powerpc/mm/pgtable_64.c | 2 +- arch/s390/include/asm/pgtable.h | 29 +- arch/score/include/asm/pgtable-bits.h | 1 - arch/score/include/asm/pgtable.h | 18 +- arch/sh/include/asm/pgtable_32.h | 30 +- arch/sh/include/asm/pgtable_64.h | 9 +- arch/sparc/include/asm/pgtable_32.h | 24 -- arch/sparc/include/asm/pgtable_64.h | 40 -- arch/sparc/include/asm/pgtsrmmu.h | 14 +- arch/tile/include/asm/pgtable.h | 11 - arch/tile/mm/homecache.c | 4 - arch/um/include/asm/pgtable-2level.h | 9 - arch/um/include/asm/pgtable-3level.h | 20 - arch/um/include/asm/pgtable.h | 9 - arch/unicore32/include/asm/pgtable-hwdef.h | 1 - arch/unicore32/include/asm/pgtable.h | 14 - arch/x86/include/asm/cpufeature.h | 21 +- arch/x86/include/asm/io.h | 6 + arch/x86/include/asm/kvm_host.h | 1 + arch/x86/include/asm/nospec-branch.h | 43 +- arch/x86/include/asm/page_32_types.h | 9 +- arch/x86/include/asm/pgtable-2level.h | 55 +-- arch/x86/include/asm/pgtable-3level.h | 49 ++- arch/x86/include/asm/pgtable-invert.h | 41 ++ arch/x86/include/asm/pgtable.h | 144 +++++-- arch/x86/include/asm/pgtable_64.h | 60 ++- arch/x86/include/asm/pgtable_types.h | 13 +- arch/x86/include/asm/processor.h | 5 + arch/x86/include/asm/spec-ctrl.h | 80 ++++ arch/x86/include/asm/thread_info.h | 10 +- arch/x86/include/uapi/asm/msr-index.h | 9 + arch/x86/kernel/cpu/amd.c | 22 + arch/x86/kernel/cpu/bugs.c | 441 ++++++++++++++++++++- arch/x86/kernel/cpu/common.c | 97 ++++- arch/x86/kernel/cpu/cpu.h | 3 + arch/x86/kernel/cpu/intel.c | 3 + arch/x86/kernel/process.c | 146 +++++++ arch/x86/kernel/setup.c | 6 + arch/x86/kernel/smpboot.c | 5 + arch/x86/kvm/cpuid.c | 21 +- arch/x86/kvm/cpuid.h | 16 +- arch/x86/kvm/svm.c | 72 +++- arch/x86/kvm/vmx.c | 27 +- arch/x86/kvm/x86.c | 7 +- arch/x86/mm/init.c | 24 ++ arch/x86/mm/kmmio.c | 25 +- arch/x86/mm/mmap.c | 21 + arch/x86/mm/pageattr.c | 6 +- arch/x86/mm/pat.c | 14 + arch/x86/tools/relocs.c | 5 +- arch/x86/xen/smp.c | 5 + arch/xtensa/include/asm/pgtable.h | 10 - drivers/base/cpu.c | 16 + drivers/block/floppy.c | 3 + drivers/gpu/drm/ast/ast_ttm.c | 6 + drivers/gpu/drm/cirrus/cirrus_ttm.c | 7 + drivers/gpu/drm/drm_vma_manager.c | 3 +- drivers/gpu/drm/mgag200/mgag200_ttm.c | 7 + drivers/gpu/drm/nouveau/nouveau_ttm.c | 8 + drivers/gpu/drm/radeon/radeon_object.c | 5 + drivers/hid/hid-debug.c | 8 +- drivers/macintosh/via-cuda.c | 16 +- drivers/target/iscsi/iscsi_target_auth.c | 30 +- fs/9p/vfs_file.c | 2 - fs/btrfs/file.c | 1 - fs/ceph/addr.c | 1 - fs/cifs/file.c | 1 - fs/exec.c | 11 +- fs/ext4/file.c | 1 - fs/f2fs/file.c | 1 - fs/fuse/file.c | 1 - fs/gfs2/file.c | 1 - fs/inode.c | 1 - fs/nfs/file.c | 1 - fs/nilfs2/file.c | 1 - fs/ocfs2/mmap.c | 1 - fs/proc/array.c | 26 ++ fs/proc/task_mmu.c | 15 - fs/ubifs/file.c | 1 - fs/xfs/xfs_file.c | 1 - include/asm-generic/pgtable.h | 27 +- include/linux/cpu.h | 4 + include/linux/fs.h | 6 +- include/linux/io.h | 22 + include/linux/mm.h | 50 +-- include/linux/mm_types.h | 12 +- include/linux/nospec.h | 10 + include/linux/rmap.h | 2 - include/linux/sched.h | 10 +- include/linux/seccomp.h | 2 + include/linux/swapfile.h | 2 + include/linux/swapops.h | 4 +- include/linux/vm_event_item.h | 2 - include/uapi/linux/prctl.h | 12 + include/uapi/linux/seccomp.h | 3 + kernel/fork.c | 8 +- kernel/seccomp.c | 16 +- kernel/sys.c | 23 ++ mm/Makefile | 2 +- mm/filemap.c | 1 - mm/filemap_xip.c | 1 - mm/fremap.c | 283 ------------- mm/gup.c | 2 +- mm/interval_tree.c | 34 +- mm/ksm.c | 2 +- mm/madvise.c | 13 +- mm/memcontrol.c | 7 +- mm/memory.c | 285 ++++++------- mm/migrate.c | 32 -- mm/mincore.c | 9 +- mm/mmap.c | 117 +++++- mm/mprotect.c | 51 ++- mm/mremap.c | 2 - mm/msync.c | 5 +- mm/nommu.c | 8 - mm/pagewalk.c | 213 +++++----- mm/rmap.c | 222 +---------- mm/shmem.c | 1 - mm/swap.c | 4 +- mm/swapfile.c | 46 ++- net/irda/af_irda.c | 13 +- 170 files changed, 2214 insertions(+), 1884 deletions(-) Andi Kleen (10): x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation x86/speculation/l1tf: Make sure the first page is always reserved x86/speculation/l1tf: Add sysfs reporting for l1tf x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings x86/speculation/l1tf: Limit swap file size to MAX_PA/2 x86/speculation/l1tf: Invert all not present mappings x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert x86/mm/pat: Make set_memory_np() L1TF safe x86/mm/kmmio: Make the tracer robust against L1TF Andy Lutomirski (2): mm: Add vm_insert_pfn_prot() mm/vmstat: Make NR_TLB_REMOTE_FLUSH_RECEIVED available even on UP Andy Whitcroft (1): floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl Ben Hutchings (4): x86/cpufeatures: Show KAISER in cpuinfo x86: mm: Add PUD functions x86/speculation/l1tf: Protect NUMA-balance entries against L1TF Linux 3.16.59 Borislav Petkov (3): Documentation/spec_ctrl: Do some minor cleanups x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP x86/bugs: Unify x86_spec_ctrl_{set_guest,restore_host} Dan Williams (1): mm: fix cache mode tracking in vm_insert_mixed() Daniel Rosenberg (1): HID: debug: check length before copy_to_user() Dave Airlie (2): x86/io: add interface to reserve io memtype for a resource range. (v1.1) drm/drivers: add support for using the arch wc mapping API. Dave Hansen (1): x86/mm: Move swap offset/type up in PTE to work around erratum Finn Thain (1): via-cuda: Use spinlock_irq_save/restore instead of enable/disable_irq Jim Mattson (1): x86/cpu: Make alternative_msr_write work for 32-bit code Jiri Kosina (3): x86/bugs: Fix __ssb_select_mitigation() return type x86/bugs: Make cpu_show_common() static x86/speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures Juergen Gross (1): x86/xen: Add call of speculative_store_bypass_ht_init() to PV paths Kees Cook (6): nospec: Allow getting/setting on non-current task proc: Provide details on speculation flaw mitigations seccomp: Enable speculation flaw mitigations seccomp: Add filter flag to opt-out of SSB mitigation x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass exec: Limit arg stack to at most 75% of _STK_LIM Kirill A. Shutemov (39): mm: replace remap_file_pages() syscall with emulation mm: fix regression in remap_file_pages() emulation mm: drop support of non-linear mapping from unmap/zap codepath mm: drop support of non-linear mapping from fault codepath mm: drop vm_ops->remap_pages and generic_file_remap_pages() stub proc: drop handling non-linear mappings rmap: drop support of non-linear mappings mm: replace vma->sharead.linear with vma->shared mm: remove rest usage of VM_NONLINEAR and pte_file() asm-generic: drop unused pte_file* helpers alpha: drop _PAGE_FILE and pte_file()-related helpers arc: drop _PAGE_FILE and pte_file()-related helpers arm64: drop PTE_FILE and pte_file()-related helpers arm: drop L_PTE_FILE and pte_file()-related helpers avr32: drop _PAGE_FILE and pte_file()-related helpers blackfin: drop pte_file() c6x: drop pte_file() cris: drop _PAGE_FILE and pte_file()-related helpers frv: drop _PAGE_FILE and pte_file()-related helpers hexagon: drop _PAGE_FILE and pte_file()-related helpers ia64: drop _PAGE_FILE and pte_file()-related helpers m32r: drop _PAGE_FILE and pte_file()-related helpers m68k: drop _PAGE_FILE and pte_file()-related helpers metag: drop _PAGE_FILE and pte_file()-related helpers microblaze: drop _PAGE_FILE and pte_file()-related helpers mips: drop _PAGE_FILE and pte_file()-related helpers mn10300: drop _PAGE_FILE and pte_file()-related helpers openrisc: drop _PAGE_FILE and pte_file()-related helpers parisc: drop _PAGE_FILE and pte_file()-related helpers s390: drop pte_file()-related helpers score: drop _PAGE_FILE and pte_file()-related helpers sh: drop _PAGE_FILE and pte_file()-related helpers sparc: drop pte_file()-related helpers tile: drop pte_file()-related helpers um: drop _PAGE_FILE and pte_file()-related helpers unicore32: drop pte_file()-related helpers x86: drop _PAGE_FILE and pte_file()-related helpers xtensa: drop _PAGE_FILE and pte_file()-related helpers powerpc: drop _PAGE_FILE and pte_file()-related helpers Konrad Rzeszutek Wilk (17): x86/bugs: Concentrate bug detection into a separate function x86/bugs: Concentrate bug reporting into a separate function x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits x86/bugs, KVM: Support the combination of guest and host IBRS x86/bugs: Expose /sys/../spec_store_bypass x86/cpufeatures: Add X86_FEATURE_RDS x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation x86/bugs/intel: Set proper CPU features and setup RDS x86/bugs: Whitelist allowed SPEC_CTRL MSR values x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest x86/bugs: Rename _RDS to _SSBD proc: Use underscores for SSBD in 'status' x86/bugs: Fix the parameters alignment and missing void x86/bugs: Rename SSBD_NO to SSB_NO KVM/VMX: Expose SSBD properly to guests x86/bugs: Move the l1tf function and define pr_fmt properly Linus Torvalds (3): x86/nospec: Simplify alternative_msr_write() x86/speculation/l1tf: Change order of offset/type in swap entry x86/speculation/l1tf: Protect swap entries against L1TF Markus Trippelsdorf (1): x86/tools: Fix gcc-7 warning in relocs.c Michal Hocko (1): x86/speculation/l1tf: Fix up pte->pfn conversion for PAE Naoya Horiguchi (3): mm: x86: move _PAGE_SWP_SOFT_DIRTY from bit 7 to bit 1 mm/pagewalk: remove pgd_entry() and pud_entry() pagewalk: improve vma handling Sean Christopherson (1): x86/speculation/l1tf: Exempt zeroed PTEs from inversion Thomas Gleixner (19): x86/speculation: Create spec-ctrl.h to avoid include hell prctl: Add speculation control prctls x86/process: Allow runtime control of Speculative Store Bypass x86/speculation: Add prctl for Speculative Store Bypass mitigation prctl: Add force disable speculation seccomp: Use PR_SPEC_FORCE_DISABLE seccomp: Move speculation migitation control to arch code KVM: SVM: Move spec control call after restore of GS x86/cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS x86/cpufeatures: Disentangle SSBD enumeration x86/cpufeatures: Add FEATURE_ZEN x86/speculation: Handle HT correctly on AMD x86/bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL x86/speculation: Rework speculative_store_bypass_update() x86/bugs: Expose x86_spec_ctrl_base directly x86/bugs: Remove x86_spec_ctrl_set() x86/bugs: Rework spec_ctrl base and mask logic x86/speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG KVM: x86: SVM: Call x86_spec_ctrl_set_guest/host() with interrupts disabled Tom Lendacky (2): x86/speculation: Add virtualized speculative store bypass disable support KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD Tyler Hicks (2): irda: Fix memory leak caused by repeated binds of irda socket irda: Only insert new objects into the global database via setsockopt Vincent Pelletier (1): scsi: target: iscsi: Use hex2bin instead of a re-implementation Vlastimil Babka (6): x86/init: fix build with CONFIG_SWAP=n x86/speculation/l1tf: Extend 64bit swap file size limit x86/speculation/l1tf: Protect PAE swap entries against L1TF x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM x86/speculation/l1tf: Suggest what to do on systems with too much RAM

7 years, 1 month

1
0
0 0

[PATCH v2] f2fs: fix to recover cold bit of inode block during POR

by Chao Yu

From: Chao Yu <yuchao0(a)huawei.com> Testcase to reproduce this bug: 1. mkfs.f2fs /dev/sdd 2. mount -t f2fs /dev/sdd /mnt/f2fs 3. touch /mnt/f2fs/file 4. sync 5. chattr +A /mnt/f2fs/file 6. xfs_io -f /mnt/f2fs/file -c "fsync" 7. godown /mnt/f2fs 8. umount /mnt/f2fs 9. mount -t f2fs /dev/sdd /mnt/f2fs 10. chattr -A /mnt/f2fs/file 11. xfs_io -f /mnt/f2fs/file -c "fsync" 12. umount /mnt/f2fs 13. mount -t f2fs /dev/sdd /mnt/f2fs 14. lsattr /mnt/f2fs/file -----------------N- /mnt/f2fs/file But actually, we expect the corrct result is: -------A---------N- /mnt/f2fs/file The reason is in step 9) we missed to recover cold bit flag in inode block, so later, in fsync, we will skip write inode block due to below condition check, result in lossing data in another SPOR. f2fs_fsync_node_pages() if (!IS_DNODE(page) || !is_cold_node(page)) continue; Note that, I guess that some non-dir inode has already lost cold bit during POR, so in order to reenable recovery for those inode, let's try to recover cold bit in f2fs_iget() to save more fsynced data. Fixes: c56675750d7c ("f2fs: remove unneeded set_cold_node()") Cc: <stable(a)vger.kernel.org> 4.17+ Signed-off-by: Chao Yu <yuchao0(a)huawei.com> --- v2: - call set_page_dirty to recalculate checksum. fs/f2fs/inode.c | 6 ++++++ fs/f2fs/node.c | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/fs/f2fs/inode.c b/fs/f2fs/inode.c index 86e7333d60c1..4edfa03f3807 100644 --- a/fs/f2fs/inode.c +++ b/fs/f2fs/inode.c @@ -365,6 +365,12 @@ static int do_read_inode(struct inode *inode) if (f2fs_has_inline_data(inode) && !f2fs_exist_data(inode)) __recover_inline_status(inode, node_page); + /* try to recover cold bit for non-dir inode */ + if (!S_ISDIR(inode->i_mode) && !is_cold_node(node_page)) { + set_cold_node(node_page, false); + set_page_dirty(node_page); + } + /* get rdev by using inline_info */ __get_inode_rdev(inode, ri); diff --git a/fs/f2fs/node.c b/fs/f2fs/node.c index b1e3ff8147f6..033ce067509e 100644 --- a/fs/f2fs/node.c +++ b/fs/f2fs/node.c @@ -2542,7 +2542,7 @@ int f2fs_recover_inode_page(struct f2fs_sb_info *sbi, struct page *page) if (!PageUptodate(ipage)) SetPageUptodate(ipage); fill_node_footer(ipage, ino, ino, 0, true); - set_cold_node(page, false); + set_cold_node(ipage, false); src = F2FS_INODE(page); dst = F2FS_INODE(ipage); -- 2.18.0

7 years, 1 month

1
0
0 0

v3.16.59 build: 0 failures 17 warnings (v3.16.59)

by Build bot for Mark Brown

Tree/Branch: v3.16.59 Git describe: v3.16.59 Commit: 58fb9b51d6 Linux 3.16.59 Build Time: 33 min 49 sec Passed: 10 / 10 (100.00 %) Failed: 0 / 10 ( 0.00 %) Errors: 0 Warnings: 17 Section Mismatches: 0 ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): 5 warnings 0 mismatches : arm64-allmodconfig 2 warnings 0 mismatches : arm-multi_v5_defconfig 2 warnings 0 mismatches : arm-multi_v7_defconfig 1 warnings 0 mismatches : x86_64-defconfig 6 warnings 0 mismatches : arm-allmodconfig 1 warnings 0 mismatches : arm-allnoconfig 1 warnings 0 mismatches : x86_64-allnoconfig 9 warnings 0 mismatches : x86_64-allmodconfig 2 warnings 0 mismatches : arm64-defconfig ------------------------------------------------------------------------------- Warnings Summary: 17 7 <stdin>:1238:2: warning: #warning syscall seccomp not implemented [-Wcpp] 2 ../ipc/sem.c:377:6: warning: '___p1' may be used uninitialized in this function [-Wmaybe-uninitialized] 2 ../drivers/staging/vt6656/main_usb.c:1101:7: warning: this 'if' clause does not guard... [-Wmisleading-indentation] 2 ../drivers/staging/vt6656/dpc.c:712:5: warning: this 'if' clause does not guard... [-Wmisleading-indentation] 2 ../drivers/net/ethernet/broadcom/genet/bcmgenet.c:1346:17: warning: unused variable 'kdev' [-Wunused-variable] 2 ../drivers/media/dvb-frontends/drxk_hard.c:2223:3: warning: this 'if' clause does not guard... [-Wmisleading-indentation] 2 ../drivers/media/dvb-frontends/drxd_hard.c:2631:3: warning: this 'if' clause does not guard... [-Wmisleading-indentation] 1 ../drivers/staging/rtl8192ee/rtl8192ee/hw.c:529:5: warning: this 'if' clause does not guard... [-Wmisleading-indentation] 1 ../drivers/staging/rtl8192ee/rtl8192ee/hw.c:524:4: warning: this 'if' clause does not guard... [-Wmisleading-indentation] 1 ../drivers/staging/rtl8192ee/btcoexist/halbtc8821a2ant.c:2338:2: warning: this 'else' clause does not guard... [-Wmisleading-indentation] 1 ../drivers/scsi/fnic/fnic_fcs.c:104:6: warning: this 'else' clause does not guard... [-Wmisleading-indentation] 1 ../drivers/platform/x86/eeepc-laptop.c:279:10: warning: 'value' may be used uninitialized in this function [-Wmaybe-uninitialized] 1 ../drivers/net/wireless/rtlwifi/rtl8723be/hw.c:1132:2: warning: this 'else' clause does not guard... [-Wmisleading-indentation] 1 ../drivers/mtd/nand/omap2.c:1318:12: warning: 'omap_calculate_ecc_bch_multi' defined but not used [-Wunused-function] 1 ../drivers/media/platform/davinci/vpfe_capture.c:291:12: warning: 'vpfe_get_ccdc_image_format' defined but not used [-Wunused-function] 1 ../drivers/media/platform/davinci/vpfe_capture.c:1718:1: warning: label 'unlock_out' defined but not used [-Wunused-label] 1 ../arch/x86/kernel/cpu/common.c:1160:13: warning: 'syscall32_cpu_init' defined but not used [-Wunused-function] =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- arm64-allmodconfig : PASS, 0 errors, 5 warnings, 0 section mismatches Warnings: ../drivers/media/dvb-frontends/drxd_hard.c:2631:3: warning: this 'if' clause does not guard... [-Wmisleading-indentation] ../drivers/media/dvb-frontends/drxk_hard.c:2223:3: warning: this 'if' clause does not guard... [-Wmisleading-indentation] ../drivers/net/ethernet/broadcom/genet/bcmgenet.c:1346:17: warning: unused variable 'kdev' [-Wunused-variable] ../drivers/staging/vt6656/main_usb.c:1101:7: warning: this 'if' clause does not guard... [-Wmisleading-indentation] ../drivers/staging/vt6656/dpc.c:712:5: warning: this 'if' clause does not guard... [-Wmisleading-indentation] ------------------------------------------------------------------------------- arm-multi_v5_defconfig : PASS, 0 errors, 2 warnings, 0 section mismatches Warnings: <stdin>:1238:2: warning: #warning syscall seccomp not implemented [-Wcpp] <stdin>:1238:2: warning: #warning syscall seccomp not implemented [-Wcpp] ------------------------------------------------------------------------------- arm-multi_v7_defconfig : PASS, 0 errors, 2 warnings, 0 section mismatches Warnings: <stdin>:1238:2: warning: #warning syscall seccomp not implemented [-Wcpp] <stdin>:1238:2: warning: #warning syscall seccomp not implemented [-Wcpp] ------------------------------------------------------------------------------- x86_64-defconfig : PASS, 0 errors, 1 warnings, 0 section mismatches Warnings: ../drivers/platform/x86/eeepc-laptop.c:279:10: warning: 'value' may be used uninitialized in this function [-Wmaybe-uninitialized] ------------------------------------------------------------------------------- arm-allmodconfig : PASS, 0 errors, 6 warnings, 0 section mismatches Warnings: <stdin>:1238:2: warning: #warning syscall seccomp not implemented [-Wcpp] ../drivers/media/platform/davinci/vpfe_capture.c:1718:1: warning: label 'unlock_out' defined but not used [-Wunused-label] ../drivers/media/platform/davinci/vpfe_capture.c:291:12: warning: 'vpfe_get_ccdc_image_format' defined but not used [-Wunused-function] ../drivers/mtd/nand/omap2.c:1318:12: warning: 'omap_calculate_ecc_bch_multi' defined but not used [-Wunused-function] ../drivers/net/ethernet/broadcom/genet/bcmgenet.c:1346:17: warning: unused variable 'kdev' [-Wunused-variable] <stdin>:1238:2: warning: #warning syscall seccomp not implemented [-Wcpp] ------------------------------------------------------------------------------- arm-allnoconfig : PASS, 0 errors, 1 warnings, 0 section mismatches Warnings: <stdin>:1238:2: warning: #warning syscall seccomp not implemented [-Wcpp] ------------------------------------------------------------------------------- x86_64-allnoconfig : PASS, 0 errors, 1 warnings, 0 section mismatches Warnings: ../arch/x86/kernel/cpu/common.c:1160:13: warning: 'syscall32_cpu_init' defined but not used [-Wunused-function] ------------------------------------------------------------------------------- x86_64-allmodconfig : PASS, 0 errors, 9 warnings, 0 section mismatches Warnings: ../drivers/media/dvb-frontends/drxd_hard.c:2631:3: warning: this 'if' clause does not guard... [-Wmisleading-indentation] ../drivers/media/dvb-frontends/drxk_hard.c:2223:3: warning: this 'if' clause does not guard... [-Wmisleading-indentation] ../drivers/scsi/fnic/fnic_fcs.c:104:6: warning: this 'else' clause does not guard... [-Wmisleading-indentation] ../drivers/net/wireless/rtlwifi/rtl8723be/hw.c:1132:2: warning: this 'else' clause does not guard... [-Wmisleading-indentation] ../drivers/staging/rtl8192ee/rtl8192ee/hw.c:524:4: warning: this 'if' clause does not guard... [-Wmisleading-indentation] ../drivers/staging/rtl8192ee/rtl8192ee/hw.c:529:5: warning: this 'if' clause does not guard... [-Wmisleading-indentation] ../drivers/staging/rtl8192ee/btcoexist/halbtc8821a2ant.c:2338:2: warning: this 'else' clause does not guard... [-Wmisleading-indentation] ../drivers/staging/vt6656/main_usb.c:1101:7: warning: this 'if' clause does not guard... [-Wmisleading-indentation] ../drivers/staging/vt6656/dpc.c:712:5: warning: this 'if' clause does not guard... [-Wmisleading-indentation] ------------------------------------------------------------------------------- arm64-defconfig : PASS, 0 errors, 2 warnings, 0 section mismatches Warnings: ../ipc/sem.c:377:6: warning: '___p1' may be used uninitialized in this function [-Wmaybe-uninitialized] ../ipc/sem.c:377:6: warning: '___p1' may be used uninitialized in this function [-Wmaybe-uninitialized] ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches: arm64-allnoconfig

7 years, 1 month

1
0
0 0

[PULL 1/1] s390/cio: Fix how vfio-ccw checks pinned pages

by Cornelia Huck

From: Eric Farman <farman(a)linux.ibm.com> We have two nested loops to check the entries within the pfn_array_table arrays. But we mistakenly use the outer array as an index in our check, and completely ignore the indexing performed by the inner loop. Cc: stable(a)vger.kernel.org Signed-off-by: Eric Farman <farman(a)linux.ibm.com> Message-Id: <20181002010235.42483-1-farman(a)linux.ibm.com> Signed-off-by: Cornelia Huck <cohuck(a)redhat.com> --- drivers/s390/cio/vfio_ccw_cp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/s390/cio/vfio_ccw_cp.c b/drivers/s390/cio/vfio_ccw_cp.c index dbe7c7ac9ac8..fd77e46eb3b2 100644 --- a/drivers/s390/cio/vfio_ccw_cp.c +++ b/drivers/s390/cio/vfio_ccw_cp.c @@ -163,7 +163,7 @@ static bool pfn_array_table_iova_pinned(struct pfn_array_table *pat, for (i = 0; i < pat->pat_nr; i++, pa++) for (j = 0; j < pa->pa_nr; j++) - if (pa->pa_iova_pfn[i] == iova_pfn) + if (pa->pa_iova_pfn[j] == iova_pfn) return true; return false; -- 2.14.4

7 years, 1 month

2
1
0 0

[PATCH] selinux: fix race when removing selinuxfs entries

by Ondrej Mosnacek

Letting the following set of commands run long enough on a multi-core machine causes soft lockups in the kernel: (cd /sys/fs/selinux/; while true; do find >/dev/null 2>&1; done) & (cd /sys/fs/selinux/; while true; do find >/dev/null 2>&1; done) & (cd /sys/fs/selinux/; while true; do find >/dev/null 2>&1; done) & while true; do load_policy; echo -n .; sleep 0.1; done The problem is that sel_remove_entries() calls d_genocide() to remove the whole contents of certain subdirectories in /sys/fs/selinux/. This function is apparently only intended for removing filesystem entries that are no longer accessible to userspace, because it doesn't follow the rule that any code removing entries from a directory must hold the write lock on the directory's inode RW semaphore (formerly this was a mutex, see 9902af79c01a ("parallel lookups: actual switch to rwsem")). In order to fix this, I had to open-code d_genocide() again, adding the necessary parent inode locking. I based the new implementation on d_walk() (fs/dcache.c), the original code from before ad52184b705c ("selinuxfs: don't open-code d_genocide()"), and with a slight inspiration from debugfs_remove() (fs/debugfs/inode.c). The new code no longer triggers soft lockups with the above reproducer and it also gives no warnings when run with CONFIG_PROVE_LOCKING=y. Note that I am adding Fixes: on the commit that replaced the open-coded version with d_genocide(), but the bug is present also in the original code that dates back to pre-2.6 times... This patch obviously doesn't apply to this older code so pre-4.0 kernels will need a dedicated patch (just adding the parent inode locks should be sufficient there). Link: https://github.com/SELinuxProject/selinux-kernel/issues/42 Fixes: ad52184b705c ("selinuxfs: don't open-code d_genocide()") Cc: <stable(a)vger.kernel.org> # 4.0+ Cc: Stephen Smalley <sds(a)tycho.nsa.gov> Cc: Al Viro <viro(a)zeniv.linux.org.uk> Signed-off-by: Ondrej Mosnacek <omosnace(a)redhat.com> --- security/selinux/selinuxfs.c | 88 ++++++++++++++++++++++++++++++++++-- 1 file changed, 85 insertions(+), 3 deletions(-) diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index f3a5a138a096..4ac9b17e24d1 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -1316,10 +1316,92 @@ static const struct file_operations sel_commit_bools_ops = { .llseek = generic_file_llseek, }; -static void sel_remove_entries(struct dentry *de) +/* removes all children of the given dentry (but not itself) */ +static void sel_remove_entries(struct dentry *root) { - d_genocide(de); - shrink_dcache_parent(de); + struct dentry *parent = root; + struct dentry *child; + struct list_head *next; + + spin_lock(&parent->d_lock); + +repeat: + next = parent->d_subdirs.next; + + while (next != &parent->d_subdirs) { + child = list_entry(next, struct dentry, d_child); + next = next->next; + + spin_lock_nested(&child->d_lock, DENTRY_D_LOCK_NESTED); + + if (!list_empty(&child->d_subdirs)) { + /* Current entry has children, we need to remove those + * first. We unlock the parent but keep the child locked + * (it will become the new parent). */ + spin_unlock(&parent->d_lock); + + /* we need to re-lock the child (new parent) in a + * special way (see d_walk() in fs/dcache.c) */ + spin_release(&child->d_lock.dep_map, 1, _RET_IP_); + parent = child; + spin_acquire(&parent->d_lock.dep_map, 0, 1, _RET_IP_); + + goto repeat; + } + +resume: + if (child->d_inode) { + /* acquire a reference to the child */ + dget_dlock(child); + + /* drop all locks (someof the callees will try to + * acquire them) */ + spin_unlock(&child->d_lock); + spin_unlock(&parent->d_lock); + + /* IMPORTANT: we need to hold the parent's inode lock + * because some functions (namely dcache_readdir) assume + * holding this lock means children won't be removed */ + inode_lock_nested(parent->d_inode, I_MUTEX_PARENT); + + /* now unlink the child */ + if (d_is_dir(child)) + simple_rmdir(d_inode(parent), child); + else + simple_unlink(d_inode(parent), child); + d_delete(child); + + inode_unlock(parent->d_inode); + + /* drop our extra reference */ + dput(child); + + /* re-lock only the parent */ + spin_lock(&parent->d_lock); + } else + spin_unlock(&child->d_lock); + } + + if (parent != root) { + /* we processed contents of a subdirectory, ascend and continue + * by removing the subdirectory itself (now empty) */ + child = parent; + parent = child->d_parent; + + /* we have to re-lock the child after locking the parent */ + spin_unlock(&child->d_lock); + spin_lock(&parent->d_lock); + spin_lock_nested(&child->d_lock, DENTRY_D_LOCK_NESTED); + + /* set next to the next sibling */ + next = child->d_child.next; + goto resume; + } + + spin_unlock(&root->d_lock); + + /* try to clean up the stale entries */ + shrink_dcache_parent(root); } #define BOOL_DIR_NAME "booleans" -- 2.17.1

7 years, 1 month

3
3
0 0

[PATCH 2/4] drm/i915: Handle incomplete Z_FINISH for compressed error states

by Chris Wilson

The final call to zlib_deflate(Z_FINISH) may require more output space to be allocated and so needs to re-invoked. Failure to do so in the current code leads to incomplete zlib streams (albeit intact due to the use of Z_SYNC_FLUSH) resulting in the occasional short object capture. Testcase: igt/i915-error-capture.js Fixes: 0a97015d45ee ("drm/i915: Compress GPU objects in error state") Signed-off-by: Chris Wilson <chris(a)chris-wilson.co.uk> Cc: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> # v4.10+ --- drivers/gpu/drm/i915/i915_gpu_error.c | 60 +++++++++++++++++++++------ 1 file changed, 47 insertions(+), 13 deletions(-) diff --git a/drivers/gpu/drm/i915/i915_gpu_error.c b/drivers/gpu/drm/i915/i915_gpu_error.c index 3d5554f14dfd..ed8c16cbfaa4 100644 --- a/drivers/gpu/drm/i915/i915_gpu_error.c +++ b/drivers/gpu/drm/i915/i915_gpu_error.c @@ -237,6 +237,7 @@ static int compress_page(struct compress *c, struct drm_i915_error_object *dst) { struct z_stream_s *zstream = &c->zstream; + int flush = Z_NO_FLUSH; zstream->next_in = src; if (c->tmp && i915_memcpy_from_wc(c->tmp, src, PAGE_SIZE)) @@ -257,8 +258,11 @@ static int compress_page(struct compress *c, zstream->avail_out = PAGE_SIZE; } - if (zlib_deflate(zstream, Z_SYNC_FLUSH) != Z_OK) + if (zlib_deflate(zstream, flush) != Z_OK) return -EIO; + + if (zstream->avail_out) + flush = Z_SYNC_FLUSH; } while (zstream->avail_in); /* Fallback to uncompressed if we increase size? */ @@ -268,19 +272,43 @@ static int compress_page(struct compress *c, return 0; } -static void compress_fini(struct compress *c, +static int compress_flush(struct compress *c, struct drm_i915_error_object *dst) { struct z_stream_s *zstream = &c->zstream; + unsigned long page; - if (dst) { - zlib_deflate(zstream, Z_FINISH); - dst->unused = zstream->avail_out; - } + do { + switch (zlib_deflate(zstream, Z_FINISH)) { + case Z_OK: /* more space requested */ + page = __get_free_page(GFP_ATOMIC | __GFP_NOWARN); + if (!page) + return -ENOMEM; + + dst->pages[dst->page_count++] = (void *)page; + zstream->next_out = (void *)page; + zstream->avail_out = PAGE_SIZE; + break; + case Z_STREAM_END: + goto end; + default: /* any error */ + return -EIO; + } + } while (1); + +end: + memset(zstream->next_out, 0, zstream->avail_out); + dst->unused = zstream->avail_out; + return 0; +} + +static void compress_fini(struct compress *c, + struct drm_i915_error_object *dst) +{ + struct z_stream_s *zstream = &c->zstream; zlib_deflateEnd(zstream); kfree(zstream->workspace); - if (c->tmp) free_page((unsigned long)c->tmp); } @@ -319,6 +347,12 @@ static int compress_page(struct compress *c, return 0; } +static int compress_flush(struct compress *c, + struct drm_i915_error_object *dst) +{ + return 0; +} + static void compress_fini(struct compress *c, struct drm_i915_error_object *dst) { @@ -951,15 +985,15 @@ i915_error_object_create(struct drm_i915_private *i915, if (ret) goto unwind; } - goto out; + if (compress_flush(&compress, dst)) { unwind: - while (dst->page_count--) - free_page((unsigned long)dst->pages[dst->page_count]); - kfree(dst); - dst = NULL; + while (dst->page_count--) + free_page((unsigned long)dst->pages[dst->page_count]); + kfree(dst); + dst = NULL; + } -out: compress_fini(&compress, dst); ggtt->vm.clear_range(&ggtt->vm, slot, PAGE_SIZE); return dst; -- 2.19.0

7 years, 1 month

2
4
0 0

[git:media_tree/fixes] media: v4l: event: Prevent freeing event subscriptions while accessed

by Mauro Carvalho Chehab

This is an automatic generated email to let you know that the following patch were queued: Subject: media: v4l: event: Prevent freeing event subscriptions while accessed Author: Sakari Ailus <sakari.ailus(a)linux.intel.com> Date: Tue Sep 11 05:32:37 2018 -0400 The event subscriptions are added to the subscribed event list while holding a spinlock, but that lock is subsequently released while still accessing the subscription object. This makes it possible to unsubscribe the event --- and freeing the subscription object's memory --- while the subscription object is simultaneously accessed. Prevent this by adding a mutex to serialise the event subscription and unsubscription. This also gives a guarantee to the callback ops that the add op has returned before the del op is called. This change also results in making the elems field less special: subscriptions are only added to the event list once they are fully initialised. Signed-off-by: Sakari Ailus <sakari.ailus(a)linux.intel.com> Reviewed-by: Hans Verkuil <hans.verkuil(a)cisco.com> Reviewed-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> Cc: stable(a)vger.kernel.org # for 4.14 and up Fixes: c3b5b0241f62 ("V4L/DVB: V4L: Events: Add backend") Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> drivers/media/v4l2-core/v4l2-event.c | 38 +++++++++++++++++++----------------- drivers/media/v4l2-core/v4l2-fh.c | 2 ++ include/media/v4l2-fh.h | 4 ++++ 3 files changed, 26 insertions(+), 18 deletions(-) --- diff --git a/drivers/media/v4l2-core/v4l2-event.c b/drivers/media/v4l2-core/v4l2-event.c index 127fe6eb91d9..a3ef1f50a4b3 100644 --- a/drivers/media/v4l2-core/v4l2-event.c +++ b/drivers/media/v4l2-core/v4l2-event.c @@ -115,14 +115,6 @@ static void __v4l2_event_queue_fh(struct v4l2_fh *fh, const struct v4l2_event *e if (sev == NULL) return; - /* - * If the event has been added to the fh->subscribed list, but its - * add op has not completed yet elems will be 0, treat this as - * not being subscribed. - */ - if (!sev->elems) - return; - /* Increase event sequence number on fh. */ fh->sequence++; @@ -208,6 +200,7 @@ int v4l2_event_subscribe(struct v4l2_fh *fh, struct v4l2_subscribed_event *sev, *found_ev; unsigned long flags; unsigned i; + int ret = 0; if (sub->type == V4L2_EVENT_ALL) return -EINVAL; @@ -225,31 +218,36 @@ int v4l2_event_subscribe(struct v4l2_fh *fh, sev->flags = sub->flags; sev->fh = fh; sev->ops = ops; + sev->elems = elems; + + mutex_lock(&fh->subscribe_lock); spin_lock_irqsave(&fh->vdev->fh_lock, flags); found_ev = v4l2_event_subscribed(fh, sub->type, sub->id); - if (!found_ev) - list_add(&sev->list, &fh->subscribed); spin_unlock_irqrestore(&fh->vdev->fh_lock, flags); if (found_ev) { + /* Already listening */ kvfree(sev); - return 0; /* Already listening */ + goto out_unlock; } if (sev->ops && sev->ops->add) { - int ret = sev->ops->add(sev, elems); + ret = sev->ops->add(sev, elems); if (ret) { - sev->ops = NULL; - v4l2_event_unsubscribe(fh, sub); - return ret; + kvfree(sev); + goto out_unlock; } } - /* Mark as ready for use */ - sev->elems = elems; + spin_lock_irqsave(&fh->vdev->fh_lock, flags); + list_add(&sev->list, &fh->subscribed); + spin_unlock_irqrestore(&fh->vdev->fh_lock, flags); - return 0; +out_unlock: + mutex_unlock(&fh->subscribe_lock); + + return ret; } EXPORT_SYMBOL_GPL(v4l2_event_subscribe); @@ -288,6 +286,8 @@ int v4l2_event_unsubscribe(struct v4l2_fh *fh, return 0; } + mutex_lock(&fh->subscribe_lock); + spin_lock_irqsave(&fh->vdev->fh_lock, flags); sev = v4l2_event_subscribed(fh, sub->type, sub->id); @@ -305,6 +305,8 @@ int v4l2_event_unsubscribe(struct v4l2_fh *fh, if (sev && sev->ops && sev->ops->del) sev->ops->del(sev); + mutex_unlock(&fh->subscribe_lock); + kvfree(sev); return 0; diff --git a/drivers/media/v4l2-core/v4l2-fh.c b/drivers/media/v4l2-core/v4l2-fh.c index 3895999bf880..c91a7bd3ecfc 100644 --- a/drivers/media/v4l2-core/v4l2-fh.c +++ b/drivers/media/v4l2-core/v4l2-fh.c @@ -45,6 +45,7 @@ void v4l2_fh_init(struct v4l2_fh *fh, struct video_device *vdev) INIT_LIST_HEAD(&fh->available); INIT_LIST_HEAD(&fh->subscribed); fh->sequence = -1; + mutex_init(&fh->subscribe_lock); } EXPORT_SYMBOL_GPL(v4l2_fh_init); @@ -90,6 +91,7 @@ void v4l2_fh_exit(struct v4l2_fh *fh) return; v4l_disable_media_source(fh->vdev); v4l2_event_unsubscribe_all(fh); + mutex_destroy(&fh->subscribe_lock); fh->vdev = NULL; } EXPORT_SYMBOL_GPL(v4l2_fh_exit); diff --git a/include/media/v4l2-fh.h b/include/media/v4l2-fh.h index ea73fef8bdc0..8586cfb49828 100644 --- a/include/media/v4l2-fh.h +++ b/include/media/v4l2-fh.h @@ -38,10 +38,13 @@ struct v4l2_ctrl_handler; * @prio: priority of the file handler, as defined by &enum v4l2_priority * * @wait: event' s wait queue + * @subscribe_lock: serialise changes to the subscribed list; guarantee that + * the add and del event callbacks are orderly called * @subscribed: list of subscribed events * @available: list of events waiting to be dequeued * @navailable: number of available events at @available list * @sequence: event sequence number + * * @m2m_ctx: pointer to &struct v4l2_m2m_ctx */ struct v4l2_fh { @@ -52,6 +55,7 @@ struct v4l2_fh { /* Events */ wait_queue_head_t wait; + struct mutex subscribe_lock; struct list_head subscribed; struct list_head available; unsigned int navailable;

7 years, 1 month

1
0
0 0

[PATCH 4.14 000/165] 4.14.68-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.14.68 release. There are 165 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed Sep 5 16:56:19 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.68-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.14.68-rc1 Kees Cook <keescook(a)chromium.org> gcc-plugins: Use dynamic initializers Valdis Kletnieks <valdis.kletnieks(a)vt.edu> gcc-plugins: Add include required by GCC release 8 Scott Bauer <scott.bauer(a)intel.com> cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status Vincent Whitchurch <vincent.whitchurch(a)axis.com> watchdog: Mark watchdog touch functions as notrace H. Nikolaus Schaller <hns(a)goldelico.com> power: generic-adc-battery: check for duplicate properties copied from iio channels H. Nikolaus Schaller <hns(a)goldelico.com> power: generic-adc-battery: fix out-of-bounds write when copying channel properties Dan Carpenter <dan.carpenter(a)oracle.com> PM / clk: signedness bug in of_pm_clk_add_clks() Alberto Panizzo <alberto(a)amarulasolutions.com> clk: rockchip: fix clk_i2sout parent selection bits on rk3399 Mike Christie <mchristi(a)redhat.com> iscsi target: fix session creation failure handling Bart Van Assche <bart.vanassche(a)wdc.com> scsi: core: Avoid that SCSI device removal through sysfs triggers a deadlock Bart Van Assche <bart.vanassche(a)wdc.com> scsi: sysfs: Introduce sysfs_{un,}break_active_protection() Bart Van Assche <bart.vanassche(a)wdc.com> scsi: mpt3sas: Fix _transport_smp_handler() error path Ricardo Schwarzmeier <Ricardo.Schwarzmeier(a)infineon.com> tpm: Return the actual size when receiving an unsupported command Paul Burton <paul.burton(a)mips.com> MIPS: lib: Provide MIPS64r6 __multi3() for GCC < 7 Huacai Chen <chenhc(a)lemote.com> MIPS: Change definition of cpu_relax() for Loongson-3 Paul Burton <paul.burton(a)mips.com> MIPS: Always use -march=<arch>, not -<arch> shortcuts Maciej W. Rozycki <macro(a)mips.com> MIPS: Correct the 64-bit DSP accumulator register size Masami Hiramatsu <mhiramat(a)kernel.org> kprobes: Make list and blacklist root user read only Masami Hiramatsu <mhiramat(a)kernel.org> kprobes/arm: Fix %p uses in error messages Sebastian Ott <sebott(a)linux.ibm.com> s390/pci: fix out of bounds access during irq setup Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390/numa: move initial setup of node_to_cpumask_map Julian Wiedmann <jwi(a)linux.ibm.com> s390/qdio: reset old sbal_state flags Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390: fix br_r1_trampoline for machines without exrl Gerald Schaefer <gerald.schaefer(a)de.ibm.com> s390/mm: fix addressing exception after suspend/resume Jann Horn <jannh(a)google.com> x86/entry/64: Wipe KASAN stack shadow before rewind_stack_do_exit() Gustavo A. R. Silva <gustavo(a)embeddedor.com> hwmon: (nct6775) Fix potential Spectre v1 Andi Kleen <ak(a)linux.intel.com> x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ Andi Kleen <ak(a)linux.intel.com> x86/spectre: Add missing family 6 check to microcode check Nick Desaulniers <ndesaulniers(a)google.com> x86/irqflags: Mark native_restore_fl extern inline Andy Lutomirski <luto(a)kernel.org> x86/nmi: Fix NMI uaccess race against CR3 switching Samuel Neves <sneves(a)dei.uc.pt> x86/vdso: Fix lsl operand order Dan Carpenter <dan.carpenter(a)oracle.com> pinctrl: freescale: off by one in imx1_pinconf_group_dbg_show() Gustavo A. R. Silva <gustavo(a)embeddedor.com> ASoC: sirf: Fix potential NULL pointer dereference Takashi Iwai <tiwai(a)suse.de> ASoC: zte: Fix incorrect PCM format bit usages Jerome Brunet <jbrunet(a)baylibre.com> ASoC: dpcm: don't merge format from invalid codec dai Michael Buesch <m(a)bues.ch> b43/leds: Ensure NUL-termination of LED name string Michael Buesch <m(a)bues.ch> b43legacy/leds: Ensure NUL-termination of LED name string Mikulas Patocka <mpatocka(a)redhat.com> udl-kms: avoid division Mikulas Patocka <mpatocka(a)redhat.com> udl-kms: fix crash due to uninitialized memory Mikulas Patocka <mpatocka(a)redhat.com> udl-kms: handle allocation failure Mikulas Patocka <mpatocka(a)redhat.com> udl-kms: change down_interruptible to down Kirill Tkhai <ktkhai(a)virtuozzo.com> fuse: Add missed unlock_page() to fuse_readpages_fill() Miklos Szeredi <mszeredi(a)redhat.com> fuse: Fix oops at process_init_reply() Miklos Szeredi <mszeredi(a)redhat.com> fuse: umount should wait for all requests Miklos Szeredi <mszeredi(a)redhat.com> fuse: fix unlocked access to processing queue Miklos Szeredi <mszeredi(a)redhat.com> fuse: fix double request_end() Miklos Szeredi <mszeredi(a)redhat.com> fuse: fix initial parallel dirops Andrey Ryabinin <aryabinin(a)virtuozzo.com> fuse: Don't access pipe->buffers without pipe_lock() Josh Poimboeuf <jpoimboe(a)redhat.com> x86/kvm/vmx: Remove duplicate l1d flush definitions Thomas Gleixner <tglx@xxxxxxxxxxxxx> KVM: x86: SVM: Call x86_spec_ctrl_set_guest/host() with interrupts disabled Rian Hunter <rian(a)alum.mit.edu> x86/process: Re-export start_thread() Andy Lutomirski <luto(a)kernel.org> x86/vdso: Fix vDSO build if a retpoline is emitted Vlastimil Babka <vbabka(a)suse.cz> x86/speculation/l1tf: Suggest what to do on systems with too much RAM Vlastimil Babka <vbabka(a)suse.cz> x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM Vlastimil Babka <vbabka(a)suse.cz> x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit Peter Zijlstra <peterz(a)infradead.org> mm/tlb, x86/mm: Support invalidating TLB caches for RCU_TABLE_FREE Takashi Iwai <tiwai(a)suse.de> platform/x86: ideapad-laptop: Apply no_hw_rfkill to Y20-15IKBM, too Michal Wnukowski <wnukowski(a)google.com> nvme-pci: add a memory barrier to nvme_dbbuf_update_and_check_event Eric Sandeen <sandeen(a)redhat.com> ext4: reset error code in ext4_find_entry in fallback Arnd Bergmann <arnd(a)arndb.de> ext4: sysfs: print ext4_super_block fields as little-endian Theodore Ts'o <tytso(a)mit.edu> ext4: check for NUL characters in extended attribute's name Prasad Sodagudi <psodagud(a)codeaurora.org> stop_machine: Atomically queue and wake stopper threads Peter Zijlstra <peterz(a)infradead.org> stop_machine: Reflow cpu_stop_queue_two_works() Claudio Imbrenda <imbrenda(a)linux.vnet.ibm.com> s390/kvm: fix deadlock when killed by oom Punit Agrawal <punit.agrawal(a)arm.com> KVM: arm/arm64: Skip updating PTE entry if no change Punit Agrawal <punit.agrawal(a)arm.com> KVM: arm/arm64: Skip updating PMD entry if no change Huibin Hong <huibin.hong(a)rock-chips.com> arm64: dts: rockchip: corrected uart1 clock-names for rk3328 Greg Hackmann <ghackmann(a)android.com> arm64: mm: check for upper PAGE_SHIFT bits in pfn_valid() Masami Hiramatsu <mhiramat(a)kernel.org> kprobes/arm64: Fix %p uses in error messages Petr Mladek <pmladek(a)suse.com> printk/nmi: Prevent deadlock when accessing the main log buffer in NMI Petr Mladek <pmladek(a)suse.com> printk: Create helper function to queue deferred console handling Petr Mladek <pmladek(a)suse.com> printk: Split the code for storing a message into the log buffer Vivek Gautam <vivek.gautam(a)codeaurora.org> iommu/arm-smmu: Error out only if not enough context interrupts Josef Bacik <jbacik(a)fb.com> Btrfs: fix btrfs_write_inode vs delayed iput deadlock Josef Bacik <josef(a)toxicpanda.com> btrfs: don't leak ret from do_chunk_alloc Ethan Lien <ethanlien(a)synology.com> btrfs: use correct compare function of dirty_metadata_bytes Steve French <stfrench(a)microsoft.com> smb3: fill in statfs fsid and correct namelen Steve French <stfrench(a)microsoft.com> smb3: don't request leases in symlink creation and query Steve French <stfrench(a)microsoft.com> smb3: Do not send SMB3 SET_INFO if nothing changed Steve French <stfrench(a)microsoft.com> smb3: enumerating snapshots was leaving part of the data off end Nicholas Mc Guire <hofrat(a)osadl.org> cifs: check kmalloc before use Steve French <stfrench(a)microsoft.com> cifs: add missing debug entries for kconfig options Alexander Usyskin <alexander.usyskin(a)intel.com> mei: don't update offset in write jie@chenjie6@huwei.com <jie@chenjie6@huwei.com> mm/memory.c: check return value of ioremap_prot Jim Gill <jgill(a)vmware.com> scsi: vmw_pvscsi: Return DID_RESET for status SAM_STAT_COMMAND_TERMINATED Johannes Thumshirn <jthumshirn(a)suse.de> scsi: fcoe: clear FC_RP_STARTED flags when receiving a LOGO Johannes Thumshirn <jthumshirn(a)suse.de> scsi: fcoe: drop frames in ELS LOGO error path Johannes Thumshirn <jthumshirn(a)suse.de> scsi: fcoe: fix use-after-free in fcoe_ctlr_els_send Benjamin Tissoires <benjamin.tissoires(a)redhat.com> gpiolib-acpi: make sure we trigger edge events at least once on boot Kirill Tkhai <ktkhai(a)virtuozzo.com> memcg: remove memcg_cgroup::id from IDR on mem_cgroup_css_alloc() failure Colin Ian King <colin.king(a)canonical.com> drivers: net: lmc: fix case value for target abort error Phillip Lougher <phillip(a)squashfs.org.uk> Squashfs: Compute expected length from inode size rather than block length Hugh Dickins <hughd(a)google.com> mm: delete historical BUG from zap_pmd_range() Linus Torvalds <torvalds(a)linux-foundation.org> squashfs metadata 2: electric boogaloo Govindarajulu Varadarajan <gvaradar(a)cisco.com> enic: do not call enic_change_mtu in enic_probe Thomas Petazzoni <thomas.petazzoni(a)bootlin.com> sparc: use asm-generic version of msi.h Steven Rostedt (VMware) <rostedt(a)goodmis.org> sparc/time: Add missing __init to init_tick_ops() Randy Dunlap <rdunlap(a)infradead.org> arc: fix type warnings in arc/mm/cache.c Randy Dunlap <rdunlap(a)infradead.org> arc: fix build errors in arc/include/asm/delay.h Randy Dunlap <rdunlap(a)infradead.org> arc: [plat-eznps] fix printk warning in arc/plat-eznps/mtm.c Randy Dunlap <rdunlap(a)infradead.org> arc: [plat-eznps] fix data type errors in platform headers Ofer Levi <oferle(a)mellanox.com> ARC: [plat-eznps] Add missing struct nps_host_reg_aux_dpc Govindarajulu Varadarajan <gvaradar(a)cisco.com> enic: handle mtu change for vf properly John Hurley <john.hurley(a)netronome.com> nfp: flower: fix port metadata conversion bug Taehee Yoo <ap420073(a)gmail.com> bpf: use GFP_ATOMIC instead of GFP_KERNEL in bpf_parse_prog() Eugeniy Paltsev <Eugeniy.Paltsev(a)synopsys.com> ARC: dma [non-IOC] setup SMP_CACHE_BYTES and cache_line_size Rafał Miłecki <rafal(a)milecki.pl> Revert "MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum" Calvin Walton <calvin.walton(a)kepstin.ca> tools/power turbostat: Read extended processor family from CPUID Li Wang <liwang(a)redhat.com> zswap: re-check zswap_is_full() after do zswap_shrink() Davidlohr Bueso <dave(a)stgolabs.net> ipc/sem.c: prevent queue.status tearing in semop dann frazier <dann.frazier(a)canonical.com> hinic: Link the logical network device to the pci device in sysfs Masami Hiramatsu <mhiramat(a)kernel.org> selftests/ftrace: Add snapshot and tracing_on test case Kiran Kumar Modukuri <kiran.modukuri(a)gmail.com> cachefiles: Wait rather than BUG'ing on "Unexpected object collision" Kiran Kumar Modukuri <kiran.modukuri(a)gmail.com> cachefiles: Fix refcounting bug in backing-file read monitoring Kiran Kumar Modukuri <kiran.modukuri(a)gmail.com> fscache: Allow cancelled operations to be enqueued Kees Cook <keescook(a)chromium.org> x86/boot: Fix if_changed build flip/flop bug Hailong Liu <liu.hailong6(a)zte.com.cn> sched/rt: Restore rt_runtime after disabling RT_RUNTIME_SHARE Peter Rosin <peda(a)axentia.se> i2c/mux, locking/core: Annotate the nested rt_mutex usage Peter Rosin <peda(a)axentia.se> locking/rtmutex: Allow specifying a subclass for nested locking Shubhrajyoti Datta <shubhrajyoti.datta(a)xilinx.com> net: axienet: Fix double deregister of mdio Aleksander Morgado <aleksander(a)aleksander.es> qmi_wwan: fix interface number for DW5821e production firmware Sudarsana Reddy Kalluru <sudarsana.kalluru(a)cavium.com> bnx2x: Fix invalid memory access in rss hash config path. Guenter Roeck <linux(a)roeck-us.net> media: staging: omap4iss: Include asm/cacheflush.h after generic includes Thomas Gleixner <tglx(a)linutronix.de> perf/x86/amd/ibs: Don't access non-started event Alexander Sverdlin <alexander.sverdlin(a)nokia.com> i2c: davinci: Avoid zero value of CLKH Faiz Abbas <faiz_abbas(a)ti.com> can: m_can: Move accessing of message ram to after clocks are enabled Nicholas Mc Guire <hofrat(a)osadl.org> can: mpc5xxx_can: check of_iomap return before use Randy Dunlap <rdunlap(a)infradead.org> net: prevent ISA drivers from building on PPC32 Florian Westphal <fw(a)strlen.de> atl1c: reserve min skb headroom Sudarsana Reddy Kalluru <sudarsana.kalluru(a)cavium.com> qed: Correct Multicast API to reflect existence of 256 approximate buckets. Sudarsana Reddy Kalluru <sudarsana.kalluru(a)cavium.com> qed: Fix possible race for the link state value. Sudarsana Reddy Kalluru <sudarsana.kalluru(a)cavium.com> qed: Fix link flap issue due to mismatching EEE capabilities. YueHaibing <yuehaibing(a)huawei.com> net: caif: Add a missing rcu_read_unlock() in caif_flow_cb Len Brown <len.brown(a)intel.com> tools/power turbostat: fix -S on UP systems Sean Christopherson <sean.j.christopherson(a)intel.com> KVM: vmx: use local variable for current_vmptr when emulating VMPTRST Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: don't allow to rename to already-pending name Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: fix memory leaks on chain rename Daniel Borkmann <daniel(a)iogearbox.net> bpf, ppc64: fix unexpected r0=0 exit path inside bpf_xadd Taehee Yoo <ap420073(a)gmail.com> netfilter: nft_set_hash: add rcu_barrier() in the nft_rhash_destroy() Eugeniu Rosca <roscaeugeniu(a)gmail.com> usb: gadget: f_uac2: fix endianness of 'struct cntrl_*_lay3' Peter Senna Tschudin <peter.senna(a)gmail.com> tools: usb: ffs-test: Fix build on big endian systems Randy Dunlap <rdunlap(a)infradead.org> usb/phy: fix PPC64 build errors in phy-fsl-usb.c Vladimir Zapolskiy <vladimir_zapolskiy(a)mentor.com> usb: gadget: u_audio: protect stream runtime fields with stream spinlock Vladimir Zapolskiy <vladimir_zapolskiy(a)mentor.com> usb: gadget: u_audio: remove cached period bytes value Vladimir Zapolskiy <vladimir_zapolskiy(a)mentor.com> usb: gadget: u_audio: remove caching of stream buffer parameters Joshua Frkuska <joshua_frkuska(a)mentor.com> usb: gadget: u_audio: update hw_ptr in iso_complete after data copied Eugeniu Rosca <erosca(a)de.adit-jv.com> usb: gadget: u_audio: fix pcm/card naming in g_audio_setup() Eugeniu Rosca <erosca(a)de.adit-jv.com> usb: gadget: f_uac2: fix error handling in afunc_bind (again) Jia-Ju Bai <baijiaju1990(a)gmail.com> usb: gadget: r8a66597: Fix a possible sleep-in-atomic-context bugs in r8a66597_queue() Jia-Ju Bai <baijiaju1990(a)gmail.com> usb: gadget: r8a66597: Fix two possible sleep-in-atomic-context bugs in init_controller() Josef Bacik <josef(a)toxicpanda.com> nbd: handle unexpected replies better Josef Bacik <josef(a)toxicpanda.com> nbd: don't requeue the same request twice. Lucas Stach <l.stach(a)pengutronix.de> drm/imx: imx-ldb: check if channel is enabled before printing warning Lucas Stach <l.stach(a)pengutronix.de> drm/imx: imx-ldb: disable LDB on driver bind Varun Prakash <varun(a)chelsio.com> scsi: libiscsi: fix possible NULL pointer dereference in case of TMF Varun Prakash <varun(a)chelsio.com> scsi: target: iscsi: cxgbit: fix max iso npdu calculation Sean Paul <seanpaul(a)chromium.org> drm/bridge: adv7511: Reset registers on hotplug Bernd Edlinger <bernd.edlinger(a)hotmail.de> nl80211: Add a missing break in parse_station_flags Theodore Ts'o <tytso(a)mit.edu> ext4: clear mmp sequence number when remounting read-only mpubbise(a)codeaurora.org <mpubbise(a)codeaurora.org> mac80211: add stations tied to AP_VLANs during hw reconfig Zhen Lei <thunder.leizhen(a)huawei.com> esp6: fix memleak on error path in esp6_input Florian Westphal <fw(a)strlen.de> xfrm: free skb if nlsk pointer is NULL Tommi Rantala <tommi.t.rantala(a)nokia.com> xfrm: fix missing dst_release() after policy blocking lbcast and multicast Eyal Birger <eyal.birger(a)gmail.com> vti6: fix PMTU caching and reporting on xmit Paulo Flabiano Smorigo <pfsmorigo(a)linux.vnet.ibm.com> crypto: vmx - Use skcipher for ctr fallback ------------- Diffstat: Makefile | 8 +- arch/Kconfig | 3 + arch/arc/Kconfig | 3 + arch/arc/include/asm/cache.h | 4 +- arch/arc/include/asm/delay.h | 3 + arch/arc/mm/cache.c | 7 +- arch/arc/plat-eznps/include/plat/ctop.h | 10 +++ arch/arc/plat-eznps/mtm.c | 6 +- arch/arm/probes/kprobes/core.c | 4 +- arch/arm/probes/kprobes/test-core.c | 1 - arch/arm64/boot/dts/rockchip/rk3328.dtsi | 2 +- arch/arm64/kernel/probes/kprobes.c | 2 +- arch/arm64/mm/init.c | 6 +- arch/mips/Makefile | 12 +-- arch/mips/bcm47xx/setup.c | 6 -- arch/mips/include/asm/mipsregs.h | 3 - arch/mips/include/asm/processor.h | 15 +++- arch/mips/kernel/ptrace.c | 2 +- arch/mips/kernel/ptrace32.c | 2 +- arch/mips/lib/multi3.c | 6 +- arch/powerpc/net/bpf_jit_comp64.c | 29 ++----- arch/s390/include/asm/qdio.h | 1 - arch/s390/mm/fault.c | 2 + arch/s390/mm/page-states.c | 2 +- arch/s390/net/bpf_jit_comp.c | 2 - arch/s390/numa/numa.c | 16 +--- arch/s390/pci/pci.c | 2 + arch/sparc/include/asm/Kbuild | 1 + arch/sparc/kernel/time_64.c | 2 +- arch/x86/Kconfig | 1 + arch/x86/boot/compressed/Makefile | 8 +- arch/x86/entry/vdso/Makefile | 6 +- arch/x86/events/amd/ibs.c | 6 +- arch/x86/events/core.c | 2 +- arch/x86/include/asm/irqflags.h | 3 +- arch/x86/include/asm/processor.h | 6 +- arch/x86/include/asm/tlbflush.h | 40 +++++++++ arch/x86/include/asm/vgtod.h | 2 +- arch/x86/kernel/cpu/bugs.c | 50 +++++++++-- arch/x86/kernel/cpu/common.c | 1 + arch/x86/kernel/cpu/intel.c | 3 + arch/x86/kernel/dumpstack.c | 4 + arch/x86/kernel/process_64.c | 1 + arch/x86/kvm/svm.c | 8 +- arch/x86/kvm/vmx.c | 18 ++-- arch/x86/lib/usercopy.c | 5 ++ arch/x86/mm/init.c | 4 +- arch/x86/mm/mmap.c | 2 +- arch/x86/mm/tlb.c | 7 ++ drivers/base/power/clock_ops.c | 2 +- drivers/block/nbd.c | 96 ++++++++++++++++++---- drivers/cdrom/cdrom.c | 2 +- drivers/char/tpm/tpm-interface.c | 2 +- drivers/clk/rockchip/clk-rk3399.c | 2 +- drivers/crypto/vmx/aes_ctr.c | 31 +++---- drivers/gpio/gpiolib-acpi.c | 56 ++++++++++++- drivers/gpu/drm/bridge/adv7511/adv7511_drv.c | 12 +++ drivers/gpu/drm/imx/imx-ldb.c | 9 +- drivers/gpu/drm/udl/udl_drv.h | 2 +- drivers/gpu/drm/udl/udl_fb.c | 17 ++-- drivers/gpu/drm/udl/udl_main.c | 35 ++++---- drivers/gpu/drm/udl/udl_transfer.c | 39 ++++----- drivers/hwmon/nct6775.c | 2 + drivers/i2c/busses/i2c-davinci.c | 8 +- drivers/i2c/i2c-core-base.c | 2 +- drivers/i2c/i2c-mux.c | 4 +- drivers/iommu/arm-smmu.c | 16 ++-- drivers/misc/mei/main.c | 1 - drivers/net/can/m_can/m_can.c | 7 +- drivers/net/can/mscan/mpc5xxx_can.c | 5 ++ drivers/net/ethernet/3com/Kconfig | 2 +- drivers/net/ethernet/amd/Kconfig | 4 +- drivers/net/ethernet/atheros/atl1c/atl1c_main.c | 1 + .../net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c | 13 ++- drivers/net/ethernet/cirrus/Kconfig | 1 + drivers/net/ethernet/cisco/enic/enic_main.c | 80 +++++++----------- drivers/net/ethernet/huawei/hinic/hinic_main.c | 1 + drivers/net/ethernet/netronome/nfp/flower/main.c | 4 +- drivers/net/ethernet/qlogic/qed/qed_l2.c | 15 ++-- drivers/net/ethernet/qlogic/qed/qed_l2.h | 2 +- drivers/net/ethernet/qlogic/qed/qed_mcp.c | 13 ++- drivers/net/ethernet/qlogic/qed/qed_sriov.c | 2 +- drivers/net/ethernet/qlogic/qed/qed_vf.c | 4 +- drivers/net/ethernet/qlogic/qed/qed_vf.h | 7 +- drivers/net/ethernet/xilinx/xilinx_axienet_mdio.c | 1 + drivers/net/usb/qmi_wwan.c | 2 +- drivers/net/wan/lmc/lmc_main.c | 2 +- drivers/net/wireless/broadcom/b43/leds.c | 2 +- drivers/net/wireless/broadcom/b43legacy/leds.c | 2 +- drivers/nvme/host/pci.c | 8 ++ drivers/pinctrl/freescale/pinctrl-imx1-core.c | 2 +- drivers/platform/x86/ideapad-laptop.c | 4 +- drivers/power/supply/generic-adc-battery.c | 25 +++--- drivers/s390/cio/qdio_main.c | 5 +- drivers/scsi/fcoe/fcoe_ctlr.c | 6 +- drivers/scsi/libfc/fc_rport.c | 1 + drivers/scsi/libiscsi.c | 12 +-- drivers/scsi/mpt3sas/mpt3sas_transport.c | 5 +- drivers/scsi/scsi_sysfs.c | 20 ++++- drivers/scsi/vmw_pvscsi.c | 11 ++- drivers/staging/media/omap4iss/iss_video.c | 3 +- drivers/target/iscsi/cxgbit/cxgbit_target.c | 16 ++-- drivers/target/iscsi/iscsi_target_login.c | 35 ++++---- drivers/usb/gadget/function/f_uac2.c | 24 +++--- drivers/usb/gadget/function/u_audio.c | 88 ++++++++------------ drivers/usb/gadget/udc/r8a66597-udc.c | 6 +- drivers/usb/phy/phy-fsl-usb.c | 4 +- fs/btrfs/disk-io.c | 10 ++- fs/btrfs/extent-tree.c | 2 +- fs/btrfs/inode.c | 26 ------ fs/btrfs/super.c | 1 - fs/cachefiles/namei.c | 1 - fs/cachefiles/rdwr.c | 17 ++-- fs/cifs/cifs_debug.c | 30 +++++-- fs/cifs/cifsfs.c | 18 ++-- fs/cifs/inode.c | 2 + fs/cifs/link.c | 4 +- fs/cifs/sess.c | 6 ++ fs/cifs/smb2inode.c | 2 +- fs/cifs/smb2ops.c | 36 ++++++-- fs/cifs/smb2pdu.c | 8 ++ fs/cifs/smb2pdu.h | 11 +++ fs/ext4/mmp.c | 7 +- fs/ext4/namei.c | 1 + fs/ext4/super.c | 2 + fs/ext4/sysfs.c | 13 ++- fs/ext4/xattr.c | 2 + fs/fscache/operation.c | 6 +- fs/fuse/dev.c | 39 +++++++-- fs/fuse/dir.c | 10 ++- fs/fuse/file.c | 1 + fs/fuse/fuse_i.h | 5 +- fs/fuse/inode.c | 37 +++++---- fs/squashfs/file.c | 50 ++++++----- fs/squashfs/file_cache.c | 4 +- fs/squashfs/file_direct.c | 24 +++--- fs/squashfs/squashfs.h | 3 +- fs/sysfs/file.c | 44 ++++++++++ include/linux/printk.h | 4 + include/linux/rtmutex.h | 7 ++ include/linux/sysfs.h | 14 ++++ ipc/sem.c | 2 +- kernel/kprobes.c | 4 +- kernel/locking/rtmutex.c | 29 ++++++- kernel/printk/internal.h | 9 +- kernel/printk/printk.c | 57 ++++++++----- kernel/printk/printk_safe.c | 58 ++++++++----- kernel/sched/rt.c | 2 + kernel/stop_machine.c | 43 ++++++---- kernel/trace/trace.c | 4 +- kernel/watchdog.c | 4 +- kernel/watchdog_hld.c | 2 +- kernel/workqueue.c | 2 +- lib/nmi_backtrace.c | 3 - mm/memcontrol.c | 15 +++- mm/memory.c | 27 +++++- mm/zswap.c | 9 ++ net/caif/caif_dev.c | 4 +- net/core/lwt_bpf.c | 2 +- net/ipv6/esp6.c | 4 +- net/ipv6/ip6_vti.c | 11 +-- net/mac80211/util.c | 3 +- net/netfilter/nf_tables_api.c | 59 ++++++++----- net/netfilter/nft_set_hash.c | 1 + net/wireless/nl80211.c | 1 + net/xfrm/xfrm_policy.c | 3 + net/xfrm/xfrm_user.c | 10 ++- scripts/gcc-plugins/gcc-common.h | 4 + scripts/gcc-plugins/latent_entropy_plugin.c | 17 ++-- scripts/gcc-plugins/randomize_layout_plugin.c | 75 +++++------------ scripts/gcc-plugins/structleak_plugin.c | 19 ++--- sound/soc/sirf/sirf-usp.c | 7 +- sound/soc/soc-pcm.c | 8 ++ sound/soc/zte/zx-tdm.c | 4 +- tools/power/x86/turbostat/turbostat.c | 8 +- .../selftests/ftrace/test.d/00basic/snapshot.tc | 28 +++++++ tools/usb/ffs-test.c | 19 ++++- virt/kvm/arm/mmu.c | 42 +++++++--- 178 files changed, 1394 insertions(+), 774 deletions(-)

7 years, 1 month

7
172
0 0

[PATCH] drm/edid: Add 6 bpc quirk for BOE panel in HP Pavilion 15-n233sl

by Kai-Heng Feng

There's another panel that reports "DFP 1.x compliant TMDS" but it supports 6bpc instead of 8 bpc. Apply 6 bpc quirk for the panel to fix it. BugLink: https://bugs.launchpad.net/bugs/1794387 Cc: <stable(a)vger.kernel.org> # v4.8+ Signed-off-by: Kai-Heng Feng <kai.heng.feng(a)canonical.com> --- drivers/gpu/drm/drm_edid.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/gpu/drm/drm_edid.c b/drivers/gpu/drm/drm_edid.c index 3c9fc99648b7..1e2b9407c8d0 100644 --- a/drivers/gpu/drm/drm_edid.c +++ b/drivers/gpu/drm/drm_edid.c @@ -113,6 +113,9 @@ static const struct edid_quirk { /* AEO model 0 reports 8 bpc, but is a 6 bpc panel */ { "AEO", 0, EDID_QUIRK_FORCE_6BPC }, + /* BOE model on HP Pavilion 15-n233sl reports 8 bpc, but is a 6 bpc panel */ + { "BOE", 0x78b, EDID_QUIRK_FORCE_6BPC }, + /* CPT panel of Asus UX303LA reports 8 bpc, but is a 6 bpc panel */ { "CPT", 0x17df, EDID_QUIRK_FORCE_6BPC }, -- 2.17.1

7 years, 1 month

2
1
0 0

[PATCH v2] mtd: rawnand: marvell: check for RDY bits after enabling the IRQ

by Daniel Mack

At least on PXA3xx platforms, enabling RDY interrupts in the NDCR register will only cause the IRQ to latch when the RDY lanes are changing, and not in case they are already asserted. This means that if the controller finished the command in flight before marvell_nfc_wait_op() is called, that function will wait for a change in the bit that can't ever happen as it is already set. To address this race, check for the RDY bits after the IRQ was enabled, and complete the completion immediately if the condition is already met. This fixes a bug that was observed with a NAND chip that holds a UBIFS parition on which file system stress tests were executed. When marvell_nfc_wait_op() reports an error, UBI/UBIFS will eventually mount the filesystem read-only, reporting lots of warnings along the way. Fixes: 02f26ecf8c77 mtd: nand: add reworked Marvell NAND controller driver Cc: stable(a)vger.kernel.org Signed-off-by: Daniel Mack <daniel(a)zonque.org> --- v1 → v2: * Use complete(&nfc->complete) when the condition is met, and do wait_for_completion_timeout() in all cases. Suggested by Boris Brezillon. drivers/mtd/nand/raw/marvell_nand.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/drivers/mtd/nand/raw/marvell_nand.c b/drivers/mtd/nand/raw/marvell_nand.c index 666f34b58dec..4870b5bae296 100644 --- a/drivers/mtd/nand/raw/marvell_nand.c +++ b/drivers/mtd/nand/raw/marvell_nand.c @@ -614,6 +614,7 @@ static int marvell_nfc_wait_op(struct nand_chip *chip, unsigned int timeout_ms) { struct marvell_nfc *nfc = to_marvell_nfc(chip->controller); int ret; + u32 st; /* Timeout is expressed in ms */ if (!timeout_ms) @@ -622,6 +623,15 @@ static int marvell_nfc_wait_op(struct nand_chip *chip, unsigned int timeout_ms) init_completion(&nfc->complete); marvell_nfc_enable_int(nfc, NDCR_RDYM); + + /* + * Check if the NDSR_RDY bits have already been set before the + * interrupt was enabled. + */ + st = readl_relaxed(nfc->regs + NDSR); + if (st & (NDSR_RDY(0) | NDSR_RDY(1))) + complete(&nfc->complete); + ret = wait_for_completion_timeout(&nfc->complete, msecs_to_jiffies(timeout_ms)); marvell_nfc_disable_int(nfc, NDCR_RDYM); -- 2.17.1

7 years, 1 month

4
27
0 0

[PATCH] mtd: spi-nor: fsl-quadspi: Don't let -EINVAL on the bus

by Ahmad Fatoum

fsl_qspi_get_seqid() may return -EINVAL, but fsl_qspi_init_ahb_read() doesn't check for error codes with the result that -EINVAL could find itself signalled over the bus. In conjunction with the LS1046A SoC's A-009283 errata ("Illegal accesses to SPI flash memory can result in a system hang") this illegal access to SPI flash memory results in a system hang if userspace attempts reading later on. Avoid this by always checking fsl_qspi_get_seqid()'s return value and bail out otherwise. Cc: stable(a)vger.kernel.org Signed-off-by: Ahmad Fatoum <a.fatoum(a)pengutronix.de> --- drivers/mtd/spi-nor/fsl-quadspi.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/drivers/mtd/spi-nor/fsl-quadspi.c b/drivers/mtd/spi-nor/fsl-quadspi.c index 7d9620c7ff6c..1bb42e40c38b 100644 --- a/drivers/mtd/spi-nor/fsl-quadspi.c +++ b/drivers/mtd/spi-nor/fsl-quadspi.c @@ -543,6 +543,9 @@ fsl_qspi_runcmd(struct fsl_qspi *q, u8 cmd, unsigned int addr, int len) /* trigger the LUT now */ seqid = fsl_qspi_get_seqid(q, cmd); + if (seqid < 0) + return seqid; + qspi_writel(q, (seqid << QUADSPI_IPCR_SEQID_SHIFT) | len, base + QUADSPI_IPCR); @@ -671,7 +674,7 @@ static void fsl_qspi_set_map_addr(struct fsl_qspi *q) * causes the controller to clear the buffer, and use the sequence pointed * by the QUADSPI_BFGENCR[SEQID] to initiate a read from the flash. */ -static void fsl_qspi_init_ahb_read(struct fsl_qspi *q) +static int fsl_qspi_init_ahb_read(struct fsl_qspi *q) { void __iomem *base = q->iobase; int seqid; @@ -696,8 +699,12 @@ static void fsl_qspi_init_ahb_read(struct fsl_qspi *q) /* Set the default lut sequence for AHB Read. */ seqid = fsl_qspi_get_seqid(q, q->nor[0].read_opcode); + if (seqid < 0) + return seqid; + qspi_writel(q, seqid << QUADSPI_BFGENCR_SEQID_SHIFT, q->iobase + QUADSPI_BFGENCR); + return 0; } /* This function was used to prepare and enable QSPI clock */ @@ -805,9 +812,7 @@ static int fsl_qspi_nor_setup_last(struct fsl_qspi *q) fsl_qspi_init_lut(q); /* Init for AHB read */ - fsl_qspi_init_ahb_read(q); - - return 0; + return fsl_qspi_init_ahb_read(q); } static const struct of_device_id fsl_qspi_dt_ids[] = { -- 2.19.0

7 years, 1 month

2
1
0 0

[PATCH] x86/vdso: Only enable vDSO retpolines when enabled and supported

by Andy Lutomirski

When I fixed the vDSO build to use inline retpolines, I messed up the Makefile logic and made it unconditional. It should have depended on CONFIG_RETPOLINE and on the availability of compiler support. This broke the build on some older compilers. Fixes: 2e549b2ee0e3 ("x86/vdso: Fix vDSO build if a retpoline is emitted") Cc: stable(a)vger.kernel.org Reported-by: nikola.ciprich(a)linuxbox.cz Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Matt Rickard <matt(a)softrans.com.au> Cc: Borislav Petkov <bp(a)alien8.de> Cc: jason.vas.dias(a)gmail.com Cc: David Woodhouse <dwmw2(a)infradead.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Andi Kleen <ak(a)linux.intel.com> Cc: nikola.ciprich(a)linuxbox.cz Signed-off-by: Andy Lutomirski <luto(a)kernel.org> --- arch/x86/entry/vdso/Makefile | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/arch/x86/entry/vdso/Makefile b/arch/x86/entry/vdso/Makefile index fa3f439f0a92..141d415a8c80 100644 --- a/arch/x86/entry/vdso/Makefile +++ b/arch/x86/entry/vdso/Makefile @@ -68,7 +68,13 @@ $(obj)/vdso-image-%.c: $(obj)/vdso%.so.dbg $(obj)/vdso%.so $(obj)/vdso2c FORCE CFL := $(PROFILING) -mcmodel=small -fPIC -O2 -fasynchronous-unwind-tables -m64 \ $(filter -g%,$(KBUILD_CFLAGS)) $(call cc-option, -fno-stack-protector) \ -fno-omit-frame-pointer -foptimize-sibling-calls \ - -DDISABLE_BRANCH_PROFILING -DBUILD_VDSO $(RETPOLINE_VDSO_CFLAGS) + -DDISABLE_BRANCH_PROFILING -DBUILD_VDSO + +ifdef CONFIG_RETPOLINE +ifneq ($(RETPOLINE_VDSO_CFLAGS),) + CFL += $(RETPOLINE_VDSO_CFLAGS) +endif +endif $(vobjs): KBUILD_CFLAGS := $(filter-out $(GCC_PLUGINS_CFLAGS) $(RETPOLINE_CFLAGS),$(KBUILD_CFLAGS)) $(CFL) @@ -138,7 +144,13 @@ KBUILD_CFLAGS_32 += $(call cc-option, -fno-stack-protector) KBUILD_CFLAGS_32 += $(call cc-option, -foptimize-sibling-calls) KBUILD_CFLAGS_32 += -fno-omit-frame-pointer KBUILD_CFLAGS_32 += -DDISABLE_BRANCH_PROFILING -KBUILD_CFLAGS_32 += $(RETPOLINE_VDSO_CFLAGS) + +ifdef CONFIG_RETPOLINE +ifneq ($(RETPOLINE_VDSO_CFLAGS),) + KBUILD_CFLAGS_32 += $(RETPOLINE_VDSO_CFLAGS) +endif +endif + $(obj)/vdso32.so.dbg: KBUILD_CFLAGS = $(KBUILD_CFLAGS_32) $(obj)/vdso32.so.dbg: FORCE \ -- 2.17.1

7 years, 1 month

1
0
0 0

[PATCH v2 1/1] pinctrl: mcp23s08: fix irq and irqchip setup order

by Marco Felsch

Since 'commit 02e389e63e35 ("pinctrl: mcp23s08: fix irq setup order")' the irq request isn't the last devm_* allocation. Without a deeper look at the irq and testing this isn't a good solution. Since this driver relies on the devm mechanism, requesting a interrupt should be the last thing to avoid memory corruptions during unbinding. 'Commit 02e389e63e35 ("pinctrl: mcp23s08: fix irq setup order")' fixed the order for the interrupt-controller use case only. The mcp23s08_irq_setup() must be split into two to fix it for the interrupt-controller use case and to register the irq at last. So the irq will be freed first during unbind. Cc: stable(a)vger.kernel.org Cc: Phil Reid <preid(a)electromag.com.au> Cc: Jan Kundrát <jan.kundrat(a)cesnet.cz> Cc: Dmitry Mastykin <mastichi(a)gmail.com> Cc: Sebastian Reichel <sebastian.reichel(a)collabora.co.uk> Fixes: 82039d244f87 ("pinctrl: mcp23s08: add pinconf support") Fixes: 02e389e63e35 ("pinctrl: mcp23s08: fix irq setup order") Signed-off-by: Marco Felsch <m.felsch(a)pengutronix.de> --- drivers/pinctrl/pinctrl-mcp23s08.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/drivers/pinctrl/pinctrl-mcp23s08.c b/drivers/pinctrl/pinctrl-mcp23s08.c index 4a8a8efadefa..cf73a403d22d 100644 --- a/drivers/pinctrl/pinctrl-mcp23s08.c +++ b/drivers/pinctrl/pinctrl-mcp23s08.c @@ -636,6 +636,14 @@ static int mcp23s08_irq_setup(struct mcp23s08 *mcp) return err; } + return 0; +} + +static int mcp23s08_irqchip_setup(struct mcp23s08 *mcp) +{ + struct gpio_chip *chip = &mcp->chip; + int err; + err = gpiochip_irqchip_add_nested(chip, &mcp23s08_irq_chip, 0, @@ -912,7 +920,7 @@ static int mcp23s08_probe_one(struct mcp23s08 *mcp, struct device *dev, } if (mcp->irq && mcp->irq_controller) { - ret = mcp23s08_irq_setup(mcp); + ret = mcp23s08_irqchip_setup(mcp); if (ret) goto fail; } @@ -944,6 +952,9 @@ static int mcp23s08_probe_one(struct mcp23s08 *mcp, struct device *dev, goto fail; } + if (mcp->irq) + ret = mcp23s08_irq_setup(mcp); + fail: if (ret < 0) dev_dbg(dev, "can't setup chip %d, --> %d\n", addr, ret); -- 2.19.0

7 years, 1 month

2
1
0 0

[PATCH] f2fs: fix to recover cold bit of inode block during POR

by Chao Yu

From: Chao Yu <yuchao0(a)huawei.com> Testcase to reproduce this bug: 1. mkfs.f2fs /dev/sdd 2. mount -t f2fs /dev/sdd /mnt/f2fs 3. touch /mnt/f2fs/file 4. sync 5. chattr +A /mnt/f2fs/file 6. xfs_io -f /mnt/f2fs/file -c "fsync" 7. godown /mnt/f2fs 8. umount /mnt/f2fs 9. mount -t f2fs /dev/sdd /mnt/f2fs 10. chattr -A /mnt/f2fs/file 11. xfs_io -f /mnt/f2fs/file -c "fsync" 12. umount /mnt/f2fs 13. mount -t f2fs /dev/sdd /mnt/f2fs 14. lsattr /mnt/f2fs/file -----------------N- /mnt/f2fs/file But actually, we expect the corrct result is: -------A---------N- /mnt/f2fs/file The reason is in step 9) we missed to recover cold bit flag in inode block, so later, in fsync, we will skip write inode block due to below condition check, result in lossing data in another SPOR. f2fs_fsync_node_pages() if (!IS_DNODE(page) || !is_cold_node(page)) continue; Note that, I guess that some non-dir inode has already lost cold bit during POR, so in order to reenable recovery for those inode, let's try to recover cold bit in f2fs_iget() to save more fsynced data. Fixes: c56675750d7c ("f2fs: remove unneeded set_cold_node()") Cc: <stable(a)vger.kernel.org> 4.17+ Signed-off-by: Chao Yu <yuchao0(a)huawei.com> --- fs/f2fs/inode.c | 4 ++++ fs/f2fs/node.c | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/fs/f2fs/inode.c b/fs/f2fs/inode.c index 3c278e63d1a3..4ce4d6b298f9 100644 --- a/fs/f2fs/inode.c +++ b/fs/f2fs/inode.c @@ -365,6 +365,10 @@ static int do_read_inode(struct inode *inode) if (f2fs_has_inline_data(inode) && !f2fs_exist_data(inode)) __recover_inline_status(inode, node_page); + /* try to recover cold bit for non-dir inode */ + if (!S_ISDIR(inode->i_mode) && !is_cold_node(node_page)) + set_cold_node(node_page, false); + /* get rdev by using inline_info */ __get_inode_rdev(inode, ri); diff --git a/fs/f2fs/node.c b/fs/f2fs/node.c index b3cf18eb12f0..b1edc7525597 100644 --- a/fs/f2fs/node.c +++ b/fs/f2fs/node.c @@ -2549,7 +2549,7 @@ int f2fs_recover_inode_page(struct f2fs_sb_info *sbi, struct page *page) if (!PageUptodate(ipage)) SetPageUptodate(ipage); fill_node_footer(ipage, ino, ino, 0, true); - set_cold_node(page, false); + set_cold_node(ipage, false); src = F2FS_INODE(page); dst = F2FS_INODE(ipage); -- 2.18.0

7 years, 1 month

2
1
0 0

+ ocfs2-fix-locking-for-res-tracking-and-dlm-tracking_list.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: ocfs2: fix locking for res->tracking and dlm->tracking_list has been added to the -mm tree. Its filename is ocfs2-fix-locking-for-res-tracking-and-dlm-tracking_list.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/ocfs2-fix-locking-for-res-tracking… and later at http://ozlabs.org/~akpm/mmotm/broken-out/ocfs2-fix-locking-for-res-tracking… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Ashish Samant <ashish.samant(a)oracle.com> Subject: ocfs2: fix locking for res->tracking and dlm->tracking_list In dlm_init_lockres() we access and modify res->tracking and dlm->tracking_list without holding dlm->track_lock. This can cause list corruptions and can end up in kernel panic. Fix this by locking res->tracking and dlm->tracking_list with dlm->track_lock instead of dlm->spinlock. Link: http://lkml.kernel.org/r/1529951192-4686-1-git-send-email-ashish.samant@ora… Signed-off-by: Ashish Samant <ashish.samant(a)oracle.com> Reviewed-by: Changwei Ge <ge.changwei(a)h3c.com> Acked-by: Joseph Qi <jiangqi903(a)gmail.com> Acked-by: Jun Piao <piaojun(a)huawei.com> Cc: Mark Fasheh <mark(a)fasheh.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Changwei Ge <ge.changwei(a)h3c.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/ocfs2/dlm/dlmmaster.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/fs/ocfs2/dlm/dlmmaster.c~ocfs2-fix-locking-for-res-tracking-and-dlm-tracking_list +++ a/fs/ocfs2/dlm/dlmmaster.c @@ -584,9 +584,9 @@ static void dlm_init_lockres(struct dlm_ res->last_used = 0; - spin_lock(&dlm->spinlock); + spin_lock(&dlm->track_lock); list_add_tail(&res->tracking, &dlm->tracking_list); - spin_unlock(&dlm->spinlock); + spin_unlock(&dlm->track_lock); memset(res->lvb, 0, DLM_LVB_LEN); memset(res->refmap, 0, sizeof(res->refmap)); _ Patches currently in -mm which might be from ashish.samant(a)oracle.com are ocfs2-fix-locking-for-res-tracking-and-dlm-tracking_list.patch

7 years, 1 month

1
0
0 0

patch "Drivers: hv: kvp: Fix two "this statement may fall through" warnings" added to char-misc-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled Drivers: hv: kvp: Fix two "this statement may fall through" warnings to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the char-misc-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. >From fc62c3b1977d62e6374fd6e28d371bb42dfa5c9d Mon Sep 17 00:00:00 2001 From: Dexuan Cui <decui(a)microsoft.com> Date: Sun, 23 Sep 2018 21:10:43 +0000 Subject: Drivers: hv: kvp: Fix two "this statement may fall through" warnings We don't need to call process_ib_ipinfo() if message->kvp_hdr.operation is KVP_OP_GET_IP_INFO in kvp_send_key(), because here we just need to pass on the op code from the host to the userspace; when the userspace returns the info requested by the host, we pass the info on to the host in kvp_respond_to_host() -> process_ob_ipinfo(). BTW, the current buggy code actually doesn't cause any harm, because only message->kvp_hdr.operation is used by the userspace, in the case of KVP_OP_GET_IP_INFO. The patch also adds a missing "break;" in kvp_send_key(). BTW, the current buggy code actually doesn't cause any harm, because in the case of KVP_OP_SET, the unexpected fall-through corrupts message->body.kvp_set.data.key_size, but that is not really used: see the definition of struct hv_kvp_exchg_msg_value. Signed-off-by: Dexuan Cui <decui(a)microsoft.com> Cc: K. Y. Srinivasan <kys(a)microsoft.com> Cc: Haiyang Zhang <haiyangz(a)microsoft.com> Cc: Stephen Hemminger <sthemmin(a)microsoft.com> Cc: <Stable(a)vger.kernel.org> Signed-off-by: K. Y. Srinivasan <kys(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/hv/hv_kvp.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/hv/hv_kvp.c b/drivers/hv/hv_kvp.c index 023bd185d21a..a7513a8a8e37 100644 --- a/drivers/hv/hv_kvp.c +++ b/drivers/hv/hv_kvp.c @@ -353,7 +353,6 @@ static void process_ib_ipinfo(void *in_msg, void *out_msg, int op) out->body.kvp_ip_val.dhcp_enabled = in->kvp_ip_val.dhcp_enabled; - default: utf16s_to_utf8s((wchar_t *)in->kvp_ip_val.adapter_id, MAX_ADAPTER_ID_SIZE, UTF16_LITTLE_ENDIAN, @@ -406,7 +405,7 @@ kvp_send_key(struct work_struct *dummy) process_ib_ipinfo(in_msg, message, KVP_OP_SET_IP_INFO); break; case KVP_OP_GET_IP_INFO: - process_ib_ipinfo(in_msg, message, KVP_OP_GET_IP_INFO); + /* We only need to pass on message->kvp_hdr.operation. */ break; case KVP_OP_SET: switch (in_msg->body.kvp_set.data.value_type) { @@ -446,6 +445,9 @@ kvp_send_key(struct work_struct *dummy) break; } + + break; + case KVP_OP_GET: message->body.kvp_set.data.key_size = utf16s_to_utf8s( -- 2.19.0

7 years, 1 month

1
0
0 0

patch "Drivers: hv: vmbus: Use cpumask_var_t for on-stack cpu mask" added to char-misc-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled Drivers: hv: vmbus: Use cpumask_var_t for on-stack cpu mask to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the char-misc-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. >From 25355252607ca288f329ee033f387764883393f6 Mon Sep 17 00:00:00 2001 From: Dexuan Cui <decui(a)microsoft.com> Date: Sun, 23 Sep 2018 21:10:44 +0000 Subject: Drivers: hv: vmbus: Use cpumask_var_t for on-stack cpu mask MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit A cpumask structure on the stack can cause a warning with CONFIG_NR_CPUS=8192 (e.g. Ubuntu 16.04 and 18.04 use this): drivers/hv//channel_mgmt.c: In function ‘init_vp_index’: drivers/hv//channel_mgmt.c:702:1: warning: the frame size of 1032 bytes is larger than 1024 bytes [-Wframe-larger-than=] Nowadays it looks most distros enable CONFIG_CPUMASK_OFFSTACK=y, and hence we can work around the warning by using cpumask_var_t. Signed-off-by: Dexuan Cui <decui(a)microsoft.com> Cc: K. Y. Srinivasan <kys(a)microsoft.com> Cc: Haiyang Zhang <haiyangz(a)microsoft.com> Cc: Stephen Hemminger <sthemmin(a)microsoft.com> Cc: <Stable(a)vger.kernel.org> Signed-off-by: K. Y. Srinivasan <kys(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/hv/channel_mgmt.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/drivers/hv/channel_mgmt.c b/drivers/hv/channel_mgmt.c index 6f3e6af5e891..6277597d3d58 100644 --- a/drivers/hv/channel_mgmt.c +++ b/drivers/hv/channel_mgmt.c @@ -594,16 +594,18 @@ static void init_vp_index(struct vmbus_channel *channel, u16 dev_type) bool perf_chn = vmbus_devs[dev_type].perf_device; struct vmbus_channel *primary = channel->primary_channel; int next_node; - struct cpumask available_mask; + cpumask_var_t available_mask; struct cpumask *alloced_mask; if ((vmbus_proto_version == VERSION_WS2008) || - (vmbus_proto_version == VERSION_WIN7) || (!perf_chn)) { + (vmbus_proto_version == VERSION_WIN7) || (!perf_chn) || + !alloc_cpumask_var(&available_mask, GFP_KERNEL)) { /* * Prior to win8, all channel interrupts are * delivered on cpu 0. * Also if the channel is not a performance critical * channel, bind it to cpu 0. + * In case alloc_cpumask_var() fails, bind it to cpu 0. */ channel->numa_node = 0; channel->target_cpu = 0; @@ -641,7 +643,7 @@ static void init_vp_index(struct vmbus_channel *channel, u16 dev_type) cpumask_clear(alloced_mask); } - cpumask_xor(&available_mask, alloced_mask, + cpumask_xor(available_mask, alloced_mask, cpumask_of_node(primary->numa_node)); cur_cpu = -1; @@ -659,10 +661,10 @@ static void init_vp_index(struct vmbus_channel *channel, u16 dev_type) } while (true) { - cur_cpu = cpumask_next(cur_cpu, &available_mask); + cur_cpu = cpumask_next(cur_cpu, available_mask); if (cur_cpu >= nr_cpu_ids) { cur_cpu = -1; - cpumask_copy(&available_mask, + cpumask_copy(available_mask, cpumask_of_node(primary->numa_node)); continue; } @@ -692,6 +694,8 @@ static void init_vp_index(struct vmbus_channel *channel, u16 dev_type) channel->target_cpu = cur_cpu; channel->target_vp = hv_cpu_number_to_vp_number(cur_cpu); + + free_cpumask_var(available_mask); } static void vmbus_wait_for_unload(void) -- 2.19.0

7 years, 1 month

1
0
0 0

patch "w1: omap-hdq: fix missing bus unregister at removal" added to char-misc-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled w1: omap-hdq: fix missing bus unregister at removal to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the char-misc-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. >From a007734618fee1bf35556c04fa498d41d42c7301 Mon Sep 17 00:00:00 2001 From: Andreas Kemnade <andreas(a)kemnade.info> Date: Sat, 22 Sep 2018 21:20:54 +0200 Subject: w1: omap-hdq: fix missing bus unregister at removal The bus master was not removed after unloading the module or unbinding the driver. That lead to oopses like this [ 127.842987] Unable to handle kernel paging request at virtual address bf01d04c [ 127.850646] pgd = 70e3cd9a [ 127.853698] [bf01d04c] *pgd=8f908811, *pte=00000000, *ppte=00000000 [ 127.860412] Internal error: Oops: 80000007 [#1] PREEMPT SMP ARM [ 127.866668] Modules linked in: bq27xxx_battery overlay [last unloaded: omap_hdq] [ 127.874542] CPU: 0 PID: 1022 Comm: w1_bus_master1 Not tainted 4.19.0-rc4-00001-g2d51da718324 #12 [ 127.883819] Hardware name: Generic OMAP36xx (Flattened Device Tree) [ 127.890441] PC is at 0xbf01d04c [ 127.893798] LR is at w1_search_process_cb+0x4c/0xfc [ 127.898956] pc : [<bf01d04c>] lr : [<c05f9580>] psr: a0070013 [ 127.905609] sp : cf885f48 ip : bf01d04c fp : ddf1e11c [ 127.911132] r10: cf8fe040 r9 : c05f8d00 r8 : cf8fe040 [ 127.916656] r7 : 000000f0 r6 : cf8fe02c r5 : cf8fe000 r4 : cf8fe01c [ 127.923553] r3 : c05f8d00 r2 : 000000f0 r1 : cf8fe000 r0 : dde1ef10 [ 127.930450] Flags: NzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none [ 127.938018] Control: 10c5387d Table: 8f8f0019 DAC: 00000051 [ 127.944091] Process w1_bus_master1 (pid: 1022, stack limit = 0x9135699f) [ 127.951171] Stack: (0xcf885f48 to 0xcf886000) [ 127.955810] 5f40: cf8fe000 00000000 cf884000 cf8fe090 000003e8 c05f8d00 [ 127.964477] 5f60: dde5fc34 c05f9700 ddf1e100 ddf1e540 cf884000 cf8fe000 c05f9694 00000000 [ 127.973114] 5f80: dde5fc34 c01499a4 00000000 ddf1e540 c0149874 00000000 00000000 00000000 [ 127.981781] 5fa0: 00000000 00000000 00000000 c01010e8 00000000 00000000 00000000 00000000 [ 127.990447] 5fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 127.999114] 5fe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000 [ 128.007781] [<c05f9580>] (w1_search_process_cb) from [<c05f9700>] (w1_process+0x6c/0x118) [ 128.016479] [<c05f9700>] (w1_process) from [<c01499a4>] (kthread+0x130/0x148) [ 128.024047] [<c01499a4>] (kthread) from [<c01010e8>] (ret_from_fork+0x14/0x2c) [ 128.031677] Exception stack(0xcf885fb0 to 0xcf885ff8) [ 128.037017] 5fa0: 00000000 00000000 00000000 00000000 [ 128.045684] 5fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 128.054351] 5fe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 128.061340] Code: bad PC value [ 128.064697] ---[ end trace af066e33c0e14119 ]--- Cc: <stable(a)vger.kernel.org> Signed-off-by: Andreas Kemnade <andreas(a)kemnade.info> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/w1/masters/omap_hdq.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/w1/masters/omap_hdq.c b/drivers/w1/masters/omap_hdq.c index 83fc9aab34e8..3099052e1243 100644 --- a/drivers/w1/masters/omap_hdq.c +++ b/drivers/w1/masters/omap_hdq.c @@ -763,6 +763,8 @@ static int omap_hdq_remove(struct platform_device *pdev) /* remove module dependency */ pm_runtime_disable(&pdev->dev); + w1_remove_master_device(&omap_w1_master); + return 0; } -- 2.19.0

7 years, 1 month

1
0
0 0

+ mm-vmstat-skip-nr_tlb_remote_flush-properly.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly has been added to the -mm tree. Its filename is mm-vmstat-skip-nr_tlb_remote_flush-properly.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/mm-vmstat-skip-nr_tlb_remote_flush… and later at http://ozlabs.org/~akpm/mmotm/broken-out/mm-vmstat-skip-nr_tlb_remote_flush… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Jann Horn <jannh(a)google.com> Subject: mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly 5dd0b16cdaff ("mm/vmstat: Make NR_TLB_REMOTE_FLUSH_RECEIVED available even on UP") made the availability of the NR_TLB_REMOTE_FLUSH* counters inside the kernel unconditional to reduce #ifdef soup, but (either to avoid showing dummy zero counters to userspace, or because that code was missed) didn't update the vmstat_array, meaning that all following counters would be shown with incorrect values. This only affects kernel builds with CONFIG_VM_EVENT_COUNTERS=y && CONFIG_DEBUG_TLBFLUSH=y && CONFIG_SMP=n. Link: http://lkml.kernel.org/r/20181001143138.95119-2-jannh@google.com Fixes: 5dd0b16cdaff ("mm/vmstat: Make NR_TLB_REMOTE_FLUSH_RECEIVED available even on UP") Signed-off-by: Jann Horn <jannh(a)google.com> Reviewed-by: Kees Cook <keescook(a)chromium.org> Reviewed-by: Andrew Morton <akpm(a)linux-foundation.org> Cc: Davidlohr Bueso <dave(a)stgolabs.net> Cc: Oleg Nesterov <oleg(a)redhat.com> Cc: Christoph Lameter <clameter(a)sgi.com> Cc: Roman Gushchin <guro(a)fb.com> Cc: Kemi Wang <kemi.wang(a)intel.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Ingo Molnar <mingo(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/vmstat.c | 3 +++ 1 file changed, 3 insertions(+) --- a/mm/vmstat.c~mm-vmstat-skip-nr_tlb_remote_flush-properly +++ a/mm/vmstat.c @@ -1275,6 +1275,9 @@ const char * const vmstat_text[] = { #ifdef CONFIG_SMP "nr_tlb_remote_flush", "nr_tlb_remote_flush_received", +#else + "", /* nr_tlb_remote_flush */ + "", /* nr_tlb_remote_flush_received */ #endif /* CONFIG_SMP */ "nr_tlb_local_flush_all", "nr_tlb_local_flush_one", _ Patches currently in -mm which might be from jannh(a)google.com are proc-restrict-kernel-stack-dumps-to-root.patch mm-vmstat-fix-outdated-vmstat_text.patch mm-vmstat-skip-nr_tlb_remote_flush-properly.patch mm-vmstat-assert-that-vmstat_text-is-in-sync-with-stat_items_size.patch reiserfs-propagate-errors-from-fill_with_dentries-properly.patch

7 years, 1 month

1
0
0 0

FAILED: patch "[PATCH] powerpc/pseries: Fix unitialized timer reset on migration" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 8604895a34d92f5e186ceb931b0d1b384030ea3d Mon Sep 17 00:00:00 2001 From: Michael Bringmann <mwb(a)linux.vnet.ibm.com> Date: Thu, 20 Sep 2018 11:45:13 -0500 Subject: [PATCH] powerpc/pseries: Fix unitialized timer reset on migration After migration of a powerpc LPAR, the kernel executes code to update the system state to reflect new platform characteristics. Such changes include modifications to device tree properties provided to the system by PHYP. Property notifications received by the post_mobility_fixup() code are passed along to the kernel in general through a call to of_update_property() which in turn passes such events back to all modules through entries like the '.notifier_call' function within the NUMA module. When the NUMA module updates its state, it resets its event timer. If this occurs after a previous call to stop_topology_update() or on a system without VPHN enabled, the code runs into an unitialized timer structure and crashes. This patch adds a safety check along this path toward the problem code. An example crash log is as follows. ibmvscsi 30000081: Re-enabling adapter! ------------[ cut here ]------------ kernel BUG at kernel/time/timer.c:958! Oops: Exception in kernel mode, sig: 5 [#1] LE SMP NR_CPUS=2048 NUMA pSeries Modules linked in: nfsv3 nfs_acl nfs tcp_diag udp_diag inet_diag lockd unix_diag af_packet_diag netlink_diag grace fscache sunrpc xts vmx_crypto pseries_rng sg binfmt_misc ip_tables xfs libcrc32c sd_mod ibmvscsi ibmveth scsi_transport_srp dm_mirror dm_region_hash dm_log dm_mod CPU: 11 PID: 3067 Comm: drmgr Not tainted 4.17.0+ #179 ... NIP mod_timer+0x4c/0x400 LR reset_topology_timer+0x40/0x60 Call Trace: 0xc0000003f9407830 (unreliable) reset_topology_timer+0x40/0x60 dt_update_callback+0x100/0x120 notifier_call_chain+0x90/0x100 __blocking_notifier_call_chain+0x60/0x90 of_property_notify+0x90/0xd0 of_update_property+0x104/0x150 update_dt_property+0xdc/0x1f0 pseries_devicetree_update+0x2d0/0x510 post_mobility_fixup+0x7c/0xf0 migration_store+0xa4/0xc0 kobj_attr_store+0x30/0x60 sysfs_kf_write+0x64/0xa0 kernfs_fop_write+0x16c/0x240 __vfs_write+0x40/0x200 vfs_write+0xc8/0x240 ksys_write+0x5c/0x100 system_call+0x58/0x6c Fixes: 5d88aa85c00b ("powerpc/pseries: Update CPU maps when device tree is updated") Cc: stable(a)vger.kernel.org # v3.10+ Signed-off-by: Michael Bringmann <mwb(a)linux.vnet.ibm.com> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> diff --git a/arch/powerpc/mm/numa.c b/arch/powerpc/mm/numa.c index 35ac5422903a..b5a71baedbc2 100644 --- a/arch/powerpc/mm/numa.c +++ b/arch/powerpc/mm/numa.c @@ -1452,7 +1452,8 @@ static struct timer_list topology_timer; static void reset_topology_timer(void) { - mod_timer(&topology_timer, jiffies + topology_timer_secs * HZ); + if (vphn_enabled) + mod_timer(&topology_timer, jiffies + topology_timer_secs * HZ); } #ifdef CONFIG_SMP

7 years, 1 month

3
6
0 0

patch "usb: typec: tcpm: Fix APDO PPS order checking to be based on voltage" added to usb-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: typec: tcpm: Fix APDO PPS order checking to be based on voltage to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the usb-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. >From 1b6af2f58c2b1522e0804b150ca95e50a9e80ea7 Mon Sep 17 00:00:00 2001 From: Adam Thomson <Adam.Thomson.Opensource(a)diasemi.com> Date: Fri, 21 Sep 2018 16:04:11 +0100 Subject: usb: typec: tcpm: Fix APDO PPS order checking to be based on voltage Current code mistakenly checks against max current to determine order but this should be max voltage. This commit fixes the issue so order is correctly determined, thus avoiding failure based on a higher voltage PPS APDO having a lower maximum current output, which is actually valid. Fixes: 2eadc33f40d4 ("typec: tcpm: Add core support for sink side PPS") Cc: <stable(a)vger.kernel.org> Signed-off-by: Adam Thomson <Adam.Thomson.Opensource(a)diasemi.com> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Reviewed-by: Guenter Roeck <linux(a)roeck-us.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/typec/tcpm/tcpm.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index 4f1f4215f3d6..c11b3befa87f 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -1430,8 +1430,8 @@ static enum pdo_err tcpm_caps_err(struct tcpm_port *port, const u32 *pdo, if (pdo_apdo_type(pdo[i]) != APDO_TYPE_PPS) break; - if (pdo_pps_apdo_max_current(pdo[i]) < - pdo_pps_apdo_max_current(pdo[i - 1])) + if (pdo_pps_apdo_max_voltage(pdo[i]) < + pdo_pps_apdo_max_voltage(pdo[i - 1])) return PDO_ERR_PPS_APDO_NOT_SORTED; else if (pdo_pps_apdo_min_voltage(pdo[i]) == pdo_pps_apdo_min_voltage(pdo[i - 1]) && -- 2.19.0

7 years, 1 month

1
0
0 0

[PATCH 3.18-stable] arm64: KVM: Sanitize PSTATE.M when being set from userspace

by Marc Zyngier

commit 2a3f93459d689d990b3ecfbe782fec89b97d3279 upstream. Not all execution modes are valid for a guest, and some of them depend on what the HW actually supports. Let's verify that what userspace provides is compatible with both the VM settings and the HW capabilities. Cc: <stable(a)vger.kernel.org> Fixes: 0d854a60b1d7 ("arm64: KVM: enable initialization of a 32bit vcpu") Reviewed-by: Christoffer Dall <christoffer.dall(a)arm.com> Reviewed-by: Mark Rutland <mark.rutland(a)arm.com> Reviewed-by: Dave Martin <Dave.Martin(a)arm.com> Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> --- arch/arm64/include/asm/kvm_emulate.h | 5 +++++ arch/arm64/kvm/guest.c | 10 +++++++++- 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/arch/arm64/include/asm/kvm_emulate.h b/arch/arm64/include/asm/kvm_emulate.h index 865a7e28ea2d..3d0098d7b47e 100644 --- a/arch/arm64/include/asm/kvm_emulate.h +++ b/arch/arm64/include/asm/kvm_emulate.h @@ -38,6 +38,11 @@ void kvm_inject_undefined(struct kvm_vcpu *vcpu); void kvm_inject_dabt(struct kvm_vcpu *vcpu, unsigned long addr); void kvm_inject_pabt(struct kvm_vcpu *vcpu, unsigned long addr); +static inline bool vcpu_el1_is_32bit(struct kvm_vcpu *vcpu) +{ + return !(vcpu->arch.hcr_el2 & HCR_RW); +} + static inline void vcpu_reset_hcr(struct kvm_vcpu *vcpu) { vcpu->arch.hcr_el2 = HCR_GUEST_FLAGS; diff --git a/arch/arm64/kvm/guest.c b/arch/arm64/kvm/guest.c index 5d93c9f24847..286453f462df 100644 --- a/arch/arm64/kvm/guest.c +++ b/arch/arm64/kvm/guest.c @@ -141,17 +141,25 @@ static int set_core_reg(struct kvm_vcpu *vcpu, const struct kvm_one_reg *reg) } if (off == KVM_REG_ARM_CORE_REG(regs.pstate)) { - u32 mode = (*(u32 *)valp) & COMPAT_PSR_MODE_MASK; + u64 mode = (*(u64 *)valp) & COMPAT_PSR_MODE_MASK; switch (mode) { case COMPAT_PSR_MODE_USR: + if ((read_cpuid(ID_AA64PFR0_EL1) & 0xf) != 2) + return -EINVAL; + break; case COMPAT_PSR_MODE_FIQ: case COMPAT_PSR_MODE_IRQ: case COMPAT_PSR_MODE_SVC: case COMPAT_PSR_MODE_ABT: case COMPAT_PSR_MODE_UND: + if (!vcpu_el1_is_32bit(vcpu)) + return -EINVAL; + break; case PSR_MODE_EL0t: case PSR_MODE_EL1t: case PSR_MODE_EL1h: + if (vcpu_el1_is_32bit(vcpu)) + return -EINVAL; break; default: err = -EINVAL; -- 2.19.0

7 years, 1 month

2
1
0 0

[PATCH 4.4-stable 0/2] arm64: KVM: PSTATE.M sanitization

by Marc Zyngier

This is a backport of 2a3f93459d689d990b3ecfbe782fec89b97d3279 ("arm64: KVM: Sanitize PSTATE.M when being set from userspace") to 4.4-stable. It requires a backport of 042446a31e3803d81c7e618dd80928dc3dce70c5 ("arm64: cpufeature: Track 32bit EL0 support") as a dependency. Marc Zyngier (1): arm64: KVM: Sanitize PSTATE.M when being set from userspace Suzuki K Poulose (1): arm64: cpufeature: Track 32bit EL0 support arch/arm64/include/asm/cpufeature.h | 8 +++++++- arch/arm64/include/asm/kvm_emulate.h | 5 +++++ arch/arm64/include/asm/sysreg.h | 1 + arch/arm64/kernel/cpufeature.c | 8 ++++++++ arch/arm64/kvm/guest.c | 10 +++++++++- 5 files changed, 30 insertions(+), 2 deletions(-) -- 2.19.0

7 years, 1 month

2
3
0 0

[PATCH RESEND] scsi: sg: Prevent potential double frees in sg driver

by Evan Green

From: Robb Glasser <rglasser(a)google.com> sg_ioctl could be spammed by requests, leading to a double free in __free_pages. This protects the entry points of sg_ioctl where the memory could be corrupted by a double call to __free_pages if multiple requests are happening concurrently. Signed-off-by: Robb Glasser <rglasser(a)google.com> Signed-off-by: Nick Desaulniers <ndesaulniers(a)google.com> Signed-off-by: Evan Green <evgreen(a)chromium.org> Cc: stable(a)vger.kernel.org --- Reposting this patch from last summer, as it looks like it fell in between the cracks. drivers/scsi/sg.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c index 8a254bb46a9b..25579d8a16b5 100644 --- a/drivers/scsi/sg.c +++ b/drivers/scsi/sg.c @@ -924,8 +924,10 @@ sg_ioctl(struct file *filp, unsigned int cmd_in, unsigned long arg) return -ENXIO; if (!access_ok(VERIFY_WRITE, p, SZ_SG_IO_HDR)) return -EFAULT; + mutex_lock(&sfp->parentdp->open_rel_lock); result = sg_new_write(sfp, filp, p, SZ_SG_IO_HDR, 1, read_only, 1, &srp); + mutex_unlock(&sfp->parentdp->open_rel_lock); if (result < 0) return result; result = wait_event_interruptible(sfp->read_wait, -- 2.19.0.605.g01d371f741-goog

7 years, 1 month

4
4
0 0

[PATCH 4.9-stable] arm64: KVM: Sanitize PSTATE.M when being set from userspace

by Marc Zyngier

commit 2a3f93459d689d990b3ecfbe782fec89b97d3279 upstream. Not all execution modes are valid for a guest, and some of them depend on what the HW actually supports. Let's verify that what userspace provides is compatible with both the VM settings and the HW capabilities. Cc: <stable(a)vger.kernel.org> Fixes: 0d854a60b1d7 ("arm64: KVM: enable initialization of a 32bit vcpu") Reviewed-by: Christoffer Dall <christoffer.dall(a)arm.com> Reviewed-by: Mark Rutland <mark.rutland(a)arm.com> Reviewed-by: Dave Martin <Dave.Martin(a)arm.com> Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> --- arch/arm64/include/asm/kvm_emulate.h | 5 +++++ arch/arm64/kvm/guest.c | 10 +++++++++- 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/arch/arm64/include/asm/kvm_emulate.h b/arch/arm64/include/asm/kvm_emulate.h index fe39e6841326..ba0d52c22b50 100644 --- a/arch/arm64/include/asm/kvm_emulate.h +++ b/arch/arm64/include/asm/kvm_emulate.h @@ -42,6 +42,11 @@ void kvm_inject_vabt(struct kvm_vcpu *vcpu); void kvm_inject_dabt(struct kvm_vcpu *vcpu, unsigned long addr); void kvm_inject_pabt(struct kvm_vcpu *vcpu, unsigned long addr); +static inline bool vcpu_el1_is_32bit(struct kvm_vcpu *vcpu) +{ + return !(vcpu->arch.hcr_el2 & HCR_RW); +} + static inline void vcpu_reset_hcr(struct kvm_vcpu *vcpu) { vcpu->arch.hcr_el2 = HCR_GUEST_FLAGS; diff --git a/arch/arm64/kvm/guest.c b/arch/arm64/kvm/guest.c index d3e0a2ffb383..1239126428b9 100644 --- a/arch/arm64/kvm/guest.c +++ b/arch/arm64/kvm/guest.c @@ -107,17 +107,25 @@ static int set_core_reg(struct kvm_vcpu *vcpu, const struct kvm_one_reg *reg) } if (off == KVM_REG_ARM_CORE_REG(regs.pstate)) { - u32 mode = (*(u32 *)valp) & COMPAT_PSR_MODE_MASK; + u64 mode = (*(u64 *)valp) & COMPAT_PSR_MODE_MASK; switch (mode) { case COMPAT_PSR_MODE_USR: + if (!system_supports_32bit_el0()) + return -EINVAL; + break; case COMPAT_PSR_MODE_FIQ: case COMPAT_PSR_MODE_IRQ: case COMPAT_PSR_MODE_SVC: case COMPAT_PSR_MODE_ABT: case COMPAT_PSR_MODE_UND: + if (!vcpu_el1_is_32bit(vcpu)) + return -EINVAL; + break; case PSR_MODE_EL0t: case PSR_MODE_EL1t: case PSR_MODE_EL1h: + if (vcpu_el1_is_32bit(vcpu)) + return -EINVAL; break; default: err = -EINVAL; -- 2.19.0

7 years, 1 month

1
0
0 0

[PATCH 4.14-stable] arm64: KVM: Sanitize PSTATE.M when being set from userspace

by Marc Zyngier

commit 2a3f93459d689d990b3ecfbe782fec89b97d3279 upstream. Not all execution modes are valid for a guest, and some of them depend on what the HW actually supports. Let's verify that what userspace provides is compatible with both the VM settings and the HW capabilities. Cc: <stable(a)vger.kernel.org> Fixes: 0d854a60b1d7 ("arm64: KVM: enable initialization of a 32bit vcpu") Reviewed-by: Christoffer Dall <christoffer.dall(a)arm.com> Reviewed-by: Mark Rutland <mark.rutland(a)arm.com> Reviewed-by: Dave Martin <Dave.Martin(a)arm.com> Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> --- arch/arm64/include/asm/kvm_emulate.h | 5 +++++ arch/arm64/kvm/guest.c | 10 +++++++++- 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/arch/arm64/include/asm/kvm_emulate.h b/arch/arm64/include/asm/kvm_emulate.h index e5df3fce0008..2b55aee7c051 100644 --- a/arch/arm64/include/asm/kvm_emulate.h +++ b/arch/arm64/include/asm/kvm_emulate.h @@ -42,6 +42,11 @@ void kvm_inject_vabt(struct kvm_vcpu *vcpu); void kvm_inject_dabt(struct kvm_vcpu *vcpu, unsigned long addr); void kvm_inject_pabt(struct kvm_vcpu *vcpu, unsigned long addr); +static inline bool vcpu_el1_is_32bit(struct kvm_vcpu *vcpu) +{ + return !(vcpu->arch.hcr_el2 & HCR_RW); +} + static inline void vcpu_reset_hcr(struct kvm_vcpu *vcpu) { vcpu->arch.hcr_el2 = HCR_GUEST_FLAGS; diff --git a/arch/arm64/kvm/guest.c b/arch/arm64/kvm/guest.c index 3f4817dd69ae..76d27edf33cb 100644 --- a/arch/arm64/kvm/guest.c +++ b/arch/arm64/kvm/guest.c @@ -152,17 +152,25 @@ static int set_core_reg(struct kvm_vcpu *vcpu, const struct kvm_one_reg *reg) } if (off == KVM_REG_ARM_CORE_REG(regs.pstate)) { - u32 mode = (*(u32 *)valp) & COMPAT_PSR_MODE_MASK; + u64 mode = (*(u64 *)valp) & COMPAT_PSR_MODE_MASK; switch (mode) { case COMPAT_PSR_MODE_USR: + if (!system_supports_32bit_el0()) + return -EINVAL; + break; case COMPAT_PSR_MODE_FIQ: case COMPAT_PSR_MODE_IRQ: case COMPAT_PSR_MODE_SVC: case COMPAT_PSR_MODE_ABT: case COMPAT_PSR_MODE_UND: + if (!vcpu_el1_is_32bit(vcpu)) + return -EINVAL; + break; case PSR_MODE_EL0t: case PSR_MODE_EL1t: case PSR_MODE_EL1h: + if (vcpu_el1_is_32bit(vcpu)) + return -EINVAL; break; default: err = -EINVAL; -- 2.19.0

7 years, 1 month

1
0
0 0

[PATCH 4.18-stable] arm64: KVM: Sanitize PSTATE.M when being set from userspace

by Marc Zyngier

commit 2a3f93459d689d990b3ecfbe782fec89b97d3279 upstream. Not all execution modes are valid for a guest, and some of them depend on what the HW actually supports. Let's verify that what userspace provides is compatible with both the VM settings and the HW capabilities. Cc: <stable(a)vger.kernel.org> Fixes: 0d854a60b1d7 ("arm64: KVM: enable initialization of a 32bit vcpu") Reviewed-by: Christoffer Dall <christoffer.dall(a)arm.com> Reviewed-by: Mark Rutland <mark.rutland(a)arm.com> Reviewed-by: Dave Martin <Dave.Martin(a)arm.com> Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> --- arch/arm64/kvm/guest.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/arch/arm64/kvm/guest.c b/arch/arm64/kvm/guest.c index 4a177629862b..d5c6bb1562d8 100644 --- a/arch/arm64/kvm/guest.c +++ b/arch/arm64/kvm/guest.c @@ -152,17 +152,25 @@ static int set_core_reg(struct kvm_vcpu *vcpu, const struct kvm_one_reg *reg) } if (off == KVM_REG_ARM_CORE_REG(regs.pstate)) { - u32 mode = (*(u32 *)valp) & COMPAT_PSR_MODE_MASK; + u64 mode = (*(u64 *)valp) & COMPAT_PSR_MODE_MASK; switch (mode) { case COMPAT_PSR_MODE_USR: + if (!system_supports_32bit_el0()) + return -EINVAL; + break; case COMPAT_PSR_MODE_FIQ: case COMPAT_PSR_MODE_IRQ: case COMPAT_PSR_MODE_SVC: case COMPAT_PSR_MODE_ABT: case COMPAT_PSR_MODE_UND: + if (!vcpu_el1_is_32bit(vcpu)) + return -EINVAL; + break; case PSR_MODE_EL0t: case PSR_MODE_EL1t: case PSR_MODE_EL1h: + if (vcpu_el1_is_32bit(vcpu)) + return -EINVAL; break; default: err = -EINVAL; -- 2.19.0

7 years, 1 month

1
0
0 0

FAILED: patch "[PATCH] powerpc/pseries: Fix unitialized timer reset on migration" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 8604895a34d92f5e186ceb931b0d1b384030ea3d Mon Sep 17 00:00:00 2001 From: Michael Bringmann <mwb(a)linux.vnet.ibm.com> Date: Thu, 20 Sep 2018 11:45:13 -0500 Subject: [PATCH] powerpc/pseries: Fix unitialized timer reset on migration After migration of a powerpc LPAR, the kernel executes code to update the system state to reflect new platform characteristics. Such changes include modifications to device tree properties provided to the system by PHYP. Property notifications received by the post_mobility_fixup() code are passed along to the kernel in general through a call to of_update_property() which in turn passes such events back to all modules through entries like the '.notifier_call' function within the NUMA module. When the NUMA module updates its state, it resets its event timer. If this occurs after a previous call to stop_topology_update() or on a system without VPHN enabled, the code runs into an unitialized timer structure and crashes. This patch adds a safety check along this path toward the problem code. An example crash log is as follows. ibmvscsi 30000081: Re-enabling adapter! ------------[ cut here ]------------ kernel BUG at kernel/time/timer.c:958! Oops: Exception in kernel mode, sig: 5 [#1] LE SMP NR_CPUS=2048 NUMA pSeries Modules linked in: nfsv3 nfs_acl nfs tcp_diag udp_diag inet_diag lockd unix_diag af_packet_diag netlink_diag grace fscache sunrpc xts vmx_crypto pseries_rng sg binfmt_misc ip_tables xfs libcrc32c sd_mod ibmvscsi ibmveth scsi_transport_srp dm_mirror dm_region_hash dm_log dm_mod CPU: 11 PID: 3067 Comm: drmgr Not tainted 4.17.0+ #179 ... NIP mod_timer+0x4c/0x400 LR reset_topology_timer+0x40/0x60 Call Trace: 0xc0000003f9407830 (unreliable) reset_topology_timer+0x40/0x60 dt_update_callback+0x100/0x120 notifier_call_chain+0x90/0x100 __blocking_notifier_call_chain+0x60/0x90 of_property_notify+0x90/0xd0 of_update_property+0x104/0x150 update_dt_property+0xdc/0x1f0 pseries_devicetree_update+0x2d0/0x510 post_mobility_fixup+0x7c/0xf0 migration_store+0xa4/0xc0 kobj_attr_store+0x30/0x60 sysfs_kf_write+0x64/0xa0 kernfs_fop_write+0x16c/0x240 __vfs_write+0x40/0x200 vfs_write+0xc8/0x240 ksys_write+0x5c/0x100 system_call+0x58/0x6c Fixes: 5d88aa85c00b ("powerpc/pseries: Update CPU maps when device tree is updated") Cc: stable(a)vger.kernel.org # v3.10+ Signed-off-by: Michael Bringmann <mwb(a)linux.vnet.ibm.com> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> diff --git a/arch/powerpc/mm/numa.c b/arch/powerpc/mm/numa.c index 35ac5422903a..b5a71baedbc2 100644 --- a/arch/powerpc/mm/numa.c +++ b/arch/powerpc/mm/numa.c @@ -1452,7 +1452,8 @@ static struct timer_list topology_timer; static void reset_topology_timer(void) { - mod_timer(&topology_timer, jiffies + topology_timer_secs * HZ); + if (vphn_enabled) + mod_timer(&topology_timer, jiffies + topology_timer_secs * HZ); } #ifdef CONFIG_SMP

7 years, 1 month

1
0
0 0

FAILED: patch "[PATCH] powerpc/pseries: Fix unitialized timer reset on migration" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 8604895a34d92f5e186ceb931b0d1b384030ea3d Mon Sep 17 00:00:00 2001 From: Michael Bringmann <mwb(a)linux.vnet.ibm.com> Date: Thu, 20 Sep 2018 11:45:13 -0500 Subject: [PATCH] powerpc/pseries: Fix unitialized timer reset on migration After migration of a powerpc LPAR, the kernel executes code to update the system state to reflect new platform characteristics. Such changes include modifications to device tree properties provided to the system by PHYP. Property notifications received by the post_mobility_fixup() code are passed along to the kernel in general through a call to of_update_property() which in turn passes such events back to all modules through entries like the '.notifier_call' function within the NUMA module. When the NUMA module updates its state, it resets its event timer. If this occurs after a previous call to stop_topology_update() or on a system without VPHN enabled, the code runs into an unitialized timer structure and crashes. This patch adds a safety check along this path toward the problem code. An example crash log is as follows. ibmvscsi 30000081: Re-enabling adapter! ------------[ cut here ]------------ kernel BUG at kernel/time/timer.c:958! Oops: Exception in kernel mode, sig: 5 [#1] LE SMP NR_CPUS=2048 NUMA pSeries Modules linked in: nfsv3 nfs_acl nfs tcp_diag udp_diag inet_diag lockd unix_diag af_packet_diag netlink_diag grace fscache sunrpc xts vmx_crypto pseries_rng sg binfmt_misc ip_tables xfs libcrc32c sd_mod ibmvscsi ibmveth scsi_transport_srp dm_mirror dm_region_hash dm_log dm_mod CPU: 11 PID: 3067 Comm: drmgr Not tainted 4.17.0+ #179 ... NIP mod_timer+0x4c/0x400 LR reset_topology_timer+0x40/0x60 Call Trace: 0xc0000003f9407830 (unreliable) reset_topology_timer+0x40/0x60 dt_update_callback+0x100/0x120 notifier_call_chain+0x90/0x100 __blocking_notifier_call_chain+0x60/0x90 of_property_notify+0x90/0xd0 of_update_property+0x104/0x150 update_dt_property+0xdc/0x1f0 pseries_devicetree_update+0x2d0/0x510 post_mobility_fixup+0x7c/0xf0 migration_store+0xa4/0xc0 kobj_attr_store+0x30/0x60 sysfs_kf_write+0x64/0xa0 kernfs_fop_write+0x16c/0x240 __vfs_write+0x40/0x200 vfs_write+0xc8/0x240 ksys_write+0x5c/0x100 system_call+0x58/0x6c Fixes: 5d88aa85c00b ("powerpc/pseries: Update CPU maps when device tree is updated") Cc: stable(a)vger.kernel.org # v3.10+ Signed-off-by: Michael Bringmann <mwb(a)linux.vnet.ibm.com> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> diff --git a/arch/powerpc/mm/numa.c b/arch/powerpc/mm/numa.c index 35ac5422903a..b5a71baedbc2 100644 --- a/arch/powerpc/mm/numa.c +++ b/arch/powerpc/mm/numa.c @@ -1452,7 +1452,8 @@ static struct timer_list topology_timer; static void reset_topology_timer(void) { - mod_timer(&topology_timer, jiffies + topology_timer_secs * HZ); + if (vphn_enabled) + mod_timer(&topology_timer, jiffies + topology_timer_secs * HZ); } #ifdef CONFIG_SMP

7 years, 1 month

1
0
0 0

FAILED: patch "[PATCH] powerpc: Avoid code patching freed init sections" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 51c3c62b58b357e8d35e4cc32f7b4ec907426fe3 Mon Sep 17 00:00:00 2001 From: Michael Neuling <mikey(a)neuling.org> Date: Fri, 14 Sep 2018 11:14:11 +1000 Subject: [PATCH] powerpc: Avoid code patching freed init sections This stops us from doing code patching in init sections after they've been freed. In this chain: kvm_guest_init() -> kvm_use_magic_page() -> fault_in_pages_readable() -> __get_user() -> __get_user_nocheck() -> barrier_nospec(); We have a code patching location at barrier_nospec() and kvm_guest_init() is an init function. This whole chain gets inlined, so when we free the init section (hence kvm_guest_init()), this code goes away and hence should no longer be patched. We seen this as userspace memory corruption when using a memory checker while doing partition migration testing on powervm (this starts the code patching post migration via /sys/kernel/mobility/migration). In theory, it could also happen when using /sys/kernel/debug/powerpc/barrier_nospec. Cc: stable(a)vger.kernel.org # 4.13+ Signed-off-by: Michael Neuling <mikey(a)neuling.org> Reviewed-by: Nicholas Piggin <npiggin(a)gmail.com> Reviewed-by: Christophe Leroy <christophe.leroy(a)c-s.fr> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> diff --git a/arch/powerpc/include/asm/setup.h b/arch/powerpc/include/asm/setup.h index 1a951b00465d..1fffbba8d6a5 100644 --- a/arch/powerpc/include/asm/setup.h +++ b/arch/powerpc/include/asm/setup.h @@ -9,6 +9,7 @@ extern void ppc_printk_progress(char *s, unsigned short hex); extern unsigned int rtas_data; extern unsigned long long memory_limit; +extern bool init_mem_is_free; extern unsigned long klimit; extern void *zalloc_maybe_bootmem(size_t size, gfp_t mask); diff --git a/arch/powerpc/lib/code-patching.c b/arch/powerpc/lib/code-patching.c index 850f3b8f4da5..6ae2777c220d 100644 --- a/arch/powerpc/lib/code-patching.c +++ b/arch/powerpc/lib/code-patching.c @@ -28,6 +28,12 @@ static int __patch_instruction(unsigned int *exec_addr, unsigned int instr, { int err; + /* Make sure we aren't patching a freed init section */ + if (init_mem_is_free && init_section_contains(exec_addr, 4)) { + pr_debug("Skipping init section patching addr: 0x%px\n", exec_addr); + return 0; + } + __put_user_size(instr, patch_addr, 4, err); if (err) return err; diff --git a/arch/powerpc/mm/mem.c b/arch/powerpc/mm/mem.c index 5c8530d0c611..04ccb274a620 100644 --- a/arch/powerpc/mm/mem.c +++ b/arch/powerpc/mm/mem.c @@ -63,6 +63,7 @@ #endif unsigned long long memory_limit; +bool init_mem_is_free; #ifdef CONFIG_HIGHMEM pte_t *kmap_pte; @@ -396,6 +397,7 @@ void free_initmem(void) { ppc_md.progress = ppc_printk_progress; mark_initmem_nx(); + init_mem_is_free = true; free_initmem_default(POISON_FREE_INITMEM); }

7 years, 1 month

1
0
0 0

[GIT PULL] commits for Linux 4.18

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.18 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 2f411a0873a9daa20ae16cf5879d11bbea267582: Linux 4.18.11 (2018-09-29 02:56:03 -0700) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.18-01102018 for you to fetch changes up to f117a21eb2c294b9c1858bfdcc3323cf1d8256f7: x86/pti: Fix section mismatch warning/error (2018-09-29 13:00:48 -0400) - ---------------------------------------------------------------- for-greg-4.18-01102018 - ---------------------------------------------------------------- Akshu Agrawal (1): clk: x86: Set default parent to 48Mhz Anirudh Venkataramanan (3): ice: Fix multiple static analyser warnings ice: Fix bugs in control queue processing ice: Fix a few null pointer dereference issues Anson Huang (1): thermal: of-thermal: disable passive polling when thermal zone is disabled Bo Chen (2): e1000: check on netif_running() before calling e1000_up() e1000: ensure to free old tx/rx rings in set_ringparam() Brett Creeley (1): ice: Set VLAN flags correctly Christian KÃ¶nig (2): drm/amdgpu: fix VM clearing for the root PD drm/amdgpu: fix preamble handling Dan Carpenter (1): hwmon: (adt7475) Make adt7475_read_word() return errors Daniel Borkmann (2): bpf, sockmap: fix sock_hash_alloc and reject zero-sized keys bpf, sockmap: fix sock hash count in alloc_sock_hash_elem Emily Deng (2): amdgpu: fix multi-process hang issue drm/amdgpu: Need to set moved to true when evict bo Eric Sandeen (1): isofs: reject hardware sector size > 2048 bytes Ganesh Goudar (1): crypto: chtls - fix null dereference chtls_free_uld() Huazhong Tan (3): net: hns: fix length and page_offset overflow when CONFIG_ARM64_64K_PAGES net: hns: fix skb->truesize underestimation net: hns3: fix page_offset overflow when CONFIG_ARM64_64K_PAGES Jacob Keller (3): ice: Report stats for allocated queues via ethtool stats ice: Use order_base_2 to calculate higher power of 2 i40e: fix condition of WARN_ONCE for stat strings James Smart (1): nvme-fcloop: Fix dropped LS's to removed target port Jesse Brandeburg (1): ice: Fix potential return of uninitialized value John Fastabend (2): tls: possible hang when do_tcp_sendpages hits sndbuf is full case bpf: sockmap: write_space events need to be passed to TCP handler Kevin Yang (2): tcp_bbr: add bbr_check_probe_rtt_done() helper tcp_bbr: in restart from idle, see if we should exit PROBE_RTT Leonard Crestez (1): Revert "ARM: dts: imx7d: Invert legacy PCI irq mapping" Linus Walleij (1): ata: ftide010: Add a quirk for SQ201 Lothar Felten (1): hwmon: (ina2xx) fix sysfs shunt resistor read access Ludovic Desroches (2): mmc: atmel-mci: fix bad logic of sg_copy_{from,to}_buffer conversion mmc: android-goldfish: fix bad logic of sg_copy_{from,to}_buffer conversion Marc Zyngier (2): arm/arm64: smccc-1.1: Make return values unsigned long arm/arm64: smccc-1.1: Handle function result as parameters Martyna Szapar (1): i40e: Fix for Tx timeouts when interface is brought up if DCB is enabled Mika Westerberg (1): i2c: i801: Allow ACPI AML access I/O ports not reserved for SMBus Pavel Machek (1): ARM: dts: omap4-droid4: fix vibrations on Droid 4 Preethi Banala (1): ice: Clean control queues only when they are initialized Quentin Monnet (1): tools: bpftool: return from do_event_pipe() on bad arguments Randy Dunlap (1): x86/pti: Fix section mismatch warning/error Rex Zhu (2): drm/amdgpu: Enable/disable gfx PG feature in rlc safe mode drm/amdgpu: Update power state at the end of smu hw_init. Samuel Mendoza-Jonas (1): net/ncsi: Fixup .dumpit message flags and ID check in Netlink handler Sebastian Basierski (1): ixgbe: fix driver behaviour after issuing VFLR Srikanth Jampala (1): crypto: cavium/nitrox - fix for command corruption in queue full case with backlog submissions. Tomer Tayar (4): qed: Wait for ready indication before rereading the shmem qed: Wait for MCP halt and resume commands to take place qed: Prevent a possible deadlock during driver load and unload qed: Avoid sending mailbox commands when MFW is not responsive Tony Lindgren (5): ARM: OMAP2+: Fix null hwmod for ti-sysc debug ARM: OMAP2+: Fix module address for modules using mpu_rt_idx bus: ti-sysc: Fix module register ioremap for larger offsets bus: ti-sysc: Fix no_console_suspend handling ARM: dts: omap4-droid4: Fix emmc errors seen on some devices Documentation/hwmon/ina2xx | 2 +- arch/arm/boot/dts/imx7d.dtsi | 12 +- arch/arm/boot/dts/omap4-droid4-xt894.dts | 20 +-- arch/arm/mach-omap2/omap_hwmod.c | 39 ++++- arch/x86/mm/pti.c | 2 +- drivers/ata/pata_ftide010.c | 27 ++-- drivers/bus/ti-sysc.c | 37 +++-- drivers/clk/x86/clk-st.c | 2 +- drivers/crypto/cavium/nitrox/nitrox_dev.h | 3 +- drivers/crypto/cavium/nitrox/nitrox_lib.c | 1 + drivers/crypto/cavium/nitrox/nitrox_reqmgr.c | 57 ++++--- drivers/crypto/chelsio/chtls/chtls.h | 5 + drivers/crypto/chelsio/chtls/chtls_main.c | 7 +- drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 16 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ib.c | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 3 +- drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c | 11 +- drivers/gpu/drm/amd/amdgpu/kv_dpm.c | 4 +- drivers/gpu/drm/amd/amdgpu/si_dpm.c | 3 +- drivers/hwmon/adt7475.c | 14 +- drivers/hwmon/ina2xx.c | 13 +- drivers/i2c/busses/i2c-i801.c | 9 +- drivers/mmc/host/android-goldfish.c | 4 +- drivers/mmc/host/atmel-mci.c | 12 +- drivers/net/ethernet/hisilicon/hns/hnae.h | 6 +- drivers/net/ethernet/hisilicon/hns/hns_enet.c | 2 +- drivers/net/ethernet/hisilicon/hns3/hns3_enet.h | 6 +- drivers/net/ethernet/intel/e1000/e1000_ethtool.c | 7 +- drivers/net/ethernet/intel/i40e/i40e_ethtool.c | 2 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 15 +- drivers/net/ethernet/intel/ice/ice.h | 7 + drivers/net/ethernet/intel/ice/ice_adminq_cmd.h | 25 +-- drivers/net/ethernet/intel/ice/ice_common.c | 27 ++-- drivers/net/ethernet/intel/ice/ice_controlq.c | 29 ++-- drivers/net/ethernet/intel/ice/ice_ethtool.c | 52 +++++-- drivers/net/ethernet/intel/ice/ice_main.c | 98 +++++++----- drivers/net/ethernet/intel/ice/ice_switch.c | 4 +- drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 26 ++++ drivers/net/ethernet/intel/ixgbe/ixgbe_type.h | 1 + drivers/net/ethernet/qlogic/qed/qed_mcp.c | 187 +++++++++++++++++++---- drivers/net/ethernet/qlogic/qed/qed_mcp.h | 27 ++-- drivers/net/ethernet/qlogic/qed/qed_reg_addr.h | 2 + drivers/nvme/target/fcloop.c | 3 +- drivers/thermal/of-thermal.c | 7 +- fs/isofs/inode.c | 7 + include/linux/arm-smccc.h | 38 +++-- include/linux/platform_data/ina2xx.h | 2 +- kernel/bpf/sockmap.c | 11 +- net/ipv4/tcp_bbr.c | 38 +++-- net/ncsi/ncsi-netlink.c | 4 +- net/tls/tls_main.c | 9 +- tools/bpf/bpftool/map_perf_ring.c | 5 +- 52 files changed, 662 insertions(+), 291 deletions(-) -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAluywpsACgkQ3qZv95d3 LNx9WBAAvcn2Gvpjl2YxDGayv1KJBfdF1pT4HGnuqc8IvasHy8gC2xlQOArwtuHw OUE6h2Qk7ysGUpSGa4nfCVGfWRBxLMThW7028Uyd8SxUschbHH0YNuxi9uRZiGot C8Ukc2q5MNs8R59aWX9lBIhW+dJUtLrwdKnqDeRujP5k3ufOOo6S/IobQCnoP3Cj DHZClDCjtpaGgvpuYInlAOysEjUst6dV5NKb8th8dUTNoj+aQ9SUevbepIZfeoxx Qt79dyx97S3LW7ULCFt5PlUwtcYZ1l/nXvj3RMnu3t644iT/SWO8M/mljwgPznu5 EwSiaHnu3vylI93/t9t3W77UcS54KeyjtIQ4hctaoN8vVK98uIA0cjFBfj/ZkOeZ 2nmAoKxsLImB5dApVqdUiURXtqHKn06Ql4AtgJ4Y+5nyjDz7bCS1jBcIcS77zjNT 0Ac6dhfHoWQTQR4JaEVCft3tOxA3962sN7gIAJgGOFBYB4nUpjtfo2tCqTH+ybYj zIhLbI09p5xWUEVs3LDvNIlATf55b6K5Bgt2dakV+RycJNl5XvqXiTvh/Yfa40U/ 7XzE+pH6/QULkwRX68XbRpKnnIen3lxJ7dAT9jmd+U2xSOcL38vWmQb3oFY38SbM /JJZywrt0+oxIEJ4TlDXynA1MoaPA30z3IR4ZAFzQYlSCTjv3Is= =XHyP -----END PGP SIGNATURE-----

7 years, 1 month

2
1
0 0

Re: Patch "audit: Fix extended comparison of GID/EGID" has been added to the 4.18-stable tree

by Ondrej Mosnacek

Hi, On Sat, Sep 29, 2018 at 2:10 PM <gregkh(a)linuxfoundation.org> wrote: > This is a note to let you know that I've just added the patch titled > > audit: Fix extended comparison of GID/EGID > > to the 4.18-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > audit-fix-extended-comparison-of-gid-egid.patch > and it can be found in the queue-4.18 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. IIRC Paul didn't want this patch to go to stable (he asked me to remove the Cc: stable@... line), since the bug has been there for a long time and any user affected by it either doesn't care or might actually (maybe unknowingly) rely on it. I still kept the Fixes: line so it is clear which commit introduced the bug. Paul, any comments? In any case, if you decide to push this patch into stable (note that it is queued also for 4.14, 4.9, 4.4, and 3.18), then make sure to include also commit 4b09791ba059 ("cred: conditionally declare groups-related functions") to avoid build errors with CONFIG_MULTIUSER=n and CONFIG_AUDIT_SYSCALL=y. It is a non-functional commit for the rest of the kernel. > > > From foo@baz Sat Sep 29 04:24:28 PDT 2018 > From: "Ondrej Mosnáček" <omosnace(a)redhat.com> > Date: Tue, 5 Jun 2018 11:00:10 +0200 > Subject: audit: Fix extended comparison of GID/EGID > > From: "Ondrej Mosnáček" <omosnace(a)redhat.com> > > [ Upstream commit af85d1772e31fed34165a1b3decef340cf4080c0 ] > > The audit_filter_rules() function in auditsc.c used the in_[e]group_p() > functions to check GID/EGID match, but these functions use the current > task's credentials, while the comparison should use the credentials of > the task given to audit_filter_rules() as a parameter (tsk). > > Note that we can use group_search(cred->group_info, ...) as a > replacement for both in_group_p and in_egroup_p as these functions only > compare the parameter to cred->fsgid/egid and then call group_search. > > In fact, the usage of in_group_p was even more incorrect: it compares to > cred->fsgid (which is usually equal to cred->egid) and not cred->gid. > > GitHub issue: > https://github.com/linux-audit/audit-kernel/issues/82 > > Fixes: 37eebe39c973 ("audit: improve GID/EGID comparation logic") > Signed-off-by: Ondrej Mosnacek <omosnace(a)redhat.com> > Signed-off-by: Paul Moore <paul(a)paul-moore.com> > Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> > Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> > --- > kernel/auditsc.c | 8 ++++---- > 1 file changed, 4 insertions(+), 4 deletions(-) > > --- a/kernel/auditsc.c > +++ b/kernel/auditsc.c > @@ -494,20 +494,20 @@ static int audit_filter_rules(struct tas > result = audit_gid_comparator(cred->gid, f->op, f->gid); > if (f->op == Audit_equal) { > if (!result) > - result = in_group_p(f->gid); > + result = groups_search(cred->group_info, f->gid); > } else if (f->op == Audit_not_equal) { > if (result) > - result = !in_group_p(f->gid); > + result = !groups_search(cred->group_info, f->gid); > } > break; > case AUDIT_EGID: > result = audit_gid_comparator(cred->egid, f->op, f->gid); > if (f->op == Audit_equal) { > if (!result) > - result = in_egroup_p(f->gid); > + result = groups_search(cred->group_info, f->gid); > } else if (f->op == Audit_not_equal) { > if (result) > - result = !in_egroup_p(f->gid); > + result = !groups_search(cred->group_info, f->gid); > } > break; > case AUDIT_SGID: > > > Patches currently in stable-queue which might be from omosnace(a)redhat.com are > > queue-4.18/audit-fix-extended-comparison-of-gid-egid.patch Thanks, -- Ondrej Mosnacek <omosnace at redhat dot com> Associate Software Engineer, Security Technologies Red Hat, Inc.

7 years, 1 month

3
2
0 0

Please apply "ext4: verify the depth of extent tree in ext4_find_extent()" to 3.18.y

by Greg Hackmann

bc890a602471 ("ext4: verify the depth of extent tree in ext4_find_extent()") fixes a potential buffer overrun when mounting corrupted ext4 filesystems. It was taken into 4.4.y and later but not 3.18.y, probably because it doesn't build as-is against 3.18. Ben Hutchings has a backport in the latest 3.16.y release (09999807edd8) which would work for 3.18.y too.

7 years, 1 month

2
1
0 0

[PATCH v4.9.y] ext4: never move the system.data xattr out of the inode body

by Guenter Roeck

From: Theodore Ts'o <tytso(a)mit.edu> commit 8cdb5240ec5928b20490a2bb34cb87e9a5f40226 upstream. When expanding the extra isize space, we must never move the system.data xattr out of the inode body. For performance reasons, it doesn't make any sense, and the inline data implementation assumes that system.data xattr is never in the external xattr block. This addresses CVE-2018-10880 https://bugzilla.kernel.org/show_bug.cgi?id=200005 Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Cc: stable(a)kernel.org [groeck: Context changes] Signed-off-by: Guenter Roeck <linux(a)roeck-us.net> --- I thought the 4.4.y backport should apply, but I think it doesn't after all. This backport applies to v4.9.y. fs/ext4/xattr.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c index fdcbe0f2814f..c19c96840480 100644 --- a/fs/ext4/xattr.c +++ b/fs/ext4/xattr.c @@ -1426,6 +1426,11 @@ static int ext4_xattr_make_inode_space(handle_t *handle, struct inode *inode, last = IFIRST(header); /* Find the entry best suited to be pushed into EA block */ for (; !IS_LAST_ENTRY(last); last = EXT4_XATTR_NEXT(last)) { + /* never move system.data out of the inode */ + if ((last->e_name_len == 4) && + (last->e_name_index == EXT4_XATTR_INDEX_SYSTEM) && + !memcmp(last->e_name, "data", 4)) + continue; total_size = EXT4_XATTR_SIZE(le32_to_cpu(last->e_value_size)) + EXT4_XATTR_LEN(last->e_name_len); -- 2.7.4

7 years, 1 month

3
2
0 0

FAILED: patch "[PATCH] arm64: KVM: Sanitize PSTATE.M when being set from userspace" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 2a3f93459d689d990b3ecfbe782fec89b97d3279 Mon Sep 17 00:00:00 2001 From: Marc Zyngier <marc.zyngier(a)arm.com> Date: Thu, 27 Sep 2018 16:53:22 +0100 Subject: [PATCH] arm64: KVM: Sanitize PSTATE.M when being set from userspace Not all execution modes are valid for a guest, and some of them depend on what the HW actually supports. Let's verify that what userspace provides is compatible with both the VM settings and the HW capabilities. Cc: <stable(a)vger.kernel.org> Fixes: 0d854a60b1d7 ("arm64: KVM: enable initialization of a 32bit vcpu") Reviewed-by: Christoffer Dall <christoffer.dall(a)arm.com> Reviewed-by: Mark Rutland <mark.rutland(a)arm.com> Reviewed-by: Dave Martin <Dave.Martin(a)arm.com> Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> diff --git a/arch/arm64/kvm/guest.c b/arch/arm64/kvm/guest.c index 3088463bafc1..a6c9fbaeaefc 100644 --- a/arch/arm64/kvm/guest.c +++ b/arch/arm64/kvm/guest.c @@ -152,17 +152,25 @@ static int set_core_reg(struct kvm_vcpu *vcpu, const struct kvm_one_reg *reg) } if (off == KVM_REG_ARM_CORE_REG(regs.pstate)) { - u32 mode = (*(u32 *)valp) & PSR_AA32_MODE_MASK; + u64 mode = (*(u64 *)valp) & PSR_AA32_MODE_MASK; switch (mode) { case PSR_AA32_MODE_USR: + if (!system_supports_32bit_el0()) + return -EINVAL; + break; case PSR_AA32_MODE_FIQ: case PSR_AA32_MODE_IRQ: case PSR_AA32_MODE_SVC: case PSR_AA32_MODE_ABT: case PSR_AA32_MODE_UND: + if (!vcpu_el1_is_32bit(vcpu)) + return -EINVAL; + break; case PSR_MODE_EL0t: case PSR_MODE_EL1t: case PSR_MODE_EL1h: + if (vcpu_el1_is_32bit(vcpu)) + return -EINVAL; break; default: err = -EINVAL;

7 years, 1 month

1
0
0 0

FAILED: patch "[PATCH] arm64: KVM: Sanitize PSTATE.M when being set from userspace" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 2a3f93459d689d990b3ecfbe782fec89b97d3279 Mon Sep 17 00:00:00 2001 From: Marc Zyngier <marc.zyngier(a)arm.com> Date: Thu, 27 Sep 2018 16:53:22 +0100 Subject: [PATCH] arm64: KVM: Sanitize PSTATE.M when being set from userspace Not all execution modes are valid for a guest, and some of them depend on what the HW actually supports. Let's verify that what userspace provides is compatible with both the VM settings and the HW capabilities. Cc: <stable(a)vger.kernel.org> Fixes: 0d854a60b1d7 ("arm64: KVM: enable initialization of a 32bit vcpu") Reviewed-by: Christoffer Dall <christoffer.dall(a)arm.com> Reviewed-by: Mark Rutland <mark.rutland(a)arm.com> Reviewed-by: Dave Martin <Dave.Martin(a)arm.com> Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> diff --git a/arch/arm64/kvm/guest.c b/arch/arm64/kvm/guest.c index 3088463bafc1..a6c9fbaeaefc 100644 --- a/arch/arm64/kvm/guest.c +++ b/arch/arm64/kvm/guest.c @@ -152,17 +152,25 @@ static int set_core_reg(struct kvm_vcpu *vcpu, const struct kvm_one_reg *reg) } if (off == KVM_REG_ARM_CORE_REG(regs.pstate)) { - u32 mode = (*(u32 *)valp) & PSR_AA32_MODE_MASK; + u64 mode = (*(u64 *)valp) & PSR_AA32_MODE_MASK; switch (mode) { case PSR_AA32_MODE_USR: + if (!system_supports_32bit_el0()) + return -EINVAL; + break; case PSR_AA32_MODE_FIQ: case PSR_AA32_MODE_IRQ: case PSR_AA32_MODE_SVC: case PSR_AA32_MODE_ABT: case PSR_AA32_MODE_UND: + if (!vcpu_el1_is_32bit(vcpu)) + return -EINVAL; + break; case PSR_MODE_EL0t: case PSR_MODE_EL1t: case PSR_MODE_EL1h: + if (vcpu_el1_is_32bit(vcpu)) + return -EINVAL; break; default: err = -EINVAL;

7 years, 1 month

1
0
0 0

FAILED: patch "[PATCH] arm64: KVM: Sanitize PSTATE.M when being set from userspace" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 2a3f93459d689d990b3ecfbe782fec89b97d3279 Mon Sep 17 00:00:00 2001 From: Marc Zyngier <marc.zyngier(a)arm.com> Date: Thu, 27 Sep 2018 16:53:22 +0100 Subject: [PATCH] arm64: KVM: Sanitize PSTATE.M when being set from userspace Not all execution modes are valid for a guest, and some of them depend on what the HW actually supports. Let's verify that what userspace provides is compatible with both the VM settings and the HW capabilities. Cc: <stable(a)vger.kernel.org> Fixes: 0d854a60b1d7 ("arm64: KVM: enable initialization of a 32bit vcpu") Reviewed-by: Christoffer Dall <christoffer.dall(a)arm.com> Reviewed-by: Mark Rutland <mark.rutland(a)arm.com> Reviewed-by: Dave Martin <Dave.Martin(a)arm.com> Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> diff --git a/arch/arm64/kvm/guest.c b/arch/arm64/kvm/guest.c index 3088463bafc1..a6c9fbaeaefc 100644 --- a/arch/arm64/kvm/guest.c +++ b/arch/arm64/kvm/guest.c @@ -152,17 +152,25 @@ static int set_core_reg(struct kvm_vcpu *vcpu, const struct kvm_one_reg *reg) } if (off == KVM_REG_ARM_CORE_REG(regs.pstate)) { - u32 mode = (*(u32 *)valp) & PSR_AA32_MODE_MASK; + u64 mode = (*(u64 *)valp) & PSR_AA32_MODE_MASK; switch (mode) { case PSR_AA32_MODE_USR: + if (!system_supports_32bit_el0()) + return -EINVAL; + break; case PSR_AA32_MODE_FIQ: case PSR_AA32_MODE_IRQ: case PSR_AA32_MODE_SVC: case PSR_AA32_MODE_ABT: case PSR_AA32_MODE_UND: + if (!vcpu_el1_is_32bit(vcpu)) + return -EINVAL; + break; case PSR_MODE_EL0t: case PSR_MODE_EL1t: case PSR_MODE_EL1h: + if (vcpu_el1_is_32bit(vcpu)) + return -EINVAL; break; default: err = -EINVAL;

7 years, 1 month

1
0
0 0

FAILED: patch "[PATCH] arm64: KVM: Sanitize PSTATE.M when being set from userspace" failed to apply to 4.18-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.18-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 2a3f93459d689d990b3ecfbe782fec89b97d3279 Mon Sep 17 00:00:00 2001 From: Marc Zyngier <marc.zyngier(a)arm.com> Date: Thu, 27 Sep 2018 16:53:22 +0100 Subject: [PATCH] arm64: KVM: Sanitize PSTATE.M when being set from userspace Not all execution modes are valid for a guest, and some of them depend on what the HW actually supports. Let's verify that what userspace provides is compatible with both the VM settings and the HW capabilities. Cc: <stable(a)vger.kernel.org> Fixes: 0d854a60b1d7 ("arm64: KVM: enable initialization of a 32bit vcpu") Reviewed-by: Christoffer Dall <christoffer.dall(a)arm.com> Reviewed-by: Mark Rutland <mark.rutland(a)arm.com> Reviewed-by: Dave Martin <Dave.Martin(a)arm.com> Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> diff --git a/arch/arm64/kvm/guest.c b/arch/arm64/kvm/guest.c index 3088463bafc1..a6c9fbaeaefc 100644 --- a/arch/arm64/kvm/guest.c +++ b/arch/arm64/kvm/guest.c @@ -152,17 +152,25 @@ static int set_core_reg(struct kvm_vcpu *vcpu, const struct kvm_one_reg *reg) } if (off == KVM_REG_ARM_CORE_REG(regs.pstate)) { - u32 mode = (*(u32 *)valp) & PSR_AA32_MODE_MASK; + u64 mode = (*(u64 *)valp) & PSR_AA32_MODE_MASK; switch (mode) { case PSR_AA32_MODE_USR: + if (!system_supports_32bit_el0()) + return -EINVAL; + break; case PSR_AA32_MODE_FIQ: case PSR_AA32_MODE_IRQ: case PSR_AA32_MODE_SVC: case PSR_AA32_MODE_ABT: case PSR_AA32_MODE_UND: + if (!vcpu_el1_is_32bit(vcpu)) + return -EINVAL; + break; case PSR_MODE_EL0t: case PSR_MODE_EL1t: case PSR_MODE_EL1h: + if (vcpu_el1_is_32bit(vcpu)) + return -EINVAL; break; default: err = -EINVAL;

7 years, 1 month

1
0
0 0

v4.14 stable backport request

by Jani Nikula

On Tue, 02 Oct 2018, "Zhang, Owen" <owen.zhang(a)intel.com> wrote: > Could you help to give any suggestions on this? Thanks very much. Greg, Stable team, Please backport upstream commit 010e3e68cd9c ("drm/i915: Remove vma from object on destroy, not close") to v4.14. It fixes a previously backported commit: Fixes: 6209cb514d97 ("drm/i915: Flush pending GTT writes before unbinding") Thanks, Jani. -- Jani Nikula, Intel Open Source Graphics Center

7 years, 1 month

2
1
0 0

[PATCH 1/2] MIPS: memset: Fix CPU_DADDI_WORKAROUNDS `small_fixup' regression

by Maciej W. Rozycki

Fix a commit 8a8158c85e1e ("MIPS: memset.S: EVA & fault support for small_memset") regression and remove assembly warnings: arch/mips/lib/memset.S: Assembler messages: arch/mips/lib/memset.S:243: Warning: Macro instruction expanded into multiple instructions in a branch delay slot triggering with the CPU_DADDI_WORKAROUNDS option set and this code: PTR_SUBU a2, t1, a0 jr ra PTR_ADDIU a2, 1 This is because with that option in place the DADDIU instruction, which the PTR_ADDIU CPP macro expands to, becomes a GAS macro, which in turn expands to an LI/DADDU (or actually ADDIU/DADDU) sequence: 13c: 01a4302f dsubu a2,t1,a0 140: 03e00008 jr ra 144: 24010001 li at,1 148: 00c1302d daddu a2,a2,at ... Correct this by switching off the `noreorder' assembly mode and letting GAS schedule this jump's delay slot, as there is nothing special about it that would require manual scheduling. With this change in place correct code is produced: 13c: 01a4302f dsubu a2,t1,a0 140: 24010001 li at,1 144: 03e00008 jr ra 148: 00c1302d daddu a2,a2,at ... Signed-off-by: Maciej W. Rozycki <macro(a)linux-mips.org> Fixes: 8a8158c85e1e ("MIPS: memset.S: EVA & fault support for small_memset") Cc: stable(a)vger.kernel.org # 4.17+ --- arch/mips/lib/memset.S | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) linux-mips-memset-jr-ra-nodaddi-fix.patch Index: linux-20180930-3maxp-defconfig/arch/mips/lib/memset.S =================================================================== --- linux-20180930-3maxp-defconfig.orig/arch/mips/lib/memset.S +++ linux-20180930-3maxp-defconfig/arch/mips/lib/memset.S @@ -280,9 +280,11 @@ * unset_bytes = end_addr - current_addr + 1 * a2 = t1 - a0 + 1 */ + .set reorder PTR_SUBU a2, t1, a0 + PTR_ADDIU a2, 1 jr ra - PTR_ADDIU a2, 1 + .set noreorder .endm

7 years, 1 month

1
0
0 0

patch "iio: ad5064: Fix regulator handling" added to staging-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: ad5064: Fix regulator handling to my staging git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git in the staging-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the staging-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. >From 8911a43bc198877fad9f4b0246a866b26bb547ab Mon Sep 17 00:00:00 2001 From: Lars-Peter Clausen <lars(a)metafoo.de> Date: Fri, 28 Sep 2018 11:23:40 +0200 Subject: iio: ad5064: Fix regulator handling The correct way to handle errors returned by regualtor_get() and friends is to propagate the error since that means that an regulator was specified, but something went wrong when requesting it. For handling optional regulators, e.g. when the device has an internal vref, regulator_get_optional() should be used to avoid getting the dummy regulator that the regulator core otherwise provides. Signed-off-by: Lars-Peter Clausen <lars(a)metafoo.de> Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/dac/ad5064.c | 53 ++++++++++++++++++++++++++++------------ 1 file changed, 38 insertions(+), 15 deletions(-) diff --git a/drivers/iio/dac/ad5064.c b/drivers/iio/dac/ad5064.c index bf4fc40ec84d..2f98cb2a3b96 100644 --- a/drivers/iio/dac/ad5064.c +++ b/drivers/iio/dac/ad5064.c @@ -808,6 +808,40 @@ static int ad5064_set_config(struct ad5064_state *st, unsigned int val) return ad5064_write(st, cmd, 0, val, 0); } +static int ad5064_request_vref(struct ad5064_state *st, struct device *dev) +{ + unsigned int i; + int ret; + + for (i = 0; i < ad5064_num_vref(st); ++i) + st->vref_reg[i].supply = ad5064_vref_name(st, i); + + if (!st->chip_info->internal_vref) + return devm_regulator_bulk_get(dev, ad5064_num_vref(st), + st->vref_reg); + + /* + * This assumes that when the regulator has an internal VREF + * there is only one external VREF connection, which is + * currently the case for all supported devices. + */ + st->vref_reg[0].consumer = devm_regulator_get_optional(dev, "vref"); + if (!IS_ERR(st->vref_reg[0].consumer)) + return 0; + + ret = PTR_ERR(st->vref_reg[0].consumer); + if (ret != -ENODEV) + return ret; + + /* If no external regulator was supplied use the internal VREF */ + st->use_internal_vref = true; + ret = ad5064_set_config(st, AD5064_CONFIG_INT_VREF_ENABLE); + if (ret) + dev_err(dev, "Failed to enable internal vref: %d\n", ret); + + return ret; +} + static int ad5064_probe(struct device *dev, enum ad5064_type type, const char *name, ad5064_write_func write) { @@ -828,22 +862,11 @@ static int ad5064_probe(struct device *dev, enum ad5064_type type, st->dev = dev; st->write = write; - for (i = 0; i < ad5064_num_vref(st); ++i) - st->vref_reg[i].supply = ad5064_vref_name(st, i); + ret = ad5064_request_vref(st, dev); + if (ret) + return ret; - ret = devm_regulator_bulk_get(dev, ad5064_num_vref(st), - st->vref_reg); - if (ret) { - if (!st->chip_info->internal_vref) - return ret; - st->use_internal_vref = true; - ret = ad5064_set_config(st, AD5064_CONFIG_INT_VREF_ENABLE); - if (ret) { - dev_err(dev, "Failed to enable internal vref: %d\n", - ret); - return ret; - } - } else { + if (!st->use_internal_vref) { ret = regulator_bulk_enable(ad5064_num_vref(st), st->vref_reg); if (ret) return ret; -- 2.19.0

7 years, 1 month

1
0
0 0

patch "iio: adc: at91: fix wrong channel number in triggered buffer mode" added to staging-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: adc: at91: fix wrong channel number in triggered buffer mode to my staging git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git in the staging-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the staging-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. >From aea835f2dc8a682942b859179c49ad1841a6c8b9 Mon Sep 17 00:00:00 2001 From: Eugen Hristev <eugen.hristev(a)microchip.com> Date: Mon, 24 Sep 2018 10:51:44 +0300 Subject: iio: adc: at91: fix wrong channel number in triggered buffer mode When channels are registered, the hardware channel number is not the actual iio channel number. This is because the driver is probed with a certain number of accessible channels. Some pins are routed and some not, depending on the description of the board in the DT. Because of that, channels 0,1,2,3 can correspond to hardware channels 2,3,4,5 for example. In the buffered triggered case, we need to do the translation accordingly. Fixed the channel number to stop reading the wrong channel. Fixes: 0e589d5fb ("ARM: AT91: IIO: Add AT91 ADC driver.") Cc: Maxime Ripard <maxime.ripard(a)bootlin.com> Signed-off-by: Eugen Hristev <eugen.hristev(a)microchip.com> Acked-by: Ludovic Desroches <ludovic.desroches(a)microchip.com> Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/adc/at91_adc.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/iio/adc/at91_adc.c b/drivers/iio/adc/at91_adc.c index e3be88e7192c..75d2f73582a3 100644 --- a/drivers/iio/adc/at91_adc.c +++ b/drivers/iio/adc/at91_adc.c @@ -248,12 +248,14 @@ static irqreturn_t at91_adc_trigger_handler(int irq, void *p) struct iio_poll_func *pf = p; struct iio_dev *idev = pf->indio_dev; struct at91_adc_state *st = iio_priv(idev); + struct iio_chan_spec const *chan; int i, j = 0; for (i = 0; i < idev->masklength; i++) { if (!test_bit(i, idev->active_scan_mask)) continue; - st->buffer[j] = at91_adc_readl(st, AT91_ADC_CHAN(st, i)); + chan = idev->channels + i; + st->buffer[j] = at91_adc_readl(st, AT91_ADC_CHAN(st, chan->channel)); j++; } -- 2.19.0

7 years, 1 month

1
0
0 0

patch "iio: adc: at91: fix acking DRDY irq on simple conversions" added to staging-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: adc: at91: fix acking DRDY irq on simple conversions to my staging git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git in the staging-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the staging-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. >From bc1b45326223e7e890053cf6266357adfa61942d Mon Sep 17 00:00:00 2001 From: Eugen Hristev <eugen.hristev(a)microchip.com> Date: Mon, 24 Sep 2018 10:51:43 +0300 Subject: iio: adc: at91: fix acking DRDY irq on simple conversions When doing simple conversions, the driver did not acknowledge the DRDY irq. If this irq status is not acked, it will be left pending, and as soon as a trigger is enabled, the irq handler will be called, it doesn't know why this status has occurred because no channel is pending, and then it will go int a irq loop and board will hang. To avoid this situation, read the LCDR after a raw conversion is done. Fixes: 0e589d5fb ("ARM: AT91: IIO: Add AT91 ADC driver.") Cc: Maxime Ripard <maxime.ripard(a)bootlin.com> Signed-off-by: Eugen Hristev <eugen.hristev(a)microchip.com> Acked-by: Ludovic Desroches <ludovic.desroches(a)microchip.com> Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/adc/at91_adc.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/iio/adc/at91_adc.c b/drivers/iio/adc/at91_adc.c index 44b516863c9d..e3be88e7192c 100644 --- a/drivers/iio/adc/at91_adc.c +++ b/drivers/iio/adc/at91_adc.c @@ -279,6 +279,8 @@ static void handle_adc_eoc_trigger(int irq, struct iio_dev *idev) iio_trigger_poll(idev->trig); } else { st->last_value = at91_adc_readl(st, AT91_ADC_CHAN(st, st->chnb)); + /* Needed to ACK the DRDY interruption */ + at91_adc_readl(st, AT91_ADC_LCDR); st->done = true; wake_up_interruptible(&st->wq_data_avail); } -- 2.19.0

7 years, 1 month

1
0
0 0

patch "iio: adc: imx25-gcq: Fix leak of device_node in mx25_gcq_setup_cfgs()" added to staging-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: adc: imx25-gcq: Fix leak of device_node in mx25_gcq_setup_cfgs() to my staging git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git in the staging-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the staging-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. >From d3fa21c73c391975488818b085b894c2980ea052 Mon Sep 17 00:00:00 2001 From: Alexey Khoroshilov <khoroshilov(a)ispras.ru> Date: Sat, 22 Sep 2018 00:58:02 +0300 Subject: iio: adc: imx25-gcq: Fix leak of device_node in mx25_gcq_setup_cfgs() Leaving for_each_child_of_node loop we should release child device node, if it is not stored for future use. Found by Linux Driver Verification project (linuxtesting.org). JC: I'm not sending this as a quick fix as it's been wrong for years, but good to pick up for stable after the merge window. Signed-off-by: Alexey Khoroshilov <khoroshilov(a)ispras.ru> Fixes: 6df2e98c3ea56 ("iio: adc: Add imx25-gcq ADC driver") Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/adc/fsl-imx25-gcq.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/iio/adc/fsl-imx25-gcq.c b/drivers/iio/adc/fsl-imx25-gcq.c index ea264fa9e567..929c617db364 100644 --- a/drivers/iio/adc/fsl-imx25-gcq.c +++ b/drivers/iio/adc/fsl-imx25-gcq.c @@ -209,12 +209,14 @@ static int mx25_gcq_setup_cfgs(struct platform_device *pdev, ret = of_property_read_u32(child, "reg", &reg); if (ret) { dev_err(dev, "Failed to get reg property\n"); + of_node_put(child); return ret; } if (reg >= MX25_NUM_CFGS) { dev_err(dev, "reg value is greater than the number of available configuration registers\n"); + of_node_put(child); return -EINVAL; } @@ -228,6 +230,7 @@ static int mx25_gcq_setup_cfgs(struct platform_device *pdev, if (IS_ERR(priv->vref[refp])) { dev_err(dev, "Error, trying to use external voltage reference without a vref-%s regulator.", mx25_gcq_refp_names[refp]); + of_node_put(child); return PTR_ERR(priv->vref[refp]); } priv->channel_vref_mv[reg] = @@ -240,6 +243,7 @@ static int mx25_gcq_setup_cfgs(struct platform_device *pdev, break; default: dev_err(dev, "Invalid positive reference %d\n", refp); + of_node_put(child); return -EINVAL; } @@ -254,10 +258,12 @@ static int mx25_gcq_setup_cfgs(struct platform_device *pdev, if ((refp & MX25_ADCQ_CFG_REFP_MASK) != refp) { dev_err(dev, "Invalid fsl,adc-refp property value\n"); + of_node_put(child); return -EINVAL; } if ((refn & MX25_ADCQ_CFG_REFN_MASK) != refn) { dev_err(dev, "Invalid fsl,adc-refn property value\n"); + of_node_put(child); return -EINVAL; } -- 2.19.0

7 years, 1 month

1
0
0 0

[PATCH 1/2] rtc: cmos: Fix non-ACPI undefined reference to `hpet_rtc_interrupt'

by Maciej W. Rozycki

Fix a commit 311ee9c151ad ("rtc: cmos: allow using ACPI for RTC alarm instead of HPET") `rtc-cmos' regression causing a link error: drivers/rtc/rtc-cmos.o: In function `cmos_platform_probe': rtc-cmos.c:(.init.text+0x33c): undefined reference to `hpet_rtc_interrupt' rtc-cmos.c:(.init.text+0x3f4): undefined reference to `hpet_rtc_interrupt' with non-ACPI platforms using this driver. The cause is the change of the condition guarding the use of `hpet_rtc_interrupt'. Previously it was a call to `is_hpet_enabled'. That function is static inline and has a hardcoded 0 result for non-ACPI platforms, which imply !HPET_EMULATE_RTC. Consequently the compiler optimized the whole block away including the reference to `hpet_rtc_interrupt', which never made it to the link stage. Now the guarding condition is a call to `use_hpet_alarm', which is not static inline and therefore the compiler may not be able to prove that it actually always returns 0 for non-ACPI platforms. Consequently the build breaks with an unsatisfied reference, because `hpet_rtc_interrupt' is nowhere defined at link time. Fix the problem by marking `use_hpet_alarm' inline. As the `inline' keyword serves as an optimization hint rather than a requirement the compiler is still free to choose whether inlining will be beneficial or not for ACPI platforms. Signed-off-by: Maciej W. Rozycki <macro(a)linux-mips.org> Fixes: 311ee9c151ad ("rtc: cmos: allow using ACPI for RTC alarm instead of HPET") Cc: stable(a)vger.kernel.org # 4.18+ --- drivers/rtc/rtc-cmos.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) linux-rtc-cmos-use-hpet-alarm-inline.diff Index: linux-20180812-4maxp64/drivers/rtc/rtc-cmos.c =================================================================== --- linux-20180812-4maxp64.orig/drivers/rtc/rtc-cmos.c +++ linux-20180812-4maxp64/drivers/rtc/rtc-cmos.c @@ -167,7 +167,7 @@ static inline int hpet_unregister_irq_ha #endif /* Don't use HPET for RTC Alarm event if ACPI Fixed event is used */ -static int use_hpet_alarm(void) +static inline int use_hpet_alarm(void) { return is_hpet_enabled() && !use_acpi_alarm; }

7 years, 1 month

1
0
0 0

patch "usb: xhci-mtk: resume USB3 roothub first" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: xhci-mtk: resume USB3 roothub first to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 555df5820e733cded7eb8d0bf78b2a791be51d75 Mon Sep 17 00:00:00 2001 From: Chunfeng Yun <chunfeng.yun(a)mediatek.com> Date: Mon, 1 Oct 2018 18:36:08 +0300 Subject: usb: xhci-mtk: resume USB3 roothub first Give USB3 devices a better chance to enumerate at USB3 speeds if they are connected to a suspended host. Porting from "671ffdff5b13 xhci: resume USB 3 roothub first" Cc: <stable(a)vger.kernel.org> Signed-off-by: Chunfeng Yun <chunfeng.yun(a)mediatek.com> Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/host/xhci-mtk.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/usb/host/xhci-mtk.c b/drivers/usb/host/xhci-mtk.c index 7334da9e9779..71d0d33c3286 100644 --- a/drivers/usb/host/xhci-mtk.c +++ b/drivers/usb/host/xhci-mtk.c @@ -642,10 +642,10 @@ static int __maybe_unused xhci_mtk_resume(struct device *dev) xhci_mtk_host_enable(mtk); xhci_dbg(xhci, "%s: restart port polling\n", __func__); - set_bit(HCD_FLAG_POLL_RH, &hcd->flags); - usb_hcd_poll_rh_status(hcd); set_bit(HCD_FLAG_POLL_RH, &xhci->shared_hcd->flags); usb_hcd_poll_rh_status(xhci->shared_hcd); + set_bit(HCD_FLAG_POLL_RH, &hcd->flags); + usb_hcd_poll_rh_status(hcd); return 0; } -- 2.19.0

7 years, 1 month

1
0
0 0

patch "usb: cdc_acm: Do not leak URB buffers" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: cdc_acm: Do not leak URB buffers to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From f2924d4b16ae138c2de6a0e73f526fb638330858 Mon Sep 17 00:00:00 2001 From: Romain Izard <romain.izard.pro(a)gmail.com> Date: Thu, 20 Sep 2018 16:49:04 +0200 Subject: usb: cdc_acm: Do not leak URB buffers When the ACM TTY port is disconnected, the URBs it uses must be killed, and then the buffers must be freed. Unfortunately a previous refactor removed the code freeing the buffers because it looked extremely similar to the code killing the URBs. As a result, there were many new leaks for each plug/unplug cycle of a CDC-ACM device, that were detected by kmemleak. Restore the missing code, and the memory leak is removed. Fixes: ba8c931ded8d ("cdc-acm: refactor killing urbs") Signed-off-by: Romain Izard <romain.izard.pro(a)gmail.com> Acked-by: Oliver Neukum <oneukum(a)suse.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/class/cdc-acm.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c index f9b40a9dc4d3..bc03b0a690b4 100644 --- a/drivers/usb/class/cdc-acm.c +++ b/drivers/usb/class/cdc-acm.c @@ -1514,6 +1514,7 @@ static void acm_disconnect(struct usb_interface *intf) { struct acm *acm = usb_get_intfdata(intf); struct tty_struct *tty; + int i; /* sibling interface is already cleaning up */ if (!acm) @@ -1544,6 +1545,11 @@ static void acm_disconnect(struct usb_interface *intf) tty_unregister_device(acm_tty_driver, acm->minor); + usb_free_urb(acm->ctrlurb); + for (i = 0; i < ACM_NW; i++) + usb_free_urb(acm->wb[i].urb); + for (i = 0; i < acm->rx_buflimit; i++) + usb_free_urb(acm->read_urbs[i]); acm_write_buffers_free(acm); usb_free_coherent(acm->dev, acm->ctrlsize, acm->ctrl_buffer, acm->ctrl_dma); acm_read_buffers_free(acm); -- 2.19.0

7 years, 1 month

1
0
0 0

patch "xhci: Add missing CAS workaround for Intel Sunrise Point xHCI" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled xhci: Add missing CAS workaround for Intel Sunrise Point xHCI to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From ffe84e01bb1b38c7eb9c6b6da127a6c136d251df Mon Sep 17 00:00:00 2001 From: Mathias Nyman <mathias.nyman(a)linux.intel.com> Date: Mon, 1 Oct 2018 18:36:07 +0300 Subject: xhci: Add missing CAS workaround for Intel Sunrise Point xHCI The workaround for missing CAS bit is also needed for xHC on Intel sunrisepoint PCH. For more details see: Intel 100/c230 series PCH specification update Doc #332692-006 Errata #8 Cc: <stable(a)vger.kernel.org> Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/host/xhci-pci.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/usb/host/xhci-pci.c b/drivers/usb/host/xhci-pci.c index 6372edf339d9..722860eb5a91 100644 --- a/drivers/usb/host/xhci-pci.c +++ b/drivers/usb/host/xhci-pci.c @@ -185,6 +185,8 @@ static void xhci_pci_quirks(struct device *dev, struct xhci_hcd *xhci) } if (pdev->vendor == PCI_VENDOR_ID_INTEL && (pdev->device == PCI_DEVICE_ID_INTEL_CHERRYVIEW_XHCI || + pdev->device == PCI_DEVICE_ID_INTEL_SUNRISEPOINT_LP_XHCI || + pdev->device == PCI_DEVICE_ID_INTEL_SUNRISEPOINT_H_XHCI || pdev->device == PCI_DEVICE_ID_INTEL_APL_XHCI || pdev->device == PCI_DEVICE_ID_INTEL_DNV_XHCI)) xhci->quirks |= XHCI_MISSING_CAS; -- 2.19.0

7 years, 1 month

1
0
0 0

[GIT PULL] commits for Linux 3.18

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 3.18 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 921b2fed6a79439ef1609ef4af0ada5cccb3555c: Linux 3.18.123 (2018-09-26 08:33:59 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-3.18-01102018 for you to fetch changes up to 220ede8ef5c1c764d077de976d0b7ce60b86c4f3: hwmon: (adt7475) Make adt7475_read_word() return errors (2018-09-28 10:14:53 -0400) - ---------------------------------------------------------------- for-greg-3.18-01102018 - ---------------------------------------------------------------- Anson Huang (1): thermal: of-thermal: disable passive polling when thermal zone is disabled Bo Chen (2): e1000: check on netif_running() before calling e1000_up() e1000: ensure to free old tx/rx rings in set_ringparam() Dan Carpenter (1): hwmon: (adt7475) Make adt7475_read_word() return errors drivers/hwmon/adt7475.c | 14 +++++++++----- drivers/net/ethernet/intel/e1000/e1000_ethtool.c | 7 ++++--- drivers/thermal/of-thermal.c | 7 +++++-- 3 files changed, 18 insertions(+), 10 deletions(-) -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAluywrYACgkQ3qZv95d3 LNxWXQ/+LF1zsw1943J5rWDPiFC1Qeqgaq/eagAMvrMDoSNdpqUdw9aetBs+UebM npHU20jGw5yhT8Ki7iGoOIgeZaWYIBKOwyGDULrUJ9jxWHM5TxSNc7LjIH6jUnUE S9Oiqlc4piqlzrkkasKbtBARhRORTg5HlCsYyp/+WtgMg6Ol8/HUBdP+gY2XB677 HpQLmaCkmD20gy/8l9rZ0Wx/gfojvwBp+GbRl72w+SuFjBxDsbIrU/J7qsJDWS6D nYEfgX9Q4+vCcppbKM5GntcfHvoTdOU3fCgCQJd4Jh/Ny5P9wUMyk3BgAejRML73 EgyUeOEodJamYJrCk11/bq/McSXcUZ8K/BpgAoonMP2wW6DZJuQ8usyYhNuE1sk3 0KHw0j0OQ1PHf9538qHrbxNo+dq5884vkOYjv5773lTzfw8Dn404yvUvhdST+oQU UjbZowPJZ0qaqa9nW3H38jiThBvwS/FTFi5T/72tVSSZM+Axvy85CkBxTDF/2ydw cy+0F/IunGS8iWu9ScrgWA58ceQrdrXS6OCa0hcKdlq6ViKJohPd8L2SWfLvJ73H +244bH1BjbAdp2Vc5hAHK9GgFsMFq4ClfQThnrGG5fFkVaV5+kCl2H0xdUR1nS4l /ZfZsfhTDqFdzliIWBPohhS8vOiR/pTHERU/tz26tLLwRZORFz4= =61PK -----END PGP SIGNATURE-----

7 years, 1 month

1
0
0 0

[GIT PULL] commits for Linux 4.4

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.4 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 9c6cd3f3a4b8194e82fa927bc00028c7a505e3b3: Linux 4.4.159 (2018-09-29 03:08:55 -0700) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.4-01102018 for you to fetch changes up to da69b4edceeef0612ed770171cba979b6fe6efb0: i2c: i801: Allow ACPI AML access I/O ports not reserved for SMBus (2018-09-29 13:01:12 -0400) - ---------------------------------------------------------------- for-greg-4.4-01102018 - ---------------------------------------------------------------- Anson Huang (1): thermal: of-thermal: disable passive polling when thermal zone is disabled Bo Chen (2): e1000: check on netif_running() before calling e1000_up() e1000: ensure to free old tx/rx rings in set_ringparam() Dan Carpenter (1): hwmon: (adt7475) Make adt7475_read_word() return errors Huazhong Tan (1): net: hns: fix length and page_offset overflow when CONFIG_ARM64_64K_PAGES Lothar Felten (1): hwmon: (ina2xx) fix sysfs shunt resistor read access Mika Westerberg (1): i2c: i801: Allow ACPI AML access I/O ports not reserved for SMBus Documentation/hwmon/ina2xx | 2 +- drivers/hwmon/adt7475.c | 14 +++++++++----- drivers/hwmon/ina2xx.c | 13 +++++++++++-- drivers/i2c/busses/i2c-i801.c | 9 ++++++++- drivers/net/ethernet/hisilicon/hns/hnae.h | 6 +++--- drivers/net/ethernet/intel/e1000/e1000_ethtool.c | 7 ++++--- drivers/thermal/of-thermal.c | 7 +++++-- include/linux/platform_data/ina2xx.h | 2 +- 8 files changed, 42 insertions(+), 18 deletions(-) -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAluywq8ACgkQ3qZv95d3 LNwckQ//egkChb4BsD2phGTiD5nqjse9byuXHfIMesKf9FhTFIBr3M9s+plBXdtQ 14pUFl5qYMQFIF0bZXPg6twd2D/x7rS//1QV0OVASSKE0W5wOr3E7XDna34/0ztj yiwUlcmWzUyPmJyB9O6J2/CK5q/5nhpJBvncVvoF4CWt8F9I9f3u0RJYQviLqjL/ PO2rx8wW4DOKta9lVQ6h6A1A8/O2zgvYy/tP9iiJdunk5ziuFYjquhaFTS55sqIp k6nQP63I52KCEBezSoUqNwJ+Rtcp5AVpXXdGbf9l42SsecoJiqySoP+PHKF7lOkQ udEKK0QORL4qA32s42bdtBIb/m6aBDrtAGIOeimlrOAsSwu3E+to0v9i6R5tSb3T 5ovQQPlcGGOIr8MXIv10tCO7zXlhlL+bpDNHPoZJiEBgub0WRBiwE5EMtiGBe3vM cr2gxHWwtF9dx2RSYnPAGcoqo9R9OmlkJaRJqvq3I03vCjg3G8/6HDeFdBoxlm1N Fn77ylMamuXyZNT/2bjNqZt7UMiVTCL+sFJvGxVOfpmSvb4Z4sgcDj2HkCGXkvRW R3reb80D69w+pG/clMO5fspe8nmy1BVfK7PkP6m6SD1p8Sf9XUgafX+P+bY8bMn2 qehMJVMNxw0V5PrhwPdAuCBhJOjH35Vp5RsJYyxqByyWN694RPk= =5jnL -----END PGP SIGNATURE-----

7 years, 1 month

1
0
0 0

[GIT PULL] commits for Linux 4.9

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.9 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 46f9f7c3c326389d5765c28f120fead6cc068e67: Linux 4.9.130 (2018-09-29 03:07:35 -0700) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.9-01102018 for you to fetch changes up to cc9aeaaefbea89c50d54ca193bfba32d7e66ba88: i2c: i801: Allow ACPI AML access I/O ports not reserved for SMBus (2018-09-29 13:01:07 -0400) - ---------------------------------------------------------------- for-greg-4.9-01102018 - ---------------------------------------------------------------- Anson Huang (1): thermal: of-thermal: disable passive polling when thermal zone is disabled Bo Chen (2): e1000: check on netif_running() before calling e1000_up() e1000: ensure to free old tx/rx rings in set_ringparam() Dan Carpenter (1): hwmon: (adt7475) Make adt7475_read_word() return errors Huazhong Tan (2): net: hns: fix length and page_offset overflow when CONFIG_ARM64_64K_PAGES net: hns: fix skb->truesize underestimation Lothar Felten (1): hwmon: (ina2xx) fix sysfs shunt resistor read access Marc Zyngier (2): arm/arm64: smccc-1.1: Make return values unsigned long arm/arm64: smccc-1.1: Handle function result as parameters Mika Westerberg (1): i2c: i801: Allow ACPI AML access I/O ports not reserved for SMBus Rex Zhu (2): drm/amdgpu: Enable/disable gfx PG feature in rlc safe mode drm/amdgpu: Update power state at the end of smu hw_init. Tomer Tayar (2): qed: Wait for ready indication before rereading the shmem qed: Wait for MCP halt and resume commands to take place Documentation/hwmon/ina2xx | 2 +- drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c | 11 ++- drivers/gpu/drm/amd/amdgpu/kv_dpm.c | 4 +- drivers/gpu/drm/amd/amdgpu/si_dpm.c | 3 +- drivers/hwmon/adt7475.c | 14 ++-- drivers/hwmon/ina2xx.c | 13 +++- drivers/i2c/busses/i2c-i801.c | 9 ++- drivers/net/ethernet/hisilicon/hns/hnae.h | 6 +- drivers/net/ethernet/hisilicon/hns/hns_enet.c | 2 +- drivers/net/ethernet/intel/e1000/e1000_ethtool.c | 7 +- drivers/net/ethernet/qlogic/qed/qed_mcp.c | 96 +++++++++++++++++++----- drivers/net/ethernet/qlogic/qed/qed_reg_addr.h | 1 + drivers/thermal/of-thermal.c | 7 +- include/linux/arm-smccc.h | 38 ++++++---- include/linux/platform_data/ina2xx.h | 2 +- 15 files changed, 159 insertions(+), 56 deletions(-) -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAluywqkACgkQ3qZv95d3 LNwMTQ//aFXCRx/5spsygsZVGnYIM2QCIElDALeKjSuLZlJCV/UZDgPLKc453ZW/ IpzheGF3Ut4w0IrHiKnTgxE0Zv6rXHpnCHAUUXcpdfinrgWIXcT8uHt0x3mhOu3Y j+mNv4q+yakwScGd06zUqNr+Pq7KQIJuT+18DAGFchvJUS3ncA3PVK2PRAhcFKiM sP8SFUcuwi1M+puV6oexoVfYJAwT7EyoidykSKvLhOPweLcjESFbx/lP/p2tG8wN 1jGpxqLY1IDrvGHuaCCbWZfXo3m40+etvlVgV6izAckbU2Agh0FLOuHl3cuzbiBr 1nkwa8hPNzbmctxH5iAzFIThZ8vKQk21naoVSP5jm91g42QJZAr6BV9XXXFcsB4D bHm5zeKMKvImlcEIJQNG1TccDFdgxXMA+4hiESv1YjtfFCmd4zRJoQFCk6KTvr3z 3uu3P2kjiDfhNCuOhyqs8i7NVXwiqoprqoXGFdpvxQCEgHVX7GPdtEjb3JPuHQzl J/WjIcuG0ULYmTHE+5OiPstNICtzPLpQb4HPrLLHBQ8t2Id7YSshrVTAWslC7PSP Taxk5L0kyE6men06auPhBu5gI8JAimM/fzSz9IFNRlhqf+yafrSnHcNcgCcXZdJ1 W0XrWU/qsj/6cuL1G/CaIhYGy9GrZ0gA44FxdAovJsEaZIq0F8g= =Rpjy -----END PGP SIGNATURE-----

7 years, 1 month

1
0
0 0

[GIT PULL] commits for Linux 4.14

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.14 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 3b65f403d7d0e98484e8f2c9471808f2785a8235: Linux 4.14.73 (2018-09-29 03:06:07 -0700) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.14-01102018 for you to fetch changes up to edfbb55326888cde6bedb15fe7453e7f198559db: x86/pti: Fix section mismatch warning/error (2018-09-29 13:00:59 -0400) - ---------------------------------------------------------------- for-greg-4.14-01102018 - ---------------------------------------------------------------- Anson Huang (1): thermal: of-thermal: disable passive polling when thermal zone is disabled Bo Chen (2): e1000: check on netif_running() before calling e1000_up() e1000: ensure to free old tx/rx rings in set_ringparam() Dan Carpenter (1): hwmon: (adt7475) Make adt7475_read_word() return errors Eric Sandeen (1): isofs: reject hardware sector size > 2048 bytes Huazhong Tan (2): net: hns: fix length and page_offset overflow when CONFIG_ARM64_64K_PAGES net: hns: fix skb->truesize underestimation James Smart (1): nvme-fcloop: Fix dropped LS's to removed target port John Fastabend (2): tls: possible hang when do_tcp_sendpages hits sndbuf is full case bpf: sockmap: write_space events need to be passed to TCP handler Leonard Crestez (1): Revert "ARM: dts: imx7d: Invert legacy PCI irq mapping" Linus Walleij (1): ata: ftide010: Add a quirk for SQ201 Lothar Felten (1): hwmon: (ina2xx) fix sysfs shunt resistor read access Marc Zyngier (2): arm/arm64: smccc-1.1: Make return values unsigned long arm/arm64: smccc-1.1: Handle function result as parameters Mika Westerberg (1): i2c: i801: Allow ACPI AML access I/O ports not reserved for SMBus Randy Dunlap (1): x86/pti: Fix section mismatch warning/error Rex Zhu (2): drm/amdgpu: Enable/disable gfx PG feature in rlc safe mode drm/amdgpu: Update power state at the end of smu hw_init. Srikanth Jampala (1): crypto: cavium/nitrox - fix for command corruption in queue full case with backlog submissions. Tomer Tayar (4): qed: Wait for ready indication before rereading the shmem qed: Wait for MCP halt and resume commands to take place qed: Prevent a possible deadlock during driver load and unload qed: Avoid sending mailbox commands when MFW is not responsive Tony Lindgren (1): ARM: dts: omap4-droid4: Fix emmc errors seen on some devices Documentation/hwmon/ina2xx | 2 +- arch/arm/boot/dts/imx7d.dtsi | 12 +- arch/arm/boot/dts/omap4-droid4-xt894.dts | 2 +- arch/x86/mm/pti.c | 2 +- drivers/ata/pata_ftide010.c | 27 ++-- drivers/crypto/cavium/nitrox/nitrox_dev.h | 3 +- drivers/crypto/cavium/nitrox/nitrox_lib.c | 1 + drivers/crypto/cavium/nitrox/nitrox_reqmgr.c | 57 ++++--- drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c | 11 +- drivers/gpu/drm/amd/amdgpu/kv_dpm.c | 4 +- drivers/gpu/drm/amd/amdgpu/si_dpm.c | 3 +- drivers/hwmon/adt7475.c | 14 +- drivers/hwmon/ina2xx.c | 13 +- drivers/i2c/busses/i2c-i801.c | 9 +- drivers/net/ethernet/hisilicon/hns/hnae.h | 6 +- drivers/net/ethernet/hisilicon/hns/hns_enet.c | 2 +- drivers/net/ethernet/intel/e1000/e1000_ethtool.c | 7 +- drivers/net/ethernet/qlogic/qed/qed_mcp.c | 187 +++++++++++++++++++---- drivers/net/ethernet/qlogic/qed/qed_mcp.h | 27 ++-- drivers/net/ethernet/qlogic/qed/qed_reg_addr.h | 2 + drivers/nvme/target/fcloop.c | 3 +- drivers/thermal/of-thermal.c | 7 +- fs/isofs/inode.c | 7 + include/linux/arm-smccc.h | 38 +++-- include/linux/platform_data/ina2xx.h | 2 +- kernel/bpf/sockmap.c | 3 + net/tls/tls_main.c | 9 +- 27 files changed, 338 insertions(+), 122 deletions(-) -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAluywqIACgkQ3qZv95d3 LNyn8g/8CyhwmJpHasRk5DF07M05Zhjzivz+qN6vOACneDftZzm5ezlX8ayHs4ls C8GlyTPPHwIw36GkTuYf8PopoQTDU8gsbb3yTr/RHFtIQJ3XOCmzAYtbkaQQ4sP2 UsAay4BETeqqYnyniNdcJ1b6dqX0llP6QmrYJg4hWI3B4FqzfWIl0decjX3RLxDB Q/X3c5TvhQMcWSYuKti7M1ULE/AWg9BB2HMg1leJxFpESpF0UTpcVpPq3DMxd3os B4bjBprGeemZ5/ctVG4J2P0uteoGocUS1pcgHgOr20etWdlu1TxtSBoI0THt/9fj ZvbxNGN71Jpkb+wnRC18afPilDNKvLrlaaV65/rjk00Zzs1W0zCXl1zxnImHiCFn kFMLZUv0KPNVYNa4U0HEQRrgf1mrgyncVWmIGLnzuC9hXZtF7UvHliGTr7dXctRX i5FFdYeAk6bAMilNwK3VZyS2gvXU9C/yXz1tqFmhZuDaKsywvtOrfLO+XPLHly+T K532vncSshpmrgPFK9iky/JMHiJ0flmF6CRqVjjd/PQA4wj1W2Np9vg8MtZm2n4N SmYg4FNiKuGeRPaLxwubVVe6iALtfa47ARG67aYYnxRedc2RyK6saaxh3zbmJ7gW kxZScnx0MKVYrNV/IIj3D/Dg/pX3XLIFpMEOwweEGzDwdbD6nxg= =P3AS -----END PGP SIGNATURE-----

7 years, 1 month

1
0
0 0

patch "USB: serial: simple: add Motorola Tetra MTP6550 id" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled USB: serial: simple: add Motorola Tetra MTP6550 id to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From f5fad711c06e652f90f581fc7c2caee327c33d31 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan(a)kernel.org> Date: Mon, 24 Sep 2018 15:28:10 +0200 Subject: USB: serial: simple: add Motorola Tetra MTP6550 id Add device-id for the Motorola Tetra radio MTP6550. Bus 001 Device 004: ID 0cad:9012 Motorola CGISS Device Descriptor: bLength 18 bDescriptorType 1 bcdUSB 2.00 bDeviceClass 0 (Defined at Interface level) bDeviceSubClass 0 bDeviceProtocol 0 bMaxPacketSize0 64 idVendor 0x0cad Motorola CGISS idProduct 0x9012 bcdDevice 24.16 iManufacturer 1 Motorola Solutions, Inc. iProduct 2 TETRA PEI interface iSerial 0 bNumConfigurations 1 Configuration Descriptor: bLength 9 bDescriptorType 2 wTotalLength 55 bNumInterfaces 2 bConfigurationValue 1 iConfiguration 3 Generic Serial config bmAttributes 0x80 (Bus Powered) MaxPower 500mA Interface Descriptor: bLength 9 bDescriptorType 4 bInterfaceNumber 0 bAlternateSetting 0 bNumEndpoints 2 bInterfaceClass 255 Vendor Specific Class bInterfaceSubClass 0 bInterfaceProtocol 0 iInterface 0 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x81 EP 1 IN bmAttributes 2 Transfer Type Bulk Synch Type None Usage Type Data wMaxPacketSize 0x0200 1x 512 bytes bInterval 0 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x01 EP 1 OUT bmAttributes 2 Transfer Type Bulk Synch Type None Usage Type Data wMaxPacketSize 0x0200 1x 512 bytes Interface Descriptor: bLength 9 bDescriptorType 4 bInterfaceNumber 1 bAlternateSetting 0 bNumEndpoints 2 bInterfaceClass 255 Vendor Specific Class bInterfaceSubClass 0 bInterfaceProtocol 0 iInterface 0 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x82 EP 2 IN bmAttributes 2 Transfer Type Bulk Synch Type None Usage Type Data wMaxPacketSize 0x0200 1x 512 bytes bInterval 0 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x02 EP 2 OUT bmAttributes 2 Transfer Type Bulk Synch Type None Usage Type Data wMaxPacketSize 0x0200 1x 512 bytes bInterval 0 Device Qualifier (for other device speed): bLength 10 bDescriptorType 6 bcdUSB 2.00 bDeviceClass 0 (Defined at Interface level) bDeviceSubClass 0 bDeviceProtocol 0 bMaxPacketSize0 64 bNumConfigurations 1 Device Status: 0x0000 (Bus Powered) Reported-by: Hans Hult <hanshult35(a)gmail.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/usb/serial/usb-serial-simple.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/usb/serial/usb-serial-simple.c b/drivers/usb/serial/usb-serial-simple.c index 40864c2bd9dc..4d0273508043 100644 --- a/drivers/usb/serial/usb-serial-simple.c +++ b/drivers/usb/serial/usb-serial-simple.c @@ -84,7 +84,8 @@ DEVICE(moto_modem, MOTO_IDS); /* Motorola Tetra driver */ #define MOTOROLA_TETRA_IDS() \ - { USB_DEVICE(0x0cad, 0x9011) } /* Motorola Solutions TETRA PEI */ + { USB_DEVICE(0x0cad, 0x9011) }, /* Motorola Solutions TETRA PEI */ \ + { USB_DEVICE(0x0cad, 0x9012) } /* MTP6550 */ DEVICE(motorola_tetra, MOTOROLA_TETRA_IDS); /* Novatel Wireless GPS driver */ -- 2.19.0

7 years, 1 month

1
0
0 0

patch "USB: serial: option: improve Quectel EP06 detection" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled USB: serial: option: improve Quectel EP06 detection to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 36cae568404a298a19a6e8a3f18641075d4cab04 Mon Sep 17 00:00:00 2001 From: Kristian Evensen <kristian.evensen(a)gmail.com> Date: Thu, 13 Sep 2018 11:21:49 +0200 Subject: USB: serial: option: improve Quectel EP06 detection The Quectel EP06 (and EM06/EG06) LTE modem supports updating the USB configuration, without the VID/PID or configuration number changing. When the configuration is updated and interfaces are added/removed, the interface numbers are updated. This causes our current code for matching EP06 not to work as intended, as the assumption about reserved interfaces no longer holds. If for example the diagnostic (first) interface is removed, option will (try to) bind to the QMI interface. This patch improves EP06 detection by replacing the current match with two matches, and those matches check class, subclass and protocol as well as VID and PID. The diag interface exports class, subclass and protocol as 0xff. For the other serial interfaces, class is 0xff and subclass and protocol are both 0x0. The modem can export the following devices and always in this order: diag, nmea, at, ppp. qmi and adb. This means that diag can only ever be interface 0, and interface numbers 1-5 should be marked as reserved. The three other serial devices can have interface numbers 0-3, but I have not marked any interfaces as reserved. The reason is that the serial devices are the only interfaces exported by the device where subclass and protocol is 0x0. QMI exports the same class, subclass and protocol values as the diag interface. However, the two interfaces have different number of endpoints, QMI has three and diag two. I have added a check for number of interfaces if VID/PID matches the EP06, and we ignore the device if number of interfaces equals three (and subclass is set). Signed-off-by: Kristian Evensen <kristian.evensen(a)gmail.com> Acked-by: Dan Williams <dcbw(a)redhat.com> [ johan: drop uneeded RSVD(5) for ADB ] Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/usb/serial/option.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c index 0215b70c4efc..382feafbd127 100644 --- a/drivers/usb/serial/option.c +++ b/drivers/usb/serial/option.c @@ -1081,8 +1081,9 @@ static const struct usb_device_id option_ids[] = { .driver_info = RSVD(4) }, { USB_DEVICE(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_BG96), .driver_info = RSVD(4) }, - { USB_DEVICE(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EP06), - .driver_info = RSVD(4) | RSVD(5) }, + { USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EP06, 0xff, 0xff, 0xff), + .driver_info = RSVD(1) | RSVD(2) | RSVD(3) | RSVD(4) }, + { USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EP06, 0xff, 0, 0) }, { USB_DEVICE(CMOTECH_VENDOR_ID, CMOTECH_PRODUCT_6001) }, { USB_DEVICE(CMOTECH_VENDOR_ID, CMOTECH_PRODUCT_CMU_300) }, { USB_DEVICE(CMOTECH_VENDOR_ID, CMOTECH_PRODUCT_6003), @@ -1985,6 +1986,7 @@ static int option_probe(struct usb_serial *serial, { struct usb_interface_descriptor *iface_desc = &serial->interface->cur_altsetting->desc; + struct usb_device_descriptor *dev_desc = &serial->dev->descriptor; unsigned long device_flags = id->driver_info; /* Never bind to the CD-Rom emulation interface */ @@ -1999,6 +2001,18 @@ static int option_probe(struct usb_serial *serial, if (device_flags & RSVD(iface_desc->bInterfaceNumber)) return -ENODEV; + /* + * Don't bind to the QMI device of the Quectel EP06/EG06/EM06. Class, + * subclass and protocol is 0xff for both the diagnostic port and the + * QMI interface, but the diagnostic port only has two endpoints (QMI + * has three). + */ + if (dev_desc->idVendor == cpu_to_le16(QUECTEL_VENDOR_ID) && + dev_desc->idProduct == cpu_to_le16(QUECTEL_PRODUCT_EP06) && + iface_desc->bInterfaceSubClass && iface_desc->bNumEndpoints == 3) { + return -ENODEV; + } + /* Store the device flags so we can use them during attach. */ usb_set_serial_data(serial, (void *)device_flags); -- 2.19.0

7 years, 1 month

1
0
0 0

patch "USB: serial: option: add two-endpoints device-id flag" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled USB: serial: option: add two-endpoints device-id flag to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 35aecc02b5b621782111f64cbb032c7f6a90bb32 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan(a)kernel.org> Date: Thu, 13 Sep 2018 11:21:50 +0200 Subject: USB: serial: option: add two-endpoints device-id flag Allow matching on interfaces having two endpoints by adding a new device-id flag. This allows for the handling of devices whose interface numbers can change (e.g. Quectel EP06) to be contained in the device-id table. Tested-by: Kristian Evensen <kristian.evensen(a)gmail.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/usb/serial/option.c | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c index 382feafbd127..e72ad9f81c73 100644 --- a/drivers/usb/serial/option.c +++ b/drivers/usb/serial/option.c @@ -561,6 +561,9 @@ static void option_instat_callback(struct urb *urb); /* Interface is reserved */ #define RSVD(ifnum) ((BIT(ifnum) & 0xff) << 0) +/* Interface must have two endpoints */ +#define NUMEP2 BIT(16) + static const struct usb_device_id option_ids[] = { { USB_DEVICE(OPTION_VENDOR_ID, OPTION_PRODUCT_COLT) }, @@ -1082,7 +1085,7 @@ static const struct usb_device_id option_ids[] = { { USB_DEVICE(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_BG96), .driver_info = RSVD(4) }, { USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EP06, 0xff, 0xff, 0xff), - .driver_info = RSVD(1) | RSVD(2) | RSVD(3) | RSVD(4) }, + .driver_info = RSVD(1) | RSVD(2) | RSVD(3) | RSVD(4) | NUMEP2 }, { USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EP06, 0xff, 0, 0) }, { USB_DEVICE(CMOTECH_VENDOR_ID, CMOTECH_PRODUCT_6001) }, { USB_DEVICE(CMOTECH_VENDOR_ID, CMOTECH_PRODUCT_CMU_300) }, @@ -1986,7 +1989,6 @@ static int option_probe(struct usb_serial *serial, { struct usb_interface_descriptor *iface_desc = &serial->interface->cur_altsetting->desc; - struct usb_device_descriptor *dev_desc = &serial->dev->descriptor; unsigned long device_flags = id->driver_info; /* Never bind to the CD-Rom emulation interface */ @@ -2002,16 +2004,11 @@ static int option_probe(struct usb_serial *serial, return -ENODEV; /* - * Don't bind to the QMI device of the Quectel EP06/EG06/EM06. Class, - * subclass and protocol is 0xff for both the diagnostic port and the - * QMI interface, but the diagnostic port only has two endpoints (QMI - * has three). + * Allow matching on bNumEndpoints for devices whose interface numbers + * can change (e.g. Quectel EP06). */ - if (dev_desc->idVendor == cpu_to_le16(QUECTEL_VENDOR_ID) && - dev_desc->idProduct == cpu_to_le16(QUECTEL_PRODUCT_EP06) && - iface_desc->bInterfaceSubClass && iface_desc->bNumEndpoints == 3) { + if (device_flags & NUMEP2 && iface_desc->bNumEndpoints != 2) return -ENODEV; - } /* Store the device flags so we can use them during attach. */ usb_set_serial_data(serial, (void *)device_flags); -- 2.19.0

7 years, 1 month

1
0
0 0

[PATCH AUTOSEL 4.18 01/65] netfilter: xt_cluster: add dependency on conntrack module

by Sasha Levin

From: Martin Willi <martin(a)strongswan.org> [ Upstream commit c1dc2912059901f97345d9e10c96b841215fdc0f ] The cluster match requires conntrack for matching packets. If the netns does not have conntrack hooks registered, the match does not work at all. Implicitly load the conntrack hook for the family, exactly as many other extensions do. This ensures that the match works even if the hooks have not been registered by other means. Signed-off-by: Martin Willi <martin(a)strongswan.org> Acked-by: Florian Westphal <fw(a)strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo(a)netfilter.org> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- net/netfilter/xt_cluster.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/net/netfilter/xt_cluster.c b/net/netfilter/xt_cluster.c index dfbdbb2fc0ed..51d0c257e7a5 100644 --- a/net/netfilter/xt_cluster.c +++ b/net/netfilter/xt_cluster.c @@ -125,6 +125,7 @@ xt_cluster_mt(const struct sk_buff *skb, struct xt_action_param *par) static int xt_cluster_mt_checkentry(const struct xt_mtchk_param *par) { struct xt_cluster_match_info *info = par->matchinfo; + int ret; if (info->total_nodes > XT_CLUSTER_NODES_MAX) { pr_info_ratelimited("you have exceeded the maximum number of cluster nodes (%u > %u)\n", @@ -135,7 +136,17 @@ static int xt_cluster_mt_checkentry(const struct xt_mtchk_param *par) pr_info_ratelimited("node mask cannot exceed total number of nodes\n"); return -EDOM; } - return 0; + + ret = nf_ct_netns_get(par->net, par->family); + if (ret < 0) + pr_info_ratelimited("cannot load conntrack support for proto=%u\n", + par->family); + return ret; +} + +static void xt_cluster_mt_destroy(const struct xt_mtdtor_param *par) +{ + nf_ct_netns_put(par->net, par->family); } static struct xt_match xt_cluster_match __read_mostly = { @@ -144,6 +155,7 @@ static struct xt_match xt_cluster_match __read_mostly = { .match = xt_cluster_mt, .checkentry = xt_cluster_mt_checkentry, .matchsize = sizeof(struct xt_cluster_match_info), + .destroy = xt_cluster_mt_destroy, .me = THIS_MODULE, }; -- 2.17.1

7 years, 1 month

2
66
0 0

[PATCH] firmware: Always initialize the fw_priv list object

by Bjorn Andersson

When freeing the fw_priv the item is taken off the list. This causes an oops in the FW_OPT_NOCACHE case as the list object is not initialized. Make sure to initialize the list object regardless of this flag. Fixes: 422b3db2a503 ("firmware: Fix security issue with request_firmware_into_buf()") Cc: stable(a)vger.kernel.org Cc: Rishabh Bhatnagar <rishabhb(a)codeaurora.org> Signed-off-by: Bjorn Andersson <bjorn.andersson(a)linaro.org> --- drivers/base/firmware_loader/main.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/drivers/base/firmware_loader/main.c b/drivers/base/firmware_loader/main.c index b3c0498ee433..8e9213b36e31 100644 --- a/drivers/base/firmware_loader/main.c +++ b/drivers/base/firmware_loader/main.c @@ -226,8 +226,11 @@ static int alloc_lookup_fw_priv(const char *fw_name, } tmp = __allocate_fw_priv(fw_name, fwc, dbuf, size); - if (tmp && !(opt_flags & FW_OPT_NOCACHE)) - list_add(&tmp->list, &fwc->head); + if (tmp) { + INIT_LIST_HEAD(&tmp->list); + if (!(opt_flags & FW_OPT_NOCACHE)) + list_add(&tmp->list, &fwc->head); + } spin_unlock(&fwc->lock); *fw_priv = tmp; -- 2.18.0

7 years, 1 month

5
8
0 0

[PATCH] kdb: print real address of pointers instead of hashed addresses

by Christophe Leroy

Since commit ad67b74d2469 ("printk: hash addresses printed with %p"), all pointers printed with %p are printed with hashed addresses instead of real addresses in order to avoid leaking addresses in dmesg and syslog. But this applies to kdb too, with is unfortunate: Entering kdb (current=0x(ptrval), pid 329) due to Keyboard Entry kdb> ps 15 sleeping system daemon (state M) processes suppressed, use 'ps A' to see all. Task Addr Pid Parent [*] cpu State Thread Command 0x(ptrval) 329 328 1 0 R 0x(ptrval) *sh 0x(ptrval) 1 0 0 0 S 0x(ptrval) init 0x(ptrval) 3 2 0 0 D 0x(ptrval) rcu_gp 0x(ptrval) 4 2 0 0 D 0x(ptrval) rcu_par_gp 0x(ptrval) 5 2 0 0 D 0x(ptrval) kworker/0:0 0x(ptrval) 6 2 0 0 D 0x(ptrval) kworker/0:0H 0x(ptrval) 7 2 0 0 D 0x(ptrval) kworker/u2:0 0x(ptrval) 8 2 0 0 D 0x(ptrval) mm_percpu_wq 0x(ptrval) 10 2 0 0 D 0x(ptrval) rcu_preempt The whole purpose of kdb is to debug, and for debugging real addresses need to be known. In addition, data displayed by kdb doesn't go into dmesg. This patch replaces all %p by %px in kdb in order to display real addresses. Fixes: ad67b74d2469 ("printk: hash addresses printed with %p") Cc: <stable(a)vger.kernel.org> Signed-off-by: Christophe Leroy <christophe.leroy(a)c-s.fr> --- kernel/debug/kdb/kdb_main.c | 14 +++++++------- kernel/debug/kdb/kdb_support.c | 12 ++++++------ 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/kernel/debug/kdb/kdb_main.c b/kernel/debug/kdb/kdb_main.c index 2ddfce8f1e8f..f338d23b112b 100644 --- a/kernel/debug/kdb/kdb_main.c +++ b/kernel/debug/kdb/kdb_main.c @@ -1192,7 +1192,7 @@ static int kdb_local(kdb_reason_t reason, int error, struct pt_regs *regs, if (reason == KDB_REASON_DEBUG) { /* special case below */ } else { - kdb_printf("\nEntering kdb (current=0x%p, pid %d) ", + kdb_printf("\nEntering kdb (current=0x%px, pid %d) ", kdb_current, kdb_current ? kdb_current->pid : 0); #if defined(CONFIG_SMP) kdb_printf("on processor %d ", raw_smp_processor_id()); @@ -1208,7 +1208,7 @@ static int kdb_local(kdb_reason_t reason, int error, struct pt_regs *regs, */ switch (db_result) { case KDB_DB_BPT: - kdb_printf("\nEntering kdb (0x%p, pid %d) ", + kdb_printf("\nEntering kdb (0x%px, pid %d) ", kdb_current, kdb_current->pid); #if defined(CONFIG_SMP) kdb_printf("on processor %d ", raw_smp_processor_id()); @@ -2048,7 +2048,7 @@ static int kdb_lsmod(int argc, const char **argv) if (mod->state == MODULE_STATE_UNFORMED) continue; - kdb_printf("%-20s%8u 0x%p ", mod->name, + kdb_printf("%-20s%8u 0x%px ", mod->name, mod->core_layout.size, (void *)mod); #ifdef CONFIG_MODULE_UNLOAD kdb_printf("%4d ", module_refcount(mod)); @@ -2059,7 +2059,7 @@ static int kdb_lsmod(int argc, const char **argv) kdb_printf(" (Loading)"); else kdb_printf(" (Live)"); - kdb_printf(" 0x%p", mod->core_layout.base); + kdb_printf(" 0x%px", mod->core_layout.base); #ifdef CONFIG_MODULE_UNLOAD { @@ -2341,7 +2341,7 @@ void kdb_ps1(const struct task_struct *p) return; cpu = kdb_process_cpu(p); - kdb_printf("0x%p %8d %8d %d %4d %c 0x%p %c%s\n", + kdb_printf("0x%px %8d %8d %d %4d %c 0x%px %c%s\n", (void *)p, p->pid, p->parent->pid, kdb_task_has_cpu(p), kdb_process_cpu(p), kdb_task_state_char(p), @@ -2354,7 +2354,7 @@ void kdb_ps1(const struct task_struct *p) } else { if (KDB_TSK(cpu) != p) kdb_printf(" Error: does not match running " - "process table (0x%p)\n", KDB_TSK(cpu)); + "process table (0x%px)\n", KDB_TSK(cpu)); } } } @@ -2692,7 +2692,7 @@ int kdb_register_flags(char *cmd, for_each_kdbcmd(kp, i) { if (kp->cmd_name && (strcmp(kp->cmd_name, cmd) == 0)) { kdb_printf("Duplicate kdb command registered: " - "%s, func %p help %s\n", cmd, func, help); + "%s, func %px help %s\n", cmd, func, help); return 1; } } diff --git a/kernel/debug/kdb/kdb_support.c b/kernel/debug/kdb/kdb_support.c index 990b3cc526c8..987eb73284d2 100644 --- a/kernel/debug/kdb/kdb_support.c +++ b/kernel/debug/kdb/kdb_support.c @@ -40,7 +40,7 @@ int kdbgetsymval(const char *symname, kdb_symtab_t *symtab) { if (KDB_DEBUG(AR)) - kdb_printf("kdbgetsymval: symname=%s, symtab=%p\n", symname, + kdb_printf("kdbgetsymval: symname=%s, symtab=%px\n", symname, symtab); memset(symtab, 0, sizeof(*symtab)); symtab->sym_start = kallsyms_lookup_name(symname); @@ -88,7 +88,7 @@ int kdbnearsym(unsigned long addr, kdb_symtab_t *symtab) char *knt1 = NULL; if (KDB_DEBUG(AR)) - kdb_printf("kdbnearsym: addr=0x%lx, symtab=%p\n", addr, symtab); + kdb_printf("kdbnearsym: addr=0x%lx, symtab=%px\n", addr, symtab); memset(symtab, 0, sizeof(*symtab)); if (addr < 4096) @@ -149,7 +149,7 @@ int kdbnearsym(unsigned long addr, kdb_symtab_t *symtab) symtab->mod_name = "kernel"; if (KDB_DEBUG(AR)) kdb_printf("kdbnearsym: returns %d symtab->sym_start=0x%lx, " - "symtab->mod_name=%p, symtab->sym_name=%p (%s)\n", ret, + "symtab->mod_name=%px, symtab->sym_name=%px (%s)\n", ret, symtab->sym_start, symtab->mod_name, symtab->sym_name, symtab->sym_name); @@ -887,13 +887,13 @@ void debug_kusage(void) __func__, dah_first); if (dah_first) { h_used = (struct debug_alloc_header *)debug_alloc_pool; - kdb_printf("%s: h_used %p size %d\n", __func__, h_used, + kdb_printf("%s: h_used %px size %d\n", __func__, h_used, h_used->size); } do { h_used = (struct debug_alloc_header *) ((char *)h_free + dah_overhead + h_free->size); - kdb_printf("%s: h_used %p size %d caller %p\n", + kdb_printf("%s: h_used %px size %d caller %px\n", __func__, h_used, h_used->size, h_used->caller); h_free = (struct debug_alloc_header *) (debug_alloc_pool + h_free->next); @@ -902,7 +902,7 @@ void debug_kusage(void) ((char *)h_free + dah_overhead + h_free->size); if ((char *)h_used - debug_alloc_pool != sizeof(debug_alloc_pool_aligned)) - kdb_printf("%s: h_used %p size %d caller %p\n", + kdb_printf("%s: h_used %px size %d caller %px\n", __func__, h_used, h_used->size, h_used->caller); out: spin_unlock(&dap_lock); -- 2.13.3

7 years, 1 month

2
1
0 0

[PATCH 2/2] selftests/x86: Add clock_gettime() tests to test_vdso

by Andy Lutomirski

Now that the vDSO implementation of clock_gettime() is getting reworked, add a selftest for it. This tests that its output is consistent with the syscall version. This is marked for stable to serve as a test for commit "x86/vdso: Fix asm constraints on vDSO syscall fallbacks". Cc: stable(a)vger.kernel.org Signed-off-by: Andy Lutomirski <luto(a)kernel.org> --- tools/testing/selftests/x86/test_vdso.c | 99 +++++++++++++++++++++++++ 1 file changed, 99 insertions(+) diff --git a/tools/testing/selftests/x86/test_vdso.c b/tools/testing/selftests/x86/test_vdso.c index 235259011704..49f7294fb382 100644 --- a/tools/testing/selftests/x86/test_vdso.c +++ b/tools/testing/selftests/x86/test_vdso.c @@ -17,6 +17,7 @@ #include <errno.h> #include <sched.h> #include <stdbool.h> +#include <limits.h> #ifndef SYS_getcpu # ifdef __x86_64__ @@ -31,6 +32,10 @@ int nerrs = 0; +typedef int (*vgettime_t)(clockid_t, struct timespec *); + +vgettime_t vdso_clock_gettime; + typedef long (*getcpu_t)(unsigned *, unsigned *, void *); getcpu_t vgetcpu; @@ -95,6 +100,10 @@ static void fill_function_pointers() printf("Warning: failed to find getcpu in vDSO\n"); vgetcpu = (getcpu_t) vsyscall_getcpu(); + + vdso_clock_gettime = (vgettime_t)dlsym(vdso, "__vdso_clock_gettime"); + if (!vdso_clock_gettime) + printf("Warning: failed to find clock_gettime in vDSO\n"); } static long sys_getcpu(unsigned * cpu, unsigned * node, @@ -103,6 +112,11 @@ static long sys_getcpu(unsigned * cpu, unsigned * node, return syscall(__NR_getcpu, cpu, node, cache); } +static inline int sys_clock_gettime(clockid_t id, struct timespec *ts) +{ + return syscall(__NR_clock_gettime, id, ts); +} + static void test_getcpu(void) { printf("[RUN]\tTesting getcpu...\n"); @@ -155,10 +169,95 @@ static void test_getcpu(void) } } +static bool ts_leq(const struct timespec *a, const struct timespec *b) +{ + if (a->tv_sec != b->tv_sec) + return a->tv_sec < b->tv_sec; + else + return a->tv_nsec <= b->tv_nsec; +} + +static char const * const clocknames[] = { + [0] = "CLOCK_REALTIME", + [1] = "CLOCK_MONOTONIC", + [2] = "CLOCK_PROCESS_CPUTIME_ID", + [3] = "CLOCK_THREAD_CPUTIME_ID", + [4] = "CLOCK_MONOTONIC_RAW", + [5] = "CLOCK_REALTIME_COARSE", + [6] = "CLOCK_MONOTONIC_COARSE", + [7] = "CLOCK_BOOTTIME", + [8] = "CLOCK_REALTIME_ALARM", + [9] = "CLOCK_BOOTTIME_ALARM", + [10] = "CLOCK_SGI_CYCLE", + [11] = "CLOCK_TAI", +}; + +static void test_one_clock_gettime(int clock, const char *name) +{ + struct timespec start, vdso, end; + int vdso_ret, end_ret; + + printf("[RUN]\tTesting clock_gettime for clock %s (%d)...\n", name, clock); + + if (sys_clock_gettime(clock, &start) < 0) { + if (errno == EINVAL) { + vdso_ret = vdso_clock_gettime(clock, &vdso); + if (vdso_ret == -EINVAL) { + printf("[OK]\tNo such clock.\n"); + } else { + printf("[FAIL]\tNo such clock, but __vdso_clock_gettime returned %d\n", vdso_ret); + nerrs++; + } + } else { + printf("[WARN]\t clock_gettime(%d) syscall returned error %d\n", clock, errno); + } + return; + } + + vdso_ret = vdso_clock_gettime(clock, &vdso); + end_ret = sys_clock_gettime(clock, &end); + + if (vdso_ret != 0 || end_ret != 0) { + printf("[FAIL]\tvDSO returned %d, syscall errno=%d\n", + vdso_ret, errno); + nerrs++; + return; + } + + printf("\t%llu.%09ld %llu.%09ld %llu.%09ld\n", + (unsigned long long)start.tv_sec, start.tv_nsec, + (unsigned long long)vdso.tv_sec, vdso.tv_nsec, + (unsigned long long)end.tv_sec, end.tv_nsec); + + if (!ts_leq(&start, &vdso) || !ts_leq(&vdso, &end)) { + printf("[FAIL]\tTimes are out of sequence\n"); + nerrs++; + } +} + +static void test_clock_gettime(void) +{ + for (int clock = 0; clock < sizeof(clocknames) / sizeof(clocknames[0]); + clock++) { + test_one_clock_gettime(clock, clocknames[clock]); + } + + /* Also test some invalid clock ids */ + test_one_clock_gettime(-1, "invalid"); + test_one_clock_gettime(INT_MIN, "invalid"); + test_one_clock_gettime(INT_MAX, "invalid"); +} + int main(int argc, char **argv) { fill_function_pointers(); + test_clock_gettime(); + + /* + * Test getcpu() last so that, if something goes wrong setting affinity, + * we still run the other tests. + */ test_getcpu(); return nerrs ? 1 : 0; -- 2.17.1

7 years, 1 month

1
0
0 0

[PATCH 1/2] x86/vdso: Fix asm constraints on vDSO syscall fallbacks

by Andy Lutomirski

The syscall fallbacks in the vDSO have incorrect asm constraints. They are not marked as writing to their outputs -- instead, they are marked as clobbering "memory", which is useless. In particular, gcc is smart enough to know that the timespec parameter hasn't escaped, so a memory clobber doesn't clobber it. And passing a pointer as an asm *input* does not tell gcc that the pointed-to value is changed. Add in the fact that the asm instructions weren't volatile, and gcc was free to omit them entirely unless their sole output (the return value) is used. Which it is (phew!), but that stops happening with some upcoming patches. As a trivial example, the following code: void test_fallback(struct timespec *ts) { vdso_fallback_gettime(CLOCK_MONOTONIC, ts); } compiles to: 00000000000000c0 <test_fallback>: c0: c3 retq To add insult to injury, the RCX and R11 clobbers on 64-bit builds were missing. The "memory" clobber is also unnecessary -- no ordering with respect to other memory operations is needed, but I'll fix that in a separate not-for-stable patch. Cc: stable(a)vger.kernel.org Fixes: 2aae950b21e4 ("x86_64: Add vDSO for x86-64 with gettimeofday/clock_gettime/getcpu") Signed-off-by: Andy Lutomirski <luto(a)kernel.org> --- arch/x86/entry/vdso/vclock_gettime.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/arch/x86/entry/vdso/vclock_gettime.c b/arch/x86/entry/vdso/vclock_gettime.c index f19856d95c60..134e2d2e8add 100644 --- a/arch/x86/entry/vdso/vclock_gettime.c +++ b/arch/x86/entry/vdso/vclock_gettime.c @@ -43,8 +43,9 @@ extern u8 hvclock_page notrace static long vdso_fallback_gettime(long clock, struct timespec *ts) { long ret; - asm("syscall" : "=a" (ret) : - "0" (__NR_clock_gettime), "D" (clock), "S" (ts) : "memory"); + asm ("syscall" : "=a" (ret), "=m" (*ts) : + "0" (__NR_clock_gettime), "D" (clock), "S" (ts) : + "memory", "rcx", "r11"); return ret; } @@ -52,8 +53,9 @@ notrace static long vdso_fallback_gtod(struct timeval *tv, struct timezone *tz) { long ret; - asm("syscall" : "=a" (ret) : - "0" (__NR_gettimeofday), "D" (tv), "S" (tz) : "memory"); + asm ("syscall" : "=a" (ret), "=m" (*tv), "=m" (*tz) : + "0" (__NR_gettimeofday), "D" (tv), "S" (tz) : + "memory", "rcx", "r11"); return ret; } @@ -64,12 +66,12 @@ notrace static long vdso_fallback_gettime(long clock, struct timespec *ts) { long ret; - asm( + asm ( "mov %%ebx, %%edx \n" "mov %2, %%ebx \n" "call __kernel_vsyscall \n" "mov %%edx, %%ebx \n" - : "=a" (ret) + : "=a" (ret), "=m" (*ts) : "0" (__NR_clock_gettime), "g" (clock), "c" (ts) : "memory", "edx"); return ret; @@ -79,12 +81,12 @@ notrace static long vdso_fallback_gtod(struct timeval *tv, struct timezone *tz) { long ret; - asm( + asm ( "mov %%ebx, %%edx \n" "mov %2, %%ebx \n" "call __kernel_vsyscall \n" "mov %%edx, %%ebx \n" - : "=a" (ret) + : "=a" (ret), "=m" (*tv), "=m" (*tz) : "0" (__NR_gettimeofday), "g" (tv), "c" (tz) : "memory", "edx"); return ret; -- 2.17.1

7 years, 1 month

1
0
0 0

[PATCH v4.14.y] serial: imx: restore handshaking irq for imx1

by Uwe Kleine-König

commit 7e620984b62532783912312e334f3c48cdacbd5d upstream. Back in 2015 when irda was dropped from the driver imx1 was broken. This change reintroduces the support for the third interrupt of the UART. Fixes: afe9cbb1a6ad ("serial: imx: drop support for IRDA") Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> Reviewed-by: Leonard Crestez <leonard.crestez(a)nxp.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> [ukl: s/imx_uart_rtsint/imx_rtsint/ as 4.14.y misses 9d1a50a2cceb] Signed-off-by: Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> --- Hello, this is a backport of 7e620984b62532783912312e334f3c48cdacbd5d to v4.14.y that misses 9d1a50a2cceb (serial: imx: consistently use imx_uart_ as prefix for all functions) which changed many function names. So the old function name has to be used. Best regards Uwe drivers/tty/serial/imx.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/drivers/tty/serial/imx.c b/drivers/tty/serial/imx.c index 8deaf2ad8b34..7b01e6b06022 100644 --- a/drivers/tty/serial/imx.c +++ b/drivers/tty/serial/imx.c @@ -2213,6 +2213,14 @@ static int serial_imx_probe(struct platform_device *pdev) ret); return ret; } + + ret = devm_request_irq(&pdev->dev, rtsirq, imx_uart_rtsint, 0, + dev_name(&pdev->dev), sport); + if (ret) { + dev_err(&pdev->dev, "failed to request rts irq: %d\n", + ret); + return ret; + } } else { ret = devm_request_irq(&pdev->dev, rxirq, imx_int, 0, dev_name(&pdev->dev), sport); -- 2.19.0

7 years, 1 month

2
2
0 0

FAILED: patch "[PATCH] serial: imx: restore handshaking irq for imx1" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 7e620984b62532783912312e334f3c48cdacbd5d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Uwe=20Kleine-K=C3=B6nig?= <u.kleine-koenig(a)pengutronix.de> Date: Thu, 20 Sep 2018 14:11:17 +0200 Subject: [PATCH] serial: imx: restore handshaking irq for imx1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Back in 2015 when irda was dropped from the driver imx1 was broken. This change reintroduces the support for the third interrupt of the UART. Fixes: afe9cbb1a6ad ("serial: imx: drop support for IRDA") Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> Reviewed-by: Leonard Crestez <leonard.crestez(a)nxp.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/imx.c b/drivers/tty/serial/imx.c index 239c0fa2e981..0f67197a3783 100644 --- a/drivers/tty/serial/imx.c +++ b/drivers/tty/serial/imx.c @@ -2351,6 +2351,14 @@ static int imx_uart_probe(struct platform_device *pdev) ret); return ret; } + + ret = devm_request_irq(&pdev->dev, rtsirq, imx_uart_rtsint, 0, + dev_name(&pdev->dev), sport); + if (ret) { + dev_err(&pdev->dev, "failed to request rts irq: %d\n", + ret); + return ret; + } } else { ret = devm_request_irq(&pdev->dev, rxirq, imx_uart_int, 0, dev_name(&pdev->dev), sport);

7 years, 1 month

3
2
0 0

[PATCH] IB/hfi1: Fix SL array bounds check

by ira.weiny

commit 0dbfaa9f2813787679e296eb5476e40938ab48c8 upstream. The SL specified by a user needs to be a valid SL. Add a range check to the user specified SL value which protects from running off the end of the SL to SC table. Cc: stable(a)vger.kernel.org # 4.9.x Fixes: 7724105686e7 ("IB/hfi1: add driver files") Signed-off-by: Ira Weiny <ira.weiny(a)intel.com> Signed-off-by: Dennis Dalessandro <dennis.dalessandro(a)intel.com> Signed-off-by: Jason Gunthorpe <jgg(a)mellanox.com> --- drivers/infiniband/hw/hfi1/verbs.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/drivers/infiniband/hw/hfi1/verbs.c b/drivers/infiniband/hw/hfi1/verbs.c index 01a380efea6b..14ddb7506085 100644 --- a/drivers/infiniband/hw/hfi1/verbs.c +++ b/drivers/infiniband/hw/hfi1/verbs.c @@ -1511,12 +1511,18 @@ static int hfi1_check_ah(struct ib_device *ibdev, struct ib_ah_attr *ah_attr) struct hfi1_pportdata *ppd; struct hfi1_devdata *dd; u8 sc5; + u8 sl; /* test the mapping for validity */ ibp = to_iport(ibdev, ah_attr->port_num); ppd = ppd_from_ibp(ibp); - sc5 = ibp->sl_to_sc[ah_attr->sl]; dd = dd_from_ppd(ppd); + + sl = ah_attr->sl; + if (sl >= ARRAY_SIZE(ibp->sl_to_sc)) + return -EINVAL; + + sc5 = ibp->sl_to_sc[sl]; if (sc_to_vlt(dd, sc5) > num_vls && sc_to_vlt(dd, sc5) != 0xf) return -EINVAL; return 0; -- 1.7.12.4

7 years, 1 month

1
0
0 0

[PATCH v2 RESEND 3/3] usb: typec: pci: Enable Intel USB role mux on Apollo Lake platforms

by Mathias Nyman

From: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Intel Apollo Lake has the same internal USB role mux as Intel Cherry Trail. Cc: <stable(a)vger.kernel.org> Signed-off-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> --- drivers/usb/host/xhci-pci.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/usb/host/xhci-pci.c b/drivers/usb/host/xhci-pci.c index 722860e..51dd8e0 100644 --- a/drivers/usb/host/xhci-pci.c +++ b/drivers/usb/host/xhci-pci.c @@ -179,10 +179,12 @@ static void xhci_pci_quirks(struct device *dev, struct xhci_hcd *xhci) xhci->quirks |= XHCI_PME_STUCK_QUIRK; } if (pdev->vendor == PCI_VENDOR_ID_INTEL && - pdev->device == PCI_DEVICE_ID_INTEL_CHERRYVIEW_XHCI) { + pdev->device == PCI_DEVICE_ID_INTEL_CHERRYVIEW_XHCI) xhci->quirks |= XHCI_SSIC_PORT_UNUSED; + if (pdev->vendor == PCI_VENDOR_ID_INTEL && + (pdev->device == PCI_DEVICE_ID_INTEL_CHERRYVIEW_XHCI || + pdev->device == PCI_DEVICE_ID_INTEL_APL_XHCI)) xhci->quirks |= XHCI_INTEL_USB_ROLE_SW; - } if (pdev->vendor == PCI_VENDOR_ID_INTEL && (pdev->device == PCI_DEVICE_ID_INTEL_CHERRYVIEW_XHCI || pdev->device == PCI_DEVICE_ID_INTEL_SUNRISEPOINT_LP_XHCI || -- 2.7.4

7 years, 1 month

2
3
0 0

[RFT PATCH 1/2] xhci: Fix leaking USB3 shared_hcd at xhci removal

by Mathias Nyman

Ensure that the shared_hcd pointer is valid when calling usb_put_hcd() The shared_hcd is removed and freed in xhci by first calling usb_remove_hcd(xhci->shared_hcd), and later usb_put_hcd(xhci->shared_hcd) Afer commit fe190ed0d602 ("xhci: Do not halt the host until both HCD have disconnected their devices.") the shared_hcd was never properly put as xhci->shared_hcd was set to NULL before usb_put_hcd(xhci->shared_hcd) was called. shared_hcd (USB3) is removed before primary hcd (USB2). While removing the primary hcd we might need to handle xhci interrupts to cleanly remove last USB2 devices, therefore we need to set xhci->shared_hcd to NULL before removing the primary hcd to let xhci interrupt handler know shared_hcd is no longer available. xhci-plat.c, xhci-histb.c and xhci-mtk first create both their hcd's before adding them. so to keep the correct reverse removal order use a temporary shared_hcd variable for them. For more details see commit 4ac53087d6d4 ("usb: xhci: plat: Create both HCDs before adding them") Fixes: fe190ed0d602 ("xhci: Do not halt the host until both HCD have disconnected their devices.") Cc: Joel Stanley <joel(a)jms.id.au> Cc: Chunfeng Yun <chunfeng.yun(a)mediatek.com> Cc: Thierry Reding <treding(a)nvidia.com> Cc: Jianguo Sun <sunjianguo1(a)huawei.com> Cc: <stable(a)vger.kernel.org> Reported-by: Jack Pham <jackp(a)codeaurora.org> Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> --- drivers/usb/host/xhci-histb.c | 6 ++++-- drivers/usb/host/xhci-mtk.c | 6 ++++-- drivers/usb/host/xhci-pci.c | 1 + drivers/usb/host/xhci-plat.c | 6 ++++-- drivers/usb/host/xhci-tegra.c | 1 + drivers/usb/host/xhci.c | 2 -- 6 files changed, 14 insertions(+), 8 deletions(-) diff --git a/drivers/usb/host/xhci-histb.c b/drivers/usb/host/xhci-histb.c index 27f0016..3c4abb5 100644 --- a/drivers/usb/host/xhci-histb.c +++ b/drivers/usb/host/xhci-histb.c @@ -325,14 +325,16 @@ static int xhci_histb_remove(struct platform_device *dev) struct xhci_hcd_histb *histb = platform_get_drvdata(dev); struct usb_hcd *hcd = histb->hcd; struct xhci_hcd *xhci = hcd_to_xhci(hcd); + struct usb_hcd *shared_hcd = xhci->shared_hcd; xhci->xhc_state |= XHCI_STATE_REMOVING; - usb_remove_hcd(xhci->shared_hcd); + usb_remove_hcd(shared_hcd); + xhci->shared_hcd = NULL; device_wakeup_disable(&dev->dev); usb_remove_hcd(hcd); - usb_put_hcd(xhci->shared_hcd); + usb_put_hcd(shared_hcd); xhci_histb_host_disable(histb); usb_put_hcd(hcd); diff --git a/drivers/usb/host/xhci-mtk.c b/drivers/usb/host/xhci-mtk.c index 71d0d33..60987c7 100644 --- a/drivers/usb/host/xhci-mtk.c +++ b/drivers/usb/host/xhci-mtk.c @@ -590,12 +590,14 @@ static int xhci_mtk_remove(struct platform_device *dev) struct xhci_hcd_mtk *mtk = platform_get_drvdata(dev); struct usb_hcd *hcd = mtk->hcd; struct xhci_hcd *xhci = hcd_to_xhci(hcd); + struct usb_hcd *shared_hcd = xhci->shared_hcd; - usb_remove_hcd(xhci->shared_hcd); + usb_remove_hcd(shared_hcd); + xhci->shared_hcd = NULL; device_init_wakeup(&dev->dev, false); usb_remove_hcd(hcd); - usb_put_hcd(xhci->shared_hcd); + usb_put_hcd(shared_hcd); usb_put_hcd(hcd); xhci_mtk_sch_exit(mtk); xhci_mtk_clks_disable(mtk); diff --git a/drivers/usb/host/xhci-pci.c b/drivers/usb/host/xhci-pci.c index 51dd8e0..92fd6b6 100644 --- a/drivers/usb/host/xhci-pci.c +++ b/drivers/usb/host/xhci-pci.c @@ -356,6 +356,7 @@ static void xhci_pci_remove(struct pci_dev *dev) if (xhci->shared_hcd) { usb_remove_hcd(xhci->shared_hcd); usb_put_hcd(xhci->shared_hcd); + xhci->shared_hcd = NULL; } /* Workaround for spurious wakeups at shutdown with HSW */ diff --git a/drivers/usb/host/xhci-plat.c b/drivers/usb/host/xhci-plat.c index 94e9392..e5da8ce 100644 --- a/drivers/usb/host/xhci-plat.c +++ b/drivers/usb/host/xhci-plat.c @@ -359,14 +359,16 @@ static int xhci_plat_remove(struct platform_device *dev) struct xhci_hcd *xhci = hcd_to_xhci(hcd); struct clk *clk = xhci->clk; struct clk *reg_clk = xhci->reg_clk; + struct usb_hcd *shared_hcd = xhci->shared_hcd; xhci->xhc_state |= XHCI_STATE_REMOVING; - usb_remove_hcd(xhci->shared_hcd); + usb_remove_hcd(shared_hcd); + xhci->shared_hcd = NULL; usb_phy_shutdown(hcd->usb_phy); usb_remove_hcd(hcd); - usb_put_hcd(xhci->shared_hcd); + usb_put_hcd(shared_hcd); clk_disable_unprepare(clk); clk_disable_unprepare(reg_clk); diff --git a/drivers/usb/host/xhci-tegra.c b/drivers/usb/host/xhci-tegra.c index 4b463e5..b1cce98 100644 --- a/drivers/usb/host/xhci-tegra.c +++ b/drivers/usb/host/xhci-tegra.c @@ -1240,6 +1240,7 @@ static int tegra_xusb_remove(struct platform_device *pdev) usb_remove_hcd(xhci->shared_hcd); usb_put_hcd(xhci->shared_hcd); + xhci->shared_hcd = NULL; usb_remove_hcd(tegra->hcd); usb_put_hcd(tegra->hcd); diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c index 0420eef..c928dbb 100644 --- a/drivers/usb/host/xhci.c +++ b/drivers/usb/host/xhci.c @@ -719,8 +719,6 @@ static void xhci_stop(struct usb_hcd *hcd) /* Only halt host and free memory after both hcds are removed */ if (!usb_hcd_is_primary_hcd(hcd)) { - /* usb core will free this hcd shortly, unset pointer */ - xhci->shared_hcd = NULL; mutex_unlock(&xhci->mutex); return; } -- 2.7.4

7 years, 1 month

4
8
0 0

[PATCH v2 RESEND 2/3] usb: xhci-mtk: resume USB3 roothub first

by Mathias Nyman

From: Chunfeng Yun <chunfeng.yun(a)mediatek.com> Give USB3 devices a better chance to enumerate at USB3 speeds if they are connected to a suspended host. Porting from "671ffdff5b13 xhci: resume USB 3 roothub first" Cc: <stable(a)vger.kernel.org> Signed-off-by: Chunfeng Yun <chunfeng.yun(a)mediatek.com> Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> --- drivers/usb/host/xhci-mtk.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/usb/host/xhci-mtk.c b/drivers/usb/host/xhci-mtk.c index 7334da9..71d0d33 100644 --- a/drivers/usb/host/xhci-mtk.c +++ b/drivers/usb/host/xhci-mtk.c @@ -642,10 +642,10 @@ static int __maybe_unused xhci_mtk_resume(struct device *dev) xhci_mtk_host_enable(mtk); xhci_dbg(xhci, "%s: restart port polling\n", __func__); - set_bit(HCD_FLAG_POLL_RH, &hcd->flags); - usb_hcd_poll_rh_status(hcd); set_bit(HCD_FLAG_POLL_RH, &xhci->shared_hcd->flags); usb_hcd_poll_rh_status(xhci->shared_hcd); + set_bit(HCD_FLAG_POLL_RH, &hcd->flags); + usb_hcd_poll_rh_status(hcd); return 0; } -- 2.7.4

7 years, 1 month

1
0
0 0

[PATCH v2 RESEND 1/3] xhci: Add missing CAS workaround for Intel Sunrise Point xHCI

by Mathias Nyman

The workaround for missing CAS bit is also needed for xHC on Intel sunrisepoint PCH. For more details see: Intel 100/c230 series PCH specification update Doc #332692-006 Errata #8 Cc: <stable(a)vger.kernel.org> Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> --- drivers/usb/host/xhci-pci.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/usb/host/xhci-pci.c b/drivers/usb/host/xhci-pci.c index 6372edf..722860e 100644 --- a/drivers/usb/host/xhci-pci.c +++ b/drivers/usb/host/xhci-pci.c @@ -185,6 +185,8 @@ static void xhci_pci_quirks(struct device *dev, struct xhci_hcd *xhci) } if (pdev->vendor == PCI_VENDOR_ID_INTEL && (pdev->device == PCI_DEVICE_ID_INTEL_CHERRYVIEW_XHCI || + pdev->device == PCI_DEVICE_ID_INTEL_SUNRISEPOINT_LP_XHCI || + pdev->device == PCI_DEVICE_ID_INTEL_SUNRISEPOINT_H_XHCI || pdev->device == PCI_DEVICE_ID_INTEL_APL_XHCI || pdev->device == PCI_DEVICE_ID_INTEL_DNV_XHCI)) xhci->quirks |= XHCI_MISSING_CAS; -- 2.7.4

7 years, 1 month

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror