- Linux-stable-mirror - lists.linaro.org

by Greg KH

I'm announcing the release of the 4.14.44 kernel. All users of the 4.14 kernel series must upgrade. The updated 4.14.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.14.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/boot/dts/imx7d-sdb.dts | 2 arch/s390/crypto/crc32be-vx.S | 5 arch/s390/crypto/crc32le-vx.S | 4 arch/s390/include/asm/alternative-asm.h | 108 ++++++ arch/s390/include/asm/nospec-insn.h | 195 +++++++++++ arch/s390/kernel/Makefile | 1 arch/s390/kernel/asm-offsets.c | 1 arch/s390/kernel/base.S | 24 - arch/s390/kernel/entry.S | 105 +----- arch/s390/kernel/mcount.S | 14 arch/s390/kernel/nospec-branch.c | 43 +- arch/s390/kernel/nospec-sysfs.c | 21 + arch/s390/kernel/reipl.S | 7 arch/s390/kernel/swsusp.S | 10 arch/s390/lib/mem.S | 13 arch/s390/net/bpf_jit.S | 16 arch/s390/net/bpf_jit_comp.c | 63 +++ arch/sparc/kernel/vio.c | 2 arch/x86/kernel/machine_kexec_32.c | 6 arch/x86/kernel/machine_kexec_64.c | 5 drivers/block/loop.c | 71 ++-- drivers/bluetooth/btusb.c | 6 drivers/clk/clk.c | 3 drivers/clk/hisilicon/crg-hi3516cv300.c | 2 drivers/clk/rockchip/clk-mmc-phase.c | 23 + drivers/clk/rockchip/clk-rk3228.c | 2 drivers/clk/samsung/clk-exynos3250.c | 4 drivers/clk/samsung/clk-exynos5250.c | 8 drivers/clk/samsung/clk-exynos5260.c | 2 drivers/clk/samsung/clk-exynos5433.c | 12 drivers/clk/samsung/clk-exynos7.c | 2 drivers/clk/samsung/clk-s3c2410.c | 16 drivers/clk/tegra/clk-pll.c | 2 drivers/crypto/atmel-aes.c | 2 drivers/crypto/ccp/ccp-debugfs.c | 7 drivers/crypto/inside-secure/safexcel.c | 9 drivers/crypto/inside-secure/safexcel_cipher.c | 2 drivers/crypto/inside-secure/safexcel_hash.c | 8 drivers/crypto/sunxi-ss/sun4i-ss-core.c | 1 drivers/media/dvb-core/dmxdev.c | 2 drivers/media/dvb-frontends/lgdt3306a.c | 10 drivers/media/i2c/adv748x/adv748x-hdmi.c | 3 drivers/media/i2c/ov5645.c | 5 drivers/media/i2c/tvp5150.c | 88 ++--- drivers/media/pci/cx23885/cx23885-cards.c | 4 drivers/media/pci/cx23885/cx23885-core.c | 10 drivers/media/pci/cx25821/cx25821-core.c | 7 drivers/media/platform/s3c-camif/camif-capture.c | 7 drivers/media/platform/vivid/vivid-ctrls.c | 2 drivers/media/platform/vsp1/vsp1_drm.c | 9 drivers/media/usb/em28xx/em28xx-cards.c | 22 - drivers/media/usb/em28xx/em28xx.h | 2 drivers/media/v4l2-core/videobuf2-vmalloc.c | 2 drivers/message/fusion/mptctl.c | 2 drivers/net/ethernet/mellanox/mlx4/main.c | 4 drivers/net/hyperv/hyperv_net.h | 11 drivers/net/hyperv/netvsc.c | 203 ++++++----- drivers/net/hyperv/netvsc_drv.c | 310 ++++++++++-------- drivers/net/hyperv/rndis_filter.c | 210 ++++++------ drivers/net/usb/qmi_wwan.c | 4 drivers/net/usb/usbnet.c | 10 drivers/net/vmxnet3/vmxnet3_drv.c | 72 ++-- drivers/rtc/hctosys.c | 5 drivers/rtc/rtc-goldfish.c | 2 drivers/rtc/rtc-m41t80.c | 18 - drivers/rtc/rtc-rk808.c | 14 drivers/rtc/rtc-rp5c01.c | 12 drivers/rtc/rtc-snvs.c | 15 drivers/rtc/rtc-tx4939.c | 6 drivers/s390/scsi/zfcp_dbf.c | 23 + drivers/s390/scsi/zfcp_ext.h | 5 drivers/s390/scsi/zfcp_scsi.c | 14 drivers/scsi/aacraid/commsup.c | 4 drivers/scsi/aacraid/linit.c | 5 drivers/scsi/bnx2fc/bnx2fc_io.c | 1 drivers/scsi/iscsi_tcp.c | 8 drivers/scsi/libsas/sas_scsi_host.c | 33 - drivers/scsi/lpfc/lpfc_attr.c | 5 drivers/scsi/lpfc/lpfc_hbadisc.c | 5 drivers/scsi/lpfc/lpfc_sli.c | 2 drivers/scsi/mpt3sas/mpt3sas_base.c | 5 drivers/scsi/mpt3sas/mpt3sas_scsih.c | 2 drivers/scsi/mvsas/mv_94xx.c | 23 - drivers/scsi/qedi/qedi_fw.c | 5 drivers/scsi/qedi/qedi_main.c | 24 - drivers/scsi/qla2xxx/qla_isr.c | 6 drivers/scsi/qla2xxx/qla_os.c | 2 drivers/scsi/qla4xxx/ql4_def.h | 2 drivers/scsi/qla4xxx/ql4_os.c | 46 ++ drivers/scsi/scsi_lib.c | 11 drivers/scsi/sd.c | 3 drivers/scsi/sg.c | 2 drivers/scsi/storvsc_drv.c | 2 drivers/scsi/sym53c8xx_2/sym_hipd.c | 2 drivers/scsi/ufs/ufshcd.c | 2 drivers/staging/fsl-dpaa2/ethernet/dpaa2-eth.c | 6 drivers/staging/ks7010/ks_hostif.c | 31 - drivers/staging/ks7010/ks_hostif.h | 1 drivers/staging/lustre/lustre/include/obd.h | 2 drivers/staging/lustre/lustre/lmv/lmv_obd.c | 2 drivers/staging/lustre/lustre/osc/osc_cache.c | 2 drivers/staging/rtl8192u/r8192U_core.c | 2 drivers/staging/vc04_services/bcm2835-audio/bcm2835.c | 54 +-- drivers/tty/serial/8250/8250_port.c | 3 drivers/tty/serial/altera_uart.c | 12 drivers/tty/serial/arc_uart.c | 5 drivers/tty/serial/fsl_lpuart.c | 4 drivers/tty/serial/imx.c | 6 drivers/tty/serial/mxs-auart.c | 4 drivers/tty/serial/samsung.c | 4 drivers/tty/serial/sh-sci.c | 4 drivers/tty/serial/xilinx_uartps.c | 2 drivers/usb/class/cdc-acm.c | 9 drivers/usb/dwc2/core.h | 2 drivers/usb/dwc2/gadget.c | 12 drivers/usb/dwc2/hcd.c | 32 + drivers/usb/dwc3/Makefile | 2 drivers/usb/dwc3/core.c | 16 drivers/usb/dwc3/core.h | 2 drivers/usb/dwc3/dwc3-omap.c | 16 drivers/usb/gadget/composite.c | 40 +- drivers/usb/gadget/function/f_fs.c | 6 drivers/usb/gadget/function/f_uac2.c | 2 drivers/usb/gadget/udc/core.c | 2 drivers/usb/gadget/udc/fsl_udc_core.c | 4 drivers/usb/gadget/udc/goku_udc.h | 2 drivers/usb/host/ohci-hcd.c | 3 drivers/usb/host/xhci-mem.c | 2 drivers/usb/host/xhci-plat.c | 11 drivers/usb/host/xhci.c | 14 drivers/usb/usbip/Kconfig | 2 fs/ext2/inode.c | 10 fs/hfsplus/super.c | 1 include/linux/u64_stats_sync.h | 22 + include/linux/usb/composite.h | 3 include/scsi/scsi.h | 2 include/uapi/linux/nl80211.h | 2 net/core/dev.c | 2 net/core/sock.c | 2 net/ipv4/ip_output.c | 3 net/ipv4/tcp_output.c | 7 net/ipv6/ip6_output.c | 3 net/packet/af_packet.c | 4 net/sched/act_vlan.c | 2 net/sched/sch_red.c | 5 net/sched/sch_tbf.c | 5 net/smc/smc_pnet.c | 71 ++-- net/wireless/core.c | 3 sound/soc/codecs/hdmi-codec.c | 7 sound/soc/rockchip/Kconfig | 3 sound/soc/samsung/i2s.c | 13 sound/soc/samsung/odroid.c | 11 sound/soc/soc-topology.c | 3 sound/usb/quirks.c | 29 - 155 files changed, 1784 insertions(+), 894 deletions(-) Akinobu Mita (1): media: ov5645: add missing of_node_put() in error path Al Viro (1): ext2: fix a block leak Alexander Potapenko (1): scsi: sg: allocate with __GFP_ZERO in sg_build_indirect() Alexandre Belloni (4): rtc: hctosys: Ensure system time doesn't overflow time_t rtc: rk808: fix possible race condition rtc: m41t80: fix race conditions rtc: rp5c01: fix possible race condition Amritha Nambiar (1): net: Fix a bug in removing queues from XPS map Andrew Vasquez (1): scsi: qedi: Fix truncation of CHAP name and secret Andrzej Hajda (6): clk: samsung: s3c2410: Fix PLL rates clk: samsung: exynos7: Fix PLL rates clk: samsung: exynos5260: Fix PLL rates clk: samsung: exynos5433: Fix PLL rates clk: samsung: exynos5250: Fix PLL rates clk: samsung: exynos3250: Fix PLL rates Antoine Tenart (6): crypto: inside-secure - wait for the request to complete if in the backlog crypto: atmel-aes - fix the keys zeroing on errors crypto: inside-secure - do not process request if no command was issued crypto: inside-secure - fix the cache_len computation crypto: inside-secure - fix the extra cache computation crypto: inside-secure - fix the invalidation step during cra_exit Arnd Bergmann (2): clk: hisilicon: mark wdt_mux_p[] as const media: s3c-camif: fix out-of-bounds array access Arvind Yadav (1): sparc: vio: use put_device() instead of kfree() Bart Van Assche (1): scsi: qla2xxx: Avoid triggering undefined behavior in qla2x00_mbx_completion() Ben Hutchings (1): usbip: Correct maximum value of CONFIG_USBIP_VHCI_HC_PORTS Brad Love (6): media: lgdt3306a: Fix module count mismatch on usb unplug media: em28xx: USB bulk packet size fix media: cx23885: Override 888 ImpactVCBe crystal frequency media: cx23885: Set subdev host data to clk_freq pointer media: lgdt3306a: Fix a double kfree on i2c device remove media: em28xx: Add Hauppauge SoloHD/DualHD bulk models Brian Norris (1): usb: dwc3: Undo PHY init if soft reset fails Bryan O'Donoghue (1): rtc: snvs: Fix usage of snvs_rtc_enable Chad Dupuis (1): scsi: bnx2fc: Fix check in SCSI completion handler for timed out request Chris Dickens (1): usb: gadget: composite: fix incorrect handling of OS desc requests Colin Ian King (3): staging: rtl8192u: return -ENOMEM on failed allocation of priv->oldaddr media: cx25821: prevent out-of-bounds read on array card rtc: tx4939: avoid unintended sign extension on a 24 bit shift Dan Carpenter (2): scsi: sym53c8xx_2: iterator underflow in sym_getsync() scsi: mptfusion: Add bounds check in mptctl_hp_targetinfo() Dave Carroll (1): scsi: aacraid: Insure command thread is not recursively stopped Davide Caratti (1): net/sched: fix refcnt leak in the error path of tcf_vlan_init() Dominik Bozek (1): usb: cdc_acm: prevent race at write to acm while system resumes Douglas Gilbert (1): scsi: core: Make SCSI Status CONDITION MET equivalent to GOOD Eric Biggers (1): net/smc: check for missing nlattrs in SMC_PNETID messages Eric Dumazet (3): sock_diag: fix use-after-free read in __sk_free tcp: purge write queue in tcp_connect_init() net: usbnet: fix potential deadlock on 32bit hosts Ezequiel Garcia (1): ASoC: rockchip: rk3288-hdmi-analog: Select needed codecs Felipe Balbi (1): usb: dwc3: Makefile: fix link error on randconfig Fredrik Noring (1): USB: OHCI: Fix NULL dereference in HCDs using HCD_LOCAL_MEM Geert Uytterhoeven (7): serial: xuartps: Fix out-of-bounds access through DT alias serial: sh-sci: Fix out-of-bounds access through DT alias serial: samsung: Fix out-of-bounds access through serial port index serial: mxs-auart: Fix out-of-bounds access through serial port index serial: imx: Fix out-of-bounds access through serial port index serial: fsl_lpuart: Fix out-of-bounds access through DT alias serial: arc_uart: Fix out-of-bounds access through DT alias Giuseppe Lippolis (1): net-usb: add qmi_wwan if on lte modem wistron neweb d18q1 Greg Kroah-Hartman (1): Linux 4.14.44 Grigor Tovmasyan (1): usb: dwc2: Fix interval type issue Haiyang Zhang (6): hv_netvsc: Fix the real number of queues of non-vRSS cases hv_netvsc: Rename ind_table to rx_table hv_netvsc: Rename tx_send_table to tx_table hv_netvsc: Add initialization of tx_table in netvsc_device_add() hv_netvsc: Set tx_table to equal weight after subchannels open hv_netvsc: Use the num_online_cpus() for channel limit Hannes Reinecke (1): scsi: mpt3sas: Do not mark fw_event workqueue as WQ_MEM_RECLAIM Hans Verkuil (1): media: vivid: fix incorrect capabilities for radio Ioana Radulescu (1): staging: fsl-dpaa2/eth: Fix incorrect casts James Hogan (1): rtc: goldfish: Add missing MODULE_LICENSE James Smart (3): scsi: lpfc: Fix issue_lip if link is disabled scsi: lpfc: Fix soft lockup in lpfc worker thread during LIP testing scsi: lpfc: Fix frequency of Release WQE CQEs Jason Yan (1): scsi: libsas: defer ata device eh commands to libata Jens Remus (1): scsi: zfcp: fix infinite iteration on ERP ready list Jeremy Cline (1): scsi: sd: Keep disk read-only when re-reading partition Jianchao Wang (1): scsi: iscsi_tcp: set BDI_CAP_STABLE_WRITES when data digest enabled Johannes Berg (1): cfg80211: limit wiphy names to 128 bytes John Keeping (1): usb: gadget: f_uac2: fix bFirstInterface in composite gadget Kieran Bingham (1): media: i2c: adv748x: fix HDMI field heights Kirill Marinushkin (1): staging: bcm2835-audio: Release resources on module_exit() Larry Finger (1): Bluetooth: btusb: Add device ID for RTL8822BE Lars-Peter Clausen (2): usb: gadget: ffs: Let setup() return USB_GADGET_DELAYED_STATUS usb: gadget: ffs: Execute copy_to_user() with USER_DS set Laurent Pinchart (1): media: v4l: vsp1: Fix display stalls when requesting too many inputs Leonard Crestez (1): ARM: dts: imx7d-sdb: Fix regulator-usb-otg2-vbus node name Manish Rangankar (2): scsi: qla4xxx: skip error recovery in case of register disconnect. scsi: qedi: Fix kernel crash during port toggle Manu Gautam (1): usb: gadget: core: Fix use-after-free of usb_request Marcel Ziswiler (1): clk: tegra: Fix pll_u rate configuration Martin Schwidefsky (9): s390: add assembler macros for CPU alternatives s390: move expoline assembler macros to a header s390/crc32-vx: use expoline for indirect branches s390/lib: use expoline for indirect branches s390/ftrace: use expoline for indirect branches s390/kernel: use expoline for indirect branches s390: move spectre sysfs attribute code s390: extend expoline to BC instructions s390: use expoline thunks in the BPF JIT Masami Hiramatsu (1): media: vb2: Fix videobuf2 to map correct area Mathias Nyman (2): xhci: zero usb device slot_id member when disabling and freeing a xhci slot xhci: Show what USB release number the xHC supports from protocol capablity Mauro Carvalho Chehab (2): media: dmxdev: fix error code for invalid ioctls media: Don't let tvp5150_get_vbi() go out of vbi_ram_default array Meelis Roos (1): scsi: aacraid: fix shutdown crash when init fails Michael Kelley (EOSG) (1): scsi: storvsc: Increase cmd_per_lun for higher speed devices Minas Harutyunyan (2): usb: dwc2: hcd: Fix host channel halt flow usb: dwc2: host: Fix transaction errors in host mode Mohammed Gamal (4): hv_netvsc: Use Windows version instead of NVSP version on GPAD teardown hv_netvsc: Split netvsc_revoke_buf() and netvsc_teardown_gpadl() hv_netvsc: Ensure correct teardown message sequence order hv_netvsc: Fix net device attach on older Windows hosts NeilBrown (2): staging: lustre: fix bug in osc_enter_cache_try staging: lustre: lmv: correctly iput lmo_root Nobutaka Okabe (1): ALSA: usb-audio: Add native DSD support for Luxman DA-06 Omar Sandoval (2): loop: don't call into filesystem while holding lo_ctl_mutex loop: fix LOOP_GET_STATUS lock imbalance Paolo Abeni (1): net: sched: red: avoid hashing NULL child Peter Robinson (1): crypto: sunxi-ss - Add MODULE_ALIAS to sun4i-ss Peter Ujfalusi (1): ASoC: hdmi-codec: Fix module unloading caused kernel crash Quinn Tran (1): scsi: qla2xxx: Fix memory corruption during hba reset test Quytelda Kahja (1): staging: ks7010: Use constants from ieee80211_eid instead of literal ints. Ranjani Sridharan (1): ASoC: topology: create TLV data for dapm widgets Roger Quadros (1): usb: dwc3: omap: don't miss events during suspend/resume Sebastian Andrzej Siewior (1): crypto: ccp - don't disable interrupts while setting up debugfs Shawn Lin (3): clk: rockchip: Fix wrong parent for SDMMC phase clock for rk3228 clk: Don't show the incorrect clock phase clk: rockchip: Prevent calculating mmc phase if clock rate is zero Stefan Agner (1): usb: gadget: fsl_udc_core: fix ep valid checks Stephen Hemminger (11): hv_netvsc: empty current transmit aggregation if flow blocked hv_netvsc: avoid retry on send during shutdown hv_netvsc: only wake transmit queue if link is up hv_netvsc: fix error unwind handling if vmbus_open fails hv_netvsc: cancel subchannel setup before halting device hv_netvsc: fix race in napi poll when rescheduling hv_netvsc: defer queue selection to VF hv_netvsc: disable NAPI before channel close hv_netvsc: use RCU to fix concurrent rx and queue changes hv_netvsc: change GPAD teardown order on older versions hv_netvsc: common detach logic Sujit Reddy Thumma (1): scsi: ufs: Enable quirk to ignore sending WRITE_SAME command Sylwester Nawrocki (2): ASoC: samsung: odroid: Fix 32000 sample rate handling ASoC: samsung: i2s: Ensure the RCLK rate is properly determined Tarick Bedeir (1): net/mlx4_core: Fix error handling in mlx4_init_port_info. Tetsuo Handa (2): hfsplus: stop workqueue when fill_super() failed x86/kexec: Avoid double free_page() upon do_kexec_load() failure Thinh Nguyen (2): usb: dwc3: Add SoftReset PHY synchonization delay usb: dwc3: Update DWC_usb31 GTXFIFOSIZ reg fields Tomas Henzl (1): scsi: mpt3sas: fix an out of bound write Torsten Hilbrich (1): net/usb/qmi_wwan.c: Add USB id for lt4120 modem Uwe Kleine-König (1): serial: altera: ensure port->regshift is honored consistently Vardan Mikayelyan (1): usb: dwc2: Fix dwc2_hsotg_core_init_disconnected() Vicente Bergas (1): Bluetooth: btusb: Add USB ID 7392:a611 for Edimax EW-7611ULB Vignesh R (1): serial: 8250: Don't service RX FIFO if interrupts are disabled Vitaly Kuznetsov (2): hv_netvsc: netvsc_teardown_gpadl() split hv_netvsc: preserve hw_features on mtu/channels/ringparam changes Wilfried Weissmann (1): scsi: mvsas: fix wrong endianness of sgpio api Willem de Bruijn (2): net: test tailroom before appending to linear skb packet: in packet_snd start writing at link layer allocation Wolfram Sang (1): usb: gadget: udc: change comparison to bitshift when dealing with a mask Yoshihiro Shimoda (1): usb: host: xhci-plat: revert "usb: host: xhci-plat: enable clk in resume timing" hpreg(a)vmware.com (2): vmxnet3: set the DMA mask before the first DMA map operation vmxnet3: use DMA memory barriers where required

7 years, 3 months

1
1
0 0

[PATCH] Fix controller reset return

by Keith Busch

From: Charles Machalow <charles.machalow(a)intel.com> If the Controller Reset comes in when the device had no namespaces, we're incorrectly giving back ENETRESET. Fixes: 8000d1fdb0 ("nvme-rdma: fix sysfs invoked reset_ctrl error flow ") Cc: <stable(a)vger.kernel.org> Signed-off-by: Charles Machalow <charles.machalow(a)intel.com> Signed-off-by: Keith Busch <keith.busch(a)intel.com> --- drivers/nvme/host/core.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c index cd03f2bdac7b..b4eb74f14c02 100644 --- a/drivers/nvme/host/core.c +++ b/drivers/nvme/host/core.c @@ -117,7 +117,8 @@ int nvme_reset_ctrl_sync(struct nvme_ctrl *ctrl) ret = nvme_reset_ctrl(ctrl); if (!ret) { flush_work(&ctrl->reset_work); - if (ctrl->state != NVME_CTRL_LIVE) + if (ctrl->state != NVME_CTRL_LIVE && + ctrl->state != NVME_CTRL_ADMIN_ONLY) ret = -ENETRESET; } -- 2.14.3

7 years, 3 months

4
4
0 0

Linux 4.9.103

by Greg KH

I'm announcing the release of the 4.9.103 kernel. All users of the 4.9 kernel series must upgrade. The updated 4.9.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.9.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/s390/crypto/crc32be-vx.S | 5 arch/s390/crypto/crc32le-vx.S | 4 arch/s390/include/asm/alternative-asm.h | 108 ++++++++++++ arch/s390/include/asm/nospec-insn.h | 195 +++++++++++++++++++++++ arch/s390/kernel/Makefile | 1 arch/s390/kernel/asm-offsets.c | 1 arch/s390/kernel/base.S | 24 +- arch/s390/kernel/entry.S | 105 ++---------- arch/s390/kernel/mcount.S | 14 + arch/s390/kernel/nospec-branch.c | 43 ++--- arch/s390/kernel/nospec-sysfs.c | 21 ++ arch/s390/kernel/reipl.S | 7 arch/s390/kernel/swsusp.S | 9 - arch/s390/lib/mem.S | 9 - arch/s390/net/bpf_jit.S | 16 + arch/s390/net/bpf_jit_comp.c | 63 +++++++ arch/x86/kernel/machine_kexec_32.c | 6 arch/x86/kernel/machine_kexec_64.c | 4 drivers/bluetooth/btusb.c | 6 drivers/clk/clk.c | 3 drivers/clk/rockchip/clk-mmc-phase.c | 23 ++ drivers/clk/rockchip/clk-rk3228.c | 2 drivers/clk/samsung/clk-exynos3250.c | 4 drivers/clk/samsung/clk-exynos5250.c | 8 drivers/clk/samsung/clk-exynos5260.c | 2 drivers/clk/samsung/clk-exynos5433.c | 12 - drivers/clk/samsung/clk-exynos7.c | 2 drivers/clk/samsung/clk-s3c2410.c | 16 - drivers/clk/tegra/clk-pll.c | 2 drivers/crypto/sunxi-ss/sun4i-ss-core.c | 1 drivers/media/dvb-core/dmxdev.c | 2 drivers/media/pci/cx23885/cx23885-cards.c | 4 drivers/media/pci/cx23885/cx23885-core.c | 10 + drivers/media/pci/cx25821/cx25821-core.c | 7 drivers/media/platform/s3c-camif/camif-capture.c | 7 drivers/media/platform/vivid/vivid-ctrls.c | 2 drivers/media/usb/em28xx/em28xx.h | 2 drivers/media/v4l2-core/videobuf2-vmalloc.c | 2 drivers/message/fusion/mptctl.c | 2 drivers/net/ethernet/mellanox/mlx4/main.c | 4 drivers/net/usb/qmi_wwan.c | 4 drivers/net/vmxnet3/vmxnet3_drv.c | 72 +++++--- drivers/rtc/hctosys.c | 5 drivers/rtc/rtc-snvs.c | 15 + drivers/rtc/rtc-tx4939.c | 6 drivers/s390/scsi/zfcp_dbf.c | 23 ++ drivers/s390/scsi/zfcp_ext.h | 5 drivers/s390/scsi/zfcp_scsi.c | 14 - drivers/scsi/aacraid/commsup.c | 4 drivers/scsi/aacraid/linit.c | 5 drivers/scsi/arm/fas216.c | 2 drivers/scsi/bnx2fc/bnx2fc_io.c | 1 drivers/scsi/libsas/sas_scsi_host.c | 33 +-- drivers/scsi/lpfc/lpfc_attr.c | 5 drivers/scsi/lpfc/lpfc_hbadisc.c | 5 drivers/scsi/lpfc/lpfc_sli.c | 2 drivers/scsi/mpt3sas/mpt3sas_scsih.c | 2 drivers/scsi/mvsas/mv_94xx.c | 23 +- drivers/scsi/qla2xxx/qla_isr.c | 6 drivers/scsi/qla4xxx/ql4_def.h | 2 drivers/scsi/qla4xxx/ql4_os.c | 46 +++++ drivers/scsi/sd.c | 3 drivers/scsi/sg.c | 2 drivers/scsi/storvsc_drv.c | 2 drivers/scsi/sym53c8xx_2/sym_hipd.c | 2 drivers/scsi/ufs/ufshcd.c | 2 drivers/staging/lustre/lustre/include/obd.h | 2 drivers/staging/lustre/lustre/lmv/lmv_obd.c | 2 drivers/staging/lustre/lustre/osc/osc_cache.c | 2 drivers/staging/rtl8192u/r8192U_core.c | 2 drivers/tty/serial/8250/8250_port.c | 3 drivers/tty/serial/arc_uart.c | 5 drivers/tty/serial/fsl_lpuart.c | 4 drivers/tty/serial/imx.c | 6 drivers/tty/serial/mxs-auart.c | 4 drivers/tty/serial/samsung.c | 4 drivers/tty/serial/xilinx_uartps.c | 2 drivers/usb/class/cdc-acm.c | 9 - drivers/usb/dwc2/core.h | 2 drivers/usb/dwc2/gadget.c | 12 - drivers/usb/dwc2/hcd.c | 14 + drivers/usb/dwc3/core.c | 16 + drivers/usb/dwc3/core.h | 2 drivers/usb/dwc3/dwc3-omap.c | 16 + drivers/usb/gadget/composite.c | 40 ++-- drivers/usb/gadget/function/f_fs.c | 6 drivers/usb/gadget/function/f_uac2.c | 2 drivers/usb/gadget/udc/core.c | 2 drivers/usb/gadget/udc/fsl_udc_core.c | 4 drivers/usb/gadget/udc/goku_udc.h | 2 drivers/usb/host/ohci-hcd.c | 3 drivers/usb/host/xhci-mem.c | 2 fs/ext2/inode.c | 10 - fs/hfsplus/super.c | 1 include/linux/usb/composite.h | 3 include/uapi/linux/nl80211.h | 2 net/core/sock.c | 2 net/ipv4/ip_output.c | 3 net/ipv4/tcp_output.c | 7 net/ipv6/ip6_output.c | 3 net/packet/af_packet.c | 4 net/wireless/core.c | 3 sound/soc/au1x/ac97c.c | 6 sound/soc/samsung/i2s.c | 13 + sound/soc/soc-topology.c | 3 sound/usb/quirks.c | 29 +-- 107 files changed, 974 insertions(+), 334 deletions(-) Al Viro (1): ext2: fix a block leak Alexander Potapenko (1): scsi: sg: allocate with __GFP_ZERO in sg_build_indirect() Alexandre Belloni (1): rtc: hctosys: Ensure system time doesn't overflow time_t Andrzej Hajda (6): clk: samsung: s3c2410: Fix PLL rates clk: samsung: exynos7: Fix PLL rates clk: samsung: exynos5260: Fix PLL rates clk: samsung: exynos5433: Fix PLL rates clk: samsung: exynos5250: Fix PLL rates clk: samsung: exynos3250: Fix PLL rates Arnd Bergmann (2): scsi: fas216: fix sense buffer initialization media: s3c-camif: fix out-of-bounds array access Bart Van Assche (1): scsi: qla2xxx: Avoid triggering undefined behavior in qla2x00_mbx_completion() Brad Love (3): media: em28xx: USB bulk packet size fix media: cx23885: Set subdev host data to clk_freq pointer media: cx23885: Override 888 ImpactVCBe crystal frequency Brian Norris (1): usb: dwc3: Undo PHY init if soft reset fails Bryan O'Donoghue (1): rtc: snvs: Fix usage of snvs_rtc_enable Chad Dupuis (1): scsi: bnx2fc: Fix check in SCSI completion handler for timed out request Chris Dickens (1): usb: gadget: composite: fix incorrect handling of OS desc requests Colin Ian King (3): staging: rtl8192u: return -ENOMEM on failed allocation of priv->oldaddr media: cx25821: prevent out-of-bounds read on array card rtc: tx4939: avoid unintended sign extension on a 24 bit shift Dan Carpenter (3): scsi: sym53c8xx_2: iterator underflow in sym_getsync() scsi: mptfusion: Add bounds check in mptctl_hp_targetinfo() ASoC: au1x: Fix timeout tests in au1xac97c_ac97_read() Dave Carroll (1): scsi: aacraid: Insure command thread is not recursively stopped Dominik Bozek (1): usb: cdc_acm: prevent race at write to acm while system resumes Eric Dumazet (2): sock_diag: fix use-after-free read in __sk_free tcp: purge write queue in tcp_connect_init() Fredrik Noring (1): USB: OHCI: Fix NULL dereference in HCDs using HCD_LOCAL_MEM Geert Uytterhoeven (6): serial: xuartps: Fix out-of-bounds access through DT alias serial: samsung: Fix out-of-bounds access through serial port index serial: mxs-auart: Fix out-of-bounds access through serial port index serial: imx: Fix out-of-bounds access through serial port index serial: fsl_lpuart: Fix out-of-bounds access through DT alias serial: arc_uart: Fix out-of-bounds access through DT alias Giuseppe Lippolis (1): net-usb: add qmi_wwan if on lte modem wistron neweb d18q1 Greg Kroah-Hartman (1): Linux 4.9.103 Grigor Tovmasyan (1): usb: dwc2: Fix interval type issue Hannes Reinecke (1): scsi: mpt3sas: Do not mark fw_event workqueue as WQ_MEM_RECLAIM Hans Verkuil (1): media: vivid: fix incorrect capabilities for radio James Smart (3): scsi: lpfc: Fix issue_lip if link is disabled scsi: lpfc: Fix soft lockup in lpfc worker thread during LIP testing scsi: lpfc: Fix frequency of Release WQE CQEs Jason Yan (1): scsi: libsas: defer ata device eh commands to libata Jens Remus (1): scsi: zfcp: fix infinite iteration on ERP ready list Jeremy Cline (1): scsi: sd: Keep disk read-only when re-reading partition Johannes Berg (1): cfg80211: limit wiphy names to 128 bytes John Keeping (1): usb: gadget: f_uac2: fix bFirstInterface in composite gadget Larry Finger (1): Bluetooth: btusb: Add device ID for RTL8822BE Lars-Peter Clausen (2): usb: gadget: ffs: Let setup() return USB_GADGET_DELAYED_STATUS usb: gadget: ffs: Execute copy_to_user() with USER_DS set Manish Rangankar (1): scsi: qla4xxx: skip error recovery in case of register disconnect. Manu Gautam (1): usb: gadget: core: Fix use-after-free of usb_request Marcel Ziswiler (1): clk: tegra: Fix pll_u rate configuration Martin Schwidefsky (9): s390: add assembler macros for CPU alternatives s390: move expoline assembler macros to a header s390/crc32-vx: use expoline for indirect branches s390/lib: use expoline for indirect branches s390/ftrace: use expoline for indirect branches s390/kernel: use expoline for indirect branches s390: move spectre sysfs attribute code s390: extend expoline to BC instructions s390: use expoline thunks in the BPF JIT Masami Hiramatsu (1): media: vb2: Fix videobuf2 to map correct area Mathias Nyman (1): xhci: zero usb device slot_id member when disabling and freeing a xhci slot Mauro Carvalho Chehab (1): media: dmxdev: fix error code for invalid ioctls Meelis Roos (1): scsi: aacraid: fix shutdown crash when init fails Michael Kelley (EOSG) (1): scsi: storvsc: Increase cmd_per_lun for higher speed devices Minas Harutyunyan (1): usb: dwc2: host: Fix transaction errors in host mode NeilBrown (2): staging: lustre: fix bug in osc_enter_cache_try staging: lustre: lmv: correctly iput lmo_root Nobutaka Okabe (1): ALSA: usb-audio: Add native DSD support for Luxman DA-06 Peter Robinson (1): crypto: sunxi-ss - Add MODULE_ALIAS to sun4i-ss Ranjani Sridharan (1): ASoC: topology: create TLV data for dapm widgets Roger Quadros (1): usb: dwc3: omap: don't miss events during suspend/resume Shawn Lin (3): clk: rockchip: Fix wrong parent for SDMMC phase clock for rk3228 clk: Don't show the incorrect clock phase clk: rockchip: Prevent calculating mmc phase if clock rate is zero Stefan Agner (1): usb: gadget: fsl_udc_core: fix ep valid checks Sujit Reddy Thumma (1): scsi: ufs: Enable quirk to ignore sending WRITE_SAME command Sylwester Nawrocki (1): ASoC: samsung: i2s: Ensure the RCLK rate is properly determined Tarick Bedeir (1): net/mlx4_core: Fix error handling in mlx4_init_port_info. Tetsuo Handa (2): hfsplus: stop workqueue when fill_super() failed x86/kexec: Avoid double free_page() upon do_kexec_load() failure Thinh Nguyen (2): usb: dwc3: Add SoftReset PHY synchonization delay usb: dwc3: Update DWC_usb31 GTXFIFOSIZ reg fields Torsten Hilbrich (1): net/usb/qmi_wwan.c: Add USB id for lt4120 modem Vardan Mikayelyan (1): usb: dwc2: Fix dwc2_hsotg_core_init_disconnected() Vicente Bergas (1): Bluetooth: btusb: Add USB ID 7392:a611 for Edimax EW-7611ULB Vignesh R (1): serial: 8250: Don't service RX FIFO if interrupts are disabled Wilfried Weissmann (1): scsi: mvsas: fix wrong endianness of sgpio api Willem de Bruijn (2): net: test tailroom before appending to linear skb packet: in packet_snd start writing at link layer allocation Wolfram Sang (1): usb: gadget: udc: change comparison to bitshift when dealing with a mask hpreg(a)vmware.com (2): vmxnet3: set the DMA mask before the first DMA map operation vmxnet3: use DMA memory barriers where required

7 years, 3 months

1
1
0 0

Linux 3.18.110

by Greg KH

I'm announcing the release of the 3.18.110 kernel. All users of the 3.18 kernel series must upgrade. The updated 3.18.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-3.18.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/boot/dts/imx6qdl-wandboard.dtsi | 1 arch/arm/include/asm/assembler.h | 10 ++ arch/arm/kernel/traps.c | 5 - arch/arm/lib/getuser.S | 10 ++ arch/powerpc/kernel/setup-common.c | 11 -- arch/powerpc/platforms/powernv/opal-nvram.c | 14 ++- arch/x86/boot/compressed/eboot.c | 6 - arch/x86/kernel/machine_kexec_32.c | 6 + arch/x86/kernel/machine_kexec_64.c | 4 arch/x86/xen/mmu.c | 4 drivers/net/bonding/bond_alb.c | 2 drivers/net/ethernet/broadcom/tg3.c | 9 +- drivers/net/ethernet/mellanox/mlx4/en_ethtool.c | 16 +++ drivers/net/ethernet/mellanox/mlx4/mlx4_en.h | 7 + drivers/net/ethernet/realtek/8139too.c | 2 drivers/net/ethernet/realtek/r8169.c | 3 drivers/net/ethernet/sun/niu.c | 5 - drivers/net/usb/qmi_wwan.c | 13 ++ drivers/scsi/libsas/sas_scsi_host.c | 33 ++----- drivers/scsi/sg.c | 2 drivers/usb/usbip/stub.h | 2 drivers/usb/usbip/stub_dev.c | 69 +++++++++------ drivers/usb/usbip/stub_main.c | 105 +++++++++++++++++++++--- fs/ext2/inode.c | 10 -- fs/hfsplus/super.c | 1 fs/lockd/svc.c | 2 fs/pipe.c | 3 include/linux/efi.h | 8 - include/trace/events/xen.h | 16 --- include/uapi/linux/nl80211.h | 2 kernel/exit.c | 4 kernel/time/tick-broadcast.c | 8 + net/bridge/br_if.c | 4 net/compat.c | 6 - net/dccp/ccids/ccid2.c | 14 ++- net/dccp/timer.c | 2 net/ipv4/ip_output.c | 3 net/ipv4/ping.c | 7 + net/ipv4/tcp.c | 2 net/ipv4/tcp_output.c | 7 + net/ipv4/udp.c | 7 + net/ipv6/ip6_output.c | 3 net/l2tp/l2tp_netlink.c | 2 net/llc/af_llc.c | 3 net/sched/sch_fq.c | 37 +++++--- net/sctp/associola.c | 30 ++++++ net/sctp/inqueue.c | 2 net/sctp/sm_statefuns.c | 89 +++++++++++--------- net/wireless/core.c | 3 sound/core/control_compat.c | 3 sound/usb/mixer.c | 8 + 52 files changed, 426 insertions(+), 201 deletions(-) Al Viro (1): ext2: fix a block leak Alexander Potapenko (1): scsi: sg: allocate with __GFP_ZERO in sg_build_indirect() Alexey Khoroshilov (1): usbip: fix error handling in stub_probe() Andrey Ignatov (1): ipv4: fix memory leaks in udp_sendmsg, ping_v4_sendmsg Ard Biesheuvel (1): efi: Avoid potential crashes, fix the 'struct efi_pci_io_protocol_32' definition for mixed mode Benjamin Herrenschmidt (1): powerpc: Don't preempt_disable() in show_cpuinfo() Bjørn Mork (1): qmi_wwan: do not steal interfaces from class drivers Debabrata Banerjee (1): bonding: do not allow rlb updates to invalid mac Dexuan Cui (1): tick/broadcast: Use for_each_cpu() specially on UP kernels Eric Dumazet (4): dccp: fix tasklet usage llc: better deal with too small mtu net_sched: fq: take care of throttled flows before reuse tcp: purge write queue in tcp_connect_init() Federico Cuello (1): ALSA: usb: mixer: volume quirk for CM102-A+/102S+ Greg Kroah-Hartman (2): Revert "ARM: dts: imx6qdl-wandboard: Fix audio channel swap" Linux 3.18.110 Hangbin Liu (1): bridge: check iface upper dev when setting master via ioctl Heiner Kallweit (1): r8169: fix powering up RTL8168h Ingo Molnar (1): 8139too: Use disable_irq_nosync() in rtl8139_poll_controller() James Chapman (1): l2tp: revert "l2tp: fix missing print session offset info" Jason Yan (1): scsi: libsas: defer ata device eh commands to libata Johannes Berg (1): cfg80211: limit wiphy names to 128 bytes Lance Richardson (1): net: support compat 64-bit time in {s,g}etsockopt Masami Hiramatsu (2): ARM: 8771/1: kprobes: Prohibit kprobes on do_undefinstr ARM: 8772/1: kprobes: Prohibit kprobes on get_user functions Michael Chan (1): tg3: Fix vunmap() BUG_ON() triggered from tg3_free_consistent(). Michael Kerrisk (man-pages) (1): pipe: cap initial pipe capacity according to pipe-max-size limit Moshe Shemesh (1): net/mlx4_en: Verify coalescing parameters are in range Nicholas Piggin (1): powerpc/powernv: Fix NVRAM sleep in invalid context when crashing Rob Taglang (1): net: ethernet: sun: niu set correct packet size in skb Shuah Khan (1): usbip: usbip_host: refine probe and disconnect debug msgs to be useful Shuah Khan (Samsung OSG) (4): usbip: usbip_host: delete device from busid_table after rebind usbip: usbip_host: run rebind from exit when module is removed usbip: usbip_host: fix NULL-ptr deref and use-after-free errors usbip: usbip_host: fix bad unlock balance during stub_probe() Steven Rostedt (VMware) (1): tracing/x86/xen: Remove zero data size trace events trace_xen_mmu_flush_tlb{_all} Tetsuo Handa (2): hfsplus: stop workqueue when fill_super() failed x86/kexec: Avoid double free_page() upon do_kexec_load() failure Vasily Averin (1): lockd: lost rollback of set_grace_period() in lockd_down_net() Wenwen Wang (1): ALSA: control: fix a redundant-copy issue Willem de Bruijn (1): net: test tailroom before appending to linear skb Xin Long (3): sctp: use the old asoc when making the cookie-ack chunk in dupcook_d sctp: fix the issue that the cookie-ack with auth can't get processed sctp: delay the authentication for the duplicated cookie-echo chunk Yuchung Cheng (1): tcp: ignore Fast Open on repair mode zhongjiang (1): kernel/exit.c: avoid undefined behaviour when calling wait4()

7 years, 3 months

1
1
0 0

[PATCH v11 1/4] ioremap: Update pgtable free interfaces with addr

by Chintan Pandya

From: Chintan Pandya <cpandya(a)codeaurora.org> The following kernel panic was observed on ARM64 platform due to a stale TLB entry. 1. ioremap with 4K size, a valid pte page table is set. 2. iounmap it, its pte entry is set to 0. 3. ioremap the same address with 2M size, update its pmd entry with a new value. 4. CPU may hit an exception because the old pmd entry is still in TLB, which leads to a kernel panic. Commit b6bdb7517c3d ("mm/vmalloc: add interfaces to free unmapped page table") has addressed this panic by falling to pte mappings in the above case on ARM64. To support pmd mappings in all cases, TLB purge needs to be performed in this case on ARM64. Add a new arg, 'addr', to pud_free_pmd_page() and pmd_free_pte_page() so that TLB purge can be added later in seprate patches. [toshi(a)hpe.com: merge changes, rewrite patch description] Fixes: 28ee90fe6048 ("x86/mm: implement free pmd/pte page interfaces") Signed-off-by: Chintan Pandya <cpandya(a)codeaurora.org> Signed-off-by: Toshi Kani <toshi.kani(a)hpe.com> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: Will Deacon <will.deacon(a)arm.com> Cc: Joerg Roedel <joro(a)8bytes.org> Cc: <stable(a)vger.kernel.org> --- arch/arm64/mm/mmu.c | 4 ++-- arch/x86/mm/pgtable.c | 8 +++++--- include/asm-generic/pgtable.h | 8 ++++---- lib/ioremap.c | 4 ++-- 4 files changed, 13 insertions(+), 11 deletions(-) diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c index 2dbb2c9..da98828 100644 --- a/arch/arm64/mm/mmu.c +++ b/arch/arm64/mm/mmu.c @@ -973,12 +973,12 @@ int pmd_clear_huge(pmd_t *pmdp) return 1; } -int pud_free_pmd_page(pud_t *pud) +int pud_free_pmd_page(pud_t *pud, unsigned long addr) { return pud_none(*pud); } -int pmd_free_pte_page(pmd_t *pmd) +int pmd_free_pte_page(pmd_t *pmd, unsigned long addr) { return pmd_none(*pmd); } diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c index ffc8c13..37e3cba 100644 --- a/arch/x86/mm/pgtable.c +++ b/arch/x86/mm/pgtable.c @@ -718,11 +718,12 @@ int pmd_clear_huge(pmd_t *pmd) /** * pud_free_pmd_page - Clear pud entry and free pmd page. * @pud: Pointer to a PUD. + * @addr: Virtual address associated with pud. * * Context: The pud range has been unmaped and TLB purged. * Return: 1 if clearing the entry succeeded. 0 otherwise. */ -int pud_free_pmd_page(pud_t *pud) +int pud_free_pmd_page(pud_t *pud, unsigned long addr) { pmd_t *pmd; int i; @@ -733,7 +734,7 @@ int pud_free_pmd_page(pud_t *pud) pmd = (pmd_t *)pud_page_vaddr(*pud); for (i = 0; i < PTRS_PER_PMD; i++) - if (!pmd_free_pte_page(&pmd[i])) + if (!pmd_free_pte_page(&pmd[i], addr + (i * PMD_SIZE))) return 0; pud_clear(pud); @@ -745,11 +746,12 @@ int pud_free_pmd_page(pud_t *pud) /** * pmd_free_pte_page - Clear pmd entry and free pte page. * @pmd: Pointer to a PMD. + * @addr: Virtual address associated with pmd. * * Context: The pmd range has been unmaped and TLB purged. * Return: 1 if clearing the entry succeeded. 0 otherwise. */ -int pmd_free_pte_page(pmd_t *pmd) +int pmd_free_pte_page(pmd_t *pmd, unsigned long addr) { pte_t *pte; diff --git a/include/asm-generic/pgtable.h b/include/asm-generic/pgtable.h index f59639a..b081794 100644 --- a/include/asm-generic/pgtable.h +++ b/include/asm-generic/pgtable.h @@ -1019,8 +1019,8 @@ static inline int p4d_clear_huge(p4d_t *p4d) int pmd_set_huge(pmd_t *pmd, phys_addr_t addr, pgprot_t prot); int pud_clear_huge(pud_t *pud); int pmd_clear_huge(pmd_t *pmd); -int pud_free_pmd_page(pud_t *pud); -int pmd_free_pte_page(pmd_t *pmd); +int pud_free_pmd_page(pud_t *pud, unsigned long addr); +int pmd_free_pte_page(pmd_t *pmd, unsigned long addr); #else /* !CONFIG_HAVE_ARCH_HUGE_VMAP */ static inline int p4d_set_huge(p4d_t *p4d, phys_addr_t addr, pgprot_t prot) { @@ -1046,11 +1046,11 @@ static inline int pmd_clear_huge(pmd_t *pmd) { return 0; } -static inline int pud_free_pmd_page(pud_t *pud) +static inline int pud_free_pmd_page(pud_t *pud, unsigned long addr) { return 0; } -static inline int pmd_free_pte_page(pmd_t *pmd) +static inline int pmd_free_pte_page(pmd_t *pmd, unsigned long addr) { return 0; } diff --git a/lib/ioremap.c b/lib/ioremap.c index 54e5bba..517f585 100644 --- a/lib/ioremap.c +++ b/lib/ioremap.c @@ -92,7 +92,7 @@ static inline int ioremap_pmd_range(pud_t *pud, unsigned long addr, if (ioremap_pmd_enabled() && ((next - addr) == PMD_SIZE) && IS_ALIGNED(phys_addr + addr, PMD_SIZE) && - pmd_free_pte_page(pmd)) { + pmd_free_pte_page(pmd, addr)) { if (pmd_set_huge(pmd, phys_addr + addr, prot)) continue; } @@ -119,7 +119,7 @@ static inline int ioremap_pud_range(p4d_t *p4d, unsigned long addr, if (ioremap_pud_enabled() && ((next - addr) == PUD_SIZE) && IS_ALIGNED(phys_addr + addr, PUD_SIZE) && - pud_free_pmd_page(pud)) { + pud_free_pmd_page(pud, addr)) { if (pud_set_huge(pud, phys_addr + addr, prot)) continue; } -- Qualcomm India Private Limited, on behalf of Qualcomm Innovation Center, Inc., is a member of Code Aurora Forum, a Linux Foundation Collaborative Project

7 years, 3 months

1
0
0 0

[PATCH v11 1/4] ioremap: Update pgtable free interfaces with addr

by Chintan Pandya

From: Chintan Pandya <cpandya(a)codeaurora.org> The following kernel panic was observed on ARM64 platform due to a stale TLB entry. 1. ioremap with 4K size, a valid pte page table is set. 2. iounmap it, its pte entry is set to 0. 3. ioremap the same address with 2M size, update its pmd entry with a new value. 4. CPU may hit an exception because the old pmd entry is still in TLB, which leads to a kernel panic. Commit b6bdb7517c3d ("mm/vmalloc: add interfaces to free unmapped page table") has addressed this panic by falling to pte mappings in the above case on ARM64. To support pmd mappings in all cases, TLB purge needs to be performed in this case on ARM64. Add a new arg, 'addr', to pud_free_pmd_page() and pmd_free_pte_page() so that TLB purge can be added later in seprate patches. [toshi(a)hpe.com: merge changes, rewrite patch description] Fixes: 28ee90fe6048 ("x86/mm: implement free pmd/pte page interfaces") Signed-off-by: Chintan Pandya <cpandya(a)codeaurora.org> Signed-off-by: Toshi Kani <toshi.kani(a)hpe.com> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: Will Deacon <will.deacon(a)arm.com> Cc: Joerg Roedel <joro(a)8bytes.org> Cc: <stable(a)vger.kernel.org> --- arch/arm64/mm/mmu.c | 4 ++-- arch/x86/mm/pgtable.c | 8 +++++--- include/asm-generic/pgtable.h | 8 ++++---- lib/ioremap.c | 4 ++-- 4 files changed, 13 insertions(+), 11 deletions(-) diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c index 2dbb2c9..da98828 100644 --- a/arch/arm64/mm/mmu.c +++ b/arch/arm64/mm/mmu.c @@ -973,12 +973,12 @@ int pmd_clear_huge(pmd_t *pmdp) return 1; } -int pud_free_pmd_page(pud_t *pud) +int pud_free_pmd_page(pud_t *pud, unsigned long addr) { return pud_none(*pud); } -int pmd_free_pte_page(pmd_t *pmd) +int pmd_free_pte_page(pmd_t *pmd, unsigned long addr) { return pmd_none(*pmd); } diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c index ffc8c13..37e3cba 100644 --- a/arch/x86/mm/pgtable.c +++ b/arch/x86/mm/pgtable.c @@ -718,11 +718,12 @@ int pmd_clear_huge(pmd_t *pmd) /** * pud_free_pmd_page - Clear pud entry and free pmd page. * @pud: Pointer to a PUD. + * @addr: Virtual address associated with pud. * * Context: The pud range has been unmaped and TLB purged. * Return: 1 if clearing the entry succeeded. 0 otherwise. */ -int pud_free_pmd_page(pud_t *pud) +int pud_free_pmd_page(pud_t *pud, unsigned long addr) { pmd_t *pmd; int i; @@ -733,7 +734,7 @@ int pud_free_pmd_page(pud_t *pud) pmd = (pmd_t *)pud_page_vaddr(*pud); for (i = 0; i < PTRS_PER_PMD; i++) - if (!pmd_free_pte_page(&pmd[i])) + if (!pmd_free_pte_page(&pmd[i], addr + (i * PMD_SIZE))) return 0; pud_clear(pud); @@ -745,11 +746,12 @@ int pud_free_pmd_page(pud_t *pud) /** * pmd_free_pte_page - Clear pmd entry and free pte page. * @pmd: Pointer to a PMD. + * @addr: Virtual address associated with pmd. * * Context: The pmd range has been unmaped and TLB purged. * Return: 1 if clearing the entry succeeded. 0 otherwise. */ -int pmd_free_pte_page(pmd_t *pmd) +int pmd_free_pte_page(pmd_t *pmd, unsigned long addr) { pte_t *pte; diff --git a/include/asm-generic/pgtable.h b/include/asm-generic/pgtable.h index f59639a..b081794 100644 --- a/include/asm-generic/pgtable.h +++ b/include/asm-generic/pgtable.h @@ -1019,8 +1019,8 @@ static inline int p4d_clear_huge(p4d_t *p4d) int pmd_set_huge(pmd_t *pmd, phys_addr_t addr, pgprot_t prot); int pud_clear_huge(pud_t *pud); int pmd_clear_huge(pmd_t *pmd); -int pud_free_pmd_page(pud_t *pud); -int pmd_free_pte_page(pmd_t *pmd); +int pud_free_pmd_page(pud_t *pud, unsigned long addr); +int pmd_free_pte_page(pmd_t *pmd, unsigned long addr); #else /* !CONFIG_HAVE_ARCH_HUGE_VMAP */ static inline int p4d_set_huge(p4d_t *p4d, phys_addr_t addr, pgprot_t prot) { @@ -1046,11 +1046,11 @@ static inline int pmd_clear_huge(pmd_t *pmd) { return 0; } -static inline int pud_free_pmd_page(pud_t *pud) +static inline int pud_free_pmd_page(pud_t *pud, unsigned long addr) { return 0; } -static inline int pmd_free_pte_page(pmd_t *pmd) +static inline int pmd_free_pte_page(pmd_t *pmd, unsigned long addr) { return 0; } diff --git a/lib/ioremap.c b/lib/ioremap.c index 54e5bba..517f585 100644 --- a/lib/ioremap.c +++ b/lib/ioremap.c @@ -92,7 +92,7 @@ static inline int ioremap_pmd_range(pud_t *pud, unsigned long addr, if (ioremap_pmd_enabled() && ((next - addr) == PMD_SIZE) && IS_ALIGNED(phys_addr + addr, PMD_SIZE) && - pmd_free_pte_page(pmd)) { + pmd_free_pte_page(pmd, addr)) { if (pmd_set_huge(pmd, phys_addr + addr, prot)) continue; } @@ -119,7 +119,7 @@ static inline int ioremap_pud_range(p4d_t *p4d, unsigned long addr, if (ioremap_pud_enabled() && ((next - addr) == PUD_SIZE) && IS_ALIGNED(phys_addr + addr, PUD_SIZE) && - pud_free_pmd_page(pud)) { + pud_free_pmd_page(pud, addr)) { if (pud_set_huge(pud, phys_addr + addr, prot)) continue; } -- Qualcomm India Private Limited, on behalf of Qualcomm Innovation Center, Inc., is a member of Code Aurora Forum, a Linux Foundation Collaborative Project

7 years, 3 months

1
0
0 0

[PATCH] MIPS: lantiq: gphy: Drop reboot/remove reset asserts

by Mathias Kresin

While doing a global software reset, these bits are not cleared and let some bootloader fail to initialise the GPHYs. The bootloader don't expect the GPHYs in reset, as they aren't during power on. The asserts were a workaround for a wrong syscon-reboot mask. With a mask set which includes the GPHY resets, these resets aren't required any more. Fixes: 126534141b45 ("MIPS: lantiq: Add a GPHY driver which uses the RCU syscon-mfd") Cc: stable(a)vger.kernel.org # 4.14+ Signed-off-by: Mathias Kresin <dev(a)kresin.me> --- drivers/soc/lantiq/gphy.c | 34 ---------------------------------- 1 file changed, 34 deletions(-) diff --git a/drivers/soc/lantiq/gphy.c b/drivers/soc/lantiq/gphy.c index 8d86594..8c31ae7 100644 --- a/drivers/soc/lantiq/gphy.c +++ b/drivers/soc/lantiq/gphy.c @@ -30,7 +30,6 @@ struct xway_gphy_priv { struct clk *gphy_clk_gate; struct reset_control *gphy_reset; struct reset_control *gphy_reset2; - struct notifier_block gphy_reboot_nb; void __iomem *membase; char *fw_name; }; @@ -64,24 +63,6 @@ static const struct of_device_id xway_gphy_match[] = { }; MODULE_DEVICE_TABLE(of, xway_gphy_match); -static struct xway_gphy_priv *to_xway_gphy_priv(struct notifier_block *nb) -{ - return container_of(nb, struct xway_gphy_priv, gphy_reboot_nb); -} - -static int xway_gphy_reboot_notify(struct notifier_block *reboot_nb, - unsigned long code, void *unused) -{ - struct xway_gphy_priv *priv = to_xway_gphy_priv(reboot_nb); - - if (priv) { - reset_control_assert(priv->gphy_reset); - reset_control_assert(priv->gphy_reset2); - } - - return NOTIFY_DONE; -} - static int xway_gphy_load(struct device *dev, struct xway_gphy_priv *priv, dma_addr_t *dev_addr) { @@ -205,14 +186,6 @@ static int xway_gphy_probe(struct platform_device *pdev) reset_control_deassert(priv->gphy_reset); reset_control_deassert(priv->gphy_reset2); - /* assert the gphy reset because it can hang after a reboot: */ - priv->gphy_reboot_nb.notifier_call = xway_gphy_reboot_notify; - priv->gphy_reboot_nb.priority = -1; - - ret = register_reboot_notifier(&priv->gphy_reboot_nb); - if (ret) - dev_warn(dev, "Failed to register reboot notifier\n"); - platform_set_drvdata(pdev, priv); return ret; @@ -224,17 +197,10 @@ static int xway_gphy_remove(struct platform_device *pdev) struct xway_gphy_priv *priv = platform_get_drvdata(pdev); int ret; - reset_control_assert(priv->gphy_reset); - reset_control_assert(priv->gphy_reset2); - iowrite32be(0, priv->membase); clk_disable_unprepare(priv->gphy_clk_gate); - ret = unregister_reboot_notifier(&priv->gphy_reboot_nb); - if (ret) - dev_warn(dev, "Failed to unregister reboot notifier\n"); - return 0; } -- 2.7.4

7 years, 3 months

4
5
0 0

[PATCH 00/11] mm: Teach memory_failure() about ZONE_DEVICE pages

by Dan Williams

As it stands, memory_failure() gets thoroughly confused by dev_pagemap backed mappings. The recovery code has specific enabling for several possible page states and needs new enabling to handle poison in dax mappings. In order to support reliable reverse mapping of user space addresses add new locking in the fsdax implementation to prevent races between page-address_space disassociation events and the rmap performed in the memory_failure() path. Additionally, since dev_pagemap pages are hidden from the page allocator, add a mechanism to determine the size of the mapping that encompasses a given poisoned pfn. Lastly, since pmem errors can be repaired, change the speculatively accessed poison protection, mce_unmap_kpfn(), to be reversible and otherwise allow ongoing access from the kernel. --- Dan Williams (11): device-dax: convert to vmf_insert_mixed and vm_fault_t device-dax: cleanup vm_fault de-reference chains device-dax: enable page_mapping() device-dax: set page->index filesystem-dax: set page->index filesystem-dax: perform __dax_invalidate_mapping_entry() under the page lock mm, madvise_inject_error: fix page count leak x86, memory_failure: introduce {set,clear}_mce_nospec() mm, memory_failure: pass page size to kill_proc() mm, memory_failure: teach memory_failure() about dev_pagemap pages libnvdimm, pmem: restore page attributes when clearing errors arch/x86/include/asm/set_memory.h | 29 ++++++ arch/x86/kernel/cpu/mcheck/mce-internal.h | 15 --- arch/x86/kernel/cpu/mcheck/mce.c | 38 +------- drivers/dax/device.c | 91 ++++++++++++-------- drivers/nvdimm/pmem.c | 26 ++++++ drivers/nvdimm/pmem.h | 13 +++ fs/dax.c | 102 ++++++++++++++++++++-- include/linux/huge_mm.h | 5 + include/linux/set_memory.h | 14 +++ mm/huge_memory.c | 4 - mm/madvise.c | 11 ++ mm/memory-failure.c | 133 +++++++++++++++++++++++++++-- 12 files changed, 370 insertions(+), 111 deletions(-)

7 years, 3 months

2
3
0 0

[PATCH 3/3] x86/platform/UV: Add kernel parameter to set memory block size

by mike.travis＠hpe.com

Add a kernel parameter that allows setting UV memory block size. This is to provide an adjustment for new forms of PMEM and other DIMM memory that might require alignment restrictions other than scanning the global address table for the required minimum alignment. The value set will be further adjusted by both the GAM range table scan as well as restrictions imposed by set_memory_block_size_order(). Signed-off-by: Mike Travis <mike.travis(a)hpe.com> Reviewed-by: Andrew Banman <andrew.banman(a)hpe.com> Cc: stable(a)vger.kernel.org --- arch/x86/kernel/apic/x2apic_uv_x.c | 11 +++++++++++ 1 file changed, 11 insertions(+) --- linux.orig/arch/x86/kernel/apic/x2apic_uv_x.c +++ linux/arch/x86/kernel/apic/x2apic_uv_x.c @@ -396,6 +396,17 @@ EXPORT_SYMBOL(uv_hub_info_version); /* Default UV memory block size is 2GB */ static unsigned long mem_block_size = (2UL << 30); +/* Kernel parameter to specify UV mem block size */ +static int parse_mem_block_size(char *ptr) +{ + unsigned long size = memparse(ptr, NULL); + + /* Size will be rounded down by set_block_size() below */ + mem_block_size = size; + return 0; +} +early_param("uv_memblksize", parse_mem_block_size); + static __init int adj_blksize(u32 lgre) { unsigned long base = (unsigned long)lgre << UV_GAM_RANGE_SHFT; --

7 years, 3 months

1
0
0 0

[PATCH 2/3] x86/platform/UV: Use new set memory block size function

by mike.travis＠hpe.com

Add a call to the new function to "adjust" the current fixed UV memory block size of 2GB so it can be changed to a different physical boundary. This accommodates changes in the Intel BIOS, and therefore UV BIOS, which now can align boundaries different than the previous UV standard of 2GB. It also flags any UV Global Address boundaries from BIOS that cause a change in the mem block size (boundary). The current boundary of 2GB has been used on UV since the first system release in 2009 with Linux 2.6 and has worked fine. But the new NVDIMM persistent memory modules (PMEM), along with the Intel BIOS changes to support these modules caused the memory block size boundary to be set to a lower limit. Intel only guarantees that this minimum boundary at 64MB though the current Linux limit is 128MB. Note that the default remains 2GB if no changes occur. Signed-off-by: Mike Travis <mike.travis(a)hpe.com> Reviewed-by: Andrew Banman <andrew.banman(a)hpe.com> Cc: stable(a)vger.kernel.org --- v2: Update description --- arch/x86/kernel/apic/x2apic_uv_x.c | 49 ++++++++++++++++++++++++++++++++++--- 1 file changed, 46 insertions(+), 3 deletions(-) --- linux.orig/arch/x86/kernel/apic/x2apic_uv_x.c +++ linux/arch/x86/kernel/apic/x2apic_uv_x.c @@ -26,6 +26,7 @@ #include <linux/delay.h> #include <linux/crash_dump.h> #include <linux/reboot.h> +#include <linux/memory.h> #include <asm/uv/uv_mmrs.h> #include <asm/uv/uv_hub.h> @@ -392,6 +393,40 @@ extern int uv_hub_info_version(void) } EXPORT_SYMBOL(uv_hub_info_version); +/* Default UV memory block size is 2GB */ +static unsigned long mem_block_size = (2UL << 30); + +static __init int adj_blksize(u32 lgre) +{ + unsigned long base = (unsigned long)lgre << UV_GAM_RANGE_SHFT; + unsigned long size; + + for (size = mem_block_size; size > MIN_MEMORY_BLOCK_SIZE; size >>= 1) + if (IS_ALIGNED(base, size)) + break; + + if (size >= mem_block_size) + return 0; + + mem_block_size = size; + return 1; +} + +static __init void set_block_size(void) +{ + unsigned int order = ffs(mem_block_size); + + if (order) { + /* adjust for ffs return of 1..64 */ + set_memory_block_size_order(order - 1); + pr_info("UV: mem_block_size set to 0x%lx\n", mem_block_size); + } else { + /* bad or zero value, default to 1UL << 31 (2GB) */ + pr_err("UV: mem_block_size error with 0x%lx\n", mem_block_size); + set_memory_block_size_order(31); + } +} + /* Build GAM range lookup table: */ static __init void build_uv_gr_table(void) { @@ -1180,23 +1215,30 @@ static void __init decode_gam_rng_tbl(un << UV_GAM_RANGE_SHFT); int order = 0; char suffix[] = " KMGTPE"; + int flag = ' '; while (size > 9999 && order < sizeof(suffix)) { size /= 1024; order++; } + /* adjust max block size to current range start */ + if (gre->type == 1 || gre->type == 2) + if (adj_blksize(lgre)) + flag = '*'; + if (!index) { pr_info("UV: GAM Range Table...\n"); - pr_info("UV: # %20s %14s %5s %4s %5s %3s %2s\n", "Range", "", "Size", "Type", "NASID", "SID", "PN"); + pr_info("UV: # %20s %14s %6s %4s %5s %3s %2s\n", "Range", "", "Size", "Type", "NASID", "SID", "PN"); } - pr_info("UV: %2d: 0x%014lx-0x%014lx %5lu%c %3d %04x %02x %02x\n", + pr_info("UV: %2d: 0x%014lx-0x%014lx%c %5lu%c %3d %04x %02x %02x\n", index++, (unsigned long)lgre << UV_GAM_RANGE_SHFT, (unsigned long)gre->limit << UV_GAM_RANGE_SHFT, - size, suffix[order], + flag, size, suffix[order], gre->type, gre->nasid, gre->sockid, gre->pnode); + /* update to next range start */ lgre = gre->limit; if (sock_min > gre->sockid) sock_min = gre->sockid; @@ -1427,6 +1469,7 @@ static void __init uv_system_init_hub(vo build_socket_tables(); build_uv_gr_table(); + set_block_size(); uv_init_hub_info(&hub_info); uv_possible_blades = num_possible_nodes(); if (!_node_to_pnode) --

7 years, 3 months

1
0
0 0

[PATCH 1/3] x86/platform/UV: Add adjustable set memory block size function

by mike.travis＠hpe.com

Add a new function to "adjust" the current fixed UV memory block size of 2GB so it can be changed to a different physical boundary. This is out of necessity so arch dependent code can accommodate specific BIOS requirements which can align these new PMEM modules at less than the default boundaries. A "set order" type of function was used to insure that the memory block size will be a power of two value without requiring a validity check. 64GB was chosen as the upper limit for memory block size values to accommodate upcoming 4PB systems which have 6 more bits of physical address space (46 becoming 52). Signed-off-by: Mike Travis <mike.travis(a)hpe.com> Reviewed-by: Andrew Banman <andrew.banman(a)hpe.com> Cc: stable(a)vger.kernel.org --- v2: Update description --- arch/x86/mm/init_64.c | 20 ++++++++++++++++---- include/linux/memory.h | 1 + 2 files changed, 17 insertions(+), 4 deletions(-) --- linux.orig/arch/x86/mm/init_64.c +++ linux/arch/x86/mm/init_64.c @@ -1350,16 +1350,28 @@ int kern_addr_valid(unsigned long addr) /* Amount of ram needed to start using large blocks */ #define MEM_SIZE_FOR_LARGE_BLOCK (64UL << 30) +/* Adjustable memory block size */ +static unsigned long set_memory_block_size; +int __init set_memory_block_size_order(unsigned int order) +{ + unsigned long size = 1UL << order; + + if (size > MEM_SIZE_FOR_LARGE_BLOCK || size < MIN_MEMORY_BLOCK_SIZE) + return -EINVAL; + + set_memory_block_size = size; + return 0; +} + static unsigned long probe_memory_block_size(void) { unsigned long boot_mem_end = max_pfn << PAGE_SHIFT; unsigned long bz; - /* If this is UV system, always set 2G block size */ - if (is_uv_system()) { - bz = MAX_BLOCK_SIZE; + /* If memory block size has been set, then use it */ + bz = set_memory_block_size; + if (bz) goto done; - } /* Use regular block if RAM is smaller than MEM_SIZE_FOR_LARGE_BLOCK */ if (boot_mem_end < MEM_SIZE_FOR_LARGE_BLOCK) { --- linux.orig/include/linux/memory.h +++ linux/include/linux/memory.h @@ -38,6 +38,7 @@ struct memory_block { int arch_get_memory_phys_device(unsigned long start_pfn); unsigned long memory_block_size_bytes(void); +int set_memory_block_size_order(unsigned int order); /* These states are exposed to userspace as text strings in sysfs */ #define MEM_ONLINE (1<<0) /* exposed to userspace */ --

7 years, 3 months

1
0
0 0

[PATCH 01/17] IB/isert: fix T10-pi check mask setting

by Max Gurtovoy

A copy/paste bug (probably) caused setting of an app_tag check mask in case where a ref_tag check was needed. Fixes: 38a2d0d429f1 ("IB/isert: convert to the generic RDMA READ/WRITE API") Fixes: 9e961ae73c2c ("IB/isert: Support T10-PI protected transactions") Cc: stable(a)vger.kernel.org Signed-off-by: Max Gurtovoy <maxg(a)mellanox.com> --- drivers/infiniband/ulp/isert/ib_isert.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/infiniband/ulp/isert/ib_isert.c b/drivers/infiniband/ulp/isert/ib_isert.c index fff40b0..d8b6bde 100644 --- a/drivers/infiniband/ulp/isert/ib_isert.c +++ b/drivers/infiniband/ulp/isert/ib_isert.c @@ -2108,7 +2108,7 @@ sig_attrs->check_mask = (se_cmd->prot_checks & TARGET_DIF_CHECK_GUARD ? 0xc0 : 0) | - (se_cmd->prot_checks & TARGET_DIF_CHECK_REFTAG ? 0x30 : 0) | + (se_cmd->prot_checks & TARGET_DIF_CHECK_APPTAG ? 0x30 : 0) | (se_cmd->prot_checks & TARGET_DIF_CHECK_REFTAG ? 0x0f : 0); return 0; } -- 1.8.3.1

7 years, 3 months

1
0
0 0

[PATCH 4.16 000/161] 4.16.12-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.16.12 release. There are 161 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat May 26 09:29:22 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.16.12-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.16.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.16.12-rc1 James Hogan <jhogan(a)kernel.org> rtc: goldfish: Add missing MODULE_LICENSE Alexandre Belloni <alexandre.belloni(a)bootlin.com> rtc: rp5c01: fix possible race condition Colin Ian King <colin.king(a)canonical.com> rtc: tx4939: avoid unintended sign extension on a 24 bit shift Alexandre Belloni <alexandre.belloni(a)bootlin.com> rtc: m41t80: fix race conditions Alexandre Belloni <alexandre.belloni(a)bootlin.com> rtc: rk808: fix possible race condition Alexandre Belloni <alexandre.belloni(a)bootlin.com> rtc: hctosys: Ensure system time doesn't overflow time_t Bryan O'Donoghue <pure.logic(a)nexus-software.ie> rtc: snvs: Fix usage of snvs_rtc_enable Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> serial: altera: ensure port->regshift is honored consistently Vignesh R <vigneshr(a)ti.com> serial: 8250: Don't service RX FIFO if interrupts are disabled Geert Uytterhoeven <geert+renesas(a)glider.be> serial: arc_uart: Fix out-of-bounds access through DT alias Geert Uytterhoeven <geert+renesas(a)glider.be> serial: fsl_lpuart: Fix out-of-bounds access through DT alias Geert Uytterhoeven <geert+renesas(a)glider.be> serial: imx: Fix out-of-bounds access through serial port index Geert Uytterhoeven <geert+renesas(a)glider.be> serial: mxs-auart: Fix out-of-bounds access through serial port index Geert Uytterhoeven <geert+renesas(a)glider.be> serial: samsung: Fix out-of-bounds access through serial port index Geert Uytterhoeven <geert+renesas(a)glider.be> serial: sh-sci: Fix out-of-bounds access through DT alias Geert Uytterhoeven <geert+renesas(a)glider.be> serial: xuartps: Fix out-of-bounds access through DT alias Gabriel Matni <gabriel.matni(a)exfo.com> serial: mvebu-uart: fix tx lost characters Colin Ian King <colin.king(a)canonical.com> media: cx25821: prevent out-of-bounds read on array card Hans Verkuil <hverkuil(a)xs4all.nl> media: vivid: fix incorrect capabilities for radio Masami Hiramatsu <mhiramat(a)kernel.org> media: vb2: Fix videobuf2 to map correct area Kieran Bingham <kieran.bingham(a)ideasonboard.com> media: i2c: adv748x: fix HDMI field heights Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> media: v4l: vsp1: Fix display stalls when requesting too many inputs Brad Love <brad(a)nextdimension.cc> media: em28xx: Add Hauppauge SoloHD/DualHD bulk models Brad Love <brad(a)nextdimension.cc> media: lgdt3306a: Fix a double kfree on i2c device remove Arnd Bergmann <arnd(a)arndb.de> media: s3c-camif: fix out-of-bounds array access Brad Love <brad(a)nextdimension.cc> media: cx23885: Set subdev host data to clk_freq pointer Brad Love <brad(a)nextdimension.cc> media: cx23885: Override 888 ImpactVCBe crystal frequency Akinobu Mita <akinobu.mita(a)gmail.com> media: ov5645: add missing of_node_put() in error path Jerome Brunet <jbrunet(a)baylibre.com> clk: meson: axg: add the fractional part of the fixed_pll Yixun Lan <yixun.lan(a)amlogic.com> clk: meson: axg: fix the od shift of the sys_pll Andrzej Hajda <a.hajda(a)samsung.com> clk: samsung: exynos3250: Fix PLL rates Andrzej Hajda <a.hajda(a)samsung.com> clk: samsung: exynos5250: Fix PLL rates Andrzej Hajda <a.hajda(a)samsung.com> clk: samsung: exynos5433: Fix PLL rates Andrzej Hajda <a.hajda(a)samsung.com> clk: samsung: exynos5260: Fix PLL rates Andrzej Hajda <a.hajda(a)samsung.com> clk: samsung: exynos7: Fix PLL rates Andrzej Hajda <a.hajda(a)samsung.com> clk: samsung: s3c2410: Fix PLL rates Shawn Lin <shawn.lin(a)rock-chips.com> clk: rockchip: Prevent calculating mmc phase if clock rate is zero Marcel Ziswiler <marcel(a)ziswiler.com> clk: tegra: Fix pll_u rate configuration Arnd Bergmann <arnd(a)arndb.de> clk: hisilicon: mark wdt_mux_p[] as const Shawn Lin <shawn.lin(a)rock-chips.com> clk: Don't show the incorrect clock phase Shawn Lin <shawn.lin(a)rock-chips.com> clk: rockchip: Fix wrong parent for SDMMC phase clock for rk3228 Sylwester Nawrocki <s.nawrocki(a)samsung.com> ASoC: samsung: i2s: Ensure the RCLK rate is properly determined Ranjani Sridharan <ranjani.sridharan(a)linux.intel.com> ASoC: topology: create TLV data for dapm widgets Sylwester Nawrocki <s.nawrocki(a)samsung.com> ASoC: samsung: odroid: Fix 32000 sample rate handling Ezequiel Garcia <ezequiel(a)collabora.co.uk> ASoC: rockchip: rk3288-hdmi-analog: Select needed codecs James Smart <jsmart2021(a)gmail.com> scsi: lpfc: Fix frequency of Release WQE CQEs James Smart <jsmart2021(a)gmail.com> scsi: lpfc: Fix IO failure during hba reset testing with nvme io. James Smart <jsmart2021(a)gmail.com> scsi: lpfc: Fix soft lockup in lpfc worker thread during LIP testing James Smart <jsmart2021(a)gmail.com> scsi: lpfc: Fix nonrecovery of NVME controller after cable swap. James Smart <jsmart2021(a)gmail.com> scsi: lpfc: Fix issue_lip if link is disabled Wilfried Weissmann <wilfried.weissmann(a)gmx.at> scsi: mvsas: fix wrong endianness of sgpio api Douglas Gilbert <dgilbert(a)interlog.com> scsi: core: Make SCSI Status CONDITION MET equivalent to GOOD James Smart <jsmart2021(a)gmail.com> scsi: lpfc: Fix NVME Initiator FirstBurst Xose Vazquez Perez <xose.vazquez(a)gmail.com> scsi: devinfo: add HP DISK-SUBSYSTEM device, for HP XP arrays Dave Carroll <david.carroll(a)microsemi.com> scsi: aacraid: Insure command thread is not recursively stopped Antoine Tenart <antoine.tenart(a)bootlin.com> crypto: inside-secure - fix the invalidation step during cra_exit Peter Robinson <pbrobinson(a)gmail.com> crypto: sunxi-ss - Add MODULE_ALIAS to sun4i-ss Antoine Tenart <antoine.tenart(a)bootlin.com> crypto: inside-secure - do not overwrite the threshold value Antoine Tenart <antoine.tenart(a)bootlin.com> crypto: inside-secure - fix the extra cache computation Antoine Tenart <antoine.tenart(a)bootlin.com> crypto: inside-secure - fix the cache_len computation Antoine Tenart <antoine.tenart(a)bootlin.com> crypto: inside-secure - do not process request if no command was issued Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> crypto: ccp - don't disable interrupts while setting up debugfs Antoine Tenart <antoine.tenart(a)bootlin.com> crypto: atmel-aes - fix the keys zeroing on errors Antoine Tenart <antoine.tenart(a)bootlin.com> crypto: inside-secure - wait for the request to complete if in the backlog Antoine Tenart <antoine.tenart(a)bootlin.com> crypto: inside-secure - move the digest to the request context NeilBrown <neilb(a)suse.com> staging: lustre: lmv: correctly iput lmo_root Quytelda Kahja <quytelda(a)tamalin.org> staging: ks7010: Use constants from ieee80211_eid instead of literal ints. Colin Ian King <colin.king(a)canonical.com> staging: rtl8192u: return -ENOMEM on failed allocation of priv->oldaddr Ioana Radulescu <ruxandra.radulescu(a)nxp.com> staging: fsl-dpaa2/eth: Fix incorrect casts NeilBrown <neilb(a)suse.com> staging: lustre: fix bug in osc_enter_cache_try Ioana Radulescu <ruxandra.radulescu(a)nxp.com> staging: fsl-dpaa2/eth: Fix incorrect kfree Kirill Marinushkin <k.marinushkin(a)gmail.com> staging: bcm2835-audio: Release resources on module_exit() Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> x86/kexec: Avoid double free_page() upon do_kexec_load() failure Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> hfsplus: stop workqueue when fill_super() failed Johannes Berg <johannes.berg(a)intel.com> cfg80211: limit wiphy names to 128 bytes Omar Sandoval <osandov(a)fb.com> loop: fix LOOP_GET_STATUS lock imbalance Omar Sandoval <osandov(a)fb.com> loop: don't call into filesystem while holding lo_ctl_mutex Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Show what USB release number the xHC supports from protocol capablity Tedd Ho-Jeong An <tedd.an(a)intel.com> Bluetooth: btusb: Add support for Intel Bluetooth device 22560 [8087:0026] Larry Finger <Larry.Finger(a)lwfinger.net> Bluetooth: btusb: Add device ID for RTL8822BE Brad Love <brad(a)nextdimension.cc> media: em28xx: USB bulk packet size fix Brad Love <brad(a)nextdimension.cc> media: lgdt3306a: Fix module count mismatch on usb unplug Chris Dickens <christopher.a.dickens(a)gmail.com> usb: gadget: composite: fix incorrect handling of OS desc requests Wolfram Sang <wsa+renesas(a)sang-engineering.com> usb: gadget: udc: change comparison to bitshift when dealing with a mask Ben Hutchings <ben(a)decadent.org.uk> usbip: Correct maximum value of CONFIG_USBIP_VHCI_HC_PORTS Lars-Peter Clausen <lars(a)metafoo.de> usb: gadget: ffs: Execute copy_to_user() with USER_DS set Lars-Peter Clausen <lars(a)metafoo.de> usb: gadget: ffs: Let setup() return USB_GADGET_DELAYED_STATUS Minas Harutyunyan <hminas(a)synopsys.com> usb: dwc2: host: Fix transaction errors in host mode Minas Harutyunyan <hminas(a)synopsys.com> usb: dwc2: hcd: Fix host channel halt flow Grigor Tovmasyan <Grigor.Tovmasyan(a)synopsys.com> usb: dwc2: Fix interval type issue Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: zero usb device slot_id member when disabling and freeing a xhci slot Felipe Balbi <felipe.balbi(a)linux.intel.com> usb: dwc3: Makefile: fix link error on randconfig Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: Update DWC_usb31 GTXFIFOSIZ reg fields Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: Add SoftReset PHY synchonization delay Nobutaka Okabe <nob77413(a)gmail.com> ALSA: usb-audio: Add native DSD support for Luxman DA-06 Vicente Bergas <vicencb(a)gmail.com> Bluetooth: btusb: Add USB ID 7392:a611 for Edimax EW-7611ULB Jens Remus <jremus(a)linux.ibm.com> scsi: zfcp: fix infinite iteration on ERP ready list Alexander Potapenko <glider(a)google.com> scsi: sg: allocate with __GFP_ZERO in sg_build_indirect() Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390: use expoline thunks in the BPF JIT Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390: extend expoline to BC instructions Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390: move spectre sysfs attribute code Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390/kernel: use expoline for indirect branches Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390/ftrace: use expoline for indirect branches Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390/lib: use expoline for indirect branches Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390/crc32-vx: use expoline for indirect branches Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390: move expoline assembler macros to a header Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390: correct module section names for expoline code revert Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390: correct nospec auto detection init order Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390: add assembler macros for CPU alternatives Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390: add sysfs attributes for spectre Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390: report spectre mitigation via syslog Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390: add automatic detection of the spectre defense Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390: move nobp parameter functions to nospec-branch.c Nicholas Piggin <npiggin(a)gmail.com> powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit Mauricio Faria de Oliveira <mauricfo(a)linux.vnet.ibm.com> powerpc: Move default security feature flags Mauricio Faria de Oliveira <mauricfo(a)linux.vnet.ibm.com> powerpc/pseries: Fix clearing of security feature flags Michael Ellerman <mpe(a)ellerman.id.au> powerpc/64s: Wire up cpu_show_spectre_v2() Michael Ellerman <mpe(a)ellerman.id.au> powerpc/64s: Wire up cpu_show_spectre_v1() Michael Ellerman <mpe(a)ellerman.id.au> powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() Michael Ellerman <mpe(a)ellerman.id.au> powerpc/powernv: Use the security flags in pnv_setup_rfi_flush() Michael Ellerman <mpe(a)ellerman.id.au> powerpc/64s: Enhance the information in cpu_show_meltdown() Michael Ellerman <mpe(a)ellerman.id.au> powerpc/64s: Move cpu_show_meltdown() Michael Ellerman <mpe(a)ellerman.id.au> powerpc/powernv: Set or clear security feature flags Michael Ellerman <mpe(a)ellerman.id.au> powerpc/pseries: Set or clear security feature flags Michael Ellerman <mpe(a)ellerman.id.au> powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags Michael Ellerman <mpe(a)ellerman.id.au> powerpc: Add security feature flags for Spectre/Meltdown Michael Ellerman <mpe(a)ellerman.id.au> powerpc/rfi-flush: Always enable fallback flush on pseries Al Viro <viro(a)zeniv.linux.org.uk> ext2: fix a block leak Arvind Yadav <arvind.yadav.cs(a)gmail.com> sparc: vio: use put_device() instead of kfree() Michal Kalderon <Michal.Kalderon(a)cavium.com> qed: Fix LL2 race during connection terminate Michal Kalderon <Michal.Kalderon(a)cavium.com> qed: Fix possibility of list corruption during rmmod flows Michal Kalderon <Michal.Kalderon(a)cavium.com> qed: LL2 flush isles when connection is closed William Tu <u9012063(a)gmail.com> net: ip6_gre: fix tunnel metadata device sharing. Petr Machata <petrm(a)mellanox.com> net: ip6_gre: Fix ip6erspan hlen calculation Petr Machata <petrm(a)mellanox.com> net: ip6_gre: Split up ip6gre_changelink() Petr Machata <petrm(a)mellanox.com> net: ip6_gre: Split up ip6gre_newlink() Petr Machata <petrm(a)mellanox.com> net: ip6_gre: Split up ip6gre_tnl_change() Petr Machata <petrm(a)mellanox.com> net: ip6_gre: Split up ip6gre_tnl_link_config() Petr Machata <petrm(a)mellanox.com> net: ip6_gre: Fix headroom request in ip6erspan_tunnel_xmit() Petr Machata <petrm(a)mellanox.com> net: ip6_gre: Request headroom in __gre6_xmit() hpreg(a)vmware.com <hpreg(a)vmware.com> vmxnet3: use DMA memory barriers where required hpreg(a)vmware.com <hpreg(a)vmware.com> vmxnet3: set the DMA mask before the first DMA map operation Rahul Lakkireddy <rahul.lakkireddy(a)chelsio.com> cxgb4: fix offset in collecting TX rate limit info Christoph Hellwig <hch(a)lst.de> 3c59x: convert to generic DMA API Florian Fainelli <f.fainelli(a)gmail.com> net: dsa: bcm_sf2: Fix IPv6 rule half deletion Florian Fainelli <f.fainelli(a)gmail.com> net: dsa: bcm_sf2: Fix IPv6 rules and chain ID Florian Fainelli <f.fainelli(a)gmail.com> net: dsa: Do not register devlink for unused ports Florian Fainelli <f.fainelli(a)gmail.com> net: dsa: bcm_sf2: Fix RX_CLS_LOC_ANY overwrite for last rule Kumar Sanghvi <kumaras(a)chelsio.com> cxgb4: Correct ntuple mask validation for hash filters Jason Wang <jasowang(a)redhat.com> tuntap: fix use after free during release Jason Wang <jasowang(a)redhat.com> tun: fix use after free for ptr_ring Eric Dumazet <edumazet(a)google.com> tcp: purge write queue in tcp_connect_init() Eric Dumazet <edumazet(a)google.com> sock_diag: fix use-after-free read in __sk_free Willem de Bruijn <willemb(a)google.com> packet: in packet_snd start writing at link layer allocation Willem de Bruijn <willemb(a)google.com> net: test tailroom before appending to linear skb Eric Biggers <ebiggers(a)google.com> net/smc: check for missing nlattrs in SMC_PNETID messages Paolo Abeni <pabeni(a)redhat.com> net: sched: red: avoid hashing NULL child Davide Caratti <dcaratti(a)redhat.com> net/sched: fix refcnt leak in the error path of tcf_vlan_init() Tarick Bedeir <tarick(a)google.com> net/mlx4_core: Fix error handling in mlx4_init_port_info. Amritha Nambiar <amritha.nambiar(a)intel.com> net: Fix a bug in removing queues from XPS map Saeed Mahameed <saeedm(a)mellanox.com> net/mlx5: Fix build break when CONFIG_SMP=n ------------- Diffstat: Makefile | 4 +- arch/powerpc/include/asm/exception-64s.h | 29 +++ arch/powerpc/include/asm/feature-fixups.h | 19 ++ arch/powerpc/include/asm/hvcall.h | 3 + arch/powerpc/include/asm/security_features.h | 85 +++++++ arch/powerpc/kernel/Makefile | 2 +- arch/powerpc/kernel/exceptions-64s.S | 19 +- arch/powerpc/kernel/security.c | 237 +++++++++++++++++ arch/powerpc/kernel/setup_64.c | 8 - arch/powerpc/kernel/vmlinux.lds.S | 14 + arch/powerpc/lib/feature-fixups.c | 115 +++++++++ arch/powerpc/platforms/powernv/setup.c | 96 ++++--- arch/powerpc/platforms/pseries/setup.c | 71 ++++-- arch/s390/Kconfig | 3 +- arch/s390/Makefile | 2 +- arch/s390/crypto/crc32be-vx.S | 5 +- arch/s390/crypto/crc32le-vx.S | 4 +- arch/s390/include/asm/alternative-asm.h | 108 ++++++++ arch/s390/include/asm/nospec-branch.h | 7 +- arch/s390/include/asm/nospec-insn.h | 196 ++++++++++++++ arch/s390/kernel/Makefile | 5 +- arch/s390/kernel/alternative.c | 24 +- arch/s390/kernel/asm-offsets.c | 1 + arch/s390/kernel/base.S | 24 +- arch/s390/kernel/entry.S | 105 ++------ arch/s390/kernel/mcount.S | 14 +- arch/s390/kernel/module.c | 15 +- arch/s390/kernel/nospec-branch.c | 123 ++++++--- arch/s390/kernel/nospec-sysfs.c | 21 ++ arch/s390/kernel/reipl.S | 7 +- arch/s390/kernel/setup.c | 3 + arch/s390/kernel/swsusp.S | 10 +- arch/s390/lib/mem.S | 19 +- arch/s390/net/bpf_jit.S | 16 +- arch/s390/net/bpf_jit_comp.c | 63 ++++- arch/sparc/kernel/vio.c | 2 +- arch/x86/kernel/machine_kexec_32.c | 6 +- arch/x86/kernel/machine_kexec_64.c | 5 +- drivers/block/loop.c | 71 +++--- drivers/bluetooth/btusb.c | 13 + drivers/clk/clk.c | 3 + drivers/clk/hisilicon/crg-hi3516cv300.c | 2 +- drivers/clk/meson/axg.c | 7 +- drivers/clk/rockchip/clk-mmc-phase.c | 23 ++ drivers/clk/rockchip/clk-rk3228.c | 2 +- drivers/clk/samsung/clk-exynos3250.c | 4 +- drivers/clk/samsung/clk-exynos5250.c | 8 +- drivers/clk/samsung/clk-exynos5260.c | 2 +- drivers/clk/samsung/clk-exynos5433.c | 12 +- drivers/clk/samsung/clk-exynos7.c | 2 +- drivers/clk/samsung/clk-s3c2410.c | 16 +- drivers/clk/tegra/clk-pll.c | 2 + drivers/crypto/atmel-aes.c | 2 +- drivers/crypto/ccp/ccp-debugfs.c | 7 +- drivers/crypto/inside-secure/safexcel.c | 12 +- drivers/crypto/inside-secure/safexcel_cipher.c | 2 +- drivers/crypto/inside-secure/safexcel_hash.c | 38 +-- drivers/crypto/sunxi-ss/sun4i-ss-core.c | 1 + drivers/media/common/videobuf2/videobuf2-vmalloc.c | 2 +- drivers/media/dvb-frontends/lgdt3306a.c | 10 +- drivers/media/i2c/adv748x/adv748x-hdmi.c | 3 + drivers/media/i2c/ov5645.c | 5 +- drivers/media/pci/cx23885/cx23885-cards.c | 4 + drivers/media/pci/cx23885/cx23885-core.c | 10 + drivers/media/pci/cx25821/cx25821-core.c | 7 +- drivers/media/platform/s3c-camif/camif-capture.c | 7 +- drivers/media/platform/vivid/vivid-ctrls.c | 2 + drivers/media/platform/vsp1/vsp1_drm.c | 9 + drivers/media/usb/em28xx/em28xx-cards.c | 22 +- drivers/media/usb/em28xx/em28xx.h | 2 +- drivers/net/dsa/bcm_sf2_cfp.c | 36 ++- drivers/net/ethernet/3com/3c59x.c | 104 ++++---- drivers/net/ethernet/chelsio/cxgb4/cudbg_entity.h | 28 +- drivers/net/ethernet/chelsio/cxgb4/cxgb4_filter.c | 88 +++---- drivers/net/ethernet/mellanox/mlx4/main.c | 4 +- drivers/net/ethernet/qlogic/qed/qed_ll2.c | 61 ++++- drivers/net/tun.c | 27 +- drivers/net/vmxnet3/vmxnet3_drv.c | 72 ++++-- drivers/net/vmxnet3/vmxnet3_int.h | 8 +- drivers/rtc/hctosys.c | 5 + drivers/rtc/rtc-goldfish.c | 2 + drivers/rtc/rtc-m41t80.c | 18 +- drivers/rtc/rtc-rk808.c | 14 +- drivers/rtc/rtc-rp5c01.c | 12 +- drivers/rtc/rtc-snvs.c | 15 +- drivers/rtc/rtc-tx4939.c | 6 +- drivers/s390/scsi/zfcp_dbf.c | 23 +- drivers/s390/scsi/zfcp_ext.h | 5 +- drivers/s390/scsi/zfcp_scsi.c | 14 +- drivers/scsi/aacraid/commsup.c | 4 +- drivers/scsi/aacraid/linit.c | 1 + drivers/scsi/lpfc/lpfc_attr.c | 5 + drivers/scsi/lpfc/lpfc_hbadisc.c | 5 +- drivers/scsi/lpfc/lpfc_nportdisc.c | 15 +- drivers/scsi/lpfc/lpfc_nvme.c | 28 +- drivers/scsi/lpfc/lpfc_nvme.h | 2 + drivers/scsi/lpfc/lpfc_sli.c | 2 + drivers/scsi/mvsas/mv_94xx.c | 23 +- drivers/scsi/scsi_devinfo.c | 1 + drivers/scsi/scsi_lib.c | 11 + drivers/scsi/sg.c | 2 +- drivers/staging/fsl-dpaa2/ethernet/dpaa2-eth.c | 16 +- drivers/staging/ks7010/ks_hostif.c | 31 ++- drivers/staging/ks7010/ks_hostif.h | 1 + drivers/staging/lustre/lustre/include/obd.h | 2 +- drivers/staging/lustre/lustre/lmv/lmv_obd.c | 2 +- drivers/staging/lustre/lustre/osc/osc_cache.c | 2 +- drivers/staging/rtl8192u/r8192U_core.c | 2 + .../staging/vc04_services/bcm2835-audio/bcm2835.c | 54 ++-- drivers/tty/serial/8250/8250_port.c | 3 +- drivers/tty/serial/altera_uart.c | 12 +- drivers/tty/serial/arc_uart.c | 5 + drivers/tty/serial/fsl_lpuart.c | 4 + drivers/tty/serial/imx.c | 6 + drivers/tty/serial/mvebu-uart.c | 2 +- drivers/tty/serial/mxs-auart.c | 4 + drivers/tty/serial/samsung.c | 4 + drivers/tty/serial/sh-sci.c | 4 + drivers/tty/serial/xilinx_uartps.c | 2 +- drivers/usb/dwc2/core.h | 2 +- drivers/usb/dwc2/hcd.c | 32 ++- drivers/usb/dwc3/Makefile | 2 +- drivers/usb/dwc3/core.c | 13 +- drivers/usb/dwc3/core.h | 2 + drivers/usb/gadget/composite.c | 40 ++- drivers/usb/gadget/function/f_fs.c | 6 +- drivers/usb/gadget/udc/goku_udc.h | 2 +- drivers/usb/host/xhci-mem.c | 2 + drivers/usb/host/xhci.c | 14 +- drivers/usb/usbip/Kconfig | 2 +- fs/ext2/inode.c | 10 - fs/hfsplus/super.c | 1 + include/linux/mlx5/driver.h | 12 +- include/linux/usb/composite.h | 3 + include/scsi/scsi.h | 2 + include/uapi/linux/nl80211.h | 2 + net/core/dev.c | 2 +- net/core/sock.c | 2 +- net/dsa/dsa2.c | 9 +- net/ipv4/ip_output.c | 3 +- net/ipv4/tcp_output.c | 7 +- net/ipv6/ip6_gre.c | 281 ++++++++++++++++----- net/ipv6/ip6_output.c | 3 +- net/packet/af_packet.c | 4 +- net/sched/act_vlan.c | 2 + net/sched/sch_red.c | 5 +- net/sched/sch_tbf.c | 5 +- net/smc/smc_pnet.c | 71 +++--- net/wireless/core.c | 3 + sound/soc/rockchip/Kconfig | 3 + sound/soc/samsung/i2s.c | 13 +- sound/soc/samsung/odroid.c | 11 +- sound/soc/soc-topology.c | 3 + sound/usb/quirks.c | 29 ++- 154 files changed, 2356 insertions(+), 846 deletions(-)

7 years, 3 months

5
164
0 0

[RESEND PATCH] ARM: dts: imx6q: Use correct SDMA script for SPI5 core

by Sean Nyekjaer

According to the reference manual the shp_2_mcu / mcu_2_shp scripts must be used for devices connected through the SPBA. This fixes an issue we saw with DMA transfers. Sometimes the SPI controller RX FIFO was not empty after a DMA transfer and the driver got stuck in the next PIO transfer when it read one word more than expected. commit dd4b487b32a35 ("ARM: dts: imx6: Use correct SDMA script for SPI cores") is fixing the same issue but only for SPI1 - 4. Fixes: 677940258dd8e ("ARM: dts: imx6q: enable dma for ecspi5") Signed-off-by: Sean Nyekjaer <sean.nyekjaer(a)prevas.dk> Reviewed-by: Fabio Estevam <fabio.estevam(a)nxp.com> --- arch/arm/boot/dts/imx6q.dtsi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm/boot/dts/imx6q.dtsi b/arch/arm/boot/dts/imx6q.dtsi index ae7b3f107893..5185300cc11f 100644 --- a/arch/arm/boot/dts/imx6q.dtsi +++ b/arch/arm/boot/dts/imx6q.dtsi @@ -96,7 +96,7 @@ clocks = <&clks IMX6Q_CLK_ECSPI5>, <&clks IMX6Q_CLK_ECSPI5>; clock-names = "ipg", "per"; - dmas = <&sdma 11 7 1>, <&sdma 12 7 2>; + dmas = <&sdma 11 8 1>, <&sdma 12 8 2>; dma-names = "rx", "tx"; status = "disabled"; }; -- 2.17.0

7 years, 3 months

1
0
0 0

[PATCH 3.18 00/45] 3.18.110-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 3.18.110 release. There are 45 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat May 26 09:30:59 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v3.x/stable-review/patch-3.18.110-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-3.18.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 3.18.110-rc1 Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> x86/kexec: Avoid double free_page() upon do_kexec_load() failure Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> hfsplus: stop workqueue when fill_super() failed Johannes Berg <johannes.berg(a)intel.com> cfg80211: limit wiphy names to 128 bytes Alexander Potapenko <glider(a)google.com> scsi: sg: allocate with __GFP_ZERO in sg_build_indirect() Jason Yan <yanaijie(a)huawei.com> scsi: libsas: defer ata device eh commands to libata Al Viro <viro(a)zeniv.linux.org.uk> ext2: fix a block leak Eric Dumazet <edumazet(a)google.com> tcp: purge write queue in tcp_connect_init() Willem de Bruijn <willemb(a)google.com> net: test tailroom before appending to linear skb Masami Hiramatsu <mhiramat(a)kernel.org> ARM: 8772/1: kprobes: Prohibit kprobes on get_user functions Dexuan Cui <decui(a)microsoft.com> tick/broadcast: Use for_each_cpu() specially on UP kernels Masami Hiramatsu <mhiramat(a)kernel.org> ARM: 8771/1: kprobes: Prohibit kprobes on do_undefinstr Ard Biesheuvel <ard.biesheuvel(a)linaro.org> efi: Avoid potential crashes, fix the 'struct efi_pci_io_protocol_32' definition for mixed mode Nicholas Piggin <npiggin(a)gmail.com> powerpc/powernv: Fix NVRAM sleep in invalid context when crashing Steven Rostedt (VMware) <rostedt(a)goodmis.org> tracing/x86/xen: Remove zero data size trace events trace_xen_mmu_flush_tlb{_all} Benjamin Herrenschmidt <benh(a)kernel.crashing.org> powerpc: Don't preempt_disable() in show_cpuinfo() Wenwen Wang <wang6495(a)umn.edu> ALSA: control: fix a redundant-copy issue Federico Cuello <fedux(a)fedux.com.ar> ALSA: usb: mixer: volume quirk for CM102-A+/102S+ Shuah Khan (Samsung OSG) <shuah(a)kernel.org> usbip: usbip_host: fix bad unlock balance during stub_probe() Shuah Khan (Samsung OSG) <shuah(a)kernel.org> usbip: usbip_host: fix NULL-ptr deref and use-after-free errors Alexey Khoroshilov <khoroshilov(a)ispras.ru> usbip: fix error handling in stub_probe() Shuah Khan (Samsung OSG) <shuah(a)kernel.org> usbip: usbip_host: run rebind from exit when module is removed Shuah Khan (Samsung OSG) <shuah(a)kernel.org> usbip: usbip_host: delete device from busid_table after rebind Shuah Khan <shuahkh(a)osg.samsung.com> usbip: usbip_host: refine probe and disconnect debug msgs to be useful zhongjiang <zhongjiang(a)huawei.com> kernel/exit.c: avoid undefined behaviour when calling wait4() Michael Kerrisk (man-pages) <mtk.manpages(a)gmail.com> pipe: cap initial pipe capacity according to pipe-max-size limit James Chapman <jchapman(a)katalix.com> l2tp: revert "l2tp: fix missing print session offset info" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "ARM: dts: imx6qdl-wandboard: Fix audio channel swap" Vasily Averin <vvs(a)virtuozzo.com> lockd: lost rollback of set_grace_period() in lockd_down_net() Bjørn Mork <bjorn(a)mork.no> qmi_wwan: do not steal interfaces from class drivers Xin Long <lucien.xin(a)gmail.com> sctp: delay the authentication for the duplicated cookie-echo chunk Xin Long <lucien.xin(a)gmail.com> sctp: fix the issue that the cookie-ack with auth can't get processed Yuchung Cheng <ycheng(a)google.com> tcp: ignore Fast Open on repair mode Debabrata Banerjee <dbanerje(a)akamai.com> bonding: do not allow rlb updates to invalid mac Michael Chan <michael.chan(a)broadcom.com> tg3: Fix vunmap() BUG_ON() triggered from tg3_free_consistent(). Xin Long <lucien.xin(a)gmail.com> sctp: use the old asoc when making the cookie-ack chunk in dupcook_d Heiner Kallweit <hkallweit1(a)gmail.com> r8169: fix powering up RTL8168h Lance Richardson <lance.richardson.net(a)gmail.com> net: support compat 64-bit time in {s,g}etsockopt Eric Dumazet <edumazet(a)google.com> net_sched: fq: take care of throttled flows before reuse Moshe Shemesh <moshe(a)mellanox.com> net/mlx4_en: Verify coalescing parameters are in range Rob Taglang <rob(a)taglang.io> net: ethernet: sun: niu set correct packet size in skb Eric Dumazet <edumazet(a)google.com> llc: better deal with too small mtu Andrey Ignatov <rdna(a)fb.com> ipv4: fix memory leaks in udp_sendmsg, ping_v4_sendmsg Eric Dumazet <edumazet(a)google.com> dccp: fix tasklet usage Hangbin Liu <liuhangbin(a)gmail.com> bridge: check iface upper dev when setting master via ioctl Ingo Molnar <mingo(a)elte.hu> 8139too: Use disable_irq_nosync() in rtl8139_poll_controller() ------------- Diffstat: Makefile | 4 +- arch/arm/boot/dts/imx6qdl-wandboard.dtsi | 1 - arch/arm/include/asm/assembler.h | 10 +++ arch/arm/kernel/traps.c | 5 +- arch/arm/lib/getuser.S | 10 +++ arch/powerpc/kernel/setup-common.c | 11 --- arch/powerpc/platforms/powernv/opal-nvram.c | 14 +++- arch/x86/boot/compressed/eboot.c | 6 +- arch/x86/kernel/machine_kexec_32.c | 6 +- arch/x86/kernel/machine_kexec_64.c | 4 +- arch/x86/xen/mmu.c | 4 - drivers/net/bonding/bond_alb.c | 2 +- drivers/net/ethernet/broadcom/tg3.c | 9 +- drivers/net/ethernet/mellanox/mlx4/en_ethtool.c | 16 ++++ drivers/net/ethernet/mellanox/mlx4/mlx4_en.h | 7 +- drivers/net/ethernet/realtek/8139too.c | 2 +- drivers/net/ethernet/realtek/r8169.c | 3 + drivers/net/ethernet/sun/niu.c | 5 +- drivers/net/usb/qmi_wwan.c | 13 +++ drivers/scsi/libsas/sas_scsi_host.c | 33 +++----- drivers/scsi/sg.c | 2 +- drivers/usb/usbip/stub.h | 2 + drivers/usb/usbip/stub_dev.c | 69 +++++++++------- drivers/usb/usbip/stub_main.c | 105 +++++++++++++++++++++--- fs/ext2/inode.c | 10 --- fs/hfsplus/super.c | 1 + fs/lockd/svc.c | 2 + fs/pipe.c | 3 + include/linux/efi.h | 8 +- include/trace/events/xen.h | 16 ---- include/uapi/linux/nl80211.h | 2 + kernel/exit.c | 4 + kernel/time/tick-broadcast.c | 8 ++ net/bridge/br_if.c | 4 +- net/compat.c | 6 +- net/dccp/ccids/ccid2.c | 14 +++- net/dccp/timer.c | 2 +- net/ipv4/ip_output.c | 3 +- net/ipv4/ping.c | 7 +- net/ipv4/tcp.c | 2 +- net/ipv4/tcp_output.c | 7 +- net/ipv4/udp.c | 7 +- net/ipv6/ip6_output.c | 3 +- net/l2tp/l2tp_netlink.c | 2 - net/llc/af_llc.c | 3 + net/sched/sch_fq.c | 37 ++++++--- net/sctp/associola.c | 30 ++++++- net/sctp/inqueue.c | 2 +- net/sctp/sm_statefuns.c | 89 +++++++++++--------- net/wireless/core.c | 3 + sound/core/control_compat.c | 3 +- sound/usb/mixer.c | 8 ++ 52 files changed, 427 insertions(+), 202 deletions(-)

7 years, 3 months

5
49
0 0

[PATCH 4.14 000/165] 4.14.44-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.14.44 release. There are 165 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat May 26 09:35:46 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.44-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.14.44-rc1 James Hogan <jhogan(a)kernel.org> rtc: goldfish: Add missing MODULE_LICENSE Alexandre Belloni <alexandre.belloni(a)bootlin.com> rtc: rp5c01: fix possible race condition Colin Ian King <colin.king(a)canonical.com> rtc: tx4939: avoid unintended sign extension on a 24 bit shift Alexandre Belloni <alexandre.belloni(a)bootlin.com> rtc: m41t80: fix race conditions Alexandre Belloni <alexandre.belloni(a)bootlin.com> rtc: rk808: fix possible race condition Alexandre Belloni <alexandre.belloni(a)bootlin.com> rtc: hctosys: Ensure system time doesn't overflow time_t Bryan O'Donoghue <pure.logic(a)nexus-software.ie> rtc: snvs: Fix usage of snvs_rtc_enable Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> serial: altera: ensure port->regshift is honored consistently Vignesh R <vigneshr(a)ti.com> serial: 8250: Don't service RX FIFO if interrupts are disabled Geert Uytterhoeven <geert+renesas(a)glider.be> serial: arc_uart: Fix out-of-bounds access through DT alias Geert Uytterhoeven <geert+renesas(a)glider.be> serial: fsl_lpuart: Fix out-of-bounds access through DT alias Geert Uytterhoeven <geert+renesas(a)glider.be> serial: imx: Fix out-of-bounds access through serial port index Geert Uytterhoeven <geert+renesas(a)glider.be> serial: mxs-auart: Fix out-of-bounds access through serial port index Geert Uytterhoeven <geert+renesas(a)glider.be> serial: samsung: Fix out-of-bounds access through serial port index Geert Uytterhoeven <geert+renesas(a)glider.be> serial: sh-sci: Fix out-of-bounds access through DT alias Geert Uytterhoeven <geert+renesas(a)glider.be> serial: xuartps: Fix out-of-bounds access through DT alias Colin Ian King <colin.king(a)canonical.com> media: cx25821: prevent out-of-bounds read on array card Hans Verkuil <hverkuil(a)xs4all.nl> media: vivid: fix incorrect capabilities for radio Masami Hiramatsu <mhiramat(a)kernel.org> media: vb2: Fix videobuf2 to map correct area Kieran Bingham <kieran.bingham(a)ideasonboard.com> media: i2c: adv748x: fix HDMI field heights Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> media: v4l: vsp1: Fix display stalls when requesting too many inputs Brad Love <brad(a)nextdimension.cc> media: em28xx: Add Hauppauge SoloHD/DualHD bulk models Brad Love <brad(a)nextdimension.cc> media: lgdt3306a: Fix a double kfree on i2c device remove Arnd Bergmann <arnd(a)arndb.de> media: s3c-camif: fix out-of-bounds array access Brad Love <brad(a)nextdimension.cc> media: cx23885: Set subdev host data to clk_freq pointer Brad Love <brad(a)nextdimension.cc> media: cx23885: Override 888 ImpactVCBe crystal frequency Akinobu Mita <akinobu.mita(a)gmail.com> media: ov5645: add missing of_node_put() in error path Mauro Carvalho Chehab <mchehab(a)kernel.org> media: Don't let tvp5150_get_vbi() go out of vbi_ram_default array Mauro Carvalho Chehab <mchehab(a)kernel.org> media: dmxdev: fix error code for invalid ioctls Andrzej Hajda <a.hajda(a)samsung.com> clk: samsung: exynos3250: Fix PLL rates Andrzej Hajda <a.hajda(a)samsung.com> clk: samsung: exynos5250: Fix PLL rates Andrzej Hajda <a.hajda(a)samsung.com> clk: samsung: exynos5433: Fix PLL rates Andrzej Hajda <a.hajda(a)samsung.com> clk: samsung: exynos5260: Fix PLL rates Andrzej Hajda <a.hajda(a)samsung.com> clk: samsung: exynos7: Fix PLL rates Andrzej Hajda <a.hajda(a)samsung.com> clk: samsung: s3c2410: Fix PLL rates Shawn Lin <shawn.lin(a)rock-chips.com> clk: rockchip: Prevent calculating mmc phase if clock rate is zero Marcel Ziswiler <marcel(a)ziswiler.com> clk: tegra: Fix pll_u rate configuration Arnd Bergmann <arnd(a)arndb.de> clk: hisilicon: mark wdt_mux_p[] as const Shawn Lin <shawn.lin(a)rock-chips.com> clk: Don't show the incorrect clock phase Shawn Lin <shawn.lin(a)rock-chips.com> clk: rockchip: Fix wrong parent for SDMMC phase clock for rk3228 Sylwester Nawrocki <s.nawrocki(a)samsung.com> ASoC: samsung: i2s: Ensure the RCLK rate is properly determined Ranjani Sridharan <ranjani.sridharan(a)linux.intel.com> ASoC: topology: create TLV data for dapm widgets Sylwester Nawrocki <s.nawrocki(a)samsung.com> ASoC: samsung: odroid: Fix 32000 sample rate handling Ezequiel Garcia <ezequiel(a)collabora.co.uk> ASoC: rockchip: rk3288-hdmi-analog: Select needed codecs Peter Ujfalusi <peter.ujfalusi(a)ti.com> ASoC: hdmi-codec: Fix module unloading caused kernel crash James Smart <jsmart2021(a)gmail.com> scsi: lpfc: Fix frequency of Release WQE CQEs James Smart <jsmart2021(a)gmail.com> scsi: lpfc: Fix soft lockup in lpfc worker thread during LIP testing James Smart <jsmart2021(a)gmail.com> scsi: lpfc: Fix issue_lip if link is disabled Wilfried Weissmann <wilfried.weissmann(a)gmx.at> scsi: mvsas: fix wrong endianness of sgpio api Douglas Gilbert <dgilbert(a)interlog.com> scsi: core: Make SCSI Status CONDITION MET equivalent to GOOD Dave Carroll <david.carroll(a)microsemi.com> scsi: aacraid: Insure command thread is not recursively stopped Jianchao Wang <jianchao.w.wang(a)oracle.com> scsi: iscsi_tcp: set BDI_CAP_STABLE_WRITES when data digest enabled Jeremy Cline <jeremy(a)jcline.org> scsi: sd: Keep disk read-only when re-reading partition Hannes Reinecke <hare(a)suse.de> scsi: mpt3sas: Do not mark fw_event workqueue as WQ_MEM_RECLAIM Manish Rangankar <manish.rangankar(a)cavium.com> scsi: qedi: Fix kernel crash during port toggle Hannes Reinecke <hare(a)suse.de> scsi: core: return BLK_STS_OK for DID_OK in __scsi_error_from_host_byte() Manish Rangankar <manish.rangankar(a)cavium.com> scsi: qla4xxx: skip error recovery in case of register disconnect. Meelis Roos <mroos(a)linux.ee> scsi: aacraid: fix shutdown crash when init fails Andrew Vasquez <andrew.vasquez(a)cavium.com> scsi: qedi: Fix truncation of CHAP name and secret Michael Kelley (EOSG) <Michael.H.Kelley(a)microsoft.com> scsi: storvsc: Increase cmd_per_lun for higher speed devices Bart Van Assche <bart.vanassche(a)wdc.com> scsi: qla2xxx: Avoid triggering undefined behavior in qla2x00_mbx_completion() Dan Carpenter <dan.carpenter(a)oracle.com> scsi: mptfusion: Add bounds check in mptctl_hp_targetinfo() Dan Carpenter <dan.carpenter(a)oracle.com> scsi: sym53c8xx_2: iterator underflow in sym_getsync() Chad Dupuis <chad.dupuis(a)cavium.com> scsi: bnx2fc: Fix check in SCSI completion handler for timed out request Sujit Reddy Thumma <sthumma(a)codeaurora.org> scsi: ufs: Enable quirk to ignore sending WRITE_SAME command Quinn Tran <quinn.tran(a)cavium.com> scsi: qla2xxx: Fix memory corruption during hba reset test Tomas Henzl <thenzl(a)redhat.com> scsi: mpt3sas: fix an out of bound write Antoine Tenart <antoine.tenart(a)bootlin.com> crypto: inside-secure - fix the invalidation step during cra_exit Peter Robinson <pbrobinson(a)gmail.com> crypto: sunxi-ss - Add MODULE_ALIAS to sun4i-ss Antoine Tenart <antoine.tenart(a)bootlin.com> crypto: inside-secure - fix the extra cache computation Antoine Tenart <antoine.tenart(a)bootlin.com> crypto: inside-secure - fix the cache_len computation Antoine Tenart <antoine.tenart(a)bootlin.com> crypto: inside-secure - do not process request if no command was issued Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> crypto: ccp - don't disable interrupts while setting up debugfs Antoine Tenart <antoine.tenart(a)bootlin.com> crypto: atmel-aes - fix the keys zeroing on errors Antoine Tenart <antoine.tenart(a)bootlin.com> crypto: inside-secure - wait for the request to complete if in the backlog NeilBrown <neilb(a)suse.com> staging: lustre: lmv: correctly iput lmo_root Quytelda Kahja <quytelda(a)tamalin.org> staging: ks7010: Use constants from ieee80211_eid instead of literal ints. Colin Ian King <colin.king(a)canonical.com> staging: rtl8192u: return -ENOMEM on failed allocation of priv->oldaddr Ioana Radulescu <ruxandra.radulescu(a)nxp.com> staging: fsl-dpaa2/eth: Fix incorrect casts NeilBrown <neilb(a)suse.com> staging: lustre: fix bug in osc_enter_cache_try Kirill Marinushkin <k.marinushkin(a)gmail.com> staging: bcm2835-audio: Release resources on module_exit() Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Show what USB release number the xHC supports from protocol capablity Larry Finger <Larry.Finger(a)lwfinger.net> Bluetooth: btusb: Add device ID for RTL8822BE Brad Love <brad(a)nextdimension.cc> media: em28xx: USB bulk packet size fix Brad Love <brad(a)nextdimension.cc> media: lgdt3306a: Fix module count mismatch on usb unplug Chris Dickens <christopher.a.dickens(a)gmail.com> usb: gadget: composite: fix incorrect handling of OS desc requests Wolfram Sang <wsa+renesas(a)sang-engineering.com> usb: gadget: udc: change comparison to bitshift when dealing with a mask Ben Hutchings <ben(a)decadent.org.uk> usbip: Correct maximum value of CONFIG_USBIP_VHCI_HC_PORTS Lars-Peter Clausen <lars(a)metafoo.de> usb: gadget: ffs: Execute copy_to_user() with USER_DS set Lars-Peter Clausen <lars(a)metafoo.de> usb: gadget: ffs: Let setup() return USB_GADGET_DELAYED_STATUS Minas Harutyunyan <hminas(a)synopsys.com> usb: dwc2: host: Fix transaction errors in host mode Minas Harutyunyan <hminas(a)synopsys.com> usb: dwc2: hcd: Fix host channel halt flow Grigor Tovmasyan <Grigor.Tovmasyan(a)synopsys.com> usb: dwc2: Fix interval type issue Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: zero usb device slot_id member when disabling and freeing a xhci slot Felipe Balbi <felipe.balbi(a)linux.intel.com> usb: dwc3: Makefile: fix link error on randconfig Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: Update DWC_usb31 GTXFIFOSIZ reg fields Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: Add SoftReset PHY synchonization delay Nobutaka Okabe <nob77413(a)gmail.com> ALSA: usb-audio: Add native DSD support for Luxman DA-06 Vicente Bergas <vicencb(a)gmail.com> Bluetooth: btusb: Add USB ID 7392:a611 for Edimax EW-7611ULB Giuseppe Lippolis <giu.lippolis(a)gmail.com> net-usb: add qmi_wwan if on lte modem wistron neweb d18q1 Torsten Hilbrich <torsten.hilbrich(a)secunet.com> net/usb/qmi_wwan.c: Add USB id for lt4120 modem Fredrik Noring <noring(a)nocrew.org> USB: OHCI: Fix NULL dereference in HCDs using HCD_LOCAL_MEM Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> usb: host: xhci-plat: revert "usb: host: xhci-plat: enable clk in resume timing" Leonard Crestez <leonard.crestez(a)nxp.com> ARM: dts: imx7d-sdb: Fix regulator-usb-otg2-vbus node name Eric Dumazet <edumazet(a)google.com> net: usbnet: fix potential deadlock on 32bit hosts Dominik Bozek <dominikx.bozek(a)intel.com> usb: cdc_acm: prevent race at write to acm while system resumes Vardan Mikayelyan <mvardan(a)synopsys.com> usb: dwc2: Fix dwc2_hsotg_core_init_disconnected() Stefan Agner <stefan(a)agner.ch> usb: gadget: fsl_udc_core: fix ep valid checks Manu Gautam <mgautam(a)codeaurora.org> usb: gadget: core: Fix use-after-free of usb_request Roger Quadros <rogerq(a)ti.com> usb: dwc3: omap: don't miss events during suspend/resume Brian Norris <briannorris(a)chromium.org> usb: dwc3: Undo PHY init if soft reset fails John Keeping <john(a)metanate.com> usb: gadget: f_uac2: fix bFirstInterface in composite gadget Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> x86/kexec: Avoid double free_page() upon do_kexec_load() failure Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> hfsplus: stop workqueue when fill_super() failed Johannes Berg <johannes.berg(a)intel.com> cfg80211: limit wiphy names to 128 bytes Omar Sandoval <osandov(a)fb.com> loop: fix LOOP_GET_STATUS lock imbalance Omar Sandoval <osandov(a)fb.com> loop: don't call into filesystem while holding lo_ctl_mutex Jens Remus <jremus(a)linux.ibm.com> scsi: zfcp: fix infinite iteration on ERP ready list Alexander Potapenko <glider(a)google.com> scsi: sg: allocate with __GFP_ZERO in sg_build_indirect() Jason Yan <yanaijie(a)huawei.com> scsi: libsas: defer ata device eh commands to libata Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390: use expoline thunks in the BPF JIT Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390: extend expoline to BC instructions Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390: move spectre sysfs attribute code Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390/kernel: use expoline for indirect branches Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390/ftrace: use expoline for indirect branches Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390/lib: use expoline for indirect branches Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390/crc32-vx: use expoline for indirect branches Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390: move expoline assembler macros to a header Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390: add assembler macros for CPU alternatives Al Viro <viro(a)zeniv.linux.org.uk> ext2: fix a block leak Arvind Yadav <arvind.yadav.cs(a)gmail.com> sparc: vio: use put_device() instead of kfree() Mohammed Gamal <mgamal(a)redhat.com> hv_netvsc: Fix net device attach on older Windows hosts Mohammed Gamal <mgamal(a)redhat.com> hv_netvsc: Ensure correct teardown message sequence order Mohammed Gamal <mgamal(a)redhat.com> hv_netvsc: Split netvsc_revoke_buf() and netvsc_teardown_gpadl() Mohammed Gamal <mgamal(a)redhat.com> hv_netvsc: Use Windows version instead of NVSP version on GPAD teardown Stephen Hemminger <stephen(a)networkplumber.org> hv_netvsc: common detach logic Stephen Hemminger <stephen(a)networkplumber.org> hv_netvsc: change GPAD teardown order on older versions Stephen Hemminger <stephen(a)networkplumber.org> hv_netvsc: use RCU to fix concurrent rx and queue changes Stephen Hemminger <stephen(a)networkplumber.org> hv_netvsc: disable NAPI before channel close Stephen Hemminger <stephen(a)networkplumber.org> hv_netvsc: defer queue selection to VF Stephen Hemminger <stephen(a)networkplumber.org> hv_netvsc: fix race in napi poll when rescheduling Stephen Hemminger <stephen(a)networkplumber.org> hv_netvsc: cancel subchannel setup before halting device Stephen Hemminger <stephen(a)networkplumber.org> hv_netvsc: fix error unwind handling if vmbus_open fails Stephen Hemminger <stephen(a)networkplumber.org> hv_netvsc: only wake transmit queue if link is up Stephen Hemminger <stephen(a)networkplumber.org> hv_netvsc: avoid retry on send during shutdown Haiyang Zhang <haiyangz(a)microsoft.com> hv_netvsc: Use the num_online_cpus() for channel limit Stephen Hemminger <stephen(a)networkplumber.org> hv_netvsc: empty current transmit aggregation if flow blocked Vitaly Kuznetsov <vkuznets(a)redhat.com> hv_netvsc: preserve hw_features on mtu/channels/ringparam changes Vitaly Kuznetsov <vkuznets(a)redhat.com> hv_netvsc: netvsc_teardown_gpadl() split Haiyang Zhang <haiyangz(a)microsoft.com> hv_netvsc: Set tx_table to equal weight after subchannels open Haiyang Zhang <haiyangz(a)microsoft.com> hv_netvsc: Add initialization of tx_table in netvsc_device_add() Haiyang Zhang <haiyangz(a)microsoft.com> hv_netvsc: Rename tx_send_table to tx_table Haiyang Zhang <haiyangz(a)microsoft.com> hv_netvsc: Rename ind_table to rx_table Haiyang Zhang <haiyangz(a)microsoft.com> hv_netvsc: Fix the real number of queues of non-vRSS cases hpreg(a)vmware.com <hpreg(a)vmware.com> vmxnet3: use DMA memory barriers where required hpreg(a)vmware.com <hpreg(a)vmware.com> vmxnet3: set the DMA mask before the first DMA map operation Eric Dumazet <edumazet(a)google.com> tcp: purge write queue in tcp_connect_init() Eric Dumazet <edumazet(a)google.com> sock_diag: fix use-after-free read in __sk_free Willem de Bruijn <willemb(a)google.com> packet: in packet_snd start writing at link layer allocation Willem de Bruijn <willemb(a)google.com> net: test tailroom before appending to linear skb Eric Biggers <ebiggers(a)google.com> net/smc: check for missing nlattrs in SMC_PNETID messages Paolo Abeni <pabeni(a)redhat.com> net: sched: red: avoid hashing NULL child Davide Caratti <dcaratti(a)redhat.com> net/sched: fix refcnt leak in the error path of tcf_vlan_init() Tarick Bedeir <tarick(a)google.com> net/mlx4_core: Fix error handling in mlx4_init_port_info. Amritha Nambiar <amritha.nambiar(a)intel.com> net: Fix a bug in removing queues from XPS map ------------- Diffstat: Makefile | 4 +- arch/arm/boot/dts/imx7d-sdb.dts | 2 +- arch/s390/crypto/crc32be-vx.S | 5 +- arch/s390/crypto/crc32le-vx.S | 4 +- arch/s390/include/asm/alternative-asm.h | 108 +++++++ arch/s390/include/asm/nospec-insn.h | 195 +++++++++++++ arch/s390/kernel/Makefile | 1 + arch/s390/kernel/asm-offsets.c | 1 + arch/s390/kernel/base.S | 24 +- arch/s390/kernel/entry.S | 105 ++----- arch/s390/kernel/mcount.S | 14 +- arch/s390/kernel/nospec-branch.c | 43 ++- arch/s390/kernel/nospec-sysfs.c | 21 ++ arch/s390/kernel/reipl.S | 7 +- arch/s390/kernel/swsusp.S | 10 +- arch/s390/lib/mem.S | 13 +- arch/s390/net/bpf_jit.S | 16 +- arch/s390/net/bpf_jit_comp.c | 63 ++++- arch/sparc/kernel/vio.c | 2 +- arch/x86/kernel/machine_kexec_32.c | 6 +- arch/x86/kernel/machine_kexec_64.c | 5 +- drivers/block/loop.c | 71 +++-- drivers/bluetooth/btusb.c | 6 + drivers/clk/clk.c | 3 + drivers/clk/hisilicon/crg-hi3516cv300.c | 2 +- drivers/clk/rockchip/clk-mmc-phase.c | 23 ++ drivers/clk/rockchip/clk-rk3228.c | 2 +- drivers/clk/samsung/clk-exynos3250.c | 4 +- drivers/clk/samsung/clk-exynos5250.c | 8 +- drivers/clk/samsung/clk-exynos5260.c | 2 +- drivers/clk/samsung/clk-exynos5433.c | 12 +- drivers/clk/samsung/clk-exynos7.c | 2 +- drivers/clk/samsung/clk-s3c2410.c | 16 +- drivers/clk/tegra/clk-pll.c | 2 + drivers/crypto/atmel-aes.c | 2 +- drivers/crypto/ccp/ccp-debugfs.c | 7 +- drivers/crypto/inside-secure/safexcel.c | 9 + drivers/crypto/inside-secure/safexcel_cipher.c | 2 +- drivers/crypto/inside-secure/safexcel_hash.c | 8 +- drivers/crypto/sunxi-ss/sun4i-ss-core.c | 1 + drivers/media/dvb-core/dmxdev.c | 2 +- drivers/media/dvb-frontends/lgdt3306a.c | 10 +- drivers/media/i2c/adv748x/adv748x-hdmi.c | 3 + drivers/media/i2c/ov5645.c | 5 +- drivers/media/i2c/tvp5150.c | 88 +++--- drivers/media/pci/cx23885/cx23885-cards.c | 4 + drivers/media/pci/cx23885/cx23885-core.c | 10 + drivers/media/pci/cx25821/cx25821-core.c | 7 +- drivers/media/platform/s3c-camif/camif-capture.c | 7 +- drivers/media/platform/vivid/vivid-ctrls.c | 2 + drivers/media/platform/vsp1/vsp1_drm.c | 9 + drivers/media/usb/em28xx/em28xx-cards.c | 22 +- drivers/media/usb/em28xx/em28xx.h | 2 +- drivers/media/v4l2-core/videobuf2-vmalloc.c | 2 +- drivers/message/fusion/mptctl.c | 2 + drivers/net/ethernet/mellanox/mlx4/main.c | 4 +- drivers/net/hyperv/hyperv_net.h | 11 +- drivers/net/hyperv/netvsc.c | 203 ++++++++------ drivers/net/hyperv/netvsc_drv.c | 310 ++++++++++++--------- drivers/net/hyperv/rndis_filter.c | 210 +++++++------- drivers/net/usb/qmi_wwan.c | 4 + drivers/net/usb/usbnet.c | 10 +- drivers/net/vmxnet3/vmxnet3_drv.c | 72 +++-- drivers/rtc/hctosys.c | 5 + drivers/rtc/rtc-goldfish.c | 2 + drivers/rtc/rtc-m41t80.c | 18 +- drivers/rtc/rtc-rk808.c | 14 +- drivers/rtc/rtc-rp5c01.c | 12 +- drivers/rtc/rtc-snvs.c | 15 +- drivers/rtc/rtc-tx4939.c | 6 +- drivers/s390/scsi/zfcp_dbf.c | 23 +- drivers/s390/scsi/zfcp_ext.h | 5 +- drivers/s390/scsi/zfcp_scsi.c | 14 +- drivers/scsi/aacraid/commsup.c | 4 +- drivers/scsi/aacraid/linit.c | 5 +- drivers/scsi/bnx2fc/bnx2fc_io.c | 1 + drivers/scsi/iscsi_tcp.c | 8 + drivers/scsi/libsas/sas_scsi_host.c | 33 +-- drivers/scsi/lpfc/lpfc_attr.c | 5 + drivers/scsi/lpfc/lpfc_hbadisc.c | 5 +- drivers/scsi/lpfc/lpfc_sli.c | 2 + drivers/scsi/mpt3sas/mpt3sas_base.c | 5 +- drivers/scsi/mpt3sas/mpt3sas_scsih.c | 2 +- drivers/scsi/mvsas/mv_94xx.c | 23 +- drivers/scsi/qedi/qedi_fw.c | 5 + drivers/scsi/qedi/qedi_main.c | 24 +- drivers/scsi/qla2xxx/qla_isr.c | 6 +- drivers/scsi/qla2xxx/qla_os.c | 2 + drivers/scsi/qla4xxx/ql4_def.h | 2 + drivers/scsi/qla4xxx/ql4_os.c | 46 +++ drivers/scsi/scsi_lib.c | 13 + drivers/scsi/sd.c | 3 +- drivers/scsi/sg.c | 2 +- drivers/scsi/storvsc_drv.c | 2 +- drivers/scsi/sym53c8xx_2/sym_hipd.c | 2 +- drivers/scsi/ufs/ufshcd.c | 2 + drivers/staging/fsl-dpaa2/ethernet/dpaa2-eth.c | 6 +- drivers/staging/ks7010/ks_hostif.c | 31 +-- drivers/staging/ks7010/ks_hostif.h | 1 + drivers/staging/lustre/lustre/include/obd.h | 2 +- drivers/staging/lustre/lustre/lmv/lmv_obd.c | 2 +- drivers/staging/lustre/lustre/osc/osc_cache.c | 2 +- drivers/staging/rtl8192u/r8192U_core.c | 2 + .../staging/vc04_services/bcm2835-audio/bcm2835.c | 54 ++-- drivers/tty/serial/8250/8250_port.c | 3 +- drivers/tty/serial/altera_uart.c | 12 +- drivers/tty/serial/arc_uart.c | 5 + drivers/tty/serial/fsl_lpuart.c | 4 + drivers/tty/serial/imx.c | 6 + drivers/tty/serial/mxs-auart.c | 4 + drivers/tty/serial/samsung.c | 4 + drivers/tty/serial/sh-sci.c | 4 + drivers/tty/serial/xilinx_uartps.c | 2 +- drivers/usb/class/cdc-acm.c | 9 +- drivers/usb/dwc2/core.h | 2 +- drivers/usb/dwc2/gadget.c | 12 +- drivers/usb/dwc2/hcd.c | 32 ++- drivers/usb/dwc3/Makefile | 2 +- drivers/usb/dwc3/core.c | 16 +- drivers/usb/dwc3/core.h | 2 + drivers/usb/dwc3/dwc3-omap.c | 16 ++ drivers/usb/gadget/composite.c | 40 ++- drivers/usb/gadget/function/f_fs.c | 6 +- drivers/usb/gadget/function/f_uac2.c | 2 + drivers/usb/gadget/udc/core.c | 2 +- drivers/usb/gadget/udc/fsl_udc_core.c | 4 +- drivers/usb/gadget/udc/goku_udc.h | 2 +- drivers/usb/host/ohci-hcd.c | 3 +- drivers/usb/host/xhci-mem.c | 2 + drivers/usb/host/xhci-plat.c | 11 +- drivers/usb/host/xhci.c | 14 +- drivers/usb/usbip/Kconfig | 2 +- fs/ext2/inode.c | 10 - fs/hfsplus/super.c | 1 + include/linux/u64_stats_sync.h | 22 ++ include/linux/usb/composite.h | 3 + include/scsi/scsi.h | 2 + include/uapi/linux/nl80211.h | 2 + net/core/dev.c | 2 +- net/core/sock.c | 2 +- net/ipv4/ip_output.c | 3 +- net/ipv4/tcp_output.c | 7 +- net/ipv6/ip6_output.c | 3 +- net/packet/af_packet.c | 4 +- net/sched/act_vlan.c | 2 + net/sched/sch_red.c | 5 +- net/sched/sch_tbf.c | 5 +- net/smc/smc_pnet.c | 71 ++--- net/wireless/core.c | 3 + sound/soc/codecs/hdmi-codec.c | 7 +- sound/soc/rockchip/Kconfig | 3 + sound/soc/samsung/i2s.c | 13 +- sound/soc/samsung/odroid.c | 11 +- sound/soc/soc-topology.c | 3 + sound/usb/quirks.c | 29 +- 155 files changed, 1787 insertions(+), 895 deletions(-)

7 years, 3 months

6
171
0 0

[PATCH 4.9 00/96] 4.9.103-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.9.103 release. There are 96 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat May 26 09:35:42 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.103-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.9.103-rc1 Colin Ian King <colin.king(a)canonical.com> rtc: tx4939: avoid unintended sign extension on a 24 bit shift Alexandre Belloni <alexandre.belloni(a)bootlin.com> rtc: hctosys: Ensure system time doesn't overflow time_t Bryan O'Donoghue <pure.logic(a)nexus-software.ie> rtc: snvs: Fix usage of snvs_rtc_enable Vignesh R <vigneshr(a)ti.com> serial: 8250: Don't service RX FIFO if interrupts are disabled Geert Uytterhoeven <geert+renesas(a)glider.be> serial: arc_uart: Fix out-of-bounds access through DT alias Geert Uytterhoeven <geert+renesas(a)glider.be> serial: fsl_lpuart: Fix out-of-bounds access through DT alias Geert Uytterhoeven <geert+renesas(a)glider.be> serial: imx: Fix out-of-bounds access through serial port index Geert Uytterhoeven <geert+renesas(a)glider.be> serial: mxs-auart: Fix out-of-bounds access through serial port index Geert Uytterhoeven <geert+renesas(a)glider.be> serial: samsung: Fix out-of-bounds access through serial port index Geert Uytterhoeven <geert+renesas(a)glider.be> serial: xuartps: Fix out-of-bounds access through DT alias Colin Ian King <colin.king(a)canonical.com> media: cx25821: prevent out-of-bounds read on array card Hans Verkuil <hverkuil(a)xs4all.nl> media: vivid: fix incorrect capabilities for radio Masami Hiramatsu <mhiramat(a)kernel.org> media: vb2: Fix videobuf2 to map correct area Arnd Bergmann <arnd(a)arndb.de> media: s3c-camif: fix out-of-bounds array access Brad Love <brad(a)nextdimension.cc> media: cx23885: Override 888 ImpactVCBe crystal frequency Mauro Carvalho Chehab <mchehab(a)kernel.org> media: dmxdev: fix error code for invalid ioctls Andrzej Hajda <a.hajda(a)samsung.com> clk: samsung: exynos3250: Fix PLL rates Andrzej Hajda <a.hajda(a)samsung.com> clk: samsung: exynos5250: Fix PLL rates Andrzej Hajda <a.hajda(a)samsung.com> clk: samsung: exynos5433: Fix PLL rates Andrzej Hajda <a.hajda(a)samsung.com> clk: samsung: exynos5260: Fix PLL rates Andrzej Hajda <a.hajda(a)samsung.com> clk: samsung: exynos7: Fix PLL rates Andrzej Hajda <a.hajda(a)samsung.com> clk: samsung: s3c2410: Fix PLL rates Shawn Lin <shawn.lin(a)rock-chips.com> clk: rockchip: Prevent calculating mmc phase if clock rate is zero Brad Love <brad(a)nextdimension.cc> media: cx23885: Set subdev host data to clk_freq pointer Marcel Ziswiler <marcel(a)ziswiler.com> clk: tegra: Fix pll_u rate configuration Shawn Lin <shawn.lin(a)rock-chips.com> clk: Don't show the incorrect clock phase Shawn Lin <shawn.lin(a)rock-chips.com> clk: rockchip: Fix wrong parent for SDMMC phase clock for rk3228 Sylwester Nawrocki <s.nawrocki(a)samsung.com> ASoC: samsung: i2s: Ensure the RCLK rate is properly determined Ranjani Sridharan <ranjani.sridharan(a)linux.intel.com> ASoC: topology: create TLV data for dapm widgets Dan Carpenter <dan.carpenter(a)oracle.com> ASoC: au1x: Fix timeout tests in au1xac97c_ac97_read() James Smart <jsmart2021(a)gmail.com> scsi: lpfc: Fix frequency of Release WQE CQEs James Smart <jsmart2021(a)gmail.com> scsi: lpfc: Fix soft lockup in lpfc worker thread during LIP testing James Smart <jsmart2021(a)gmail.com> scsi: lpfc: Fix issue_lip if link is disabled Wilfried Weissmann <wilfried.weissmann(a)gmx.at> scsi: mvsas: fix wrong endianness of sgpio api Dave Carroll <david.carroll(a)microsemi.com> scsi: aacraid: Insure command thread is not recursively stopped Jeremy Cline <jeremy(a)jcline.org> scsi: sd: Keep disk read-only when re-reading partition Hannes Reinecke <hare(a)suse.de> scsi: mpt3sas: Do not mark fw_event workqueue as WQ_MEM_RECLAIM Manish Rangankar <manish.rangankar(a)cavium.com> scsi: qla4xxx: skip error recovery in case of register disconnect. Meelis Roos <mroos(a)linux.ee> scsi: aacraid: fix shutdown crash when init fails Michael Kelley (EOSG) <Michael.H.Kelley(a)microsoft.com> scsi: storvsc: Increase cmd_per_lun for higher speed devices Bart Van Assche <bart.vanassche(a)wdc.com> scsi: qla2xxx: Avoid triggering undefined behavior in qla2x00_mbx_completion() Dan Carpenter <dan.carpenter(a)oracle.com> scsi: mptfusion: Add bounds check in mptctl_hp_targetinfo() Dan Carpenter <dan.carpenter(a)oracle.com> scsi: sym53c8xx_2: iterator underflow in sym_getsync() Chad Dupuis <chad.dupuis(a)cavium.com> scsi: bnx2fc: Fix check in SCSI completion handler for timed out request Sujit Reddy Thumma <sthumma(a)codeaurora.org> scsi: ufs: Enable quirk to ignore sending WRITE_SAME command Arnd Bergmann <arnd(a)arndb.de> scsi: fas216: fix sense buffer initialization Peter Robinson <pbrobinson(a)gmail.com> crypto: sunxi-ss - Add MODULE_ALIAS to sun4i-ss NeilBrown <neilb(a)suse.com> staging: lustre: lmv: correctly iput lmo_root Colin Ian King <colin.king(a)canonical.com> staging: rtl8192u: return -ENOMEM on failed allocation of priv->oldaddr NeilBrown <neilb(a)suse.com> staging: lustre: fix bug in osc_enter_cache_try Larry Finger <Larry.Finger(a)lwfinger.net> Bluetooth: btusb: Add device ID for RTL8822BE Brad Love <brad(a)nextdimension.cc> media: em28xx: USB bulk packet size fix Chris Dickens <christopher.a.dickens(a)gmail.com> usb: gadget: composite: fix incorrect handling of OS desc requests Wolfram Sang <wsa+renesas(a)sang-engineering.com> usb: gadget: udc: change comparison to bitshift when dealing with a mask Lars-Peter Clausen <lars(a)metafoo.de> usb: gadget: ffs: Execute copy_to_user() with USER_DS set Lars-Peter Clausen <lars(a)metafoo.de> usb: gadget: ffs: Let setup() return USB_GADGET_DELAYED_STATUS Minas Harutyunyan <hminas(a)synopsys.com> usb: dwc2: host: Fix transaction errors in host mode Grigor Tovmasyan <Grigor.Tovmasyan(a)synopsys.com> usb: dwc2: Fix interval type issue Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: zero usb device slot_id member when disabling and freeing a xhci slot Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: Update DWC_usb31 GTXFIFOSIZ reg fields Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: Add SoftReset PHY synchonization delay Nobutaka Okabe <nob77413(a)gmail.com> ALSA: usb-audio: Add native DSD support for Luxman DA-06 Vicente Bergas <vicencb(a)gmail.com> Bluetooth: btusb: Add USB ID 7392:a611 for Edimax EW-7611ULB Giuseppe Lippolis <giu.lippolis(a)gmail.com> net-usb: add qmi_wwan if on lte modem wistron neweb d18q1 Torsten Hilbrich <torsten.hilbrich(a)secunet.com> net/usb/qmi_wwan.c: Add USB id for lt4120 modem Fredrik Noring <noring(a)nocrew.org> USB: OHCI: Fix NULL dereference in HCDs using HCD_LOCAL_MEM Dominik Bozek <dominikx.bozek(a)intel.com> usb: cdc_acm: prevent race at write to acm while system resumes Vardan Mikayelyan <mvardan(a)synopsys.com> usb: dwc2: Fix dwc2_hsotg_core_init_disconnected() Stefan Agner <stefan(a)agner.ch> usb: gadget: fsl_udc_core: fix ep valid checks Manu Gautam <mgautam(a)codeaurora.org> usb: gadget: core: Fix use-after-free of usb_request Roger Quadros <rogerq(a)ti.com> usb: dwc3: omap: don't miss events during suspend/resume Brian Norris <briannorris(a)chromium.org> usb: dwc3: Undo PHY init if soft reset fails John Keeping <john(a)metanate.com> usb: gadget: f_uac2: fix bFirstInterface in composite gadget Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> x86/kexec: Avoid double free_page() upon do_kexec_load() failure Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> hfsplus: stop workqueue when fill_super() failed Johannes Berg <johannes.berg(a)intel.com> cfg80211: limit wiphy names to 128 bytes Jens Remus <jremus(a)linux.ibm.com> scsi: zfcp: fix infinite iteration on ERP ready list Alexander Potapenko <glider(a)google.com> scsi: sg: allocate with __GFP_ZERO in sg_build_indirect() Jason Yan <yanaijie(a)huawei.com> scsi: libsas: defer ata device eh commands to libata Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390: use expoline thunks in the BPF JIT Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390: extend expoline to BC instructions Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390: move spectre sysfs attribute code Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390/kernel: use expoline for indirect branches Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390/ftrace: use expoline for indirect branches Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390/lib: use expoline for indirect branches Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390/crc32-vx: use expoline for indirect branches Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390: move expoline assembler macros to a header Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390: add assembler macros for CPU alternatives Al Viro <viro(a)zeniv.linux.org.uk> ext2: fix a block leak hpreg(a)vmware.com <hpreg(a)vmware.com> vmxnet3: use DMA memory barriers where required hpreg(a)vmware.com <hpreg(a)vmware.com> vmxnet3: set the DMA mask before the first DMA map operation Eric Dumazet <edumazet(a)google.com> tcp: purge write queue in tcp_connect_init() Eric Dumazet <edumazet(a)google.com> sock_diag: fix use-after-free read in __sk_free Willem de Bruijn <willemb(a)google.com> packet: in packet_snd start writing at link layer allocation Willem de Bruijn <willemb(a)google.com> net: test tailroom before appending to linear skb Tarick Bedeir <tarick(a)google.com> net/mlx4_core: Fix error handling in mlx4_init_port_info. ------------- Diffstat: Makefile | 4 +- arch/s390/crypto/crc32be-vx.S | 5 +- arch/s390/crypto/crc32le-vx.S | 4 +- arch/s390/include/asm/alternative-asm.h | 108 +++++++++++++ arch/s390/include/asm/nospec-insn.h | 195 +++++++++++++++++++++++ arch/s390/kernel/Makefile | 1 + arch/s390/kernel/asm-offsets.c | 1 + arch/s390/kernel/base.S | 24 +-- arch/s390/kernel/entry.S | 105 +++--------- arch/s390/kernel/mcount.S | 14 +- arch/s390/kernel/nospec-branch.c | 43 +++-- arch/s390/kernel/nospec-sysfs.c | 21 +++ arch/s390/kernel/reipl.S | 7 +- arch/s390/kernel/swsusp.S | 9 +- arch/s390/lib/mem.S | 9 +- arch/s390/net/bpf_jit.S | 16 +- arch/s390/net/bpf_jit_comp.c | 63 +++++++- arch/x86/kernel/machine_kexec_32.c | 6 +- arch/x86/kernel/machine_kexec_64.c | 4 +- drivers/bluetooth/btusb.c | 6 + drivers/clk/clk.c | 3 + drivers/clk/rockchip/clk-mmc-phase.c | 23 +++ drivers/clk/rockchip/clk-rk3228.c | 2 +- drivers/clk/samsung/clk-exynos3250.c | 4 +- drivers/clk/samsung/clk-exynos5250.c | 8 +- drivers/clk/samsung/clk-exynos5260.c | 2 +- drivers/clk/samsung/clk-exynos5433.c | 12 +- drivers/clk/samsung/clk-exynos7.c | 2 +- drivers/clk/samsung/clk-s3c2410.c | 16 +- drivers/clk/tegra/clk-pll.c | 2 + drivers/crypto/sunxi-ss/sun4i-ss-core.c | 1 + drivers/media/dvb-core/dmxdev.c | 2 +- drivers/media/pci/cx23885/cx23885-cards.c | 4 + drivers/media/pci/cx23885/cx23885-core.c | 10 ++ drivers/media/pci/cx25821/cx25821-core.c | 7 +- drivers/media/platform/s3c-camif/camif-capture.c | 7 +- drivers/media/platform/vivid/vivid-ctrls.c | 2 + drivers/media/usb/em28xx/em28xx.h | 2 +- drivers/media/v4l2-core/videobuf2-vmalloc.c | 2 +- drivers/message/fusion/mptctl.c | 2 + drivers/net/ethernet/mellanox/mlx4/main.c | 4 +- drivers/net/usb/qmi_wwan.c | 4 + drivers/net/vmxnet3/vmxnet3_drv.c | 72 ++++++--- drivers/rtc/hctosys.c | 5 + drivers/rtc/rtc-snvs.c | 15 +- drivers/rtc/rtc-tx4939.c | 6 +- drivers/s390/scsi/zfcp_dbf.c | 23 ++- drivers/s390/scsi/zfcp_ext.h | 5 +- drivers/s390/scsi/zfcp_scsi.c | 14 +- drivers/scsi/aacraid/commsup.c | 4 +- drivers/scsi/aacraid/linit.c | 5 +- drivers/scsi/arm/fas216.c | 2 +- drivers/scsi/bnx2fc/bnx2fc_io.c | 1 + drivers/scsi/libsas/sas_scsi_host.c | 33 ++-- drivers/scsi/lpfc/lpfc_attr.c | 5 + drivers/scsi/lpfc/lpfc_hbadisc.c | 5 +- drivers/scsi/lpfc/lpfc_sli.c | 2 + drivers/scsi/mpt3sas/mpt3sas_scsih.c | 2 +- drivers/scsi/mvsas/mv_94xx.c | 23 +-- drivers/scsi/qla2xxx/qla_isr.c | 6 +- drivers/scsi/qla4xxx/ql4_def.h | 2 + drivers/scsi/qla4xxx/ql4_os.c | 46 ++++++ drivers/scsi/sd.c | 3 +- drivers/scsi/sg.c | 2 +- drivers/scsi/storvsc_drv.c | 2 +- drivers/scsi/sym53c8xx_2/sym_hipd.c | 2 +- drivers/scsi/ufs/ufshcd.c | 2 + drivers/staging/lustre/lustre/include/obd.h | 2 +- drivers/staging/lustre/lustre/lmv/lmv_obd.c | 2 +- drivers/staging/lustre/lustre/osc/osc_cache.c | 2 +- drivers/staging/rtl8192u/r8192U_core.c | 2 + drivers/tty/serial/8250/8250_port.c | 3 +- drivers/tty/serial/arc_uart.c | 5 + drivers/tty/serial/fsl_lpuart.c | 4 + drivers/tty/serial/imx.c | 6 + drivers/tty/serial/mxs-auart.c | 4 + drivers/tty/serial/samsung.c | 4 + drivers/tty/serial/xilinx_uartps.c | 2 +- drivers/usb/class/cdc-acm.c | 9 +- drivers/usb/dwc2/core.h | 2 +- drivers/usb/dwc2/gadget.c | 12 +- drivers/usb/dwc2/hcd.c | 14 +- drivers/usb/dwc3/core.c | 16 +- drivers/usb/dwc3/core.h | 2 + drivers/usb/dwc3/dwc3-omap.c | 16 ++ drivers/usb/gadget/composite.c | 40 +++-- drivers/usb/gadget/function/f_fs.c | 6 +- drivers/usb/gadget/function/f_uac2.c | 2 + drivers/usb/gadget/udc/core.c | 2 +- drivers/usb/gadget/udc/fsl_udc_core.c | 4 +- drivers/usb/gadget/udc/goku_udc.h | 2 +- drivers/usb/host/ohci-hcd.c | 3 +- drivers/usb/host/xhci-mem.c | 2 + fs/ext2/inode.c | 10 -- fs/hfsplus/super.c | 1 + include/linux/usb/composite.h | 3 + include/uapi/linux/nl80211.h | 2 + net/core/sock.c | 2 +- net/ipv4/ip_output.c | 3 +- net/ipv4/tcp_output.c | 7 +- net/ipv6/ip6_output.c | 3 +- net/packet/af_packet.c | 4 +- net/wireless/core.c | 3 + sound/soc/au1x/ac97c.c | 6 +- sound/soc/samsung/i2s.c | 13 +- sound/soc/soc-topology.c | 3 + sound/usb/quirks.c | 29 ++-- 107 files changed, 975 insertions(+), 335 deletions(-)

7 years, 3 months

4
98
0 0

patch "usb-storage: Add compatibility quirk flags for G-Technologies G-Drive" added to usb-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb-storage: Add compatibility quirk flags for G-Technologies G-Drive to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. >From ca7d9515d0e6825351ce106066cea1f60e40b1c8 Mon Sep 17 00:00:00 2001 From: Alexander Kappner <agk(a)godking.net> Date: Fri, 18 May 2018 21:50:16 -0700 Subject: usb-storage: Add compatibility quirk flags for G-Technologies G-Drive The "G-Drive" (sold by G-Technology) external USB 3.0 drive hangs on write access under UAS and usb-storage: [ 136.079121] sd 15:0:0:0: [sdi] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE [ 136.079144] sd 15:0:0:0: [sdi] tag#0 Sense Key : Illegal Request [current] [ 136.079152] sd 15:0:0:0: [sdi] tag#0 Add. Sense: Invalid field in cdb [ 136.079176] sd 15:0:0:0: [sdi] tag#0 CDB: Write(16) 8a 08 00 00 00 00 00 00 00 00 00 00 00 08 00 00 [ 136.079180] print_req_error: critical target error, dev sdi, sector 0 [ 136.079183] Buffer I/O error on dev sdi, logical block 0, lost sync page write [ 136.173148] EXT4-fs (sdi): mounted filesystem with ordered data mode. Opts: (null) [ 140.583998] sd 15:0:0:0: [sdi] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE [ 140.584010] sd 15:0:0:0: [sdi] tag#0 Sense Key : Illegal Request [current] [ 140.584016] sd 15:0:0:0: [sdi] tag#0 Add. Sense: Invalid field in cdb [ 140.584022] sd 15:0:0:0: [sdi] tag#0 CDB: Write(16) 8a 08 00 00 00 00 e8 c4 00 18 00 00 00 08 00 00 [ 140.584025] print_req_error: critical target error, dev sdi, sector 3905159192 [ 140.584044] print_req_error: critical target error, dev sdi, sector 3905159192 [ 140.584052] Aborting journal on device sdi-8. The proposed patch adds compatibility quirks. Because the drive requires two quirks (one to work with UAS, and another to work with usb-storage), adding this under unusual_devs.h and not just unusual_uas.h so kernels compiled without UAS receive the quirk. With the patch, the drive works reliably on UAS and usb- storage. (tested on NEC Corporation uPD720200 USB 3.0 host controller). Signed-off-by: Alexander Kappner <agk(a)godking.net> Acked-by: Alan Stern <stern(a)rowland.harvard.edu> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/storage/unusual_devs.h | 9 +++++++++ drivers/usb/storage/unusual_uas.h | 9 +++++++++ 2 files changed, 18 insertions(+) diff --git a/drivers/usb/storage/unusual_devs.h b/drivers/usb/storage/unusual_devs.h index 747d3a9596d9..22fcfccf453a 100644 --- a/drivers/usb/storage/unusual_devs.h +++ b/drivers/usb/storage/unusual_devs.h @@ -2321,6 +2321,15 @@ UNUSUAL_DEV( 0x4146, 0xba01, 0x0100, 0x0100, "Micro Mini 1GB", USB_SC_DEVICE, USB_PR_DEVICE, NULL, US_FL_NOT_LOCKABLE ), +/* "G-DRIVE" external HDD hangs on write without these. + * Patch submitted by Alexander Kappner <agk(a)godking.net> + */ +UNUSUAL_DEV(0x4971, 0x8024, 0x0000, 0x9999, + "SimpleTech", + "External HDD", + USB_SC_DEVICE, USB_PR_DEVICE, NULL, + US_FL_ALWAYS_SYNC), + /* * Nick Bowler <nbowler(a)elliptictech.com> * SCSI stack spams (otherwise harmless) error messages. diff --git a/drivers/usb/storage/unusual_uas.h b/drivers/usb/storage/unusual_uas.h index 38434d88954a..d0bdebd87ce3 100644 --- a/drivers/usb/storage/unusual_uas.h +++ b/drivers/usb/storage/unusual_uas.h @@ -107,3 +107,12 @@ UNUSUAL_DEV(0x4971, 0x8017, 0x0000, 0x9999, "External HDD", USB_SC_DEVICE, USB_PR_DEVICE, NULL, US_FL_NO_REPORT_OPCODES), + +/* "G-DRIVE" external HDD hangs on write without these. + * Patch submitted by Alexander Kappner <agk(a)godking.net> + */ +UNUSUAL_DEV(0x4971, 0x8024, 0x0000, 0x9999, + "SimpleTech", + "External HDD", + USB_SC_DEVICE, USB_PR_DEVICE, NULL, + US_FL_ALWAYS_SYNC), -- 2.17.0

7 years, 3 months

1
0
0 0

patch "usb-storage: Add support for FL_ALWAYS_SYNC flag in the UAS driver" added to usb-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb-storage: Add support for FL_ALWAYS_SYNC flag in the UAS driver to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. >From 8c4e97ddfe73a0958bb0abf7e6a3bc4cc3e04936 Mon Sep 17 00:00:00 2001 From: Alexander Kappner <agk(a)godking.net> Date: Fri, 18 May 2018 21:50:15 -0700 Subject: usb-storage: Add support for FL_ALWAYS_SYNC flag in the UAS driver The ALWAYS_SYNC flag is currently honored by the usb-storage driver but not UAS and is required to work around devices that become unstable upon being queried for cache. This code is taken straight from: drivers/usb/storage/scsiglue.c:284 Signed-off-by: Alexander Kappner <agk(a)godking.net> Acked-by: Alan Stern <stern(a)rowland.harvard.edu> Cc: stable <stable(a)vger.kernel.org> Acked-by: Oliver Neukum <oneukum(a)suse.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/storage/uas.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/usb/storage/uas.c b/drivers/usb/storage/uas.c index 6034c39b67d1..9e9de5452860 100644 --- a/drivers/usb/storage/uas.c +++ b/drivers/usb/storage/uas.c @@ -836,6 +836,12 @@ static int uas_slave_configure(struct scsi_device *sdev) if (devinfo->flags & US_FL_BROKEN_FUA) sdev->broken_fua = 1; + /* UAS also needs to support FL_ALWAYS_SYNC */ + if (devinfo->flags & US_FL_ALWAYS_SYNC) { + sdev->skip_ms_page_3f = 1; + sdev->skip_ms_page_8 = 1; + sdev->wce_default_on = 1; + } scsi_change_queue_depth(sdev, devinfo->qdepth - 2); return 0; } -- 2.17.0

7 years, 3 months

1
0
0 0

patch "usb: gadget: function: printer: avoid wrong list handling in" added to usb-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: gadget: function: printer: avoid wrong list handling in to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. >From 4a014a7339f441b0851ce012f469c0fadac61c81 Mon Sep 17 00:00:00 2001 From: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Date: Mon, 21 May 2018 20:18:07 +0900 Subject: usb: gadget: function: printer: avoid wrong list handling in printer_write() When printer_write() calls usb_ep_queue(), a udc driver (e.g. renesas_usbhs driver) may call usb_gadget_giveback_request() in the udc .queue ops immediately. Then, printer_write() calls list_add(&req->list, &dev->tx_reqs_active) wrongly. After that, if we do unbind the printer driver, WARN_ON() happens in printer_func_unbind() because the list entry is not removed. So, this patch moves list_add(&req->list, &dev->tx_reqs_active) calling before usb_ep_queue(). Signed-off-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Acked-by: Felipe Balbi <felipe.balbi(a)linux.intel.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/gadget/function/f_printer.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/usb/gadget/function/f_printer.c b/drivers/usb/gadget/function/f_printer.c index d359efe06c76..9c7ed2539ff7 100644 --- a/drivers/usb/gadget/function/f_printer.c +++ b/drivers/usb/gadget/function/f_printer.c @@ -631,19 +631,19 @@ printer_write(struct file *fd, const char __user *buf, size_t len, loff_t *ptr) return -EAGAIN; } + list_add(&req->list, &dev->tx_reqs_active); + /* here, we unlock, and only unlock, to avoid deadlock. */ spin_unlock(&dev->lock); value = usb_ep_queue(dev->in_ep, req, GFP_ATOMIC); spin_lock(&dev->lock); if (value) { + list_del(&req->list); list_add(&req->list, &dev->tx_reqs); spin_unlock_irqrestore(&dev->lock, flags); mutex_unlock(&dev->lock_printer_io); return -EAGAIN; } - - list_add(&req->list, &dev->tx_reqs_active); - } spin_unlock_irqrestore(&dev->lock, flags); -- 2.17.0

7 years, 3 months

1
0
0 0

patch "usb: gadget: udc: renesas_usb3: fix double phy_put()" added to usb-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: gadget: udc: renesas_usb3: fix double phy_put() to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. >From 8223b2f89ca63e203dcb54148e30d94979f17b0b Mon Sep 17 00:00:00 2001 From: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Date: Mon, 2 Apr 2018 21:21:31 +0900 Subject: usb: gadget: udc: renesas_usb3: fix double phy_put() This patch fixes an issue that this driver cause double phy_put() calling. This driver must not call phy_put() in the remove because the driver calls devm_phy_get() in the probe. Fixes: 279d4bc64060 ("usb: gadget: udc: renesas_usb3: add support for generic phy") Cc: <stable(a)vger.kernel.org> # v4.15+ Reviewed-by: Simon Horman <horms+renesas(a)verge.net.au> Signed-off-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Signed-off-by: Felipe Balbi <felipe.balbi(a)linux.intel.com> --- drivers/usb/gadget/udc/renesas_usb3.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/drivers/usb/gadget/udc/renesas_usb3.c b/drivers/usb/gadget/udc/renesas_usb3.c index 2bb2cca5ca82..5caf78bbbf7c 100644 --- a/drivers/usb/gadget/udc/renesas_usb3.c +++ b/drivers/usb/gadget/udc/renesas_usb3.c @@ -2421,8 +2421,6 @@ static int renesas_usb3_remove(struct platform_device *pdev) renesas_usb3_dma_free_prd(usb3, &pdev->dev); __renesas_usb3_ep_free_request(usb3->ep0_req); - if (usb3->phy) - phy_put(usb3->phy); pm_runtime_disable(&pdev->dev); return 0; -- 2.17.0

7 years, 3 months

1
0
0 0

patch "usb: gadget: udc: renesas_usb3: disable the controller's irqs for" added to usb-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: gadget: udc: renesas_usb3: disable the controller's irqs for to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. >From bd6bce004d78b867ba0c6d3712f1c5b50398af9a Mon Sep 17 00:00:00 2001 From: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Date: Tue, 10 Apr 2018 14:38:54 +0900 Subject: usb: gadget: udc: renesas_usb3: disable the controller's irqs for reconnecting This patch fixes an issue that reconnection is possible to fail because unexpected state handling happens by the irqs. To fix the issue, the driver disables the controller's irqs when disconnected. Fixes: 746bfe63bba3 ("usb: gadget: renesas_usb3: add support for Renesas USB3.0 peripheral controller") Cc: <stable(a)vger.kernel.org> # v4.5+ Reviewed-by: Simon Horman <horms+renesas(a)verge.net.au> Signed-off-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Signed-off-by: Felipe Balbi <felipe.balbi(a)linux.intel.com> --- drivers/usb/gadget/udc/renesas_usb3.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/drivers/usb/gadget/udc/renesas_usb3.c b/drivers/usb/gadget/udc/renesas_usb3.c index 5d5a5d9e3669..2bb2cca5ca82 100644 --- a/drivers/usb/gadget/udc/renesas_usb3.c +++ b/drivers/usb/gadget/udc/renesas_usb3.c @@ -623,6 +623,13 @@ static void usb3_disconnect(struct renesas_usb3 *usb3) usb3_usb2_pullup(usb3, 0); usb3_clear_bit(usb3, USB30_CON_B3_CONNECT, USB3_USB30_CON); usb3_reset_epc(usb3); + usb3_disable_irq_1(usb3, USB_INT_1_B2_RSUM | USB_INT_1_B3_PLLWKUP | + USB_INT_1_B3_LUPSUCS | USB_INT_1_B3_DISABLE | + USB_INT_1_SPEED | USB_INT_1_B3_WRMRST | + USB_INT_1_B3_HOTRST | USB_INT_1_B2_SPND | + USB_INT_1_B2_L1SPND | USB_INT_1_B2_USBRST); + usb3_clear_bit(usb3, USB_COM_CON_SPD_MODE, USB3_USB_COM_CON); + usb3_init_epc_registers(usb3); if (usb3->driver) usb3->driver->disconnect(&usb3->gadget); -- 2.17.0

7 years, 3 months

1
0
0 0

patch "usb: gadget: udc: renesas_usb3: should fail if devm_phy_get() returns" added to usb-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: gadget: udc: renesas_usb3: should fail if devm_phy_get() returns to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. >From 0259068f63f23a665ded28647f2f9cdb6b20dc72 Mon Sep 17 00:00:00 2001 From: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Date: Tue, 10 Apr 2018 14:38:53 +0900 Subject: usb: gadget: udc: renesas_usb3: should fail if devm_phy_get() returns error This patch fixes an issue that this driver ignores errors other than the non-existence of the device, f.e. a memory allocation failure in devm_phy_get(). So, this patch replaces devm_phy_get() with devm_phy_optional_get(). Reported-by: Simon Horman <horms+renesas(a)verge.net.au> Fixes: 279d4bc64060 ("usb: gadget: udc: renesas_usb3: add support for generic phy") Cc: <stable(a)vger.kernel.org> # v4.15+ Reviewed-by: Simon Horman <horms+renesas(a)verge.net.au> Signed-off-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Signed-off-by: Felipe Balbi <felipe.balbi(a)linux.intel.com> --- drivers/usb/gadget/udc/renesas_usb3.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/drivers/usb/gadget/udc/renesas_usb3.c b/drivers/usb/gadget/udc/renesas_usb3.c index 61b72edab7ab..5d5a5d9e3669 100644 --- a/drivers/usb/gadget/udc/renesas_usb3.c +++ b/drivers/usb/gadget/udc/renesas_usb3.c @@ -2638,9 +2638,11 @@ static int renesas_usb3_probe(struct platform_device *pdev) * This is optional. So, if this driver cannot get a phy, * this driver will not handle a phy anymore. */ - usb3->phy = devm_phy_get(&pdev->dev, "usb"); - if (IS_ERR(usb3->phy)) - usb3->phy = NULL; + usb3->phy = devm_phy_optional_get(&pdev->dev, "usb"); + if (IS_ERR(usb3->phy)) { + ret = PTR_ERR(usb3->phy); + goto err_add_udc; + } pm_runtime_enable(&pdev->dev); ret = usb_add_gadget_udc(&pdev->dev, &usb3->gadget); -- 2.17.0

7 years, 3 months

1
0
0 0

patch "usb: gadget: udc: renesas_usb3: should call devm_phy_get() before add" added to usb-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: gadget: udc: renesas_usb3: should call devm_phy_get() before add to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. >From 003bc1dee216b1fb8e02040a95672bea0f1fe797 Mon Sep 17 00:00:00 2001 From: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Date: Tue, 10 Apr 2018 14:38:52 +0900 Subject: usb: gadget: udc: renesas_usb3: should call devm_phy_get() before add udc This patch fixes an issue that this driver cannot call phy_init() if a gadget driver is alreadly loaded because usb_add_gadget_udc() might call renesas_usb3_start() via .udc_start. This patch also revises the typo (s/an optional/optional/). Fixes: 279d4bc64060 ("usb: gadget: udc: renesas_usb3: add support for generic phy") Cc: <stable(a)vger.kernel.org> # v4.15+ Signed-off-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Reviewed-by: Simon Horman <horms+renesas(a)verge.net.au> Signed-off-by: Felipe Balbi <felipe.balbi(a)linux.intel.com> --- drivers/usb/gadget/udc/renesas_usb3.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/drivers/usb/gadget/udc/renesas_usb3.c b/drivers/usb/gadget/udc/renesas_usb3.c index 8bf3ae1f3541..61b72edab7ab 100644 --- a/drivers/usb/gadget/udc/renesas_usb3.c +++ b/drivers/usb/gadget/udc/renesas_usb3.c @@ -2634,6 +2634,14 @@ static int renesas_usb3_probe(struct platform_device *pdev) if (ret < 0) goto err_alloc_prd; + /* + * This is optional. So, if this driver cannot get a phy, + * this driver will not handle a phy anymore. + */ + usb3->phy = devm_phy_get(&pdev->dev, "usb"); + if (IS_ERR(usb3->phy)) + usb3->phy = NULL; + pm_runtime_enable(&pdev->dev); ret = usb_add_gadget_udc(&pdev->dev, &usb3->gadget); if (ret < 0) @@ -2643,14 +2651,6 @@ static int renesas_usb3_probe(struct platform_device *pdev) if (ret < 0) goto err_dev_create; - /* - * This is an optional. So, if this driver cannot get a phy, - * this driver will not handle a phy anymore. - */ - usb3->phy = devm_phy_get(&pdev->dev, "usb"); - if (IS_ERR(usb3->phy)) - usb3->phy = NULL; - usb3->workaround_for_vbus = priv->workaround_for_vbus; renesas_usb3_debugfs_init(usb3, &pdev->dev); -- 2.17.0

7 years, 3 months

1
0
0 0

patch "usb: gadget: udc: renesas_usb3: should call pm_runtime_enable()" added to usb-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: gadget: udc: renesas_usb3: should call pm_runtime_enable() to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. >From d998844016b24a8d71b9aa5eae7e51d70f2de438 Mon Sep 17 00:00:00 2001 From: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Date: Tue, 10 Apr 2018 14:38:51 +0900 Subject: usb: gadget: udc: renesas_usb3: should call pm_runtime_enable() before add udc This patch fixes an issue that this driver causes panic if a gadget driver is already loaded because usb_add_gadget_udc() might call renesas_usb3_start() via .udc_start, and then pm_runtime_get_sync() in renesas_usb3_start() doesn't work correctly. Note that the usb3_to_dev() macro should not be called at this timing because the macro uses the gadget structure. Fixes: cf06df3fae28 ("usb: gadget: udc: renesas_usb3: move pm_runtime_{en,dis}able()") Cc: <stable(a)vger.kernel.org> # v4.15+ Signed-off-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Reviewed-by: Simon Horman <horms+renesas(a)verge.net.au> Signed-off-by: Felipe Balbi <felipe.balbi(a)linux.intel.com> --- drivers/usb/gadget/udc/renesas_usb3.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/usb/gadget/udc/renesas_usb3.c b/drivers/usb/gadget/udc/renesas_usb3.c index 4ef2386c3ac4..8bf3ae1f3541 100644 --- a/drivers/usb/gadget/udc/renesas_usb3.c +++ b/drivers/usb/gadget/udc/renesas_usb3.c @@ -2634,6 +2634,7 @@ static int renesas_usb3_probe(struct platform_device *pdev) if (ret < 0) goto err_alloc_prd; + pm_runtime_enable(&pdev->dev); ret = usb_add_gadget_udc(&pdev->dev, &usb3->gadget); if (ret < 0) goto err_add_udc; @@ -2655,7 +2656,6 @@ static int renesas_usb3_probe(struct platform_device *pdev) renesas_usb3_debugfs_init(usb3, &pdev->dev); dev_info(&pdev->dev, "probed%s\n", usb3->phy ? " with phy" : ""); - pm_runtime_enable(usb3_to_dev(usb3)); return 0; -- 2.17.0

7 years, 3 months

1
0
0 0

patch "usb: gadget: udc: renesas_usb3: should remove debugfs" added to usb-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: gadget: udc: renesas_usb3: should remove debugfs to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. >From 1990cf7c21ea185cec98c6d45a82c04481261e35 Mon Sep 17 00:00:00 2001 From: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Date: Tue, 10 Apr 2018 14:38:50 +0900 Subject: usb: gadget: udc: renesas_usb3: should remove debugfs This patch fixes an issue that this driver doesn't remove its debugfs. Fixes: 43ba968b00ea ("usb: gadget: udc: renesas_usb3: add debugfs to set the b-device mode") Cc: <stable(a)vger.kernel.org> # v4.14+ Signed-off-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Reviewed-by: Simon Horman <horms+renesas(a)verge.net.au> Signed-off-by: Felipe Balbi <felipe.balbi(a)linux.intel.com> --- drivers/usb/gadget/udc/renesas_usb3.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/drivers/usb/gadget/udc/renesas_usb3.c b/drivers/usb/gadget/udc/renesas_usb3.c index 409cde4e6a51..4ef2386c3ac4 100644 --- a/drivers/usb/gadget/udc/renesas_usb3.c +++ b/drivers/usb/gadget/udc/renesas_usb3.c @@ -333,6 +333,7 @@ struct renesas_usb3 { struct extcon_dev *extcon; struct work_struct extcon_work; struct phy *phy; + struct dentry *dentry; struct renesas_usb3_ep *usb3_ep; int num_usb3_eps; @@ -2393,8 +2394,12 @@ static void renesas_usb3_debugfs_init(struct renesas_usb3 *usb3, file = debugfs_create_file("b_device", 0644, root, usb3, &renesas_usb3_b_device_fops); - if (!file) + if (!file) { dev_info(dev, "%s: Can't create debugfs mode\n", __func__); + debugfs_remove_recursive(root); + } else { + usb3->dentry = root; + } } /*------- platform_driver ------------------------------------------------*/ @@ -2402,6 +2407,7 @@ static int renesas_usb3_remove(struct platform_device *pdev) { struct renesas_usb3 *usb3 = platform_get_drvdata(pdev); + debugfs_remove_recursive(usb3->dentry); device_remove_file(&pdev->dev, &dev_attr_role); usb_del_gadget_udc(&usb3->gadget); -- 2.17.0

7 years, 3 months

1
0
0 0

[PATCH V4] blk-mq: avoid to starve tag allocation after allocation process migrates

by Ming Lei

When the allocation process is scheduled back and the mapped hw queue is changed, fake one extra wake up on previous queue for compensating wake up miss, so other allocations on the previous queue won't be starved. This patch fixes one request allocation hang issue, which can be triggered easily in case of very low nr_request. Cc: <stable(a)vger.kernel.org> Cc: Omar Sandoval <osandov(a)fb.com> Signed-off-by: Ming Lei <ming.lei(a)redhat.com> --- V4: - don't run smp_mb__before_atomic() for fake wake up as suggest by Omar V3: - fix comments as suggested by Jens - remove the wrapper as suggested by Omar V2: - fix build failure block/blk-mq-tag.c | 12 ++++++++++++ include/linux/sbitmap.h | 7 +++++++ lib/sbitmap.c | 38 +++++++++++++++++++------------------- 3 files changed, 38 insertions(+), 19 deletions(-) diff --git a/block/blk-mq-tag.c b/block/blk-mq-tag.c index 336dde07b230..a4e58fc28a06 100644 --- a/block/blk-mq-tag.c +++ b/block/blk-mq-tag.c @@ -134,6 +134,8 @@ unsigned int blk_mq_get_tag(struct blk_mq_alloc_data *data) ws = bt_wait_ptr(bt, data->hctx); drop_ctx = data->ctx == NULL; do { + struct sbitmap_queue *bt_prev; + /* * We're out of tags on this hardware queue, kick any * pending IO submits before going to sleep waiting for @@ -159,6 +161,7 @@ unsigned int blk_mq_get_tag(struct blk_mq_alloc_data *data) if (data->ctx) blk_mq_put_ctx(data->ctx); + bt_prev = bt; io_schedule(); data->ctx = blk_mq_get_ctx(data->q); @@ -170,6 +173,15 @@ unsigned int blk_mq_get_tag(struct blk_mq_alloc_data *data) bt = &tags->bitmap_tags; finish_wait(&ws->wait, &wait); + + /* + * If destination hw queue is changed, fake wake up on + * previous queue for compensating the wake up miss, so + * other allocations on previous queue won't be starved. + */ + if (bt != bt_prev) + sbitmap_queue_wake_up(bt_prev); + ws = bt_wait_ptr(bt, data->hctx); } while (1); diff --git a/include/linux/sbitmap.h b/include/linux/sbitmap.h index 841585f6e5f2..bba9d80191b7 100644 --- a/include/linux/sbitmap.h +++ b/include/linux/sbitmap.h @@ -484,6 +484,13 @@ static inline struct sbq_wait_state *sbq_wait_ptr(struct sbitmap_queue *sbq, void sbitmap_queue_wake_all(struct sbitmap_queue *sbq); /** + * sbitmap_queue_wake_up() - Wake up some of waiters in one waitqueue + * on a &struct sbitmap_queue. + * @sbq: Bitmap queue to wake up. + */ +void sbitmap_queue_wake_up(struct sbitmap_queue *sbq); + +/** * sbitmap_queue_show() - Dump &struct sbitmap_queue information to a &struct * seq_file. * @sbq: Bitmap queue to show. diff --git a/lib/sbitmap.c b/lib/sbitmap.c index e6a9c06ec70c..537328a98c06 100644 --- a/lib/sbitmap.c +++ b/lib/sbitmap.c @@ -335,8 +335,9 @@ void sbitmap_queue_resize(struct sbitmap_queue *sbq, unsigned int depth) if (sbq->wake_batch != wake_batch) { WRITE_ONCE(sbq->wake_batch, wake_batch); /* - * Pairs with the memory barrier in sbq_wake_up() to ensure that - * the batch size is updated before the wait counts. + * Pairs with the memory barrier in sbitmap_queue_wake_up() + * to ensure that the batch size is updated before the wait + * counts. */ smp_mb__before_atomic(); for (i = 0; i < SBQ_WAIT_QUEUES; i++) @@ -425,21 +426,12 @@ static struct sbq_wait_state *sbq_wake_ptr(struct sbitmap_queue *sbq) return NULL; } -static void sbq_wake_up(struct sbitmap_queue *sbq) +void sbitmap_queue_wake_up(struct sbitmap_queue *sbq) { struct sbq_wait_state *ws; unsigned int wake_batch; int wait_cnt; - /* - * Pairs with the memory barrier in set_current_state() to ensure the - * proper ordering of clear_bit()/waitqueue_active() in the waker and - * test_and_set_bit_lock()/prepare_to_wait()/finish_wait() in the - * waiter. See the comment on waitqueue_active(). This is __after_atomic - * because we just did clear_bit_unlock() in the caller. - */ - smp_mb__after_atomic(); - ws = sbq_wake_ptr(sbq); if (!ws) return; @@ -454,23 +446,31 @@ static void sbq_wake_up(struct sbitmap_queue *sbq) */ smp_mb__before_atomic(); /* - * If there are concurrent callers to sbq_wake_up(), the last - * one to decrement the wait count below zero will bump it back - * up. If there is a concurrent resize, the count reset will - * either cause the cmpxchg to fail or overwrite after the - * cmpxchg. + * If there are concurrent callers to sbitmap_queue_wake_up(), + * the last one to decrement the wait count below zero will + * bump it back up. If there is a concurrent resize, the count + * reset will either cause the cmpxchg to fail or overwrite + * after the cmpxchg. */ atomic_cmpxchg(&ws->wait_cnt, wait_cnt, wait_cnt + wake_batch); sbq_index_atomic_inc(&sbq->wake_index); wake_up_nr(&ws->wait, wake_batch); } } +EXPORT_SYMBOL_GPL(sbitmap_queue_wake_up); void sbitmap_queue_clear(struct sbitmap_queue *sbq, unsigned int nr, unsigned int cpu) { sbitmap_clear_bit_unlock(&sbq->sb, nr); - sbq_wake_up(sbq); + /* + * Pairs with the memory barrier in set_current_state() to ensure the + * proper ordering of clear_bit_unlock()/waitqueue_active() in the waker + * and test_and_set_bit_lock()/prepare_to_wait()/finish_wait() in the + * waiter. See the comment on waitqueue_active(). + */ + smp_mb__after_atomic(); + sbitmap_queue_wake_up(sbq); if (likely(!sbq->round_robin && nr < sbq->sb.depth)) *per_cpu_ptr(sbq->alloc_hint, cpu) = nr; } @@ -482,7 +482,7 @@ void sbitmap_queue_wake_all(struct sbitmap_queue *sbq) /* * Pairs with the memory barrier in set_current_state() like in - * sbq_wake_up(). + * sbitmap_queue_wake_up(). */ smp_mb(); wake_index = atomic_read(&sbq->wake_index); -- 2.9.5

7 years, 3 months

3
2
0 0

[PATCH v2] block: fix QEMU crash with scsi-hd and drive_del

by Greg Kurz

Removing a drive with drive_del while it is being used to run an I/O intensive workload can cause QEMU to crash. An AIO flush can yield at some point: blk_aio_flush_entry() blk_co_flush(blk) bdrv_co_flush(blk->root->bs) ... qemu_coroutine_yield() and let the HMP command to run, free blk->root and give control back to the AIO flush: hmp_drive_del() blk_remove_bs() bdrv_root_unref_child(blk->root) child_bs = blk->root->bs bdrv_detach_child(blk->root) bdrv_replace_child(blk->root, NULL) blk->root->bs = NULL g_free(blk->root) <============== blk->root becomes stale bdrv_unref(child_bs) bdrv_delete(child_bs) bdrv_close() bdrv_drained_begin() bdrv_do_drained_begin() bdrv_drain_recurse() aio_poll() ... qemu_coroutine_switch() and the AIO flush completion ends up dereferencing blk->root: blk_aio_complete() scsi_aio_complete() blk_get_aio_context(blk) bs = blk_bs(blk) ie, bs = blk->root ? blk->root->bs : NULL ^^^^^ stale The problem is that we should avoid making block driver graph changes while we have in-flight requests. This patch hence adds a drained section to bdrv_detach_child(), so that we're sure all requests have been drained when blk->root is freed. Signed-off-by: Greg Kurz <groug(a)kaod.org> --- v2: - drain I/O requests when detaching the BDS (Stefan, Paolo) --- block.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/block.c b/block.c index 676e57f5623a..fc9379439883 100644 --- a/block.c +++ b/block.c @@ -2127,12 +2127,16 @@ BdrvChild *bdrv_attach_child(BlockDriverState *parent_bs, static void bdrv_detach_child(BdrvChild *child) { + BlockDriverState *child_bs = child->bs; + if (child->next.le_prev) { QLIST_REMOVE(child, next); child->next.le_prev = NULL; } + bdrv_drained_begin(child_bs); bdrv_replace_child(child, NULL); + bdrv_drained_end(child_bs); g_free(child->name); g_free(child);

7 years, 3 months

3
2
0 0

patch "usb-storage: Add compatibility quirk flags for G-Technologies G-Drive" added to usb-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb-storage: Add compatibility quirk flags for G-Technologies G-Drive to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the usb-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. >From ca7d9515d0e6825351ce106066cea1f60e40b1c8 Mon Sep 17 00:00:00 2001 From: Alexander Kappner <agk(a)godking.net> Date: Fri, 18 May 2018 21:50:16 -0700 Subject: usb-storage: Add compatibility quirk flags for G-Technologies G-Drive The "G-Drive" (sold by G-Technology) external USB 3.0 drive hangs on write access under UAS and usb-storage: [ 136.079121] sd 15:0:0:0: [sdi] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE [ 136.079144] sd 15:0:0:0: [sdi] tag#0 Sense Key : Illegal Request [current] [ 136.079152] sd 15:0:0:0: [sdi] tag#0 Add. Sense: Invalid field in cdb [ 136.079176] sd 15:0:0:0: [sdi] tag#0 CDB: Write(16) 8a 08 00 00 00 00 00 00 00 00 00 00 00 08 00 00 [ 136.079180] print_req_error: critical target error, dev sdi, sector 0 [ 136.079183] Buffer I/O error on dev sdi, logical block 0, lost sync page write [ 136.173148] EXT4-fs (sdi): mounted filesystem with ordered data mode. Opts: (null) [ 140.583998] sd 15:0:0:0: [sdi] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE [ 140.584010] sd 15:0:0:0: [sdi] tag#0 Sense Key : Illegal Request [current] [ 140.584016] sd 15:0:0:0: [sdi] tag#0 Add. Sense: Invalid field in cdb [ 140.584022] sd 15:0:0:0: [sdi] tag#0 CDB: Write(16) 8a 08 00 00 00 00 e8 c4 00 18 00 00 00 08 00 00 [ 140.584025] print_req_error: critical target error, dev sdi, sector 3905159192 [ 140.584044] print_req_error: critical target error, dev sdi, sector 3905159192 [ 140.584052] Aborting journal on device sdi-8. The proposed patch adds compatibility quirks. Because the drive requires two quirks (one to work with UAS, and another to work with usb-storage), adding this under unusual_devs.h and not just unusual_uas.h so kernels compiled without UAS receive the quirk. With the patch, the drive works reliably on UAS and usb- storage. (tested on NEC Corporation uPD720200 USB 3.0 host controller). Signed-off-by: Alexander Kappner <agk(a)godking.net> Acked-by: Alan Stern <stern(a)rowland.harvard.edu> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/storage/unusual_devs.h | 9 +++++++++ drivers/usb/storage/unusual_uas.h | 9 +++++++++ 2 files changed, 18 insertions(+) diff --git a/drivers/usb/storage/unusual_devs.h b/drivers/usb/storage/unusual_devs.h index 747d3a9596d9..22fcfccf453a 100644 --- a/drivers/usb/storage/unusual_devs.h +++ b/drivers/usb/storage/unusual_devs.h @@ -2321,6 +2321,15 @@ UNUSUAL_DEV( 0x4146, 0xba01, 0x0100, 0x0100, "Micro Mini 1GB", USB_SC_DEVICE, USB_PR_DEVICE, NULL, US_FL_NOT_LOCKABLE ), +/* "G-DRIVE" external HDD hangs on write without these. + * Patch submitted by Alexander Kappner <agk(a)godking.net> + */ +UNUSUAL_DEV(0x4971, 0x8024, 0x0000, 0x9999, + "SimpleTech", + "External HDD", + USB_SC_DEVICE, USB_PR_DEVICE, NULL, + US_FL_ALWAYS_SYNC), + /* * Nick Bowler <nbowler(a)elliptictech.com> * SCSI stack spams (otherwise harmless) error messages. diff --git a/drivers/usb/storage/unusual_uas.h b/drivers/usb/storage/unusual_uas.h index 38434d88954a..d0bdebd87ce3 100644 --- a/drivers/usb/storage/unusual_uas.h +++ b/drivers/usb/storage/unusual_uas.h @@ -107,3 +107,12 @@ UNUSUAL_DEV(0x4971, 0x8017, 0x0000, 0x9999, "External HDD", USB_SC_DEVICE, USB_PR_DEVICE, NULL, US_FL_NO_REPORT_OPCODES), + +/* "G-DRIVE" external HDD hangs on write without these. + * Patch submitted by Alexander Kappner <agk(a)godking.net> + */ +UNUSUAL_DEV(0x4971, 0x8024, 0x0000, 0x9999, + "SimpleTech", + "External HDD", + USB_SC_DEVICE, USB_PR_DEVICE, NULL, + US_FL_ALWAYS_SYNC), -- 2.17.0

7 years, 3 months

1
0
0 0

patch "usb-storage: Add support for FL_ALWAYS_SYNC flag in the UAS driver" added to usb-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb-storage: Add support for FL_ALWAYS_SYNC flag in the UAS driver to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the usb-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. >From 8c4e97ddfe73a0958bb0abf7e6a3bc4cc3e04936 Mon Sep 17 00:00:00 2001 From: Alexander Kappner <agk(a)godking.net> Date: Fri, 18 May 2018 21:50:15 -0700 Subject: usb-storage: Add support for FL_ALWAYS_SYNC flag in the UAS driver The ALWAYS_SYNC flag is currently honored by the usb-storage driver but not UAS and is required to work around devices that become unstable upon being queried for cache. This code is taken straight from: drivers/usb/storage/scsiglue.c:284 Signed-off-by: Alexander Kappner <agk(a)godking.net> Acked-by: Alan Stern <stern(a)rowland.harvard.edu> Cc: stable <stable(a)vger.kernel.org> Acked-by: Oliver Neukum <oneukum(a)suse.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/storage/uas.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/usb/storage/uas.c b/drivers/usb/storage/uas.c index 6034c39b67d1..9e9de5452860 100644 --- a/drivers/usb/storage/uas.c +++ b/drivers/usb/storage/uas.c @@ -836,6 +836,12 @@ static int uas_slave_configure(struct scsi_device *sdev) if (devinfo->flags & US_FL_BROKEN_FUA) sdev->broken_fua = 1; + /* UAS also needs to support FL_ALWAYS_SYNC */ + if (devinfo->flags & US_FL_ALWAYS_SYNC) { + sdev->skip_ms_page_3f = 1; + sdev->skip_ms_page_8 = 1; + sdev->wce_default_on = 1; + } scsi_change_queue_depth(sdev, devinfo->qdepth - 2); return 0; } -- 2.17.0

7 years, 3 months

1
0
0 0

patch "usb: gadget: function: printer: avoid wrong list handling in" added to usb-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: gadget: function: printer: avoid wrong list handling in to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the usb-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. >From 4a014a7339f441b0851ce012f469c0fadac61c81 Mon Sep 17 00:00:00 2001 From: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Date: Mon, 21 May 2018 20:18:07 +0900 Subject: usb: gadget: function: printer: avoid wrong list handling in printer_write() When printer_write() calls usb_ep_queue(), a udc driver (e.g. renesas_usbhs driver) may call usb_gadget_giveback_request() in the udc .queue ops immediately. Then, printer_write() calls list_add(&req->list, &dev->tx_reqs_active) wrongly. After that, if we do unbind the printer driver, WARN_ON() happens in printer_func_unbind() because the list entry is not removed. So, this patch moves list_add(&req->list, &dev->tx_reqs_active) calling before usb_ep_queue(). Signed-off-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Acked-by: Felipe Balbi <felipe.balbi(a)linux.intel.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/gadget/function/f_printer.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/usb/gadget/function/f_printer.c b/drivers/usb/gadget/function/f_printer.c index d359efe06c76..9c7ed2539ff7 100644 --- a/drivers/usb/gadget/function/f_printer.c +++ b/drivers/usb/gadget/function/f_printer.c @@ -631,19 +631,19 @@ printer_write(struct file *fd, const char __user *buf, size_t len, loff_t *ptr) return -EAGAIN; } + list_add(&req->list, &dev->tx_reqs_active); + /* here, we unlock, and only unlock, to avoid deadlock. */ spin_unlock(&dev->lock); value = usb_ep_queue(dev->in_ep, req, GFP_ATOMIC); spin_lock(&dev->lock); if (value) { + list_del(&req->list); list_add(&req->list, &dev->tx_reqs); spin_unlock_irqrestore(&dev->lock, flags); mutex_unlock(&dev->lock_printer_io); return -EAGAIN; } - - list_add(&req->list, &dev->tx_reqs_active); - } spin_unlock_irqrestore(&dev->lock, flags); -- 2.17.0

7 years, 3 months

1
0
0 0

patch "usb: gadget: udc: renesas_usb3: fix double phy_put()" added to usb-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: gadget: udc: renesas_usb3: fix double phy_put() to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the usb-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. >From 8223b2f89ca63e203dcb54148e30d94979f17b0b Mon Sep 17 00:00:00 2001 From: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Date: Mon, 2 Apr 2018 21:21:31 +0900 Subject: usb: gadget: udc: renesas_usb3: fix double phy_put() This patch fixes an issue that this driver cause double phy_put() calling. This driver must not call phy_put() in the remove because the driver calls devm_phy_get() in the probe. Fixes: 279d4bc64060 ("usb: gadget: udc: renesas_usb3: add support for generic phy") Cc: <stable(a)vger.kernel.org> # v4.15+ Reviewed-by: Simon Horman <horms+renesas(a)verge.net.au> Signed-off-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Signed-off-by: Felipe Balbi <felipe.balbi(a)linux.intel.com> --- drivers/usb/gadget/udc/renesas_usb3.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/drivers/usb/gadget/udc/renesas_usb3.c b/drivers/usb/gadget/udc/renesas_usb3.c index 2bb2cca5ca82..5caf78bbbf7c 100644 --- a/drivers/usb/gadget/udc/renesas_usb3.c +++ b/drivers/usb/gadget/udc/renesas_usb3.c @@ -2421,8 +2421,6 @@ static int renesas_usb3_remove(struct platform_device *pdev) renesas_usb3_dma_free_prd(usb3, &pdev->dev); __renesas_usb3_ep_free_request(usb3->ep0_req); - if (usb3->phy) - phy_put(usb3->phy); pm_runtime_disable(&pdev->dev); return 0; -- 2.17.0

7 years, 3 months

1
0
0 0

patch "usb: gadget: udc: renesas_usb3: disable the controller's irqs for" added to usb-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: gadget: udc: renesas_usb3: disable the controller's irqs for to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the usb-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. >From bd6bce004d78b867ba0c6d3712f1c5b50398af9a Mon Sep 17 00:00:00 2001 From: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Date: Tue, 10 Apr 2018 14:38:54 +0900 Subject: usb: gadget: udc: renesas_usb3: disable the controller's irqs for reconnecting This patch fixes an issue that reconnection is possible to fail because unexpected state handling happens by the irqs. To fix the issue, the driver disables the controller's irqs when disconnected. Fixes: 746bfe63bba3 ("usb: gadget: renesas_usb3: add support for Renesas USB3.0 peripheral controller") Cc: <stable(a)vger.kernel.org> # v4.5+ Reviewed-by: Simon Horman <horms+renesas(a)verge.net.au> Signed-off-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Signed-off-by: Felipe Balbi <felipe.balbi(a)linux.intel.com> --- drivers/usb/gadget/udc/renesas_usb3.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/drivers/usb/gadget/udc/renesas_usb3.c b/drivers/usb/gadget/udc/renesas_usb3.c index 5d5a5d9e3669..2bb2cca5ca82 100644 --- a/drivers/usb/gadget/udc/renesas_usb3.c +++ b/drivers/usb/gadget/udc/renesas_usb3.c @@ -623,6 +623,13 @@ static void usb3_disconnect(struct renesas_usb3 *usb3) usb3_usb2_pullup(usb3, 0); usb3_clear_bit(usb3, USB30_CON_B3_CONNECT, USB3_USB30_CON); usb3_reset_epc(usb3); + usb3_disable_irq_1(usb3, USB_INT_1_B2_RSUM | USB_INT_1_B3_PLLWKUP | + USB_INT_1_B3_LUPSUCS | USB_INT_1_B3_DISABLE | + USB_INT_1_SPEED | USB_INT_1_B3_WRMRST | + USB_INT_1_B3_HOTRST | USB_INT_1_B2_SPND | + USB_INT_1_B2_L1SPND | USB_INT_1_B2_USBRST); + usb3_clear_bit(usb3, USB_COM_CON_SPD_MODE, USB3_USB_COM_CON); + usb3_init_epc_registers(usb3); if (usb3->driver) usb3->driver->disconnect(&usb3->gadget); -- 2.17.0

7 years, 3 months

1
0
0 0

patch "usb: gadget: udc: renesas_usb3: should fail if devm_phy_get() returns" added to usb-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: gadget: udc: renesas_usb3: should fail if devm_phy_get() returns to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the usb-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. >From 0259068f63f23a665ded28647f2f9cdb6b20dc72 Mon Sep 17 00:00:00 2001 From: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Date: Tue, 10 Apr 2018 14:38:53 +0900 Subject: usb: gadget: udc: renesas_usb3: should fail if devm_phy_get() returns error This patch fixes an issue that this driver ignores errors other than the non-existence of the device, f.e. a memory allocation failure in devm_phy_get(). So, this patch replaces devm_phy_get() with devm_phy_optional_get(). Reported-by: Simon Horman <horms+renesas(a)verge.net.au> Fixes: 279d4bc64060 ("usb: gadget: udc: renesas_usb3: add support for generic phy") Cc: <stable(a)vger.kernel.org> # v4.15+ Reviewed-by: Simon Horman <horms+renesas(a)verge.net.au> Signed-off-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Signed-off-by: Felipe Balbi <felipe.balbi(a)linux.intel.com> --- drivers/usb/gadget/udc/renesas_usb3.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/drivers/usb/gadget/udc/renesas_usb3.c b/drivers/usb/gadget/udc/renesas_usb3.c index 61b72edab7ab..5d5a5d9e3669 100644 --- a/drivers/usb/gadget/udc/renesas_usb3.c +++ b/drivers/usb/gadget/udc/renesas_usb3.c @@ -2638,9 +2638,11 @@ static int renesas_usb3_probe(struct platform_device *pdev) * This is optional. So, if this driver cannot get a phy, * this driver will not handle a phy anymore. */ - usb3->phy = devm_phy_get(&pdev->dev, "usb"); - if (IS_ERR(usb3->phy)) - usb3->phy = NULL; + usb3->phy = devm_phy_optional_get(&pdev->dev, "usb"); + if (IS_ERR(usb3->phy)) { + ret = PTR_ERR(usb3->phy); + goto err_add_udc; + } pm_runtime_enable(&pdev->dev); ret = usb_add_gadget_udc(&pdev->dev, &usb3->gadget); -- 2.17.0

7 years, 3 months

1
0
0 0

patch "usb: gadget: udc: renesas_usb3: should call devm_phy_get() before add" added to usb-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: gadget: udc: renesas_usb3: should call devm_phy_get() before add to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the usb-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. >From 003bc1dee216b1fb8e02040a95672bea0f1fe797 Mon Sep 17 00:00:00 2001 From: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Date: Tue, 10 Apr 2018 14:38:52 +0900 Subject: usb: gadget: udc: renesas_usb3: should call devm_phy_get() before add udc This patch fixes an issue that this driver cannot call phy_init() if a gadget driver is alreadly loaded because usb_add_gadget_udc() might call renesas_usb3_start() via .udc_start. This patch also revises the typo (s/an optional/optional/). Fixes: 279d4bc64060 ("usb: gadget: udc: renesas_usb3: add support for generic phy") Cc: <stable(a)vger.kernel.org> # v4.15+ Signed-off-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Reviewed-by: Simon Horman <horms+renesas(a)verge.net.au> Signed-off-by: Felipe Balbi <felipe.balbi(a)linux.intel.com> --- drivers/usb/gadget/udc/renesas_usb3.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/drivers/usb/gadget/udc/renesas_usb3.c b/drivers/usb/gadget/udc/renesas_usb3.c index 8bf3ae1f3541..61b72edab7ab 100644 --- a/drivers/usb/gadget/udc/renesas_usb3.c +++ b/drivers/usb/gadget/udc/renesas_usb3.c @@ -2634,6 +2634,14 @@ static int renesas_usb3_probe(struct platform_device *pdev) if (ret < 0) goto err_alloc_prd; + /* + * This is optional. So, if this driver cannot get a phy, + * this driver will not handle a phy anymore. + */ + usb3->phy = devm_phy_get(&pdev->dev, "usb"); + if (IS_ERR(usb3->phy)) + usb3->phy = NULL; + pm_runtime_enable(&pdev->dev); ret = usb_add_gadget_udc(&pdev->dev, &usb3->gadget); if (ret < 0) @@ -2643,14 +2651,6 @@ static int renesas_usb3_probe(struct platform_device *pdev) if (ret < 0) goto err_dev_create; - /* - * This is an optional. So, if this driver cannot get a phy, - * this driver will not handle a phy anymore. - */ - usb3->phy = devm_phy_get(&pdev->dev, "usb"); - if (IS_ERR(usb3->phy)) - usb3->phy = NULL; - usb3->workaround_for_vbus = priv->workaround_for_vbus; renesas_usb3_debugfs_init(usb3, &pdev->dev); -- 2.17.0

7 years, 3 months

1
0
0 0

patch "usb: gadget: udc: renesas_usb3: should call pm_runtime_enable()" added to usb-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: gadget: udc: renesas_usb3: should call pm_runtime_enable() to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the usb-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. >From d998844016b24a8d71b9aa5eae7e51d70f2de438 Mon Sep 17 00:00:00 2001 From: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Date: Tue, 10 Apr 2018 14:38:51 +0900 Subject: usb: gadget: udc: renesas_usb3: should call pm_runtime_enable() before add udc This patch fixes an issue that this driver causes panic if a gadget driver is already loaded because usb_add_gadget_udc() might call renesas_usb3_start() via .udc_start, and then pm_runtime_get_sync() in renesas_usb3_start() doesn't work correctly. Note that the usb3_to_dev() macro should not be called at this timing because the macro uses the gadget structure. Fixes: cf06df3fae28 ("usb: gadget: udc: renesas_usb3: move pm_runtime_{en,dis}able()") Cc: <stable(a)vger.kernel.org> # v4.15+ Signed-off-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Reviewed-by: Simon Horman <horms+renesas(a)verge.net.au> Signed-off-by: Felipe Balbi <felipe.balbi(a)linux.intel.com> --- drivers/usb/gadget/udc/renesas_usb3.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/usb/gadget/udc/renesas_usb3.c b/drivers/usb/gadget/udc/renesas_usb3.c index 4ef2386c3ac4..8bf3ae1f3541 100644 --- a/drivers/usb/gadget/udc/renesas_usb3.c +++ b/drivers/usb/gadget/udc/renesas_usb3.c @@ -2634,6 +2634,7 @@ static int renesas_usb3_probe(struct platform_device *pdev) if (ret < 0) goto err_alloc_prd; + pm_runtime_enable(&pdev->dev); ret = usb_add_gadget_udc(&pdev->dev, &usb3->gadget); if (ret < 0) goto err_add_udc; @@ -2655,7 +2656,6 @@ static int renesas_usb3_probe(struct platform_device *pdev) renesas_usb3_debugfs_init(usb3, &pdev->dev); dev_info(&pdev->dev, "probed%s\n", usb3->phy ? " with phy" : ""); - pm_runtime_enable(usb3_to_dev(usb3)); return 0; -- 2.17.0

7 years, 3 months

1
0
0 0

patch "usb: gadget: udc: renesas_usb3: should remove debugfs" added to usb-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: gadget: udc: renesas_usb3: should remove debugfs to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the usb-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. >From 1990cf7c21ea185cec98c6d45a82c04481261e35 Mon Sep 17 00:00:00 2001 From: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Date: Tue, 10 Apr 2018 14:38:50 +0900 Subject: usb: gadget: udc: renesas_usb3: should remove debugfs This patch fixes an issue that this driver doesn't remove its debugfs. Fixes: 43ba968b00ea ("usb: gadget: udc: renesas_usb3: add debugfs to set the b-device mode") Cc: <stable(a)vger.kernel.org> # v4.14+ Signed-off-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Reviewed-by: Simon Horman <horms+renesas(a)verge.net.au> Signed-off-by: Felipe Balbi <felipe.balbi(a)linux.intel.com> --- drivers/usb/gadget/udc/renesas_usb3.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/drivers/usb/gadget/udc/renesas_usb3.c b/drivers/usb/gadget/udc/renesas_usb3.c index 409cde4e6a51..4ef2386c3ac4 100644 --- a/drivers/usb/gadget/udc/renesas_usb3.c +++ b/drivers/usb/gadget/udc/renesas_usb3.c @@ -333,6 +333,7 @@ struct renesas_usb3 { struct extcon_dev *extcon; struct work_struct extcon_work; struct phy *phy; + struct dentry *dentry; struct renesas_usb3_ep *usb3_ep; int num_usb3_eps; @@ -2393,8 +2394,12 @@ static void renesas_usb3_debugfs_init(struct renesas_usb3 *usb3, file = debugfs_create_file("b_device", 0644, root, usb3, &renesas_usb3_b_device_fops); - if (!file) + if (!file) { dev_info(dev, "%s: Can't create debugfs mode\n", __func__); + debugfs_remove_recursive(root); + } else { + usb3->dentry = root; + } } /*------- platform_driver ------------------------------------------------*/ @@ -2402,6 +2407,7 @@ static int renesas_usb3_remove(struct platform_device *pdev) { struct renesas_usb3 *usb3 = platform_get_drvdata(pdev); + debugfs_remove_recursive(usb3->dentry); device_remove_file(&pdev->dev, &dev_attr_role); usb_del_gadget_udc(&usb3->gadget); -- 2.17.0

7 years, 3 months

1
0
0 0

[PATCH 3/6] drm/psr: Fix missed entry in PSR setup time table.

by Dhinakaran Pandiyan

Entry corresponding to 220 us setup time was missing. I am not aware of any specific bug this fixes, but this could potentially result in enabling PSR on a panel with a higher setup time requirement than supported by the hardware. I verified the value is present in eDP spec versions 1.3, 1.4 and 1.4a. Fixes: 6608804b3d7f ("drm/dp: Add drm_dp_psr_setup_time()") Cc: stable(a)vger.kernel.org Cc: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Cc: Jose Roberto de Souza <jose.souza(a)intel.com> Cc: dri-devel(a)lists.freedesktop.org Signed-off-by: Dhinakaran Pandiyan <dhinakaran.pandiyan(a)intel.com> --- drivers/gpu/drm/drm_dp_helper.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/gpu/drm/drm_dp_helper.c b/drivers/gpu/drm/drm_dp_helper.c index 36c7609a4bd5..a7ba602a43a8 100644 --- a/drivers/gpu/drm/drm_dp_helper.c +++ b/drivers/gpu/drm/drm_dp_helper.c @@ -1159,6 +1159,7 @@ int drm_dp_psr_setup_time(const u8 psr_cap[EDP_PSR_RECEIVER_CAP_SIZE]) static const u16 psr_setup_time_us[] = { PSR_SETUP_TIME(330), PSR_SETUP_TIME(275), + PSR_SETUP_TIME(220), PSR_SETUP_TIME(165), PSR_SETUP_TIME(110), PSR_SETUP_TIME(55), -- 2.14.1

7 years, 3 months

2
1
0 0

[PATCH v10 1/4] ioremap: Update pgtable free interfaces with addr

by Chintan Pandya

From: Chintan Pandya <cpandya(a)codeaurora.org> The following kernel panic was observed on ARM64 platform due to a stale TLB entry. 1. ioremap with 4K size, a valid pte page table is set. 2. iounmap it, its pte entry is set to 0. 3. ioremap the same address with 2M size, update its pmd entry with a new value. 4. CPU may hit an exception because the old pmd entry is still in TLB, which leads to a kernel panic. Commit b6bdb7517c3d ("mm/vmalloc: add interfaces to free unmapped page table") has addressed this panic by falling to pte mappings in the above case on ARM64. To support pmd mappings in all cases, TLB purge needs to be performed in this case on ARM64. Add a new arg, 'addr', to pud_free_pmd_page() and pmd_free_pte_page() so that TLB purge can be added later in seprate patches. [toshi(a)hpe.com: merge changes, rewrite patch description] Fixes: 28ee90fe6048 ("x86/mm: implement free pmd/pte page interfaces") Signed-off-by: Chintan Pandya <cpandya(a)codeaurora.org> Signed-off-by: Toshi Kani <toshi.kani(a)hpe.com> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: Will Deacon <will.deacon(a)arm.com> Cc: Joerg Roedel <joro(a)8bytes.org> Cc: <stable(a)vger.kernel.org> --- arch/arm64/mm/mmu.c | 4 ++-- arch/x86/mm/pgtable.c | 8 +++++--- include/asm-generic/pgtable.h | 8 ++++---- lib/ioremap.c | 4 ++-- 4 files changed, 13 insertions(+), 11 deletions(-) diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c index 2dbb2c9..da98828 100644 --- a/arch/arm64/mm/mmu.c +++ b/arch/arm64/mm/mmu.c @@ -973,12 +973,12 @@ int pmd_clear_huge(pmd_t *pmdp) return 1; } -int pud_free_pmd_page(pud_t *pud) +int pud_free_pmd_page(pud_t *pud, unsigned long addr) { return pud_none(*pud); } -int pmd_free_pte_page(pmd_t *pmd) +int pmd_free_pte_page(pmd_t *pmd, unsigned long addr) { return pmd_none(*pmd); } diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c index ffc8c13..37e3cba 100644 --- a/arch/x86/mm/pgtable.c +++ b/arch/x86/mm/pgtable.c @@ -718,11 +718,12 @@ int pmd_clear_huge(pmd_t *pmd) /** * pud_free_pmd_page - Clear pud entry and free pmd page. * @pud: Pointer to a PUD. + * @addr: Virtual address associated with pud. * * Context: The pud range has been unmaped and TLB purged. * Return: 1 if clearing the entry succeeded. 0 otherwise. */ -int pud_free_pmd_page(pud_t *pud) +int pud_free_pmd_page(pud_t *pud, unsigned long addr) { pmd_t *pmd; int i; @@ -733,7 +734,7 @@ int pud_free_pmd_page(pud_t *pud) pmd = (pmd_t *)pud_page_vaddr(*pud); for (i = 0; i < PTRS_PER_PMD; i++) - if (!pmd_free_pte_page(&pmd[i])) + if (!pmd_free_pte_page(&pmd[i], addr + (i * PMD_SIZE))) return 0; pud_clear(pud); @@ -745,11 +746,12 @@ int pud_free_pmd_page(pud_t *pud) /** * pmd_free_pte_page - Clear pmd entry and free pte page. * @pmd: Pointer to a PMD. + * @addr: Virtual address associated with pmd. * * Context: The pmd range has been unmaped and TLB purged. * Return: 1 if clearing the entry succeeded. 0 otherwise. */ -int pmd_free_pte_page(pmd_t *pmd) +int pmd_free_pte_page(pmd_t *pmd, unsigned long addr) { pte_t *pte; diff --git a/include/asm-generic/pgtable.h b/include/asm-generic/pgtable.h index f59639a..b081794 100644 --- a/include/asm-generic/pgtable.h +++ b/include/asm-generic/pgtable.h @@ -1019,8 +1019,8 @@ static inline int p4d_clear_huge(p4d_t *p4d) int pmd_set_huge(pmd_t *pmd, phys_addr_t addr, pgprot_t prot); int pud_clear_huge(pud_t *pud); int pmd_clear_huge(pmd_t *pmd); -int pud_free_pmd_page(pud_t *pud); -int pmd_free_pte_page(pmd_t *pmd); +int pud_free_pmd_page(pud_t *pud, unsigned long addr); +int pmd_free_pte_page(pmd_t *pmd, unsigned long addr); #else /* !CONFIG_HAVE_ARCH_HUGE_VMAP */ static inline int p4d_set_huge(p4d_t *p4d, phys_addr_t addr, pgprot_t prot) { @@ -1046,11 +1046,11 @@ static inline int pmd_clear_huge(pmd_t *pmd) { return 0; } -static inline int pud_free_pmd_page(pud_t *pud) +static inline int pud_free_pmd_page(pud_t *pud, unsigned long addr) { return 0; } -static inline int pmd_free_pte_page(pmd_t *pmd) +static inline int pmd_free_pte_page(pmd_t *pmd, unsigned long addr) { return 0; } diff --git a/lib/ioremap.c b/lib/ioremap.c index 54e5bba..517f585 100644 --- a/lib/ioremap.c +++ b/lib/ioremap.c @@ -92,7 +92,7 @@ static inline int ioremap_pmd_range(pud_t *pud, unsigned long addr, if (ioremap_pmd_enabled() && ((next - addr) == PMD_SIZE) && IS_ALIGNED(phys_addr + addr, PMD_SIZE) && - pmd_free_pte_page(pmd)) { + pmd_free_pte_page(pmd, addr)) { if (pmd_set_huge(pmd, phys_addr + addr, prot)) continue; } @@ -119,7 +119,7 @@ static inline int ioremap_pud_range(p4d_t *p4d, unsigned long addr, if (ioremap_pud_enabled() && ((next - addr) == PUD_SIZE) && IS_ALIGNED(phys_addr + addr, PUD_SIZE) && - pud_free_pmd_page(pud)) { + pud_free_pmd_page(pud, addr)) { if (pud_set_huge(pud, phys_addr + addr, prot)) continue; } -- Qualcomm India Private Limited, on behalf of Qualcomm Innovation Center, Inc., is a member of Code Aurora Forum, a Linux Foundation Collaborative Project

7 years, 3 months

1
0
0 0

[PATCH] media: rc: ensure input/lirc device can be opened after register

by Sean Young

Since commit cb84343fced1 ("media: lirc: do not call close() or open() on unregistered devices") rc_open() will return -ENODEV if rcdev->registered is false. Ensure this is set before we register the input device and the lirc device, else we have a short window where the neither the lirc or input device can be opened. Fixes: cb84343fced1 ("media: lirc: do not call close() or open() on unregistered devices") Cc: stable(a)vger.kernel.org # v4.16+ Signed-off-by: Sean Young <sean(a)mess.org> --- drivers/media/rc/rc-main.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/media/rc/rc-main.c b/drivers/media/rc/rc-main.c index b7071bde670a..2e222d9ee01f 100644 --- a/drivers/media/rc/rc-main.c +++ b/drivers/media/rc/rc-main.c @@ -1862,6 +1862,8 @@ int rc_register_device(struct rc_dev *dev) dev->device_name ?: "Unspecified device", path ?: "N/A"); kfree(path); + dev->registered = true; + if (dev->driver_type != RC_DRIVER_IR_RAW_TX) { rc = rc_setup_rx_device(dev); if (rc) @@ -1881,8 +1883,6 @@ int rc_register_device(struct rc_dev *dev) goto out_lirc; } - dev->registered = true; - dev_dbg(&dev->dev, "Registered rc%u (driver: %s)\n", dev->minor, dev->driver_name ? dev->driver_name : "unknown"); -- 2.17.0

7 years, 3 months

1
0
0 0

RE: [PATCH]

by Fabrizio Castro

Hello Greg, Thank you for your feedback. > Subject: Re: [PATCH] dmaengine: ensure dmaengine helpers check valid callback > > On Mon, May 21, 2018 at 05:56:55PM +0100, Fabrizio Castro wrote: > > From: Vinod Koul <vinod.koul(a)intel.com> > > > > commit 757d12e5849be549076901b0d33c60d5f360269c upstream. > > > > dmaengine has various device callbacks and exposes helper > > functions to invoke these. These helpers should check if channel, > > device and callback is valid or not before invoking them. > > > > Reported-by: Jon Hunter <jonathanh(a)nvidia.com> > > Signed-off-by: Vinod Koul <vinod.koul(a)intel.com> > > [fabrizio: cherry-pick to 4.4] > > Signed-off-by: Fabrizio Castro <fabrizio.castro(a)bp.renesas.com> > > Signed-off-by: Jianming Qiao <jianming.qiao(a)bp.renesas.com> > > --- > > Hello Greg, > > > > while backporting commit 757d12e5849be549076901b0d33c60d5f360269c > > to the CIP kernel Ben recommended to send the same patch to you > > for 4.4 stable. > > I hope the format of the commit is the one you expect (reference to > > the upstream commit, version to cherry-pick the patch to, and > > Signed-off-by tags). > > Format is fine, but why is this needed in the 4.4.y kernel tree? We work with the CIP kernel (v4.4), and from time to time we come across bug fixes we feel like stable could benefit from. Also, since Ben merges the CIP branch with stable, the fixes we make to stable will appear in the CIP kernel too at some point. If you feel like the patch is not worth considering for stable, it can still be applied to the CIP kernel if required. Ben has already taken this patch (for v4.4.126-cip22) therefore it's not on our critical path, but it would be nice to have in the stable kernel too. > What bug does it solve? Without this patch we managed to get the kernel to try and dereference a NULL pointer while playing around with ttys (basically by having the wrong tty with /etc/securetty). Are you happy to take this patch? Thanks, Fab > > thanks, > > greg k-h Renesas Electronics Europe Ltd, Dukes Meadow, Millboard Road, Bourne End, Buckinghamshire, SL8 5FH, UK. Registered in England & Wales under Registered No. 04586709.

7 years, 3 months

2
2
0 0

[PATCH] usb: typec: wcove: Remove dependency on HW FSM

by Heikki Krogerus

The USB Type-C PHY in Intel WhiskeyCove PMIC has build-in USB Type-C state machine which we were relying on to configure the CC lines correctly. This patch removes that dependency and configures the CC line according to commands from the port manager (tcpm.c) in wcove_set_cc(). This fixes an issue where USB devices attached to the USB Type-C port do not get enumerated. When acting as source/host, the HW FSM sometimes fails to configure the PHY correctly. Fixes: 3c4fb9f16921 ("usb: typec: wcove: start using tcpm for USB PD support") Cc: stable(a)vger.kernel.org Signed-off-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> --- drivers/usb/typec/typec_wcove.c | 30 ++++++++++++++++++++++++++++-- 1 file changed, 28 insertions(+), 2 deletions(-) diff --git a/drivers/usb/typec/typec_wcove.c b/drivers/usb/typec/typec_wcove.c index 39cff11ec7a2..423208e19383 100644 --- a/drivers/usb/typec/typec_wcove.c +++ b/drivers/usb/typec/typec_wcove.c @@ -202,6 +202,10 @@ static int wcove_init(struct tcpc_dev *tcpc) struct wcove_typec *wcove = tcpc_to_wcove(tcpc); int ret; + ret = regmap_write(wcove->regmap, USBC_CONTROL1, 0); + if (ret) + return ret; + /* Unmask everything */ ret = regmap_write(wcove->regmap, USBC_IRQMASK1, 0); if (ret) @@ -285,8 +289,30 @@ static int wcove_get_cc(struct tcpc_dev *tcpc, enum typec_cc_status *cc1, static int wcove_set_cc(struct tcpc_dev *tcpc, enum typec_cc_status cc) { - /* XXX: Relying on the HW FSM to configure things correctly for now */ - return 0; + struct wcove_typec *wcove = tcpc_to_wcove(tcpc); + unsigned int ctrl; + + switch (cc) { + case TYPEC_CC_RD: + ctrl = USBC_CONTROL1_MODE_SNK; + break; + case TYPEC_CC_RP_DEF: + ctrl = USBC_CONTROL1_CURSRC_UA_80 | USBC_CONTROL1_MODE_SRC; + break; + case TYPEC_CC_RP_1_5: + ctrl = USBC_CONTROL1_CURSRC_UA_180 | USBC_CONTROL1_MODE_SRC; + break; + case TYPEC_CC_RP_3_0: + ctrl = USBC_CONTROL1_CURSRC_UA_330 | USBC_CONTROL1_MODE_SRC; + break; + case TYPEC_CC_OPEN: + ctrl = 0; + break; + default: + return -EINVAL; + } + + return regmap_write(wcove->regmap, USBC_CONTROL1, ctrl); } static int wcove_set_polarity(struct tcpc_dev *tcpc, enum typec_cc_polarity pol) -- 2.17.0

7 years, 3 months

1
0
0 0

[GIT PULL 2/2] intel_th: Use correct device when freeing buffers

by Alexander Shishkin

Commit d5c435df4a890 ("intel_th: msu: Use the real device in case of IOMMU domain allocation") changes dma buffer allocation to use the actual underlying device, but forgets to change the deallocation path, which leads to (if you've got CAP_SYS_RAWIO): > # echo 0,0 > /sys/bus/intel_th/devices/0-msc0/nr_pages > ------------[ cut here ]------------ > kernel BUG at ../linux/drivers/iommu/intel-iommu.c:3670! > CPU: 3 PID: 231 Comm: sh Not tainted 4.17.0-rc1+ #2729 > RIP: 0010:intel_unmap+0x11e/0x130 ... > Call Trace: > intel_free_coherent+0x3e/0x60 > msc_buffer_win_free+0x100/0x160 [intel_th_msu] This patch fixes the buffer deallocation code to use the correct device. Signed-off-by: Alexander Shishkin <alexander.shishkin(a)linux.intel.com> Fixes: d5c435df4a890 ("intel_th: msu: Use the real device in case of IOMMU domain allocation") Reported-by: Baofeng Tian <baofeng.tian(a)intel.com> CC: stable(a)vger.kernel.org # v4.14+ --- drivers/hwtracing/intel_th/msu.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/hwtracing/intel_th/msu.c b/drivers/hwtracing/intel_th/msu.c index ede388309376..634f58042c77 100644 --- a/drivers/hwtracing/intel_th/msu.c +++ b/drivers/hwtracing/intel_th/msu.c @@ -733,8 +733,8 @@ static int msc_buffer_win_alloc(struct msc *msc, unsigned int nr_blocks) /* Reset the page to write-back before releasing */ set_memory_wb((unsigned long)win->block[i].bdesc, 1); #endif - dma_free_coherent(msc_dev(msc), size, win->block[i].bdesc, - win->block[i].addr); + dma_free_coherent(msc_dev(msc)->parent->parent, size, + win->block[i].bdesc, win->block[i].addr); } kfree(win); @@ -769,7 +769,7 @@ static void msc_buffer_win_free(struct msc *msc, struct msc_window *win) /* Reset the page to write-back before releasing */ set_memory_wb((unsigned long)win->block[i].bdesc, 1); #endif - dma_free_coherent(msc_dev(win->msc), PAGE_SIZE, + dma_free_coherent(msc_dev(win->msc)->parent->parent, PAGE_SIZE, win->block[i].bdesc, win->block[i].addr); } -- 2.17.0

7 years, 3 months

1
0
0 0

[GIT PULL 1/2] stm class: Use vmalloc for the master map

by Alexander Shishkin

Fengguang is running into a warning from the buddy allocator: > swapper/0: page allocation failure: order:9, mode:0x14040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null) > CPU: 1 PID: 1 Comm: swapper/0 Not tainted 4.17.0-rc1 #262 > Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014 > Call Trace: ... > __kmalloc+0x14b/0x180: ____cache_alloc at mm/slab.c:3127 > stm_register_device+0xf3/0x5c0: stm_register_device at drivers/hwtracing/stm/core.c:695 ... Which is basically a result of the stm class trying to allocate ~512kB for the dummy_stm with its default parameters. There's no reason, however, for it not to be vmalloc()ed instead, which is what this patch does. Reported-by: Fengguang Wu <fengguang.wu(a)intel.com> Signed-off-by: Alexander Shishkin <alexander.shishkin(a)linux.intel.com> CC: stable(a)vger.kernel.org # v4.4+ --- drivers/hwtracing/stm/core.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/hwtracing/stm/core.c b/drivers/hwtracing/stm/core.c index 05386b76465e..657badb479a5 100644 --- a/drivers/hwtracing/stm/core.c +++ b/drivers/hwtracing/stm/core.c @@ -674,7 +674,7 @@ static void stm_device_release(struct device *dev) { struct stm_device *stm = to_stm_device(dev); - kfree(stm); + vfree(stm); } int stm_register_device(struct device *parent, struct stm_data *stm_data, @@ -691,7 +691,7 @@ int stm_register_device(struct device *parent, struct stm_data *stm_data, return -EINVAL; nmasters = stm_data->sw_end - stm_data->sw_start + 1; - stm = kzalloc(sizeof(*stm) + nmasters * sizeof(void *), GFP_KERNEL); + stm = vzalloc(sizeof(*stm) + nmasters * sizeof(void *)); if (!stm) return -ENOMEM; @@ -744,7 +744,7 @@ int stm_register_device(struct device *parent, struct stm_data *stm_data, /* matches device_initialize() above */ put_device(&stm->dev); err_free: - kfree(stm); + vfree(stm); return err; } -- 2.17.0

7 years, 3 months

1
0
0 0

[PATCH] pinctrl: armada-37xx: Fix spurious irq management

by Gregory CLEMENT

From: Terry Zhou <bjzhou(a)marvell.com> Until now, if we found spurious irq in irq_handler, we only updated the status in register but not the status in the code. Due to this the system will got stuck dues to the infinite loop [gregory.clement(a)bootlin.com: update comment and add fix and stable tags] Fixes: 30ac0d3b0702 ("pinctrl: armada-37xx: Add edge both type gpio irq support") Cc: <stable(a)vger.kernel.org> Signed-off-by: Terry Zhou <bjzhou(a)marvell.com> Reviewed-by: Gregory CLEMENT <gregory.clement(a)bootlin.com> Signed-off-by: Gregory CLEMENT <gregory.clement(a)bootlin.com> --- drivers/pinctrl/mvebu/pinctrl-armada-37xx.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/pinctrl/mvebu/pinctrl-armada-37xx.c b/drivers/pinctrl/mvebu/pinctrl-armada-37xx.c index 5b63248c8209..7bef929bd7fe 100644 --- a/drivers/pinctrl/mvebu/pinctrl-armada-37xx.c +++ b/drivers/pinctrl/mvebu/pinctrl-armada-37xx.c @@ -679,12 +679,13 @@ static void armada_37xx_irq_handler(struct irq_desc *desc) writel(1 << hwirq, info->base + IRQ_STATUS + 4 * i); - continue; + goto update_status; } } generic_handle_irq(virq); +update_status: /* Update status in case a new IRQ appears */ spin_lock_irqsave(&info->irq_lock, flags); status = readl_relaxed(info->base + -- 2.17.0

7 years, 3 months

2
1
0 0

[PATCH] gpio: rcar: Add Runtime PM handling for interrupts

by Fabrizio Castro

From: Geert Uytterhoeven <geert+renesas(a)glider.be> commit b26a719bdba9aa926ceaadecc66e07623d2b8a53 upstream. The R-Car GPIO driver handles Runtime PM for requested GPIOs only. When using a GPIO purely as an interrupt source, no Runtime PM handling is done, and the GPIO module's clock may not be enabled. To fix this: - Add .irq_request_resources() and .irq_release_resources() callbacks to handle Runtime PM when an interrupt is requested, - Add irq_bus_lock() and sync_unlock() callbacks to handle Runtime PM when e.g. disabling/enabling an interrupt, or configuring the interrupt type. Fixes: d5c3d84657db57bd "net: phy: Avoid polling PHY with PHY_IGNORE_INTERRUPTS" Signed-off-by: Geert Uytterhoeven <geert+renesas(a)glider.be> Signed-off-by: Linus Walleij <linus.walleij(a)linaro.org> [fabrizio: cherry-pick to v4.4.y. Use container_of instead of gpiochip_get_data.] Signed-off-by: Fabrizio Castro <fabrizio.castro(a)bp.renesas.com> Reviewed-by: Biju Das <biju.das(a)bp.renesas.com> --- Hi Greg, on R-Car we have found that if a GPIO is used purely as an interrupt source, the corresponding clock is not enabled, therefore the interrupt doesn't work. On Koelsch, the HDMI trasmitter node in the DT uses GPIO 3 29 for the interrupt line, and since gpio3 is used only for this, its clock is OFF, preventing the interrupt from working. This patch fixes this problem. Would you please consider this patch for 4.4.y? Thanks, Fab drivers/gpio/gpio-rcar.c | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) diff --git a/drivers/gpio/gpio-rcar.c b/drivers/gpio/gpio-rcar.c index 2a81224..9ba4aaa 100644 --- a/drivers/gpio/gpio-rcar.c +++ b/drivers/gpio/gpio-rcar.c @@ -200,6 +200,48 @@ static int gpio_rcar_irq_set_wake(struct irq_data *d, unsigned int on) return 0; } +static void gpio_rcar_irq_bus_lock(struct irq_data *d) +{ + struct gpio_chip *gc = irq_data_get_irq_chip_data(d); + struct gpio_rcar_priv *p = container_of(gc, struct gpio_rcar_priv, + gpio_chip); + + pm_runtime_get_sync(&p->pdev->dev); +} + +static void gpio_rcar_irq_bus_sync_unlock(struct irq_data *d) +{ + struct gpio_chip *gc = irq_data_get_irq_chip_data(d); + struct gpio_rcar_priv *p = container_of(gc, struct gpio_rcar_priv, + gpio_chip); + + pm_runtime_put(&p->pdev->dev); +} + + +static int gpio_rcar_irq_request_resources(struct irq_data *d) +{ + struct gpio_chip *gc = irq_data_get_irq_chip_data(d); + struct gpio_rcar_priv *p = container_of(gc, struct gpio_rcar_priv, + gpio_chip); + int error; + + error = pm_runtime_get_sync(&p->pdev->dev); + if (error < 0) + return error; + + return 0; +} + +static void gpio_rcar_irq_release_resources(struct irq_data *d) +{ + struct gpio_chip *gc = irq_data_get_irq_chip_data(d); + struct gpio_rcar_priv *p = container_of(gc, struct gpio_rcar_priv, + gpio_chip); + + pm_runtime_put(&p->pdev->dev); +} + static irqreturn_t gpio_rcar_irq_handler(int irq, void *dev_id) { struct gpio_rcar_priv *p = dev_id; @@ -460,6 +502,10 @@ static int gpio_rcar_probe(struct platform_device *pdev) irq_chip->irq_unmask = gpio_rcar_irq_enable; irq_chip->irq_set_type = gpio_rcar_irq_set_type; irq_chip->irq_set_wake = gpio_rcar_irq_set_wake; + irq_chip->irq_bus_lock = gpio_rcar_irq_bus_lock; + irq_chip->irq_bus_sync_unlock = gpio_rcar_irq_bus_sync_unlock; + irq_chip->irq_request_resources = gpio_rcar_irq_request_resources; + irq_chip->irq_release_resources = gpio_rcar_irq_release_resources; irq_chip->flags = IRQCHIP_SET_TYPE_MASKED | IRQCHIP_MASK_ON_SUSPEND; ret = gpiochip_add(gpio_chip); -- 2.7.4

7 years, 3 months

2
1
0 0

Please apply 318aaf34f117 ("scsi: libsas: defer ata device eh...") to stable releases

by Guenter Roeck

Hi Greg, commit 318aaf34f1179b39f ("scsi: libsas: defer ata device eh commands to libata") fixes CVE-2018-10021. Its severity is disputed, yet it is a real bug. Please consider applying it to stable releases. Thanks, Guenter

7 years, 3 months

2
1
0 0

[PATCH 0/5] mm: rework hmm to use devm_memremap_pages

by Dan Williams

Hi Andrew, please consider this series for 4.18. For maintainability, as ZONE_DEVICE continues to attract new users, it is useful to keep all users consolidated on devm_memremap_pages() as the interface for create "device pages". The devm_memremap_pages() implementation was recently reworked to make it more generic for arbitrary users, like the proposed peer-to-peer PCI-E enabling. HMM pre-dated this rework and opted to duplicate devm_memremap_pages() as hmm_devmem_pages_create(). Rework HMM to be a consumer of devm_memremap_pages() directly and fix up the licensing on the exports given the deep dependencies on the mm. Patches based on v4.17-rc6 where there are no upstream consumers of the HMM functionality. --- Dan Williams (5): mm, devm_memremap_pages: mark devm_memremap_pages() EXPORT_SYMBOL_GPL mm, devm_memremap_pages: handle errors allocating final devres action mm, hmm: use devm semantics for hmm_devmem_{add,remove} mm, hmm: replace hmm_devmem_pages_create() with devm_memremap_pages() mm, hmm: mark hmm_devmem_{add,add_resource} EXPORT_SYMBOL_GPL Documentation/vm/hmm.txt | 1 include/linux/hmm.h | 4 - include/linux/memremap.h | 1 kernel/memremap.c | 39 +++++- mm/hmm.c | 297 +++++++--------------------------------------- 5 files changed, 77 insertions(+), 265 deletions(-)

7 years, 3 months

5
12
0 0

[PATCH V3] blk-mq: avoid to starve tag allocation after allocation process migrates

by Ming Lei

When the allocation process is scheduled back and the mapped hw queue is changed, fake one extra wake up on previous queue for compensating wake up miss, so other allocations on the previous queue won't be starved. This patch fixes one request allocation hang issue, which can be triggered easily in case of very low nr_request. Cc: <stable(a)vger.kernel.org> Cc: Omar Sandoval <osandov(a)fb.com> Signed-off-by: Ming Lei <ming.lei(a)redhat.com> --- V3: - fix comments as suggested by Jens - remove the wrapper as suggested by Omar V2: - fix build failure block/blk-mq-tag.c | 12 ++++++++++++ include/linux/sbitmap.h | 7 +++++++ lib/sbitmap.c | 22 ++++++++++++---------- 3 files changed, 31 insertions(+), 10 deletions(-) diff --git a/block/blk-mq-tag.c b/block/blk-mq-tag.c index 336dde07b230..a4e58fc28a06 100644 --- a/block/blk-mq-tag.c +++ b/block/blk-mq-tag.c @@ -134,6 +134,8 @@ unsigned int blk_mq_get_tag(struct blk_mq_alloc_data *data) ws = bt_wait_ptr(bt, data->hctx); drop_ctx = data->ctx == NULL; do { + struct sbitmap_queue *bt_prev; + /* * We're out of tags on this hardware queue, kick any * pending IO submits before going to sleep waiting for @@ -159,6 +161,7 @@ unsigned int blk_mq_get_tag(struct blk_mq_alloc_data *data) if (data->ctx) blk_mq_put_ctx(data->ctx); + bt_prev = bt; io_schedule(); data->ctx = blk_mq_get_ctx(data->q); @@ -170,6 +173,15 @@ unsigned int blk_mq_get_tag(struct blk_mq_alloc_data *data) bt = &tags->bitmap_tags; finish_wait(&ws->wait, &wait); + + /* + * If destination hw queue is changed, fake wake up on + * previous queue for compensating the wake up miss, so + * other allocations on previous queue won't be starved. + */ + if (bt != bt_prev) + sbitmap_queue_wake_up(bt_prev); + ws = bt_wait_ptr(bt, data->hctx); } while (1); diff --git a/include/linux/sbitmap.h b/include/linux/sbitmap.h index 841585f6e5f2..bba9d80191b7 100644 --- a/include/linux/sbitmap.h +++ b/include/linux/sbitmap.h @@ -484,6 +484,13 @@ static inline struct sbq_wait_state *sbq_wait_ptr(struct sbitmap_queue *sbq, void sbitmap_queue_wake_all(struct sbitmap_queue *sbq); /** + * sbitmap_queue_wake_up() - Wake up some of waiters in one waitqueue + * on a &struct sbitmap_queue. + * @sbq: Bitmap queue to wake up. + */ +void sbitmap_queue_wake_up(struct sbitmap_queue *sbq); + +/** * sbitmap_queue_show() - Dump &struct sbitmap_queue information to a &struct * seq_file. * @sbq: Bitmap queue to show. diff --git a/lib/sbitmap.c b/lib/sbitmap.c index e6a9c06ec70c..14e027a33ffa 100644 --- a/lib/sbitmap.c +++ b/lib/sbitmap.c @@ -335,8 +335,9 @@ void sbitmap_queue_resize(struct sbitmap_queue *sbq, unsigned int depth) if (sbq->wake_batch != wake_batch) { WRITE_ONCE(sbq->wake_batch, wake_batch); /* - * Pairs with the memory barrier in sbq_wake_up() to ensure that - * the batch size is updated before the wait counts. + * Pairs with the memory barrier in sbitmap_queue_wake_up() + * to ensure that the batch size is updated before the wait + * counts. */ smp_mb__before_atomic(); for (i = 0; i < SBQ_WAIT_QUEUES; i++) @@ -425,7 +426,7 @@ static struct sbq_wait_state *sbq_wake_ptr(struct sbitmap_queue *sbq) return NULL; } -static void sbq_wake_up(struct sbitmap_queue *sbq) +void sbitmap_queue_wake_up(struct sbitmap_queue *sbq) { struct sbq_wait_state *ws; unsigned int wake_batch; @@ -454,23 +455,24 @@ static void sbq_wake_up(struct sbitmap_queue *sbq) */ smp_mb__before_atomic(); /* - * If there are concurrent callers to sbq_wake_up(), the last - * one to decrement the wait count below zero will bump it back - * up. If there is a concurrent resize, the count reset will - * either cause the cmpxchg to fail or overwrite after the - * cmpxchg. + * If there are concurrent callers to sbitmap_queue_wake_up(), + * the last one to decrement the wait count below zero will + * bump it back up. If there is a concurrent resize, the count + * reset will either cause the cmpxchg to fail or overwrite + * after the cmpxchg. */ atomic_cmpxchg(&ws->wait_cnt, wait_cnt, wait_cnt + wake_batch); sbq_index_atomic_inc(&sbq->wake_index); wake_up_nr(&ws->wait, wake_batch); } } +EXPORT_SYMBOL_GPL(sbitmap_queue_wake_up); void sbitmap_queue_clear(struct sbitmap_queue *sbq, unsigned int nr, unsigned int cpu) { sbitmap_clear_bit_unlock(&sbq->sb, nr); - sbq_wake_up(sbq); + sbitmap_queue_wake_up(sbq); if (likely(!sbq->round_robin && nr < sbq->sb.depth)) *per_cpu_ptr(sbq->alloc_hint, cpu) = nr; } @@ -482,7 +484,7 @@ void sbitmap_queue_wake_all(struct sbitmap_queue *sbq) /* * Pairs with the memory barrier in set_current_state() like in - * sbq_wake_up(). + * sbitmap_queue_wake_up(). */ smp_mb(); wake_index = atomic_read(&sbq->wake_index); -- 2.9.5

7 years, 3 months

2
1
0 0

[PATCH V2] blk-mq: avoid to starve tag allocation after allocation process migrates

by Ming Lei

When the allocation process is scheduled back and the mapped hw queue is changed, do one extra wake up on orignal queue for compensating wake up miss, so other allocations on the orignal queue won't be starved. This patch fixes one request allocation hang issue, which can be triggered easily in case of very low nr_request. Cc: <stable(a)vger.kernel.org> Cc: Omar Sandoval <osandov(a)fb.com> Signed-off-by: Ming Lei <ming.lei(a)redhat.com> --- V2: fix build failure block/blk-mq-tag.c | 13 +++++++++++++ include/linux/sbitmap.h | 7 +++++++ lib/sbitmap.c | 6 ++++++ 3 files changed, 26 insertions(+) diff --git a/block/blk-mq-tag.c b/block/blk-mq-tag.c index 336dde07b230..77607f89d205 100644 --- a/block/blk-mq-tag.c +++ b/block/blk-mq-tag.c @@ -134,6 +134,8 @@ unsigned int blk_mq_get_tag(struct blk_mq_alloc_data *data) ws = bt_wait_ptr(bt, data->hctx); drop_ctx = data->ctx == NULL; do { + struct sbitmap_queue *bt_orig; + /* * We're out of tags on this hardware queue, kick any * pending IO submits before going to sleep waiting for @@ -159,6 +161,7 @@ unsigned int blk_mq_get_tag(struct blk_mq_alloc_data *data) if (data->ctx) blk_mq_put_ctx(data->ctx); + bt_orig = bt; io_schedule(); data->ctx = blk_mq_get_ctx(data->q); @@ -170,6 +173,16 @@ unsigned int blk_mq_get_tag(struct blk_mq_alloc_data *data) bt = &tags->bitmap_tags; finish_wait(&ws->wait, &wait); + + /* + * If destination hw queue is changed, wake up original + * queue one extra time for compensating the wake up + * miss, so other allocations on original queue won't + * be starved. + */ + if (bt != bt_orig) + sbitmap_queue_wake_up(bt_orig); + ws = bt_wait_ptr(bt, data->hctx); } while (1); diff --git a/include/linux/sbitmap.h b/include/linux/sbitmap.h index 841585f6e5f2..b23f50355281 100644 --- a/include/linux/sbitmap.h +++ b/include/linux/sbitmap.h @@ -484,6 +484,13 @@ static inline struct sbq_wait_state *sbq_wait_ptr(struct sbitmap_queue *sbq, void sbitmap_queue_wake_all(struct sbitmap_queue *sbq); /** + * sbitmap_wake_up() - Do a regular wake up compensation if the queue + * allocated from is changed after scheduling back. + * @sbq: Bitmap queue to wake up. + */ +void sbitmap_queue_wake_up(struct sbitmap_queue *sbq); + +/** * sbitmap_queue_show() - Dump &struct sbitmap_queue information to a &struct * seq_file. * @sbq: Bitmap queue to show. diff --git a/lib/sbitmap.c b/lib/sbitmap.c index e6a9c06ec70c..c6ae4206bcb1 100644 --- a/lib/sbitmap.c +++ b/lib/sbitmap.c @@ -466,6 +466,12 @@ static void sbq_wake_up(struct sbitmap_queue *sbq) } } +void sbitmap_queue_wake_up(struct sbitmap_queue *sbq) +{ + sbq_wake_up(sbq); +} +EXPORT_SYMBOL_GPL(sbitmap_queue_wake_up); + void sbitmap_queue_clear(struct sbitmap_queue *sbq, unsigned int nr, unsigned int cpu) { -- 2.9.5

7 years, 3 months

4
5
0 0

[PATCH v7 1/8] softirq: reorder trace_softirqs_on to prevent lockdep splat

by Joel Fernandes

From: "Joel Fernandes (Google)" <joel(a)joelfernandes.org> I'm able to reproduce a lockdep splat with config options: CONFIG_PROVE_LOCKING=y, CONFIG_DEBUG_LOCK_ALLOC=y and CONFIG_PREEMPTIRQ_EVENTS=y $ echo 1 > /d/tracing/events/preemptirq/preempt_enable/enable [ 26.112609] DEBUG_LOCKS_WARN_ON(current->softirqs_enabled) [ 26.112636] WARNING: CPU: 0 PID: 118 at kernel/locking/lockdep.c:3854 [...] [ 26.144229] Call Trace: [ 26.144926] <IRQ> [ 26.145506] lock_acquire+0x55/0x1b0 [ 26.146499] ? __do_softirq+0x46f/0x4d9 [ 26.147571] ? __do_softirq+0x46f/0x4d9 [ 26.148646] trace_preempt_on+0x8f/0x240 [ 26.149744] ? trace_preempt_on+0x4d/0x240 [ 26.150862] ? __do_softirq+0x46f/0x4d9 [ 26.151930] preempt_count_sub+0x18a/0x1a0 [ 26.152985] __do_softirq+0x46f/0x4d9 [ 26.153937] irq_exit+0x68/0xe0 [ 26.154755] smp_apic_timer_interrupt+0x271/0x280 [ 26.156056] apic_timer_interrupt+0xf/0x20 [ 26.157105] </IRQ> The issue was this: preempt_count = 1 << SOFTIRQ_SHIFT __local_bh_enable(cnt = 1 << SOFTIRQ_SHIFT) { if (softirq_count() == (cnt && SOFTIRQ_MASK)) { trace_softirqs_on() { current->softirqs_enabled = 1; } } preempt_count_sub(cnt) { trace_preempt_on() { tracepoint() { rcu_read_lock_sched() { // jumps into lockdep Where preempt_count still has softirqs disabled, but current->softirqs_enabled is true, and we get a splat. Cc: stable(a)vger.kernel.org Reviewed-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> Fixes: d59158162e032 ("tracing: Add support for preempt and irq enable/disable events") Signed-off-by: Joel Fernandes (Google) <joel(a)joelfernandes.org> --- kernel/softirq.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/kernel/softirq.c b/kernel/softirq.c index 177de3640c78..8a040bcaa033 100644 --- a/kernel/softirq.c +++ b/kernel/softirq.c @@ -139,9 +139,13 @@ static void __local_bh_enable(unsigned int cnt) { lockdep_assert_irqs_disabled(); + if (preempt_count() == cnt) + trace_preempt_on(CALLER_ADDR0, get_lock_parent_ip()); + if (softirq_count() == (cnt & SOFTIRQ_MASK)) trace_softirqs_on(_RET_IP_); - preempt_count_sub(cnt); + + __preempt_count_sub(cnt); } /* -- 2.17.0.441.gb46fe60e1d-goog

7 years, 3 months

1
0
0 0

[PATCH 0/9] s390 spectre update for 4.9

by Martin Schwidefsky

Hi Greg, 9 more patches against the 2018/05/23 linux-4.9.y stable branch. This gets the spectre defense of 4.9 up-to-date compared to the current upstream tree. The upstream patches to remove the indirect branches from the BPF JIT are included (these do not have a CC:stable tag). Martin Schwidefsky (9): s390: add assembler macros for CPU alternatives s390: move expoline assembler macros to a header s390/crc32-vx: use expoline for indirect branches s390/lib: use expoline for indirect branches s390/ftrace: use expoline for indirect branches s390/kernel: use expoline for indirect branches s390: move spectre sysfs attribute code s390: extend expoline to BC instructions s390: use expoline thunks in the BPF JIT arch/s390/crypto/crc32be-vx.S | 5 +- arch/s390/crypto/crc32le-vx.S | 4 +- arch/s390/include/asm/alternative-asm.h | 108 ++++++++++++++++++ arch/s390/include/asm/nospec-insn.h | 195 ++++++++++++++++++++++++++++++++ arch/s390/kernel/Makefile | 1 + arch/s390/kernel/asm-offsets.c | 1 + arch/s390/kernel/base.S | 24 ++-- arch/s390/kernel/entry.S | 105 ++++------------- arch/s390/kernel/mcount.S | 14 ++- arch/s390/kernel/nospec-branch.c | 43 ++++--- arch/s390/kernel/nospec-sysfs.c | 21 ++++ arch/s390/kernel/reipl.S | 7 +- arch/s390/kernel/swsusp.S | 9 +- arch/s390/lib/mem.S | 9 +- arch/s390/net/bpf_jit.S | 16 ++- arch/s390/net/bpf_jit_comp.c | 63 ++++++++++- 16 files changed, 488 insertions(+), 137 deletions(-) create mode 100644 arch/s390/include/asm/alternative-asm.h create mode 100644 arch/s390/include/asm/nospec-insn.h create mode 100644 arch/s390/kernel/nospec-sysfs.c -- 2.16.3

7 years, 3 months

2
10
0 0

[PATCH 0/9] s390 spectre update for 4.14

by Martin Schwidefsky

Hi Greg, 9 more patches against the 2018/05/23 linux-4.14.y stable branch. This gets the spectre defense of 4.14 up-to-date compared to the current upstream tree. The upstream patches to remove the indirect branches from the BPF JIT are included (these do not have a CC:stable tag). Martin Schwidefsky (9): s390: add assembler macros for CPU alternatives s390: move expoline assembler macros to a header s390/crc32-vx: use expoline for indirect branches s390/lib: use expoline for indirect branches s390/ftrace: use expoline for indirect branches s390/kernel: use expoline for indirect branches s390: move spectre sysfs attribute code s390: extend expoline to BC instructions s390: use expoline thunks in the BPF JIT arch/s390/crypto/crc32be-vx.S | 5 +- arch/s390/crypto/crc32le-vx.S | 4 +- arch/s390/include/asm/alternative-asm.h | 108 ++++++++++++++++++ arch/s390/include/asm/nospec-insn.h | 195 ++++++++++++++++++++++++++++++++ arch/s390/kernel/Makefile | 1 + arch/s390/kernel/asm-offsets.c | 1 + arch/s390/kernel/base.S | 24 ++-- arch/s390/kernel/entry.S | 105 ++++------------- arch/s390/kernel/mcount.S | 14 ++- arch/s390/kernel/nospec-branch.c | 43 ++++--- arch/s390/kernel/nospec-sysfs.c | 21 ++++ arch/s390/kernel/reipl.S | 7 +- arch/s390/kernel/swsusp.S | 10 +- arch/s390/lib/mem.S | 13 ++- arch/s390/net/bpf_jit.S | 16 ++- arch/s390/net/bpf_jit_comp.c | 63 ++++++++++- 16 files changed, 490 insertions(+), 140 deletions(-) create mode 100644 arch/s390/include/asm/alternative-asm.h create mode 100644 arch/s390/include/asm/nospec-insn.h create mode 100644 arch/s390/kernel/nospec-sysfs.c -- 2.16.3

7 years, 3 months

2
10
0 0

[PATCH 00/15] s390 spectre update for 4.16

by Martin Schwidefsky

Hi Greg, 15 more patches against the 2018/05/23 linux-4.16.y stable branch. This gets the spectre defense of 4.16 up-to-date compared to the current upstream tree. The upstream patches to remove the indirect branches from the BPF JIT are included (these do not have a CC:stable tag). Martin Schwidefsky (15): s390: move nobp parameter functions to nospec-branch.c s390: add automatic detection of the spectre defense s390: report spectre mitigation via syslog s390: add sysfs attributes for spectre s390: add assembler macros for CPU alternatives s390: correct nospec auto detection init order s390: correct module section names for expoline code revert s390: move expoline assembler macros to a header s390/crc32-vx: use expoline for indirect branches s390/lib: use expoline for indirect branches s390/ftrace: use expoline for indirect branches s390/kernel: use expoline for indirect branches s390: move spectre sysfs attribute code s390: extend expoline to BC instructions s390: use expoline thunks in the BPF JIT arch/s390/Kconfig | 3 +- arch/s390/Makefile | 2 +- arch/s390/crypto/crc32be-vx.S | 5 +- arch/s390/crypto/crc32le-vx.S | 4 +- arch/s390/include/asm/alternative-asm.h | 108 ++++++++++++++++++ arch/s390/include/asm/nospec-branch.h | 7 +- arch/s390/include/asm/nospec-insn.h | 196 ++++++++++++++++++++++++++++++++ arch/s390/kernel/Makefile | 5 +- arch/s390/kernel/alternative.c | 24 +--- arch/s390/kernel/asm-offsets.c | 1 + arch/s390/kernel/base.S | 24 ++-- arch/s390/kernel/entry.S | 105 ++++------------- arch/s390/kernel/mcount.S | 14 ++- arch/s390/kernel/module.c | 15 ++- arch/s390/kernel/nospec-branch.c | 123 +++++++++++++++----- arch/s390/kernel/nospec-sysfs.c | 21 ++++ arch/s390/kernel/reipl.S | 7 +- arch/s390/kernel/setup.c | 3 + arch/s390/kernel/swsusp.S | 10 +- arch/s390/lib/mem.S | 19 ++-- arch/s390/net/bpf_jit.S | 16 ++- arch/s390/net/bpf_jit_comp.c | 63 +++++++++- 22 files changed, 587 insertions(+), 188 deletions(-) create mode 100644 arch/s390/include/asm/alternative-asm.h create mode 100644 arch/s390/include/asm/nospec-insn.h create mode 100644 arch/s390/kernel/nospec-sysfs.c -- 2.16.3

7 years, 3 months

2
16
0 0

[PATCH stable 4.16 00/14] powerpc backports for 4.16

by Michael Ellerman

Hi Greg, Please queue up this series of patches for 4.16 if you have no objections. These are mostly clean backports but one or two required some fixing up, hench the backport. cheers Mauricio Faria de Oliveira (2): powerpc/pseries: Fix clearing of security feature flags powerpc: Move default security feature flags Michael Ellerman (11): powerpc/rfi-flush: Always enable fallback flush on pseries powerpc: Add security feature flags for Spectre/Meltdown powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags powerpc/pseries: Set or clear security feature flags powerpc/powernv: Set or clear security feature flags powerpc/64s: Move cpu_show_meltdown() powerpc/64s: Enhance the information in cpu_show_meltdown() powerpc/powernv: Use the security flags in pnv_setup_rfi_flush() powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() powerpc/64s: Wire up cpu_show_spectre_v1() powerpc/64s: Wire up cpu_show_spectre_v2() Nicholas Piggin (1): powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit arch/powerpc/include/asm/exception-64s.h | 29 ++++ arch/powerpc/include/asm/feature-fixups.h | 19 +++ arch/powerpc/include/asm/hvcall.h | 3 + arch/powerpc/include/asm/security_features.h | 85 ++++++++++ arch/powerpc/kernel/Makefile | 2 +- arch/powerpc/kernel/exceptions-64s.S | 19 ++- arch/powerpc/kernel/security.c | 237 +++++++++++++++++++++++++++ arch/powerpc/kernel/setup_64.c | 8 - arch/powerpc/kernel/vmlinux.lds.S | 14 ++ arch/powerpc/lib/feature-fixups.c | 115 +++++++++++++ arch/powerpc/platforms/powernv/setup.c | 96 +++++++---- arch/powerpc/platforms/pseries/setup.c | 71 +++++--- 12 files changed, 638 insertions(+), 60 deletions(-) create mode 100644 arch/powerpc/include/asm/security_features.h create mode 100644 arch/powerpc/kernel/security.c -- 2.14.1

7 years, 3 months

2
15
0 0

[PATCH v2 0/7] mm: Rework hmm to use devm_memremap_pages

by Dan Williams

Changes since v1: [1] * Kill support for mapping System RAM as a nop. No one uses this functionality and it is broken relative to percpu_ref management. * Fix percpu_ref teardown. Given that devm_memremap_pages() has strict assumptions about when the percpu_ref is killed, give it responsibility to make the live-dead transition explicitly. (Logan) * Split the patch that adds HMM support to devm_memremap_pages() from the patch that converts HMM to use devm_memremap_pages(). This caught an incomplete conversion in v1. (Logan) * Collect Christoph's reviewed-by. [1]: https://lkml.org/lkml/2018/5/21/1109 --- Hi Andrew, here's v2 to replace the 5 currently in mm. The first and last patch did not change. For maintainability, as ZONE_DEVICE continues to attract new users, it is useful to keep all users consolidated on devm_memremap_pages() as the interface for create "device pages". The devm_memremap_pages() implementation was recently reworked to make it more generic for arbitrary users, like the proposed peer-to-peer PCI-E enabling. HMM pre-dated this rework and opted to duplicate devm_memremap_pages() as hmm_devmem_pages_create(). Rework HMM to be a consumer of devm_memremap_pages() directly and fix up the licensing on the exports given the deep dependencies on the mm. Patches based on v4.17-rc6 where there are no upstream consumers of the HMM functionality. --- Dan Williams (7): mm, devm_memremap_pages: Mark devm_memremap_pages() EXPORT_SYMBOL_GPL mm, devm_memremap_pages: Kill mapping "System RAM" support mm, devm_memremap_pages: Fix shutdown handling mm, devm_memremap_pages: Add MEMORY_DEVICE_PRIVATE support mm, hmm: Use devm semantics for hmm_devmem_{add,remove} mm, hmm: Replace hmm_devmem_pages_create() with devm_memremap_pages() mm, hmm: Mark hmm_devmem_{add,add_resource} EXPORT_SYMBOL_GPL Documentation/vm/hmm.txt | 1 drivers/dax/pmem.c | 10 - drivers/nvdimm/pmem.c | 18 +- include/linux/hmm.h | 4 include/linux/memremap.h | 7 + kernel/memremap.c | 85 +++++++--- mm/hmm.c | 307 +++++-------------------------------- tools/testing/nvdimm/test/iomap.c | 21 ++- 8 files changed, 130 insertions(+), 323 deletions(-)

7 years, 3 months

2
3
0 0

[PATCH 1/3] drm/vmwgfx: Fix 32-bit VMW_PORT_HB_[IN|OUT] macros

by Thomas Hellstrom

Depending on whether the kernel is compiled with frame-pointer or not, the temporary memory location used for the bp parameter in these macros is referenced relative to the stack pointer or the frame pointer. Hence we can never reference that parameter when we've modified either the stack pointer or the frame pointer, because then the compiler would generate an incorrect stack reference. Fix this by pushing the temporary memory parameter on a known location on the stack before modifying the stack- and frame pointers. Cc: <stable(a)vger.kernel.org> Signed-off-by: Thomas Hellstrom <thellstrom(a)vmware.com> Reviewed-by: Brian Paul <brianp(a)vmware.com> Reviewed-by: Sinclair Yeh <syeh(a)vmware.com> --- drivers/gpu/drm/vmwgfx/vmwgfx_msg.h | 25 +++++++++++++++++-------- 1 file changed, 17 insertions(+), 8 deletions(-) diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_msg.h b/drivers/gpu/drm/vmwgfx/vmwgfx_msg.h index 557a033fb610..8545488aa0cf 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_msg.h +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_msg.h @@ -135,17 +135,24 @@ #else -/* In the 32-bit version of this macro, we use "m" because there is no - * more register left for bp +/* + * In the 32-bit version of this macro, we store bp in a memory location + * because we've ran out of registers. + * Now we can't reference that memory location while we've modified + * %esp or %ebp, so we first push it on the stack, just before we push + * %ebp, and then when we need it we read it from the stack where we + * just pushed it. */ #define VMW_PORT_HB_OUT(cmd, in_ecx, in_si, in_di, \ port_num, magic, bp, \ eax, ebx, ecx, edx, si, di) \ ({ \ - asm volatile ("push %%ebp;" \ - "mov %12, %%ebp;" \ + asm volatile ("push %12;" \ + "push %%ebp;" \ + "mov 0x04(%%esp), %%ebp;" \ "rep outsb;" \ - "pop %%ebp;" : \ + "pop %%ebp;" \ + "add $0x04, %%esp;" : \ "=a"(eax), \ "=b"(ebx), \ "=c"(ecx), \ @@ -167,10 +174,12 @@ port_num, magic, bp, \ eax, ebx, ecx, edx, si, di) \ ({ \ - asm volatile ("push %%ebp;" \ - "mov %12, %%ebp;" \ + asm volatile ("push %12;" \ + "push %%ebp;" \ + "mov 0x04(%%esp), %%ebp;" \ "rep insb;" \ - "pop %%ebp" : \ + "pop %%ebp;" \ + "add $0x04, %%esp;" : \ "=a"(eax), \ "=b"(ebx), \ "=c"(ecx), \ -- 2.17.0

7 years, 3 months

1
1
0 0

[PATCH v3 1/2] MIPS: memset.S: Fix byte_fixup for MIPSr6

by Matt Redfearn

The __clear_user function is defined to return the number of bytes that could not be cleared. From the underlying memset / bzero implementation this means setting register a2 to that number on return. Currently if a page fault is triggered within the MIPSr6 version of setting of initial unaligned bytes, the value loaded into a2 on return is meaningless. During the MIPSr6 version of the initial unaligned bytes block, register a2 contains the number of bytes to be set beyond the initial unaligned bytes. The t0 register is initally set to the number of unaligned bytes - STORSIZE, effectively a negative version of the number of unaligned bytes. This is then incremented before each byte is saved. The label .Lbyte_fixup\@ is jumped to on page fault. Currently the value in a2 is incorrectly replaced by 0 - t0 + 1, effectively the number of unaligned bytes remaining. This leads to the failures being reported by the following test code: static int __init test_clear_user(void) { int j, k; pr_info("\n\n\nTesting clear_user\n"); for (j = 0; j < 512; j++) { if ((k = clear_user(NULL+3, j)) != j) { pr_err("clear_user (NULL %d) returned %d\n", j, k); } } return 0; } late_initcall(test_clear_user); Which reports: [ 3.965439] Testing clear_user [ 3.973169] clear_user (NULL 8) returned 6 [ 3.976782] clear_user (NULL 9) returned 6 [ 3.980390] clear_user (NULL 10) returned 6 [ 3.984052] clear_user (NULL 11) returned 6 [ 3.987524] clear_user (NULL 12) returned 6 Fix this by subtracting t0 from a2 (rather than $0), effectivey giving: unset_bytes = (#bytes - (#unaligned bytes)) - (-#unaligned bytes remaining + 1) + 1 a2 = a2 - t0 + 1 This fixes the value returned from __clear user when the number of bytes to set is > LONGSIZE and the address is invalid and unaligned. Unfortunately, this breaks the fixup handling for unaligned bytes after the final long, where register a2 still contains the number of bytes remaining to be set and the t0 register is to 0 - the number of unaligned bytes remaining. Because t0 is now is now subtracted from a2 rather than 0, the number of bytes unset is reported incorrectly: static int __init test_clear_user(void) { char *test; int j, k; pr_info("\n\n\nTesting clear_user\n"); test = vmalloc(PAGE_SIZE); for (j = 256; j < 512; j++) { if ((k = clear_user(test + PAGE_SIZE - 254, j)) != j - 254) { pr_err("clear_user (%px %d) returned %d\n", test + PAGE_SIZE - 254, j, k); } } return 0; } late_initcall(test_clear_user); [ 3.976775] clear_user (c00000000000df02 256) returned 4 [ 3.981957] clear_user (c00000000000df02 257) returned 6 [ 3.986425] clear_user (c00000000000df02 258) returned 8 [ 3.990850] clear_user (c00000000000df02 259) returned 10 [ 3.995332] clear_user (c00000000000df02 260) returned 12 [ 3.999815] clear_user (c00000000000df02 261) returned 14 Fix this by ensuring that a2 is set to 0 during the set of final unaligned bytes. Fixes: 8c56208aff77 ("MIPS: lib: memset: Add MIPS R6 support") Cc: stable(a)vger.kernel.org Signed-off-by: Matt Redfearn <matt.redfearn(a)mips.com> --- Changes in v3: New patch to fix fault handling during MIPSr6 version of setting unaligned bytes. Changes in v2: None arch/mips/lib/memset.S | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/mips/lib/memset.S b/arch/mips/lib/memset.S index 1cc306520a5..fac26ce64b2 100644 --- a/arch/mips/lib/memset.S +++ b/arch/mips/lib/memset.S @@ -195,6 +195,7 @@ #endif #else PTR_SUBU t0, $0, a2 + move a2, zero /* No remaining longs */ PTR_ADDIU t0, 1 STORE_BYTE(0) STORE_BYTE(1) @@ -231,7 +232,7 @@ #ifdef CONFIG_CPU_MIPSR6 .Lbyte_fixup\@: - PTR_SUBU a2, $0, t0 + PTR_SUBU a2, t0 jr ra PTR_ADDIU a2, 1 #endif /* CONFIG_CPU_MIPSR6 */ -- 2.7.4

7 years, 3 months

1
0
0 0

T/T payment of EUR 47,631.35 Done.

by Rai Exchanges

Please find attached details of our T/T payment of EUR 47,631.35 to you for outstanding payment. Our sister company instructed we arrange payment to the attached bank details. Best regards Mit freundlichen Grüßen / Best regards Fackelmann GmbH + Co. KG Lena Hauenstein Sebastian-Fackelmann-Str. 6 91217 Hersbruck Telefon: +49 9151 811 101 Fax: +49 9151 811 421 0 E-mailbhirvi(a)ecrobot.com.com www.ecrobot.com

7 years, 3 months

1
0
0 0

[PATCH v2] drm: fix off-by-one in logger

by Norbert Manthey

The current implementation will leak a byte to the log via memmove. The specified 27 bytes are off-by-one, as the payload is 25 bytes, and the termination character is only one byte large. To avoid this, factor out the error message, and furthermore make the second parameter of the append_entry function const. The full trace is as follows: In function ‘memmove’, from ‘append_entry’ at drivers/gpu/drm/amd/display/dc/basics/logger.c:257:2, from ‘dm_logger_append_va’ at drivers/gpu/drm/amd/display/dc/basics/logger.c:348:4 detected read beyond size of object passed as 2nd parameter Signed-off-by: Norbert Manthey <nmanthey(a)amazon.de> --- drivers/gpu/drm/amd/display/dc/basics/logger.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/amd/display/dc/basics/logger.c b/drivers/gpu/drm/amd/display/dc/basics/logger.c index 31bee05..6ba8d0c 100644 --- a/drivers/gpu/drm/amd/display/dc/basics/logger.c +++ b/drivers/gpu/drm/amd/display/dc/basics/logger.c @@ -244,7 +244,7 @@ static void log_heading(struct log_entry *entry) static void append_entry( struct log_entry *entry, - char *buffer, + const char *buffer, uint32_t buf_size) { if (!entry->buf || @@ -346,7 +346,9 @@ void dm_logger_append_va( if (size < LOG_MAX_LINE_SIZE - 1) { append_entry(entry, buffer, size); } else { - append_entry(entry, "LOG_ERROR, line too long\n", 27); + static const char msg[] = "LOG_ERROR, line too long\n"; + + append_entry(entry, msg, sizeof(msg)); } } } -- 2.7.4 Amazon Development Center Germany GmbH Berlin - Dresden - Aachen main office: Krausenstr. 38, 10117 Berlin Geschaeftsfuehrer: Dr. Ralf Herbrich, Christian Schlaeger Ust-ID: DE289237879 Eingetragen am Amtsgericht Charlottenburg HRB 149173 B

7 years, 3 months

1
1
0 0

[PATCH v2 02/16] arm64: dts: marvell: fix CP110 ICU node size

by Miquel Raynal

ICU size in CP110 is not 0x10 but at least 0x440 bytes long (from the specification). Fixes: 6ef84a827c37 ("arm64: dts: marvell: enable GICP and ICU on Armada 7K/8K") Cc: stable(a)vger.kernel.org Signed-off-by: Miquel Raynal <miquel.raynal(a)bootlin.com> Reviewed-by: Thomas Petazzoni <thomas.petazzoni(a)bootlin.com> --- arch/arm64/boot/dts/marvell/armada-cp110.dtsi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm64/boot/dts/marvell/armada-cp110.dtsi b/arch/arm64/boot/dts/marvell/armada-cp110.dtsi index 48cad7919efa..9fa41c54f69c 100644 --- a/arch/arm64/boot/dts/marvell/armada-cp110.dtsi +++ b/arch/arm64/boot/dts/marvell/armada-cp110.dtsi @@ -146,7 +146,7 @@ CP110_LABEL(icu): interrupt-controller@1e0000 { compatible = "marvell,cp110-icu"; - reg = <0x1e0000 0x10>; + reg = <0x1e0000 0x440>; #interrupt-cells = <3>; interrupt-controller; msi-parent = <&gicp>; -- 2.14.1

7 years, 3 months

2
1
0 0

[PATCH 4.16 000/110] 4.16.11-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.16.11 release. There are 110 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Tue May 22 21:04:14 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.16.11-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.16.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.16.11-rc1 Alexei Starovoitov <ast(a)kernel.org> bpf: Prevent memory disambiguation attack Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/bugs: Rename SSBD_NO to SSB_NO Tom Lendacky <thomas.lendacky(a)amd.com> KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD Thomas Gleixner <tglx(a)linutronix.de> x86/speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG Thomas Gleixner <tglx(a)linutronix.de> x86/bugs: Rework spec_ctrl base and mask logic Thomas Gleixner <tglx(a)linutronix.de> x86/bugs: Remove x86_spec_ctrl_set() Thomas Gleixner <tglx(a)linutronix.de> x86/bugs: Expose x86_spec_ctrl_base directly Borislav Petkov <bp(a)suse.de> x86/bugs: Unify x86_spec_ctrl_{set_guest,restore_host} Thomas Gleixner <tglx(a)linutronix.de> x86/speculation: Rework speculative_store_bypass_update() Tom Lendacky <thomas.lendacky(a)amd.com> x86/speculation: Add virtualized speculative store bypass disable support Thomas Gleixner <tglx(a)linutronix.de> x86/bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL Thomas Gleixner <tglx(a)linutronix.de> x86/speculation: Handle HT correctly on AMD Thomas Gleixner <tglx(a)linutronix.de> x86/cpufeatures: Add FEATURE_ZEN Thomas Gleixner <tglx(a)linutronix.de> x86/cpufeatures: Disentangle SSBD enumeration Thomas Gleixner <tglx(a)linutronix.de> x86/cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS Borislav Petkov <bp(a)suse.de> x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP Thomas Gleixner <tglx(a)linutronix.de> KVM: SVM: Move spec control call after restore of GS Jim Mattson <jmattson(a)google.com> x86/cpu: Make alternative_msr_write work for 32-bit code Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/bugs: Fix the parameters alignment and missing void Jiri Kosina <jkosina(a)suse.cz> x86/bugs: Make cpu_show_common() static Jiri Kosina <jkosina(a)suse.cz> x86/bugs: Fix __ssb_select_mitigation() return type Borislav Petkov <bp(a)suse.de> Documentation/spec_ctrl: Do some minor cleanups Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> proc: Use underscores for SSBD in 'status' Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/bugs: Rename _RDS to _SSBD Kees Cook <keescook(a)chromium.org> x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass Thomas Gleixner <tglx(a)linutronix.de> seccomp: Move speculation migitation control to arch code Kees Cook <keescook(a)chromium.org> seccomp: Add filter flag to opt-out of SSB mitigation Thomas Gleixner <tglx(a)linutronix.de> seccomp: Use PR_SPEC_FORCE_DISABLE Thomas Gleixner <tglx(a)linutronix.de> prctl: Add force disable speculation Kees Cook <keescook(a)chromium.org> x86/bugs: Make boot modes __ro_after_init Kees Cook <keescook(a)chromium.org> seccomp: Enable speculation flaw mitigations Kees Cook <keescook(a)chromium.org> proc: Provide details on speculation flaw mitigations Kees Cook <keescook(a)chromium.org> nospec: Allow getting/setting on non-current task Thomas Gleixner <tglx(a)linutronix.de> x86/speculation: Add prctl for Speculative Store Bypass mitigation Thomas Gleixner <tglx(a)linutronix.de> x86/process: Allow runtime control of Speculative Store Bypass Thomas Gleixner <tglx(a)linutronix.de> prctl: Add speculation control prctls Thomas Gleixner <tglx(a)linutronix.de> x86/speculation: Create spec-ctrl.h to avoid include hell Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/bugs: Whitelist allowed SPEC_CTRL MSR values Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/bugs/intel: Set proper CPU features and setup RDS Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/cpufeatures: Add X86_FEATURE_RDS Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/bugs: Expose /sys/../spec_store_bypass Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/bugs, KVM: Support the combination of guest and host IBRS Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/bugs: Concentrate bug reporting into a separate function Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/bugs: Concentrate bug detection into a separate function Linus Torvalds <torvalds(a)linux-foundation.org> x86/nospec: Simplify alternative_msr_write() Liu Bo <bo.liu(a)linux.alibaba.com> btrfs: fix reading stale metadata blocks after degraded raid1 mounts Nikolay Borisov <nborisov(a)suse.com> btrfs: Fix delalloc inodes invalidation during transaction abort Nikolay Borisov <nborisov(a)suse.com> btrfs: Split btrfs_del_delalloc_inode into 2 functions Anand Jain <anand.jain(a)oracle.com> btrfs: fix crash when trying to resume balance without the resume flag Misono Tomohiro <misono.tomohiro(a)jp.fujitsu.com> btrfs: property: Set incompat flag if lzo/zstd compression is set Robbie Ko <robbieko(a)synology.com> Btrfs: send, fix invalid access to commit roots due to concurrent snapshotting Filipe Manana <fdmanana(a)suse.com> Btrfs: fix xattr loss after power failure Masami Hiramatsu <mhiramat(a)kernel.org> ARM: 8772/1: kprobes: Prohibit kprobes on get_user functions Masami Hiramatsu <mhiramat(a)kernel.org> ARM: 8770/1: kprobes: Prohibit probing on optimized_callback Masami Hiramatsu <mhiramat(a)kernel.org> ARM: 8769/1: kprobes: Fix to use get_kprobe_ctlblk after irq-disabed Dexuan Cui <decui(a)microsoft.com> tick/broadcast: Use for_each_cpu() specially on UP kernels Dmitry Safonov <dima(a)arista.com> x86/mm: Drop TS_COMPAT on 64-bit exec() syscall Thomas Gleixner <tglx(a)linutronix.de> x86/apic/x2apic: Initialize cluster ID properly Masami Hiramatsu <mhiramat(a)kernel.org> ARM: 8771/1: kprobes: Prohibit kprobes on do_undefinstr Ard Biesheuvel <ard.biesheuvel(a)linaro.org> efi: Avoid potential crashes, fix the 'struct efi_pci_io_protocol_32' definition for mixed mode Dave Hansen <dave.hansen(a)linux.intel.com> x86/pkeys: Do not special case protection key 0 Dave Hansen <dave.hansen(a)linux.intel.com> x86/pkeys: Override pkey when moving away from PROT_EXEC Coly Li <colyli(a)suse.de> bcache: return 0 from bch_debug_init() if CONFIG_DEBUG_FS=n Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390: remove indirect branch from do_softirq_own_stack Julian Wiedmann <jwi(a)linux.ibm.com> s390/qdio: don't release memory in qdio_setup_irq() Hendrik Brueckner <brueckner(a)linux.ibm.com> s390/cpum_sf: ensure sample frequency of perf event attributes is non-zero Julian Wiedmann <jwi(a)linux.ibm.com> s390/qdio: fix access to uninitialized qdio_q fields Michel Thierry <michel.thierry(a)intel.com> drm/i915/gen9: Add WaClearHIZ_WM_CHICKEN3 for bxt and glk Pavel Tatashin <pasha.tatashin(a)oracle.com> mm: don't allow deferred pages with NEED_PER_CPU_KM Ross Zwisler <ross.zwisler(a)linux.intel.com> radix tree: fix multi-order iteration race Matthew Wilcox <mawilcox(a)microsoft.com> lib/test_bitmap.c: fix bitmap optimisation tests to report errors correctly Miquel Raynal <miquel.raynal(a)bootlin.com> cpufreq: armada-37xx: driver relies on cpufreq-dt Haneen Mohammed <hamohammed.sa(a)gmail.com> drm: Match sysfs name in link removal to link creation Nicholas Piggin <npiggin(a)gmail.com> powerpc/powernv: Fix NVRAM sleep in invalid context when crashing Boris Brezillon <boris.brezillon(a)bootlin.com> mtd: rawnand: marvell: Fix read logic for layouts with ->nchunks > 2 Alexander Monakov <amonakov(a)ispras.ru> i2c: designware: fix poll-after-enable regression Maxime Chevallier <maxime.chevallier(a)bootlin.com> ARM64: dts: marvell: armada-cp110: Add mg_core_clk for ethernet node Maxime Chevallier <maxime.chevallier(a)bootlin.com> ARM64: dts: marvell: armada-cp110: Add clocks for the xmdio node kbuild test robot <fengguang.wu(a)intel.com> netfilter: nf_tables: nf_tables_obj_lookup_byhandle() can be static Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: can't fail after linking rule into active rule list Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: free set name in error path Jann Horn <jannh(a)google.com> tee: shm: fix use-after-free via temporarily dropped reference Guenter Roeck <linux(a)roeck-us.net> x86/amd_nb: Add support for Raven Ridge CPUs Steven Rostedt (VMware) <rostedt(a)goodmis.org> vsprintf: Replace memory barrier with static_key for random_ptr_key update Steven Rostedt (VMware) <rostedt(a)goodmis.org> tracing/x86/xen: Remove zero data size trace events trace_xen_mmu_flush_tlb{_all} Halil Pasic <pasic(a)linux.vnet.ibm.com> vfio: ccw: fix cleanup if cp_prefetch fails Guenter Roeck <linux(a)roeck-us.net> hwmon: (k10temp) Use API function to access System Management Network Guenter Roeck <linux(a)roeck-us.net> hwmon: (k10temp) Fix reading critical temperature register Andre Przywara <andre.przywara(a)arm.com> KVM: arm/arm64: VGIC/ITS: protect kvm_read_guest() calls with SRCU lock Andre Przywara <andre.przywara(a)arm.com> KVM: arm/arm64: VGIC/ITS save/restore: protect kvm_read_guest() calls Andre Przywara <andre.przywara(a)arm.com> KVM: arm/arm64: VGIC/ITS: Promote irq_lock() in update_affinity Andre Przywara <andre.przywara(a)arm.com> KVM: arm/arm64: Properly protect VGIC locks from IRQs Sean Christopherson <sean.j.christopherson(a)intel.com> KVM: vmx: update sec exec controls for UMIP iff emulating UMIP Kamal Dasu <kdasu.kdev(a)gmail.com> spi: bcm-qspi: Always read and set BSPI_MAST_N_BOOT_CTRL Kamal Dasu <kdasu.kdev(a)gmail.com> spi: bcm-qspi: Avoid setting MSPI_CDRAM_PCS for spi-nor master Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> spi: pxa2xx: Allow 64-bit DMA Wenwen Wang <wang6495(a)umn.edu> ALSA: control: fix a redundant-copy issue Hans de Goede <hdegoede(a)redhat.com> ALSA: hda: Add Lenovo C50 All in one to the power_save blacklist Jeremy Soller <jeremy(a)system76.com> ALSA: hda/realtek - Clevo P950ER ALC1220 Fixup Federico Cuello <fedux(a)fedux.com.ar> ALSA: usb: mixer: volume quirk for CM102-A+/102S+ Shuah Khan (Samsung OSG) <shuah(a)kernel.org> usbip: usbip_host: fix bad unlock balance during stub_probe() Shuah Khan (Samsung OSG) <shuah(a)kernel.org> usbip: usbip_host: fix NULL-ptr deref and use-after-free errors Shuah Khan (Samsung OSG) <shuah(a)kernel.org> usbip: usbip_host: run rebind from exit when module is removed Shuah Khan (Samsung OSG) <shuah(a)kernel.org> usbip: usbip_host: delete device from busid_table after rebind Shuah Khan <shuah(a)kernel.org> usbip: usbip_host: refine probe and disconnect debug msgs to be useful Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Fix USB3 NULL pointer dereference at logical disconnect. ------------- Diffstat: Documentation/ABI/testing/sysfs-devices-system-cpu | 1 + Documentation/admin-guide/kernel-parameters.txt | 45 +++ .../devicetree/bindings/net/marvell-pp2.txt | 9 +- Documentation/userspace-api/index.rst | 1 + Documentation/userspace-api/spec_ctrl.rst | 94 +++++ Makefile | 4 +- arch/arm/include/asm/assembler.h | 10 + arch/arm/include/asm/kvm_mmu.h | 16 + arch/arm/kernel/traps.c | 5 +- arch/arm/lib/getuser.S | 10 + arch/arm/probes/kprobes/opt-arm.c | 4 +- arch/arm64/boot/dts/marvell/armada-cp110.dtsi | 7 +- arch/arm64/include/asm/kvm_mmu.h | 16 + arch/powerpc/platforms/powernv/opal-nvram.c | 14 +- arch/s390/kernel/irq.c | 5 +- arch/s390/kernel/perf_cpum_sf.c | 4 + arch/x86/boot/compressed/eboot.c | 6 +- arch/x86/include/asm/cpufeatures.h | 20 +- arch/x86/include/asm/kvm_host.h | 2 +- arch/x86/include/asm/mmu_context.h | 2 +- arch/x86/include/asm/msr-index.h | 9 + arch/x86/include/asm/nospec-branch.h | 43 ++- arch/x86/include/asm/pkeys.h | 18 +- arch/x86/include/asm/spec-ctrl.h | 80 +++++ arch/x86/include/asm/thread_info.h | 4 +- arch/x86/kernel/amd_nb.c | 6 + arch/x86/kernel/apic/x2apic_cluster.c | 1 + arch/x86/kernel/cpu/amd.c | 22 ++ arch/x86/kernel/cpu/bugs.c | 397 ++++++++++++++++++++- arch/x86/kernel/cpu/common.c | 77 +++- arch/x86/kernel/cpu/cpu.h | 2 + arch/x86/kernel/cpu/intel.c | 3 + arch/x86/kernel/process.c | 146 ++++++++ arch/x86/kernel/process_64.c | 1 + arch/x86/kernel/smpboot.c | 5 + arch/x86/kvm/cpuid.c | 21 +- arch/x86/kvm/svm.c | 66 ++-- arch/x86/kvm/vmx.c | 60 ++-- arch/x86/kvm/x86.c | 13 +- arch/x86/mm/pkeys.c | 21 +- arch/x86/xen/mmu.c | 4 +- arch/x86/xen/mmu_pv.c | 4 +- drivers/base/cpu.c | 8 + drivers/cpufreq/Kconfig.arm | 2 +- drivers/gpu/drm/drm_drv.c | 2 +- drivers/gpu/drm/i915/i915_reg.h | 3 + drivers/gpu/drm/i915/intel_engine_cs.c | 4 + drivers/hwmon/Kconfig | 2 +- drivers/hwmon/k10temp.c | 51 ++- drivers/i2c/busses/i2c-designware-master.c | 5 +- drivers/md/bcache/debug.c | 3 + drivers/mtd/nand/marvell_nand.c | 8 +- drivers/s390/cio/qdio_setup.c | 12 +- drivers/s390/cio/vfio_ccw_cp.c | 13 +- drivers/spi/spi-bcm-qspi.c | 28 +- drivers/spi/spi-pxa2xx.h | 2 +- drivers/tee/tee_shm.c | 5 +- drivers/usb/host/xhci-hub.c | 2 +- drivers/usb/usbip/stub.h | 2 + drivers/usb/usbip/stub_dev.c | 43 ++- drivers/usb/usbip/stub_main.c | 105 +++++- fs/btrfs/ctree.c | 22 +- fs/btrfs/ctree.h | 2 + fs/btrfs/disk-io.c | 26 +- fs/btrfs/inode.c | 13 +- fs/btrfs/props.c | 12 +- fs/btrfs/tree-log.c | 7 + fs/btrfs/volumes.c | 9 + fs/proc/array.c | 25 ++ include/linux/bpf_verifier.h | 1 + include/linux/cpu.h | 2 + include/linux/efi.h | 8 +- include/linux/nospec.h | 10 + include/linux/sched.h | 10 +- include/linux/seccomp.h | 5 +- include/trace/events/xen.h | 16 - include/uapi/linux/prctl.h | 12 + include/uapi/linux/seccomp.h | 5 +- kernel/bpf/verifier.c | 59 ++- kernel/seccomp.c | 21 +- kernel/sys.c | 23 ++ kernel/time/tick-broadcast.c | 8 + lib/radix-tree.c | 6 +- lib/test_bitmap.c | 21 +- lib/vsprintf.c | 26 +- mm/Kconfig | 1 + net/netfilter/nf_tables_api.c | 75 ++-- sound/core/control_compat.c | 3 +- sound/pci/hda/hda_intel.c | 2 + sound/pci/hda/patch_realtek.c | 1 + sound/usb/mixer.c | 8 + tools/testing/selftests/seccomp/seccomp_bpf.c | 22 +- virt/kvm/arm/vgic/vgic-debug.c | 5 +- virt/kvm/arm/vgic/vgic-its.c | 34 +- virt/kvm/arm/vgic/vgic-v3.c | 4 +- virt/kvm/arm/vgic/vgic.c | 22 +- 96 files changed, 1731 insertions(+), 373 deletions(-)

7 years, 3 months

6
119
0 0

[PATCH] PCI/portdrv: do not disable device on remove()

by Sinan Kaya

'Commit cc27b735ad3a ("PCI/portdrv: Turn off PCIe services during shutdown")' has been added to kernel to shutdown pending PCIe port service interrupts during reboot so that a newly started kexec kernel wouldn't observe pending interrupts. pcie_port_device_remove() is disabling the root port and switches by calling pci_disable_device() after all PCIe service drivers are shutdown. pci_disable_device() has a much wider impact then port service itself and it prevents all inbound transactions to reach to the system and impacts the entire PCI traffic behind the bridge. Issue is that pcie_port_device_remove() doesn't maintain any coordination with the rest of the PCI device drivers in the system before clearing the bus master bit. This has been found to cause crashes on HP DL360 Gen9 machines during reboot. Besides, kexec is already clearing the bus master bit in pci_device_shutdown() after all PCI drivers are removed. Just remove the extra clear here. Signed-off-by: Sinan Kaya <okaya(a)codeaurora.org> Link: https://bugzilla.kernel.org/show_bug.cgi?id=199779 Fixes: cc27b735ad3a ("PCI/portdrv: Turn off PCIe services during shutdown") Cc: stable(a)vger.kernel.org Reported-by: Ryan Finnie <ryan(a)finnie.org> --- drivers/pci/pcie/portdrv_core.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/pci/pcie/portdrv_core.c b/drivers/pci/pcie/portdrv_core.c index c9c0663..d22a95d 100644 --- a/drivers/pci/pcie/portdrv_core.c +++ b/drivers/pci/pcie/portdrv_core.c @@ -409,7 +409,6 @@ void pcie_port_device_remove(struct pci_dev *dev) { device_for_each_child(&dev->dev, NULL, remove_iter); pci_free_irq_vectors(dev); - pci_disable_device(dev); } /** -- 2.7.4

7 years, 3 months

3
3
0 0

Stable release queue build failures (3.18, 4.1)

by Guenter Roeck

v3.18.109-42-g6009175, s390:allnoconfig: arch/s390/mm/vmem.c:30:20: warning: 'vmem_alloc_pages' defined but not used [-Wunused-function] arch/s390/kernel/irq.c: Assembler messages: arch/s390/kernel/irq.c:180: Error: Unrecognized opcode: `brasl' v4.1.51-555-g5b61994, {i386,x86_64}:{allyesconfig,allmodconfig}: arch/x86/kvm/vmx.c: In function 'vmx_handle_external_intr': arch/x86/kvm/vmx.c:8016:4: error: expected ':' or ')' before 'CALL_NOSPEC' Guenter

7 years, 3 months

3
2
0 0

[PATCH for-next 0/5] IB/hfi1,isert: Updates for-next 5/15/2018

by Dennis Dalessandro

Hi Doug and Jason, Here are some patches to go to for-next. One is a code cleanup. The rest are bug fixes that are probably not serious enough for an -rc6. The one that may be on the fence is the isert patch. Since it only affects debug kernels it can probably even wait till for-next. It has been marked stable though. --- Alex Estrin (1): IB/isert: Fix for lib/dma_debug check_sync warning Kamenee Arumugam (1): IB/Hfi1: Mask Unsupported Request error bit in PCIe AER Michael J. Ruhl (1): IB/hfi1: Set port number for errorinfo MAD response Mike Marciniszyn (2): IB/hfi1: Cleanup of exp_rcv IB/{rdmavt,hfi1}; Change hrtimer add to use the pinned variation drivers/infiniband/hw/hfi1/exp_rcv.c | 39 +++++++++++++++++++------------ drivers/infiniband/hw/hfi1/exp_rcv.h | 24 ++++++++++++++++++- drivers/infiniband/hw/hfi1/hfi.h | 14 ++++++----- drivers/infiniband/hw/hfi1/init.c | 4 +-- drivers/infiniband/hw/hfi1/mad.c | 1 + drivers/infiniband/hw/hfi1/pcie.c | 15 ++++++++++++ drivers/infiniband/hw/hfi1/rc.c | 2 +- drivers/infiniband/sw/rdmavt/qp.c | 2 +- drivers/infiniband/ulp/isert/ib_isert.c | 26 ++++++++++++++------- 9 files changed, 91 insertions(+), 36 deletions(-) -- -Denny

7 years, 3 months

5
10
0 0

+ kasan-fix-memory-hotplug-during-boot.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: kasan: fix memory hotplug during boot has been added to the -mm tree. Its filename is kasan-fix-memory-hotplug-during-boot.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/kasan-fix-memory-hotplug-during-bo… and later at http://ozlabs.org/~akpm/mmotm/broken-out/kasan-fix-memory-hotplug-during-bo… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: David Hildenbrand <david(a)redhat.com> Subject: kasan: fix memory hotplug during boot Using module_init() is wrong. E.g. ACPI adds and onlines memory before our memory notifier gets registered. This makes sure that ACPI memory detected during boot up will not result in a kernel crash. Easily reproducible with QEMU, just specify a DIMM when starting up. Link: http://lkml.kernel.org/r/20180522100756.18478-3-david@redhat.com Fixes: 786a8959912e ("kasan: disable memory hotplug") Signed-off-by: David Hildenbrand <david(a)redhat.com> Acked-by: Andrey Ryabinin <aryabinin(a)virtuozzo.com> Cc: Alexander Potapenko <glider(a)google.com> Cc: Dmitry Vyukov <dvyukov(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/kasan/kasan.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff -puN mm/kasan/kasan.c~kasan-fix-memory-hotplug-during-boot mm/kasan/kasan.c --- a/mm/kasan/kasan.c~kasan-fix-memory-hotplug-during-boot +++ a/mm/kasan/kasan.c @@ -892,5 +892,5 @@ static int __init kasan_memhotplug_init( return 0; } -module_init(kasan_memhotplug_init); +core_initcall(kasan_memhotplug_init); #endif _ Patches currently in -mm which might be from david(a)redhat.com are kasan-free-allocated-shadow-memory-on-mem_cancel_online.patch kasan-fix-memory-hotplug-during-boot.patch

7 years, 3 months

1
0
0 0

+ kasan-free-allocated-shadow-memory-on-mem_cancel_online.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: kasan: free allocated shadow memory on MEM_CANCEL_ONLINE has been added to the -mm tree. Its filename is kasan-free-allocated-shadow-memory-on-mem_cancel_online.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/kasan-free-allocated-shadow-memory… and later at http://ozlabs.org/~akpm/mmotm/broken-out/kasan-free-allocated-shadow-memory… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: David Hildenbrand <david(a)redhat.com> Subject: kasan: free allocated shadow memory on MEM_CANCEL_ONLINE We have to free memory again when we cancel onlining, otherwise a later onlining attempt will fail. Link: http://lkml.kernel.org/r/20180522100756.18478-2-david@redhat.com Fixes: fa69b5989bb0 ("mm/kasan: add support for memory hotplug") Signed-off-by: David Hildenbrand <david(a)redhat.com> Acked-by: Andrey Ryabinin <aryabinin(a)virtuozzo.com> Cc: Alexander Potapenko <glider(a)google.com> Cc: Dmitry Vyukov <dvyukov(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/kasan/kasan.c | 1 + 1 file changed, 1 insertion(+) diff -puN mm/kasan/kasan.c~kasan-free-allocated-shadow-memory-on-mem_cancel_online mm/kasan/kasan.c --- a/mm/kasan/kasan.c~kasan-free-allocated-shadow-memory-on-mem_cancel_online +++ a/mm/kasan/kasan.c @@ -867,6 +867,7 @@ static int __meminit kasan_mem_notifier( kmemleak_ignore(ret); return NOTIFY_OK; } + case MEM_CANCEL_ONLINE: case MEM_OFFLINE: { struct vm_struct *vm; _ Patches currently in -mm which might be from david(a)redhat.com are kasan-free-allocated-shadow-memory-on-mem_cancel_online.patch kasan-fix-memory-hotplug-during-boot.patch

7 years, 3 months

1
0
0 0

[PATCH 4.14 00/95] 4.14.43-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.14.43 release. There are 95 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Tue May 22 21:04:09 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.43-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.14.43-rc1 Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/bugs: Rename SSBD_NO to SSB_NO Tom Lendacky <thomas.lendacky(a)amd.com> KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD Thomas Gleixner <tglx(a)linutronix.de> x86/speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG Thomas Gleixner <tglx(a)linutronix.de> x86/bugs: Rework spec_ctrl base and mask logic Thomas Gleixner <tglx(a)linutronix.de> x86/bugs: Remove x86_spec_ctrl_set() Thomas Gleixner <tglx(a)linutronix.de> x86/bugs: Expose x86_spec_ctrl_base directly Borislav Petkov <bp(a)suse.de> x86/bugs: Unify x86_spec_ctrl_{set_guest,restore_host} Thomas Gleixner <tglx(a)linutronix.de> x86/speculation: Rework speculative_store_bypass_update() Tom Lendacky <thomas.lendacky(a)amd.com> x86/speculation: Add virtualized speculative store bypass disable support Thomas Gleixner <tglx(a)linutronix.de> x86/bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL Thomas Gleixner <tglx(a)linutronix.de> x86/speculation: Handle HT correctly on AMD Thomas Gleixner <tglx(a)linutronix.de> x86/cpufeatures: Add FEATURE_ZEN Thomas Gleixner <tglx(a)linutronix.de> x86/cpufeatures: Disentangle SSBD enumeration Thomas Gleixner <tglx(a)linutronix.de> x86/cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS Borislav Petkov <bp(a)suse.de> x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP Thomas Gleixner <tglx(a)linutronix.de> KVM: SVM: Move spec control call after restore of GS Jim Mattson <jmattson(a)google.com> x86/cpu: Make alternative_msr_write work for 32-bit code Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/bugs: Fix the parameters alignment and missing void Jiri Kosina <jkosina(a)suse.cz> x86/bugs: Make cpu_show_common() static Jiri Kosina <jkosina(a)suse.cz> x86/bugs: Fix __ssb_select_mitigation() return type Borislav Petkov <bp(a)suse.de> Documentation/spec_ctrl: Do some minor cleanups Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> proc: Use underscores for SSBD in 'status' Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/bugs: Rename _RDS to _SSBD Kees Cook <keescook(a)chromium.org> x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass Thomas Gleixner <tglx(a)linutronix.de> seccomp: Move speculation migitation control to arch code Kees Cook <keescook(a)chromium.org> seccomp: Add filter flag to opt-out of SSB mitigation Thomas Gleixner <tglx(a)linutronix.de> seccomp: Use PR_SPEC_FORCE_DISABLE Thomas Gleixner <tglx(a)linutronix.de> prctl: Add force disable speculation Kees Cook <keescook(a)chromium.org> x86/bugs: Make boot modes __ro_after_init Kees Cook <keescook(a)chromium.org> seccomp: Enable speculation flaw mitigations Kees Cook <keescook(a)chromium.org> proc: Provide details on speculation flaw mitigations Kees Cook <keescook(a)chromium.org> nospec: Allow getting/setting on non-current task Thomas Gleixner <tglx(a)linutronix.de> x86/speculation: Add prctl for Speculative Store Bypass mitigation Thomas Gleixner <tglx(a)linutronix.de> x86/process: Allow runtime control of Speculative Store Bypass Thomas Gleixner <tglx(a)linutronix.de> prctl: Add speculation control prctls Thomas Gleixner <tglx(a)linutronix.de> x86/speculation: Create spec-ctrl.h to avoid include hell Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/bugs: Whitelist allowed SPEC_CTRL MSR values Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/bugs/intel: Set proper CPU features and setup RDS Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/cpufeatures: Add X86_FEATURE_RDS Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/bugs: Expose /sys/../spec_store_bypass Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/bugs, KVM: Support the combination of guest and host IBRS Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/bugs: Concentrate bug reporting into a separate function Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/bugs: Concentrate bug detection into a separate function Linus Torvalds <torvalds(a)linux-foundation.org> x86/nospec: Simplify alternative_msr_write() Liu Bo <bo.liu(a)linux.alibaba.com> btrfs: fix reading stale metadata blocks after degraded raid1 mounts Nikolay Borisov <nborisov(a)suse.com> btrfs: Fix delalloc inodes invalidation during transaction abort Nikolay Borisov <nborisov(a)suse.com> btrfs: Split btrfs_del_delalloc_inode into 2 functions Anand Jain <anand.jain(a)oracle.com> btrfs: fix crash when trying to resume balance without the resume flag Misono Tomohiro <misono.tomohiro(a)jp.fujitsu.com> btrfs: property: Set incompat flag if lzo/zstd compression is set Robbie Ko <robbieko(a)synology.com> Btrfs: send, fix invalid access to commit roots due to concurrent snapshotting Filipe Manana <fdmanana(a)suse.com> Btrfs: fix xattr loss after power failure Masami Hiramatsu <mhiramat(a)kernel.org> ARM: 8772/1: kprobes: Prohibit kprobes on get_user functions Masami Hiramatsu <mhiramat(a)kernel.org> ARM: 8770/1: kprobes: Prohibit probing on optimized_callback Masami Hiramatsu <mhiramat(a)kernel.org> ARM: 8769/1: kprobes: Fix to use get_kprobe_ctlblk after irq-disabed Dexuan Cui <decui(a)microsoft.com> tick/broadcast: Use for_each_cpu() specially on UP kernels Dmitry Safonov <dima(a)arista.com> x86/mm: Drop TS_COMPAT on 64-bit exec() syscall Masami Hiramatsu <mhiramat(a)kernel.org> ARM: 8771/1: kprobes: Prohibit kprobes on do_undefinstr Ard Biesheuvel <ard.biesheuvel(a)linaro.org> efi: Avoid potential crashes, fix the 'struct efi_pci_io_protocol_32' definition for mixed mode Dave Hansen <dave.hansen(a)linux.intel.com> x86/pkeys: Do not special case protection key 0 Dave Hansen <dave.hansen(a)linux.intel.com> x86/pkeys: Override pkey when moving away from PROT_EXEC Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390: remove indirect branch from do_softirq_own_stack Julian Wiedmann <jwi(a)linux.ibm.com> s390/qdio: don't release memory in qdio_setup_irq() Hendrik Brueckner <brueckner(a)linux.ibm.com> s390/cpum_sf: ensure sample frequency of perf event attributes is non-zero Julian Wiedmann <jwi(a)linux.ibm.com> s390/qdio: fix access to uninitialized qdio_q fields Michel Thierry <michel.thierry(a)intel.com> drm/i915/gen9: Add WaClearHIZ_WM_CHICKEN3 for bxt and glk Pavel Tatashin <pasha.tatashin(a)oracle.com> mm: don't allow deferred pages with NEED_PER_CPU_KM Ross Zwisler <ross.zwisler(a)linux.intel.com> radix tree: fix multi-order iteration race Matthew Wilcox <mawilcox(a)microsoft.com> lib/test_bitmap.c: fix bitmap optimisation tests to report errors correctly Haneen Mohammed <hamohammed.sa(a)gmail.com> drm: Match sysfs name in link removal to link creation Nicholas Piggin <npiggin(a)gmail.com> powerpc/powernv: Fix NVRAM sleep in invalid context when crashing Alexander Monakov <amonakov(a)ispras.ru> i2c: designware: fix poll-after-enable regression Subash Abhinov Kasiviswanathan <subashab(a)codeaurora.org> netfilter: nf_socket: Fix out of bounds access in nf_sk_lookup_slow_v{4,6} Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: can't fail after linking rule into active rule list Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: free set name in error path Jann Horn <jannh(a)google.com> tee: shm: fix use-after-free via temporarily dropped reference Steven Rostedt (VMware) <rostedt(a)goodmis.org> tracing/x86/xen: Remove zero data size trace events trace_xen_mmu_flush_tlb{_all} Halil Pasic <pasic(a)linux.vnet.ibm.com> vfio: ccw: fix cleanup if cp_prefetch fails Benjamin Herrenschmidt <benh(a)kernel.crashing.org> powerpc: Don't preempt_disable() in show_cpuinfo() Andre Przywara <andre.przywara(a)arm.com> KVM: arm/arm64: VGIC/ITS: protect kvm_read_guest() calls with SRCU lock Andre Przywara <andre.przywara(a)arm.com> KVM: arm/arm64: VGIC/ITS save/restore: protect kvm_read_guest() calls Kamal Dasu <kdasu.kdev(a)gmail.com> spi: bcm-qspi: Always read and set BSPI_MAST_N_BOOT_CTRL Kamal Dasu <kdasu.kdev(a)gmail.com> spi: bcm-qspi: Avoid setting MSPI_CDRAM_PCS for spi-nor master Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> spi: pxa2xx: Allow 64-bit DMA Wenwen Wang <wang6495(a)umn.edu> ALSA: control: fix a redundant-copy issue Hans de Goede <hdegoede(a)redhat.com> ALSA: hda: Add Lenovo C50 All in one to the power_save blacklist Federico Cuello <fedux(a)fedux.com.ar> ALSA: usb: mixer: volume quirk for CM102-A+/102S+ Shuah Khan (Samsung OSG) <shuah(a)kernel.org> usbip: usbip_host: fix bad unlock balance during stub_probe() Shuah Khan (Samsung OSG) <shuah(a)kernel.org> usbip: usbip_host: fix NULL-ptr deref and use-after-free errors Shuah Khan (Samsung OSG) <shuah(a)kernel.org> usbip: usbip_host: run rebind from exit when module is removed Shuah Khan (Samsung OSG) <shuah(a)kernel.org> usbip: usbip_host: delete device from busid_table after rebind Shuah Khan <shuah(a)kernel.org> usbip: usbip_host: refine probe and disconnect debug msgs to be useful ------------- Diffstat: Documentation/ABI/testing/sysfs-devices-system-cpu | 1 + Documentation/admin-guide/kernel-parameters.txt | 45 +++ Documentation/userspace-api/index.rst | 1 + Documentation/userspace-api/spec_ctrl.rst | 94 +++++ Makefile | 4 +- arch/arm/include/asm/assembler.h | 10 + arch/arm/include/asm/kvm_mmu.h | 16 + arch/arm/kernel/traps.c | 5 +- arch/arm/lib/getuser.S | 10 + arch/arm/probes/kprobes/opt-arm.c | 4 +- arch/arm64/include/asm/kvm_mmu.h | 16 + arch/powerpc/kernel/setup-common.c | 11 - arch/powerpc/platforms/powernv/opal-nvram.c | 14 +- arch/s390/kernel/irq.c | 5 +- arch/s390/kernel/perf_cpum_sf.c | 4 + arch/x86/boot/compressed/eboot.c | 6 +- arch/x86/include/asm/cpufeatures.h | 18 +- arch/x86/include/asm/kvm_host.h | 2 +- arch/x86/include/asm/mmu_context.h | 2 +- arch/x86/include/asm/msr-index.h | 9 + arch/x86/include/asm/nospec-branch.h | 43 ++- arch/x86/include/asm/pkeys.h | 18 +- arch/x86/include/asm/spec-ctrl.h | 80 +++++ arch/x86/include/asm/thread_info.h | 4 +- arch/x86/kernel/cpu/amd.c | 22 ++ arch/x86/kernel/cpu/bugs.c | 397 ++++++++++++++++++++- arch/x86/kernel/cpu/common.c | 77 +++- arch/x86/kernel/cpu/cpu.h | 2 + arch/x86/kernel/cpu/intel.c | 3 + arch/x86/kernel/process.c | 146 ++++++++ arch/x86/kernel/process_64.c | 1 + arch/x86/kernel/smpboot.c | 5 + arch/x86/kvm/cpuid.c | 21 +- arch/x86/kvm/svm.c | 66 ++-- arch/x86/kvm/vmx.c | 32 +- arch/x86/kvm/x86.c | 13 +- arch/x86/mm/pkeys.c | 21 +- arch/x86/xen/mmu.c | 4 +- arch/x86/xen/mmu_pv.c | 4 +- drivers/base/cpu.c | 8 + drivers/gpu/drm/drm_drv.c | 2 +- drivers/gpu/drm/i915/i915_reg.h | 3 + drivers/gpu/drm/i915/intel_engine_cs.c | 4 + drivers/i2c/busses/i2c-designware-master.c | 5 +- drivers/s390/cio/qdio_setup.c | 12 +- drivers/s390/cio/vfio_ccw_cp.c | 13 +- drivers/spi/spi-bcm-qspi.c | 28 +- drivers/spi/spi-pxa2xx.h | 2 +- drivers/tee/tee_shm.c | 5 +- drivers/usb/usbip/stub.h | 2 + drivers/usb/usbip/stub_dev.c | 43 ++- drivers/usb/usbip/stub_main.c | 105 +++++- fs/btrfs/ctree.c | 22 +- fs/btrfs/ctree.h | 2 + fs/btrfs/disk-io.c | 26 +- fs/btrfs/inode.c | 13 +- fs/btrfs/props.c | 12 +- fs/btrfs/tree-log.c | 7 + fs/btrfs/volumes.c | 9 + fs/proc/array.c | 25 ++ include/linux/cpu.h | 2 + include/linux/efi.h | 8 +- include/linux/nospec.h | 10 + include/linux/sched.h | 10 +- include/linux/seccomp.h | 5 +- include/trace/events/xen.h | 16 - include/uapi/linux/prctl.h | 12 + include/uapi/linux/seccomp.h | 5 +- kernel/seccomp.c | 21 +- kernel/sys.c | 23 ++ kernel/time/tick-broadcast.c | 8 + lib/radix-tree.c | 6 +- lib/test_bitmap.c | 21 +- mm/Kconfig | 1 + net/ipv4/netfilter/nf_socket_ipv4.c | 6 +- net/ipv6/netfilter/nf_socket_ipv6.c | 6 +- net/netfilter/nf_tables_api.c | 67 ++-- sound/core/control_compat.c | 3 +- sound/pci/hda/hda_intel.c | 2 + sound/usb/mixer.c | 8 + tools/testing/selftests/seccomp/seccomp_bpf.c | 22 +- virt/kvm/arm/vgic/vgic-its.c | 19 +- virt/kvm/arm/vgic/vgic-v3.c | 4 +- 83 files changed, 1557 insertions(+), 312 deletions(-)

7 years, 3 months

4
97
0 0

[PATCH 4.9 00/87] 4.9.102-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.9.102 release. There are 87 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Tue May 22 21:03:57 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.102-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.9.102-rc1 Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/bugs: Rename SSBD_NO to SSB_NO Tom Lendacky <thomas.lendacky(a)amd.com> KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD Thomas Gleixner <tglx(a)linutronix.de> x86/speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG Thomas Gleixner <tglx(a)linutronix.de> x86/bugs: Rework spec_ctrl base and mask logic Thomas Gleixner <tglx(a)linutronix.de> x86/bugs: Remove x86_spec_ctrl_set() Thomas Gleixner <tglx(a)linutronix.de> x86/bugs: Expose x86_spec_ctrl_base directly Borislav Petkov <bp(a)suse.de> x86/bugs: Unify x86_spec_ctrl_{set_guest,restore_host} Thomas Gleixner <tglx(a)linutronix.de> x86/speculation: Rework speculative_store_bypass_update() Tom Lendacky <thomas.lendacky(a)amd.com> x86/speculation: Add virtualized speculative store bypass disable support Thomas Gleixner <tglx(a)linutronix.de> x86/bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL Thomas Gleixner <tglx(a)linutronix.de> x86/speculation: Handle HT correctly on AMD Thomas Gleixner <tglx(a)linutronix.de> x86/cpufeatures: Add FEATURE_ZEN Borislav Petkov <bp(a)suse.de> x86/cpu/AMD: Fix erratum 1076 (CPB bit) Thomas Gleixner <tglx(a)linutronix.de> x86/cpufeatures: Disentangle SSBD enumeration Thomas Gleixner <tglx(a)linutronix.de> x86/cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS Borislav Petkov <bp(a)suse.de> x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP Thomas Gleixner <tglx(a)linutronix.de> KVM: SVM: Move spec control call after restore of GS Jim Mattson <jmattson(a)google.com> x86/cpu: Make alternative_msr_write work for 32-bit code Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/bugs: Fix the parameters alignment and missing void Jiri Kosina <jkosina(a)suse.cz> x86/bugs: Make cpu_show_common() static Jiri Kosina <jkosina(a)suse.cz> x86/bugs: Fix __ssb_select_mitigation() return type Borislav Petkov <bp(a)suse.de> Documentation/spec_ctrl: Do some minor cleanups Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> proc: Use underscores for SSBD in 'status' Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/bugs: Rename _RDS to _SSBD Kees Cook <keescook(a)chromium.org> x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass Thomas Gleixner <tglx(a)linutronix.de> seccomp: Move speculation migitation control to arch code Kees Cook <keescook(a)chromium.org> seccomp: Add filter flag to opt-out of SSB mitigation Thomas Gleixner <tglx(a)linutronix.de> seccomp: Use PR_SPEC_FORCE_DISABLE Thomas Gleixner <tglx(a)linutronix.de> prctl: Add force disable speculation Kees Cook <keescook(a)chromium.org> x86/bugs: Make boot modes __ro_after_init Kees Cook <keescook(a)chromium.org> seccomp: Enable speculation flaw mitigations Kees Cook <keescook(a)chromium.org> proc: Provide details on speculation flaw mitigations Kees Cook <keescook(a)chromium.org> nospec: Allow getting/setting on non-current task Thomas Gleixner <tglx(a)linutronix.de> x86/speculation: Add prctl for Speculative Store Bypass mitigation Thomas Gleixner <tglx(a)linutronix.de> x86/process: Allow runtime control of Speculative Store Bypass Thomas Gleixner <tglx(a)linutronix.de> x86/process: Optimize TIF_NOTSC switch Kyle Huey <me(a)kylehuey.com> x86/process: Correct and optimize TIF_BLOCKSTEP switch Kyle Huey <me(a)kylehuey.com> x86/process: Optimize TIF checks in __switch_to_xtra() Thomas Gleixner <tglx(a)linutronix.de> prctl: Add speculation control prctls Thomas Gleixner <tglx(a)linutronix.de> x86/speculation: Create spec-ctrl.h to avoid include hell Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest David Woodhouse <dwmw(a)amazon.co.uk> x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/bugs: Whitelist allowed SPEC_CTRL MSR values Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/bugs/intel: Set proper CPU features and setup RDS Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/cpufeatures: Add X86_FEATURE_RDS Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/bugs: Expose /sys/../spec_store_bypass Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/bugs, KVM: Support the combination of guest and host IBRS Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/bugs: Concentrate bug reporting into a separate function Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/bugs: Concentrate bug detection into a separate function Linus Torvalds <torvalds(a)linux-foundation.org> x86/nospec: Simplify alternative_msr_write() Liu Bo <bo.liu(a)linux.alibaba.com> btrfs: fix reading stale metadata blocks after degraded raid1 mounts David Woodhouse <dwmw(a)amazon.co.uk> x86/amd: don't set X86_BUG_SYSRET_SS_ATTRS when running under Xen Anand Jain <anand.jain(a)oracle.com> btrfs: fix crash when trying to resume balance without the resume flag Filipe Manana <fdmanana(a)suse.com> Btrfs: fix xattr loss after power failure Masami Hiramatsu <mhiramat(a)kernel.org> ARM: 8772/1: kprobes: Prohibit kprobes on get_user functions Masami Hiramatsu <mhiramat(a)kernel.org> ARM: 8770/1: kprobes: Prohibit probing on optimized_callback Masami Hiramatsu <mhiramat(a)kernel.org> ARM: 8769/1: kprobes: Fix to use get_kprobe_ctlblk after irq-disabed Dexuan Cui <decui(a)microsoft.com> tick/broadcast: Use for_each_cpu() specially on UP kernels Masami Hiramatsu <mhiramat(a)kernel.org> ARM: 8771/1: kprobes: Prohibit kprobes on do_undefinstr Ard Biesheuvel <ard.biesheuvel(a)linaro.org> efi: Avoid potential crashes, fix the 'struct efi_pci_io_protocol_32' definition for mixed mode Dave Hansen <dave.hansen(a)linux.intel.com> x86/pkeys: Do not special case protection key 0 Dave Hansen <dave.hansen(a)linux.intel.com> x86/pkeys: Override pkey when moving away from PROT_EXEC Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390: remove indirect branch from do_softirq_own_stack Julian Wiedmann <jwi(a)linux.ibm.com> s390/qdio: don't release memory in qdio_setup_irq() Hendrik Brueckner <brueckner(a)linux.ibm.com> s390/cpum_sf: ensure sample frequency of perf event attributes is non-zero Julian Wiedmann <jwi(a)linux.ibm.com> s390/qdio: fix access to uninitialized qdio_q fields Pavel Tatashin <pasha.tatashin(a)oracle.com> mm: don't allow deferred pages with NEED_PER_CPU_KM Nicholas Piggin <npiggin(a)gmail.com> powerpc/powernv: Fix NVRAM sleep in invalid context when crashing Alexander Monakov <amonakov(a)ispras.ru> i2c: designware: fix poll-after-enable regression Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: can't fail after linking rule into active rule list Steven Rostedt (VMware) <rostedt(a)goodmis.org> tracing/x86/xen: Remove zero data size trace events trace_xen_mmu_flush_tlb{_all} Waiman Long <Waiman.Long(a)hpe.com> signals: avoid unnecessary taking of sighand->siglock Benjamin Herrenschmidt <benh(a)kernel.crashing.org> powerpc: Don't preempt_disable() in show_cpuinfo() Andre Przywara <andre.przywara(a)arm.com> KVM: arm/arm64: VGIC/ITS: protect kvm_read_guest() calls with SRCU lock Kamal Dasu <kdasu.kdev(a)gmail.com> spi: bcm-qspi: Always read and set BSPI_MAST_N_BOOT_CTRL Kamal Dasu <kdasu.kdev(a)gmail.com> spi: bcm-qspi: Avoid setting MSPI_CDRAM_PCS for spi-nor master Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> spi: pxa2xx: Allow 64-bit DMA Wenwen Wang <wang6495(a)umn.edu> ALSA: control: fix a redundant-copy issue Hans de Goede <hdegoede(a)redhat.com> ALSA: hda: Add Lenovo C50 All in one to the power_save blacklist Federico Cuello <fedux(a)fedux.com.ar> ALSA: usb: mixer: volume quirk for CM102-A+/102S+ Shuah Khan (Samsung OSG) <shuah(a)kernel.org> usbip: usbip_host: fix bad unlock balance during stub_probe() Shuah Khan (Samsung OSG) <shuah(a)kernel.org> usbip: usbip_host: fix NULL-ptr deref and use-after-free errors Shuah Khan (Samsung OSG) <shuah(a)kernel.org> usbip: usbip_host: run rebind from exit when module is removed Shuah Khan (Samsung OSG) <shuah(a)kernel.org> usbip: usbip_host: delete device from busid_table after rebind Shuah Khan <shuah(a)kernel.org> usbip: usbip_host: refine probe and disconnect debug msgs to be useful ------------- Diffstat: Documentation/ABI/testing/sysfs-devices-system-cpu | 1 + Documentation/kernel-parameters.txt | 45 +++ Documentation/spec_ctrl.txt | 94 +++++ Makefile | 4 +- arch/arm/include/asm/assembler.h | 10 + arch/arm/include/asm/kvm_mmu.h | 16 + arch/arm/kernel/traps.c | 5 +- arch/arm/lib/getuser.S | 10 + arch/arm/probes/kprobes/opt-arm.c | 4 +- arch/arm64/include/asm/kvm_mmu.h | 16 + arch/powerpc/kernel/setup-common.c | 11 - arch/powerpc/platforms/powernv/opal-nvram.c | 14 +- arch/s390/kernel/irq.c | 5 +- arch/s390/kernel/perf_cpum_sf.c | 4 + arch/x86/boot/compressed/eboot.c | 6 +- arch/x86/include/asm/cpufeatures.h | 20 +- arch/x86/include/asm/kvm_host.h | 2 +- arch/x86/include/asm/mmu_context.h | 2 +- arch/x86/include/asm/msr-index.h | 10 + arch/x86/include/asm/nospec-branch.h | 43 ++- arch/x86/include/asm/pkeys.h | 18 +- arch/x86/include/asm/spec-ctrl.h | 80 +++++ arch/x86/include/asm/thread_info.h | 6 +- arch/x86/include/asm/tlbflush.h | 10 + arch/x86/kernel/cpu/amd.c | 38 +- arch/x86/kernel/cpu/bugs.c | 397 ++++++++++++++++++++- arch/x86/kernel/cpu/common.c | 77 +++- arch/x86/kernel/cpu/cpu.h | 3 + arch/x86/kernel/cpu/intel.c | 3 + arch/x86/kernel/process.c | 224 +++++++++--- arch/x86/kernel/smpboot.c | 5 + arch/x86/kvm/cpuid.c | 21 +- arch/x86/kvm/cpuid.h | 17 +- arch/x86/kvm/svm.c | 64 ++-- arch/x86/kvm/vmx.c | 33 +- arch/x86/kvm/x86.c | 13 +- arch/x86/mm/pkeys.c | 21 +- arch/x86/xen/enlighten.c | 4 +- arch/x86/xen/mmu.c | 4 - drivers/base/cpu.c | 8 + drivers/i2c/busses/i2c-designware-core.c | 5 +- drivers/s390/cio/qdio_setup.c | 12 +- drivers/spi/spi-bcm-qspi.c | 28 +- drivers/spi/spi-pxa2xx.h | 2 +- drivers/usb/usbip/stub.h | 2 + drivers/usb/usbip/stub_dev.c | 43 ++- drivers/usb/usbip/stub_main.c | 105 +++++- fs/btrfs/ctree.c | 6 +- fs/btrfs/tree-log.c | 7 + fs/btrfs/volumes.c | 9 + fs/proc/array.c | 27 +- include/linux/cpu.h | 2 + include/linux/efi.h | 8 +- include/linux/nospec.h | 10 + include/linux/sched.h | 9 + include/linux/seccomp.h | 3 +- include/linux/signal.h | 17 + include/trace/events/xen.h | 16 - include/uapi/linux/prctl.h | 12 + include/uapi/linux/seccomp.h | 4 +- kernel/seccomp.c | 21 +- kernel/signal.c | 7 + kernel/sys.c | 23 ++ kernel/time/tick-broadcast.c | 8 + mm/Kconfig | 1 + net/netfilter/nf_tables_api.c | 59 +-- sound/core/control_compat.c | 3 +- sound/pci/hda/hda_intel.c | 2 + sound/usb/mixer.c | 8 + tools/testing/selftests/seccomp/seccomp_bpf.c | 78 +++- virt/kvm/arm/vgic/vgic-its.c | 15 +- 71 files changed, 1611 insertions(+), 309 deletions(-)

7 years, 3 months

4
88
0 0

[PATCH for-next] IB/qib: Fix DMA api warning with debug kernel

by Dennis Dalessandro

From: Mike Marciniszyn <mike.marciniszyn(a)intel.com> The following error occurs in a debug build when running MPI PSM: [ 307.415911] WARNING: CPU: 4 PID: 23867 at lib/dma-debug.c:1158 check_unmap+0x4ee/0xa20 [ 307.455661] ib_qib 0000:05:00.0: DMA-API: device driver failed to check map error[device address=0x00000000df82b000] [size=4096 bytes] [mapped as page] [ 307.517494] Modules linked in: [ 307.531584] ib_isert iscsi_target_mod ib_srpt target_core_mod rpcrdma sunrpc ib_srp scsi_transport_srp scsi_tgt ib_iser libiscsi ib_ipoib scsi_transport_iscsi rdma_ucm ib_ucm ib_uverbs ib_umad rdma_cm ib_cm iw_cm ib_qib intel_powerclamp coretemp rdmavt intel_rapl iosf_mbi kvm_intel kvm irqbypass crc32_pclmul ghash_clmulni_intel ipmi_ssif ib_core aesni_intel sg ipmi_si lrw gf128mul dca glue_helper ipmi_devintf iTCO_wdt gpio_ich hpwdt iTCO_vendor_support ablk_helper hpilo acpi_power_meter cryptd ipmi_msghandler ie31200_edac shpchp pcc_cpufreq lpc_ich pcspkr ip_tables xfs libcrc32c sd_mod crc_t10dif crct10dif_generic mgag200 i2c_algo_bit drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops ttm ahci crct10dif_pclmul crct10dif_common drm crc32c_intel libahci tg3 libata serio_raw ptp i2c_core [ 307.846113] pps_core dm_mirror dm_region_hash dm_log dm_mod [ 307.866505] CPU: 4 PID: 23867 Comm: mpitests-IMB-MP Kdump: loaded Not tainted 3.10.0-862.el7.x86_64.debug #1 [ 307.911178] Hardware name: HP ProLiant DL320e Gen8, BIOS J05 11/09/2013 [ 307.944206] Call Trace: [ 307.956973] [<ffffffffbd9e915b>] dump_stack+0x19/0x1b [ 307.982201] [<ffffffffbd2a2f58>] __warn+0xd8/0x100 [ 308.005999] [<ffffffffbd2a2fdf>] warn_slowpath_fmt+0x5f/0x80 [ 308.034260] [<ffffffffbd5f667e>] check_unmap+0x4ee/0xa20 [ 308.060801] [<ffffffffbd41acaa>] ? page_add_file_rmap+0x2a/0x1d0 [ 308.090689] [<ffffffffbd5f6c4d>] debug_dma_unmap_page+0x9d/0xb0 [ 308.120155] [<ffffffffbd4082e0>] ? might_fault+0xa0/0xb0 [ 308.146656] [<ffffffffc07761a5>] qib_tid_free.isra.14+0x215/0x2a0 [ib_qib] [ 308.180739] [<ffffffffc0776bf4>] qib_write+0x894/0x1280 [ib_qib] [ 308.210733] [<ffffffffbd540b00>] ? __inode_security_revalidate+0x70/0x80 [ 308.244837] [<ffffffffbd53c2b7>] ? security_file_permission+0x27/0xb0 [ 308.266025] qib_ib0.8006: multicast join failed for ff12:401b:8006:0000:0000:0000:ffff:ffff, status -22 [ 308.323421] [<ffffffffbd46f5d3>] vfs_write+0xc3/0x1f0 [ 308.347077] [<ffffffffbd492a5c>] ? fget_light+0xfc/0x510 [ 308.372533] [<ffffffffbd47045a>] SyS_write+0x8a/0x100 [ 308.396456] [<ffffffffbd9ff355>] system_call_fastpath+0x1c/0x21 The code calls a qib_map_page() which has never correctly tested for a mapping error. Fix by testing for pci_dma_mapping_error() in all cases and properly handling the failure in the caller. Additionally, streamline qib_map_page() arguments to satisfy just the single caller. Cc: <stable(a)vger.kernel.org> Reviewed-by: Alex Estrin <alex.estrin(a)intel.com> Tested-by: Don Dutile <ddutile(a)redhat.com> Reviewed-by: Don Dutile <ddutile(a)redhat.com> Signed-off-by: Mike Marciniszyn <mike.marciniszyn(a)intel.com> Signed-off-by: Dennis Dalessandro <dennis.dalessandro(a)intel.com> --- I'd rank this one alongside [1] as to whether it should go to -rc or -next. I'm pretty much fine with either. [1] https://marc.info/?l=linux-rdma&m=152643430302065&w=2 --- drivers/infiniband/hw/qib/qib.h | 3 +-- drivers/infiniband/hw/qib/qib_file_ops.c | 10 +++++++--- drivers/infiniband/hw/qib/qib_user_pages.c | 20 ++++++++++++-------- 3 files changed, 20 insertions(+), 13 deletions(-) diff --git a/drivers/infiniband/hw/qib/qib.h b/drivers/infiniband/hw/qib/qib.h index 43a68d7..3461df0 100644 --- a/drivers/infiniband/hw/qib/qib.h +++ b/drivers/infiniband/hw/qib/qib.h @@ -1424,8 +1424,7 @@ int qib_pcie_ddinit(struct qib_devdata *, struct pci_dev *, /* * dma_addr wrappers - all 0's invalid for hw */ -dma_addr_t qib_map_page(struct pci_dev *, struct page *, unsigned long, - size_t, int); +int qib_map_page(struct pci_dev *d, struct page *p, dma_addr_t *daddr); struct pci_dev *qib_get_pci_dev(struct rvt_dev_info *rdi); /* diff --git a/drivers/infiniband/hw/qib/qib_file_ops.c b/drivers/infiniband/hw/qib/qib_file_ops.c index bbb720b..98e1ce1 100644 --- a/drivers/infiniband/hw/qib/qib_file_ops.c +++ b/drivers/infiniband/hw/qib/qib_file_ops.c @@ -364,6 +364,8 @@ static int qib_tid_update(struct qib_ctxtdata *rcd, struct file *fp, goto done; } for (i = 0; i < cnt; i++, vaddr += PAGE_SIZE) { + dma_addr_t daddr; + for (; ntids--; tid++) { if (tid == tidcnt) tid = 0; @@ -380,12 +382,14 @@ static int qib_tid_update(struct qib_ctxtdata *rcd, struct file *fp, ret = -ENOMEM; break; } + ret = qib_map_page(dd->pcidev, pagep[i], &daddr); + if (ret) + break; + tidlist[i] = tid + tidoff; /* we "know" system pages and TID pages are same size */ dd->pageshadow[ctxttid + tid] = pagep[i]; - dd->physshadow[ctxttid + tid] = - qib_map_page(dd->pcidev, pagep[i], 0, PAGE_SIZE, - PCI_DMA_FROMDEVICE); + dd->physshadow[ctxttid + tid] = daddr; /* * don't need atomic or it's overhead */ diff --git a/drivers/infiniband/hw/qib/qib_user_pages.c b/drivers/infiniband/hw/qib/qib_user_pages.c index ce83ba9..16543d5 100644 --- a/drivers/infiniband/hw/qib/qib_user_pages.c +++ b/drivers/infiniband/hw/qib/qib_user_pages.c @@ -99,23 +99,27 @@ static int __qib_get_user_pages(unsigned long start_page, size_t num_pages, * * I'm sure we won't be so lucky with other iommu's, so FIXME. */ -dma_addr_t qib_map_page(struct pci_dev *hwdev, struct page *page, - unsigned long offset, size_t size, int direction) +int qib_map_page(struct pci_dev *hwdev, struct page *page, dma_addr_t *daddr) { dma_addr_t phys; - phys = pci_map_page(hwdev, page, offset, size, direction); + phys = pci_map_page(hwdev, page, 0, PAGE_SIZE, PCI_DMA_FROMDEVICE); + if (pci_dma_mapping_error(hwdev, phys)) + return -ENOMEM; - if (phys == 0) { - pci_unmap_page(hwdev, phys, size, direction); - phys = pci_map_page(hwdev, page, offset, size, direction); + if (!phys) { + pci_unmap_page(hwdev, phys, PAGE_SIZE, PCI_DMA_FROMDEVICE); + phys = pci_map_page(hwdev, page, 0, PAGE_SIZE, + PCI_DMA_FROMDEVICE); + if (pci_dma_mapping_error(hwdev, phys)) + return -ENOMEM; /* * FIXME: If we get 0 again, we should keep this page, * map another, then free the 0 page. */ } - - return phys; + *daddr = phys; + return 0; } /**

7 years, 3 months

2
1
0 0

[PATCH] Sparc

by David Miller

Please queue up this Sparc bug fix for v4.14 and v4.16 -stable. Thank you.

7 years, 3 months

2
1
0 0

[GIT] Networking

by David Miller

Please queue up the following networking bug fixes for v4.14 and v4.16 -stable, respectively. Thank you.

7 years, 3 months

2
1
0 0

Linux 4.16.11

by Greg KH

I'm announcing the release of the 4.16.11 kernel. All users of the 4.16 kernel series must upgrade. The updated 4.16.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.16.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/ABI/testing/sysfs-devices-system-cpu | 1 Documentation/admin-guide/kernel-parameters.txt | 45 ++ Documentation/devicetree/bindings/net/marvell-pp2.txt | 9 Documentation/userspace-api/index.rst | 1 Documentation/userspace-api/spec_ctrl.rst | 94 ++++ Makefile | 2 arch/arm/include/asm/assembler.h | 10 arch/arm/include/asm/kvm_mmu.h | 16 arch/arm/kernel/traps.c | 5 arch/arm/lib/getuser.S | 10 arch/arm/probes/kprobes/opt-arm.c | 4 arch/arm64/boot/dts/marvell/armada-cp110.dtsi | 7 arch/arm64/include/asm/kvm_mmu.h | 16 arch/powerpc/platforms/powernv/opal-nvram.c | 14 arch/s390/kernel/irq.c | 5 arch/s390/kernel/perf_cpum_sf.c | 4 arch/x86/boot/compressed/eboot.c | 6 arch/x86/include/asm/cpufeatures.h | 20 arch/x86/include/asm/kvm_host.h | 2 arch/x86/include/asm/mmu_context.h | 2 arch/x86/include/asm/msr-index.h | 9 arch/x86/include/asm/nospec-branch.h | 43 + arch/x86/include/asm/pkeys.h | 18 arch/x86/include/asm/spec-ctrl.h | 80 +++ arch/x86/include/asm/thread_info.h | 4 arch/x86/kernel/amd_nb.c | 6 arch/x86/kernel/apic/x2apic_cluster.c | 1 arch/x86/kernel/cpu/amd.c | 22 arch/x86/kernel/cpu/bugs.c | 397 +++++++++++++++++- arch/x86/kernel/cpu/common.c | 77 ++- arch/x86/kernel/cpu/cpu.h | 2 arch/x86/kernel/cpu/intel.c | 3 arch/x86/kernel/process.c | 146 ++++++ arch/x86/kernel/process_64.c | 1 arch/x86/kernel/smpboot.c | 5 arch/x86/kvm/cpuid.c | 21 arch/x86/kvm/svm.c | 66 +- arch/x86/kvm/vmx.c | 60 +- arch/x86/kvm/x86.c | 13 arch/x86/mm/pkeys.c | 21 arch/x86/xen/mmu.c | 4 arch/x86/xen/mmu_pv.c | 4 drivers/base/cpu.c | 8 drivers/cpufreq/Kconfig.arm | 2 drivers/gpu/drm/drm_drv.c | 2 drivers/gpu/drm/i915/i915_reg.h | 3 drivers/gpu/drm/i915/intel_engine_cs.c | 4 drivers/hwmon/Kconfig | 2 drivers/hwmon/k10temp.c | 51 +- drivers/i2c/busses/i2c-designware-master.c | 5 drivers/md/bcache/debug.c | 3 drivers/mtd/nand/marvell_nand.c | 8 drivers/s390/cio/qdio_setup.c | 12 drivers/s390/cio/vfio_ccw_cp.c | 13 drivers/spi/spi-bcm-qspi.c | 28 - drivers/spi/spi-pxa2xx.h | 2 drivers/tee/tee_shm.c | 5 drivers/usb/host/xhci-hub.c | 2 drivers/usb/usbip/stub.h | 2 drivers/usb/usbip/stub_dev.c | 43 + drivers/usb/usbip/stub_main.c | 105 ++++ fs/btrfs/ctree.c | 22 fs/btrfs/ctree.h | 2 fs/btrfs/disk-io.c | 26 - fs/btrfs/inode.c | 13 fs/btrfs/props.c | 12 fs/btrfs/tree-log.c | 7 fs/btrfs/volumes.c | 9 fs/proc/array.c | 25 + include/linux/bpf_verifier.h | 1 include/linux/cpu.h | 2 include/linux/efi.h | 8 include/linux/nospec.h | 10 include/linux/sched.h | 10 include/linux/seccomp.h | 5 include/trace/events/xen.h | 16 include/uapi/linux/prctl.h | 12 include/uapi/linux/seccomp.h | 5 kernel/bpf/verifier.c | 59 ++ kernel/seccomp.c | 21 kernel/sys.c | 23 + kernel/time/tick-broadcast.c | 8 lib/radix-tree.c | 6 lib/test_bitmap.c | 21 lib/vsprintf.c | 26 - mm/Kconfig | 1 net/netfilter/nf_tables_api.c | 75 +-- sound/core/control_compat.c | 3 sound/pci/hda/hda_intel.c | 2 sound/pci/hda/patch_realtek.c | 1 sound/usb/mixer.c | 8 tools/testing/selftests/seccomp/seccomp_bpf.c | 22 virt/kvm/arm/vgic/vgic-debug.c | 5 virt/kvm/arm/vgic/vgic-its.c | 34 - virt/kvm/arm/vgic/vgic-v3.c | 4 virt/kvm/arm/vgic/vgic.c | 22 96 files changed, 1730 insertions(+), 372 deletions(-) Alexander Monakov (1): i2c: designware: fix poll-after-enable regression Alexei Starovoitov (1): bpf: Prevent memory disambiguation attack Anand Jain (1): btrfs: fix crash when trying to resume balance without the resume flag Andre Przywara (4): KVM: arm/arm64: Properly protect VGIC locks from IRQs KVM: arm/arm64: VGIC/ITS: Promote irq_lock() in update_affinity KVM: arm/arm64: VGIC/ITS save/restore: protect kvm_read_guest() calls KVM: arm/arm64: VGIC/ITS: protect kvm_read_guest() calls with SRCU lock Andy Shevchenko (1): spi: pxa2xx: Allow 64-bit DMA Ard Biesheuvel (1): efi: Avoid potential crashes, fix the 'struct efi_pci_io_protocol_32' definition for mixed mode Boris Brezillon (1): mtd: rawnand: marvell: Fix read logic for layouts with ->nchunks > 2 Borislav Petkov (3): Documentation/spec_ctrl: Do some minor cleanups x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP x86/bugs: Unify x86_spec_ctrl_{set_guest,restore_host} Coly Li (1): bcache: return 0 from bch_debug_init() if CONFIG_DEBUG_FS=n Dave Hansen (2): x86/pkeys: Override pkey when moving away from PROT_EXEC x86/pkeys: Do not special case protection key 0 Dexuan Cui (1): tick/broadcast: Use for_each_cpu() specially on UP kernels Dmitry Safonov (1): x86/mm: Drop TS_COMPAT on 64-bit exec() syscall Federico Cuello (1): ALSA: usb: mixer: volume quirk for CM102-A+/102S+ Filipe Manana (1): Btrfs: fix xattr loss after power failure Florian Westphal (2): netfilter: nf_tables: free set name in error path netfilter: nf_tables: can't fail after linking rule into active rule list Greg Kroah-Hartman (1): Linux 4.16.11 Guenter Roeck (3): hwmon: (k10temp) Fix reading critical temperature register hwmon: (k10temp) Use API function to access System Management Network x86/amd_nb: Add support for Raven Ridge CPUs Halil Pasic (1): vfio: ccw: fix cleanup if cp_prefetch fails Haneen Mohammed (1): drm: Match sysfs name in link removal to link creation Hans de Goede (1): ALSA: hda: Add Lenovo C50 All in one to the power_save blacklist Hendrik Brueckner (1): s390/cpum_sf: ensure sample frequency of perf event attributes is non-zero Jann Horn (1): tee: shm: fix use-after-free via temporarily dropped reference Jeremy Soller (1): ALSA: hda/realtek - Clevo P950ER ALC1220 Fixup Jim Mattson (1): x86/cpu: Make alternative_msr_write work for 32-bit code Jiri Kosina (2): x86/bugs: Fix __ssb_select_mitigation() return type x86/bugs: Make cpu_show_common() static Julian Wiedmann (2): s390/qdio: fix access to uninitialized qdio_q fields s390/qdio: don't release memory in qdio_setup_irq() Kamal Dasu (2): spi: bcm-qspi: Avoid setting MSPI_CDRAM_PCS for spi-nor master spi: bcm-qspi: Always read and set BSPI_MAST_N_BOOT_CTRL Kees Cook (6): nospec: Allow getting/setting on non-current task proc: Provide details on speculation flaw mitigations seccomp: Enable speculation flaw mitigations x86/bugs: Make boot modes __ro_after_init seccomp: Add filter flag to opt-out of SSB mitigation x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass Konrad Rzeszutek Wilk (15): x86/bugs: Concentrate bug detection into a separate function x86/bugs: Concentrate bug reporting into a separate function x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits x86/bugs, KVM: Support the combination of guest and host IBRS x86/bugs: Expose /sys/../spec_store_bypass x86/cpufeatures: Add X86_FEATURE_RDS x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation x86/bugs/intel: Set proper CPU features and setup RDS x86/bugs: Whitelist allowed SPEC_CTRL MSR values x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest x86/bugs: Rename _RDS to _SSBD proc: Use underscores for SSBD in 'status' x86/bugs: Fix the parameters alignment and missing void x86/bugs: Rename SSBD_NO to SSB_NO Linus Torvalds (1): x86/nospec: Simplify alternative_msr_write() Liu Bo (1): btrfs: fix reading stale metadata blocks after degraded raid1 mounts Martin Schwidefsky (1): s390: remove indirect branch from do_softirq_own_stack Masami Hiramatsu (4): ARM: 8771/1: kprobes: Prohibit kprobes on do_undefinstr ARM: 8769/1: kprobes: Fix to use get_kprobe_ctlblk after irq-disabed ARM: 8770/1: kprobes: Prohibit probing on optimized_callback ARM: 8772/1: kprobes: Prohibit kprobes on get_user functions Mathias Nyman (1): xhci: Fix USB3 NULL pointer dereference at logical disconnect. Matthew Wilcox (1): lib/test_bitmap.c: fix bitmap optimisation tests to report errors correctly Maxime Chevallier (2): ARM64: dts: marvell: armada-cp110: Add clocks for the xmdio node ARM64: dts: marvell: armada-cp110: Add mg_core_clk for ethernet node Michel Thierry (1): drm/i915/gen9: Add WaClearHIZ_WM_CHICKEN3 for bxt and glk Miquel Raynal (1): cpufreq: armada-37xx: driver relies on cpufreq-dt Misono Tomohiro (1): btrfs: property: Set incompat flag if lzo/zstd compression is set Nicholas Piggin (1): powerpc/powernv: Fix NVRAM sleep in invalid context when crashing Nikolay Borisov (2): btrfs: Split btrfs_del_delalloc_inode into 2 functions btrfs: Fix delalloc inodes invalidation during transaction abort Pavel Tatashin (1): mm: don't allow deferred pages with NEED_PER_CPU_KM Robbie Ko (1): Btrfs: send, fix invalid access to commit roots due to concurrent snapshotting Ross Zwisler (1): radix tree: fix multi-order iteration race Sean Christopherson (1): KVM: vmx: update sec exec controls for UMIP iff emulating UMIP Shuah Khan (1): usbip: usbip_host: refine probe and disconnect debug msgs to be useful Shuah Khan (Samsung OSG) (4): usbip: usbip_host: delete device from busid_table after rebind usbip: usbip_host: run rebind from exit when module is removed usbip: usbip_host: fix NULL-ptr deref and use-after-free errors usbip: usbip_host: fix bad unlock balance during stub_probe() Steven Rostedt (VMware) (2): tracing/x86/xen: Remove zero data size trace events trace_xen_mmu_flush_tlb{_all} vsprintf: Replace memory barrier with static_key for random_ptr_key update Thomas Gleixner (19): x86/apic/x2apic: Initialize cluster ID properly x86/speculation: Create spec-ctrl.h to avoid include hell prctl: Add speculation control prctls x86/process: Allow runtime control of Speculative Store Bypass x86/speculation: Add prctl for Speculative Store Bypass mitigation prctl: Add force disable speculation seccomp: Use PR_SPEC_FORCE_DISABLE seccomp: Move speculation migitation control to arch code KVM: SVM: Move spec control call after restore of GS x86/cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS x86/cpufeatures: Disentangle SSBD enumeration x86/cpufeatures: Add FEATURE_ZEN x86/speculation: Handle HT correctly on AMD x86/bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL x86/speculation: Rework speculative_store_bypass_update() x86/bugs: Expose x86_spec_ctrl_base directly x86/bugs: Remove x86_spec_ctrl_set() x86/bugs: Rework spec_ctrl base and mask logic x86/speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG Tom Lendacky (2): x86/speculation: Add virtualized speculative store bypass disable support KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD Wenwen Wang (1): ALSA: control: fix a redundant-copy issue kbuild test robot (1): netfilter: nf_tables: nf_tables_obj_lookup_byhandle() can be static

7 years, 3 months

1
1
0 0

Linux 4.14.43

by Greg KH

I'm announcing the release of the 4.14.43 kernel. All users of the 4.14 kernel series must upgrade. The updated 4.14.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.14.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/ABI/testing/sysfs-devices-system-cpu | 1 Documentation/admin-guide/kernel-parameters.txt | 45 ++ Documentation/userspace-api/index.rst | 1 Documentation/userspace-api/spec_ctrl.rst | 94 ++++ Makefile | 2 arch/arm/include/asm/assembler.h | 10 arch/arm/include/asm/kvm_mmu.h | 16 arch/arm/kernel/traps.c | 5 arch/arm/lib/getuser.S | 10 arch/arm/probes/kprobes/opt-arm.c | 4 arch/arm64/include/asm/kvm_mmu.h | 16 arch/powerpc/kernel/setup-common.c | 11 arch/powerpc/platforms/powernv/opal-nvram.c | 14 arch/s390/kernel/irq.c | 5 arch/s390/kernel/perf_cpum_sf.c | 4 arch/x86/boot/compressed/eboot.c | 6 arch/x86/include/asm/cpufeatures.h | 18 arch/x86/include/asm/kvm_host.h | 2 arch/x86/include/asm/mmu_context.h | 2 arch/x86/include/asm/msr-index.h | 9 arch/x86/include/asm/nospec-branch.h | 43 +- arch/x86/include/asm/pkeys.h | 18 arch/x86/include/asm/spec-ctrl.h | 80 ++++ arch/x86/include/asm/thread_info.h | 4 arch/x86/kernel/cpu/amd.c | 22 + arch/x86/kernel/cpu/bugs.c | 397 ++++++++++++++++++++- arch/x86/kernel/cpu/common.c | 77 +++- arch/x86/kernel/cpu/cpu.h | 2 arch/x86/kernel/cpu/intel.c | 3 arch/x86/kernel/process.c | 146 +++++++ arch/x86/kernel/process_64.c | 1 arch/x86/kernel/smpboot.c | 5 arch/x86/kvm/cpuid.c | 21 - arch/x86/kvm/svm.c | 66 ++- arch/x86/kvm/vmx.c | 32 + arch/x86/kvm/x86.c | 13 arch/x86/mm/pkeys.c | 21 - arch/x86/xen/mmu.c | 4 arch/x86/xen/mmu_pv.c | 4 drivers/base/cpu.c | 8 drivers/gpu/drm/drm_drv.c | 2 drivers/gpu/drm/i915/i915_reg.h | 3 drivers/gpu/drm/i915/intel_engine_cs.c | 4 drivers/i2c/busses/i2c-designware-master.c | 5 drivers/s390/cio/qdio_setup.c | 12 drivers/s390/cio/vfio_ccw_cp.c | 13 drivers/spi/spi-bcm-qspi.c | 28 - drivers/spi/spi-pxa2xx.h | 2 drivers/tee/tee_shm.c | 5 drivers/usb/usbip/stub.h | 2 drivers/usb/usbip/stub_dev.c | 43 +- drivers/usb/usbip/stub_main.c | 105 ++++- fs/btrfs/ctree.c | 22 - fs/btrfs/ctree.h | 2 fs/btrfs/disk-io.c | 26 - fs/btrfs/inode.c | 13 fs/btrfs/props.c | 12 fs/btrfs/tree-log.c | 7 fs/btrfs/volumes.c | 9 fs/proc/array.c | 25 + include/linux/cpu.h | 2 include/linux/efi.h | 8 include/linux/nospec.h | 10 include/linux/sched.h | 10 include/linux/seccomp.h | 5 include/trace/events/xen.h | 16 include/uapi/linux/prctl.h | 12 include/uapi/linux/seccomp.h | 5 kernel/seccomp.c | 21 - kernel/sys.c | 23 + kernel/time/tick-broadcast.c | 8 lib/radix-tree.c | 6 lib/test_bitmap.c | 21 - mm/Kconfig | 1 net/ipv4/netfilter/nf_socket_ipv4.c | 6 net/ipv6/netfilter/nf_socket_ipv6.c | 6 net/netfilter/nf_tables_api.c | 67 +-- sound/core/control_compat.c | 3 sound/pci/hda/hda_intel.c | 2 sound/usb/mixer.c | 8 tools/testing/selftests/seccomp/seccomp_bpf.c | 22 + virt/kvm/arm/vgic/vgic-its.c | 19 - virt/kvm/arm/vgic/vgic-v3.c | 4 83 files changed, 1556 insertions(+), 311 deletions(-) Alexander Monakov (1): i2c: designware: fix poll-after-enable regression Anand Jain (1): btrfs: fix crash when trying to resume balance without the resume flag Andre Przywara (2): KVM: arm/arm64: VGIC/ITS save/restore: protect kvm_read_guest() calls KVM: arm/arm64: VGIC/ITS: protect kvm_read_guest() calls with SRCU lock Andy Shevchenko (1): spi: pxa2xx: Allow 64-bit DMA Ard Biesheuvel (1): efi: Avoid potential crashes, fix the 'struct efi_pci_io_protocol_32' definition for mixed mode Benjamin Herrenschmidt (1): powerpc: Don't preempt_disable() in show_cpuinfo() Borislav Petkov (3): Documentation/spec_ctrl: Do some minor cleanups x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP x86/bugs: Unify x86_spec_ctrl_{set_guest,restore_host} Dave Hansen (2): x86/pkeys: Override pkey when moving away from PROT_EXEC x86/pkeys: Do not special case protection key 0 Dexuan Cui (1): tick/broadcast: Use for_each_cpu() specially on UP kernels Dmitry Safonov (1): x86/mm: Drop TS_COMPAT on 64-bit exec() syscall Federico Cuello (1): ALSA: usb: mixer: volume quirk for CM102-A+/102S+ Filipe Manana (1): Btrfs: fix xattr loss after power failure Florian Westphal (2): netfilter: nf_tables: free set name in error path netfilter: nf_tables: can't fail after linking rule into active rule list Greg Kroah-Hartman (1): Linux 4.14.43 Halil Pasic (1): vfio: ccw: fix cleanup if cp_prefetch fails Haneen Mohammed (1): drm: Match sysfs name in link removal to link creation Hans de Goede (1): ALSA: hda: Add Lenovo C50 All in one to the power_save blacklist Hendrik Brueckner (1): s390/cpum_sf: ensure sample frequency of perf event attributes is non-zero Jann Horn (1): tee: shm: fix use-after-free via temporarily dropped reference Jim Mattson (1): x86/cpu: Make alternative_msr_write work for 32-bit code Jiri Kosina (2): x86/bugs: Fix __ssb_select_mitigation() return type x86/bugs: Make cpu_show_common() static Julian Wiedmann (2): s390/qdio: fix access to uninitialized qdio_q fields s390/qdio: don't release memory in qdio_setup_irq() Kamal Dasu (2): spi: bcm-qspi: Avoid setting MSPI_CDRAM_PCS for spi-nor master spi: bcm-qspi: Always read and set BSPI_MAST_N_BOOT_CTRL Kees Cook (6): nospec: Allow getting/setting on non-current task proc: Provide details on speculation flaw mitigations seccomp: Enable speculation flaw mitigations x86/bugs: Make boot modes __ro_after_init seccomp: Add filter flag to opt-out of SSB mitigation x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass Konrad Rzeszutek Wilk (15): x86/bugs: Concentrate bug detection into a separate function x86/bugs: Concentrate bug reporting into a separate function x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits x86/bugs, KVM: Support the combination of guest and host IBRS x86/bugs: Expose /sys/../spec_store_bypass x86/cpufeatures: Add X86_FEATURE_RDS x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation x86/bugs/intel: Set proper CPU features and setup RDS x86/bugs: Whitelist allowed SPEC_CTRL MSR values x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest x86/bugs: Rename _RDS to _SSBD proc: Use underscores for SSBD in 'status' x86/bugs: Fix the parameters alignment and missing void x86/bugs: Rename SSBD_NO to SSB_NO Linus Torvalds (1): x86/nospec: Simplify alternative_msr_write() Liu Bo (1): btrfs: fix reading stale metadata blocks after degraded raid1 mounts Martin Schwidefsky (1): s390: remove indirect branch from do_softirq_own_stack Masami Hiramatsu (4): ARM: 8771/1: kprobes: Prohibit kprobes on do_undefinstr ARM: 8769/1: kprobes: Fix to use get_kprobe_ctlblk after irq-disabed ARM: 8770/1: kprobes: Prohibit probing on optimized_callback ARM: 8772/1: kprobes: Prohibit kprobes on get_user functions Matthew Wilcox (1): lib/test_bitmap.c: fix bitmap optimisation tests to report errors correctly Michel Thierry (1): drm/i915/gen9: Add WaClearHIZ_WM_CHICKEN3 for bxt and glk Misono Tomohiro (1): btrfs: property: Set incompat flag if lzo/zstd compression is set Nicholas Piggin (1): powerpc/powernv: Fix NVRAM sleep in invalid context when crashing Nikolay Borisov (2): btrfs: Split btrfs_del_delalloc_inode into 2 functions btrfs: Fix delalloc inodes invalidation during transaction abort Pavel Tatashin (1): mm: don't allow deferred pages with NEED_PER_CPU_KM Robbie Ko (1): Btrfs: send, fix invalid access to commit roots due to concurrent snapshotting Ross Zwisler (1): radix tree: fix multi-order iteration race Shuah Khan (1): usbip: usbip_host: refine probe and disconnect debug msgs to be useful Shuah Khan (Samsung OSG) (4): usbip: usbip_host: delete device from busid_table after rebind usbip: usbip_host: run rebind from exit when module is removed usbip: usbip_host: fix NULL-ptr deref and use-after-free errors usbip: usbip_host: fix bad unlock balance during stub_probe() Steven Rostedt (VMware) (1): tracing/x86/xen: Remove zero data size trace events trace_xen_mmu_flush_tlb{_all} Subash Abhinov Kasiviswanathan (1): netfilter: nf_socket: Fix out of bounds access in nf_sk_lookup_slow_v{4,6} Thomas Gleixner (18): x86/speculation: Create spec-ctrl.h to avoid include hell prctl: Add speculation control prctls x86/process: Allow runtime control of Speculative Store Bypass x86/speculation: Add prctl for Speculative Store Bypass mitigation prctl: Add force disable speculation seccomp: Use PR_SPEC_FORCE_DISABLE seccomp: Move speculation migitation control to arch code KVM: SVM: Move spec control call after restore of GS x86/cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS x86/cpufeatures: Disentangle SSBD enumeration x86/cpufeatures: Add FEATURE_ZEN x86/speculation: Handle HT correctly on AMD x86/bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL x86/speculation: Rework speculative_store_bypass_update() x86/bugs: Expose x86_spec_ctrl_base directly x86/bugs: Remove x86_spec_ctrl_set() x86/bugs: Rework spec_ctrl base and mask logic x86/speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG Tom Lendacky (2): x86/speculation: Add virtualized speculative store bypass disable support KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD Wenwen Wang (1): ALSA: control: fix a redundant-copy issue

7 years, 3 months

1
1
0 0

Linux 4.9.102

by Greg KH

I'm announcing the release of the 4.9.102 kernel. All users of the 4.9 kernel series must upgrade. The updated 4.9.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.9.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/ABI/testing/sysfs-devices-system-cpu | 1 Documentation/kernel-parameters.txt | 45 ++ Documentation/spec_ctrl.txt | 94 ++++ Makefile | 2 arch/arm/include/asm/assembler.h | 10 arch/arm/include/asm/kvm_mmu.h | 16 arch/arm/kernel/traps.c | 5 arch/arm/lib/getuser.S | 10 arch/arm/probes/kprobes/opt-arm.c | 4 arch/arm64/include/asm/kvm_mmu.h | 16 arch/powerpc/kernel/setup-common.c | 11 arch/powerpc/platforms/powernv/opal-nvram.c | 14 arch/s390/kernel/irq.c | 5 arch/s390/kernel/perf_cpum_sf.c | 4 arch/x86/boot/compressed/eboot.c | 6 arch/x86/include/asm/cpufeatures.h | 20 - arch/x86/include/asm/kvm_host.h | 2 arch/x86/include/asm/mmu_context.h | 2 arch/x86/include/asm/msr-index.h | 10 arch/x86/include/asm/nospec-branch.h | 43 +- arch/x86/include/asm/pkeys.h | 18 arch/x86/include/asm/spec-ctrl.h | 80 ++++ arch/x86/include/asm/thread_info.h | 6 arch/x86/include/asm/tlbflush.h | 10 arch/x86/kernel/cpu/amd.c | 38 +- arch/x86/kernel/cpu/bugs.c | 397 ++++++++++++++++++++- arch/x86/kernel/cpu/common.c | 77 +++- arch/x86/kernel/cpu/cpu.h | 3 arch/x86/kernel/cpu/intel.c | 3 arch/x86/kernel/process.c | 224 +++++++++-- arch/x86/kernel/smpboot.c | 5 arch/x86/kvm/cpuid.c | 21 - arch/x86/kvm/cpuid.h | 17 arch/x86/kvm/svm.c | 64 ++- arch/x86/kvm/vmx.c | 33 + arch/x86/kvm/x86.c | 13 arch/x86/mm/pkeys.c | 21 - arch/x86/xen/enlighten.c | 4 arch/x86/xen/mmu.c | 4 drivers/base/cpu.c | 8 drivers/i2c/busses/i2c-designware-core.c | 5 drivers/s390/cio/qdio_setup.c | 12 drivers/spi/spi-bcm-qspi.c | 28 - drivers/spi/spi-pxa2xx.h | 2 drivers/usb/usbip/stub.h | 2 drivers/usb/usbip/stub_dev.c | 43 +- drivers/usb/usbip/stub_main.c | 105 ++++- fs/btrfs/ctree.c | 6 fs/btrfs/tree-log.c | 7 fs/btrfs/volumes.c | 9 fs/proc/array.c | 27 + include/linux/cpu.h | 2 include/linux/efi.h | 8 include/linux/nospec.h | 10 include/linux/sched.h | 9 include/linux/seccomp.h | 3 include/linux/signal.h | 17 include/trace/events/xen.h | 16 include/uapi/linux/prctl.h | 12 include/uapi/linux/seccomp.h | 4 kernel/seccomp.c | 21 - kernel/signal.c | 7 kernel/sys.c | 23 + kernel/time/tick-broadcast.c | 8 mm/Kconfig | 1 net/netfilter/nf_tables_api.c | 59 +-- sound/core/control_compat.c | 3 sound/pci/hda/hda_intel.c | 2 sound/usb/mixer.c | 8 tools/testing/selftests/seccomp/seccomp_bpf.c | 78 ++++ virt/kvm/arm/vgic/vgic-its.c | 15 71 files changed, 1610 insertions(+), 308 deletions(-) Alexander Monakov (1): i2c: designware: fix poll-after-enable regression Anand Jain (1): btrfs: fix crash when trying to resume balance without the resume flag Andre Przywara (1): KVM: arm/arm64: VGIC/ITS: protect kvm_read_guest() calls with SRCU lock Andy Shevchenko (1): spi: pxa2xx: Allow 64-bit DMA Ard Biesheuvel (1): efi: Avoid potential crashes, fix the 'struct efi_pci_io_protocol_32' definition for mixed mode Benjamin Herrenschmidt (1): powerpc: Don't preempt_disable() in show_cpuinfo() Borislav Petkov (4): Documentation/spec_ctrl: Do some minor cleanups x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP x86/cpu/AMD: Fix erratum 1076 (CPB bit) x86/bugs: Unify x86_spec_ctrl_{set_guest,restore_host} Dave Hansen (2): x86/pkeys: Override pkey when moving away from PROT_EXEC x86/pkeys: Do not special case protection key 0 David Woodhouse (2): x86/amd: don't set X86_BUG_SYSRET_SS_ATTRS when running under Xen x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested Dexuan Cui (1): tick/broadcast: Use for_each_cpu() specially on UP kernels Federico Cuello (1): ALSA: usb: mixer: volume quirk for CM102-A+/102S+ Filipe Manana (1): Btrfs: fix xattr loss after power failure Florian Westphal (1): netfilter: nf_tables: can't fail after linking rule into active rule list Greg Kroah-Hartman (1): Linux 4.9.102 Hans de Goede (1): ALSA: hda: Add Lenovo C50 All in one to the power_save blacklist Hendrik Brueckner (1): s390/cpum_sf: ensure sample frequency of perf event attributes is non-zero Jim Mattson (1): x86/cpu: Make alternative_msr_write work for 32-bit code Jiri Kosina (2): x86/bugs: Fix __ssb_select_mitigation() return type x86/bugs: Make cpu_show_common() static Julian Wiedmann (2): s390/qdio: fix access to uninitialized qdio_q fields s390/qdio: don't release memory in qdio_setup_irq() Kamal Dasu (2): spi: bcm-qspi: Avoid setting MSPI_CDRAM_PCS for spi-nor master spi: bcm-qspi: Always read and set BSPI_MAST_N_BOOT_CTRL Kees Cook (6): nospec: Allow getting/setting on non-current task proc: Provide details on speculation flaw mitigations seccomp: Enable speculation flaw mitigations x86/bugs: Make boot modes __ro_after_init seccomp: Add filter flag to opt-out of SSB mitigation x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass Konrad Rzeszutek Wilk (14): x86/bugs: Concentrate bug detection into a separate function x86/bugs: Concentrate bug reporting into a separate function x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits x86/bugs, KVM: Support the combination of guest and host IBRS x86/bugs: Expose /sys/../spec_store_bypass x86/cpufeatures: Add X86_FEATURE_RDS x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation x86/bugs/intel: Set proper CPU features and setup RDS x86/bugs: Whitelist allowed SPEC_CTRL MSR values x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest x86/bugs: Rename _RDS to _SSBD proc: Use underscores for SSBD in 'status' x86/bugs: Fix the parameters alignment and missing void x86/bugs: Rename SSBD_NO to SSB_NO Kyle Huey (2): x86/process: Optimize TIF checks in __switch_to_xtra() x86/process: Correct and optimize TIF_BLOCKSTEP switch Linus Torvalds (1): x86/nospec: Simplify alternative_msr_write() Liu Bo (1): btrfs: fix reading stale metadata blocks after degraded raid1 mounts Martin Schwidefsky (1): s390: remove indirect branch from do_softirq_own_stack Masami Hiramatsu (4): ARM: 8771/1: kprobes: Prohibit kprobes on do_undefinstr ARM: 8769/1: kprobes: Fix to use get_kprobe_ctlblk after irq-disabed ARM: 8770/1: kprobes: Prohibit probing on optimized_callback ARM: 8772/1: kprobes: Prohibit kprobes on get_user functions Nicholas Piggin (1): powerpc/powernv: Fix NVRAM sleep in invalid context when crashing Pavel Tatashin (1): mm: don't allow deferred pages with NEED_PER_CPU_KM Shuah Khan (1): usbip: usbip_host: refine probe and disconnect debug msgs to be useful Shuah Khan (Samsung OSG) (4): usbip: usbip_host: delete device from busid_table after rebind usbip: usbip_host: run rebind from exit when module is removed usbip: usbip_host: fix NULL-ptr deref and use-after-free errors usbip: usbip_host: fix bad unlock balance during stub_probe() Steven Rostedt (VMware) (1): tracing/x86/xen: Remove zero data size trace events trace_xen_mmu_flush_tlb{_all} Thomas Gleixner (19): x86/speculation: Create spec-ctrl.h to avoid include hell prctl: Add speculation control prctls x86/process: Optimize TIF_NOTSC switch x86/process: Allow runtime control of Speculative Store Bypass x86/speculation: Add prctl for Speculative Store Bypass mitigation prctl: Add force disable speculation seccomp: Use PR_SPEC_FORCE_DISABLE seccomp: Move speculation migitation control to arch code KVM: SVM: Move spec control call after restore of GS x86/cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS x86/cpufeatures: Disentangle SSBD enumeration x86/cpufeatures: Add FEATURE_ZEN x86/speculation: Handle HT correctly on AMD x86/bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL x86/speculation: Rework speculative_store_bypass_update() x86/bugs: Expose x86_spec_ctrl_base directly x86/bugs: Remove x86_spec_ctrl_set() x86/bugs: Rework spec_ctrl base and mask logic x86/speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG Tom Lendacky (2): x86/speculation: Add virtualized speculative store bypass disable support KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD Waiman Long (1): signals: avoid unnecessary taking of sighand->siglock Wenwen Wang (1): ALSA: control: fix a redundant-copy issue

7 years, 3 months

1
1
0 0

Re: [PATCH 4.14 00/95] 4.14.43-stable review

by Jinpu Wang

> From: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> > Date: 2018-05-21 23:10 GMT+02:00 > Subject: [PATCH 4.14 00/95] 4.14.43-stable review > To: linux-kernel(a)vger.kernel.org > 抄送： Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>, > torvalds(a)linux-foundation.org, akpm(a)linux-foundation.org, > linux(a)roeck-us.net, shuah(a)kernel.org, patches(a)kernelci.org, > ben.hutchings(a)codethink.co.uk, lkft-triage(a)lists.linaro.org, > stable(a)vger.kernel.org > > > This is the start of the stable review cycle for the 4.14.43 release. > There are 95 patches in this series, all will be posted as a response > to this one. If anyone has any issues with these being applied, please > let me know. > > Responses should be made by Tue May 22 21:04:09 UTC 2018. > Anything received after that time might be too late. > > The whole patch series can be found in one patch at: > https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.43-rc… > or in the git tree and branch at: > git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git > linux-4.14.y > and the diffstat can be found below. > > thanks, > > greg k-h > Merged, tested on my local test machine, no regression found. Thanks, -- Jack Wang Linux Kernel Developer ProfitBricks GmbH Greifswalder Str. 207 D - 10405 Berlin Tel: +49 30 577 008 042 Fax: +49 30 577 008 299 Email: jinpu.wang(a)profitbricks.com URL: https://www.profitbricks.de Sitz der Gesellschaft: Berlin Registergericht: Amtsgericht Charlottenburg, HRB 125506 B Geschäftsführer: Achim Weiss, Matthias Steinberg, Christoph Steffens

7 years, 3 months

2
1
0 0

Re: [PATCH] PM / core: Fix direct_complete handling for devices with no callbacks

by Thomas Martitz

Hello, thanks for for your effort and the patch. Is this eligible for stable? Best regards Am 22.05.2018 um 13:02 schrieb Rafael J. Wysocki: > From: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> > > Commit 08810a4119aa (PM / core: Add NEVER_SKIP and SMART_PREPARE > driver flags) inadvertently prevented the power.direct_complete flag > from being set for devices without PM callbacks and with disabled > runtime PM which also prevents power.direct_complete from being set > for their parents. That led to problems including a resume crash on > HP ZBook 14u. > > Restore the previous behavior by causing power.direct_complete to be > set for those devices again, but do that in a more direct way to > avoid overlooking that case in the future. > > Link: https://bugzilla.kernel.org/show_bug.cgi?id=199693 > Fixes: 08810a4119aa (PM / core: Add NEVER_SKIP and SMART_PREPARE driver flags) > Reported-by: Thomas Martitz <kugel(a)rockbox.org> > Tested-by: Thomas Martitz <kugel(a)rockbox.org> > Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> > --- > drivers/base/power/main.c | 7 +++---- > 1 file changed, 3 insertions(+), 4 deletions(-) > > Index: linux-pm/drivers/base/power/main.c > =================================================================== > --- linux-pm.orig/drivers/base/power/main.c > +++ linux-pm/drivers/base/power/main.c > @@ -1920,10 +1920,8 @@ static int device_prepare(struct device > > dev->power.wakeup_path = false; > > - if (dev->power.no_pm_callbacks) { > - ret = 1; /* Let device go direct_complete */ > + if (dev->power.no_pm_callbacks) > goto unlock; > - } > > if (dev->pm_domain) > callback = dev->pm_domain->ops.prepare; > @@ -1957,7 +1955,8 @@ unlock: > */ > spin_lock_irq(&dev->power.lock); > dev->power.direct_complete = state.event == PM_EVENT_SUSPEND && > - pm_runtime_suspended(dev) && ret > 0 && > + ((pm_runtime_suspended(dev) && ret > 0) || > + dev->power.no_pm_callbacks) && > !dev_pm_test_driver_flags(dev, DPM_FLAG_NEVER_SKIP); > spin_unlock_irq(&dev->power.lock); > return 0; >

7 years, 3 months

1
0
0 0

[PATCH repost] time: Fix CLOCK_MONOTONIC_RAW sub-nanosecond accounting

by Fabrizio Castro

From: John Stultz <john.stultz(a)linaro.org> commit 3d88d56c5873f6eebe23e05c3da701960146b801 upstream. Due to how the MONOTONIC_RAW accumulation logic was handled, there is the potential for a 1ns discontinuity when we do accumulations. This small discontinuity has for the most part gone un-noticed, but since ARM64 enabled CLOCK_MONOTONIC_RAW in their vDSO clock_gettime implementation, we've seen failures with the inconsistency-check test in kselftest. This patch addresses the issue by using the same sub-ns accumulation handling that CLOCK_MONOTONIC uses, which avoids the issue for in-kernel users. Since the ARM64 vDSO implementation has its own clock_gettime calculation logic, this patch reduces the frequency of errors, but failures are still seen. The ARM64 vDSO will need to be updated to include the sub-nanosecond xtime_nsec values in its calculation for this issue to be completely fixed. Signed-off-by: John Stultz <john.stultz(a)linaro.org> Tested-by: Daniel Mentz <danielmentz(a)google.com> Cc: Prarit Bhargava <prarit(a)redhat.com> Cc: Kevin Brodsky <kevin.brodsky(a)arm.com> Cc: Richard Cochran <richardcochran(a)gmail.com> Cc: Stephen Boyd <stephen.boyd(a)linaro.org> Cc: Will Deacon <will.deacon(a)arm.com> Cc: "stable #4 . 8+" <stable(a)vger.kernel.org> Cc: Miroslav Lichvar <mlichvar(a)redhat.com> Link: http://lkml.kernel.org/r/1496965462-20003-3-git-send-email-john.stultz@lina… Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> [fabrizio: cherry-pick to 4.4. Kept cycle_t type for function logarithmic_accumulation local variable "interval". Dropped casting of "interval" variable] Signed-off-by: Fabrizio Castro <fabrizio.castro(a)bp.renesas.com> Signed-off-by: Biju Das <biju.das(a)bp.renesas.com> --- Hello Greg, I am reposting this patch to include the relevant people in the email. Could you please consider this patch for 4.4.y? Testing 4.4.y without this patch makes tool tools/testing/selftests/timers/clocksource-switch.c fail on Koelsch board while running "Consistent CLOCK_MONOTONIC_RAW" with message "Delta: 1 ns". This patch fixes the problem. Thanks, Fab include/linux/timekeeper_internal.h | 4 ++-- kernel/time/timekeeping.c | 20 ++++++++++---------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/include/linux/timekeeper_internal.h b/include/linux/timekeeper_internal.h index f0f1793..115216e 100644 --- a/include/linux/timekeeper_internal.h +++ b/include/linux/timekeeper_internal.h @@ -56,7 +56,7 @@ struct tk_read_base { * interval. * @xtime_remainder: Shifted nano seconds left over when rounding * @cycle_interval - * @raw_interval: Raw nano seconds accumulated per NTP interval. + * @raw_interval: Shifted raw nano seconds accumulated per NTP interval. * @ntp_error: Difference between accumulated time and NTP time in ntp * shifted nano seconds. * @ntp_error_shift: Shift conversion between clock shifted nano seconds and @@ -97,7 +97,7 @@ struct timekeeper { cycle_t cycle_interval; u64 xtime_interval; s64 xtime_remainder; - u32 raw_interval; + u64 raw_interval; /* The ntp_tick_length() value currently being used. * This cached copy ensures we consistently apply the tick * length for an entire tick, as ntp_tick_length may change diff --git a/kernel/time/timekeeping.c b/kernel/time/timekeeping.c index 6e48668..fed86b2 100644 --- a/kernel/time/timekeeping.c +++ b/kernel/time/timekeeping.c @@ -277,8 +277,7 @@ static void tk_setup_internals(struct timekeeper *tk, struct clocksource *clock) /* Go back from cycles -> shifted ns */ tk->xtime_interval = (u64) interval * clock->mult; tk->xtime_remainder = ntpinterval - tk->xtime_interval; - tk->raw_interval = - ((u64) interval * clock->mult) >> clock->shift; + tk->raw_interval = interval * clock->mult; /* if changing clocks, convert xtime_nsec shift units */ if (old_clock) { @@ -1767,7 +1766,7 @@ static cycle_t logarithmic_accumulation(struct timekeeper *tk, cycle_t offset, unsigned int *clock_set) { cycle_t interval = tk->cycle_interval << shift; - u64 raw_nsecs; + u64 snsec_per_sec; /* If the offset is smaller than a shifted interval, do nothing */ if (offset < interval) @@ -1782,14 +1781,15 @@ static cycle_t logarithmic_accumulation(struct timekeeper *tk, cycle_t offset, *clock_set |= accumulate_nsecs_to_secs(tk); /* Accumulate raw time */ - raw_nsecs = (u64)tk->raw_interval << shift; - raw_nsecs += tk->raw_time.tv_nsec; - if (raw_nsecs >= NSEC_PER_SEC) { - u64 raw_secs = raw_nsecs; - raw_nsecs = do_div(raw_secs, NSEC_PER_SEC); - tk->raw_time.tv_sec += raw_secs; + tk->tkr_raw.xtime_nsec += (u64)tk->raw_time.tv_nsec << tk->tkr_raw.shift; + tk->tkr_raw.xtime_nsec += tk->raw_interval << shift; + snsec_per_sec = (u64)NSEC_PER_SEC << tk->tkr_raw.shift; + while (tk->tkr_raw.xtime_nsec >= snsec_per_sec) { + tk->tkr_raw.xtime_nsec -= snsec_per_sec; + tk->raw_time.tv_sec++; } - tk->raw_time.tv_nsec = raw_nsecs; + tk->raw_time.tv_nsec = tk->tkr_raw.xtime_nsec >> tk->tkr_raw.shift; + tk->tkr_raw.xtime_nsec -= (u64)tk->raw_time.tv_nsec << tk->tkr_raw.shift; /* Accumulate error between NTP and clock interval */ tk->ntp_error += tk->ntp_tick << shift; -- 2.7.4

7 years, 3 months

1
0
0 0

[PATCH] Revert "drm/i915/edp: Allow alternate fixed mode for eDP if available."

by Jani Nikula

This reverts commit dc911f5bd8aacfcf8aabd5c26c88e04c837a938e. Per the report, no matter what display mode you select with xrandr, the i915 driver will always select the alternate fixed mode. For the reporter this means that the display will always run at 40Hz which is quite annoying. This may be due to the mode comparison. But there are some other potential issues. The choice of alt_fixed_mode seems dubious. It's the first non-preferred mode, but there are no guarantees that the only difference would be refresh rate. Similarly, there may be more than one preferred mode in the probed modes list, and the commit changes the preferred mode selection to choose the last one on the list instead of the first. (Note that the probed modes list is the raw, unfiltered, unsorted list of modes from drm_add_edid_modes(), not the pretty result after a drm_helper_probe_single_connector_modes() call.) Finally, we already have eerily similar code in place to find the downclock mode for DRRS that seems like could be reused here. Back to the drawing board. Note: This is a hand-crafted revert due to conflicts. If it fails to backport, please just try reverting the original commit directly. Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=105469 Reported-by: Rune Petersen <rune(a)megahurts.dk> Reported-by: Mark Spencer <n7u4722r35(a)ynzlx.anonbox.net> Fixes: dc911f5bd8aa ("drm/i915/edp: Allow alternate fixed mode for eDP if available.") Cc: Clint Taylor <clinton.a.taylor(a)intel.com> Cc: David Weinehall <david.weinehall(a)linux.intel.com> Cc: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Cc: Paulo Zanoni <paulo.r.zanoni(a)intel.com> Cc: Jani Nikula <jani.nikula(a)intel.com> Cc: Chris Wilson <chris(a)chris-wilson.co.uk> Cc: Jim Bride <jim.bride(a)linux.intel.com> Cc: Jani Nikula <jani.nikula(a)linux.intel.com> Cc: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> Cc: intel-gfx(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v4.14+ Signed-off-by: Jani Nikula <jani.nikula(a)intel.com> --- drivers/gpu/drm/i915/intel_dp.c | 38 +++++--------------------------------- drivers/gpu/drm/i915/intel_drv.h | 2 -- drivers/gpu/drm/i915/intel_dsi.c | 2 +- drivers/gpu/drm/i915/intel_dvo.c | 2 +- drivers/gpu/drm/i915/intel_lvds.c | 3 +-- drivers/gpu/drm/i915/intel_panel.c | 6 ------ 6 files changed, 8 insertions(+), 45 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_dp.c b/drivers/gpu/drm/i915/intel_dp.c index dde92e4af5d3..8320f0e8e3be 100644 --- a/drivers/gpu/drm/i915/intel_dp.c +++ b/drivers/gpu/drm/i915/intel_dp.c @@ -1679,23 +1679,6 @@ static int intel_dp_compute_bpp(struct intel_dp *intel_dp, return bpp; } -static bool intel_edp_compare_alt_mode(struct drm_display_mode *m1, - struct drm_display_mode *m2) -{ - bool bres = false; - - if (m1 && m2) - bres = (m1->hdisplay == m2->hdisplay && - m1->hsync_start == m2->hsync_start && - m1->hsync_end == m2->hsync_end && - m1->htotal == m2->htotal && - m1->vdisplay == m2->vdisplay && - m1->vsync_start == m2->vsync_start && - m1->vsync_end == m2->vsync_end && - m1->vtotal == m2->vtotal); - return bres; -} - /* Adjust link config limits based on compliance test requests. */ static void intel_dp_adjust_compliance_config(struct intel_dp *intel_dp, @@ -1860,16 +1843,8 @@ intel_dp_compute_config(struct intel_encoder *encoder, pipe_config->has_audio = intel_conn_state->force_audio == HDMI_AUDIO_ON; if (intel_dp_is_edp(intel_dp) && intel_connector->panel.fixed_mode) { - struct drm_display_mode *panel_mode = - intel_connector->panel.alt_fixed_mode; - struct drm_display_mode *req_mode = &pipe_config->base.mode; - - if (!intel_edp_compare_alt_mode(req_mode, panel_mode)) - panel_mode = intel_connector->panel.fixed_mode; - - drm_mode_debug_printmodeline(panel_mode); - - intel_fixed_panel_mode(panel_mode, adjusted_mode); + intel_fixed_panel_mode(intel_connector->panel.fixed_mode, + adjusted_mode); if (INTEL_GEN(dev_priv) >= 9) { int ret; @@ -6159,7 +6134,6 @@ static bool intel_edp_init_connector(struct intel_dp *intel_dp, struct drm_i915_private *dev_priv = to_i915(dev); struct drm_connector *connector = &intel_connector->base; struct drm_display_mode *fixed_mode = NULL; - struct drm_display_mode *alt_fixed_mode = NULL; struct drm_display_mode *downclock_mode = NULL; bool has_dpcd; struct drm_display_mode *scan; @@ -6214,14 +6188,13 @@ static bool intel_edp_init_connector(struct intel_dp *intel_dp, } intel_connector->edid = edid; - /* prefer fixed mode from EDID if available, save an alt mode also */ + /* prefer fixed mode from EDID if available */ list_for_each_entry(scan, &connector->probed_modes, head) { if ((scan->type & DRM_MODE_TYPE_PREFERRED)) { fixed_mode = drm_mode_duplicate(dev, scan); downclock_mode = intel_dp_drrs_init( intel_connector, fixed_mode); - } else if (!alt_fixed_mode) { - alt_fixed_mode = drm_mode_duplicate(dev, scan); + break; } } @@ -6258,8 +6231,7 @@ static bool intel_edp_init_connector(struct intel_dp *intel_dp, pipe_name(pipe)); } - intel_panel_init(&intel_connector->panel, fixed_mode, alt_fixed_mode, - downclock_mode); + intel_panel_init(&intel_connector->panel, fixed_mode, downclock_mode); intel_connector->panel.backlight.power = intel_edp_backlight_power; intel_panel_setup_backlight(connector, pipe); diff --git a/drivers/gpu/drm/i915/intel_drv.h b/drivers/gpu/drm/i915/intel_drv.h index d7dbca1aabff..0361130500a6 100644 --- a/drivers/gpu/drm/i915/intel_drv.h +++ b/drivers/gpu/drm/i915/intel_drv.h @@ -277,7 +277,6 @@ struct intel_encoder { struct intel_panel { struct drm_display_mode *fixed_mode; - struct drm_display_mode *alt_fixed_mode; struct drm_display_mode *downclock_mode; /* backlight */ @@ -1850,7 +1849,6 @@ void intel_overlay_reset(struct drm_i915_private *dev_priv); /* intel_panel.c */ int intel_panel_init(struct intel_panel *panel, struct drm_display_mode *fixed_mode, - struct drm_display_mode *alt_fixed_mode, struct drm_display_mode *downclock_mode); void intel_panel_fini(struct intel_panel *panel); void intel_fixed_panel_mode(const struct drm_display_mode *fixed_mode, diff --git a/drivers/gpu/drm/i915/intel_dsi.c b/drivers/gpu/drm/i915/intel_dsi.c index 51a1d6868b1e..cf39ca90d887 100644 --- a/drivers/gpu/drm/i915/intel_dsi.c +++ b/drivers/gpu/drm/i915/intel_dsi.c @@ -1846,7 +1846,7 @@ void intel_dsi_init(struct drm_i915_private *dev_priv) connector->display_info.width_mm = fixed_mode->width_mm; connector->display_info.height_mm = fixed_mode->height_mm; - intel_panel_init(&intel_connector->panel, fixed_mode, NULL, NULL); + intel_panel_init(&intel_connector->panel, fixed_mode, NULL); intel_panel_setup_backlight(connector, INVALID_PIPE); intel_dsi_add_properties(intel_connector); diff --git a/drivers/gpu/drm/i915/intel_dvo.c b/drivers/gpu/drm/i915/intel_dvo.c index eb0c559b2715..a70d767313aa 100644 --- a/drivers/gpu/drm/i915/intel_dvo.c +++ b/drivers/gpu/drm/i915/intel_dvo.c @@ -536,7 +536,7 @@ void intel_dvo_init(struct drm_i915_private *dev_priv) */ intel_panel_init(&intel_connector->panel, intel_dvo_get_current_mode(intel_encoder), - NULL, NULL); + NULL); intel_dvo->panel_wants_dither = true; } diff --git a/drivers/gpu/drm/i915/intel_lvds.c b/drivers/gpu/drm/i915/intel_lvds.c index 8691c86f579c..d8ece907ff54 100644 --- a/drivers/gpu/drm/i915/intel_lvds.c +++ b/drivers/gpu/drm/i915/intel_lvds.c @@ -1140,8 +1140,7 @@ void intel_lvds_init(struct drm_i915_private *dev_priv) out: mutex_unlock(&dev->mode_config.mutex); - intel_panel_init(&intel_connector->panel, fixed_mode, NULL, - downclock_mode); + intel_panel_init(&intel_connector->panel, fixed_mode, downclock_mode); intel_panel_setup_backlight(connector, INVALID_PIPE); lvds_encoder->is_dual_link = compute_is_dual_link_lvds(lvds_encoder); diff --git a/drivers/gpu/drm/i915/intel_panel.c b/drivers/gpu/drm/i915/intel_panel.c index 41d00b1603e3..b443278e569c 100644 --- a/drivers/gpu/drm/i915/intel_panel.c +++ b/drivers/gpu/drm/i915/intel_panel.c @@ -1928,13 +1928,11 @@ intel_panel_init_backlight_funcs(struct intel_panel *panel) int intel_panel_init(struct intel_panel *panel, struct drm_display_mode *fixed_mode, - struct drm_display_mode *alt_fixed_mode, struct drm_display_mode *downclock_mode) { intel_panel_init_backlight_funcs(panel); panel->fixed_mode = fixed_mode; - panel->alt_fixed_mode = alt_fixed_mode; panel->downclock_mode = downclock_mode; return 0; @@ -1948,10 +1946,6 @@ void intel_panel_fini(struct intel_panel *panel) if (panel->fixed_mode) drm_mode_destroy(intel_connector->base.dev, panel->fixed_mode); - if (panel->alt_fixed_mode) - drm_mode_destroy(intel_connector->base.dev, - panel->alt_fixed_mode); - if (panel->downclock_mode) drm_mode_destroy(intel_connector->base.dev, panel->downclock_mode); -- 2.11.0

7 years, 3 months

2
6
0 0

[PATCH] time: Fix CLOCK_MONOTONIC_RAW sub-nanosecond accounting

by Fabrizio Castro

From: John Stultz <john.stultz(a)linaro.org> commit 3d88d56c5873f6eebe23e05c3da701960146b801 upstream. Due to how the MONOTONIC_RAW accumulation logic was handled, there is the potential for a 1ns discontinuity when we do accumulations. This small discontinuity has for the most part gone un-noticed, but since ARM64 enabled CLOCK_MONOTONIC_RAW in their vDSO clock_gettime implementation, we've seen failures with the inconsistency-check test in kselftest. This patch addresses the issue by using the same sub-ns accumulation handling that CLOCK_MONOTONIC uses, which avoids the issue for in-kernel users. Since the ARM64 vDSO implementation has its own clock_gettime calculation logic, this patch reduces the frequency of errors, but failures are still seen. The ARM64 vDSO will need to be updated to include the sub-nanosecond xtime_nsec values in its calculation for this issue to be completely fixed. Signed-off-by: John Stultz <john.stultz(a)linaro.org> Tested-by: Daniel Mentz <danielmentz(a)google.com> Cc: Prarit Bhargava <prarit(a)redhat.com> Cc: Kevin Brodsky <kevin.brodsky(a)arm.com> Cc: Richard Cochran <richardcochran(a)gmail.com> Cc: Stephen Boyd <stephen.boyd(a)linaro.org> Cc: Will Deacon <will.deacon(a)arm.com> Cc: "stable #4 . 8+" <stable(a)vger.kernel.org> Cc: Miroslav Lichvar <mlichvar(a)redhat.com> Link: http://lkml.kernel.org/r/1496965462-20003-3-git-send-email-john.stultz@lina… Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> [fabrizio: cherry-pick to 4.4. Kept cycle_t type for function logarithmic_accumulation local variable "interval". Dropped casting of "interval" variable] Signed-off-by: Fabrizio Castro <fabrizio.castro(a)bp.renesas.com> Signed-off-by: Biju Das <biju.das(a)bp.renesas.com> --- Hello Greg, we noticed tools/testing/selftests/timers/clocksource-switch.c was failing for us, this patch fixes the cause of the failure. Are you happy to take this patch? Thanks, Fab include/linux/timekeeper_internal.h | 4 ++-- kernel/time/timekeeping.c | 20 ++++++++++---------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/include/linux/timekeeper_internal.h b/include/linux/timekeeper_internal.h index f0f1793..115216e 100644 --- a/include/linux/timekeeper_internal.h +++ b/include/linux/timekeeper_internal.h @@ -56,7 +56,7 @@ struct tk_read_base { * interval. * @xtime_remainder: Shifted nano seconds left over when rounding * @cycle_interval - * @raw_interval: Raw nano seconds accumulated per NTP interval. + * @raw_interval: Shifted raw nano seconds accumulated per NTP interval. * @ntp_error: Difference between accumulated time and NTP time in ntp * shifted nano seconds. * @ntp_error_shift: Shift conversion between clock shifted nano seconds and @@ -97,7 +97,7 @@ struct timekeeper { cycle_t cycle_interval; u64 xtime_interval; s64 xtime_remainder; - u32 raw_interval; + u64 raw_interval; /* The ntp_tick_length() value currently being used. * This cached copy ensures we consistently apply the tick * length for an entire tick, as ntp_tick_length may change diff --git a/kernel/time/timekeeping.c b/kernel/time/timekeeping.c index 6e48668..fed86b2 100644 --- a/kernel/time/timekeeping.c +++ b/kernel/time/timekeeping.c @@ -277,8 +277,7 @@ static void tk_setup_internals(struct timekeeper *tk, struct clocksource *clock) /* Go back from cycles -> shifted ns */ tk->xtime_interval = (u64) interval * clock->mult; tk->xtime_remainder = ntpinterval - tk->xtime_interval; - tk->raw_interval = - ((u64) interval * clock->mult) >> clock->shift; + tk->raw_interval = interval * clock->mult; /* if changing clocks, convert xtime_nsec shift units */ if (old_clock) { @@ -1767,7 +1766,7 @@ static cycle_t logarithmic_accumulation(struct timekeeper *tk, cycle_t offset, unsigned int *clock_set) { cycle_t interval = tk->cycle_interval << shift; - u64 raw_nsecs; + u64 snsec_per_sec; /* If the offset is smaller than a shifted interval, do nothing */ if (offset < interval) @@ -1782,14 +1781,15 @@ static cycle_t logarithmic_accumulation(struct timekeeper *tk, cycle_t offset, *clock_set |= accumulate_nsecs_to_secs(tk); /* Accumulate raw time */ - raw_nsecs = (u64)tk->raw_interval << shift; - raw_nsecs += tk->raw_time.tv_nsec; - if (raw_nsecs >= NSEC_PER_SEC) { - u64 raw_secs = raw_nsecs; - raw_nsecs = do_div(raw_secs, NSEC_PER_SEC); - tk->raw_time.tv_sec += raw_secs; + tk->tkr_raw.xtime_nsec += (u64)tk->raw_time.tv_nsec << tk->tkr_raw.shift; + tk->tkr_raw.xtime_nsec += tk->raw_interval << shift; + snsec_per_sec = (u64)NSEC_PER_SEC << tk->tkr_raw.shift; + while (tk->tkr_raw.xtime_nsec >= snsec_per_sec) { + tk->tkr_raw.xtime_nsec -= snsec_per_sec; + tk->raw_time.tv_sec++; } - tk->raw_time.tv_nsec = raw_nsecs; + tk->raw_time.tv_nsec = tk->tkr_raw.xtime_nsec >> tk->tkr_raw.shift; + tk->tkr_raw.xtime_nsec -= (u64)tk->raw_time.tv_nsec << tk->tkr_raw.shift; /* Accumulate error between NTP and clock interval */ tk->ntp_error += tk->ntp_tick << shift; -- 2.7.4

7 years, 3 months

2
2
0 0

Re: [PATCH] usb: dwc2: fix the incorrect bitmaps for the ports of multi_tt hub

by Doug Anderson

Hi, On Mon, May 21, 2018 at 3:12 AM, William Wu <william.wu(a)rock-chips.com> wrote: > The dwc2_get_ls_map() use ttport to reference into the > bitmap if we're on a multi_tt hub. But the bitmaps index > from 0 to (hub->maxchild - 1), while the ttport index from > 1 to hub->maxchild. This will cause invalid memory access > when the number of ttport is hub->maxchild. > > Without this patch, I can easily meet a Kernel panic issue > if connect a low-speed USB mouse with the max port of FE2.1 > multi-tt hub (1a40:0201) on rk3288 platform. > > Signed-off-by: William Wu <william.wu(a)rock-chips.com> > --- > drivers/usb/dwc2/hcd_queue.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/usb/dwc2/hcd_queue.c b/drivers/usb/dwc2/hcd_queue.c > index d7c3d6c..9c55d1a 100644 > --- a/drivers/usb/dwc2/hcd_queue.c > +++ b/drivers/usb/dwc2/hcd_queue.c > @@ -383,7 +383,7 @@ static unsigned long *dwc2_get_ls_map(struct dwc2_hsotg *hsotg, > /* Get the map and adjust if this is a multi_tt hub */ > map = qh->dwc_tt->periodic_bitmaps; > if (qh->dwc_tt->usb_tt->multi) > - map += DWC2_ELEMENTS_PER_LS_BITMAP * qh->ttport; > + map += DWC2_ELEMENTS_PER_LS_BITMAP * (qh->ttport - 1); Oops, thanks for the fix. Fixes: 9f9f09b048f5 ("usb: dwc2: host: Totally redo the microframe scheduler") Cc: stable(a)vger.kernel.org Reviewed-by: Douglas Anderson <dianders(a)chromium.org> -Doug

7 years, 3 months

1
0
0 0

+ mm-devm_memremap_pages-handle-errors-allocating-final-devres-action.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm, devm_memremap_pages: handle errors allocating final devres action has been added to the -mm tree. Its filename is mm-devm_memremap_pages-handle-errors-allocating-final-devres-action.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/mm-devm_memremap_pages-handle-erro… and later at http://ozlabs.org/~akpm/mmotm/broken-out/mm-devm_memremap_pages-handle-erro… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Dan Williams <dan.j.williams(a)intel.com> Subject: mm, devm_memremap_pages: handle errors allocating final devres action The last step before devm_memremap_pages() returns success is to allocate a release action to tear the entire setup down. However, the result from devm_add_action() is not checked. Checking the error also means that we need to handle the fact that the percpu_ref may not be killed by the time devm_memremap_pages_release() runs. Add a new state flag for this case. Link: http://lkml.kernel.org/r/152694212460.5484.13180030631810166467.stgit@dwill… Fixes: e8d513483300 ("memremap: change devm_memremap_pages interface...") Signed-off-by: Dan Williams <dan.j.williams(a)intel.com> Cc: Christoph Hellwig <hch(a)lst.de> Cc: "Jérôme Glisse" <jglisse(a)redhat.com> Cc: Logan Gunthorpe <logang(a)deltatee.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/memremap.h | 1 + kernel/memremap.c | 8 ++++++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff -puN include/linux/memremap.h~mm-devm_memremap_pages-handle-errors-allocating-final-devres-action include/linux/memremap.h --- a/include/linux/memremap.h~mm-devm_memremap_pages-handle-errors-allocating-final-devres-action +++ a/include/linux/memremap.h @@ -115,6 +115,7 @@ struct dev_pagemap { dev_page_free_t page_free; struct vmem_altmap altmap; bool altmap_valid; + bool registered; struct resource res; struct percpu_ref *ref; struct device *dev; diff -puN kernel/memremap.c~mm-devm_memremap_pages-handle-errors-allocating-final-devres-action kernel/memremap.c --- a/kernel/memremap.c~mm-devm_memremap_pages-handle-errors-allocating-final-devres-action +++ a/kernel/memremap.c @@ -296,7 +296,7 @@ static void devm_memremap_pages_release( for_each_device_pfn(pfn, pgmap) put_page(pfn_to_page(pfn)); - if (percpu_ref_tryget_live(pgmap->ref)) { + if (pgmap->registered && percpu_ref_tryget_live(pgmap->ref)) { dev_WARN(dev, "%s: page mapping is still live!\n", __func__); percpu_ref_put(pgmap->ref); } @@ -418,7 +418,11 @@ void *devm_memremap_pages(struct device percpu_ref_get(pgmap->ref); } - devm_add_action(dev, devm_memremap_pages_release, pgmap); + error = devm_add_action_or_reset(dev, devm_memremap_pages_release, + pgmap); + if (error) + return ERR_PTR(error); + pgmap->registered = true; return __va(res->start); _ Patches currently in -mm which might be from dan.j.williams(a)intel.com are mm-devm_memremap_pages-mark-devm_memremap_pages-export_symbol_gpl.patch mm-devm_memremap_pages-handle-errors-allocating-final-devres-action.patch mm-hmm-use-devm-semantics-for-hmm_devmem_add-remove.patch mm-hmm-replace-hmm_devmem_pages_create-with-devm_memremap_pages.patch mm-hmm-mark-hmm_devmem_add-add_resource-export_symbol_gpl.patch

7 years, 3 months

1
0
0 0

RE: [PATCH] mtd: rawnand: micron: Fix support for on-die ECC

by Bean Huo (beanhuo)

Hi, Boris Sorry for the later as for I am in a long vacation. Here how the SR should behave: the status register is updated after each array operation and can be cleared with a reset command. After a read operation the status register bit0 will report the ECC status of the read until a different array operation is performed (erase/program/read) or a reset occurs. The status register bit1 will report the status of the time before last time operation. So, this bit can report a fail (value 1) even if the very last operation was successful (bit0=0 bit1=1). //beanhuo > >--- >Peter, Bean, > >Can you confirm this behavior, or ask someone in Micron who can confirm it? >Also, if a RESET is actually needed, it would be good to update the datasheet >accordingly. And if that's not the case, can you explain why the >NAND_STATUS_FAIL bit is stuck and how to clear it (I tried a 0x00 command, >A.K.A. READ STATUS EXIT, but it does not clear this bit, ERASE and PROGRAM >seem to clear the bit, but that's clearly not the kind of operation I can do >when the user asks for a READ)? > >Thanks, > >Boris

7 years, 3 months

1
0
0 0

[PATCH] dmaengine: ensure dmaengine helpers check valid callback

by Fabrizio Castro

From: Vinod Koul <vinod.koul(a)intel.com> commit 757d12e5849be549076901b0d33c60d5f360269c upstream. dmaengine has various device callbacks and exposes helper functions to invoke these. These helpers should check if channel, device and callback is valid or not before invoking them. Reported-by: Jon Hunter <jonathanh(a)nvidia.com> Signed-off-by: Vinod Koul <vinod.koul(a)intel.com> [fabrizio: cherry-pick to 4.4] Signed-off-by: Fabrizio Castro <fabrizio.castro(a)bp.renesas.com> Signed-off-by: Jianming Qiao <jianming.qiao(a)bp.renesas.com> --- Hello Greg, while backporting commit 757d12e5849be549076901b0d33c60d5f360269c to the CIP kernel Ben recommended to send the same patch to you for 4.4 stable. I hope the format of the commit is the one you expect (reference to the upstream commit, version to cherry-pick the patch to, and Signed-off-by tags). Thanks, Fab include/linux/dmaengine.h | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/include/linux/dmaengine.h b/include/linux/dmaengine.h index c47c68e..a16d185 100644 --- a/include/linux/dmaengine.h +++ b/include/linux/dmaengine.h @@ -767,6 +767,9 @@ static inline struct dma_async_tx_descriptor *dmaengine_prep_slave_single( sg_dma_address(&sg) = buf; sg_dma_len(&sg) = len; + if (!chan || !chan->device || !chan->device->device_prep_slave_sg) + return NULL; + return chan->device->device_prep_slave_sg(chan, &sg, 1, dir, flags, NULL); } @@ -775,6 +778,9 @@ static inline struct dma_async_tx_descriptor *dmaengine_prep_slave_sg( struct dma_chan *chan, struct scatterlist *sgl, unsigned int sg_len, enum dma_transfer_direction dir, unsigned long flags) { + if (!chan || !chan->device || !chan->device->device_prep_slave_sg) + return NULL; + return chan->device->device_prep_slave_sg(chan, sgl, sg_len, dir, flags, NULL); } @@ -786,6 +792,9 @@ static inline struct dma_async_tx_descriptor *dmaengine_prep_rio_sg( enum dma_transfer_direction dir, unsigned long flags, struct rio_dma_ext *rio_ext) { + if (!chan || !chan->device || !chan->device->device_prep_slave_sg) + return NULL; + return chan->device->device_prep_slave_sg(chan, sgl, sg_len, dir, flags, rio_ext); } @@ -796,6 +805,9 @@ static inline struct dma_async_tx_descriptor *dmaengine_prep_dma_cyclic( size_t period_len, enum dma_transfer_direction dir, unsigned long flags) { + if (!chan || !chan->device || !chan->device->device_prep_dma_cyclic) + return NULL; + return chan->device->device_prep_dma_cyclic(chan, buf_addr, buf_len, period_len, dir, flags); } @@ -804,6 +816,9 @@ static inline struct dma_async_tx_descriptor *dmaengine_prep_interleaved_dma( struct dma_chan *chan, struct dma_interleaved_template *xt, unsigned long flags) { + if (!chan || !chan->device || !chan->device->device_prep_interleaved_dma) + return NULL; + return chan->device->device_prep_interleaved_dma(chan, xt, flags); } @@ -811,7 +826,7 @@ static inline struct dma_async_tx_descriptor *dmaengine_prep_dma_memset( struct dma_chan *chan, dma_addr_t dest, int value, size_t len, unsigned long flags) { - if (!chan || !chan->device) + if (!chan || !chan->device || !chan->device->device_prep_dma_memset) return NULL; return chan->device->device_prep_dma_memset(chan, dest, value, @@ -824,6 +839,9 @@ static inline struct dma_async_tx_descriptor *dmaengine_prep_dma_sg( struct scatterlist *src_sg, unsigned int src_nents, unsigned long flags) { + if (!chan || !chan->device || !chan->device->device_prep_dma_sg) + return NULL; + return chan->device->device_prep_dma_sg(chan, dst_sg, dst_nents, src_sg, src_nents, flags); } -- 2.7.4

7 years, 3 months

2
1
0 0

[PATCH ghak82] audit: Fix wrong task in comparison of session ID

by Ondrej Mosnacek

The audit_filter_rules() function in auditsc.c compared the session ID with the credentials of the current task, while it should use the credentials of the task given to audit_filter_rules() as a parameter (tsk). GitHub issue: https://github.com/linux-audit/audit-kernel/issues/82 Fixes: 8fae47705685 ("audit: add support for session ID user filter") Cc: stable(a)vger.kernel.org Signed-off-by: Ondrej Mosnacek <omosnace(a)redhat.com> --- kernel/auditsc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index ec38e4d97c23..6d577a34b16b 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -513,7 +513,7 @@ static int audit_filter_rules(struct task_struct *tsk, result = audit_gid_comparator(cred->fsgid, f->op, f->gid); break; case AUDIT_SESSIONID: - sessionid = audit_get_sessionid(current); + sessionid = audit_get_sessionid(tsk); result = audit_comparator(sessionid, f->op, f->val); break; case AUDIT_PERS: -- 2.17.0

7 years, 3 months

3
4
0 0

[merged] mm-dont-allow-deferred-pages-with-need_per_cpu_km.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm: don't allow deferred pages with NEED_PER_CPU_KM has been removed from the -mm tree. Its filename was mm-dont-allow-deferred-pages-with-need_per_cpu_km.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Pavel Tatashin <pasha.tatashin(a)oracle.com> Subject: mm: don't allow deferred pages with NEED_PER_CPU_KM It is unsafe to do virtual to physical translations before mm_init() is called if struct page is needed in order to determine the memory section number (see SECTION_IN_PAGE_FLAGS). This is because only in mm_init() we initialize struct pages for all the allocated memory when deferred struct pages are used. My recent fix c9e97a1997 ("mm: initialize pages on demand during boot") exposed this problem, because it greatly reduced number of pages that are initialized before mm_init(), but the problem existed even before my fix, as Fengguang Wu found. Below is a more detailed explanation of the problem. We initialize struct pages in four places: 1. Early in boot a small set of struct pages is initialized to fill the first section, and lower zones. 2. During mm_init() we initialize "struct pages" for all the memory that is allocated, i.e reserved in memblock. 3. Using on-demand logic when pages are allocated after mm_init call (when memblock is finished) 4. After smp_init() when the rest free deferred pages are initialized. The problem occurs if we try to do va to phys translation of a memory between steps 1 and 2. Because we have not yet initialized struct pages for all the reserved pages, it is inherently unsafe to do va to phys if the translation itself requires access of "struct page" as in case of this combination: CONFIG_SPARSE && !CONFIG_SPARSE_VMEMMAP The following path exposes the problem: start_kernel() trap_init() setup_cpu_entry_areas() setup_cpu_entry_area(cpu) get_cpu_gdt_paddr(cpu) per_cpu_ptr_to_phys(addr) pcpu_addr_to_page(addr) virt_to_page(addr) pfn_to_page(__pa(addr) >> PAGE_SHIFT) We disable this path by not allowing NEED_PER_CPU_KM with deferred struct pages feature. The problems are discussed in these threads: http://lkml.kernel.org/r/20180418135300.inazvpxjxowogyge@wfg-t540p.sh.intel… http://lkml.kernel.org/r/20180419013128.iurzouiqxvcnpbvz@wfg-t540p.sh.intel… http://lkml.kernel.org/r/20180426202619.2768-1-pasha.tatashin@oracle.com Link: http://lkml.kernel.org/r/20180515175124.1770-1-pasha.tatashin@oracle.com Fixes: 3a80a7fa7989 ("mm: meminit: initialise a subset of struct pages if CONFIG_DEFERRED_STRUCT_PAGE_INIT is set") Signed-off-by: Pavel Tatashin <pasha.tatashin(a)oracle.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Reviewed-by: Andrew Morton <akpm(a)linux-foundation.org> Cc: Steven Sistare <steven.sistare(a)oracle.com> Cc: Daniel Jordan <daniel.m.jordan(a)oracle.com> Cc: Mel Gorman <mgorman(a)techsingularity.net> Cc: Fengguang Wu <fengguang.wu(a)intel.com> Cc: Dennis Zhou <dennisszhou(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/Kconfig | 1 + 1 file changed, 1 insertion(+) diff -puN mm/Kconfig~mm-dont-allow-deferred-pages-with-need_per_cpu_km mm/Kconfig --- a/mm/Kconfig~mm-dont-allow-deferred-pages-with-need_per_cpu_km +++ a/mm/Kconfig @@ -636,6 +636,7 @@ config DEFERRED_STRUCT_PAGE_INIT default n depends on NO_BOOTMEM depends on !FLATMEM + depends on !NEED_PER_CPU_KM help Ordinarily all struct pages are initialised during early boot in a single thread. On very large machines this can take a considerable _ Patches currently in -mm which might be from pasha.tatashin(a)oracle.com are sparc64-ng4-memset-32-bits-overflow.patch

7 years, 3 months

1
0
0 0

[merged] radix-tree-fix-multi-order-iteration-race.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: radix tree: fix multi-order iteration race has been removed from the -mm tree. Its filename was radix-tree-fix-multi-order-iteration-race.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Ross Zwisler <ross.zwisler(a)linux.intel.com> Subject: radix tree: fix multi-order iteration race Fix a race in the multi-order iteration code which causes the kernel to hit a GP fault. This was first seen with a production v4.15 based kernel (4.15.6-300.fc27.x86_64) utilizing a DAX workload which used order 9 PMD DAX entries. The race has to do with how we tear down multi-order sibling entries when we are removing an item from the tree. Remember for example that an order 2 entry looks like this: struct radix_tree_node.slots[] = [entry][sibling][sibling][sibling] where 'entry' is in some slot in the struct radix_tree_node, and the three slots following 'entry' contain sibling pointers which point back to 'entry.' When we delete 'entry' from the tree, we call : radix_tree_delete() radix_tree_delete_item() __radix_tree_delete() replace_slot() replace_slot() first removes the siblings in order from the first to the last, then at then replaces 'entry' with NULL. This means that for a brief period of time we end up with one or more of the siblings removed, so: struct radix_tree_node.slots[] = [entry][NULL][sibling][sibling] This causes an issue if you have a reader iterating over the slots in the tree via radix_tree_for_each_slot() while only under rcu_read_lock()/rcu_read_unlock() protection. This is a common case in mm/filemap.c. The issue is that when __radix_tree_next_slot() => skip_siblings() tries to skip over the sibling entries in the slots, it currently does so with an exact match on the slot directly preceding our current slot. Normally this works: V preceding slot struct radix_tree_node.slots[] = [entry][sibling][sibling][sibling] ^ current slot This lets you find the first sibling, and you skip them all in order. But in the case where one of the siblings is NULL, that slot is skipped and then our sibling detection is interrupted: V preceding slot struct radix_tree_node.slots[] = [entry][NULL][sibling][sibling] ^ current slot This means that the sibling pointers aren't recognized since they point all the way back to 'entry', so we think that they are normal internal radix tree pointers. This causes us to think we need to walk down to a struct radix_tree_node starting at the address of 'entry'. In a real running kernel this will crash the thread with a GP fault when you try and dereference the slots in your broken node starting at 'entry'. We fix this race by fixing the way that skip_siblings() detects sibling nodes. Instead of testing against the preceding slot we instead look for siblings via is_sibling_entry() which compares against the position of the struct radix_tree_node.slots[] array. This ensures that sibling entries are properly identified, even if they are no longer contiguous with the 'entry' they point to. Link: http://lkml.kernel.org/r/20180503192430.7582-6-ross.zwisler@linux.intel.com Fixes: 148deab223b2 ("radix-tree: improve multiorder iterators") Signed-off-by: Ross Zwisler <ross.zwisler(a)linux.intel.com> Reported-by: CR, Sapthagirish <sapthagirish.cr(a)intel.com> Reviewed-by: Jan Kara <jack(a)suse.cz> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: Christoph Hellwig <hch(a)lst.de> Cc: Dan Williams <dan.j.williams(a)intel.com> Cc: Dave Chinner <david(a)fromorbit.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- lib/radix-tree.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff -puN lib/radix-tree.c~radix-tree-fix-multi-order-iteration-race lib/radix-tree.c --- a/lib/radix-tree.c~radix-tree-fix-multi-order-iteration-race +++ a/lib/radix-tree.c @@ -1612,11 +1612,9 @@ static void set_iter_tags(struct radix_t static void __rcu **skip_siblings(struct radix_tree_node **nodep, void __rcu **slot, struct radix_tree_iter *iter) { - void *sib = node_to_entry(slot - 1); - while (iter->index < iter->next_index) { *nodep = rcu_dereference_raw(*slot); - if (*nodep && *nodep != sib) + if (*nodep && !is_sibling_entry(iter->node, *nodep)) return slot; slot++; iter->index = __radix_tree_iter_add(iter, 1); @@ -1631,7 +1629,7 @@ void __rcu **__radix_tree_next_slot(void struct radix_tree_iter *iter, unsigned flags) { unsigned tag = flags & RADIX_TREE_ITER_TAG_MASK; - struct radix_tree_node *node = rcu_dereference_raw(*slot); + struct radix_tree_node *node; slot = skip_siblings(&node, slot, iter); _ Patches currently in -mm which might be from ross.zwisler(a)linux.intel.com are

7 years, 3 months

1
0
0 0

[merged] lib-test_bitmapc-fix-bitmap-optimisation-tests-to-report-errors-correctly.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: lib/test_bitmap.c: fix bitmap optimisation tests to report errors correctly has been removed from the -mm tree. Its filename was lib-test_bitmapc-fix-bitmap-optimisation-tests-to-report-errors-correctly.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Matthew Wilcox <mawilcox(a)microsoft.com> Subject: lib/test_bitmap.c: fix bitmap optimisation tests to report errors correctly I had neglected to increment the error counter when the tests failed, which made the tests noisy when they fail, but not actually return an error code. Link: http://lkml.kernel.org/r/20180509114328.9887-1-mpe@ellerman.id.au Fixes: 3cc78125a081 ("lib/test_bitmap.c: add optimisation tests") Signed-off-by: Matthew Wilcox <mawilcox(a)microsoft.com> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> Reported-by: Michael Ellerman <mpe(a)ellerman.id.au> Tested-by: Michael Ellerman <mpe(a)ellerman.id.au> Reviewed-by: Kees Cook <keescook(a)chromium.org> Cc: Yury Norov <ynorov(a)caviumnetworks.com> Cc: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Cc: Geert Uytterhoeven <geert(a)linux-m68k.org> Cc: <stable(a)vger.kernel.org> [4.13+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- lib/test_bitmap.c | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff -puN lib/test_bitmap.c~lib-test_bitmapc-fix-bitmap-optimisation-tests-to-report-errors-correctly lib/test_bitmap.c --- a/lib/test_bitmap.c~lib-test_bitmapc-fix-bitmap-optimisation-tests-to-report-errors-correctly +++ a/lib/test_bitmap.c @@ -331,23 +331,32 @@ static void noinline __init test_mem_opt unsigned int start, nbits; for (start = 0; start < 1024; start += 8) { - memset(bmap1, 0x5a, sizeof(bmap1)); - memset(bmap2, 0x5a, sizeof(bmap2)); for (nbits = 0; nbits < 1024 - start; nbits += 8) { + memset(bmap1, 0x5a, sizeof(bmap1)); + memset(bmap2, 0x5a, sizeof(bmap2)); + bitmap_set(bmap1, start, nbits); __bitmap_set(bmap2, start, nbits); - if (!bitmap_equal(bmap1, bmap2, 1024)) + if (!bitmap_equal(bmap1, bmap2, 1024)) { printk("set not equal %d %d\n", start, nbits); - if (!__bitmap_equal(bmap1, bmap2, 1024)) + failed_tests++; + } + if (!__bitmap_equal(bmap1, bmap2, 1024)) { printk("set not __equal %d %d\n", start, nbits); + failed_tests++; + } bitmap_clear(bmap1, start, nbits); __bitmap_clear(bmap2, start, nbits); - if (!bitmap_equal(bmap1, bmap2, 1024)) + if (!bitmap_equal(bmap1, bmap2, 1024)) { printk("clear not equal %d %d\n", start, nbits); - if (!__bitmap_equal(bmap1, bmap2, 1024)) + failed_tests++; + } + if (!__bitmap_equal(bmap1, bmap2, 1024)) { printk("clear not __equal %d %d\n", start, nbits); + failed_tests++; + } } } } _ Patches currently in -mm which might be from mawilcox(a)microsoft.com are idr-fix-invalid-ptr-dereference-on-item-delete.patch slab-__gfp_zero-is-incompatible-with-a-constructor.patch s390-use-_refcount-for-pgtables.patch mm-split-page_type-out-from-_mapcount.patch mm-mark-pages-in-use-for-page-tables.patch mm-switch-s_mem-and-slab_cache-in-struct-page.patch mm-move-private-union-within-struct-page.patch mm-move-_refcount-out-of-struct-page-union.patch mm-combine-first-three-unions-in-struct-page.patch mm-use-page-deferred_list.patch mm-move-lru-union-within-struct-page.patch mm-combine-lru-and-main-union-in-struct-page.patch mm-improve-struct-page-documentation.patch mm-add-pt_mm-to-struct-page.patch mm-add-hmm_data-to-struct-page.patch slabslub-remove-rcu_head-size-checks.patch slub-remove-kmem_cache-reserved.patch slub-remove-reserved-file-from-sysfs.patch mm-distinguish-vmalloc-pages.patch ida-remove-simple_ida_lock.patch

7 years, 3 months

1
0
0 0

Please include following patches to 4.4/4.9/4.14

by Nikolay Borisov

Hello Greg, Here are trivial backports for upstream commit, which is tagged as stable: 02a3307aa9c2 ("btrfs: fix reading stale metadata blocks after degraded raid1 mounts") Regards, Nikolay

7 years, 3 months

2
8
0 0

[PATCH resend] libata: blacklist Micron 500IT SSD with MU01 firmware

by Sudip Mukherjee

From: Sudip Mukherjee <sudipm.mukherjee(a)gmail.com> While whitelisting Micron M500DC drives, the tweaked blacklist entry enabled queued TRIM from M500IT variants also. But these do not support queued TRIM. And while using those SSDs with the latest kernel we have seen errors and even the partition table getting corrupted. Some part from the dmesg: [ 6.727384] ata1.00: ATA-9: Micron_M500IT_MTFDDAK060MBD, MU01, max UDMA/133 [ 6.727390] ata1.00: 117231408 sectors, multi 16: LBA48 NCQ (depth 31/32), AA [ 6.741026] ata1.00: supports DRM functions and may not be fully accessible [ 6.759887] ata1.00: configured for UDMA/133 [ 6.762256] scsi 0:0:0:0: Direct-Access ATA Micron_M500IT_MT MU01 PQ: 0 ANSI: 5 and then for the error: [ 120.860334] ata1.00: exception Emask 0x1 SAct 0x7ffc0007 SErr 0x0 action 0x6 frozen [ 120.860338] ata1.00: irq_stat 0x40000008 [ 120.860342] ata1.00: failed command: SEND FPDMA QUEUED [ 120.860351] ata1.00: cmd 64/01:00:00:00:00/00:00:00:00:00/a0 tag 0 ncq dma 512 out res 40/00:00:00:00:00/00:00:00:00:00/00 Emask 0x5 (timeout) [ 120.860353] ata1.00: status: { DRDY } [ 120.860543] ata1: hard resetting link [ 121.166128] ata1: SATA link up 3.0 Gbps (SStatus 123 SControl 300) [ 121.166376] ata1.00: supports DRM functions and may not be fully accessible [ 121.186238] ata1.00: supports DRM functions and may not be fully accessible [ 121.204445] ata1.00: configured for UDMA/133 [ 121.204454] ata1.00: device reported invalid CHS sector 0 [ 121.204541] sd 0:0:0:0: [sda] tag#18 UNKNOWN(0x2003) Result: hostbyte=0x00 driverbyte=0x08 [ 121.204546] sd 0:0:0:0: [sda] tag#18 Sense Key : 0x5 [current] [ 121.204550] sd 0:0:0:0: [sda] tag#18 ASC=0x21 ASCQ=0x4 [ 121.204555] sd 0:0:0:0: [sda] tag#18 CDB: opcode=0x93 93 08 00 00 00 00 00 04 28 80 00 00 00 30 00 00 [ 121.204559] print_req_error: I/O error, dev sda, sector 272512 After few reboots with these errors, and the SSD is corrupted. After blacklisting it, the errors are not seen and the SSD does not get corrupted any more. Fixes: 243918be6393 ("libata: Do not blacklist Micron M500DC") Cc: Martin K. Petersen <martin.petersen(a)oracle.com> Cc: stable(a)vger.kernel.org Signed-off-by: Sudip Mukherjee <sudipm.mukherjee(a)gmail.com> --- This is a resend of v1. v2 was blacklisting all Micron SSDs but Martin has confirmed that only M500IT with MU01 firmware is affected. drivers/ata/libata-core.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c index eaf0f42f6f28..cdcd55cb2a9a 100644 --- a/drivers/ata/libata-core.c +++ b/drivers/ata/libata-core.c @@ -4554,6 +4554,8 @@ static const struct ata_blacklist_entry ata_device_blacklist [] = { { "SanDisk SD7UB3Q*G1001", NULL, ATA_HORKAGE_NOLPM, }, /* devices that don't properly handle queued TRIM commands */ + { "Micron_M500IT_*", "MU01", ATA_HORKAGE_NO_NCQ_TRIM | + ATA_HORKAGE_ZERO_AFTER_TRIM, }, { "Micron_M500_*", NULL, ATA_HORKAGE_NO_NCQ_TRIM | ATA_HORKAGE_ZERO_AFTER_TRIM, }, { "Crucial_CT*M500*", NULL, ATA_HORKAGE_NO_NCQ_TRIM | -- 2.11.0

7 years, 3 months

2
1
0 0

FAILED: patch "[PATCH] btrfs: Fix delalloc inodes invalidation during transaction" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From fe816d0f1d4c31c4c31d42ca78a87660565fc800 Mon Sep 17 00:00:00 2001 From: Nikolay Borisov <nborisov(a)suse.com> Date: Fri, 27 Apr 2018 12:21:53 +0300 Subject: [PATCH] btrfs: Fix delalloc inodes invalidation during transaction abort When a transaction is aborted btrfs_cleanup_transaction is called to cleanup all the various in-flight bits and pieces which migth be active. One of those is delalloc inodes - inodes which have dirty pages which haven't been persisted yet. Currently the process of freeing such delalloc inodes in exceptional circumstances such as transaction abort boiled down to calling btrfs_invalidate_inodes whose sole job is to invalidate the dentries for all inodes related to a root. This is in fact wrong and insufficient since such delalloc inodes will likely have pending pages or ordered-extents and will be linked to the sb->s_inode_list. This means that unmounting a btrfs instance with an aborted transaction could potentially lead inodes/their pages visible to the system long after their superblock has been freed. This in turn leads to a "use-after-free" situation once page shrink is triggered. This situation could be simulated by running generic/019 which would cause such inodes to be left hanging, followed by generic/176 which causes memory pressure and page eviction which lead to touching the freed super block instance. This situation is additionally detected by the unmount code of VFS with the following message: "VFS: Busy inodes after unmount of Self-destruct in 5 seconds. Have a nice day..." Additionally btrfs hits WARN_ON(!RB_EMPTY_ROOT(&root->inode_tree)); in free_fs_root for the same reason. This patch aims to rectify the sitaution by doing the following: 1. Change btrfs_destroy_delalloc_inodes so that it calls invalidate_inode_pages2 for every inode on the delalloc list, this ensures that all the pages of the inode are released. This function boils down to calling btrfs_releasepage. During test I observed cases where inodes on the delalloc list were having an i_count of 0, so this necessitates using igrab to be sure we are working on a non-freed inode. 2. Since calling btrfs_releasepage might queue delayed iputs move the call out to btrfs_cleanup_transaction in btrfs_error_commit_super before calling run_delayed_iputs for the last time. This is necessary to ensure that delayed iputs are run. Note: this patch is tagged for 4.14 stable but the fix applies to older versions too but needs to be backported manually due to conflicts. CC: stable(a)vger.kernel.org # 4.14.x: 2b8773313494: btrfs: Split btrfs_del_delalloc_inode into 2 functions CC: stable(a)vger.kernel.org # 4.14.x Signed-off-by: Nikolay Borisov <nborisov(a)suse.com> Reviewed-by: David Sterba <dsterba(a)suse.com> [ add comment to igrab ] Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c index 60caa68c3618..c3504b4d281b 100644 --- a/fs/btrfs/disk-io.c +++ b/fs/btrfs/disk-io.c @@ -3818,6 +3818,7 @@ void close_ctree(struct btrfs_fs_info *fs_info) set_bit(BTRFS_FS_CLOSING_DONE, &fs_info->flags); btrfs_free_qgroup_config(fs_info); + ASSERT(list_empty(&fs_info->delalloc_roots)); if (percpu_counter_sum(&fs_info->delalloc_bytes)) { btrfs_info(fs_info, "at unmount delalloc count %lld", @@ -4125,15 +4126,15 @@ static int btrfs_check_super_valid(struct btrfs_fs_info *fs_info) static void btrfs_error_commit_super(struct btrfs_fs_info *fs_info) { + /* cleanup FS via transaction */ + btrfs_cleanup_transaction(fs_info); + mutex_lock(&fs_info->cleaner_mutex); btrfs_run_delayed_iputs(fs_info); mutex_unlock(&fs_info->cleaner_mutex); down_write(&fs_info->cleanup_work_sem); up_write(&fs_info->cleanup_work_sem); - - /* cleanup FS via transaction */ - btrfs_cleanup_transaction(fs_info); } static void btrfs_destroy_ordered_extents(struct btrfs_root *root) @@ -4258,19 +4259,23 @@ static void btrfs_destroy_delalloc_inodes(struct btrfs_root *root) list_splice_init(&root->delalloc_inodes, &splice); while (!list_empty(&splice)) { + struct inode *inode = NULL; btrfs_inode = list_first_entry(&splice, struct btrfs_inode, delalloc_inodes); - - list_del_init(&btrfs_inode->delalloc_inodes); - clear_bit(BTRFS_INODE_IN_DELALLOC_LIST, - &btrfs_inode->runtime_flags); + __btrfs_del_delalloc_inode(root, btrfs_inode); spin_unlock(&root->delalloc_lock); - btrfs_invalidate_inodes(btrfs_inode->root); - + /* + * Make sure we get a live inode and that it'll not disappear + * meanwhile. + */ + inode = igrab(&btrfs_inode->vfs_inode); + if (inode) { + invalidate_inode_pages2(inode->i_mapping); + iput(inode); + } spin_lock(&root->delalloc_lock); } - spin_unlock(&root->delalloc_lock); } @@ -4286,7 +4291,6 @@ static void btrfs_destroy_all_delalloc_inodes(struct btrfs_fs_info *fs_info) while (!list_empty(&splice)) { root = list_first_entry(&splice, struct btrfs_root, delalloc_root); - list_del_init(&root->delalloc_root); root = btrfs_grab_fs_root(root); BUG_ON(!root); spin_unlock(&fs_info->delalloc_root_lock);

7 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: Fix delalloc inodes invalidation during transaction" failed to apply to 4.16-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.16-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From fe816d0f1d4c31c4c31d42ca78a87660565fc800 Mon Sep 17 00:00:00 2001 From: Nikolay Borisov <nborisov(a)suse.com> Date: Fri, 27 Apr 2018 12:21:53 +0300 Subject: [PATCH] btrfs: Fix delalloc inodes invalidation during transaction abort When a transaction is aborted btrfs_cleanup_transaction is called to cleanup all the various in-flight bits and pieces which migth be active. One of those is delalloc inodes - inodes which have dirty pages which haven't been persisted yet. Currently the process of freeing such delalloc inodes in exceptional circumstances such as transaction abort boiled down to calling btrfs_invalidate_inodes whose sole job is to invalidate the dentries for all inodes related to a root. This is in fact wrong and insufficient since such delalloc inodes will likely have pending pages or ordered-extents and will be linked to the sb->s_inode_list. This means that unmounting a btrfs instance with an aborted transaction could potentially lead inodes/their pages visible to the system long after their superblock has been freed. This in turn leads to a "use-after-free" situation once page shrink is triggered. This situation could be simulated by running generic/019 which would cause such inodes to be left hanging, followed by generic/176 which causes memory pressure and page eviction which lead to touching the freed super block instance. This situation is additionally detected by the unmount code of VFS with the following message: "VFS: Busy inodes after unmount of Self-destruct in 5 seconds. Have a nice day..." Additionally btrfs hits WARN_ON(!RB_EMPTY_ROOT(&root->inode_tree)); in free_fs_root for the same reason. This patch aims to rectify the sitaution by doing the following: 1. Change btrfs_destroy_delalloc_inodes so that it calls invalidate_inode_pages2 for every inode on the delalloc list, this ensures that all the pages of the inode are released. This function boils down to calling btrfs_releasepage. During test I observed cases where inodes on the delalloc list were having an i_count of 0, so this necessitates using igrab to be sure we are working on a non-freed inode. 2. Since calling btrfs_releasepage might queue delayed iputs move the call out to btrfs_cleanup_transaction in btrfs_error_commit_super before calling run_delayed_iputs for the last time. This is necessary to ensure that delayed iputs are run. Note: this patch is tagged for 4.14 stable but the fix applies to older versions too but needs to be backported manually due to conflicts. CC: stable(a)vger.kernel.org # 4.14.x: 2b8773313494: btrfs: Split btrfs_del_delalloc_inode into 2 functions CC: stable(a)vger.kernel.org # 4.14.x Signed-off-by: Nikolay Borisov <nborisov(a)suse.com> Reviewed-by: David Sterba <dsterba(a)suse.com> [ add comment to igrab ] Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c index 60caa68c3618..c3504b4d281b 100644 --- a/fs/btrfs/disk-io.c +++ b/fs/btrfs/disk-io.c @@ -3818,6 +3818,7 @@ void close_ctree(struct btrfs_fs_info *fs_info) set_bit(BTRFS_FS_CLOSING_DONE, &fs_info->flags); btrfs_free_qgroup_config(fs_info); + ASSERT(list_empty(&fs_info->delalloc_roots)); if (percpu_counter_sum(&fs_info->delalloc_bytes)) { btrfs_info(fs_info, "at unmount delalloc count %lld", @@ -4125,15 +4126,15 @@ static int btrfs_check_super_valid(struct btrfs_fs_info *fs_info) static void btrfs_error_commit_super(struct btrfs_fs_info *fs_info) { + /* cleanup FS via transaction */ + btrfs_cleanup_transaction(fs_info); + mutex_lock(&fs_info->cleaner_mutex); btrfs_run_delayed_iputs(fs_info); mutex_unlock(&fs_info->cleaner_mutex); down_write(&fs_info->cleanup_work_sem); up_write(&fs_info->cleanup_work_sem); - - /* cleanup FS via transaction */ - btrfs_cleanup_transaction(fs_info); } static void btrfs_destroy_ordered_extents(struct btrfs_root *root) @@ -4258,19 +4259,23 @@ static void btrfs_destroy_delalloc_inodes(struct btrfs_root *root) list_splice_init(&root->delalloc_inodes, &splice); while (!list_empty(&splice)) { + struct inode *inode = NULL; btrfs_inode = list_first_entry(&splice, struct btrfs_inode, delalloc_inodes); - - list_del_init(&btrfs_inode->delalloc_inodes); - clear_bit(BTRFS_INODE_IN_DELALLOC_LIST, - &btrfs_inode->runtime_flags); + __btrfs_del_delalloc_inode(root, btrfs_inode); spin_unlock(&root->delalloc_lock); - btrfs_invalidate_inodes(btrfs_inode->root); - + /* + * Make sure we get a live inode and that it'll not disappear + * meanwhile. + */ + inode = igrab(&btrfs_inode->vfs_inode); + if (inode) { + invalidate_inode_pages2(inode->i_mapping); + iput(inode); + } spin_lock(&root->delalloc_lock); } - spin_unlock(&root->delalloc_lock); } @@ -4286,7 +4291,6 @@ static void btrfs_destroy_all_delalloc_inodes(struct btrfs_fs_info *fs_info) while (!list_empty(&splice)) { root = list_first_entry(&splice, struct btrfs_root, delalloc_root); - list_del_init(&root->delalloc_root); root = btrfs_grab_fs_root(root); BUG_ON(!root); spin_unlock(&fs_info->delalloc_root_lock);

7 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] Btrfs: send, fix invalid access to commit roots due to" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 6f2f0b394b54e2b159ef969a0b5274e9bbf82ff2 Mon Sep 17 00:00:00 2001 From: Robbie Ko <robbieko(a)synology.com> Date: Mon, 14 May 2018 10:51:34 +0800 Subject: [PATCH] Btrfs: send, fix invalid access to commit roots due to concurrent snapshotting [BUG] btrfs incremental send BUG happens when creating a snapshot of snapshot that is being used by send. [REASON] The problem can happen if while we are doing a send one of the snapshots used (parent or send) is snapshotted, because snapshoting implies COWing the root of the source subvolume/snapshot. 1. When doing an incremental send, the send process will get the commit roots from the parent and send snapshots, and add references to them through extent_buffer_get(). 2. When a snapshot/subvolume is snapshotted, its root node is COWed (transaction.c:create_pending_snapshot()). 3. COWing releases the space used by the node immediately, through: __btrfs_cow_block() --btrfs_free_tree_block() ----btrfs_add_free_space(bytenr of node) 4. Because send doesn't hold a transaction open, it's possible that the transaction used to create the snapshot commits, switches the commit root and the old space used by the previous root node gets assigned to some other node allocation. Allocation of a new node will use the existing extent buffer found in memory, which we previously got a reference through extent_buffer_get(), and allow the extent buffer's content (pages) to be modified: btrfs_alloc_tree_block --btrfs_reserve_extent ----find_free_extent (get bytenr of old node) --btrfs_init_new_buffer (use bytenr of old node) ----btrfs_find_create_tree_block ------alloc_extent_buffer --------find_extent_buffer (get old node) 5. So send can access invalid memory content and have unpredictable behaviour. [FIX] So we fix the problem by copying the commit roots of the send and parent snapshots and use those copies. CallTrace looks like this: ------------[ cut here ]------------ kernel BUG at fs/btrfs/ctree.c:1861! invalid opcode: 0000 [#1] SMP CPU: 6 PID: 24235 Comm: btrfs Tainted: P O 3.10.105 #23721 ffff88046652d680 ti: ffff88041b720000 task.ti: ffff88041b720000 RIP: 0010:[<ffffffffa08dd0e8>] read_node_slot+0x108/0x110 [btrfs] RSP: 0018:ffff88041b723b68 EFLAGS: 00010246 RAX: ffff88043ca6b000 RBX: ffff88041b723c50 RCX: ffff880000000000 RDX: 000000000000004c RSI: ffff880314b133f8 RDI: ffff880458b24000 RBP: 0000000000000000 R08: 0000000000000001 R09: ffff88041b723c66 R10: 0000000000000001 R11: 0000000000001000 R12: ffff8803f3e48890 R13: ffff8803f3e48880 R14: ffff880466351800 R15: 0000000000000001 FS: 00007f8c321dc8c0(0000) GS:ffff88047fcc0000(0000) CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 R2: 00007efd1006d000 CR3: 0000000213a24000 CR4: 00000000003407e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Stack: ffff88041b723c50 ffff8803f3e48880 ffff8803f3e48890 ffff8803f3e48880 ffff880466351800 0000000000000001 ffffffffa08dd9d7 ffff88041b723c50 ffff8803f3e48880 ffff88041b723c66 ffffffffa08dde85 a9ff88042d2c4400 Call Trace: [<ffffffffa08dd9d7>] ? tree_move_down.isra.33+0x27/0x50 [btrfs] [<ffffffffa08dde85>] ? tree_advance+0xb5/0xc0 [btrfs] [<ffffffffa08e83d4>] ? btrfs_compare_trees+0x2d4/0x760 [btrfs] [<ffffffffa0982050>] ? finish_inode_if_needed+0x870/0x870 [btrfs] [<ffffffffa09841ea>] ? btrfs_ioctl_send+0xeda/0x1050 [btrfs] [<ffffffffa094bd3d>] ? btrfs_ioctl+0x1e3d/0x33f0 [btrfs] [<ffffffff81111133>] ? handle_pte_fault+0x373/0x990 [<ffffffff8153a096>] ? atomic_notifier_call_chain+0x16/0x20 [<ffffffff81063256>] ? set_task_cpu+0xb6/0x1d0 [<ffffffff811122c3>] ? handle_mm_fault+0x143/0x2a0 [<ffffffff81539cc0>] ? __do_page_fault+0x1d0/0x500 [<ffffffff81062f07>] ? check_preempt_curr+0x57/0x90 [<ffffffff8115075a>] ? do_vfs_ioctl+0x4aa/0x990 [<ffffffff81034f83>] ? do_fork+0x113/0x3b0 [<ffffffff812dd7d7>] ? trace_hardirqs_off_thunk+0x3a/0x6c [<ffffffff81150cc8>] ? SyS_ioctl+0x88/0xa0 [<ffffffff8153e422>] ? system_call_fastpath+0x16/0x1b ---[ end trace 29576629ee80b2e1 ]--- Fixes: 7069830a9e38 ("Btrfs: add btrfs_compare_trees function") CC: stable(a)vger.kernel.org # 3.6+ Signed-off-by: Robbie Ko <robbieko(a)synology.com> Reviewed-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c index 3fd44835b386..63488f0b850f 100644 --- a/fs/btrfs/ctree.c +++ b/fs/btrfs/ctree.c @@ -5414,12 +5414,24 @@ int btrfs_compare_trees(struct btrfs_root *left_root, down_read(&fs_info->commit_root_sem); left_level = btrfs_header_level(left_root->commit_root); left_root_level = left_level; - left_path->nodes[left_level] = left_root->commit_root; + left_path->nodes[left_level] = + btrfs_clone_extent_buffer(left_root->commit_root); + if (!left_path->nodes[left_level]) { + up_read(&fs_info->commit_root_sem); + ret = -ENOMEM; + goto out; + } extent_buffer_get(left_path->nodes[left_level]); right_level = btrfs_header_level(right_root->commit_root); right_root_level = right_level; - right_path->nodes[right_level] = right_root->commit_root; + right_path->nodes[right_level] = + btrfs_clone_extent_buffer(right_root->commit_root); + if (!right_path->nodes[right_level]) { + up_read(&fs_info->commit_root_sem); + ret = -ENOMEM; + goto out; + } extent_buffer_get(right_path->nodes[right_level]); up_read(&fs_info->commit_root_sem);

7 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] Btrfs: send, fix invalid access to commit roots due to" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 6f2f0b394b54e2b159ef969a0b5274e9bbf82ff2 Mon Sep 17 00:00:00 2001 From: Robbie Ko <robbieko(a)synology.com> Date: Mon, 14 May 2018 10:51:34 +0800 Subject: [PATCH] Btrfs: send, fix invalid access to commit roots due to concurrent snapshotting [BUG] btrfs incremental send BUG happens when creating a snapshot of snapshot that is being used by send. [REASON] The problem can happen if while we are doing a send one of the snapshots used (parent or send) is snapshotted, because snapshoting implies COWing the root of the source subvolume/snapshot. 1. When doing an incremental send, the send process will get the commit roots from the parent and send snapshots, and add references to them through extent_buffer_get(). 2. When a snapshot/subvolume is snapshotted, its root node is COWed (transaction.c:create_pending_snapshot()). 3. COWing releases the space used by the node immediately, through: __btrfs_cow_block() --btrfs_free_tree_block() ----btrfs_add_free_space(bytenr of node) 4. Because send doesn't hold a transaction open, it's possible that the transaction used to create the snapshot commits, switches the commit root and the old space used by the previous root node gets assigned to some other node allocation. Allocation of a new node will use the existing extent buffer found in memory, which we previously got a reference through extent_buffer_get(), and allow the extent buffer's content (pages) to be modified: btrfs_alloc_tree_block --btrfs_reserve_extent ----find_free_extent (get bytenr of old node) --btrfs_init_new_buffer (use bytenr of old node) ----btrfs_find_create_tree_block ------alloc_extent_buffer --------find_extent_buffer (get old node) 5. So send can access invalid memory content and have unpredictable behaviour. [FIX] So we fix the problem by copying the commit roots of the send and parent snapshots and use those copies. CallTrace looks like this: ------------[ cut here ]------------ kernel BUG at fs/btrfs/ctree.c:1861! invalid opcode: 0000 [#1] SMP CPU: 6 PID: 24235 Comm: btrfs Tainted: P O 3.10.105 #23721 ffff88046652d680 ti: ffff88041b720000 task.ti: ffff88041b720000 RIP: 0010:[<ffffffffa08dd0e8>] read_node_slot+0x108/0x110 [btrfs] RSP: 0018:ffff88041b723b68 EFLAGS: 00010246 RAX: ffff88043ca6b000 RBX: ffff88041b723c50 RCX: ffff880000000000 RDX: 000000000000004c RSI: ffff880314b133f8 RDI: ffff880458b24000 RBP: 0000000000000000 R08: 0000000000000001 R09: ffff88041b723c66 R10: 0000000000000001 R11: 0000000000001000 R12: ffff8803f3e48890 R13: ffff8803f3e48880 R14: ffff880466351800 R15: 0000000000000001 FS: 00007f8c321dc8c0(0000) GS:ffff88047fcc0000(0000) CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 R2: 00007efd1006d000 CR3: 0000000213a24000 CR4: 00000000003407e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Stack: ffff88041b723c50 ffff8803f3e48880 ffff8803f3e48890 ffff8803f3e48880 ffff880466351800 0000000000000001 ffffffffa08dd9d7 ffff88041b723c50 ffff8803f3e48880 ffff88041b723c66 ffffffffa08dde85 a9ff88042d2c4400 Call Trace: [<ffffffffa08dd9d7>] ? tree_move_down.isra.33+0x27/0x50 [btrfs] [<ffffffffa08dde85>] ? tree_advance+0xb5/0xc0 [btrfs] [<ffffffffa08e83d4>] ? btrfs_compare_trees+0x2d4/0x760 [btrfs] [<ffffffffa0982050>] ? finish_inode_if_needed+0x870/0x870 [btrfs] [<ffffffffa09841ea>] ? btrfs_ioctl_send+0xeda/0x1050 [btrfs] [<ffffffffa094bd3d>] ? btrfs_ioctl+0x1e3d/0x33f0 [btrfs] [<ffffffff81111133>] ? handle_pte_fault+0x373/0x990 [<ffffffff8153a096>] ? atomic_notifier_call_chain+0x16/0x20 [<ffffffff81063256>] ? set_task_cpu+0xb6/0x1d0 [<ffffffff811122c3>] ? handle_mm_fault+0x143/0x2a0 [<ffffffff81539cc0>] ? __do_page_fault+0x1d0/0x500 [<ffffffff81062f07>] ? check_preempt_curr+0x57/0x90 [<ffffffff8115075a>] ? do_vfs_ioctl+0x4aa/0x990 [<ffffffff81034f83>] ? do_fork+0x113/0x3b0 [<ffffffff812dd7d7>] ? trace_hardirqs_off_thunk+0x3a/0x6c [<ffffffff81150cc8>] ? SyS_ioctl+0x88/0xa0 [<ffffffff8153e422>] ? system_call_fastpath+0x16/0x1b ---[ end trace 29576629ee80b2e1 ]--- Fixes: 7069830a9e38 ("Btrfs: add btrfs_compare_trees function") CC: stable(a)vger.kernel.org # 3.6+ Signed-off-by: Robbie Ko <robbieko(a)synology.com> Reviewed-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c index 3fd44835b386..63488f0b850f 100644 --- a/fs/btrfs/ctree.c +++ b/fs/btrfs/ctree.c @@ -5414,12 +5414,24 @@ int btrfs_compare_trees(struct btrfs_root *left_root, down_read(&fs_info->commit_root_sem); left_level = btrfs_header_level(left_root->commit_root); left_root_level = left_level; - left_path->nodes[left_level] = left_root->commit_root; + left_path->nodes[left_level] = + btrfs_clone_extent_buffer(left_root->commit_root); + if (!left_path->nodes[left_level]) { + up_read(&fs_info->commit_root_sem); + ret = -ENOMEM; + goto out; + } extent_buffer_get(left_path->nodes[left_level]); right_level = btrfs_header_level(right_root->commit_root); right_root_level = right_level; - right_path->nodes[right_level] = right_root->commit_root; + right_path->nodes[right_level] = + btrfs_clone_extent_buffer(right_root->commit_root); + if (!right_path->nodes[right_level]) { + up_read(&fs_info->commit_root_sem); + ret = -ENOMEM; + goto out; + } extent_buffer_get(right_path->nodes[right_level]); up_read(&fs_info->commit_root_sem);

7 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] Btrfs: send, fix invalid access to commit roots due to" failed to apply to 3.18-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 3.18-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 6f2f0b394b54e2b159ef969a0b5274e9bbf82ff2 Mon Sep 17 00:00:00 2001 From: Robbie Ko <robbieko(a)synology.com> Date: Mon, 14 May 2018 10:51:34 +0800 Subject: [PATCH] Btrfs: send, fix invalid access to commit roots due to concurrent snapshotting [BUG] btrfs incremental send BUG happens when creating a snapshot of snapshot that is being used by send. [REASON] The problem can happen if while we are doing a send one of the snapshots used (parent or send) is snapshotted, because snapshoting implies COWing the root of the source subvolume/snapshot. 1. When doing an incremental send, the send process will get the commit roots from the parent and send snapshots, and add references to them through extent_buffer_get(). 2. When a snapshot/subvolume is snapshotted, its root node is COWed (transaction.c:create_pending_snapshot()). 3. COWing releases the space used by the node immediately, through: __btrfs_cow_block() --btrfs_free_tree_block() ----btrfs_add_free_space(bytenr of node) 4. Because send doesn't hold a transaction open, it's possible that the transaction used to create the snapshot commits, switches the commit root and the old space used by the previous root node gets assigned to some other node allocation. Allocation of a new node will use the existing extent buffer found in memory, which we previously got a reference through extent_buffer_get(), and allow the extent buffer's content (pages) to be modified: btrfs_alloc_tree_block --btrfs_reserve_extent ----find_free_extent (get bytenr of old node) --btrfs_init_new_buffer (use bytenr of old node) ----btrfs_find_create_tree_block ------alloc_extent_buffer --------find_extent_buffer (get old node) 5. So send can access invalid memory content and have unpredictable behaviour. [FIX] So we fix the problem by copying the commit roots of the send and parent snapshots and use those copies. CallTrace looks like this: ------------[ cut here ]------------ kernel BUG at fs/btrfs/ctree.c:1861! invalid opcode: 0000 [#1] SMP CPU: 6 PID: 24235 Comm: btrfs Tainted: P O 3.10.105 #23721 ffff88046652d680 ti: ffff88041b720000 task.ti: ffff88041b720000 RIP: 0010:[<ffffffffa08dd0e8>] read_node_slot+0x108/0x110 [btrfs] RSP: 0018:ffff88041b723b68 EFLAGS: 00010246 RAX: ffff88043ca6b000 RBX: ffff88041b723c50 RCX: ffff880000000000 RDX: 000000000000004c RSI: ffff880314b133f8 RDI: ffff880458b24000 RBP: 0000000000000000 R08: 0000000000000001 R09: ffff88041b723c66 R10: 0000000000000001 R11: 0000000000001000 R12: ffff8803f3e48890 R13: ffff8803f3e48880 R14: ffff880466351800 R15: 0000000000000001 FS: 00007f8c321dc8c0(0000) GS:ffff88047fcc0000(0000) CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 R2: 00007efd1006d000 CR3: 0000000213a24000 CR4: 00000000003407e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Stack: ffff88041b723c50 ffff8803f3e48880 ffff8803f3e48890 ffff8803f3e48880 ffff880466351800 0000000000000001 ffffffffa08dd9d7 ffff88041b723c50 ffff8803f3e48880 ffff88041b723c66 ffffffffa08dde85 a9ff88042d2c4400 Call Trace: [<ffffffffa08dd9d7>] ? tree_move_down.isra.33+0x27/0x50 [btrfs] [<ffffffffa08dde85>] ? tree_advance+0xb5/0xc0 [btrfs] [<ffffffffa08e83d4>] ? btrfs_compare_trees+0x2d4/0x760 [btrfs] [<ffffffffa0982050>] ? finish_inode_if_needed+0x870/0x870 [btrfs] [<ffffffffa09841ea>] ? btrfs_ioctl_send+0xeda/0x1050 [btrfs] [<ffffffffa094bd3d>] ? btrfs_ioctl+0x1e3d/0x33f0 [btrfs] [<ffffffff81111133>] ? handle_pte_fault+0x373/0x990 [<ffffffff8153a096>] ? atomic_notifier_call_chain+0x16/0x20 [<ffffffff81063256>] ? set_task_cpu+0xb6/0x1d0 [<ffffffff811122c3>] ? handle_mm_fault+0x143/0x2a0 [<ffffffff81539cc0>] ? __do_page_fault+0x1d0/0x500 [<ffffffff81062f07>] ? check_preempt_curr+0x57/0x90 [<ffffffff8115075a>] ? do_vfs_ioctl+0x4aa/0x990 [<ffffffff81034f83>] ? do_fork+0x113/0x3b0 [<ffffffff812dd7d7>] ? trace_hardirqs_off_thunk+0x3a/0x6c [<ffffffff81150cc8>] ? SyS_ioctl+0x88/0xa0 [<ffffffff8153e422>] ? system_call_fastpath+0x16/0x1b ---[ end trace 29576629ee80b2e1 ]--- Fixes: 7069830a9e38 ("Btrfs: add btrfs_compare_trees function") CC: stable(a)vger.kernel.org # 3.6+ Signed-off-by: Robbie Ko <robbieko(a)synology.com> Reviewed-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c index 3fd44835b386..63488f0b850f 100644 --- a/fs/btrfs/ctree.c +++ b/fs/btrfs/ctree.c @@ -5414,12 +5414,24 @@ int btrfs_compare_trees(struct btrfs_root *left_root, down_read(&fs_info->commit_root_sem); left_level = btrfs_header_level(left_root->commit_root); left_root_level = left_level; - left_path->nodes[left_level] = left_root->commit_root; + left_path->nodes[left_level] = + btrfs_clone_extent_buffer(left_root->commit_root); + if (!left_path->nodes[left_level]) { + up_read(&fs_info->commit_root_sem); + ret = -ENOMEM; + goto out; + } extent_buffer_get(left_path->nodes[left_level]); right_level = btrfs_header_level(right_root->commit_root); right_root_level = right_level; - right_path->nodes[right_level] = right_root->commit_root; + right_path->nodes[right_level] = + btrfs_clone_extent_buffer(right_root->commit_root); + if (!right_path->nodes[right_level]) { + up_read(&fs_info->commit_root_sem); + ret = -ENOMEM; + goto out; + } extent_buffer_get(right_path->nodes[right_level]); up_read(&fs_info->commit_root_sem);

7 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: fix reading stale metadata blocks after degraded raid1" failed to apply to 3.18-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 3.18-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 02a3307aa9c20b4f6626255b028f07f6cfa16feb Mon Sep 17 00:00:00 2001 From: Liu Bo <bo.liu(a)linux.alibaba.com> Date: Wed, 16 May 2018 01:37:36 +0800 Subject: [PATCH] btrfs: fix reading stale metadata blocks after degraded raid1 mounts If a btree block, aka. extent buffer, is not available in the extent buffer cache, it'll be read out from the disk instead, i.e. btrfs_search_slot() read_block_for_search() # hold parent and its lock, go to read child btrfs_release_path() read_tree_block() # read child Unfortunately, the parent lock got released before reading child, so commit 5bdd3536cbbe ("Btrfs: Fix block generation verification race") had used 0 as parent transid to read the child block. It forces read_tree_block() not to check if parent transid is different with the generation id of the child that it reads out from disk. A simple PoC is included in btrfs/124, 0. A two-disk raid1 btrfs, 1. Right after mkfs.btrfs, block A is allocated to be device tree's root. 2. Mount this filesystem and put it in use, after a while, device tree's root got COW but block A hasn't been allocated/overwritten yet. 3. Umount it and reload the btrfs module to remove both disks from the global @fs_devices list. 4. mount -odegraded dev1 and write some data, so now block A is allocated to be a leaf in checksum tree. Note that only dev1 has the latest metadata of this filesystem. 5. Umount it and mount it again normally (with both disks), since raid1 can pick up one disk by the writer task's pid, if btrfs_search_slot() needs to read block A, dev2 which does NOT have the latest metadata might be read for block A, then we got a stale block A. 6. As parent transid is not checked, block A is marked as uptodate and put into the extent buffer cache, so the future search won't bother to read disk again, which means it'll make changes on this stale one and make it dirty and flush it onto disk. To avoid the problem, parent transid needs to be passed to read_tree_block(). In order to get a valid parent transid, we need to hold the parent's lock until finishing reading child. This patch needs to be slightly adapted for stable kernels, the &first_key parameter added to read_tree_block() is from 4.16+ (581c1760415c4). The fix is to replace 0 by 'gen'. Fixes: 5bdd3536cbbe ("Btrfs: Fix block generation verification race") CC: stable(a)vger.kernel.org # 4.4+ Signed-off-by: Liu Bo <bo.liu(a)linux.alibaba.com> Reviewed-by: Filipe Manana <fdmanana(a)suse.com> Reviewed-by: Qu Wenruo <wqu(a)suse.com> [ update changelog ] Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c index 63488f0b850f..8c68961925b1 100644 --- a/fs/btrfs/ctree.c +++ b/fs/btrfs/ctree.c @@ -2436,10 +2436,8 @@ read_block_for_search(struct btrfs_root *root, struct btrfs_path *p, if (p->reada != READA_NONE) reada_for_search(fs_info, p, level, slot, key->objectid); - btrfs_release_path(p); - ret = -EAGAIN; - tmp = read_tree_block(fs_info, blocknr, 0, parent_level - 1, + tmp = read_tree_block(fs_info, blocknr, gen, parent_level - 1, &first_key); if (!IS_ERR(tmp)) { /* @@ -2454,6 +2452,8 @@ read_block_for_search(struct btrfs_root *root, struct btrfs_path *p, } else { ret = PTR_ERR(tmp); } + + btrfs_release_path(p); return ret; }

7 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: fix reading stale metadata blocks after degraded raid1" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 02a3307aa9c20b4f6626255b028f07f6cfa16feb Mon Sep 17 00:00:00 2001 From: Liu Bo <bo.liu(a)linux.alibaba.com> Date: Wed, 16 May 2018 01:37:36 +0800 Subject: [PATCH] btrfs: fix reading stale metadata blocks after degraded raid1 mounts If a btree block, aka. extent buffer, is not available in the extent buffer cache, it'll be read out from the disk instead, i.e. btrfs_search_slot() read_block_for_search() # hold parent and its lock, go to read child btrfs_release_path() read_tree_block() # read child Unfortunately, the parent lock got released before reading child, so commit 5bdd3536cbbe ("Btrfs: Fix block generation verification race") had used 0 as parent transid to read the child block. It forces read_tree_block() not to check if parent transid is different with the generation id of the child that it reads out from disk. A simple PoC is included in btrfs/124, 0. A two-disk raid1 btrfs, 1. Right after mkfs.btrfs, block A is allocated to be device tree's root. 2. Mount this filesystem and put it in use, after a while, device tree's root got COW but block A hasn't been allocated/overwritten yet. 3. Umount it and reload the btrfs module to remove both disks from the global @fs_devices list. 4. mount -odegraded dev1 and write some data, so now block A is allocated to be a leaf in checksum tree. Note that only dev1 has the latest metadata of this filesystem. 5. Umount it and mount it again normally (with both disks), since raid1 can pick up one disk by the writer task's pid, if btrfs_search_slot() needs to read block A, dev2 which does NOT have the latest metadata might be read for block A, then we got a stale block A. 6. As parent transid is not checked, block A is marked as uptodate and put into the extent buffer cache, so the future search won't bother to read disk again, which means it'll make changes on this stale one and make it dirty and flush it onto disk. To avoid the problem, parent transid needs to be passed to read_tree_block(). In order to get a valid parent transid, we need to hold the parent's lock until finishing reading child. This patch needs to be slightly adapted for stable kernels, the &first_key parameter added to read_tree_block() is from 4.16+ (581c1760415c4). The fix is to replace 0 by 'gen'. Fixes: 5bdd3536cbbe ("Btrfs: Fix block generation verification race") CC: stable(a)vger.kernel.org # 4.4+ Signed-off-by: Liu Bo <bo.liu(a)linux.alibaba.com> Reviewed-by: Filipe Manana <fdmanana(a)suse.com> Reviewed-by: Qu Wenruo <wqu(a)suse.com> [ update changelog ] Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c index 63488f0b850f..8c68961925b1 100644 --- a/fs/btrfs/ctree.c +++ b/fs/btrfs/ctree.c @@ -2436,10 +2436,8 @@ read_block_for_search(struct btrfs_root *root, struct btrfs_path *p, if (p->reada != READA_NONE) reada_for_search(fs_info, p, level, slot, key->objectid); - btrfs_release_path(p); - ret = -EAGAIN; - tmp = read_tree_block(fs_info, blocknr, 0, parent_level - 1, + tmp = read_tree_block(fs_info, blocknr, gen, parent_level - 1, &first_key); if (!IS_ERR(tmp)) { /* @@ -2454,6 +2452,8 @@ read_block_for_search(struct btrfs_root *root, struct btrfs_path *p, } else { ret = PTR_ERR(tmp); } + + btrfs_release_path(p); return ret; }

7 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: fix reading stale metadata blocks after degraded raid1" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 02a3307aa9c20b4f6626255b028f07f6cfa16feb Mon Sep 17 00:00:00 2001 From: Liu Bo <bo.liu(a)linux.alibaba.com> Date: Wed, 16 May 2018 01:37:36 +0800 Subject: [PATCH] btrfs: fix reading stale metadata blocks after degraded raid1 mounts If a btree block, aka. extent buffer, is not available in the extent buffer cache, it'll be read out from the disk instead, i.e. btrfs_search_slot() read_block_for_search() # hold parent and its lock, go to read child btrfs_release_path() read_tree_block() # read child Unfortunately, the parent lock got released before reading child, so commit 5bdd3536cbbe ("Btrfs: Fix block generation verification race") had used 0 as parent transid to read the child block. It forces read_tree_block() not to check if parent transid is different with the generation id of the child that it reads out from disk. A simple PoC is included in btrfs/124, 0. A two-disk raid1 btrfs, 1. Right after mkfs.btrfs, block A is allocated to be device tree's root. 2. Mount this filesystem and put it in use, after a while, device tree's root got COW but block A hasn't been allocated/overwritten yet. 3. Umount it and reload the btrfs module to remove both disks from the global @fs_devices list. 4. mount -odegraded dev1 and write some data, so now block A is allocated to be a leaf in checksum tree. Note that only dev1 has the latest metadata of this filesystem. 5. Umount it and mount it again normally (with both disks), since raid1 can pick up one disk by the writer task's pid, if btrfs_search_slot() needs to read block A, dev2 which does NOT have the latest metadata might be read for block A, then we got a stale block A. 6. As parent transid is not checked, block A is marked as uptodate and put into the extent buffer cache, so the future search won't bother to read disk again, which means it'll make changes on this stale one and make it dirty and flush it onto disk. To avoid the problem, parent transid needs to be passed to read_tree_block(). In order to get a valid parent transid, we need to hold the parent's lock until finishing reading child. This patch needs to be slightly adapted for stable kernels, the &first_key parameter added to read_tree_block() is from 4.16+ (581c1760415c4). The fix is to replace 0 by 'gen'. Fixes: 5bdd3536cbbe ("Btrfs: Fix block generation verification race") CC: stable(a)vger.kernel.org # 4.4+ Signed-off-by: Liu Bo <bo.liu(a)linux.alibaba.com> Reviewed-by: Filipe Manana <fdmanana(a)suse.com> Reviewed-by: Qu Wenruo <wqu(a)suse.com> [ update changelog ] Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c index 63488f0b850f..8c68961925b1 100644 --- a/fs/btrfs/ctree.c +++ b/fs/btrfs/ctree.c @@ -2436,10 +2436,8 @@ read_block_for_search(struct btrfs_root *root, struct btrfs_path *p, if (p->reada != READA_NONE) reada_for_search(fs_info, p, level, slot, key->objectid); - btrfs_release_path(p); - ret = -EAGAIN; - tmp = read_tree_block(fs_info, blocknr, 0, parent_level - 1, + tmp = read_tree_block(fs_info, blocknr, gen, parent_level - 1, &first_key); if (!IS_ERR(tmp)) { /* @@ -2454,6 +2452,8 @@ read_block_for_search(struct btrfs_root *root, struct btrfs_path *p, } else { ret = PTR_ERR(tmp); } + + btrfs_release_path(p); return ret; }

7 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: fix reading stale metadata blocks after degraded raid1" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 02a3307aa9c20b4f6626255b028f07f6cfa16feb Mon Sep 17 00:00:00 2001 From: Liu Bo <bo.liu(a)linux.alibaba.com> Date: Wed, 16 May 2018 01:37:36 +0800 Subject: [PATCH] btrfs: fix reading stale metadata blocks after degraded raid1 mounts If a btree block, aka. extent buffer, is not available in the extent buffer cache, it'll be read out from the disk instead, i.e. btrfs_search_slot() read_block_for_search() # hold parent and its lock, go to read child btrfs_release_path() read_tree_block() # read child Unfortunately, the parent lock got released before reading child, so commit 5bdd3536cbbe ("Btrfs: Fix block generation verification race") had used 0 as parent transid to read the child block. It forces read_tree_block() not to check if parent transid is different with the generation id of the child that it reads out from disk. A simple PoC is included in btrfs/124, 0. A two-disk raid1 btrfs, 1. Right after mkfs.btrfs, block A is allocated to be device tree's root. 2. Mount this filesystem and put it in use, after a while, device tree's root got COW but block A hasn't been allocated/overwritten yet. 3. Umount it and reload the btrfs module to remove both disks from the global @fs_devices list. 4. mount -odegraded dev1 and write some data, so now block A is allocated to be a leaf in checksum tree. Note that only dev1 has the latest metadata of this filesystem. 5. Umount it and mount it again normally (with both disks), since raid1 can pick up one disk by the writer task's pid, if btrfs_search_slot() needs to read block A, dev2 which does NOT have the latest metadata might be read for block A, then we got a stale block A. 6. As parent transid is not checked, block A is marked as uptodate and put into the extent buffer cache, so the future search won't bother to read disk again, which means it'll make changes on this stale one and make it dirty and flush it onto disk. To avoid the problem, parent transid needs to be passed to read_tree_block(). In order to get a valid parent transid, we need to hold the parent's lock until finishing reading child. This patch needs to be slightly adapted for stable kernels, the &first_key parameter added to read_tree_block() is from 4.16+ (581c1760415c4). The fix is to replace 0 by 'gen'. Fixes: 5bdd3536cbbe ("Btrfs: Fix block generation verification race") CC: stable(a)vger.kernel.org # 4.4+ Signed-off-by: Liu Bo <bo.liu(a)linux.alibaba.com> Reviewed-by: Filipe Manana <fdmanana(a)suse.com> Reviewed-by: Qu Wenruo <wqu(a)suse.com> [ update changelog ] Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c index 63488f0b850f..8c68961925b1 100644 --- a/fs/btrfs/ctree.c +++ b/fs/btrfs/ctree.c @@ -2436,10 +2436,8 @@ read_block_for_search(struct btrfs_root *root, struct btrfs_path *p, if (p->reada != READA_NONE) reada_for_search(fs_info, p, level, slot, key->objectid); - btrfs_release_path(p); - ret = -EAGAIN; - tmp = read_tree_block(fs_info, blocknr, 0, parent_level - 1, + tmp = read_tree_block(fs_info, blocknr, gen, parent_level - 1, &first_key); if (!IS_ERR(tmp)) { /* @@ -2454,6 +2452,8 @@ read_block_for_search(struct btrfs_root *root, struct btrfs_path *p, } else { ret = PTR_ERR(tmp); } + + btrfs_release_path(p); return ret; }

7 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: fix reading stale metadata blocks after degraded raid1" failed to apply to 4.16-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.16-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 02a3307aa9c20b4f6626255b028f07f6cfa16feb Mon Sep 17 00:00:00 2001 From: Liu Bo <bo.liu(a)linux.alibaba.com> Date: Wed, 16 May 2018 01:37:36 +0800 Subject: [PATCH] btrfs: fix reading stale metadata blocks after degraded raid1 mounts If a btree block, aka. extent buffer, is not available in the extent buffer cache, it'll be read out from the disk instead, i.e. btrfs_search_slot() read_block_for_search() # hold parent and its lock, go to read child btrfs_release_path() read_tree_block() # read child Unfortunately, the parent lock got released before reading child, so commit 5bdd3536cbbe ("Btrfs: Fix block generation verification race") had used 0 as parent transid to read the child block. It forces read_tree_block() not to check if parent transid is different with the generation id of the child that it reads out from disk. A simple PoC is included in btrfs/124, 0. A two-disk raid1 btrfs, 1. Right after mkfs.btrfs, block A is allocated to be device tree's root. 2. Mount this filesystem and put it in use, after a while, device tree's root got COW but block A hasn't been allocated/overwritten yet. 3. Umount it and reload the btrfs module to remove both disks from the global @fs_devices list. 4. mount -odegraded dev1 and write some data, so now block A is allocated to be a leaf in checksum tree. Note that only dev1 has the latest metadata of this filesystem. 5. Umount it and mount it again normally (with both disks), since raid1 can pick up one disk by the writer task's pid, if btrfs_search_slot() needs to read block A, dev2 which does NOT have the latest metadata might be read for block A, then we got a stale block A. 6. As parent transid is not checked, block A is marked as uptodate and put into the extent buffer cache, so the future search won't bother to read disk again, which means it'll make changes on this stale one and make it dirty and flush it onto disk. To avoid the problem, parent transid needs to be passed to read_tree_block(). In order to get a valid parent transid, we need to hold the parent's lock until finishing reading child. This patch needs to be slightly adapted for stable kernels, the &first_key parameter added to read_tree_block() is from 4.16+ (581c1760415c4). The fix is to replace 0 by 'gen'. Fixes: 5bdd3536cbbe ("Btrfs: Fix block generation verification race") CC: stable(a)vger.kernel.org # 4.4+ Signed-off-by: Liu Bo <bo.liu(a)linux.alibaba.com> Reviewed-by: Filipe Manana <fdmanana(a)suse.com> Reviewed-by: Qu Wenruo <wqu(a)suse.com> [ update changelog ] Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c index 63488f0b850f..8c68961925b1 100644 --- a/fs/btrfs/ctree.c +++ b/fs/btrfs/ctree.c @@ -2436,10 +2436,8 @@ read_block_for_search(struct btrfs_root *root, struct btrfs_path *p, if (p->reada != READA_NONE) reada_for_search(fs_info, p, level, slot, key->objectid); - btrfs_release_path(p); - ret = -EAGAIN; - tmp = read_tree_block(fs_info, blocknr, 0, parent_level - 1, + tmp = read_tree_block(fs_info, blocknr, gen, parent_level - 1, &first_key); if (!IS_ERR(tmp)) { /* @@ -2454,6 +2452,8 @@ read_block_for_search(struct btrfs_root *root, struct btrfs_path *p, } else { ret = PTR_ERR(tmp); } + + btrfs_release_path(p); return ret; }

7 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] Btrfs: fix duplicate extents after fsync of file with" failed to apply to 3.18-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 3.18-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 31d11b83b96faaee4bb514d375a09489117c3e8d Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Wed, 9 May 2018 16:01:46 +0100 Subject: [PATCH] Btrfs: fix duplicate extents after fsync of file with prealloc extents In commit 471d557afed1 ("Btrfs: fix loss of prealloc extents past i_size after fsync log replay"), on fsync, we started to always log all prealloc extents beyond an inode's i_size in order to avoid losing them after a power failure. However under some cases this can lead to the log replay code to create duplicate extent items, with different lengths, in the extent tree. That happens because, as of that commit, we can now log extent items based on extent maps that are not on the "modified" list of extent maps of the inode's extent map tree. Logging extent items based on extent maps is used during the fast fsync path to save time and for this to work reliably it requires that the extent maps are not merged with other adjacent extent maps - having the extent maps in the list of modified extents gives such guarantee. Consider the following example, captured during a long run of fsstress, which illustrates this problem. We have inode 271, in the filesystem tree (root 5), for which all of the following operations and discussion apply to. A buffered write starts at offset 312391 with a length of 933471 bytes (end offset at 1245862). At this point we have, for this inode, the following extent maps with the their field values: em A, start 0, orig_start 0, len 40960, block_start 18446744073709551613, block_len 0, orig_block_len 0 em B, start 40960, orig_start 40960, len 376832, block_start 1106399232, block_len 376832, orig_block_len 376832 em C, start 417792, orig_start 417792, len 782336, block_start 18446744073709551613, block_len 0, orig_block_len 0 em D, start 1200128, orig_start 1200128, len 835584, block_start 1106776064, block_len 835584, orig_block_len 835584 em E, start 2035712, orig_start 2035712, len 245760, block_start 1107611648, block_len 245760, orig_block_len 245760 Extent map A corresponds to a hole and extent maps D and E correspond to preallocated extents. Extent map D ends where extent map E begins (1106776064 + 835584 = 1107611648), but these extent maps were not merged because they are in the inode's list of modified extent maps. An fsync against this inode is made, which triggers the fast path (BTRFS_INODE_NEEDS_FULL_SYNC is not set). This fsync triggers writeback of the data previously written using buffered IO, and when the respective ordered extent finishes, btrfs_drop_extents() is called against the (aligned) range 311296..1249279. This causes a split of extent map D at btrfs_drop_extent_cache(), replacing extent map D with a new extent map D', also added to the list of modified extents, with the following values: em D', start 1249280, orig_start of 1200128, block_start 1106825216 (= 1106776064 + 1249280 - 1200128), orig_block_len 835584, block_len 786432 (835584 - (1249280 - 1200128)) Then, during the fast fsync, btrfs_log_changed_extents() is called and extent maps D' and E are removed from the list of modified extents. The flag EXTENT_FLAG_LOGGING is also set on them. After the extents are logged clear_em_logging() is called on each of them, and that makes extent map E to be merged with extent map D' (try_merge_map()), resulting in D' being deleted and E adjusted to: em E, start 1249280, orig_start 1200128, len 1032192, block_start 1106825216, block_len 1032192, orig_block_len 245760 A direct IO write at offset 1847296 and length of 360448 bytes (end offset at 2207744) starts, and at that moment the following extent maps exist for our inode: em A, start 0, orig_start 0, len 40960, block_start 18446744073709551613, block_len 0, orig_block_len 0 em B, start 40960, orig_start 40960, len 270336, block_start 1106399232, block_len 270336, orig_block_len 376832 em C, start 311296, orig_start 311296, len 937984, block_start 1112842240, block_len 937984, orig_block_len 937984 em E (prealloc), start 1249280, orig_start 1200128, len 1032192, block_start 1106825216, block_len 1032192, orig_block_len 245760 The dio write results in drop_extent_cache() being called twice. The first time for a range that starts at offset 1847296 and ends at offset 2035711 (length of 188416), which results in a double split of extent map E, replacing it with two new extent maps: em F, start 1249280, orig_start 1200128, block_start 1106825216, block_len 598016, orig_block_len 598016 em G, start 2035712, orig_start 1200128, block_start 1107611648, block_len 245760, orig_block_len 1032192 It also creates a new extent map that represents a part of the requested IO (through create_io_em()): em H, start 1847296, len 188416, block_start 1107423232, block_len 188416 The second call to drop_extent_cache() has a range with a start offset of 2035712 and end offset of 2207743 (length of 172032). This leads to replacing extent map G with a new extent map I with the following values: em I, start 2207744, orig_start 1200128, block_start 1107783680, block_len 73728, orig_block_len 1032192 It also creates a new extent map that represents the second part of the requested IO (through create_io_em()): em J, start 2035712, len 172032, block_start 1107611648, block_len 172032 The dio write set the inode's i_size to 2207744 bytes. After the dio write the inode has the following extent maps: em A, start 0, orig_start 0, len 40960, block_start 18446744073709551613, block_len 0, orig_block_len 0 em B, start 40960, orig_start 40960, len 270336, block_start 1106399232, block_len 270336, orig_block_len 376832 em C, start 311296, orig_start 311296, len 937984, block_start 1112842240, block_len 937984, orig_block_len 937984 em F, start 1249280, orig_start 1200128, len 598016, block_start 1106825216, block_len 598016, orig_block_len 598016 em H, start 1847296, orig_start 1200128, len 188416, block_start 1107423232, block_len 188416, orig_block_len 835584 em J, start 2035712, orig_start 2035712, len 172032, block_start 1107611648, block_len 172032, orig_block_len 245760 em I, start 2207744, orig_start 1200128, len 73728, block_start 1107783680, block_len 73728, orig_block_len 1032192 Now do some change to the file, like adding a xattr for example and then fsync it again. This triggers a fast fsync path, and as of commit 471d557afed1 ("Btrfs: fix loss of prealloc extents past i_size after fsync log replay"), we use the extent map I to log a file extent item because it's a prealloc extent and it starts at an offset matching the inode's i_size. However when we log it, we create a file extent item with a value for the disk byte location that is wrong, as can be seen from the following output of "btrfs inspect-internal dump-tree": item 1 key (271 EXTENT_DATA 2207744) itemoff 3782 itemsize 53 generation 22 type 2 (prealloc) prealloc data disk byte 1106776064 nr 1032192 prealloc data offset 1007616 nr 73728 Here the disk byte value corresponds to calculation based on some fields from the extent map I: 1106776064 = block_start (1107783680) - 1007616 (extent_offset) extent_offset = 2207744 (start) - 1200128 (orig_start) = 1007616 The disk byte value of 1106776064 clashes with disk byte values of the file extent items at offsets 1249280 and 1847296 in the fs tree: item 6 key (271 EXTENT_DATA 1249280) itemoff 3568 itemsize 53 generation 20 type 2 (prealloc) prealloc data disk byte 1106776064 nr 835584 prealloc data offset 49152 nr 598016 item 7 key (271 EXTENT_DATA 1847296) itemoff 3515 itemsize 53 generation 20 type 1 (regular) extent data disk byte 1106776064 nr 835584 extent data offset 647168 nr 188416 ram 835584 extent compression 0 (none) item 8 key (271 EXTENT_DATA 2035712) itemoff 3462 itemsize 53 generation 20 type 1 (regular) extent data disk byte 1107611648 nr 245760 extent data offset 0 nr 172032 ram 245760 extent compression 0 (none) item 9 key (271 EXTENT_DATA 2207744) itemoff 3409 itemsize 53 generation 20 type 2 (prealloc) prealloc data disk byte 1107611648 nr 245760 prealloc data offset 172032 nr 73728 Instead of the disk byte value of 1106776064, the value of 1107611648 should have been logged. Also the data offset value should have been 172032 and not 1007616. After a log replay we end up getting two extent items in the extent tree with different lengths, one of 835584, which is correct and existed before the log replay, and another one of 1032192 which is wrong and is based on the logged file extent item: item 12 key (1106776064 EXTENT_ITEM 835584) itemoff 3406 itemsize 53 refs 2 gen 15 flags DATA extent data backref root 5 objectid 271 offset 1200128 count 2 item 13 key (1106776064 EXTENT_ITEM 1032192) itemoff 3353 itemsize 53 refs 1 gen 22 flags DATA extent data backref root 5 objectid 271 offset 1200128 count 1 Obviously this leads to many problems and a filesystem check reports many errors: (...) checking extents Extent back ref already exists for 1106776064 parent 0 root 5 owner 271 offset 1200128 num_refs 1 extent item 1106776064 has multiple extent items ref mismatch on [1106776064 835584] extent item 2, found 3 Incorrect local backref count on 1106776064 root 5 owner 271 offset 1200128 found 2 wanted 1 back 0x55b1d0ad7680 Backref 1106776064 root 5 owner 271 offset 1200128 num_refs 0 not found in extent tree Incorrect local backref count on 1106776064 root 5 owner 271 offset 1200128 found 1 wanted 0 back 0x55b1d0ad4e70 Backref bytes do not match extent backref, bytenr=1106776064, ref bytes=835584, backref bytes=1032192 backpointer mismatch on [1106776064 835584] checking free space cache block group 1103101952 has wrong amount of free space failed to load free space cache for block group 1103101952 checking fs roots (...) So fix this by logging the prealloc extents beyond the inode's i_size based on searches in the subvolume tree instead of the extent maps. Fixes: 471d557afed1 ("Btrfs: fix loss of prealloc extents past i_size after fsync log replay") CC: stable(a)vger.kernel.org # 4.14+ Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c index c1509547c762..8f23a94dab77 100644 --- a/fs/btrfs/tree-log.c +++ b/fs/btrfs/tree-log.c @@ -4320,6 +4320,110 @@ static int log_one_extent(struct btrfs_trans_handle *trans, return ret; } +/* + * Log all prealloc extents beyond the inode's i_size to make sure we do not + * lose them after doing a fast fsync and replaying the log. We scan the + * subvolume's root instead of iterating the inode's extent map tree because + * otherwise we can log incorrect extent items based on extent map conversion. + * That can happen due to the fact that extent maps are merged when they + * are not in the extent map tree's list of modified extents. + */ +static int btrfs_log_prealloc_extents(struct btrfs_trans_handle *trans, + struct btrfs_inode *inode, + struct btrfs_path *path) +{ + struct btrfs_root *root = inode->root; + struct btrfs_key key; + const u64 i_size = i_size_read(&inode->vfs_inode); + const u64 ino = btrfs_ino(inode); + struct btrfs_path *dst_path = NULL; + u64 last_extent = (u64)-1; + int ins_nr = 0; + int start_slot; + int ret; + + if (!(inode->flags & BTRFS_INODE_PREALLOC)) + return 0; + + key.objectid = ino; + key.type = BTRFS_EXTENT_DATA_KEY; + key.offset = i_size; + ret = btrfs_search_slot(NULL, root, &key, path, 0, 0); + if (ret < 0) + goto out; + + while (true) { + struct extent_buffer *leaf = path->nodes[0]; + int slot = path->slots[0]; + + if (slot >= btrfs_header_nritems(leaf)) { + if (ins_nr > 0) { + ret = copy_items(trans, inode, dst_path, path, + &last_extent, start_slot, + ins_nr, 1, 0); + if (ret < 0) + goto out; + ins_nr = 0; + } + ret = btrfs_next_leaf(root, path); + if (ret < 0) + goto out; + if (ret > 0) { + ret = 0; + break; + } + continue; + } + + btrfs_item_key_to_cpu(leaf, &key, slot); + if (key.objectid > ino) + break; + if (WARN_ON_ONCE(key.objectid < ino) || + key.type < BTRFS_EXTENT_DATA_KEY || + key.offset < i_size) { + path->slots[0]++; + continue; + } + if (last_extent == (u64)-1) { + last_extent = key.offset; + /* + * Avoid logging extent items logged in past fsync calls + * and leading to duplicate keys in the log tree. + */ + do { + ret = btrfs_truncate_inode_items(trans, + root->log_root, + &inode->vfs_inode, + i_size, + BTRFS_EXTENT_DATA_KEY); + } while (ret == -EAGAIN); + if (ret) + goto out; + } + if (ins_nr == 0) + start_slot = slot; + ins_nr++; + path->slots[0]++; + if (!dst_path) { + dst_path = btrfs_alloc_path(); + if (!dst_path) { + ret = -ENOMEM; + goto out; + } + } + } + if (ins_nr > 0) { + ret = copy_items(trans, inode, dst_path, path, &last_extent, + start_slot, ins_nr, 1, 0); + if (ret > 0) + ret = 0; + } +out: + btrfs_release_path(path); + btrfs_free_path(dst_path); + return ret; +} + static int btrfs_log_changed_extents(struct btrfs_trans_handle *trans, struct btrfs_root *root, struct btrfs_inode *inode, @@ -4362,6 +4466,11 @@ static int btrfs_log_changed_extents(struct btrfs_trans_handle *trans, if (em->generation <= test_gen) continue; + /* We log prealloc extents beyond eof later. */ + if (test_bit(EXTENT_FLAG_PREALLOC, &em->flags) && + em->start >= i_size_read(&inode->vfs_inode)) + continue; + if (em->start < logged_start) logged_start = em->start; if ((em->start + em->len - 1) > logged_end) @@ -4374,31 +4483,6 @@ static int btrfs_log_changed_extents(struct btrfs_trans_handle *trans, num++; } - /* - * Add all prealloc extents beyond the inode's i_size to make sure we - * don't lose them after doing a fast fsync and replaying the log. - */ - if (inode->flags & BTRFS_INODE_PREALLOC) { - struct rb_node *node; - - for (node = rb_last(&tree->map); node; node = rb_prev(node)) { - em = rb_entry(node, struct extent_map, rb_node); - if (em->start < i_size_read(&inode->vfs_inode)) - break; - if (!list_empty(&em->list)) - continue; - /* Same as above loop. */ - if (++num > 32768) { - list_del_init(&tree->modified_extents); - ret = -EFBIG; - goto process; - } - refcount_inc(&em->refs); - set_bit(EXTENT_FLAG_LOGGING, &em->flags); - list_add_tail(&em->list, &extents); - } - } - list_sort(NULL, &extents, extent_cmp); btrfs_get_logged_extents(inode, logged_list, logged_start, logged_end); /* @@ -4443,6 +4527,9 @@ static int btrfs_log_changed_extents(struct btrfs_trans_handle *trans, up_write(&inode->dio_sem); btrfs_release_path(path); + if (!ret) + ret = btrfs_log_prealloc_extents(trans, inode, path); + return ret; }

7 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] Btrfs: fix duplicate extents after fsync of file with" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 31d11b83b96faaee4bb514d375a09489117c3e8d Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Wed, 9 May 2018 16:01:46 +0100 Subject: [PATCH] Btrfs: fix duplicate extents after fsync of file with prealloc extents In commit 471d557afed1 ("Btrfs: fix loss of prealloc extents past i_size after fsync log replay"), on fsync, we started to always log all prealloc extents beyond an inode's i_size in order to avoid losing them after a power failure. However under some cases this can lead to the log replay code to create duplicate extent items, with different lengths, in the extent tree. That happens because, as of that commit, we can now log extent items based on extent maps that are not on the "modified" list of extent maps of the inode's extent map tree. Logging extent items based on extent maps is used during the fast fsync path to save time and for this to work reliably it requires that the extent maps are not merged with other adjacent extent maps - having the extent maps in the list of modified extents gives such guarantee. Consider the following example, captured during a long run of fsstress, which illustrates this problem. We have inode 271, in the filesystem tree (root 5), for which all of the following operations and discussion apply to. A buffered write starts at offset 312391 with a length of 933471 bytes (end offset at 1245862). At this point we have, for this inode, the following extent maps with the their field values: em A, start 0, orig_start 0, len 40960, block_start 18446744073709551613, block_len 0, orig_block_len 0 em B, start 40960, orig_start 40960, len 376832, block_start 1106399232, block_len 376832, orig_block_len 376832 em C, start 417792, orig_start 417792, len 782336, block_start 18446744073709551613, block_len 0, orig_block_len 0 em D, start 1200128, orig_start 1200128, len 835584, block_start 1106776064, block_len 835584, orig_block_len 835584 em E, start 2035712, orig_start 2035712, len 245760, block_start 1107611648, block_len 245760, orig_block_len 245760 Extent map A corresponds to a hole and extent maps D and E correspond to preallocated extents. Extent map D ends where extent map E begins (1106776064 + 835584 = 1107611648), but these extent maps were not merged because they are in the inode's list of modified extent maps. An fsync against this inode is made, which triggers the fast path (BTRFS_INODE_NEEDS_FULL_SYNC is not set). This fsync triggers writeback of the data previously written using buffered IO, and when the respective ordered extent finishes, btrfs_drop_extents() is called against the (aligned) range 311296..1249279. This causes a split of extent map D at btrfs_drop_extent_cache(), replacing extent map D with a new extent map D', also added to the list of modified extents, with the following values: em D', start 1249280, orig_start of 1200128, block_start 1106825216 (= 1106776064 + 1249280 - 1200128), orig_block_len 835584, block_len 786432 (835584 - (1249280 - 1200128)) Then, during the fast fsync, btrfs_log_changed_extents() is called and extent maps D' and E are removed from the list of modified extents. The flag EXTENT_FLAG_LOGGING is also set on them. After the extents are logged clear_em_logging() is called on each of them, and that makes extent map E to be merged with extent map D' (try_merge_map()), resulting in D' being deleted and E adjusted to: em E, start 1249280, orig_start 1200128, len 1032192, block_start 1106825216, block_len 1032192, orig_block_len 245760 A direct IO write at offset 1847296 and length of 360448 bytes (end offset at 2207744) starts, and at that moment the following extent maps exist for our inode: em A, start 0, orig_start 0, len 40960, block_start 18446744073709551613, block_len 0, orig_block_len 0 em B, start 40960, orig_start 40960, len 270336, block_start 1106399232, block_len 270336, orig_block_len 376832 em C, start 311296, orig_start 311296, len 937984, block_start 1112842240, block_len 937984, orig_block_len 937984 em E (prealloc), start 1249280, orig_start 1200128, len 1032192, block_start 1106825216, block_len 1032192, orig_block_len 245760 The dio write results in drop_extent_cache() being called twice. The first time for a range that starts at offset 1847296 and ends at offset 2035711 (length of 188416), which results in a double split of extent map E, replacing it with two new extent maps: em F, start 1249280, orig_start 1200128, block_start 1106825216, block_len 598016, orig_block_len 598016 em G, start 2035712, orig_start 1200128, block_start 1107611648, block_len 245760, orig_block_len 1032192 It also creates a new extent map that represents a part of the requested IO (through create_io_em()): em H, start 1847296, len 188416, block_start 1107423232, block_len 188416 The second call to drop_extent_cache() has a range with a start offset of 2035712 and end offset of 2207743 (length of 172032). This leads to replacing extent map G with a new extent map I with the following values: em I, start 2207744, orig_start 1200128, block_start 1107783680, block_len 73728, orig_block_len 1032192 It also creates a new extent map that represents the second part of the requested IO (through create_io_em()): em J, start 2035712, len 172032, block_start 1107611648, block_len 172032 The dio write set the inode's i_size to 2207744 bytes. After the dio write the inode has the following extent maps: em A, start 0, orig_start 0, len 40960, block_start 18446744073709551613, block_len 0, orig_block_len 0 em B, start 40960, orig_start 40960, len 270336, block_start 1106399232, block_len 270336, orig_block_len 376832 em C, start 311296, orig_start 311296, len 937984, block_start 1112842240, block_len 937984, orig_block_len 937984 em F, start 1249280, orig_start 1200128, len 598016, block_start 1106825216, block_len 598016, orig_block_len 598016 em H, start 1847296, orig_start 1200128, len 188416, block_start 1107423232, block_len 188416, orig_block_len 835584 em J, start 2035712, orig_start 2035712, len 172032, block_start 1107611648, block_len 172032, orig_block_len 245760 em I, start 2207744, orig_start 1200128, len 73728, block_start 1107783680, block_len 73728, orig_block_len 1032192 Now do some change to the file, like adding a xattr for example and then fsync it again. This triggers a fast fsync path, and as of commit 471d557afed1 ("Btrfs: fix loss of prealloc extents past i_size after fsync log replay"), we use the extent map I to log a file extent item because it's a prealloc extent and it starts at an offset matching the inode's i_size. However when we log it, we create a file extent item with a value for the disk byte location that is wrong, as can be seen from the following output of "btrfs inspect-internal dump-tree": item 1 key (271 EXTENT_DATA 2207744) itemoff 3782 itemsize 53 generation 22 type 2 (prealloc) prealloc data disk byte 1106776064 nr 1032192 prealloc data offset 1007616 nr 73728 Here the disk byte value corresponds to calculation based on some fields from the extent map I: 1106776064 = block_start (1107783680) - 1007616 (extent_offset) extent_offset = 2207744 (start) - 1200128 (orig_start) = 1007616 The disk byte value of 1106776064 clashes with disk byte values of the file extent items at offsets 1249280 and 1847296 in the fs tree: item 6 key (271 EXTENT_DATA 1249280) itemoff 3568 itemsize 53 generation 20 type 2 (prealloc) prealloc data disk byte 1106776064 nr 835584 prealloc data offset 49152 nr 598016 item 7 key (271 EXTENT_DATA 1847296) itemoff 3515 itemsize 53 generation 20 type 1 (regular) extent data disk byte 1106776064 nr 835584 extent data offset 647168 nr 188416 ram 835584 extent compression 0 (none) item 8 key (271 EXTENT_DATA 2035712) itemoff 3462 itemsize 53 generation 20 type 1 (regular) extent data disk byte 1107611648 nr 245760 extent data offset 0 nr 172032 ram 245760 extent compression 0 (none) item 9 key (271 EXTENT_DATA 2207744) itemoff 3409 itemsize 53 generation 20 type 2 (prealloc) prealloc data disk byte 1107611648 nr 245760 prealloc data offset 172032 nr 73728 Instead of the disk byte value of 1106776064, the value of 1107611648 should have been logged. Also the data offset value should have been 172032 and not 1007616. After a log replay we end up getting two extent items in the extent tree with different lengths, one of 835584, which is correct and existed before the log replay, and another one of 1032192 which is wrong and is based on the logged file extent item: item 12 key (1106776064 EXTENT_ITEM 835584) itemoff 3406 itemsize 53 refs 2 gen 15 flags DATA extent data backref root 5 objectid 271 offset 1200128 count 2 item 13 key (1106776064 EXTENT_ITEM 1032192) itemoff 3353 itemsize 53 refs 1 gen 22 flags DATA extent data backref root 5 objectid 271 offset 1200128 count 1 Obviously this leads to many problems and a filesystem check reports many errors: (...) checking extents Extent back ref already exists for 1106776064 parent 0 root 5 owner 271 offset 1200128 num_refs 1 extent item 1106776064 has multiple extent items ref mismatch on [1106776064 835584] extent item 2, found 3 Incorrect local backref count on 1106776064 root 5 owner 271 offset 1200128 found 2 wanted 1 back 0x55b1d0ad7680 Backref 1106776064 root 5 owner 271 offset 1200128 num_refs 0 not found in extent tree Incorrect local backref count on 1106776064 root 5 owner 271 offset 1200128 found 1 wanted 0 back 0x55b1d0ad4e70 Backref bytes do not match extent backref, bytenr=1106776064, ref bytes=835584, backref bytes=1032192 backpointer mismatch on [1106776064 835584] checking free space cache block group 1103101952 has wrong amount of free space failed to load free space cache for block group 1103101952 checking fs roots (...) So fix this by logging the prealloc extents beyond the inode's i_size based on searches in the subvolume tree instead of the extent maps. Fixes: 471d557afed1 ("Btrfs: fix loss of prealloc extents past i_size after fsync log replay") CC: stable(a)vger.kernel.org # 4.14+ Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c index c1509547c762..8f23a94dab77 100644 --- a/fs/btrfs/tree-log.c +++ b/fs/btrfs/tree-log.c @@ -4320,6 +4320,110 @@ static int log_one_extent(struct btrfs_trans_handle *trans, return ret; } +/* + * Log all prealloc extents beyond the inode's i_size to make sure we do not + * lose them after doing a fast fsync and replaying the log. We scan the + * subvolume's root instead of iterating the inode's extent map tree because + * otherwise we can log incorrect extent items based on extent map conversion. + * That can happen due to the fact that extent maps are merged when they + * are not in the extent map tree's list of modified extents. + */ +static int btrfs_log_prealloc_extents(struct btrfs_trans_handle *trans, + struct btrfs_inode *inode, + struct btrfs_path *path) +{ + struct btrfs_root *root = inode->root; + struct btrfs_key key; + const u64 i_size = i_size_read(&inode->vfs_inode); + const u64 ino = btrfs_ino(inode); + struct btrfs_path *dst_path = NULL; + u64 last_extent = (u64)-1; + int ins_nr = 0; + int start_slot; + int ret; + + if (!(inode->flags & BTRFS_INODE_PREALLOC)) + return 0; + + key.objectid = ino; + key.type = BTRFS_EXTENT_DATA_KEY; + key.offset = i_size; + ret = btrfs_search_slot(NULL, root, &key, path, 0, 0); + if (ret < 0) + goto out; + + while (true) { + struct extent_buffer *leaf = path->nodes[0]; + int slot = path->slots[0]; + + if (slot >= btrfs_header_nritems(leaf)) { + if (ins_nr > 0) { + ret = copy_items(trans, inode, dst_path, path, + &last_extent, start_slot, + ins_nr, 1, 0); + if (ret < 0) + goto out; + ins_nr = 0; + } + ret = btrfs_next_leaf(root, path); + if (ret < 0) + goto out; + if (ret > 0) { + ret = 0; + break; + } + continue; + } + + btrfs_item_key_to_cpu(leaf, &key, slot); + if (key.objectid > ino) + break; + if (WARN_ON_ONCE(key.objectid < ino) || + key.type < BTRFS_EXTENT_DATA_KEY || + key.offset < i_size) { + path->slots[0]++; + continue; + } + if (last_extent == (u64)-1) { + last_extent = key.offset; + /* + * Avoid logging extent items logged in past fsync calls + * and leading to duplicate keys in the log tree. + */ + do { + ret = btrfs_truncate_inode_items(trans, + root->log_root, + &inode->vfs_inode, + i_size, + BTRFS_EXTENT_DATA_KEY); + } while (ret == -EAGAIN); + if (ret) + goto out; + } + if (ins_nr == 0) + start_slot = slot; + ins_nr++; + path->slots[0]++; + if (!dst_path) { + dst_path = btrfs_alloc_path(); + if (!dst_path) { + ret = -ENOMEM; + goto out; + } + } + } + if (ins_nr > 0) { + ret = copy_items(trans, inode, dst_path, path, &last_extent, + start_slot, ins_nr, 1, 0); + if (ret > 0) + ret = 0; + } +out: + btrfs_release_path(path); + btrfs_free_path(dst_path); + return ret; +} + static int btrfs_log_changed_extents(struct btrfs_trans_handle *trans, struct btrfs_root *root, struct btrfs_inode *inode, @@ -4362,6 +4466,11 @@ static int btrfs_log_changed_extents(struct btrfs_trans_handle *trans, if (em->generation <= test_gen) continue; + /* We log prealloc extents beyond eof later. */ + if (test_bit(EXTENT_FLAG_PREALLOC, &em->flags) && + em->start >= i_size_read(&inode->vfs_inode)) + continue; + if (em->start < logged_start) logged_start = em->start; if ((em->start + em->len - 1) > logged_end) @@ -4374,31 +4483,6 @@ static int btrfs_log_changed_extents(struct btrfs_trans_handle *trans, num++; } - /* - * Add all prealloc extents beyond the inode's i_size to make sure we - * don't lose them after doing a fast fsync and replaying the log. - */ - if (inode->flags & BTRFS_INODE_PREALLOC) { - struct rb_node *node; - - for (node = rb_last(&tree->map); node; node = rb_prev(node)) { - em = rb_entry(node, struct extent_map, rb_node); - if (em->start < i_size_read(&inode->vfs_inode)) - break; - if (!list_empty(&em->list)) - continue; - /* Same as above loop. */ - if (++num > 32768) { - list_del_init(&tree->modified_extents); - ret = -EFBIG; - goto process; - } - refcount_inc(&em->refs); - set_bit(EXTENT_FLAG_LOGGING, &em->flags); - list_add_tail(&em->list, &extents); - } - } - list_sort(NULL, &extents, extent_cmp); btrfs_get_logged_extents(inode, logged_list, logged_start, logged_end); /* @@ -4443,6 +4527,9 @@ static int btrfs_log_changed_extents(struct btrfs_trans_handle *trans, up_write(&inode->dio_sem); btrfs_release_path(path); + if (!ret) + ret = btrfs_log_prealloc_extents(trans, inode, path); + return ret; }

7 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] Btrfs: fix duplicate extents after fsync of file with" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 31d11b83b96faaee4bb514d375a09489117c3e8d Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Wed, 9 May 2018 16:01:46 +0100 Subject: [PATCH] Btrfs: fix duplicate extents after fsync of file with prealloc extents In commit 471d557afed1 ("Btrfs: fix loss of prealloc extents past i_size after fsync log replay"), on fsync, we started to always log all prealloc extents beyond an inode's i_size in order to avoid losing them after a power failure. However under some cases this can lead to the log replay code to create duplicate extent items, with different lengths, in the extent tree. That happens because, as of that commit, we can now log extent items based on extent maps that are not on the "modified" list of extent maps of the inode's extent map tree. Logging extent items based on extent maps is used during the fast fsync path to save time and for this to work reliably it requires that the extent maps are not merged with other adjacent extent maps - having the extent maps in the list of modified extents gives such guarantee. Consider the following example, captured during a long run of fsstress, which illustrates this problem. We have inode 271, in the filesystem tree (root 5), for which all of the following operations and discussion apply to. A buffered write starts at offset 312391 with a length of 933471 bytes (end offset at 1245862). At this point we have, for this inode, the following extent maps with the their field values: em A, start 0, orig_start 0, len 40960, block_start 18446744073709551613, block_len 0, orig_block_len 0 em B, start 40960, orig_start 40960, len 376832, block_start 1106399232, block_len 376832, orig_block_len 376832 em C, start 417792, orig_start 417792, len 782336, block_start 18446744073709551613, block_len 0, orig_block_len 0 em D, start 1200128, orig_start 1200128, len 835584, block_start 1106776064, block_len 835584, orig_block_len 835584 em E, start 2035712, orig_start 2035712, len 245760, block_start 1107611648, block_len 245760, orig_block_len 245760 Extent map A corresponds to a hole and extent maps D and E correspond to preallocated extents. Extent map D ends where extent map E begins (1106776064 + 835584 = 1107611648), but these extent maps were not merged because they are in the inode's list of modified extent maps. An fsync against this inode is made, which triggers the fast path (BTRFS_INODE_NEEDS_FULL_SYNC is not set). This fsync triggers writeback of the data previously written using buffered IO, and when the respective ordered extent finishes, btrfs_drop_extents() is called against the (aligned) range 311296..1249279. This causes a split of extent map D at btrfs_drop_extent_cache(), replacing extent map D with a new extent map D', also added to the list of modified extents, with the following values: em D', start 1249280, orig_start of 1200128, block_start 1106825216 (= 1106776064 + 1249280 - 1200128), orig_block_len 835584, block_len 786432 (835584 - (1249280 - 1200128)) Then, during the fast fsync, btrfs_log_changed_extents() is called and extent maps D' and E are removed from the list of modified extents. The flag EXTENT_FLAG_LOGGING is also set on them. After the extents are logged clear_em_logging() is called on each of them, and that makes extent map E to be merged with extent map D' (try_merge_map()), resulting in D' being deleted and E adjusted to: em E, start 1249280, orig_start 1200128, len 1032192, block_start 1106825216, block_len 1032192, orig_block_len 245760 A direct IO write at offset 1847296 and length of 360448 bytes (end offset at 2207744) starts, and at that moment the following extent maps exist for our inode: em A, start 0, orig_start 0, len 40960, block_start 18446744073709551613, block_len 0, orig_block_len 0 em B, start 40960, orig_start 40960, len 270336, block_start 1106399232, block_len 270336, orig_block_len 376832 em C, start 311296, orig_start 311296, len 937984, block_start 1112842240, block_len 937984, orig_block_len 937984 em E (prealloc), start 1249280, orig_start 1200128, len 1032192, block_start 1106825216, block_len 1032192, orig_block_len 245760 The dio write results in drop_extent_cache() being called twice. The first time for a range that starts at offset 1847296 and ends at offset 2035711 (length of 188416), which results in a double split of extent map E, replacing it with two new extent maps: em F, start 1249280, orig_start 1200128, block_start 1106825216, block_len 598016, orig_block_len 598016 em G, start 2035712, orig_start 1200128, block_start 1107611648, block_len 245760, orig_block_len 1032192 It also creates a new extent map that represents a part of the requested IO (through create_io_em()): em H, start 1847296, len 188416, block_start 1107423232, block_len 188416 The second call to drop_extent_cache() has a range with a start offset of 2035712 and end offset of 2207743 (length of 172032). This leads to replacing extent map G with a new extent map I with the following values: em I, start 2207744, orig_start 1200128, block_start 1107783680, block_len 73728, orig_block_len 1032192 It also creates a new extent map that represents the second part of the requested IO (through create_io_em()): em J, start 2035712, len 172032, block_start 1107611648, block_len 172032 The dio write set the inode's i_size to 2207744 bytes. After the dio write the inode has the following extent maps: em A, start 0, orig_start 0, len 40960, block_start 18446744073709551613, block_len 0, orig_block_len 0 em B, start 40960, orig_start 40960, len 270336, block_start 1106399232, block_len 270336, orig_block_len 376832 em C, start 311296, orig_start 311296, len 937984, block_start 1112842240, block_len 937984, orig_block_len 937984 em F, start 1249280, orig_start 1200128, len 598016, block_start 1106825216, block_len 598016, orig_block_len 598016 em H, start 1847296, orig_start 1200128, len 188416, block_start 1107423232, block_len 188416, orig_block_len 835584 em J, start 2035712, orig_start 2035712, len 172032, block_start 1107611648, block_len 172032, orig_block_len 245760 em I, start 2207744, orig_start 1200128, len 73728, block_start 1107783680, block_len 73728, orig_block_len 1032192 Now do some change to the file, like adding a xattr for example and then fsync it again. This triggers a fast fsync path, and as of commit 471d557afed1 ("Btrfs: fix loss of prealloc extents past i_size after fsync log replay"), we use the extent map I to log a file extent item because it's a prealloc extent and it starts at an offset matching the inode's i_size. However when we log it, we create a file extent item with a value for the disk byte location that is wrong, as can be seen from the following output of "btrfs inspect-internal dump-tree": item 1 key (271 EXTENT_DATA 2207744) itemoff 3782 itemsize 53 generation 22 type 2 (prealloc) prealloc data disk byte 1106776064 nr 1032192 prealloc data offset 1007616 nr 73728 Here the disk byte value corresponds to calculation based on some fields from the extent map I: 1106776064 = block_start (1107783680) - 1007616 (extent_offset) extent_offset = 2207744 (start) - 1200128 (orig_start) = 1007616 The disk byte value of 1106776064 clashes with disk byte values of the file extent items at offsets 1249280 and 1847296 in the fs tree: item 6 key (271 EXTENT_DATA 1249280) itemoff 3568 itemsize 53 generation 20 type 2 (prealloc) prealloc data disk byte 1106776064 nr 835584 prealloc data offset 49152 nr 598016 item 7 key (271 EXTENT_DATA 1847296) itemoff 3515 itemsize 53 generation 20 type 1 (regular) extent data disk byte 1106776064 nr 835584 extent data offset 647168 nr 188416 ram 835584 extent compression 0 (none) item 8 key (271 EXTENT_DATA 2035712) itemoff 3462 itemsize 53 generation 20 type 1 (regular) extent data disk byte 1107611648 nr 245760 extent data offset 0 nr 172032 ram 245760 extent compression 0 (none) item 9 key (271 EXTENT_DATA 2207744) itemoff 3409 itemsize 53 generation 20 type 2 (prealloc) prealloc data disk byte 1107611648 nr 245760 prealloc data offset 172032 nr 73728 Instead of the disk byte value of 1106776064, the value of 1107611648 should have been logged. Also the data offset value should have been 172032 and not 1007616. After a log replay we end up getting two extent items in the extent tree with different lengths, one of 835584, which is correct and existed before the log replay, and another one of 1032192 which is wrong and is based on the logged file extent item: item 12 key (1106776064 EXTENT_ITEM 835584) itemoff 3406 itemsize 53 refs 2 gen 15 flags DATA extent data backref root 5 objectid 271 offset 1200128 count 2 item 13 key (1106776064 EXTENT_ITEM 1032192) itemoff 3353 itemsize 53 refs 1 gen 22 flags DATA extent data backref root 5 objectid 271 offset 1200128 count 1 Obviously this leads to many problems and a filesystem check reports many errors: (...) checking extents Extent back ref already exists for 1106776064 parent 0 root 5 owner 271 offset 1200128 num_refs 1 extent item 1106776064 has multiple extent items ref mismatch on [1106776064 835584] extent item 2, found 3 Incorrect local backref count on 1106776064 root 5 owner 271 offset 1200128 found 2 wanted 1 back 0x55b1d0ad7680 Backref 1106776064 root 5 owner 271 offset 1200128 num_refs 0 not found in extent tree Incorrect local backref count on 1106776064 root 5 owner 271 offset 1200128 found 1 wanted 0 back 0x55b1d0ad4e70 Backref bytes do not match extent backref, bytenr=1106776064, ref bytes=835584, backref bytes=1032192 backpointer mismatch on [1106776064 835584] checking free space cache block group 1103101952 has wrong amount of free space failed to load free space cache for block group 1103101952 checking fs roots (...) So fix this by logging the prealloc extents beyond the inode's i_size based on searches in the subvolume tree instead of the extent maps. Fixes: 471d557afed1 ("Btrfs: fix loss of prealloc extents past i_size after fsync log replay") CC: stable(a)vger.kernel.org # 4.14+ Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c index c1509547c762..8f23a94dab77 100644 --- a/fs/btrfs/tree-log.c +++ b/fs/btrfs/tree-log.c @@ -4320,6 +4320,110 @@ static int log_one_extent(struct btrfs_trans_handle *trans, return ret; } +/* + * Log all prealloc extents beyond the inode's i_size to make sure we do not + * lose them after doing a fast fsync and replaying the log. We scan the + * subvolume's root instead of iterating the inode's extent map tree because + * otherwise we can log incorrect extent items based on extent map conversion. + * That can happen due to the fact that extent maps are merged when they + * are not in the extent map tree's list of modified extents. + */ +static int btrfs_log_prealloc_extents(struct btrfs_trans_handle *trans, + struct btrfs_inode *inode, + struct btrfs_path *path) +{ + struct btrfs_root *root = inode->root; + struct btrfs_key key; + const u64 i_size = i_size_read(&inode->vfs_inode); + const u64 ino = btrfs_ino(inode); + struct btrfs_path *dst_path = NULL; + u64 last_extent = (u64)-1; + int ins_nr = 0; + int start_slot; + int ret; + + if (!(inode->flags & BTRFS_INODE_PREALLOC)) + return 0; + + key.objectid = ino; + key.type = BTRFS_EXTENT_DATA_KEY; + key.offset = i_size; + ret = btrfs_search_slot(NULL, root, &key, path, 0, 0); + if (ret < 0) + goto out; + + while (true) { + struct extent_buffer *leaf = path->nodes[0]; + int slot = path->slots[0]; + + if (slot >= btrfs_header_nritems(leaf)) { + if (ins_nr > 0) { + ret = copy_items(trans, inode, dst_path, path, + &last_extent, start_slot, + ins_nr, 1, 0); + if (ret < 0) + goto out; + ins_nr = 0; + } + ret = btrfs_next_leaf(root, path); + if (ret < 0) + goto out; + if (ret > 0) { + ret = 0; + break; + } + continue; + } + + btrfs_item_key_to_cpu(leaf, &key, slot); + if (key.objectid > ino) + break; + if (WARN_ON_ONCE(key.objectid < ino) || + key.type < BTRFS_EXTENT_DATA_KEY || + key.offset < i_size) { + path->slots[0]++; + continue; + } + if (last_extent == (u64)-1) { + last_extent = key.offset; + /* + * Avoid logging extent items logged in past fsync calls + * and leading to duplicate keys in the log tree. + */ + do { + ret = btrfs_truncate_inode_items(trans, + root->log_root, + &inode->vfs_inode, + i_size, + BTRFS_EXTENT_DATA_KEY); + } while (ret == -EAGAIN); + if (ret) + goto out; + } + if (ins_nr == 0) + start_slot = slot; + ins_nr++; + path->slots[0]++; + if (!dst_path) { + dst_path = btrfs_alloc_path(); + if (!dst_path) { + ret = -ENOMEM; + goto out; + } + } + } + if (ins_nr > 0) { + ret = copy_items(trans, inode, dst_path, path, &last_extent, + start_slot, ins_nr, 1, 0); + if (ret > 0) + ret = 0; + } +out: + btrfs_release_path(path); + btrfs_free_path(dst_path); + return ret; +} + static int btrfs_log_changed_extents(struct btrfs_trans_handle *trans, struct btrfs_root *root, struct btrfs_inode *inode, @@ -4362,6 +4466,11 @@ static int btrfs_log_changed_extents(struct btrfs_trans_handle *trans, if (em->generation <= test_gen) continue; + /* We log prealloc extents beyond eof later. */ + if (test_bit(EXTENT_FLAG_PREALLOC, &em->flags) && + em->start >= i_size_read(&inode->vfs_inode)) + continue; + if (em->start < logged_start) logged_start = em->start; if ((em->start + em->len - 1) > logged_end) @@ -4374,31 +4483,6 @@ static int btrfs_log_changed_extents(struct btrfs_trans_handle *trans, num++; } - /* - * Add all prealloc extents beyond the inode's i_size to make sure we - * don't lose them after doing a fast fsync and replaying the log. - */ - if (inode->flags & BTRFS_INODE_PREALLOC) { - struct rb_node *node; - - for (node = rb_last(&tree->map); node; node = rb_prev(node)) { - em = rb_entry(node, struct extent_map, rb_node); - if (em->start < i_size_read(&inode->vfs_inode)) - break; - if (!list_empty(&em->list)) - continue; - /* Same as above loop. */ - if (++num > 32768) { - list_del_init(&tree->modified_extents); - ret = -EFBIG; - goto process; - } - refcount_inc(&em->refs); - set_bit(EXTENT_FLAG_LOGGING, &em->flags); - list_add_tail(&em->list, &extents); - } - } - list_sort(NULL, &extents, extent_cmp); btrfs_get_logged_extents(inode, logged_list, logged_start, logged_end); /* @@ -4443,6 +4527,9 @@ static int btrfs_log_changed_extents(struct btrfs_trans_handle *trans, up_write(&inode->dio_sem); btrfs_release_path(path); + if (!ret) + ret = btrfs_log_prealloc_extents(trans, inode, path); + return ret; }

7 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] Btrfs: fix duplicate extents after fsync of file with" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 31d11b83b96faaee4bb514d375a09489117c3e8d Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Wed, 9 May 2018 16:01:46 +0100 Subject: [PATCH] Btrfs: fix duplicate extents after fsync of file with prealloc extents In commit 471d557afed1 ("Btrfs: fix loss of prealloc extents past i_size after fsync log replay"), on fsync, we started to always log all prealloc extents beyond an inode's i_size in order to avoid losing them after a power failure. However under some cases this can lead to the log replay code to create duplicate extent items, with different lengths, in the extent tree. That happens because, as of that commit, we can now log extent items based on extent maps that are not on the "modified" list of extent maps of the inode's extent map tree. Logging extent items based on extent maps is used during the fast fsync path to save time and for this to work reliably it requires that the extent maps are not merged with other adjacent extent maps - having the extent maps in the list of modified extents gives such guarantee. Consider the following example, captured during a long run of fsstress, which illustrates this problem. We have inode 271, in the filesystem tree (root 5), for which all of the following operations and discussion apply to. A buffered write starts at offset 312391 with a length of 933471 bytes (end offset at 1245862). At this point we have, for this inode, the following extent maps with the their field values: em A, start 0, orig_start 0, len 40960, block_start 18446744073709551613, block_len 0, orig_block_len 0 em B, start 40960, orig_start 40960, len 376832, block_start 1106399232, block_len 376832, orig_block_len 376832 em C, start 417792, orig_start 417792, len 782336, block_start 18446744073709551613, block_len 0, orig_block_len 0 em D, start 1200128, orig_start 1200128, len 835584, block_start 1106776064, block_len 835584, orig_block_len 835584 em E, start 2035712, orig_start 2035712, len 245760, block_start 1107611648, block_len 245760, orig_block_len 245760 Extent map A corresponds to a hole and extent maps D and E correspond to preallocated extents. Extent map D ends where extent map E begins (1106776064 + 835584 = 1107611648), but these extent maps were not merged because they are in the inode's list of modified extent maps. An fsync against this inode is made, which triggers the fast path (BTRFS_INODE_NEEDS_FULL_SYNC is not set). This fsync triggers writeback of the data previously written using buffered IO, and when the respective ordered extent finishes, btrfs_drop_extents() is called against the (aligned) range 311296..1249279. This causes a split of extent map D at btrfs_drop_extent_cache(), replacing extent map D with a new extent map D', also added to the list of modified extents, with the following values: em D', start 1249280, orig_start of 1200128, block_start 1106825216 (= 1106776064 + 1249280 - 1200128), orig_block_len 835584, block_len 786432 (835584 - (1249280 - 1200128)) Then, during the fast fsync, btrfs_log_changed_extents() is called and extent maps D' and E are removed from the list of modified extents. The flag EXTENT_FLAG_LOGGING is also set on them. After the extents are logged clear_em_logging() is called on each of them, and that makes extent map E to be merged with extent map D' (try_merge_map()), resulting in D' being deleted and E adjusted to: em E, start 1249280, orig_start 1200128, len 1032192, block_start 1106825216, block_len 1032192, orig_block_len 245760 A direct IO write at offset 1847296 and length of 360448 bytes (end offset at 2207744) starts, and at that moment the following extent maps exist for our inode: em A, start 0, orig_start 0, len 40960, block_start 18446744073709551613, block_len 0, orig_block_len 0 em B, start 40960, orig_start 40960, len 270336, block_start 1106399232, block_len 270336, orig_block_len 376832 em C, start 311296, orig_start 311296, len 937984, block_start 1112842240, block_len 937984, orig_block_len 937984 em E (prealloc), start 1249280, orig_start 1200128, len 1032192, block_start 1106825216, block_len 1032192, orig_block_len 245760 The dio write results in drop_extent_cache() being called twice. The first time for a range that starts at offset 1847296 and ends at offset 2035711 (length of 188416), which results in a double split of extent map E, replacing it with two new extent maps: em F, start 1249280, orig_start 1200128, block_start 1106825216, block_len 598016, orig_block_len 598016 em G, start 2035712, orig_start 1200128, block_start 1107611648, block_len 245760, orig_block_len 1032192 It also creates a new extent map that represents a part of the requested IO (through create_io_em()): em H, start 1847296, len 188416, block_start 1107423232, block_len 188416 The second call to drop_extent_cache() has a range with a start offset of 2035712 and end offset of 2207743 (length of 172032). This leads to replacing extent map G with a new extent map I with the following values: em I, start 2207744, orig_start 1200128, block_start 1107783680, block_len 73728, orig_block_len 1032192 It also creates a new extent map that represents the second part of the requested IO (through create_io_em()): em J, start 2035712, len 172032, block_start 1107611648, block_len 172032 The dio write set the inode's i_size to 2207744 bytes. After the dio write the inode has the following extent maps: em A, start 0, orig_start 0, len 40960, block_start 18446744073709551613, block_len 0, orig_block_len 0 em B, start 40960, orig_start 40960, len 270336, block_start 1106399232, block_len 270336, orig_block_len 376832 em C, start 311296, orig_start 311296, len 937984, block_start 1112842240, block_len 937984, orig_block_len 937984 em F, start 1249280, orig_start 1200128, len 598016, block_start 1106825216, block_len 598016, orig_block_len 598016 em H, start 1847296, orig_start 1200128, len 188416, block_start 1107423232, block_len 188416, orig_block_len 835584 em J, start 2035712, orig_start 2035712, len 172032, block_start 1107611648, block_len 172032, orig_block_len 245760 em I, start 2207744, orig_start 1200128, len 73728, block_start 1107783680, block_len 73728, orig_block_len 1032192 Now do some change to the file, like adding a xattr for example and then fsync it again. This triggers a fast fsync path, and as of commit 471d557afed1 ("Btrfs: fix loss of prealloc extents past i_size after fsync log replay"), we use the extent map I to log a file extent item because it's a prealloc extent and it starts at an offset matching the inode's i_size. However when we log it, we create a file extent item with a value for the disk byte location that is wrong, as can be seen from the following output of "btrfs inspect-internal dump-tree": item 1 key (271 EXTENT_DATA 2207744) itemoff 3782 itemsize 53 generation 22 type 2 (prealloc) prealloc data disk byte 1106776064 nr 1032192 prealloc data offset 1007616 nr 73728 Here the disk byte value corresponds to calculation based on some fields from the extent map I: 1106776064 = block_start (1107783680) - 1007616 (extent_offset) extent_offset = 2207744 (start) - 1200128 (orig_start) = 1007616 The disk byte value of 1106776064 clashes with disk byte values of the file extent items at offsets 1249280 and 1847296 in the fs tree: item 6 key (271 EXTENT_DATA 1249280) itemoff 3568 itemsize 53 generation 20 type 2 (prealloc) prealloc data disk byte 1106776064 nr 835584 prealloc data offset 49152 nr 598016 item 7 key (271 EXTENT_DATA 1847296) itemoff 3515 itemsize 53 generation 20 type 1 (regular) extent data disk byte 1106776064 nr 835584 extent data offset 647168 nr 188416 ram 835584 extent compression 0 (none) item 8 key (271 EXTENT_DATA 2035712) itemoff 3462 itemsize 53 generation 20 type 1 (regular) extent data disk byte 1107611648 nr 245760 extent data offset 0 nr 172032 ram 245760 extent compression 0 (none) item 9 key (271 EXTENT_DATA 2207744) itemoff 3409 itemsize 53 generation 20 type 2 (prealloc) prealloc data disk byte 1107611648 nr 245760 prealloc data offset 172032 nr 73728 Instead of the disk byte value of 1106776064, the value of 1107611648 should have been logged. Also the data offset value should have been 172032 and not 1007616. After a log replay we end up getting two extent items in the extent tree with different lengths, one of 835584, which is correct and existed before the log replay, and another one of 1032192 which is wrong and is based on the logged file extent item: item 12 key (1106776064 EXTENT_ITEM 835584) itemoff 3406 itemsize 53 refs 2 gen 15 flags DATA extent data backref root 5 objectid 271 offset 1200128 count 2 item 13 key (1106776064 EXTENT_ITEM 1032192) itemoff 3353 itemsize 53 refs 1 gen 22 flags DATA extent data backref root 5 objectid 271 offset 1200128 count 1 Obviously this leads to many problems and a filesystem check reports many errors: (...) checking extents Extent back ref already exists for 1106776064 parent 0 root 5 owner 271 offset 1200128 num_refs 1 extent item 1106776064 has multiple extent items ref mismatch on [1106776064 835584] extent item 2, found 3 Incorrect local backref count on 1106776064 root 5 owner 271 offset 1200128 found 2 wanted 1 back 0x55b1d0ad7680 Backref 1106776064 root 5 owner 271 offset 1200128 num_refs 0 not found in extent tree Incorrect local backref count on 1106776064 root 5 owner 271 offset 1200128 found 1 wanted 0 back 0x55b1d0ad4e70 Backref bytes do not match extent backref, bytenr=1106776064, ref bytes=835584, backref bytes=1032192 backpointer mismatch on [1106776064 835584] checking free space cache block group 1103101952 has wrong amount of free space failed to load free space cache for block group 1103101952 checking fs roots (...) So fix this by logging the prealloc extents beyond the inode's i_size based on searches in the subvolume tree instead of the extent maps. Fixes: 471d557afed1 ("Btrfs: fix loss of prealloc extents past i_size after fsync log replay") CC: stable(a)vger.kernel.org # 4.14+ Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c index c1509547c762..8f23a94dab77 100644 --- a/fs/btrfs/tree-log.c +++ b/fs/btrfs/tree-log.c @@ -4320,6 +4320,110 @@ static int log_one_extent(struct btrfs_trans_handle *trans, return ret; } +/* + * Log all prealloc extents beyond the inode's i_size to make sure we do not + * lose them after doing a fast fsync and replaying the log. We scan the + * subvolume's root instead of iterating the inode's extent map tree because + * otherwise we can log incorrect extent items based on extent map conversion. + * That can happen due to the fact that extent maps are merged when they + * are not in the extent map tree's list of modified extents. + */ +static int btrfs_log_prealloc_extents(struct btrfs_trans_handle *trans, + struct btrfs_inode *inode, + struct btrfs_path *path) +{ + struct btrfs_root *root = inode->root; + struct btrfs_key key; + const u64 i_size = i_size_read(&inode->vfs_inode); + const u64 ino = btrfs_ino(inode); + struct btrfs_path *dst_path = NULL; + u64 last_extent = (u64)-1; + int ins_nr = 0; + int start_slot; + int ret; + + if (!(inode->flags & BTRFS_INODE_PREALLOC)) + return 0; + + key.objectid = ino; + key.type = BTRFS_EXTENT_DATA_KEY; + key.offset = i_size; + ret = btrfs_search_slot(NULL, root, &key, path, 0, 0); + if (ret < 0) + goto out; + + while (true) { + struct extent_buffer *leaf = path->nodes[0]; + int slot = path->slots[0]; + + if (slot >= btrfs_header_nritems(leaf)) { + if (ins_nr > 0) { + ret = copy_items(trans, inode, dst_path, path, + &last_extent, start_slot, + ins_nr, 1, 0); + if (ret < 0) + goto out; + ins_nr = 0; + } + ret = btrfs_next_leaf(root, path); + if (ret < 0) + goto out; + if (ret > 0) { + ret = 0; + break; + } + continue; + } + + btrfs_item_key_to_cpu(leaf, &key, slot); + if (key.objectid > ino) + break; + if (WARN_ON_ONCE(key.objectid < ino) || + key.type < BTRFS_EXTENT_DATA_KEY || + key.offset < i_size) { + path->slots[0]++; + continue; + } + if (last_extent == (u64)-1) { + last_extent = key.offset; + /* + * Avoid logging extent items logged in past fsync calls + * and leading to duplicate keys in the log tree. + */ + do { + ret = btrfs_truncate_inode_items(trans, + root->log_root, + &inode->vfs_inode, + i_size, + BTRFS_EXTENT_DATA_KEY); + } while (ret == -EAGAIN); + if (ret) + goto out; + } + if (ins_nr == 0) + start_slot = slot; + ins_nr++; + path->slots[0]++; + if (!dst_path) { + dst_path = btrfs_alloc_path(); + if (!dst_path) { + ret = -ENOMEM; + goto out; + } + } + } + if (ins_nr > 0) { + ret = copy_items(trans, inode, dst_path, path, &last_extent, + start_slot, ins_nr, 1, 0); + if (ret > 0) + ret = 0; + } +out: + btrfs_release_path(path); + btrfs_free_path(dst_path); + return ret; +} + static int btrfs_log_changed_extents(struct btrfs_trans_handle *trans, struct btrfs_root *root, struct btrfs_inode *inode, @@ -4362,6 +4466,11 @@ static int btrfs_log_changed_extents(struct btrfs_trans_handle *trans, if (em->generation <= test_gen) continue; + /* We log prealloc extents beyond eof later. */ + if (test_bit(EXTENT_FLAG_PREALLOC, &em->flags) && + em->start >= i_size_read(&inode->vfs_inode)) + continue; + if (em->start < logged_start) logged_start = em->start; if ((em->start + em->len - 1) > logged_end) @@ -4374,31 +4483,6 @@ static int btrfs_log_changed_extents(struct btrfs_trans_handle *trans, num++; } - /* - * Add all prealloc extents beyond the inode's i_size to make sure we - * don't lose them after doing a fast fsync and replaying the log. - */ - if (inode->flags & BTRFS_INODE_PREALLOC) { - struct rb_node *node; - - for (node = rb_last(&tree->map); node; node = rb_prev(node)) { - em = rb_entry(node, struct extent_map, rb_node); - if (em->start < i_size_read(&inode->vfs_inode)) - break; - if (!list_empty(&em->list)) - continue; - /* Same as above loop. */ - if (++num > 32768) { - list_del_init(&tree->modified_extents); - ret = -EFBIG; - goto process; - } - refcount_inc(&em->refs); - set_bit(EXTENT_FLAG_LOGGING, &em->flags); - list_add_tail(&em->list, &extents); - } - } - list_sort(NULL, &extents, extent_cmp); btrfs_get_logged_extents(inode, logged_list, logged_start, logged_end); /* @@ -4443,6 +4527,9 @@ static int btrfs_log_changed_extents(struct btrfs_trans_handle *trans, up_write(&inode->dio_sem); btrfs_release_path(path); + if (!ret) + ret = btrfs_log_prealloc_extents(trans, inode, path); + return ret; }

7 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] Btrfs: fix duplicate extents after fsync of file with" failed to apply to 4.16-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.16-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 31d11b83b96faaee4bb514d375a09489117c3e8d Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Wed, 9 May 2018 16:01:46 +0100 Subject: [PATCH] Btrfs: fix duplicate extents after fsync of file with prealloc extents In commit 471d557afed1 ("Btrfs: fix loss of prealloc extents past i_size after fsync log replay"), on fsync, we started to always log all prealloc extents beyond an inode's i_size in order to avoid losing them after a power failure. However under some cases this can lead to the log replay code to create duplicate extent items, with different lengths, in the extent tree. That happens because, as of that commit, we can now log extent items based on extent maps that are not on the "modified" list of extent maps of the inode's extent map tree. Logging extent items based on extent maps is used during the fast fsync path to save time and for this to work reliably it requires that the extent maps are not merged with other adjacent extent maps - having the extent maps in the list of modified extents gives such guarantee. Consider the following example, captured during a long run of fsstress, which illustrates this problem. We have inode 271, in the filesystem tree (root 5), for which all of the following operations and discussion apply to. A buffered write starts at offset 312391 with a length of 933471 bytes (end offset at 1245862). At this point we have, for this inode, the following extent maps with the their field values: em A, start 0, orig_start 0, len 40960, block_start 18446744073709551613, block_len 0, orig_block_len 0 em B, start 40960, orig_start 40960, len 376832, block_start 1106399232, block_len 376832, orig_block_len 376832 em C, start 417792, orig_start 417792, len 782336, block_start 18446744073709551613, block_len 0, orig_block_len 0 em D, start 1200128, orig_start 1200128, len 835584, block_start 1106776064, block_len 835584, orig_block_len 835584 em E, start 2035712, orig_start 2035712, len 245760, block_start 1107611648, block_len 245760, orig_block_len 245760 Extent map A corresponds to a hole and extent maps D and E correspond to preallocated extents. Extent map D ends where extent map E begins (1106776064 + 835584 = 1107611648), but these extent maps were not merged because they are in the inode's list of modified extent maps. An fsync against this inode is made, which triggers the fast path (BTRFS_INODE_NEEDS_FULL_SYNC is not set). This fsync triggers writeback of the data previously written using buffered IO, and when the respective ordered extent finishes, btrfs_drop_extents() is called against the (aligned) range 311296..1249279. This causes a split of extent map D at btrfs_drop_extent_cache(), replacing extent map D with a new extent map D', also added to the list of modified extents, with the following values: em D', start 1249280, orig_start of 1200128, block_start 1106825216 (= 1106776064 + 1249280 - 1200128), orig_block_len 835584, block_len 786432 (835584 - (1249280 - 1200128)) Then, during the fast fsync, btrfs_log_changed_extents() is called and extent maps D' and E are removed from the list of modified extents. The flag EXTENT_FLAG_LOGGING is also set on them. After the extents are logged clear_em_logging() is called on each of them, and that makes extent map E to be merged with extent map D' (try_merge_map()), resulting in D' being deleted and E adjusted to: em E, start 1249280, orig_start 1200128, len 1032192, block_start 1106825216, block_len 1032192, orig_block_len 245760 A direct IO write at offset 1847296 and length of 360448 bytes (end offset at 2207744) starts, and at that moment the following extent maps exist for our inode: em A, start 0, orig_start 0, len 40960, block_start 18446744073709551613, block_len 0, orig_block_len 0 em B, start 40960, orig_start 40960, len 270336, block_start 1106399232, block_len 270336, orig_block_len 376832 em C, start 311296, orig_start 311296, len 937984, block_start 1112842240, block_len 937984, orig_block_len 937984 em E (prealloc), start 1249280, orig_start 1200128, len 1032192, block_start 1106825216, block_len 1032192, orig_block_len 245760 The dio write results in drop_extent_cache() being called twice. The first time for a range that starts at offset 1847296 and ends at offset 2035711 (length of 188416), which results in a double split of extent map E, replacing it with two new extent maps: em F, start 1249280, orig_start 1200128, block_start 1106825216, block_len 598016, orig_block_len 598016 em G, start 2035712, orig_start 1200128, block_start 1107611648, block_len 245760, orig_block_len 1032192 It also creates a new extent map that represents a part of the requested IO (through create_io_em()): em H, start 1847296, len 188416, block_start 1107423232, block_len 188416 The second call to drop_extent_cache() has a range with a start offset of 2035712 and end offset of 2207743 (length of 172032). This leads to replacing extent map G with a new extent map I with the following values: em I, start 2207744, orig_start 1200128, block_start 1107783680, block_len 73728, orig_block_len 1032192 It also creates a new extent map that represents the second part of the requested IO (through create_io_em()): em J, start 2035712, len 172032, block_start 1107611648, block_len 172032 The dio write set the inode's i_size to 2207744 bytes. After the dio write the inode has the following extent maps: em A, start 0, orig_start 0, len 40960, block_start 18446744073709551613, block_len 0, orig_block_len 0 em B, start 40960, orig_start 40960, len 270336, block_start 1106399232, block_len 270336, orig_block_len 376832 em C, start 311296, orig_start 311296, len 937984, block_start 1112842240, block_len 937984, orig_block_len 937984 em F, start 1249280, orig_start 1200128, len 598016, block_start 1106825216, block_len 598016, orig_block_len 598016 em H, start 1847296, orig_start 1200128, len 188416, block_start 1107423232, block_len 188416, orig_block_len 835584 em J, start 2035712, orig_start 2035712, len 172032, block_start 1107611648, block_len 172032, orig_block_len 245760 em I, start 2207744, orig_start 1200128, len 73728, block_start 1107783680, block_len 73728, orig_block_len 1032192 Now do some change to the file, like adding a xattr for example and then fsync it again. This triggers a fast fsync path, and as of commit 471d557afed1 ("Btrfs: fix loss of prealloc extents past i_size after fsync log replay"), we use the extent map I to log a file extent item because it's a prealloc extent and it starts at an offset matching the inode's i_size. However when we log it, we create a file extent item with a value for the disk byte location that is wrong, as can be seen from the following output of "btrfs inspect-internal dump-tree": item 1 key (271 EXTENT_DATA 2207744) itemoff 3782 itemsize 53 generation 22 type 2 (prealloc) prealloc data disk byte 1106776064 nr 1032192 prealloc data offset 1007616 nr 73728 Here the disk byte value corresponds to calculation based on some fields from the extent map I: 1106776064 = block_start (1107783680) - 1007616 (extent_offset) extent_offset = 2207744 (start) - 1200128 (orig_start) = 1007616 The disk byte value of 1106776064 clashes with disk byte values of the file extent items at offsets 1249280 and 1847296 in the fs tree: item 6 key (271 EXTENT_DATA 1249280) itemoff 3568 itemsize 53 generation 20 type 2 (prealloc) prealloc data disk byte 1106776064 nr 835584 prealloc data offset 49152 nr 598016 item 7 key (271 EXTENT_DATA 1847296) itemoff 3515 itemsize 53 generation 20 type 1 (regular) extent data disk byte 1106776064 nr 835584 extent data offset 647168 nr 188416 ram 835584 extent compression 0 (none) item 8 key (271 EXTENT_DATA 2035712) itemoff 3462 itemsize 53 generation 20 type 1 (regular) extent data disk byte 1107611648 nr 245760 extent data offset 0 nr 172032 ram 245760 extent compression 0 (none) item 9 key (271 EXTENT_DATA 2207744) itemoff 3409 itemsize 53 generation 20 type 2 (prealloc) prealloc data disk byte 1107611648 nr 245760 prealloc data offset 172032 nr 73728 Instead of the disk byte value of 1106776064, the value of 1107611648 should have been logged. Also the data offset value should have been 172032 and not 1007616. After a log replay we end up getting two extent items in the extent tree with different lengths, one of 835584, which is correct and existed before the log replay, and another one of 1032192 which is wrong and is based on the logged file extent item: item 12 key (1106776064 EXTENT_ITEM 835584) itemoff 3406 itemsize 53 refs 2 gen 15 flags DATA extent data backref root 5 objectid 271 offset 1200128 count 2 item 13 key (1106776064 EXTENT_ITEM 1032192) itemoff 3353 itemsize 53 refs 1 gen 22 flags DATA extent data backref root 5 objectid 271 offset 1200128 count 1 Obviously this leads to many problems and a filesystem check reports many errors: (...) checking extents Extent back ref already exists for 1106776064 parent 0 root 5 owner 271 offset 1200128 num_refs 1 extent item 1106776064 has multiple extent items ref mismatch on [1106776064 835584] extent item 2, found 3 Incorrect local backref count on 1106776064 root 5 owner 271 offset 1200128 found 2 wanted 1 back 0x55b1d0ad7680 Backref 1106776064 root 5 owner 271 offset 1200128 num_refs 0 not found in extent tree Incorrect local backref count on 1106776064 root 5 owner 271 offset 1200128 found 1 wanted 0 back 0x55b1d0ad4e70 Backref bytes do not match extent backref, bytenr=1106776064, ref bytes=835584, backref bytes=1032192 backpointer mismatch on [1106776064 835584] checking free space cache block group 1103101952 has wrong amount of free space failed to load free space cache for block group 1103101952 checking fs roots (...) So fix this by logging the prealloc extents beyond the inode's i_size based on searches in the subvolume tree instead of the extent maps. Fixes: 471d557afed1 ("Btrfs: fix loss of prealloc extents past i_size after fsync log replay") CC: stable(a)vger.kernel.org # 4.14+ Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c index c1509547c762..8f23a94dab77 100644 --- a/fs/btrfs/tree-log.c +++ b/fs/btrfs/tree-log.c @@ -4320,6 +4320,110 @@ static int log_one_extent(struct btrfs_trans_handle *trans, return ret; } +/* + * Log all prealloc extents beyond the inode's i_size to make sure we do not + * lose them after doing a fast fsync and replaying the log. We scan the + * subvolume's root instead of iterating the inode's extent map tree because + * otherwise we can log incorrect extent items based on extent map conversion. + * That can happen due to the fact that extent maps are merged when they + * are not in the extent map tree's list of modified extents. + */ +static int btrfs_log_prealloc_extents(struct btrfs_trans_handle *trans, + struct btrfs_inode *inode, + struct btrfs_path *path) +{ + struct btrfs_root *root = inode->root; + struct btrfs_key key; + const u64 i_size = i_size_read(&inode->vfs_inode); + const u64 ino = btrfs_ino(inode); + struct btrfs_path *dst_path = NULL; + u64 last_extent = (u64)-1; + int ins_nr = 0; + int start_slot; + int ret; + + if (!(inode->flags & BTRFS_INODE_PREALLOC)) + return 0; + + key.objectid = ino; + key.type = BTRFS_EXTENT_DATA_KEY; + key.offset = i_size; + ret = btrfs_search_slot(NULL, root, &key, path, 0, 0); + if (ret < 0) + goto out; + + while (true) { + struct extent_buffer *leaf = path->nodes[0]; + int slot = path->slots[0]; + + if (slot >= btrfs_header_nritems(leaf)) { + if (ins_nr > 0) { + ret = copy_items(trans, inode, dst_path, path, + &last_extent, start_slot, + ins_nr, 1, 0); + if (ret < 0) + goto out; + ins_nr = 0; + } + ret = btrfs_next_leaf(root, path); + if (ret < 0) + goto out; + if (ret > 0) { + ret = 0; + break; + } + continue; + } + + btrfs_item_key_to_cpu(leaf, &key, slot); + if (key.objectid > ino) + break; + if (WARN_ON_ONCE(key.objectid < ino) || + key.type < BTRFS_EXTENT_DATA_KEY || + key.offset < i_size) { + path->slots[0]++; + continue; + } + if (last_extent == (u64)-1) { + last_extent = key.offset; + /* + * Avoid logging extent items logged in past fsync calls + * and leading to duplicate keys in the log tree. + */ + do { + ret = btrfs_truncate_inode_items(trans, + root->log_root, + &inode->vfs_inode, + i_size, + BTRFS_EXTENT_DATA_KEY); + } while (ret == -EAGAIN); + if (ret) + goto out; + } + if (ins_nr == 0) + start_slot = slot; + ins_nr++; + path->slots[0]++; + if (!dst_path) { + dst_path = btrfs_alloc_path(); + if (!dst_path) { + ret = -ENOMEM; + goto out; + } + } + } + if (ins_nr > 0) { + ret = copy_items(trans, inode, dst_path, path, &last_extent, + start_slot, ins_nr, 1, 0); + if (ret > 0) + ret = 0; + } +out: + btrfs_release_path(path); + btrfs_free_path(dst_path); + return ret; +} + static int btrfs_log_changed_extents(struct btrfs_trans_handle *trans, struct btrfs_root *root, struct btrfs_inode *inode, @@ -4362,6 +4466,11 @@ static int btrfs_log_changed_extents(struct btrfs_trans_handle *trans, if (em->generation <= test_gen) continue; + /* We log prealloc extents beyond eof later. */ + if (test_bit(EXTENT_FLAG_PREALLOC, &em->flags) && + em->start >= i_size_read(&inode->vfs_inode)) + continue; + if (em->start < logged_start) logged_start = em->start; if ((em->start + em->len - 1) > logged_end) @@ -4374,31 +4483,6 @@ static int btrfs_log_changed_extents(struct btrfs_trans_handle *trans, num++; } - /* - * Add all prealloc extents beyond the inode's i_size to make sure we - * don't lose them after doing a fast fsync and replaying the log. - */ - if (inode->flags & BTRFS_INODE_PREALLOC) { - struct rb_node *node; - - for (node = rb_last(&tree->map); node; node = rb_prev(node)) { - em = rb_entry(node, struct extent_map, rb_node); - if (em->start < i_size_read(&inode->vfs_inode)) - break; - if (!list_empty(&em->list)) - continue; - /* Same as above loop. */ - if (++num > 32768) { - list_del_init(&tree->modified_extents); - ret = -EFBIG; - goto process; - } - refcount_inc(&em->refs); - set_bit(EXTENT_FLAG_LOGGING, &em->flags); - list_add_tail(&em->list, &extents); - } - } - list_sort(NULL, &extents, extent_cmp); btrfs_get_logged_extents(inode, logged_list, logged_start, logged_end); /* @@ -4443,6 +4527,9 @@ static int btrfs_log_changed_extents(struct btrfs_trans_handle *trans, up_write(&inode->dio_sem); btrfs_release_path(path); + if (!ret) + ret = btrfs_log_prealloc_extents(trans, inode, path); + return ret; }

7 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] s390/kernel: use expoline for indirect branches" failed to apply to 4.16-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.16-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From c50c84c3ac4d5db683904bdb3257798b6ef980ae Mon Sep 17 00:00:00 2001 From: Martin Schwidefsky <schwidefsky(a)de.ibm.com> Date: Wed, 25 Apr 2018 18:41:30 +0200 Subject: [PATCH] s390/kernel: use expoline for indirect branches The assember code in arch/s390/kernel uses a few more indirect branches which need to be done with execute trampolines for CONFIG_EXPOLINE=y. Cc: stable(a)vger.kernel.org # 4.16 Fixes: f19fbd5ed6 ("s390: introduce execute-trampolines for branches") Reviewed-by: Hendrik Brueckner <brueckner(a)linux.vnet.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky(a)de.ibm.com> diff --git a/arch/s390/kernel/base.S b/arch/s390/kernel/base.S index f6c56009e822..b65874b0b412 100644 --- a/arch/s390/kernel/base.S +++ b/arch/s390/kernel/base.S @@ -9,18 +9,22 @@ #include <linux/linkage.h> #include <asm/asm-offsets.h> +#include <asm/nospec-insn.h> #include <asm/ptrace.h> #include <asm/sigp.h> + GEN_BR_THUNK %r9 + GEN_BR_THUNK %r14 + ENTRY(s390_base_mcck_handler) basr %r13,0 0: lg %r15,__LC_PANIC_STACK # load panic stack aghi %r15,-STACK_FRAME_OVERHEAD larl %r1,s390_base_mcck_handler_fn - lg %r1,0(%r1) - ltgr %r1,%r1 + lg %r9,0(%r1) + ltgr %r9,%r9 jz 1f - basr %r14,%r1 + BASR_EX %r14,%r9 1: la %r1,4095 lmg %r0,%r15,__LC_GPREGS_SAVE_AREA-4095(%r1) lpswe __LC_MCK_OLD_PSW @@ -37,10 +41,10 @@ ENTRY(s390_base_ext_handler) basr %r13,0 0: aghi %r15,-STACK_FRAME_OVERHEAD larl %r1,s390_base_ext_handler_fn - lg %r1,0(%r1) - ltgr %r1,%r1 + lg %r9,0(%r1) + ltgr %r9,%r9 jz 1f - basr %r14,%r1 + BASR_EX %r14,%r9 1: lmg %r0,%r15,__LC_SAVE_AREA_ASYNC ni __LC_EXT_OLD_PSW+1,0xfd # clear wait state bit lpswe __LC_EXT_OLD_PSW @@ -57,10 +61,10 @@ ENTRY(s390_base_pgm_handler) basr %r13,0 0: aghi %r15,-STACK_FRAME_OVERHEAD larl %r1,s390_base_pgm_handler_fn - lg %r1,0(%r1) - ltgr %r1,%r1 + lg %r9,0(%r1) + ltgr %r9,%r9 jz 1f - basr %r14,%r1 + BASR_EX %r14,%r9 lmg %r0,%r15,__LC_SAVE_AREA_SYNC lpswe __LC_PGM_OLD_PSW 1: lpswe disabled_wait_psw-0b(%r13) @@ -117,7 +121,7 @@ ENTRY(diag308_reset) larl %r4,.Lcontinue_psw # Restore PSW flags lpswe 0(%r4) .Lcontinue: - br %r14 + BR_EX %r14 .align 16 .Lrestart_psw: .long 0x00080000,0x80000000 + .Lrestart_part2 diff --git a/arch/s390/kernel/reipl.S b/arch/s390/kernel/reipl.S index 73cc3750f0d3..7f14adf512c6 100644 --- a/arch/s390/kernel/reipl.S +++ b/arch/s390/kernel/reipl.S @@ -7,8 +7,11 @@ #include <linux/linkage.h> #include <asm/asm-offsets.h> +#include <asm/nospec-insn.h> #include <asm/sigp.h> + GEN_BR_THUNK %r9 + # # Issue "store status" for the current CPU to its prefix page # and call passed function afterwards @@ -67,9 +70,9 @@ ENTRY(store_status) st %r4,0(%r1) st %r5,4(%r1) stg %r2,8(%r1) - lgr %r1,%r2 + lgr %r9,%r2 lgr %r2,%r3 - br %r1 + BR_EX %r9 .section .bss .align 8 diff --git a/arch/s390/kernel/swsusp.S b/arch/s390/kernel/swsusp.S index e99187149f17..a049a7b9d6e8 100644 --- a/arch/s390/kernel/swsusp.S +++ b/arch/s390/kernel/swsusp.S @@ -13,6 +13,7 @@ #include <asm/ptrace.h> #include <asm/thread_info.h> #include <asm/asm-offsets.h> +#include <asm/nospec-insn.h> #include <asm/sigp.h> /* @@ -24,6 +25,8 @@ * (see below) in the resume process. * This function runs with disabled interrupts. */ + GEN_BR_THUNK %r14 + .section .text ENTRY(swsusp_arch_suspend) stmg %r6,%r15,__SF_GPRS(%r15) @@ -103,7 +106,7 @@ ENTRY(swsusp_arch_suspend) spx 0x318(%r1) lmg %r6,%r15,STACK_FRAME_OVERHEAD + __SF_GPRS(%r15) lghi %r2,0 - br %r14 + BR_EX %r14 /* * Restore saved memory image to correct place and restore register context. @@ -197,11 +200,10 @@ pgm_check_entry: larl %r15,init_thread_union ahi %r15,1<<(PAGE_SHIFT+THREAD_SIZE_ORDER) larl %r2,.Lpanic_string - larl %r3,sclp_early_printk lghi %r1,0 sam31 sigp %r1,%r0,SIGP_SET_ARCHITECTURE - basr %r14,%r3 + brasl %r14,sclp_early_printk larl %r3,.Ldisabled_wait_31 lpsw 0(%r3) 4: @@ -267,7 +269,7 @@ restore_registers: /* Return 0 */ lmg %r6,%r15,STACK_FRAME_OVERHEAD + __SF_GPRS(%r15) lghi %r2,0 - br %r14 + BR_EX %r14 .section .data..nosave,"aw",@progbits .align 8

7 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] s390/kernel: use expoline for indirect branches" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From c50c84c3ac4d5db683904bdb3257798b6ef980ae Mon Sep 17 00:00:00 2001 From: Martin Schwidefsky <schwidefsky(a)de.ibm.com> Date: Wed, 25 Apr 2018 18:41:30 +0200 Subject: [PATCH] s390/kernel: use expoline for indirect branches The assember code in arch/s390/kernel uses a few more indirect branches which need to be done with execute trampolines for CONFIG_EXPOLINE=y. Cc: stable(a)vger.kernel.org # 4.16 Fixes: f19fbd5ed6 ("s390: introduce execute-trampolines for branches") Reviewed-by: Hendrik Brueckner <brueckner(a)linux.vnet.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky(a)de.ibm.com> diff --git a/arch/s390/kernel/base.S b/arch/s390/kernel/base.S index f6c56009e822..b65874b0b412 100644 --- a/arch/s390/kernel/base.S +++ b/arch/s390/kernel/base.S @@ -9,18 +9,22 @@ #include <linux/linkage.h> #include <asm/asm-offsets.h> +#include <asm/nospec-insn.h> #include <asm/ptrace.h> #include <asm/sigp.h> + GEN_BR_THUNK %r9 + GEN_BR_THUNK %r14 + ENTRY(s390_base_mcck_handler) basr %r13,0 0: lg %r15,__LC_PANIC_STACK # load panic stack aghi %r15,-STACK_FRAME_OVERHEAD larl %r1,s390_base_mcck_handler_fn - lg %r1,0(%r1) - ltgr %r1,%r1 + lg %r9,0(%r1) + ltgr %r9,%r9 jz 1f - basr %r14,%r1 + BASR_EX %r14,%r9 1: la %r1,4095 lmg %r0,%r15,__LC_GPREGS_SAVE_AREA-4095(%r1) lpswe __LC_MCK_OLD_PSW @@ -37,10 +41,10 @@ ENTRY(s390_base_ext_handler) basr %r13,0 0: aghi %r15,-STACK_FRAME_OVERHEAD larl %r1,s390_base_ext_handler_fn - lg %r1,0(%r1) - ltgr %r1,%r1 + lg %r9,0(%r1) + ltgr %r9,%r9 jz 1f - basr %r14,%r1 + BASR_EX %r14,%r9 1: lmg %r0,%r15,__LC_SAVE_AREA_ASYNC ni __LC_EXT_OLD_PSW+1,0xfd # clear wait state bit lpswe __LC_EXT_OLD_PSW @@ -57,10 +61,10 @@ ENTRY(s390_base_pgm_handler) basr %r13,0 0: aghi %r15,-STACK_FRAME_OVERHEAD larl %r1,s390_base_pgm_handler_fn - lg %r1,0(%r1) - ltgr %r1,%r1 + lg %r9,0(%r1) + ltgr %r9,%r9 jz 1f - basr %r14,%r1 + BASR_EX %r14,%r9 lmg %r0,%r15,__LC_SAVE_AREA_SYNC lpswe __LC_PGM_OLD_PSW 1: lpswe disabled_wait_psw-0b(%r13) @@ -117,7 +121,7 @@ ENTRY(diag308_reset) larl %r4,.Lcontinue_psw # Restore PSW flags lpswe 0(%r4) .Lcontinue: - br %r14 + BR_EX %r14 .align 16 .Lrestart_psw: .long 0x00080000,0x80000000 + .Lrestart_part2 diff --git a/arch/s390/kernel/reipl.S b/arch/s390/kernel/reipl.S index 73cc3750f0d3..7f14adf512c6 100644 --- a/arch/s390/kernel/reipl.S +++ b/arch/s390/kernel/reipl.S @@ -7,8 +7,11 @@ #include <linux/linkage.h> #include <asm/asm-offsets.h> +#include <asm/nospec-insn.h> #include <asm/sigp.h> + GEN_BR_THUNK %r9 + # # Issue "store status" for the current CPU to its prefix page # and call passed function afterwards @@ -67,9 +70,9 @@ ENTRY(store_status) st %r4,0(%r1) st %r5,4(%r1) stg %r2,8(%r1) - lgr %r1,%r2 + lgr %r9,%r2 lgr %r2,%r3 - br %r1 + BR_EX %r9 .section .bss .align 8 diff --git a/arch/s390/kernel/swsusp.S b/arch/s390/kernel/swsusp.S index e99187149f17..a049a7b9d6e8 100644 --- a/arch/s390/kernel/swsusp.S +++ b/arch/s390/kernel/swsusp.S @@ -13,6 +13,7 @@ #include <asm/ptrace.h> #include <asm/thread_info.h> #include <asm/asm-offsets.h> +#include <asm/nospec-insn.h> #include <asm/sigp.h> /* @@ -24,6 +25,8 @@ * (see below) in the resume process. * This function runs with disabled interrupts. */ + GEN_BR_THUNK %r14 + .section .text ENTRY(swsusp_arch_suspend) stmg %r6,%r15,__SF_GPRS(%r15) @@ -103,7 +106,7 @@ ENTRY(swsusp_arch_suspend) spx 0x318(%r1) lmg %r6,%r15,STACK_FRAME_OVERHEAD + __SF_GPRS(%r15) lghi %r2,0 - br %r14 + BR_EX %r14 /* * Restore saved memory image to correct place and restore register context. @@ -197,11 +200,10 @@ pgm_check_entry: larl %r15,init_thread_union ahi %r15,1<<(PAGE_SHIFT+THREAD_SIZE_ORDER) larl %r2,.Lpanic_string - larl %r3,sclp_early_printk lghi %r1,0 sam31 sigp %r1,%r0,SIGP_SET_ARCHITECTURE - basr %r14,%r3 + brasl %r14,sclp_early_printk larl %r3,.Ldisabled_wait_31 lpsw 0(%r3) 4: @@ -267,7 +269,7 @@ restore_registers: /* Return 0 */ lmg %r6,%r15,STACK_FRAME_OVERHEAD + __SF_GPRS(%r15) lghi %r2,0 - br %r14 + BR_EX %r14 .section .data..nosave,"aw",@progbits .align 8

7 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] s390/crc32-vx: use expoline for indirect branches" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 467a3bf219cee12259182c5cb4821f88fd518a51 Mon Sep 17 00:00:00 2001 From: Martin Schwidefsky <schwidefsky(a)de.ibm.com> Date: Mon, 23 Apr 2018 14:31:36 +0200 Subject: [PATCH] s390/crc32-vx: use expoline for indirect branches The return from the crc32_le_vgfm_16/crc32c_le_vgfm_16 and the crc32_be_vgfm_16 functions are done with "br %r14". These are indirect branches as well and need to use execute trampolines for CONFIG_EXPOLINE=y. Cc: stable(a)vger.kernel.org # 4.16 Fixes: f19fbd5ed6 ("s390: introduce execute-trampolines for branches") Reviewed-by: Hendrik Brueckner <brueckner(a)linux.vnet.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky(a)de.ibm.com> diff --git a/arch/s390/crypto/crc32be-vx.S b/arch/s390/crypto/crc32be-vx.S index e8077f0971f8..2bf01ba44107 100644 --- a/arch/s390/crypto/crc32be-vx.S +++ b/arch/s390/crypto/crc32be-vx.S @@ -13,6 +13,7 @@ */ #include <linux/linkage.h> +#include <asm/nospec-insn.h> #include <asm/vx-insn.h> /* Vector register range containing CRC-32 constants */ @@ -67,6 +68,8 @@ .previous + GEN_BR_THUNK %r14 + .text /* * The CRC-32 function(s) use these calling conventions: @@ -203,6 +206,6 @@ ENTRY(crc32_be_vgfm_16) .Ldone: VLGVF %r2,%v2,3 - br %r14 + BR_EX %r14 .previous diff --git a/arch/s390/crypto/crc32le-vx.S b/arch/s390/crypto/crc32le-vx.S index d8c67a58c0c5..7d6f568bd3ad 100644 --- a/arch/s390/crypto/crc32le-vx.S +++ b/arch/s390/crypto/crc32le-vx.S @@ -14,6 +14,7 @@ */ #include <linux/linkage.h> +#include <asm/nospec-insn.h> #include <asm/vx-insn.h> /* Vector register range containing CRC-32 constants */ @@ -76,6 +77,7 @@ .previous + GEN_BR_THUNK %r14 .text @@ -264,6 +266,6 @@ crc32_le_vgfm_generic: .Ldone: VLGVF %r2,%v2,2 - br %r14 + BR_EX %r14 .previous

7 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] s390/crc32-vx: use expoline for indirect branches" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 467a3bf219cee12259182c5cb4821f88fd518a51 Mon Sep 17 00:00:00 2001 From: Martin Schwidefsky <schwidefsky(a)de.ibm.com> Date: Mon, 23 Apr 2018 14:31:36 +0200 Subject: [PATCH] s390/crc32-vx: use expoline for indirect branches The return from the crc32_le_vgfm_16/crc32c_le_vgfm_16 and the crc32_be_vgfm_16 functions are done with "br %r14". These are indirect branches as well and need to use execute trampolines for CONFIG_EXPOLINE=y. Cc: stable(a)vger.kernel.org # 4.16 Fixes: f19fbd5ed6 ("s390: introduce execute-trampolines for branches") Reviewed-by: Hendrik Brueckner <brueckner(a)linux.vnet.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky(a)de.ibm.com> diff --git a/arch/s390/crypto/crc32be-vx.S b/arch/s390/crypto/crc32be-vx.S index e8077f0971f8..2bf01ba44107 100644 --- a/arch/s390/crypto/crc32be-vx.S +++ b/arch/s390/crypto/crc32be-vx.S @@ -13,6 +13,7 @@ */ #include <linux/linkage.h> +#include <asm/nospec-insn.h> #include <asm/vx-insn.h> /* Vector register range containing CRC-32 constants */ @@ -67,6 +68,8 @@ .previous + GEN_BR_THUNK %r14 + .text /* * The CRC-32 function(s) use these calling conventions: @@ -203,6 +206,6 @@ ENTRY(crc32_be_vgfm_16) .Ldone: VLGVF %r2,%v2,3 - br %r14 + BR_EX %r14 .previous diff --git a/arch/s390/crypto/crc32le-vx.S b/arch/s390/crypto/crc32le-vx.S index d8c67a58c0c5..7d6f568bd3ad 100644 --- a/arch/s390/crypto/crc32le-vx.S +++ b/arch/s390/crypto/crc32le-vx.S @@ -14,6 +14,7 @@ */ #include <linux/linkage.h> +#include <asm/nospec-insn.h> #include <asm/vx-insn.h> /* Vector register range containing CRC-32 constants */ @@ -76,6 +77,7 @@ .previous + GEN_BR_THUNK %r14 .text @@ -264,6 +266,6 @@ crc32_le_vgfm_generic: .Ldone: VLGVF %r2,%v2,2 - br %r14 + BR_EX %r14 .previous

7 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] s390/crc32-vx: use expoline for indirect branches" failed to apply to 4.16-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.16-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 467a3bf219cee12259182c5cb4821f88fd518a51 Mon Sep 17 00:00:00 2001 From: Martin Schwidefsky <schwidefsky(a)de.ibm.com> Date: Mon, 23 Apr 2018 14:31:36 +0200 Subject: [PATCH] s390/crc32-vx: use expoline for indirect branches The return from the crc32_le_vgfm_16/crc32c_le_vgfm_16 and the crc32_be_vgfm_16 functions are done with "br %r14". These are indirect branches as well and need to use execute trampolines for CONFIG_EXPOLINE=y. Cc: stable(a)vger.kernel.org # 4.16 Fixes: f19fbd5ed6 ("s390: introduce execute-trampolines for branches") Reviewed-by: Hendrik Brueckner <brueckner(a)linux.vnet.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky(a)de.ibm.com> diff --git a/arch/s390/crypto/crc32be-vx.S b/arch/s390/crypto/crc32be-vx.S index e8077f0971f8..2bf01ba44107 100644 --- a/arch/s390/crypto/crc32be-vx.S +++ b/arch/s390/crypto/crc32be-vx.S @@ -13,6 +13,7 @@ */ #include <linux/linkage.h> +#include <asm/nospec-insn.h> #include <asm/vx-insn.h> /* Vector register range containing CRC-32 constants */ @@ -67,6 +68,8 @@ .previous + GEN_BR_THUNK %r14 + .text /* * The CRC-32 function(s) use these calling conventions: @@ -203,6 +206,6 @@ ENTRY(crc32_be_vgfm_16) .Ldone: VLGVF %r2,%v2,3 - br %r14 + BR_EX %r14 .previous diff --git a/arch/s390/crypto/crc32le-vx.S b/arch/s390/crypto/crc32le-vx.S index d8c67a58c0c5..7d6f568bd3ad 100644 --- a/arch/s390/crypto/crc32le-vx.S +++ b/arch/s390/crypto/crc32le-vx.S @@ -14,6 +14,7 @@ */ #include <linux/linkage.h> +#include <asm/nospec-insn.h> #include <asm/vx-insn.h> /* Vector register range containing CRC-32 constants */ @@ -76,6 +77,7 @@ .previous + GEN_BR_THUNK %r14 .text @@ -264,6 +266,6 @@ crc32_le_vgfm_generic: .Ldone: VLGVF %r2,%v2,2 - br %r14 + BR_EX %r14 .previous

7 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] s390/lib: use expoline for indirect branches" failed to apply to 4.16-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.16-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 97489e0663fa700d6e7febddc43b58df98d7bcda Mon Sep 17 00:00:00 2001 From: Martin Schwidefsky <schwidefsky(a)de.ibm.com> Date: Mon, 23 Apr 2018 14:31:36 +0200 Subject: [PATCH] s390/lib: use expoline for indirect branches The return from the memmove, memset, memcpy, __memset16, __memset32 and __memset64 functions are done with "br %r14". These are indirect branches as well and need to use execute trampolines for CONFIG_EXPOLINE=y. Cc: stable(a)vger.kernel.org # 4.16 Fixes: f19fbd5ed6 ("s390: introduce execute-trampolines for branches") Reviewed-by: Hendrik Brueckner <brueckner(a)linux.vnet.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky(a)de.ibm.com> diff --git a/arch/s390/lib/mem.S b/arch/s390/lib/mem.S index 495c9c4bacc7..2311f15be9cf 100644 --- a/arch/s390/lib/mem.S +++ b/arch/s390/lib/mem.S @@ -7,6 +7,9 @@ #include <linux/linkage.h> #include <asm/export.h> +#include <asm/nospec-insn.h> + + GEN_BR_THUNK %r14 /* * void *memmove(void *dest, const void *src, size_t n) @@ -33,14 +36,14 @@ ENTRY(memmove) .Lmemmove_forward_remainder: larl %r5,.Lmemmove_mvc ex %r4,0(%r5) - br %r14 + BR_EX %r14 .Lmemmove_reverse: ic %r0,0(%r4,%r3) stc %r0,0(%r4,%r1) brctg %r4,.Lmemmove_reverse ic %r0,0(%r4,%r3) stc %r0,0(%r4,%r1) - br %r14 + BR_EX %r14 .Lmemmove_mvc: mvc 0(1,%r1),0(%r3) EXPORT_SYMBOL(memmove) @@ -77,7 +80,7 @@ ENTRY(memset) .Lmemset_clear_remainder: larl %r3,.Lmemset_xc ex %r4,0(%r3) - br %r14 + BR_EX %r14 .Lmemset_fill: cghi %r4,1 lgr %r1,%r2 @@ -95,10 +98,10 @@ ENTRY(memset) stc %r3,0(%r1) larl %r5,.Lmemset_mvc ex %r4,0(%r5) - br %r14 + BR_EX %r14 .Lmemset_fill_exit: stc %r3,0(%r1) - br %r14 + BR_EX %r14 .Lmemset_xc: xc 0(1,%r1),0(%r1) .Lmemset_mvc: @@ -121,7 +124,7 @@ ENTRY(memcpy) .Lmemcpy_remainder: larl %r5,.Lmemcpy_mvc ex %r4,0(%r5) - br %r14 + BR_EX %r14 .Lmemcpy_loop: mvc 0(256,%r1),0(%r3) la %r1,256(%r1) @@ -159,10 +162,10 @@ ENTRY(__memset\bits) \insn %r3,0(%r1) larl %r5,.L__memset_mvc\bits ex %r4,0(%r5) - br %r14 + BR_EX %r14 .L__memset_exit\bits: \insn %r3,0(%r2) - br %r14 + BR_EX %r14 .L__memset_mvc\bits: mvc \bytes(1,%r1),0(%r1) .endm

7 years, 4 months

1
0
0 0

Linux 4.16.10

by Greg KH

I'm announcing the release of the 4.16.10 kernel. All users of the 4.16 kernel series must upgrade. The updated 4.16.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.16.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 drivers/infiniband/hw/mlx5/main.c | 2 drivers/net/bonding/bond_alb.c | 15 + drivers/net/bonding/bond_main.c | 2 drivers/net/ethernet/broadcom/bcmsysport.c | 16 +- drivers/net/ethernet/broadcom/tg3.c | 9 - drivers/net/ethernet/mellanox/mlx4/en_ethtool.c | 16 ++ drivers/net/ethernet/mellanox/mlx4/en_netdev.c | 8 - drivers/net/ethernet/mellanox/mlx4/mlx4_en.h | 7 drivers/net/ethernet/mellanox/mlx5/core/en_dcbnl.c | 8 - drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 7 drivers/net/ethernet/mellanox/mlx5/core/en_tx.c | 20 +- drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 11 + drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 23 +- drivers/net/ethernet/mellanox/mlxsw/core.c | 4 drivers/net/ethernet/mellanox/mlxsw/spectrum_switchdev.c | 12 - drivers/net/ethernet/netronome/nfp/flower/action.c | 10 + drivers/net/ethernet/netronome/nfp/flower/cmsg.h | 5 drivers/net/ethernet/realtek/8139too.c | 2 drivers/net/ethernet/realtek/r8169.c | 3 drivers/net/ethernet/sun/niu.c | 5 drivers/net/ethernet/ti/cpsw.c | 2 drivers/net/hyperv/netvsc_drv.c | 3 drivers/net/hyperv/rndis_filter.c | 2 drivers/net/phy/sfp-bus.c | 2 drivers/net/usb/qmi_wwan.c | 12 + drivers/scsi/aacraid/commsup.c | 8 - fs/proc/base.c | 8 - include/linux/mlx5/driver.h | 12 - include/linux/mm.h | 1 include/net/bonding.h | 1 include/net/tls.h | 1 mm/gup.c | 3 net/bridge/br_if.c | 4 net/compat.c | 6 net/dccp/ccids/ccid2.c | 14 + net/dccp/timer.c | 2 net/ipv4/ping.c | 7 net/ipv4/route.c | 119 ++++++--------- net/ipv4/tcp.c | 5 net/ipv4/tcp_bbr.c | 4 net/ipv4/udp.c | 11 - net/ipv6/route.c | 7 net/ipv6/udp.c | 4 net/llc/af_llc.c | 3 net/nsh/nsh.c | 4 net/openvswitch/flow_netlink.c | 9 - net/rds/recv.c | 1 net/sched/act_skbmod.c | 5 net/sched/cls_api.c | 2 net/sched/sch_fq.c | 37 +++- net/sctp/associola.c | 30 +++ net/sctp/inqueue.c | 2 net/sctp/ipv6.c | 3 net/sctp/sm_statefuns.c | 88 +++++------ net/sctp/stream.c | 2 net/sctp/ulpevent.c | 1 net/smc/af_smc.c | 18 +- net/tipc/socket.c | 3 net/tls/tls_main.c | 8 + 60 files changed, 397 insertions(+), 244 deletions(-) Adi Nissim (1): net/mlx5: E-Switch, Include VF RDMA stats in vport statistics Andre Tomt (1): net/tls: Fix connection stall on partial tls record Andrey Ignatov (1): ipv4: fix memory leaks in udp_sendmsg, ping_v4_sendmsg Antoine Tenart (1): net: phy: sfp: fix the BR,min computation Bjørn Mork (1): qmi_wwan: do not steal interfaces from class drivers Christophe JAILLET (2): net/mlx4_en: Fix an error handling path in 'mlx4_en_init_netdev()' mlxsw: core: Fix an error handling path in 'mlxsw_core_bus_device_register()' Dave Carroll (1): scsi: aacraid: Correct hba_send to include iu_type Dave Watson (1): net/tls: Don't recursively call push_record during tls_write_space callbacks Debabrata Banerjee (2): bonding: do not allow rlb updates to invalid mac bonding: send learning packets for vlans on slave Eric Dumazet (8): dccp: fix tasklet usage llc: better deal with too small mtu net_sched: fq: take care of throttled flows before reuse rds: do not leak kernel memory to user land ipv6: fix uninit-value in ip6_multipath_l3_keys() nsh: fix infinite loop tcp: restore autocorking tipc: fix one byte leak in tipc_sk_set_orig_addr() Florian Fainelli (1): net: systemport: Correclty disambiguate driver instances Greg Kroah-Hartman (1): Linux 4.16.10 Grygorii Strashko (1): net: ethernet: ti: cpsw: fix packet leaking in dual_mac mode Hangbin Liu (2): bridge: check iface upper dev when setting master via ioctl ipv4: reset fnhe_mtu_locked after cache route flushed Heiner Kallweit (1): r8169: fix powering up RTL8168h Huy Nguyen (1): net/mlx5e: DCBNL fix min inline header size for dscp Ido Schimmel (1): mlxsw: spectrum_switchdev: Do not remove mrouter port from MDB's ports list Ingo Molnar (1): 8139too: Use disable_irq_nosync() in rtl8139_poll_controller() Israel Rukshin (1): net/mlx5: Fix mlx5_get_vector_affinity function Jianbo Liu (1): net/mlx5e: Allow offloading ipv4 header re-write for icmp Jiri Pirko (1): net: sched: fix error path in tcf_proto_create() when modules are not configured John Hurley (1): nfp: flower: set tunnel ttl value to net default Julian Anastasov (1): ipv4: fix fnhe usage by non-cached routes Lance Richardson (1): net: support compat 64-bit time in {s,g}etsockopt Michael Chan (1): tg3: Fix vunmap() BUG_ON() triggered from tg3_free_consistent(). Mohammed Gamal (1): hv_netvsc: Fix net device attach on older Windows hosts Moshe Shemesh (1): net/mlx4_en: Verify coalescing parameters are in range Neal Cardwell (1): tcp_bbr: fix to zero idle_restart only upon S/ACKed data Paolo Abeni (1): udp: fix SO_BINDTODEVICE Rob Taglang (1): net: ethernet: sun: niu set correct packet size in skb Roi Dayan (1): net/mlx5e: Err if asked to offload TC match on frag being first Roman Mashak (1): net sched actions: fix refcnt leak in skbmod Stefano Brivio (1): openvswitch: Don't swap table in nlattr_set() after OVS_ATTR_NESTED is found Stephen Hemminger (1): hv_netvsc: set master device Talat Batheesh (1): net/mlx5: Avoid cleaning flow steering table twice during error flow Tariq Toukan (1): net/mlx5e: TX, Use correct counter in dma_map error flow Ursula Braun (2): net/smc: restrict non-blocking connect finish net/smc: keep clcsock reference in smc_tcp_listen_work() Willy Tarreau (1): proc: do not access cmdline nor environ from file-backed areas Xin Long (6): sctp: delay the authentication for the duplicated cookie-echo chunk sctp: fix the issue that the cookie-ack with auth can't get processed sctp: handle two v4 addrs comparison in sctp_inet6_cmp_addr sctp: remove sctp_chunk_put from fail_mark err path in sctp_ulpevent_make_rcvmsg sctp: use the old asoc when making the cookie-ack chunk in dupcook_d sctp: clear the new asoc's stream outcnt in sctp_stream_update Yuchung Cheng (1): tcp: ignore Fast Open on repair mode

7 years, 4 months

1
1
0 0

Linux 4.14.42

by Greg KH

I'm announcing the release of the 4.14.42 kernel. All users of the 4.14 kernel series must upgrade. The updated 4.14.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.14.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 drivers/net/bonding/bond_alb.c | 15 +- drivers/net/bonding/bond_main.c | 2 drivers/net/ethernet/broadcom/tg3.c | 9 - drivers/net/ethernet/mellanox/mlx4/en_ethtool.c | 16 ++ drivers/net/ethernet/mellanox/mlx4/en_netdev.c | 8 - drivers/net/ethernet/mellanox/mlx4/mlx4_en.h | 7 - drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 7 + drivers/net/ethernet/mellanox/mlx5/core/en_tx.c | 20 +-- drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 11 +- drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 23 ++-- drivers/net/ethernet/realtek/8139too.c | 2 drivers/net/ethernet/realtek/r8169.c | 3 drivers/net/ethernet/sun/niu.c | 5 drivers/net/ethernet/ti/cpsw.c | 2 drivers/net/hyperv/netvsc_drv.c | 3 drivers/net/usb/qmi_wwan.c | 12 ++ drivers/scsi/aacraid/commsup.c | 8 - fs/btrfs/extent-tree.c | 7 + fs/proc/base.c | 8 - include/linux/mm.h | 1 include/net/bonding.h | 1 include/net/tls.h | 1 mm/gup.c | 3 net/bridge/br_if.c | 4 net/compat.c | 6 - net/dccp/ccids/ccid2.c | 14 ++ net/dccp/timer.c | 2 net/ipv4/ping.c | 7 - net/ipv4/route.c | 118 +++++++++------------- net/ipv4/tcp.c | 3 net/ipv4/tcp_bbr.c | 4 net/ipv4/udp.c | 11 +- net/ipv6/route.c | 7 + net/ipv6/udp.c | 4 net/l2tp/l2tp_netlink.c | 2 net/llc/af_llc.c | 3 net/nsh/nsh.c | 2 net/openvswitch/flow_netlink.c | 9 - net/rds/recv.c | 1 net/sched/act_skbmod.c | 5 net/sched/cls_api.c | 2 net/sched/sch_fq.c | 37 ++++-- net/sctp/associola.c | 30 +++++ net/sctp/inqueue.c | 2 net/sctp/ipv6.c | 3 net/sctp/sm_statefuns.c | 88 ++++++++-------- net/sctp/ulpevent.c | 1 net/tls/tls_main.c | 8 + net/xfrm/xfrm_input.c | 2 net/xfrm/xfrm_state.c | 1 51 files changed, 348 insertions(+), 204 deletions(-) Adi Nissim (1): net/mlx5: E-Switch, Include VF RDMA stats in vport statistics Andre Tomt (1): net/tls: Fix connection stall on partial tls record Andrey Ignatov (1): ipv4: fix memory leaks in udp_sendmsg, ping_v4_sendmsg Antony Antony (1): xfrm: fix xfrm_do_migrate() with AEAD e.g(AES-GCM) Bjørn Mork (1): qmi_wwan: do not steal interfaces from class drivers Christophe JAILLET (1): net/mlx4_en: Fix an error handling path in 'mlx4_en_init_netdev()' Dave Carroll (1): scsi: aacraid: Correct hba_send to include iu_type Dave Watson (1): net/tls: Don't recursively call push_record during tls_write_space callbacks Debabrata Banerjee (2): bonding: do not allow rlb updates to invalid mac bonding: send learning packets for vlans on slave Eric Dumazet (6): dccp: fix tasklet usage llc: better deal with too small mtu net_sched: fq: take care of throttled flows before reuse rds: do not leak kernel memory to user land ipv6: fix uninit-value in ip6_multipath_l3_keys() nsh: fix infinite loop Greg Kroah-Hartman (1): Linux 4.14.42 Grygorii Strashko (1): net: ethernet: ti: cpsw: fix packet leaking in dual_mac mode Hangbin Liu (1): bridge: check iface upper dev when setting master via ioctl Heiner Kallweit (1): r8169: fix powering up RTL8168h Herbert Xu (1): xfrm: Use __skb_queue_tail in xfrm_trans_queue Ingo Molnar (1): 8139too: Use disable_irq_nosync() in rtl8139_poll_controller() James Chapman (1): l2tp: revert "l2tp: fix missing print session offset info" Jianbo Liu (1): net/mlx5e: Allow offloading ipv4 header re-write for icmp Jiri Pirko (1): net: sched: fix error path in tcf_proto_create() when modules are not configured Julian Anastasov (1): ipv4: fix fnhe usage by non-cached routes Lance Richardson (1): net: support compat 64-bit time in {s,g}etsockopt Michael Chan (1): tg3: Fix vunmap() BUG_ON() triggered from tg3_free_consistent(). Moshe Shemesh (1): net/mlx4_en: Verify coalescing parameters are in range Neal Cardwell (1): tcp_bbr: fix to zero idle_restart only upon S/ACKed data Paolo Abeni (1): udp: fix SO_BINDTODEVICE Rob Taglang (1): net: ethernet: sun: niu set correct packet size in skb Roi Dayan (1): net/mlx5e: Err if asked to offload TC match on frag being first Roman Mashak (1): net sched actions: fix refcnt leak in skbmod Stefano Brivio (1): openvswitch: Don't swap table in nlattr_set() after OVS_ATTR_NESTED is found Stephen Hemminger (1): hv_netvsc: set master device Talat Batheesh (1): net/mlx5: Avoid cleaning flow steering table twice during error flow Tariq Toukan (1): net/mlx5e: TX, Use correct counter in dma_map error flow Willy Tarreau (1): proc: do not access cmdline nor environ from file-backed areas Xin Long (5): sctp: delay the authentication for the duplicated cookie-echo chunk sctp: fix the issue that the cookie-ack with auth can't get processed sctp: handle two v4 addrs comparison in sctp_inet6_cmp_addr sctp: remove sctp_chunk_put from fail_mark err path in sctp_ulpevent_make_rcvmsg sctp: use the old asoc when making the cookie-ack chunk in dupcook_d Yuchung Cheng (1): tcp: ignore Fast Open on repair mode ethanwu (1): btrfs: Take trans lock before access running trans in check_delayed_ref

7 years, 4 months

1
1
0 0

Linux 4.9.101

by Greg KH

I'm announcing the release of the 4.9.101 kernel. All users of the 4.9 kernel series must upgrade. The updated 4.9.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.9.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/alpha/include/asm/futex.h | 26 +---- arch/arc/include/asm/futex.h | 40 +------- arch/arm/boot/dts/imx6qdl-wandboard.dtsi | 1 arch/arm/include/asm/futex.h | 26 ----- arch/arm64/include/asm/futex.h | 27 ------ arch/frv/include/asm/futex.h | 3 arch/frv/kernel/futex.c | 27 ------ arch/hexagon/include/asm/futex.h | 38 -------- arch/ia64/include/asm/futex.h | 25 ----- arch/microblaze/include/asm/futex.h | 38 -------- arch/mips/include/asm/futex.h | 25 ----- arch/parisc/include/asm/futex.h | 26 ----- arch/powerpc/include/asm/futex.h | 26 +---- arch/s390/include/asm/futex.h | 23 +---- arch/sh/include/asm/futex.h | 26 ----- arch/sparc/include/asm/futex_64.h | 26 +---- arch/tile/include/asm/futex.h | 40 +------- arch/x86/include/asm/futex.h | 40 +------- arch/xtensa/include/asm/futex.h | 27 +----- drivers/net/bonding/bond_alb.c | 15 ++- drivers/net/bonding/bond_main.c | 2 drivers/net/ethernet/broadcom/tg3.c | 9 +- drivers/net/ethernet/mellanox/mlx4/en_ethtool.c | 16 +++ drivers/net/ethernet/mellanox/mlx4/mlx4_en.h | 7 + drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 11 ++ drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 21 ++-- drivers/net/ethernet/netronome/nfp/nfp_net_common.c | 4 drivers/net/ethernet/realtek/8139too.c | 2 drivers/net/ethernet/realtek/r8169.c | 3 drivers/net/ethernet/sun/niu.c | 5 - drivers/net/ethernet/ti/cpsw.c | 2 drivers/net/usb/qmi_wwan.c | 12 ++ drivers/tty/serial/sccnxp.c | 13 ++ fs/lockd/svc.c | 2 fs/proc/base.c | 10 +- include/asm-generic/futex.h | 50 ++--------- include/linux/mm.h | 1 include/net/bonding.h | 1 kernel/exit.c | 4 kernel/futex.c | 39 ++++++++ mm/gup.c | 3 net/bridge/br_if.c | 4 net/compat.c | 6 - net/dccp/ccids/ccid2.c | 14 ++- net/dccp/timer.c | 2 net/ipv4/ping.c | 7 + net/ipv4/tcp.c | 2 net/ipv4/tcp_bbr.c | 4 net/ipv4/udp.c | 7 + net/l2tp/l2tp_netlink.c | 2 net/llc/af_llc.c | 3 net/openvswitch/flow_netlink.c | 9 -- net/sched/sch_fq.c | 37 +++++--- net/sctp/associola.c | 30 ++++++ net/sctp/inqueue.c | 2 net/sctp/ipv6.c | 3 net/sctp/sm_statefuns.c | 89 +++++++++++--------- net/sctp/ulpevent.c | 1 net/xfrm/xfrm_state.c | 1 60 files changed, 383 insertions(+), 584 deletions(-) Adi Nissim (1): net/mlx5: E-Switch, Include VF RDMA stats in vport statistics Alexey Khoroshilov (1): serial: sccnxp: Fix error handling in sccnxp_probe() Andrey Ignatov (1): ipv4: fix memory leaks in udp_sendmsg, ping_v4_sendmsg Antony Antony (1): xfrm: fix xfrm_do_migrate() with AEAD e.g(AES-GCM) Bjørn Mork (1): qmi_wwan: do not steal interfaces from class drivers Debabrata Banerjee (2): bonding: do not allow rlb updates to invalid mac bonding: send learning packets for vlans on slave Eric Dumazet (3): dccp: fix tasklet usage llc: better deal with too small mtu net_sched: fq: take care of throttled flows before reuse Greg Kroah-Hartman (2): Revert "ARM: dts: imx6qdl-wandboard: Fix audio channel swap" Linux 4.9.101 Grygorii Strashko (1): net: ethernet: ti: cpsw: fix packet leaking in dual_mac mode Hangbin Liu (1): bridge: check iface upper dev when setting master via ioctl Heiner Kallweit (1): r8169: fix powering up RTL8168h Ingo Molnar (1): 8139too: Use disable_irq_nosync() in rtl8139_poll_controller() Jakub Kicinski (1): nfp: TX time stamp packets before HW doorbell is rung James Chapman (1): l2tp: revert "l2tp: fix missing print session offset info" Jiri Slaby (2): futex: Remove duplicated code and fix undefined behaviour futex: futex_wake_op, fix sign_extend32 sign bits Lance Richardson (1): net: support compat 64-bit time in {s,g}etsockopt Michael Chan (1): tg3: Fix vunmap() BUG_ON() triggered from tg3_free_consistent(). Moshe Shemesh (1): net/mlx4_en: Verify coalescing parameters are in range Neal Cardwell (1): tcp_bbr: fix to zero idle_restart only upon S/ACKed data Rob Taglang (1): net: ethernet: sun: niu set correct packet size in skb Stefano Brivio (1): openvswitch: Don't swap table in nlattr_set() after OVS_ATTR_NESTED is found Talat Batheesh (1): net/mlx5: Avoid cleaning flow steering table twice during error flow Vasily Averin (1): lockd: lost rollback of set_grace_period() in lockd_down_net() Willy Tarreau (1): proc: do not access cmdline nor environ from file-backed areas Xin Long (5): sctp: handle two v4 addrs comparison in sctp_inet6_cmp_addr sctp: remove sctp_chunk_put from fail_mark err path in sctp_ulpevent_make_rcvmsg sctp: use the old asoc when making the cookie-ack chunk in dupcook_d sctp: fix the issue that the cookie-ack with auth can't get processed sctp: delay the authentication for the duplicated cookie-echo chunk Yuchung Cheng (1): tcp: ignore Fast Open on repair mode zhongjiang (1): kernel/exit.c: avoid undefined behaviour when calling wait4()

7 years, 4 months

1
1
0 0

FAILED: patch "[PATCH] bcache: return 0 from bch_debug_init() if CONFIG_DEBUG_FS=n" failed to apply to 4.16-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.16-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 1c1a2ee1b53b006754073eefc65d2b2cedb5264b Mon Sep 17 00:00:00 2001 From: Coly Li <colyli(a)suse.de> Date: Thu, 17 May 2018 23:33:26 +0800 Subject: [PATCH] bcache: return 0 from bch_debug_init() if CONFIG_DEBUG_FS=n Commit 539d39eb2708 ("bcache: fix wrong return value in bch_debug_init()") returns the return value of debugfs_create_dir() to bcache_init(). When CONFIG_DEBUG_FS=n, bch_debug_init() always returns 1 and makes bcache_init() failedi. This patch makes bch_debug_init() always returns 0 if CONFIG_DEBUG_FS=n, so bcache can continue to work for the kernels which don't have debugfs enanbled. Changelog: v4: Add Acked-by from Kent Overstreet. v3: Use IS_ENABLED(CONFIG_DEBUG_FS) to replace #ifdef DEBUG_FS. v2: Remove a warning information v1: Initial version. Fixes: Commit 539d39eb2708 ("bcache: fix wrong return value in bch_debug_init()") Cc: stable(a)vger.kernel.org Signed-off-by: Coly Li <colyli(a)suse.de> Reported-by: Massimo B. <massimo.b(a)gmx.net> Reported-by: Kai Krakow <kai(a)kaishome.de> Tested-by: Kai Krakow <kai(a)kaishome.de> Acked-by: Kent Overstreet <kent.overstreet(a)gmail.com> Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/drivers/md/bcache/debug.c b/drivers/md/bcache/debug.c index 4e63c6f6c04d..d030ce3025a6 100644 --- a/drivers/md/bcache/debug.c +++ b/drivers/md/bcache/debug.c @@ -250,7 +250,9 @@ void bch_debug_exit(void) int __init bch_debug_init(struct kobject *kobj) { - bcache_debug = debugfs_create_dir("bcache", NULL); + if (!IS_ENABLED(CONFIG_DEBUG_FS)) + return 0; + bcache_debug = debugfs_create_dir("bcache", NULL); return IS_ERR_OR_NULL(bcache_debug); }

7 years, 4 months

3
3
0 0

Re: FAILED: patch "[PATCH] bcache: return 0 from bch_debug_init() if CONFIG_DEBUG_FS=n" failed to apply to 4.16-stable tree

by Greg KH

On Sun, May 20, 2018 at 10:59:32AM +0200, Kai Krakow wrote: > Hey Greg! > > The v1 version applied for me but it shows a compiler warning. I didn't try > the newer version yet. > > I could prepare a back-ported version. Backported would be good. Also, the code really is wrong even with this change. No code path should ever do anything different if debugfs is enabled or not, or based on the return value of a debugfs call. No need to check anything here at all, the function should be: void __init bch_debug_init(void) { bcache_debug = debugfs_create_dir("bcache", NULL); } That's it, no checking, and all is fine and good. Any result of a debugfs call can always be fed back into another debugfs call with no harm or errors happening. thanks, greg k-h

7 years, 4 months

3
4
0 0

FAILED: patch "[PATCH] s390/ftrace: use expoline for indirect branches" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 23a4d7fd34856da8218c4cfc23dba7a6ec0a423a Mon Sep 17 00:00:00 2001 From: Martin Schwidefsky <schwidefsky(a)de.ibm.com> Date: Wed, 25 Apr 2018 18:35:26 +0200 Subject: [PATCH] s390/ftrace: use expoline for indirect branches The return from the ftrace_stub, _mcount, ftrace_caller and return_to_handler functions is done with "br %r14" and "br %r1". These are indirect branches as well and need to use execute trampolines for CONFIG_EXPOLINE=y. The ftrace_caller function is a special case as it returns to the start of a function and may only use %r0 and %r1. For a pre z10 machine the standard execute trampoline uses a LARL + EX to do this, but this requires *two* registers in the range %r1..%r15. To get around this the 'br %r1' located in the lowcore is used, then the EX instruction does not need an address register. But the lowcore trick may only be used for pre z14 machines, with noexec=on the mapping for the first page may not contain instructions. The solution for that is an ALTERNATIVE in the expoline THUNK generated by 'GEN_BR_THUNK %r1' to switch to EXRL, this relies on the fact that a machine that supports noexec=on has EXRL as well. Cc: stable(a)vger.kernel.org # 4.16 Fixes: f19fbd5ed6 ("s390: introduce execute-trampolines for branches") Signed-off-by: Martin Schwidefsky <schwidefsky(a)de.ibm.com> diff --git a/arch/s390/include/asm/nospec-insn.h b/arch/s390/include/asm/nospec-insn.h index 440689cbcf51..7d7640e1cf90 100644 --- a/arch/s390/include/asm/nospec-insn.h +++ b/arch/s390/include/asm/nospec-insn.h @@ -2,12 +2,16 @@ #ifndef _ASM_S390_NOSPEC_ASM_H #define _ASM_S390_NOSPEC_ASM_H +#include <asm/alternative-asm.h> +#include <asm/asm-offsets.h> #include <asm/dwarf.h> #ifdef __ASSEMBLY__ #ifdef CONFIG_EXPOLINE +_LC_BR_R1 = __LC_BR_R1 + /* * The expoline macros are used to create thunks in the same format * as gcc generates them. The 'comdat' section flag makes sure that @@ -78,13 +82,21 @@ .endm .macro __THUNK_EX_BR reg,ruse + # Be very careful when adding instructions to this macro! + # The ALTERNATIVE replacement code has a .+10 which targets + # the "br \reg" after the code has been patched. #ifdef CONFIG_HAVE_MARCH_Z10_FEATURES exrl 0,555f j . #else + .ifc \reg,%r1 + ALTERNATIVE "ex %r0,_LC_BR_R1", ".insn ril,0xc60000000000,0,.+10", 35 + j . + .else larl \ruse,555f ex 0,0(\ruse) j . + .endif #endif 555: br \reg .endm diff --git a/arch/s390/kernel/asm-offsets.c b/arch/s390/kernel/asm-offsets.c index eb2a5c0443cd..11aea745a2a6 100644 --- a/arch/s390/kernel/asm-offsets.c +++ b/arch/s390/kernel/asm-offsets.c @@ -181,6 +181,7 @@ int main(void) OFFSET(__LC_MACHINE_FLAGS, lowcore, machine_flags); OFFSET(__LC_PREEMPT_COUNT, lowcore, preempt_count); OFFSET(__LC_GMAP, lowcore, gmap); + OFFSET(__LC_BR_R1, lowcore, br_r1_trampoline); /* software defined ABI-relevant lowcore locations 0xe00 - 0xe20 */ OFFSET(__LC_DUMP_REIPL, lowcore, ipib); /* hardware defined lowcore locations 0x1000 - 0x18ff */ diff --git a/arch/s390/kernel/mcount.S b/arch/s390/kernel/mcount.S index 82df7d80fab2..27110f3294ed 100644 --- a/arch/s390/kernel/mcount.S +++ b/arch/s390/kernel/mcount.S @@ -9,13 +9,17 @@ #include <linux/linkage.h> #include <asm/asm-offsets.h> #include <asm/ftrace.h> +#include <asm/nospec-insn.h> #include <asm/ptrace.h> #include <asm/export.h> + GEN_BR_THUNK %r1 + GEN_BR_THUNK %r14 + .section .kprobes.text, "ax" ENTRY(ftrace_stub) - br %r14 + BR_EX %r14 #define STACK_FRAME_SIZE (STACK_FRAME_OVERHEAD + __PT_SIZE) #define STACK_PTREGS (STACK_FRAME_OVERHEAD) @@ -23,7 +27,7 @@ ENTRY(ftrace_stub) #define STACK_PTREGS_PSW (STACK_PTREGS + __PT_PSW) ENTRY(_mcount) - br %r14 + BR_EX %r14 EXPORT_SYMBOL(_mcount) @@ -53,7 +57,7 @@ ENTRY(ftrace_caller) #endif lgr %r3,%r14 la %r5,STACK_PTREGS(%r15) - basr %r14,%r1 + BASR_EX %r14,%r1 #ifdef CONFIG_FUNCTION_GRAPH_TRACER # The j instruction gets runtime patched to a nop instruction. # See ftrace_enable_ftrace_graph_caller. @@ -68,7 +72,7 @@ ftrace_graph_caller_end: #endif lg %r1,(STACK_PTREGS_PSW+8)(%r15) lmg %r2,%r15,(STACK_PTREGS_GPRS+2*8)(%r15) - br %r1 + BR_EX %r1 #ifdef CONFIG_FUNCTION_GRAPH_TRACER @@ -81,6 +85,6 @@ ENTRY(return_to_handler) aghi %r15,STACK_FRAME_OVERHEAD lgr %r14,%r2 lmg %r2,%r5,32(%r15) - br %r14 + BR_EX %r14 #endif

7 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] s390/ftrace: use expoline for indirect branches" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 23a4d7fd34856da8218c4cfc23dba7a6ec0a423a Mon Sep 17 00:00:00 2001 From: Martin Schwidefsky <schwidefsky(a)de.ibm.com> Date: Wed, 25 Apr 2018 18:35:26 +0200 Subject: [PATCH] s390/ftrace: use expoline for indirect branches The return from the ftrace_stub, _mcount, ftrace_caller and return_to_handler functions is done with "br %r14" and "br %r1". These are indirect branches as well and need to use execute trampolines for CONFIG_EXPOLINE=y. The ftrace_caller function is a special case as it returns to the start of a function and may only use %r0 and %r1. For a pre z10 machine the standard execute trampoline uses a LARL + EX to do this, but this requires *two* registers in the range %r1..%r15. To get around this the 'br %r1' located in the lowcore is used, then the EX instruction does not need an address register. But the lowcore trick may only be used for pre z14 machines, with noexec=on the mapping for the first page may not contain instructions. The solution for that is an ALTERNATIVE in the expoline THUNK generated by 'GEN_BR_THUNK %r1' to switch to EXRL, this relies on the fact that a machine that supports noexec=on has EXRL as well. Cc: stable(a)vger.kernel.org # 4.16 Fixes: f19fbd5ed6 ("s390: introduce execute-trampolines for branches") Signed-off-by: Martin Schwidefsky <schwidefsky(a)de.ibm.com> diff --git a/arch/s390/include/asm/nospec-insn.h b/arch/s390/include/asm/nospec-insn.h index 440689cbcf51..7d7640e1cf90 100644 --- a/arch/s390/include/asm/nospec-insn.h +++ b/arch/s390/include/asm/nospec-insn.h @@ -2,12 +2,16 @@ #ifndef _ASM_S390_NOSPEC_ASM_H #define _ASM_S390_NOSPEC_ASM_H +#include <asm/alternative-asm.h> +#include <asm/asm-offsets.h> #include <asm/dwarf.h> #ifdef __ASSEMBLY__ #ifdef CONFIG_EXPOLINE +_LC_BR_R1 = __LC_BR_R1 + /* * The expoline macros are used to create thunks in the same format * as gcc generates them. The 'comdat' section flag makes sure that @@ -78,13 +82,21 @@ .endm .macro __THUNK_EX_BR reg,ruse + # Be very careful when adding instructions to this macro! + # The ALTERNATIVE replacement code has a .+10 which targets + # the "br \reg" after the code has been patched. #ifdef CONFIG_HAVE_MARCH_Z10_FEATURES exrl 0,555f j . #else + .ifc \reg,%r1 + ALTERNATIVE "ex %r0,_LC_BR_R1", ".insn ril,0xc60000000000,0,.+10", 35 + j . + .else larl \ruse,555f ex 0,0(\ruse) j . + .endif #endif 555: br \reg .endm diff --git a/arch/s390/kernel/asm-offsets.c b/arch/s390/kernel/asm-offsets.c index eb2a5c0443cd..11aea745a2a6 100644 --- a/arch/s390/kernel/asm-offsets.c +++ b/arch/s390/kernel/asm-offsets.c @@ -181,6 +181,7 @@ int main(void) OFFSET(__LC_MACHINE_FLAGS, lowcore, machine_flags); OFFSET(__LC_PREEMPT_COUNT, lowcore, preempt_count); OFFSET(__LC_GMAP, lowcore, gmap); + OFFSET(__LC_BR_R1, lowcore, br_r1_trampoline); /* software defined ABI-relevant lowcore locations 0xe00 - 0xe20 */ OFFSET(__LC_DUMP_REIPL, lowcore, ipib); /* hardware defined lowcore locations 0x1000 - 0x18ff */ diff --git a/arch/s390/kernel/mcount.S b/arch/s390/kernel/mcount.S index 82df7d80fab2..27110f3294ed 100644 --- a/arch/s390/kernel/mcount.S +++ b/arch/s390/kernel/mcount.S @@ -9,13 +9,17 @@ #include <linux/linkage.h> #include <asm/asm-offsets.h> #include <asm/ftrace.h> +#include <asm/nospec-insn.h> #include <asm/ptrace.h> #include <asm/export.h> + GEN_BR_THUNK %r1 + GEN_BR_THUNK %r14 + .section .kprobes.text, "ax" ENTRY(ftrace_stub) - br %r14 + BR_EX %r14 #define STACK_FRAME_SIZE (STACK_FRAME_OVERHEAD + __PT_SIZE) #define STACK_PTREGS (STACK_FRAME_OVERHEAD) @@ -23,7 +27,7 @@ ENTRY(ftrace_stub) #define STACK_PTREGS_PSW (STACK_PTREGS + __PT_PSW) ENTRY(_mcount) - br %r14 + BR_EX %r14 EXPORT_SYMBOL(_mcount) @@ -53,7 +57,7 @@ ENTRY(ftrace_caller) #endif lgr %r3,%r14 la %r5,STACK_PTREGS(%r15) - basr %r14,%r1 + BASR_EX %r14,%r1 #ifdef CONFIG_FUNCTION_GRAPH_TRACER # The j instruction gets runtime patched to a nop instruction. # See ftrace_enable_ftrace_graph_caller. @@ -68,7 +72,7 @@ ftrace_graph_caller_end: #endif lg %r1,(STACK_PTREGS_PSW+8)(%r15) lmg %r2,%r15,(STACK_PTREGS_GPRS+2*8)(%r15) - br %r1 + BR_EX %r1 #ifdef CONFIG_FUNCTION_GRAPH_TRACER @@ -81,6 +85,6 @@ ENTRY(return_to_handler) aghi %r15,STACK_FRAME_OVERHEAD lgr %r14,%r2 lmg %r2,%r5,32(%r15) - br %r14 + BR_EX %r14 #endif

7 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] s390/ftrace: use expoline for indirect branches" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 23a4d7fd34856da8218c4cfc23dba7a6ec0a423a Mon Sep 17 00:00:00 2001 From: Martin Schwidefsky <schwidefsky(a)de.ibm.com> Date: Wed, 25 Apr 2018 18:35:26 +0200 Subject: [PATCH] s390/ftrace: use expoline for indirect branches The return from the ftrace_stub, _mcount, ftrace_caller and return_to_handler functions is done with "br %r14" and "br %r1". These are indirect branches as well and need to use execute trampolines for CONFIG_EXPOLINE=y. The ftrace_caller function is a special case as it returns to the start of a function and may only use %r0 and %r1. For a pre z10 machine the standard execute trampoline uses a LARL + EX to do this, but this requires *two* registers in the range %r1..%r15. To get around this the 'br %r1' located in the lowcore is used, then the EX instruction does not need an address register. But the lowcore trick may only be used for pre z14 machines, with noexec=on the mapping for the first page may not contain instructions. The solution for that is an ALTERNATIVE in the expoline THUNK generated by 'GEN_BR_THUNK %r1' to switch to EXRL, this relies on the fact that a machine that supports noexec=on has EXRL as well. Cc: stable(a)vger.kernel.org # 4.16 Fixes: f19fbd5ed6 ("s390: introduce execute-trampolines for branches") Signed-off-by: Martin Schwidefsky <schwidefsky(a)de.ibm.com> diff --git a/arch/s390/include/asm/nospec-insn.h b/arch/s390/include/asm/nospec-insn.h index 440689cbcf51..7d7640e1cf90 100644 --- a/arch/s390/include/asm/nospec-insn.h +++ b/arch/s390/include/asm/nospec-insn.h @@ -2,12 +2,16 @@ #ifndef _ASM_S390_NOSPEC_ASM_H #define _ASM_S390_NOSPEC_ASM_H +#include <asm/alternative-asm.h> +#include <asm/asm-offsets.h> #include <asm/dwarf.h> #ifdef __ASSEMBLY__ #ifdef CONFIG_EXPOLINE +_LC_BR_R1 = __LC_BR_R1 + /* * The expoline macros are used to create thunks in the same format * as gcc generates them. The 'comdat' section flag makes sure that @@ -78,13 +82,21 @@ .endm .macro __THUNK_EX_BR reg,ruse + # Be very careful when adding instructions to this macro! + # The ALTERNATIVE replacement code has a .+10 which targets + # the "br \reg" after the code has been patched. #ifdef CONFIG_HAVE_MARCH_Z10_FEATURES exrl 0,555f j . #else + .ifc \reg,%r1 + ALTERNATIVE "ex %r0,_LC_BR_R1", ".insn ril,0xc60000000000,0,.+10", 35 + j . + .else larl \ruse,555f ex 0,0(\ruse) j . + .endif #endif 555: br \reg .endm diff --git a/arch/s390/kernel/asm-offsets.c b/arch/s390/kernel/asm-offsets.c index eb2a5c0443cd..11aea745a2a6 100644 --- a/arch/s390/kernel/asm-offsets.c +++ b/arch/s390/kernel/asm-offsets.c @@ -181,6 +181,7 @@ int main(void) OFFSET(__LC_MACHINE_FLAGS, lowcore, machine_flags); OFFSET(__LC_PREEMPT_COUNT, lowcore, preempt_count); OFFSET(__LC_GMAP, lowcore, gmap); + OFFSET(__LC_BR_R1, lowcore, br_r1_trampoline); /* software defined ABI-relevant lowcore locations 0xe00 - 0xe20 */ OFFSET(__LC_DUMP_REIPL, lowcore, ipib); /* hardware defined lowcore locations 0x1000 - 0x18ff */ diff --git a/arch/s390/kernel/mcount.S b/arch/s390/kernel/mcount.S index 82df7d80fab2..27110f3294ed 100644 --- a/arch/s390/kernel/mcount.S +++ b/arch/s390/kernel/mcount.S @@ -9,13 +9,17 @@ #include <linux/linkage.h> #include <asm/asm-offsets.h> #include <asm/ftrace.h> +#include <asm/nospec-insn.h> #include <asm/ptrace.h> #include <asm/export.h> + GEN_BR_THUNK %r1 + GEN_BR_THUNK %r14 + .section .kprobes.text, "ax" ENTRY(ftrace_stub) - br %r14 + BR_EX %r14 #define STACK_FRAME_SIZE (STACK_FRAME_OVERHEAD + __PT_SIZE) #define STACK_PTREGS (STACK_FRAME_OVERHEAD) @@ -23,7 +27,7 @@ ENTRY(ftrace_stub) #define STACK_PTREGS_PSW (STACK_PTREGS + __PT_PSW) ENTRY(_mcount) - br %r14 + BR_EX %r14 EXPORT_SYMBOL(_mcount) @@ -53,7 +57,7 @@ ENTRY(ftrace_caller) #endif lgr %r3,%r14 la %r5,STACK_PTREGS(%r15) - basr %r14,%r1 + BASR_EX %r14,%r1 #ifdef CONFIG_FUNCTION_GRAPH_TRACER # The j instruction gets runtime patched to a nop instruction. # See ftrace_enable_ftrace_graph_caller. @@ -68,7 +72,7 @@ ftrace_graph_caller_end: #endif lg %r1,(STACK_PTREGS_PSW+8)(%r15) lmg %r2,%r15,(STACK_PTREGS_GPRS+2*8)(%r15) - br %r1 + BR_EX %r1 #ifdef CONFIG_FUNCTION_GRAPH_TRACER @@ -81,6 +85,6 @@ ENTRY(return_to_handler) aghi %r15,STACK_FRAME_OVERHEAD lgr %r14,%r2 lmg %r2,%r5,32(%r15) - br %r14 + BR_EX %r14 #endif

7 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] s390/ftrace: use expoline for indirect branches" failed to apply to 4.16-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.16-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 23a4d7fd34856da8218c4cfc23dba7a6ec0a423a Mon Sep 17 00:00:00 2001 From: Martin Schwidefsky <schwidefsky(a)de.ibm.com> Date: Wed, 25 Apr 2018 18:35:26 +0200 Subject: [PATCH] s390/ftrace: use expoline for indirect branches The return from the ftrace_stub, _mcount, ftrace_caller and return_to_handler functions is done with "br %r14" and "br %r1". These are indirect branches as well and need to use execute trampolines for CONFIG_EXPOLINE=y. The ftrace_caller function is a special case as it returns to the start of a function and may only use %r0 and %r1. For a pre z10 machine the standard execute trampoline uses a LARL + EX to do this, but this requires *two* registers in the range %r1..%r15. To get around this the 'br %r1' located in the lowcore is used, then the EX instruction does not need an address register. But the lowcore trick may only be used for pre z14 machines, with noexec=on the mapping for the first page may not contain instructions. The solution for that is an ALTERNATIVE in the expoline THUNK generated by 'GEN_BR_THUNK %r1' to switch to EXRL, this relies on the fact that a machine that supports noexec=on has EXRL as well. Cc: stable(a)vger.kernel.org # 4.16 Fixes: f19fbd5ed6 ("s390: introduce execute-trampolines for branches") Signed-off-by: Martin Schwidefsky <schwidefsky(a)de.ibm.com> diff --git a/arch/s390/include/asm/nospec-insn.h b/arch/s390/include/asm/nospec-insn.h index 440689cbcf51..7d7640e1cf90 100644 --- a/arch/s390/include/asm/nospec-insn.h +++ b/arch/s390/include/asm/nospec-insn.h @@ -2,12 +2,16 @@ #ifndef _ASM_S390_NOSPEC_ASM_H #define _ASM_S390_NOSPEC_ASM_H +#include <asm/alternative-asm.h> +#include <asm/asm-offsets.h> #include <asm/dwarf.h> #ifdef __ASSEMBLY__ #ifdef CONFIG_EXPOLINE +_LC_BR_R1 = __LC_BR_R1 + /* * The expoline macros are used to create thunks in the same format * as gcc generates them. The 'comdat' section flag makes sure that @@ -78,13 +82,21 @@ .endm .macro __THUNK_EX_BR reg,ruse + # Be very careful when adding instructions to this macro! + # The ALTERNATIVE replacement code has a .+10 which targets + # the "br \reg" after the code has been patched. #ifdef CONFIG_HAVE_MARCH_Z10_FEATURES exrl 0,555f j . #else + .ifc \reg,%r1 + ALTERNATIVE "ex %r0,_LC_BR_R1", ".insn ril,0xc60000000000,0,.+10", 35 + j . + .else larl \ruse,555f ex 0,0(\ruse) j . + .endif #endif 555: br \reg .endm diff --git a/arch/s390/kernel/asm-offsets.c b/arch/s390/kernel/asm-offsets.c index eb2a5c0443cd..11aea745a2a6 100644 --- a/arch/s390/kernel/asm-offsets.c +++ b/arch/s390/kernel/asm-offsets.c @@ -181,6 +181,7 @@ int main(void) OFFSET(__LC_MACHINE_FLAGS, lowcore, machine_flags); OFFSET(__LC_PREEMPT_COUNT, lowcore, preempt_count); OFFSET(__LC_GMAP, lowcore, gmap); + OFFSET(__LC_BR_R1, lowcore, br_r1_trampoline); /* software defined ABI-relevant lowcore locations 0xe00 - 0xe20 */ OFFSET(__LC_DUMP_REIPL, lowcore, ipib); /* hardware defined lowcore locations 0x1000 - 0x18ff */ diff --git a/arch/s390/kernel/mcount.S b/arch/s390/kernel/mcount.S index 82df7d80fab2..27110f3294ed 100644 --- a/arch/s390/kernel/mcount.S +++ b/arch/s390/kernel/mcount.S @@ -9,13 +9,17 @@ #include <linux/linkage.h> #include <asm/asm-offsets.h> #include <asm/ftrace.h> +#include <asm/nospec-insn.h> #include <asm/ptrace.h> #include <asm/export.h> + GEN_BR_THUNK %r1 + GEN_BR_THUNK %r14 + .section .kprobes.text, "ax" ENTRY(ftrace_stub) - br %r14 + BR_EX %r14 #define STACK_FRAME_SIZE (STACK_FRAME_OVERHEAD + __PT_SIZE) #define STACK_PTREGS (STACK_FRAME_OVERHEAD) @@ -23,7 +27,7 @@ ENTRY(ftrace_stub) #define STACK_PTREGS_PSW (STACK_PTREGS + __PT_PSW) ENTRY(_mcount) - br %r14 + BR_EX %r14 EXPORT_SYMBOL(_mcount) @@ -53,7 +57,7 @@ ENTRY(ftrace_caller) #endif lgr %r3,%r14 la %r5,STACK_PTREGS(%r15) - basr %r14,%r1 + BASR_EX %r14,%r1 #ifdef CONFIG_FUNCTION_GRAPH_TRACER # The j instruction gets runtime patched to a nop instruction. # See ftrace_enable_ftrace_graph_caller. @@ -68,7 +72,7 @@ ftrace_graph_caller_end: #endif lg %r1,(STACK_PTREGS_PSW+8)(%r15) lmg %r2,%r15,(STACK_PTREGS_GPRS+2*8)(%r15) - br %r1 + BR_EX %r1 #ifdef CONFIG_FUNCTION_GRAPH_TRACER @@ -81,6 +85,6 @@ ENTRY(return_to_handler) aghi %r15,STACK_FRAME_OVERHEAD lgr %r14,%r2 lmg %r2,%r5,32(%r15) - br %r14 + BR_EX %r14 #endif

7 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] s390: move spectre sysfs attribute code" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 4253b0e0627ee3461e64c2495c616f1c8f6b127b Mon Sep 17 00:00:00 2001 From: Martin Schwidefsky <schwidefsky(a)de.ibm.com> Date: Tue, 24 Apr 2018 08:23:54 +0200 Subject: [PATCH] s390: move spectre sysfs attribute code The nospec-branch.c file is compiled without the gcc options to generate expoline thunks. The return branch of the sysfs show functions cpu_show_spectre_v1 and cpu_show_spectre_v2 is an indirect branch as well. These need to be compiled with expolines. Move the sysfs functions for spectre reporting to a separate file and loose an '.' for one of the messages. Cc: stable(a)vger.kernel.org # 4.16 Fixes: d424986f1d ("s390: add sysfs attributes for spectre") Signed-off-by: Martin Schwidefsky <schwidefsky(a)de.ibm.com> diff --git a/arch/s390/kernel/Makefile b/arch/s390/kernel/Makefile index 84ea6225efb4..f92dd8ed3884 100644 --- a/arch/s390/kernel/Makefile +++ b/arch/s390/kernel/Makefile @@ -65,6 +65,7 @@ obj-y += nospec-branch.o extra-y += head.o head64.o vmlinux.lds +obj-$(CONFIG_SYSFS) += nospec-sysfs.o CFLAGS_REMOVE_nospec-branch.o += $(CC_FLAGS_EXPOLINE) obj-$(CONFIG_MODULES) += module.o diff --git a/arch/s390/kernel/nospec-branch.c b/arch/s390/kernel/nospec-branch.c index 46d49a11663f..834cf29f2599 100644 --- a/arch/s390/kernel/nospec-branch.c +++ b/arch/s390/kernel/nospec-branch.c @@ -1,7 +1,6 @@ // SPDX-License-Identifier: GPL-2.0 #include <linux/module.h> #include <linux/device.h> -#include <linux/cpu.h> #include <asm/nospec-branch.h> static int __init nobp_setup_early(char *str) @@ -44,24 +43,6 @@ static int __init nospec_report(void) } arch_initcall(nospec_report); -#ifdef CONFIG_SYSFS -ssize_t cpu_show_spectre_v1(struct device *dev, - struct device_attribute *attr, char *buf) -{ - return sprintf(buf, "Mitigation: __user pointer sanitization\n"); -} - -ssize_t cpu_show_spectre_v2(struct device *dev, - struct device_attribute *attr, char *buf) -{ - if (IS_ENABLED(CC_USING_EXPOLINE) && !nospec_disable) - return sprintf(buf, "Mitigation: execute trampolines\n"); - if (__test_facility(82, S390_lowcore.alt_stfle_fac_list)) - return sprintf(buf, "Mitigation: limited branch prediction.\n"); - return sprintf(buf, "Vulnerable\n"); -} -#endif - #ifdef CONFIG_EXPOLINE int nospec_disable = IS_ENABLED(CONFIG_EXPOLINE_OFF); diff --git a/arch/s390/kernel/nospec-sysfs.c b/arch/s390/kernel/nospec-sysfs.c new file mode 100644 index 000000000000..8affad5f18cb --- /dev/null +++ b/arch/s390/kernel/nospec-sysfs.c @@ -0,0 +1,21 @@ +// SPDX-License-Identifier: GPL-2.0 +#include <linux/device.h> +#include <linux/cpu.h> +#include <asm/facility.h> +#include <asm/nospec-branch.h> + +ssize_t cpu_show_spectre_v1(struct device *dev, + struct device_attribute *attr, char *buf) +{ + return sprintf(buf, "Mitigation: __user pointer sanitization\n"); +} + +ssize_t cpu_show_spectre_v2(struct device *dev, + struct device_attribute *attr, char *buf) +{ + if (IS_ENABLED(CC_USING_EXPOLINE) && !nospec_disable) + return sprintf(buf, "Mitigation: execute trampolines\n"); + if (__test_facility(82, S390_lowcore.alt_stfle_fac_list)) + return sprintf(buf, "Mitigation: limited branch prediction\n"); + return sprintf(buf, "Vulnerable\n"); +}

7 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] s390: move spectre sysfs attribute code" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 4253b0e0627ee3461e64c2495c616f1c8f6b127b Mon Sep 17 00:00:00 2001 From: Martin Schwidefsky <schwidefsky(a)de.ibm.com> Date: Tue, 24 Apr 2018 08:23:54 +0200 Subject: [PATCH] s390: move spectre sysfs attribute code The nospec-branch.c file is compiled without the gcc options to generate expoline thunks. The return branch of the sysfs show functions cpu_show_spectre_v1 and cpu_show_spectre_v2 is an indirect branch as well. These need to be compiled with expolines. Move the sysfs functions for spectre reporting to a separate file and loose an '.' for one of the messages. Cc: stable(a)vger.kernel.org # 4.16 Fixes: d424986f1d ("s390: add sysfs attributes for spectre") Signed-off-by: Martin Schwidefsky <schwidefsky(a)de.ibm.com> diff --git a/arch/s390/kernel/Makefile b/arch/s390/kernel/Makefile index 84ea6225efb4..f92dd8ed3884 100644 --- a/arch/s390/kernel/Makefile +++ b/arch/s390/kernel/Makefile @@ -65,6 +65,7 @@ obj-y += nospec-branch.o extra-y += head.o head64.o vmlinux.lds +obj-$(CONFIG_SYSFS) += nospec-sysfs.o CFLAGS_REMOVE_nospec-branch.o += $(CC_FLAGS_EXPOLINE) obj-$(CONFIG_MODULES) += module.o diff --git a/arch/s390/kernel/nospec-branch.c b/arch/s390/kernel/nospec-branch.c index 46d49a11663f..834cf29f2599 100644 --- a/arch/s390/kernel/nospec-branch.c +++ b/arch/s390/kernel/nospec-branch.c @@ -1,7 +1,6 @@ // SPDX-License-Identifier: GPL-2.0 #include <linux/module.h> #include <linux/device.h> -#include <linux/cpu.h> #include <asm/nospec-branch.h> static int __init nobp_setup_early(char *str) @@ -44,24 +43,6 @@ static int __init nospec_report(void) } arch_initcall(nospec_report); -#ifdef CONFIG_SYSFS -ssize_t cpu_show_spectre_v1(struct device *dev, - struct device_attribute *attr, char *buf) -{ - return sprintf(buf, "Mitigation: __user pointer sanitization\n"); -} - -ssize_t cpu_show_spectre_v2(struct device *dev, - struct device_attribute *attr, char *buf) -{ - if (IS_ENABLED(CC_USING_EXPOLINE) && !nospec_disable) - return sprintf(buf, "Mitigation: execute trampolines\n"); - if (__test_facility(82, S390_lowcore.alt_stfle_fac_list)) - return sprintf(buf, "Mitigation: limited branch prediction.\n"); - return sprintf(buf, "Vulnerable\n"); -} -#endif - #ifdef CONFIG_EXPOLINE int nospec_disable = IS_ENABLED(CONFIG_EXPOLINE_OFF); diff --git a/arch/s390/kernel/nospec-sysfs.c b/arch/s390/kernel/nospec-sysfs.c new file mode 100644 index 000000000000..8affad5f18cb --- /dev/null +++ b/arch/s390/kernel/nospec-sysfs.c @@ -0,0 +1,21 @@ +// SPDX-License-Identifier: GPL-2.0 +#include <linux/device.h> +#include <linux/cpu.h> +#include <asm/facility.h> +#include <asm/nospec-branch.h> + +ssize_t cpu_show_spectre_v1(struct device *dev, + struct device_attribute *attr, char *buf) +{ + return sprintf(buf, "Mitigation: __user pointer sanitization\n"); +} + +ssize_t cpu_show_spectre_v2(struct device *dev, + struct device_attribute *attr, char *buf) +{ + if (IS_ENABLED(CC_USING_EXPOLINE) && !nospec_disable) + return sprintf(buf, "Mitigation: execute trampolines\n"); + if (__test_facility(82, S390_lowcore.alt_stfle_fac_list)) + return sprintf(buf, "Mitigation: limited branch prediction\n"); + return sprintf(buf, "Vulnerable\n"); +}

7 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] s390: move spectre sysfs attribute code" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 4253b0e0627ee3461e64c2495c616f1c8f6b127b Mon Sep 17 00:00:00 2001 From: Martin Schwidefsky <schwidefsky(a)de.ibm.com> Date: Tue, 24 Apr 2018 08:23:54 +0200 Subject: [PATCH] s390: move spectre sysfs attribute code The nospec-branch.c file is compiled without the gcc options to generate expoline thunks. The return branch of the sysfs show functions cpu_show_spectre_v1 and cpu_show_spectre_v2 is an indirect branch as well. These need to be compiled with expolines. Move the sysfs functions for spectre reporting to a separate file and loose an '.' for one of the messages. Cc: stable(a)vger.kernel.org # 4.16 Fixes: d424986f1d ("s390: add sysfs attributes for spectre") Signed-off-by: Martin Schwidefsky <schwidefsky(a)de.ibm.com> diff --git a/arch/s390/kernel/Makefile b/arch/s390/kernel/Makefile index 84ea6225efb4..f92dd8ed3884 100644 --- a/arch/s390/kernel/Makefile +++ b/arch/s390/kernel/Makefile @@ -65,6 +65,7 @@ obj-y += nospec-branch.o extra-y += head.o head64.o vmlinux.lds +obj-$(CONFIG_SYSFS) += nospec-sysfs.o CFLAGS_REMOVE_nospec-branch.o += $(CC_FLAGS_EXPOLINE) obj-$(CONFIG_MODULES) += module.o diff --git a/arch/s390/kernel/nospec-branch.c b/arch/s390/kernel/nospec-branch.c index 46d49a11663f..834cf29f2599 100644 --- a/arch/s390/kernel/nospec-branch.c +++ b/arch/s390/kernel/nospec-branch.c @@ -1,7 +1,6 @@ // SPDX-License-Identifier: GPL-2.0 #include <linux/module.h> #include <linux/device.h> -#include <linux/cpu.h> #include <asm/nospec-branch.h> static int __init nobp_setup_early(char *str) @@ -44,24 +43,6 @@ static int __init nospec_report(void) } arch_initcall(nospec_report); -#ifdef CONFIG_SYSFS -ssize_t cpu_show_spectre_v1(struct device *dev, - struct device_attribute *attr, char *buf) -{ - return sprintf(buf, "Mitigation: __user pointer sanitization\n"); -} - -ssize_t cpu_show_spectre_v2(struct device *dev, - struct device_attribute *attr, char *buf) -{ - if (IS_ENABLED(CC_USING_EXPOLINE) && !nospec_disable) - return sprintf(buf, "Mitigation: execute trampolines\n"); - if (__test_facility(82, S390_lowcore.alt_stfle_fac_list)) - return sprintf(buf, "Mitigation: limited branch prediction.\n"); - return sprintf(buf, "Vulnerable\n"); -} -#endif - #ifdef CONFIG_EXPOLINE int nospec_disable = IS_ENABLED(CONFIG_EXPOLINE_OFF); diff --git a/arch/s390/kernel/nospec-sysfs.c b/arch/s390/kernel/nospec-sysfs.c new file mode 100644 index 000000000000..8affad5f18cb --- /dev/null +++ b/arch/s390/kernel/nospec-sysfs.c @@ -0,0 +1,21 @@ +// SPDX-License-Identifier: GPL-2.0 +#include <linux/device.h> +#include <linux/cpu.h> +#include <asm/facility.h> +#include <asm/nospec-branch.h> + +ssize_t cpu_show_spectre_v1(struct device *dev, + struct device_attribute *attr, char *buf) +{ + return sprintf(buf, "Mitigation: __user pointer sanitization\n"); +} + +ssize_t cpu_show_spectre_v2(struct device *dev, + struct device_attribute *attr, char *buf) +{ + if (IS_ENABLED(CC_USING_EXPOLINE) && !nospec_disable) + return sprintf(buf, "Mitigation: execute trampolines\n"); + if (__test_facility(82, S390_lowcore.alt_stfle_fac_list)) + return sprintf(buf, "Mitigation: limited branch prediction\n"); + return sprintf(buf, "Vulnerable\n"); +}

7 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] s390: move spectre sysfs attribute code" failed to apply to 4.16-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.16-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 4253b0e0627ee3461e64c2495c616f1c8f6b127b Mon Sep 17 00:00:00 2001 From: Martin Schwidefsky <schwidefsky(a)de.ibm.com> Date: Tue, 24 Apr 2018 08:23:54 +0200 Subject: [PATCH] s390: move spectre sysfs attribute code The nospec-branch.c file is compiled without the gcc options to generate expoline thunks. The return branch of the sysfs show functions cpu_show_spectre_v1 and cpu_show_spectre_v2 is an indirect branch as well. These need to be compiled with expolines. Move the sysfs functions for spectre reporting to a separate file and loose an '.' for one of the messages. Cc: stable(a)vger.kernel.org # 4.16 Fixes: d424986f1d ("s390: add sysfs attributes for spectre") Signed-off-by: Martin Schwidefsky <schwidefsky(a)de.ibm.com> diff --git a/arch/s390/kernel/Makefile b/arch/s390/kernel/Makefile index 84ea6225efb4..f92dd8ed3884 100644 --- a/arch/s390/kernel/Makefile +++ b/arch/s390/kernel/Makefile @@ -65,6 +65,7 @@ obj-y += nospec-branch.o extra-y += head.o head64.o vmlinux.lds +obj-$(CONFIG_SYSFS) += nospec-sysfs.o CFLAGS_REMOVE_nospec-branch.o += $(CC_FLAGS_EXPOLINE) obj-$(CONFIG_MODULES) += module.o diff --git a/arch/s390/kernel/nospec-branch.c b/arch/s390/kernel/nospec-branch.c index 46d49a11663f..834cf29f2599 100644 --- a/arch/s390/kernel/nospec-branch.c +++ b/arch/s390/kernel/nospec-branch.c @@ -1,7 +1,6 @@ // SPDX-License-Identifier: GPL-2.0 #include <linux/module.h> #include <linux/device.h> -#include <linux/cpu.h> #include <asm/nospec-branch.h> static int __init nobp_setup_early(char *str) @@ -44,24 +43,6 @@ static int __init nospec_report(void) } arch_initcall(nospec_report); -#ifdef CONFIG_SYSFS -ssize_t cpu_show_spectre_v1(struct device *dev, - struct device_attribute *attr, char *buf) -{ - return sprintf(buf, "Mitigation: __user pointer sanitization\n"); -} - -ssize_t cpu_show_spectre_v2(struct device *dev, - struct device_attribute *attr, char *buf) -{ - if (IS_ENABLED(CC_USING_EXPOLINE) && !nospec_disable) - return sprintf(buf, "Mitigation: execute trampolines\n"); - if (__test_facility(82, S390_lowcore.alt_stfle_fac_list)) - return sprintf(buf, "Mitigation: limited branch prediction.\n"); - return sprintf(buf, "Vulnerable\n"); -} -#endif - #ifdef CONFIG_EXPOLINE int nospec_disable = IS_ENABLED(CONFIG_EXPOLINE_OFF); diff --git a/arch/s390/kernel/nospec-sysfs.c b/arch/s390/kernel/nospec-sysfs.c new file mode 100644 index 000000000000..8affad5f18cb --- /dev/null +++ b/arch/s390/kernel/nospec-sysfs.c @@ -0,0 +1,21 @@ +// SPDX-License-Identifier: GPL-2.0 +#include <linux/device.h> +#include <linux/cpu.h> +#include <asm/facility.h> +#include <asm/nospec-branch.h> + +ssize_t cpu_show_spectre_v1(struct device *dev, + struct device_attribute *attr, char *buf) +{ + return sprintf(buf, "Mitigation: __user pointer sanitization\n"); +} + +ssize_t cpu_show_spectre_v2(struct device *dev, + struct device_attribute *attr, char *buf) +{ + if (IS_ENABLED(CC_USING_EXPOLINE) && !nospec_disable) + return sprintf(buf, "Mitigation: execute trampolines\n"); + if (__test_facility(82, S390_lowcore.alt_stfle_fac_list)) + return sprintf(buf, "Mitigation: limited branch prediction\n"); + return sprintf(buf, "Vulnerable\n"); +}

7 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] s390: move expoline assembler macros to a header" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 6dd85fbb87d1d6b87a3b1f02ca28d7b2abd2e7ba Mon Sep 17 00:00:00 2001 From: Martin Schwidefsky <schwidefsky(a)de.ibm.com> Date: Fri, 20 Apr 2018 16:49:46 +0200 Subject: [PATCH] s390: move expoline assembler macros to a header To be able to use the expoline branches in different assembler files move the associated macros from entry.S to a new header nospec-insn.h. While we are at it make the macros a bit nicer to use. Cc: stable(a)vger.kernel.org # 4.16 Fixes: f19fbd5ed6 ("s390: introduce execute-trampolines for branches") Signed-off-by: Martin Schwidefsky <schwidefsky(a)de.ibm.com> diff --git a/arch/s390/include/asm/nospec-insn.h b/arch/s390/include/asm/nospec-insn.h new file mode 100644 index 000000000000..440689cbcf51 --- /dev/null +++ b/arch/s390/include/asm/nospec-insn.h @@ -0,0 +1,127 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +#ifndef _ASM_S390_NOSPEC_ASM_H +#define _ASM_S390_NOSPEC_ASM_H + +#include <asm/dwarf.h> + +#ifdef __ASSEMBLY__ + +#ifdef CONFIG_EXPOLINE + +/* + * The expoline macros are used to create thunks in the same format + * as gcc generates them. The 'comdat' section flag makes sure that + * the various thunks are merged into a single copy. + */ + .macro __THUNK_PROLOG_NAME name + .pushsection .text.\name,"axG",@progbits,\name,comdat + .globl \name + .hidden \name + .type \name,@function +\name: + CFI_STARTPROC + .endm + + .macro __THUNK_EPILOG + CFI_ENDPROC + .popsection + .endm + + .macro __THUNK_PROLOG_BR r1,r2 + __THUNK_PROLOG_NAME __s390x_indirect_jump_r\r2\()use_r\r1 + .endm + + .macro __THUNK_BR r1,r2 + jg __s390x_indirect_jump_r\r2\()use_r\r1 + .endm + + .macro __THUNK_BRASL r1,r2,r3 + brasl \r1,__s390x_indirect_jump_r\r3\()use_r\r2 + .endm + + .macro __DECODE_RR expand,reg,ruse + .set __decode_fail,1 + .irp r1,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 + .ifc \reg,%r\r1 + .irp r2,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 + .ifc \ruse,%r\r2 + \expand \r1,\r2 + .set __decode_fail,0 + .endif + .endr + .endif + .endr + .if __decode_fail == 1 + .error "__DECODE_RR failed" + .endif + .endm + + .macro __DECODE_RRR expand,rsave,rtarget,ruse + .set __decode_fail,1 + .irp r1,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 + .ifc \rsave,%r\r1 + .irp r2,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 + .ifc \rtarget,%r\r2 + .irp r3,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 + .ifc \ruse,%r\r3 + \expand \r1,\r2,\r3 + .set __decode_fail,0 + .endif + .endr + .endif + .endr + .endif + .endr + .if __decode_fail == 1 + .error "__DECODE_RRR failed" + .endif + .endm + + .macro __THUNK_EX_BR reg,ruse +#ifdef CONFIG_HAVE_MARCH_Z10_FEATURES + exrl 0,555f + j . +#else + larl \ruse,555f + ex 0,0(\ruse) + j . +#endif +555: br \reg + .endm + + .macro GEN_BR_THUNK reg,ruse=%r1 + __DECODE_RR __THUNK_PROLOG_BR,\reg,\ruse + __THUNK_EX_BR \reg,\ruse + __THUNK_EPILOG + .endm + + .macro BR_EX reg,ruse=%r1 +557: __DECODE_RR __THUNK_BR,\reg,\ruse + .pushsection .s390_indirect_branches,"a",@progbits + .long 557b-. + .popsection + .endm + + .macro BASR_EX rsave,rtarget,ruse=%r1 +559: __DECODE_RRR __THUNK_BRASL,\rsave,\rtarget,\ruse + .pushsection .s390_indirect_branches,"a",@progbits + .long 559b-. + .popsection + .endm + +#else + .macro GEN_BR_THUNK reg,ruse=%r1 + .endm + + .macro BR_EX reg,ruse=%r1 + br \reg + .endm + + .macro BASR_EX rsave,rtarget,ruse=%r1 + basr \rsave,\rtarget + .endm +#endif + +#endif /* __ASSEMBLY__ */ + +#endif /* _ASM_S390_NOSPEC_ASM_H */ diff --git a/arch/s390/kernel/entry.S b/arch/s390/kernel/entry.S index 3f22f139a041..f03402efab4b 100644 --- a/arch/s390/kernel/entry.S +++ b/arch/s390/kernel/entry.S @@ -28,6 +28,7 @@ #include <asm/setup.h> #include <asm/nmi.h> #include <asm/export.h> +#include <asm/nospec-insn.h> __PT_R0 = __PT_GPRS __PT_R1 = __PT_GPRS + 8 @@ -183,67 +184,9 @@ _LPP_OFFSET = __LC_LPP "jnz .+8; .long 0xb2e8d000", 82 .endm -#ifdef CONFIG_EXPOLINE - - .macro GEN_BR_THUNK name,reg,tmp - .section .text.\name,"axG",@progbits,\name,comdat - .globl \name - .hidden \name - .type \name,@function -\name: - CFI_STARTPROC -#ifdef CONFIG_HAVE_MARCH_Z10_FEATURES - exrl 0,0f -#else - larl \tmp,0f - ex 0,0(\tmp) -#endif - j . -0: br \reg - CFI_ENDPROC - .endm - - GEN_BR_THUNK __s390x_indirect_jump_r1use_r9,%r9,%r1 - GEN_BR_THUNK __s390x_indirect_jump_r1use_r14,%r14,%r1 - GEN_BR_THUNK __s390x_indirect_jump_r11use_r14,%r14,%r11 - - .macro BASR_R14_R9 -0: brasl %r14,__s390x_indirect_jump_r1use_r9 - .pushsection .s390_indirect_branches,"a",@progbits - .long 0b-. - .popsection - .endm - - .macro BR_R1USE_R14 -0: jg __s390x_indirect_jump_r1use_r14 - .pushsection .s390_indirect_branches,"a",@progbits - .long 0b-. - .popsection - .endm - - .macro BR_R11USE_R14 -0: jg __s390x_indirect_jump_r11use_r14 - .pushsection .s390_indirect_branches,"a",@progbits - .long 0b-. - .popsection - .endm - -#else /* CONFIG_EXPOLINE */ - - .macro BASR_R14_R9 - basr %r14,%r9 - .endm - - .macro BR_R1USE_R14 - br %r14 - .endm - - .macro BR_R11USE_R14 - br %r14 - .endm - -#endif /* CONFIG_EXPOLINE */ - + GEN_BR_THUNK %r9 + GEN_BR_THUNK %r14 + GEN_BR_THUNK %r14,%r11 .section .kprobes.text, "ax" .Ldummy: @@ -260,7 +203,7 @@ _LPP_OFFSET = __LC_LPP ENTRY(__bpon) .globl __bpon BPON - BR_R1USE_R14 + BR_EX %r14 /* * Scheduler resume function, called by switch_to @@ -284,7 +227,7 @@ ENTRY(__switch_to) mvc __LC_CURRENT_PID(4,%r0),0(%r3) # store pid of next lmg %r6,%r15,__SF_GPRS(%r15) # load gprs of next task ALTERNATIVE "", ".insn s,0xb2800000,_LPP_OFFSET", 40 - BR_R1USE_R14 + BR_EX %r14 .L__critical_start: @@ -351,7 +294,7 @@ sie_exit: xgr %r5,%r5 lmg %r6,%r14,__SF_GPRS(%r15) # restore kernel registers lg %r2,__SF_SIE_REASON(%r15) # return exit reason code - BR_R1USE_R14 + BR_EX %r14 .Lsie_fault: lghi %r14,-EFAULT stg %r14,__SF_SIE_REASON(%r15) # set exit reason code @@ -410,7 +353,7 @@ ENTRY(system_call) lgf %r9,0(%r8,%r10) # get system call add. TSTMSK __TI_flags(%r12),_TIF_TRACE jnz .Lsysc_tracesys - BASR_R14_R9 # call sys_xxxx + BASR_EX %r14,%r9 # call sys_xxxx stg %r2,__PT_R2(%r11) # store return value .Lsysc_return: @@ -595,7 +538,7 @@ ENTRY(system_call) lmg %r3,%r7,__PT_R3(%r11) stg %r7,STACK_FRAME_OVERHEAD(%r15) lg %r2,__PT_ORIG_GPR2(%r11) - BASR_R14_R9 # call sys_xxx + BASR_EX %r14,%r9 # call sys_xxx stg %r2,__PT_R2(%r11) # store return value .Lsysc_tracenogo: TSTMSK __TI_flags(%r12),_TIF_TRACE @@ -619,7 +562,7 @@ ENTRY(ret_from_fork) lmg %r9,%r10,__PT_R9(%r11) # load gprs ENTRY(kernel_thread_starter) la %r2,0(%r10) - BASR_R14_R9 + BASR_EX %r14,%r9 j .Lsysc_tracenogo /* @@ -701,7 +644,7 @@ ENTRY(pgm_check_handler) je .Lpgm_return lgf %r9,0(%r10,%r1) # load address of handler routine lgr %r2,%r11 # pass pointer to pt_regs - BASR_R14_R9 # branch to interrupt-handler + BASR_EX %r14,%r9 # branch to interrupt-handler .Lpgm_return: LOCKDEP_SYS_EXIT tm __PT_PSW+1(%r11),0x01 # returning to user ? @@ -1019,7 +962,7 @@ ENTRY(psw_idle) stpt __TIMER_IDLE_ENTER(%r2) .Lpsw_idle_lpsw: lpswe __SF_EMPTY(%r15) - BR_R1USE_R14 + BR_EX %r14 .Lpsw_idle_end: /* @@ -1061,7 +1004,7 @@ ENTRY(save_fpu_regs) .Lsave_fpu_regs_done: oi __LC_CPU_FLAGS+7,_CIF_FPU .Lsave_fpu_regs_exit: - BR_R1USE_R14 + BR_EX %r14 .Lsave_fpu_regs_end: EXPORT_SYMBOL(save_fpu_regs) @@ -1107,7 +1050,7 @@ load_fpu_regs: .Lload_fpu_regs_done: ni __LC_CPU_FLAGS+7,255-_CIF_FPU .Lload_fpu_regs_exit: - BR_R1USE_R14 + BR_EX %r14 .Lload_fpu_regs_end: .L__critical_end: @@ -1322,7 +1265,7 @@ cleanup_critical: jl 0f clg %r9,BASED(.Lcleanup_table+104) # .Lload_fpu_regs_end jl .Lcleanup_load_fpu_regs -0: BR_R11USE_R14 +0: BR_EX %r14 .align 8 .Lcleanup_table: @@ -1358,7 +1301,7 @@ cleanup_critical: ni __SIE_PROG0C+3(%r9),0xfe # no longer in SIE lctlg %c1,%c1,__LC_USER_ASCE # load primary asce larl %r9,sie_exit # skip forward to sie_exit - BR_R11USE_R14 + BR_EX %r14 #endif .Lcleanup_system_call: @@ -1412,7 +1355,7 @@ cleanup_critical: stg %r15,56(%r11) # r15 stack pointer # set new psw address and exit larl %r9,.Lsysc_do_svc - BR_R11USE_R14 + BR_EX %r14,%r11 .Lcleanup_system_call_insn: .quad system_call .quad .Lsysc_stmg @@ -1424,7 +1367,7 @@ cleanup_critical: .Lcleanup_sysc_tif: larl %r9,.Lsysc_tif - BR_R11USE_R14 + BR_EX %r14,%r11 .Lcleanup_sysc_restore: # check if stpt has been executed @@ -1441,14 +1384,14 @@ cleanup_critical: mvc 0(64,%r11),__PT_R8(%r9) lmg %r0,%r7,__PT_R0(%r9) 1: lmg %r8,%r9,__LC_RETURN_PSW - BR_R11USE_R14 + BR_EX %r14,%r11 .Lcleanup_sysc_restore_insn: .quad .Lsysc_exit_timer .quad .Lsysc_done - 4 .Lcleanup_io_tif: larl %r9,.Lio_tif - BR_R11USE_R14 + BR_EX %r14,%r11 .Lcleanup_io_restore: # check if stpt has been executed @@ -1462,7 +1405,7 @@ cleanup_critical: mvc 0(64,%r11),__PT_R8(%r9) lmg %r0,%r7,__PT_R0(%r9) 1: lmg %r8,%r9,__LC_RETURN_PSW - BR_R11USE_R14 + BR_EX %r14,%r11 .Lcleanup_io_restore_insn: .quad .Lio_exit_timer .quad .Lio_done - 4 @@ -1515,17 +1458,17 @@ cleanup_critical: # prepare return psw nihh %r8,0xfcfd # clear irq & wait state bits lg %r9,48(%r11) # return from psw_idle - BR_R11USE_R14 + BR_EX %r14,%r11 .Lcleanup_idle_insn: .quad .Lpsw_idle_lpsw .Lcleanup_save_fpu_regs: larl %r9,save_fpu_regs - BR_R11USE_R14 + BR_EX %r14,%r11 .Lcleanup_load_fpu_regs: larl %r9,load_fpu_regs - BR_R11USE_R14 + BR_EX %r14,%r11 /* * Integer constants

7 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] s390: move expoline assembler macros to a header" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 6dd85fbb87d1d6b87a3b1f02ca28d7b2abd2e7ba Mon Sep 17 00:00:00 2001 From: Martin Schwidefsky <schwidefsky(a)de.ibm.com> Date: Fri, 20 Apr 2018 16:49:46 +0200 Subject: [PATCH] s390: move expoline assembler macros to a header To be able to use the expoline branches in different assembler files move the associated macros from entry.S to a new header nospec-insn.h. While we are at it make the macros a bit nicer to use. Cc: stable(a)vger.kernel.org # 4.16 Fixes: f19fbd5ed6 ("s390: introduce execute-trampolines for branches") Signed-off-by: Martin Schwidefsky <schwidefsky(a)de.ibm.com> diff --git a/arch/s390/include/asm/nospec-insn.h b/arch/s390/include/asm/nospec-insn.h new file mode 100644 index 000000000000..440689cbcf51 --- /dev/null +++ b/arch/s390/include/asm/nospec-insn.h @@ -0,0 +1,127 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +#ifndef _ASM_S390_NOSPEC_ASM_H +#define _ASM_S390_NOSPEC_ASM_H + +#include <asm/dwarf.h> + +#ifdef __ASSEMBLY__ + +#ifdef CONFIG_EXPOLINE + +/* + * The expoline macros are used to create thunks in the same format + * as gcc generates them. The 'comdat' section flag makes sure that + * the various thunks are merged into a single copy. + */ + .macro __THUNK_PROLOG_NAME name + .pushsection .text.\name,"axG",@progbits,\name,comdat + .globl \name + .hidden \name + .type \name,@function +\name: + CFI_STARTPROC + .endm + + .macro __THUNK_EPILOG + CFI_ENDPROC + .popsection + .endm + + .macro __THUNK_PROLOG_BR r1,r2 + __THUNK_PROLOG_NAME __s390x_indirect_jump_r\r2\()use_r\r1 + .endm + + .macro __THUNK_BR r1,r2 + jg __s390x_indirect_jump_r\r2\()use_r\r1 + .endm + + .macro __THUNK_BRASL r1,r2,r3 + brasl \r1,__s390x_indirect_jump_r\r3\()use_r\r2 + .endm + + .macro __DECODE_RR expand,reg,ruse + .set __decode_fail,1 + .irp r1,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 + .ifc \reg,%r\r1 + .irp r2,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 + .ifc \ruse,%r\r2 + \expand \r1,\r2 + .set __decode_fail,0 + .endif + .endr + .endif + .endr + .if __decode_fail == 1 + .error "__DECODE_RR failed" + .endif + .endm + + .macro __DECODE_RRR expand,rsave,rtarget,ruse + .set __decode_fail,1 + .irp r1,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 + .ifc \rsave,%r\r1 + .irp r2,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 + .ifc \rtarget,%r\r2 + .irp r3,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 + .ifc \ruse,%r\r3 + \expand \r1,\r2,\r3 + .set __decode_fail,0 + .endif + .endr + .endif + .endr + .endif + .endr + .if __decode_fail == 1 + .error "__DECODE_RRR failed" + .endif + .endm + + .macro __THUNK_EX_BR reg,ruse +#ifdef CONFIG_HAVE_MARCH_Z10_FEATURES + exrl 0,555f + j . +#else + larl \ruse,555f + ex 0,0(\ruse) + j . +#endif +555: br \reg + .endm + + .macro GEN_BR_THUNK reg,ruse=%r1 + __DECODE_RR __THUNK_PROLOG_BR,\reg,\ruse + __THUNK_EX_BR \reg,\ruse + __THUNK_EPILOG + .endm + + .macro BR_EX reg,ruse=%r1 +557: __DECODE_RR __THUNK_BR,\reg,\ruse + .pushsection .s390_indirect_branches,"a",@progbits + .long 557b-. + .popsection + .endm + + .macro BASR_EX rsave,rtarget,ruse=%r1 +559: __DECODE_RRR __THUNK_BRASL,\rsave,\rtarget,\ruse + .pushsection .s390_indirect_branches,"a",@progbits + .long 559b-. + .popsection + .endm + +#else + .macro GEN_BR_THUNK reg,ruse=%r1 + .endm + + .macro BR_EX reg,ruse=%r1 + br \reg + .endm + + .macro BASR_EX rsave,rtarget,ruse=%r1 + basr \rsave,\rtarget + .endm +#endif + +#endif /* __ASSEMBLY__ */ + +#endif /* _ASM_S390_NOSPEC_ASM_H */ diff --git a/arch/s390/kernel/entry.S b/arch/s390/kernel/entry.S index 3f22f139a041..f03402efab4b 100644 --- a/arch/s390/kernel/entry.S +++ b/arch/s390/kernel/entry.S @@ -28,6 +28,7 @@ #include <asm/setup.h> #include <asm/nmi.h> #include <asm/export.h> +#include <asm/nospec-insn.h> __PT_R0 = __PT_GPRS __PT_R1 = __PT_GPRS + 8 @@ -183,67 +184,9 @@ _LPP_OFFSET = __LC_LPP "jnz .+8; .long 0xb2e8d000", 82 .endm -#ifdef CONFIG_EXPOLINE - - .macro GEN_BR_THUNK name,reg,tmp - .section .text.\name,"axG",@progbits,\name,comdat - .globl \name - .hidden \name - .type \name,@function -\name: - CFI_STARTPROC -#ifdef CONFIG_HAVE_MARCH_Z10_FEATURES - exrl 0,0f -#else - larl \tmp,0f - ex 0,0(\tmp) -#endif - j . -0: br \reg - CFI_ENDPROC - .endm - - GEN_BR_THUNK __s390x_indirect_jump_r1use_r9,%r9,%r1 - GEN_BR_THUNK __s390x_indirect_jump_r1use_r14,%r14,%r1 - GEN_BR_THUNK __s390x_indirect_jump_r11use_r14,%r14,%r11 - - .macro BASR_R14_R9 -0: brasl %r14,__s390x_indirect_jump_r1use_r9 - .pushsection .s390_indirect_branches,"a",@progbits - .long 0b-. - .popsection - .endm - - .macro BR_R1USE_R14 -0: jg __s390x_indirect_jump_r1use_r14 - .pushsection .s390_indirect_branches,"a",@progbits - .long 0b-. - .popsection - .endm - - .macro BR_R11USE_R14 -0: jg __s390x_indirect_jump_r11use_r14 - .pushsection .s390_indirect_branches,"a",@progbits - .long 0b-. - .popsection - .endm - -#else /* CONFIG_EXPOLINE */ - - .macro BASR_R14_R9 - basr %r14,%r9 - .endm - - .macro BR_R1USE_R14 - br %r14 - .endm - - .macro BR_R11USE_R14 - br %r14 - .endm - -#endif /* CONFIG_EXPOLINE */ - + GEN_BR_THUNK %r9 + GEN_BR_THUNK %r14 + GEN_BR_THUNK %r14,%r11 .section .kprobes.text, "ax" .Ldummy: @@ -260,7 +203,7 @@ _LPP_OFFSET = __LC_LPP ENTRY(__bpon) .globl __bpon BPON - BR_R1USE_R14 + BR_EX %r14 /* * Scheduler resume function, called by switch_to @@ -284,7 +227,7 @@ ENTRY(__switch_to) mvc __LC_CURRENT_PID(4,%r0),0(%r3) # store pid of next lmg %r6,%r15,__SF_GPRS(%r15) # load gprs of next task ALTERNATIVE "", ".insn s,0xb2800000,_LPP_OFFSET", 40 - BR_R1USE_R14 + BR_EX %r14 .L__critical_start: @@ -351,7 +294,7 @@ sie_exit: xgr %r5,%r5 lmg %r6,%r14,__SF_GPRS(%r15) # restore kernel registers lg %r2,__SF_SIE_REASON(%r15) # return exit reason code - BR_R1USE_R14 + BR_EX %r14 .Lsie_fault: lghi %r14,-EFAULT stg %r14,__SF_SIE_REASON(%r15) # set exit reason code @@ -410,7 +353,7 @@ ENTRY(system_call) lgf %r9,0(%r8,%r10) # get system call add. TSTMSK __TI_flags(%r12),_TIF_TRACE jnz .Lsysc_tracesys - BASR_R14_R9 # call sys_xxxx + BASR_EX %r14,%r9 # call sys_xxxx stg %r2,__PT_R2(%r11) # store return value .Lsysc_return: @@ -595,7 +538,7 @@ ENTRY(system_call) lmg %r3,%r7,__PT_R3(%r11) stg %r7,STACK_FRAME_OVERHEAD(%r15) lg %r2,__PT_ORIG_GPR2(%r11) - BASR_R14_R9 # call sys_xxx + BASR_EX %r14,%r9 # call sys_xxx stg %r2,__PT_R2(%r11) # store return value .Lsysc_tracenogo: TSTMSK __TI_flags(%r12),_TIF_TRACE @@ -619,7 +562,7 @@ ENTRY(ret_from_fork) lmg %r9,%r10,__PT_R9(%r11) # load gprs ENTRY(kernel_thread_starter) la %r2,0(%r10) - BASR_R14_R9 + BASR_EX %r14,%r9 j .Lsysc_tracenogo /* @@ -701,7 +644,7 @@ ENTRY(pgm_check_handler) je .Lpgm_return lgf %r9,0(%r10,%r1) # load address of handler routine lgr %r2,%r11 # pass pointer to pt_regs - BASR_R14_R9 # branch to interrupt-handler + BASR_EX %r14,%r9 # branch to interrupt-handler .Lpgm_return: LOCKDEP_SYS_EXIT tm __PT_PSW+1(%r11),0x01 # returning to user ? @@ -1019,7 +962,7 @@ ENTRY(psw_idle) stpt __TIMER_IDLE_ENTER(%r2) .Lpsw_idle_lpsw: lpswe __SF_EMPTY(%r15) - BR_R1USE_R14 + BR_EX %r14 .Lpsw_idle_end: /* @@ -1061,7 +1004,7 @@ ENTRY(save_fpu_regs) .Lsave_fpu_regs_done: oi __LC_CPU_FLAGS+7,_CIF_FPU .Lsave_fpu_regs_exit: - BR_R1USE_R14 + BR_EX %r14 .Lsave_fpu_regs_end: EXPORT_SYMBOL(save_fpu_regs) @@ -1107,7 +1050,7 @@ load_fpu_regs: .Lload_fpu_regs_done: ni __LC_CPU_FLAGS+7,255-_CIF_FPU .Lload_fpu_regs_exit: - BR_R1USE_R14 + BR_EX %r14 .Lload_fpu_regs_end: .L__critical_end: @@ -1322,7 +1265,7 @@ cleanup_critical: jl 0f clg %r9,BASED(.Lcleanup_table+104) # .Lload_fpu_regs_end jl .Lcleanup_load_fpu_regs -0: BR_R11USE_R14 +0: BR_EX %r14 .align 8 .Lcleanup_table: @@ -1358,7 +1301,7 @@ cleanup_critical: ni __SIE_PROG0C+3(%r9),0xfe # no longer in SIE lctlg %c1,%c1,__LC_USER_ASCE # load primary asce larl %r9,sie_exit # skip forward to sie_exit - BR_R11USE_R14 + BR_EX %r14 #endif .Lcleanup_system_call: @@ -1412,7 +1355,7 @@ cleanup_critical: stg %r15,56(%r11) # r15 stack pointer # set new psw address and exit larl %r9,.Lsysc_do_svc - BR_R11USE_R14 + BR_EX %r14,%r11 .Lcleanup_system_call_insn: .quad system_call .quad .Lsysc_stmg @@ -1424,7 +1367,7 @@ cleanup_critical: .Lcleanup_sysc_tif: larl %r9,.Lsysc_tif - BR_R11USE_R14 + BR_EX %r14,%r11 .Lcleanup_sysc_restore: # check if stpt has been executed @@ -1441,14 +1384,14 @@ cleanup_critical: mvc 0(64,%r11),__PT_R8(%r9) lmg %r0,%r7,__PT_R0(%r9) 1: lmg %r8,%r9,__LC_RETURN_PSW - BR_R11USE_R14 + BR_EX %r14,%r11 .Lcleanup_sysc_restore_insn: .quad .Lsysc_exit_timer .quad .Lsysc_done - 4 .Lcleanup_io_tif: larl %r9,.Lio_tif - BR_R11USE_R14 + BR_EX %r14,%r11 .Lcleanup_io_restore: # check if stpt has been executed @@ -1462,7 +1405,7 @@ cleanup_critical: mvc 0(64,%r11),__PT_R8(%r9) lmg %r0,%r7,__PT_R0(%r9) 1: lmg %r8,%r9,__LC_RETURN_PSW - BR_R11USE_R14 + BR_EX %r14,%r11 .Lcleanup_io_restore_insn: .quad .Lio_exit_timer .quad .Lio_done - 4 @@ -1515,17 +1458,17 @@ cleanup_critical: # prepare return psw nihh %r8,0xfcfd # clear irq & wait state bits lg %r9,48(%r11) # return from psw_idle - BR_R11USE_R14 + BR_EX %r14,%r11 .Lcleanup_idle_insn: .quad .Lpsw_idle_lpsw .Lcleanup_save_fpu_regs: larl %r9,save_fpu_regs - BR_R11USE_R14 + BR_EX %r14,%r11 .Lcleanup_load_fpu_regs: larl %r9,load_fpu_regs - BR_R11USE_R14 + BR_EX %r14,%r11 /* * Integer constants

7 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] s390: move expoline assembler macros to a header" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 6dd85fbb87d1d6b87a3b1f02ca28d7b2abd2e7ba Mon Sep 17 00:00:00 2001 From: Martin Schwidefsky <schwidefsky(a)de.ibm.com> Date: Fri, 20 Apr 2018 16:49:46 +0200 Subject: [PATCH] s390: move expoline assembler macros to a header To be able to use the expoline branches in different assembler files move the associated macros from entry.S to a new header nospec-insn.h. While we are at it make the macros a bit nicer to use. Cc: stable(a)vger.kernel.org # 4.16 Fixes: f19fbd5ed6 ("s390: introduce execute-trampolines for branches") Signed-off-by: Martin Schwidefsky <schwidefsky(a)de.ibm.com> diff --git a/arch/s390/include/asm/nospec-insn.h b/arch/s390/include/asm/nospec-insn.h new file mode 100644 index 000000000000..440689cbcf51 --- /dev/null +++ b/arch/s390/include/asm/nospec-insn.h @@ -0,0 +1,127 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +#ifndef _ASM_S390_NOSPEC_ASM_H +#define _ASM_S390_NOSPEC_ASM_H + +#include <asm/dwarf.h> + +#ifdef __ASSEMBLY__ + +#ifdef CONFIG_EXPOLINE + +/* + * The expoline macros are used to create thunks in the same format + * as gcc generates them. The 'comdat' section flag makes sure that + * the various thunks are merged into a single copy. + */ + .macro __THUNK_PROLOG_NAME name + .pushsection .text.\name,"axG",@progbits,\name,comdat + .globl \name + .hidden \name + .type \name,@function +\name: + CFI_STARTPROC + .endm + + .macro __THUNK_EPILOG + CFI_ENDPROC + .popsection + .endm + + .macro __THUNK_PROLOG_BR r1,r2 + __THUNK_PROLOG_NAME __s390x_indirect_jump_r\r2\()use_r\r1 + .endm + + .macro __THUNK_BR r1,r2 + jg __s390x_indirect_jump_r\r2\()use_r\r1 + .endm + + .macro __THUNK_BRASL r1,r2,r3 + brasl \r1,__s390x_indirect_jump_r\r3\()use_r\r2 + .endm + + .macro __DECODE_RR expand,reg,ruse + .set __decode_fail,1 + .irp r1,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 + .ifc \reg,%r\r1 + .irp r2,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 + .ifc \ruse,%r\r2 + \expand \r1,\r2 + .set __decode_fail,0 + .endif + .endr + .endif + .endr + .if __decode_fail == 1 + .error "__DECODE_RR failed" + .endif + .endm + + .macro __DECODE_RRR expand,rsave,rtarget,ruse + .set __decode_fail,1 + .irp r1,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 + .ifc \rsave,%r\r1 + .irp r2,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 + .ifc \rtarget,%r\r2 + .irp r3,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 + .ifc \ruse,%r\r3 + \expand \r1,\r2,\r3 + .set __decode_fail,0 + .endif + .endr + .endif + .endr + .endif + .endr + .if __decode_fail == 1 + .error "__DECODE_RRR failed" + .endif + .endm + + .macro __THUNK_EX_BR reg,ruse +#ifdef CONFIG_HAVE_MARCH_Z10_FEATURES + exrl 0,555f + j . +#else + larl \ruse,555f + ex 0,0(\ruse) + j . +#endif +555: br \reg + .endm + + .macro GEN_BR_THUNK reg,ruse=%r1 + __DECODE_RR __THUNK_PROLOG_BR,\reg,\ruse + __THUNK_EX_BR \reg,\ruse + __THUNK_EPILOG + .endm + + .macro BR_EX reg,ruse=%r1 +557: __DECODE_RR __THUNK_BR,\reg,\ruse + .pushsection .s390_indirect_branches,"a",@progbits + .long 557b-. + .popsection + .endm + + .macro BASR_EX rsave,rtarget,ruse=%r1 +559: __DECODE_RRR __THUNK_BRASL,\rsave,\rtarget,\ruse + .pushsection .s390_indirect_branches,"a",@progbits + .long 559b-. + .popsection + .endm + +#else + .macro GEN_BR_THUNK reg,ruse=%r1 + .endm + + .macro BR_EX reg,ruse=%r1 + br \reg + .endm + + .macro BASR_EX rsave,rtarget,ruse=%r1 + basr \rsave,\rtarget + .endm +#endif + +#endif /* __ASSEMBLY__ */ + +#endif /* _ASM_S390_NOSPEC_ASM_H */ diff --git a/arch/s390/kernel/entry.S b/arch/s390/kernel/entry.S index 3f22f139a041..f03402efab4b 100644 --- a/arch/s390/kernel/entry.S +++ b/arch/s390/kernel/entry.S @@ -28,6 +28,7 @@ #include <asm/setup.h> #include <asm/nmi.h> #include <asm/export.h> +#include <asm/nospec-insn.h> __PT_R0 = __PT_GPRS __PT_R1 = __PT_GPRS + 8 @@ -183,67 +184,9 @@ _LPP_OFFSET = __LC_LPP "jnz .+8; .long 0xb2e8d000", 82 .endm -#ifdef CONFIG_EXPOLINE - - .macro GEN_BR_THUNK name,reg,tmp - .section .text.\name,"axG",@progbits,\name,comdat - .globl \name - .hidden \name - .type \name,@function -\name: - CFI_STARTPROC -#ifdef CONFIG_HAVE_MARCH_Z10_FEATURES - exrl 0,0f -#else - larl \tmp,0f - ex 0,0(\tmp) -#endif - j . -0: br \reg - CFI_ENDPROC - .endm - - GEN_BR_THUNK __s390x_indirect_jump_r1use_r9,%r9,%r1 - GEN_BR_THUNK __s390x_indirect_jump_r1use_r14,%r14,%r1 - GEN_BR_THUNK __s390x_indirect_jump_r11use_r14,%r14,%r11 - - .macro BASR_R14_R9 -0: brasl %r14,__s390x_indirect_jump_r1use_r9 - .pushsection .s390_indirect_branches,"a",@progbits - .long 0b-. - .popsection - .endm - - .macro BR_R1USE_R14 -0: jg __s390x_indirect_jump_r1use_r14 - .pushsection .s390_indirect_branches,"a",@progbits - .long 0b-. - .popsection - .endm - - .macro BR_R11USE_R14 -0: jg __s390x_indirect_jump_r11use_r14 - .pushsection .s390_indirect_branches,"a",@progbits - .long 0b-. - .popsection - .endm - -#else /* CONFIG_EXPOLINE */ - - .macro BASR_R14_R9 - basr %r14,%r9 - .endm - - .macro BR_R1USE_R14 - br %r14 - .endm - - .macro BR_R11USE_R14 - br %r14 - .endm - -#endif /* CONFIG_EXPOLINE */ - + GEN_BR_THUNK %r9 + GEN_BR_THUNK %r14 + GEN_BR_THUNK %r14,%r11 .section .kprobes.text, "ax" .Ldummy: @@ -260,7 +203,7 @@ _LPP_OFFSET = __LC_LPP ENTRY(__bpon) .globl __bpon BPON - BR_R1USE_R14 + BR_EX %r14 /* * Scheduler resume function, called by switch_to @@ -284,7 +227,7 @@ ENTRY(__switch_to) mvc __LC_CURRENT_PID(4,%r0),0(%r3) # store pid of next lmg %r6,%r15,__SF_GPRS(%r15) # load gprs of next task ALTERNATIVE "", ".insn s,0xb2800000,_LPP_OFFSET", 40 - BR_R1USE_R14 + BR_EX %r14 .L__critical_start: @@ -351,7 +294,7 @@ sie_exit: xgr %r5,%r5 lmg %r6,%r14,__SF_GPRS(%r15) # restore kernel registers lg %r2,__SF_SIE_REASON(%r15) # return exit reason code - BR_R1USE_R14 + BR_EX %r14 .Lsie_fault: lghi %r14,-EFAULT stg %r14,__SF_SIE_REASON(%r15) # set exit reason code @@ -410,7 +353,7 @@ ENTRY(system_call) lgf %r9,0(%r8,%r10) # get system call add. TSTMSK __TI_flags(%r12),_TIF_TRACE jnz .Lsysc_tracesys - BASR_R14_R9 # call sys_xxxx + BASR_EX %r14,%r9 # call sys_xxxx stg %r2,__PT_R2(%r11) # store return value .Lsysc_return: @@ -595,7 +538,7 @@ ENTRY(system_call) lmg %r3,%r7,__PT_R3(%r11) stg %r7,STACK_FRAME_OVERHEAD(%r15) lg %r2,__PT_ORIG_GPR2(%r11) - BASR_R14_R9 # call sys_xxx + BASR_EX %r14,%r9 # call sys_xxx stg %r2,__PT_R2(%r11) # store return value .Lsysc_tracenogo: TSTMSK __TI_flags(%r12),_TIF_TRACE @@ -619,7 +562,7 @@ ENTRY(ret_from_fork) lmg %r9,%r10,__PT_R9(%r11) # load gprs ENTRY(kernel_thread_starter) la %r2,0(%r10) - BASR_R14_R9 + BASR_EX %r14,%r9 j .Lsysc_tracenogo /* @@ -701,7 +644,7 @@ ENTRY(pgm_check_handler) je .Lpgm_return lgf %r9,0(%r10,%r1) # load address of handler routine lgr %r2,%r11 # pass pointer to pt_regs - BASR_R14_R9 # branch to interrupt-handler + BASR_EX %r14,%r9 # branch to interrupt-handler .Lpgm_return: LOCKDEP_SYS_EXIT tm __PT_PSW+1(%r11),0x01 # returning to user ? @@ -1019,7 +962,7 @@ ENTRY(psw_idle) stpt __TIMER_IDLE_ENTER(%r2) .Lpsw_idle_lpsw: lpswe __SF_EMPTY(%r15) - BR_R1USE_R14 + BR_EX %r14 .Lpsw_idle_end: /* @@ -1061,7 +1004,7 @@ ENTRY(save_fpu_regs) .Lsave_fpu_regs_done: oi __LC_CPU_FLAGS+7,_CIF_FPU .Lsave_fpu_regs_exit: - BR_R1USE_R14 + BR_EX %r14 .Lsave_fpu_regs_end: EXPORT_SYMBOL(save_fpu_regs) @@ -1107,7 +1050,7 @@ load_fpu_regs: .Lload_fpu_regs_done: ni __LC_CPU_FLAGS+7,255-_CIF_FPU .Lload_fpu_regs_exit: - BR_R1USE_R14 + BR_EX %r14 .Lload_fpu_regs_end: .L__critical_end: @@ -1322,7 +1265,7 @@ cleanup_critical: jl 0f clg %r9,BASED(.Lcleanup_table+104) # .Lload_fpu_regs_end jl .Lcleanup_load_fpu_regs -0: BR_R11USE_R14 +0: BR_EX %r14 .align 8 .Lcleanup_table: @@ -1358,7 +1301,7 @@ cleanup_critical: ni __SIE_PROG0C+3(%r9),0xfe # no longer in SIE lctlg %c1,%c1,__LC_USER_ASCE # load primary asce larl %r9,sie_exit # skip forward to sie_exit - BR_R11USE_R14 + BR_EX %r14 #endif .Lcleanup_system_call: @@ -1412,7 +1355,7 @@ cleanup_critical: stg %r15,56(%r11) # r15 stack pointer # set new psw address and exit larl %r9,.Lsysc_do_svc - BR_R11USE_R14 + BR_EX %r14,%r11 .Lcleanup_system_call_insn: .quad system_call .quad .Lsysc_stmg @@ -1424,7 +1367,7 @@ cleanup_critical: .Lcleanup_sysc_tif: larl %r9,.Lsysc_tif - BR_R11USE_R14 + BR_EX %r14,%r11 .Lcleanup_sysc_restore: # check if stpt has been executed @@ -1441,14 +1384,14 @@ cleanup_critical: mvc 0(64,%r11),__PT_R8(%r9) lmg %r0,%r7,__PT_R0(%r9) 1: lmg %r8,%r9,__LC_RETURN_PSW - BR_R11USE_R14 + BR_EX %r14,%r11 .Lcleanup_sysc_restore_insn: .quad .Lsysc_exit_timer .quad .Lsysc_done - 4 .Lcleanup_io_tif: larl %r9,.Lio_tif - BR_R11USE_R14 + BR_EX %r14,%r11 .Lcleanup_io_restore: # check if stpt has been executed @@ -1462,7 +1405,7 @@ cleanup_critical: mvc 0(64,%r11),__PT_R8(%r9) lmg %r0,%r7,__PT_R0(%r9) 1: lmg %r8,%r9,__LC_RETURN_PSW - BR_R11USE_R14 + BR_EX %r14,%r11 .Lcleanup_io_restore_insn: .quad .Lio_exit_timer .quad .Lio_done - 4 @@ -1515,17 +1458,17 @@ cleanup_critical: # prepare return psw nihh %r8,0xfcfd # clear irq & wait state bits lg %r9,48(%r11) # return from psw_idle - BR_R11USE_R14 + BR_EX %r14,%r11 .Lcleanup_idle_insn: .quad .Lpsw_idle_lpsw .Lcleanup_save_fpu_regs: larl %r9,save_fpu_regs - BR_R11USE_R14 + BR_EX %r14,%r11 .Lcleanup_load_fpu_regs: larl %r9,load_fpu_regs - BR_R11USE_R14 + BR_EX %r14,%r11 /* * Integer constants

7 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] s390: move expoline assembler macros to a header" failed to apply to 4.16-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.16-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 6dd85fbb87d1d6b87a3b1f02ca28d7b2abd2e7ba Mon Sep 17 00:00:00 2001 From: Martin Schwidefsky <schwidefsky(a)de.ibm.com> Date: Fri, 20 Apr 2018 16:49:46 +0200 Subject: [PATCH] s390: move expoline assembler macros to a header To be able to use the expoline branches in different assembler files move the associated macros from entry.S to a new header nospec-insn.h. While we are at it make the macros a bit nicer to use. Cc: stable(a)vger.kernel.org # 4.16 Fixes: f19fbd5ed6 ("s390: introduce execute-trampolines for branches") Signed-off-by: Martin Schwidefsky <schwidefsky(a)de.ibm.com> diff --git a/arch/s390/include/asm/nospec-insn.h b/arch/s390/include/asm/nospec-insn.h new file mode 100644 index 000000000000..440689cbcf51 --- /dev/null +++ b/arch/s390/include/asm/nospec-insn.h @@ -0,0 +1,127 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +#ifndef _ASM_S390_NOSPEC_ASM_H +#define _ASM_S390_NOSPEC_ASM_H + +#include <asm/dwarf.h> + +#ifdef __ASSEMBLY__ + +#ifdef CONFIG_EXPOLINE + +/* + * The expoline macros are used to create thunks in the same format + * as gcc generates them. The 'comdat' section flag makes sure that + * the various thunks are merged into a single copy. + */ + .macro __THUNK_PROLOG_NAME name + .pushsection .text.\name,"axG",@progbits,\name,comdat + .globl \name + .hidden \name + .type \name,@function +\name: + CFI_STARTPROC + .endm + + .macro __THUNK_EPILOG + CFI_ENDPROC + .popsection + .endm + + .macro __THUNK_PROLOG_BR r1,r2 + __THUNK_PROLOG_NAME __s390x_indirect_jump_r\r2\()use_r\r1 + .endm + + .macro __THUNK_BR r1,r2 + jg __s390x_indirect_jump_r\r2\()use_r\r1 + .endm + + .macro __THUNK_BRASL r1,r2,r3 + brasl \r1,__s390x_indirect_jump_r\r3\()use_r\r2 + .endm + + .macro __DECODE_RR expand,reg,ruse + .set __decode_fail,1 + .irp r1,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 + .ifc \reg,%r\r1 + .irp r2,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 + .ifc \ruse,%r\r2 + \expand \r1,\r2 + .set __decode_fail,0 + .endif + .endr + .endif + .endr + .if __decode_fail == 1 + .error "__DECODE_RR failed" + .endif + .endm + + .macro __DECODE_RRR expand,rsave,rtarget,ruse + .set __decode_fail,1 + .irp r1,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 + .ifc \rsave,%r\r1 + .irp r2,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 + .ifc \rtarget,%r\r2 + .irp r3,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 + .ifc \ruse,%r\r3 + \expand \r1,\r2,\r3 + .set __decode_fail,0 + .endif + .endr + .endif + .endr + .endif + .endr + .if __decode_fail == 1 + .error "__DECODE_RRR failed" + .endif + .endm + + .macro __THUNK_EX_BR reg,ruse +#ifdef CONFIG_HAVE_MARCH_Z10_FEATURES + exrl 0,555f + j . +#else + larl \ruse,555f + ex 0,0(\ruse) + j . +#endif +555: br \reg + .endm + + .macro GEN_BR_THUNK reg,ruse=%r1 + __DECODE_RR __THUNK_PROLOG_BR,\reg,\ruse + __THUNK_EX_BR \reg,\ruse + __THUNK_EPILOG + .endm + + .macro BR_EX reg,ruse=%r1 +557: __DECODE_RR __THUNK_BR,\reg,\ruse + .pushsection .s390_indirect_branches,"a",@progbits + .long 557b-. + .popsection + .endm + + .macro BASR_EX rsave,rtarget,ruse=%r1 +559: __DECODE_RRR __THUNK_BRASL,\rsave,\rtarget,\ruse + .pushsection .s390_indirect_branches,"a",@progbits + .long 559b-. + .popsection + .endm + +#else + .macro GEN_BR_THUNK reg,ruse=%r1 + .endm + + .macro BR_EX reg,ruse=%r1 + br \reg + .endm + + .macro BASR_EX rsave,rtarget,ruse=%r1 + basr \rsave,\rtarget + .endm +#endif + +#endif /* __ASSEMBLY__ */ + +#endif /* _ASM_S390_NOSPEC_ASM_H */ diff --git a/arch/s390/kernel/entry.S b/arch/s390/kernel/entry.S index 3f22f139a041..f03402efab4b 100644 --- a/arch/s390/kernel/entry.S +++ b/arch/s390/kernel/entry.S @@ -28,6 +28,7 @@ #include <asm/setup.h> #include <asm/nmi.h> #include <asm/export.h> +#include <asm/nospec-insn.h> __PT_R0 = __PT_GPRS __PT_R1 = __PT_GPRS + 8 @@ -183,67 +184,9 @@ _LPP_OFFSET = __LC_LPP "jnz .+8; .long 0xb2e8d000", 82 .endm -#ifdef CONFIG_EXPOLINE - - .macro GEN_BR_THUNK name,reg,tmp - .section .text.\name,"axG",@progbits,\name,comdat - .globl \name - .hidden \name - .type \name,@function -\name: - CFI_STARTPROC -#ifdef CONFIG_HAVE_MARCH_Z10_FEATURES - exrl 0,0f -#else - larl \tmp,0f - ex 0,0(\tmp) -#endif - j . -0: br \reg - CFI_ENDPROC - .endm - - GEN_BR_THUNK __s390x_indirect_jump_r1use_r9,%r9,%r1 - GEN_BR_THUNK __s390x_indirect_jump_r1use_r14,%r14,%r1 - GEN_BR_THUNK __s390x_indirect_jump_r11use_r14,%r14,%r11 - - .macro BASR_R14_R9 -0: brasl %r14,__s390x_indirect_jump_r1use_r9 - .pushsection .s390_indirect_branches,"a",@progbits - .long 0b-. - .popsection - .endm - - .macro BR_R1USE_R14 -0: jg __s390x_indirect_jump_r1use_r14 - .pushsection .s390_indirect_branches,"a",@progbits - .long 0b-. - .popsection - .endm - - .macro BR_R11USE_R14 -0: jg __s390x_indirect_jump_r11use_r14 - .pushsection .s390_indirect_branches,"a",@progbits - .long 0b-. - .popsection - .endm - -#else /* CONFIG_EXPOLINE */ - - .macro BASR_R14_R9 - basr %r14,%r9 - .endm - - .macro BR_R1USE_R14 - br %r14 - .endm - - .macro BR_R11USE_R14 - br %r14 - .endm - -#endif /* CONFIG_EXPOLINE */ - + GEN_BR_THUNK %r9 + GEN_BR_THUNK %r14 + GEN_BR_THUNK %r14,%r11 .section .kprobes.text, "ax" .Ldummy: @@ -260,7 +203,7 @@ _LPP_OFFSET = __LC_LPP ENTRY(__bpon) .globl __bpon BPON - BR_R1USE_R14 + BR_EX %r14 /* * Scheduler resume function, called by switch_to @@ -284,7 +227,7 @@ ENTRY(__switch_to) mvc __LC_CURRENT_PID(4,%r0),0(%r3) # store pid of next lmg %r6,%r15,__SF_GPRS(%r15) # load gprs of next task ALTERNATIVE "", ".insn s,0xb2800000,_LPP_OFFSET", 40 - BR_R1USE_R14 + BR_EX %r14 .L__critical_start: @@ -351,7 +294,7 @@ sie_exit: xgr %r5,%r5 lmg %r6,%r14,__SF_GPRS(%r15) # restore kernel registers lg %r2,__SF_SIE_REASON(%r15) # return exit reason code - BR_R1USE_R14 + BR_EX %r14 .Lsie_fault: lghi %r14,-EFAULT stg %r14,__SF_SIE_REASON(%r15) # set exit reason code @@ -410,7 +353,7 @@ ENTRY(system_call) lgf %r9,0(%r8,%r10) # get system call add. TSTMSK __TI_flags(%r12),_TIF_TRACE jnz .Lsysc_tracesys - BASR_R14_R9 # call sys_xxxx + BASR_EX %r14,%r9 # call sys_xxxx stg %r2,__PT_R2(%r11) # store return value .Lsysc_return: @@ -595,7 +538,7 @@ ENTRY(system_call) lmg %r3,%r7,__PT_R3(%r11) stg %r7,STACK_FRAME_OVERHEAD(%r15) lg %r2,__PT_ORIG_GPR2(%r11) - BASR_R14_R9 # call sys_xxx + BASR_EX %r14,%r9 # call sys_xxx stg %r2,__PT_R2(%r11) # store return value .Lsysc_tracenogo: TSTMSK __TI_flags(%r12),_TIF_TRACE @@ -619,7 +562,7 @@ ENTRY(ret_from_fork) lmg %r9,%r10,__PT_R9(%r11) # load gprs ENTRY(kernel_thread_starter) la %r2,0(%r10) - BASR_R14_R9 + BASR_EX %r14,%r9 j .Lsysc_tracenogo /* @@ -701,7 +644,7 @@ ENTRY(pgm_check_handler) je .Lpgm_return lgf %r9,0(%r10,%r1) # load address of handler routine lgr %r2,%r11 # pass pointer to pt_regs - BASR_R14_R9 # branch to interrupt-handler + BASR_EX %r14,%r9 # branch to interrupt-handler .Lpgm_return: LOCKDEP_SYS_EXIT tm __PT_PSW+1(%r11),0x01 # returning to user ? @@ -1019,7 +962,7 @@ ENTRY(psw_idle) stpt __TIMER_IDLE_ENTER(%r2) .Lpsw_idle_lpsw: lpswe __SF_EMPTY(%r15) - BR_R1USE_R14 + BR_EX %r14 .Lpsw_idle_end: /* @@ -1061,7 +1004,7 @@ ENTRY(save_fpu_regs) .Lsave_fpu_regs_done: oi __LC_CPU_FLAGS+7,_CIF_FPU .Lsave_fpu_regs_exit: - BR_R1USE_R14 + BR_EX %r14 .Lsave_fpu_regs_end: EXPORT_SYMBOL(save_fpu_regs) @@ -1107,7 +1050,7 @@ load_fpu_regs: .Lload_fpu_regs_done: ni __LC_CPU_FLAGS+7,255-_CIF_FPU .Lload_fpu_regs_exit: - BR_R1USE_R14 + BR_EX %r14 .Lload_fpu_regs_end: .L__critical_end: @@ -1322,7 +1265,7 @@ cleanup_critical: jl 0f clg %r9,BASED(.Lcleanup_table+104) # .Lload_fpu_regs_end jl .Lcleanup_load_fpu_regs -0: BR_R11USE_R14 +0: BR_EX %r14 .align 8 .Lcleanup_table: @@ -1358,7 +1301,7 @@ cleanup_critical: ni __SIE_PROG0C+3(%r9),0xfe # no longer in SIE lctlg %c1,%c1,__LC_USER_ASCE # load primary asce larl %r9,sie_exit # skip forward to sie_exit - BR_R11USE_R14 + BR_EX %r14 #endif .Lcleanup_system_call: @@ -1412,7 +1355,7 @@ cleanup_critical: stg %r15,56(%r11) # r15 stack pointer # set new psw address and exit larl %r9,.Lsysc_do_svc - BR_R11USE_R14 + BR_EX %r14,%r11 .Lcleanup_system_call_insn: .quad system_call .quad .Lsysc_stmg @@ -1424,7 +1367,7 @@ cleanup_critical: .Lcleanup_sysc_tif: larl %r9,.Lsysc_tif - BR_R11USE_R14 + BR_EX %r14,%r11 .Lcleanup_sysc_restore: # check if stpt has been executed @@ -1441,14 +1384,14 @@ cleanup_critical: mvc 0(64,%r11),__PT_R8(%r9) lmg %r0,%r7,__PT_R0(%r9) 1: lmg %r8,%r9,__LC_RETURN_PSW - BR_R11USE_R14 + BR_EX %r14,%r11 .Lcleanup_sysc_restore_insn: .quad .Lsysc_exit_timer .quad .Lsysc_done - 4 .Lcleanup_io_tif: larl %r9,.Lio_tif - BR_R11USE_R14 + BR_EX %r14,%r11 .Lcleanup_io_restore: # check if stpt has been executed @@ -1462,7 +1405,7 @@ cleanup_critical: mvc 0(64,%r11),__PT_R8(%r9) lmg %r0,%r7,__PT_R0(%r9) 1: lmg %r8,%r9,__LC_RETURN_PSW - BR_R11USE_R14 + BR_EX %r14,%r11 .Lcleanup_io_restore_insn: .quad .Lio_exit_timer .quad .Lio_done - 4 @@ -1515,17 +1458,17 @@ cleanup_critical: # prepare return psw nihh %r8,0xfcfd # clear irq & wait state bits lg %r9,48(%r11) # return from psw_idle - BR_R11USE_R14 + BR_EX %r14,%r11 .Lcleanup_idle_insn: .quad .Lpsw_idle_lpsw .Lcleanup_save_fpu_regs: larl %r9,save_fpu_regs - BR_R11USE_R14 + BR_EX %r14,%r11 .Lcleanup_load_fpu_regs: larl %r9,load_fpu_regs - BR_R11USE_R14 + BR_EX %r14,%r11 /* * Integer constants

7 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] s390/kernel: use expoline for indirect branches" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From c50c84c3ac4d5db683904bdb3257798b6ef980ae Mon Sep 17 00:00:00 2001 From: Martin Schwidefsky <schwidefsky(a)de.ibm.com> Date: Wed, 25 Apr 2018 18:41:30 +0200 Subject: [PATCH] s390/kernel: use expoline for indirect branches The assember code in arch/s390/kernel uses a few more indirect branches which need to be done with execute trampolines for CONFIG_EXPOLINE=y. Cc: stable(a)vger.kernel.org # 4.16 Fixes: f19fbd5ed6 ("s390: introduce execute-trampolines for branches") Reviewed-by: Hendrik Brueckner <brueckner(a)linux.vnet.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky(a)de.ibm.com> diff --git a/arch/s390/kernel/base.S b/arch/s390/kernel/base.S index f6c56009e822..b65874b0b412 100644 --- a/arch/s390/kernel/base.S +++ b/arch/s390/kernel/base.S @@ -9,18 +9,22 @@ #include <linux/linkage.h> #include <asm/asm-offsets.h> +#include <asm/nospec-insn.h> #include <asm/ptrace.h> #include <asm/sigp.h> + GEN_BR_THUNK %r9 + GEN_BR_THUNK %r14 + ENTRY(s390_base_mcck_handler) basr %r13,0 0: lg %r15,__LC_PANIC_STACK # load panic stack aghi %r15,-STACK_FRAME_OVERHEAD larl %r1,s390_base_mcck_handler_fn - lg %r1,0(%r1) - ltgr %r1,%r1 + lg %r9,0(%r1) + ltgr %r9,%r9 jz 1f - basr %r14,%r1 + BASR_EX %r14,%r9 1: la %r1,4095 lmg %r0,%r15,__LC_GPREGS_SAVE_AREA-4095(%r1) lpswe __LC_MCK_OLD_PSW @@ -37,10 +41,10 @@ ENTRY(s390_base_ext_handler) basr %r13,0 0: aghi %r15,-STACK_FRAME_OVERHEAD larl %r1,s390_base_ext_handler_fn - lg %r1,0(%r1) - ltgr %r1,%r1 + lg %r9,0(%r1) + ltgr %r9,%r9 jz 1f - basr %r14,%r1 + BASR_EX %r14,%r9 1: lmg %r0,%r15,__LC_SAVE_AREA_ASYNC ni __LC_EXT_OLD_PSW+1,0xfd # clear wait state bit lpswe __LC_EXT_OLD_PSW @@ -57,10 +61,10 @@ ENTRY(s390_base_pgm_handler) basr %r13,0 0: aghi %r15,-STACK_FRAME_OVERHEAD larl %r1,s390_base_pgm_handler_fn - lg %r1,0(%r1) - ltgr %r1,%r1 + lg %r9,0(%r1) + ltgr %r9,%r9 jz 1f - basr %r14,%r1 + BASR_EX %r14,%r9 lmg %r0,%r15,__LC_SAVE_AREA_SYNC lpswe __LC_PGM_OLD_PSW 1: lpswe disabled_wait_psw-0b(%r13) @@ -117,7 +121,7 @@ ENTRY(diag308_reset) larl %r4,.Lcontinue_psw # Restore PSW flags lpswe 0(%r4) .Lcontinue: - br %r14 + BR_EX %r14 .align 16 .Lrestart_psw: .long 0x00080000,0x80000000 + .Lrestart_part2 diff --git a/arch/s390/kernel/reipl.S b/arch/s390/kernel/reipl.S index 73cc3750f0d3..7f14adf512c6 100644 --- a/arch/s390/kernel/reipl.S +++ b/arch/s390/kernel/reipl.S @@ -7,8 +7,11 @@ #include <linux/linkage.h> #include <asm/asm-offsets.h> +#include <asm/nospec-insn.h> #include <asm/sigp.h> + GEN_BR_THUNK %r9 + # # Issue "store status" for the current CPU to its prefix page # and call passed function afterwards @@ -67,9 +70,9 @@ ENTRY(store_status) st %r4,0(%r1) st %r5,4(%r1) stg %r2,8(%r1) - lgr %r1,%r2 + lgr %r9,%r2 lgr %r2,%r3 - br %r1 + BR_EX %r9 .section .bss .align 8 diff --git a/arch/s390/kernel/swsusp.S b/arch/s390/kernel/swsusp.S index e99187149f17..a049a7b9d6e8 100644 --- a/arch/s390/kernel/swsusp.S +++ b/arch/s390/kernel/swsusp.S @@ -13,6 +13,7 @@ #include <asm/ptrace.h> #include <asm/thread_info.h> #include <asm/asm-offsets.h> +#include <asm/nospec-insn.h> #include <asm/sigp.h> /* @@ -24,6 +25,8 @@ * (see below) in the resume process. * This function runs with disabled interrupts. */ + GEN_BR_THUNK %r14 + .section .text ENTRY(swsusp_arch_suspend) stmg %r6,%r15,__SF_GPRS(%r15) @@ -103,7 +106,7 @@ ENTRY(swsusp_arch_suspend) spx 0x318(%r1) lmg %r6,%r15,STACK_FRAME_OVERHEAD + __SF_GPRS(%r15) lghi %r2,0 - br %r14 + BR_EX %r14 /* * Restore saved memory image to correct place and restore register context. @@ -197,11 +200,10 @@ pgm_check_entry: larl %r15,init_thread_union ahi %r15,1<<(PAGE_SHIFT+THREAD_SIZE_ORDER) larl %r2,.Lpanic_string - larl %r3,sclp_early_printk lghi %r1,0 sam31 sigp %r1,%r0,SIGP_SET_ARCHITECTURE - basr %r14,%r3 + brasl %r14,sclp_early_printk larl %r3,.Ldisabled_wait_31 lpsw 0(%r3) 4: @@ -267,7 +269,7 @@ restore_registers: /* Return 0 */ lmg %r6,%r15,STACK_FRAME_OVERHEAD + __SF_GPRS(%r15) lghi %r2,0 - br %r14 + BR_EX %r14 .section .data..nosave,"aw",@progbits .align 8

7 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] s390/kernel: use expoline for indirect branches" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From c50c84c3ac4d5db683904bdb3257798b6ef980ae Mon Sep 17 00:00:00 2001 From: Martin Schwidefsky <schwidefsky(a)de.ibm.com> Date: Wed, 25 Apr 2018 18:41:30 +0200 Subject: [PATCH] s390/kernel: use expoline for indirect branches The assember code in arch/s390/kernel uses a few more indirect branches which need to be done with execute trampolines for CONFIG_EXPOLINE=y. Cc: stable(a)vger.kernel.org # 4.16 Fixes: f19fbd5ed6 ("s390: introduce execute-trampolines for branches") Reviewed-by: Hendrik Brueckner <brueckner(a)linux.vnet.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky(a)de.ibm.com> diff --git a/arch/s390/kernel/base.S b/arch/s390/kernel/base.S index f6c56009e822..b65874b0b412 100644 --- a/arch/s390/kernel/base.S +++ b/arch/s390/kernel/base.S @@ -9,18 +9,22 @@ #include <linux/linkage.h> #include <asm/asm-offsets.h> +#include <asm/nospec-insn.h> #include <asm/ptrace.h> #include <asm/sigp.h> + GEN_BR_THUNK %r9 + GEN_BR_THUNK %r14 + ENTRY(s390_base_mcck_handler) basr %r13,0 0: lg %r15,__LC_PANIC_STACK # load panic stack aghi %r15,-STACK_FRAME_OVERHEAD larl %r1,s390_base_mcck_handler_fn - lg %r1,0(%r1) - ltgr %r1,%r1 + lg %r9,0(%r1) + ltgr %r9,%r9 jz 1f - basr %r14,%r1 + BASR_EX %r14,%r9 1: la %r1,4095 lmg %r0,%r15,__LC_GPREGS_SAVE_AREA-4095(%r1) lpswe __LC_MCK_OLD_PSW @@ -37,10 +41,10 @@ ENTRY(s390_base_ext_handler) basr %r13,0 0: aghi %r15,-STACK_FRAME_OVERHEAD larl %r1,s390_base_ext_handler_fn - lg %r1,0(%r1) - ltgr %r1,%r1 + lg %r9,0(%r1) + ltgr %r9,%r9 jz 1f - basr %r14,%r1 + BASR_EX %r14,%r9 1: lmg %r0,%r15,__LC_SAVE_AREA_ASYNC ni __LC_EXT_OLD_PSW+1,0xfd # clear wait state bit lpswe __LC_EXT_OLD_PSW @@ -57,10 +61,10 @@ ENTRY(s390_base_pgm_handler) basr %r13,0 0: aghi %r15,-STACK_FRAME_OVERHEAD larl %r1,s390_base_pgm_handler_fn - lg %r1,0(%r1) - ltgr %r1,%r1 + lg %r9,0(%r1) + ltgr %r9,%r9 jz 1f - basr %r14,%r1 + BASR_EX %r14,%r9 lmg %r0,%r15,__LC_SAVE_AREA_SYNC lpswe __LC_PGM_OLD_PSW 1: lpswe disabled_wait_psw-0b(%r13) @@ -117,7 +121,7 @@ ENTRY(diag308_reset) larl %r4,.Lcontinue_psw # Restore PSW flags lpswe 0(%r4) .Lcontinue: - br %r14 + BR_EX %r14 .align 16 .Lrestart_psw: .long 0x00080000,0x80000000 + .Lrestart_part2 diff --git a/arch/s390/kernel/reipl.S b/arch/s390/kernel/reipl.S index 73cc3750f0d3..7f14adf512c6 100644 --- a/arch/s390/kernel/reipl.S +++ b/arch/s390/kernel/reipl.S @@ -7,8 +7,11 @@ #include <linux/linkage.h> #include <asm/asm-offsets.h> +#include <asm/nospec-insn.h> #include <asm/sigp.h> + GEN_BR_THUNK %r9 + # # Issue "store status" for the current CPU to its prefix page # and call passed function afterwards @@ -67,9 +70,9 @@ ENTRY(store_status) st %r4,0(%r1) st %r5,4(%r1) stg %r2,8(%r1) - lgr %r1,%r2 + lgr %r9,%r2 lgr %r2,%r3 - br %r1 + BR_EX %r9 .section .bss .align 8 diff --git a/arch/s390/kernel/swsusp.S b/arch/s390/kernel/swsusp.S index e99187149f17..a049a7b9d6e8 100644 --- a/arch/s390/kernel/swsusp.S +++ b/arch/s390/kernel/swsusp.S @@ -13,6 +13,7 @@ #include <asm/ptrace.h> #include <asm/thread_info.h> #include <asm/asm-offsets.h> +#include <asm/nospec-insn.h> #include <asm/sigp.h> /* @@ -24,6 +25,8 @@ * (see below) in the resume process. * This function runs with disabled interrupts. */ + GEN_BR_THUNK %r14 + .section .text ENTRY(swsusp_arch_suspend) stmg %r6,%r15,__SF_GPRS(%r15) @@ -103,7 +106,7 @@ ENTRY(swsusp_arch_suspend) spx 0x318(%r1) lmg %r6,%r15,STACK_FRAME_OVERHEAD + __SF_GPRS(%r15) lghi %r2,0 - br %r14 + BR_EX %r14 /* * Restore saved memory image to correct place and restore register context. @@ -197,11 +200,10 @@ pgm_check_entry: larl %r15,init_thread_union ahi %r15,1<<(PAGE_SHIFT+THREAD_SIZE_ORDER) larl %r2,.Lpanic_string - larl %r3,sclp_early_printk lghi %r1,0 sam31 sigp %r1,%r0,SIGP_SET_ARCHITECTURE - basr %r14,%r3 + brasl %r14,sclp_early_printk larl %r3,.Ldisabled_wait_31 lpsw 0(%r3) 4: @@ -267,7 +269,7 @@ restore_registers: /* Return 0 */ lmg %r6,%r15,STACK_FRAME_OVERHEAD + __SF_GPRS(%r15) lghi %r2,0 - br %r14 + BR_EX %r14 .section .data..nosave,"aw",@progbits .align 8

7 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] s390/crc32-vx: use expoline for indirect branches" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 467a3bf219cee12259182c5cb4821f88fd518a51 Mon Sep 17 00:00:00 2001 From: Martin Schwidefsky <schwidefsky(a)de.ibm.com> Date: Mon, 23 Apr 2018 14:31:36 +0200 Subject: [PATCH] s390/crc32-vx: use expoline for indirect branches The return from the crc32_le_vgfm_16/crc32c_le_vgfm_16 and the crc32_be_vgfm_16 functions are done with "br %r14". These are indirect branches as well and need to use execute trampolines for CONFIG_EXPOLINE=y. Cc: stable(a)vger.kernel.org # 4.16 Fixes: f19fbd5ed6 ("s390: introduce execute-trampolines for branches") Reviewed-by: Hendrik Brueckner <brueckner(a)linux.vnet.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky(a)de.ibm.com> diff --git a/arch/s390/crypto/crc32be-vx.S b/arch/s390/crypto/crc32be-vx.S index e8077f0971f8..2bf01ba44107 100644 --- a/arch/s390/crypto/crc32be-vx.S +++ b/arch/s390/crypto/crc32be-vx.S @@ -13,6 +13,7 @@ */ #include <linux/linkage.h> +#include <asm/nospec-insn.h> #include <asm/vx-insn.h> /* Vector register range containing CRC-32 constants */ @@ -67,6 +68,8 @@ .previous + GEN_BR_THUNK %r14 + .text /* * The CRC-32 function(s) use these calling conventions: @@ -203,6 +206,6 @@ ENTRY(crc32_be_vgfm_16) .Ldone: VLGVF %r2,%v2,3 - br %r14 + BR_EX %r14 .previous diff --git a/arch/s390/crypto/crc32le-vx.S b/arch/s390/crypto/crc32le-vx.S index d8c67a58c0c5..7d6f568bd3ad 100644 --- a/arch/s390/crypto/crc32le-vx.S +++ b/arch/s390/crypto/crc32le-vx.S @@ -14,6 +14,7 @@ */ #include <linux/linkage.h> +#include <asm/nospec-insn.h> #include <asm/vx-insn.h> /* Vector register range containing CRC-32 constants */ @@ -76,6 +77,7 @@ .previous + GEN_BR_THUNK %r14 .text @@ -264,6 +266,6 @@ crc32_le_vgfm_generic: .Ldone: VLGVF %r2,%v2,2 - br %r14 + BR_EX %r14 .previous

7 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] s390/lib: use expoline for indirect branches" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 97489e0663fa700d6e7febddc43b58df98d7bcda Mon Sep 17 00:00:00 2001 From: Martin Schwidefsky <schwidefsky(a)de.ibm.com> Date: Mon, 23 Apr 2018 14:31:36 +0200 Subject: [PATCH] s390/lib: use expoline for indirect branches The return from the memmove, memset, memcpy, __memset16, __memset32 and __memset64 functions are done with "br %r14". These are indirect branches as well and need to use execute trampolines for CONFIG_EXPOLINE=y. Cc: stable(a)vger.kernel.org # 4.16 Fixes: f19fbd5ed6 ("s390: introduce execute-trampolines for branches") Reviewed-by: Hendrik Brueckner <brueckner(a)linux.vnet.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky(a)de.ibm.com> diff --git a/arch/s390/lib/mem.S b/arch/s390/lib/mem.S index 495c9c4bacc7..2311f15be9cf 100644 --- a/arch/s390/lib/mem.S +++ b/arch/s390/lib/mem.S @@ -7,6 +7,9 @@ #include <linux/linkage.h> #include <asm/export.h> +#include <asm/nospec-insn.h> + + GEN_BR_THUNK %r14 /* * void *memmove(void *dest, const void *src, size_t n) @@ -33,14 +36,14 @@ ENTRY(memmove) .Lmemmove_forward_remainder: larl %r5,.Lmemmove_mvc ex %r4,0(%r5) - br %r14 + BR_EX %r14 .Lmemmove_reverse: ic %r0,0(%r4,%r3) stc %r0,0(%r4,%r1) brctg %r4,.Lmemmove_reverse ic %r0,0(%r4,%r3) stc %r0,0(%r4,%r1) - br %r14 + BR_EX %r14 .Lmemmove_mvc: mvc 0(1,%r1),0(%r3) EXPORT_SYMBOL(memmove) @@ -77,7 +80,7 @@ ENTRY(memset) .Lmemset_clear_remainder: larl %r3,.Lmemset_xc ex %r4,0(%r3) - br %r14 + BR_EX %r14 .Lmemset_fill: cghi %r4,1 lgr %r1,%r2 @@ -95,10 +98,10 @@ ENTRY(memset) stc %r3,0(%r1) larl %r5,.Lmemset_mvc ex %r4,0(%r5) - br %r14 + BR_EX %r14 .Lmemset_fill_exit: stc %r3,0(%r1) - br %r14 + BR_EX %r14 .Lmemset_xc: xc 0(1,%r1),0(%r1) .Lmemset_mvc: @@ -121,7 +124,7 @@ ENTRY(memcpy) .Lmemcpy_remainder: larl %r5,.Lmemcpy_mvc ex %r4,0(%r5) - br %r14 + BR_EX %r14 .Lmemcpy_loop: mvc 0(256,%r1),0(%r3) la %r1,256(%r1) @@ -159,10 +162,10 @@ ENTRY(__memset\bits) \insn %r3,0(%r1) larl %r5,.L__memset_mvc\bits ex %r4,0(%r5) - br %r14 + BR_EX %r14 .L__memset_exit\bits: \insn %r3,0(%r2) - br %r14 + BR_EX %r14 .L__memset_mvc\bits: mvc \bytes(1,%r1),0(%r1) .endm

7 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] s390/lib: use expoline for indirect branches" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 97489e0663fa700d6e7febddc43b58df98d7bcda Mon Sep 17 00:00:00 2001 From: Martin Schwidefsky <schwidefsky(a)de.ibm.com> Date: Mon, 23 Apr 2018 14:31:36 +0200 Subject: [PATCH] s390/lib: use expoline for indirect branches The return from the memmove, memset, memcpy, __memset16, __memset32 and __memset64 functions are done with "br %r14". These are indirect branches as well and need to use execute trampolines for CONFIG_EXPOLINE=y. Cc: stable(a)vger.kernel.org # 4.16 Fixes: f19fbd5ed6 ("s390: introduce execute-trampolines for branches") Reviewed-by: Hendrik Brueckner <brueckner(a)linux.vnet.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky(a)de.ibm.com> diff --git a/arch/s390/lib/mem.S b/arch/s390/lib/mem.S index 495c9c4bacc7..2311f15be9cf 100644 --- a/arch/s390/lib/mem.S +++ b/arch/s390/lib/mem.S @@ -7,6 +7,9 @@ #include <linux/linkage.h> #include <asm/export.h> +#include <asm/nospec-insn.h> + + GEN_BR_THUNK %r14 /* * void *memmove(void *dest, const void *src, size_t n) @@ -33,14 +36,14 @@ ENTRY(memmove) .Lmemmove_forward_remainder: larl %r5,.Lmemmove_mvc ex %r4,0(%r5) - br %r14 + BR_EX %r14 .Lmemmove_reverse: ic %r0,0(%r4,%r3) stc %r0,0(%r4,%r1) brctg %r4,.Lmemmove_reverse ic %r0,0(%r4,%r3) stc %r0,0(%r4,%r1) - br %r14 + BR_EX %r14 .Lmemmove_mvc: mvc 0(1,%r1),0(%r3) EXPORT_SYMBOL(memmove) @@ -77,7 +80,7 @@ ENTRY(memset) .Lmemset_clear_remainder: larl %r3,.Lmemset_xc ex %r4,0(%r3) - br %r14 + BR_EX %r14 .Lmemset_fill: cghi %r4,1 lgr %r1,%r2 @@ -95,10 +98,10 @@ ENTRY(memset) stc %r3,0(%r1) larl %r5,.Lmemset_mvc ex %r4,0(%r5) - br %r14 + BR_EX %r14 .Lmemset_fill_exit: stc %r3,0(%r1) - br %r14 + BR_EX %r14 .Lmemset_xc: xc 0(1,%r1),0(%r1) .Lmemset_mvc: @@ -121,7 +124,7 @@ ENTRY(memcpy) .Lmemcpy_remainder: larl %r5,.Lmemcpy_mvc ex %r4,0(%r5) - br %r14 + BR_EX %r14 .Lmemcpy_loop: mvc 0(256,%r1),0(%r3) la %r1,256(%r1) @@ -159,10 +162,10 @@ ENTRY(__memset\bits) \insn %r3,0(%r1) larl %r5,.L__memset_mvc\bits ex %r4,0(%r5) - br %r14 + BR_EX %r14 .L__memset_exit\bits: \insn %r3,0(%r2) - br %r14 + BR_EX %r14 .L__memset_mvc\bits: mvc \bytes(1,%r1),0(%r1) .endm

7 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] s390/lib: use expoline for indirect branches" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 97489e0663fa700d6e7febddc43b58df98d7bcda Mon Sep 17 00:00:00 2001 From: Martin Schwidefsky <schwidefsky(a)de.ibm.com> Date: Mon, 23 Apr 2018 14:31:36 +0200 Subject: [PATCH] s390/lib: use expoline for indirect branches The return from the memmove, memset, memcpy, __memset16, __memset32 and __memset64 functions are done with "br %r14". These are indirect branches as well and need to use execute trampolines for CONFIG_EXPOLINE=y. Cc: stable(a)vger.kernel.org # 4.16 Fixes: f19fbd5ed6 ("s390: introduce execute-trampolines for branches") Reviewed-by: Hendrik Brueckner <brueckner(a)linux.vnet.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky(a)de.ibm.com> diff --git a/arch/s390/lib/mem.S b/arch/s390/lib/mem.S index 495c9c4bacc7..2311f15be9cf 100644 --- a/arch/s390/lib/mem.S +++ b/arch/s390/lib/mem.S @@ -7,6 +7,9 @@ #include <linux/linkage.h> #include <asm/export.h> +#include <asm/nospec-insn.h> + + GEN_BR_THUNK %r14 /* * void *memmove(void *dest, const void *src, size_t n) @@ -33,14 +36,14 @@ ENTRY(memmove) .Lmemmove_forward_remainder: larl %r5,.Lmemmove_mvc ex %r4,0(%r5) - br %r14 + BR_EX %r14 .Lmemmove_reverse: ic %r0,0(%r4,%r3) stc %r0,0(%r4,%r1) brctg %r4,.Lmemmove_reverse ic %r0,0(%r4,%r3) stc %r0,0(%r4,%r1) - br %r14 + BR_EX %r14 .Lmemmove_mvc: mvc 0(1,%r1),0(%r3) EXPORT_SYMBOL(memmove) @@ -77,7 +80,7 @@ ENTRY(memset) .Lmemset_clear_remainder: larl %r3,.Lmemset_xc ex %r4,0(%r3) - br %r14 + BR_EX %r14 .Lmemset_fill: cghi %r4,1 lgr %r1,%r2 @@ -95,10 +98,10 @@ ENTRY(memset) stc %r3,0(%r1) larl %r5,.Lmemset_mvc ex %r4,0(%r5) - br %r14 + BR_EX %r14 .Lmemset_fill_exit: stc %r3,0(%r1) - br %r14 + BR_EX %r14 .Lmemset_xc: xc 0(1,%r1),0(%r1) .Lmemset_mvc: @@ -121,7 +124,7 @@ ENTRY(memcpy) .Lmemcpy_remainder: larl %r5,.Lmemcpy_mvc ex %r4,0(%r5) - br %r14 + BR_EX %r14 .Lmemcpy_loop: mvc 0(256,%r1),0(%r3) la %r1,256(%r1) @@ -159,10 +162,10 @@ ENTRY(__memset\bits) \insn %r3,0(%r1) larl %r5,.L__memset_mvc\bits ex %r4,0(%r5) - br %r14 + BR_EX %r14 .L__memset_exit\bits: \insn %r3,0(%r2) - br %r14 + BR_EX %r14 .L__memset_mvc\bits: mvc \bytes(1,%r1),0(%r1) .endm

7 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] s390/lib: use expoline for indirect branches" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 97489e0663fa700d6e7febddc43b58df98d7bcda Mon Sep 17 00:00:00 2001 From: Martin Schwidefsky <schwidefsky(a)de.ibm.com> Date: Mon, 23 Apr 2018 14:31:36 +0200 Subject: [PATCH] s390/lib: use expoline for indirect branches The return from the memmove, memset, memcpy, __memset16, __memset32 and __memset64 functions are done with "br %r14". These are indirect branches as well and need to use execute trampolines for CONFIG_EXPOLINE=y. Cc: stable(a)vger.kernel.org # 4.16 Fixes: f19fbd5ed6 ("s390: introduce execute-trampolines for branches") Reviewed-by: Hendrik Brueckner <brueckner(a)linux.vnet.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky(a)de.ibm.com> diff --git a/arch/s390/lib/mem.S b/arch/s390/lib/mem.S index 495c9c4bacc7..2311f15be9cf 100644 --- a/arch/s390/lib/mem.S +++ b/arch/s390/lib/mem.S @@ -7,6 +7,9 @@ #include <linux/linkage.h> #include <asm/export.h> +#include <asm/nospec-insn.h> + + GEN_BR_THUNK %r14 /* * void *memmove(void *dest, const void *src, size_t n) @@ -33,14 +36,14 @@ ENTRY(memmove) .Lmemmove_forward_remainder: larl %r5,.Lmemmove_mvc ex %r4,0(%r5) - br %r14 + BR_EX %r14 .Lmemmove_reverse: ic %r0,0(%r4,%r3) stc %r0,0(%r4,%r1) brctg %r4,.Lmemmove_reverse ic %r0,0(%r4,%r3) stc %r0,0(%r4,%r1) - br %r14 + BR_EX %r14 .Lmemmove_mvc: mvc 0(1,%r1),0(%r3) EXPORT_SYMBOL(memmove) @@ -77,7 +80,7 @@ ENTRY(memset) .Lmemset_clear_remainder: larl %r3,.Lmemset_xc ex %r4,0(%r3) - br %r14 + BR_EX %r14 .Lmemset_fill: cghi %r4,1 lgr %r1,%r2 @@ -95,10 +98,10 @@ ENTRY(memset) stc %r3,0(%r1) larl %r5,.Lmemset_mvc ex %r4,0(%r5) - br %r14 + BR_EX %r14 .Lmemset_fill_exit: stc %r3,0(%r1) - br %r14 + BR_EX %r14 .Lmemset_xc: xc 0(1,%r1),0(%r1) .Lmemset_mvc: @@ -121,7 +124,7 @@ ENTRY(memcpy) .Lmemcpy_remainder: larl %r5,.Lmemcpy_mvc ex %r4,0(%r5) - br %r14 + BR_EX %r14 .Lmemcpy_loop: mvc 0(256,%r1),0(%r3) la %r1,256(%r1) @@ -159,10 +162,10 @@ ENTRY(__memset\bits) \insn %r3,0(%r1) larl %r5,.L__memset_mvc\bits ex %r4,0(%r5) - br %r14 + BR_EX %r14 .L__memset_exit\bits: \insn %r3,0(%r2) - br %r14 + BR_EX %r14 .L__memset_mvc\bits: mvc \bytes(1,%r1),0(%r1) .endm

7 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] drm/vmwgfx: Set dmabuf_size when vmw_dmabuf_init is" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 91ba9f28a3de97761c2b5fd5df5d88421268e507 Mon Sep 17 00:00:00 2001 From: Deepak Rawat <drawat(a)vmware.com> Date: Tue, 15 May 2018 15:39:09 +0200 Subject: [PATCH] drm/vmwgfx: Set dmabuf_size when vmw_dmabuf_init is successful SOU primary plane prepare_fb hook depends upon dmabuf_size to pin up BO (and not call a new vmw_dmabuf_init) when a new fb size is same as current fb. This was changed in a recent commit which is causing page_flip to fail on VM with low display memory and multi-mon failure when cycle monitors from secondary display. Cc: <stable(a)vger.kernel.org> # 4.14, 4.16 Fixes: 20fb5a635a0c ("drm/vmwgfx: Unpin the screen object backup buffer when not used") Signed-off-by: Deepak Rawat <drawat(a)vmware.com> Reviewed-by: Sinclair Yeh <syeh(a)vmware.com> Signed-off-by: Thomas Hellstrom <thellstrom(a)vmware.com> diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_scrn.c b/drivers/gpu/drm/vmwgfx/vmwgfx_scrn.c index 648f8127f65a..3d667e903beb 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_scrn.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_scrn.c @@ -482,6 +482,8 @@ vmw_sou_primary_plane_prepare_fb(struct drm_plane *plane, return ret; } + vps->dmabuf_size = size; + /* * TTM already thinks the buffer is pinned, but make sure the * pin_count is upped.

7 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] drm/vmwgfx: Set dmabuf_size when vmw_dmabuf_init is" failed to apply to 4.16-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.16-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 91ba9f28a3de97761c2b5fd5df5d88421268e507 Mon Sep 17 00:00:00 2001 From: Deepak Rawat <drawat(a)vmware.com> Date: Tue, 15 May 2018 15:39:09 +0200 Subject: [PATCH] drm/vmwgfx: Set dmabuf_size when vmw_dmabuf_init is successful SOU primary plane prepare_fb hook depends upon dmabuf_size to pin up BO (and not call a new vmw_dmabuf_init) when a new fb size is same as current fb. This was changed in a recent commit which is causing page_flip to fail on VM with low display memory and multi-mon failure when cycle monitors from secondary display. Cc: <stable(a)vger.kernel.org> # 4.14, 4.16 Fixes: 20fb5a635a0c ("drm/vmwgfx: Unpin the screen object backup buffer when not used") Signed-off-by: Deepak Rawat <drawat(a)vmware.com> Reviewed-by: Sinclair Yeh <syeh(a)vmware.com> Signed-off-by: Thomas Hellstrom <thellstrom(a)vmware.com> diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_scrn.c b/drivers/gpu/drm/vmwgfx/vmwgfx_scrn.c index 648f8127f65a..3d667e903beb 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_scrn.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_scrn.c @@ -482,6 +482,8 @@ vmw_sou_primary_plane_prepare_fb(struct drm_plane *plane, return ret; } + vps->dmabuf_size = size; + /* * TTM already thinks the buffer is pinned, but make sure the * pin_count is upped.

7 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] ARM64: dts: marvell: armada-cp110: Add clocks for the xmdio" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From a057344806d035cb9ac991619fa07854e807562d Mon Sep 17 00:00:00 2001 From: Maxime Chevallier <maxime.chevallier(a)bootlin.com> Date: Wed, 25 Apr 2018 13:07:31 +0200 Subject: [PATCH] ARM64: dts: marvell: armada-cp110: Add clocks for the xmdio node The Marvell XSMI controller needs 3 clocks to operate correctly : - The MG clock (clk 5) - The MG Core clock (clk 6) - The GOP clock (clk 18) This commit adds them, to avoid system hangs when using these interfaces. [gregory.clement: use the real first commit to fix and add the cc:stable flag] Fixes: f66b2aff46ea ("arm64: dts: marvell: add xmdio nodes for 7k/8k") Cc: <stable(a)vger.kernel.org> Signed-off-by: Maxime Chevallier <maxime.chevallier(a)bootlin.com> Signed-off-by: Gregory CLEMENT <gregory.clement(a)bootlin.com> diff --git a/arch/arm64/boot/dts/marvell/armada-cp110.dtsi b/arch/arm64/boot/dts/marvell/armada-cp110.dtsi index 48cad7919efa..ca22f9d100f5 100644 --- a/arch/arm64/boot/dts/marvell/armada-cp110.dtsi +++ b/arch/arm64/boot/dts/marvell/armada-cp110.dtsi @@ -141,6 +141,8 @@ #size-cells = <0>; compatible = "marvell,xmdio"; reg = <0x12a600 0x10>; + clocks = <&CP110_LABEL(clk) 1 5>, + <&CP110_LABEL(clk) 1 6>, <&CP110_LABEL(clk) 1 18>; status = "disabled"; };

7 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] ARM64: dts: marvell: armada-cp110: Add mg_core_clk for" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From f43194c1447c9536efb0859c2f3f46f6bf2b9154 Mon Sep 17 00:00:00 2001 From: Maxime Chevallier <maxime.chevallier(a)bootlin.com> Date: Wed, 25 Apr 2018 20:19:47 +0200 Subject: [PATCH] ARM64: dts: marvell: armada-cp110: Add mg_core_clk for ethernet node Marvell PPv2.2 controller present on CP-110 need the extra "mg_core_clk" clock to avoid system hangs when powering some network interfaces up. This issue appeared after a recent clock rework on Armada 7K/8K platforms. This commit adds the new clock and updates the documentation accordingly. [gregory.clement: use the real first commit to fix and add the cc:stable flag] Fixes: e3af9f7c6ece ("RM64: dts: marvell: armada-cp110: Fix clock resources for various node") Cc: <stable(a)vger.kernel.org> Signed-off-by: Maxime Chevallier <maxime.chevallier(a)bootlin.com> Signed-off-by: Gregory CLEMENT <gregory.clement(a)bootlin.com> diff --git a/Documentation/devicetree/bindings/net/marvell-pp2.txt b/Documentation/devicetree/bindings/net/marvell-pp2.txt index 1814fa13f6ab..fc019df0d863 100644 --- a/Documentation/devicetree/bindings/net/marvell-pp2.txt +++ b/Documentation/devicetree/bindings/net/marvell-pp2.txt @@ -21,9 +21,10 @@ Required properties: - main controller clock (for both armada-375-pp2 and armada-7k-pp2) - GOP clock (for both armada-375-pp2 and armada-7k-pp2) - MG clock (only for armada-7k-pp2) + - MG Core clock (only for armada-7k-pp2) - AXI clock (only for armada-7k-pp2) -- clock-names: names of used clocks, must be "pp_clk", "gop_clk", "mg_clk" - and "axi_clk" (the 2 latter only for armada-7k-pp2). +- clock-names: names of used clocks, must be "pp_clk", "gop_clk", "mg_clk", + "mg_core_clk" and "axi_clk" (the 3 latter only for armada-7k-pp2). The ethernet ports are represented by subnodes. At least one port is required. @@ -80,8 +81,8 @@ cpm_ethernet: ethernet@0 { compatible = "marvell,armada-7k-pp22"; reg = <0x0 0x100000>, <0x129000 0xb000>; clocks = <&cpm_syscon0 1 3>, <&cpm_syscon0 1 9>, - <&cpm_syscon0 1 5>, <&cpm_syscon0 1 18>; - clock-names = "pp_clk", "gop_clk", "gp_clk", "axi_clk"; + <&cpm_syscon0 1 5>, <&cpm_syscon0 1 6>, <&cpm_syscon0 1 18>; + clock-names = "pp_clk", "gop_clk", "mg_clk", "mg_core_clk", "axi_clk"; eth0: eth0 { interrupts = <ICU_GRP_NSR 39 IRQ_TYPE_LEVEL_HIGH>, diff --git a/arch/arm64/boot/dts/marvell/armada-cp110.dtsi b/arch/arm64/boot/dts/marvell/armada-cp110.dtsi index ca22f9d100f5..ed2f1237ea1e 100644 --- a/arch/arm64/boot/dts/marvell/armada-cp110.dtsi +++ b/arch/arm64/boot/dts/marvell/armada-cp110.dtsi @@ -38,9 +38,10 @@ compatible = "marvell,armada-7k-pp22"; reg = <0x0 0x100000>, <0x129000 0xb000>; clocks = <&CP110_LABEL(clk) 1 3>, <&CP110_LABEL(clk) 1 9>, - <&CP110_LABEL(clk) 1 5>, <&CP110_LABEL(clk) 1 18>; + <&CP110_LABEL(clk) 1 5>, <&CP110_LABEL(clk) 1 6>, + <&CP110_LABEL(clk) 1 18>; clock-names = "pp_clk", "gop_clk", - "mg_clk", "axi_clk"; + "mg_clk", "mg_core_clk", "axi_clk"; marvell,system-controller = <&CP110_LABEL(syscon0)>; status = "disabled"; dma-coherent;

7 years, 4 months

1
0
0 0

Please apply dd83c161fbcc ("kernel/exit.c: avoid undefined behaviour when calling wait4()") to v4.9.y and older

by Guenter Roeck

Hi Greg, please apply commit dd83c161fbc ("kernel/exit.c: avoid undefined behaviour when calling wait4()") to v4.9.y and older to fix CVE-2018-10087. Thanks, Guenter

7 years, 4 months

2
4
0 0

FAILED: patch "[PATCH] vsprintf: Replace memory barrier with static_key for" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 85f4f12d51397f1648e1f4350f77e24039b82d61 Mon Sep 17 00:00:00 2001 From: "Steven Rostedt (VMware)" <rostedt(a)goodmis.org> Date: Tue, 15 May 2018 22:24:52 -0400 Subject: [PATCH] vsprintf: Replace memory barrier with static_key for random_ptr_key update Reviewing Tobin's patches for getting pointers out early before entropy has been established, I noticed that there's a lone smp_mb() in the code. As with most lone memory barriers, this one appears to be incorrectly used. We currently basically have this: get_random_bytes(&ptr_key, sizeof(ptr_key)); /* * have_filled_random_ptr_key==true is dependent on get_random_bytes(). * ptr_to_id() needs to see have_filled_random_ptr_key==true * after get_random_bytes() returns. */ smp_mb(); WRITE_ONCE(have_filled_random_ptr_key, true); And later we have: if (unlikely(!have_filled_random_ptr_key)) return string(buf, end, "(ptrval)", spec); /* Missing memory barrier here. */ hashval = (unsigned long)siphash_1u64((u64)ptr, &ptr_key); As the CPU can perform speculative loads, we could have a situation with the following: CPU0 CPU1 ---- ---- load ptr_key = 0 store ptr_key = random smp_mb() store have_filled_random_ptr_key load have_filled_random_ptr_key = true BAD BAD BAD! (you're so bad!) Because nothing prevents CPU1 from loading ptr_key before loading have_filled_random_ptr_key. But this race is very unlikely, but we can't keep an incorrect smp_mb() in place. Instead, replace the have_filled_random_ptr_key with a static_branch not_filled_random_ptr_key, that is initialized to true and changed to false when we get enough entropy. If the update happens in early boot, the static_key is updated immediately, otherwise it will have to wait till entropy is filled and this happens in an interrupt handler which can't enable a static_key, as that requires a preemptible context. In that case, a work_queue is used to enable it, as entropy already took too long to establish in the first place waiting a little more shouldn't hurt anything. The benefit of using the static key is that the unlikely branch in vsprintf() now becomes a nop. Link: http://lkml.kernel.org/r/20180515100558.21df515e@gandalf.local.home Cc: stable(a)vger.kernel.org Fixes: ad67b74d2469d ("printk: hash addresses printed with %p") Acked-by: Linus Torvalds <torvalds(a)linux-foundation.org> Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> diff --git a/lib/vsprintf.c b/lib/vsprintf.c index 30c0cb8cc9bc..23920c5ff728 100644 --- a/lib/vsprintf.c +++ b/lib/vsprintf.c @@ -1669,19 +1669,22 @@ char *pointer_string(char *buf, char *end, const void *ptr, return number(buf, end, (unsigned long int)ptr, spec); } -static bool have_filled_random_ptr_key __read_mostly; +static DEFINE_STATIC_KEY_TRUE(not_filled_random_ptr_key); static siphash_key_t ptr_key __read_mostly; -static void fill_random_ptr_key(struct random_ready_callback *unused) +static void enable_ptr_key_workfn(struct work_struct *work) { get_random_bytes(&ptr_key, sizeof(ptr_key)); - /* - * have_filled_random_ptr_key==true is dependent on get_random_bytes(). - * ptr_to_id() needs to see have_filled_random_ptr_key==true - * after get_random_bytes() returns. - */ - smp_mb(); - WRITE_ONCE(have_filled_random_ptr_key, true); + /* Needs to run from preemptible context */ + static_branch_disable(&not_filled_random_ptr_key); +} + +static DECLARE_WORK(enable_ptr_key_work, enable_ptr_key_workfn); + +static void fill_random_ptr_key(struct random_ready_callback *unused) +{ + /* This may be in an interrupt handler. */ + queue_work(system_unbound_wq, &enable_ptr_key_work); } static struct random_ready_callback random_ready = { @@ -1695,7 +1698,8 @@ static int __init initialize_ptr_random(void) if (!ret) { return 0; } else if (ret == -EALREADY) { - fill_random_ptr_key(&random_ready); + /* This is in preemptible context */ + enable_ptr_key_workfn(&enable_ptr_key_work); return 0; } @@ -1709,7 +1713,7 @@ static char *ptr_to_id(char *buf, char *end, void *ptr, struct printf_spec spec) unsigned long hashval; const int default_width = 2 * sizeof(ptr); - if (unlikely(!have_filled_random_ptr_key)) { + if (static_branch_unlikely(&not_filled_random_ptr_key)) { spec.field_width = default_width; /* string length must be less than default_width */ return string(buf, end, "(ptrval)", spec);

7 years, 4 months

2
1
0 0

[PATCH 4.16 00/55] 4.16.10-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.16.10 release. There are 55 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun May 20 08:14:42 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.16.10-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.16.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.16.10-rc1 Willy Tarreau <w(a)1wt.eu> proc: do not access cmdline nor environ from file-backed areas Dave Carroll <david.carroll(a)microsemi.com> scsi: aacraid: Correct hba_send to include iu_type Ursula Braun <ubraun(a)linux.ibm.com> net/smc: keep clcsock reference in smc_tcp_listen_work() Antoine Tenart <antoine.tenart(a)bootlin.com> net: phy: sfp: fix the BR,min computation Israel Rukshin <israelr(a)mellanox.com> net/mlx5: Fix mlx5_get_vector_affinity function Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> mlxsw: core: Fix an error handling path in 'mlxsw_core_bus_device_register()' Hangbin Liu <liuhangbin(a)gmail.com> ipv4: reset fnhe_mtu_locked after cache route flushed Mohammed Gamal <mgamal(a)redhat.com> hv_netvsc: Fix net device attach on older Windows hosts Eric Dumazet <edumazet(a)google.com> tipc: fix one byte leak in tipc_sk_set_orig_addr() Eric Dumazet <edumazet(a)google.com> tcp: restore autocorking Xin Long <lucien.xin(a)gmail.com> sctp: clear the new asoc's stream outcnt in sctp_stream_update John Hurley <john.hurley(a)netronome.com> nfp: flower: set tunnel ttl value to net default Florian Fainelli <f.fainelli(a)gmail.com> net: systemport: Correclty disambiguate driver instances Huy Nguyen <huyn(a)mellanox.com> net/mlx5e: DCBNL fix min inline header size for dscp Ido Schimmel <idosch(a)mellanox.com> mlxsw: spectrum_switchdev: Do not remove mrouter port from MDB's ports list Paolo Abeni <pabeni(a)redhat.com> udp: fix SO_BINDTODEVICE Eric Dumazet <edumazet(a)google.com> nsh: fix infinite loop Jianbo Liu <jianbol(a)mellanox.com> net/mlx5e: Allow offloading ipv4 header re-write for icmp Eric Dumazet <edumazet(a)google.com> ipv6: fix uninit-value in ip6_multipath_l3_keys() Stephen Hemminger <stephen(a)networkplumber.org> hv_netvsc: set master device Talat Batheesh <talatb(a)mellanox.com> net/mlx5: Avoid cleaning flow steering table twice during error flow Tariq Toukan <tariqt(a)mellanox.com> net/mlx5e: TX, Use correct counter in dma_map error flow Jiri Pirko <jiri(a)mellanox.com> net: sched: fix error path in tcf_proto_create() when modules are not configured Debabrata Banerjee <dbanerje(a)akamai.com> bonding: send learning packets for vlans on slave Debabrata Banerjee <dbanerje(a)akamai.com> bonding: do not allow rlb updates to invalid mac Michael Chan <michael.chan(a)broadcom.com> tg3: Fix vunmap() BUG_ON() triggered from tg3_free_consistent(). Yuchung Cheng <ycheng(a)google.com> tcp: ignore Fast Open on repair mode Neal Cardwell <ncardwell(a)google.com> tcp_bbr: fix to zero idle_restart only upon S/ACKed data Xin Long <lucien.xin(a)gmail.com> sctp: use the old asoc when making the cookie-ack chunk in dupcook_d Xin Long <lucien.xin(a)gmail.com> sctp: remove sctp_chunk_put from fail_mark err path in sctp_ulpevent_make_rcvmsg Xin Long <lucien.xin(a)gmail.com> sctp: handle two v4 addrs comparison in sctp_inet6_cmp_addr Xin Long <lucien.xin(a)gmail.com> sctp: fix the issue that the cookie-ack with auth can't get processed Xin Long <lucien.xin(a)gmail.com> sctp: delay the authentication for the duplicated cookie-echo chunk Eric Dumazet <edumazet(a)google.com> rds: do not leak kernel memory to user land Heiner Kallweit <hkallweit1(a)gmail.com> r8169: fix powering up RTL8168h Bjørn Mork <bjorn(a)mork.no> qmi_wwan: do not steal interfaces from class drivers Stefano Brivio <sbrivio(a)redhat.com> openvswitch: Don't swap table in nlattr_set() after OVS_ATTR_NESTED is found Andre Tomt <andre(a)tomt.net> net/tls: Fix connection stall on partial tls record Dave Watson <davejwatson(a)fb.com> net/tls: Don't recursively call push_record during tls_write_space callbacks Lance Richardson <lance.richardson.net(a)gmail.com> net: support compat 64-bit time in {s,g}etsockopt Ursula Braun <ubraun(a)linux.ibm.com> net/smc: restrict non-blocking connect finish Eric Dumazet <edumazet(a)google.com> net_sched: fq: take care of throttled flows before reuse Roman Mashak <mrv(a)mojatatu.com> net sched actions: fix refcnt leak in skbmod Adi Nissim <adin(a)mellanox.com> net/mlx5: E-Switch, Include VF RDMA stats in vport statistics Roi Dayan <roid(a)mellanox.com> net/mlx5e: Err if asked to offload TC match on frag being first Moshe Shemesh <moshe(a)mellanox.com> net/mlx4_en: Verify coalescing parameters are in range Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> net/mlx4_en: Fix an error handling path in 'mlx4_en_init_netdev()' Grygorii Strashko <grygorii.strashko(a)ti.com> net: ethernet: ti: cpsw: fix packet leaking in dual_mac mode Rob Taglang <rob(a)taglang.io> net: ethernet: sun: niu set correct packet size in skb Eric Dumazet <edumazet(a)google.com> llc: better deal with too small mtu Andrey Ignatov <rdna(a)fb.com> ipv4: fix memory leaks in udp_sendmsg, ping_v4_sendmsg Julian Anastasov <ja(a)ssi.bg> ipv4: fix fnhe usage by non-cached routes Eric Dumazet <edumazet(a)google.com> dccp: fix tasklet usage Hangbin Liu <liuhangbin(a)gmail.com> bridge: check iface upper dev when setting master via ioctl Ingo Molnar <mingo(a)elte.hu> 8139too: Use disable_irq_nosync() in rtl8139_poll_controller() ------------- Diffstat: Makefile | 4 +- drivers/infiniband/hw/mlx5/main.c | 2 +- drivers/net/bonding/bond_alb.c | 15 +-- drivers/net/bonding/bond_main.c | 2 + drivers/net/ethernet/broadcom/bcmsysport.c | 16 ++- drivers/net/ethernet/broadcom/tg3.c | 9 +- drivers/net/ethernet/mellanox/mlx4/en_ethtool.c | 16 +++ drivers/net/ethernet/mellanox/mlx4/en_netdev.c | 8 +- drivers/net/ethernet/mellanox/mlx4/mlx4_en.h | 7 +- drivers/net/ethernet/mellanox/mlx5/core/en_dcbnl.c | 8 +- drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 7 +- drivers/net/ethernet/mellanox/mlx5/core/en_tx.c | 20 ++-- drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 11 +- drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 23 ++-- drivers/net/ethernet/mellanox/mlxsw/core.c | 4 +- .../ethernet/mellanox/mlxsw/spectrum_switchdev.c | 12 +-- drivers/net/ethernet/netronome/nfp/flower/action.c | 10 +- drivers/net/ethernet/netronome/nfp/flower/cmsg.h | 5 +- drivers/net/ethernet/realtek/8139too.c | 2 +- drivers/net/ethernet/realtek/r8169.c | 3 + drivers/net/ethernet/sun/niu.c | 5 +- drivers/net/ethernet/ti/cpsw.c | 2 + drivers/net/hyperv/netvsc_drv.c | 3 +- drivers/net/hyperv/rndis_filter.c | 2 +- drivers/net/phy/sfp-bus.c | 2 +- drivers/net/usb/qmi_wwan.c | 12 +++ drivers/scsi/aacraid/commsup.c | 8 +- fs/proc/base.c | 8 +- include/linux/mlx5/driver.h | 12 +-- include/linux/mm.h | 1 + include/net/bonding.h | 1 + include/net/tls.h | 1 + mm/gup.c | 3 + net/bridge/br_if.c | 4 +- net/compat.c | 6 +- net/dccp/ccids/ccid2.c | 14 ++- net/dccp/timer.c | 2 +- net/ipv4/ping.c | 7 +- net/ipv4/route.c | 119 ++++++++++----------- net/ipv4/tcp.c | 5 +- net/ipv4/tcp_bbr.c | 4 +- net/ipv4/udp.c | 11 +- net/ipv6/route.c | 7 +- net/ipv6/udp.c | 4 +- net/llc/af_llc.c | 3 + net/nsh/nsh.c | 4 + net/openvswitch/flow_netlink.c | 9 +- net/rds/recv.c | 1 + net/sched/act_skbmod.c | 5 +- net/sched/cls_api.c | 2 +- net/sched/sch_fq.c | 37 ++++--- net/sctp/associola.c | 30 +++++- net/sctp/inqueue.c | 2 +- net/sctp/ipv6.c | 3 + net/sctp/sm_statefuns.c | 88 ++++++++------- net/sctp/stream.c | 2 + net/sctp/ulpevent.c | 1 - net/smc/af_smc.c | 18 ++-- net/tipc/socket.c | 3 +- net/tls/tls_main.c | 8 ++ 60 files changed, 398 insertions(+), 245 deletions(-)

7 years, 4 months

4
60
0 0

[PATCH] blk-mq: avoid to starve tag allocation after allocation process migrates

by Ming Lei

When the allocation process is scheduled back and the mapped hw queue is changed, do one extra wake up on orignal queue for compensating wake up miss, so other allocations on the orignal queue won't be starved. This patch fixes one request allocation hang issue, which can be triggered easily in case of very low nr_request. Cc: <stable(a)vger.kernel.org> Cc: Omar Sandoval <osandov(a)fb.com> Signed-off-by: Ming Lei <ming.lei(a)redhat.com> --- block/blk-mq-tag.c | 13 +++++++++++++ include/linux/sbitmap.h | 7 +++++++ lib/sbitmap.c | 6 ++++++ 3 files changed, 26 insertions(+) diff --git a/block/blk-mq-tag.c b/block/blk-mq-tag.c index 336dde07b230..a965db489f98 100644 --- a/block/blk-mq-tag.c +++ b/block/blk-mq-tag.c @@ -134,6 +134,8 @@ unsigned int blk_mq_get_tag(struct blk_mq_alloc_data *data) ws = bt_wait_ptr(bt, data->hctx); drop_ctx = data->ctx == NULL; do { + struct sbitmap_queue *bt_orig; + /* * We're out of tags on this hardware queue, kick any * pending IO submits before going to sleep waiting for @@ -159,6 +161,7 @@ unsigned int blk_mq_get_tag(struct blk_mq_alloc_data *data) if (data->ctx) blk_mq_put_ctx(data->ctx); + bt_orig = bt; io_schedule(); data->ctx = blk_mq_get_ctx(data->q); @@ -170,6 +173,16 @@ unsigned int blk_mq_get_tag(struct blk_mq_alloc_data *data) bt = &tags->bitmap_tags; finish_wait(&ws->wait, &wait); + + /* + * If destination hw queue is changed, wake up original + * queue one extra time for compensating the wake up + * miss, so other allocations on original queue won't + * be starved. + */ + if (bt != bt_orig) + sbitmap_queue_wake(bt_orig); + ws = bt_wait_ptr(bt, data->hctx); } while (1); diff --git a/include/linux/sbitmap.h b/include/linux/sbitmap.h index 841585f6e5f2..b23f50355281 100644 --- a/include/linux/sbitmap.h +++ b/include/linux/sbitmap.h @@ -484,6 +484,13 @@ static inline struct sbq_wait_state *sbq_wait_ptr(struct sbitmap_queue *sbq, void sbitmap_queue_wake_all(struct sbitmap_queue *sbq); /** + * sbitmap_wake_up() - Do a regular wake up compensation if the queue + * allocated from is changed after scheduling back. + * @sbq: Bitmap queue to wake up. + */ +void sbitmap_queue_wake_up(struct sbitmap_queue *sbq); + +/** * sbitmap_queue_show() - Dump &struct sbitmap_queue information to a &struct * seq_file. * @sbq: Bitmap queue to show. diff --git a/lib/sbitmap.c b/lib/sbitmap.c index e6a9c06ec70c..c6ae4206bcb1 100644 --- a/lib/sbitmap.c +++ b/lib/sbitmap.c @@ -466,6 +466,12 @@ static void sbq_wake_up(struct sbitmap_queue *sbq) } } +void sbitmap_queue_wake_up(struct sbitmap_queue *sbq) +{ + sbq_wake_up(sbq); +} +EXPORT_SYMBOL_GPL(sbitmap_queue_wake_up); + void sbitmap_queue_clear(struct sbitmap_queue *sbq, unsigned int nr, unsigned int cpu) { -- 2.9.5

7 years, 4 months

1
0
0 0

[PATCH] x86/mm: Drop TS_COMPAT on 64-bit exec() syscall

by Dmitry Safonov

The x86 mmap() code selects the mmap base for an allocation depending on the bitness of the syscall. For 64bit sycalls it select mm->mmap_base and for 32bit mm->mmap_compat_base. exec() calls mmap() which in turn uses in_compat_syscall() to check whether the mapping is for a 32bit or a 64bit task. The decision is made on the following criteria: ia32 child->thread.status & TS_COMPAT x32 child->pt_regs.orig_ax & __X32_SYSCALL_BIT ia64 !ia32 && !x32 __set_personality_x32() was dropping TS_COMPAT flag, but set_personality_64bit() has kept compat syscall flag making in_compat_syscall() return true during the first exec() syscall. Which in result has user-visible effects, mentioned by Alexey: 1) It breaks ASAN $ gcc -fsanitize=address wrap.c -o wrap-asan $ ./wrap32 ./wrap-asan true ==1217==Shadow memory range interleaves with an existing memory mapping. ASan cannot proceed correctly. ABORTING. ==1217==ASan shadow was supposed to be located in the [0x00007fff7000-0x10007fff7fff] range. ==1217==Process memory map follows: 0x000000400000-0x000000401000 /home/izbyshev/test/gcc/asan-exec-from-32bit/wrap-asan 0x000000600000-0x000000601000 /home/izbyshev/test/gcc/asan-exec-from-32bit/wrap-asan 0x000000601000-0x000000602000 /home/izbyshev/test/gcc/asan-exec-from-32bit/wrap-asan 0x0000f7dbd000-0x0000f7de2000 /lib64/ld-2.27.so 0x0000f7fe2000-0x0000f7fe3000 /lib64/ld-2.27.so 0x0000f7fe3000-0x0000f7fe4000 /lib64/ld-2.27.so 0x0000f7fe4000-0x0000f7fe5000 0x7fed9abff000-0x7fed9af54000 0x7fed9af54000-0x7fed9af6b000 /lib64/libgcc_s.so.1 [snip] 2) It doesn't seem to be great for security if an attacker always knows that ld.so is going to be mapped into the first 4GB in this case (the same thing happens for PIEs as well). The testcase: $ cat wrap.c int main(int argc, char *argv[]) { execvp(argv[1], &argv[1]); return 127; } $ gcc wrap.c -o wrap $ LD_SHOW_AUXV=1 ./wrap ./wrap true |& grep AT_BASE AT_BASE: 0x7f63b8309000 AT_BASE: 0x7faec143c000 AT_BASE: 0x7fbdb25fa000 $ gcc -m32 wrap.c -o wrap32 $ LD_SHOW_AUXV=1 ./wrap32 ./wrap true |& grep AT_BASE AT_BASE: 0xf7eff000 AT_BASE: 0xf7cee000 AT_BASE: 0x7f8b9774e000 Fixes: commit 1b028f784e8c ("x86/mm: Introduce mmap_compat_base() for 32-bit mmap()") commit ada26481dfe6 ("x86/mm: Make in_compat_syscall() work during exec") Cc: Borislav Petkov <bp(a)suse.de> Cc: Cyrill Gorcunov <gorcunov(a)openvz.org> Cc: Dmitry Safonov <0x7f454c46(a)gmail.com> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: "Kirill A. Shutemov" <kirill.shutemov(a)linux.intel.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: <linux-mm(a)kvack.org> Cc: <x86(a)kernel.org> Cc: <stable(a)vger.kernel.org> # v4.12+ Reported-by: Alexey Izbyshev <izbyshev(a)ispras.ru> Bisected-by: Alexander Monakov <amonakov(a)ispras.ru> Investigated-by: Andy Lutomirski <luto(a)kernel.org> Signed-off-by: Dmitry Safonov <dima(a)arista.com> --- arch/x86/kernel/process_64.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c index 4b100fe0f508..12bb445fb98d 100644 --- a/arch/x86/kernel/process_64.c +++ b/arch/x86/kernel/process_64.c @@ -542,6 +542,7 @@ void set_personality_64bit(void) clear_thread_flag(TIF_X32); /* Pretend that this comes from a 64bit execve */ task_pt_regs(current)->orig_ax = __NR_execve; + current_thread_info()->status &= ~TS_COMPAT; /* Ensure the corresponding mm is not marked. */ if (current->mm) -- 2.13.6

7 years, 4 months

4
10
0 0

[patch 09/10] mm: don't allow deferred pages with NEED_PER_CPU_KM

by akpm＠linux-foundation.org

From: Pavel Tatashin <pasha.tatashin(a)oracle.com> Subject: mm: don't allow deferred pages with NEED_PER_CPU_KM It is unsafe to do virtual to physical translations before mm_init() is called if struct page is needed in order to determine the memory section number (see SECTION_IN_PAGE_FLAGS). This is because only in mm_init() we initialize struct pages for all the allocated memory when deferred struct pages are used. My recent fix c9e97a1997 ("mm: initialize pages on demand during boot") exposed this problem, because it greatly reduced number of pages that are initialized before mm_init(), but the problem existed even before my fix, as Fengguang Wu found. Below is a more detailed explanation of the problem. We initialize struct pages in four places: 1. Early in boot a small set of struct pages is initialized to fill the first section, and lower zones. 2. During mm_init() we initialize "struct pages" for all the memory that is allocated, i.e reserved in memblock. 3. Using on-demand logic when pages are allocated after mm_init call (when memblock is finished) 4. After smp_init() when the rest free deferred pages are initialized. The problem occurs if we try to do va to phys translation of a memory between steps 1 and 2. Because we have not yet initialized struct pages for all the reserved pages, it is inherently unsafe to do va to phys if the translation itself requires access of "struct page" as in case of this combination: CONFIG_SPARSE && !CONFIG_SPARSE_VMEMMAP The following path exposes the problem: start_kernel() trap_init() setup_cpu_entry_areas() setup_cpu_entry_area(cpu) get_cpu_gdt_paddr(cpu) per_cpu_ptr_to_phys(addr) pcpu_addr_to_page(addr) virt_to_page(addr) pfn_to_page(__pa(addr) >> PAGE_SHIFT) We disable this path by not allowing NEED_PER_CPU_KM with deferred struct pages feature. The problems are discussed in these threads: http://lkml.kernel.org/r/20180418135300.inazvpxjxowogyge@wfg-t540p.sh.intel… http://lkml.kernel.org/r/20180419013128.iurzouiqxvcnpbvz@wfg-t540p.sh.intel… http://lkml.kernel.org/r/20180426202619.2768-1-pasha.tatashin@oracle.com Link: http://lkml.kernel.org/r/20180515175124.1770-1-pasha.tatashin@oracle.com Fixes: 3a80a7fa7989 ("mm: meminit: initialise a subset of struct pages if CONFIG_DEFERRED_STRUCT_PAGE_INIT is set") Signed-off-by: Pavel Tatashin <pasha.tatashin(a)oracle.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Reviewed-by: Andrew Morton <akpm(a)linux-foundation.org> Cc: Steven Sistare <steven.sistare(a)oracle.com> Cc: Daniel Jordan <daniel.m.jordan(a)oracle.com> Cc: Mel Gorman <mgorman(a)techsingularity.net> Cc: Fengguang Wu <fengguang.wu(a)intel.com> Cc: Dennis Zhou <dennisszhou(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/Kconfig | 1 + 1 file changed, 1 insertion(+) diff -puN mm/Kconfig~mm-dont-allow-deferred-pages-with-need_per_cpu_km mm/Kconfig --- a/mm/Kconfig~mm-dont-allow-deferred-pages-with-need_per_cpu_km +++ a/mm/Kconfig @@ -636,6 +636,7 @@ config DEFERRED_STRUCT_PAGE_INIT default n depends on NO_BOOTMEM depends on !FLATMEM + depends on !NEED_PER_CPU_KM help Ordinarily all struct pages are initialised during early boot in a single thread. On very large machines this can take a considerable _

7 years, 4 months

1
0
0 0

[patch 07/10] radix tree: fix multi-order iteration race

by akpm＠linux-foundation.org

From: Ross Zwisler <ross.zwisler(a)linux.intel.com> Subject: radix tree: fix multi-order iteration race Fix a race in the multi-order iteration code which causes the kernel to hit a GP fault. This was first seen with a production v4.15 based kernel (4.15.6-300.fc27.x86_64) utilizing a DAX workload which used order 9 PMD DAX entries. The race has to do with how we tear down multi-order sibling entries when we are removing an item from the tree. Remember for example that an order 2 entry looks like this: struct radix_tree_node.slots[] = [entry][sibling][sibling][sibling] where 'entry' is in some slot in the struct radix_tree_node, and the three slots following 'entry' contain sibling pointers which point back to 'entry.' When we delete 'entry' from the tree, we call : radix_tree_delete() radix_tree_delete_item() __radix_tree_delete() replace_slot() replace_slot() first removes the siblings in order from the first to the last, then at then replaces 'entry' with NULL. This means that for a brief period of time we end up with one or more of the siblings removed, so: struct radix_tree_node.slots[] = [entry][NULL][sibling][sibling] This causes an issue if you have a reader iterating over the slots in the tree via radix_tree_for_each_slot() while only under rcu_read_lock()/rcu_read_unlock() protection. This is a common case in mm/filemap.c. The issue is that when __radix_tree_next_slot() => skip_siblings() tries to skip over the sibling entries in the slots, it currently does so with an exact match on the slot directly preceding our current slot. Normally this works: V preceding slot struct radix_tree_node.slots[] = [entry][sibling][sibling][sibling] ^ current slot This lets you find the first sibling, and you skip them all in order. But in the case where one of the siblings is NULL, that slot is skipped and then our sibling detection is interrupted: V preceding slot struct radix_tree_node.slots[] = [entry][NULL][sibling][sibling] ^ current slot This means that the sibling pointers aren't recognized since they point all the way back to 'entry', so we think that they are normal internal radix tree pointers. This causes us to think we need to walk down to a struct radix_tree_node starting at the address of 'entry'. In a real running kernel this will crash the thread with a GP fault when you try and dereference the slots in your broken node starting at 'entry'. We fix this race by fixing the way that skip_siblings() detects sibling nodes. Instead of testing against the preceding slot we instead look for siblings via is_sibling_entry() which compares against the position of the struct radix_tree_node.slots[] array. This ensures that sibling entries are properly identified, even if they are no longer contiguous with the 'entry' they point to. Link: http://lkml.kernel.org/r/20180503192430.7582-6-ross.zwisler@linux.intel.com Fixes: 148deab223b2 ("radix-tree: improve multiorder iterators") Signed-off-by: Ross Zwisler <ross.zwisler(a)linux.intel.com> Reported-by: CR, Sapthagirish <sapthagirish.cr(a)intel.com> Reviewed-by: Jan Kara <jack(a)suse.cz> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: Christoph Hellwig <hch(a)lst.de> Cc: Dan Williams <dan.j.williams(a)intel.com> Cc: Dave Chinner <david(a)fromorbit.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- lib/radix-tree.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff -puN lib/radix-tree.c~radix-tree-fix-multi-order-iteration-race lib/radix-tree.c --- a/lib/radix-tree.c~radix-tree-fix-multi-order-iteration-race +++ a/lib/radix-tree.c @@ -1612,11 +1612,9 @@ static void set_iter_tags(struct radix_t static void __rcu **skip_siblings(struct radix_tree_node **nodep, void __rcu **slot, struct radix_tree_iter *iter) { - void *sib = node_to_entry(slot - 1); - while (iter->index < iter->next_index) { *nodep = rcu_dereference_raw(*slot); - if (*nodep && *nodep != sib) + if (*nodep && !is_sibling_entry(iter->node, *nodep)) return slot; slot++; iter->index = __radix_tree_iter_add(iter, 1); @@ -1631,7 +1629,7 @@ void __rcu **__radix_tree_next_slot(void struct radix_tree_iter *iter, unsigned flags) { unsigned tag = flags & RADIX_TREE_ITER_TAG_MASK; - struct radix_tree_node *node = rcu_dereference_raw(*slot); + struct radix_tree_node *node; slot = skip_siblings(&node, slot, iter); _

7 years, 4 months

1
0
0 0

[patch 01/10] lib/test_bitmap.c: fix bitmap optimisation tests to report errors correctly

by akpm＠linux-foundation.org

From: Matthew Wilcox <mawilcox(a)microsoft.com> Subject: lib/test_bitmap.c: fix bitmap optimisation tests to report errors correctly I had neglected to increment the error counter when the tests failed, which made the tests noisy when they fail, but not actually return an error code. Link: http://lkml.kernel.org/r/20180509114328.9887-1-mpe@ellerman.id.au Fixes: 3cc78125a081 ("lib/test_bitmap.c: add optimisation tests") Signed-off-by: Matthew Wilcox <mawilcox(a)microsoft.com> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> Reported-by: Michael Ellerman <mpe(a)ellerman.id.au> Tested-by: Michael Ellerman <mpe(a)ellerman.id.au> Reviewed-by: Kees Cook <keescook(a)chromium.org> Cc: Yury Norov <ynorov(a)caviumnetworks.com> Cc: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Cc: Geert Uytterhoeven <geert(a)linux-m68k.org> Cc: <stable(a)vger.kernel.org> [4.13+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- lib/test_bitmap.c | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff -puN lib/test_bitmap.c~lib-test_bitmapc-fix-bitmap-optimisation-tests-to-report-errors-correctly lib/test_bitmap.c --- a/lib/test_bitmap.c~lib-test_bitmapc-fix-bitmap-optimisation-tests-to-report-errors-correctly +++ a/lib/test_bitmap.c @@ -331,23 +331,32 @@ static void noinline __init test_mem_opt unsigned int start, nbits; for (start = 0; start < 1024; start += 8) { - memset(bmap1, 0x5a, sizeof(bmap1)); - memset(bmap2, 0x5a, sizeof(bmap2)); for (nbits = 0; nbits < 1024 - start; nbits += 8) { + memset(bmap1, 0x5a, sizeof(bmap1)); + memset(bmap2, 0x5a, sizeof(bmap2)); + bitmap_set(bmap1, start, nbits); __bitmap_set(bmap2, start, nbits); - if (!bitmap_equal(bmap1, bmap2, 1024)) + if (!bitmap_equal(bmap1, bmap2, 1024)) { printk("set not equal %d %d\n", start, nbits); - if (!__bitmap_equal(bmap1, bmap2, 1024)) + failed_tests++; + } + if (!__bitmap_equal(bmap1, bmap2, 1024)) { printk("set not __equal %d %d\n", start, nbits); + failed_tests++; + } bitmap_clear(bmap1, start, nbits); __bitmap_clear(bmap2, start, nbits); - if (!bitmap_equal(bmap1, bmap2, 1024)) + if (!bitmap_equal(bmap1, bmap2, 1024)) { printk("clear not equal %d %d\n", start, nbits); - if (!__bitmap_equal(bmap1, bmap2, 1024)) + failed_tests++; + } + if (!__bitmap_equal(bmap1, bmap2, 1024)) { printk("clear not __equal %d %d\n", start, nbits); + failed_tests++; + } } } } _

7 years, 4 months

1
0
0 0

[PATCH v11 01/10] media: v4l: vsp1: Release buffers for each video node

by Kieran Bingham

From: Kieran Bingham <kieran.bingham+renesas(a)ideasonboard.com> Commit 372b2b0399fc ("media: v4l: vsp1: Release buffers in start_streaming error path") introduced a helper to clean up buffers on error paths, but inadvertently changed the code such that only the output WPF buffers were cleaned, rather than the video node being operated on. Since then vsp1_video_cleanup_pipeline() has grown to perform both video node cleanup, as well as pipeline cleanup. Split the implementation into two distinct functions that perform the required work, so that each video node can release it's buffers correctly on streamoff. The pipe cleanup that was performed in the vsp1_video_stop_streaming() (releasing the pipe->dl) is moved to the function for clarity. Fixes: 372b2b0399fc ("media: v4l: vsp1: Release buffers in start_streaming error path") Cc: stable(a)vger.kernel.org # v4.13+ Signed-off-by: Kieran Bingham <kieran.bingham+renesas(a)ideasonboard.com> --- drivers/media/platform/vsp1/vsp1_video.c | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/drivers/media/platform/vsp1/vsp1_video.c b/drivers/media/platform/vsp1/vsp1_video.c index c8c12223a267..ba89dd176a13 100644 --- a/drivers/media/platform/vsp1/vsp1_video.c +++ b/drivers/media/platform/vsp1/vsp1_video.c @@ -842,9 +842,8 @@ static int vsp1_video_setup_pipeline(struct vsp1_pipeline *pipe) return 0; } -static void vsp1_video_cleanup_pipeline(struct vsp1_pipeline *pipe) +static void vsp1_video_release_buffers(struct vsp1_video *video) { - struct vsp1_video *video = pipe->output->video; struct vsp1_vb2_buffer *buffer; unsigned long flags; @@ -854,12 +853,18 @@ static void vsp1_video_cleanup_pipeline(struct vsp1_pipeline *pipe) vb2_buffer_done(&buffer->buf.vb2_buf, VB2_BUF_STATE_ERROR); INIT_LIST_HEAD(&video->irqqueue); spin_unlock_irqrestore(&video->irqlock, flags); +} + +static void vsp1_video_cleanup_pipeline(struct vsp1_pipeline *pipe) +{ + lockdep_assert_held(&pipe->lock); /* Release our partition table allocation */ - mutex_lock(&pipe->lock); kfree(pipe->part_table); pipe->part_table = NULL; - mutex_unlock(&pipe->lock); + + vsp1_dl_list_put(pipe->dl); + pipe->dl = NULL; } static int vsp1_video_start_streaming(struct vb2_queue *vq, unsigned int count) @@ -874,8 +879,9 @@ static int vsp1_video_start_streaming(struct vb2_queue *vq, unsigned int count) if (pipe->stream_count == pipe->num_inputs) { ret = vsp1_video_setup_pipeline(pipe); if (ret < 0) { - mutex_unlock(&pipe->lock); + vsp1_video_release_buffers(video); vsp1_video_cleanup_pipeline(pipe); + mutex_unlock(&pipe->lock); return ret; } @@ -925,13 +931,12 @@ static void vsp1_video_stop_streaming(struct vb2_queue *vq) if (ret == -ETIMEDOUT) dev_err(video->vsp1->dev, "pipeline stop timeout\n"); - vsp1_dl_list_put(pipe->dl); - pipe->dl = NULL; + vsp1_video_cleanup_pipeline(pipe); } mutex_unlock(&pipe->lock); media_pipeline_stop(&video->video.entity); - vsp1_video_cleanup_pipeline(pipe); + vsp1_video_release_buffers(video); vsp1_video_pipeline_put(pipe); } -- git-series 0.9.1

7 years, 4 months

3
2
0 0

[PATCH 4.9 00/33] 4.9.101-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.9.101 release. There are 33 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun May 20 08:15:20 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.101-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.9.101-rc1 Willy Tarreau <w(a)1wt.eu> proc: do not access cmdline nor environ from file-backed areas Jakub Kicinski <jakub.kicinski(a)netronome.com> nfp: TX time stamp packets before HW doorbell is rung James Chapman <jchapman(a)katalix.com> l2tp: revert "l2tp: fix missing print session offset info" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "ARM: dts: imx6qdl-wandboard: Fix audio channel swap" Vasily Averin <vvs(a)virtuozzo.com> lockd: lost rollback of set_grace_period() in lockd_down_net() Antony Antony <antony(a)phenome.org> xfrm: fix xfrm_do_migrate() with AEAD e.g(AES-GCM) Jiri Slaby <jslaby(a)suse.cz> futex: Remove duplicated code and fix undefined behaviour Alexey Khoroshilov <khoroshilov(a)ispras.ru> serial: sccnxp: Fix error handling in sccnxp_probe() Xin Long <lucien.xin(a)gmail.com> sctp: delay the authentication for the duplicated cookie-echo chunk Xin Long <lucien.xin(a)gmail.com> sctp: fix the issue that the cookie-ack with auth can't get processed Yuchung Cheng <ycheng(a)google.com> tcp: ignore Fast Open on repair mode Debabrata Banerjee <dbanerje(a)akamai.com> bonding: send learning packets for vlans on slave Talat Batheesh <talatb(a)mellanox.com> net/mlx5: Avoid cleaning flow steering table twice during error flow Debabrata Banerjee <dbanerje(a)akamai.com> bonding: do not allow rlb updates to invalid mac Michael Chan <michael.chan(a)broadcom.com> tg3: Fix vunmap() BUG_ON() triggered from tg3_free_consistent(). Neal Cardwell <ncardwell(a)google.com> tcp_bbr: fix to zero idle_restart only upon S/ACKed data Xin Long <lucien.xin(a)gmail.com> sctp: use the old asoc when making the cookie-ack chunk in dupcook_d Xin Long <lucien.xin(a)gmail.com> sctp: remove sctp_chunk_put from fail_mark err path in sctp_ulpevent_make_rcvmsg Xin Long <lucien.xin(a)gmail.com> sctp: handle two v4 addrs comparison in sctp_inet6_cmp_addr Heiner Kallweit <hkallweit1(a)gmail.com> r8169: fix powering up RTL8168h Bjørn Mork <bjorn(a)mork.no> qmi_wwan: do not steal interfaces from class drivers Stefano Brivio <sbrivio(a)redhat.com> openvswitch: Don't swap table in nlattr_set() after OVS_ATTR_NESTED is found Lance Richardson <lance.richardson.net(a)gmail.com> net: support compat 64-bit time in {s,g}etsockopt Eric Dumazet <edumazet(a)google.com> net_sched: fq: take care of throttled flows before reuse Adi Nissim <adin(a)mellanox.com> net/mlx5: E-Switch, Include VF RDMA stats in vport statistics Moshe Shemesh <moshe(a)mellanox.com> net/mlx4_en: Verify coalescing parameters are in range Grygorii Strashko <grygorii.strashko(a)ti.com> net: ethernet: ti: cpsw: fix packet leaking in dual_mac mode Rob Taglang <rob(a)taglang.io> net: ethernet: sun: niu set correct packet size in skb Eric Dumazet <edumazet(a)google.com> llc: better deal with too small mtu Andrey Ignatov <rdna(a)fb.com> ipv4: fix memory leaks in udp_sendmsg, ping_v4_sendmsg Eric Dumazet <edumazet(a)google.com> dccp: fix tasklet usage Hangbin Liu <liuhangbin(a)gmail.com> bridge: check iface upper dev when setting master via ioctl Ingo Molnar <mingo(a)elte.hu> 8139too: Use disable_irq_nosync() in rtl8139_poll_controller() ------------- Diffstat: Makefile | 4 +- arch/alpha/include/asm/futex.h | 26 ++----- arch/arc/include/asm/futex.h | 40 ++-------- arch/arm/boot/dts/imx6qdl-wandboard.dtsi | 1 - arch/arm/include/asm/futex.h | 26 +------ arch/arm64/include/asm/futex.h | 27 +------ arch/frv/include/asm/futex.h | 3 +- arch/frv/kernel/futex.c | 27 +------ arch/hexagon/include/asm/futex.h | 38 +-------- arch/ia64/include/asm/futex.h | 25 +----- arch/microblaze/include/asm/futex.h | 38 +-------- arch/mips/include/asm/futex.h | 25 +----- arch/parisc/include/asm/futex.h | 26 +------ arch/powerpc/include/asm/futex.h | 26 ++----- arch/s390/include/asm/futex.h | 23 ++---- arch/sh/include/asm/futex.h | 26 +------ arch/sparc/include/asm/futex_64.h | 26 ++----- arch/tile/include/asm/futex.h | 40 ++-------- arch/x86/include/asm/futex.h | 40 ++-------- arch/xtensa/include/asm/futex.h | 27 ++----- drivers/net/bonding/bond_alb.c | 15 ++-- drivers/net/bonding/bond_main.c | 2 + drivers/net/ethernet/broadcom/tg3.c | 9 ++- drivers/net/ethernet/mellanox/mlx4/en_ethtool.c | 16 ++++ drivers/net/ethernet/mellanox/mlx4/mlx4_en.h | 7 +- drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 11 ++- drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 21 +++-- .../net/ethernet/netronome/nfp/nfp_net_common.c | 4 +- drivers/net/ethernet/realtek/8139too.c | 2 +- drivers/net/ethernet/realtek/r8169.c | 3 + drivers/net/ethernet/sun/niu.c | 5 +- drivers/net/ethernet/ti/cpsw.c | 2 + drivers/net/usb/qmi_wwan.c | 12 +++ drivers/tty/serial/sccnxp.c | 13 +++- fs/lockd/svc.c | 2 + fs/proc/base.c | 10 +-- include/asm-generic/futex.h | 50 +++--------- include/linux/mm.h | 1 + include/net/bonding.h | 1 + kernel/futex.c | 39 ++++++++++ mm/gup.c | 3 + net/bridge/br_if.c | 4 +- net/compat.c | 6 +- net/dccp/ccids/ccid2.c | 14 +++- net/dccp/timer.c | 2 +- net/ipv4/ping.c | 7 +- net/ipv4/tcp.c | 2 +- net/ipv4/tcp_bbr.c | 4 +- net/ipv4/udp.c | 7 +- net/l2tp/l2tp_netlink.c | 2 - net/llc/af_llc.c | 3 + net/openvswitch/flow_netlink.c | 9 +-- net/sched/sch_fq.c | 37 ++++++--- net/sctp/associola.c | 30 +++++++- net/sctp/inqueue.c | 2 +- net/sctp/ipv6.c | 3 + net/sctp/sm_statefuns.c | 89 ++++++++++++---------- net/sctp/ulpevent.c | 1 - net/xfrm/xfrm_state.c | 1 + 59 files changed, 380 insertions(+), 585 deletions(-)

7 years, 4 months

5
37
0 0

[PATCH 4.14 00/45] 4.14.42-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.14.42 release. There are 45 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun May 20 08:15:14 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.42-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.14.42-rc1 Willy Tarreau <w(a)1wt.eu> proc: do not access cmdline nor environ from file-backed areas James Chapman <jchapman(a)katalix.com> l2tp: revert "l2tp: fix missing print session offset info" Antony Antony <antony(a)phenome.org> xfrm: fix xfrm_do_migrate() with AEAD e.g(AES-GCM) ethanwu <ethanwu(a)synology.com> btrfs: Take trans lock before access running trans in check_delayed_ref Herbert Xu <herbert(a)gondor.apana.org.au> xfrm: Use __skb_queue_tail in xfrm_trans_queue Dave Carroll <david.carroll(a)microsemi.com> scsi: aacraid: Correct hba_send to include iu_type Paolo Abeni <pabeni(a)redhat.com> udp: fix SO_BINDTODEVICE Eric Dumazet <edumazet(a)google.com> nsh: fix infinite loop Jianbo Liu <jianbol(a)mellanox.com> net/mlx5e: Allow offloading ipv4 header re-write for icmp Eric Dumazet <edumazet(a)google.com> ipv6: fix uninit-value in ip6_multipath_l3_keys() Stephen Hemminger <stephen(a)networkplumber.org> hv_netvsc: set master device Talat Batheesh <talatb(a)mellanox.com> net/mlx5: Avoid cleaning flow steering table twice during error flow Tariq Toukan <tariqt(a)mellanox.com> net/mlx5e: TX, Use correct counter in dma_map error flow Jiri Pirko <jiri(a)mellanox.com> net: sched: fix error path in tcf_proto_create() when modules are not configured Debabrata Banerjee <dbanerje(a)akamai.com> bonding: send learning packets for vlans on slave Debabrata Banerjee <dbanerje(a)akamai.com> bonding: do not allow rlb updates to invalid mac Michael Chan <michael.chan(a)broadcom.com> tg3: Fix vunmap() BUG_ON() triggered from tg3_free_consistent(). Yuchung Cheng <ycheng(a)google.com> tcp: ignore Fast Open on repair mode Neal Cardwell <ncardwell(a)google.com> tcp_bbr: fix to zero idle_restart only upon S/ACKed data Xin Long <lucien.xin(a)gmail.com> sctp: use the old asoc when making the cookie-ack chunk in dupcook_d Xin Long <lucien.xin(a)gmail.com> sctp: remove sctp_chunk_put from fail_mark err path in sctp_ulpevent_make_rcvmsg Xin Long <lucien.xin(a)gmail.com> sctp: handle two v4 addrs comparison in sctp_inet6_cmp_addr Xin Long <lucien.xin(a)gmail.com> sctp: fix the issue that the cookie-ack with auth can't get processed Xin Long <lucien.xin(a)gmail.com> sctp: delay the authentication for the duplicated cookie-echo chunk Eric Dumazet <edumazet(a)google.com> rds: do not leak kernel memory to user land Heiner Kallweit <hkallweit1(a)gmail.com> r8169: fix powering up RTL8168h Bjørn Mork <bjorn(a)mork.no> qmi_wwan: do not steal interfaces from class drivers Stefano Brivio <sbrivio(a)redhat.com> openvswitch: Don't swap table in nlattr_set() after OVS_ATTR_NESTED is found Andre Tomt <andre(a)tomt.net> net/tls: Fix connection stall on partial tls record Dave Watson <davejwatson(a)fb.com> net/tls: Don't recursively call push_record during tls_write_space callbacks Lance Richardson <lance.richardson.net(a)gmail.com> net: support compat 64-bit time in {s,g}etsockopt Eric Dumazet <edumazet(a)google.com> net_sched: fq: take care of throttled flows before reuse Roman Mashak <mrv(a)mojatatu.com> net sched actions: fix refcnt leak in skbmod Adi Nissim <adin(a)mellanox.com> net/mlx5: E-Switch, Include VF RDMA stats in vport statistics Roi Dayan <roid(a)mellanox.com> net/mlx5e: Err if asked to offload TC match on frag being first Moshe Shemesh <moshe(a)mellanox.com> net/mlx4_en: Verify coalescing parameters are in range Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> net/mlx4_en: Fix an error handling path in 'mlx4_en_init_netdev()' Grygorii Strashko <grygorii.strashko(a)ti.com> net: ethernet: ti: cpsw: fix packet leaking in dual_mac mode Rob Taglang <rob(a)taglang.io> net: ethernet: sun: niu set correct packet size in skb Eric Dumazet <edumazet(a)google.com> llc: better deal with too small mtu Andrey Ignatov <rdna(a)fb.com> ipv4: fix memory leaks in udp_sendmsg, ping_v4_sendmsg Julian Anastasov <ja(a)ssi.bg> ipv4: fix fnhe usage by non-cached routes Eric Dumazet <edumazet(a)google.com> dccp: fix tasklet usage Hangbin Liu <liuhangbin(a)gmail.com> bridge: check iface upper dev when setting master via ioctl Ingo Molnar <mingo(a)elte.hu> 8139too: Use disable_irq_nosync() in rtl8139_poll_controller() ------------- Diffstat: Makefile | 4 +- drivers/net/bonding/bond_alb.c | 15 +-- drivers/net/bonding/bond_main.c | 2 + drivers/net/ethernet/broadcom/tg3.c | 9 +- drivers/net/ethernet/mellanox/mlx4/en_ethtool.c | 16 +++ drivers/net/ethernet/mellanox/mlx4/en_netdev.c | 8 +- drivers/net/ethernet/mellanox/mlx4/mlx4_en.h | 7 +- drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 7 +- drivers/net/ethernet/mellanox/mlx5/core/en_tx.c | 20 ++-- drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 11 +- drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 23 +++-- drivers/net/ethernet/realtek/8139too.c | 2 +- drivers/net/ethernet/realtek/r8169.c | 3 + drivers/net/ethernet/sun/niu.c | 5 +- drivers/net/ethernet/ti/cpsw.c | 2 + drivers/net/hyperv/netvsc_drv.c | 3 +- drivers/net/usb/qmi_wwan.c | 12 +++ drivers/scsi/aacraid/commsup.c | 8 +- fs/btrfs/extent-tree.c | 7 ++ fs/proc/base.c | 8 +- include/linux/mm.h | 1 + include/net/bonding.h | 1 + include/net/tls.h | 1 + mm/gup.c | 3 + net/bridge/br_if.c | 4 +- net/compat.c | 6 +- net/dccp/ccids/ccid2.c | 14 ++- net/dccp/timer.c | 2 +- net/ipv4/ping.c | 7 +- net/ipv4/route.c | 118 ++++++++++------------ net/ipv4/tcp.c | 3 +- net/ipv4/tcp_bbr.c | 4 +- net/ipv4/udp.c | 11 +- net/ipv6/route.c | 7 +- net/ipv6/udp.c | 4 +- net/l2tp/l2tp_netlink.c | 2 - net/llc/af_llc.c | 3 + net/nsh/nsh.c | 2 + net/openvswitch/flow_netlink.c | 9 +- net/rds/recv.c | 1 + net/sched/act_skbmod.c | 5 +- net/sched/cls_api.c | 2 +- net/sched/sch_fq.c | 37 ++++--- net/sctp/associola.c | 30 +++++- net/sctp/inqueue.c | 2 +- net/sctp/ipv6.c | 3 + net/sctp/sm_statefuns.c | 88 ++++++++-------- net/sctp/ulpevent.c | 1 - net/tls/tls_main.c | 8 ++ net/xfrm/xfrm_input.c | 2 +- net/xfrm/xfrm_state.c | 1 + 51 files changed, 349 insertions(+), 205 deletions(-)

7 years, 4 months

4
47
0 0

[PATCH] drm/psr: Fix missed entry in PSR setup time table.

by Dhinakaran Pandiyan

Entry corresponding to 220 us setup time was missing. I am not aware of any specific bug this fixes, but this could potentially result in enabling PSR on a panel with a higher setup time requirement than supported by the hardware. I verified the value is present in eDP spec versions 1.3, 1.4 and 1.4a. Fixes: 6608804b3d7f ("drm/dp: Add drm_dp_psr_setup_time()") Cc: stable(a)vger.kernel.org Cc: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Cc: Jose Roberto de Souza <jose.souza(a)intel.com> Signed-off-by: Dhinakaran Pandiyan <dhinakaran.pandiyan(a)intel.com> --- drivers/gpu/drm/drm_dp_helper.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/gpu/drm/drm_dp_helper.c b/drivers/gpu/drm/drm_dp_helper.c index 36c7609a4bd5..a7ba602a43a8 100644 --- a/drivers/gpu/drm/drm_dp_helper.c +++ b/drivers/gpu/drm/drm_dp_helper.c @@ -1159,6 +1159,7 @@ int drm_dp_psr_setup_time(const u8 psr_cap[EDP_PSR_RECEIVER_CAP_SIZE]) static const u16 psr_setup_time_us[] = { PSR_SETUP_TIME(330), PSR_SETUP_TIME(275), + PSR_SETUP_TIME(220), PSR_SETUP_TIME(165), PSR_SETUP_TIME(110), PSR_SETUP_TIME(55), -- 2.14.1

7 years, 4 months

3
3
0 0

[PATCH] scsi: sg: allocate with __GFP_ZERO in sg_build_indirect()

by Alexander Potapenko

This shall help avoid copying uninitialized memory to the userspace when calling ioctl(fd, SG_IO) with an empty command. Reported-by: syzbot+7d26fc1eea198488deab(a)syzkaller.appspotmail.com Cc: stable(a)vger.kernel.org Signed-off-by: Alexander Potapenko <glider(a)google.com> Acked-by: Douglas Gilbert <dgilbert(a)interlog.com> Reviewed-by: Johannes Thumshirn <jthumshirn(a)suse.de> --- drivers/scsi/sg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c index c198b96368dd..5c40d809830f 100644 --- a/drivers/scsi/sg.c +++ b/drivers/scsi/sg.c @@ -1894,7 +1894,7 @@ sg_build_indirect(Sg_scatter_hold * schp, Sg_fd * sfp, int buff_size) num = (rem_sz > scatter_elem_sz_prev) ? scatter_elem_sz_prev : rem_sz; - schp->pages[k] = alloc_pages(gfp_mask, order); + schp->pages[k] = alloc_pages(gfp_mask | __GFP_ZERO, order); if (!schp->pages[k]) goto out; -- 2.17.0.441.gb46fe60e1d-goog

7 years, 4 months

3
2
0 0

[PATCH] PM/ runtime: fix resume from suspend on newer hp zbook/elitebook

by Thomas Martitz

In 08810a4119aaebf6318f209ec5dd9828e969cba4 setting dev->power.direct_complete was made conditional on pm_runtime_suspended(). The justification was: While at it, make the core check pm_runtime_suspended() when setting power.direct_complete so that it doesn't need to be checked by ->prepare callbacks. However, this breaks resuming from suspend on those newer HP laptops if the amdgpu driver is used (due to hybrid intel+radeon graphics). Given the justification for the change, undoing it seems best as it appears to have unintended side effects. Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=199693 References: https://bugs.freedesktop.org/show_bug.cgi?id=106447 Signed-off-by: Thomas Martitz <kugel(a)rockbox.org> Cc: Pavel Machek <pavel(a)ucw.cz> Cc: Len Brown <len.brown(a)intel.com> Cc: <linux-pm(a)vger.kernel.org> Cc: <stable(a)vger.kernel.org> [4.15+] Signed-off-by: Thomas Martitz <kugel(a)rockbox.org> --- drivers/base/power/main.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/base/power/main.c b/drivers/base/power/main.c index 02a497e7c785..b2fb0974f832 100644 --- a/drivers/base/power/main.c +++ b/drivers/base/power/main.c @@ -1960,8 +1960,7 @@ static int device_prepare(struct device *dev, pm_message_t state) */ spin_lock_irq(&dev->power.lock); dev->power.direct_complete = state.event == PM_EVENT_SUSPEND && - pm_runtime_suspended(dev) && ret > 0 && - !dev_pm_test_driver_flags(dev, DPM_FLAG_NEVER_SKIP); + ret > 0 && !dev_pm_test_driver_flags(dev, DPM_FLAG_NEVER_SKIP); spin_unlock_irq(&dev->power.lock); return 0; } -- 2.17.0

7 years, 4 months

2
3
0 0

reverting "l2tp: fix missing print session offset info"

by Guillaume Nault

Hi, Commit 820da5357572 ("l2tp: fix missing print session offset info") has been backported to several -stable trees (AFAICS 3.18, 4.4, 4.9, 4.14 and 4.15). This patch has been reverted upstream as the L2TP offset option was dropped. Therefore it doesn't make sense to start exporting this data in stable releases. Can you guys revert the corresponding commits from your trees, or queue up de3b58bc359a ("l2tp: revert "l2tp: fix missing print session offset info"")? If some of you have 820da5357572 queued up for other trees, then please drop it. Guillaume

7 years, 4 months

2
2
0 0

[PATCH] spi: spi-s3c64xx: Fix system resume support

by Marek Szyprowski

Since Linux v4.10 release (commit 1d9174fbc55e "PM / Runtime: Defer resuming of the device in pm_runtime_force_resume()"), pm_runtime_force_resume() function doesn't runtime resume device if it was not runtime active before system suspend. Thus, driver should not do any register access after pm_runtime_force_resume() without checking the runtime status of the device. To fix this issue, simply move s3c64xx_spi_hwinit() call to s3c64xx_spi_runtime_resume() to ensure that hardware is always properly initialized. This fixes Synchronous external abort issue on system suspend/resume cycle on newer Exynos SoCs. Signed-off-by: Marek Szyprowski <m.szyprowski(a)samsung.com> CC: <stable(a)vger.kernel.org> # 4.10.x: 1c75862d8e5a spi: spi-s3c64xx: Remove unused s3c64xx_spi_hwinit() CC: <stable(a)vger.kernel.org> # 4.10.x Reviewed-by: Krzysztof Kozlowski <krzk(a)kernel.org> Acked-by: Andi Shyti <andi(a)etezian.org> --- Resend reason: added cc: stable, reviewed and acked tags --- drivers/spi/spi-s3c64xx.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/spi/spi-s3c64xx.c b/drivers/spi/spi-s3c64xx.c index f55dc78957ad..7b7151ec14c8 100644 --- a/drivers/spi/spi-s3c64xx.c +++ b/drivers/spi/spi-s3c64xx.c @@ -1292,8 +1292,6 @@ static int s3c64xx_spi_resume(struct device *dev) if (ret < 0) return ret; - s3c64xx_spi_hwinit(sdd); - return spi_master_resume(master); } #endif /* CONFIG_PM_SLEEP */ @@ -1331,6 +1329,8 @@ static int s3c64xx_spi_runtime_resume(struct device *dev) if (ret != 0) goto err_disable_src_clk; + s3c64xx_spi_hwinit(sdd); + return 0; err_disable_src_clk: -- 2.17.0

7 years, 4 months

3
3
0 0

[PATCH ghak82] audit: Fix extended comparison of GID/EGID

by Ondrej Mosnacek

The audit_filter_rules() function in auditsc.c used the in_[e]group_p() functions to check GID/EGID match, but these functions use the current task's credentials, while the comparison should use the credentials of the task given to audit_filter_rules() as a parameter (tsk). Note that we can use group_search(cred->group_info, ...) as a replacement for both in_group_p and in_egroup_p as these functions only compare the parameter to cred->fsgid/egid and then call group_search. In fact, the usage of in_group_p was incorrect also because it compared to cred->fsgid and not cred->gid. GitHub issue: https://github.com/linux-audit/audit-kernel/issues/82 Fixes: 37eebe39c973 ("audit: improve GID/EGID comparation logic") Cc: stable(a)vger.kernel.org Signed-off-by: Ondrej Mosnacek <omosnace(a)redhat.com> --- kernel/auditsc.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index cbab0da86d15..ec38e4d97c23 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -490,20 +490,20 @@ static int audit_filter_rules(struct task_struct *tsk, result = audit_gid_comparator(cred->gid, f->op, f->gid); if (f->op == Audit_equal) { if (!result) - result = in_group_p(f->gid); + result = groups_search(cred->group_info, f->gid); } else if (f->op == Audit_not_equal) { if (result) - result = !in_group_p(f->gid); + result = !groups_search(cred->group_info, f->gid); } break; case AUDIT_EGID: result = audit_gid_comparator(cred->egid, f->op, f->gid); if (f->op == Audit_equal) { if (!result) - result = in_egroup_p(f->gid); + result = groups_search(cred->group_info, f->gid); } else if (f->op == Audit_not_equal) { if (result) - result = !in_egroup_p(f->gid); + result = !groups_search(cred->group_info, f->gid); } break; case AUDIT_SGID: -- 2.17.0

7 years, 4 months

2
2
0 0

[PATCH v2] mtd: rawnand: Do not check FAIL bit when executing a SET_FEATURES op

by Boris Brezillon

The ONFI spec clearly says that FAIL bit is only valid for PROGRAM, ERASE and READ-with-on-die-ECC operations, and should be ignored otherwise. It seems that checking it after sending a SET_FEATURES is a bad idea because a previous READ, PROGRAM or ERASE op may have failed, and depending on the implementation, the FAIL bit is not cleared until a new READ, PROGRAM or ERASE is started. This leads to ->set_features() returning -EIO while it actually worked, which can sometimes stop a batch of READ/PROGRAM ops. Note that we only fix the ->exec_op() path here, because some drivers are abusing the NAND_STATUS_FAIL flag in their ->waitfunc() implementation to propagate other kind of errors, like wait-ready-timeout or controller-related errors. Let's not try to fix those drivers since they worked fine so far. Fixes: 8878b126df76 ("mtd: nand: add ->exec_op() implementation") Cc: stable(a)vger.kernel.org Signed-off-by: Boris Brezillon <boris.brezillon(a)bootlin.com> --- This patch is fixing a problem we had with on-die ECC on Micron NANDs [1]. On these chips, when you have an ECC failure, the FAIL bit is set and it's not cleared until the next READ operation, which led the following SET_FEATURES (used to re-enable on-die ECC) to fail with -EIO and stopped the batch of page reads started by UBIFS, which in turn led to unmountable FS. [1]http://patchwork.ozlabs.org/patch/907874/ Changes in v2: - Fix the subject prefix --- drivers/mtd/nand/raw/nand_base.c | 27 +++++++++------------------ 1 file changed, 9 insertions(+), 18 deletions(-) diff --git a/drivers/mtd/nand/raw/nand_base.c b/drivers/mtd/nand/raw/nand_base.c index f28c3a555861..ee29f34562ab 100644 --- a/drivers/mtd/nand/raw/nand_base.c +++ b/drivers/mtd/nand/raw/nand_base.c @@ -2174,7 +2174,6 @@ static int nand_set_features_op(struct nand_chip *chip, u8 feature, struct mtd_info *mtd = nand_to_mtd(chip); const u8 *params = data; int i, ret; - u8 status; if (chip->exec_op) { const struct nand_sdr_timings *sdr = @@ -2188,26 +2187,18 @@ static int nand_set_features_op(struct nand_chip *chip, u8 feature, }; struct nand_operation op = NAND_OPERATION(instrs); - ret = nand_exec_op(chip, &op); - if (ret) - return ret; - - ret = nand_status_op(chip, &status); - if (ret) - return ret; - } else { - chip->cmdfunc(mtd, NAND_CMD_SET_FEATURES, feature, -1); - for (i = 0; i < ONFI_SUBFEATURE_PARAM_LEN; ++i) - chip->write_byte(mtd, params[i]); + return nand_exec_op(chip, &op); + } - ret = chip->waitfunc(mtd, chip); - if (ret < 0) - return ret; + chip->cmdfunc(mtd, NAND_CMD_SET_FEATURES, feature, -1); + for (i = 0; i < ONFI_SUBFEATURE_PARAM_LEN; ++i) + chip->write_byte(mtd, params[i]); - status = ret; - } + ret = chip->waitfunc(mtd, chip); + if (ret < 0) + return ret; - if (status & NAND_STATUS_FAIL) + if (ret & NAND_STATUS_FAIL) return -EIO; return 0; -- 2.14.1

7 years, 4 months

2
2
0 0

[PATCH] ALSA: timer: Fix pause event notification

by Ben Hutchings

Commit f65e0d299807 ("ALSA: timer: Call notifier in the same spinlock") combined the start/continue and stop/pause functions, and in doing so changed the event code for the pause case to SNDRV_TIMER_EVENT_CONTINUE. Change it back to SNDRV_TIMER_EVENT_PAUSE. Fixes: f65e0d299807 ("ALSA: timer: Call notifier in the same spinlock") Signed-off-by: Ben Hutchings <ben.hutchings(a)codethink.co.uk> Cc: stable(a)vger.kernel.org --- sound/core/timer.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sound/core/timer.c b/sound/core/timer.c index dc87728c5b74..0ddcae495838 100644 --- a/sound/core/timer.c +++ b/sound/core/timer.c @@ -592,7 +592,7 @@ static int snd_timer_stop1(struct snd_timer_instance *timeri, bool stop) else timeri->flags |= SNDRV_TIMER_IFLG_PAUSED; snd_timer_notify1(timeri, stop ? SNDRV_TIMER_EVENT_STOP : - SNDRV_TIMER_EVENT_CONTINUE); + SNDRV_TIMER_EVENT_PAUSE); unlock: spin_unlock_irqrestore(&timer->lock, flags); return result; @@ -614,7 +614,7 @@ static int snd_timer_stop_slave(struct snd_timer_instance *timeri, bool stop) list_del_init(&timeri->ack_list); list_del_init(&timeri->active_list); snd_timer_notify1(timeri, stop ? SNDRV_TIMER_EVENT_STOP : - SNDRV_TIMER_EVENT_CONTINUE); + SNDRV_TIMER_EVENT_PAUSE); spin_unlock(&timeri->timer->lock); } spin_unlock_irqrestore(&slave_active_lock, flags); -- 2.11.0

7 years, 4 months

2
1
0 0

[PATCH] cxl: Disable prefault_mode in Radix mode

by Vaibhav Jain

From: Vaibhav Jain <vaibhav(a)linux.ibm.com> On Power-8 the AFU attr prefault_mode tried to improve storage fault performance by prefaulting process segments. However Power-9 radix mode doesn't have Storage-Segments and prefaulting Pages is too fine grained. So this patch updates prefault_mode_store() to not allow any other value apart from CXL_PREFAULT_NONE when radix mode is enabled. Cc: <stable(a)vger.kernel.org> Fixes: f24be42aab37 ("cxl: Add psl9 specific code") Signed-off-by: Vaibhav Jain <vaibhav(a)linux.ibm.com> --- Documentation/ABI/testing/sysfs-class-cxl | 4 +++- drivers/misc/cxl/sysfs.c | 16 ++++++++++++---- 2 files changed, 15 insertions(+), 5 deletions(-) diff --git a/Documentation/ABI/testing/sysfs-class-cxl b/Documentation/ABI/testing/sysfs-class-cxl index 640f65e79ef1..267920a1874b 100644 --- a/Documentation/ABI/testing/sysfs-class-cxl +++ b/Documentation/ABI/testing/sysfs-class-cxl @@ -69,7 +69,9 @@ Date: September 2014 Contact: linuxppc-dev(a)lists.ozlabs.org Description: read/write Set the mode for prefaulting in segments into the segment table - when performing the START_WORK ioctl. Possible values: + when performing the START_WORK ioctl. Only applicable when + running under hashed page table mmu. + Possible values: none: No prefaulting (default) work_element_descriptor: Treat the work element descriptor as an effective address and diff --git a/drivers/misc/cxl/sysfs.c b/drivers/misc/cxl/sysfs.c index 4b5a4c5d3c01..629e2e156412 100644 --- a/drivers/misc/cxl/sysfs.c +++ b/drivers/misc/cxl/sysfs.c @@ -353,12 +353,20 @@ static ssize_t prefault_mode_store(struct device *device, struct cxl_afu *afu = to_cxl_afu(device); enum prefault_modes mode = -1; - if (!strncmp(buf, "work_element_descriptor", 23)) - mode = CXL_PREFAULT_WED; - if (!strncmp(buf, "all", 3)) - mode = CXL_PREFAULT_ALL; if (!strncmp(buf, "none", 4)) mode = CXL_PREFAULT_NONE; + else { + if (!radix_enabled()) { + + /* only allowed when not in radix mode */ + if (!strncmp(buf, "work_element_descriptor", 23)) + mode = CXL_PREFAULT_WED; + if (!strncmp(buf, "all", 3)) + mode = CXL_PREFAULT_ALL; + } else { + dev_err(device, "Cannot prefault with radix enabled\n"); + } + } if (mode == -1) return -EINVAL; -- 2.17.0

7 years, 4 months

1
0
0 0

Backport of pipe.c patch to 4.4.y that fixes LTP fcntl35 test error

by Daniel Sangorrin

Oops sorry, I failed to write the subject. It should been something like the subject of this e-mail. > -----Original Message----- > From: stable-owner(a)vger.kernel.org [mailto:stable-owner@vger.kernel.org] On > Behalf Of Daniel Sangorrin > Sent: Friday, May 18, 2018 9:59 AM > To: stable(a)vger.kernel.org > Cc: mtk.manpages(a)gmail.com; viro(a)zeniv.linux.org.uk > Subject: > > Hello Greg, > > After running LTP with Fuego on the LTS kernel 4.4.y, there were > a few test cases failing that I thought needed some investigation. > > I reviewed the first one (fcntl35 and fcntl35_64) so far. According to the > comments on LTP's fcntl35.c file (by Xiao Yang <yangx.jy(a)cn.fujitsu.com>) > the bug tested by this test case was fixed by: > pipe: cap initial pipe capacity according to pipe-max-size > commit 086e774a57fba4695f14383c0818994c0b31da7c > Author: Michael Kerrisk (man-pages) <mtk.manpages(a)gmail.com> > Date: Tue Oct 11 13:53:43 2016 -0700 > > I backported that patch (see next e-mail), tested again and confirmed that > the patch fixed the bug (or at least the error message in LTP's test). > > Before: > fcntl35.c:98: FAIL: an unprivileged user init the capacity of a pipe to 65536 > unexpectedly, expected 4096 > After: > fcntl35.c:101: PASS: an unprivileged user init the capacity of a pipe to 4096 > successfully > > Thanks, > Daniel Sangorrin >

7 years, 4 months

2
1
0 0

None

by Daniel Sangorrin

Hello Greg, After running LTP with Fuego on the LTS kernel 4.4.y, there were a few test cases failing that I thought needed some investigation. I reviewed the first one (fcntl35 and fcntl35_64) so far. According to the comments on LTP's fcntl35.c file (by Xiao Yang <yangx.jy(a)cn.fujitsu.com>) the bug tested by this test case was fixed by: pipe: cap initial pipe capacity according to pipe-max-size commit 086e774a57fba4695f14383c0818994c0b31da7c Author: Michael Kerrisk (man-pages) <mtk.manpages(a)gmail.com> Date: Tue Oct 11 13:53:43 2016 -0700 I backported that patch (see next e-mail), tested again and confirmed that the patch fixed the bug (or at least the error message in LTP's test). Before: fcntl35.c:98: FAIL: an unprivileged user init the capacity of a pipe to 65536 unexpectedly, expected 4096 After: fcntl35.c:101: PASS: an unprivileged user init the capacity of a pipe to 4096 successfully Thanks, Daniel Sangorrin

7 years, 4 months

1
1
0 0

[PATCH 4.4 000/190] 4.4.128-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.4.128 release. There are 190 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri Apr 13 18:34:54 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.128-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.4.128-rc1 David Ahern <dsahern(a)gmail.com> vrf: Fix use after free and double free in vrf_finish_output Paolo Abeni <pabeni(a)redhat.com> ipv6: the entire IPv6 header chain must fit the first fragment Jeff Barnhill <0xeffeff(a)gmail.com> net/ipv6: Increment OUTxxx counters after netfilter hook Craig Dillabaugh <cdillaba(a)mojatatu.com> net sched actions: fix dumping which requires several messages to user space Heiner Kallweit <hkallweit1(a)gmail.com> r8169: fix setting driver_data after register_netdev Eric Dumazet <edumazet(a)google.com> vti6: better validate user provided tunnel names Eric Dumazet <edumazet(a)google.com> ip6_tunnel: better validate user provided tunnel names Eric Dumazet <edumazet(a)google.com> ip6_gre: better validate user provided tunnel names Eric Dumazet <edumazet(a)google.com> ipv6: sit: better validate user provided tunnel names Eric Dumazet <edumazet(a)google.com> ip_tunnel: better validate user provided tunnel names Eric Dumazet <edumazet(a)google.com> net: fool proof dev_valid_name() Xin Long <lucien.xin(a)gmail.com> bonding: process the err returned by dev_set_allmulti properly in bond_enslave Xin Long <lucien.xin(a)gmail.com> bonding: move dev_mc_sync after master_upper_dev_link in bond_enslave Xin Long <lucien.xin(a)gmail.com> bonding: fix the err path for dev hwaddr sync in bond_enslave Hangbin Liu <liuhangbin(a)gmail.com> vlan: also check phy_driver ts_info for vlan's real device Jason Wang <jasowang(a)redhat.com> vhost: correctly remove wait queue during poll failure Kai-Heng Feng <kai.heng.feng(a)canonical.com> sky2: Increase D3 delay to sky2 stops working after suspend Eric Dumazet <edumazet(a)google.com> sctp: sctp_sockaddr_af must check minimal addr length for AF_INET6 Eric Dumazet <edumazet(a)google.com> sctp: do not leak kernel memory to user space Eric Dumazet <edumazet(a)google.com> pptp: remove a buggy dst release in pptp_connect() Davide Caratti <dcaratti(a)redhat.com> net/sched: fix NULL dereference in the error path of tcf_bpf_init() Alexander Potapenko <glider(a)google.com> netlink: make sure nladdr has correct size in netlink_connect() David Ahern <dsahern(a)gmail.com> net/ipv6: Fix route leaking between VRFs Eric Dumazet <edumazet(a)google.com> net: fix possible out-of-bound read in skb_network_protocol() Miguel Fadon Perlines <mfadon(a)teldat.com> arp: fix arp_filter on l3slave devices Arnd Bergmann <arnd(a)arndb.de> Kbuild: provide a __UNIQUE_ID for clang Mel Gorman <mgorman(a)suse.de> futex: Remove requirement for lock_page() in get_futex_key() Theodore Ts'o <tytso(a)mit.edu> random: use lockless method of accessing and updating f->reg_idx Nathan Chancellor <natechancellor(a)gmail.com> virtio_net: check return value of skb_to_sgvec in one more location Jason A. Donenfeld <Jason(a)zx2c4.com> virtio_net: check return value of skb_to_sgvec always Jason A. Donenfeld <Jason(a)zx2c4.com> rxrpc: check return value of skb_to_sgvec always Jason A. Donenfeld <Jason(a)zx2c4.com> ipsec: check return value of skb_to_sgvec always Jiri Olsa <jolsa(a)kernel.org> perf tools: Fix copyfile_offset update of output offset Arjun Vynipadath <arjun(a)chelsio.com> cxgb4vf: Fix SGE FL buffer initialization logic for 64K pages Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> EDAC, mv64x60: Fix an error handling path Tony Lindgren <tony(a)atomide.com> tty: n_gsm: Allow ADM response in addition to UA for control dlci Ming Lei <ming.lei(a)redhat.com> blk-mq: fix kernel oops in blk_mq_tag_idle() chenxiang <chenxiang66(a)hisilicon.com> scsi: libsas: initialize sas_phy status according to response of DISCOVER Jason Yan <yanaijie(a)huawei.com> scsi: libsas: fix error when getting phy events Jason Yan <yanaijie(a)huawei.com> scsi: libsas: fix memory leak in sas_smp_get_phy_events() Tang Junhui <tang.junhui(a)zte.com.cn> bcache: segregate flash only volume write streams Tang Junhui <tang.junhui(a)zte.com.cn> bcache: stop writeback thread after detaching Roopa Prabhu <roopa(a)cumulusnetworks.com> vxlan: dont migrate permanent fdb entries during learn Stefan Haberland <sth(a)linux.vnet.ibm.com> s390/dasd: fix hanging safe offline Bob Moore <robert.moore(a)intel.com> ACPICA: Disassembler: Abort on an invalid/unknown AML opcode Lv Zheng <lv.zheng(a)intel.com> ACPICA: Events: Add runtime stub support for event APIs Christophe Jaillet <christophe.jaillet(a)wanadoo.fr> cpuidle: dt: Add missing 'of_node_put()' Marcel Holtmann <marcel(a)holtmann.org> Bluetooth: Send HCI Set Event Mask Page 2 command only when needed Lorenzo Bianconi <lorenzo.bianconi83(a)gmail.com> iio: magnetometer: st_magn_spi: fix spi_device_id table Jag Raman <jag.raman(a)oracle.com> sparc64: ldc abort during vds iso boot Xin Long <lucien.xin(a)gmail.com> sctp: fix recursive locking warning in sctp_do_peeloff Mintz, Yuval <Yuval.Mintz(a)cavium.com> bnx2x: Allow vfs to disable txvlan offload Arnd Bergmann <arnd(a)arndb.de> xen: avoid type warning in xchg_xen_ulong Willem de Bruijn <willemb(a)google.com> skbuff: only inherit relevant tx_flags Namhyung Kim <namhyung(a)kernel.org> perf tests: Decompress kernel module before objdump Christian Lamparter <chunkeey(a)googlemail.com> net: emac: fix reset timeout with AR8035 phy James Wang <jnwang(a)suse.com> Fix loop device flush before configure v3 Marcin Nowakowski <marcin.nowakowski(a)imgtec.com> MIPS: kprobes: flush_insn_slot should flush only if probe initialised Marcin Nowakowski <marcin.nowakowski(a)imgtec.com> MIPS: mm: adjust PKMAP location Marcin Nowakowski <marcin.nowakowski(a)imgtec.com> MIPS: mm: fixed mappings: correct initialisation Peter Zijlstra <peterz(a)infradead.org> perf/core: Correct event creation with PERF_FORMAT_GROUP Chris Wilson <chris(a)chris-wilson.co.uk> e1000e: Undo e1000e_pm_freeze if __e1000_shutdown fails Leonard Crestez <leonard.crestez(a)nxp.com> ARM: imx: Add MXC_CPU_IMX6ULL and cpu_is_imx6ull Russell King <rmk+kernel(a)armlinux.org.uk> net: phy: avoid genphy_aneg_done() for PHYs without clause 22 support A Sun <as1033x(a)comcast.net> mceusb: sporadic RX truncation corruption fix Pan Bian <bianpan2016(a)163.com> cx25840: fix unchecked return values Jacob Keller <jacob.e.keller(a)intel.com> e1000e: fix race condition around skb_tstamp_tx() Robert Jarzmik <robert.jarzmik(a)free.fr> tags: honor COMPILED_SOURCE with apart output directory Milian Wolff <milian.wolff(a)kdab.com> perf report: Ensure the perf DSO mapping matches what libdw sees Namhyung Kim <namhyung(a)kernel.org> perf header: Set proper module name when build-id event found Ido Shamay <idos(a)mellanox.com> net/mlx4: Check if Granular QoS per VF has been enabled before updating QP qos_vport Talat Batheesh <talatb(a)mellanox.com> net/mlx4: Fix the check in attaching steering rules Haishuang Yan <yanhaishuang(a)cmss.chinamobile.com> sit: reload iphdr in ipip6_rcv Jason A. Donenfeld <Jason(a)zx2c4.com> skbuff: return -EMSGSIZE in skb_to_sgvec to prevent overflow Dmitry Monakhov <dmonakhov(a)openvz.org> bio-integrity: Do not allocate integrity context for bio w/o data Thomas Bogendoerfer <tsbogend(a)alpha.franken.de> Fix serial console on SNI RM400 machines Ganesh Goudar <ganeshgr(a)chelsio.com> cxgb4: fix incorrect cim_la output for T6 Tomi Valkeinen <tomi.valkeinen(a)ti.com> drm/omap: fix tiled buffer stride calculations Jia-Ju Bai <baijiaju1990(a)163.com> mISDN: Fix a sleep-in-atomic bug Jia-Ju Bai <baijiaju1990(a)163.com> qlcnic: Fix a sleep-in-atomic bug in qlcnic_82xx_hw_write_wx_2M and qlcnic_82xx_hw_read_wx_2M Jiri Olsa <jolsa(a)kernel.org> perf trace: Add mmap alias for s390 Michael Ellerman <mpe(a)ellerman.id.au> powerpc/spufs: Fix coredump of SPU contexts Bryan O'Donoghue <pure.logic(a)nexus-software.ie> clk: Fix __set_clk_rates error print-string Sudeep Holla <sudeep.holla(a)arm.com> clk: scpi: fix return type of __scpi_dvfs_round_rate Roman Pen <roman.penyaev(a)profitbricks.com> KVM: SVM: do not zero out segment attributes if segment is unusable or not present Gustavo A. R. Silva <garsilva(a)embeddedor.com> net: freescale: fix potential null pointer dereference NeilBrown <neilb(a)suse.com> SUNRPC: ensure correct error is reported by xs_tcp_setup_socket() Vaibhav Jain <vaibhav(a)linux.vnet.ibm.com> rtc: interface: Validate alarm-time before handling rollover Vaibhav Jain <vaibhav(a)linux.vnet.ibm.com> rtc: opal: Handle disabled TPO in opal_get_tpo_time() Arjun Vynipadath <arjun(a)chelsio.com> cxgb4: FW upgrade fixes Arnd Bergmann <arnd(a)arndb.de> net/mlx5: avoid build warning for uniprocessor Will Deacon <will.deacon(a)arm.com> arm64: futex: Fix undefined behaviour with FUTEX_OP_OPARG_SHIFT usage Arvind Yadav <arvind.yadav.cs(a)gmail.com> dmaengine: imx-sdma: Handle return value of clk_prepare_enable Ivan Mikhaylov <ivan(a)de.ibm.com> powerpc/[booke|4xx]: Don't clobber TCR[WP] when setting TCR[DIE] Miklos Szeredi <mszeredi(a)redhat.com> ovl: filter trusted xattr for non-admin Firo Yang <firogm(a)gmail.com> hdlcdrv: Fix divide by zero in hdlcdrv_ioctl Colin Ian King <colin.king(a)canonical.com> wl1251: check return from call to wl1251_acx_arp_ip_filter Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> ASoC: Intel: sst: Fix the return value of 'sst_send_byte_stream_mrfld()' Linus Walleij <linus.walleij(a)linaro.org> gpio: label descriptors using the device name Pieter \"PoroCYon\" Sluys <pcy(a)national.shitposting.agency> vfb: fix video mode and line_length being set when loaded Chaitra P B <chaitra.basappa(a)broadcom.com> scsi: mpt3sas: Proper handling of set/clear of "ATA command pending" flag. Rafael David Tinoco <rafael.tinoco(a)canonical.com> scsi: libiscsi: Allow sd_shutdown on bad transport Hans de Goede <hdegoede(a)redhat.com> ASoC: Intel: cht_bsw_rt5645: Analog Mic support Mauro Carvalho Chehab <mchehab(a)s-opensource.com> media: videobuf2-core: don't go out of the buffer range Maciej Purski <m.purski(a)samsung.com> hwmon: (ina2xx) Make calibration register value fixed Sowmini Varadhan <sowmini.varadhan(a)oracle.com> rds; Reset rs->rs_bound_addr in rds_add_bound() failure path Hangbin Liu <liuhangbin(a)gmail.com> l2tp: fix missing print session offset info Masami Hiramatsu <mhiramat(a)kernel.org> perf probe: Add warning message if there is unexpected event name Yi Zeng <yizeng(a)asrmicro.com> thermal: power_allocator: fix one race condition issue for thermal_instances list Rasmus Villemoes <rasmus.villemoes(a)prevas.dk> ARM: dts: ls1021a: add "fsl,ls1021a-esdhc" compatible string to esdhc node linzhang <xiaolou4617(a)gmail.com> net: llc: add lock_sock in llc_ui_bind to avoid a race condition Jan H. Schönherr <jschoenh(a)amazon.de> KVM: nVMX: Fix handling of lmsw instruction Nithin Sujir <nsujir(a)tintri.com> bonding: Don't update slave->link until ready to commit KT Liao <kt.liao(a)emc.com.tw> Input: elan_i2c - clear INT before resetting controller Roman Kapl <roman.kapl(a)sysgo.com> net: move somaxconn init from sysctl code Eric Dumazet <edumazet(a)google.com> tcp: better validation of received ack sequences Eryu Guan <eguan(a)redhat.com> ext4: fix off-by-one on max nr_pages in ext4_find_unwritten_pgoff() Michael Schmitz <schmitzmic(a)gmail.com> fix race in drivers/char/random.c:get_reg() Maurizio Lombardi <mlombard(a)redhat.com> scsi: bnx2fc: fix race condition in bnx2fc_get_host_stats() Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: rsnd: SSI PIO adjust to 24bit mode Dan Carpenter <dan.carpenter(a)oracle.com> pNFS/flexfiles: missing error code in ff_layout_alloc_lseg() Liping Zhang <zlpnobody(a)gmail.com> netfilter: ctnetlink: fix incorrect nf_ct_put during hash resize Dan Carpenter <dan.carpenter(a)oracle.com> libceph: NULL deref on crush_decode() error path Lin Zhang <xiaolou4617(a)gmail.com> net: ieee802154: fix net_device reference release too early Jesper Dangaard Brouer <brouer(a)redhat.com> mlx5: fix bug reading rss_hash_type from CQE Dan Carpenter <dan.carpenter(a)oracle.com> block: fix an error code in add_partition() Stephen Smalley <sds(a)tycho.nsa.gov> selinux: do not check open permission on sockets Tariq Toukan <tariqt(a)mellanox.com> net/mlx5: Tolerate irq_set_affinity_hint() failures Vlastimil Babka <vbabka(a)suse.cz> sched/numa: Use down_read_trylock() for the mmap_sem Tin Huynh <tnhuynh(a)apm.com> leds: pca955x: Correct I2C Functionality Kees Cook <keescook(a)chromium.org> ray_cs: Avoid reading past end of buffer Suman Anna <s-anna(a)ti.com> ARM: davinci: da8xx: Create DSP device only when assigned memory Guoqing Jiang <gqjiang(a)suse.com> md-cluster: fix potential lock issue in add_new_disk Konstantin Khlebnikov <khlebnikov(a)yandex-team.ru> ext4: handle the rest of ext4_mb_load_buddy() ENOMEM errors Nikita Yushchenko <nikita.yoush(a)cogentembedded.com> iio: hi8435: cleanup reset gpio Nikita Yushchenko <nikita.yoush(a)cogentembedded.com> iio: hi8435: avoid garbage event at first enable Antony Antony <antony(a)phenome.org> xfrm: fix state migration copy replay sequence numbers Michael Ellerman <mpe(a)ellerman.id.au> selftests/powerpc: Fix TM resched DSCR test with some compilers Colin Ian King <colin.king(a)canonical.com> ath5k: fix memory leak on buf on failed eeprom read Michael Ellerman <mpe(a)ellerman.id.au> powerpc/mm: Fix virt_addr_valid() etc. on 64-bit hash Varun Prakash <varun(a)chelsio.com> scsi: csiostor: fix use after free in csio_hw_use_fwconfig() Geert Uytterhoeven <geert+renesas(a)glider.be> sh_eth: Use platform device for printing before register_netdev() Geert Uytterhoeven <geert+renesas(a)glider.be> serial: sh-sci: Fix race condition causing garbage during shutdown Vignesh R <vigneshr(a)ti.com> serial: 8250: omap: Disable DMA for console UART Alan Stern <stern(a)rowland.harvard.edu> USB: ene_usb6250: fix SCSI residue overwriting linzhang <xiaolou4617(a)gmail.com> net: x25: fix one potential use-after-free issue Alan Stern <stern(a)rowland.harvard.edu> USB: ene_usb6250: fix first command execution Jisheng Zhang <jszhang(a)marvell.com> usb: chipidea: properly handle host or gadget initialization failure Ihar Hrachyshka <ihrachys(a)redhat.com> arp: honour gratuitous ARP _replies_ Ihar Hrachyshka <ihrachys(a)redhat.com> neighbour: update neigh timestamps iff update is effective Thomas Petazzoni <thomas.petazzoni(a)free-electrons.com> ata: libahci: properly propagate return value of platform_get_irq() Colin Ian King <colin.king(a)canonical.com> btrfs: fix incorrect error return ret being passed to mapping_set_error Pan Bian <bianpan2016(a)163.com> usb: dwc3: keystone: check return value Anup Patel <anup.patel(a)broadcom.com> async_tx: Fix DMA_PREP_FENCE usage in do_async_gen_syndrome() Mahesh Bandewar <maheshb(a)google.com> ipv6: avoid dad-failures for addresses with NODAD Fabio Estevam <fabio.estevam(a)nxp.com> ARM: dts: imx6qdl-wandboard: Fix audio channel swap Peter Zijlstra <peterz(a)infradead.org> x86/tsc: Provide 'tsc=unstable' boot parameter Andrea della Porta <sfaragnaus(a)gmail.com> staging: wlan-ng: prism2mgmt.c: fixed a double endian conversion before calling hfa384x_drvr_setconfig16, also fixes relative sparse warning Fabio Estevam <fabio.estevam(a)nxp.com> ARM: dts: imx53-qsrb: Pulldown PMIC IRQ pin Dan Carpenter <dan.carpenter(a)oracle.com> PowerCap: Fix an error code in powercap_register_zone() Doug Berger <opendmb(a)gmail.com> bus: brcmstb_gisb: correct support for 64-bit address output Doug Berger <opendmb(a)gmail.com> bus: brcmstb_gisb: Use register offsets with writes too Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> SMB2: Fix share type handling Neil Horman <nhorman(a)tuxdriver.com> vmxnet3: ensure that adapter is in proper state during force_close Paul Mackerras <paulus(a)ozlabs.org> KVM: PPC: Book3S PR: Check copy_to/from_user return values KT Liao <kt.liao(a)emc.com.tw> Input: elantech - force relative mode on a certain module Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: elan_i2c - check if device is there before really probing Colin Ian King <colin.king(a)canonical.com> netxen_nic: set rcode to the return status from the call to netxen_issue_cmd Stefan Wahren <stefan.wahren(a)i2se.com> net: qca_spi: Fix alignment issues in rx path Wen Xiong <wenxiong(a)linux.vnet.ibm.com> blk-mq: NVMe 512B/4K+T10 DIF/DIX format returns I/O error on dd with split op Rabin Vincent <rabinv(a)axis.com> CIFS: silence lockdep splat in cifs_relock_file() Trond Myklebust <trond.myklebust(a)primarydata.com> NFSv4.1: Work around a Linux server bug... Talat Batheesh <talatb(a)mellanox.com> net/mlx4_en: Avoid adding steering rules with invalid ring Heiko Carstens <heiko.carstens(a)de.ibm.com> s390: move _text symbol to address higher than zero Kirill Tkhai <ktkhai(a)virtuozzo.com> pidns: disable pid allocation if pid_ns_prepare_proc() is failed in alloc_pid() Dan Carpenter <dan.carpenter(a)oracle.com> drivers/misc/vmw_vmci/vmci_queue_pair.c: fix a couple integer overflow tests J. Bruce Fields <bfields(a)redhat.com> lockd: fix lockd shutdown race Grygorii Strashko <grygorii.strashko(a)ti.com> net: ethernet: ti: cpsw: adjust cpsw fifos depth for fullduplex flow control Jim Baxter <jim_baxter(a)mentor.com> net: cdc_ncm: Fix TX zero padding Dan Carpenter <dan.carpenter(a)oracle.com> ipmi_ssif: unlock on allocation failure Kees Cook <keescook(a)chromium.org> qlge: Avoid reading past end of buffer Kees Cook <keescook(a)chromium.org> bna: Avoid reading past end of buffer Luca Coelho <luciano.coelho(a)intel.com> mac80211: bail out from prep_connection() if a reconfig is ongoing Steffen Klassert <steffen.klassert(a)secunet.com> af_key: Fix slab-out-of-bounds in pfkey_compile_policy. Bart Van Assche <bart.vanassche(a)sandisk.com> IB/srpt: Fix abort handling Trond Myklebust <trond.myklebust(a)primarydata.com> NFSv4.1: RECLAIM_COMPLETE must handle NFS4ERR_CONN_NOT_BOUND_TO_SESSION Josh Poimboeuf <jpoimboe(a)redhat.com> x86/asm: Don't use RBP as a temporary register in csum_partial_copy_generic() Pan Bian <bianpan2016(a)163.com> rtc: snvs: fix an incorrect check of return value Julia Cartwright <julia(a)ni.com> md/raid5: make use of spin_lock_irq over local_irq_disable + spin_lock Johannes Berg <johannes.berg(a)intel.com> cfg80211: make RATE_INFO_BW_20 the default ------------- Diffstat: Makefile | 4 +- arch/arm/boot/dts/imx53-qsrb.dts | 2 +- arch/arm/boot/dts/imx6qdl-wandboard.dtsi | 1 + arch/arm/boot/dts/ls1021a.dtsi | 2 +- arch/arm/include/asm/xen/events.h | 2 +- arch/arm/mach-davinci/devices-da8xx.c | 10 +++ arch/arm/mach-imx/cpu.c | 3 + arch/arm/mach-imx/mxc.h | 6 ++ arch/arm64/include/asm/futex.h | 8 +- arch/mips/include/asm/kprobes.h | 3 +- arch/mips/include/asm/pgtable-32.h | 7 +- arch/mips/mm/pgtable-32.c | 6 +- arch/powerpc/include/asm/page.h | 12 +++ arch/powerpc/kernel/time.c | 14 +++- arch/powerpc/kvm/book3s_pr_papr.c | 34 ++++++-- arch/powerpc/platforms/cell/spufs/coredump.c | 2 + arch/s390/kernel/vmlinux.lds.S | 8 +- arch/sparc/kernel/ldc.c | 7 +- arch/x86/kernel/tsc.c | 2 + arch/x86/kvm/svm.c | 24 +++--- arch/x86/kvm/vmx.c | 7 +- arch/x86/lib/csum-copy_64.S | 12 +-- block/bio-integrity.c | 3 + block/blk-mq.c | 7 +- block/partition-generic.c | 4 +- crypto/async_tx/async_pq.c | 5 +- drivers/acpi/acpica/evxfevnt.c | 18 ++++ drivers/acpi/acpica/psobject.c | 14 ++++ drivers/ata/libahci_platform.c | 5 +- drivers/block/loop.c | 3 + drivers/bus/brcmstb_gisb.c | 42 +++++----- drivers/char/ipmi/ipmi_ssif.c | 2 + drivers/char/random.c | 10 ++- drivers/clk/clk-conf.c | 2 +- drivers/clk/clk-scpi.c | 6 +- drivers/cpuidle/dt_idle_states.c | 4 +- drivers/dma/imx-sdma.c | 23 +++-- drivers/edac/mv64x60_edac.c | 2 +- drivers/gpio/gpiolib.c | 3 +- drivers/gpu/drm/omapdrm/omap_gem.c | 4 +- drivers/hwmon/ina2xx.c | 87 +++++++++++-------- drivers/iio/adc/hi8435.c | 27 ++++-- drivers/iio/magnetometer/st_magn_spi.c | 2 - drivers/infiniband/ulp/srpt/ib_srpt.c | 6 +- drivers/input/mouse/elan_i2c_core.c | 7 ++ drivers/input/mouse/elan_i2c_i2c.c | 9 +- drivers/input/mouse/elantech.c | 11 +++ drivers/isdn/mISDN/stack.c | 2 +- drivers/leds/leds-pca955x.c | 2 +- drivers/md/bcache/alloc.c | 19 +++-- drivers/md/bcache/super.c | 6 ++ drivers/md/md-cluster.c | 4 +- drivers/md/raid5.c | 17 ++-- drivers/media/i2c/cx25840/cx25840-core.c | 36 ++++---- drivers/media/rc/mceusb.c | 9 +- drivers/media/v4l2-core/videobuf2-core.c | 4 + drivers/misc/vmw_vmci/vmci_queue_pair.c | 10 ++- drivers/net/bonding/bond_main.c | 84 ++++++++++--------- drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 19 ++++- drivers/net/ethernet/brocade/bna/bfa_ioc.c | 2 +- drivers/net/ethernet/chelsio/cxgb4/t4_hw.c | 32 ++++++- drivers/net/ethernet/chelsio/cxgb4vf/sge.c | 23 +++-- drivers/net/ethernet/freescale/fsl_pq_mdio.c | 9 +- drivers/net/ethernet/ibm/emac/core.c | 26 +++++- drivers/net/ethernet/intel/e1000e/netdev.c | 17 +++- drivers/net/ethernet/marvell/sky2.c | 2 +- drivers/net/ethernet/mellanox/mlx4/mcg.c | 15 +++- drivers/net/ethernet/mellanox/mlx4/qp.c | 19 +++++ .../net/ethernet/mellanox/mlx4/resource_tracker.c | 16 ++-- drivers/net/ethernet/mellanox/mlx5/core/main.c | 14 +--- .../net/ethernet/qlogic/netxen/netxen_nic_ctx.c | 2 +- drivers/net/ethernet/qlogic/qlcnic/qlcnic_hw.c | 2 +- drivers/net/ethernet/qlogic/qlge/qlge_dbg.c | 4 +- drivers/net/ethernet/qualcomm/qca_spi.c | 10 ++- drivers/net/ethernet/realtek/r8169.c | 4 +- drivers/net/ethernet/renesas/sh_eth.c | 2 +- drivers/net/ethernet/ti/cpsw.c | 16 ++++ drivers/net/hamradio/hdlcdrv.c | 2 + drivers/net/phy/phy.c | 6 ++ drivers/net/ppp/pptp.c | 1 - drivers/net/usb/cdc_ncm.c | 11 ++- drivers/net/virtio_net.c | 16 +++- drivers/net/vmxnet3/vmxnet3_drv.c | 5 ++ drivers/net/vrf.c | 8 +- drivers/net/vxlan.c | 2 +- drivers/net/wireless/ath/ath5k/debug.c | 5 +- drivers/net/wireless/ray_cs.c | 7 +- drivers/net/wireless/ti/wl1251/main.c | 3 +- drivers/powercap/powercap_sys.c | 1 + drivers/rtc/interface.c | 9 +- drivers/rtc/rtc-opal.c | 10 +++ drivers/rtc/rtc-snvs.c | 2 +- drivers/s390/block/dasd.c | 8 +- drivers/scsi/bnx2fc/bnx2fc.h | 1 + drivers/scsi/bnx2fc/bnx2fc_fcoe.c | 10 ++- drivers/scsi/csiostor/csio_hw.c | 5 +- drivers/scsi/libiscsi.c | 24 +++++- drivers/scsi/libsas/sas_expander.c | 4 +- drivers/scsi/mpt3sas/mpt3sas_scsih.c | 28 ++++--- drivers/staging/wlan-ng/prism2mgmt.c | 2 +- drivers/thermal/power_allocator.c | 2 + drivers/tty/n_gsm.c | 17 +++- drivers/tty/serial/8250/8250_omap.c | 4 + drivers/tty/serial/sccnxp.c | 15 ++-- drivers/tty/serial/sh-sci.c | 16 +++- drivers/usb/chipidea/core.c | 29 +++++-- drivers/usb/dwc3/dwc3-keystone.c | 4 + drivers/usb/storage/ene_ub6250.c | 11 ++- drivers/vhost/vhost.c | 3 +- drivers/video/fbdev/vfb.c | 17 ++++ fs/btrfs/extent_io.c | 2 +- fs/cifs/file.c | 2 +- fs/cifs/smb2pdu.c | 14 ++-- fs/ext4/file.c | 2 +- fs/ext4/mballoc.c | 23 +++-- fs/lockd/svc.c | 6 +- fs/nfs/flexfilelayout/flexfilelayout.c | 1 + fs/nfs/nfs4proc.c | 13 ++- fs/nfs/nfs4state.c | 10 ++- fs/overlayfs/inode.c | 12 ++- include/linux/compiler-clang.h | 5 ++ include/linux/mlx4/qp.h | 1 + include/linux/mlx5/device.h | 10 ++- include/linux/skbuff.h | 8 +- include/net/cfg80211.h | 2 +- include/net/x25.h | 4 +- kernel/events/core.c | 15 ++-- kernel/futex.c | 98 ++++++++++++++++++++-- kernel/pid.c | 4 +- kernel/sched/fair.c | 3 +- net/8021q/vlan_dev.c | 6 +- net/bluetooth/hci_core.c | 17 +++- net/ceph/osdmap.c | 1 + net/core/dev.c | 4 +- net/core/neighbour.c | 14 +++- net/core/net_namespace.c | 19 +++++ net/core/skbuff.c | 75 +++++++++++------ net/core/sysctl_net_core.c | 2 - net/ieee802154/socket.c | 8 +- net/ipv4/ah4.c | 8 +- net/ipv4/arp.c | 18 +++- net/ipv4/esp4.c | 13 +-- net/ipv4/ip_tunnel.c | 11 +-- net/ipv4/tcp_input.c | 24 +++--- net/ipv6/addrconf.c | 5 +- net/ipv6/ah6.c | 8 +- net/ipv6/esp6.c | 12 ++- net/ipv6/ip6_gre.c | 8 +- net/ipv6/ip6_output.c | 19 +++-- net/ipv6/ip6_tunnel.c | 11 ++- net/ipv6/ip6_vti.c | 7 +- net/ipv6/route.c | 3 + net/ipv6/sit.c | 9 +- net/key/af_key.c | 2 +- net/l2tp/l2tp_netlink.c | 2 + net/llc/af_llc.c | 3 + net/mac80211/mlme.c | 4 + net/netfilter/nf_conntrack_netlink.c | 7 +- net/netlink/af_netlink.c | 3 + net/rds/bind.c | 1 + net/rxrpc/rxkad.c | 21 +++-- net/sched/act_api.c | 4 +- net/sched/act_bpf.c | 12 ++- net/sctp/ipv6.c | 4 +- net/sctp/socket.c | 17 ++-- net/sunrpc/xprtsock.c | 7 +- net/x25/af_x25.c | 24 ++++-- net/x25/sysctl_net_x25.c | 5 +- net/xfrm/xfrm_state.c | 2 + scripts/tags.sh | 1 + security/selinux/hooks.c | 10 ++- sound/soc/intel/atom/sst/sst_stream.c | 2 +- sound/soc/intel/boards/cht_bsw_rt5645.c | 7 ++ sound/soc/sh/rcar/ssi.c | 11 ++- tools/perf/builtin-trace.c | 4 + tools/perf/tests/code-reading.c | 20 ++++- tools/perf/util/header.c | 12 ++- tools/perf/util/probe-event.c | 8 ++ tools/perf/util/unwind-libdw.c | 8 ++ tools/perf/util/util.c | 2 +- .../testing/selftests/powerpc/tm/tm-resched-dscr.c | 2 +- 181 files changed, 1416 insertions(+), 523 deletions(-)

7 years, 4 months

7
210
0 0

[PATCH] xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent

by Joe Jin

When run raidconfig from Dom0 we found that the Xen DMA heap is reduced, but Dom Heap is increased by the same size. Tracing raidconfig we found that the related ioctl() in megaraid_sas will call dma_alloc_coherent() to apply memory. If the memory allocated by Dom0 is not in the DMA area, it will exchange memory with Xen to meet the requiment. Later drivers call dma_free_coherent() to free the memory, on xen_swiotlb_free_coherent() the check condition (dev_addr + size - 1 <= dma_mask) is always false, it prevents calling xen_destroy_contiguous_region() to return the memory to the Xen DMA heap. This issue introduced by commit 6810df88dcfc2 "xen-swiotlb: When doing coherent alloc/dealloc check before swizzling the MFNs.". Signed-off-by: Joe Jin <joe.jin(a)oracle.com> Tested-by: John Sobecki <john.sobecki(a)oracle.com> Reviewed-by: Rzeszutek Wilk <konrad.wilk(a)oracle.com> Cc: stable(a)vger.kernel.org --- drivers/xen/swiotlb-xen.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/xen/swiotlb-xen.c b/drivers/xen/swiotlb-xen.c index e1c60899fdbc..a6f9ba85dc4b 100644 --- a/drivers/xen/swiotlb-xen.c +++ b/drivers/xen/swiotlb-xen.c @@ -351,7 +351,7 @@ xen_swiotlb_free_coherent(struct device *hwdev, size_t size, void *vaddr, * physical address */ phys = xen_bus_to_phys(dev_addr); - if (((dev_addr + size - 1 > dma_mask)) || + if (((dev_addr + size - 1 <= dma_mask)) || range_straddles_page_boundary(phys, size)) xen_destroy_contiguous_region(phys, order); -- 2.14.3 (Apple Git-98)

7 years, 4 months

1
0
0 0

[PATCH UPSTREAM] xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent

by Joe Jin

When run raidconfig from Dom0 we found that the Xen DMA heap is reduced, but Dom Heap is increased by the same size. Tracing raidconfig we found that the related ioctl() in megaraid_sas will call dma_alloc_coherent() to apply memory. If the memory allocated by Dom0 is not in the DMA area, it will exchange memory with Xen to meet the requiment. Later drivers call dma_free_coherent() to free the memory, on xen_swiotlb_free_coherent() the check condition (dev_addr + size - 1 <= dma_mask) is always false, it prevents calling xen_destroy_contiguous_region() to return the memory to the Xen DMA heap. This issue introduced by commit 6810df88dcfc2 "xen-swiotlb: When doing coherent alloc/dealloc check before swizzling the MFNs.". Signed-off-by: Joe Jin <joe.jin(a)oracle.com> Tested-by: John Sobecki <john.sobecki(a)oracle.com> Reviewed-by: Rzeszutek Wilk <konrad.wilk(a)oracle.com> Cc: stable(a)vger.kernel.org --- drivers/xen/swiotlb-xen.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/xen/swiotlb-xen.c b/drivers/xen/swiotlb-xen.c index e1c60899fdbc..a6f9ba85dc4b 100644 --- a/drivers/xen/swiotlb-xen.c +++ b/drivers/xen/swiotlb-xen.c @@ -351,7 +351,7 @@ xen_swiotlb_free_coherent(struct device *hwdev, size_t size, void *vaddr, * physical address */ phys = xen_bus_to_phys(dev_addr); - if (((dev_addr + size - 1 > dma_mask)) || + if (((dev_addr + size - 1 <= dma_mask)) || range_straddles_page_boundary(phys, size)) xen_destroy_contiguous_region(phys, order); -- 2.14.3 (Apple Git-98)

7 years, 4 months

2
2
0 0

Build failure in v4.4.y.queue

by Guenter Roeck

v4.4.y: drivers/net/ethernet/ti/cpsw.c: In function 'cpsw_add_dual_emac_def_ale_entries': drivers/net/ethernet/ti/cpsw.c:1112:23: error: 'cpsw' undeclared Guenter

7 years, 4 months

2
1
0 0

Re: [PATCH 2/2] nbd: don't start req until after the dead connection logic

by Bart Van Assche

On Thu, 2017-10-19 at 16:21 -0400, Josef Bacik wrote: > + blk_mq_start_request(req); > if (unlikely(nsock->pending && nsock->pending != req)) { > blk_mq_requeue_request(req, true); > ret = 0; (replying to an e-mail from seven months ago) Hello Josef, Are you aware that the nbd driver is one of the very few block drivers that calls blk_mq_requeue_request() after a request has been started? I think that can lead to the block layer core to undesired behavior, e.g. that the timeout handler fires concurrently with a request being reinstered. Can you or a colleague have a look at this? I would like to add the following code to the block layer core and I think that the nbd driver would trigger this warning: void blk_mq_requeue_request(struct request *rq, bool kick_requeue_list) { + WARN_ON_ONCE(old_state != MQ_RQ_COMPLETE); + __blk_mq_requeue_request(rq); Thanks, Bart.

7 years, 4 months

2
2
0 0

[PATCH 07/25] zfcp: fix missing REC trigger trace on enqueue without ERP thread

by Steffen Maier

Example trace record formatted with zfcpdbf from s390-tools: Timestamp : ... Area : REC Subarea : 00 Level : 1 Exception : - CPU ID : .. Caller : 0x... Record ID : 1 ZFCP_DBF_REC_TRIG Tag : ....... LUN : 0x... WWPN : 0x... D_ID : 0x... Adapter status : 0x... Port status : 0x... LUN status : 0x... Ready count : 0x... Running count : 0x... ERP want : 0x0. ZFCP_ERP_ACTION_REOPEN_... ERP need : 0xc0 ZFCP_ERP_ACTION_NONE Signed-off-by: Steffen Maier <maier(a)linux.ibm.com> Cc: <stable(a)vger.kernel.org> #2.6.38+ Reviewed-by: Benjamin Block <bblock(a)linux.ibm.com> --- drivers/s390/scsi/zfcp_erp.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/drivers/s390/scsi/zfcp_erp.c b/drivers/s390/scsi/zfcp_erp.c index 20fe59300d0e..69dfb328dba4 100644 --- a/drivers/s390/scsi/zfcp_erp.c +++ b/drivers/s390/scsi/zfcp_erp.c @@ -315,8 +315,11 @@ static int zfcp_erp_action_enqueue(int want, struct zfcp_adapter *adapter, goto out; } - if (!adapter->erp_thread) - return -EIO; + if (!adapter->erp_thread) { + need = ZFCP_ERP_ACTION_NONE; /* marker for trace */ + retval = -EIO; + goto out; + } need = zfcp_erp_required_act(want, adapter, port, sdev); if (!need) -- 2.16.3

7 years, 4 months

1
0
0 0

[PATCH 06/25] zfcp: fix missing REC trigger trace for all objects in ERP_FAILED

by Steffen Maier

That other commit introduced an inconsistency because it would trace on ERP_FAILED for all callers of port forced reopen triggers (not just terminate_rport_io), but it would not trace on ERP_FAILED for all callers of other ERP triggers such as adapter, port regular, LUN. Therefore, generalize that other commit. zfcp_erp_action_enqueue() already had two early outs which re-used the one zfcp_dbf_rec_trig() call. All ERP trigger functions finally run through zfcp_erp_action_enqueue(). So move the special handling for ZFCP_STATUS_COMMON_ERP_FAILED into zfcp_erp_action_enqueue() and add another early out with new trace marker for pseudo ERP need in this case. This removes all early returns from all ERP trigger functions so we always end up at zfcp_dbf_rec_trig(). Example trace record formatted with zfcpdbf from s390-tools: Timestamp : ... Area : REC Subarea : 00 Level : 1 Exception : - CPU ID : .. Caller : 0x... Record ID : 1 ZFCP_DBF_REC_TRIG Tag : ....... LUN : 0x... WWPN : 0x... D_ID : 0x... Adapter status : 0x... Port status : 0x... LUN status : 0x... Ready count : 0x... Running count : 0x... ERP want : 0x0. ZFCP_ERP_ACTION_REOPEN_... ERP need : 0xe0 ZFCP_ERP_ACTION_FAILED Signed-off-by: Steffen Maier <maier(a)linux.ibm.com> Cc: <stable(a)vger.kernel.org> #2.6.38+ Reviewed-by: Benjamin Block <bblock(a)linux.ibm.com> --- drivers/s390/scsi/zfcp_erp.c | 79 ++++++++++++++++++++++++++++---------------- 1 file changed, 51 insertions(+), 28 deletions(-) diff --git a/drivers/s390/scsi/zfcp_erp.c b/drivers/s390/scsi/zfcp_erp.c index 5c368cdfc455..20fe59300d0e 100644 --- a/drivers/s390/scsi/zfcp_erp.c +++ b/drivers/s390/scsi/zfcp_erp.c @@ -143,6 +143,49 @@ static void zfcp_erp_action_dismiss_adapter(struct zfcp_adapter *adapter) } } +static int zfcp_erp_handle_failed(int want, struct zfcp_adapter *adapter, + struct zfcp_port *port, + struct scsi_device *sdev) +{ + int need = want; + struct zfcp_scsi_dev *zsdev; + + switch (want) { + case ZFCP_ERP_ACTION_REOPEN_LUN: + zsdev = sdev_to_zfcp(sdev); + if (atomic_read(&zsdev->status) & ZFCP_STATUS_COMMON_ERP_FAILED) + need = 0; + break; + case ZFCP_ERP_ACTION_REOPEN_PORT_FORCED: + if (atomic_read(&port->status) & ZFCP_STATUS_COMMON_ERP_FAILED) + need = 0; + break; + case ZFCP_ERP_ACTION_REOPEN_PORT: + if (atomic_read(&port->status) & + ZFCP_STATUS_COMMON_ERP_FAILED) { + need = 0; + /* ensure propagation of failed status to new devices */ + zfcp_erp_set_port_status( + port, ZFCP_STATUS_COMMON_ERP_FAILED); + } + break; + case ZFCP_ERP_ACTION_REOPEN_ADAPTER: + if (atomic_read(&adapter->status) & + ZFCP_STATUS_COMMON_ERP_FAILED) { + need = 0; + /* ensure propagation of failed status to new devices */ + zfcp_erp_set_adapter_status( + adapter, ZFCP_STATUS_COMMON_ERP_FAILED); + } + break; + default: + need = 0; + break; + } + + return need; +} + static int zfcp_erp_required_act(int want, struct zfcp_adapter *adapter, struct zfcp_port *port, struct scsi_device *sdev) @@ -266,6 +309,12 @@ static int zfcp_erp_action_enqueue(int want, struct zfcp_adapter *adapter, int retval = 1, need; struct zfcp_erp_action *act; + need = zfcp_erp_handle_failed(want, adapter, port, sdev); + if (!need) { + need = ZFCP_ERP_ACTION_FAILED; /* marker for trace */ + goto out; + } + if (!adapter->erp_thread) return -EIO; @@ -314,12 +363,6 @@ static int _zfcp_erp_adapter_reopen(struct zfcp_adapter *adapter, zfcp_erp_adapter_block(adapter, clear_mask); zfcp_scsi_schedule_rports_block(adapter); - /* ensure propagation of failed status to new devices */ - if (atomic_read(&adapter->status) & ZFCP_STATUS_COMMON_ERP_FAILED) { - zfcp_erp_set_adapter_status(adapter, - ZFCP_STATUS_COMMON_ERP_FAILED); - return -EIO; - } return zfcp_erp_action_enqueue(ZFCP_ERP_ACTION_REOPEN_ADAPTER, adapter, NULL, NULL, id, 0); } @@ -338,12 +381,8 @@ void zfcp_erp_adapter_reopen(struct zfcp_adapter *adapter, int clear, char *id) zfcp_scsi_schedule_rports_block(adapter); write_lock_irqsave(&adapter->erp_lock, flags); - if (atomic_read(&adapter->status) & ZFCP_STATUS_COMMON_ERP_FAILED) - zfcp_erp_set_adapter_status(adapter, - ZFCP_STATUS_COMMON_ERP_FAILED); - else - zfcp_erp_action_enqueue(ZFCP_ERP_ACTION_REOPEN_ADAPTER, adapter, - NULL, NULL, id, 0); + zfcp_erp_action_enqueue(ZFCP_ERP_ACTION_REOPEN_ADAPTER, adapter, + NULL, NULL, id, 0); write_unlock_irqrestore(&adapter->erp_lock, flags); } @@ -384,13 +423,6 @@ static void _zfcp_erp_port_forced_reopen(struct zfcp_port *port, int clear, zfcp_erp_port_block(port, clear); zfcp_scsi_schedule_rport_block(port); - if (atomic_read(&port->status) & ZFCP_STATUS_COMMON_ERP_FAILED) { - zfcp_dbf_rec_trig(id, port->adapter, port, NULL, - ZFCP_ERP_ACTION_REOPEN_PORT_FORCED, - ZFCP_ERP_ACTION_FAILED); - return; - } - zfcp_erp_action_enqueue(ZFCP_ERP_ACTION_REOPEN_PORT_FORCED, port->adapter, port, NULL, id, 0); } @@ -416,12 +448,6 @@ static int _zfcp_erp_port_reopen(struct zfcp_port *port, int clear, char *id) zfcp_erp_port_block(port, clear); zfcp_scsi_schedule_rport_block(port); - if (atomic_read(&port->status) & ZFCP_STATUS_COMMON_ERP_FAILED) { - /* ensure propagation of failed status to new devices */ - zfcp_erp_set_port_status(port, ZFCP_STATUS_COMMON_ERP_FAILED); - return -EIO; - } - return zfcp_erp_action_enqueue(ZFCP_ERP_ACTION_REOPEN_PORT, port->adapter, port, NULL, id, 0); } @@ -461,9 +487,6 @@ static void _zfcp_erp_lun_reopen(struct scsi_device *sdev, int clear, char *id, zfcp_erp_lun_block(sdev, clear); - if (atomic_read(&zfcp_sdev->status) & ZFCP_STATUS_COMMON_ERP_FAILED) - return; - zfcp_erp_action_enqueue(ZFCP_ERP_ACTION_REOPEN_LUN, adapter, zfcp_sdev->port, sdev, id, act_status); } -- 2.16.3

7 years, 4 months

1
0
0 0

[PATCH 05/25] zfcp: fix missing REC trigger trace on terminate_rport_io for ERP_FAILED

by Steffen Maier

For problem determination we always want to see when we were invoked on the terminate_rport_io callback whether we perform something or not. Temporal event sequence of interest with a long fast_io_fail_tmo of 27 sec: loose remote port t workqueue [s] zfcp_q_<dev> IRQ zfcperp<dev> === ================== =================== ============================ 0 recv RSCN q p.test_link_work block rport start fast_io_fail_tmo send ADISC ELS 4 recv ADISC fail block zfcp_port port forced reopen send open port 12 recv open port fail q p.gid_pn_work zfcp_erp_wakeup (zfcp_erp_wait would return) GID_PN fail Before this point, we got a SCSI trace with tag "sctrpi1" on fast_io_fail, e.g. with the typical 5 sec setting. port.status |= ERP_FAILED If fast_io_fail_tmo triggers after this point, we missed a SCSI trace. workqueue fc_dl_<host> ================== 27 fc_timeout_fail_rport_io fc_terminate_rport_io zfcp_scsi_terminate_rport_io zfcp_erp_port_forced_reopen _zfcp_erp_port_forced_reopen if (port.status & ERP_FAILED) return; Therefore, write a trace before above early return. Example trace record formatted with zfcpdbf from s390-tools: Timestamp : ... Area : REC Subarea : 00 Level : 1 Exception : - CPU ID : .. Caller : 0x... Record ID : 1 ZFCP_DBF_REC_TRIG Tag : sctrpi1 SCSI terminate rport I/O LUN : 0xffffffffffffffff none (invalid) WWPN : 0x<wwpn> D_ID : 0x<n_port_id> Adapter status : 0x... Port status : 0x... LUN status : 0x00000000 none (invalid) Ready count : 0x... Running count : 0x... ERP want : 0x03 ZFCP_ERP_ACTION_REOPEN_PORT_FORCED ERP need : 0xe0 ZFCP_ERP_ACTION_FAILED Signed-off-by: Steffen Maier <maier(a)linux.ibm.com> Cc: <stable(a)vger.kernel.org> #2.6.38+ Reviewed-by: Benjamin Block <bblock(a)linux.ibm.com> --- drivers/s390/scsi/zfcp_erp.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/drivers/s390/scsi/zfcp_erp.c b/drivers/s390/scsi/zfcp_erp.c index 3489b1bc9121..5c368cdfc455 100644 --- a/drivers/s390/scsi/zfcp_erp.c +++ b/drivers/s390/scsi/zfcp_erp.c @@ -42,9 +42,13 @@ enum zfcp_erp_steps { * @ZFCP_ERP_ACTION_REOPEN_PORT_FORCED: Forced port recovery. * @ZFCP_ERP_ACTION_REOPEN_ADAPTER: Adapter recovery. * @ZFCP_ERP_ACTION_NONE: Eyecatcher pseudo flag to bitwise or-combine with - * either of the other enum values. + * either of the first four enum values. * Used to indicate that an ERP action could not be * set up despite a detected need for some recovery. + * @ZFCP_ERP_ACTION_FAILED: Eyecatcher pseudo flag to bitwise or-combine with + * either of the first four enum values. + * Used to indicate that ERP not needed because + * the object has ZFCP_STATUS_COMMON_ERP_FAILED. */ enum zfcp_erp_act_type { ZFCP_ERP_ACTION_REOPEN_LUN = 1, @@ -52,6 +56,7 @@ enum zfcp_erp_act_type { ZFCP_ERP_ACTION_REOPEN_PORT_FORCED = 3, ZFCP_ERP_ACTION_REOPEN_ADAPTER = 4, ZFCP_ERP_ACTION_NONE = 0xc0, + ZFCP_ERP_ACTION_FAILED = 0xe0, }; enum zfcp_erp_act_state { @@ -379,8 +384,12 @@ static void _zfcp_erp_port_forced_reopen(struct zfcp_port *port, int clear, zfcp_erp_port_block(port, clear); zfcp_scsi_schedule_rport_block(port); - if (atomic_read(&port->status) & ZFCP_STATUS_COMMON_ERP_FAILED) + if (atomic_read(&port->status) & ZFCP_STATUS_COMMON_ERP_FAILED) { + zfcp_dbf_rec_trig(id, port->adapter, port, NULL, + ZFCP_ERP_ACTION_REOPEN_PORT_FORCED, + ZFCP_ERP_ACTION_FAILED); return; + } zfcp_erp_action_enqueue(ZFCP_ERP_ACTION_REOPEN_PORT_FORCED, port->adapter, port, NULL, id, 0); -- 2.16.3

7 years, 4 months

1
0
0 0

[PATCH 04/25] zfcp: fix missing REC trigger trace on terminate_rport_io early return

by Steffen Maier

get_device() and its internally used kobject_get() only return NULL if they get passed NULL as argument. zfcp_get_port_by_wwpn() loops over adapter->port_list so the iteration variable port is always non-NULL. Struct device is embedded in struct zfcp_port so &port->dev is always non-NULL. This is the argument to get_device(). However, if we get an fc_rport in terminate_rport_io() for which we cannot find a match within zfcp_get_port_by_wwpn(), the latter can return NULL. v2.6.30 commit 70932935b61e ("[SCSI] zfcp: Fix oops when port disappears") introduced an early return without adding a trace record for this case. Even if we don't need recovery in this case, for debugging we should still see that our callback was invoked originally by scsi_transport_fc. Example trace record formatted with zfcpdbf from s390-tools: Timestamp : ... Area : REC Subarea : 00 Level : 1 Exception : - CPU ID : .. Caller : 0x... Record ID : 1 Tag : sctrpin SCSI terminate rport I/O, no zfcp port LUN : 0xffffffffffffffff none (invalid) WWPN : 0x<wwpn> WWPN D_ID : 0x<n_port_id> N_Port-ID Adapter status : 0x... Port status : 0xffffffff unknown (-1) LUN status : 0x00000000 none (invalid) Ready count : 0x... Running count : 0x... ERP want : 0x03 ZFCP_ERP_ACTION_REOPEN_PORT_FORCED ERP need : 0xc0 ZFCP_ERP_ACTION_NONE Signed-off-by: Steffen Maier <maier(a)linux.ibm.com> Fixes: 70932935b61e ("[SCSI] zfcp: Fix oops when port disappears") Cc: <stable(a)vger.kernel.org> #2.6.38+ Reviewed-by: Benjamin Block <bblock(a)linux.ibm.com> --- drivers/s390/scsi/zfcp_erp.c | 20 ++++++++++++++++++++ drivers/s390/scsi/zfcp_ext.h | 3 +++ drivers/s390/scsi/zfcp_scsi.c | 5 +++++ 3 files changed, 28 insertions(+) diff --git a/drivers/s390/scsi/zfcp_erp.c b/drivers/s390/scsi/zfcp_erp.c index d9cd25b56cfa..3489b1bc9121 100644 --- a/drivers/s390/scsi/zfcp_erp.c +++ b/drivers/s390/scsi/zfcp_erp.c @@ -283,6 +283,26 @@ static int zfcp_erp_action_enqueue(int want, struct zfcp_adapter *adapter, return retval; } +void zfcp_erp_port_forced_no_port_dbf(char *id, struct zfcp_adapter *adapter, + u64 port_name, u32 port_id) +{ + unsigned long flags; + static /* don't waste stack */ struct zfcp_port tmpport; + + write_lock_irqsave(&adapter->erp_lock, flags); + /* Stand-in zfcp port with fields just good enough for + * zfcp_dbf_rec_trig() and zfcp_dbf_set_common(). + * Under lock because tmpport is static. + */ + atomic_set(&tmpport.status, -1); /* unknown */ + tmpport.wwpn = port_name; + tmpport.d_id = port_id; + zfcp_dbf_rec_trig(id, adapter, &tmpport, NULL, + ZFCP_ERP_ACTION_REOPEN_PORT_FORCED, + ZFCP_ERP_ACTION_NONE); + write_unlock_irqrestore(&adapter->erp_lock, flags); +} + static int _zfcp_erp_adapter_reopen(struct zfcp_adapter *adapter, int clear_mask, char *id) { diff --git a/drivers/s390/scsi/zfcp_ext.h b/drivers/s390/scsi/zfcp_ext.h index e55f42ce1168..3299bd345076 100644 --- a/drivers/s390/scsi/zfcp_ext.h +++ b/drivers/s390/scsi/zfcp_ext.h @@ -55,6 +55,9 @@ extern void zfcp_dbf_scsi_eh(char *tag, struct zfcp_adapter *adapter, /* zfcp_erp.c */ extern void zfcp_erp_set_adapter_status(struct zfcp_adapter *, u32); extern void zfcp_erp_clear_adapter_status(struct zfcp_adapter *, u32); +extern void zfcp_erp_port_forced_no_port_dbf(char *id, + struct zfcp_adapter *adapter, + u64 port_name, u32 port_id); extern void zfcp_erp_adapter_reopen(struct zfcp_adapter *, int, char *); extern void zfcp_erp_adapter_shutdown(struct zfcp_adapter *, int, char *); extern void zfcp_erp_set_port_status(struct zfcp_port *, u32); diff --git a/drivers/s390/scsi/zfcp_scsi.c b/drivers/s390/scsi/zfcp_scsi.c index 4fdb1665b0e6..478e7ef9ea2f 100644 --- a/drivers/s390/scsi/zfcp_scsi.c +++ b/drivers/s390/scsi/zfcp_scsi.c @@ -605,6 +605,11 @@ static void zfcp_scsi_terminate_rport_io(struct fc_rport *rport) if (port) { zfcp_erp_port_forced_reopen(port, 0, "sctrpi1"); put_device(&port->dev); + } else { + zfcp_erp_port_forced_no_port_dbf( + "sctrpin", adapter, + rport->port_name /* zfcp_scsi_rport_register */, + rport->port_id /* zfcp_scsi_rport_register */); } } -- 2.16.3

7 years, 4 months

1
0
0 0

[PATCH 03/25] zfcp: fix misleading REC trigger trace where erp_action setup failed

by Steffen Maier

If a SCSI device is deleted during scsi_eh host reset, we cannot get a reference to the SCSI device anymore since scsi_device_get returns !=0 by design. Assuming the recovery of adapter and port(s) was successful, zfcp_erp_strategy_followup_success() attempts to trigger a LUN reset for the half-gone SCSI device. Unfortunately, it causes the following confusing trace record which states that zfcp will do a LUN recovery as "ERP need" is ZFCP_ERP_ACTION_REOPEN_LUN == 1 and equals "ERP want". Old example trace record formatted with zfcpdbf from s390-tools: Tag: : ersfs_3 ERP, trigger, unit reopen, port reopen succeeded LUN : 0x<FCP_LUN> WWPN : 0x<WWPN> D_ID : 0x<N_Port-ID> Adapter status : 0x5400050b Port status : 0x54000001 LUN status : 0x40000000 ZFCP_STATUS_COMMON_RUNNING but not ZFCP_STATUS_COMMON_UNBLOCKED as it was closed on close part of adapter reopen ERP want : 0x01 ERP need : 0x01 misleading However, zfcp_erp_setup_act() returns NULL as it cannot get the reference. Hence, zfcp_erp_action_enqueue() takes an early goto out and _NO_ recovery actually happens. We always do want the recovery trigger trace record even if no erp_action could be enqueued as in this case. For other cases where we did not enqueue an erp_action, 'need' has always been zero to indicate this. In order to indicate above goto out, introduce an eyecatcher "flag" to mark the "ERP need" as 'not needed' but still keep the information which erp_action type, that zfcp_erp_required_act() had decided upon, is needed. 0xc_ is chosen to be visibly different from 0x0_ in "ERP want". New example trace record formatted with zfcpdbf from s390-tools: Tag: : ersfs_3 ERP, trigger, unit reopen, port reopen succeeded LUN : 0x<FCP_LUN> WWPN : 0x<WWPN> D_ID : 0x<N_Port-ID> Adapter status : 0x5400050b Port status : 0x54000001 LUN status : 0x40000000 ERP want : 0x01 ERP need : 0xc1 would need LUN ERP, but no action set up ^ Before v2.6.38 commit ae0904f60fab ("[SCSI] zfcp: Redesign of the debug tracing for recovery actions.") we could detect this case because the "erp_action" field in the trace was NULL. The rework removed erp_action as argument and field from the trace. This patch here is for tracing. A fix to allow LUN recovery in the case at hand is a topic for a separate patch. See also commit fdbd1c5e27da ("[SCSI] zfcp: Allow running unit/LUN shutdown without acquiring reference") for a similar case and background info. Signed-off-by: Steffen Maier <maier(a)linux.ibm.com> Fixes: ae0904f60fab ("[SCSI] zfcp: Redesign of the debug tracing for recovery actions.") Cc: <stable(a)vger.kernel.org> #2.6.38+ Reviewed-by: Benjamin Block <bblock(a)linux.ibm.com> --- drivers/s390/scsi/zfcp_erp.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/drivers/s390/scsi/zfcp_erp.c b/drivers/s390/scsi/zfcp_erp.c index 1d91a32db08e..d9cd25b56cfa 100644 --- a/drivers/s390/scsi/zfcp_erp.c +++ b/drivers/s390/scsi/zfcp_erp.c @@ -35,11 +35,23 @@ enum zfcp_erp_steps { ZFCP_ERP_STEP_LUN_OPENING = 0x2000, }; +/** + * enum zfcp_erp_act_type - Type of ERP action object. + * @ZFCP_ERP_ACTION_REOPEN_LUN: LUN recovery. + * @ZFCP_ERP_ACTION_REOPEN_PORT: Port recovery. + * @ZFCP_ERP_ACTION_REOPEN_PORT_FORCED: Forced port recovery. + * @ZFCP_ERP_ACTION_REOPEN_ADAPTER: Adapter recovery. + * @ZFCP_ERP_ACTION_NONE: Eyecatcher pseudo flag to bitwise or-combine with + * either of the other enum values. + * Used to indicate that an ERP action could not be + * set up despite a detected need for some recovery. + */ enum zfcp_erp_act_type { ZFCP_ERP_ACTION_REOPEN_LUN = 1, ZFCP_ERP_ACTION_REOPEN_PORT = 2, ZFCP_ERP_ACTION_REOPEN_PORT_FORCED = 3, ZFCP_ERP_ACTION_REOPEN_ADAPTER = 4, + ZFCP_ERP_ACTION_NONE = 0xc0, }; enum zfcp_erp_act_state { @@ -257,8 +269,10 @@ static int zfcp_erp_action_enqueue(int want, struct zfcp_adapter *adapter, goto out; act = zfcp_erp_setup_act(need, act_status, adapter, port, sdev); - if (!act) + if (!act) { + need |= ZFCP_ERP_ACTION_NONE; /* marker for trace */ goto out; + } atomic_or(ZFCP_STATUS_ADAPTER_ERP_PENDING, &adapter->status); ++adapter->erp_total_count; list_add_tail(&act->list, &adapter->erp_ready_head); -- 2.16.3

7 years, 4 months

1
0
0 0

[PATCH 02/25] zfcp: fix missing SCSI trace for retry of abort / scsi_eh TMF

by Steffen Maier

We already have a SCSI trace for the end of abort and scsi_eh TMF. Due to zfcp_erp_wait() and fc_block_scsi_eh() time can pass between the start of our eh callback and an actual send/recv of an abort / TMF request. In order to see the temporal sequence including any abort / TMF send retries, add a trace before the above two blocking functions. This supports problem determination with scsi_eh and parallel zfcp ERP. No need to explicitly trace the beginning of our eh callback, since we typically can send an abort / TMF and see its HBA response (in the worst case, it's a pseudo response on dismiss all of adapter recovery, e.g. due to an FSF request timeout [fsrth_1] of the abort / TMF). If we cannot send, we now get a trace record for the first "abrt_wt" or "[lt]r_wait" which denotes almost the beginning of the callback. No need to explicitly trace the wakeup after the above two blocking functions because the next retry loop causes another trace in any case and that is sufficient. Example trace records formatted with zfcpdbf from s390-tools: Timestamp : ... Area : SCSI Subarea : 00 Level : 1 Exception : - CPU ID : .. Caller : 0x... Record ID : 1 Tag : abrt_wt abort, before zfcp_erp_wait() Request ID : 0x0000000000000000 none (invalid) SCSI ID : 0x<scsi_id> SCSI LUN : 0x<scsi_lun> SCSI LUN high : 0x<scsi_lun_high> SCSI result : 0x<scsi_result_of_cmd_to_be_aborted> SCSI retries : 0x<retries_of_cmd_to_be_aborted> SCSI allowed : 0x<allowed_retries_of_cmd_to_be_aborted> SCSI scribble : 0x<req_id_of_cmd_to_be_aborted> SCSI opcode : <CDB_of_cmd_to_be_aborted> FCP rsp inf cod: 0x.. none (invalid) FCP rsp IU : ... none (invalid) Timestamp : ... Area : SCSI Subarea : 00 Level : 1 Exception : - CPU ID : .. Caller : 0x... Record ID : 1 Tag : lr_wait LUN reset, before zfcp_erp_wait() Request ID : 0x0000000000000000 none (invalid) SCSI ID : 0x<scsi_id> SCSI LUN : 0x<scsi_lun> SCSI LUN high : 0x<scsi_lun_high> SCSI result : 0x... unrelated SCSI retries : 0x.. unrelated SCSI allowed : 0x.. unrelated SCSI scribble : 0x... unrelated SCSI opcode : ... unrelated FCP rsp inf cod: 0x.. none (invalid) FCP rsp IU : ... none (invalid) Signed-off-by: Steffen Maier <maier(a)linux.ibm.com> Fixes: 63caf367e1c9 ("[SCSI] zfcp: Improve reliability of SCSI eh handlers in zfcp") Fixes: af4de36d911a ("[SCSI] zfcp: Block scsi_eh thread for rport state BLOCKED") Cc: <stable(a)vger.kernel.org> #2.6.38+ Reviewed-by: Benjamin Block <bblock(a)linux.ibm.com> --- drivers/s390/scsi/zfcp_scsi.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/s390/scsi/zfcp_scsi.c b/drivers/s390/scsi/zfcp_scsi.c index a62357f5e8b4..4fdb1665b0e6 100644 --- a/drivers/s390/scsi/zfcp_scsi.c +++ b/drivers/s390/scsi/zfcp_scsi.c @@ -181,6 +181,7 @@ static int zfcp_scsi_eh_abort_handler(struct scsi_cmnd *scpnt) if (abrt_req) break; + zfcp_dbf_scsi_abort("abrt_wt", scpnt, NULL); zfcp_erp_wait(adapter); ret = fc_block_scsi_eh(scpnt); if (ret) { @@ -277,6 +278,7 @@ static int zfcp_task_mgmt_function(struct scsi_cmnd *scpnt, u8 tm_flags) if (fsf_req) break; + zfcp_dbf_scsi_devreset("wait", scpnt, tm_flags, NULL); zfcp_erp_wait(adapter); ret = fc_block_scsi_eh(scpnt); if (ret) { -- 2.16.3

7 years, 4 months

1
0
0 0

[PATCH 01/25] zfcp: fix missing SCSI trace for result of eh_host_reset_handler

by Steffen Maier

For problem determination we need to see whether and why we were successful or not. This allows deduction of scsi_eh escalation. Example trace record formatted with zfcpdbf from s390-tools: Timestamp : ... Area : SCSI Subarea : 00 Level : 1 Exception : - CPU ID : .. Caller : 0x... Record ID : 1 Tag : schrh_r SCSI host reset handler result Request ID : 0x0000000000000000 none (invalid) SCSI ID : 0xffffffff none (invalid) SCSI LUN : 0xffffffff none (invalid) SCSI LUN high : 0xffffffff none (invalid) SCSI result : 0x00002002 field re-used for midlayer value: SUCCESS or in other cases: 0x2009 == FAST_IO_FAIL SCSI retries : 0xff none (invalid) SCSI allowed : 0xff none (invalid) SCSI scribble : 0xffffffffffffffff none (invalid) SCSI opcode : ffffffff ffffffff ffffffff ffffffff none (invalid) FCP rsp inf cod: 0xff none (invalid) FCP rsp IU : 00000000 00000000 00000000 00000000 none (invalid) 00000000 00000000 v2.6.35 commit a1dbfddd02d2 ("[SCSI] zfcp: Pass return code from fc_block_scsi_eh to scsi eh") introduced the first return with something other than the previously hardcoded single SUCCESS return path. Signed-off-by: Steffen Maier <maier(a)linux.ibm.com> Fixes: a1dbfddd02d2 ("[SCSI] zfcp: Pass return code from fc_block_scsi_eh to scsi eh") Cc: <stable(a)vger.kernel.org> #2.6.38+ Reviewed-by: Jens Remus <jremus(a)linux.ibm.com> Reviewed-by: Benjamin Block <bblock(a)linux.ibm.com> --- drivers/s390/scsi/zfcp_dbf.c | 40 ++++++++++++++++++++++++++++++++++++++++ drivers/s390/scsi/zfcp_ext.h | 2 ++ drivers/s390/scsi/zfcp_scsi.c | 11 ++++++----- 3 files changed, 48 insertions(+), 5 deletions(-) diff --git a/drivers/s390/scsi/zfcp_dbf.c b/drivers/s390/scsi/zfcp_dbf.c index a8b831000b2d..1e5ea5e4992b 100644 --- a/drivers/s390/scsi/zfcp_dbf.c +++ b/drivers/s390/scsi/zfcp_dbf.c @@ -643,6 +643,46 @@ void zfcp_dbf_scsi(char *tag, int level, struct scsi_cmnd *sc, spin_unlock_irqrestore(&dbf->scsi_lock, flags); } +/** + * zfcp_dbf_scsi_eh() - Trace event for special cases of scsi_eh callbacks. + * @tag: Identifier for event. + * @adapter: Pointer to zfcp adapter as context for this event. + * @scsi_id: SCSI ID/target to indicate scope of task management function (TMF). + * @ret: Return value of calling function. + * + * This SCSI trace variant does not depend on any of: + * scsi_cmnd, zfcp_fsf_req, scsi_device. + */ +void zfcp_dbf_scsi_eh(char *tag, struct zfcp_adapter *adapter, + unsigned int scsi_id, int ret) +{ + struct zfcp_dbf *dbf = adapter->dbf; + struct zfcp_dbf_scsi *rec = &dbf->scsi_buf; + unsigned long flags; + static int const level = 1; + + if (unlikely(!debug_level_enabled(adapter->dbf->scsi, level))) + return; + + spin_lock_irqsave(&dbf->scsi_lock, flags); + memset(rec, 0, sizeof(*rec)); + + memcpy(rec->tag, tag, ZFCP_DBF_TAG_LEN); + rec->id = ZFCP_DBF_SCSI_CMND; + rec->scsi_result = ret; /* re-use field, int is 4 bytes and fits */ + rec->scsi_retries = ~0; + rec->scsi_allowed = ~0; + rec->fcp_rsp_info = ~0; + rec->scsi_id = scsi_id; + rec->scsi_lun = (u32)ZFCP_DBF_INVALID_LUN; + rec->scsi_lun_64_hi = (u32)(ZFCP_DBF_INVALID_LUN >> 32); + rec->host_scribble = ~0; + memset(rec->scsi_opcode, 0xff, ZFCP_DBF_SCSI_OPCODE); + + debug_event(dbf->scsi, level, rec, sizeof(*rec)); + spin_unlock_irqrestore(&dbf->scsi_lock, flags); +} + static debug_info_t *zfcp_dbf_reg(const char *name, int size, int rec_size) { struct debug_info *d; diff --git a/drivers/s390/scsi/zfcp_ext.h b/drivers/s390/scsi/zfcp_ext.h index bf8ea4df2bb8..e55f42ce1168 100644 --- a/drivers/s390/scsi/zfcp_ext.h +++ b/drivers/s390/scsi/zfcp_ext.h @@ -49,6 +49,8 @@ extern void zfcp_dbf_san_res(char *, struct zfcp_fsf_req *); extern void zfcp_dbf_san_in_els(char *, struct zfcp_fsf_req *); extern void zfcp_dbf_scsi(char *, int, struct scsi_cmnd *, struct zfcp_fsf_req *); +extern void zfcp_dbf_scsi_eh(char *tag, struct zfcp_adapter *adapter, + unsigned int scsi_id, int ret); /* zfcp_erp.c */ extern void zfcp_erp_set_adapter_status(struct zfcp_adapter *, u32); diff --git a/drivers/s390/scsi/zfcp_scsi.c b/drivers/s390/scsi/zfcp_scsi.c index 4d2ba5682493..a62357f5e8b4 100644 --- a/drivers/s390/scsi/zfcp_scsi.c +++ b/drivers/s390/scsi/zfcp_scsi.c @@ -323,15 +323,16 @@ static int zfcp_scsi_eh_host_reset_handler(struct scsi_cmnd *scpnt) { struct zfcp_scsi_dev *zfcp_sdev = sdev_to_zfcp(scpnt->device); struct zfcp_adapter *adapter = zfcp_sdev->port->adapter; - int ret; + int ret = SUCCESS, fc_ret; zfcp_erp_adapter_reopen(adapter, 0, "schrh_1"); zfcp_erp_wait(adapter); - ret = fc_block_scsi_eh(scpnt); - if (ret) - return ret; + fc_ret = fc_block_scsi_eh(scpnt); + if (fc_ret) + ret = fc_ret; - return SUCCESS; + zfcp_dbf_scsi_eh("schrh_r", adapter, ~0, ret); + return ret; } struct scsi_transport_template *zfcp_scsi_transport_template; -- 2.16.3

7 years, 4 months

1
0
0 0

FAILED: patch "net: ethernet: ti: cpsw: fix packet leaking in dual_mac mode" failed to build on 4.4 tree

by Dan Rue

It seems that patch "net: ethernet: ti: cpsw: fix packet leaking in dual_mac mode" fails to build in the upcoming 4.4 release candidate. CC drivers/net/ethernet/ti/cpsw.o ../drivers/net/ethernet/ti/cpsw.c: In function ‘cpsw_add_dual_emac_def_ale_entries’: ../drivers/net/ethernet/ti/cpsw.c:1112:23: error: ‘cpsw’ undeclared (first use in this function); did you mean ‘cpts’? cpsw_ale_control_set(cpsw->ale, slave_port, ^~~~ cpts ../drivers/net/ethernet/ti/cpsw.c:1112:23: note: each undeclared identifier is reported only once for each function it appears in Thanks, Dan -- Linaro LKFT https://lkft.linaro.org/

7 years, 4 months

2
1
0 0

Applied "spi: spi-s3c64xx: Fix system resume support" to the spi tree

by Mark Brown

The patch spi: spi-s3c64xx: Fix system resume support has been applied to the spi tree at https://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi.git All being well this means that it will be integrated into the linux-next tree (usually sometime in the next 24 hours) and sent to Linus during the next merge window (or sooner if it is a bug fix), however if problems are discovered then the patch may be dropped or reverted. You may get further e-mails resulting from automated or manual testing and review of the tree, please engage with people reporting problems and send followup patches addressing any issues that are reported if needed. If any updates are required or you are submitting further changes they should be sent as incremental updates against current git, existing patches will not be replaced. Please add any relevant lists and maintainers to the CCs when replying to this mail. Thanks, Mark >From e935dba111621bd6a0c5d48e6511a4d9885103b4 Mon Sep 17 00:00:00 2001 From: Marek Szyprowski <m.szyprowski(a)samsung.com> Date: Wed, 16 May 2018 10:42:39 +0200 Subject: [PATCH] spi: spi-s3c64xx: Fix system resume support Since Linux v4.10 release (commit 1d9174fbc55e "PM / Runtime: Defer resuming of the device in pm_runtime_force_resume()"), pm_runtime_force_resume() function doesn't runtime resume device if it was not runtime active before system suspend. Thus, driver should not do any register access after pm_runtime_force_resume() without checking the runtime status of the device. To fix this issue, simply move s3c64xx_spi_hwinit() call to s3c64xx_spi_runtime_resume() to ensure that hardware is always properly initialized. This fixes Synchronous external abort issue on system suspend/resume cycle on newer Exynos SoCs. Signed-off-by: Marek Szyprowski <m.szyprowski(a)samsung.com> Reviewed-by: Krzysztof Kozlowski <krzk(a)kernel.org> Signed-off-by: Mark Brown <broonie(a)kernel.org> Cc: stable(a)vger.kernel.org --- drivers/spi/spi-s3c64xx.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/spi/spi-s3c64xx.c b/drivers/spi/spi-s3c64xx.c index f55dc78957ad..7b7151ec14c8 100644 --- a/drivers/spi/spi-s3c64xx.c +++ b/drivers/spi/spi-s3c64xx.c @@ -1292,8 +1292,6 @@ static int s3c64xx_spi_resume(struct device *dev) if (ret < 0) return ret; - s3c64xx_spi_hwinit(sdd); - return spi_master_resume(master); } #endif /* CONFIG_PM_SLEEP */ @@ -1331,6 +1329,8 @@ static int s3c64xx_spi_runtime_resume(struct device *dev) if (ret != 0) goto err_disable_src_clk; + s3c64xx_spi_hwinit(sdd); + return 0; err_disable_src_clk: -- 2.17.0

7 years, 4 months

1
0
0 0

net: ieee802154: 6lowpan: fix frag reassembly

by Stefan Schmidt

Hello. Please apply f18fa5de5ba7f1d6650951502bb96a6e4715a948 (net: ieee802154: 6lowpan: fix frag reassembly) to the 4.16.x stable tree. Earlier trees are not needed as the problem was introduced in 4.16. Normally net/ patches would come through DaveM, but he asked me for this one to submit it directly when i sent him the pull request. First time stable request on my side here, let me know if I got something wrong. regards Stefan Schmidt

7 years, 4 months

4
5
0 0

[PATCH v3-UPADATE 2/3] ioremap: Update pgtable free interfaces with addr

by Toshi Kani

From: Chintan Pandya <cpandya(a)codeaurora.org> The following kernel panic was observed on ARM64 platform due to a stale TLB entry. 1. ioremap with 4K size, a valid pte page table is set. 2. iounmap it, its pte entry is set to 0. 3. ioremap the same address with 2M size, update its pmd entry with a new value. 4. CPU may hit an exception because the old pmd entry is still in TLB, which leads to a kernel panic. Commit b6bdb7517c3d ("mm/vmalloc: add interfaces to free unmapped page table") has addressed this panic by falling to pte mappings in the above case on ARM64. To support pmd mappings in all cases, TLB purge needs to be performed in this case on ARM64. Add a new arg, 'addr', to pud_free_pmd_page() and pmd_free_pte_page() so that TLB purge can be added later in seprate patches. [toshi(a)hpe.com: merge changes, rewrite patch description] Fixes: 28ee90fe6048 ("x86/mm: implement free pmd/pte page interfaces") Signed-off-by: Chintan Pandya <cpandya(a)codeaurora.org> Signed-off-by: Toshi Kani <toshi.kani(a)hpe.com> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: Will Deacon <will.deacon(a)arm.com> Cc: Joerg Roedel <joro(a)8bytes.org> Cc: <stable(a)vger.kernel.org> --- v3-UPDATE - Rewrite patch description --- arch/arm64/mm/mmu.c | 4 ++-- arch/x86/mm/pgtable.c | 12 +++++++----- include/asm-generic/pgtable.h | 8 ++++---- lib/ioremap.c | 4 ++-- 4 files changed, 15 insertions(+), 13 deletions(-) diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c index 2dbb2c9f1ec1..da98828609a1 100644 --- a/arch/arm64/mm/mmu.c +++ b/arch/arm64/mm/mmu.c @@ -973,12 +973,12 @@ int pmd_clear_huge(pmd_t *pmdp) return 1; } -int pud_free_pmd_page(pud_t *pud) +int pud_free_pmd_page(pud_t *pud, unsigned long addr) { return pud_none(*pud); } -int pmd_free_pte_page(pmd_t *pmd) +int pmd_free_pte_page(pmd_t *pmd, unsigned long addr) { return pmd_none(*pmd); } diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c index 3f7180bc5f52..f60fdf411103 100644 --- a/arch/x86/mm/pgtable.c +++ b/arch/x86/mm/pgtable.c @@ -719,11 +719,12 @@ int pmd_clear_huge(pmd_t *pmd) /** * pud_free_pmd_page - Clear pud entry and free pmd page. * @pud: Pointer to a PUD. + * @addr: Virtual address associated with pud. * * Context: The pud range has been unmaped and TLB purged. * Return: 1 if clearing the entry succeeded. 0 otherwise. */ -int pud_free_pmd_page(pud_t *pud) +int pud_free_pmd_page(pud_t *pud, unsigned long addr) { pmd_t *pmd; int i; @@ -734,7 +735,7 @@ int pud_free_pmd_page(pud_t *pud) pmd = (pmd_t *)pud_page_vaddr(*pud); for (i = 0; i < PTRS_PER_PMD; i++) - if (!pmd_free_pte_page(&pmd[i])) + if (!pmd_free_pte_page(&pmd[i], addr + (i * PMD_SIZE))) return 0; pud_clear(pud); @@ -746,11 +747,12 @@ int pud_free_pmd_page(pud_t *pud) /** * pmd_free_pte_page - Clear pmd entry and free pte page. * @pmd: Pointer to a PMD. + * @addr: Virtual address associated with pmd. * * Context: The pmd range has been unmaped and TLB purged. * Return: 1 if clearing the entry succeeded. 0 otherwise. */ -int pmd_free_pte_page(pmd_t *pmd) +int pmd_free_pte_page(pmd_t *pmd, unsigned long addr) { pte_t *pte; @@ -766,7 +768,7 @@ int pmd_free_pte_page(pmd_t *pmd) #else /* !CONFIG_X86_64 */ -int pud_free_pmd_page(pud_t *pud) +int pud_free_pmd_page(pud_t *pud, unsigned long addr) { return pud_none(*pud); } @@ -775,7 +777,7 @@ int pud_free_pmd_page(pud_t *pud) * Disable free page handling on x86-PAE. This assures that ioremap() * does not update sync'd pmd entries. See vmalloc_sync_one(). */ -int pmd_free_pte_page(pmd_t *pmd) +int pmd_free_pte_page(pmd_t *pmd, unsigned long addr) { return pmd_none(*pmd); } diff --git a/include/asm-generic/pgtable.h b/include/asm-generic/pgtable.h index f59639afaa39..b081794ba135 100644 --- a/include/asm-generic/pgtable.h +++ b/include/asm-generic/pgtable.h @@ -1019,8 +1019,8 @@ int pud_set_huge(pud_t *pud, phys_addr_t addr, pgprot_t prot); int pmd_set_huge(pmd_t *pmd, phys_addr_t addr, pgprot_t prot); int pud_clear_huge(pud_t *pud); int pmd_clear_huge(pmd_t *pmd); -int pud_free_pmd_page(pud_t *pud); -int pmd_free_pte_page(pmd_t *pmd); +int pud_free_pmd_page(pud_t *pud, unsigned long addr); +int pmd_free_pte_page(pmd_t *pmd, unsigned long addr); #else /* !CONFIG_HAVE_ARCH_HUGE_VMAP */ static inline int p4d_set_huge(p4d_t *p4d, phys_addr_t addr, pgprot_t prot) { @@ -1046,11 +1046,11 @@ static inline int pmd_clear_huge(pmd_t *pmd) { return 0; } -static inline int pud_free_pmd_page(pud_t *pud) +static inline int pud_free_pmd_page(pud_t *pud, unsigned long addr) { return 0; } -static inline int pmd_free_pte_page(pmd_t *pmd) +static inline int pmd_free_pte_page(pmd_t *pmd, unsigned long addr) { return 0; } diff --git a/lib/ioremap.c b/lib/ioremap.c index 54e5bbaa3200..517f5853ffed 100644 --- a/lib/ioremap.c +++ b/lib/ioremap.c @@ -92,7 +92,7 @@ static inline int ioremap_pmd_range(pud_t *pud, unsigned long addr, if (ioremap_pmd_enabled() && ((next - addr) == PMD_SIZE) && IS_ALIGNED(phys_addr + addr, PMD_SIZE) && - pmd_free_pte_page(pmd)) { + pmd_free_pte_page(pmd, addr)) { if (pmd_set_huge(pmd, phys_addr + addr, prot)) continue; } @@ -119,7 +119,7 @@ static inline int ioremap_pud_range(p4d_t *p4d, unsigned long addr, if (ioremap_pud_enabled() && ((next - addr) == PUD_SIZE) && IS_ALIGNED(phys_addr + addr, PUD_SIZE) && - pud_free_pmd_page(pud)) { + pud_free_pmd_page(pud, addr)) { if (pud_set_huge(pud, phys_addr + addr, prot)) continue; }

7 years, 4 months

1
0
0 0

[PATCH 1/1] bcache: return 0 from bch_debug_init() if CONFIG_DEBUG_FS=n

by Coly Li

Commit 539d39eb2708 ("bcache: fix wrong return value in bch_debug_init()") returns the return value of debugfs_create_dir() to bcache_init(). When CONFIG_DEBUG_FS=n, bch_debug_init() always returns 1 and makes bcache_init() failedi. This patch makes bch_debug_init() always returns 0 if CONFIG_DEBUG_FS=n, so bcache can continue to work for the kernels which don't have debugfs enanbled. Changelog: v4: Add Acked-by from Kent Overstreet. v3: Use IS_ENABLED(CONFIG_DEBUG_FS) to replace #ifdef DEBUG_FS. v2: Remove a warning information v1: Initial version. Fixes: Commit 539d39eb2708 ("bcache: fix wrong return value in bch_debug_init()") Cc: stable(a)vger.kernel.org Signed-off-by: Coly Li <colyli(a)suse.de> Reported-by: Massimo B. <massimo.b(a)gmx.net> Reported-by: Kai Krakow <kai(a)kaishome.de> Tested-by: Kai Krakow <kai(a)kaishome.de> Acked-by: Kent Overstreet <kent.overstreet(a)gmail.com> --- drivers/md/bcache/debug.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/md/bcache/debug.c b/drivers/md/bcache/debug.c index 4e63c6f6c04d..d030ce3025a6 100644 --- a/drivers/md/bcache/debug.c +++ b/drivers/md/bcache/debug.c @@ -250,7 +250,9 @@ void bch_debug_exit(void) int __init bch_debug_init(struct kobject *kobj) { - bcache_debug = debugfs_create_dir("bcache", NULL); + if (!IS_ENABLED(CONFIG_DEBUG_FS)) + return 0; + bcache_debug = debugfs_create_dir("bcache", NULL); return IS_ERR_OR_NULL(bcache_debug); } -- 2.16.3

7 years, 4 months

2
1
0 0

[PATCH 5/7] ext4: pass -ESHUTDOWN code to jbd2 layer

by Theodore Ts'o

Previously the jbd2 layer assumed that a file system check would be required after a journal abort. In the case of the deliberate file system shutdown, this should not be necessary. Allow the jbd2 layer to distinguish between these two cases by using the ESHUTDOWN errno. Also add proper locking to __journal_abort_soft(). Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Cc: stable(a)vger.kernel.org --- fs/ext4/ioctl.c | 4 ++-- fs/jbd2/journal.c | 25 +++++++++++++++++++------ 2 files changed, 21 insertions(+), 8 deletions(-) diff --git a/fs/ext4/ioctl.c b/fs/ext4/ioctl.c index 16d3d1325f5b..9ac33a7cbd32 100644 --- a/fs/ext4/ioctl.c +++ b/fs/ext4/ioctl.c @@ -493,13 +493,13 @@ static int ext4_shutdown(struct super_block *sb, unsigned long arg) set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags); if (sbi->s_journal && !is_journal_aborted(sbi->s_journal)) { (void) ext4_force_commit(sb); - jbd2_journal_abort(sbi->s_journal, 0); + jbd2_journal_abort(sbi->s_journal, -ESHUTDOWN); } break; case EXT4_GOING_FLAGS_NOLOGFLUSH: set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags); if (sbi->s_journal && !is_journal_aborted(sbi->s_journal)) - jbd2_journal_abort(sbi->s_journal, 0); + jbd2_journal_abort(sbi->s_journal, -ESHUTDOWN); break; default: return -EINVAL; diff --git a/fs/jbd2/journal.c b/fs/jbd2/journal.c index 3fbf48ec2188..efa0c72a0b9f 100644 --- a/fs/jbd2/journal.c +++ b/fs/jbd2/journal.c @@ -1483,12 +1483,15 @@ static void jbd2_mark_journal_empty(journal_t *journal, int write_op) void jbd2_journal_update_sb_errno(journal_t *journal) { journal_superblock_t *sb = journal->j_superblock; + int errcode; read_lock(&journal->j_state_lock); - jbd_debug(1, "JBD2: updating superblock error (errno %d)\n", - journal->j_errno); - sb->s_errno = cpu_to_be32(journal->j_errno); + errcode = journal->j_errno; read_unlock(&journal->j_state_lock); + if (errcode == -ESHUTDOWN) + errcode = 0; + jbd_debug(1, "JBD2: updating superblock error (errno %d)\n", errcode); + sb->s_errno = cpu_to_be32(errcode); jbd2_write_superblock(journal, REQ_SYNC | REQ_FUA); } @@ -2105,12 +2108,22 @@ void __jbd2_journal_abort_hard(journal_t *journal) * but don't do any other IO. */ static void __journal_abort_soft (journal_t *journal, int errno) { - if (journal->j_flags & JBD2_ABORT) - return; + int old_errno; - if (!journal->j_errno) + write_lock(&journal->j_state_lock); + old_errno = journal->j_errno; + if (!journal->j_errno || errno == -ESHUTDOWN) journal->j_errno = errno; + if (journal->j_flags & JBD2_ABORT) { + write_unlock(&journal->j_state_lock); + if (!old_errno && old_errno != -ESHUTDOWN && + errno == -ESHUTDOWN) + jbd2_journal_update_sb_errno(journal); + return; + } + write_unlock(&journal->j_state_lock); + __jbd2_journal_abort_hard(journal); if (errno) { -- 2.16.1.72.g5be1f00a9a

7 years, 4 months

3
3
0 0

Re: [PATCH] powerpc/lib: Remove .balign inside string functions for PPC32

by Nicholas Piggin

On Thu, 17 May 2018 16:21:17 +0200 Christophe LEROY <christophe.leroy(a)c-s.fr> wrote: > Le 17/05/2018 à 15:46, Michael Ellerman a écrit : > > Nicholas Piggin <npiggin(a)gmail.com> writes: > > > >> On Thu, 17 May 2018 12:04:13 +0200 (CEST) > >> Christophe Leroy <christophe.leroy(a)c-s.fr> wrote: > >> > >>> commit 87a156fb18fe1 ("Align hot loops of some string functions") > >>> degraded the performance of string functions by adding useless > >>> nops > >>> > >>> A simple benchmark on an 8xx calling 100000x a memchr() that > >>> matches the first byte runs in 41668 TB ticks before this patch > >>> and in 35986 TB ticks after this patch. So this gives an > >>> improvement of approx 10% > >>> > >>> Another benchmark doing the same with a memchr() matching the 128th > >>> byte runs in 1011365 TB ticks before this patch and 1005682 TB ticks > >>> after this patch, so regardless on the number of loops, removing > >>> those useless nops improves the test by 5683 TB ticks. > >>> > >>> Fixes: 87a156fb18fe1 ("Align hot loops of some string functions") > >>> Signed-off-by: Christophe Leroy <christophe.leroy(a)c-s.fr> > >>> --- > >>> Was sent already as part of a serie optimising string functions. > >>> Resending on itself as it is independent of the other changes in the > >>> serie > >>> > >>> arch/powerpc/lib/string.S | 6 ++++++ > >>> 1 file changed, 6 insertions(+) > >>> > >>> diff --git a/arch/powerpc/lib/string.S b/arch/powerpc/lib/string.S > >>> index a787776822d8..a026d8fa8a99 100644 > >>> --- a/arch/powerpc/lib/string.S > >>> +++ b/arch/powerpc/lib/string.S > >>> @@ -23,7 +23,9 @@ _GLOBAL(strncpy) > >>> mtctr r5 > >>> addi r6,r3,-1 > >>> addi r4,r4,-1 > >>> +#ifdef CONFIG_PPC64 > >>> .balign 16 > >>> +#endif > >>> 1: lbzu r0,1(r4) > >>> cmpwi 0,r0,0 > >>> stbu r0,1(r6) > >> > >> The ifdefs are a bit ugly, but you can't argue with the numbers. These > >> alignments should be IFETCH_ALIGN_BYTES, which is intended to optimise > >> the ifetch performance when you have such a loop (although there is > >> always a tradeoff for a single iteration). > >> > >> Would it make sense to define that for 32-bit as well, and you could use > >> it here instead of the ifdefs? Small CPUs could just use 0. > > > > Can we do it with a macro in the header, eg. like: > > > > #ifdef CONFIG_PPC64 > > #define IFETCH_BALIGN .balign IFETCH_ALIGN_BYTES > > #endif > > > > ... > > > > addi r4,r4,-1 > > IFETCH_BALIGN > > 1: lbzu r0,1(r4) > > > > > > Why not just define IFETCH_ALIGN_SHIFT for PPC32 as well in asm/cache.h > ?, then replace the .balign 16 by .balign IFETCH_ALIGN_BYTES (or .align > IFETCH_ALIGN_SHIFT) ? Yeah that's what I was thinking. I would do that. Thanks, Nick

7 years, 4 months

1
0
0 0

[PATCH 2/2] powerpc/powernv: Fix NVRAM sleep in invalid context when crashing

by Nicholas Piggin

Similarly to opal_event_shutdown, opal_nvram_write can be called in the crash path with irqs disabled. Special case the delay to avoid sleeping in invalid context. Cc: stable(a)vger.kernel.org # v3.2 Fixes: 3b8070335f ("powerpc/powernv: Fix OPAL NVRAM driver OPAL_BUSY loops") Signed-off-by: Nicholas Piggin <npiggin(a)gmail.com> --- arch/powerpc/platforms/powernv/opal-nvram.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/arch/powerpc/platforms/powernv/opal-nvram.c b/arch/powerpc/platforms/powernv/opal-nvram.c index 1bceb95f422d..5584247f5029 100644 --- a/arch/powerpc/platforms/powernv/opal-nvram.c +++ b/arch/powerpc/platforms/powernv/opal-nvram.c @@ -44,6 +44,10 @@ static ssize_t opal_nvram_read(char *buf, size_t count, loff_t *index) return count; } +/* + * This can be called in the panic path with interrupts off, so use + * mdelay in that case. + */ static ssize_t opal_nvram_write(char *buf, size_t count, loff_t *index) { s64 rc = OPAL_BUSY; @@ -58,10 +62,16 @@ static ssize_t opal_nvram_write(char *buf, size_t count, loff_t *index) while (rc == OPAL_BUSY || rc == OPAL_BUSY_EVENT) { rc = opal_write_nvram(__pa(buf), count, off); if (rc == OPAL_BUSY_EVENT) { - msleep(OPAL_BUSY_DELAY_MS); + if (in_interrupt() || irqs_disabled()) + mdelay(OPAL_BUSY_DELAY_MS); + else + msleep(OPAL_BUSY_DELAY_MS); opal_poll_events(NULL); } else if (rc == OPAL_BUSY) { - msleep(OPAL_BUSY_DELAY_MS); + if (in_interrupt() || irqs_disabled()) + mdelay(OPAL_BUSY_DELAY_MS); + else + msleep(OPAL_BUSY_DELAY_MS); } } -- 2.17.0

7 years, 4 months

2
1
0 0

[PATCH v3] bcache: return 0 from bch_debug_init() if CONFIG_DEBUG_FS=n

by Coly Li

Commit 539d39eb2708 ("bcache: fix wrong return value in bch_debug_init()") returns the return value of debugfs_create_dir() to bcache_init(). When CONFIG_DEBUG_FS=n, bch_debug_init() always returns 1 and makes bcache_init() failedi. This patch makes bch_debug_init() always returns 0 if CONFIG_DEBUG_FS=n, so bcache can continue to work for the kernels which don't have debugfs enanbled. Fixes: Commit 539d39eb2708 ("bcache: fix wrong return value in bch_debug_init()") Cc: stable(a)vger.kernel.org Signed-off-by: Coly Li <colyli(a)suse.de> Reported-by: Massimo B. <massimo.b(a)gmx.net> Reported-by: Kai Krakow <kai(a)kaishome.de> Tested-by: Kai Krakow <kai(a)kaishome.de> Cc: Kent Overstreet <kent.overstreet(a)gmail.com> --- drivers/md/bcache/debug.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/md/bcache/debug.c b/drivers/md/bcache/debug.c index 4e63c6f6c04d..d030ce3025a6 100644 --- a/drivers/md/bcache/debug.c +++ b/drivers/md/bcache/debug.c @@ -250,7 +250,9 @@ void bch_debug_exit(void) int __init bch_debug_init(struct kobject *kobj) { - bcache_debug = debugfs_create_dir("bcache", NULL); + if (!IS_ENABLED(CONFIG_DEBUG_FS)) + return 0; + bcache_debug = debugfs_create_dir("bcache", NULL); return IS_ERR_OR_NULL(bcache_debug); } -- 2.16.3

7 years, 4 months

2
1
0 0

[PATCH v2] bcache: return 0 from bch_debug_init() if CONFIG_DEBUG_FS=n

by Coly Li

Commit 539d39eb2708 ("bcache: fix wrong return value in bch_debug_init()") returns the return value of debugfs_create_dir() to bcache_init(). When CONFIG_DEBUG_FS=n, bch_debug_init() always returns 1 and makes bcache_init() failedi. This patch makes bch_debug_init() always returns 0 if CONFIG_DEBUG_FS=n, so bcache can continue to work for the kernels which don't have debugfs enanbled. Fixes: Commit 539d39eb2708 ("bcache: fix wrong return value in bch_debug_init()") Cc: stable(a)vger.kernel.org Signed-off-by: Coly Li <colyli(a)suse.de> Reported-by: Massimo B. <massimo.b(a)gmx.net> Reported-by: Kai Krakow <kai(a)kaishome.de> Tested-by: Kai Krakow <kai(a)kaishome.de> Cc: Kent Overstreet <kent.overstreet(a)gmail.com> --- drivers/md/bcache/bcache.h | 5 +++++ drivers/md/bcache/debug.c | 8 ++++---- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/drivers/md/bcache/bcache.h b/drivers/md/bcache/bcache.h index 3a0cfb237af9..5b3fe87f32ee 100644 --- a/drivers/md/bcache/bcache.h +++ b/drivers/md/bcache/bcache.h @@ -994,8 +994,13 @@ void bch_open_buckets_free(struct cache_set *); int bch_cache_allocator_start(struct cache *ca); +#ifdef CONFIG_DEBUG_FS void bch_debug_exit(void); int bch_debug_init(struct kobject *); +#else +static inline void bch_debug_exit(void) {}; +static inline int bch_debug_init(struct kobject *kobj) { return 0; }; +#endif void bch_request_exit(void); int bch_request_init(void); diff --git a/drivers/md/bcache/debug.c b/drivers/md/bcache/debug.c index 4e63c6f6c04d..20e5e524e88e 100644 --- a/drivers/md/bcache/debug.c +++ b/drivers/md/bcache/debug.c @@ -17,8 +17,6 @@ #include <linux/random.h> #include <linux/seq_file.h> -struct dentry *bcache_debug; - #ifdef CONFIG_BCACHE_DEBUG #define for_each_written_bset(b, start, i) \ @@ -151,6 +149,8 @@ void bch_data_verify(struct cached_dev *dc, struct bio *bio) /* XXX: cache set refcounting */ +struct dentry *bcache_debug; + struct dump_iterator { char buf[PAGE_SIZE]; size_t bytes; @@ -240,8 +240,6 @@ void bch_debug_init_cache_set(struct cache_set *c) } } -#endif - void bch_debug_exit(void) { if (!IS_ERR_OR_NULL(bcache_debug)) @@ -254,3 +252,5 @@ int __init bch_debug_init(struct kobject *kobj) return IS_ERR_OR_NULL(bcache_debug); } + +#endif -- 2.16.3

7 years, 4 months

2
2
0 0

[PATCH v3 2/3] ioremap: Update pgtable free interfaces with addr

by Toshi Kani

From: Chintan Pandya <cpandya(a)codeaurora.org> This patch ("mm/vmalloc: Add interfaces to free unmapped page table") adds following 2 interfaces to free the page table in case we implement huge mapping. pud_free_pmd_page() and pmd_free_pte_page() Some architectures (like arm64) needs to do proper TLB maintanance after updating pagetable entry even in map. Why ? Read this, https://patchwork.kernel.org/patch/10134581/ Pass 'addr' in these interfaces so that proper TLB ops can be performed. [toshi(a)hpe.com: merge changes] Fixes: 28ee90fe6048 ("x86/mm: implement free pmd/pte page interfaces") Signed-off-by: Chintan Pandya <cpandya(a)codeaurora.org> Signed-off-by: Toshi Kani <toshi.kani(a)hpe.com> Cc: <stable(a)vger.kernel.org> --- arch/arm64/mm/mmu.c | 4 ++-- arch/x86/mm/pgtable.c | 12 +++++++----- include/asm-generic/pgtable.h | 8 ++++---- lib/ioremap.c | 4 ++-- 4 files changed, 15 insertions(+), 13 deletions(-) diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c index 2dbb2c9f1ec1..da98828609a1 100644 --- a/arch/arm64/mm/mmu.c +++ b/arch/arm64/mm/mmu.c @@ -973,12 +973,12 @@ int pmd_clear_huge(pmd_t *pmdp) return 1; } -int pud_free_pmd_page(pud_t *pud) +int pud_free_pmd_page(pud_t *pud, unsigned long addr) { return pud_none(*pud); } -int pmd_free_pte_page(pmd_t *pmd) +int pmd_free_pte_page(pmd_t *pmd, unsigned long addr) { return pmd_none(*pmd); } diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c index 3f7180bc5f52..f60fdf411103 100644 --- a/arch/x86/mm/pgtable.c +++ b/arch/x86/mm/pgtable.c @@ -719,11 +719,12 @@ int pmd_clear_huge(pmd_t *pmd) /** * pud_free_pmd_page - Clear pud entry and free pmd page. * @pud: Pointer to a PUD. + * @addr: Virtual address associated with pud. * * Context: The pud range has been unmaped and TLB purged. * Return: 1 if clearing the entry succeeded. 0 otherwise. */ -int pud_free_pmd_page(pud_t *pud) +int pud_free_pmd_page(pud_t *pud, unsigned long addr) { pmd_t *pmd; int i; @@ -734,7 +735,7 @@ int pud_free_pmd_page(pud_t *pud) pmd = (pmd_t *)pud_page_vaddr(*pud); for (i = 0; i < PTRS_PER_PMD; i++) - if (!pmd_free_pte_page(&pmd[i])) + if (!pmd_free_pte_page(&pmd[i], addr + (i * PMD_SIZE))) return 0; pud_clear(pud); @@ -746,11 +747,12 @@ int pud_free_pmd_page(pud_t *pud) /** * pmd_free_pte_page - Clear pmd entry and free pte page. * @pmd: Pointer to a PMD. + * @addr: Virtual address associated with pmd. * * Context: The pmd range has been unmaped and TLB purged. * Return: 1 if clearing the entry succeeded. 0 otherwise. */ -int pmd_free_pte_page(pmd_t *pmd) +int pmd_free_pte_page(pmd_t *pmd, unsigned long addr) { pte_t *pte; @@ -766,7 +768,7 @@ int pmd_free_pte_page(pmd_t *pmd) #else /* !CONFIG_X86_64 */ -int pud_free_pmd_page(pud_t *pud) +int pud_free_pmd_page(pud_t *pud, unsigned long addr) { return pud_none(*pud); } @@ -775,7 +777,7 @@ int pud_free_pmd_page(pud_t *pud) * Disable free page handling on x86-PAE. This assures that ioremap() * does not update sync'd pmd entries. See vmalloc_sync_one(). */ -int pmd_free_pte_page(pmd_t *pmd) +int pmd_free_pte_page(pmd_t *pmd, unsigned long addr) { return pmd_none(*pmd); } diff --git a/include/asm-generic/pgtable.h b/include/asm-generic/pgtable.h index f59639afaa39..b081794ba135 100644 --- a/include/asm-generic/pgtable.h +++ b/include/asm-generic/pgtable.h @@ -1019,8 +1019,8 @@ int pud_set_huge(pud_t *pud, phys_addr_t addr, pgprot_t prot); int pmd_set_huge(pmd_t *pmd, phys_addr_t addr, pgprot_t prot); int pud_clear_huge(pud_t *pud); int pmd_clear_huge(pmd_t *pmd); -int pud_free_pmd_page(pud_t *pud); -int pmd_free_pte_page(pmd_t *pmd); +int pud_free_pmd_page(pud_t *pud, unsigned long addr); +int pmd_free_pte_page(pmd_t *pmd, unsigned long addr); #else /* !CONFIG_HAVE_ARCH_HUGE_VMAP */ static inline int p4d_set_huge(p4d_t *p4d, phys_addr_t addr, pgprot_t prot) { @@ -1046,11 +1046,11 @@ static inline int pmd_clear_huge(pmd_t *pmd) { return 0; } -static inline int pud_free_pmd_page(pud_t *pud) +static inline int pud_free_pmd_page(pud_t *pud, unsigned long addr) { return 0; } -static inline int pmd_free_pte_page(pmd_t *pmd) +static inline int pmd_free_pte_page(pmd_t *pmd, unsigned long addr) { return 0; } diff --git a/lib/ioremap.c b/lib/ioremap.c index 54e5bbaa3200..517f5853ffed 100644 --- a/lib/ioremap.c +++ b/lib/ioremap.c @@ -92,7 +92,7 @@ static inline int ioremap_pmd_range(pud_t *pud, unsigned long addr, if (ioremap_pmd_enabled() && ((next - addr) == PMD_SIZE) && IS_ALIGNED(phys_addr + addr, PMD_SIZE) && - pmd_free_pte_page(pmd)) { + pmd_free_pte_page(pmd, addr)) { if (pmd_set_huge(pmd, phys_addr + addr, prot)) continue; } @@ -119,7 +119,7 @@ static inline int ioremap_pud_range(p4d_t *p4d, unsigned long addr, if (ioremap_pud_enabled() && ((next - addr) == PUD_SIZE) && IS_ALIGNED(phys_addr + addr, PUD_SIZE) && - pud_free_pmd_page(pud)) { + pud_free_pmd_page(pud, addr)) { if (pud_set_huge(pud, phys_addr + addr, prot)) continue; }

7 years, 4 months

3
2
0 0

FAILED: patch "[PATCH] btrfs: Take trans lock before access running trans in" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 998ac6d21cfd6efd58f5edf420bae8839dda9f2a Mon Sep 17 00:00:00 2001 From: ethanwu <ethanwu(a)synology.com> Date: Sun, 29 Apr 2018 15:59:42 +0800 Subject: [PATCH] btrfs: Take trans lock before access running trans in check_delayed_ref In preivous patch: Btrfs: kill trans in run_delalloc_nocow and btrfs_cross_ref_exist We avoid starting btrfs transaction and get this information from fs_info->running_transaction directly. When accessing running_transaction in check_delayed_ref, there's a chance that current transaction will be freed by commit transaction after the NULL pointer check of running_transaction is passed. After looking all the other places using fs_info->running_transaction, they are either protected by trans_lock or holding the transactions. Fix this by using trans_lock and increasing the use_count. Fixes: e4c3b2dcd144 ("Btrfs: kill trans in run_delalloc_nocow and btrfs_cross_ref_exist") CC: stable(a)vger.kernel.org # 4.14+ Signed-off-by: ethanwu <ethanwu(a)synology.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c index f99102063366..3871658b6ab1 100644 --- a/fs/btrfs/extent-tree.c +++ b/fs/btrfs/extent-tree.c @@ -3142,7 +3142,11 @@ static noinline int check_delayed_ref(struct btrfs_root *root, struct rb_node *node; int ret = 0; + spin_lock(&root->fs_info->trans_lock); cur_trans = root->fs_info->running_transaction; + if (cur_trans) + refcount_inc(&cur_trans->use_count); + spin_unlock(&root->fs_info->trans_lock); if (!cur_trans) return 0; @@ -3151,6 +3155,7 @@ static noinline int check_delayed_ref(struct btrfs_root *root, head = btrfs_find_delayed_ref_head(delayed_refs, bytenr); if (!head) { spin_unlock(&delayed_refs->lock); + btrfs_put_transaction(cur_trans); return 0; } @@ -3167,6 +3172,7 @@ static noinline int check_delayed_ref(struct btrfs_root *root, mutex_lock(&head->mutex); mutex_unlock(&head->mutex); btrfs_put_delayed_ref_head(head); + btrfs_put_transaction(cur_trans); return -EAGAIN; } spin_unlock(&delayed_refs->lock); @@ -3199,6 +3205,7 @@ static noinline int check_delayed_ref(struct btrfs_root *root, } spin_unlock(&head->lock); mutex_unlock(&head->mutex); + btrfs_put_transaction(cur_trans); return ret; }

7 years, 4 months

3
2
0 0

[PATCH 1/2][stable-4.4] arm64: introduce mov_q macro to move a constant into a 64-bit register

by Suzuki K Poulose

commit 30b5ba5cf333cc650e474eaf2cc1ae91bc7cf89f upstream Implement a macro mov_q that can be used to move an immediate constant into a 64-bit register, using between 2 and 4 movz/movk instructions (depending on the operand) Cc: stable(a)vger.kernel.org # v4.4 Acked-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Suzuki K Poulose <suzuki.poulose(a)arm.com> --- Cherry picked for backport of "commit ece1397cbc89c51914fae1aec729539cfd8bd62b upstream" --- arch/arm64/include/asm/assembler.h | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/arch/arm64/include/asm/assembler.h b/arch/arm64/include/asm/assembler.h index 12eff92..83e2309 100644 --- a/arch/arm64/include/asm/assembler.h +++ b/arch/arm64/include/asm/assembler.h @@ -204,4 +204,24 @@ lr .req x30 // link register .size __pi_##x, . - x; \ ENDPROC(x) + /* + * mov_q - move an immediate constant into a 64-bit register using + * between 2 and 4 movz/movk instructions (depending on the + * magnitude and sign of the operand) + */ + .macro mov_q, reg, val + .if (((\val) >> 31) == 0 || ((\val) >> 31) == 0x1ffffffff) + movz \reg, :abs_g1_s:\val + .else + .if (((\val) >> 47) == 0 || ((\val) >> 47) == 0x1ffff) + movz \reg, :abs_g2_s:\val + .else + movz \reg, :abs_g3:\val + movk \reg, :abs_g2_nc:\val + .endif + movk \reg, :abs_g1_nc:\val + .endif + movk \reg, :abs_g0_nc:\val + .endm + #endif /* __ASM_ASSEMBLER_H */ -- 2.7.4

7 years, 4 months

2
2
0 0

[PATCH 4.4 00/72] 4.4.127-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.4.127 release. There are 72 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun Apr 8 08:42:48 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.127-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.4.127-rc1 Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "ip6_vti: adjust vti mtu according to mtu of lower device" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> net: cavium: liquidio: fix up "Avoid dma_unmap_single on uninitialized ndata" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> spi: davinci: fix up dma_mapping_error() incorrect patch Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "mtip32xx: use runtime tag to initialize command header" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "cpufreq: Fix governor module removal race" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "ARM: dts: omap3-n900: Fix the audio CODEC's reset pin" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "ARM: dts: am335x-pepper: Fix the audio CODEC's reset pin" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "PCI/MSI: Stop disabling MSI/MSI-X in pci_device_shutdown()" Dan Williams <dan.j.williams(a)intel.com> nospec: Kill array_index_nospec_mask_check() Will Deacon <will.deacon(a)arm.com> nospec: Move array_index_nospec() parameter checking into separate macro Matthias Brugger <matthias.bgg(a)gmail.com> net: hns: Fix ethtool private flags Guoqing Jiang <gqjiang(a)suse.com> md/raid10: reset the 'first' at the end of loop Keerthy <j-keerthy(a)ti.com> ARM: dts: am57xx-beagle-x15-common: Add overide powerhold property Keerthy <j-keerthy(a)ti.com> ARM: dts: dra7: Add power hold and power controller properties to palmas Keerthy <j-keerthy(a)ti.com> Documentation: pinctrl: palmas: Add ti,palmas-powerhold-override property definition Mike Frysinger <vapier(a)chromium.org> vt: change SGR 21 to follow the standards Ondrej Zary <linux(a)rainbow-software.org> Input: i8042 - enable MUX on Sony VAIO VGN-CS series to fix touchpad Dennis Wassenberg <dennis.wassenberg(a)secunet.com> Input: i8042 - add Lenovo ThinkPad L460 to i8042 reset list Frank Mori Hess <fmh6jj(a)gmail.com> staging: comedi: ni_mio_common: ack ai fifo error interrupts. Andy Lutomirski <luto(a)kernel.org> fs/proc: Stop trying to report thread stacks Eric Biggers <ebiggers(a)google.com> crypto: x86/cast5-avx - fix ECB encryption when long sg follows short one Herbert Xu <herbert(a)gondor.apana.org.au> crypto: ahash - Fix early termination in hash walk Alexander Gerasiov <gq(a)redlab-i.ru> parport_pc: Add support for WCH CH382L PCI-E single parallel port card. Oliver Neukum <oneukum(a)suse.com> media: usbtv: prevent double free in error case Colin Ian King <colin.king(a)canonical.com> mei: remove dev_err message on an unsupported ioctl Johan Hovold <johan(a)kernel.org> USB: serial: cp210x: add ELDAT Easywave RX09 id Clemens Werther <clemens.werther(a)gmail.com> USB: serial: ftdi_sio: add support for Harman FirmwareHubEmulator Major Hayden <major(a)mhtx.net> USB: serial: ftdi_sio: add RT Systems VX-8 cable John Stultz <john.stultz(a)linaro.org> usb: dwc2: Improve gadget state disconnection handling Paolo Bonzini <pbonzini(a)redhat.com> scsi: virtio_scsi: always read VPD pages for multiqueue too Alexander Potapenko <glider(a)google.com> llist: clang: introduce member_address_is_nonnull() Szymon Janc <szymon.janc(a)codecoup.pl> Bluetooth: Fix missing encryption refresh on Security Request Florian Westphal <fw(a)strlen.de> netfilter: x_tables: add and use xt_check_proc_name Florian Westphal <fw(a)strlen.de> netfilter: bridge: ebt_among: add more missing match size checks Steffen Klassert <steffen.klassert(a)secunet.com> xfrm: Refuse to insert 32 bit userspace socket policies on 64 bit systems Greg Hackmann <ghackmann(a)google.com> net: xfrm: use preempt-safe this_cpu_read() in ipcomp_alloc_tfms() Roland Dreier <roland(a)purestorage.com> RDMA/ucma: Introduce safer rdma_addr_size() variants Leon Romanovsky <leonro(a)mellanox.com> RDMA/ucma: Don't allow join attempts for unsupported AF family Leon Romanovsky <leonro(a)mellanox.com> RDMA/ucma: Check that device exists prior to accessing it Leon Romanovsky <leonro(a)mellanox.com> RDMA/ucma: Check that device is connected prior to access it Leon Romanovsky <leonro(a)mellanox.com> RDMA/ucma: Ensure that CM_ID exists prior to access it Leon Romanovsky <leonro(a)mellanox.com> RDMA/ucma: Fix use-after-free access in ucma_close Leon Romanovsky <leonro(a)mellanox.com> RDMA/ucma: Check AF family prior resolving address Florian Westphal <fw(a)strlen.de> xfrm_user: uncoditionally validate esn replay attribute struct Nick Desaulniers <ndesaulniers(a)google.com> arm64: avoid overflow in VA_START and PAGE_OFFSET Matthias Kaehlcke <mka(a)chromium.org> selinux: Remove redundant check for unknown labeling behavior Matthias Kaehlcke <mka(a)chromium.org> netfilter: ctnetlink: Make some parameters integer to avoid enum mismatch Arnd Bergmann <arnd(a)arndb.de> tty: provide tty_name() even without CONFIG_TTY Richard Guy Briggs <rgb(a)redhat.com> audit: add tty field to LOGIN event Matthias Kaehlcke <mka(a)chromium.org> frv: declare jiffies to be located in the .data section Matthias Kaehlcke <mka(a)chromium.org> jiffies.h: declare jiffies and jiffies_64 with ____cacheline_aligned_in_smp Mark Charlebois <charlebm(a)gmail.com> fs: compat: Remove warning from COMPATIBLE_IOCTL Matthias Kaehlcke <mka(a)chromium.org> selinux: Remove unnecessary check of array base in selinux_set_mapping() Matthias Kaehlcke <mka(a)chromium.org> cpumask: Add helper cpumask_available() Matthias Kaehlcke <mka(a)chromium.org> genirq: Use cpumask_available() for check of cpumask variable Nick Desaulniers <ndesaulniers(a)google.com> netfilter: nf_nat_h323: fix logical-not-parentheses warning Nick Desaulniers <nick.desaulniers(a)gmail.com> Input: mousedev - fix implicit conversion warning Matthias Kaehlcke <mka(a)chromium.org> dm ioctl: remove double parentheses Matthias Kaehlcke <mka(a)chromium.org> PCI: Make PCI_ROM_ADDRESS_MASK a 32-bit constant Kaixu Xia <xiakaixu(a)huawei.com> writeback: fix the wrong congested state variable definition Colin Ian King <colin.king(a)canonical.com> ACPI, PCI, irq: remove redundant check for null string pointer Masami Hiramatsu <mhiramat(a)kernel.org> kprobes/x86: Fix to set RWX bits correctly before releasing trampoline Krzysztof Opasiak <kopasiak90(a)gmail.com> usb: gadget: f_hid: fix: Prevent accessing released memory Felipe F. Tonello <eu(a)felipetonello.com> usb: gadget: align buffer size when allocating for OUT endpoint Felipe F. Tonello <eu(a)felipetonello.com> usb: gadget: fix usb_ep_align_maybe endianness and new usb_ep_align Felipe F. Tonello <eu(a)felipetonello.com> usb: gadget: change len to size_t on alloc_ep_req() Felipe F. Tonello <eu(a)felipetonello.com> usb: gadget: define free_ep_req as universal function Richard Narron <comet.berkeley(a)gmail.com> partitions/msdos: Unable to mount UFS 44bsd partitions Linus Torvalds <torvalds(a)linux-foundation.org> perf/hwbp: Simplify the perf-hwbp code, fix documentation Dan Carpenter <dan.carpenter(a)oracle.com> ALSA: pcm: potential uninitialized return values Stefan Roese <sr(a)denx.de> ALSA: pcm: Use dma_bytes as size parameter in dma_mmap_coherent() Linus Walleij <linus.walleij(a)linaro.org> mtd: jedec_probe: Fix crash in jedec_read_mfr() ------------- Diffstat: .../devicetree/bindings/pinctrl/pinctrl-palmas.txt | 9 +++ Documentation/filesystems/proc.txt | 26 --------- Makefile | 4 +- arch/arm/boot/dts/am335x-pepper.dts | 2 +- arch/arm/boot/dts/am57xx-beagle-x15.dts | 1 + arch/arm/boot/dts/dra7-evm.dts | 2 + arch/arm/boot/dts/omap3-n900.dts | 4 +- arch/arm64/include/asm/memory.h | 6 +- arch/frv/include/asm/timex.h | 6 ++ arch/x86/crypto/cast5_avx_glue.c | 3 +- arch/x86/kernel/kprobes/core.c | 9 +++ block/partitions/msdos.c | 4 +- crypto/ahash.c | 7 ++- drivers/acpi/pci_irq.c | 3 - drivers/block/mtip32xx/mtip32xx.c | 36 ++++-------- drivers/cpufreq/cpufreq.c | 6 -- drivers/infiniband/core/addr.c | 16 ++++++ drivers/infiniband/core/ucma.c | 67 +++++++++++++++------- drivers/input/mousedev.c | 62 +++++++++++--------- drivers/input/serio/i8042-x86ia64io.h | 24 ++++++++ drivers/md/dm-ioctl.c | 4 +- drivers/md/raid10.c | 1 + drivers/media/usb/usbtv/usbtv-core.c | 2 + drivers/misc/mei/main.c | 1 - drivers/mtd/chips/jedec_probe.c | 2 + drivers/net/ethernet/cavium/liquidio/lio_main.c | 2 +- drivers/net/ethernet/hisilicon/hns/hns_dsaf_gmac.c | 2 +- drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.c | 2 +- drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.c | 2 +- drivers/net/ethernet/hisilicon/hns/hns_ethtool.c | 4 +- drivers/parport/parport_pc.c | 4 ++ drivers/pci/pci-driver.c | 2 + drivers/pci/probe.c | 2 +- drivers/pci/setup-res.c | 2 +- drivers/scsi/virtio_scsi.c | 1 + drivers/spi/spi-davinci.c | 2 +- drivers/staging/comedi/drivers/ni_mio_common.c | 2 + drivers/tty/vt/vt.c | 6 +- drivers/usb/dwc2/hcd.c | 7 ++- drivers/usb/gadget/function/f_hid.c | 24 ++++++-- drivers/usb/gadget/function/f_midi.c | 6 -- drivers/usb/gadget/function/f_sourcesink.c | 6 -- drivers/usb/gadget/function/g_zero.h | 1 - drivers/usb/gadget/u_f.c | 6 +- drivers/usb/gadget/u_f.h | 26 ++++++++- drivers/usb/serial/cp210x.c | 1 + drivers/usb/serial/ftdi_sio.c | 2 + drivers/usb/serial/ftdi_sio_ids.h | 9 +++ fs/compat_ioctl.c | 2 +- fs/proc/task_mmu.c | 29 ++++------ fs/proc/task_nommu.c | 28 ++++----- include/linux/audit.h | 24 ++++++++ include/linux/cpumask.h | 10 ++++ include/linux/jiffies.h | 13 ++--- include/linux/llist.h | 21 ++++++- include/linux/netfilter/x_tables.h | 2 + include/linux/nospec.h | 14 ----- include/linux/tty.h | 4 +- include/linux/usb/gadget.h | 17 +++++- include/rdma/ib_addr.h | 2 + include/uapi/linux/pci_regs.h | 2 +- kernel/audit.c | 18 ++---- kernel/auditsc.c | 8 ++- kernel/events/hw_breakpoint.c | 30 +++------- kernel/irq/manage.c | 2 +- kernel/kprobes.c | 2 +- mm/backing-dev.c | 4 +- net/bluetooth/smp.c | 8 ++- net/bridge/netfilter/ebt_among.c | 34 +++++++++++ net/ipv4/netfilter/nf_nat_h323.c | 57 +++++++++--------- net/ipv6/ip6_vti.c | 20 ------- net/netfilter/nf_conntrack_netlink.c | 7 +-- net/netfilter/x_tables.c | 30 ++++++++++ net/netfilter/xt_hashlimit.c | 5 +- net/netfilter/xt_recent.c | 6 +- net/xfrm/xfrm_ipcomp.c | 2 +- net/xfrm/xfrm_state.c | 5 ++ net/xfrm/xfrm_user.c | 21 +++---- security/selinux/hooks.c | 16 ------ security/selinux/ss/services.c | 2 +- sound/core/oss/pcm_oss.c | 4 +- sound/core/pcm_native.c | 2 +- 82 files changed, 522 insertions(+), 357 deletions(-)

7 years, 4 months

6
81
0 0

[PATCH 4.14] xfrm: Use __skb_queue_tail in xfrm_trans_queue

by Alistair Strachan

From: Herbert Xu <herbert(a)gondor.apana.org.au> commit d16b46e4fd8bc6063624605f25b8c0835bb1fbe3 upstream. From: Herbert Xu <herbert(a)gondor.apana.org.au> We do not need locking in xfrm_trans_queue because it is designed to use per-CPU buffers. However, the original code incorrectly used skb_queue_tail which takes the lock. This patch switches it to __skb_queue_tail instead. Fixes the following stack trace seen when testing ipsec: BUG: spinlock bad magic on CPU#1, xfrm_algorithm_/945 lock: 0xffff8fb3dfd1fe78, .magic: 00000000, .owner: <none>/-1, .owner_cpu: 0 CPU: 1 PID: 945 Comm: xfrm_algorithm_ Not tainted 4.14.40-00047-g99a610f9568b #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014 Call Trace: dump_stack+0xa1/0xd0 ? spin_bug+0x99/0xb0 do_raw_spin_lock+0x5c/0x90 _raw_spin_lock_irqsave+0x33/0x60 skb_queue_tail+0x17/0x40 ? xfrm4_rcv+0x40/0x40 xfrm_trans_queue+0x5c/0xa0 ? nf_hook_slow+0x3d/0xb0 xfrm4_transport_finish+0x1a1/0x1d0 ? xfrm4_transport_finish+0x1d0/0x1d0 xfrm_input+0x7f4/0x920 xfrm4_esp_rcv+0x2e/0x60 ip_local_deliver_finish+0x140/0x210 ip_local_deliver+0xc7/0xf0 ? ip_local_deliver+0xf0/0xf0 ip_rcv+0x2f9/0x410 ? ip_rcv+0x410/0x410 __netif_receive_skb_core+0x927/0xa50 netif_receive_skb_internal+0xef/0x190 ? __skb_get_hash_symmetric+0xbc/0x110 netif_receive_skb+0x90/0xc0 tun_get_user+0xd30/0xfc0 tun_chr_write_iter+0x5a/0x80 __vfs_write+0x10c/0x150 vfs_write+0xdf/0x190 SyS_write+0x4c/0xb0 do_syscall_64+0x59/0x70 entry_SYSCALL_64_after_hwframe+0x3d/0xa2 Reported-and-tested-by: Artem Savkov <asavkov(a)redhat.com> Fixes: e095ecaec6d9 ("xfrm: Reinject transport-mode packets...") Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> Signed-off-by: Steffen Klassert <steffen.klassert(a)secunet.com> Cc: stable(a)vger.kernel.org Cc: kernel-team(a)android.com Signed-off-by: Alistair Strachan <astrachan(a)google.com> --- net/xfrm/xfrm_input.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c index 3f6f6f8c9fa5..5b2409746ae0 100644 --- a/net/xfrm/xfrm_input.c +++ b/net/xfrm/xfrm_input.c @@ -518,7 +518,7 @@ int xfrm_trans_queue(struct sk_buff *skb, return -ENOBUFS; XFRM_TRANS_SKB_CB(skb)->finish = finish; - skb_queue_tail(&trans->queue, skb); + __skb_queue_tail(&trans->queue, skb); tasklet_schedule(&trans->tasklet); return 0; } -- 2.17.0.441.gb46fe60e1d-goog

7 years, 4 months

2
1
0 0

[PATCH 4.4 00/97] 4.4.129-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.4.129 release. There are 97 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Tue Apr 24 13:52:47 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.129-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.4.129-rc1 Greg Thelen <gthelen(a)google.com> writeback: safer lock nesting Amir Goldstein <amir73il(a)gmail.com> fanotify: fix logic of events on child wangguang <wang.guang55(a)zte.com.cn> ext4: bugfix for mmaped pages in mpage_release_unused_pages() Matthew Wilcox <mawilcox(a)microsoft.com> mm/filemap.c: fix NULL pointer in page_cache_tree_insert() Michal Hocko <mhocko(a)suse.com> mm: allow GFP_{FS,IO} for page_cache_read page cache allocation Ian Kent <raven(a)themaw.net> autofs: mount point create should honour passed in mode Al Viro <viro(a)zeniv.linux.org.uk> Don't leak MNT_INTERNAL away from internal mounts Al Viro <viro(a)zeniv.linux.org.uk> rpc_pipefs: fix double-dput() Al Viro <viro(a)zeniv.linux.org.uk> hypfs_kill_super(): deal with failed allocations Al Viro <viro(a)zeniv.linux.org.uk> jffs2_kill_sb(): deal with failed allocations Michael Ellerman <mpe(a)ellerman.id.au> powerpc/lib: Fix off-by-one in alternate feature patching Michael Neuling <mikey(a)neuling.org> powerpc/eeh: Fix enabling bridge MMIO windows Matt Redfearn <matt.redfearn(a)mips.com> MIPS: memset.S: Fix clobber of v1 in last_fixup Matt Redfearn <matt.redfearn(a)mips.com> MIPS: memset.S: Fix return of __clear_user from Lpartial_fixup Matt Redfearn <matt.redfearn(a)mips.com> MIPS: memset.S: EVA & fault support for small_memset Matt Redfearn <matt.redfearn(a)mips.com> MIPS: uaccess: Add micromips clobbers to bzero invocation Rodrigo Rivas Costa <rodrigorivascosta(a)gmail.com> HID: hidraw: Fix crash on HIDIOCGFEATURE with a destroyed device David Wang <davidwang(a)zhaoxin.com> ALSA: hda - New VIA controller suppor no-snoop path Takashi Iwai <tiwai(a)suse.de> ALSA: rawmidi: Fix missing input substream checks in compat ioctls Fabián Inostroza <soulsonceonfire(a)gmail.com> ALSA: line6: Use correct endpoint type for midi output Theodore Ts'o <tytso(a)mit.edu> ext4: fix deadlock between inline_data and ext4_expand_extra_isize_ea() Jan Kara <jack(a)suse.cz> ext4: fix crashes in dioread_nolock mode Paul Parsons <lost.distance(a)yahoo.com> drm/radeon: Fix PCIe lane width calculation Theodore Ts'o <tytso(a)mit.edu> ext4: don't allow r/w mounts if metadata blocks overlap the superblock Alex Williamson <alex.williamson(a)redhat.com> vfio/pci: Virtualize Maximum Read Request Size Alex Williamson <alex.williamson(a)redhat.com> vfio/pci: Virtualize Maximum Payload Size Alex Williamson <alex.williamson(a)redhat.com> vfio-pci: Virtualize PCIe & AF FLR Takashi Iwai <tiwai(a)suse.de> ALSA: pcm: Fix endless loop for XRUN recovery in OSS emulation Takashi Iwai <tiwai(a)suse.de> ALSA: pcm: Fix mutex unbalance in OSS emulation ioctls Takashi Iwai <tiwai(a)suse.de> ALSA: pcm: Return -EBUSY for OSS ioctls changing busy streams Takashi Iwai <tiwai(a)suse.de> ALSA: pcm: Avoid potential races between OSS ioctls and read/write Takashi Iwai <tiwai(a)suse.de> ALSA: pcm: Use ERESTARTSYS instead of EINTR in OSS emulation Nicholas Mc Guire <hofrat(a)osadl.org> ALSA: oss: consolidate kmalloc/memset 0 call to kzalloc Igor Pylypiv <igor.pylypiv(a)gmail.com> watchdog: f71808e_wdt: Fix WD_EN register read Mikhail Lappo <mikhail.lappo(a)esrlabs.com> thermal: imx: Fix race condition in imx_thermal_probe() Boris Brezillon <boris.brezillon(a)bootlin.com> clk: bcm2835: De-assert/assert PLL reset signal when appropriate Richard Genoud <richard.genoud(a)gmail.com> clk: mvebu: armada-38x: add support for missing clocks Ralph Sennhauser <ralph.sennhauser(a)gmail.com> clk: mvebu: armada-38x: add support for 1866MHz variants Alex Smith <alex.smith(a)imgtec.com> mmc: jz4740: Fix race condition in IRQ mask update Lu Baolu <baolu.lu(a)linux.intel.com> iommu/vt-d: Fix a potential memory leak Krzysztof Mazur <krzysiek(a)podlesie.net> um: Use POSIX ucontext_t instead of struct ucontext Maxime Jayat <maxime.jayat(a)mobile-devices.fr> dmaengine: at_xdmac: fix rare residue corruption Bart Van Assche <bart.vanassche(a)wdc.com> IB/srp: Fix completion vector assignment algorithm Bart Van Assche <bart.vanassche(a)wdc.com> IB/srp: Fix srp_abort() Takashi Iwai <tiwai(a)suse.de> ALSA: pcm: Fix UAF at PCM release via PCM timer access Roland Dreier <roland(a)purestorage.com> RDMA/ucma: Don't allow setting RDMA_OPTION_IB_PATH without an RDMA device Theodore Ts'o <tytso(a)mit.edu> ext4: fail ext4_iget for root directory if unallocated Theodore Ts'o <tytso(a)mit.edu> ext4: add validity checks for bitmap block numbers Theodore Ts'o <tytso(a)mit.edu> ext4: don't update checksum of new initialized bitmaps Theodore Ts'o <tytso(a)mit.edu> jbd2: if the journal is aborted then don't allow update of the log tail Theodore Ts'o <tytso(a)mit.edu> random: use a tighter cap in credit_entropy_bits_safe() Mika Westerberg <mika.westerberg(a)linux.intel.com> thunderbolt: Resume control channel after hibernation image is created James Kelly <jamespeterkelly(a)gmail.com> ASoC: ssm2602: Replace reg_default_raw with reg_default Aaron Ma <aaron.ma(a)canonical.com> HID: core: Fix size as type u32 Aaron Ma <aaron.ma(a)canonical.com> HID: Fix hid_report_len usage Nicholas Piggin <npiggin(a)gmail.com> powerpc/powernv: Fix OPAL NVRAM driver OPAL_BUSY loops Nicholas Piggin <npiggin(a)gmail.com> powerpc/64: Fix smp_wmb barrier definition use use lwsync consistently Nicholas Piggin <npiggin(a)gmail.com> powerpc/powernv: Handle unknown OPAL errors in opal_nvram_write() Aaron Ma <aaron.ma(a)canonical.com> HID: i2c-hid: fix size check and type usage Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: pci: Properly cleanup resource Zhengjun Xing <zhengjun.xing(a)linux.intel.com> USB:fix USB3 devices behind USB3 hubs not resuming at hibernate thaw Mika Westerberg <mika.westerberg(a)linux.intel.com> ACPI / hotplug / PCI: Check presence of slot itself in get_slot_status() Hans de Goede <hdegoede(a)redhat.com> ACPI / video: Add quirk to force acpi-video backlight on Samsung 670Z5E Dan Carpenter <dan.carpenter(a)oracle.com> regmap: Fix reversed bounds check in regmap_raw_write() Jason Andryuk <jandryuk(a)gmail.com> xen-netfront: Fix hang on device removal Santiago Esteban <Santiago.Esteban(a)microchip.com> ARM: dts: at91: sama5d4: fix pinctrl compatible string Nicolas Ferre <nicolas.ferre(a)microchip.com> ARM: dts: at91: at91sam9g25: fix mux-mask pinctrl property Heinrich Schuchardt <xypron.glpk(a)gmx.de> usb: musb: gadget: misplaced out of bounds check Vlastimil Babka <vbabka(a)suse.cz> mm, slab: reschedule cache_reap() on the same CPU Eric Biggers <ebiggers(a)google.com> ipc/shm: fix use-after-free of shm file via remap_file_pages() Takashi Iwai <tiwai(a)suse.de> resource: fix integer overflow at reallocation Andrew Morton <akpm(a)linux-foundation.org> fs/reiserfs/journal.c: add missing resierfs_warning() arg Richard Weinberger <richard(a)nod.at> ubi: Reject MLC NAND Romain Izard <romain.izard.pro(a)gmail.com> ubi: Fix error for write access Richard Weinberger <richard(a)nod.at> ubi: fastmap: Don't flush fastmap work on detach Richard Weinberger <richard(a)nod.at> ubifs: Check ubifs_wbuf_sync() return code Tejun Heo <tj(a)kernel.org> tty: make n_tty_read() always abort if hangup is in progress Ville Syrjälä <ville.syrjala(a)linux.intel.com> x86/hweight: Don't clobber %rdi Borislav Petkov <bp(a)suse.de> x86/hweight: Get rid of the special calling convention Phil Elwell <phil(a)raspberrypi.org> lan78xx: Correctly indicate invalid OTP Tejaswi Tanikella <tejaswit(a)codeaurora.org> slip: Check if rstate is initialized before uncompressing Bassem Boubaker <bassem.boubaker(a)actia.fr> cdc_ether: flag the Cinterion AHS8 modem by gemalto as WWAN Marek Szyprowski <m.szyprowski(a)samsung.com> hwmon: (ina2xx) Fix access to uninitialized mutex Sudhir Sreedharan <ssreedharan(a)mvista.com> rtl8187: Fix NULL pointer dereference in priv->conf_mutex Al Viro <viro(a)zeniv.linux.org.uk> getname_kernel() needs to make sure that ->name != ->iname in long case Vasily Gorbik <gor(a)linux.ibm.com> s390/ipl: ensure loadparm valid flag is set Julian Wiedmann <jwi(a)linux.vnet.ibm.com> s390/qdio: don't merge ERROR output buffers Julian Wiedmann <jwi(a)linux.vnet.ibm.com> s390/qdio: don't retry EQBS after CCQ 96 Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> block/loop: fix deadlock after loop_set_status Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "perf tests: Decompress kernel module before objdump" Arnd Bergmann <arnd(a)arndb.de> radeon: hide pointless #warning when compile testing Adrian Hunter <adrian.hunter(a)intel.com> perf intel-pt: Fix timestamp following overflow Adrian Hunter <adrian.hunter(a)intel.com> perf intel-pt: Fix error recovery from missing TIP packet Adrian Hunter <adrian.hunter(a)intel.com> perf intel-pt: Fix sync_switch Adrian Hunter <adrian.hunter(a)intel.com> perf intel-pt: Fix overlap detection to identify consecutive buffers correctly Helge Deller <deller(a)gmx.de> parisc: Fix out of array access in match_pci_device() Mauro Carvalho Chehab <mchehab(a)s-opensource.com> media: v4l2-compat-ioctl32: don't oops on overlay ------------- Diffstat: Makefile | 4 +- arch/arm/boot/dts/at91sam9g25.dtsi | 2 +- arch/arm/boot/dts/sama5d4.dtsi | 2 +- arch/mips/include/asm/uaccess.h | 11 +- arch/mips/lib/memset.S | 11 +- arch/parisc/kernel/drivers.c | 4 + arch/powerpc/include/asm/barrier.h | 3 +- arch/powerpc/include/asm/synch.h | 4 - arch/powerpc/kernel/eeh_pe.c | 3 +- arch/powerpc/lib/feature-fixups.c | 2 +- arch/powerpc/platforms/powernv/opal-nvram.c | 11 +- arch/s390/hypfs/inode.c | 2 +- arch/s390/kernel/ipl.c | 1 + arch/um/os-Linux/signal.c | 2 +- arch/x86/Kconfig | 5 - arch/x86/include/asm/arch_hweight.h | 24 ++- arch/x86/kernel/i386_ksyms_32.c | 2 + arch/x86/kernel/x8664_ksyms_64.c | 3 + arch/x86/lib/Makefile | 2 +- arch/x86/lib/hweight.S | 79 +++++++++ arch/x86/um/stub_segv.c | 2 +- drivers/acpi/video_detect.c | 9 + drivers/base/regmap/regmap.c | 2 +- drivers/block/loop.c | 12 +- drivers/char/random.c | 2 +- drivers/clk/bcm/clk-bcm2835.c | 8 +- drivers/clk/mvebu/armada-38x.c | 15 +- drivers/dma/at_xdmac.c | 4 +- drivers/gpu/drm/radeon/radeon_object.c | 3 +- drivers/gpu/drm/radeon/si_dpm.c | 4 +- drivers/hid/hid-core.c | 10 +- drivers/hid/hid-input.c | 3 +- drivers/hid/hid-multitouch.c | 5 +- drivers/hid/hid-rmi.c | 4 +- drivers/hid/hidraw.c | 5 + drivers/hid/i2c-hid/i2c-hid.c | 13 +- drivers/hwmon/ina2xx.c | 3 +- drivers/infiniband/core/ucma.c | 3 + drivers/infiniband/ulp/srp/ib_srp.c | 18 +- drivers/iommu/intel-svm.c | 1 + drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 4 +- drivers/mmc/host/jz4740_mmc.c | 2 +- drivers/mtd/ubi/block.c | 2 +- drivers/mtd/ubi/build.c | 11 ++ drivers/mtd/ubi/fastmap-wl.c | 1 - drivers/net/slip/slhc.c | 5 + drivers/net/usb/cdc_ether.c | 6 + drivers/net/usb/lan78xx.c | 3 +- drivers/net/wireless/realtek/rtl818x/rtl8187/dev.c | 2 +- drivers/net/xen-netfront.c | 7 +- drivers/pci/hotplug/acpiphp_glue.c | 23 ++- drivers/s390/cio/qdio_main.c | 42 ++--- drivers/thermal/imx_thermal.c | 6 +- drivers/thunderbolt/nhi.c | 1 + drivers/tty/n_tty.c | 6 + drivers/tty/tty_io.c | 9 + drivers/usb/core/generic.c | 9 +- drivers/usb/dwc3/dwc3-pci.c | 2 +- drivers/usb/musb/musb_gadget_ep0.c | 14 +- drivers/vfio/pci/vfio_pci_config.c | 107 +++++++++++- drivers/watchdog/f71808e_wdt.c | 2 +- fs/autofs4/root.c | 2 +- fs/ext4/balloc.c | 19 ++- fs/ext4/ialloc.c | 54 ++---- fs/ext4/inline.c | 66 ++++--- fs/ext4/inode.c | 48 +++--- fs/ext4/super.c | 6 + fs/ext4/xattr.c | 30 ++-- fs/ext4/xattr.h | 32 ++++ fs/fs-writeback.c | 7 +- fs/jbd2/journal.c | 5 +- fs/jffs2/super.c | 2 +- fs/namei.c | 3 +- fs/namespace.c | 3 +- fs/notify/fanotify/fanotify.c | 34 ++-- fs/reiserfs/journal.c | 2 +- fs/ubifs/super.c | 14 +- include/linux/backing-dev-defs.h | 5 + include/linux/backing-dev.h | 31 ++-- include/linux/hid.h | 6 +- include/linux/mm.h | 4 + include/linux/tty.h | 1 + include/net/slhc_vj.h | 1 + include/sound/pcm_oss.h | 1 + ipc/shm.c | 23 ++- kernel/resource.c | 3 +- lib/Makefile | 2 - lib/hweight.c | 4 + mm/filemap.c | 16 +- mm/memory.c | 17 ++ mm/page-writeback.c | 18 +- mm/slab.c | 3 +- net/sunrpc/rpc_pipe.c | 1 + sound/core/oss/pcm_oss.c | 189 ++++++++++++++++----- sound/core/pcm.c | 8 +- sound/core/rawmidi_compat.c | 18 +- sound/pci/hda/hda_intel.c | 3 +- sound/soc/codecs/ssm2602.c | 19 ++- sound/usb/line6/midi.c | 2 +- tools/perf/tests/code-reading.c | 20 +-- .../perf/util/intel-pt-decoder/intel-pt-decoder.c | 64 ++++--- .../perf/util/intel-pt-decoder/intel-pt-decoder.h | 2 +- tools/perf/util/intel-pt.c | 37 +++- 103 files changed, 943 insertions(+), 449 deletions(-)

7 years, 4 months

8
103
0 0

[PATCH] sched/rt: fix call to cpufreq_update_util

by Vincent Guittot

With commit 8f111bc357aa ("cpufreq/schedutil: Rewrite CPUFREQ_RT support") schedutil governor uses rq->rt.rt_nr_running to detect whether a RT task is currently running on the CPU and to set frequency to max if necessary. cpufreq_update_util() is called in enqueue/dequeue_top_rt_rq() but rq->rt.rt_nr_running as not been updated yet when dequeue_top_rt_rq() is called so schedutil still considers that a RT task is running when the last task is dequeued. The update of rq->rt.rt_nr_running happens later in dequeue_rt_stack() Fixes: 8f111bc357aa ('cpufreq/schedutil: Rewrite CPUFREQ_RT support') Cc: <stable(a)vger.kernel.org> # v4.16+ Signed-off-by: Vincent Guittot <vincent.guittot(a)linaro.org> --- kernel/sched/rt.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/kernel/sched/rt.c b/kernel/sched/rt.c index 7aef6b4..6e74d3d 100644 --- a/kernel/sched/rt.c +++ b/kernel/sched/rt.c @@ -1001,8 +1001,6 @@ dequeue_top_rt_rq(struct rt_rq *rt_rq) sub_nr_running(rq, rt_rq->rt_nr_running); rt_rq->rt_queued = 0; - /* Kick cpufreq (see the comment in kernel/sched/sched.h). */ - cpufreq_update_util(rq, 0); } static void @@ -1288,6 +1286,9 @@ static void dequeue_rt_stack(struct sched_rt_entity *rt_se, unsigned int flags) if (on_rt_rq(rt_se)) __dequeue_rt_entity(rt_se, flags); } + + /* Kick cpufreq (see the comment in kernel/sched/sched.h). */ + cpufreq_update_util(rq_of_rt_rq(rt_rq_of_se(back)), 0); } static void enqueue_rt_entity(struct sched_rt_entity *rt_se, unsigned int flags) -- 2.7.4

7 years, 4 months

2
2
0 0

[PATCH v3 1/3] x86/mm: disable ioremap free page handling on x86-PAE

by Toshi Kani

ioremap() supports pmd mappings on x86-PAE. However, kernel's pmd tables are not shared among processes on x86-PAE. Therefore, any update to sync'd pmd entries need re-syncing. Freeing a pte page also leads to a vmalloc fault and hits the BUG_ON in vmalloc_sync_one(). Disable free page handling on x86-PAE. pud_free_pmd_page() and pmd_free_pte_page() simply return 0 if a given pud/pmd entry is present. This assures that ioremap() does not update sync'd pmd entries at the cost of falling back to pte mappings. Fixes: 28ee90fe6048 ("x86/mm: implement free pmd/pte page interfaces") Reported-by: Joerg Roedel <joro(a)8bytes.org> Signed-off-by: Toshi Kani <toshi.kani(a)hpe.com> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: Joerg Roedel <joro(a)8bytes.org> Cc: <stable(a)vger.kernel.org> --- arch/x86/mm/pgtable.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c index ffc8c13c50e4..3f7180bc5f52 100644 --- a/arch/x86/mm/pgtable.c +++ b/arch/x86/mm/pgtable.c @@ -715,6 +715,7 @@ int pmd_clear_huge(pmd_t *pmd) return 0; } +#ifdef CONFIG_X86_64 /** * pud_free_pmd_page - Clear pud entry and free pmd page. * @pud: Pointer to a PUD. @@ -762,4 +763,22 @@ int pmd_free_pte_page(pmd_t *pmd) return 1; } + +#else /* !CONFIG_X86_64 */ + +int pud_free_pmd_page(pud_t *pud) +{ + return pud_none(*pud); +} + +/* + * Disable free page handling on x86-PAE. This assures that ioremap() + * does not update sync'd pmd entries. See vmalloc_sync_one(). + */ +int pmd_free_pte_page(pmd_t *pmd) +{ + return pmd_none(*pmd); +} + +#endif /* CONFIG_X86_64 */ #endif /* CONFIG_HAVE_ARCH_HUGE_VMAP */

7 years, 4 months

1
0
0 0

[PATCH] media: gl861: fix probe of dvb_usb_gl861

by mika.batsman＠gmail.com

From: Mika Båtsman <mika.batsman(a)gmail.com> Probe of dvb_usb_gl861 was working at least with v4.4. Noticed the issue with v4.13 but according to similar issues the problem started with v4.9. [ 15.288065] transfer buffer not dma capable [ 15.288090] WARNING: CPU: 2 PID: 493 at drivers/usb/core/hcd.c:1595 usb_hcd_map_urb_for_dma+0x4e2/0x640 ...CUT... [ 15.288791] dvb_usb_gl861: probe of 3-7:1.0 failed with error -5 Tested with MSI Mega Sky 580 DVB-T Tuner [GL861] Cc: stable(a)vger.kernel.org Signed-off-by: Mika Båtsman <mika.batsman(a)gmail.com> --- drivers/media/usb/dvb-usb-v2/gl861.c | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/drivers/media/usb/dvb-usb-v2/gl861.c b/drivers/media/usb/dvb-usb-v2/gl861.c index b1b09c5..0a988e3 100644 --- a/drivers/media/usb/dvb-usb-v2/gl861.c +++ b/drivers/media/usb/dvb-usb-v2/gl861.c @@ -20,15 +20,22 @@ static int gl861_i2c_msg(struct dvb_usb_device *d, u8 addr, u16 value = addr << (8 + 1); int wo = (rbuf == NULL || rlen == 0); /* write-only */ u8 req, type; + int ret; + void *dmadata; if (wo) { req = GL861_REQ_I2C_WRITE; type = GL861_WRITE; + dmadata = kmemdup(wbuf, wlen, GFP_KERNEL); } else { /* rw */ req = GL861_REQ_I2C_READ; type = GL861_READ; + dmadata = kmalloc(rlen, GFP_KERNEL); } + if (!dmadata) + return -ENOMEM; + switch (wlen) { case 1: index = wbuf[0]; @@ -45,8 +52,14 @@ static int gl861_i2c_msg(struct dvb_usb_device *d, u8 addr, msleep(1); /* avoid I2C errors */ - return usb_control_msg(d->udev, usb_rcvctrlpipe(d->udev, 0), req, type, - value, index, rbuf, rlen, 2000); + ret = usb_control_msg(d->udev, usb_rcvctrlpipe(d->udev, 0), req, type, + value, index, dmadata, rlen, 2000); + + if (!wo) + memcpy(rbuf, dmadata, rlen); + + kfree(dmadata); + return ret; } /* I2C */ -- 2.7.4

7 years, 4 months

1
0
0 0

[PATCH] media: gl861: fix probe of dvb_usb_gl861

by mika.batsman＠gmail.com

From: Mika Båtsman <mika.batsman(a)gmail.com> Probe of dvb_usb_gl861 was working at least with v4.4. Noticed the issue with v4.13 but according to similar issues the problem started with v4.9. [ 15.288065] transfer buffer not dma capable [ 15.288090] WARNING: CPU: 2 PID: 493 at drivers/usb/core/hcd.c:1595 usb_hcd_map_urb_for_dma+0x4e2/0x640 ...CUT... [ 15.288791] dvb_usb_gl861: probe of 3-7:1.0 failed with error -5 Tested with MSI Mega Sky 580 DVB-T Tuner [GL861] Cc: stable(a)vger.kernel.org Signed-off-by: Mika Båtsman <mika.batsman(a)gmail.com> --- drivers/media/usb/dvb-usb-v2/gl861.c | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/drivers/media/usb/dvb-usb-v2/gl861.c b/drivers/media/usb/dvb-usb-v2/gl861.c index b1b09c5..0a988e3 100644 --- a/drivers/media/usb/dvb-usb-v2/gl861.c +++ b/drivers/media/usb/dvb-usb-v2/gl861.c @@ -20,15 +20,22 @@ static int gl861_i2c_msg(struct dvb_usb_device *d, u8 addr, u16 value = addr << (8 + 1); int wo = (rbuf == NULL || rlen == 0); /* write-only */ u8 req, type; + int ret; + void *dmadata; if (wo) { req = GL861_REQ_I2C_WRITE; type = GL861_WRITE; + dmadata = kmemdup(wbuf, wlen, GFP_KERNEL); } else { /* rw */ req = GL861_REQ_I2C_READ; type = GL861_READ; + dmadata = kmalloc(rlen, GFP_KERNEL); } + if (!dmadata) + return -ENOMEM; + switch (wlen) { case 1: index = wbuf[0]; @@ -45,8 +52,14 @@ static int gl861_i2c_msg(struct dvb_usb_device *d, u8 addr, msleep(1); /* avoid I2C errors */ - return usb_control_msg(d->udev, usb_rcvctrlpipe(d->udev, 0), req, type, - value, index, rbuf, rlen, 2000); + ret = usb_control_msg(d->udev, usb_rcvctrlpipe(d->udev, 0), req, type, + value, index, dmadata, rlen, 2000); + + if (!wo) + memcpy(rbuf, dmadata, rlen); + + kfree(dmadata); + return ret; } /* I2C */ -- 2.7.4

7 years, 4 months

1
0
0 0

[PATCH] ubi: fastmap: Cancel work upon detach

by Richard Weinberger

Ben Hutchings pointed out that 29b7a6fa1ec0 ("ubi: fastmap: Don't flush fastmap work on detach") does not really fix the problem, it just reduces the risk to hit the race window where fastmap work races against free()'ing ubi->volumes[]. The correct approach is making sure that no more fastmap work is in progress before we free ubi data structures. So we cancel fastmap work right after the ubi background thread is stopped. By setting ubi->thread_enabled to zero we make sure that no further work tries to wake the thread. Fixes: 29b7a6fa1ec0 ("ubi: fastmap: Don't flush fastmap work on detach") Fixes: 74cdaf24004a ("UBI: Fastmap: Fix memory leaks while closing the WL sub-system") Cc: stable(a)vger.kernel.org Cc: Ben Hutchings <ben.hutchings(a)codethink.co.uk> Cc: Martin Townsend <mtownsend1973(a)gmail.com> Signed-off-by: Richard Weinberger <richard(a)nod.at> --- drivers/mtd/ubi/build.c | 3 +++ drivers/mtd/ubi/wl.c | 4 +--- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/drivers/mtd/ubi/build.c b/drivers/mtd/ubi/build.c index 6326a02e4568..0cf3356424cd 100644 --- a/drivers/mtd/ubi/build.c +++ b/drivers/mtd/ubi/build.c @@ -1100,6 +1100,9 @@ int ubi_detach_mtd_dev(int ubi_num, int anyway) if (ubi->bgt_thread) kthread_stop(ubi->bgt_thread); +#ifdef CONFIG_MTD_UBI_FASTMAP + cancel_work_sync(&ubi->fm_work); +#endif ubi_debugfs_exit_dev(ubi); uif_close(ubi); diff --git a/drivers/mtd/ubi/wl.c b/drivers/mtd/ubi/wl.c index 3cc302924899..6bbb968fe9da 100644 --- a/drivers/mtd/ubi/wl.c +++ b/drivers/mtd/ubi/wl.c @@ -1505,6 +1505,7 @@ int ubi_thread(void *u) } dbg_wl("background thread \"%s\" is killed", ubi->bgt_name); + ubi->thread_enabled = 0; return 0; } @@ -1514,9 +1515,6 @@ int ubi_thread(void *u) */ static void shutdown_work(struct ubi_device *ubi) { -#ifdef CONFIG_MTD_UBI_FASTMAP - flush_work(&ubi->fm_work); -#endif while (!list_empty(&ubi->works)) { struct ubi_work *wrk; -- 2.13.6

7 years, 4 months

1
0
0 0

[PATCH 4/7] nbd: use bd_set_size when updating disk size

by Josef Bacik

From: Josef Bacik <jbacik(a)fb.com> When we stopped relying on the bdev everywhere I broke updating the block device size on the fly, which ceph relies on. We can't just do set_capacity, we also have to do bd_set_size so things like parted will notice the device size change. Fixes: 29eaadc ("nbd: stop using the bdev everywhere") cc: stable(a)vger.kernel.org Signed-off-by: Josef Bacik <jbacik(a)fb.com> --- drivers/block/nbd.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/drivers/block/nbd.c b/drivers/block/nbd.c index b709abf3cb79..64278f472efe 100644 --- a/drivers/block/nbd.c +++ b/drivers/block/nbd.c @@ -234,9 +234,18 @@ static void nbd_size_clear(struct nbd_device *nbd) static void nbd_size_update(struct nbd_device *nbd) { struct nbd_config *config = nbd->config; + struct block_device *bdev = bdget_disk(nbd->disk, 0); + blk_queue_logical_block_size(nbd->disk->queue, config->blksize); blk_queue_physical_block_size(nbd->disk->queue, config->blksize); set_capacity(nbd->disk, config->bytesize >> 9); + if (bdev) { + if (bdev->bd_disk) + bd_set_size(bdev, config->bytesize); + else + bdev->bd_invalidated = 1; + bdput(bdev); + } kobject_uevent(&nbd_to_dev(nbd)->kobj, KOBJ_CHANGE); } @@ -1114,7 +1123,6 @@ static int nbd_start_device_ioctl(struct nbd_device *nbd, struct block_device *b if (ret) return ret; - bd_set_size(bdev, config->bytesize); if (max_part) bdev->bd_invalidated = 1; mutex_unlock(&nbd->config_lock); -- 2.14.3

7 years, 4 months

1
0
0 0

[PATCH 3/7] nbd: update size when connected

by Josef Bacik

From: Josef Bacik <jbacik(a)fb.com> I messed up changing the size of an NBD device while it was connected by not actually updating the device or doing the uevent. Fix this by updating everything if we're connected and we change the size. cc: stable(a)vger.kernel.org Fixes: 639812a ("nbd: don't set the device size until we're connected") Signed-off-by: Josef Bacik <jbacik(a)fb.com> --- drivers/block/nbd.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/block/nbd.c b/drivers/block/nbd.c index 9710a0c338b0..b709abf3cb79 100644 --- a/drivers/block/nbd.c +++ b/drivers/block/nbd.c @@ -246,6 +246,8 @@ static void nbd_size_set(struct nbd_device *nbd, loff_t blocksize, struct nbd_config *config = nbd->config; config->blksize = blocksize; config->bytesize = blocksize * nr_blocks; + if (nbd->task_recv != NULL) + nbd_size_update(nbd); } static void nbd_complete_rq(struct request *req) -- 2.14.3

7 years, 4 months

1
0
0 0

[PATCH 2/7] nbd: fix nbd device deletion

by Josef Bacik

From: Josef Bacik <jbacik(a)fb.com> This fixes a use after free bug, we shouldn't be doing disk->queue right after we do del_gendisk(disk). Save the queue and do the cleanup after the del_gendisk. Fixes: c6a4759ea0c9 ("nbd: add device refcounting") cc: stable(a)vger.kernel.org Signed-off-by: Josef Bacik <jbacik(a)fb.com> --- drivers/block/nbd.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/block/nbd.c b/drivers/block/nbd.c index afbc202ca6fd..9710a0c338b0 100644 --- a/drivers/block/nbd.c +++ b/drivers/block/nbd.c @@ -173,9 +173,12 @@ static const struct device_attribute pid_attr = { static void nbd_dev_remove(struct nbd_device *nbd) { struct gendisk *disk = nbd->disk; + struct request_queue *q; + if (disk) { + q = disk->queue; del_gendisk(disk); - blk_cleanup_queue(disk->queue); + blk_cleanup_queue(q); blk_mq_free_tag_set(&nbd->tag_set); disk->private_data = NULL; put_disk(disk); -- 2.14.3

7 years, 4 months

1
0
0 0

Linux 4.16.9

by Greg KH

I'm announcing the release of the 4.16.9 kernel. All users of the 4.16 kernel series must upgrade. The updated 4.16.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.16.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/boot/dts/imx35.dtsi | 4 arch/arm/boot/dts/imx53.dtsi | 4 arch/x86/events/core.c | 8 + arch/x86/events/intel/cstate.c | 2 arch/x86/events/msr.c | 9 + crypto/af_alg.c | 8 - drivers/ata/libata-core.c | 3 drivers/atm/zatm.c | 3 drivers/bluetooth/btusb.c | 19 +++ drivers/clk/ti/clock.h | 9 + drivers/gpio/gpio-aspeed.c | 2 drivers/gpio/gpiolib.c | 7 - drivers/gpu/drm/drm_atomic.c | 8 + drivers/gpu/drm/i915/intel_cdclk.c | 41 +++++++- drivers/gpu/drm/i915/intel_dp.c | 20 ---- drivers/gpu/drm/i915/intel_lvds.c | 3 drivers/gpu/drm/nouveau/nouveau_bo.c | 1 drivers/gpu/drm/nouveau/nouveau_bo.h | 2 drivers/gpu/drm/nouveau/nouveau_ttm.c | 6 - drivers/gpu/drm/nouveau/nv50_display.c | 7 - drivers/gpu/drm/ttm/ttm_page_alloc.c | 11 +- drivers/gpu/drm/ttm/ttm_page_alloc_dma.c | 3 drivers/gpu/drm/vc4/vc4_plane.c | 2 drivers/i2c/i2c-dev.c | 2 drivers/md/dm-integrity.c | 2 drivers/mtd/nand/marvell_nand.c | 12 +- drivers/net/can/flexcan.c | 26 ++--- drivers/net/can/spi/hi311x.c | 11 +- drivers/net/can/usb/kvaser_usb.c | 2 drivers/nvme/host/core.c | 3 drivers/nvme/host/nvme.h | 5 + drivers/nvme/host/pci.c | 12 ++ drivers/pci/pci.c | 37 +++++-- drivers/thermal/samsung/exynos_tmu.c | 14 ++ fs/ceph/file.c | 10 +- fs/cifs/cifsfs.c | 13 ++ fs/fs-writeback.c | 2 include/linux/bpf.h | 4 include/linux/oom.h | 2 include/linux/wait_bit.h | 17 +++ include/net/inet_timewait_sock.h | 1 include/net/nexthop.h | 2 kernel/bpf/core.c | 45 +++++---- kernel/compat.c | 1 kernel/events/callchain.c | 10 -- kernel/events/ring_buffer.c | 7 + kernel/sched/autogroup.c | 7 + kernel/sched/core.c | 7 + kernel/sched/cpufreq_schedutil.c | 3 kernel/trace/bpf_trace.c | 25 ++++- kernel/trace/trace_events_filter.c | 3 kernel/trace/trace_uprobe.c | 2 lib/swiotlb.c | 2 mm/backing-dev.c | 3 mm/memcontrol.c | 3 mm/mmap.c | 44 +++++--- mm/oom_kill.c | 81 ++++++++-------- mm/sparse.c | 2 mm/z3fold.c | 42 ++++++-- net/atm/lec.c | 9 + net/bridge/netfilter/ebtables.c | 11 +- net/core/dev_addr_lists.c | 4 net/core/skbuff.c | 1 net/dccp/ipv4.c | 1 net/dccp/ipv6.c | 1 net/ipv4/inet_timewait_sock.c | 1 net/ipv4/inetpeer.c | 1 net/ipv4/route.c | 11 +- net/ipv4/tcp.c | 2 net/kcm/kcmsock.c | 1 net/netfilter/ipvs/ip_vs_ctl.c | 8 - net/netfilter/ipvs/ip_vs_sync.c | 155 ++++++++++++++++--------------- net/netlink/af_netlink.c | 2 net/rds/tcp.c | 17 +-- net/rfkill/rfkill-gpio.c | 7 + 76 files changed, 557 insertions(+), 323 deletions(-) Alexander Popov (1): i2c: dev: prevent ZERO_SIZE_PTR deref in i2cdev_ioctl_rdwr() Ben Skeggs (1): drm/nouveau/ttm: don't dereference nvbo::cli, it can outlive client Boris Brezillon (1): drm/vc4: Fix scaling of uni-planar formats Charles Machalow (1): nvme: Fix sync controller reset return Chris Packham (1): mtd: rawnand: marvell: pass ms delay to wait_op David Rientjes (1): mm, oom: fix concurrent munlock and oom reaper unmap, v3 Eric Dumazet (10): crypto: af_alg - fix possible uninit-value in alg_bind() netlink: fix uninit-value in netlink_sendmsg net: fix rtnh_ok() net: initialize skb->peeked when cloning net: fix uninit-value in __hw_addr_add_ex() dccp: initialize ireq->ir_mark ipv4: fix uninit-value in ip_route_output_key_hash_rcu() soreuseport: initialise timewait reuseport field inetpeer: fix uninit-value in inet_getpeer tcp: fix TCP_REPAIR_QUEUE bound checking Florent Flament (1): drm/i915: Fix drm:intel_enable_lvds ERROR message in kernel log Florian Westphal (1): netfilter: ebtables: don't attempt to allocate 0-sized compat array Govert Overgaauw (1): gpio: fix aspeed_gpio unmask irq Greg Kroah-Hartman (1): Linux 4.16.9 Gustavo A. R. Silva (2): net: atm: Fix potential Spectre v1 atm: zatm: Fix potential Spectre v1 Hans de Goede (4): libata: Apply NOLPM quirk for SanDisk SD7UB3Q*G1001 SSDs Revert "Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174" Bluetooth: btusb: Add Dell XPS 13 9360 to btusb_needs_reset_resume_table Bluetooth: btusb: Only check needs_reset_resume DMI table for QCA rome chipsets Ilya Dryomov (1): ceph: fix rsize/wsize capping in ceph_direct_read_write() Jan Kara (1): bdi: Fix oops in wb_workfn() Jann Horn (1): compat: fix 4-byte infoleak via uninitialized struct field Jean Delvare (1): swiotlb: silent unwanted warning "buffer is full" Jens Axboe (1): nvme: add quirk to force medium priority for SQ creation Jimmy Assarsson (1): can: kvaser_usb: Increase correct stats counter in kvaser_usb_rx_can_msg() Jiri Olsa (1): perf: Remove superfluous allocation error check Johan Hovold (1): rfkill: gpio: fix memory leak in probe error path Julian Anastasov (1): ipvs: fix rtnl_lock lockups caused by start_sync_thread Kai Heng Feng (1): PCI / PM: Always check PME wakeup capability for runtime wakeup support Lukas Wunner (2): can: hi311x: Acquire SPI lock on ->do_get_berr_counter can: hi311x: Work around TX complete interrupt erratum Lyude Paul (1): drm/nouveau: Fix deadlock in nv50_mstm_register_connector() Marek Szyprowski (2): thermal: exynos: Reading temperature makes sense only when TMU is turned on thermal: exynos: Propagate error value from tmu_read() Masami Hiramatsu (1): tracing/uprobe_event: Fix strncpy corner case Michal Hocko (1): memcg: fix per_node_info cleanup Michel Dänzer (1): drm/ttm: Use GFP_TRANSHUGE_LIGHT for allocating huge pages Mikulas Patocka (1): dm integrity: use kvfree for kvmalloc'd memory Miquel Raynal (1): mtd: rawnand: marvell: fix command xtype in BCH write hook Pavel Tatashin (1): mm: sections are not offlined during memory hotremove Peter Zijlstra (7): sched/core: Fix possible Spectre-v1 indexing for sched_prio_to_weight[] sched/autogroup: Fix possible Spectre-v1 indexing for sched_prio_to_weight[] perf/x86: Fix possible Spectre-v1 indexing for hw_perf_event cache_* perf/x86/cstate: Fix possible Spectre-v1 indexing for pkg_msr perf/x86/msr: Fix possible Spectre-v1 indexing in the MSR driver perf/core: Fix possible Spectre-v1 indexing for ->aux_pages[] perf/x86: Fix possible Spectre-v1 indexing for x86_pmu::event_map() Rafael J. Wysocki (2): PCI / PM: Check device_may_wakeup() in pci_enable_wake() cpufreq: schedutil: Avoid using invalid next_freq Rodrigo Vivi (1): drm/i915: Adjust eDP's logical vco in a reliable place. Sowmini Varadhan (1): rds: tcp: must use spin_lock_irq* and not spin_lock_bh with rds_tcp_conn_lock Steve French (1): smb3: directory sync should not return an error Steven Rostedt (VMware) (1): tracing: Fix regex_match_front() to not over compare the test string Tero Kristo (1): clk: ti: fix flag space conflict with clkctrl clocks Tetsuo Handa (2): bdi: wake up concurrent wb_shutdown() callers. bdi: Fix use after free bug in debugfs_remove() Timur Tabi (1): gpioib: do not free unrequested descriptors Tom Herbert (1): kcm: Call strp_stop before strp_done in kcm_attach Uwe Kleine-König (3): gpio: fix error path in lineevent_create can: flexcan: fix endianess detection arm: dts: imx[35]*: declare flexcan devices to be compatible to imx25's flexcan Ville Syrjälä (2): drm/atomic: Clean old_state/new_state in drm_atomic_state_default_clear() drm/atomic: Clean private obj old_state/new_state in drm_atomic_state_default_clear() Vitaly Wool (1): z3fold: fix reclaim lock-ups Yonghong Song (1): bpf/tracing: fix a deadlock in perf_event_detach_bpf_prog

7 years, 4 months

1
1
0 0

Linux 4.14.41

by Greg KH

I'm announcing the release of the 4.14.41 kernel. All users of the 4.14 kernel series must upgrade. The updated 4.14.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.14.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/arm64/silicon-errata.txt | 1 Makefile | 2 arch/arm64/Kconfig | 14 ++ arch/arm64/include/asm/assembler.h | 40 ++++++++ arch/arm64/include/asm/cputype.h | 2 arch/arm64/mm/proc.S | 5 + arch/powerpc/kvm/book3s_64_mmu_radix.c | 72 +++++++++----- arch/powerpc/kvm/book3s_hv.c | 17 +-- arch/powerpc/kvm/book3s_hv_rmhandlers.S | 8 + arch/x86/events/core.c | 8 + arch/x86/events/intel/cstate.c | 2 arch/x86/events/msr.c | 9 + arch/x86/kvm/lapic.c | 37 ++++--- crypto/af_alg.c | 8 - drivers/ata/libata-core.c | 3 drivers/atm/zatm.c | 3 drivers/bluetooth/btusb.c | 19 +++ drivers/gpio/gpio-aspeed.c | 2 drivers/gpio/gpiolib.c | 7 - drivers/gpu/drm/drm_atomic.c | 8 + drivers/gpu/drm/i915/intel_lvds.c | 3 drivers/gpu/drm/nouveau/nv50_display.c | 7 - drivers/gpu/drm/vc4/vc4_plane.c | 2 drivers/md/dm-integrity.c | 2 drivers/net/can/spi/hi311x.c | 11 +- drivers/net/can/usb/kvaser_usb.c | 2 drivers/nvme/host/nvme.h | 5 + drivers/nvme/host/pci.c | 12 ++ drivers/pci/pci.c | 37 +++++-- drivers/thermal/samsung/exynos_tmu.c | 14 ++ fs/ceph/file.c | 10 +- fs/cifs/cifsfs.c | 13 ++ fs/fs-writeback.c | 2 include/linux/oom.h | 2 include/linux/wait_bit.h | 17 +++ include/net/inet_timewait_sock.h | 1 include/net/nexthop.h | 2 kernel/compat.c | 1 kernel/events/callchain.c | 10 -- kernel/events/ring_buffer.c | 7 + kernel/sched/autogroup.c | 7 + kernel/sched/cpufreq_schedutil.c | 3 kernel/trace/trace_events_filter.c | 3 kernel/trace/trace_uprobe.c | 2 mm/backing-dev.c | 2 mm/memcontrol.c | 3 mm/mmap.c | 44 +++++---- mm/oom_kill.c | 74 ++++++++------- mm/sparse.c | 2 mm/z3fold.c | 42 ++++++-- net/atm/lec.c | 9 + net/bridge/netfilter/ebtables.c | 11 +- net/core/dev_addr_lists.c | 4 net/core/skbuff.c | 1 net/dccp/ipv4.c | 1 net/dccp/ipv6.c | 1 net/ipv4/inet_timewait_sock.c | 1 net/ipv4/inetpeer.c | 1 net/ipv4/route.c | 11 +- net/ipv4/tcp.c | 2 net/kcm/kcmsock.c | 1 net/netfilter/ipvs/ip_vs_ctl.c | 8 - net/netfilter/ipvs/ip_vs_sync.c | 155 ++++++++++++++++---------------- net/netlink/af_netlink.c | 2 net/rfkill/rfkill-gpio.c | 7 + 65 files changed, 542 insertions(+), 282 deletions(-) Anthoine Bourgeois (1): KVM: x86: remove APIC Timer periodic/oneshot spikes Boris Brezillon (1): drm/vc4: Fix scaling of uni-planar formats David Rientjes (1): mm, oom: fix concurrent munlock and oom reaper unmap, v3 Eric Dumazet (10): crypto: af_alg - fix possible uninit-value in alg_bind() netlink: fix uninit-value in netlink_sendmsg net: fix rtnh_ok() net: initialize skb->peeked when cloning net: fix uninit-value in __hw_addr_add_ex() dccp: initialize ireq->ir_mark ipv4: fix uninit-value in ip_route_output_key_hash_rcu() soreuseport: initialise timewait reuseport field inetpeer: fix uninit-value in inet_getpeer tcp: fix TCP_REPAIR_QUEUE bound checking Florent Flament (1): drm/i915: Fix drm:intel_enable_lvds ERROR message in kernel log Florian Westphal (1): netfilter: ebtables: don't attempt to allocate 0-sized compat array Govert Overgaauw (1): gpio: fix aspeed_gpio unmask irq Greg Kroah-Hartman (1): Linux 4.14.41 Gustavo A. R. Silva (2): net: atm: Fix potential Spectre v1 atm: zatm: Fix potential Spectre v1 Hans de Goede (4): libata: Apply NOLPM quirk for SanDisk SD7UB3Q*G1001 SSDs Revert "Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174" Bluetooth: btusb: Add Dell XPS 13 9360 to btusb_needs_reset_resume_table Bluetooth: btusb: Only check needs_reset_resume DMI table for QCA rome chipsets Ilya Dryomov (1): ceph: fix rsize/wsize capping in ceph_direct_read_write() Jan Kara (1): bdi: Fix oops in wb_workfn() Jann Horn (1): compat: fix 4-byte infoleak via uninitialized struct field Jens Axboe (1): nvme: add quirk to force medium priority for SQ creation Jimmy Assarsson (1): can: kvaser_usb: Increase correct stats counter in kvaser_usb_rx_can_msg() Jiri Olsa (1): perf: Remove superfluous allocation error check Johan Hovold (1): rfkill: gpio: fix memory leak in probe error path Julian Anastasov (1): ipvs: fix rtnl_lock lockups caused by start_sync_thread Kai Heng Feng (1): PCI / PM: Always check PME wakeup capability for runtime wakeup support Laurent Vivier (1): KVM: PPC: Book3S HV: Fix guest time accounting with VIRT_CPU_ACCOUNTING_GEN Lukas Wunner (2): can: hi311x: Acquire SPI lock on ->do_get_berr_counter can: hi311x: Work around TX complete interrupt erratum Lyude Paul (1): drm/nouveau: Fix deadlock in nv50_mstm_register_connector() Marek Szyprowski (2): thermal: exynos: Reading temperature makes sense only when TMU is turned on thermal: exynos: Propagate error value from tmu_read() Masami Hiramatsu (1): tracing/uprobe_event: Fix strncpy corner case Michal Hocko (1): memcg: fix per_node_info cleanup Mikulas Patocka (1): dm integrity: use kvfree for kvmalloc'd memory Paul Mackerras (3): KVM: PPC: Book3S HV: Fix trap number return from __kvmppc_vcore_entry KVM: PPC: Book3S HV: Fix VRMA initialization with 2MB or 1GB memory backing KVM: PPC: Book3S HV: Fix handling of large pages in radix page fault handler Pavel Tatashin (1): mm: sections are not offlined during memory hotremove Peter Zijlstra (6): sched/autogroup: Fix possible Spectre-v1 indexing for sched_prio_to_weight[] perf/x86: Fix possible Spectre-v1 indexing for hw_perf_event cache_* perf/x86/cstate: Fix possible Spectre-v1 indexing for pkg_msr perf/x86/msr: Fix possible Spectre-v1 indexing in the MSR driver perf/core: Fix possible Spectre-v1 indexing for ->aux_pages[] perf/x86: Fix possible Spectre-v1 indexing for x86_pmu::event_map() Rafael J. Wysocki (2): PCI / PM: Check device_may_wakeup() in pci_enable_wake() cpufreq: schedutil: Avoid using invalid next_freq Steve French (1): smb3: directory sync should not return an error Steven Rostedt (VMware) (1): tracing: Fix regex_match_front() to not over compare the test string Suzuki K Poulose (1): arm64: Add work around for Arm Cortex-A55 Erratum 1024718 Tetsuo Handa (1): bdi: wake up concurrent wb_shutdown() callers. Timur Tabi (1): gpioib: do not free unrequested descriptors Tom Herbert (1): kcm: Call strp_stop before strp_done in kcm_attach Uwe Kleine-König (1): gpio: fix error path in lineevent_create Ville Syrjälä (2): drm/atomic: Clean old_state/new_state in drm_atomic_state_default_clear() drm/atomic: Clean private obj old_state/new_state in drm_atomic_state_default_clear() Vitaly Wool (1): z3fold: fix reclaim lock-ups

7 years, 4 months

1
1
0 0

Linux 4.9.100

by Greg KH

I'm announcing the release of the 4.9.100 kernel. All users of the 4.9 kernel series must upgrade. The updated 4.9.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.9.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/arm64/silicon-errata.txt | 1 Makefile | 2 arch/arm64/Kconfig | 14 ++ arch/arm64/include/asm/assembler.h | 40 ++++++++ arch/arm64/include/asm/cputype.h | 5 + arch/arm64/mm/proc.S | 5 + arch/powerpc/kvm/book3s_hv_rmhandlers.S | 8 + arch/x86/events/core.c | 8 + arch/x86/events/intel/cstate.c | 2 arch/x86/events/msr.c | 9 + crypto/af_alg.c | 8 - drivers/ata/libata-core.c | 3 drivers/atm/zatm.c | 3 drivers/bluetooth/btusb.c | 2 drivers/gpio/gpio-aspeed.c | 2 drivers/gpio/gpiolib.c | 7 - drivers/gpu/drm/i915/intel_lvds.c | 3 drivers/gpu/drm/vc4/vc4_plane.c | 2 drivers/infiniband/core/device.c | 3 drivers/net/can/usb/kvaser_usb.c | 2 drivers/thermal/samsung/exynos_tmu.c | 14 ++ fs/f2fs/data.c | 2 fs/fs-writeback.c | 2 include/net/inet_timewait_sock.h | 1 include/net/nexthop.h | 2 kernel/events/callchain.c | 10 -- kernel/events/ring_buffer.c | 7 + kernel/trace/trace_events_filter.c | 3 kernel/trace/trace_uprobe.c | 2 net/atm/lec.c | 9 + net/core/dev_addr_lists.c | 4 net/core/skbuff.c | 1 net/dccp/ipv4.c | 1 net/dccp/ipv6.c | 1 net/ipv4/inet_timewait_sock.c | 1 net/ipv4/tcp.c | 2 net/kcm/kcmsock.c | 1 net/netfilter/ipvs/ip_vs_ctl.c | 8 - net/netfilter/ipvs/ip_vs_sync.c | 155 ++++++++++++++++---------------- net/netlink/af_netlink.c | 2 net/rfkill/rfkill-gpio.c | 7 + 41 files changed, 237 insertions(+), 127 deletions(-) Boris Brezillon (1): drm/vc4: Fix scaling of uni-planar formats Eric Dumazet (8): crypto: af_alg - fix possible uninit-value in alg_bind() netlink: fix uninit-value in netlink_sendmsg net: fix rtnh_ok() net: initialize skb->peeked when cloning net: fix uninit-value in __hw_addr_add_ex() dccp: initialize ireq->ir_mark soreuseport: initialise timewait reuseport field tcp: fix TCP_REPAIR_QUEUE bound checking Florent Flament (1): drm/i915: Fix drm:intel_enable_lvds ERROR message in kernel log Govert Overgaauw (1): gpio: fix aspeed_gpio unmask irq Greg Kroah-Hartman (1): Linux 4.9.100 Gustavo A. R. Silva (2): net: atm: Fix potential Spectre v1 atm: zatm: Fix potential Spectre v1 Hans de Goede (2): libata: Apply NOLPM quirk for SanDisk SD7UB3Q*G1001 SSDs Revert "Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174" Jan Kara (1): bdi: Fix oops in wb_workfn() Jimmy Assarsson (1): can: kvaser_usb: Increase correct stats counter in kvaser_usb_rx_can_msg() Jiri Olsa (1): perf: Remove superfluous allocation error check Johan Hovold (1): rfkill: gpio: fix memory leak in probe error path Julian Anastasov (1): ipvs: fix rtnl_lock lockups caused by start_sync_thread Marek Szyprowski (2): thermal: exynos: Reading temperature makes sense only when TMU is turned on thermal: exynos: Propagate error value from tmu_read() Masami Hiramatsu (1): tracing/uprobe_event: Fix strncpy corner case Paul Mackerras (1): KVM: PPC: Book3S HV: Fix trap number return from __kvmppc_vcore_entry Peter Zijlstra (5): perf/x86: Fix possible Spectre-v1 indexing for hw_perf_event cache_* perf/x86/cstate: Fix possible Spectre-v1 indexing for pkg_msr perf/x86/msr: Fix possible Spectre-v1 indexing in the MSR driver perf/core: Fix possible Spectre-v1 indexing for ->aux_pages[] perf/x86: Fix possible Spectre-v1 indexing for x86_pmu::event_map() Sagi Grimberg (1): IB/device: Convert ib-comp-wq to be CPU-bound Steven Rostedt (VMware) (1): tracing: Fix regex_match_front() to not over compare the test string Suzuki K Poulose (1): arm64: Add work around for Arm Cortex-A55 Erratum 1024718 Timur Tabi (1): gpioib: do not free unrequested descriptors Tom Herbert (1): kcm: Call strp_stop before strp_done in kcm_attach Uwe Kleine-König (1): gpio: fix error path in lineevent_create Wei Fang (1): f2fs: fix a dead loop in f2fs_fiemap()

7 years, 4 months

1
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror