- Linux-stable-mirror - lists.linaro.org

FAILED: patch "[PATCH] x86/dumpstack: Don't dump kernel memory based on usermode RIP" failed to apply to 4.18-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.18-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 342db04ae71273322f0011384a9ed414df8bdae4 Mon Sep 17 00:00:00 2001 From: Jann Horn <jannh(a)google.com> Date: Tue, 28 Aug 2018 17:49:01 +0200 Subject: [PATCH] x86/dumpstack: Don't dump kernel memory based on usermode RIP show_opcodes() is used both for dumping kernel instructions and for dumping user instructions. If userspace causes #PF by jumping to a kernel address, show_opcodes() can be reached with regs->ip controlled by the user, pointing to kernel code. Make sure that userspace can't trick us into dumping kernel memory into dmesg. Fixes: 7cccf0725cf7 ("x86/dumpstack: Add a show_ip() function") Signed-off-by: Jann Horn <jannh(a)google.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Reviewed-by: Kees Cook <keescook(a)chromium.org> Reviewed-by: Borislav Petkov <bp(a)suse.de> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: security(a)kernel.org Cc: stable(a)vger.kernel.org Link: https://lkml.kernel.org/r/20180828154901.112726-1-jannh@google.com diff --git a/arch/x86/include/asm/stacktrace.h b/arch/x86/include/asm/stacktrace.h index b6dc698f992a..f335aad404a4 100644 --- a/arch/x86/include/asm/stacktrace.h +++ b/arch/x86/include/asm/stacktrace.h @@ -111,6 +111,6 @@ static inline unsigned long caller_frame_pointer(void) return (unsigned long)frame; } -void show_opcodes(u8 *rip, const char *loglvl); +void show_opcodes(struct pt_regs *regs, const char *loglvl); void show_ip(struct pt_regs *regs, const char *loglvl); #endif /* _ASM_X86_STACKTRACE_H */ diff --git a/arch/x86/kernel/dumpstack.c b/arch/x86/kernel/dumpstack.c index 1596e6bfea6f..f56895106ccf 100644 --- a/arch/x86/kernel/dumpstack.c +++ b/arch/x86/kernel/dumpstack.c @@ -90,14 +90,24 @@ static void printk_stack_address(unsigned long address, int reliable, * Thus, the 2/3rds prologue and 64 byte OPCODE_BUFSIZE is just a random * guesstimate in attempt to achieve all of the above. */ -void show_opcodes(u8 *rip, const char *loglvl) +void show_opcodes(struct pt_regs *regs, const char *loglvl) { #define PROLOGUE_SIZE 42 #define EPILOGUE_SIZE 21 #define OPCODE_BUFSIZE (PROLOGUE_SIZE + 1 + EPILOGUE_SIZE) u8 opcodes[OPCODE_BUFSIZE]; + unsigned long prologue = regs->ip - PROLOGUE_SIZE; + bool bad_ip; - if (probe_kernel_read(opcodes, rip - PROLOGUE_SIZE, OPCODE_BUFSIZE)) { + /* + * Make sure userspace isn't trying to trick us into dumping kernel + * memory by pointing the userspace instruction pointer at it. + */ + bad_ip = user_mode(regs) && + __chk_range_not_ok(prologue, OPCODE_BUFSIZE, TASK_SIZE_MAX); + + if (bad_ip || probe_kernel_read(opcodes, (u8 *)prologue, + OPCODE_BUFSIZE)) { printk("%sCode: Bad RIP value.\n", loglvl); } else { printk("%sCode: %" __stringify(PROLOGUE_SIZE) "ph <%02x> %" @@ -113,7 +123,7 @@ void show_ip(struct pt_regs *regs, const char *loglvl) #else printk("%sRIP: %04x:%pS\n", loglvl, (int)regs->cs, (void *)regs->ip); #endif - show_opcodes((u8 *)regs->ip, loglvl); + show_opcodes(regs, loglvl); } void show_iret_regs(struct pt_regs *regs) diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c index b9123c497e0a..47bebfe6efa7 100644 --- a/arch/x86/mm/fault.c +++ b/arch/x86/mm/fault.c @@ -837,7 +837,7 @@ show_signal_msg(struct pt_regs *regs, unsigned long error_code, printk(KERN_CONT "\n"); - show_opcodes((u8 *)regs->ip, loglvl); + show_opcodes(regs, loglvl); } static void

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From cc51e5428ea54f575d49cfcede1d4cb3a72b4ec4 Mon Sep 17 00:00:00 2001 From: Andi Kleen <ak(a)linux.intel.com> Date: Fri, 24 Aug 2018 10:03:50 -0700 Subject: [PATCH] x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ On Nehalem and newer core CPUs the CPU cache internally uses 44 bits physical address space. The L1TF workaround is limited by this internal cache address width, and needs to have one bit free there for the mitigation to work. Older client systems report only 36bit physical address space so the range check decides that L1TF is not mitigated for a 36bit phys/32GB system with some memory holes. But since these actually have the larger internal cache width this warning is bogus because it would only really be needed if the system had more than 43bits of memory. Add a new internal x86_cache_bits field. Normally it is the same as the physical bits field reported by CPUID, but for Nehalem and newerforce it to be at least 44bits. Change the L1TF memory size warning to use the new cache_bits field to avoid bogus warnings and remove the bogus comment about memory size. Fixes: 17dbca119312 ("x86/speculation/l1tf: Add sysfs reporting for l1tf") Reported-by: George Anchev <studio(a)anchev.net> Reported-by: Christopher Snowhill <kode54(a)gmail.com> Signed-off-by: Andi Kleen <ak(a)linux.intel.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: x86(a)kernel.org Cc: linux-kernel(a)vger.kernel.org Cc: Michael Hocko <mhocko(a)suse.com> Cc: vbabka(a)suse.cz Cc: stable(a)vger.kernel.org Link: https://lkml.kernel.org/r/20180824170351.34874-1-andi@firstfloor.org diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h index c24297268ebc..d53c54b842da 100644 --- a/arch/x86/include/asm/processor.h +++ b/arch/x86/include/asm/processor.h @@ -132,6 +132,8 @@ struct cpuinfo_x86 { /* Index into per_cpu list: */ u16 cpu_index; u32 microcode; + /* Address space bits used by the cache internally */ + u8 x86_cache_bits; unsigned initialized : 1; } __randomize_layout; @@ -183,7 +185,7 @@ extern void cpu_detect(struct cpuinfo_x86 *c); static inline unsigned long long l1tf_pfn_limit(void) { - return BIT_ULL(boot_cpu_data.x86_phys_bits - 1 - PAGE_SHIFT); + return BIT_ULL(boot_cpu_data.x86_cache_bits - 1 - PAGE_SHIFT); } extern void early_cpu_init(void); diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 4c2313d0b9ca..40bdaea97fe7 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -668,6 +668,45 @@ EXPORT_SYMBOL_GPL(l1tf_mitigation); enum vmx_l1d_flush_state l1tf_vmx_mitigation = VMENTER_L1D_FLUSH_AUTO; EXPORT_SYMBOL_GPL(l1tf_vmx_mitigation); +/* + * These CPUs all support 44bits physical address space internally in the + * cache but CPUID can report a smaller number of physical address bits. + * + * The L1TF mitigation uses the top most address bit for the inversion of + * non present PTEs. When the installed memory reaches into the top most + * address bit due to memory holes, which has been observed on machines + * which report 36bits physical address bits and have 32G RAM installed, + * then the mitigation range check in l1tf_select_mitigation() triggers. + * This is a false positive because the mitigation is still possible due to + * the fact that the cache uses 44bit internally. Use the cache bits + * instead of the reported physical bits and adjust them on the affected + * machines to 44bit if the reported bits are less than 44. + */ +static void override_cache_bits(struct cpuinfo_x86 *c) +{ + if (c->x86 != 6) + return; + + switch (c->x86_model) { + case INTEL_FAM6_NEHALEM: + case INTEL_FAM6_WESTMERE: + case INTEL_FAM6_SANDYBRIDGE: + case INTEL_FAM6_IVYBRIDGE: + case INTEL_FAM6_HASWELL_CORE: + case INTEL_FAM6_HASWELL_ULT: + case INTEL_FAM6_HASWELL_GT3E: + case INTEL_FAM6_BROADWELL_CORE: + case INTEL_FAM6_BROADWELL_GT3E: + case INTEL_FAM6_SKYLAKE_MOBILE: + case INTEL_FAM6_SKYLAKE_DESKTOP: + case INTEL_FAM6_KABYLAKE_MOBILE: + case INTEL_FAM6_KABYLAKE_DESKTOP: + if (c->x86_cache_bits < 44) + c->x86_cache_bits = 44; + break; + } +} + static void __init l1tf_select_mitigation(void) { u64 half_pa; @@ -675,6 +714,8 @@ static void __init l1tf_select_mitigation(void) if (!boot_cpu_has_bug(X86_BUG_L1TF)) return; + override_cache_bits(&boot_cpu_data); + switch (l1tf_mitigation) { case L1TF_MITIGATION_OFF: case L1TF_MITIGATION_FLUSH_NOWARN: @@ -694,11 +735,6 @@ static void __init l1tf_select_mitigation(void) return; #endif - /* - * This is extremely unlikely to happen because almost all - * systems have far more MAX_PA/2 than RAM can be fit into - * DIMM slots. - */ half_pa = (u64)l1tf_pfn_limit() << PAGE_SHIFT; if (e820__mapped_any(half_pa, ULLONG_MAX - half_pa, E820_TYPE_RAM)) { pr_warn("System has more than MAX_PA/2 memory. L1TF mitigation not effective.\n"); diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index 84dee5ab745a..44c4ef3d989b 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -919,6 +919,7 @@ void get_cpu_address_sizes(struct cpuinfo_x86 *c) else if (cpu_has(c, X86_FEATURE_PAE) || cpu_has(c, X86_FEATURE_PSE36)) c->x86_phys_bits = 36; #endif + c->x86_cache_bits = c->x86_phys_bits; } static void identify_cpu_without_cpuid(struct cpuinfo_x86 *c)

7 years, 2 months

1
0
0 0

[PATCH imx_4.9.y 1/2] PM / Domains: Fix error path during attach in genpd

by Leonard Crestez

From: Ulf Hansson <ulf.hansson(a)linaro.org> In case the PM domain fails to be powered on in genpd_dev_pm_attach(), it returns -EPROBE_DEFER, but keeping the device attached to its PM domain. This leads to problems when the next attempt to attach is re-tried. More precisely, in that situation an -EEXIST error code is returned, because the device already has its PM domain pointer assigned, from the first attempt. Now, because of the sloppy error handling by the existing callers of dev_pm_domain_attach(), probing is allowed to continue when -EEXIST is returned. However, in such case there are no guarantees that the PM domain is powered on by genpd, which may lead to hangs when buses/drivers tried to access their devices. Let's fix this behaviour, simply by detaching the device when powering on fails in genpd_dev_pm_attach(). Cc: v4.11+ <stable(a)vger.kernel.org> # v4.11+ Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> (cherry picked from commit 72038df3c580c4c326b83c86149d7ac34007532a) Cherry-picked to imx_4.9.y with minimal conflicts so that we can properly handle errors from SCFW pm calls Signed-off-by: Leonard Crestez <leonard.crestez(a)nxp.com> --- drivers/base/power/domain.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/base/power/domain.c b/drivers/base/power/domain.c index 9c3e535795a0..d9681d372997 100644 --- a/drivers/base/power/domain.c +++ b/drivers/base/power/domain.c @@ -1936,10 +1936,13 @@ int genpd_dev_pm_attach(struct device *dev) dev->pm_domain->sync = genpd_dev_pm_sync; mutex_lock(&pd->lock); ret = genpd_poweron(pd, 0); mutex_unlock(&pd->lock); + + if (ret) + genpd_remove_device(pd, dev); out: return ret ? -EPROBE_DEFER : 0; } EXPORT_SYMBOL_GPL(genpd_dev_pm_attach); #endif /* CONFIG_PM_GENERIC_DOMAINS_OF */ -- 2.17.1

7 years, 2 months

2
2
0 0

[PATCH] usb: Avoid use-after-free by flushing endpoints early in usb_set_interface()

by Mathias Nyman

The steps taken by usb core to set a new interface is very different from what is done on the xHC host side. xHC hardware will do everything in one go. One command is used to set up new endpoints, free old endpoints, check bandwidth, and run the new endpoints. All this is done by xHC when usb core asks the hcd to check for available bandwidth. At this point usb core has not yet flushed the old endpoints, which will cause use-after-free issues in xhci driver as queued URBs are cancelled on a re-allocated endpoint. To resolve this add a call to usb_disable_interface() which will flush the endpoints before calling usb_hcd_alloc_bandwidth() Additional checks in xhci driver will also be implemented to gracefully handle stale URB cancel on freed and re-allocated endpoints Cc: <stable(a)vger.kernel.org> Reported-by: Sudip Mukherjee <sudipm.mukherjee(a)gmail.com> Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> --- drivers/usb/core/message.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/drivers/usb/core/message.c b/drivers/usb/core/message.c index 228672f..304bef2 100644 --- a/drivers/usb/core/message.c +++ b/drivers/usb/core/message.c @@ -1377,6 +1377,13 @@ int usb_set_interface(struct usb_device *dev, int interface, int alternate) return -EINVAL; } + /* + * usb3 hosts configure the interface in usb_hcd_alloc_bandwidth, + * including freeing dropped endpoint ring buffers. + * Make sure the interface endpoints are flushed before that + */ + usb_disable_interface(dev, iface, false); + /* Make sure we have enough bandwidth for this alternate interface. * Remove the current alt setting and add the new alt setting. */ -- 2.7.4

7 years, 2 months

2
2
0 0

Back to check your images

by Jason Jones

Hi, I would like to take the chance to speak with the person who handle your images in your company? Our ability of imaging editing. Cutting out for your images Clipping path for your images Masking for your images Retouching for your images Retouching for the Portraits images We have 17 photo editors in house and daily basis 700 images can be done. We can give testing for your photos if you send us one or two to start working. Thanks, Jason Jones

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: use correct compare function of dirty_metadata_bytes" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From d814a49198eafa6163698bdd93961302f3a877a4 Mon Sep 17 00:00:00 2001 From: Ethan Lien <ethanlien(a)synology.com> Date: Mon, 2 Jul 2018 15:44:58 +0800 Subject: [PATCH] btrfs: use correct compare function of dirty_metadata_bytes We use customized, nodesize batch value to update dirty_metadata_bytes. We should also use batch version of compare function or we will easily goto fast path and get false result from percpu_counter_compare(). Fixes: e2d845211eda ("Btrfs: use percpu counter for dirty metadata count") CC: stable(a)vger.kernel.org # 4.4+ Signed-off-by: Ethan Lien <ethanlien(a)synology.com> Reviewed-by: Nikolay Borisov <nborisov(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c index 6023eed3e805..e3858b2fe014 100644 --- a/fs/btrfs/disk-io.c +++ b/fs/btrfs/disk-io.c @@ -959,8 +959,9 @@ static int btree_writepages(struct address_space *mapping, fs_info = BTRFS_I(mapping->host)->root->fs_info; /* this is a bit racy, but that's ok */ - ret = percpu_counter_compare(&fs_info->dirty_metadata_bytes, - BTRFS_DIRTY_METADATA_THRESH); + ret = __percpu_counter_compare(&fs_info->dirty_metadata_bytes, + BTRFS_DIRTY_METADATA_THRESH, + fs_info->dirty_metadata_batch); if (ret < 0) return 0; } @@ -4134,8 +4135,9 @@ static void __btrfs_btree_balance_dirty(struct btrfs_fs_info *fs_info, if (flush_delayed) btrfs_balance_delayed_items(fs_info); - ret = percpu_counter_compare(&fs_info->dirty_metadata_bytes, - BTRFS_DIRTY_METADATA_THRESH); + ret = __percpu_counter_compare(&fs_info->dirty_metadata_bytes, + BTRFS_DIRTY_METADATA_THRESH, + fs_info->dirty_metadata_batch); if (ret > 0) { balance_dirty_pages_ratelimited(fs_info->btree_inode->i_mapping); }

7 years, 2 months

2
1
0 0

[PATCH stable 1/2] arm64: Fix mismatched cache line size detection

by Suzuki K Poulose

commit 4c4a39dd5fe2d13e2d2fa5fceb8ef95d19fc389a upstream If there is a mismatch in the I/D min line size, we must always use the system wide safe value both in applications and in the kernel, while performing cache operations. However, we have been checking more bits than just the min line sizes, which triggers false negatives. We may need to trap the user accesses in such cases, but not necessarily patch the kernel. This patch fixes the check to do the right thing as advertised. A new capability will be added to check mismatches in other fields and ensure we trap the CTR accesses. Fixes: be68a8aaf925 ("arm64: cpufeature: Fix CTR_EL0 field definitions") Cc: <stable(a)vger.kernel.org> # v4.14 Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Reported-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Suzuki K Poulose <suzuki.poulose(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> --- arch/arm64/include/asm/cache.h | 5 +++++ arch/arm64/kernel/cpu_errata.c | 6 ++++-- arch/arm64/kernel/cpufeature.c | 4 ++-- 3 files changed, 11 insertions(+), 4 deletions(-) diff --git a/arch/arm64/include/asm/cache.h b/arch/arm64/include/asm/cache.h index ea9bb4e..e40f8a2 100644 --- a/arch/arm64/include/asm/cache.h +++ b/arch/arm64/include/asm/cache.h @@ -20,9 +20,14 @@ #define CTR_L1IP_SHIFT 14 #define CTR_L1IP_MASK 3 +#define CTR_DMINLINE_SHIFT 16 +#define CTR_IMINLINE_SHIFT 0 #define CTR_CWG_SHIFT 24 #define CTR_CWG_MASK 15 +#define CTR_CACHE_MINLINE_MASK \ + (0xf << CTR_DMINLINE_SHIFT | 0xf << CTR_IMINLINE_SHIFT) + #define CTR_L1IP(ctr) (((ctr) >> CTR_L1IP_SHIFT) & CTR_L1IP_MASK) #define ICACHE_POLICY_VPIPT 0 diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c index eccdb28..3d1569c 100644 --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -48,9 +48,11 @@ static bool has_mismatched_cache_line_size(const struct arm64_cpu_capabilities *entry, int scope) { + u64 mask = CTR_CACHE_MINLINE_MASK; + WARN_ON(scope != SCOPE_LOCAL_CPU || preemptible()); - return (read_cpuid_cachetype() & arm64_ftr_reg_ctrel0.strict_mask) != - (arm64_ftr_reg_ctrel0.sys_val & arm64_ftr_reg_ctrel0.strict_mask); + return (read_cpuid_cachetype() & mask) != + (arm64_ftr_reg_ctrel0.sys_val & mask); } static int cpu_enable_trap_ctr_access(void *__unused) diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index 376cf12..003dd39 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -180,14 +180,14 @@ static const struct arm64_ftr_bits ftr_ctr[] = { ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, 28, 1, 1), /* IDC */ ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_HIGHER_SAFE, 24, 4, 0), /* CWG */ ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_HIGHER_SAFE, 20, 4, 0), /* ERG */ - ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, 16, 4, 1), /* DminLine */ + ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, CTR_DMINLINE_SHIFT, 4, 1), /* * Linux can handle differing I-cache policies. Userspace JITs will * make use of *minLine. * If we have differing I-cache policies, report it as the weakest - VIPT. */ ARM64_FTR_BITS(FTR_VISIBLE, FTR_NONSTRICT, FTR_EXACT, 14, 2, ICACHE_POLICY_VIPT), /* L1Ip */ - ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, 0, 4, 0), /* IminLine */ + ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, CTR_IMINLINE_SHIFT, 4, 0), ARM64_FTR_END, }; -- 2.7.4

7 years, 2 months

1
1
0 0

[PATCH] MIPS: VDSO: Match data page cache colouring when D$ aliases

by Paul Burton

When a system suffers from dcache aliasing a user program may observe stale VDSO data from an aliased cache line. Notably this can break the expectation that clock_gettime(CLOCK_MONOTONIC, ...) is, as its name suggests, monotonic. In order to ensure that users observe updates to the VDSO data page as intended, align the user mappings of the VDSO data page such that their cache colouring matches that of the virtual address range which the kernel will use to update the data page - typically its unmapped address within kseg0. This ensures that we don't introduce aliasing cache lines for the VDSO data page, and therefore that userland will observe updates without requiring cache invalidation. Signed-off-by: Paul Burton <paul.burton(a)mips.com> Reported-by: Hauke Mehrtens <hauke(a)hauke-m.de> Reported-by: Rene Nielsen <rene.nielsen(a)microsemi.com> Reported-by: Alexandre Belloni <alexandre.belloni(a)bootlin.com> Fixes: ebb5e78cc634 ("MIPS: Initial implementation of a VDSO") Cc: James Hogan <jhogan(a)kernel.org> Cc: linux-mips(a)linux-mips.org Cc: stable(a)vger.kernel.org # v4.4+ --- Hi Alexandre, Could you try this out on your Ocelot system? Hopefully it'll solve the problem just as well as James' patch but doesn't need the questionable change to arch_get_unmapped_area_common(). Thanks, Paul --- arch/mips/kernel/vdso.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/arch/mips/kernel/vdso.c b/arch/mips/kernel/vdso.c index 019035d7225c..5fb617a42335 100644 --- a/arch/mips/kernel/vdso.c +++ b/arch/mips/kernel/vdso.c @@ -13,6 +13,7 @@ #include <linux/err.h> #include <linux/init.h> #include <linux/ioport.h> +#include <linux/kernel.h> #include <linux/mm.h> #include <linux/sched.h> #include <linux/slab.h> @@ -20,6 +21,7 @@ #include <asm/abi.h> #include <asm/mips-cps.h> +#include <asm/page.h> #include <asm/vdso.h> /* Kernel-provided data used by the VDSO. */ @@ -128,12 +130,30 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp) vvar_size = gic_size + PAGE_SIZE; size = vvar_size + image->size; + /* + * Find a region that's large enough for us to perform the + * colour-matching alignment below. + */ + if (cpu_has_dc_aliases) + size += shm_align_mask + 1; + base = get_unmapped_area(NULL, 0, size, 0, 0); if (IS_ERR_VALUE(base)) { ret = base; goto out; } + /* + * If we suffer from dcache aliasing, ensure that the VDSO data page is + * coloured the same as the kernel's mapping of that memory. This + * ensures that when the kernel updates the VDSO data userland will see + * it without requiring cache invalidations. + */ + if (cpu_has_dc_aliases) { + base = __ALIGN_MASK(base, shm_align_mask); + base += ((unsigned long)&vdso_data - gic_size) & shm_align_mask; + } + data_addr = base + gic_size; vdso_addr = data_addr + PAGE_SIZE; -- 2.18.0

7 years, 2 months

4
5
0 0

FAILED: patch "[PATCH] x86/vdso: Fix vDSO build if a retpoline is emitted" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 2e549b2ee0e358bc758480e716b881f9cabedb6a Mon Sep 17 00:00:00 2001 From: Andy Lutomirski <luto(a)kernel.org> Date: Thu, 16 Aug 2018 12:41:15 -0700 Subject: [PATCH] x86/vdso: Fix vDSO build if a retpoline is emitted Currently, if the vDSO ends up containing an indirect branch or call, GCC will emit the "external thunk" style of retpoline, and it will fail to link. Fix it by building the vDSO with inline retpoline thunks. I haven't seen any reports of this triggering on an unpatched kernel. Fixes: commit 76b043848fd2 ("x86/retpoline: Add initial retpoline support") Signed-off-by: Andy Lutomirski <luto(a)kernel.org> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Acked-by: Matt Rickard <matt(a)softrans.com.au> Cc: Borislav Petkov <bp(a)alien8.de> Cc: Jason Vas Dias <jason.vas.dias(a)gmail.com> Cc: David Woodhouse <dwmw2(a)infradead.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Andi Kleen <ak(a)linux.intel.com> Cc: stable(a)vger.kernel.org Link: https://lkml.kernel.org/r/c76538cd3afbe19c6246c2d1715bc6a60bd63985.15344483… diff --git a/Makefile b/Makefile index a0650bf79606..7bab2e90e4e1 100644 --- a/Makefile +++ b/Makefile @@ -507,9 +507,13 @@ KBUILD_AFLAGS += $(call cc-option, -no-integrated-as) endif RETPOLINE_CFLAGS_GCC := -mindirect-branch=thunk-extern -mindirect-branch-register +RETPOLINE_VDSO_CFLAGS_GCC := -mindirect-branch=thunk-inline -mindirect-branch-register RETPOLINE_CFLAGS_CLANG := -mretpoline-external-thunk +RETPOLINE_VDSO_CFLAGS_CLANG := -mretpoline RETPOLINE_CFLAGS := $(call cc-option,$(RETPOLINE_CFLAGS_GCC),$(call cc-option,$(RETPOLINE_CFLAGS_CLANG))) +RETPOLINE_VDSO_CFLAGS := $(call cc-option,$(RETPOLINE_VDSO_CFLAGS_GCC),$(call cc-option,$(RETPOLINE_VDSO_CFLAGS_CLANG))) export RETPOLINE_CFLAGS +export RETPOLINE_VDSO_CFLAGS KBUILD_CFLAGS += $(call cc-option,-fno-PIE) KBUILD_AFLAGS += $(call cc-option,-fno-PIE) diff --git a/arch/x86/entry/vdso/Makefile b/arch/x86/entry/vdso/Makefile index 9f695f517747..fa3f439f0a92 100644 --- a/arch/x86/entry/vdso/Makefile +++ b/arch/x86/entry/vdso/Makefile @@ -68,9 +68,9 @@ $(obj)/vdso-image-%.c: $(obj)/vdso%.so.dbg $(obj)/vdso%.so $(obj)/vdso2c FORCE CFL := $(PROFILING) -mcmodel=small -fPIC -O2 -fasynchronous-unwind-tables -m64 \ $(filter -g%,$(KBUILD_CFLAGS)) $(call cc-option, -fno-stack-protector) \ -fno-omit-frame-pointer -foptimize-sibling-calls \ - -DDISABLE_BRANCH_PROFILING -DBUILD_VDSO + -DDISABLE_BRANCH_PROFILING -DBUILD_VDSO $(RETPOLINE_VDSO_CFLAGS) -$(vobjs): KBUILD_CFLAGS := $(filter-out $(GCC_PLUGINS_CFLAGS),$(KBUILD_CFLAGS)) $(CFL) +$(vobjs): KBUILD_CFLAGS := $(filter-out $(GCC_PLUGINS_CFLAGS) $(RETPOLINE_CFLAGS),$(KBUILD_CFLAGS)) $(CFL) # # vDSO code runs in userspace and -pg doesn't help with profiling anyway. @@ -132,11 +132,13 @@ KBUILD_CFLAGS_32 := $(filter-out -mcmodel=kernel,$(KBUILD_CFLAGS_32)) KBUILD_CFLAGS_32 := $(filter-out -fno-pic,$(KBUILD_CFLAGS_32)) KBUILD_CFLAGS_32 := $(filter-out -mfentry,$(KBUILD_CFLAGS_32)) KBUILD_CFLAGS_32 := $(filter-out $(GCC_PLUGINS_CFLAGS),$(KBUILD_CFLAGS_32)) +KBUILD_CFLAGS_32 := $(filter-out $(RETPOLINE_CFLAGS),$(KBUILD_CFLAGS_32)) KBUILD_CFLAGS_32 += -m32 -msoft-float -mregparm=0 -fpic KBUILD_CFLAGS_32 += $(call cc-option, -fno-stack-protector) KBUILD_CFLAGS_32 += $(call cc-option, -foptimize-sibling-calls) KBUILD_CFLAGS_32 += -fno-omit-frame-pointer KBUILD_CFLAGS_32 += -DDISABLE_BRANCH_PROFILING +KBUILD_CFLAGS_32 += $(RETPOLINE_VDSO_CFLAGS) $(obj)/vdso32.so.dbg: KBUILD_CFLAGS = $(KBUILD_CFLAGS_32) $(obj)/vdso32.so.dbg: FORCE \

7 years, 2 months

2
1
0 0

INQUIRY ORDER

by Mr Walter Benson

Dear Supplier, Please kindly confirm back in reply if am onto the right contact personin your company responsible for inquiries & orders. Please can you as well send your updated 2018 product catalog/price listing to our Import Department desk. Regards Walter Benson Purchase Manager Aharkco Trading Co., LTD.

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] ASoC: wm8994: Fix missing break in switch" failed to apply to 4.18-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.18-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From ad0eaee6195db1db1749dd46b9e6f4466793d178 Mon Sep 17 00:00:00 2001 From: "Gustavo A. R. Silva" <gustavo(a)embeddedor.com> Date: Mon, 6 Aug 2018 07:14:51 -0500 Subject: [PATCH] ASoC: wm8994: Fix missing break in switch Add missing break statement in order to prevent the code from falling through to the default case. Addresses-Coverity-ID: 115050 ("Missing break in switch") Reported-by: Valdis Kletnieks <valdis.kletnieks(a)vt.edu> Signed-off-by: Gustavo A. R. Silva <gustavo(a)embeddedor.com> Acked-by: Charles Keepax <ckeepax(a)opensource.cirrus.com> Signed-off-by: Mark Brown <broonie(a)kernel.org> Cc: stable(a)vger.kernel.org diff --git a/sound/soc/codecs/wm8994.c b/sound/soc/codecs/wm8994.c index 62f8c5b9ba92..14f1b0c0d286 100644 --- a/sound/soc/codecs/wm8994.c +++ b/sound/soc/codecs/wm8994.c @@ -2432,7 +2432,7 @@ static int wm8994_set_dai_sysclk(struct snd_soc_dai *dai, snd_soc_component_update_bits(component, WM8994_POWER_MANAGEMENT_2, WM8994_OPCLK_ENA, 0); } - /* fall through */ + break; default: return -EINVAL;

7 years, 2 months

2
1
0 0

[PATCH AUTOSEL 4.9 11/62] uio: potential double frees if __uio_register_device() fails

by Sasha Levin

From: Dan Carpenter <dan.carpenter(a)oracle.com> [ Upstream commit f019f07ecf6a6b8bd6d7853bce70925d90af02d1 ] The uio_unregister_device() function assumes that if "info->uio_dev" is non-NULL that means "info" is fully allocated. Setting info->uio_de has to be the last thing in the function. In the current code, if request_threaded_irq() fails then we return with info->uio_dev set to non-NULL but info is not fully allocated and it can lead to double frees. Fixes: beafc54c4e2f ("UIO: Add the User IO core code") Signed-off-by: Dan Carpenter <dan.carpenter(a)oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- drivers/uio/uio.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/uio/uio.c b/drivers/uio/uio.c index 208bc52fc84d..f0a9ea2740df 100644 --- a/drivers/uio/uio.c +++ b/drivers/uio/uio.c @@ -841,8 +841,6 @@ int __uio_register_device(struct module *owner, if (ret) goto err_uio_dev_add_attributes; - info->uio_dev = idev; - if (info->irq && (info->irq != UIO_IRQ_CUSTOM)) { /* * Note that we deliberately don't use devm_request_irq @@ -858,6 +856,7 @@ int __uio_register_device(struct module *owner, goto err_request_irq; } + info->uio_dev = idev; return 0; err_request_irq: -- 2.17.1

7 years, 2 months

1
51
0 0

[PATCH AUTOSEL 4.9 01/62] misc: mic: SCIF Fix scif_get_new_port() error handling

by Sasha Levin

From: Dan Carpenter <dan.carpenter(a)oracle.com> [ Upstream commit a39284ae9d2ad09975c8ae33f1bd0f05fbfbf6ee ] There are only 2 callers of scif_get_new_port() and both appear to get the error handling wrong. Both treat zero returns as error, but it actually returns negative error codes and >= 0 on success. Fixes: e9089f43c9a7 ("misc: mic: SCIF open close bind and listen APIs") Signed-off-by: Dan Carpenter <dan.carpenter(a)oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- drivers/misc/mic/scif/scif_api.c | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) diff --git a/drivers/misc/mic/scif/scif_api.c b/drivers/misc/mic/scif/scif_api.c index ddc9e4b08b5c..56efa9d18a9a 100644 --- a/drivers/misc/mic/scif/scif_api.c +++ b/drivers/misc/mic/scif/scif_api.c @@ -370,11 +370,10 @@ int scif_bind(scif_epd_t epd, u16 pn) goto scif_bind_exit; } } else { - pn = scif_get_new_port(); - if (!pn) { - ret = -ENOSPC; + ret = scif_get_new_port(); + if (ret < 0) goto scif_bind_exit; - } + pn = ret; } ep->state = SCIFEP_BOUND; @@ -648,13 +647,12 @@ int __scif_connect(scif_epd_t epd, struct scif_port_id *dst, bool non_block) err = -EISCONN; break; case SCIFEP_UNBOUND: - ep->port.port = scif_get_new_port(); - if (!ep->port.port) { - err = -ENOSPC; - } else { - ep->port.node = scif_info.nodeid; - ep->conn_async_state = ASYNC_CONN_IDLE; - } + err = scif_get_new_port(); + if (err < 0) + break; + ep->port.port = err; + ep->port.node = scif_info.nodeid; + ep->conn_async_state = ASYNC_CONN_IDLE; /* Fall through */ case SCIFEP_BOUND: /* -- 2.17.1

7 years, 2 months

1
9
0 0

[PATCH AUTOSEL 4.18 001/113] cifs: check if SMB2 PDU size has been padded and suppress the warning

by Sasha Levin

From: Ronnie Sahlberg <lsahlber(a)redhat.com> [ Upstream commit e6c47dd0da1e3a484e778046fc10da0b20606a86 ] Some SMB2/3 servers, Win2016 but possibly others too, adds padding not only between PDUs in a compound but also to the final PDU. This padding extends the PDU to a multiple of 8 bytes. Check if the unexpected length looks like this might be the case and avoid triggering the log messages for : "SMB2 server sent bad RFC1001 len %d not %d\n" Signed-off-by: Ronnie Sahlberg <lsahlber(a)redhat.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- fs/cifs/smb2misc.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/fs/cifs/smb2misc.c b/fs/cifs/smb2misc.c index 3ff7cec2da81..239215dcc00b 100644 --- a/fs/cifs/smb2misc.c +++ b/fs/cifs/smb2misc.c @@ -240,6 +240,13 @@ smb2_check_message(char *buf, unsigned int len, struct TCP_Server_Info *srvr) if (clc_len == len + 1) return 0; + /* + * Some windows servers (win2016) will pad also the final + * PDU in a compound to 8 bytes. + */ + if (((clc_len + 7) & ~7) == len) + return 0; + /* * MacOS server pads after SMB2.1 write response with 3 bytes * of junk. Other servers match RFC1001 len to actual -- 2.17.1

7 years, 2 months

4
71
0 0

[PATCH 2/7] mm/rmap: map_pte() was not handling private ZONE_DEVICE page properly

by jglisse＠redhat.com

From: Ralph Campbell <rcampbell(a)nvidia.com> Private ZONE_DEVICE pages use a special pte entry and thus are not present. Properly handle this case in map_pte(), it is already handled in check_pte(), the map_pte() part was lost in some rebase most probably. Without this patch the slow migration path can not migrate back private ZONE_DEVICE memory to regular memory. This was found after stress testing migration back to system memory. This ultimatly can lead the CPU to an infinite page fault loop on the special swap entry. Signed-off-by: Ralph Campbell <rcampbell(a)nvidia.com> Signed-off-by: Jérôme Glisse <jglisse(a)redhat.com> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Cc: stable(a)vger.kernel.org --- mm/page_vma_mapped.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/mm/page_vma_mapped.c b/mm/page_vma_mapped.c index ae3c2a35d61b..1cf5b9bfb559 100644 --- a/mm/page_vma_mapped.c +++ b/mm/page_vma_mapped.c @@ -21,6 +21,15 @@ static bool map_pte(struct page_vma_mapped_walk *pvmw) if (!is_swap_pte(*pvmw->pte)) return false; } else { + if (is_swap_pte(*pvmw->pte)) { + swp_entry_t entry; + + /* Handle un-addressable ZONE_DEVICE memory */ + entry = pte_to_swp_entry(*pvmw->pte); + if (is_device_private_entry(entry)) + return true; + } + if (!pte_present(*pvmw->pte)) return false; } -- 2.17.1

7 years, 2 months

3
6
0 0

[PATCH] staging: android: ion: fix ION_IOC_{MAP, SHARE} use-after-free

by Greg Hackmann

The ION_IOC_{MAP,SHARE} ioctls drop and reacquire client->lock several times while operating on one of the client's ion_handles. This creates windows where userspace can call ION_IOC_FREE on the same client with the same handle, and effectively make the kernel drop its own reference. For example: - thread A: ION_IOC_ALLOC creates an ion_handle with refcount 1 - thread A: starts ION_IOC_MAP and increments the refcount to 2 - thread B: ION_IOC_FREE decrements the refcount to 1 - thread B: ION_IOC_FREE decrements the refcount to 0 and frees the handle - thread A: continues ION_IOC_MAP with a dangling ion_handle * to freed memory Fix this by holding client->lock for the duration of ION_IOC_{MAP,SHARE}, preventing the concurrent ION_IOC_FREE. Also remove ion_handle_get_by_id(), since there's literally no way to use it safely. This patch is applied on top of 4.9.y. Kernels 4.12 and later are unaffected, since all the underlying ion_handle infrastructure has been ripped out. Cc: stable(a)vger.kernel.org # v4.11- Signed-off-by: Greg Hackmann <ghackmann(a)google.com> --- drivers/staging/android/ion/ion-ioctl.c | 12 ++++--- drivers/staging/android/ion/ion.c | 48 +++++++++++++++---------- drivers/staging/android/ion/ion_priv.h | 6 ++-- 3 files changed, 40 insertions(+), 26 deletions(-) diff --git a/drivers/staging/android/ion/ion-ioctl.c b/drivers/staging/android/ion/ion-ioctl.c index 2b700e8455c6..e3596855a703 100644 --- a/drivers/staging/android/ion/ion-ioctl.c +++ b/drivers/staging/android/ion/ion-ioctl.c @@ -128,11 +128,15 @@ long ion_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) { struct ion_handle *handle; - handle = ion_handle_get_by_id(client, data.handle.handle); - if (IS_ERR(handle)) + mutex_lock(&client->lock); + handle = ion_handle_get_by_id_nolock(client, data.handle.handle); + if (IS_ERR(handle)) { + mutex_unlock(&client->lock); return PTR_ERR(handle); - data.fd.fd = ion_share_dma_buf_fd(client, handle); - ion_handle_put(handle); + } + data.fd.fd = ion_share_dma_buf_fd_nolock(client, handle); + ion_handle_put_nolock(handle); + mutex_unlock(&client->lock); if (data.fd.fd < 0) ret = data.fd.fd; break; diff --git a/drivers/staging/android/ion/ion.c b/drivers/staging/android/ion/ion.c index 6f9974cb0e15..403df8bf4b48 100644 --- a/drivers/staging/android/ion/ion.c +++ b/drivers/staging/android/ion/ion.c @@ -352,18 +352,6 @@ struct ion_handle *ion_handle_get_by_id_nolock(struct ion_client *client, return handle ? handle : ERR_PTR(-EINVAL); } -struct ion_handle *ion_handle_get_by_id(struct ion_client *client, - int id) -{ - struct ion_handle *handle; - - mutex_lock(&client->lock); - handle = ion_handle_get_by_id_nolock(client, id); - mutex_unlock(&client->lock); - - return handle; -} - static bool ion_handle_validate(struct ion_client *client, struct ion_handle *handle) { @@ -1029,24 +1017,28 @@ static struct dma_buf_ops dma_buf_ops = { .kunmap = ion_dma_buf_kunmap, }; -struct dma_buf *ion_share_dma_buf(struct ion_client *client, - struct ion_handle *handle) +static struct dma_buf *__ion_share_dma_buf(struct ion_client *client, + struct ion_handle *handle, + bool lock_client) { DEFINE_DMA_BUF_EXPORT_INFO(exp_info); struct ion_buffer *buffer; struct dma_buf *dmabuf; bool valid_handle; - mutex_lock(&client->lock); + if (lock_client) + mutex_lock(&client->lock); valid_handle = ion_handle_validate(client, handle); if (!valid_handle) { WARN(1, "%s: invalid handle passed to share.\n", __func__); - mutex_unlock(&client->lock); + if (lock_client) + mutex_unlock(&client->lock); return ERR_PTR(-EINVAL); } buffer = handle->buffer; ion_buffer_get(buffer); - mutex_unlock(&client->lock); + if (lock_client) + mutex_unlock(&client->lock); exp_info.ops = &dma_buf_ops; exp_info.size = buffer->size; @@ -1061,14 +1053,21 @@ struct dma_buf *ion_share_dma_buf(struct ion_client *client, return dmabuf; } + +struct dma_buf *ion_share_dma_buf(struct ion_client *client, + struct ion_handle *handle) +{ + return __ion_share_dma_buf(client, handle, true); +} EXPORT_SYMBOL(ion_share_dma_buf); -int ion_share_dma_buf_fd(struct ion_client *client, struct ion_handle *handle) +static int __ion_share_dma_buf_fd(struct ion_client *client, + struct ion_handle *handle, bool lock_client) { struct dma_buf *dmabuf; int fd; - dmabuf = ion_share_dma_buf(client, handle); + dmabuf = __ion_share_dma_buf(client, handle, lock_client); if (IS_ERR(dmabuf)) return PTR_ERR(dmabuf); @@ -1078,8 +1077,19 @@ int ion_share_dma_buf_fd(struct ion_client *client, struct ion_handle *handle) return fd; } + +int ion_share_dma_buf_fd(struct ion_client *client, struct ion_handle *handle) +{ + return __ion_share_dma_buf_fd(client, handle, true); +} EXPORT_SYMBOL(ion_share_dma_buf_fd); +int ion_share_dma_buf_fd_nolock(struct ion_client *client, + struct ion_handle *handle) +{ + return __ion_share_dma_buf_fd(client, handle, false); +} + struct ion_handle *ion_import_dma_buf(struct ion_client *client, struct dma_buf *dmabuf) { diff --git a/drivers/staging/android/ion/ion_priv.h b/drivers/staging/android/ion/ion_priv.h index 3c3b3245275d..760e41885448 100644 --- a/drivers/staging/android/ion/ion_priv.h +++ b/drivers/staging/android/ion/ion_priv.h @@ -463,11 +463,11 @@ void ion_free_nolock(struct ion_client *client, struct ion_handle *handle); int ion_handle_put_nolock(struct ion_handle *handle); -struct ion_handle *ion_handle_get_by_id(struct ion_client *client, - int id); - int ion_handle_put(struct ion_handle *handle); int ion_query_heaps(struct ion_client *client, struct ion_heap_query *query); +int ion_share_dma_buf_fd_nolock(struct ion_client *client, + struct ion_handle *handle); + #endif /* _ION_PRIV_H */ -- 2.19.0.rc1.350.ge57e33dbd1-goog

7 years, 2 months

3
6
0 0

FAILED: patch "[PATCH] KVM: x86: SVM: Call x86_spec_ctrl_set_guest/host() with" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 024d83cadc6b2af027e473720f3c3da97496c318 Mon Sep 17 00:00:00 2001 From: Thomas Gleixner <tglx@xxxxxxxxxxxxx> Date: Sun, 12 Aug 2018 20:41:45 +0200 Subject: [PATCH] KVM: x86: SVM: Call x86_spec_ctrl_set_guest/host() with interrupts disabled MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Mikhail reported the following lockdep splat: WARNING: possible irq lock inversion dependency detected CPU 0/KVM/10284 just changed the state of lock: 000000000d538a88 (&st->lock){+...}, at: speculative_store_bypass_update+0x10b/0x170 but this lock was taken by another, HARDIRQ-safe lock in the past: (&(&sighand->siglock)->rlock){-.-.} and interrupts could create inverse lock ordering between them. Possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&st->lock); local_irq_disable(); lock(&(&sighand->siglock)->rlock); lock(&st->lock); <Interrupt> lock(&(&sighand->siglock)->rlock); *** DEADLOCK *** The code path which connects those locks is: speculative_store_bypass_update() ssb_prctl_set() do_seccomp() do_syscall_64() In svm_vcpu_run() speculative_store_bypass_update() is called with interupts enabled via x86_virt_spec_ctrl_set_guest/host(). This is actually a false positive, because GIF=0 so interrupts are disabled even if IF=1; however, we can easily move the invocations of x86_virt_spec_ctrl_set_guest/host() into the interrupt disabled region to cure it, and it's a good idea to keep the GIF=0/IF=1 area as small and self-contained as possible. Fixes: 1f50ddb4f418 ("x86/speculation: Handle HT correctly on AMD") Reported-by: Mikhail Gavrilov <mikhail.v.gavrilov(a)gmail.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Tested-by: Mikhail Gavrilov <mikhail.v.gavrilov(a)gmail.com> Cc: Joerg Roedel <joro(a)8bytes.org> Cc: Paolo Bonzini <pbonzini(a)redhat.com> Cc: Radim Krčmář <rkrcmar(a)redhat.com> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: Borislav Petkov <bp(a)suse.de> Cc: Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> Cc: Tom Lendacky <thomas.lendacky(a)amd.com> Cc: kvm(a)vger.kernel.org Cc: x86(a)kernel.org Cc: stable(a)vger.kernel.org Signed-off-by: Paolo Bonzini <pbonzini(a)redhat.com> diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index 73e27a98456f..6276140044d0 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c @@ -5586,8 +5586,6 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu) clgi(); - local_irq_enable(); - /* * If this vCPU has touched SPEC_CTRL, restore the guest's value if * it's non-zero. Since vmentry is serialising on affected CPUs, there @@ -5596,6 +5594,8 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu) */ x86_spec_ctrl_set_guest(svm->spec_ctrl, svm->virt_spec_ctrl); + local_irq_enable(); + asm volatile ( "push %%" _ASM_BP "; \n\t" "mov %c[rbx](%[svm]), %%" _ASM_BX " \n\t" @@ -5718,12 +5718,12 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu) if (unlikely(!msr_write_intercepted(vcpu, MSR_IA32_SPEC_CTRL))) svm->spec_ctrl = native_read_msr(MSR_IA32_SPEC_CTRL); - x86_spec_ctrl_restore_host(svm->spec_ctrl, svm->virt_spec_ctrl); - reload_tss(vcpu); local_irq_disable(); + x86_spec_ctrl_restore_host(svm->spec_ctrl, svm->virt_spec_ctrl); + vcpu->arch.cr2 = svm->vmcb->save.cr2; vcpu->arch.regs[VCPU_REGS_RAX] = svm->vmcb->save.rax; vcpu->arch.regs[VCPU_REGS_RSP] = svm->vmcb->save.rsp;

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] x86/vdso: Fix vDSO build if a retpoline is emitted" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 2e549b2ee0e358bc758480e716b881f9cabedb6a Mon Sep 17 00:00:00 2001 From: Andy Lutomirski <luto(a)kernel.org> Date: Thu, 16 Aug 2018 12:41:15 -0700 Subject: [PATCH] x86/vdso: Fix vDSO build if a retpoline is emitted Currently, if the vDSO ends up containing an indirect branch or call, GCC will emit the "external thunk" style of retpoline, and it will fail to link. Fix it by building the vDSO with inline retpoline thunks. I haven't seen any reports of this triggering on an unpatched kernel. Fixes: commit 76b043848fd2 ("x86/retpoline: Add initial retpoline support") Signed-off-by: Andy Lutomirski <luto(a)kernel.org> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Acked-by: Matt Rickard <matt(a)softrans.com.au> Cc: Borislav Petkov <bp(a)alien8.de> Cc: Jason Vas Dias <jason.vas.dias(a)gmail.com> Cc: David Woodhouse <dwmw2(a)infradead.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Andi Kleen <ak(a)linux.intel.com> Cc: stable(a)vger.kernel.org Link: https://lkml.kernel.org/r/c76538cd3afbe19c6246c2d1715bc6a60bd63985.15344483… diff --git a/Makefile b/Makefile index a0650bf79606..7bab2e90e4e1 100644 --- a/Makefile +++ b/Makefile @@ -507,9 +507,13 @@ KBUILD_AFLAGS += $(call cc-option, -no-integrated-as) endif RETPOLINE_CFLAGS_GCC := -mindirect-branch=thunk-extern -mindirect-branch-register +RETPOLINE_VDSO_CFLAGS_GCC := -mindirect-branch=thunk-inline -mindirect-branch-register RETPOLINE_CFLAGS_CLANG := -mretpoline-external-thunk +RETPOLINE_VDSO_CFLAGS_CLANG := -mretpoline RETPOLINE_CFLAGS := $(call cc-option,$(RETPOLINE_CFLAGS_GCC),$(call cc-option,$(RETPOLINE_CFLAGS_CLANG))) +RETPOLINE_VDSO_CFLAGS := $(call cc-option,$(RETPOLINE_VDSO_CFLAGS_GCC),$(call cc-option,$(RETPOLINE_VDSO_CFLAGS_CLANG))) export RETPOLINE_CFLAGS +export RETPOLINE_VDSO_CFLAGS KBUILD_CFLAGS += $(call cc-option,-fno-PIE) KBUILD_AFLAGS += $(call cc-option,-fno-PIE) diff --git a/arch/x86/entry/vdso/Makefile b/arch/x86/entry/vdso/Makefile index 9f695f517747..fa3f439f0a92 100644 --- a/arch/x86/entry/vdso/Makefile +++ b/arch/x86/entry/vdso/Makefile @@ -68,9 +68,9 @@ $(obj)/vdso-image-%.c: $(obj)/vdso%.so.dbg $(obj)/vdso%.so $(obj)/vdso2c FORCE CFL := $(PROFILING) -mcmodel=small -fPIC -O2 -fasynchronous-unwind-tables -m64 \ $(filter -g%,$(KBUILD_CFLAGS)) $(call cc-option, -fno-stack-protector) \ -fno-omit-frame-pointer -foptimize-sibling-calls \ - -DDISABLE_BRANCH_PROFILING -DBUILD_VDSO + -DDISABLE_BRANCH_PROFILING -DBUILD_VDSO $(RETPOLINE_VDSO_CFLAGS) -$(vobjs): KBUILD_CFLAGS := $(filter-out $(GCC_PLUGINS_CFLAGS),$(KBUILD_CFLAGS)) $(CFL) +$(vobjs): KBUILD_CFLAGS := $(filter-out $(GCC_PLUGINS_CFLAGS) $(RETPOLINE_CFLAGS),$(KBUILD_CFLAGS)) $(CFL) # # vDSO code runs in userspace and -pg doesn't help with profiling anyway. @@ -132,11 +132,13 @@ KBUILD_CFLAGS_32 := $(filter-out -mcmodel=kernel,$(KBUILD_CFLAGS_32)) KBUILD_CFLAGS_32 := $(filter-out -fno-pic,$(KBUILD_CFLAGS_32)) KBUILD_CFLAGS_32 := $(filter-out -mfentry,$(KBUILD_CFLAGS_32)) KBUILD_CFLAGS_32 := $(filter-out $(GCC_PLUGINS_CFLAGS),$(KBUILD_CFLAGS_32)) +KBUILD_CFLAGS_32 := $(filter-out $(RETPOLINE_CFLAGS),$(KBUILD_CFLAGS_32)) KBUILD_CFLAGS_32 += -m32 -msoft-float -mregparm=0 -fpic KBUILD_CFLAGS_32 += $(call cc-option, -fno-stack-protector) KBUILD_CFLAGS_32 += $(call cc-option, -foptimize-sibling-calls) KBUILD_CFLAGS_32 += -fno-omit-frame-pointer KBUILD_CFLAGS_32 += -DDISABLE_BRANCH_PROFILING +KBUILD_CFLAGS_32 += $(RETPOLINE_VDSO_CFLAGS) $(obj)/vdso32.so.dbg: KBUILD_CFLAGS = $(KBUILD_CFLAGS_32) $(obj)/vdso32.so.dbg: FORCE \

7 years, 2 months

1
0
0 0

[PATCH] x86/vdso: fix lsl operand order

by Samuel Neves

In the __getcpu function, lsl was using the wrong target and destination registers. Luckily, the compiler tends to choose %eax for both variables, so it has been working so far. Cc: x86(a)kernel.org Cc: stable(a)vger.kernel.org Signed-off-by: Samuel Neves <sneves(a)dei.uc.pt> --- arch/x86/include/asm/vgtod.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/include/asm/vgtod.h b/arch/x86/include/asm/vgtod.h index fb856c9f0449..53748541c487 100644 --- a/arch/x86/include/asm/vgtod.h +++ b/arch/x86/include/asm/vgtod.h @@ -93,7 +93,7 @@ static inline unsigned int __getcpu(void) * * If RDPID is available, use it. */ - alternative_io ("lsl %[p],%[seg]", + alternative_io ("lsl %[seg],%[p]", ".byte 0xf3,0x0f,0xc7,0xf8", /* RDPID %eax/rax */ X86_FEATURE_RDPID, [p] "=a" (p), [seg] "r" (__PER_CPU_SEG)); -- 2.17.1

7 years, 2 months

2
1
0 0

[PATCH] ext4: avoid arithemetic overflow that can trigger a BUG

by Theodore Ts'o

A maliciously crafted file system can cause an overflow when the results of a 64-bit calculation is stored into a 32-bit length parameter. https://bugzilla.kernel.org/show_bug.cgi?id=200623 Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Reported-by: Wen Xu <wen.xu(a)gatech.edu> Cc: stable(a)vger.kernel.org --- fs/ext4/inode.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c index 8f6ad7667974..1134c3473673 100644 --- a/fs/ext4/inode.c +++ b/fs/ext4/inode.c @@ -3414,6 +3414,7 @@ static int ext4_iomap_begin(struct inode *inode, loff_t offset, loff_t length, unsigned int blkbits = inode->i_blkbits; unsigned long first_block = offset >> blkbits; unsigned long last_block = (offset + length - 1) >> blkbits; + unsigned long len; struct ext4_map_blocks map; bool delalloc = false; int ret; @@ -3434,7 +3435,8 @@ static int ext4_iomap_begin(struct inode *inode, loff_t offset, loff_t length, } map.m_lblk = first_block; - map.m_len = last_block - first_block + 1; + len = last_block - first_block + 1; + map.m_len = (len < UINT_MAX) ? len : UINT_MAX; if (flags & IOMAP_REPORT) { ret = ext4_map_blocks(NULL, inode, &map, 0); -- 2.18.0.rc0

7 years, 3 months

4
5
0 0

[PATCH] x86/vdso: fix lsl operand order

by Samuel Neves

In the __getcpu function, lsl was using the wrong target and destination registers. Luckily, the compiler tends to choose %eax for both variables, so it has been working so far. Signed-off-by: Samuel Neves <sneves(a)dei.uc.pt> --- arch/x86/include/asm/vgtod.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/include/asm/vgtod.h b/arch/x86/include/asm/vgtod.h index fb856c9f0449..53748541c487 100644 --- a/arch/x86/include/asm/vgtod.h +++ b/arch/x86/include/asm/vgtod.h @@ -93,7 +93,7 @@ static inline unsigned int __getcpu(void) * * If RDPID is available, use it. */ - alternative_io ("lsl %[p],%[seg]", + alternative_io ("lsl %[seg],%[p]", ".byte 0xf3,0x0f,0xc7,0xf8", /* RDPID %eax/rax */ X86_FEATURE_RDPID, [p] "=a" (p), [seg] "r" (__PER_CPU_SEG)); -- 2.17.1

7 years, 3 months

2
1
0 0

[PATCH v4.14.y] tun: fix use after free for ptr_ring

by Zubin Mithra

From: Jason Wang <jasowang(a)redhat.com> commit b196d88aba8ac72b775137854121097f4c4c6862 upstream. We used to initialize ptr_ring during TUNSETIFF, this is because its size depends on the tx_queue_len of netdevice. And we try to clean it up when socket were detached from netdevice. A race were spotted when trying to do uninit during a read which will lead a use after free for pointer ring. Solving this by always initialize a zero size ptr_ring in open() and do resizing during TUNSETIFF, and then we can safely do cleanup during close(). With this, there's no need for the workaround that was introduced by commit 4df0bfc79904 ("tun: fix a memory leak for tfile->tx_array"). Backport Note :- This is a backport of following 2 upstream patches(the second fixes the first). b196d88aba ("tun: fix use after free for ptr_ring") 7063efd33b ("tuntap: fix use after free during release") Comparison with the upstream patch: [1] A "semantic revert" of the changes made in 4df0bfc799("tun: fix a memory leak for tfile->tx_array"). 4df0bfc799 was applied upstream, and then skb array was changed to use ptr_ring. The upstream fix then removes the changes introduced by 4df0bfc799. This backport does the same; "revert" the changes made by 4df0bfc799. [2] xdp_rxq_info_unreg() being called in relevant locations As xdp_rxq_info related patches are not present in 4.14, these changes are not needed in the backport. [3] An instance of ptr_ring_init needs to be replaced by skb_array_init. [4] ptr_ring_cleanup needs to be replaced by skb_array_cleanup. b196d88ab places the cleanup function in tun_chr_close() only to later move it into __tun_detach in upstream commit 7063efd33bb("tuntap: fix use after free during release"). So place skb_array_cleanup in __tun_detach. Reported-by: syzbot+e8b902c3c3fadf0a9dba(a)syzkaller.appspotmail.com Cc: Eric Dumazet <eric.dumazet(a)gmail.com> Cc: Cong Wang <xiyou.wangcong(a)gmail.com> Cc: Michael S. Tsirkin <mst(a)redhat.com> Fixes: 1576d9860599 ("tun: switch to use skb array for tx") Signed-off-by: Jason Wang <jasowang(a)redhat.com> Acked-by: Michael S. Tsirkin <mst(a)redhat.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Zubin Mithra <zsm(a)chromium.org> --- drivers/net/tun.c | 21 +++++++-------------- 1 file changed, 7 insertions(+), 14 deletions(-) diff --git a/drivers/net/tun.c b/drivers/net/tun.c index cb17ffadfc30..e0baea2dfd3c 100644 --- a/drivers/net/tun.c +++ b/drivers/net/tun.c @@ -534,14 +534,6 @@ static void tun_queue_purge(struct tun_file *tfile) skb_queue_purge(&tfile->sk.sk_error_queue); } -static void tun_cleanup_tx_array(struct tun_file *tfile) -{ - if (tfile->tx_array.ring.queue) { - skb_array_cleanup(&tfile->tx_array); - memset(&tfile->tx_array, 0, sizeof(tfile->tx_array)); - } -} - static void __tun_detach(struct tun_file *tfile, bool clean) { struct tun_file *ntfile; @@ -583,7 +575,7 @@ static void __tun_detach(struct tun_file *tfile, bool clean) tun->dev->reg_state == NETREG_REGISTERED) unregister_netdevice(tun->dev); } - tun_cleanup_tx_array(tfile); + skb_array_cleanup(&tfile->tx_array); sock_put(&tfile->sk); } } @@ -623,13 +615,11 @@ static void tun_detach_all(struct net_device *dev) /* Drop read queue */ tun_queue_purge(tfile); sock_put(&tfile->sk); - tun_cleanup_tx_array(tfile); } list_for_each_entry_safe(tfile, tmp, &tun->disabled, next) { tun_enable_queue(tfile); tun_queue_purge(tfile); sock_put(&tfile->sk); - tun_cleanup_tx_array(tfile); } BUG_ON(tun->numdisabled != 0); @@ -675,7 +665,7 @@ static int tun_attach(struct tun_struct *tun, struct file *file, bool skip_filte } if (!tfile->detached && - skb_array_init(&tfile->tx_array, dev->tx_queue_len, GFP_KERNEL)) { + skb_array_resize(&tfile->tx_array, dev->tx_queue_len, GFP_KERNEL)) { err = -ENOMEM; goto out; } @@ -2624,6 +2614,11 @@ static int tun_chr_open(struct inode *inode, struct file * file) &tun_proto, 0); if (!tfile) return -ENOMEM; + if (skb_array_init(&tfile->tx_array, 0, GFP_KERNEL)) { + sk_free(&tfile->sk); + return -ENOMEM; + } + RCU_INIT_POINTER(tfile->tun, NULL); tfile->flags = 0; tfile->ifindex = 0; @@ -2644,8 +2639,6 @@ static int tun_chr_open(struct inode *inode, struct file * file) sock_set_flag(&tfile->sk, SOCK_ZEROCOPY); - memset(&tfile->tx_array, 0, sizeof(tfile->tx_array)); - return 0; } -- 2.19.0.rc0.228.g281dcd1b4d0-goog

7 years, 3 months

2
1
0 0

[PATCH v2 0/2] CLANG_VERSION and __diag macros

by Nick Desaulniers

clang-7 has a new warning (-Wreturn-stack-address) for warning when a function returns the address of a local variable. This is in general a good warning, but the kernel has a few places where GNU statement expressions return the address of a label in order to get the current instruction pointer (see _THIS_IP_ and current_text_addr). In order to disable a warning at a single call site, the kernel already has __diag macros for inserting compiler and compiler-version specific _Pragma's. This series adds CLANG_VERSION macros necessary for proper __diag support, and whitelists the case in _THIS_IP_. current_text_addr will be consolidated in a follow up series. Nick Desaulniers (2): compiler-clang.h: Add CLANG_VERSION and __diag macros kernel.h: Disable -Wreturn-stack-address for _THIS_IP_ include/linux/compiler-clang.h | 19 +++++++++++++++++++ include/linux/compiler_types.h | 4 ++++ include/linux/kernel.h | 10 +++++++++- 3 files changed, 32 insertions(+), 1 deletion(-) -- 2.18.0.345.g5c9ce644c3-goog

7 years, 3 months

5
15
0 0

Build failures in stable queues (4.4.y and later)

by Guenter Roeck

4.4.y, 4.9.y: fs/cifs/cifsfs.c: In function 'cifs_statfs': fs/cifs/cifsfs.c:198:27: error: 'struct cifs_tcon' has no member named 'vol_serial_number' fs/cifs/cifsfs.c:200:45: error: 'struct cifs_tcon' has no member named 'vol_create_time' 4.14.y, 4.18.y: kernel/printk/printk_safe.o: In function `vprintk_func': kernel/printk/printk_safe.c:386: undefined reference to `vprintk_store' kernel/printk/printk_safe.c:388: undefined reference to `defer_console_output'

7 years, 3 months

2
8
0 0

FAILED: patch "[PATCH] KVM: arm/arm64: Skip updating PMD entry if no change" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 86658b819cd0a9aa584cd84453ed268a6f013770 Mon Sep 17 00:00:00 2001 From: Punit Agrawal <punit.agrawal(a)arm.com> Date: Mon, 13 Aug 2018 11:43:50 +0100 Subject: [PATCH] KVM: arm/arm64: Skip updating PMD entry if no change Contention on updating a PMD entry by a large number of vcpus can lead to duplicate work when handling stage 2 page faults. As the page table update follows the break-before-make requirement of the architecture, it can lead to repeated refaults due to clearing the entry and flushing the tlbs. This problem is more likely when - * there are large number of vcpus * the mapping is large block mapping such as when using PMD hugepages (512MB) with 64k pages. Fix this by skipping the page table update if there is no change in the entry being updated. Cc: stable(a)vger.kernel.org Fixes: ad361f093c1e ("KVM: ARM: Support hugetlbfs backed huge pages") Reviewed-by: Suzuki Poulose <suzuki.poulose(a)arm.com> Acked-by: Christoffer Dall <christoffer.dall(a)arm.com> Signed-off-by: Punit Agrawal <punit.agrawal(a)arm.com> Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> diff --git a/virt/kvm/arm/mmu.c b/virt/kvm/arm/mmu.c index 97d27cd9c654..13dfe36501aa 100644 --- a/virt/kvm/arm/mmu.c +++ b/virt/kvm/arm/mmu.c @@ -1044,19 +1044,35 @@ static int stage2_set_pmd_huge(struct kvm *kvm, struct kvm_mmu_memory_cache pmd = stage2_get_pmd(kvm, cache, addr); VM_BUG_ON(!pmd); - /* - * Mapping in huge pages should only happen through a fault. If a - * page is merged into a transparent huge page, the individual - * subpages of that huge page should be unmapped through MMU - * notifiers before we get here. - * - * Merging of CompoundPages is not supported; they should become - * splitting first, unmapped, merged, and mapped back in on-demand. - */ - VM_BUG_ON(pmd_present(*pmd) && pmd_pfn(*pmd) != pmd_pfn(*new_pmd)); - old_pmd = *pmd; if (pmd_present(old_pmd)) { + /* + * Multiple vcpus faulting on the same PMD entry, can + * lead to them sequentially updating the PMD with the + * same value. Following the break-before-make + * (pmd_clear() followed by tlb_flush()) process can + * hinder forward progress due to refaults generated + * on missing translations. + * + * Skip updating the page table if the entry is + * unchanged. + */ + if (pmd_val(old_pmd) == pmd_val(*new_pmd)) + return 0; + + /* + * Mapping in huge pages should only happen through a + * fault. If a page is merged into a transparent huge + * page, the individual subpages of that huge page + * should be unmapped through MMU notifiers before we + * get here. + * + * Merging of CompoundPages is not supported; they + * should become splitting first, unmapped, merged, + * and mapped back in on-demand. + */ + VM_BUG_ON(pmd_pfn(old_pmd) != pmd_pfn(*new_pmd)); + pmd_clear(pmd); kvm_tlb_flush_vmid_ipa(kvm, addr); } else {

7 years, 3 months

3
2
0 0

nvme-pci: add a memory barrier to nvme_dbbuf_update_and_check_event

by Michal Wnukowski

commit ID: f1ed3df20d2d223e0852cc4ac1f19bba869a7e3c Please merge this patch into stable tree (already exist in Linus’ tree). The initial patch submission lacked "Cc: stable(a)vger.kernel.org" by mistake. The kernel versions that should get patch: 4.19 4.18 4.14 >From f1ed3df20d2d223e0852cc4ac1f19bba869a7e3c Mon Sep 17 00:00:00 2001 From: Michal Wnukowski <wnukowski(a)google.com> Date: Wed, 15 Aug 2018 15:51:57 -0700 Subject: nvme-pci: add a memory barrier to nvme_dbbuf_update_and_check_event In many architectures loads may be reordered with older stores to different locations. In the nvme driver the following two operations could be reordered: - Write shadow doorbell (dbbuf_db) into memory. - Read EventIdx (dbbuf_ei) from memory. This can result in a potential race condition between driver and VM host processing requests (if given virtual NVMe controller has a support for shadow doorbell). If that occurs, then the NVMe controller may decide to wait for MMIO doorbell from guest operating system, and guest driver may decide not to issue MMIO doorbell on any of subsequent commands. This issue is purely timing-dependent one, so there is no easy way to reproduce it. Currently the easiest known approach is to run "Oracle IO Numbers" (orion) that is shipped with Oracle DB: orion -run advanced -num_large 0 -size_small 8 -type rand -simulate \ concat -write 40 -duration 120 -matrix row -testname nvme_test Where nvme_test is a .lun file that contains a list of NVMe block devices to run test against. Limiting number of vCPUs assigned to given VM instance seems to increase chances for this bug to occur. On test environment with VM that got 4 NVMe drives and 1 vCPU assigned the virtual NVMe controller hang could be observed within 10-20 minutes. That correspond to about 400-500k IO operations processed (or about 100GB of IO read/writes). Orion tool was used as a validation and set to run in a loop for 36 hours (equivalent of pushing 550M IO operations). No issues were observed. That suggest that the patch fixes the issue. Fixes: f9f38e33389c ("nvme: improve performance for virtual NVMe devices") Signed-off-by: Michal Wnukowski <wnukowski(a)google.com> Reviewed-by: Keith Busch <keith.busch(a)intel.com> Reviewed-by: Sagi Grimberg <sagi(a)grimberg.me> [hch: updated changelog and comment a bit] Signed-off-by: Christoph Hellwig <hch(a)lst.de> --- drivers/nvme/host/pci.c | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'drivers/nvme/host/pci.c') diff --git a/drivers/nvme/host/pci.c b/drivers/nvme/host/pci.c index 1b9951d2067e..d668682f91df 100644 --- a/drivers/nvme/host/pci.c +++ b/drivers/nvme/host/pci.c @@ -316,6 +316,14 @@ static bool nvme_dbbuf_update_and_check_event(u16 value, u32 *dbbuf_db, old_value = *dbbuf_db; *dbbuf_db = value; + /* + * Ensure that the doorbell is updated before reading the event + * index from memory. The controller needs to provide similar + * ordering to ensure the envent index is updated before reading + * the doorbell. + */ + mb(); + if (!nvme_dbbuf_need_event(*dbbuf_ei, value, old_value)) return false; } -- cgit 1.2-0.3.lf.el7

7 years, 3 months

2
1
0 0

[PATCH v4] modules_install: make missing $DEPMOD a Warning instead of an Error

by Randy Dunlap

From: Randy Dunlap <rdunlap(a)infradead.org> When $DEPMOD is not found, only print a warning instead of exiting with an error message and error status: Warning: 'make modules_install' requires /sbin/depmod. Please install it. This is probably in the kmod package. Change the Error to a Warning because "not all build hosts for cross compiling Linux are Linux systems and are able to provide a working port of depmod, especially at the file patch /sbin/depmod." I.e., "make modules_install" may be used to copy/install the loadable modules files to a target directory on a build system and then transferred to an embedded device where /sbin/depmod is run instead of it being run on the build system. Fixes: 934193a654c1 ("kbuild: verify that $DEPMOD is installed") Signed-off-by: Randy Dunlap <rdunlap(a)infradead.org> Reported-by: H. Nikolaus Schaller <hns(a)goldelico.com> Cc: stable(a)vger.kernel.org Cc: Lucas De Marchi <lucas.demarchi(a)profusion.mobi> Cc: Lucas De Marchi <lucas.de.marchi(a)gmail.com> Cc: Michal Marek <michal.lkml(a)markovi.net> Cc: Jessica Yu <jeyu(a)kernel.org> Cc: Chih-Wei Huang <cwhuang(a)linux.org.tw> Cc: H. Nikolaus Schaller <hns(a)goldelico.com> --- v2: add missing "exit 0" and update the commit message (no Error). v3: add Fixes: and Cc: stable v4: add Reported-by: and more explanation for the patch. scripts/depmod.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- lnx-418.orig/scripts/depmod.sh +++ lnx-418/scripts/depmod.sh @@ -15,9 +15,9 @@ if ! test -r System.map ; then fi if [ -z $(command -v $DEPMOD) ]; then - echo "'make modules_install' requires $DEPMOD. Please install it." >&2 + echo "Warning: 'make modules_install' requires $DEPMOD. Please install it." >&2 echo "This is probably in the kmod package." >&2 - exit 1 + exit 0 fi # older versions of depmod require the version string to start with three

7 years, 3 months

2
1
0 0

Re: [PATCH] b43: Fix regression in kernel 4.18

by Larry Finger

On 08/31/2018 10:38 AM, Kalle Valo wrote: > Larry Finger <Larry.Finger(a)lwfinger.net> wrote: > >> In commit 66cffd6daab7 ("b43: fix transmit failure when VT is switched"), >> a condition is noted where the network controller needs to be reset. Note >> that this situation happens when running the open-source firmware >> (http://netweb.ing.unibs.it/~openfwwf/), plus a number of other special >> conditions. >> >> for a different card model, it is reported that this change breaks >> operation running the proprietary firmware >> (https://marc.info/?l=linux-wireless&m=153504546924558&w=2). Rather >> than reverting the previous patch, the code is tweaked to avoid the >> reset unless the open-source firmware is being used. >> >> Fixes: 66cffd6daab7 ("b43: fix transmit failure when VT is switched") >> Cc: Stable <stable(a)vger.kernel.org> # 4.18+ >> Cc: Taketo Kabe <kabe(a)sra-tohoku.co.jp> >> Reported-and-tested-by: D. Prabhu <d.praabhu(a)gmail.com> >> Signed-off-by: Larry Finger <Larry.Finger(a)lwfinger.net> > > I'll change the title to something more descriptive: > > b43: fix DMA error related regression with proprietary firmware > > Does that make sense? Yes, that is fine. Larry

7 years, 3 months

1
0
0 0

[Linux-stable-mirror] [PATCH 4.4 000/105] 4.4.106-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.4.106 release. There are 105 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun Dec 17 09:22:39 UTC 2017. Anything received after that time might be too late. The whole patch series can be found in one patch at: kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.106-rc1.gz or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.4.106-rc1 Vincent Pelletier <plr.vincent(a)gmail.com> usb: gadget: ffs: Forbid usb_ep_alloc_request from sleeping Marc Zyngier <marc.zyngier(a)arm.com> arm: KVM: Fix VTTBR_BADDR_MASK BUG_ON off-by-one Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "x86/mm/pat: Ensure cpa->pfn only contains page frame numbers" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "x86/efi: Hoist page table switching code into efi_call_virt()" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "x86/efi: Build our own page table structures" Eric Dumazet <edumazet(a)google.com> net/packet: fix a race in packet_bind() and packet_notifier() Mike Maloney <maloney(a)google.com> packet: fix crash in fanout_demux_rollover() Hangbin Liu <liuhangbin(a)gmail.com> sit: update frag_off info Håkon Bugge <Haakon.Bugge(a)oracle.com> rds: Fix NULL pointer dereference in __rds_rdma_map Jon Maloy <jon.maloy(a)ericsson.com> tipc: fix memory leak in tipc_accept_from_sock() Al Viro <viro(a)zeniv.linux.org.uk> more bio_map_user_iov() leak fixes Heiko Carstens <heiko.carstens(a)de.ibm.com> s390: always save and restore all registers on context switch Masamitsu Yamazaki <m-yamazaki(a)ah.jp.nec.com> ipmi: Stop timers before cleaning up the module Paul Moore <paul(a)paul-moore.com> audit: ensure that 'audit=1' actually enables audit for PID 1 Keefe Liu <liuqifa(a)huawei.com> ipvlan: fix ipv6 outbound device David Howells <dhowells(a)redhat.com> afs: Connect up the CB.ProbeUuid Majd Dibbiny <majd(a)mellanox.com> IB/mlx5: Assign send CQ and recv CQ of UMR QP Mark Bloch <markb(a)mellanox.com> IB/mlx4: Increase maximal message size under UD QP Herbert Xu <herbert(a)gondor.apana.org.au> xfrm: Copy policy family in clone_policy Jason Baron <jbaron(a)akamai.com> jump_label: Invoke jump_label_test() via early_initcall() Arvind Yadav <arvind.yadav.cs(a)gmail.com> atm: horizon: Fix irq release error Xin Long <lucien.xin(a)gmail.com> sctp: use the right sk after waking up from wait_buf sleep Xin Long <lucien.xin(a)gmail.com> sctp: do not free asoc when it is already dead in sctp_sendmsg Pavel Tatashin <pasha.tatashin(a)oracle.com> sparc64/mm: set fields in deferred pages Ming Lei <ming.lei(a)redhat.com> block: wake up all tasks blocked in get_request() Chuck Lever <chuck.lever(a)oracle.com> sunrpc: Fix rpc_task_begin trace point Trond Myklebust <trond.myklebust(a)primarydata.com> NFS: Fix a typo in nfs_rename() Randy Dunlap <rdunlap(a)infradead.org> dynamic-debug-howto: fix optional/omitted ending line number to be LARGE instead of 0 Stephen Bates <sbates(a)raithlin.com> lib/genalloc.c: make the avail variable an atomic_long_t Xin Long <lucien.xin(a)gmail.com> route: update fnhe_expires for redirect when the fnhe exists Xin Long <lucien.xin(a)gmail.com> route: also update fnhe_genid when updating a route cache Ben Hutchings <ben.hutchings(a)codethink.co.uk> mac80211_hwsim: Fix memory leak in hwsim_new_radio_nl() Masahiro Yamada <yamada.masahiro(a)socionext.com> kbuild: pkg: use --transform option to prefix paths in tar Jérémy Lefaure <jeremy.lefaure(a)lse.epita.fr> EDAC, i5000, i5400: Fix definition of NRECMEMB register Jérémy Lefaure <jeremy.lefaure(a)lse.epita.fr> EDAC, i5000, i5400: Fix use of MTR_DRAM_WIDTH macro Alexey Kardashevskiy <aik(a)ozlabs.ru> powerpc/powernv/ioda2: Gracefully fail if too many TCE levels requested Jim Qu <Jim.Qu(a)amd.com> drm/amd/amdgpu: fix console deadlock if late init failed Jan Kara <jack(a)suse.cz> axonram: Fix gendisk handling Florian Westphal <fw(a)strlen.de> netfilter: don't track fragmented packets Johannes Thumshirn <jthumshirn(a)suse.de> zram: set physical queue limits to avoid array out of bounds accesses Chris Brandt <chris.brandt(a)renesas.com> i2c: riic: fix restart condition Krzysztof Kozlowski <krzk(a)kernel.org> crypto: s5p-sss - Fix completing crypto request in IRQ handler WANG Cong <xiyou.wangcong(a)gmail.com> ipv6: reorder icmpv6_init() and ip6_mr_init() Michal Schmidt <mschmidt(a)redhat.com> bnx2x: do not rollback VF MAC/VLAN filters we did not configure Michal Schmidt <mschmidt(a)redhat.com> bnx2x: fix possible overrun of VFPF multicast addresses array Michal Schmidt <mschmidt(a)redhat.com> bnx2x: prevent crash when accessing PTP with interface down Blomme, Maarten <Maarten.Blomme(a)flir.com> spi_ks8995: fix "BUG: key accdaa28 not in .data!" Mark Rutland <mark.rutland(a)arm.com> arm64: KVM: Survive unknown traps from guests Mark Rutland <mark.rutland(a)arm.com> arm: KVM: Survive unknown traps from guests Wanpeng Li <wanpeng.li(a)hotmail.com> KVM: nVMX: reset nested_run_pending if the vCPU is going to be reset Franck Demathieu <fdemathieu(a)gmail.com> irqchip/crossbar: Fix incorrect type of register size James Smart <jsmart2021(a)gmail.com> scsi: lpfc: Fix crash during Hardware error recovery on SLI3 adapters Tejun Heo <tj(a)kernel.org> workqueue: trigger WARN if queue_delayed_work() is called with NULL @wq Tejun Heo <tj(a)kernel.org> libata: drop WARN from protocol error in ata_sff_qc_issue() Jim Mattson <jmattson(a)google.com> kvm: nVMX: VMCLEAR should not cause the vCPU to shut down Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> USB: gadgetfs: Fix a potential memory leak in 'dev_config()' John Keeping <john(a)metanate.com> usb: gadget: configs: plug memory leak Daniel Drake <drake(a)endlessm.com> HID: chicony: Add support for another ASUS Zen AiO keyboard Phil Reid <preid(a)electromag.com.au> gpio: altera: Use handle_level_irq when configured as a level_high Guenter Roeck <linux(a)roeck-us.net> ARM: OMAP2+: Release device node after it is no longer needed. Guenter Roeck <linux(a)roeck-us.net> ARM: OMAP2+: Fix device node reference counts David Daney <david.daney(a)cavium.com> module: set __jump_table alignment to 8 Sachin Sant <sachinp(a)linux.vnet.ibm.com> selftest/powerpc: Fix false failures for skipped tests Thomas Gleixner <tglx(a)linutronix.de> x86/hpet: Prevent might sleep splat on resume Ladislav Michl <ladis(a)linux-mips.org> ARM: OMAP2+: gpmc-onenand: propagate error on initialization failure Steffen Klassert <steffen.klassert(a)secunet.com> vti6: Don't report path MTU below IPV6_MIN_MTU. Sasha Levin <alexander.levin(a)verizon.com> Revert "s390/kbuild: enable modversions for symbols exported from asm" Sasha Levin <alexander.levin(a)verizon.com> Revert "spi: SPI_FSL_DSPI should depend on HAS_DMA" Sasha Levin <alexander.levin(a)verizon.com> Revert "drm/armada: Fix compile fail" Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> mm: drop unused pmdp_huge_get_and_clear_notify() Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> thp: fix MADV_DONTNEED vs. numa balancing race Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> thp: reduce indentation level in change_huge_pmd() Stephen Hemminger <stephen(a)networkplumber.org> scsi: storvsc: Workaround for virtual DVD SCSI version Russell King <rmk+kernel(a)armlinux.org.uk> ARM: avoid faulting on qemu Russell King <rmk+kernel(a)armlinux.org.uk> ARM: BUG if jumping to usermode address in kernel mode Dave Martin <Dave.Martin(a)arm.com> arm64: fpsimd: Prevent registers leaking from dead tasks Andrew Honig <ahonig(a)google.com> KVM: VMX: remove I/O port 0x80 bypass on Intel hosts Kristina Martsenko <kristina.martsenko(a)arm.com> arm64: KVM: fix VTTBR_BADDR_MASK BUG_ON off-by-one Laurent Caumont <lcaumont2(a)gmail.com> media: dvb: i2c transfers over usb cannot be done from stack Marek Szyprowski <m.szyprowski(a)samsung.com> drm/exynos: gem: Drop NONCONTIG flag for buffers allocated without IOMMU Dave Gordon <david.s.gordon(a)intel.com> drm: extra printk() wrapper macros Daniel Thompson <daniel.thompson(a)linaro.org> kdb: Fix handling of kallsyms_symbol_next() return value Heiko Carstens <heiko.carstens(a)de.ibm.com> s390: fix compat system call table Robin Murphy <robin.murphy(a)arm.com> iommu/vt-d: Fix scatterlist offset handling Jaejoong Kim <climbbb.kim(a)gmail.com> ALSA: usb-audio: Add check return value for usb_string() Jaejoong Kim <climbbb.kim(a)gmail.com> ALSA: usb-audio: Fix out-of-bound error Takashi Iwai <tiwai(a)suse.de> ALSA: seq: Remove spurious WARN_ON() at timer check Robb Glasser <rglasser(a)google.com> ALSA: pcm: prevent UAF in snd_pcm_info Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> x86/PCI: Make broadcom_postcore_init() check acpi_disabled Eric Biggers <ebiggers(a)google.com> X.509: reject invalid BIT STRING for subjectPublicKey Eric Biggers <ebiggers(a)google.com> ASN.1: check for error from ASN1_OP_END__ACT actions Eric Biggers <ebiggers(a)google.com> ASN.1: fix out-of-bounds read when parsing indefinite length item Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> efi: Move some sysfs files to be read-only by root Huacai Chen <chenhc(a)lemote.com> scsi: libsas: align sata_device's rps_resp on a cacheline William Breathitt Gray <vilhelm.gray(a)gmail.com> isa: Prevent NULL dereference in isa_bus driver callbacks Paul Meyer <Paul.Meyer(a)microsoft.com> hv: kvp: Avoid reading past allocated blocks from KVP file weiping zhang <zwp10758(a)gmail.com> virtio: release virtio index when fail to device_register Martin Kelly <mkelly(a)xevo.com> can: usb_8dev: cancel urb on -EPIPE and -EPROTO Martin Kelly <mkelly(a)xevo.com> can: esd_usb2: cancel urb on -EPIPE and -EPROTO Martin Kelly <mkelly(a)xevo.com> can: ems_usb: cancel urb on -EPIPE and -EPROTO Martin Kelly <mkelly(a)xevo.com> can: kvaser_usb: cancel urb on -EPIPE and -EPROTO Jimmy Assarsson <jimmyassarsson(a)gmail.com> can: kvaser_usb: ratelimit errors if incomplete messages are received Jimmy Assarsson <jimmyassarsson(a)gmail.com> can: kvaser_usb: Fix comparison bug in kvaser_usb_read_bulk_callback() Jimmy Assarsson <jimmyassarsson(a)gmail.com> can: kvaser_usb: free buf in error paths Oliver Stäbler <oliver.staebler(a)bytesatwork.ch> can: ti_hecc: Fix napi poll return value for repoll ------------- Diffstat: Makefile | 4 +- arch/arm/include/asm/assembler.h | 18 +++ arch/arm/include/asm/kvm_arm.h | 4 +- arch/arm/kernel/entry-header.S | 6 + arch/arm/kvm/handle_exit.c | 19 +-- arch/arm/mach-omap2/gpmc-onenand.c | 10 +- arch/arm/mach-omap2/omap_hwmod_3xxx_data.c | 25 ++-- arch/arm64/include/asm/kvm_arm.h | 3 +- arch/arm64/kernel/process.c | 9 ++ arch/arm64/kvm/handle_exit.c | 19 +-- arch/powerpc/platforms/powernv/pci-ioda.c | 3 + arch/powerpc/sysdev/axonram.c | 5 +- arch/s390/include/asm/asm-prototypes.h | 8 -- arch/s390/include/asm/switch_to.h | 19 ++- arch/s390/kernel/syscalls.S | 6 +- arch/sparc/mm/init_64.c | 9 +- arch/x86/include/asm/efi.h | 26 ---- arch/x86/kernel/hpet.c | 2 +- arch/x86/kvm/vmx.c | 31 ++--- arch/x86/mm/pageattr.c | 17 ++- arch/x86/pci/broadcom_bus.c | 2 +- arch/x86/platform/efi/efi.c | 39 +++--- arch/x86/platform/efi/efi_32.c | 5 - arch/x86/platform/efi/efi_64.c | 137 ++++++---------------- arch/x86/platform/efi/efi_stub_64.S | 43 +++++++ block/bio.c | 14 ++- block/blk-core.c | 4 +- crypto/asymmetric_keys/x509_cert_parser.c | 2 + drivers/ata/libata-sff.c | 1 - drivers/atm/horizon.c | 2 +- drivers/base/isa.c | 10 +- drivers/block/zram/zram_drv.c | 2 + drivers/char/ipmi/ipmi_si_intf.c | 44 +++---- drivers/crypto/s5p-sss.c | 5 +- drivers/edac/i5000_edac.c | 8 +- drivers/edac/i5400_edac.c | 9 +- drivers/firmware/efi/efi.c | 3 +- drivers/firmware/efi/esrt.c | 15 +-- drivers/firmware/efi/runtime-map.c | 10 +- drivers/gpio/gpio-altera.c | 26 ++-- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 5 +- drivers/gpu/drm/armada/Makefile | 2 - drivers/gpu/drm/exynos/exynos_drm_gem.c | 9 ++ drivers/hid/Kconfig | 4 +- drivers/hid/hid-chicony.c | 1 + drivers/hid/hid-core.c | 1 + drivers/hid/hid-ids.h | 1 + drivers/i2c/busses/i2c-riic.c | 6 +- drivers/infiniband/hw/mlx4/qp.c | 2 +- drivers/infiniband/hw/mlx5/main.c | 2 + drivers/iommu/intel-iommu.c | 8 +- drivers/irqchip/irq-crossbar.c | 8 +- drivers/media/usb/dvb-usb/dibusb-common.c | 16 ++- drivers/memory/omap-gpmc.c | 4 +- drivers/net/can/ti_hecc.c | 3 + drivers/net/can/usb/ems_usb.c | 2 + drivers/net/can/usb/esd_usb2.c | 2 + drivers/net/can/usb/kvaser_usb.c | 13 +- drivers/net/can/usb/usb_8dev.c | 2 + drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 20 +++- drivers/net/ethernet/broadcom/bnx2x/bnx2x_sriov.c | 8 +- drivers/net/ethernet/broadcom/bnx2x/bnx2x_sriov.h | 1 + drivers/net/ethernet/broadcom/bnx2x/bnx2x_vfpf.c | 23 ++-- drivers/net/ipvlan/ipvlan_core.c | 2 +- drivers/net/phy/spi_ks8995.c | 1 + drivers/net/wireless/mac80211_hwsim.c | 5 +- drivers/scsi/lpfc/lpfc_els.c | 14 ++- drivers/scsi/storvsc_drv.c | 27 +++-- drivers/spi/Kconfig | 1 - drivers/usb/gadget/configfs.c | 1 + drivers/usb/gadget/function/f_fs.c | 2 +- drivers/usb/gadget/legacy/inode.c | 4 +- drivers/virtio/virtio.c | 2 + fs/afs/cmservice.c | 3 + fs/nfs/dir.c | 2 +- include/drm/drmP.h | 26 +++- include/linux/genalloc.h | 3 +- include/linux/mmu_notifier.h | 13 -- include/linux/omap-gpmc.h | 5 +- include/linux/sysfs.h | 6 + include/scsi/libsas.h | 2 +- kernel/audit.c | 10 +- kernel/debug/kdb/kdb_io.c | 2 +- kernel/jump_label.c | 2 +- kernel/workqueue.c | 1 + lib/asn1_decoder.c | 49 ++++---- lib/dynamic_debug.c | 4 + lib/genalloc.c | 10 +- mm/huge_memory.c | 82 +++++++++---- net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | 4 + net/ipv4/netfilter/nf_nat_l3proto_ipv4.c | 5 - net/ipv4/route.c | 14 ++- net/ipv6/af_inet6.c | 10 +- net/ipv6/ip6_vti.c | 8 +- net/ipv6/sit.c | 1 + net/packet/af_packet.c | 37 +++--- net/packet/internal.h | 1 - net/rds/rdma.c | 2 +- net/sctp/socket.c | 38 ++++-- net/sunrpc/sched.c | 3 +- net/tipc/server.c | 1 + net/xfrm/xfrm_policy.c | 1 + scripts/module-common.lds | 2 + scripts/package/Makefile | 5 +- sound/core/pcm.c | 2 + sound/core/seq/seq_timer.c | 2 +- sound/usb/mixer.c | 13 +- tools/hv/hv_kvp_daemon.c | 70 +++-------- tools/testing/selftests/powerpc/harness.c | 6 +- 109 files changed, 701 insertions(+), 570 deletions(-)

7 years, 3 months

9
123
0 0

4.18.y build failure

by Dan Rue

The following commit in 4.18.y causes the build to fail: 79764192e1c4 ("printk/nmi: Prevent deadlock when accessing the main log buffer in NMI") with: | kernel/printk/printk_safe.o: In function `vprintk_func': | printk_safe.c:(.text+0x51b): undefined reference to `vprintk_store' | printk_safe.c:(.text+0x52f): undefined reference to `defer_console_output' Picking up these from mainline seems to do the trick: a338f84dc196 ("printk: Create helper function to queue deferred console handling") ba552399954d ("printk: Split the code for storing a message into the log buffer") Thanks, Dan

7 years, 3 months

3
2
0 0

[PATCH] firmware: Fix security issue with request_firmware_into_buf()

by Luis R. Rodriguez

From: Rishabh Bhatnagar <rishabhb(a)codeaurora.org> When calling request_firmware_into_buf() with the FW_OPT_NOCACHE flag it is expected that firmware is loaded into buffer from memory. But inside alloc_lookup_fw_priv every new firmware that is loaded is added to the firmware cache (fwc) list head. So if any driver requests a firmware that is already loaded the code iterates over the above mentioned list and it can end up giving a pointer to other device driver's firmware buffer. Also the existing copy may either be modified by drivers, remote processors or even freed. This causes a potential security issue with batched requests when using request_firmware_into_buf. Fix alloc_lookup_fw_priv to not add to the fwc head list if FW_OPT_NOCACHE is set, and also don't do the lookup in the list. Fixes: 0e742e9275 ("firmware: provide infrastructure to make fw caching optional") [mcgrof: broken since feature introduction on v4.8] Cc: stable(a)vger.kernel.org # v4.8+ Signed-off-by: Vikram Mulukutla <markivx(a)codeaurora.org> Signed-off-by: Rishabh Bhatnagar <rishabhb(a)codeaurora.org> Signed-off-by: Luis Chamberlain <mcgrof(a)kernel.org> --- This has been tested with the self test firmware scrip and found no regressions. drivers/base/firmware_loader/main.c | 30 +++++++++++++++++------------ 1 file changed, 18 insertions(+), 12 deletions(-) diff --git a/drivers/base/firmware_loader/main.c b/drivers/base/firmware_loader/main.c index 0943e7065e0e..b3c0498ee433 100644 --- a/drivers/base/firmware_loader/main.c +++ b/drivers/base/firmware_loader/main.c @@ -209,21 +209,24 @@ static struct fw_priv *__lookup_fw_priv(const char *fw_name) static int alloc_lookup_fw_priv(const char *fw_name, struct firmware_cache *fwc, struct fw_priv **fw_priv, void *dbuf, - size_t size) + size_t size, enum fw_opt opt_flags) { struct fw_priv *tmp; spin_lock(&fwc->lock); - tmp = __lookup_fw_priv(fw_name); - if (tmp) { - kref_get(&tmp->ref); - spin_unlock(&fwc->lock); - *fw_priv = tmp; - pr_debug("batched request - sharing the same struct fw_priv and lookup for multiple requests\n"); - return 1; + if (!(opt_flags & FW_OPT_NOCACHE)) { + tmp = __lookup_fw_priv(fw_name); + if (tmp) { + kref_get(&tmp->ref); + spin_unlock(&fwc->lock); + *fw_priv = tmp; + pr_debug("batched request - sharing the same struct fw_priv and lookup for multiple requests\n"); + return 1; + } } + tmp = __allocate_fw_priv(fw_name, fwc, dbuf, size); - if (tmp) + if (tmp && !(opt_flags & FW_OPT_NOCACHE)) list_add(&tmp->list, &fwc->head); spin_unlock(&fwc->lock); @@ -493,7 +496,8 @@ int assign_fw(struct firmware *fw, struct device *device, */ static int _request_firmware_prepare(struct firmware **firmware_p, const char *name, - struct device *device, void *dbuf, size_t size) + struct device *device, void *dbuf, size_t size, + enum fw_opt opt_flags) { struct firmware *firmware; struct fw_priv *fw_priv; @@ -511,7 +515,8 @@ _request_firmware_prepare(struct firmware **firmware_p, const char *name, return 0; /* assigned */ } - ret = alloc_lookup_fw_priv(name, &fw_cache, &fw_priv, dbuf, size); + ret = alloc_lookup_fw_priv(name, &fw_cache, &fw_priv, dbuf, size, + opt_flags); /* * bind with 'priv' now to avoid warning in failure path @@ -571,7 +576,8 @@ _request_firmware(const struct firmware **firmware_p, const char *name, goto out; } - ret = _request_firmware_prepare(&fw, name, device, buf, size); + ret = _request_firmware_prepare(&fw, name, device, buf, size, + opt_flags); if (ret <= 0) /* error or already assigned */ goto out; -- 2.18.0

7 years, 3 months

1
0
0 0

[PATCH 2/2] xhci: Fix use after free for URB cancellation on a reallocated endpoint

by Mathias Nyman

Make sure the cancelled URB is on the current endpoint ring. If the endpoint ring has been reallocated since the URB was enqueued then the URB may contain TD and TRB pointers to a already freed ring. In this the case return the URB without touching any of the freed ring structure data. Don't try to stop the ring. It would be useless. This can occur if endpoint is not flushed before it is dropped and re-added, which is the case in usb_set_interface() as xhci does things in an odd order. Cc: <stable(a)vger.kernel.org> Tested-by: Sudip Mukherjee <sudipm.mukherjee(a)gmail.com> Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> --- drivers/usb/host/xhci.c | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c index 61f48b1..0420eef 100644 --- a/drivers/usb/host/xhci.c +++ b/drivers/usb/host/xhci.c @@ -37,6 +37,21 @@ static unsigned long long quirks; module_param(quirks, ullong, S_IRUGO); MODULE_PARM_DESC(quirks, "Bit flags for quirks to be enabled as default"); +static bool td_on_ring(struct xhci_td *td, struct xhci_ring *ring) +{ + struct xhci_segment *seg = ring->first_seg; + + if (!td || !td->start_seg) + return false; + do { + if (seg == td->start_seg) + return true; + seg = seg->next; + } while (seg && seg != ring->first_seg); + + return false; +} + /* TODO: copied from ehci-hcd.c - can this be refactored? */ /* * xhci_handshake - spin reading hc until handshake completes or fails @@ -1571,6 +1586,21 @@ static int xhci_urb_dequeue(struct usb_hcd *hcd, struct urb *urb, int status) goto done; } + /* + * check ring is not re-allocated since URB was enqueued. If it is, then + * make sure none of the ring related pointers in this URB private data + * are touched, such as td_list, otherwise we overwrite freed data + */ + if (!td_on_ring(&urb_priv->td[0], ep_ring)) { + xhci_err(xhci, "Canceled URB td not found on endpoint ring"); + for (i = urb_priv->num_tds_done; i < urb_priv->num_tds; i++) { + td = &urb_priv->td[i]; + if (!list_empty(&td->cancelled_td_list)) + list_del_init(&td->cancelled_td_list); + } + goto err_giveback; + } + if (xhci->xhc_state & XHCI_STATE_HALTED) { xhci_dbg_trace(xhci, trace_xhci_dbg_cancel_urb, "HC halted, freeing TD manually."); -- 2.7.4

7 years, 3 months

1
0
0 0

Again the photos things

by Jimmy Wilson

Hi, Have you received my email from last week? I would like to speak with the person who manage your photos for your company? We are here to provide you all kinds of imaging editing. What we can provide you: Cutting out for photos Clipping path for photos Masking for photos Retouching for your photos Retouching for the Beauty Model and Portraits. We have 20 staffs in house and daily basis 1000 images can be processed. We give testing for your photos. Thanks, Jimmy Wilson

7 years, 3 months

1
0
0 0

Photo processing

by Jimmy Wilson

Hi, Have you received my email from last week? I would like to speak with the person who manage your photos for your company? We are here to provide you all kinds of imaging editing. What we can provide you: Cutting out for photos Clipping path for photos Masking for photos Retouching for your photos Retouching for the Beauty Model and Portraits. We have 20 staffs in house and daily basis 1000 images can be processed. We give testing for your photos. Thanks, Jimmy Wilson

7 years, 3 months

1
0
0 0

Images processing

by Jimmy Wilson

Hi, Have you received my email from last week? I would like to speak with the person who manage your photos for your company? We are here to provide you all kinds of imaging editing. What we can provide you: Cutting out for photos Clipping path for photos Masking for photos Retouching for your photos Retouching for the Beauty Model and Portraits. We have 20 staffs in house and daily basis 1000 images can be processed. We give testing for your photos. Thanks, Jimmy Wilson

7 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] KVM: arm/arm64: Skip updating PTE entry if no change" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 976d34e2dab10ece5ea8fe7090b7692913f89084 Mon Sep 17 00:00:00 2001 From: Punit Agrawal <punit.agrawal(a)arm.com> Date: Mon, 13 Aug 2018 11:43:51 +0100 Subject: [PATCH] KVM: arm/arm64: Skip updating PTE entry if no change When there is contention on faulting in a particular page table entry at stage 2, the break-before-make requirement of the architecture can lead to additional refaulting due to TLB invalidation. Avoid this by skipping a page table update if the new value of the PTE matches the previous value. Cc: stable(a)vger.kernel.org Fixes: d5d8184d35c9 ("KVM: ARM: Memory virtualization setup") Reviewed-by: Suzuki Poulose <suzuki.poulose(a)arm.com> Acked-by: Christoffer Dall <christoffer.dall(a)arm.com> Signed-off-by: Punit Agrawal <punit.agrawal(a)arm.com> Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> diff --git a/virt/kvm/arm/mmu.c b/virt/kvm/arm/mmu.c index 13dfe36501aa..91aaf73b00df 100644 --- a/virt/kvm/arm/mmu.c +++ b/virt/kvm/arm/mmu.c @@ -1147,6 +1147,10 @@ static int stage2_set_pte(struct kvm *kvm, struct kvm_mmu_memory_cache *cache, /* Create 2nd stage page table mapping - Level 3 */ old_pte = *pte; if (pte_present(old_pte)) { + /* Skip page table update if there is no change */ + if (pte_val(old_pte) == pte_val(*new_pte)) + return 0; + kvm_set_pte(pte, __pte(0)); kvm_tlb_flush_vmid_ipa(kvm, addr); } else {

7 years, 3 months

2
1
0 0

[PATCH 1/2] i2c: designware: Re-init controllers with pm_disabled set on resume

by Hans de Goede

On Bay Trail and Cherry Trail devices we set the pm_disabled flag for I2C busses which the OS shares with the PUNIT as these need special handling. Until now we called dev_pm_syscore_device(dev, true) for I2C controllers with this flag set to keep these I2C controllers always on. After commit 12864ff8545f ("ACPI / LPSS: Avoid PM quirks on suspend and resume from hibernation"), this no longer works. This commit modifies lpss_iosf_exit_d3_state() to only run if lpss_iosf_enter_d3_state() has ran before it, so that it does not run on a resume from hibernate (or from S3). On these systems the conditions for lpss_iosf_enter_d3_state() to run never become true, so lpss_iosf_exit_d3_state() never gets called and the 2 LPSS DMA controllers never get forced into D0 mode, instead they are left in their default automatic power-on when needed mode. The not forcing of D0 mode for the DMA controllers enables these systems to properly enter S0ix modes, which is a good thing. But after entering S0ix modes the I2C controller connected to the PMIC no longer works, leading to e.g. broken battery monitoring. The _PS3 method for this I2C controller looks like this: Method (_PS3, 0, NotSerialized) // _PS3: Power State 3 { If ((((PMID == 0x04) || (PMID == 0x05)) || (PMID == 0x06))) { Return (Zero) } PSAT |= 0x03 Local0 = PSAT /* \_SB_.I2C5.PSAT */ } Where PMID = 0x05, so we enter the Return (Zero) path on these systems. So even if we were to not call dev_pm_syscore_device(dev, true) the I2C controller will be left in D0 rather then be switched to D3. Yet on other Bay and Cherry Trail devices S0ix is not entered unless *all* I2C controllers are in D3 mode. This combined with the I2C controller no longer working now that we reach S0ix states on these systems leads to me believing that the PUNIT itself puts the I2C controller in D3 when all other conditions for entering S0ix states are true. Since now the I2C controller is put in D3 over a suspend/resume we must re-initialize it afterwards and that does indeed fix it no longer working. This commit implements this fix by: 1) Making the suspend_late callback a no-op if pm_disabled is set and making the resume_early callback skip the clock re-enable (since it now was not disabled) while still doing the necessary I2C controller re-init. 2) Removing the dev_pm_syscore_device(dev, true) call, so that the suspend and resume callbacks are actually called. Normally this would cause the ACPI pm code to call _PS3 putting the I2C controller in D3, wreaking havoc since it is shared with the PUNIT, but in this special case the _PS3 method is a no-op so we can safely allow a "fake" suspend / resume. Fixes: 12864ff8545f ("ACPI / LPSS: Avoid PM quirks on suspend and resume ...") Link: https://bugzilla.kernel.org/show_bug.cgi?id=200861 Cc: 4.15+ <stable(a)vger.kernel.org> # 4.15+ Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> --- drivers/i2c/busses/i2c-designware-master.c | 1 - drivers/i2c/busses/i2c-designware-platdrv.c | 7 ++++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/i2c/busses/i2c-designware-master.c b/drivers/i2c/busses/i2c-designware-master.c index 27436a937492..54b2a3a86677 100644 --- a/drivers/i2c/busses/i2c-designware-master.c +++ b/drivers/i2c/busses/i2c-designware-master.c @@ -693,7 +693,6 @@ int i2c_dw_probe(struct dw_i2c_dev *dev) i2c_set_adapdata(adap, dev); if (dev->pm_disabled) { - dev_pm_syscore_device(dev->dev, true); irq_flags = IRQF_NO_SUSPEND; } else { irq_flags = IRQF_SHARED | IRQF_COND_SUSPEND; diff --git a/drivers/i2c/busses/i2c-designware-platdrv.c b/drivers/i2c/busses/i2c-designware-platdrv.c index 5660daf6c92e..d281d21cdd8e 100644 --- a/drivers/i2c/busses/i2c-designware-platdrv.c +++ b/drivers/i2c/busses/i2c-designware-platdrv.c @@ -448,6 +448,9 @@ static int dw_i2c_plat_suspend(struct device *dev) { struct dw_i2c_dev *i_dev = dev_get_drvdata(dev); + if (i_dev->pm_disabled) + return 0; + i_dev->disable(i_dev); i2c_dw_prepare_clk(i_dev, false); @@ -458,7 +461,9 @@ static int dw_i2c_plat_resume(struct device *dev) { struct dw_i2c_dev *i_dev = dev_get_drvdata(dev); - i2c_dw_prepare_clk(i_dev, true); + if (!i_dev->pm_disabled) + i2c_dw_prepare_clk(i_dev, true); + i_dev->init(i_dev); return 0; -- 2.19.0.rc0

7 years, 3 months

4
3
0 0

FAILED: patch "[PATCH] arm64: mm: check for upper PAGE_SHIFT bits in pfn_valid()" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 5ad356eabc47d26a92140a0c4b20eba471c10de3 Mon Sep 17 00:00:00 2001 From: Greg Hackmann <ghackmann(a)android.com> Date: Wed, 15 Aug 2018 12:51:21 -0700 Subject: [PATCH] arm64: mm: check for upper PAGE_SHIFT bits in pfn_valid() ARM64's pfn_valid() shifts away the upper PAGE_SHIFT bits of the input before seeing if the PFN is valid. This leads to false positives when some of the upper bits are set, but the lower bits match a valid PFN. For example, the following userspace code looks up a bogus entry in /proc/kpageflags: int pagemap = open("/proc/self/pagemap", O_RDONLY); int pageflags = open("/proc/kpageflags", O_RDONLY); uint64_t pfn, val; lseek64(pagemap, [...], SEEK_SET); read(pagemap, &pfn, sizeof(pfn)); if (pfn & (1UL << 63)) { /* valid PFN */ pfn &= ((1UL << 55) - 1); /* clear flag bits */ pfn |= (1UL << 55); lseek64(pageflags, pfn * sizeof(uint64_t), SEEK_SET); read(pageflags, &val, sizeof(val)); } On ARM64 this causes the userspace process to crash with SIGSEGV rather than reading (1 << KPF_NOPAGE). kpageflags_read() treats the offset as valid, and stable_page_flags() will try to access an address between the user and kernel address ranges. Fixes: c1cc1552616d ("arm64: MMU initialisation") Cc: stable(a)vger.kernel.org Signed-off-by: Greg Hackmann <ghackmann(a)google.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> diff --git a/arch/arm64/mm/init.c b/arch/arm64/mm/init.c index 325cfb3b858a..811f9f8b3bb0 100644 --- a/arch/arm64/mm/init.c +++ b/arch/arm64/mm/init.c @@ -287,7 +287,11 @@ static void __init zone_sizes_init(unsigned long min, unsigned long max) #ifdef CONFIG_HAVE_ARCH_PFN_VALID int pfn_valid(unsigned long pfn) { - return memblock_is_map_memory(pfn << PAGE_SHIFT); + phys_addr_t addr = pfn << PAGE_SHIFT; + + if ((addr >> PAGE_SHIFT) != pfn) + return 0; + return memblock_is_map_memory(addr); } EXPORT_SYMBOL(pfn_valid); #endif

7 years, 3 months

2
1
0 0

[PATCH AUTOSEL 3.18 01/25] cifs: check if SMB2 PDU size has been padded and suppress the warning

by Sasha Levin

From: Ronnie Sahlberg <lsahlber(a)redhat.com> [ Upstream commit e6c47dd0da1e3a484e778046fc10da0b20606a86 ] Some SMB2/3 servers, Win2016 but possibly others too, adds padding not only between PDUs in a compound but also to the final PDU. This padding extends the PDU to a multiple of 8 bytes. Check if the unexpected length looks like this might be the case and avoid triggering the log messages for : "SMB2 server sent bad RFC1001 len %d not %d\n" Signed-off-by: Ronnie Sahlberg <lsahlber(a)redhat.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- fs/cifs/smb2misc.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/fs/cifs/smb2misc.c b/fs/cifs/smb2misc.c index b35c1398d459..494438195a1d 100644 --- a/fs/cifs/smb2misc.c +++ b/fs/cifs/smb2misc.c @@ -182,6 +182,13 @@ smb2_check_message(char *buf, unsigned int length) if (clc_len == 4 + len + 1) return 0; + /* + * Some windows servers (win2016) will pad also the final + * PDU in a compound to 8 bytes. + */ + if (((clc_len + 7) & ~7) == len) + return 0; + /* * MacOS server pads after SMB2.1 write response with 3 bytes * of junk. Other servers match RFC1001 len to actual -- 2.17.1

7 years, 3 months

1
24
0 0

[PATCH AUTOSEL 4.4 01/30] cifs: check if SMB2 PDU size has been padded and suppress the warning

by Sasha Levin

From: Ronnie Sahlberg <lsahlber(a)redhat.com> [ Upstream commit e6c47dd0da1e3a484e778046fc10da0b20606a86 ] Some SMB2/3 servers, Win2016 but possibly others too, adds padding not only between PDUs in a compound but also to the final PDU. This padding extends the PDU to a multiple of 8 bytes. Check if the unexpected length looks like this might be the case and avoid triggering the log messages for : "SMB2 server sent bad RFC1001 len %d not %d\n" Signed-off-by: Ronnie Sahlberg <lsahlber(a)redhat.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- fs/cifs/smb2misc.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/fs/cifs/smb2misc.c b/fs/cifs/smb2misc.c index 76ccf20fbfb7..0e62bf1ebbd7 100644 --- a/fs/cifs/smb2misc.c +++ b/fs/cifs/smb2misc.c @@ -184,6 +184,13 @@ smb2_check_message(char *buf, unsigned int length) if (clc_len == 4 + len + 1) return 0; + /* + * Some windows servers (win2016) will pad also the final + * PDU in a compound to 8 bytes. + */ + if (((clc_len + 7) & ~7) == len) + return 0; + /* * MacOS server pads after SMB2.1 write response with 3 bytes * of junk. Other servers match RFC1001 len to actual -- 2.17.1

7 years, 3 months

1
29
0 0

[PATCH AUTOSEL 4.9 01/42] cifs: check if SMB2 PDU size has been padded and suppress the warning

by Sasha Levin

From: Ronnie Sahlberg <lsahlber(a)redhat.com> [ Upstream commit e6c47dd0da1e3a484e778046fc10da0b20606a86 ] Some SMB2/3 servers, Win2016 but possibly others too, adds padding not only between PDUs in a compound but also to the final PDU. This padding extends the PDU to a multiple of 8 bytes. Check if the unexpected length looks like this might be the case and avoid triggering the log messages for : "SMB2 server sent bad RFC1001 len %d not %d\n" Signed-off-by: Ronnie Sahlberg <lsahlber(a)redhat.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- fs/cifs/smb2misc.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/fs/cifs/smb2misc.c b/fs/cifs/smb2misc.c index 967dfe656ced..e96a74da756f 100644 --- a/fs/cifs/smb2misc.c +++ b/fs/cifs/smb2misc.c @@ -208,6 +208,13 @@ smb2_check_message(char *buf, unsigned int length, struct TCP_Server_Info *srvr) if (clc_len == 4 + len + 1) return 0; + /* + * Some windows servers (win2016) will pad also the final + * PDU in a compound to 8 bytes. + */ + if (((clc_len + 7) & ~7) == len) + return 0; + /* * MacOS server pads after SMB2.1 write response with 3 bytes * of junk. Other servers match RFC1001 len to actual -- 2.17.1

7 years, 3 months

1
41
0 0

[PATCH AUTOSEL 4.14 01/67] cifs: check if SMB2 PDU size has been padded and suppress the warning

by Sasha Levin

From: Ronnie Sahlberg <lsahlber(a)redhat.com> [ Upstream commit e6c47dd0da1e3a484e778046fc10da0b20606a86 ] Some SMB2/3 servers, Win2016 but possibly others too, adds padding not only between PDUs in a compound but also to the final PDU. This padding extends the PDU to a multiple of 8 bytes. Check if the unexpected length looks like this might be the case and avoid triggering the log messages for : "SMB2 server sent bad RFC1001 len %d not %d\n" Signed-off-by: Ronnie Sahlberg <lsahlber(a)redhat.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- fs/cifs/smb2misc.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/fs/cifs/smb2misc.c b/fs/cifs/smb2misc.c index 7b08a1446a7f..efdfdb47a7dd 100644 --- a/fs/cifs/smb2misc.c +++ b/fs/cifs/smb2misc.c @@ -211,6 +211,13 @@ smb2_check_message(char *buf, unsigned int length, struct TCP_Server_Info *srvr) if (clc_len == 4 + len + 1) return 0; + /* + * Some windows servers (win2016) will pad also the final + * PDU in a compound to 8 bytes. + */ + if (((clc_len + 7) & ~7) == len) + return 0; + /* * MacOS server pads after SMB2.1 write response with 3 bytes * of junk. Other servers match RFC1001 len to actual -- 2.17.1

7 years, 3 months

1
66
0 0

[PATCH v4.14.y] autofs: fix autofs_sbi() does not check super block type

by Zubin Mithra

From: Ian Kent <raven(a)themaw.net> commit 0633da48f0793aeba27f82d30605624416723a91 upstream. autofs_sbi() does not check the superblock magic number to verify it has been given an autofs super block. Backport Note: autofs4 has been renamed to autofs upstream. As a result the upstream patch does not apply cleanly onto 4.14.y. Change-Id: I7194ca9b851fba81f0e20cc4873717ceccaa0b27 Link: http://lkml.kernel.org/r/153475422934.17131.7563724552005298277.stgit@pluto… Reported-by: <syzbot+87c3c541582e56943277(a)syzkaller.appspotmail.com> Signed-off-by: Ian Kent <raven(a)themaw.net> Reviewed-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> Signed-off-by: Zubin Mithra <zsm(a)chromium.org> --- fs/autofs4/autofs_i.h | 4 +++- fs/autofs4/inode.c | 1 - 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/fs/autofs4/autofs_i.h b/fs/autofs4/autofs_i.h index 4737615f0eaa..ce696d6c4641 100644 --- a/fs/autofs4/autofs_i.h +++ b/fs/autofs4/autofs_i.h @@ -26,6 +26,7 @@ #include <linux/list.h> #include <linux/completion.h> #include <asm/current.h> +#include <linux/magic.h> /* This is the range of ioctl() numbers we claim as ours */ #define AUTOFS_IOC_FIRST AUTOFS_IOC_READY @@ -124,7 +125,8 @@ struct autofs_sb_info { static inline struct autofs_sb_info *autofs4_sbi(struct super_block *sb) { - return (struct autofs_sb_info *)(sb->s_fs_info); + return sb->s_magic != AUTOFS_SUPER_MAGIC ? + NULL : (struct autofs_sb_info *)(sb->s_fs_info); } static inline struct autofs_info *autofs4_dentry_ino(struct dentry *dentry) diff --git a/fs/autofs4/inode.c b/fs/autofs4/inode.c index 09e7d68dff02..3c7e727612fa 100644 --- a/fs/autofs4/inode.c +++ b/fs/autofs4/inode.c @@ -14,7 +14,6 @@ #include <linux/pagemap.h> #include <linux/parser.h> #include <linux/bitops.h> -#include <linux/magic.h> #include "autofs_i.h" #include <linux/module.h> -- 2.19.0.rc0.228.g281dcd1b4d0-goog

7 years, 3 months

2
1
0 0

FAILED: patch "[PATCH] ext4: fix race when setting the bitmap corrupted flag" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 9af0b3d1257756394ebbd06b14937b557e3a756b Mon Sep 17 00:00:00 2001 From: Wang Shilong <wshilong(a)ddn.com> Date: Sun, 29 Jul 2018 17:27:45 -0400 Subject: [PATCH] ext4: fix race when setting the bitmap corrupted flag Whenever we hit block or inode bitmap corruptions we set bit and then reduce this block group free inode/clusters counter to expose right available space. However some of ext4_mark_group_bitmap_corrupted() is called inside group spinlock, some are not, this could make it happen that we double reduce one block group free counters from system. Always hold group spinlock for it could fix it, but it looks a little heavy, we could use test_and_set_bit() to fix race problems here. Signed-off-by: Wang Shilong <wshilong(a)ddn.com> Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Cc: stable(a)vger.kernel.org diff --git a/fs/ext4/super.c b/fs/ext4/super.c index d4a218ba626c..f7750bc5b85a 100644 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -795,26 +795,26 @@ void ext4_mark_group_bitmap_corrupted(struct super_block *sb, struct ext4_sb_info *sbi = EXT4_SB(sb); struct ext4_group_info *grp = ext4_get_group_info(sb, group); struct ext4_group_desc *gdp = ext4_get_group_desc(sb, group, NULL); + int ret; - if ((flags & EXT4_GROUP_INFO_BBITMAP_CORRUPT) && - !EXT4_MB_GRP_BBITMAP_CORRUPT(grp)) { - percpu_counter_sub(&sbi->s_freeclusters_counter, - grp->bb_free); - set_bit(EXT4_GROUP_INFO_BBITMAP_CORRUPT_BIT, - &grp->bb_state); + if (flags & EXT4_GROUP_INFO_BBITMAP_CORRUPT) { + ret = ext4_test_and_set_bit(EXT4_GROUP_INFO_BBITMAP_CORRUPT_BIT, + &grp->bb_state); + if (!ret) + percpu_counter_sub(&sbi->s_freeclusters_counter, + grp->bb_free); } - if ((flags & EXT4_GROUP_INFO_IBITMAP_CORRUPT) && - !EXT4_MB_GRP_IBITMAP_CORRUPT(grp)) { - if (gdp) { + if (flags & EXT4_GROUP_INFO_IBITMAP_CORRUPT) { + ret = ext4_test_and_set_bit(EXT4_GROUP_INFO_IBITMAP_CORRUPT_BIT, + &grp->bb_state); + if (!ret && gdp) { int count; count = ext4_free_inodes_count(sb, gdp); percpu_counter_sub(&sbi->s_freeinodes_counter, count); } - set_bit(EXT4_GROUP_INFO_IBITMAP_CORRUPT_BIT, - &grp->bb_state); } }

7 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] ext4: fix race when setting the bitmap corrupted flag" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 9af0b3d1257756394ebbd06b14937b557e3a756b Mon Sep 17 00:00:00 2001 From: Wang Shilong <wshilong(a)ddn.com> Date: Sun, 29 Jul 2018 17:27:45 -0400 Subject: [PATCH] ext4: fix race when setting the bitmap corrupted flag Whenever we hit block or inode bitmap corruptions we set bit and then reduce this block group free inode/clusters counter to expose right available space. However some of ext4_mark_group_bitmap_corrupted() is called inside group spinlock, some are not, this could make it happen that we double reduce one block group free counters from system. Always hold group spinlock for it could fix it, but it looks a little heavy, we could use test_and_set_bit() to fix race problems here. Signed-off-by: Wang Shilong <wshilong(a)ddn.com> Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Cc: stable(a)vger.kernel.org diff --git a/fs/ext4/super.c b/fs/ext4/super.c index d4a218ba626c..f7750bc5b85a 100644 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -795,26 +795,26 @@ void ext4_mark_group_bitmap_corrupted(struct super_block *sb, struct ext4_sb_info *sbi = EXT4_SB(sb); struct ext4_group_info *grp = ext4_get_group_info(sb, group); struct ext4_group_desc *gdp = ext4_get_group_desc(sb, group, NULL); + int ret; - if ((flags & EXT4_GROUP_INFO_BBITMAP_CORRUPT) && - !EXT4_MB_GRP_BBITMAP_CORRUPT(grp)) { - percpu_counter_sub(&sbi->s_freeclusters_counter, - grp->bb_free); - set_bit(EXT4_GROUP_INFO_BBITMAP_CORRUPT_BIT, - &grp->bb_state); + if (flags & EXT4_GROUP_INFO_BBITMAP_CORRUPT) { + ret = ext4_test_and_set_bit(EXT4_GROUP_INFO_BBITMAP_CORRUPT_BIT, + &grp->bb_state); + if (!ret) + percpu_counter_sub(&sbi->s_freeclusters_counter, + grp->bb_free); } - if ((flags & EXT4_GROUP_INFO_IBITMAP_CORRUPT) && - !EXT4_MB_GRP_IBITMAP_CORRUPT(grp)) { - if (gdp) { + if (flags & EXT4_GROUP_INFO_IBITMAP_CORRUPT) { + ret = ext4_test_and_set_bit(EXT4_GROUP_INFO_IBITMAP_CORRUPT_BIT, + &grp->bb_state); + if (!ret && gdp) { int count; count = ext4_free_inodes_count(sb, gdp); percpu_counter_sub(&sbi->s_freeinodes_counter, count); } - set_bit(EXT4_GROUP_INFO_IBITMAP_CORRUPT_BIT, - &grp->bb_state); } }

7 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] ext4: sysfs: print ext4_super_block fields as little-endian" failed to apply to 3.18-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 3.18-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From a4d2aadca184ece182418950d45ba4ffc7b652d2 Mon Sep 17 00:00:00 2001 From: Arnd Bergmann <arnd(a)arndb.de> Date: Sun, 29 Jul 2018 15:48:00 -0400 Subject: [PATCH] ext4: sysfs: print ext4_super_block fields as little-endian While working on extended rand for last_error/first_error timestamps, I noticed that the endianess is wrong; we access the little-endian fields in struct ext4_super_block as native-endian when we print them. This adds a special case in ext4_attr_show() and ext4_attr_store() to byteswap the superblock fields if needed. In older kernels, this code was part of super.c, it got moved to sysfs.c in linux-4.4. Cc: stable(a)vger.kernel.org Fixes: 52c198c6820f ("ext4: add sysfs entry showing whether the fs contains errors") Reviewed-by: Andreas Dilger <adilger(a)dilger.ca> Signed-off-by: Arnd Bergmann <arnd(a)arndb.de> Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> diff --git a/fs/ext4/sysfs.c b/fs/ext4/sysfs.c index f34da0bb8f17..b970a200f20c 100644 --- a/fs/ext4/sysfs.c +++ b/fs/ext4/sysfs.c @@ -274,8 +274,12 @@ static ssize_t ext4_attr_show(struct kobject *kobj, case attr_pointer_ui: if (!ptr) return 0; - return snprintf(buf, PAGE_SIZE, "%u\n", - *((unsigned int *) ptr)); + if (a->attr_ptr == ptr_ext4_super_block_offset) + return snprintf(buf, PAGE_SIZE, "%u\n", + le32_to_cpup(ptr)); + else + return snprintf(buf, PAGE_SIZE, "%u\n", + *((unsigned int *) ptr)); case attr_pointer_atomic: if (!ptr) return 0; @@ -308,7 +312,10 @@ static ssize_t ext4_attr_store(struct kobject *kobj, ret = kstrtoul(skip_spaces(buf), 0, &t); if (ret) return ret; - *((unsigned int *) ptr) = t; + if (a->attr_ptr == ptr_ext4_super_block_offset) + *((__le32 *) ptr) = cpu_to_le32(t); + else + *((unsigned int *) ptr) = t; return len; case attr_inode_readahead: return inode_readahead_blks_store(sbi, buf, len);

7 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] KVM: arm/arm64: Skip updating PTE entry if no change" failed to apply to 3.18-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 3.18-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 976d34e2dab10ece5ea8fe7090b7692913f89084 Mon Sep 17 00:00:00 2001 From: Punit Agrawal <punit.agrawal(a)arm.com> Date: Mon, 13 Aug 2018 11:43:51 +0100 Subject: [PATCH] KVM: arm/arm64: Skip updating PTE entry if no change When there is contention on faulting in a particular page table entry at stage 2, the break-before-make requirement of the architecture can lead to additional refaulting due to TLB invalidation. Avoid this by skipping a page table update if the new value of the PTE matches the previous value. Cc: stable(a)vger.kernel.org Fixes: d5d8184d35c9 ("KVM: ARM: Memory virtualization setup") Reviewed-by: Suzuki Poulose <suzuki.poulose(a)arm.com> Acked-by: Christoffer Dall <christoffer.dall(a)arm.com> Signed-off-by: Punit Agrawal <punit.agrawal(a)arm.com> Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> diff --git a/virt/kvm/arm/mmu.c b/virt/kvm/arm/mmu.c index 13dfe36501aa..91aaf73b00df 100644 --- a/virt/kvm/arm/mmu.c +++ b/virt/kvm/arm/mmu.c @@ -1147,6 +1147,10 @@ static int stage2_set_pte(struct kvm *kvm, struct kvm_mmu_memory_cache *cache, /* Create 2nd stage page table mapping - Level 3 */ old_pte = *pte; if (pte_present(old_pte)) { + /* Skip page table update if there is no change */ + if (pte_val(old_pte) == pte_val(*new_pte)) + return 0; + kvm_set_pte(pte, __pte(0)); kvm_tlb_flush_vmid_ipa(kvm, addr); } else {

7 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] KVM: arm/arm64: Skip updating PTE entry if no change" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 976d34e2dab10ece5ea8fe7090b7692913f89084 Mon Sep 17 00:00:00 2001 From: Punit Agrawal <punit.agrawal(a)arm.com> Date: Mon, 13 Aug 2018 11:43:51 +0100 Subject: [PATCH] KVM: arm/arm64: Skip updating PTE entry if no change When there is contention on faulting in a particular page table entry at stage 2, the break-before-make requirement of the architecture can lead to additional refaulting due to TLB invalidation. Avoid this by skipping a page table update if the new value of the PTE matches the previous value. Cc: stable(a)vger.kernel.org Fixes: d5d8184d35c9 ("KVM: ARM: Memory virtualization setup") Reviewed-by: Suzuki Poulose <suzuki.poulose(a)arm.com> Acked-by: Christoffer Dall <christoffer.dall(a)arm.com> Signed-off-by: Punit Agrawal <punit.agrawal(a)arm.com> Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> diff --git a/virt/kvm/arm/mmu.c b/virt/kvm/arm/mmu.c index 13dfe36501aa..91aaf73b00df 100644 --- a/virt/kvm/arm/mmu.c +++ b/virt/kvm/arm/mmu.c @@ -1147,6 +1147,10 @@ static int stage2_set_pte(struct kvm *kvm, struct kvm_mmu_memory_cache *cache, /* Create 2nd stage page table mapping - Level 3 */ old_pte = *pte; if (pte_present(old_pte)) { + /* Skip page table update if there is no change */ + if (pte_val(old_pte) == pte_val(*new_pte)) + return 0; + kvm_set_pte(pte, __pte(0)); kvm_tlb_flush_vmid_ipa(kvm, addr); } else {

7 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] KVM: arm/arm64: Skip updating PMD entry if no change" failed to apply to 3.18-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 3.18-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 86658b819cd0a9aa584cd84453ed268a6f013770 Mon Sep 17 00:00:00 2001 From: Punit Agrawal <punit.agrawal(a)arm.com> Date: Mon, 13 Aug 2018 11:43:50 +0100 Subject: [PATCH] KVM: arm/arm64: Skip updating PMD entry if no change Contention on updating a PMD entry by a large number of vcpus can lead to duplicate work when handling stage 2 page faults. As the page table update follows the break-before-make requirement of the architecture, it can lead to repeated refaults due to clearing the entry and flushing the tlbs. This problem is more likely when - * there are large number of vcpus * the mapping is large block mapping such as when using PMD hugepages (512MB) with 64k pages. Fix this by skipping the page table update if there is no change in the entry being updated. Cc: stable(a)vger.kernel.org Fixes: ad361f093c1e ("KVM: ARM: Support hugetlbfs backed huge pages") Reviewed-by: Suzuki Poulose <suzuki.poulose(a)arm.com> Acked-by: Christoffer Dall <christoffer.dall(a)arm.com> Signed-off-by: Punit Agrawal <punit.agrawal(a)arm.com> Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> diff --git a/virt/kvm/arm/mmu.c b/virt/kvm/arm/mmu.c index 97d27cd9c654..13dfe36501aa 100644 --- a/virt/kvm/arm/mmu.c +++ b/virt/kvm/arm/mmu.c @@ -1044,19 +1044,35 @@ static int stage2_set_pmd_huge(struct kvm *kvm, struct kvm_mmu_memory_cache pmd = stage2_get_pmd(kvm, cache, addr); VM_BUG_ON(!pmd); - /* - * Mapping in huge pages should only happen through a fault. If a - * page is merged into a transparent huge page, the individual - * subpages of that huge page should be unmapped through MMU - * notifiers before we get here. - * - * Merging of CompoundPages is not supported; they should become - * splitting first, unmapped, merged, and mapped back in on-demand. - */ - VM_BUG_ON(pmd_present(*pmd) && pmd_pfn(*pmd) != pmd_pfn(*new_pmd)); - old_pmd = *pmd; if (pmd_present(old_pmd)) { + /* + * Multiple vcpus faulting on the same PMD entry, can + * lead to them sequentially updating the PMD with the + * same value. Following the break-before-make + * (pmd_clear() followed by tlb_flush()) process can + * hinder forward progress due to refaults generated + * on missing translations. + * + * Skip updating the page table if the entry is + * unchanged. + */ + if (pmd_val(old_pmd) == pmd_val(*new_pmd)) + return 0; + + /* + * Mapping in huge pages should only happen through a + * fault. If a page is merged into a transparent huge + * page, the individual subpages of that huge page + * should be unmapped through MMU notifiers before we + * get here. + * + * Merging of CompoundPages is not supported; they + * should become splitting first, unmapped, merged, + * and mapped back in on-demand. + */ + VM_BUG_ON(pmd_pfn(old_pmd) != pmd_pfn(*new_pmd)); + pmd_clear(pmd); kvm_tlb_flush_vmid_ipa(kvm, addr); } else {

7 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] KVM: arm/arm64: Skip updating PMD entry if no change" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 86658b819cd0a9aa584cd84453ed268a6f013770 Mon Sep 17 00:00:00 2001 From: Punit Agrawal <punit.agrawal(a)arm.com> Date: Mon, 13 Aug 2018 11:43:50 +0100 Subject: [PATCH] KVM: arm/arm64: Skip updating PMD entry if no change Contention on updating a PMD entry by a large number of vcpus can lead to duplicate work when handling stage 2 page faults. As the page table update follows the break-before-make requirement of the architecture, it can lead to repeated refaults due to clearing the entry and flushing the tlbs. This problem is more likely when - * there are large number of vcpus * the mapping is large block mapping such as when using PMD hugepages (512MB) with 64k pages. Fix this by skipping the page table update if there is no change in the entry being updated. Cc: stable(a)vger.kernel.org Fixes: ad361f093c1e ("KVM: ARM: Support hugetlbfs backed huge pages") Reviewed-by: Suzuki Poulose <suzuki.poulose(a)arm.com> Acked-by: Christoffer Dall <christoffer.dall(a)arm.com> Signed-off-by: Punit Agrawal <punit.agrawal(a)arm.com> Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> diff --git a/virt/kvm/arm/mmu.c b/virt/kvm/arm/mmu.c index 97d27cd9c654..13dfe36501aa 100644 --- a/virt/kvm/arm/mmu.c +++ b/virt/kvm/arm/mmu.c @@ -1044,19 +1044,35 @@ static int stage2_set_pmd_huge(struct kvm *kvm, struct kvm_mmu_memory_cache pmd = stage2_get_pmd(kvm, cache, addr); VM_BUG_ON(!pmd); - /* - * Mapping in huge pages should only happen through a fault. If a - * page is merged into a transparent huge page, the individual - * subpages of that huge page should be unmapped through MMU - * notifiers before we get here. - * - * Merging of CompoundPages is not supported; they should become - * splitting first, unmapped, merged, and mapped back in on-demand. - */ - VM_BUG_ON(pmd_present(*pmd) && pmd_pfn(*pmd) != pmd_pfn(*new_pmd)); - old_pmd = *pmd; if (pmd_present(old_pmd)) { + /* + * Multiple vcpus faulting on the same PMD entry, can + * lead to them sequentially updating the PMD with the + * same value. Following the break-before-make + * (pmd_clear() followed by tlb_flush()) process can + * hinder forward progress due to refaults generated + * on missing translations. + * + * Skip updating the page table if the entry is + * unchanged. + */ + if (pmd_val(old_pmd) == pmd_val(*new_pmd)) + return 0; + + /* + * Mapping in huge pages should only happen through a + * fault. If a page is merged into a transparent huge + * page, the individual subpages of that huge page + * should be unmapped through MMU notifiers before we + * get here. + * + * Merging of CompoundPages is not supported; they + * should become splitting first, unmapped, merged, + * and mapped back in on-demand. + */ + VM_BUG_ON(pmd_pfn(old_pmd) != pmd_pfn(*new_pmd)); + pmd_clear(pmd); kvm_tlb_flush_vmid_ipa(kvm, addr); } else {

7 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] arm64: mm: check for upper PAGE_SHIFT bits in pfn_valid()" failed to apply to 3.18-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 3.18-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 5ad356eabc47d26a92140a0c4b20eba471c10de3 Mon Sep 17 00:00:00 2001 From: Greg Hackmann <ghackmann(a)android.com> Date: Wed, 15 Aug 2018 12:51:21 -0700 Subject: [PATCH] arm64: mm: check for upper PAGE_SHIFT bits in pfn_valid() ARM64's pfn_valid() shifts away the upper PAGE_SHIFT bits of the input before seeing if the PFN is valid. This leads to false positives when some of the upper bits are set, but the lower bits match a valid PFN. For example, the following userspace code looks up a bogus entry in /proc/kpageflags: int pagemap = open("/proc/self/pagemap", O_RDONLY); int pageflags = open("/proc/kpageflags", O_RDONLY); uint64_t pfn, val; lseek64(pagemap, [...], SEEK_SET); read(pagemap, &pfn, sizeof(pfn)); if (pfn & (1UL << 63)) { /* valid PFN */ pfn &= ((1UL << 55) - 1); /* clear flag bits */ pfn |= (1UL << 55); lseek64(pageflags, pfn * sizeof(uint64_t), SEEK_SET); read(pageflags, &val, sizeof(val)); } On ARM64 this causes the userspace process to crash with SIGSEGV rather than reading (1 << KPF_NOPAGE). kpageflags_read() treats the offset as valid, and stable_page_flags() will try to access an address between the user and kernel address ranges. Fixes: c1cc1552616d ("arm64: MMU initialisation") Cc: stable(a)vger.kernel.org Signed-off-by: Greg Hackmann <ghackmann(a)google.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> diff --git a/arch/arm64/mm/init.c b/arch/arm64/mm/init.c index 325cfb3b858a..811f9f8b3bb0 100644 --- a/arch/arm64/mm/init.c +++ b/arch/arm64/mm/init.c @@ -287,7 +287,11 @@ static void __init zone_sizes_init(unsigned long min, unsigned long max) #ifdef CONFIG_HAVE_ARCH_PFN_VALID int pfn_valid(unsigned long pfn) { - return memblock_is_map_memory(pfn << PAGE_SHIFT); + phys_addr_t addr = pfn << PAGE_SHIFT; + + if ((addr >> PAGE_SHIFT) != pfn) + return 0; + return memblock_is_map_memory(addr); } EXPORT_SYMBOL(pfn_valid); #endif

7 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] arm64: Fix mismatched cache line size detection" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 4c4a39dd5fe2d13e2d2fa5fceb8ef95d19fc389a Mon Sep 17 00:00:00 2001 From: Suzuki K Poulose <suzuki.poulose(a)arm.com> Date: Wed, 4 Jul 2018 23:07:45 +0100 Subject: [PATCH] arm64: Fix mismatched cache line size detection If there is a mismatch in the I/D min line size, we must always use the system wide safe value both in applications and in the kernel, while performing cache operations. However, we have been checking more bits than just the min line sizes, which triggers false negatives. We may need to trap the user accesses in such cases, but not necessarily patch the kernel. This patch fixes the check to do the right thing as advertised. A new capability will be added to check mismatches in other fields and ensure we trap the CTR accesses. Fixes: be68a8aaf925 ("arm64: cpufeature: Fix CTR_EL0 field definitions") Cc: <stable(a)vger.kernel.org> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Reported-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Suzuki K Poulose <suzuki.poulose(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> diff --git a/arch/arm64/include/asm/cache.h b/arch/arm64/include/asm/cache.h index 5df5cfe1c143..5ee5bca8c24b 100644 --- a/arch/arm64/include/asm/cache.h +++ b/arch/arm64/include/asm/cache.h @@ -21,12 +21,16 @@ #define CTR_L1IP_SHIFT 14 #define CTR_L1IP_MASK 3 #define CTR_DMINLINE_SHIFT 16 +#define CTR_IMINLINE_SHIFT 0 #define CTR_ERG_SHIFT 20 #define CTR_CWG_SHIFT 24 #define CTR_CWG_MASK 15 #define CTR_IDC_SHIFT 28 #define CTR_DIC_SHIFT 29 +#define CTR_CACHE_MINLINE_MASK \ + (0xf << CTR_DMINLINE_SHIFT | 0xf << CTR_IMINLINE_SHIFT) + #define CTR_L1IP(ctr) (((ctr) >> CTR_L1IP_SHIFT) & CTR_L1IP_MASK) #define ICACHE_POLICY_VPIPT 0 diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c index 1d2b6d768efe..5d1fa928ea4b 100644 --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -68,9 +68,11 @@ static bool has_mismatched_cache_line_size(const struct arm64_cpu_capabilities *entry, int scope) { + u64 mask = CTR_CACHE_MINLINE_MASK; + WARN_ON(scope != SCOPE_LOCAL_CPU || preemptible()); - return (read_cpuid_cachetype() & arm64_ftr_reg_ctrel0.strict_mask) != - (arm64_ftr_reg_ctrel0.sys_val & arm64_ftr_reg_ctrel0.strict_mask); + return (read_cpuid_cachetype() & mask) != + (arm64_ftr_reg_ctrel0.sys_val & mask); } static void diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index f24892a40d2c..25d5cef00333 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -214,7 +214,7 @@ static const struct arm64_ftr_bits ftr_ctr[] = { * If we have differing I-cache policies, report it as the weakest - VIPT. */ ARM64_FTR_BITS(FTR_VISIBLE, FTR_NONSTRICT, FTR_EXACT, 14, 2, ICACHE_POLICY_VIPT), /* L1Ip */ - ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, 0, 4, 0), /* IminLine */ + ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, CTR_IMINLINE_SHIFT, 4, 0), ARM64_FTR_END, };

7 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] arm64: Handle mismatched cache type" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 314d53d297980676011e6fd83dac60db4a01dc70 Mon Sep 17 00:00:00 2001 From: Suzuki K Poulose <suzuki.poulose(a)arm.com> Date: Wed, 4 Jul 2018 23:07:46 +0100 Subject: [PATCH] arm64: Handle mismatched cache type Track mismatches in the cache type register (CTR_EL0), other than the D/I min line sizes and trap user accesses if there are any. Fixes: be68a8aaf925 ("arm64: cpufeature: Fix CTR_EL0 field definitions") Cc: <stable(a)vger.kernel.org> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Will Deacon <will.deacon(a)arm.com> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Suzuki K Poulose <suzuki.poulose(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> diff --git a/arch/arm64/include/asm/cpucaps.h b/arch/arm64/include/asm/cpucaps.h index 8a699c708fc9..be3bf3d08916 100644 --- a/arch/arm64/include/asm/cpucaps.h +++ b/arch/arm64/include/asm/cpucaps.h @@ -49,7 +49,8 @@ #define ARM64_HAS_CACHE_DIC 28 #define ARM64_HW_DBM 29 #define ARM64_SSBD 30 +#define ARM64_MISMATCHED_CACHE_TYPE 31 -#define ARM64_NCAPS 31 +#define ARM64_NCAPS 32 #endif /* __ASM_CPUCAPS_H */ diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c index 5d1fa928ea4b..5d59ff9a8da9 100644 --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -65,11 +65,15 @@ is_kryo_midr(const struct arm64_cpu_capabilities *entry, int scope) } static bool -has_mismatched_cache_line_size(const struct arm64_cpu_capabilities *entry, - int scope) +has_mismatched_cache_type(const struct arm64_cpu_capabilities *entry, + int scope) { u64 mask = CTR_CACHE_MINLINE_MASK; + /* Skip matching the min line sizes for cache type check */ + if (entry->capability == ARM64_MISMATCHED_CACHE_TYPE) + mask ^= arm64_ftr_reg_ctrel0.strict_mask; + WARN_ON(scope != SCOPE_LOCAL_CPU || preemptible()); return (read_cpuid_cachetype() & mask) != (arm64_ftr_reg_ctrel0.sys_val & mask); @@ -615,7 +619,14 @@ const struct arm64_cpu_capabilities arm64_errata[] = { { .desc = "Mismatched cache line size", .capability = ARM64_MISMATCHED_CACHE_LINE_SIZE, - .matches = has_mismatched_cache_line_size, + .matches = has_mismatched_cache_type, + .type = ARM64_CPUCAP_LOCAL_CPU_ERRATUM, + .cpu_enable = cpu_enable_trap_ctr_access, + }, + { + .desc = "Mismatched cache type", + .capability = ARM64_MISMATCHED_CACHE_TYPE, + .matches = has_mismatched_cache_type, .type = ARM64_CPUCAP_LOCAL_CPU_ERRATUM, .cpu_enable = cpu_enable_trap_ctr_access, },

7 years, 3 months

1
0
0 0

Resending: Please apply commit d1e20222d537 to 4.14.y and 4.18.y

by Jitendra Bhivare

Subject of the patch: iommu/arm-smmu: Error out only if not enough context interrupts Commit ID: 42b88ec6530fd76f1ae06de7f09830bcbca5bbd6 Why: ARM SMMU does not initialize for Broadcom Stingray SoC if bootloader reserves few contexts. Kernel should not error out if there are enough context interrupts. What kernel versions: 4.14.y and 4.18.y (applies cleanly). Before patching: Kernel does not boot using eMMC on Broadcom Stingray SoC with latest bootloader emitting this error "arm-smmu 64000000.mmu: found only 64 context interrupt(s) but 63 required" After patching: Kernel cleanly boots on the SoC. Thanks, JB

7 years, 3 months

2
1
0 0

Re: [PATCH] nohz: Fix missing tick reprog while interrupting inline timer softirq

by Grygorii Strashko

Hi On 07/31/2018 05:52 PM, Frederic Weisbecker wrote: > Before updating the full nohz tick or the idle time on IRQ exit, we > check first if we are not in a nesting interrupt, whether the inner > interrupt is a hard or a soft IRQ. > > There is a historical reason for that: the dyntick idle mode used to > reprogram the tick on IRQ exit, after softirq processing, and there was > no point in doing that job in the outer nesting interrupt because the > tick update will be performed through the end of the inner interrupt > eventually, with even potential new timer updates. > > One corner case could show up though: if an idle tick interrupts a softirq > executing inline in the idle loop (through a call to local_bh_enable()) > after we entered in dynticks mode, the IRQ won't reprogram the tick > because it assumes the softirq executes on an inner IRQ-tail. As a > result we might put the CPU in sleep mode with the tick completely > stopped whereas a timer can still be enqueued. Indeed there is no tick > reprogramming in local_bh_enable(). We probably asssumed there was no bh > disabled section in idle, although there didn't seem to be debug code > ensuring that. > > Nowadays the nesting interrupt optimization still stands but only concern > full dynticks. The tick is stopped on IRQ exit in full dynticks mode > and we want to wait for the end of the inner IRQ to reprogramm the tick. > But in_interrupt() doesn't make a difference between softirqs executing > on IRQ tail and those executing inline. What was to be considered a > corner case in dynticks-idle mode now becomes a serious opportunity for > a bug in full dynticks mode: if a tick interrupts a task executing > softirq inline, the tick reprogramming will be ignored and we may exit > to userspace after local_bh_enable() with an enqueued timer that will > never fire. > > To fix this, simply keep reprogramming the tick if we are in a hardirq > interrupting softirq. We can still figure out a way later to restore > this optimization while excluding inline softirq processing. > > Reported-by: Anna-Maria Gleixner <anna-maria(a)linutronix.de> > Signed-off-by: Frederic Weisbecker <frederic(a)kernel.org> > Cc: Thomas Gleixner <tglx(a)linutronix.de> > Cc: Ingo Molnar <mingo(a)kernel.org> > Tested-by: Anna-Maria Gleixner <anna-maria(a)linutronix.de> > --- > kernel/softirq.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/kernel/softirq.c b/kernel/softirq.c > index 900dcfe..0980a81 100644 > --- a/kernel/softirq.c > +++ b/kernel/softirq.c > @@ -386,7 +386,7 @@ static inline void tick_irq_exit(void) > > /* Make sure that timer wheel updates are propagated */ > if ((idle_cpu(cpu) && !need_resched()) || tick_nohz_full_cpu(cpu)) { > - if (!in_interrupt()) > + if (!in_irq()) > tick_nohz_irq_exit(); > } > #endif > This patch was back ported to the Stable linux-4.14.y and It causes regression - flood of "NOHZ: local_softirq_pending" messages on all TI boards during boot (NFS boot): [ 4.179796] NOHZ: local_softirq_pending 2c2 in sirq 256 [ 4.185051] NOHZ: local_softirq_pending 2c2 in sirq 256 the same is not reproducible with LKML - seems due to changes in tick-sched.c __tick_nohz_idle_enter()/tick_nohz_irq_exit(). I've generated backtrace from can_stop_idle_tick() (see below) and seems this patch makes tick_nohz_irq_exit() call unconditional in case of nested interrupt: gic_handle_irq |- irq_exit |- preempt_count_sub(HARDIRQ_OFFSET); <-- [1] |-__do_softirq <irqs enabled> |- gic_handle_irq() |- irq_exit() |- tick_irq_exit() if (!in_irq()) <-- My understanding is that this condition will be always true due to [1] tick_nohz_irq_exit(); |-__tick_nohz_idle_enter() |- can_stop_idle_tick() Sry, not sure if my conclusion is right and how can it be fixed. [ 3.842320] NOHZ: local_softirq_pending 40 in sirq 256 [ 3.847485] ------------[ cut here ]------------ [ 3.852133] WARNING: CPU: 0 PID: 0 at kernel/time/tick-sched.c:915 __tick_nohz_idle_enter+0x4b8/0x568 [ 3.861393] Modules linked in: [ 3.864469] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.14.66-01768-gc26f664-dirty #311 [ 3.872506] Hardware name: Generic DRA74X (Flattened Device Tree) [ 3.878623] Backtrace: [ 3.881091] [<c010c050>] (dump_backtrace) from [<c010c320>] (show_stack+0x18/0x1c) [ 3.888696] r7:00000009 r6:600f0193 r5:00000000 r4:c0c5fca4 [ 3.894386] [<c010c308>] (show_stack) from [<c07ad028>] (dump_stack+0x8c/0xa0) [ 3.901645] [<c07acf9c>] (dump_stack) from [<c012e558>] (__warn+0xec/0x104) [ 3.908638] r7:00000009 r6:c0996d08 r5:00000000 r4:00000000 [ 3.914329] [<c012e46c>] (__warn) from [<c012e628>] (warn_slowpath_null+0x28/0x30) [ 3.921933] r9:00000000 r8:e4e1f7de r7:c0c8c1d8 r6:c0c65180 r5:00000000 r4:eed408e8 [ 3.929715] [<c012e600>] (warn_slowpath_null) from [<c01a9780>] (__tick_nohz_idle_enter+0x4b8/0x568) [ 3.938890] [<c01a92c8>] (__tick_nohz_idle_enter) from [<c01a9c74>] (tick_nohz_irq_exit+0x2c/0x30) [ 3.947890] r10:c0c01f50 r9:c0c00000 r8:ee008000 r7:00000000 r6:c0c01ee0 r5:00000048 [ 3.955752] r4:c0b62afc [ 3.958301] [<c01a9c48>] (tick_nohz_irq_exit) from [<c0133748>] (irq_exit+0xf4/0x144) [ 3.966173] [<c0133654>] (irq_exit) from [<c0181e6c>] (__handle_domain_irq+0x68/0xbc) [ 3.974043] [<c0181e04>] (__handle_domain_irq) from [<c0101508>] (gic_handle_irq+0x44/0x80) [ 3.982432] r9:c0c00000 r8:fa213000 r7:fa212000 r6:c0c01dd0 r5:fa21200c r4:c0c03ff0 [ 3.990211] [<c01014c4>] (gic_handle_irq) from [<c010cf4c>] (__irq_svc+0x6c/0xa8) [ 3.997726] Exception stack(0xc0c01dd0 to 0xc0c01e18) [ 4.002800] 1dc0: 00000000 c0c65180 00000000 00000000 [ 4.011017] 1de0: 00000280 00000013 c0c00000 00000000 ee008000 c0c00000 c0c01f50 c0c01e7c [ 4.019232] 1e00: c0c01e80 c0c01e20 c0133730 c01015dc 600f0113 ffffffff [ 4.025877] r9:c0c00000 r8:ee008000 r7:c0c01e04 r6:ffffffff r5:600f0113 r4:c01015dc [ 4.033659] [<c0101548>] (__do_softirq) from [<c0133730>] (irq_exit+0xdc/0x144) [ 4.041002] r10:c0c01f50 r9:c0c00000 r8:ee008000 r7:00000000 r6:00000000 r5:00000013 [ 4.048863] r4:c0b62afc [ 4.051414] [<c0133654>] (irq_exit) from [<c0181e6c>] (__handle_domain_irq+0x68/0xbc) [ 4.059280] [<c0181e04>] (__handle_domain_irq) from [<c0101508>] (gic_handle_irq+0x44/0x80) [ 4.067670] r9:c0c00000 r8:fa213000 r7:fa212000 r6:c0c01ee0 r5:fa21200c r4:c0c03ff0 [ 4.075448] [<c01014c4>] (gic_handle_irq) from [<c010cf4c>] (__irq_svc+0x6c/0xa8) [ 4.082963] Exception stack(0xc0c01ee0 to 0xc0c01f28) [ 4.088041] 1ee0: 00000001 00000000 fe600000 00000000 c0c00000 c0c03cc8 c0c03c68 c0b623b8 [ 4.096258] 1f00: 00000000 00000000 c0c01f50 c0c01f3c c0c01f1c c0c01f30 c0120f14 c0108ae4 [ 4.104469] 1f20: 600f0013 ffffffff [ 4.107975] r9:c0c00000 r8:00000000 r7:c0c01f14 r6:ffffffff r5:600f0013 r4:c0108ae4 [ 4.115760] [<c0108abc>] (arch_cpu_idle) from [<c07c6a14>] (default_idle_call+0x28/0x34) [ 4.123894] [<c07c69ec>] (default_idle_call) from [<c016e4a4>] (do_idle+0x180/0x214) [ 4.131676] [<c016e324>] (do_idle) from [<c016e7fc>] (cpu_startup_entry+0x20/0x24) [ 4.139283] r10:effff7c0 r9:c0b48a30 r8:c0c64000 r7:c0c03c40 r6:ffffffff r5:00000002 [ 4.147146] r4:000000be [ 4.149698] [<c016e7dc>] (cpu_startup_entry) from [<c07c12e4>] (rest_init+0xd8/0xdc) [ 4.157483] [<c07c120c>] (rest_init) from [<c0b00d8c>] (start_kernel+0x3cc/0x3d8) [ 4.164997] r5:c0c64000 r4:c0c6404c [ 4.168592] [<c0b009c0>] (start_kernel) from [<8000807c>] (0x8000807c) [ 4.175148] ---[ end trace 9c10a64bf81ad3fe ]--- -- regards, -grygorii

7 years, 3 months

5
9
0 0

[PATCH v2] x86/nmi: Fix some races in NMI uaccess

by Andy Lutomirski

In NMI context, we might be in the middle of context switching or in the middle of switch_mm_irqs_off(). In either case, CR3 might not match current->mm, which could cause copy_from_user_nmi() and friends to read the wrong memory. Fix it by adding a new nmi_uaccess_okay() helper and checking it in copy_from_user_nmi() and in __copy_from_user_nmi()'s callers. Cc: stable(a)vger.kernel.org Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Nadav Amit <nadav.amit(a)gmail.com> Signed-off-by: Andy Lutomirski <luto(a)kernel.org> --- Nadav, this is intended for your series. Want to add it right before the use_temporary_mm() stuff? Changes from v1: - Improved comments - Add debugging - Fix bugs arch/x86/events/core.c | 2 +- arch/x86/include/asm/tlbflush.h | 44 +++++++++++++++++++++++++++++++++ arch/x86/lib/usercopy.c | 5 ++++ arch/x86/mm/tlb.c | 7 ++++++ 4 files changed, 57 insertions(+), 1 deletion(-) diff --git a/arch/x86/events/core.c b/arch/x86/events/core.c index 5f4829f10129..dfb2f7c0d019 100644 --- a/arch/x86/events/core.c +++ b/arch/x86/events/core.c @@ -2465,7 +2465,7 @@ perf_callchain_user(struct perf_callchain_entry_ctx *entry, struct pt_regs *regs perf_callchain_store(entry, regs->ip); - if (!current->mm) + if (!nmi_uaccess_okay()) return; if (perf_callchain_user32(regs, entry)) diff --git a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h index 29c9da6c62fc..183d36a98b04 100644 --- a/arch/x86/include/asm/tlbflush.h +++ b/arch/x86/include/asm/tlbflush.h @@ -175,8 +175,16 @@ struct tlb_state { * are on. This means that it may not match current->active_mm, * which will contain the previous user mm when we're in lazy TLB * mode even if we've already switched back to swapper_pg_dir. + * + * During switch_mm_irqs_off(), loaded_mm will be set to + * LOADED_MM_SWITCHING during the brief interrupts-off window + * when CR3 and loaded_mm would otherwise be inconsistent. This + * is for nmi_uaccess_okay()'s benefit. */ struct mm_struct *loaded_mm; + +#define LOADED_MM_SWITCHING ((struct mm_struct *)1) + u16 loaded_mm_asid; u16 next_asid; /* last user mm's ctx id */ @@ -246,6 +254,42 @@ struct tlb_state { }; DECLARE_PER_CPU_SHARED_ALIGNED(struct tlb_state, cpu_tlbstate); +/* + * Blindly accessing user memory from NMI context can be dangerous + * if we're in the middle of switching the current user task or + * switching the loaded mm. It can also be dangerous if we + * interrupted some kernel code that was temporarily using a + * different mm. + */ +static inline bool nmi_uaccess_okay(void) +{ + struct mm_struct *loaded_mm = this_cpu_read(cpu_tlbstate.loaded_mm); + struct mm_struct *current_mm = current->mm; + +#ifdef CONFIG_DEBUG_VM + WARN_ON_ONCE(!loaded_mm); +#endif + + /* + * The condition we want to check is + * current_mm->pgd == __va(read_cr3_pa()). This may be slow, though, + * if we're running in a VM with shadow paging, and nmi_uaccess_okay() + * is supposed to be reasonably fast. + * + * Instead, we check the almost equivalent but somewhat conservative + * condition below, and we rely on the fact that switch_mm_irqs_off() + * sets loaded_mm to LOADED_MM_SWITCHING before writing to CR3. + */ + if (loaded_mm != current_mm) + return false; + +#ifdef CONFIG_DEBUG_VM + WARN_ON_ONCE(current_mm->pgd != __va(read_cr3_pa())); +#endif + + return true; +} + /* Initialize cr4 shadow for this CPU. */ static inline void cr4_init_shadow(void) { diff --git a/arch/x86/lib/usercopy.c b/arch/x86/lib/usercopy.c index c8c6ad0d58b8..3f435d7fca5e 100644 --- a/arch/x86/lib/usercopy.c +++ b/arch/x86/lib/usercopy.c @@ -7,6 +7,8 @@ #include <linux/uaccess.h> #include <linux/export.h> +#include <asm/tlbflush.h> + /* * We rely on the nested NMI work to allow atomic faults from the NMI path; the * nested NMI paths are careful to preserve CR2. @@ -19,6 +21,9 @@ copy_from_user_nmi(void *to, const void __user *from, unsigned long n) if (__range_not_ok(from, n, TASK_SIZE)) return n; + if (!nmi_uaccess_okay()) + return n; + /* * Even though this function is typically called from NMI/IRQ context * disable pagefaults so that its behaviour is consistent even when diff --git a/arch/x86/mm/tlb.c b/arch/x86/mm/tlb.c index e721cf2d4290..707d2b2a333f 100644 --- a/arch/x86/mm/tlb.c +++ b/arch/x86/mm/tlb.c @@ -304,6 +304,10 @@ void switch_mm_irqs_off(struct mm_struct *prev, struct mm_struct *next, choose_new_asid(next, next_tlb_gen, &new_asid, &need_flush); + /* Let nmi_uaccess_okay() know that we're changing CR3. */ + this_cpu_write(cpu_tlbstate.loaded_mm, LOADED_MM_SWITCHING); + barrier(); + if (need_flush) { this_cpu_write(cpu_tlbstate.ctxs[new_asid].ctx_id, next->context.ctx_id); this_cpu_write(cpu_tlbstate.ctxs[new_asid].tlb_gen, next_tlb_gen); @@ -334,6 +338,9 @@ void switch_mm_irqs_off(struct mm_struct *prev, struct mm_struct *next, if (next != &init_mm) this_cpu_write(cpu_tlbstate.last_ctx_id, next->context.ctx_id); + /* Make sure we write CR3 before loaded_mm. */ + barrier(); + this_cpu_write(cpu_tlbstate.loaded_mm, next); this_cpu_write(cpu_tlbstate.loaded_mm_asid, new_asid); } -- 2.17.1

7 years, 3 months

5
5
0 0

[PATCH 3/7] mm/hmm: fix race between hmm_mirror_unregister() and mmu_notifier callback

by jglisse＠redhat.com

From: Ralph Campbell <rcampbell(a)nvidia.com> In hmm_mirror_unregister(), mm->hmm is set to NULL and then mmu_notifier_unregister_no_release() is called. That creates a small window where mmu_notifier can call mmu_notifier_ops with mm->hmm equal to NULL. Fix this by first unregistering mmu notifier callbacks and then setting mm->hmm to NULL. Similarly in hmm_register(), set mm->hmm before registering mmu_notifier callbacks so callback functions always see mm->hmm set. Signed-off-by: Ralph Campbell <rcampbell(a)nvidia.com> Reviewed-by: John Hubbard <jhubbard(a)nvidia.com> Reviewed-by: Jérôme Glisse <jglisse(a)redhat.com> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: stable(a)vger.kernel.org --- mm/hmm.c | 36 +++++++++++++++++++++--------------- 1 file changed, 21 insertions(+), 15 deletions(-) diff --git a/mm/hmm.c b/mm/hmm.c index 9a068a1da487..a16678d08127 100644 --- a/mm/hmm.c +++ b/mm/hmm.c @@ -91,16 +91,6 @@ static struct hmm *hmm_register(struct mm_struct *mm) spin_lock_init(&hmm->lock); hmm->mm = mm; - /* - * We should only get here if hold the mmap_sem in write mode ie on - * registration of first mirror through hmm_mirror_register() - */ - hmm->mmu_notifier.ops = &hmm_mmu_notifier_ops; - if (__mmu_notifier_register(&hmm->mmu_notifier, mm)) { - kfree(hmm); - return NULL; - } - spin_lock(&mm->page_table_lock); if (!mm->hmm) mm->hmm = hmm; @@ -108,12 +98,27 @@ static struct hmm *hmm_register(struct mm_struct *mm) cleanup = true; spin_unlock(&mm->page_table_lock); - if (cleanup) { - mmu_notifier_unregister(&hmm->mmu_notifier, mm); - kfree(hmm); - } + if (cleanup) + goto error; + + /* + * We should only get here if hold the mmap_sem in write mode ie on + * registration of first mirror through hmm_mirror_register() + */ + hmm->mmu_notifier.ops = &hmm_mmu_notifier_ops; + if (__mmu_notifier_register(&hmm->mmu_notifier, mm)) + goto error_mm; return mm->hmm; + +error_mm: + spin_lock(&mm->page_table_lock); + if (mm->hmm == hmm) + mm->hmm = NULL; + spin_unlock(&mm->page_table_lock); +error: + kfree(hmm); + return NULL; } void hmm_mm_destroy(struct mm_struct *mm) @@ -278,12 +283,13 @@ void hmm_mirror_unregister(struct hmm_mirror *mirror) if (!should_unregister || mm == NULL) return; + mmu_notifier_unregister_no_release(&hmm->mmu_notifier, mm); + spin_lock(&mm->page_table_lock); if (mm->hmm == hmm) mm->hmm = NULL; spin_unlock(&mm->page_table_lock); - mmu_notifier_unregister_no_release(&hmm->mmu_notifier, mm); kfree(hmm); } EXPORT_SYMBOL(hmm_mirror_unregister); -- 2.17.1

7 years, 3 months

2
1
0 0

[PATCH] vmbus: don't return values for uninitalized channels

by kys＠linuxonhyperv.com

From: Stephen Hemminger <stephen(a)networkplumber.org> For unsupported device types, the vmbus channel ringbuffer is never initialized, and therefore reading the sysfs files will return garbage or cause a kernel OOPS. Fixes: c2e5df616e1a ("vmbus: add per-channel sysfs info") Signed-off-by: Stephen Hemminger <sthemmin(a)microsoft.com> Signed-off-by: K. Y. Srinivasan <kys(a)microsoft.com> Cc: <stable(a)vger.kernel.org> # 4.15 --- drivers/hv/vmbus_drv.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/hv/vmbus_drv.c b/drivers/hv/vmbus_drv.c index e6d8fdac6d8b..4bbc420d1213 100644 --- a/drivers/hv/vmbus_drv.c +++ b/drivers/hv/vmbus_drv.c @@ -1368,6 +1368,9 @@ static ssize_t vmbus_chan_attr_show(struct kobject *kobj, if (!attribute->show) return -EIO; + if (chan->state != CHANNEL_OPENED_STATE) + return -EINVAL; + return attribute->show(chan, buf); } -- 2.18.0

7 years, 3 months

2
1
0 0

[PATCH v2 2/3] x86/mm: add .data..decrypted section to hold shared variables

by Brijesh Singh

kvmclock defines few static variables which are shared with hypervisor during the kvmclock initialization. When SEV is active, memory is encrypted with a guest-specific key, and if guest OS wants to share the memory region with hypervisor then it must clear the C-bit before sharing it. Currently, we use kernel_physical_mapping_init() to split large pages before clearing the C-bit on shared pages. But the kernel_physical_mapping_init fails when called from the kvmclock initialization (mainly because memblock allocator was not ready). The '__decrypted' can be used to define a shared variable; the variables will be put in the .data.decryption section. This section is mapped with C=0 early in the boot, we also ensure that the initialized values are updated to match with C=0 (i.e perform an in-place decryption). The .data..decrypted section is PMD aligned and sized so that we avoid the need to split the large pages when mapping this section. The sme_encrypt_kernel() was used to perform the in-place encryption of the Linux kernel and initrd when SME is active. The routine has been enhanced to decrypt the .data..decryption section for both SME and SEV cases. While reusing the sme_populate_pgd() we found that the function does not update the flags if the pte/pmd entry already exists. The patch updates the function to take care of it. Signed-off-by: Brijesh Singh <brijesh.singh(a)amd.com> Cc: stable(a)vger.kernel.org Cc: Tom Lendacky <thomas.lendacky(a)amd.com> Cc: kvm(a)vger.kernel.org Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Borislav Petkov <bp(a)suse.de> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: linux-kernel(a)vger.kernel.org Cc: Paolo Bonzini <pbonzini(a)redhat.com> Cc: Sean Christopherson <sean.j.christopherson(a)intel.com> Cc: kvm(a)vger.kernel.org Cc: "Radim Krčmář" <rkrcmar(a)redhat.com> --- arch/x86/include/asm/mem_encrypt.h | 6 +++ arch/x86/kernel/head64.c | 9 ++++ arch/x86/kernel/vmlinux.lds.S | 17 +++++++ arch/x86/mm/mem_encrypt_identity.c | 100 +++++++++++++++++++++++++++++-------- 4 files changed, 112 insertions(+), 20 deletions(-) diff --git a/arch/x86/include/asm/mem_encrypt.h b/arch/x86/include/asm/mem_encrypt.h index c064383..802b2eb 100644 --- a/arch/x86/include/asm/mem_encrypt.h +++ b/arch/x86/include/asm/mem_encrypt.h @@ -52,6 +52,8 @@ void __init mem_encrypt_init(void); bool sme_active(void); bool sev_active(void); +#define __decrypted __attribute__((__section__(".data..decrypted"))) + #else /* !CONFIG_AMD_MEM_ENCRYPT */ #define sme_me_mask 0ULL @@ -77,6 +79,8 @@ early_set_memory_decrypted(unsigned long vaddr, unsigned long size) { return 0; static inline int __init early_set_memory_encrypted(unsigned long vaddr, unsigned long size) { return 0; } +#define __decrypted + #endif /* CONFIG_AMD_MEM_ENCRYPT */ /* @@ -88,6 +92,8 @@ early_set_memory_encrypted(unsigned long vaddr, unsigned long size) { return 0; #define __sme_pa(x) (__pa(x) | sme_me_mask) #define __sme_pa_nodebug(x) (__pa_nodebug(x) | sme_me_mask) +extern char __start_data_decrypted[], __end_data_decrypted[]; + #endif /* __ASSEMBLY__ */ #endif /* __X86_MEM_ENCRYPT_H__ */ diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c index 8047379..3e03129 100644 --- a/arch/x86/kernel/head64.c +++ b/arch/x86/kernel/head64.c @@ -112,6 +112,7 @@ static bool __head check_la57_support(unsigned long physaddr) unsigned long __head __startup_64(unsigned long physaddr, struct boot_params *bp) { + unsigned long vaddr, vaddr_end; unsigned long load_delta, *p; unsigned long pgtable_flags; pgdval_t *pgd; @@ -234,6 +235,14 @@ unsigned long __head __startup_64(unsigned long physaddr, /* Encrypt the kernel and related (if SME is active) */ sme_encrypt_kernel(bp); + /* Clear the memory encryption mask from the decrypted section */ + vaddr = (unsigned long)__start_data_decrypted; + vaddr_end = (unsigned long)__end_data_decrypted; + for (; vaddr < vaddr_end; vaddr += PMD_SIZE) { + i = pmd_index(vaddr); + pmd[i] -= sme_get_me_mask(); + } + /* * Return the SME encryption mask (if SME is active) to be used as a * modifier for the initial pgdir entry programmed into CR3. diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S index 8bde0a4..0ef9320 100644 --- a/arch/x86/kernel/vmlinux.lds.S +++ b/arch/x86/kernel/vmlinux.lds.S @@ -89,6 +89,21 @@ PHDRS { note PT_NOTE FLAGS(0); /* ___ */ } +/* + * This section contains data which will be mapped as decrypted. Memory + * encryption operates on a page basis. But we make this section a pmd + * aligned to avoid spliting the pages while mapping the section early. + * + * Note: We use a separate section so that only this section gets + * decrypted to avoid exposing more than we wish. + */ +#define DATA_DECRYPTED_SECTION \ + . = ALIGN(PMD_SIZE); \ + __start_data_decrypted = .; \ + *(.data..decrypted); \ + . = ALIGN(PMD_SIZE); \ + __end_data_decrypted = .; \ + SECTIONS { #ifdef CONFIG_X86_32 @@ -171,6 +186,8 @@ SECTIONS /* rarely changed data like cpu maps */ READ_MOSTLY_DATA(INTERNODE_CACHE_BYTES) + DATA_DECRYPTED_SECTION + /* End of data section */ _edata = .; } :data diff --git a/arch/x86/mm/mem_encrypt_identity.c b/arch/x86/mm/mem_encrypt_identity.c index bf6097e..88c1cce 100644 --- a/arch/x86/mm/mem_encrypt_identity.c +++ b/arch/x86/mm/mem_encrypt_identity.c @@ -51,6 +51,8 @@ (_PAGE_PAT | _PAGE_PWT)) #define PMD_FLAGS_ENC (PMD_FLAGS_LARGE | _PAGE_ENC) +#define PMD_FLAGS_ENC_WP ((PMD_FLAGS_ENC & ~_PAGE_CACHE_MASK) | \ + (_PAGE_PAT | _PAGE_PWT)) #define PTE_FLAGS (__PAGE_KERNEL_EXEC & ~_PAGE_GLOBAL) @@ -59,6 +61,8 @@ (_PAGE_PAT | _PAGE_PWT)) #define PTE_FLAGS_ENC (PTE_FLAGS | _PAGE_ENC) +#define PTE_FLAGS_ENC_WP ((PTE_FLAGS_ENC & ~_PAGE_CACHE_MASK) | \ + (_PAGE_PAT | _PAGE_PWT)) struct sme_populate_pgd_data { void *pgtable_area; @@ -154,9 +158,6 @@ static void __init sme_populate_pgd_large(struct sme_populate_pgd_data *ppd) return; pmd = pmd_offset(pud, ppd->vaddr); - if (pmd_large(*pmd)) - return; - set_pmd(pmd, __pmd(ppd->paddr | ppd->pmd_flags)); } @@ -182,8 +183,7 @@ static void __init sme_populate_pgd(struct sme_populate_pgd_data *ppd) return; pte = pte_offset_map(pmd, ppd->vaddr); - if (pte_none(*pte)) - set_pte(pte, __pte(ppd->paddr | ppd->pte_flags)); + set_pte(pte, __pte(ppd->paddr | ppd->pte_flags)); } static void __init __sme_map_range_pmd(struct sme_populate_pgd_data *ppd) @@ -235,6 +235,11 @@ static void __init sme_map_range_encrypted(struct sme_populate_pgd_data *ppd) __sme_map_range(ppd, PMD_FLAGS_ENC, PTE_FLAGS_ENC); } +static void __init sme_map_range_encrypted_wp(struct sme_populate_pgd_data *ppd) +{ + __sme_map_range(ppd, PMD_FLAGS_ENC_WP, PTE_FLAGS_ENC_WP); +} + static void __init sme_map_range_decrypted(struct sme_populate_pgd_data *ppd) { __sme_map_range(ppd, PMD_FLAGS_DEC, PTE_FLAGS_DEC); @@ -382,7 +387,10 @@ static void __init build_workarea_map(struct boot_params *bp, ppd->paddr = workarea_start; ppd->vaddr = workarea_start; ppd->vaddr_end = workarea_end; - sme_map_range_decrypted(ppd); + if (sev_active()) + sme_map_range_encrypted(ppd); + else + sme_map_range_decrypted(ppd); /* Flush the TLB - no globals so cr3 is enough */ native_write_cr3(__native_read_cr3()); @@ -439,16 +447,27 @@ static void __init build_workarea_map(struct boot_params *bp, sme_map_range_decrypted_wp(ppd); } - /* Add decrypted workarea mappings to both kernel mappings */ + /* + * When SEV is active, kernel is already encrypted hence mapping + * the initial workarea_start as encrypted. When SME is active, + * the kernel is not encrypted hence add a decrypted workarea + * mappings to both kernel mappings. + */ ppd->paddr = workarea_start; ppd->vaddr = workarea_start; ppd->vaddr_end = workarea_end; - sme_map_range_decrypted(ppd); + if (sev_active()) + sme_map_range_encrypted(ppd); + else + sme_map_range_decrypted(ppd); ppd->paddr = workarea_start; ppd->vaddr = workarea_start + decrypted_base; ppd->vaddr_end = workarea_end + decrypted_base; - sme_map_range_decrypted(ppd); + if (sev_active()) + sme_map_range_encrypted(ppd); + else + sme_map_range_decrypted(ppd); wa->kernel_start = kernel_start; wa->kernel_end = kernel_end; @@ -491,28 +510,69 @@ static void __init remove_workarea_map(struct sme_workarea_data *wa, native_write_cr3(__native_read_cr3()); } +static void __init decrypt_data_decrypted_section(struct sme_workarea_data *wa, + struct sme_populate_pgd_data *ppd) +{ + unsigned long decrypted_start, decrypted_end, decrypted_len; + + /* Physical addresses of decrypted data section */ + decrypted_start = __pa_symbol(__start_data_decrypted); + decrypted_end = ALIGN(__pa_symbol(__end_data_decrypted), PMD_PAGE_SIZE); + decrypted_len = decrypted_end - decrypted_start; + + if (!decrypted_len) + return; + + /* Add decrypted mapping for the section (identity) */ + ppd->paddr = decrypted_start; + ppd->vaddr = decrypted_start; + ppd->vaddr_end = decrypted_end; + sme_map_range_decrypted(ppd); + + /* Add encrypted-wp mapping for the section (non-identity) */ + ppd->paddr = decrypted_start; + ppd->vaddr = decrypted_start + wa->decrypted_base; + ppd->vaddr_end = decrypted_end + wa->decrypted_base; + sme_map_range_encrypted_wp(ppd); + + /* Perform in-place decryption */ + sme_encrypt_execute(decrypted_start, + decrypted_start + wa->decrypted_base, + decrypted_len, wa->workarea_start, + (unsigned long)ppd->pgd); + + ppd->vaddr = decrypted_start + wa->decrypted_base; + ppd->vaddr_end = decrypted_end + wa->decrypted_base; + sme_clear_pgd(ppd); +} + void __init sme_encrypt_kernel(struct boot_params *bp) { struct sme_populate_pgd_data ppd; struct sme_workarea_data wa; - if (!sme_active()) + if (!mem_encrypt_active()) return; build_workarea_map(bp, &wa, &ppd); - /* When SEV is active, encrypt kernel and initrd */ - sme_encrypt_execute(wa.kernel_start, - wa.kernel_start + wa.decrypted_base, - wa.kernel_len, wa.workarea_start, - (unsigned long)ppd.pgd); - - if (wa.initrd_len) - sme_encrypt_execute(wa.initrd_start, - wa.initrd_start + wa.decrypted_base, - wa.initrd_len, wa.workarea_start, + /* When SME is active, encrypt kernel and initrd */ + if (sme_active()) { + sme_encrypt_execute(wa.kernel_start, + wa.kernel_start + wa.decrypted_base, + wa.kernel_len, wa.workarea_start, (unsigned long)ppd.pgd); + if (wa.initrd_len) + sme_encrypt_execute(wa.initrd_start, + wa.initrd_start + wa.decrypted_base, + wa.initrd_len, wa.workarea_start, + (unsigned long)ppd.pgd); + } + + /* Decrypt the contents of .data..decrypted section */ + decrypt_data_decrypted_section(&wa, &ppd); + remove_workarea_map(&wa, &ppd); } -- 2.7.4

7 years, 3 months

3
7
0 0

[PATCH v4] drm/i915: Re-apply "Perform link quality check, unconditionally during long pulse"

by Lyude Paul

From: Jan-Marek Glogowski <glogow(a)fbihome.de> This re-applies the workaround for "some DP sinks, [which] are a little nuts" from commit 1a36147bb939 ("drm/i915: Perform link quality check unconditionally during long pulse"). It makes the secondary AOC E2460P monitor connected via DP to an acer Veriton N4640G usable again. This hunk was dropped in commit c85d200e8321 ("drm/i915: Move SST DP link retraining into the ->post_hotplug() hook") Fixes: c85d200e8321 ("drm/i915: Move SST DP link retraining into the ->post_hotplug() hook") [Cleaned up commit message, added stable cc] Signed-off-by: Lyude Paul <lyude(a)redhat.com> Signed-off-by: Jan-Marek Glogowski <glogow(a)fbihome.de> Cc: stable(a)vger.kernel.org --- Resending this to update patchwork; will push in a little bit drivers/gpu/drm/i915/intel_dp.c | 33 +++++++++++++++++++-------------- 1 file changed, 19 insertions(+), 14 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_dp.c b/drivers/gpu/drm/i915/intel_dp.c index b3f6f04c3c7d..db8515171270 100644 --- a/drivers/gpu/drm/i915/intel_dp.c +++ b/drivers/gpu/drm/i915/intel_dp.c @@ -4333,18 +4333,6 @@ intel_dp_needs_link_retrain(struct intel_dp *intel_dp) return !drm_dp_channel_eq_ok(link_status, intel_dp->lane_count); } -/* - * If display is now connected check links status, - * there has been known issues of link loss triggering - * long pulse. - * - * Some sinks (eg. ASUS PB287Q) seem to perform some - * weird HPD ping pong during modesets. So we can apparently - * end up with HPD going low during a modeset, and then - * going back up soon after. And once that happens we must - * retrain the link to get a picture. That's in case no - * userspace component reacted to intermittent HPD dip. - */ int intel_dp_retrain_link(struct intel_encoder *encoder, struct drm_modeset_acquire_ctx *ctx) { @@ -5031,7 +5019,8 @@ intel_dp_unset_edid(struct intel_dp *intel_dp) } static int -intel_dp_long_pulse(struct intel_connector *connector) +intel_dp_long_pulse(struct intel_connector *connector, + struct drm_modeset_acquire_ctx *ctx) { struct drm_i915_private *dev_priv = to_i915(connector->base.dev); struct intel_dp *intel_dp = intel_attached_dp(&connector->base); @@ -5090,6 +5079,22 @@ intel_dp_long_pulse(struct intel_connector *connector) */ status = connector_status_disconnected; goto out; + } else { + /* + * If display is now connected check links status, + * there has been known issues of link loss triggering + * long pulse. + * + * Some sinks (eg. ASUS PB287Q) seem to perform some + * weird HPD ping pong during modesets. So we can apparently + * end up with HPD going low during a modeset, and then + * going back up soon after. And once that happens we must + * retrain the link to get a picture. That's in case no + * userspace component reacted to intermittent HPD dip. + */ + struct intel_encoder *encoder = &dp_to_dig_port(intel_dp)->base; + + intel_dp_retrain_link(encoder, ctx); } /* @@ -5151,7 +5156,7 @@ intel_dp_detect(struct drm_connector *connector, return ret; } - status = intel_dp_long_pulse(intel_dp->attached_connector); + status = intel_dp_long_pulse(intel_dp->attached_connector, ctx); } intel_dp->detect_done = false; -- 2.17.1

7 years, 3 months

5
9
0 0

[PATCH] PM / devfreq: Add new name attribute for sysfs

by Chanwoo Choi

commit 4585fbcb5331 ("PM / devfreq: Modify the device name as devfreq(X) for sysfs") changed the node name to devfreq(x). After this commit, it is not possible to get the device name through /sys/class/devfreq/devfreq(X)/*. Add new name attribute in order to get device name. Cc: stable(a)vger.kernel.org Fixes: 4585fbcb5331 ("PM / devfreq: Modify the device name as devfreq(X) for sysfs") Signed-off-by: Chanwoo Choi <cw00.choi(a)samsung.com> --- drivers/devfreq/devfreq.c | 11 +++++++++++ include/linux/devfreq.h | 3 +++ 2 files changed, 14 insertions(+) diff --git a/drivers/devfreq/devfreq.c b/drivers/devfreq/devfreq.c index 4c49bb1330b5..2145563d5ee5 100644 --- a/drivers/devfreq/devfreq.c +++ b/drivers/devfreq/devfreq.c @@ -620,6 +620,9 @@ struct devfreq *devfreq_add_device(struct device *dev, } devfreq->max_freq = devfreq->scaling_max_freq; + devfreq->name = dev_name(devfreq->dev.parent); + if (IS_ERR_OR_NULL(devfreq->name)) + return -EINVAL; dev_set_name(&devfreq->dev, "devfreq%d", atomic_inc_return(&devfreq_no)); err = device_register(&devfreq->dev); @@ -1261,6 +1264,13 @@ static ssize_t trans_stat_show(struct device *dev, } static DEVICE_ATTR_RO(trans_stat); +static ssize_t name_show(struct device *dev, + struct device_attribute *attr, char *buf) +{ + return sprintf(buf, "%s\n", to_devfreq(dev)->name); +} +static DEVICE_ATTR_RO(name); + static struct attribute *devfreq_attrs[] = { &dev_attr_governor.attr, &dev_attr_available_governors.attr, @@ -1271,6 +1281,7 @@ static ssize_t trans_stat_show(struct device *dev, &dev_attr_min_freq.attr, &dev_attr_max_freq.attr, &dev_attr_trans_stat.attr, + &dev_attr_name.attr, NULL, }; ATTRIBUTE_GROUPS(devfreq); diff --git a/include/linux/devfreq.h b/include/linux/devfreq.h index 3aae5b3af87c..f79b5a666102 100644 --- a/include/linux/devfreq.h +++ b/include/linux/devfreq.h @@ -111,6 +111,7 @@ struct devfreq_dev_profile { /** * struct devfreq - Device devfreq structure + * @name: name of the device * @node: list node - contains the devices with devfreq that have been * registered. * @lock: a mutex to protect accessing devfreq. @@ -146,6 +147,8 @@ struct devfreq_dev_profile { * to protect its own private data in void *data as well. */ struct devfreq { + const char *name; + struct list_head node; struct mutex lock; -- 1.9.1

7 years, 3 months

3
4
0 0

[PATCH RESEND v3 1/6] drm/nouveau: Check backlight IDs are >= 0, not > 0

by Lyude Paul

Remember, ida IDs start at 0, not 1! Signed-off-by: Lyude Paul <lyude(a)redhat.com> Reviewed-by: Karol Herbst <kherbst(a)redhat.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/nouveau/nouveau_backlight.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/nouveau/nouveau_backlight.c b/drivers/gpu/drm/nouveau/nouveau_backlight.c index 408b955e5c39..6dd72bc32897 100644 --- a/drivers/gpu/drm/nouveau/nouveau_backlight.c +++ b/drivers/gpu/drm/nouveau/nouveau_backlight.c @@ -116,7 +116,7 @@ nv40_backlight_init(struct drm_connector *connector) &nv40_bl_ops, &props); if (IS_ERR(bd)) { - if (bl_connector.id > 0) + if (bl_connector.id >= 0) ida_simple_remove(&bl_ida, bl_connector.id); return PTR_ERR(bd); } @@ -249,7 +249,7 @@ nv50_backlight_init(struct drm_connector *connector) nv_encoder, ops, &props); if (IS_ERR(bd)) { - if (bl_connector.id > 0) + if (bl_connector.id >= 0) ida_simple_remove(&bl_ida, bl_connector.id); return PTR_ERR(bd); } -- 2.17.1

7 years, 3 months

1
0
0 0

[PATCH v2 1/5] drm/nouveau: Check backlight IDs are >= 0, not > 0

by Lyude Paul

Remember, ida IDs start at 0, not 1! Signed-off-by: Lyude Paul <lyude(a)redhat.com> Reviewed-by: Karol Herbst <kherbst(a)redhat.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/nouveau/nouveau_backlight.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/nouveau/nouveau_backlight.c b/drivers/gpu/drm/nouveau/nouveau_backlight.c index 408b955e5c39..6dd72bc32897 100644 --- a/drivers/gpu/drm/nouveau/nouveau_backlight.c +++ b/drivers/gpu/drm/nouveau/nouveau_backlight.c @@ -116,7 +116,7 @@ nv40_backlight_init(struct drm_connector *connector) &nv40_bl_ops, &props); if (IS_ERR(bd)) { - if (bl_connector.id > 0) + if (bl_connector.id >= 0) ida_simple_remove(&bl_ida, bl_connector.id); return PTR_ERR(bd); } @@ -249,7 +249,7 @@ nv50_backlight_init(struct drm_connector *connector) nv_encoder, ops, &props); if (IS_ERR(bd)) { - if (bl_connector.id > 0) + if (bl_connector.id >= 0) ida_simple_remove(&bl_ida, bl_connector.id); return PTR_ERR(bd); } -- 2.17.1

7 years, 3 months

1
0
0 0

[PATCH v2 2/2] ARM: dts: exynos: Mark 1GHz CPU OPP as suspend OPP

by Marek Szyprowski

1GHz CPU OPP is the default boot value for the Exynos5250 SOC, so mark it as suspend OPP. This fixes suspend/resume on Samsung Exynos5250 Snow Chomebook, which was broken since switching to generic cpufreq-dt driver in v4.3. CC: <stable(a)vger.kernel.org> # 4.3.x: cd6f55457eb4 ARM: dts: exynos: Remove "cooling-{min|max}-level" for CPU nodes CC: <stable(a)vger.kernel.org> # 4.3.x: 672f33198bee arm: dts: exynos: Add missing cooling device properties for CPUs CC: <stable(a)vger.kernel.org> # 4.3.x Signed-off-by: Marek Szyprowski <m.szyprowski(a)samsung.com> Reviewed-by: Chanwoo Choi <cw00.choi(a)samsung.com> Acked-by: Bartlomiej Zolnierkiewicz <b.zolnierkie(a)samsung.com> --- arch/arm/boot/dts/exynos5250.dtsi | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/arm/boot/dts/exynos5250.dtsi b/arch/arm/boot/dts/exynos5250.dtsi index 8746189990eb..b85527faa6ea 100644 --- a/arch/arm/boot/dts/exynos5250.dtsi +++ b/arch/arm/boot/dts/exynos5250.dtsi @@ -118,6 +118,7 @@ opp-hz = /bits/ 64 <1000000000>; opp-microvolt = <1075000>; clock-latency-ns = <140000>; + opp-suspend; }; opp-1100000000 { opp-hz = /bits/ 64 <1100000000>; -- 2.17.1

7 years, 3 months

2
1
0 0

[PATCH v2 1/2] ARM: dts: exynos: Convert exynos5250.dtsi to opp-v2 bindings

by Marek Szyprowski

Convert Exynos5250 to OPP-v2 bindings. This is a preparation to add proper support for suspend operation point, which cannot be marked in opp-v1. CC: <stable(a)vger.kernel.org> # 4.3.x: cd6f55457eb4 ARM: dts: exynos: Remove "cooling-{min|max}-level" for CPU nodes CC: <stable(a)vger.kernel.org> # 4.3.x: 672f33198bee arm: dts: exynos: Add missing cooling device properties for CPUs CC: <stable(a)vger.kernel.org> # 4.3.x Signed-off-by: Marek Szyprowski <m.szyprowski(a)samsung.com> Reviewed-by: Chanwoo Choi <cw00.choi(a)samsung.com> Acked-by: Bartlomiej Zolnierkiewicz <b.zolnierkie(a)samsung.com> --- arch/arm/boot/dts/exynos5250.dtsi | 130 ++++++++++++++++++++---------- 1 file changed, 88 insertions(+), 42 deletions(-) diff --git a/arch/arm/boot/dts/exynos5250.dtsi b/arch/arm/boot/dts/exynos5250.dtsi index da163a40af15..8746189990eb 100644 --- a/arch/arm/boot/dts/exynos5250.dtsi +++ b/arch/arm/boot/dts/exynos5250.dtsi @@ -54,62 +54,108 @@ device_type = "cpu"; compatible = "arm,cortex-a15"; reg = <0>; - clock-frequency = <1700000000>; clocks = <&clock CLK_ARM_CLK>; clock-names = "cpu"; - clock-latency = <140000>; - - operating-points = < - 1700000 1300000 - 1600000 1250000 - 1500000 1225000 - 1400000 1200000 - 1300000 1150000 - 1200000 1125000 - 1100000 1100000 - 1000000 1075000 - 900000 1050000 - 800000 1025000 - 700000 1012500 - 600000 1000000 - 500000 975000 - 400000 950000 - 300000 937500 - 200000 925000 - >; + operating-points-v2 = <&cpu0_opp_table>; #cooling-cells = <2>; /* min followed by max */ }; cpu@1 { device_type = "cpu"; compatible = "arm,cortex-a15"; reg = <1>; - clock-frequency = <1700000000>; clocks = <&clock CLK_ARM_CLK>; clock-names = "cpu"; - clock-latency = <140000>; - - operating-points = < - 1700000 1300000 - 1600000 1250000 - 1500000 1225000 - 1400000 1200000 - 1300000 1150000 - 1200000 1125000 - 1100000 1100000 - 1000000 1075000 - 900000 1050000 - 800000 1025000 - 700000 1012500 - 600000 1000000 - 500000 975000 - 400000 950000 - 300000 937500 - 200000 925000 - >; + operating-points-v2 = <&cpu0_opp_table>; #cooling-cells = <2>; /* min followed by max */ }; }; + cpu0_opp_table: opp_table0 { + compatible = "operating-points-v2"; + opp-shared; + + opp-200000000 { + opp-hz = /bits/ 64 <200000000>; + opp-microvolt = <925000>; + clock-latency-ns = <140000>; + }; + opp-300000000 { + opp-hz = /bits/ 64 <300000000>; + opp-microvolt = <937500>; + clock-latency-ns = <140000>; + }; + opp-400000000 { + opp-hz = /bits/ 64 <400000000>; + opp-microvolt = <950000>; + clock-latency-ns = <140000>; + }; + opp-500000000 { + opp-hz = /bits/ 64 <500000000>; + opp-microvolt = <975000>; + clock-latency-ns = <140000>; + }; + opp-600000000 { + opp-hz = /bits/ 64 <600000000>; + opp-microvolt = <1000000>; + clock-latency-ns = <140000>; + }; + opp-700000000 { + opp-hz = /bits/ 64 <700000000>; + opp-microvolt = <1012500>; + clock-latency-ns = <140000>; + }; + opp-800000000 { + opp-hz = /bits/ 64 <800000000>; + opp-microvolt = <1025000>; + clock-latency-ns = <140000>; + }; + opp-900000000 { + opp-hz = /bits/ 64 <900000000>; + opp-microvolt = <1050000>; + clock-latency-ns = <140000>; + }; + opp-1000000000 { + opp-hz = /bits/ 64 <1000000000>; + opp-microvolt = <1075000>; + clock-latency-ns = <140000>; + }; + opp-1100000000 { + opp-hz = /bits/ 64 <1100000000>; + opp-microvolt = <1100000>; + clock-latency-ns = <140000>; + }; + opp-1200000000 { + opp-hz = /bits/ 64 <1200000000>; + opp-microvolt = <1125000>; + clock-latency-ns = <140000>; + }; + opp-1300000000 { + opp-hz = /bits/ 64 <1300000000>; + opp-microvolt = <1150000>; + clock-latency-ns = <140000>; + }; + opp-1400000000 { + opp-hz = /bits/ 64 <1400000000>; + opp-microvolt = <1200000>; + clock-latency-ns = <140000>; + }; + opp-1500000000 { + opp-hz = /bits/ 64 <1500000000>; + opp-microvolt = <1225000>; + clock-latency-ns = <140000>; + }; + opp-1600000000 { + opp-hz = /bits/ 64 <1600000000>; + opp-microvolt = <1250000>; + clock-latency-ns = <140000>; + }; + opp-1700000000 { + opp-hz = /bits/ 64 <1700000000>; + opp-microvolt = <1300000>; + clock-latency-ns = <140000>; + }; + }; + soc: soc { sysram@2020000 { compatible = "mmio-sram"; -- 2.17.1

7 years, 3 months

2
1
0 0

FAILED: patch "[PATCH] Btrfs: fix mount failure after fsync due to hard link" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 0d836392cadd5535f4184d46d901a82eb276ed62 Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Fri, 20 Jul 2018 10:59:06 +0100 Subject: [PATCH] Btrfs: fix mount failure after fsync due to hard link recreation If we end up with logging an inode reference item which has the same name but different index from the one we have persisted, we end up failing when replaying the log with an errno value of -EEXIST. The error comes from btrfs_add_link(), which is called from add_inode_ref(), when we are replaying an inode reference item. Example scenario where this happens: $ mkfs.btrfs -f /dev/sdb $ mount /dev/sdb /mnt $ touch /mnt/foo $ ln /mnt/foo /mnt/bar $ sync # Rename the first hard link (foo) to a new name and rename the second # hard link (bar) to the old name of the first hard link (foo). $ mv /mnt/foo /mnt/qwerty $ mv /mnt/bar /mnt/foo # Create a new file, in the same parent directory, with the old name of # the second hard link (bar) and fsync this new file. # We do this instead of calling fsync on foo/qwerty because if we did # that the fsync resulted in a full transaction commit, not triggering # the problem. $ touch /mnt/bar $ xfs_io -c "fsync" /mnt/bar <power fail> $ mount /dev/sdb /mnt mount: mount /dev/sdb on /mnt failed: File exists So fix this by checking if a conflicting inode reference exists (same name, same parent but different index), removing it (and the associated dir index entries from the parent inode) if it exists, before attempting to add the new reference. A test case for fstests follows soon. CC: stable(a)vger.kernel.org # 4.4+ Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c index 10f6a4223897..033aeebbe9de 100644 --- a/fs/btrfs/tree-log.c +++ b/fs/btrfs/tree-log.c @@ -1290,6 +1290,46 @@ static int unlink_old_inode_refs(struct btrfs_trans_handle *trans, return ret; } +static int btrfs_inode_ref_exists(struct inode *inode, struct inode *dir, + const u8 ref_type, const char *name, + const int namelen) +{ + struct btrfs_key key; + struct btrfs_path *path; + const u64 parent_id = btrfs_ino(BTRFS_I(dir)); + int ret; + + path = btrfs_alloc_path(); + if (!path) + return -ENOMEM; + + key.objectid = btrfs_ino(BTRFS_I(inode)); + key.type = ref_type; + if (key.type == BTRFS_INODE_REF_KEY) + key.offset = parent_id; + else + key.offset = btrfs_extref_hash(parent_id, name, namelen); + + ret = btrfs_search_slot(NULL, BTRFS_I(inode)->root, &key, path, 0, 0); + if (ret < 0) + goto out; + if (ret > 0) { + ret = 0; + goto out; + } + if (key.type == BTRFS_INODE_EXTREF_KEY) + ret = btrfs_find_name_in_ext_backref(path->nodes[0], + path->slots[0], parent_id, + name, namelen, NULL); + else + ret = btrfs_find_name_in_backref(path->nodes[0], path->slots[0], + name, namelen, NULL); + +out: + btrfs_free_path(path); + return ret; +} + /* * replay one inode back reference item found in the log tree. * eb, slot and key refer to the buffer and key found in the log tree. @@ -1399,6 +1439,32 @@ static noinline int add_inode_ref(struct btrfs_trans_handle *trans, } } + /* + * If a reference item already exists for this inode + * with the same parent and name, but different index, + * drop it and the corresponding directory index entries + * from the parent before adding the new reference item + * and dir index entries, otherwise we would fail with + * -EEXIST returned from btrfs_add_link() below. + */ + ret = btrfs_inode_ref_exists(inode, dir, key->type, + name, namelen); + if (ret > 0) { + ret = btrfs_unlink_inode(trans, root, + BTRFS_I(dir), + BTRFS_I(inode), + name, namelen); + /* + * If we dropped the link count to 0, bump it so + * that later the iput() on the inode will not + * free it. We will fixup the link count later. + */ + if (!ret && inode->i_nlink == 0) + inc_nlink(inode); + } + if (ret < 0) + goto out; + /* insert our name */ ret = btrfs_add_link(trans, BTRFS_I(dir), BTRFS_I(inode),

7 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] Btrfs: fix mount failure after fsync due to hard link" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 0d836392cadd5535f4184d46d901a82eb276ed62 Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Fri, 20 Jul 2018 10:59:06 +0100 Subject: [PATCH] Btrfs: fix mount failure after fsync due to hard link recreation If we end up with logging an inode reference item which has the same name but different index from the one we have persisted, we end up failing when replaying the log with an errno value of -EEXIST. The error comes from btrfs_add_link(), which is called from add_inode_ref(), when we are replaying an inode reference item. Example scenario where this happens: $ mkfs.btrfs -f /dev/sdb $ mount /dev/sdb /mnt $ touch /mnt/foo $ ln /mnt/foo /mnt/bar $ sync # Rename the first hard link (foo) to a new name and rename the second # hard link (bar) to the old name of the first hard link (foo). $ mv /mnt/foo /mnt/qwerty $ mv /mnt/bar /mnt/foo # Create a new file, in the same parent directory, with the old name of # the second hard link (bar) and fsync this new file. # We do this instead of calling fsync on foo/qwerty because if we did # that the fsync resulted in a full transaction commit, not triggering # the problem. $ touch /mnt/bar $ xfs_io -c "fsync" /mnt/bar <power fail> $ mount /dev/sdb /mnt mount: mount /dev/sdb on /mnt failed: File exists So fix this by checking if a conflicting inode reference exists (same name, same parent but different index), removing it (and the associated dir index entries from the parent inode) if it exists, before attempting to add the new reference. A test case for fstests follows soon. CC: stable(a)vger.kernel.org # 4.4+ Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c index 10f6a4223897..033aeebbe9de 100644 --- a/fs/btrfs/tree-log.c +++ b/fs/btrfs/tree-log.c @@ -1290,6 +1290,46 @@ static int unlink_old_inode_refs(struct btrfs_trans_handle *trans, return ret; } +static int btrfs_inode_ref_exists(struct inode *inode, struct inode *dir, + const u8 ref_type, const char *name, + const int namelen) +{ + struct btrfs_key key; + struct btrfs_path *path; + const u64 parent_id = btrfs_ino(BTRFS_I(dir)); + int ret; + + path = btrfs_alloc_path(); + if (!path) + return -ENOMEM; + + key.objectid = btrfs_ino(BTRFS_I(inode)); + key.type = ref_type; + if (key.type == BTRFS_INODE_REF_KEY) + key.offset = parent_id; + else + key.offset = btrfs_extref_hash(parent_id, name, namelen); + + ret = btrfs_search_slot(NULL, BTRFS_I(inode)->root, &key, path, 0, 0); + if (ret < 0) + goto out; + if (ret > 0) { + ret = 0; + goto out; + } + if (key.type == BTRFS_INODE_EXTREF_KEY) + ret = btrfs_find_name_in_ext_backref(path->nodes[0], + path->slots[0], parent_id, + name, namelen, NULL); + else + ret = btrfs_find_name_in_backref(path->nodes[0], path->slots[0], + name, namelen, NULL); + +out: + btrfs_free_path(path); + return ret; +} + /* * replay one inode back reference item found in the log tree. * eb, slot and key refer to the buffer and key found in the log tree. @@ -1399,6 +1439,32 @@ static noinline int add_inode_ref(struct btrfs_trans_handle *trans, } } + /* + * If a reference item already exists for this inode + * with the same parent and name, but different index, + * drop it and the corresponding directory index entries + * from the parent before adding the new reference item + * and dir index entries, otherwise we would fail with + * -EEXIST returned from btrfs_add_link() below. + */ + ret = btrfs_inode_ref_exists(inode, dir, key->type, + name, namelen); + if (ret > 0) { + ret = btrfs_unlink_inode(trans, root, + BTRFS_I(dir), + BTRFS_I(inode), + name, namelen); + /* + * If we dropped the link count to 0, bump it so + * that later the iput() on the inode will not + * free it. We will fixup the link count later. + */ + if (!ret && inode->i_nlink == 0) + inc_nlink(inode); + } + if (ret < 0) + goto out; + /* insert our name */ ret = btrfs_add_link(trans, BTRFS_I(dir), BTRFS_I(inode),

7 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] Btrfs: fix mount failure after fsync due to hard link" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 0d836392cadd5535f4184d46d901a82eb276ed62 Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Fri, 20 Jul 2018 10:59:06 +0100 Subject: [PATCH] Btrfs: fix mount failure after fsync due to hard link recreation If we end up with logging an inode reference item which has the same name but different index from the one we have persisted, we end up failing when replaying the log with an errno value of -EEXIST. The error comes from btrfs_add_link(), which is called from add_inode_ref(), when we are replaying an inode reference item. Example scenario where this happens: $ mkfs.btrfs -f /dev/sdb $ mount /dev/sdb /mnt $ touch /mnt/foo $ ln /mnt/foo /mnt/bar $ sync # Rename the first hard link (foo) to a new name and rename the second # hard link (bar) to the old name of the first hard link (foo). $ mv /mnt/foo /mnt/qwerty $ mv /mnt/bar /mnt/foo # Create a new file, in the same parent directory, with the old name of # the second hard link (bar) and fsync this new file. # We do this instead of calling fsync on foo/qwerty because if we did # that the fsync resulted in a full transaction commit, not triggering # the problem. $ touch /mnt/bar $ xfs_io -c "fsync" /mnt/bar <power fail> $ mount /dev/sdb /mnt mount: mount /dev/sdb on /mnt failed: File exists So fix this by checking if a conflicting inode reference exists (same name, same parent but different index), removing it (and the associated dir index entries from the parent inode) if it exists, before attempting to add the new reference. A test case for fstests follows soon. CC: stable(a)vger.kernel.org # 4.4+ Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c index 10f6a4223897..033aeebbe9de 100644 --- a/fs/btrfs/tree-log.c +++ b/fs/btrfs/tree-log.c @@ -1290,6 +1290,46 @@ again: return ret; } +static int btrfs_inode_ref_exists(struct inode *inode, struct inode *dir, + const u8 ref_type, const char *name, + const int namelen) +{ + struct btrfs_key key; + struct btrfs_path *path; + const u64 parent_id = btrfs_ino(BTRFS_I(dir)); + int ret; + + path = btrfs_alloc_path(); + if (!path) + return -ENOMEM; + + key.objectid = btrfs_ino(BTRFS_I(inode)); + key.type = ref_type; + if (key.type == BTRFS_INODE_REF_KEY) + key.offset = parent_id; + else + key.offset = btrfs_extref_hash(parent_id, name, namelen); + + ret = btrfs_search_slot(NULL, BTRFS_I(inode)->root, &key, path, 0, 0); + if (ret < 0) + goto out; + if (ret > 0) { + ret = 0; + goto out; + } + if (key.type == BTRFS_INODE_EXTREF_KEY) + ret = btrfs_find_name_in_ext_backref(path->nodes[0], + path->slots[0], parent_id, + name, namelen, NULL); + else + ret = btrfs_find_name_in_backref(path->nodes[0], path->slots[0], + name, namelen, NULL); + +out: + btrfs_free_path(path); + return ret; +} + /* * replay one inode back reference item found in the log tree. * eb, slot and key refer to the buffer and key found in the log tree. @@ -1399,6 +1439,32 @@ static noinline int add_inode_ref(struct btrfs_trans_handle *trans, } } + /* + * If a reference item already exists for this inode + * with the same parent and name, but different index, + * drop it and the corresponding directory index entries + * from the parent before adding the new reference item + * and dir index entries, otherwise we would fail with + * -EEXIST returned from btrfs_add_link() below. + */ + ret = btrfs_inode_ref_exists(inode, dir, key->type, + name, namelen); + if (ret > 0) { + ret = btrfs_unlink_inode(trans, root, + BTRFS_I(dir), + BTRFS_I(inode), + name, namelen); + /* + * If we dropped the link count to 0, bump it so + * that later the iput() on the inode will not + * free it. We will fixup the link count later. + */ + if (!ret && inode->i_nlink == 0) + inc_nlink(inode); + } + if (ret < 0) + goto out; + /* insert our name */ ret = btrfs_add_link(trans, BTRFS_I(dir), BTRFS_I(inode),

7 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] Btrfs: fix send failure when root has deleted files still" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 46b2f4590aab71d31088a265c86026b1e96c9de4 Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Tue, 24 Jul 2018 11:54:04 +0100 Subject: [PATCH] Btrfs: fix send failure when root has deleted files still open The more common use case of send involves creating a RO snapshot and then use it for a send operation. In this case it's not possible to have inodes in the snapshot that have a link count of zero (inode with an orphan item) since during snapshot creation we do the orphan cleanup. However, other less common use cases for send can end up seeing inodes with a link count of zero and in this case the send operation fails with a ENOENT error because any attempt to generate a path for the inode, with the purpose of creating it or updating it at the receiver, fails since there are no inode reference items. One use case it to use a regular subvolume for a send operation after turning it to RO mode or turning a RW snapshot into RO mode and then using it for a send operation. In both cases, if a file gets all its hard links deleted while there is an open file descriptor before turning the subvolume/snapshot into RO mode, the send operation will encounter an inode with a link count of zero and then fail with errno ENOENT. Example using a full send with a subvolume: $ mkfs.btrfs -f /dev/sdb $ mount /dev/sdb /mnt $ btrfs subvolume create /mnt/sv1 $ touch /mnt/sv1/foo $ touch /mnt/sv1/bar # keep an open file descriptor on file bar $ exec 73</mnt/sv1/bar $ unlink /mnt/sv1/bar # Turn the subvolume to RO mode and use it for a full send, while # holding the open file descriptor. $ btrfs property set /mnt/sv1 ro true $ btrfs send -f /tmp/full.send /mnt/sv1 At subvol /mnt/sv1 ERROR: send ioctl failed with -2: No such file or directory Example using an incremental send with snapshots: $ mkfs.btrfs -f /dev/sdb $ mount /dev/sdb /mnt $ btrfs subvolume create /mnt/sv1 $ touch /mnt/sv1/foo $ touch /mnt/sv1/bar $ btrfs subvolume snapshot -r /mnt/sv1 /mnt/snap1 $ echo "hello world" >> /mnt/sv1/bar $ btrfs subvolume snapshot -r /mnt/sv1 /mnt/snap2 # Turn the second snapshot to RW mode and delete file foo while # holding an open file descriptor on it. $ btrfs property set /mnt/snap2 ro false $ exec 73</mnt/snap2/foo $ unlink /mnt/snap2/foo # Set the second snapshot back to RO mode and do an incremental send. $ btrfs property set /mnt/snap2 ro true $ btrfs send -f /tmp/inc.send -p /mnt/snap1 /mnt/snap2 At subvol /mnt/snap2 ERROR: send ioctl failed with -2: No such file or directory So fix this by ignoring inodes with a link count of zero if we are either doing a full send or if they do not exist in the parent snapshot (they are new in the send snapshot), and unlink all paths found in the parent snapshot when doing an incremental send (and ignoring all other inode items, such as xattrs and extents). A test case for fstests follows soon. CC: stable(a)vger.kernel.org # 4.4+ Reported-by: Martin Wilck <martin.wilck(a)suse.com> Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/send.c b/fs/btrfs/send.c index 42e04cd3cd95..551294a6c9e2 100644 --- a/fs/btrfs/send.c +++ b/fs/btrfs/send.c @@ -100,6 +100,7 @@ struct send_ctx { u64 cur_inode_rdev; u64 cur_inode_last_extent; u64 cur_inode_next_write_offset; + bool ignore_cur_inode; u64 send_progress; @@ -5796,6 +5797,9 @@ static int finish_inode_if_needed(struct send_ctx *sctx, int at_end) int pending_move = 0; int refs_processed = 0; + if (sctx->ignore_cur_inode) + return 0; + ret = process_recorded_refs_if_needed(sctx, at_end, &pending_move, &refs_processed); if (ret < 0) @@ -5914,6 +5918,93 @@ static int finish_inode_if_needed(struct send_ctx *sctx, int at_end) return ret; } +struct parent_paths_ctx { + struct list_head *refs; + struct send_ctx *sctx; +}; + +static int record_parent_ref(int num, u64 dir, int index, struct fs_path *name, + void *ctx) +{ + struct parent_paths_ctx *ppctx = ctx; + + return record_ref(ppctx->sctx->parent_root, dir, name, ppctx->sctx, + ppctx->refs); +} + +/* + * Issue unlink operations for all paths of the current inode found in the + * parent snapshot. + */ +static int btrfs_unlink_all_paths(struct send_ctx *sctx) +{ + LIST_HEAD(deleted_refs); + struct btrfs_path *path; + struct btrfs_key key; + struct parent_paths_ctx ctx; + int ret; + + path = alloc_path_for_send(); + if (!path) + return -ENOMEM; + + key.objectid = sctx->cur_ino; + key.type = BTRFS_INODE_REF_KEY; + key.offset = 0; + ret = btrfs_search_slot(NULL, sctx->parent_root, &key, path, 0, 0); + if (ret < 0) + goto out; + + ctx.refs = &deleted_refs; + ctx.sctx = sctx; + + while (true) { + struct extent_buffer *eb = path->nodes[0]; + int slot = path->slots[0]; + + if (slot >= btrfs_header_nritems(eb)) { + ret = btrfs_next_leaf(sctx->parent_root, path); + if (ret < 0) + goto out; + else if (ret > 0) + break; + continue; + } + + btrfs_item_key_to_cpu(eb, &key, slot); + if (key.objectid != sctx->cur_ino) + break; + if (key.type != BTRFS_INODE_REF_KEY && + key.type != BTRFS_INODE_EXTREF_KEY) + break; + + ret = iterate_inode_ref(sctx->parent_root, path, &key, 1, + record_parent_ref, &ctx); + if (ret < 0) + goto out; + + path->slots[0]++; + } + + while (!list_empty(&deleted_refs)) { + struct recorded_ref *ref; + + ref = list_first_entry(&deleted_refs, struct recorded_ref, list); + ret = send_unlink(sctx, ref->full_path); + if (ret < 0) + goto out; + fs_path_free(ref->full_path); + list_del(&ref->list); + kfree(ref); + } + ret = 0; +out: + btrfs_free_path(path); + if (ret) + __free_recorded_refs(&deleted_refs); + return ret; +} + static int changed_inode(struct send_ctx *sctx, enum btrfs_compare_tree_result result) { @@ -5928,6 +6019,7 @@ static int changed_inode(struct send_ctx *sctx, sctx->cur_inode_new_gen = 0; sctx->cur_inode_last_extent = (u64)-1; sctx->cur_inode_next_write_offset = 0; + sctx->ignore_cur_inode = false; /* * Set send_progress to current inode. This will tell all get_cur_xxx @@ -5968,6 +6060,33 @@ static int changed_inode(struct send_ctx *sctx, sctx->cur_inode_new_gen = 1; } + /* + * Normally we do not find inodes with a link count of zero (orphans) + * because the most common case is to create a snapshot and use it + * for a send operation. However other less common use cases involve + * using a subvolume and send it after turning it to RO mode just + * after deleting all hard links of a file while holding an open + * file descriptor against it or turning a RO snapshot into RW mode, + * keep an open file descriptor against a file, delete it and then + * turn the snapshot back to RO mode before using it for a send + * operation. So if we find such cases, ignore the inode and all its + * items completely if it's a new inode, or if it's a changed inode + * make sure all its previous paths (from the parent snapshot) are all + * unlinked and all other the inode items are ignored. + */ + if (result == BTRFS_COMPARE_TREE_NEW || + result == BTRFS_COMPARE_TREE_CHANGED) { + u32 nlinks; + + nlinks = btrfs_inode_nlink(sctx->left_path->nodes[0], left_ii); + if (nlinks == 0) { + sctx->ignore_cur_inode = true; + if (result == BTRFS_COMPARE_TREE_CHANGED) + ret = btrfs_unlink_all_paths(sctx); + goto out; + } + } + if (result == BTRFS_COMPARE_TREE_NEW) { sctx->cur_inode_gen = left_gen; sctx->cur_inode_new = 1; @@ -6306,15 +6425,17 @@ static int changed_cb(struct btrfs_path *left_path, key->objectid == BTRFS_FREE_SPACE_OBJECTID) goto out; - if (key->type == BTRFS_INODE_ITEM_KEY) + if (key->type == BTRFS_INODE_ITEM_KEY) { ret = changed_inode(sctx, result); - else if (key->type == BTRFS_INODE_REF_KEY || - key->type == BTRFS_INODE_EXTREF_KEY) - ret = changed_ref(sctx, result); - else if (key->type == BTRFS_XATTR_ITEM_KEY) - ret = changed_xattr(sctx, result); - else if (key->type == BTRFS_EXTENT_DATA_KEY) - ret = changed_extent(sctx, result); + } else if (!sctx->ignore_cur_inode) { + if (key->type == BTRFS_INODE_REF_KEY || + key->type == BTRFS_INODE_EXTREF_KEY) + ret = changed_ref(sctx, result); + else if (key->type == BTRFS_XATTR_ITEM_KEY) + ret = changed_xattr(sctx, result); + else if (key->type == BTRFS_EXTENT_DATA_KEY) + ret = changed_extent(sctx, result); + } out: return ret;

7 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] Btrfs: fix send failure when root has deleted files still" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 46b2f4590aab71d31088a265c86026b1e96c9de4 Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Tue, 24 Jul 2018 11:54:04 +0100 Subject: [PATCH] Btrfs: fix send failure when root has deleted files still open The more common use case of send involves creating a RO snapshot and then use it for a send operation. In this case it's not possible to have inodes in the snapshot that have a link count of zero (inode with an orphan item) since during snapshot creation we do the orphan cleanup. However, other less common use cases for send can end up seeing inodes with a link count of zero and in this case the send operation fails with a ENOENT error because any attempt to generate a path for the inode, with the purpose of creating it or updating it at the receiver, fails since there are no inode reference items. One use case it to use a regular subvolume for a send operation after turning it to RO mode or turning a RW snapshot into RO mode and then using it for a send operation. In both cases, if a file gets all its hard links deleted while there is an open file descriptor before turning the subvolume/snapshot into RO mode, the send operation will encounter an inode with a link count of zero and then fail with errno ENOENT. Example using a full send with a subvolume: $ mkfs.btrfs -f /dev/sdb $ mount /dev/sdb /mnt $ btrfs subvolume create /mnt/sv1 $ touch /mnt/sv1/foo $ touch /mnt/sv1/bar # keep an open file descriptor on file bar $ exec 73</mnt/sv1/bar $ unlink /mnt/sv1/bar # Turn the subvolume to RO mode and use it for a full send, while # holding the open file descriptor. $ btrfs property set /mnt/sv1 ro true $ btrfs send -f /tmp/full.send /mnt/sv1 At subvol /mnt/sv1 ERROR: send ioctl failed with -2: No such file or directory Example using an incremental send with snapshots: $ mkfs.btrfs -f /dev/sdb $ mount /dev/sdb /mnt $ btrfs subvolume create /mnt/sv1 $ touch /mnt/sv1/foo $ touch /mnt/sv1/bar $ btrfs subvolume snapshot -r /mnt/sv1 /mnt/snap1 $ echo "hello world" >> /mnt/sv1/bar $ btrfs subvolume snapshot -r /mnt/sv1 /mnt/snap2 # Turn the second snapshot to RW mode and delete file foo while # holding an open file descriptor on it. $ btrfs property set /mnt/snap2 ro false $ exec 73</mnt/snap2/foo $ unlink /mnt/snap2/foo # Set the second snapshot back to RO mode and do an incremental send. $ btrfs property set /mnt/snap2 ro true $ btrfs send -f /tmp/inc.send -p /mnt/snap1 /mnt/snap2 At subvol /mnt/snap2 ERROR: send ioctl failed with -2: No such file or directory So fix this by ignoring inodes with a link count of zero if we are either doing a full send or if they do not exist in the parent snapshot (they are new in the send snapshot), and unlink all paths found in the parent snapshot when doing an incremental send (and ignoring all other inode items, such as xattrs and extents). A test case for fstests follows soon. CC: stable(a)vger.kernel.org # 4.4+ Reported-by: Martin Wilck <martin.wilck(a)suse.com> Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/send.c b/fs/btrfs/send.c index 42e04cd3cd95..551294a6c9e2 100644 --- a/fs/btrfs/send.c +++ b/fs/btrfs/send.c @@ -100,6 +100,7 @@ struct send_ctx { u64 cur_inode_rdev; u64 cur_inode_last_extent; u64 cur_inode_next_write_offset; + bool ignore_cur_inode; u64 send_progress; @@ -5796,6 +5797,9 @@ static int finish_inode_if_needed(struct send_ctx *sctx, int at_end) int pending_move = 0; int refs_processed = 0; + if (sctx->ignore_cur_inode) + return 0; + ret = process_recorded_refs_if_needed(sctx, at_end, &pending_move, &refs_processed); if (ret < 0) @@ -5914,6 +5918,93 @@ static int finish_inode_if_needed(struct send_ctx *sctx, int at_end) return ret; } +struct parent_paths_ctx { + struct list_head *refs; + struct send_ctx *sctx; +}; + +static int record_parent_ref(int num, u64 dir, int index, struct fs_path *name, + void *ctx) +{ + struct parent_paths_ctx *ppctx = ctx; + + return record_ref(ppctx->sctx->parent_root, dir, name, ppctx->sctx, + ppctx->refs); +} + +/* + * Issue unlink operations for all paths of the current inode found in the + * parent snapshot. + */ +static int btrfs_unlink_all_paths(struct send_ctx *sctx) +{ + LIST_HEAD(deleted_refs); + struct btrfs_path *path; + struct btrfs_key key; + struct parent_paths_ctx ctx; + int ret; + + path = alloc_path_for_send(); + if (!path) + return -ENOMEM; + + key.objectid = sctx->cur_ino; + key.type = BTRFS_INODE_REF_KEY; + key.offset = 0; + ret = btrfs_search_slot(NULL, sctx->parent_root, &key, path, 0, 0); + if (ret < 0) + goto out; + + ctx.refs = &deleted_refs; + ctx.sctx = sctx; + + while (true) { + struct extent_buffer *eb = path->nodes[0]; + int slot = path->slots[0]; + + if (slot >= btrfs_header_nritems(eb)) { + ret = btrfs_next_leaf(sctx->parent_root, path); + if (ret < 0) + goto out; + else if (ret > 0) + break; + continue; + } + + btrfs_item_key_to_cpu(eb, &key, slot); + if (key.objectid != sctx->cur_ino) + break; + if (key.type != BTRFS_INODE_REF_KEY && + key.type != BTRFS_INODE_EXTREF_KEY) + break; + + ret = iterate_inode_ref(sctx->parent_root, path, &key, 1, + record_parent_ref, &ctx); + if (ret < 0) + goto out; + + path->slots[0]++; + } + + while (!list_empty(&deleted_refs)) { + struct recorded_ref *ref; + + ref = list_first_entry(&deleted_refs, struct recorded_ref, list); + ret = send_unlink(sctx, ref->full_path); + if (ret < 0) + goto out; + fs_path_free(ref->full_path); + list_del(&ref->list); + kfree(ref); + } + ret = 0; +out: + btrfs_free_path(path); + if (ret) + __free_recorded_refs(&deleted_refs); + return ret; +} + static int changed_inode(struct send_ctx *sctx, enum btrfs_compare_tree_result result) { @@ -5928,6 +6019,7 @@ static int changed_inode(struct send_ctx *sctx, sctx->cur_inode_new_gen = 0; sctx->cur_inode_last_extent = (u64)-1; sctx->cur_inode_next_write_offset = 0; + sctx->ignore_cur_inode = false; /* * Set send_progress to current inode. This will tell all get_cur_xxx @@ -5968,6 +6060,33 @@ static int changed_inode(struct send_ctx *sctx, sctx->cur_inode_new_gen = 1; } + /* + * Normally we do not find inodes with a link count of zero (orphans) + * because the most common case is to create a snapshot and use it + * for a send operation. However other less common use cases involve + * using a subvolume and send it after turning it to RO mode just + * after deleting all hard links of a file while holding an open + * file descriptor against it or turning a RO snapshot into RW mode, + * keep an open file descriptor against a file, delete it and then + * turn the snapshot back to RO mode before using it for a send + * operation. So if we find such cases, ignore the inode and all its + * items completely if it's a new inode, or if it's a changed inode + * make sure all its previous paths (from the parent snapshot) are all + * unlinked and all other the inode items are ignored. + */ + if (result == BTRFS_COMPARE_TREE_NEW || + result == BTRFS_COMPARE_TREE_CHANGED) { + u32 nlinks; + + nlinks = btrfs_inode_nlink(sctx->left_path->nodes[0], left_ii); + if (nlinks == 0) { + sctx->ignore_cur_inode = true; + if (result == BTRFS_COMPARE_TREE_CHANGED) + ret = btrfs_unlink_all_paths(sctx); + goto out; + } + } + if (result == BTRFS_COMPARE_TREE_NEW) { sctx->cur_inode_gen = left_gen; sctx->cur_inode_new = 1; @@ -6306,15 +6425,17 @@ static int changed_cb(struct btrfs_path *left_path, key->objectid == BTRFS_FREE_SPACE_OBJECTID) goto out; - if (key->type == BTRFS_INODE_ITEM_KEY) + if (key->type == BTRFS_INODE_ITEM_KEY) { ret = changed_inode(sctx, result); - else if (key->type == BTRFS_INODE_REF_KEY || - key->type == BTRFS_INODE_EXTREF_KEY) - ret = changed_ref(sctx, result); - else if (key->type == BTRFS_XATTR_ITEM_KEY) - ret = changed_xattr(sctx, result); - else if (key->type == BTRFS_EXTENT_DATA_KEY) - ret = changed_extent(sctx, result); + } else if (!sctx->ignore_cur_inode) { + if (key->type == BTRFS_INODE_REF_KEY || + key->type == BTRFS_INODE_EXTREF_KEY) + ret = changed_ref(sctx, result); + else if (key->type == BTRFS_XATTR_ITEM_KEY) + ret = changed_xattr(sctx, result); + else if (key->type == BTRFS_EXTENT_DATA_KEY) + ret = changed_extent(sctx, result); + } out: return ret;

7 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] Btrfs: fix send failure when root has deleted files still" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 46b2f4590aab71d31088a265c86026b1e96c9de4 Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Tue, 24 Jul 2018 11:54:04 +0100 Subject: [PATCH] Btrfs: fix send failure when root has deleted files still open The more common use case of send involves creating a RO snapshot and then use it for a send operation. In this case it's not possible to have inodes in the snapshot that have a link count of zero (inode with an orphan item) since during snapshot creation we do the orphan cleanup. However, other less common use cases for send can end up seeing inodes with a link count of zero and in this case the send operation fails with a ENOENT error because any attempt to generate a path for the inode, with the purpose of creating it or updating it at the receiver, fails since there are no inode reference items. One use case it to use a regular subvolume for a send operation after turning it to RO mode or turning a RW snapshot into RO mode and then using it for a send operation. In both cases, if a file gets all its hard links deleted while there is an open file descriptor before turning the subvolume/snapshot into RO mode, the send operation will encounter an inode with a link count of zero and then fail with errno ENOENT. Example using a full send with a subvolume: $ mkfs.btrfs -f /dev/sdb $ mount /dev/sdb /mnt $ btrfs subvolume create /mnt/sv1 $ touch /mnt/sv1/foo $ touch /mnt/sv1/bar # keep an open file descriptor on file bar $ exec 73</mnt/sv1/bar $ unlink /mnt/sv1/bar # Turn the subvolume to RO mode and use it for a full send, while # holding the open file descriptor. $ btrfs property set /mnt/sv1 ro true $ btrfs send -f /tmp/full.send /mnt/sv1 At subvol /mnt/sv1 ERROR: send ioctl failed with -2: No such file or directory Example using an incremental send with snapshots: $ mkfs.btrfs -f /dev/sdb $ mount /dev/sdb /mnt $ btrfs subvolume create /mnt/sv1 $ touch /mnt/sv1/foo $ touch /mnt/sv1/bar $ btrfs subvolume snapshot -r /mnt/sv1 /mnt/snap1 $ echo "hello world" >> /mnt/sv1/bar $ btrfs subvolume snapshot -r /mnt/sv1 /mnt/snap2 # Turn the second snapshot to RW mode and delete file foo while # holding an open file descriptor on it. $ btrfs property set /mnt/snap2 ro false $ exec 73</mnt/snap2/foo $ unlink /mnt/snap2/foo # Set the second snapshot back to RO mode and do an incremental send. $ btrfs property set /mnt/snap2 ro true $ btrfs send -f /tmp/inc.send -p /mnt/snap1 /mnt/snap2 At subvol /mnt/snap2 ERROR: send ioctl failed with -2: No such file or directory So fix this by ignoring inodes with a link count of zero if we are either doing a full send or if they do not exist in the parent snapshot (they are new in the send snapshot), and unlink all paths found in the parent snapshot when doing an incremental send (and ignoring all other inode items, such as xattrs and extents). A test case for fstests follows soon. CC: stable(a)vger.kernel.org # 4.4+ Reported-by: Martin Wilck <martin.wilck(a)suse.com> Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/send.c b/fs/btrfs/send.c index 42e04cd3cd95..551294a6c9e2 100644 --- a/fs/btrfs/send.c +++ b/fs/btrfs/send.c @@ -100,6 +100,7 @@ struct send_ctx { u64 cur_inode_rdev; u64 cur_inode_last_extent; u64 cur_inode_next_write_offset; + bool ignore_cur_inode; u64 send_progress; @@ -5796,6 +5797,9 @@ static int finish_inode_if_needed(struct send_ctx *sctx, int at_end) int pending_move = 0; int refs_processed = 0; + if (sctx->ignore_cur_inode) + return 0; + ret = process_recorded_refs_if_needed(sctx, at_end, &pending_move, &refs_processed); if (ret < 0) @@ -5914,6 +5918,93 @@ static int finish_inode_if_needed(struct send_ctx *sctx, int at_end) return ret; } +struct parent_paths_ctx { + struct list_head *refs; + struct send_ctx *sctx; +}; + +static int record_parent_ref(int num, u64 dir, int index, struct fs_path *name, + void *ctx) +{ + struct parent_paths_ctx *ppctx = ctx; + + return record_ref(ppctx->sctx->parent_root, dir, name, ppctx->sctx, + ppctx->refs); +} + +/* + * Issue unlink operations for all paths of the current inode found in the + * parent snapshot. + */ +static int btrfs_unlink_all_paths(struct send_ctx *sctx) +{ + LIST_HEAD(deleted_refs); + struct btrfs_path *path; + struct btrfs_key key; + struct parent_paths_ctx ctx; + int ret; + + path = alloc_path_for_send(); + if (!path) + return -ENOMEM; + + key.objectid = sctx->cur_ino; + key.type = BTRFS_INODE_REF_KEY; + key.offset = 0; + ret = btrfs_search_slot(NULL, sctx->parent_root, &key, path, 0, 0); + if (ret < 0) + goto out; + + ctx.refs = &deleted_refs; + ctx.sctx = sctx; + + while (true) { + struct extent_buffer *eb = path->nodes[0]; + int slot = path->slots[0]; + + if (slot >= btrfs_header_nritems(eb)) { + ret = btrfs_next_leaf(sctx->parent_root, path); + if (ret < 0) + goto out; + else if (ret > 0) + break; + continue; + } + + btrfs_item_key_to_cpu(eb, &key, slot); + if (key.objectid != sctx->cur_ino) + break; + if (key.type != BTRFS_INODE_REF_KEY && + key.type != BTRFS_INODE_EXTREF_KEY) + break; + + ret = iterate_inode_ref(sctx->parent_root, path, &key, 1, + record_parent_ref, &ctx); + if (ret < 0) + goto out; + + path->slots[0]++; + } + + while (!list_empty(&deleted_refs)) { + struct recorded_ref *ref; + + ref = list_first_entry(&deleted_refs, struct recorded_ref, list); + ret = send_unlink(sctx, ref->full_path); + if (ret < 0) + goto out; + fs_path_free(ref->full_path); + list_del(&ref->list); + kfree(ref); + } + ret = 0; +out: + btrfs_free_path(path); + if (ret) + __free_recorded_refs(&deleted_refs); + return ret; +} + static int changed_inode(struct send_ctx *sctx, enum btrfs_compare_tree_result result) { @@ -5928,6 +6019,7 @@ static int changed_inode(struct send_ctx *sctx, sctx->cur_inode_new_gen = 0; sctx->cur_inode_last_extent = (u64)-1; sctx->cur_inode_next_write_offset = 0; + sctx->ignore_cur_inode = false; /* * Set send_progress to current inode. This will tell all get_cur_xxx @@ -5968,6 +6060,33 @@ static int changed_inode(struct send_ctx *sctx, sctx->cur_inode_new_gen = 1; } + /* + * Normally we do not find inodes with a link count of zero (orphans) + * because the most common case is to create a snapshot and use it + * for a send operation. However other less common use cases involve + * using a subvolume and send it after turning it to RO mode just + * after deleting all hard links of a file while holding an open + * file descriptor against it or turning a RO snapshot into RW mode, + * keep an open file descriptor against a file, delete it and then + * turn the snapshot back to RO mode before using it for a send + * operation. So if we find such cases, ignore the inode and all its + * items completely if it's a new inode, or if it's a changed inode + * make sure all its previous paths (from the parent snapshot) are all + * unlinked and all other the inode items are ignored. + */ + if (result == BTRFS_COMPARE_TREE_NEW || + result == BTRFS_COMPARE_TREE_CHANGED) { + u32 nlinks; + + nlinks = btrfs_inode_nlink(sctx->left_path->nodes[0], left_ii); + if (nlinks == 0) { + sctx->ignore_cur_inode = true; + if (result == BTRFS_COMPARE_TREE_CHANGED) + ret = btrfs_unlink_all_paths(sctx); + goto out; + } + } + if (result == BTRFS_COMPARE_TREE_NEW) { sctx->cur_inode_gen = left_gen; sctx->cur_inode_new = 1; @@ -6306,15 +6425,17 @@ static int changed_cb(struct btrfs_path *left_path, key->objectid == BTRFS_FREE_SPACE_OBJECTID) goto out; - if (key->type == BTRFS_INODE_ITEM_KEY) + if (key->type == BTRFS_INODE_ITEM_KEY) { ret = changed_inode(sctx, result); - else if (key->type == BTRFS_INODE_REF_KEY || - key->type == BTRFS_INODE_EXTREF_KEY) - ret = changed_ref(sctx, result); - else if (key->type == BTRFS_XATTR_ITEM_KEY) - ret = changed_xattr(sctx, result); - else if (key->type == BTRFS_EXTENT_DATA_KEY) - ret = changed_extent(sctx, result); + } else if (!sctx->ignore_cur_inode) { + if (key->type == BTRFS_INODE_REF_KEY || + key->type == BTRFS_INODE_EXTREF_KEY) + ret = changed_ref(sctx, result); + else if (key->type == BTRFS_XATTR_ITEM_KEY) + ret = changed_xattr(sctx, result); + else if (key->type == BTRFS_EXTENT_DATA_KEY) + ret = changed_extent(sctx, result); + } out: return ret;

7 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] Btrfs: fix btrfs_write_inode vs delayed iput deadlock" failed to apply to 3.18-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 3.18-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 3c4276936f6fbe52884b4ea4e6cc120b890a0f9f Mon Sep 17 00:00:00 2001 From: Josef Bacik <jbacik(a)fb.com> Date: Fri, 20 Jul 2018 11:46:10 -0700 Subject: [PATCH] Btrfs: fix btrfs_write_inode vs delayed iput deadlock We recently ran into the following deadlock involving btrfs_write_inode(): [ +0.005066] __schedule+0x38e/0x8c0 [ +0.007144] schedule+0x36/0x80 [ +0.006447] bit_wait+0x11/0x60 [ +0.006446] __wait_on_bit+0xbe/0x110 [ +0.007487] ? bit_wait_io+0x60/0x60 [ +0.007319] __inode_wait_for_writeback+0x96/0xc0 [ +0.009568] ? autoremove_wake_function+0x40/0x40 [ +0.009565] inode_wait_for_writeback+0x21/0x30 [ +0.009224] evict+0xb0/0x190 [ +0.006099] iput+0x1a8/0x210 [ +0.006103] btrfs_run_delayed_iputs+0x73/0xc0 [ +0.009047] btrfs_commit_transaction+0x799/0x8c0 [ +0.009567] btrfs_write_inode+0x81/0xb0 [ +0.008008] __writeback_single_inode+0x267/0x320 [ +0.009569] writeback_sb_inodes+0x25b/0x4e0 [ +0.008702] wb_writeback+0x102/0x2d0 [ +0.007487] wb_workfn+0xa4/0x310 [ +0.006794] ? wb_workfn+0xa4/0x310 [ +0.007143] process_one_work+0x150/0x410 [ +0.008179] worker_thread+0x6d/0x520 [ +0.007490] kthread+0x12c/0x160 [ +0.006620] ? put_pwq_unlocked+0x80/0x80 [ +0.008185] ? kthread_park+0xa0/0xa0 [ +0.007484] ? do_syscall_64+0x53/0x150 [ +0.007837] ret_from_fork+0x29/0x40 Writeback calls: btrfs_write_inode btrfs_commit_transaction btrfs_run_delayed_iputs If iput() is called on that same inode, evict() will wait for writeback forever. btrfs_write_inode() was originally added way back in 4730a4bc5bf3 ("btrfs_dirty_inode") to support O_SYNC writes. However, ->write_inode() hasn't been used for O_SYNC since 148f948ba877 ("vfs: Introduce new helpers for syncing after writing to O_SYNC file or IS_SYNC inode"), so btrfs_write_inode() is actually unnecessary (and leads to a bunch of unnecessary commits). Get rid of it, which also gets rid of the deadlock. CC: stable(a)vger.kernel.org # 3.2+ Signed-off-by: Josef Bacik <jbacik(a)fb.com> [Omar: new commit message] Signed-off-by: Omar Sandoval <osandov(a)fb.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index 4955e04da4c8..472457795486 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -6021,32 +6021,6 @@ static int btrfs_real_readdir(struct file *file, struct dir_context *ctx) return ret; } -int btrfs_write_inode(struct inode *inode, struct writeback_control *wbc) -{ - struct btrfs_root *root = BTRFS_I(inode)->root; - struct btrfs_trans_handle *trans; - int ret = 0; - bool nolock = false; - - if (test_bit(BTRFS_INODE_DUMMY, &BTRFS_I(inode)->runtime_flags)) - return 0; - - if (btrfs_fs_closing(root->fs_info) && - btrfs_is_free_space_inode(BTRFS_I(inode))) - nolock = true; - - if (wbc->sync_mode == WB_SYNC_ALL) { - if (nolock) - trans = btrfs_join_transaction_nolock(root); - else - trans = btrfs_join_transaction(root); - if (IS_ERR(trans)) - return PTR_ERR(trans); - ret = btrfs_commit_transaction(trans); - } - return ret; -} - /* * This is somewhat expensive, updating the tree every time the * inode changes. But, it is most likely to find the inode in cache. diff --git a/fs/btrfs/super.c b/fs/btrfs/super.c index efe8b03ce380..67de3c0fc85b 100644 --- a/fs/btrfs/super.c +++ b/fs/btrfs/super.c @@ -2344,7 +2344,6 @@ static const struct super_operations btrfs_super_ops = { .sync_fs = btrfs_sync_fs, .show_options = btrfs_show_options, .show_devname = btrfs_show_devname, - .write_inode = btrfs_write_inode, .alloc_inode = btrfs_alloc_inode, .destroy_inode = btrfs_destroy_inode, .statfs = btrfs_statfs,

7 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] Btrfs: fix btrfs_write_inode vs delayed iput deadlock" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 3c4276936f6fbe52884b4ea4e6cc120b890a0f9f Mon Sep 17 00:00:00 2001 From: Josef Bacik <jbacik(a)fb.com> Date: Fri, 20 Jul 2018 11:46:10 -0700 Subject: [PATCH] Btrfs: fix btrfs_write_inode vs delayed iput deadlock We recently ran into the following deadlock involving btrfs_write_inode(): [ +0.005066] __schedule+0x38e/0x8c0 [ +0.007144] schedule+0x36/0x80 [ +0.006447] bit_wait+0x11/0x60 [ +0.006446] __wait_on_bit+0xbe/0x110 [ +0.007487] ? bit_wait_io+0x60/0x60 [ +0.007319] __inode_wait_for_writeback+0x96/0xc0 [ +0.009568] ? autoremove_wake_function+0x40/0x40 [ +0.009565] inode_wait_for_writeback+0x21/0x30 [ +0.009224] evict+0xb0/0x190 [ +0.006099] iput+0x1a8/0x210 [ +0.006103] btrfs_run_delayed_iputs+0x73/0xc0 [ +0.009047] btrfs_commit_transaction+0x799/0x8c0 [ +0.009567] btrfs_write_inode+0x81/0xb0 [ +0.008008] __writeback_single_inode+0x267/0x320 [ +0.009569] writeback_sb_inodes+0x25b/0x4e0 [ +0.008702] wb_writeback+0x102/0x2d0 [ +0.007487] wb_workfn+0xa4/0x310 [ +0.006794] ? wb_workfn+0xa4/0x310 [ +0.007143] process_one_work+0x150/0x410 [ +0.008179] worker_thread+0x6d/0x520 [ +0.007490] kthread+0x12c/0x160 [ +0.006620] ? put_pwq_unlocked+0x80/0x80 [ +0.008185] ? kthread_park+0xa0/0xa0 [ +0.007484] ? do_syscall_64+0x53/0x150 [ +0.007837] ret_from_fork+0x29/0x40 Writeback calls: btrfs_write_inode btrfs_commit_transaction btrfs_run_delayed_iputs If iput() is called on that same inode, evict() will wait for writeback forever. btrfs_write_inode() was originally added way back in 4730a4bc5bf3 ("btrfs_dirty_inode") to support O_SYNC writes. However, ->write_inode() hasn't been used for O_SYNC since 148f948ba877 ("vfs: Introduce new helpers for syncing after writing to O_SYNC file or IS_SYNC inode"), so btrfs_write_inode() is actually unnecessary (and leads to a bunch of unnecessary commits). Get rid of it, which also gets rid of the deadlock. CC: stable(a)vger.kernel.org # 3.2+ Signed-off-by: Josef Bacik <jbacik(a)fb.com> [Omar: new commit message] Signed-off-by: Omar Sandoval <osandov(a)fb.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index 4955e04da4c8..472457795486 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -6021,32 +6021,6 @@ static int btrfs_real_readdir(struct file *file, struct dir_context *ctx) return ret; } -int btrfs_write_inode(struct inode *inode, struct writeback_control *wbc) -{ - struct btrfs_root *root = BTRFS_I(inode)->root; - struct btrfs_trans_handle *trans; - int ret = 0; - bool nolock = false; - - if (test_bit(BTRFS_INODE_DUMMY, &BTRFS_I(inode)->runtime_flags)) - return 0; - - if (btrfs_fs_closing(root->fs_info) && - btrfs_is_free_space_inode(BTRFS_I(inode))) - nolock = true; - - if (wbc->sync_mode == WB_SYNC_ALL) { - if (nolock) - trans = btrfs_join_transaction_nolock(root); - else - trans = btrfs_join_transaction(root); - if (IS_ERR(trans)) - return PTR_ERR(trans); - ret = btrfs_commit_transaction(trans); - } - return ret; -} - /* * This is somewhat expensive, updating the tree every time the * inode changes. But, it is most likely to find the inode in cache. diff --git a/fs/btrfs/super.c b/fs/btrfs/super.c index efe8b03ce380..67de3c0fc85b 100644 --- a/fs/btrfs/super.c +++ b/fs/btrfs/super.c @@ -2344,7 +2344,6 @@ static const struct super_operations btrfs_super_ops = { .sync_fs = btrfs_sync_fs, .show_options = btrfs_show_options, .show_devname = btrfs_show_devname, - .write_inode = btrfs_write_inode, .alloc_inode = btrfs_alloc_inode, .destroy_inode = btrfs_destroy_inode, .statfs = btrfs_statfs,

7 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] Btrfs: fix btrfs_write_inode vs delayed iput deadlock" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 3c4276936f6fbe52884b4ea4e6cc120b890a0f9f Mon Sep 17 00:00:00 2001 From: Josef Bacik <jbacik(a)fb.com> Date: Fri, 20 Jul 2018 11:46:10 -0700 Subject: [PATCH] Btrfs: fix btrfs_write_inode vs delayed iput deadlock We recently ran into the following deadlock involving btrfs_write_inode(): [ +0.005066] __schedule+0x38e/0x8c0 [ +0.007144] schedule+0x36/0x80 [ +0.006447] bit_wait+0x11/0x60 [ +0.006446] __wait_on_bit+0xbe/0x110 [ +0.007487] ? bit_wait_io+0x60/0x60 [ +0.007319] __inode_wait_for_writeback+0x96/0xc0 [ +0.009568] ? autoremove_wake_function+0x40/0x40 [ +0.009565] inode_wait_for_writeback+0x21/0x30 [ +0.009224] evict+0xb0/0x190 [ +0.006099] iput+0x1a8/0x210 [ +0.006103] btrfs_run_delayed_iputs+0x73/0xc0 [ +0.009047] btrfs_commit_transaction+0x799/0x8c0 [ +0.009567] btrfs_write_inode+0x81/0xb0 [ +0.008008] __writeback_single_inode+0x267/0x320 [ +0.009569] writeback_sb_inodes+0x25b/0x4e0 [ +0.008702] wb_writeback+0x102/0x2d0 [ +0.007487] wb_workfn+0xa4/0x310 [ +0.006794] ? wb_workfn+0xa4/0x310 [ +0.007143] process_one_work+0x150/0x410 [ +0.008179] worker_thread+0x6d/0x520 [ +0.007490] kthread+0x12c/0x160 [ +0.006620] ? put_pwq_unlocked+0x80/0x80 [ +0.008185] ? kthread_park+0xa0/0xa0 [ +0.007484] ? do_syscall_64+0x53/0x150 [ +0.007837] ret_from_fork+0x29/0x40 Writeback calls: btrfs_write_inode btrfs_commit_transaction btrfs_run_delayed_iputs If iput() is called on that same inode, evict() will wait for writeback forever. btrfs_write_inode() was originally added way back in 4730a4bc5bf3 ("btrfs_dirty_inode") to support O_SYNC writes. However, ->write_inode() hasn't been used for O_SYNC since 148f948ba877 ("vfs: Introduce new helpers for syncing after writing to O_SYNC file or IS_SYNC inode"), so btrfs_write_inode() is actually unnecessary (and leads to a bunch of unnecessary commits). Get rid of it, which also gets rid of the deadlock. CC: stable(a)vger.kernel.org # 3.2+ Signed-off-by: Josef Bacik <jbacik(a)fb.com> [Omar: new commit message] Signed-off-by: Omar Sandoval <osandov(a)fb.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index 4955e04da4c8..472457795486 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -6021,32 +6021,6 @@ static int btrfs_real_readdir(struct file *file, struct dir_context *ctx) return ret; } -int btrfs_write_inode(struct inode *inode, struct writeback_control *wbc) -{ - struct btrfs_root *root = BTRFS_I(inode)->root; - struct btrfs_trans_handle *trans; - int ret = 0; - bool nolock = false; - - if (test_bit(BTRFS_INODE_DUMMY, &BTRFS_I(inode)->runtime_flags)) - return 0; - - if (btrfs_fs_closing(root->fs_info) && - btrfs_is_free_space_inode(BTRFS_I(inode))) - nolock = true; - - if (wbc->sync_mode == WB_SYNC_ALL) { - if (nolock) - trans = btrfs_join_transaction_nolock(root); - else - trans = btrfs_join_transaction(root); - if (IS_ERR(trans)) - return PTR_ERR(trans); - ret = btrfs_commit_transaction(trans); - } - return ret; -} - /* * This is somewhat expensive, updating the tree every time the * inode changes. But, it is most likely to find the inode in cache. diff --git a/fs/btrfs/super.c b/fs/btrfs/super.c index efe8b03ce380..67de3c0fc85b 100644 --- a/fs/btrfs/super.c +++ b/fs/btrfs/super.c @@ -2344,7 +2344,6 @@ static const struct super_operations btrfs_super_ops = { .sync_fs = btrfs_sync_fs, .show_options = btrfs_show_options, .show_devname = btrfs_show_devname, - .write_inode = btrfs_write_inode, .alloc_inode = btrfs_alloc_inode, .destroy_inode = btrfs_destroy_inode, .statfs = btrfs_statfs,

7 years, 3 months

1
0
0 0

[gregkh@linuxfoundation.org: Patch "drm: re-enable error handling" has been added to the 3.18-stable tree]

by Nicholas Mc Guire

Hi ! this is also the wrong version of the patch - the proper version is below. This has been posted to lkml https://lkml.org/lkml/2018/7/18/191 "[PATCH V3] drm: handle error values properly" but there was no review yet The version you have here though is for sure broken. So maybe this should be simply dropped until the above, presumably correct fix, is confirmed. thx! hofrat ----- Forwarded message from gregkh(a)linuxfoundation.org ----- Date: Tue, 28 Aug 2018 16:09:59 +0200 From: gregkh(a)linuxfoundation.org To: 1531571532-22733-1-git-send-email-hofrat(a)osadl.org, alexander.levin(a)microsoft.com, gregkh(a)linuxfoundation.org, hofrat(a)osadl.org, seanpaul(a)chromium.org Cc: stable-commits(a)vger.kernel.org Subject: Patch "drm: re-enable error handling" has been added to the 3.18-stable tree This is a note to let you know that I've just added the patch titled drm: re-enable error handling to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: drm-re-enable-error-handling.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Aug 28 16:08:28 CEST 2018 From: Nicholas Mc Guire <hofrat(a)osadl.org> Date: Sat, 14 Jul 2018 14:32:12 +0200 Subject: drm: re-enable error handling From: Nicholas Mc Guire <hofrat(a)osadl.org> [ Upstream commit d530b5f1ca0bb66958a2b714bebe40a1248b9c15 ] drm_legacy_ctxbitmap_next() returns idr_alloc() which can return -ENOMEM, -EINVAL or -ENOSPC none of which are -1 . but the call sites of drm_legacy_ctxbitmap_next() seem to be assuming that the error case would be -1 (original return of drm_ctxbitmap_next() prior to 2.6.23 was actually -1). Thus reenable error handling by checking for < 0. Signed-off-by: Nicholas Mc Guire <hofrat(a)osadl.org> Fixes: 62968144e673 ("drm: convert drm context code to use Linux idr") Signed-off-by: Sean Paul <seanpaul(a)chromium.org> Link: https://patchwork.freedesktop.org/patch/msgid/1531571532-22733-1-git-send-e… Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/gpu/drm/drm_context.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/gpu/drm/drm_context.c +++ b/drivers/gpu/drm/drm_context.c @@ -341,7 +341,7 @@ int drm_legacy_addctx(struct drm_device ctx->handle = drm_legacy_ctxbitmap_next(dev); } DRM_DEBUG("%d\n", ctx->handle); - if (ctx->handle == -1) { + if (ctx->handle < 0) { DRM_DEBUG("Not enough free contexts.\n"); /* Should this return -EBUSY instead? */ return -ENOMEM; Patches currently in stable-queue which might be from hofrat(a)osadl.org are queue-3.18/drm-re-enable-error-handling.patch queue-3.18/can-mpc5xxx_can-check-of_iomap-return-before-use.patch ----- End forwarded message -----

7 years, 3 months

2
1
0 0

[PATCH] x86/nmi: Fix some races in NMI uaccess

by Andy Lutomirski

In NMI context, we might be in the middle of context switching or in the middle of switch_mm_irqs_off(). In either case, CR3 might not match current->mm, which could cause copy_from_user_nmi() and friends to read the wrong memory. Fix it by adding a new nmi_uaccess_okay() helper and checking it in copy_from_user_nmi() and in __copy_from_user_nmi()'s callers. Cc: stable(a)vger.kernel.org Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Nadav Amit <nadav.amit(a)gmail.com> Signed-off-by: Andy Lutomirski <luto(a)kernel.org> --- The 0day bot is still chewing on this, but I've tested it a bit locally and it seems to do the right thing. I've never observed the bug it fixes, but it does appear to fix a bug unless I've missed something. It's also a prerequisite for Nadav's fixmap bugfix. arch/x86/events/core.c | 2 +- arch/x86/include/asm/tlbflush.h | 16 ++++++++++++++++ arch/x86/lib/usercopy.c | 5 +++++ arch/x86/mm/tlb.c | 3 +++ 4 files changed, 25 insertions(+), 1 deletion(-) diff --git a/arch/x86/events/core.c b/arch/x86/events/core.c index 5f4829f10129..dfb2f7c0d019 100644 --- a/arch/x86/events/core.c +++ b/arch/x86/events/core.c @@ -2465,7 +2465,7 @@ perf_callchain_user(struct perf_callchain_entry_ctx *entry, struct pt_regs *regs perf_callchain_store(entry, regs->ip); - if (!current->mm) + if (!nmi_uaccess_okay()) return; if (perf_callchain_user32(regs, entry)) diff --git a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h index 89a73bc31622..b23b2625793b 100644 --- a/arch/x86/include/asm/tlbflush.h +++ b/arch/x86/include/asm/tlbflush.h @@ -230,6 +230,22 @@ struct tlb_state { }; DECLARE_PER_CPU_SHARED_ALIGNED(struct tlb_state, cpu_tlbstate); +/* + * Blindly accessing user memory from NMI context can be dangerous + * if we're in the middle of switching the current user task or + * switching the loaded mm. It can also be dangerous if we + * interrupted some kernel code that was temporarily using a + * different mm. + */ +static inline bool nmi_uaccess_okay(void) +{ + struct mm_struct *loaded_mm = this_cpu_read(cpu_tlbstate.loaded_mm); + struct mm_struct *current_mm = current->mm; + + return current_mm && loaded_mm == current_mm && + loaded_mm->pgd == __va(read_cr3_pa()); +} + /* Initialize cr4 shadow for this CPU. */ static inline void cr4_init_shadow(void) { diff --git a/arch/x86/lib/usercopy.c b/arch/x86/lib/usercopy.c index c8c6ad0d58b8..3f435d7fca5e 100644 --- a/arch/x86/lib/usercopy.c +++ b/arch/x86/lib/usercopy.c @@ -7,6 +7,8 @@ #include <linux/uaccess.h> #include <linux/export.h> +#include <asm/tlbflush.h> + /* * We rely on the nested NMI work to allow atomic faults from the NMI path; the * nested NMI paths are careful to preserve CR2. @@ -19,6 +21,9 @@ copy_from_user_nmi(void *to, const void __user *from, unsigned long n) if (__range_not_ok(from, n, TASK_SIZE)) return n; + if (!nmi_uaccess_okay()) + return n; + /* * Even though this function is typically called from NMI/IRQ context * disable pagefaults so that its behaviour is consistent even when diff --git a/arch/x86/mm/tlb.c b/arch/x86/mm/tlb.c index 457b281b9339..f4b41d5a93dd 100644 --- a/arch/x86/mm/tlb.c +++ b/arch/x86/mm/tlb.c @@ -345,6 +345,9 @@ void switch_mm_irqs_off(struct mm_struct *prev, struct mm_struct *next, */ trace_tlb_flush_rcuidle(TLB_FLUSH_ON_TASK_SWITCH, TLB_FLUSH_ALL); } else { + /* Let NMI code know that CR3 may not match expectations. */ + this_cpu_write(cpu_tlbstate.loaded_mm, NULL); + /* The new ASID is already up to date. */ load_new_mm_cr3(next->pgd, new_asid, false); -- 2.17.1

7 years, 3 months

3
12
0 0

Applied "regulator: bd71837: Disable voltage monitoring for LDO3/4" to the regulator tree

by Mark Brown

The patch regulator: bd71837: Disable voltage monitoring for LDO3/4 has been applied to the regulator tree at https://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator.git All being well this means that it will be integrated into the linux-next tree (usually sometime in the next 24 hours) and sent to Linus during the next merge window (or sooner if it is a bug fix), however if problems are discovered then the patch may be dropped or reverted. You may get further e-mails resulting from automated or manual testing and review of the tree, please engage with people reporting problems and send followup patches addressing any issues that are reported if needed. If any updates are required or you are submitting further changes they should be sent as incremental updates against current git, existing patches will not be replaced. Please add any relevant lists and maintainers to the CCs when replying to this mail. Thanks, Mark >From 823f18f8b860526fc099c222619a126d57d2ad8c Mon Sep 17 00:00:00 2001 From: Matti Vaittinen <matti.vaittinen(a)fi.rohmeurope.com> Date: Wed, 29 Aug 2018 15:36:10 +0300 Subject: [PATCH] regulator: bd71837: Disable voltage monitoring for LDO3/4 There is a HW quirk in BD71837. The shutdown sequence timings for bucks/LDOs which are enabled via register interface are changed. At PMIC poweroff the voltage for BUCK6/7 is cut immediately at the beginning of shut-down sequence. This causes LDO5/6 voltage monitoring to detect under voltage and force PMIC to emergency state instead of poweroff. Disable voltage monitoring for LDO5 and LDO6 at probe to avoid this. Signed-off-by: Matti Vaittinen <matti.vaittinen(a)fi.rohmeurope.com> Signed-off-by: Mark Brown <broonie(a)kernel.org> Cc: stable(a)vger.kernel.org --- drivers/regulator/bd71837-regulator.c | 19 +++++++++++++++ include/linux/mfd/rohm-bd718x7.h | 33 ++++++++++++++++++++++++--- 2 files changed, 49 insertions(+), 3 deletions(-) diff --git a/drivers/regulator/bd71837-regulator.c b/drivers/regulator/bd71837-regulator.c index 0f8ac8dec3e1..a1bd8aaf4d98 100644 --- a/drivers/regulator/bd71837-regulator.c +++ b/drivers/regulator/bd71837-regulator.c @@ -569,6 +569,25 @@ static int bd71837_probe(struct platform_device *pdev) BD71837_REG_REGLOCK); } + /* + * There is a HW quirk in BD71837. The shutdown sequence timings for + * bucks/LDOs which are controlled via register interface are changed. + * At PMIC poweroff the voltage for BUCK6/7 is cut immediately at the + * beginning of shut-down sequence. As bucks 6 and 7 are parent + * supplies for LDO5 and LDO6 - this causes LDO5/6 voltage + * monitoring to errorneously detect under voltage and force PMIC to + * emergency state instead of poweroff. In order to avoid this we + * disable voltage monitoring for LDO5 and LDO6 + */ + err = regmap_update_bits(pmic->mfd->regmap, BD718XX_REG_MVRFLTMASK2, + BD718XX_LDO5_VRMON80 | BD718XX_LDO6_VRMON80, + BD718XX_LDO5_VRMON80 | BD718XX_LDO6_VRMON80); + if (err) { + dev_err(&pmic->pdev->dev, + "Failed to disable voltage monitoring\n"); + goto err; + } + for (i = 0; i < ARRAY_SIZE(pmic_regulator_inits); i++) { struct regulator_desc *desc; diff --git a/include/linux/mfd/rohm-bd718x7.h b/include/linux/mfd/rohm-bd718x7.h index a528747f8aed..e8338e5dc10b 100644 --- a/include/linux/mfd/rohm-bd718x7.h +++ b/include/linux/mfd/rohm-bd718x7.h @@ -78,9 +78,9 @@ enum { BD71837_REG_TRANS_COND0 = 0x1F, BD71837_REG_TRANS_COND1 = 0x20, BD71837_REG_VRFAULTEN = 0x21, - BD71837_REG_MVRFLTMASK0 = 0x22, - BD71837_REG_MVRFLTMASK1 = 0x23, - BD71837_REG_MVRFLTMASK2 = 0x24, + BD718XX_REG_MVRFLTMASK0 = 0x22, + BD718XX_REG_MVRFLTMASK1 = 0x23, + BD718XX_REG_MVRFLTMASK2 = 0x24, BD71837_REG_RCVCFG = 0x25, BD71837_REG_RCVNUM = 0x26, BD71837_REG_PWRONCONFIG0 = 0x27, @@ -159,6 +159,33 @@ enum { #define BUCK8_MASK 0x3F #define BUCK8_DEFAULT 0x1E +/* BD718XX Voltage monitoring masks */ +#define BD718XX_BUCK1_VRMON80 0x1 +#define BD718XX_BUCK1_VRMON130 0x2 +#define BD718XX_BUCK2_VRMON80 0x4 +#define BD718XX_BUCK2_VRMON130 0x8 +#define BD718XX_1ST_NODVS_BUCK_VRMON80 0x1 +#define BD718XX_1ST_NODVS_BUCK_VRMON130 0x2 +#define BD718XX_2ND_NODVS_BUCK_VRMON80 0x4 +#define BD718XX_2ND_NODVS_BUCK_VRMON130 0x8 +#define BD718XX_3RD_NODVS_BUCK_VRMON80 0x10 +#define BD718XX_3RD_NODVS_BUCK_VRMON130 0x20 +#define BD718XX_4TH_NODVS_BUCK_VRMON80 0x40 +#define BD718XX_4TH_NODVS_BUCK_VRMON130 0x80 +#define BD718XX_LDO1_VRMON80 0x1 +#define BD718XX_LDO2_VRMON80 0x2 +#define BD718XX_LDO3_VRMON80 0x4 +#define BD718XX_LDO4_VRMON80 0x8 +#define BD718XX_LDO5_VRMON80 0x10 +#define BD718XX_LDO6_VRMON80 0x20 + +/* BD71837 specific voltage monitoring masks */ +#define BD71837_BUCK3_VRMON80 0x10 +#define BD71837_BUCK3_VRMON130 0x20 +#define BD71837_BUCK4_VRMON80 0x40 +#define BD71837_BUCK4_VRMON130 0x80 +#define BD71837_LDO7_VRMON80 0x40 + /* BD71837_REG_IRQ bits */ #define IRQ_SWRST 0x40 #define IRQ_PWRON_S 0x20 -- 2.18.0

7 years, 3 months

1
0
0 0

[PATCH v3 2/2] btrfs: Ensure btrfs_trim_fs can trim the whole fs

by Qu Wenruo

[BUG] fstrim on some btrfs only trims the unallocated space, not trimming any space in existing block groups. [CAUSE] Before fstrim_range passed to btrfs_trim_fs(), it get truncated to range [0, super->total_bytes). So later btrfs_trim_fs() will only be able to trim block groups in range [0, super->total_bytes). While for btrfs, any bytenr aligned to sector size is valid, since btrfs use its logical address space, there is nothing limiting the location where we put block groups. For btrfs with routine balance, it's quite easy to relocate all block groups and bytenr of block groups will start beyond super->total_bytes. In that case, btrfs will not trim existing block groups. [FIX] Just remove the truncation in btrfs_ioctl_fitrim(), so btrfs_trim_fs() can get the unmodified range, which is normally set to [0, U64_MAX]. Reported-by: Chris Murphy <lists(a)colorremedies.com> Fixes: f4c697e6406d ("btrfs: return EINVAL if start > total_bytes in fitrim ioctl") Cc: <stable(a)vger.kernel.org> # v4.0+ Signed-off-by: Qu Wenruo <wqu(a)suse.com> --- fs/btrfs/extent-tree.c | 10 +--------- fs/btrfs/ioctl.c | 11 +++++++---- 2 files changed, 8 insertions(+), 13 deletions(-) diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c index 7768f206196a..d1478d66c7a5 100644 --- a/fs/btrfs/extent-tree.c +++ b/fs/btrfs/extent-tree.c @@ -10851,21 +10851,13 @@ int btrfs_trim_fs(struct btrfs_fs_info *fs_info, struct fstrim_range *range) u64 start; u64 end; u64 trimmed = 0; - u64 total_bytes = btrfs_super_total_bytes(fs_info->super_copy); u64 bg_failed = 0; u64 dev_failed = 0; int bg_ret = 0; int dev_ret = 0; int ret = 0; - /* - * try to trim all FS space, our block group may start from non-zero. - */ - if (range->len == total_bytes) - cache = btrfs_lookup_first_block_group(fs_info, range->start); - else - cache = btrfs_lookup_block_group(fs_info, range->start); - + cache = btrfs_lookup_first_block_group(fs_info, range->start); for (; cache; cache = next_block_group(fs_info, cache)) { if (cache->key.objectid >= (range->start + range->len)) { btrfs_put_block_group(cache); diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c index 63600dc2ac4c..8165a4bfa579 100644 --- a/fs/btrfs/ioctl.c +++ b/fs/btrfs/ioctl.c @@ -491,7 +491,6 @@ static noinline int btrfs_ioctl_fitrim(struct file *file, void __user *arg) struct fstrim_range range; u64 minlen = ULLONG_MAX; u64 num_devices = 0; - u64 total_bytes = btrfs_super_total_bytes(fs_info->super_copy); int ret; if (!capable(CAP_SYS_ADMIN)) @@ -515,11 +514,15 @@ static noinline int btrfs_ioctl_fitrim(struct file *file, void __user *arg) return -EOPNOTSUPP; if (copy_from_user(&range, arg, sizeof(range))) return -EFAULT; - if (range.start > total_bytes || - range.len < fs_info->sb->s_blocksize) + + /* + * NOTE: Don't truncate the range using super->total_bytes. + * Bytenr of btrfs block group is in btrfs logical address space, + * which can be any sector size aligned bytenr in [0, U64_MAX]. + */ + if (range.len < fs_info->sb->s_blocksize) return -EINVAL; - range.len = min(range.len, total_bytes - range.start); range.minlen = max(range.minlen, minlen); ret = btrfs_trim_fs(fs_info, &range); if (ret < 0) -- 2.18.0

7 years, 3 months

2
1
0 0

[PATCH] cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status

by Scott Bauer

Like d88b6d04: "cdrom: information leak in cdrom_ioctl_media_changed()" There is another cast from unsigned long to int which causes a bounds check to fail with specially crafted input. The value is then used as an index in the slot array in cdrom_slot_status(). Signed-off-by: Scott Bauer <scott.bauer(a)intel.com> Signed-off-by: Scott Bauer <sbauer(a)plzdonthack.me> Cc: stable(a)vger.kernel.org --- drivers/cdrom/cdrom.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/cdrom/cdrom.c b/drivers/cdrom/cdrom.c index bfc566d3f31a..8cfa10ab7abc 100644 --- a/drivers/cdrom/cdrom.c +++ b/drivers/cdrom/cdrom.c @@ -2542,7 +2542,7 @@ static int cdrom_ioctl_drive_status(struct cdrom_device_info *cdi, if (!CDROM_CAN(CDC_SELECT_DISC) || (arg == CDSL_CURRENT || arg == CDSL_NONE)) return cdi->ops->drive_status(cdi, CDSL_CURRENT); - if (((int)arg >= cdi->capacity)) + if (arg >= cdi->capacity) return -EINVAL; return cdrom_slot_status(cdi, arg); } -- 2.14.1

7 years, 3 months

3
3
0 0

reboot on wandboard fails with v4.14.67 (bisected to 2059e527a6)

by Rasmus Villemoes

We're using imx_v6_v7_defconfig on our Wandboards. After upgrading to v4.14.67, reboot no longer works (or, well, takes a very long time when the watchdog is configured). v4.14.66 works fine, the breakage bisects to 2059e527a659cf16d6bb709f1c8509f7a7623fc4 (ARM: imx_v6_v7_defconfig: Select ULPI support), and reverting that on top of v4.14.67 again works. Rasmus

7 years, 3 months

1
2
0 0

[PATCH v2 1/3] x86/mm: Restructure sme_encrypt_kernel()

by Brijesh Singh

Re-arrange the sme_encrypt_kernel() by moving the workarea map/unmap logic in a separate static function. There are no logical changes in this patch. The restructuring will allow us to expand the sme_encrypt_kernel in future. Signed-off-by: Brijesh Singh <brijesh.singh(a)amd.com> Cc: stable(a)vger.kernel.org Cc: Tom Lendacky <thomas.lendacky(a)amd.com> Cc: kvm(a)vger.kernel.org Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Borislav Petkov <bp(a)suse.de> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: linux-kernel(a)vger.kernel.org Cc: Paolo Bonzini <pbonzini(a)redhat.com> Cc: Sean Christopherson <sean.j.christopherson(a)intel.com> Cc: kvm(a)vger.kernel.org Cc: "Radim Krčmář" <rkrcmar(a)redhat.com> --- arch/x86/mm/mem_encrypt_identity.c | 160 ++++++++++++++++++++++++------------- 1 file changed, 104 insertions(+), 56 deletions(-) diff --git a/arch/x86/mm/mem_encrypt_identity.c b/arch/x86/mm/mem_encrypt_identity.c index 7ae3686..bf6097e 100644 --- a/arch/x86/mm/mem_encrypt_identity.c +++ b/arch/x86/mm/mem_encrypt_identity.c @@ -72,6 +72,22 @@ struct sme_populate_pgd_data { unsigned long vaddr_end; }; +struct sme_workarea_data { + unsigned long kernel_start; + unsigned long kernel_end; + unsigned long kernel_len; + + unsigned long initrd_start; + unsigned long initrd_end; + unsigned long initrd_len; + + unsigned long workarea_start; + unsigned long workarea_end; + unsigned long workarea_len; + + unsigned long decrypted_base; +}; + static char sme_cmdline_arg[] __initdata = "mem_encrypt"; static char sme_cmdline_on[] __initdata = "on"; static char sme_cmdline_off[] __initdata = "off"; @@ -266,19 +282,17 @@ static unsigned long __init sme_pgtable_calc(unsigned long len) return entries + tables; } -void __init sme_encrypt_kernel(struct boot_params *bp) +static void __init build_workarea_map(struct boot_params *bp, + struct sme_workarea_data *wa, + struct sme_populate_pgd_data *ppd) { unsigned long workarea_start, workarea_end, workarea_len; unsigned long execute_start, execute_end, execute_len; unsigned long kernel_start, kernel_end, kernel_len; unsigned long initrd_start, initrd_end, initrd_len; - struct sme_populate_pgd_data ppd; unsigned long pgtable_area_len; unsigned long decrypted_base; - if (!sme_active()) - return; - /* * Prepare for encrypting the kernel and initrd by building new * pagetables with the necessary attributes needed to encrypt the @@ -358,17 +372,17 @@ void __init sme_encrypt_kernel(struct boot_params *bp) * pagetables and when the new encrypted and decrypted kernel * mappings are populated. */ - ppd.pgtable_area = (void *)execute_end; + ppd->pgtable_area = (void *)execute_end; /* * Make sure the current pagetable structure has entries for * addressing the workarea. */ - ppd.pgd = (pgd_t *)native_read_cr3_pa(); - ppd.paddr = workarea_start; - ppd.vaddr = workarea_start; - ppd.vaddr_end = workarea_end; - sme_map_range_decrypted(&ppd); + ppd->pgd = (pgd_t *)native_read_cr3_pa(); + ppd->paddr = workarea_start; + ppd->vaddr = workarea_start; + ppd->vaddr_end = workarea_end; + sme_map_range_decrypted(ppd); /* Flush the TLB - no globals so cr3 is enough */ native_write_cr3(__native_read_cr3()); @@ -379,9 +393,9 @@ void __init sme_encrypt_kernel(struct boot_params *bp) * then be populated with new PUDs and PMDs as the encrypted and * decrypted kernel mappings are created. */ - ppd.pgd = ppd.pgtable_area; - memset(ppd.pgd, 0, sizeof(pgd_t) * PTRS_PER_PGD); - ppd.pgtable_area += sizeof(pgd_t) * PTRS_PER_PGD; + ppd->pgd = ppd->pgtable_area; + memset(ppd->pgd, 0, sizeof(pgd_t) * PTRS_PER_PGD); + ppd->pgtable_area += sizeof(pgd_t) * PTRS_PER_PGD; /* * A different PGD index/entry must be used to get different @@ -399,75 +413,109 @@ void __init sme_encrypt_kernel(struct boot_params *bp) decrypted_base <<= PGDIR_SHIFT; /* Add encrypted kernel (identity) mappings */ - ppd.paddr = kernel_start; - ppd.vaddr = kernel_start; - ppd.vaddr_end = kernel_end; - sme_map_range_encrypted(&ppd); + ppd->paddr = kernel_start; + ppd->vaddr = kernel_start; + ppd->vaddr_end = kernel_end; + sme_map_range_encrypted(ppd); /* Add decrypted, write-protected kernel (non-identity) mappings */ - ppd.paddr = kernel_start; - ppd.vaddr = kernel_start + decrypted_base; - ppd.vaddr_end = kernel_end + decrypted_base; - sme_map_range_decrypted_wp(&ppd); + ppd->paddr = kernel_start; + ppd->vaddr = kernel_start + decrypted_base; + ppd->vaddr_end = kernel_end + decrypted_base; + sme_map_range_decrypted_wp(ppd); if (initrd_len) { /* Add encrypted initrd (identity) mappings */ - ppd.paddr = initrd_start; - ppd.vaddr = initrd_start; - ppd.vaddr_end = initrd_end; - sme_map_range_encrypted(&ppd); + ppd->paddr = initrd_start; + ppd->vaddr = initrd_start; + ppd->vaddr_end = initrd_end; + sme_map_range_encrypted(ppd); /* * Add decrypted, write-protected initrd (non-identity) mappings */ - ppd.paddr = initrd_start; - ppd.vaddr = initrd_start + decrypted_base; - ppd.vaddr_end = initrd_end + decrypted_base; - sme_map_range_decrypted_wp(&ppd); + ppd->paddr = initrd_start; + ppd->vaddr = initrd_start + decrypted_base; + ppd->vaddr_end = initrd_end + decrypted_base; + sme_map_range_decrypted_wp(ppd); } /* Add decrypted workarea mappings to both kernel mappings */ - ppd.paddr = workarea_start; - ppd.vaddr = workarea_start; - ppd.vaddr_end = workarea_end; - sme_map_range_decrypted(&ppd); + ppd->paddr = workarea_start; + ppd->vaddr = workarea_start; + ppd->vaddr_end = workarea_end; + sme_map_range_decrypted(ppd); - ppd.paddr = workarea_start; - ppd.vaddr = workarea_start + decrypted_base; - ppd.vaddr_end = workarea_end + decrypted_base; - sme_map_range_decrypted(&ppd); + ppd->paddr = workarea_start; + ppd->vaddr = workarea_start + decrypted_base; + ppd->vaddr_end = workarea_end + decrypted_base; + sme_map_range_decrypted(ppd); - /* Perform the encryption */ - sme_encrypt_execute(kernel_start, kernel_start + decrypted_base, - kernel_len, workarea_start, (unsigned long)ppd.pgd); + wa->kernel_start = kernel_start; + wa->kernel_end = kernel_end; + wa->kernel_len = kernel_len; - if (initrd_len) - sme_encrypt_execute(initrd_start, initrd_start + decrypted_base, - initrd_len, workarea_start, - (unsigned long)ppd.pgd); + wa->initrd_start = initrd_start; + wa->initrd_end = initrd_end; + wa->initrd_len = initrd_len; + + wa->workarea_start = workarea_start; + wa->workarea_end = workarea_end; + wa->workarea_len = workarea_len; + + wa->decrypted_base = decrypted_base; +} +static void __init remove_workarea_map(struct sme_workarea_data *wa, + struct sme_populate_pgd_data *ppd) +{ /* * At this point we are running encrypted. Remove the mappings for * the decrypted areas - all that is needed for this is to remove * the PGD entry/entries. */ - ppd.vaddr = kernel_start + decrypted_base; - ppd.vaddr_end = kernel_end + decrypted_base; - sme_clear_pgd(&ppd); - - if (initrd_len) { - ppd.vaddr = initrd_start + decrypted_base; - ppd.vaddr_end = initrd_end + decrypted_base; - sme_clear_pgd(&ppd); + ppd->vaddr = wa->kernel_start + wa->decrypted_base; + ppd->vaddr_end = wa->kernel_end + wa->decrypted_base; + sme_clear_pgd(ppd); + + if (wa->initrd_len) { + ppd->vaddr = wa->initrd_start + wa->decrypted_base; + ppd->vaddr_end = wa->initrd_end + wa->decrypted_base; + sme_clear_pgd(ppd); } - ppd.vaddr = workarea_start + decrypted_base; - ppd.vaddr_end = workarea_end + decrypted_base; - sme_clear_pgd(&ppd); + ppd->vaddr = wa->workarea_start + wa->decrypted_base; + ppd->vaddr_end = wa->workarea_end + wa->decrypted_base; + sme_clear_pgd(ppd); /* Flush the TLB - no globals so cr3 is enough */ native_write_cr3(__native_read_cr3()); } +void __init sme_encrypt_kernel(struct boot_params *bp) +{ + struct sme_populate_pgd_data ppd; + struct sme_workarea_data wa; + + if (!sme_active()) + return; + + build_workarea_map(bp, &wa, &ppd); + + /* When SEV is active, encrypt kernel and initrd */ + sme_encrypt_execute(wa.kernel_start, + wa.kernel_start + wa.decrypted_base, + wa.kernel_len, wa.workarea_start, + (unsigned long)ppd.pgd); + + if (wa.initrd_len) + sme_encrypt_execute(wa.initrd_start, + wa.initrd_start + wa.decrypted_base, + wa.initrd_len, wa.workarea_start, + (unsigned long)ppd.pgd); + + remove_workarea_map(&wa, &ppd); +} + void __init sme_enable(struct boot_params *bp) { const char *cmdline_ptr, *cmdline_arg, *cmdline_on, *cmdline_off; -- 2.7.4

7 years, 3 months

2
1
0 0

Applied "spi: spi-fsl-dspi: fix broken DSPI_EOQ_MODE" to the spi tree

by Mark Brown

The patch spi: spi-fsl-dspi: fix broken DSPI_EOQ_MODE has been applied to the spi tree at https://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi.git All being well this means that it will be integrated into the linux-next tree (usually sometime in the next 24 hours) and sent to Linus during the next merge window (or sooner if it is a bug fix), however if problems are discovered then the patch may be dropped or reverted. You may get further e-mails resulting from automated or manual testing and review of the tree, please engage with people reporting problems and send followup patches addressing any issues that are reported if needed. If any updates are required or you are submitting further changes they should be sent as incremental updates against current git, existing patches will not be replaced. Please add any relevant lists and maintainers to the CCs when replying to this mail. Thanks, Mark >From 5223c9c1cbfc0cd4d0a1b50758e0949af3290fa1 Mon Sep 17 00:00:00 2001 From: Angelo Dureghello <angelo(a)sysam.it> Date: Sat, 18 Aug 2018 01:51:58 +0200 Subject: [PATCH] spi: spi-fsl-dspi: fix broken DSPI_EOQ_MODE This patch fixes the dspi_eoq_write function used by the ColdFire mcf5441x family. The 16 bit cmd part must be re-set at each data transfer. Also, now that fifo_size variables are used for eoq_read/write, a proper fifo size must be set (16 slots for the ColdFire dspi module version). Signed-off-by: Angelo Dureghello <angelo(a)sysam.it> Acked-by: Esben Haabendal <esben(a)haabendal.dk> Signed-off-by: Mark Brown <broonie(a)kernel.org> Cc: stable(a)vger.kernel.org --- drivers/spi/spi-fsl-dspi.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/spi/spi-fsl-dspi.c b/drivers/spi/spi-fsl-dspi.c index 7cb3ab0a35a0..3082e72e4f6c 100644 --- a/drivers/spi/spi-fsl-dspi.c +++ b/drivers/spi/spi-fsl-dspi.c @@ -30,7 +30,11 @@ #define DRIVER_NAME "fsl-dspi" +#ifdef CONFIG_M5441x +#define DSPI_FIFO_SIZE 16 +#else #define DSPI_FIFO_SIZE 4 +#endif #define DSPI_DMA_BUFSIZE (DSPI_FIFO_SIZE * 1024) #define SPI_MCR 0x00 @@ -623,9 +627,11 @@ static void dspi_tcfq_read(struct fsl_dspi *dspi) static void dspi_eoq_write(struct fsl_dspi *dspi) { int fifo_size = DSPI_FIFO_SIZE; + u16 xfer_cmd = dspi->tx_cmd; /* Fill TX FIFO with as many transfers as possible */ while (dspi->len && fifo_size--) { + dspi->tx_cmd = xfer_cmd; /* Request EOQF for last transfer in FIFO */ if (dspi->len == dspi->bytes_per_word || fifo_size == 0) dspi->tx_cmd |= SPI_PUSHR_CMD_EOQ; -- 2.18.0

7 years, 3 months

1
0
0 0

Please apply commit d1e20222d537 to 4.14.y and 4.18.y

by Jitendra Bhivare

Subject of the patch: iommu/arm-smmu: Error out only if not enough context interrupts Commit ID: 42b88ec6530fd76f1ae06de7f09830bcbca5bbd6 Why: ARM SMMU does not initialize for Broadcom Stingray SoC if bootloader reserves few contexts. Kernel should not error out if there are enough context interrupts. Patch

7 years, 3 months

1
0
0 0

Profil.

by Thomas Weber

Sehr geehrte Damen und Herren. Nachdem wir Ihre Webseite besucht und das Profil Ihrer Geschäftstätigkeit analysiert haben, wissen wir schon, wie Sie neue Kunden ab sofort gewinnen können. Wir verfügen über mehr als 100 000 Adressenangaben der potentiellen Kunden. Diese Daten wurden nach Branchen gegliedert. http://www.gbc-at.net/?page=catalog *** 1. Österreich 2018 ( 104 000 ) - 149 EUR ( bis zum 29.08.2018 ) *** Bitte informieren Sie sich über die weiteren Details einmal unverbindlich auf unseren Webseite: http://www.gbc-at.net/?page=catalog Die Adressensortierung je nach der Branche findet KOSTENLOS im beigelegten DataManager-Programm statt. Zusätzlich bieten wir KOSTENLOS das Tool zum automatischen Verschicken der Angebote an. MfG Thomas Weber GC-Team

7 years, 3 months

1
0
0 0

[PATCH] drm/i915/gvt: move intel_runtime_pm_get out of spin_lock in stop_schedule

by hang.yuan＠linux.intel.com

From: Hang Yuan <hang.yuan(a)linux.intel.com> pm_runtime_get_sync in intel_runtime_pm_get might sleep if i915 device is not active. When stop vgpu schedule, the device may be inactive. So need to move runtime_pm_get out of spin_lock/unlock. Fixes: b24881e0b0b6("drm/i915/gvt: Add runtime_pm_get/put into gvt_switch_mmio Cc: <stable(a)vger.kernel.org> Signed-off-by: Hang Yuan <hang.yuan(a)linux.intel.com> Signed-off-by: Xiong Zhang <xiong.y.zhang(a)intel.com> --- drivers/gpu/drm/i915/gvt/mmio_context.c | 2 -- drivers/gpu/drm/i915/gvt/sched_policy.c | 3 +++ 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/i915/gvt/mmio_context.c b/drivers/gpu/drm/i915/gvt/mmio_context.c index 7e702c6..10e63ee 100644 --- a/drivers/gpu/drm/i915/gvt/mmio_context.c +++ b/drivers/gpu/drm/i915/gvt/mmio_context.c @@ -549,11 +549,9 @@ void intel_gvt_switch_mmio(struct intel_vgpu *pre, * performace for batch mmio read/write, so we need * handle forcewake mannually. */ - intel_runtime_pm_get(dev_priv); intel_uncore_forcewake_get(dev_priv, FORCEWAKE_ALL); switch_mmio(pre, next, ring_id); intel_uncore_forcewake_put(dev_priv, FORCEWAKE_ALL); - intel_runtime_pm_put(dev_priv); } /** diff --git a/drivers/gpu/drm/i915/gvt/sched_policy.c b/drivers/gpu/drm/i915/gvt/sched_policy.c index 09d7bb7..985fe81 100644 --- a/drivers/gpu/drm/i915/gvt/sched_policy.c +++ b/drivers/gpu/drm/i915/gvt/sched_policy.c @@ -426,6 +426,7 @@ void intel_vgpu_stop_schedule(struct intel_vgpu *vgpu) &vgpu->gvt->scheduler; int ring_id; struct vgpu_sched_data *vgpu_data = vgpu->sched_data; + struct drm_i915_private *dev_priv = vgpu->gvt->dev_priv; if (!vgpu_data->active) return; @@ -444,6 +445,7 @@ void intel_vgpu_stop_schedule(struct intel_vgpu *vgpu) scheduler->current_vgpu = NULL; } + intel_runtime_pm_get(dev_priv); spin_lock_bh(&scheduler->mmio_context_lock); for (ring_id = 0; ring_id < I915_NUM_ENGINES; ring_id++) { if (scheduler->engine_owner[ring_id] == vgpu) { @@ -452,5 +454,6 @@ void intel_vgpu_stop_schedule(struct intel_vgpu *vgpu) } } spin_unlock_bh(&scheduler->mmio_context_lock); + intel_runtime_pm_put(dev_priv); mutex_unlock(&vgpu->gvt->sched_lock); } -- 2.7.4

7 years, 3 months

1
0
0 0

[PATCH] option: Do not try to bind to ADB interfaces

by Romain Izard

Some modems now use the Android Debug Bridge to provide a debugging interface, and some phones can also export serial ports managed by the "option" driver. The ADB daemon running in userspace tries to use USB interfaces with bDeviceClass=0xFF, bDeviceSubClass=0x42, bDeviceProtocol=1 Prevent the option driver from binding to those interfaces, as they will not be serial ports. This can fix issues like: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781256 Signed-off-by: Romain Izard <romain.izard.pro(a)gmail.com> Cc: stable <stable(a)vger.kernel.org> --- drivers/usb/serial/option.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c index 664e61f16b6a..f98943a57ff0 100644 --- a/drivers/usb/serial/option.c +++ b/drivers/usb/serial/option.c @@ -1987,6 +1987,12 @@ static int option_probe(struct usb_serial *serial, if (iface_desc->bInterfaceClass == USB_CLASS_MASS_STORAGE) return -ENODEV; + /* Do not bind Android Debug Bridge interfaces */ + if (iface_desc->bInterfaceClass == USB_CLASS_VENDOR_SPEC && + iface_desc->bInterfaceSubClass == 0x42 && + iface_desc->bInterfaceProtocol == 1) + return -ENODEV; + /* * Don't bind reserved interfaces (like network ones) which often have * the same class/subclass/protocol as the serial interfaces. Look at -- 2.17.1

7 years, 3 months

5
7
0 0

[gregkh@linuxfoundation.org: Patch "drm: re-enable error handling" has been added to the 4.4-stable tree]

by Nicholas Mc Guire

Hi ! this is also the wrong version of the patch - the proper version is below. This has been posted to lkml https://lkml.org/lkml/2018/7/18/191 but there was no review yet - the version you have though is for sure broken. So maybe this should be simply dropped until the fix is confirmed thx! hofrat ----- Forwarded message from gregkh(a)linuxfoundation.org ----- Date: Tue, 28 Aug 2018 16:11:46 +0200 From: gregkh(a)linuxfoundation.org To: 1531571532-22733-1-git-send-email-hofrat(a)osadl.org, alexander.levin(a)microsoft.com, gregkh(a)linuxfoundation.org, hofrat(a)osadl.org, seanpaul(a)chromium.org Cc: stable-commits(a)vger.kernel.org Subject: Patch "drm: re-enable error handling" has been added to the 4.4-stable tree This is a note to let you know that I've just added the patch titled drm: re-enable error handling to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: drm-re-enable-error-handling.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Aug 28 16:10:37 CEST 2018 From: Nicholas Mc Guire <hofrat(a)osadl.org> Date: Sat, 14 Jul 2018 14:32:12 +0200 Subject: drm: re-enable error handling From: Nicholas Mc Guire <hofrat(a)osadl.org> [ Upstream commit d530b5f1ca0bb66958a2b714bebe40a1248b9c15 ] drm_legacy_ctxbitmap_next() returns idr_alloc() which can return -ENOMEM, -EINVAL or -ENOSPC none of which are -1 . but the call sites of drm_legacy_ctxbitmap_next() seem to be assuming that the error case would be -1 (original return of drm_ctxbitmap_next() prior to 2.6.23 was actually -1). Thus reenable error handling by checking for < 0. Signed-off-by: Nicholas Mc Guire <hofrat(a)osadl.org> Fixes: 62968144e673 ("drm: convert drm context code to use Linux idr") Signed-off-by: Sean Paul <seanpaul(a)chromium.org> Link: https://patchwork.freedesktop.org/patch/msgid/1531571532-22733-1-git-send-e… Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/gpu/drm/drm_context.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/gpu/drm/drm_context.c +++ b/drivers/gpu/drm/drm_context.c @@ -372,7 +372,7 @@ int drm_legacy_addctx(struct drm_device ctx->handle = drm_legacy_ctxbitmap_next(dev); } DRM_DEBUG("%d\n", ctx->handle); - if (ctx->handle == -1) { + if (ctx->handle < 0) { DRM_DEBUG("Not enough free contexts.\n"); /* Should this return -EBUSY instead? */ return -ENOMEM; Patches currently in stable-queue which might be from hofrat(a)osadl.org are queue-4.4/drm-re-enable-error-handling.patch queue-4.4/can-mpc5xxx_can-check-of_iomap-return-before-use.patch ----- End forwarded message -----

7 years, 3 months

1
0
0 0

[PATCH] x86/speculation/l1tf: fix off-by-one error when warning that system has too much RAM

by Vlastimil Babka

Two users have reported [1] that they have an "extremely unlikely" system with more than MAX_PA/2 memory and L1TF mitigation is not effective. In fact it's a CPU with 36bits phys limit (64GB) and 32GB memory, but due to holes in the e820 map, the main region is almost 500MB over the 32GB limit: [ 0.000000] BIOS-e820: [mem 0x0000000100000000-0x000000081effffff] usable Suggestions to use 'mem=32G' to prefer L1TF mitigation while losing the 500MB revealed, that there's an off-by-one error in the check in l1tf_select_mitigation(). l1tf_pfn_limit() returns the last usable pfn (inclusive), but it's more common and hopefully less error-prone to return the first pfn that's over limit, so this patch changes that and updates the other callers. [1] https://bugzilla.suse.com/show_bug.cgi?id=1105536 Reported-by: George Anchev <studio(a)anchev.net> Reported-by: Christopher Snowhill <kode54(a)gmail.com> Fixes: 17dbca119312 ("x86/speculation/l1tf: Add sysfs reporting for l1tf") Cc: stable(a)vger.kernel.org Signed-off-by: Vlastimil Babka <vbabka(a)suse.cz> --- arch/x86/include/asm/processor.h | 2 +- arch/x86/mm/init.c | 2 +- arch/x86/mm/mmap.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h index a0a52274cb4a..c24297268ebc 100644 --- a/arch/x86/include/asm/processor.h +++ b/arch/x86/include/asm/processor.h @@ -183,7 +183,7 @@ extern void cpu_detect(struct cpuinfo_x86 *c); static inline unsigned long long l1tf_pfn_limit(void) { - return BIT_ULL(boot_cpu_data.x86_phys_bits - 1 - PAGE_SHIFT) - 1; + return BIT_ULL(boot_cpu_data.x86_phys_bits - 1 - PAGE_SHIFT); } extern void early_cpu_init(void); diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c index 02de3d6065c4..63a6f9fcaf20 100644 --- a/arch/x86/mm/init.c +++ b/arch/x86/mm/init.c @@ -923,7 +923,7 @@ unsigned long max_swapfile_size(void) if (boot_cpu_has_bug(X86_BUG_L1TF)) { /* Limit the swap file size to MAX_PA/2 for L1TF workaround */ - unsigned long long l1tf_limit = l1tf_pfn_limit() + 1; + unsigned long long l1tf_limit = l1tf_pfn_limit(); /* * We encode swap offsets also with 3 bits below those for pfn * which makes the usable limit higher. diff --git a/arch/x86/mm/mmap.c b/arch/x86/mm/mmap.c index f40ab8185d94..1e95d57760cf 100644 --- a/arch/x86/mm/mmap.c +++ b/arch/x86/mm/mmap.c @@ -257,7 +257,7 @@ bool pfn_modify_allowed(unsigned long pfn, pgprot_t prot) /* If it's real memory always allow */ if (pfn_valid(pfn)) return true; - if (pfn > l1tf_pfn_limit() && !capable(CAP_SYS_ADMIN)) + if (pfn >= l1tf_pfn_limit() && !capable(CAP_SYS_ADMIN)) return false; return true; } -- 2.18.0

7 years, 3 months

7
20
0 0

perf/x86/intel/uncore: propose to support IIO free-running counters in 4.14

by Jin, Yao

Hi, The upstream kernel has supported IIO free-running counters on Skylake server. As of Skylake Server, there are a number of free running counters in each IIO Box that collect counts of per-box IO clocks and per-port Input/Output x BW/Utilization. There are three types of IIO free-running counters on Skylake server: 1. IO CLOCKS counter: a clock of IIO box. 2. BANDWIDTH counters: count inbound(PCIe->CPU)/outbound(CPU->PCIe) bandwidth. 3. UTILIZATION counters: count input/output utilization. With these IIO free-running counters, we can get good observation for IIO traffic on Skylake server. For example, we can see the IIO inbound bandwidth (PCIe->CPU). root@skx /sys/devices# perf stat -a -e uncore_iio_free_running_2/bw_in_port0/ ^C Performance counter stats for 'system wide': 153.19 MiB uncore_iio_free_running_2/bw_in_port0/ 8.037701069 seconds time elapsed I propose to backport the patches which support IIO free-running counters to 4.14 stable kernel. perf/x86/intel/uncore: Introduce customized event_read() for client IMC uncore 2da331465f44f9618abe8837d1a68405d550b66e perf/x86/intel/uncore: Add new data structures for free running counters 927b2deb067b8b4753fc09c7a42092f43fc0c1f6 perf/x86/intel/uncore: Add infrastructure for free running counters 0e0162dfcd1fbe4c711ee86f24f966c318999603 perf/x86/intel/uncore: Support IIO free-running counters on SKX 0f519f0352e37e7d71bdce5559517c74a35f6e33 perf/x86/intel/uncore: Expose uncore_pmu_event*() functions 5a6c9d94e9ed7410142bc6fcb638a4db1895aa0c perf/x86/intel/uncore: Clean up client IMC uncore 9aae1780e7e81e54edfb70ba33ead5b0b48be009 Thanks Jin Yao

7 years, 3 months

2
4
0 0

[PATCH v3] modules_install: make missing $DEPMOD a warning instead of an error

by Randy Dunlap

From: Randy Dunlap <rdunlap(a)infradead.org> When $DEPMOD is not found, only print a warning instead of exiting with an error message and error status. Warning: 'make modules_install' requires /sbin/depmod. Please install it. This is probably in the kmod package. Signed-off-by: Randy Dunlap <rdunlap(a)infradead.org> Fixes: 934193a654c1 ("kbuild: verify that $DEPMOD is installed") Cc: stable(a)vger.kernel.org Cc: Lucas De Marchi <lucas.demarchi(a)profusion.mobi> Cc: Lucas De Marchi <lucas.de.marchi(a)gmail.com> Cc: Michal Marek <michal.lkml(a)markovi.net> Cc: Jessica Yu <jeyu(a)kernel.org> Cc: Chih-Wei Huang <cwhuang(a)linux.org.tw> Cc: H. Nikolaus Schaller <hns(a)goldelico.com> --- v2: add missing "exit 0" and update the commit message (no Error). v3: add Fixes: and Cc: stable scripts/depmod.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- lnx-418.orig/scripts/depmod.sh +++ lnx-418/scripts/depmod.sh @@ -15,9 +15,9 @@ if ! test -r System.map ; then fi if [ -z $(command -v $DEPMOD) ]; then - echo "'make modules_install' requires $DEPMOD. Please install it." >&2 + echo "Warning: 'make modules_install' requires $DEPMOD. Please install it." >&2 echo "This is probably in the kmod package." >&2 - exit 1 + exit 0 fi # older versions of depmod require the version string to start with three

7 years, 3 months

3
4
0 0

+ uapi-linux-keyctlh-dont-use-c-reserved-keyword-as-a-struct-member-name.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: uapi/linux/keyctl.h: don't use C++ reserved keyword as a struct member name has been added to the -mm tree. Its filename is uapi-linux-keyctlh-dont-use-c-reserved-keyword-as-a-struct-member-name.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/uapi-linux-keyctlh-dont-use-c-rese… and later at http://ozlabs.org/~akpm/mmotm/broken-out/uapi-linux-keyctlh-dont-use-c-rese… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Randy Dunlap <rdunlap(a)infradead.org> Subject: uapi/linux/keyctl.h: don't use C++ reserved keyword as a struct member name Since this header is in "include/uapi/linux/", apparently people want to use it in userspace programs -- even in C++ ones. However, the header uses a C++ reserved keyword ("private"), so change that to "dh_private" instead to allow the header file to be used in C++ userspace. Fixes https://bugzilla.kernel.org/show_bug.cgi?id=191051 Link: http://lkml.kernel.org/r/0db6c314-1ef4-9bfa-1baa-7214dd2ee061@infradead.org Fixes: ddbb41148724 ("KEYS: Add KEYCTL_DH_COMPUTE command") Signed-off-by: Randy Dunlap <rdunlap(a)infradead.org> Reviewed-by: Andrew Morton <akpm(a)linux-foundation.org> Cc: David Howells <dhowells(a)redhat.com> Cc: James Morris <jmorris(a)namei.org> Cc: "Serge E. Hallyn" <serge(a)hallyn.com> Cc: Mat Martineau <mathew.j.martineau(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/uapi/linux/keyctl.h | 2 +- security/keys/dh.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) --- a/include/uapi/linux/keyctl.h~uapi-linux-keyctlh-dont-use-c-reserved-keyword-as-a-struct-member-name +++ a/include/uapi/linux/keyctl.h @@ -65,7 +65,7 @@ /* keyctl structures */ struct keyctl_dh_params { - __s32 private; + __s32 dh_private; __s32 prime; __s32 base; }; --- a/security/keys/dh.c~uapi-linux-keyctlh-dont-use-c-reserved-keyword-as-a-struct-member-name +++ a/security/keys/dh.c @@ -300,7 +300,7 @@ long __keyctl_dh_compute(struct keyctl_d } dh_inputs.g_size = dlen; - dlen = dh_data_from_key(pcopy.private, &dh_inputs.key); + dlen = dh_data_from_key(pcopy.dh_private, &dh_inputs.key); if (dlen < 0) { ret = dlen; goto out2; _ Patches currently in -mm which might be from rdunlap(a)infradead.org are uapi-linux-keyctlh-dont-use-c-reserved-keyword-as-a-struct-member-name.patch

7 years, 3 months

1
0
0 0

+ memory_hotplug-fix-kernel_panic-on-offline-page-processing.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: memory_hotplug: fix kernel_panic on offline page processing has been added to the -mm tree. Its filename is memory_hotplug-fix-kernel_panic-on-offline-page-processing.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/memory_hotplug-fix-kernel_panic-on… and later at http://ozlabs.org/~akpm/mmotm/broken-out/memory_hotplug-fix-kernel_panic-on… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Mikhail Zaslonko <zaslonko(a)linux.ibm.com> Subject: memory_hotplug: fix kernel_panic on offline page processing Within show_valid_zones() the function test_pages_in_a_zone() should be called for online memory blocks only. Otherwise it might lead to the VM_BUG_ON due to uninitialized struct pages (when CONFIG_DEBUG_VM_PGFLAGS kernel option is set): page dumped because: VM_BUG_ON_PAGE(PagePoisoned(p)) ------------[ cut here ]------------ Call Trace: ([<000000000038f91e>] test_pages_in_a_zone+0xe6/0x168) [<0000000000923472>] show_valid_zones+0x5a/0x1a8 [<0000000000900284>] dev_attr_show+0x3c/0x78 [<000000000046f6f0>] sysfs_kf_seq_show+0xd0/0x150 [<00000000003ef662>] seq_read+0x212/0x4b8 [<00000000003bf202>] __vfs_read+0x3a/0x178 [<00000000003bf3ca>] vfs_read+0x8a/0x148 [<00000000003bfa3a>] ksys_read+0x62/0xb8 [<0000000000bc2220>] system_call+0xdc/0x2d8 That VM_BUG_ON was triggered by the page poisoning introduced in mm/sparse.c with the git commit d0dc12e86b31 ("mm/memory_hotplug: optimize memory hotplug") With the same commit the new 'nid' field has been added to the struct memory_block in order to store and later on derive the node id for offline pages (instead of accessing struct page which might be uninitialized). But one reference to nid in show_valid_zones() function has been overlooked. Fixed with current commit. Also, nr_pages will not be used any more after test_pages_in_a_zone() call, do not update it. Link: http://lkml.kernel.org/r/20180828090539.41491-1-zaslonko@linux.ibm.com Fixes: d0dc12e86b31 ("mm/memory_hotplug: optimize memory hotplug") Signed-off-by: Mikhail Zaslonko <zaslonko(a)linux.ibm.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Reviewed-by: Pavel Tatashin <pavel.tatashin(a)microsoft.com> Cc: <stable(a)vger.kernel.org> [4.17+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- drivers/base/memory.c | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) --- a/drivers/base/memory.c~memory_hotplug-fix-kernel_panic-on-offline-page-processing +++ a/drivers/base/memory.c @@ -417,25 +417,23 @@ static ssize_t show_valid_zones(struct d int nid; /* - * The block contains more than one zone can not be offlined. - * This can happen e.g. for ZONE_DMA and ZONE_DMA32 - */ - if (!test_pages_in_a_zone(start_pfn, start_pfn + nr_pages, &valid_start_pfn, &valid_end_pfn)) - return sprintf(buf, "none\n"); - - start_pfn = valid_start_pfn; - nr_pages = valid_end_pfn - start_pfn; - - /* * Check the existing zone. Make sure that we do that only on the * online nodes otherwise the page_zone is not reliable */ if (mem->state == MEM_ONLINE) { + /* + * The block contains more than one zone can not be offlined. + * This can happen e.g. for ZONE_DMA and ZONE_DMA32 + */ + if (!test_pages_in_a_zone(start_pfn, start_pfn + nr_pages, + &valid_start_pfn, &valid_end_pfn)) + return sprintf(buf, "none\n"); + start_pfn = valid_start_pfn; strcat(buf, page_zone(pfn_to_page(start_pfn))->name); goto out; } - nid = pfn_to_nid(start_pfn); + nid = mem->nid; default_zone = zone_for_pfn_range(MMOP_ONLINE_KEEP, nid, start_pfn, nr_pages); strcat(buf, default_zone->name); _ Patches currently in -mm which might be from zaslonko(a)linux.ibm.com are memory_hotplug-fix-kernel_panic-on-offline-page-processing.patch

7 years, 3 months

1
0
0 0

[PATCH] x86/irqflags: mark native_restore_fl extern inline

by Nick Desaulniers

Fixes commit 208cbb325589 ("x86/irqflags: Provide a declaration for native_save_fl") This should have been marked extern inline in order to pick up the out of line definition in arch/x86/kernel/irqflags.S. Cc: stable(a)vger.kernel.org # 4.18, 4.14, 4.9, 4.4 Reported-by: Ben Hutchings <ben.hutchings(a)codethink.co.uk> Signed-off-by: Nick Desaulniers <ndesaulniers(a)google.com> --- arch/x86/include/asm/irqflags.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/irqflags.h b/arch/x86/include/asm/irqflags.h index c14f2a74b2be..15450a675031 100644 --- a/arch/x86/include/asm/irqflags.h +++ b/arch/x86/include/asm/irqflags.h @@ -33,7 +33,8 @@ extern inline unsigned long native_save_fl(void) return flags; } -static inline void native_restore_fl(unsigned long flags) +extern inline void native_restore_fl(unsigned long flags); +extern inline void native_restore_fl(unsigned long flags) { asm volatile("push %0 ; popf" : /* no output */ -- 2.19.0.rc0.228.g281dcd1b4d0-goog

7 years, 3 months

3
5
0 0

[PATCH v2 3/3] x86/kvm: use __decrypted attribute when declaring shared variables

by Brijesh Singh

The following commit: 368a540e0232 (x86/kvmclock: Remove memblock dependency) caused SEV guest regression. When SEV is active, we map the shared variables (wall_clock and hv_clock_boot) with C=0 to ensure that both the guest and the hypervisor is able to access the data. To map the variables we use kernel_physical_mapping_init() to split the large pages, but this routine fails to allocate a new page. Before the above commit, kvmclock initialization was called after memory allocator was available but now its called very early in the boot process. Recently we added a special .data..decrypted section to hold the shared variables. This section is mapped with C=0 very early. Use __decrypted attribute to put the wall_clock and hv_clock_boot in .data..decrypted section so that they are mapped with C=0. Signed-off-by: Brijesh Singh <brijesh.singh(a)amd.com> Fixes: 368a540e0232 ("x86/kvmclock: Remove memblock dependency") Cc: stable(a)vger.kernel.org Cc: Tom Lendacky <thomas.lendacky(a)amd.com> Cc: kvm(a)vger.kernel.org Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Borislav Petkov <bp(a)suse.de> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: linux-kernel(a)vger.kernel.org Cc: Paolo Bonzini <pbonzini(a)redhat.com> Cc: Sean Christopherson <sean.j.christopherson(a)intel.com> Cc: kvm(a)vger.kernel.org Cc: "Radim Krčmář" <rkrcmar(a)redhat.com> --- arch/x86/kernel/kvmclock.c | 30 +++++++++++++++++++++++++----- 1 file changed, 25 insertions(+), 5 deletions(-) diff --git a/arch/x86/kernel/kvmclock.c b/arch/x86/kernel/kvmclock.c index 1e67646..08f5f8a 100644 --- a/arch/x86/kernel/kvmclock.c +++ b/arch/x86/kernel/kvmclock.c @@ -28,6 +28,7 @@ #include <linux/sched/clock.h> #include <linux/mm.h> #include <linux/slab.h> +#include <linux/set_memory.h> #include <asm/hypervisor.h> #include <asm/mem_encrypt.h> @@ -61,8 +62,8 @@ early_param("no-kvmclock-vsyscall", parse_no_kvmclock_vsyscall); (PAGE_SIZE / sizeof(struct pvclock_vsyscall_time_info)) static struct pvclock_vsyscall_time_info - hv_clock_boot[HVC_BOOT_ARRAY_SIZE] __aligned(PAGE_SIZE); -static struct pvclock_wall_clock wall_clock; + hv_clock_boot[HVC_BOOT_ARRAY_SIZE] __decrypted __aligned(PAGE_SIZE); +static struct pvclock_wall_clock wall_clock __decrypted; static DEFINE_PER_CPU(struct pvclock_vsyscall_time_info *, hv_clock_per_cpu); static inline struct pvclock_vcpu_time_info *this_cpu_pvti(void) @@ -267,10 +268,29 @@ static int kvmclock_setup_percpu(unsigned int cpu) return 0; /* Use the static page for the first CPUs, allocate otherwise */ - if (cpu < HVC_BOOT_ARRAY_SIZE) + if (cpu < HVC_BOOT_ARRAY_SIZE) { p = &hv_clock_boot[cpu]; - else - p = kzalloc(sizeof(*p), GFP_KERNEL); + } else { + int rc; + unsigned int sz = sizeof(*p); + + if (sev_active()) + sz = PAGE_ALIGN(sz); + + p = kzalloc(sz, GFP_KERNEL); + + /* + * The physical address of per-cpu variable will be shared with + * the hypervisor. Let's clear the C-bit before we assign the + * memory to per_cpu variable. + */ + if (p && sev_active()) { + rc = set_memory_decrypted((unsigned long)p, sz >> PAGE_SHIFT); + if (rc) + return rc; + memset(p, 0, sz); + } + } per_cpu(hv_clock_per_cpu, cpu) = p; return p ? 0 : -ENOMEM; -- 2.7.4

7 years, 3 months

1
0
0 0

CAN I TRUST YOU?

by Ms CHIANG Lai Yuen JP

I have a business proposal for you

7 years, 3 months

1
0
0 0

[PATCH -next] spi: Fix double IDR allocation with DT aliases

by Geert Uytterhoeven

If the SPI bus number is provided by a DT alias, idr_alloc() is called twice, leading to: WARNING: CPU: 1 PID: 1 at drivers/spi/spi.c:2179 spi_register_controller+0x11c/0x5d8 couldn't get idr Fix this by moving the handling of fixed SPI bus numbers up, before the DT handling code fills in ctlr->bus_num. Fixes: 1a4327fbf4554d5b ("spi: fix IDR collision on systems with both fixed and dynamic SPI bus numbers") Signed-off-by: Geert Uytterhoeven <geert+renesas(a)glider.be> --- Seen on e.g. r8a7791/koelsch, breaking both RSPI and MSIOF. --- drivers/spi/spi.c | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/drivers/spi/spi.c b/drivers/spi/spi.c index a00d006d4c3a1c5a..9da0bc5a036cfff6 100644 --- a/drivers/spi/spi.c +++ b/drivers/spi/spi.c @@ -2143,8 +2143,17 @@ int spi_register_controller(struct spi_controller *ctlr) */ if (ctlr->num_chipselect == 0) return -EINVAL; - /* allocate dynamic bus number using Linux idr */ - if ((ctlr->bus_num < 0) && ctlr->dev.of_node) { + if (ctlr->bus_num >= 0) { + /* devices with a fixed bus num must check-in with the num */ + mutex_lock(&board_lock); + id = idr_alloc(&spi_master_idr, ctlr, ctlr->bus_num, + ctlr->bus_num + 1, GFP_KERNEL); + mutex_unlock(&board_lock); + if (WARN(id < 0, "couldn't get idr")) + return id == -ENOSPC ? -EBUSY : id; + ctlr->bus_num = id; + } else if (ctlr->dev.of_node) { + /* allocate dynamic bus number using Linux idr */ id = of_alias_get_id(ctlr->dev.of_node, "spi"); if (id >= 0) { ctlr->bus_num = id; @@ -2170,15 +2179,6 @@ int spi_register_controller(struct spi_controller *ctlr) if (WARN(id < 0, "couldn't get idr")) return id; ctlr->bus_num = id; - } else { - /* devices with a fixed bus num must check-in with the num */ - mutex_lock(&board_lock); - id = idr_alloc(&spi_master_idr, ctlr, ctlr->bus_num, - ctlr->bus_num + 1, GFP_KERNEL); - mutex_unlock(&board_lock); - if (WARN(id < 0, "couldn't get idr")) - return id == -ENOSPC ? -EBUSY : id; - ctlr->bus_num = id; } INIT_LIST_HEAD(&ctlr->queue); spin_lock_init(&ctlr->queue_lock); -- 2.17.1

7 years, 3 months

6
6
0 0

Applied "spi: spi-fsl-dspi: fix broken DSPI_EOQ_MODE" to the spi tree

by Mark Brown

The patch spi: spi-fsl-dspi: fix broken DSPI_EOQ_MODE has been applied to the spi tree at https://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi.git All being well this means that it will be integrated into the linux-next tree (usually sometime in the next 24 hours) and sent to Linus during the next merge window (or sooner if it is a bug fix), however if problems are discovered then the patch may be dropped or reverted. You may get further e-mails resulting from automated or manual testing and review of the tree, please engage with people reporting problems and send followup patches addressing any issues that are reported if needed. If any updates are required or you are submitting further changes they should be sent as incremental updates against current git, existing patches will not be replaced. Please add any relevant lists and maintainers to the CCs when replying to this mail. Thanks, Mark >From 5223c9c1cbfc0cd4d0a1b50758e0949af3290fa1 Mon Sep 17 00:00:00 2001 From: Angelo Dureghello <angelo(a)sysam.it> Date: Sat, 18 Aug 2018 01:51:58 +0200 Subject: [PATCH] spi: spi-fsl-dspi: fix broken DSPI_EOQ_MODE This patch fixes the dspi_eoq_write function used by the ColdFire mcf5441x family. The 16 bit cmd part must be re-set at each data transfer. Also, now that fifo_size variables are used for eoq_read/write, a proper fifo size must be set (16 slots for the ColdFire dspi module version). Signed-off-by: Angelo Dureghello <angelo(a)sysam.it> Acked-by: Esben Haabendal <esben(a)haabendal.dk> Signed-off-by: Mark Brown <broonie(a)kernel.org> Cc: stable(a)vger.kernel.org --- drivers/spi/spi-fsl-dspi.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/spi/spi-fsl-dspi.c b/drivers/spi/spi-fsl-dspi.c index 7cb3ab0a35a0..3082e72e4f6c 100644 --- a/drivers/spi/spi-fsl-dspi.c +++ b/drivers/spi/spi-fsl-dspi.c @@ -30,7 +30,11 @@ #define DRIVER_NAME "fsl-dspi" +#ifdef CONFIG_M5441x +#define DSPI_FIFO_SIZE 16 +#else #define DSPI_FIFO_SIZE 4 +#endif #define DSPI_DMA_BUFSIZE (DSPI_FIFO_SIZE * 1024) #define SPI_MCR 0x00 @@ -623,9 +627,11 @@ static void dspi_tcfq_read(struct fsl_dspi *dspi) static void dspi_eoq_write(struct fsl_dspi *dspi) { int fifo_size = DSPI_FIFO_SIZE; + u16 xfer_cmd = dspi->tx_cmd; /* Fill TX FIFO with as many transfers as possible */ while (dspi->len && fifo_size--) { + dspi->tx_cmd = xfer_cmd; /* Request EOQF for last transfer in FIFO */ if (dspi->len == dspi->bytes_per_word || fifo_size == 0) dspi->tx_cmd |= SPI_PUSHR_CMD_EOQ; -- 2.18.0

7 years, 3 months

1
0
0 0

Applied "ASoC: rt5682: Change DAC/ADC volume scale" to the asoc tree

by Mark Brown

The patch ASoC: rt5682: Change DAC/ADC volume scale has been applied to the asoc tree at https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound.git All being well this means that it will be integrated into the linux-next tree (usually sometime in the next 24 hours) and sent to Linus during the next merge window (or sooner if it is a bug fix), however if problems are discovered then the patch may be dropped or reverted. You may get further e-mails resulting from automated or manual testing and review of the tree, please engage with people reporting problems and send followup patches addressing any issues that are reported if needed. If any updates are required or you are submitting further changes they should be sent as incremental updates against current git, existing patches will not be replaced. Please add any relevant lists and maintainers to the CCs when replying to this mail. Thanks, Mark >From 7509487785d7a2bf3606cf26710f0ca29e9ca94d Mon Sep 17 00:00:00 2001 From: Shuming Fan <shumingf(a)realtek.com> Date: Fri, 24 Aug 2018 10:52:19 +0800 Subject: [PATCH] ASoC: rt5682: Change DAC/ADC volume scale The step of DAC/ADC volume scale changes from 0.375dB to 0.75dB Signed-off-by: Shuming Fan <shumingf(a)realtek.com> Signed-off-by: Mark Brown <broonie(a)kernel.org> Cc: stable(a)vger.kernel.org --- sound/soc/codecs/rt5682.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/sound/soc/codecs/rt5682.c b/sound/soc/codecs/rt5682.c index 640d400ca013..afe7d5b19313 100644 --- a/sound/soc/codecs/rt5682.c +++ b/sound/soc/codecs/rt5682.c @@ -750,8 +750,8 @@ static bool rt5682_readable_register(struct device *dev, unsigned int reg) } static const DECLARE_TLV_DB_SCALE(hp_vol_tlv, -2250, 150, 0); -static const DECLARE_TLV_DB_SCALE(dac_vol_tlv, -65625, 375, 0); -static const DECLARE_TLV_DB_SCALE(adc_vol_tlv, -17625, 375, 0); +static const DECLARE_TLV_DB_SCALE(dac_vol_tlv, -6525, 75, 0); +static const DECLARE_TLV_DB_SCALE(adc_vol_tlv, -1725, 75, 0); static const DECLARE_TLV_DB_SCALE(adc_bst_tlv, 0, 1200, 0); /* {0, +20, +24, +30, +35, +40, +44, +50, +52} dB */ @@ -1114,7 +1114,7 @@ static const struct snd_kcontrol_new rt5682_snd_controls[] = { /* DAC Digital Volume */ SOC_DOUBLE_TLV("DAC1 Playback Volume", RT5682_DAC1_DIG_VOL, - RT5682_L_VOL_SFT, RT5682_R_VOL_SFT, 175, 0, dac_vol_tlv), + RT5682_L_VOL_SFT + 1, RT5682_R_VOL_SFT + 1, 86, 0, dac_vol_tlv), /* IN Boost Volume */ SOC_SINGLE_TLV("CBJ Boost Volume", RT5682_CBJ_BST_CTRL, @@ -1124,7 +1124,7 @@ static const struct snd_kcontrol_new rt5682_snd_controls[] = { SOC_DOUBLE("STO1 ADC Capture Switch", RT5682_STO1_ADC_DIG_VOL, RT5682_L_MUTE_SFT, RT5682_R_MUTE_SFT, 1, 1), SOC_DOUBLE_TLV("STO1 ADC Capture Volume", RT5682_STO1_ADC_DIG_VOL, - RT5682_L_VOL_SFT, RT5682_R_VOL_SFT, 127, 0, adc_vol_tlv), + RT5682_L_VOL_SFT + 1, RT5682_R_VOL_SFT + 1, 63, 0, adc_vol_tlv), /* ADC Boost Volume Control */ SOC_DOUBLE_TLV("STO1 ADC Boost Gain Volume", RT5682_STO1_ADC_BOOST, -- 2.18.0

7 years, 3 months

1
0
0 0

[PATCH] drm/amdgpu: add missing CHIP_HAINAN in amdgpu_ucode_get_load_type

by Alex Deucher

This caused a confusing error message, but there is functionally no problem since the default method is DIRECT. Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.c index b419d6e33b3a..a942fd28dae8 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.c @@ -277,6 +277,7 @@ amdgpu_ucode_get_load_type(struct amdgpu_device *adev, int load_type) case CHIP_PITCAIRN: case CHIP_VERDE: case CHIP_OLAND: + case CHIP_HAINAN: return AMDGPU_FW_LOAD_DIRECT; #endif #ifdef CONFIG_DRM_AMDGPU_CIK -- 2.13.6

7 years, 3 months

1
0
0 0

Managed Service Providers (MSSPs)

by stella.colvin＠callflexnet.com

Hi, I just wanted to check if you would be interested in a list of Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs)? We also have the data intelligence of: • Managed Service Providers (MSP’s) • Managed Security Service Providers (MSSP’s) • IT Decision Makers – 6million across all industry • Business Decision Makers – 10 million across all industry • Value Added Resellers- VARs • Independent Software Vendors- ISVs • System Integrators- SIs • VoIP Service Providers. • Telecommunications Service Providers (TSPs) • Application Service Providers (ASPs) • IT Managed Services Providers (ITMSP) • Storage Service Providers (SSPs) Kindly review and let me know if I can share more information on this. I look forward to hearing from you. Regards, Stella Marketing Specialist If you don't want to include yourself in our mailing list, please reply back “Leave Out" in a subject line

7 years, 3 months

1
0
0 0

[PATCH 1/2] x86/mm: add .data..decrypted section to hold shared variables

by Brijesh Singh

kvmclock defines few static variables which are shared with hypervisor during the kvmclock initialization. When SEV is active, memory is encrypted with a guest-specific key, and if guest OS wants to share the memory region with hypervisor then it must clear the C-bit before sharing it. The '__decrypted' can be used to define a shared variables; the variables will be put in the .data.decryption section. This section is mapped with C=0 early in the boot, we also ensure that the initialized values are updated to match with C=0 (i.e peform an in-place decryption). The .data..decrypted section is PMD aligned and sized so that we avoid the need for spliting the pages when map with C=0. Signed-off-by: Brijesh Singh <brijesh.singh(a)amd.com> Fixes: 368a540e0232 ("x86/kvmclock: Remove memblock dependency") Cc: stable(a)vger.kernel.org Cc: Tom Lendacky <thomas.lendacky(a)amd.com> Cc: kvm(a)vger.kernel.org Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Borislav Petkov <bp(a)suse.de> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: linux-kernel(a)vger.kernel.org Cc: Paolo Bonzini <pbonzini(a)redhat.com> Cc: Sean Christopherson <sean.j.christopherson(a)intel.com> Cc: "Radim Krčmář" <rkrcmar(a)redhat.com> --- arch/x86/include/asm/mem_encrypt.h | 4 + arch/x86/kernel/head64.c | 12 ++ arch/x86/kernel/vmlinux.lds.S | 18 +++ arch/x86/mm/mem_encrypt_identity.c | 220 +++++++++++++++++++++++++++---------- 4 files changed, 197 insertions(+), 57 deletions(-) diff --git a/arch/x86/include/asm/mem_encrypt.h b/arch/x86/include/asm/mem_encrypt.h index c064383..3f7d9d3 100644 --- a/arch/x86/include/asm/mem_encrypt.h +++ b/arch/x86/include/asm/mem_encrypt.h @@ -52,6 +52,8 @@ void __init mem_encrypt_init(void); bool sme_active(void); bool sev_active(void); +#define __decrypted __attribute__((__section__(".data..decrypted"))) + #else /* !CONFIG_AMD_MEM_ENCRYPT */ #define sme_me_mask 0ULL @@ -77,6 +79,8 @@ early_set_memory_decrypted(unsigned long vaddr, unsigned long size) { return 0; static inline int __init early_set_memory_encrypted(unsigned long vaddr, unsigned long size) { return 0; } +#define __decrypted + #endif /* CONFIG_AMD_MEM_ENCRYPT */ /* diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c index 8047379..6a18297 100644 --- a/arch/x86/kernel/head64.c +++ b/arch/x86/kernel/head64.c @@ -43,6 +43,9 @@ extern pmd_t early_dynamic_pgts[EARLY_DYNAMIC_PAGE_TABLES][PTRS_PER_PMD]; static unsigned int __initdata next_early_pgt; pmdval_t early_pmd_flags = __PAGE_KERNEL_LARGE & ~(_PAGE_GLOBAL | _PAGE_NX); +/* To clear memory encryption mask from the decrypted section */ +extern char __start_data_decrypted[], __end_data_decrypted[]; + #ifdef CONFIG_X86_5LEVEL unsigned int __pgtable_l5_enabled __ro_after_init; unsigned int pgdir_shift __ro_after_init = 39; @@ -112,6 +115,7 @@ static bool __head check_la57_support(unsigned long physaddr) unsigned long __head __startup_64(unsigned long physaddr, struct boot_params *bp) { + unsigned long vaddr, vaddr_end; unsigned long load_delta, *p; unsigned long pgtable_flags; pgdval_t *pgd; @@ -234,6 +238,14 @@ unsigned long __head __startup_64(unsigned long physaddr, /* Encrypt the kernel and related (if SME is active) */ sme_encrypt_kernel(bp); + /* Clear the memory encryption mask from the decrypted section */ + vaddr = (unsigned long)__start_data_decrypted; + vaddr_end = (unsigned long)__end_data_decrypted; + for (; vaddr < vaddr_end; vaddr += PMD_SIZE) { + i = pmd_index(vaddr); + pmd[i] -= sme_get_me_mask(); + } + /* * Return the SME encryption mask (if SME is active) to be used as a * modifier for the initial pgdir entry programmed into CR3. diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S index 8bde0a4..511b875 100644 --- a/arch/x86/kernel/vmlinux.lds.S +++ b/arch/x86/kernel/vmlinux.lds.S @@ -89,6 +89,22 @@ PHDRS { note PT_NOTE FLAGS(0); /* ___ */ } +/* + * This section contains data which will be mapped as decrypted. Memory + * encryption operates on a page basis. But we make this section a pmd + * aligned to avoid spliting the pages while mapping the section early. + * + * Note: We use a separate section so that only this section gets + * decrypted to avoid exposing more than we wish. + */ +#define DATA_DECRYPTED_SECTION \ + . = ALIGN(PMD_SIZE); \ + __start_data_decrypted = .; \ + *(.data..decrypted); \ + __end_data_decrypted = .; \ + . = ALIGN(PMD_SIZE); \ + + SECTIONS { #ifdef CONFIG_X86_32 @@ -171,6 +187,8 @@ SECTIONS /* rarely changed data like cpu maps */ READ_MOSTLY_DATA(INTERNODE_CACHE_BYTES) + DATA_DECRYPTED_SECTION + /* End of data section */ _edata = .; } :data diff --git a/arch/x86/mm/mem_encrypt_identity.c b/arch/x86/mm/mem_encrypt_identity.c index 7ae3686..ccf6e2b 100644 --- a/arch/x86/mm/mem_encrypt_identity.c +++ b/arch/x86/mm/mem_encrypt_identity.c @@ -59,6 +59,8 @@ (_PAGE_PAT | _PAGE_PWT)) #define PTE_FLAGS_ENC (PTE_FLAGS | _PAGE_ENC) +#define PTE_FLAGS_ENC_WP ((PTE_FLAGS_ENC & ~_PAGE_CACHE_MASK) | \ + (_PAGE_PAT | _PAGE_PWT)) struct sme_populate_pgd_data { void *pgtable_area; @@ -72,10 +74,28 @@ struct sme_populate_pgd_data { unsigned long vaddr_end; }; +struct sme_workarea_data { + unsigned long kernel_start; + unsigned long kernel_end; + unsigned long kernel_len; + + unsigned long initrd_start; + unsigned long initrd_end; + unsigned long initrd_len; + + unsigned long workarea_start; + unsigned long workarea_end; + unsigned long workarea_len; + + unsigned long decrypted_base; +}; + static char sme_cmdline_arg[] __initdata = "mem_encrypt"; static char sme_cmdline_on[] __initdata = "on"; static char sme_cmdline_off[] __initdata = "off"; +extern char __start_data_decrypted[], __end_data_decrypted[]; + static void __init sme_clear_pgd(struct sme_populate_pgd_data *ppd) { unsigned long pgd_start, pgd_end, pgd_size; @@ -219,6 +239,11 @@ static void __init sme_map_range_encrypted(struct sme_populate_pgd_data *ppd) __sme_map_range(ppd, PMD_FLAGS_ENC, PTE_FLAGS_ENC); } +static void __init sme_map_range_encrypted_wp(struct sme_populate_pgd_data *ppd) +{ + __sme_map_range(ppd, PMD_FLAGS_ENC, PTE_FLAGS_ENC_WP); +} + static void __init sme_map_range_decrypted(struct sme_populate_pgd_data *ppd) { __sme_map_range(ppd, PMD_FLAGS_DEC, PTE_FLAGS_DEC); @@ -266,19 +291,17 @@ static unsigned long __init sme_pgtable_calc(unsigned long len) return entries + tables; } -void __init sme_encrypt_kernel(struct boot_params *bp) +static void __init build_workarea_map(struct boot_params *bp, + struct sme_workarea_data *wa, + struct sme_populate_pgd_data *ppd) { unsigned long workarea_start, workarea_end, workarea_len; unsigned long execute_start, execute_end, execute_len; unsigned long kernel_start, kernel_end, kernel_len; unsigned long initrd_start, initrd_end, initrd_len; - struct sme_populate_pgd_data ppd; unsigned long pgtable_area_len; unsigned long decrypted_base; - if (!sme_active()) - return; - /* * Prepare for encrypting the kernel and initrd by building new * pagetables with the necessary attributes needed to encrypt the @@ -358,17 +381,17 @@ void __init sme_encrypt_kernel(struct boot_params *bp) * pagetables and when the new encrypted and decrypted kernel * mappings are populated. */ - ppd.pgtable_area = (void *)execute_end; + ppd->pgtable_area = (void *)execute_end; /* * Make sure the current pagetable structure has entries for * addressing the workarea. */ - ppd.pgd = (pgd_t *)native_read_cr3_pa(); - ppd.paddr = workarea_start; - ppd.vaddr = workarea_start; - ppd.vaddr_end = workarea_end; - sme_map_range_decrypted(&ppd); + ppd->pgd = (pgd_t *)native_read_cr3_pa(); + ppd->paddr = workarea_start; + ppd->vaddr = workarea_start; + ppd->vaddr_end = workarea_end; + sme_map_range_decrypted(ppd); /* Flush the TLB - no globals so cr3 is enough */ native_write_cr3(__native_read_cr3()); @@ -379,9 +402,9 @@ void __init sme_encrypt_kernel(struct boot_params *bp) * then be populated with new PUDs and PMDs as the encrypted and * decrypted kernel mappings are created. */ - ppd.pgd = ppd.pgtable_area; - memset(ppd.pgd, 0, sizeof(pgd_t) * PTRS_PER_PGD); - ppd.pgtable_area += sizeof(pgd_t) * PTRS_PER_PGD; + ppd->pgd = ppd->pgtable_area; + memset(ppd->pgd, 0, sizeof(pgd_t) * PTRS_PER_PGD); + ppd->pgtable_area += sizeof(pgd_t) * PTRS_PER_PGD; /* * A different PGD index/entry must be used to get different @@ -399,75 +422,158 @@ void __init sme_encrypt_kernel(struct boot_params *bp) decrypted_base <<= PGDIR_SHIFT; /* Add encrypted kernel (identity) mappings */ - ppd.paddr = kernel_start; - ppd.vaddr = kernel_start; - ppd.vaddr_end = kernel_end; - sme_map_range_encrypted(&ppd); + ppd->paddr = kernel_start; + ppd->vaddr = kernel_start; + ppd->vaddr_end = kernel_end; + sme_map_range_encrypted(ppd); /* Add decrypted, write-protected kernel (non-identity) mappings */ - ppd.paddr = kernel_start; - ppd.vaddr = kernel_start + decrypted_base; - ppd.vaddr_end = kernel_end + decrypted_base; - sme_map_range_decrypted_wp(&ppd); + ppd->paddr = kernel_start; + ppd->vaddr = kernel_start + decrypted_base; + ppd->vaddr_end = kernel_end + decrypted_base; + sme_map_range_decrypted_wp(ppd); if (initrd_len) { /* Add encrypted initrd (identity) mappings */ - ppd.paddr = initrd_start; - ppd.vaddr = initrd_start; - ppd.vaddr_end = initrd_end; - sme_map_range_encrypted(&ppd); + ppd->paddr = initrd_start; + ppd->vaddr = initrd_start; + ppd->vaddr_end = initrd_end; + sme_map_range_encrypted(ppd); /* * Add decrypted, write-protected initrd (non-identity) mappings */ - ppd.paddr = initrd_start; - ppd.vaddr = initrd_start + decrypted_base; - ppd.vaddr_end = initrd_end + decrypted_base; - sme_map_range_decrypted_wp(&ppd); + ppd->paddr = initrd_start; + ppd->vaddr = initrd_start + decrypted_base; + ppd->vaddr_end = initrd_end + decrypted_base; + sme_map_range_decrypted_wp(ppd); } - /* Add decrypted workarea mappings to both kernel mappings */ - ppd.paddr = workarea_start; - ppd.vaddr = workarea_start; - ppd.vaddr_end = workarea_end; - sme_map_range_decrypted(&ppd); + /* + * When SEV is active, kernel is already encrypted hence mapping + * the initial workarea_start as encrypted. When SME is active, + * the kernel is not encrypted hence add a decrypted workarea + * mappings to both kernel mappings + */ + ppd->paddr = workarea_start; + ppd->vaddr = workarea_start; + ppd->vaddr_end = workarea_end; + if (sev_active()) + sme_map_range_encrypted(ppd); + else + sme_map_range_decrypted(ppd); + + ppd->paddr = workarea_start; + ppd->vaddr = workarea_start + decrypted_base; + ppd->vaddr_end = workarea_end + decrypted_base; + sme_map_range_decrypted(ppd); - ppd.paddr = workarea_start; - ppd.vaddr = workarea_start + decrypted_base; - ppd.vaddr_end = workarea_end + decrypted_base; - sme_map_range_decrypted(&ppd); + wa->kernel_start = kernel_start; + wa->kernel_end = kernel_end; + wa->kernel_len = kernel_len; - /* Perform the encryption */ - sme_encrypt_execute(kernel_start, kernel_start + decrypted_base, - kernel_len, workarea_start, (unsigned long)ppd.pgd); + wa->initrd_start = initrd_start; + wa->initrd_end = initrd_end; + wa->initrd_len = initrd_len; - if (initrd_len) - sme_encrypt_execute(initrd_start, initrd_start + decrypted_base, - initrd_len, workarea_start, - (unsigned long)ppd.pgd); + wa->workarea_start = workarea_start; + wa->workarea_end = workarea_end; + wa->workarea_len = workarea_len; + wa->decrypted_base = decrypted_base; +} + +static void __init remove_workarea_map(struct sme_workarea_data *wa, + struct sme_populate_pgd_data *ppd) +{ /* * At this point we are running encrypted. Remove the mappings for * the decrypted areas - all that is needed for this is to remove * the PGD entry/entries. */ - ppd.vaddr = kernel_start + decrypted_base; - ppd.vaddr_end = kernel_end + decrypted_base; - sme_clear_pgd(&ppd); - - if (initrd_len) { - ppd.vaddr = initrd_start + decrypted_base; - ppd.vaddr_end = initrd_end + decrypted_base; - sme_clear_pgd(&ppd); + ppd->vaddr = wa->kernel_start + wa->decrypted_base; + ppd->vaddr_end = wa->kernel_end + wa->decrypted_base; + sme_clear_pgd(ppd); + + if (wa->initrd_len) { + ppd->vaddr = wa->initrd_start + wa->decrypted_base; + ppd->vaddr_end = wa->initrd_end + wa->decrypted_base; + sme_clear_pgd(ppd); } - ppd.vaddr = workarea_start + decrypted_base; - ppd.vaddr_end = workarea_end + decrypted_base; - sme_clear_pgd(&ppd); + ppd->vaddr = wa->workarea_start + wa->decrypted_base; + ppd->vaddr_end = wa->workarea_end + wa->decrypted_base; + sme_clear_pgd(ppd); /* Flush the TLB - no globals so cr3 is enough */ native_write_cr3(__native_read_cr3()); } +static void __init decrypt_data_decrypted_section(struct sme_workarea_data *wa, + struct sme_populate_pgd_data *ppd) +{ + unsigned long decrypted_start, decrypted_end, decrypted_len; + + /* Physical addresses of decrypted data section */ + decrypted_start = __pa_symbol(__start_data_decrypted); + decrypted_end = __pa_symbol(__end_data_decrypted); + decrypted_len = decrypted_end - decrypted_start; + + if (!decrypted_len) + return; + + /* Add decrypted mapping for the section (identity) */ + ppd->paddr = decrypted_start; + ppd->vaddr = decrypted_start; + ppd->vaddr_end = decrypted_end; + sme_map_range_decrypted(ppd); + + /* Add encrypted-wp mapping for the section (non-identity) */ + ppd->paddr = decrypted_start; + ppd->vaddr = decrypted_start + wa->decrypted_base; + ppd->vaddr_end = decrypted_end + wa->decrypted_base; + sme_map_range_encrypted_wp(ppd); + + /* Perform in-place decryption */ + sme_encrypt_execute(decrypted_start + wa->decrypted_base, + decrypted_start, + decrypted_len, wa->workarea_start, + (unsigned long)ppd->pgd); + + ppd->vaddr = decrypted_start + wa->decrypted_base; + ppd->vaddr_end = decrypted_end + wa->decrypted_base; + sme_clear_pgd(ppd); +} + +void __init sme_encrypt_kernel(struct boot_params *bp) +{ + struct sme_populate_pgd_data ppd; + struct sme_workarea_data wa; + + if (!mem_encrypt_active()) + return; + + build_workarea_map(bp, &wa, &ppd); + + /* When SEV is active, encrypt kernel and initrd */ + if (sme_active()) { + sme_encrypt_execute(wa.kernel_start, + wa.kernel_start + wa.decrypted_base, + wa.kernel_len, wa.workarea_start, + (unsigned long)ppd.pgd); + + if (wa.initrd_len) + sme_encrypt_execute(wa.initrd_start, + wa.initrd_start + wa.decrypted_base, + wa.initrd_len, wa.workarea_start, + (unsigned long)ppd.pgd); + } + + /* Decrypt the contents of .data..decrypted section */ + decrypt_data_decrypted_section(&wa, &ppd); + + remove_workarea_map(&wa, &ppd); +} + void __init sme_enable(struct boot_params *bp) { const char *cmdline_ptr, *cmdline_arg, *cmdline_on, *cmdline_off; -- 2.7.4

7 years, 3 months

2
2
0 0

[PATCH v2] mtd: spi-nor: fsl-quadspi: fix read error for flash size larger than 16MB

by Liu Xiang

If the size of spi-nor flash is larger than 16MB, the read_opcode is set to SPINOR_OP_READ_1_1_4_4B, and fsl_qspi_get_seqid() will return -EINVAL when cmd is SPINOR_OP_READ_1_1_4_4B. This can cause read operation fail. --- v2: add Fixes tag and CC stable suggested by Boris. --- Fixes: e46ecda764dc ("mtd: spi-nor: Add Freescale QuadSPI driver") Cc: <stable(a)vger.kernel.org> Signed-off-by: Liu Xiang <liu.xiang6(a)zte.com.cn> --- drivers/mtd/spi-nor/fsl-quadspi.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/mtd/spi-nor/fsl-quadspi.c b/drivers/mtd/spi-nor/fsl-quadspi.c index 7d9620c..64304a3 100644 --- a/drivers/mtd/spi-nor/fsl-quadspi.c +++ b/drivers/mtd/spi-nor/fsl-quadspi.c @@ -478,6 +478,7 @@ static int fsl_qspi_get_seqid(struct fsl_qspi *q, u8 cmd) { switch (cmd) { case SPINOR_OP_READ_1_1_4: + case SPINOR_OP_READ_1_1_4_4B: return SEQID_READ; case SPINOR_OP_WREN: return SEQID_WREN; -- 1.9.1

7 years, 3 months

3
3
0 0

[GIT PULL] commits for Linux 4.4

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.4 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 7dc18ebc3101229d5238a2dc740804cd4836b383: Linux 4.4.150 (2018-08-18 10:45:38 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.4-14082018 for you to fetch changes up to 99f86ec21034d82ebdcfff3ed4010945e082ca04: mm/memory.c: check return value of ioremap_prot (2018-08-18 10:17:21 -0400) - ---------------------------------------------------------------- for-greg-4.4-14082018 - ---------------------------------------------------------------- Alexander Sverdlin (1): i2c: davinci: Avoid zero value of CLKH Alexey Kodanev (1): dccp: fix undefined behavior with 'cwnd' shift in ccid2_cwnd_restart() Bernd Edlinger (1): nl80211: Add a missing break in parse_station_flags Calvin Walton (1): tools/power turbostat: Read extended processor family from CPUID Colin Ian King (1): drivers: net: lmc: fix case value for target abort error Eric Dumazet (1): xfrm_user: prevent leaking 2 bytes of kernel memory Eugeniu Rosca (1): usb: gadget: f_uac2: fix endianness of 'struct cntrl_*_lay3' Eyal Birger (1): vti6: fix PMTU caching and reporting on xmit Florian Westphal (3): xfrm: free skb if nlsk pointer is NULL netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state atl1c: reserve min skb headroom Govindarajulu Varadarajan (1): enic: handle mtu change for vf properly Guenter Roeck (1): media: staging: omap4iss: Include asm/cacheflush.h after generic includes Jia-Ju Bai (2): usb: gadget: r8a66597: Fix two possible sleep-in-atomic-context bugs in init_controller() usb: gadget: r8a66597: Fix a possible sleep-in-atomic-context bugs in r8a66597_queue() Jim Gill (1): scsi: vmw_pvscsi: Return DID_RESET for status SAM_STAT_COMMAND_TERMINATED Johannes Thumshirn (1): scsi: fcoe: drop frames in ELS LOGO error path Kiran Kumar Modukuri (3): fscache: Allow cancelled operations to be enqueued cachefiles: Fix refcounting bug in backing-file read monitoring cachefiles: Wait rather than BUG'ing on "Unexpected object collision" Len Brown (1): tools/power turbostat: fix -S on UP systems Li Wang (1): zswap: re-check zswap_is_full() after do zswap_shrink() Lucas Stach (2): drm/imx: imx-ldb: disable LDB on driver bind drm/imx: imx-ldb: check if channel is enabled before printing warning Masami Hiramatsu (1): selftests/ftrace: Add snapshot and tracing_on test case Nicholas Mc Guire (2): drm: re-enable error handling can: mpc5xxx_can: check of_iomap return before use Peter Senna Tschudin (1): tools: usb: ffs-test: Fix build on big endian systems RafaÅ‚ MiÅ‚ecki (1): Revert "MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum" Randy Dunlap (4): usb/phy: fix PPC64 build errors in phy-fsl-usb.c net: prevent ISA drivers from building on PPC32 arc: fix build errors in arc/include/asm/delay.h arc: fix type warnings in arc/mm/cache.c Sean Paul (1): drm/bridge: adv7511: Reset registers on hotplug Shubhrajyoti Datta (1): net: axienet: Fix double deregister of mdio Sudarsana Reddy Kalluru (2): qed: Fix possible race for the link state value. bnx2x: Fix invalid memory access in rss hash config path. Tommi Rantala (1): xfrm: fix missing dst_release() after policy blocking lbcast and multicast Varun Prakash (1): scsi: libiscsi: fix possible NULL pointer dereference in case of TMF Willem de Bruijn (1): packet: refine ring v3 block size test to hold one frame YueHaibing (1): net: caif: Add a missing rcu_read_unlock() in caif_flow_cb jie@chenjie6@huwei.com (1): mm/memory.c: check return value of ioremap_prot mpubbise(a)codeaurora.org (1): mac80211: add stations tied to AP_VLANs during hw reconfig arch/arc/include/asm/delay.h | 3 + arch/arc/mm/cache.c | 7 +- arch/mips/bcm47xx/setup.c | 6 -- arch/mips/include/asm/mipsregs.h | 3 - drivers/gpu/drm/drm_context.c | 2 +- drivers/gpu/drm/i2c/adv7511.c | 12 ++++ drivers/gpu/drm/imx/imx-ldb.c | 9 ++- drivers/i2c/busses/i2c-davinci.c | 8 ++- drivers/net/can/mscan/mpc5xxx_can.c | 5 ++ drivers/net/ethernet/3com/Kconfig | 2 +- drivers/net/ethernet/amd/Kconfig | 4 +- drivers/net/ethernet/atheros/atl1c/atl1c_main.c | 1 + .../net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c | 13 +++- drivers/net/ethernet/cirrus/Kconfig | 1 + drivers/net/ethernet/cisco/enic/enic_main.c | 78 ++++++++-------------- drivers/net/ethernet/qlogic/qed/qed_mcp.c | 1 + drivers/net/ethernet/xilinx/xilinx_axienet_mdio.c | 1 + drivers/net/wan/lmc/lmc_main.c | 2 +- drivers/scsi/fcoe/fcoe_ctlr.c | 4 +- drivers/scsi/libiscsi.c | 12 ++-- drivers/scsi/vmw_pvscsi.c | 11 ++- drivers/staging/media/omap4iss/iss_video.c | 3 +- drivers/usb/gadget/function/f_uac2.c | 20 +++--- drivers/usb/gadget/udc/r8a66597-udc.c | 6 +- drivers/usb/phy/phy-fsl-usb.c | 4 +- fs/cachefiles/namei.c | 1 - fs/cachefiles/rdwr.c | 17 +++-- fs/fscache/operation.c | 6 +- mm/memory.c | 3 + mm/zswap.c | 9 +++ net/caif/caif_dev.c | 4 +- net/dccp/ccids/ccid2.c | 6 +- net/ipv6/ip6_vti.c | 11 +-- net/mac80211/util.c | 3 +- net/netfilter/nf_conntrack_proto_dccp.c | 8 +-- net/packet/af_packet.c | 10 +-- net/wireless/nl80211.c | 1 + net/xfrm/xfrm_policy.c | 3 + net/xfrm/xfrm_user.c | 18 +++-- tools/power/x86/turbostat/turbostat.c | 8 +-- .../selftests/ftrace/test.d/00basic/snapshot.tc | 28 ++++++++ tools/usb/ffs-test.c | 19 +++++- 42 files changed, 232 insertions(+), 141 deletions(-) create mode 100644 tools/testing/selftests/ftrace/test.d/00basic/snapshot.tc -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAluBcWAACgkQ3qZv95d3 LNzUvw/+JXEap2/Xn5LA446o2ugIgmxLj3cHKHrKGBjqntMdAnarbllkHN8cPmhB itp92E8NC6tkWrtuG78pXPI/KqyyfQQ9bdx/pX6ASEqlJVIToDBUv/qDAv9NKB2C Tvs0HjeU058qNZxxArIPDFQu0l8QuWlbSQ19wk5j9nyZYKLNjoK83IxktNA5eEOM UowNygI6SkhcWexcO+QzBheqgsGdk2lbiACuZQP2UfzNoj3B+jmkrjluKJeZHsp9 RC9Tt5iAaHWze6bqetDapqNiiVKamOh4RwFFb2auZSbi0njzHKLvYU/zIhbpBmB/ TWkIyzM7X384wyzDsCCIHi/OVmHPoWCN1cTPL5624qloNIG6VEFUNlB79q1R4htu fH680orPjCiRmavyCml9CA1CR9Qja8TvD9+Hj6LjLP4xxCCV3EGDzE85lYpOYxze EH/JldbaRGjhnxRtok+yKKcy/MoWFTB4BpsRxVrqALDZlV325uh2Eui6ku5vyQug I6CG+SWrjQ8E+BQgLGLEHF8KP6Si38LJMJyavuCTQquxH2uXNR8Z8gHqpX47YXOC gkuXOELTLw6dBxzLUWbv6FmOT7DZxC+swuKmOoXrFa877mIrC8RgFbSDL7MMjq9/ wuC1m/n0QmIIMOoMmZ0RIMwusNkAGOxqNW+DhPB4z7M298r+eHU= =mPDt -----END PGP SIGNATURE-----

7 years, 3 months

2
1
0 0

[GIT PULL] commits for Linux 3.18

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 3.18 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 18e6ee0440a7ab853e4ca0f1403eeef1803ed970: Linux 3.18.119 (2018-08-17 20:54:56 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-3.18-14082018 for you to fetch changes up to a4756ac848473e2142769e029251fa02abac9ef1: mm/memory.c: check return value of ioremap_prot (2018-08-18 10:18:24 -0400) - ---------------------------------------------------------------- for-greg-3.18-14082018 - ---------------------------------------------------------------- Alexey Kodanev (1): dccp: fix undefined behavior with 'cwnd' shift in ccid2_cwnd_restart() Bernd Edlinger (1): nl80211: Add a missing break in parse_station_flags Calvin Walton (1): tools/power turbostat: Read extended processor family from CPUID Colin Ian King (1): drivers: net: lmc: fix case value for target abort error Eric Dumazet (1): xfrm_user: prevent leaking 2 bytes of kernel memory Eugeniu Rosca (1): usb: gadget: f_uac2: fix endianness of 'struct cntrl_*_lay3' Florian Westphal (3): xfrm: free skb if nlsk pointer is NULL netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state atl1c: reserve min skb headroom Govindarajulu Varadarajan (1): enic: handle mtu change for vf properly Guenter Roeck (1): media: staging: omap4iss: Include asm/cacheflush.h after generic includes Jia-Ju Bai (2): usb: gadget: r8a66597: Fix two possible sleep-in-atomic-context bugs in init_controller() usb: gadget: r8a66597: Fix a possible sleep-in-atomic-context bugs in r8a66597_queue() Jim Gill (1): scsi: vmw_pvscsi: Return DID_RESET for status SAM_STAT_COMMAND_TERMINATED Johannes Thumshirn (1): scsi: fcoe: drop frames in ELS LOGO error path Kiran Kumar Modukuri (3): fscache: Allow cancelled operations to be enqueued cachefiles: Fix refcounting bug in backing-file read monitoring cachefiles: Wait rather than BUG'ing on "Unexpected object collision" Len Brown (1): tools/power turbostat: fix -S on UP systems Li Wang (1): zswap: re-check zswap_is_full() after do zswap_shrink() Lucas Stach (2): drm/imx: imx-ldb: disable LDB on driver bind drm/imx: imx-ldb: check if channel is enabled before printing warning Masami Hiramatsu (1): selftests/ftrace: Add snapshot and tracing_on test case Nicholas Mc Guire (2): drm: re-enable error handling can: mpc5xxx_can: check of_iomap return before use Peter Senna Tschudin (1): tools: usb: ffs-test: Fix build on big endian systems RafaÅ‚ MiÅ‚ecki (1): Revert "MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum" Randy Dunlap (3): usb/phy: fix PPC64 build errors in phy-fsl-usb.c arc: fix build errors in arc/include/asm/delay.h arc: fix type warnings in arc/mm/cache.c Shubhrajyoti Datta (1): net: axienet: Fix double deregister of mdio Sudarsana Reddy Kalluru (1): bnx2x: Fix invalid memory access in rss hash config path. Tommi Rantala (1): xfrm: fix missing dst_release() after policy blocking lbcast and multicast Varun Prakash (1): scsi: libiscsi: fix possible NULL pointer dereference in case of TMF Willem de Bruijn (1): packet: refine ring v3 block size test to hold one frame YueHaibing (1): net: caif: Add a missing rcu_read_unlock() in caif_flow_cb jie@chenjie6@huwei.com (1): mm/memory.c: check return value of ioremap_prot mpubbise(a)codeaurora.org (1): mac80211: add stations tied to AP_VLANs during hw reconfig arch/arc/include/asm/delay.h | 3 + arch/arc/mm/cache_arc700.c | 7 +- arch/mips/bcm47xx/setup.c | 6 -- arch/mips/include/asm/mipsregs.h | 3 - drivers/gpu/drm/drm_context.c | 2 +- drivers/net/can/mscan/mpc5xxx_can.c | 5 ++ drivers/net/ethernet/atheros/atl1c/atl1c_main.c | 1 + .../net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c | 13 +++- drivers/net/ethernet/cisco/enic/enic_main.c | 78 ++++++++-------------- drivers/net/ethernet/xilinx/xilinx_axienet_mdio.c | 1 + drivers/net/wan/lmc/lmc_main.c | 2 +- drivers/scsi/fcoe/fcoe_ctlr.c | 4 +- drivers/scsi/libiscsi.c | 12 ++-- drivers/scsi/vmw_pvscsi.c | 11 ++- drivers/staging/imx-drm/imx-ldb.c | 9 ++- drivers/staging/media/omap4iss/iss_video.c | 3 +- drivers/usb/gadget/function/f_uac2.c | 20 +++--- drivers/usb/gadget/udc/r8a66597-udc.c | 6 +- drivers/usb/phy/phy-fsl-usb.c | 4 +- fs/cachefiles/namei.c | 1 - fs/cachefiles/rdwr.c | 17 +++-- fs/fscache/operation.c | 6 +- mm/memory.c | 3 + mm/zswap.c | 9 +++ net/caif/caif_dev.c | 4 +- net/dccp/ccids/ccid2.c | 6 +- net/mac80211/util.c | 3 +- net/netfilter/nf_conntrack_proto_dccp.c | 8 +-- net/packet/af_packet.c | 10 +-- net/wireless/nl80211.c | 1 + net/xfrm/xfrm_policy.c | 3 + net/xfrm/xfrm_user.c | 18 +++-- tools/power/x86/turbostat/turbostat.c | 8 +-- .../selftests/ftrace/test.d/00basic/snapshot.tc | 28 ++++++++ tools/usb/ffs-test.c | 19 +++++- 35 files changed, 203 insertions(+), 131 deletions(-) create mode 100644 tools/testing/selftests/ftrace/test.d/00basic/snapshot.tc -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAluBcWcACgkQ3qZv95d3 LNyyQBAAuR/0/kaIUMqYPIXnnUXjUxhxiJmI5oCxGepVsD0XwATTk+gyu1niajDW dP+V4MjSsdZMtM4h5L52GGWFVNOppZFBd/xCci2nUAS4wmE9jLsTmnKyKWnPoGxo XiEz4OMXfhRCoir69kY3x+CN/F5XOcQJq4+F9RwMMGHFgJJ6fXng6m+UTtkjyFKQ uJaBk4iwtJUCa8yEC+L/5Uuqx7tM9J64J5zG5YxsWvd3LslUuXkE17xiFhoompNM dn/mT8mxY7P+SYb9FcLRoUu0Lz6aL82HW4zd55hlFIREBNaBfXIJOA7wPVo5UwBI HsyqCDBEaJ04gnfqaRo041wbl0CrX599r0sMQri3UUvKVZYFeBQvFYKim7UKdvzB bO1aKR+lOCnwsNIQGqFcgmYZzF4aDNe8xoeROTCC+MW6V++in0W/HALeqyoSW0Ko 74eQWDIXGBuWjM83H94rMeyxuL7L9qnBSA2vGT4YbK10F9X/lxq/MbxtGtKp/APL aLRXfl/NzRJW8AI73ej+eH8Nq3d3W749RYPHihvvv3izfWFyLxjj/0TncaXlPOO3 qVXf9LdHXrF+L9jJk5qpfFQ92xk57ssQXYocCPG/455oizsD8zpWk0WqQ2LMxzlY WJhSRaJjRBucU3mtCUq8fLZRaln91HIGISEPaRAlK5dAN0Tx7FU= =O1lO -----END PGP SIGNATURE-----

7 years, 3 months

2
1
0 0

Your reply

by Ruby

We provide photoshop services to some of the companies from around the world. We have worked on tons of images ever since our team establishment in 2009. Many online retail companies use our services for retouching electronics, jewelry, apparels, furniture etc. by getting the images of their products enhanced. Here are the details of what we provide: Clipping path; Deep etch process Image masking Remove background Portrait retouching Jewelry retouching Fashion retouching Please reply back for further info. We can provide testing for your photos if needed. Thanks, Ruby

7 years, 3 months

1
0
0 0

Linux 4.4.153

by Greg KH

I'm announcing the release of the 4.4.153 kernel. All users of the 4.4 kernel series must upgrade. The updated 4.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.4.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 +- arch/x86/include/asm/mmu_context.h | 3 +-- arch/x86/mm/pageattr.c | 2 +- fs/overlayfs/overlayfs.h | 1 + fs/overlayfs/readdir.c | 37 +++++++++++++++++++++++++++++++++++++ fs/overlayfs/super.c | 20 ++++++++++++++++++++ 6 files changed, 61 insertions(+), 4 deletions(-) Andi Kleen (1): x86/mm/pat: Fix L1TF stable backport for CPA Eric Biggers (1): x86/mm: Fix use-after-free of ldt_struct Greg Kroah-Hartman (1): Linux 4.4.153 Vivek Goyal (3): ovl: Ensure upper filesystem supports d_type ovl: Do d_type check only if work dir creation was successful ovl: warn instead of error if d_type is not supported

7 years, 3 months

1
1
0 0

Linux 3.18.120

by Greg KH

I'm announcing the release of the 3.18.120 kernel. All users of the 3.18 kernel series must upgrade. The updated 3.18.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-3.18.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/boot/dts/am3517.dtsi | 5 + arch/arm/boot/dts/am437x-sk-evm.dts | 2 arch/arm/boot/dts/da850.dtsi | 6 -- arch/arm/configs/imx_v4_v5_defconfig | 2 arch/arm/mach-pxa/irq.c | 4 - arch/arm64/kernel/smp.c | 2 arch/m68k/include/asm/mcf_pgalloc.h | 4 + drivers/dma/k3dma.c | 2 drivers/gpu/drm/armada/armada_hw.h | 1 drivers/gpu/drm/armada/armada_overlay.c | 30 +++++++--- drivers/gpu/drm/exynos/exynos_drm_gsc.c | 29 ++++++--- drivers/gpu/drm/exynos/regs-gsc.h | 1 drivers/isdn/i4l/isdn_common.c | 8 -- drivers/md/raid10.c | 7 ++ drivers/net/ethernet/broadcom/bnx2x/bnx2x.h | 1 drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 6 ++ drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 6 ++ drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 2 drivers/net/ethernet/cisco/enic/enic_clsf.c | 3 - drivers/net/ethernet/cisco/enic/enic_main.c | 3 - drivers/net/ethernet/intel/ixgbe/ixgbe_common.c | 12 +++- drivers/net/ethernet/qlogic/qlcnic/qlcnic_sysfs.c | 2 drivers/net/ethernet/qualcomm/qca_spi.c | 5 + drivers/net/ethernet/ti/davinci_emac.c | 4 + drivers/net/hamradio/bpqether.c | 8 -- drivers/net/usb/rtl8150.c | 2 drivers/net/usb/smsc75xx.c | 62 +++++++++++++++++++++ drivers/net/wireless/brcm80211/brcmfmac/dhd_sdio.c | 7 ++ drivers/pci/hotplug/pci_hotplug_core.c | 9 +++ drivers/staging/android/ion/ion.c | 17 ++++- drivers/tty/serial/8250/8250_dw.c | 2 drivers/usb/dwc2/hcd_intr.c | 3 - drivers/usb/gadget/composite.c | 3 + drivers/usb/serial/sierra.c | 4 - fs/reiserfs/xattr.c | 4 + include/net/af_vsock.h | 4 - include/net/llc.h | 5 + include/net/net_namespace.h | 1 include/net/netns/ipv6.h | 1 kernel/locking/lockdep.c | 12 ++-- kernel/trace/trace.c | 5 + net/bluetooth/sco.c | 3 - net/core/dev.c | 4 - net/dccp/ccids/ccid2.c | 6 +- net/ipv4/netfilter/ip_tables.c | 1 net/ipv4/tcp.c | 4 - net/ipv6/mcast.c | 9 ++- net/ipv6/netfilter/ip6_tables.c | 1 net/ipv6/netfilter/nf_conntrack_reasm.c | 6 +- net/l2tp/l2tp_core.c | 2 net/llc/llc_core.c | 4 - net/netfilter/nf_conntrack_proto_dccp.c | 8 +- net/packet/af_packet.c | 10 ++- net/sched/cls_tcindex.c | 8 +- net/vmw_vsock/af_vsock.c | 15 ++--- net/vmw_vsock/vmci_transport.c | 3 - net/xfrm/xfrm_user.c | 8 +- security/smack/smack_lsm.c | 1 sound/core/memalloc.c | 8 -- sound/core/seq/seq_virmidi.c | 10 +++ sound/pci/cs5535audio/cs5535audio.h | 6 +- sound/pci/cs5535audio/cs5535audio_pcm.c | 4 - sound/pci/vx222/vx222_ops.c | 8 +- sound/pcmcia/vx/vxp_ops.c | 10 +-- tools/perf/arch/powerpc/util/skip-callchain-idx.c | 2 tools/testing/selftests/sync/config | 4 + 67 files changed, 315 insertions(+), 128 deletions(-) Adam Ford (1): ARM: dts: am3517.dtsi: Disable reference to OMAP3 OTG controller Alexander Duyck (1): ixgbe: Be more careful when modifying MAC filters Alexey Kodanev (1): dccp: fix undefined behavior with 'cwnd' shift in ccid2_cwnd_restart() Bartosz Golaszewski (1): net: davinci_emac: match the mdio device against its compatible if possible BingJing Chang (1): md/raid10: fix that replacement cannot complete recovery after reassemble Casey Schaufler (1): Smack: Mark inode instant in smack_task_to_inode Chen Hu (1): serial: 8250_dw: always set baud rate in dw8250_set_termios Chunfeng Yun (1): usb: gadget: composite: fix delayed_status race condition when set_interface Cong Wang (2): llc: use refcount_inc_not_zero() for llc_sap_find() vsock: split dwork to avoid reinitializations Dan Carpenter (2): dmaengine: k3dma: Off by one in k3_of_dma_simple_xlate() qlogic: check kstrtoul() for errors Daniel Mack (2): ARM: dts: am437x: make edt-ft5x06 a wakeup source ARM: pxa: irq: fix handling of ICMR registers in suspend/resume Daniel Rosenberg (1): staging: android: ion: check for kref overflow David Lechner (1): net: usb: rtl8150: demote allmulti message to dev_dbg() Eric Dumazet (2): netfilter: ipv6: nf_defrag: reduce struct net memory waste xfrm_user: prevent leaking 2 bytes of kernel memory Fabio Estevam (1): ARM: imx_v4_v5_defconfig: Select ULPI support Fathi Boudra (1): selftests: sync: add config fragment for testing sync framework Florian Westphal (2): netfilter: x_tables: set module owner for icmp(6) matches netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state Ganesh Goudar (1): cxgb4: when disabling dcb set txq dcb priority to 0 Govindarajulu Varadarajan (1): enic: initialize enic->rfs_h.lock in enic_probe Greg Kroah-Hartman (1): Linux 3.18.120 Greg Ungerer (1): m68k: fix "bad page state" oops on ColdFire boot Hangbin Liu (3): net_sched: Fix missing res info when create new tc_index filter net_sched: fix NULL pointer dereference when delete tcindex filter ipv6: mcast: fix unsolicited report interval after receiving querys Jann Horn (1): reiserfs: fix broken xattr handling (heap corruption, bad retval) John Ogness (1): USB: serial: sierra: fix potential deadlock at close Keerthy (1): ARM: dts: da850: Fix interrups property for gpio Kees Cook (1): isdn: Disable IIOCDBGVAR Li RongQing (1): net: propagate dev_get_valid_name return code Lukas Wunner (1): PCI: hotplug: Don't leak pci_slot on registration failure Marek Szyprowski (1): drm/exynos: gsc: Fix support for NV16/61, YUV420/YVU420 and YUV422 modes Mathieu Malaterre (1): tracing: Use __printf markup to silence compiler Michael Trimarchi (1): brcmfmac: stop watchdog before detach and free everything Randy Dunlap (1): tcp: identify cryptic messages as TCP seq # bugs Russell King (1): drm/armada: fix colorkey mode property Sandipan Das (1): perf report powerpc: Fix crash if callchain is empty Stefan Agner (1): net: hamradio: use eth_broadcast_addr Stefan Wahren (2): net: qca_spi: Avoid packet drop during initial sync net: qca_spi: Make sure the QCA7000 reset is triggered Steven Rostedt (VMware) (1): locking/lockdep: Do not record IRQ state within lockdep code Sudarsana Reddy Kalluru (1): bnx2x: Fix receiving tx-timeout in error or recovery state. Sudip Mukherjee (1): Bluetooth: avoid killing an already killed socket Takashi Iwai (5): ALSA: vx222: Fix invalid endian conversions ALSA: virmidi: Fix too long output trigger loop ALSA: cs5535audio: Fix invalid endian conversion ALSA: memalloc: Don't exceed over the requested size ALSA: vxpocket: Fix invalid endian conversions Wei Wang (1): l2tp: use sk_dst_check() to avoid race on sk->sk_dst_cache Willem de Bruijn (1): packet: refine ring v3 block size test to hold one frame William Wu (1): usb: dwc2: fix isoc split in transfer with no data Yuiko Oshino (1): smsc75xx: Add workaround for gigabit link up hardware errata. Zhizhou Zhang (1): arm64: make secondary_start_kernel() notrace

7 years, 3 months

1
1
0 0

[PATCH] HID: input: fix leaking custom input node name

by Stefan Agner

Make sure to free the custom input node name on disconnect. Cc: stable(a)vger.kernel.org # v4.18+ Fixes: c554bb045511 ("HID: input: append a suffix matching the application") Signed-off-by: Stefan Agner <stefan(a)agner.ch> --- Found with kmemleak, after unplugging a Logitech Unifying receiver: unreferenced object 0xc2345b80 (size 64): comm "kworker/0:1", pid 20, jiffies 4294955181 (age 320.740s) hex dump (first 32 bytes): 4c 6f 67 69 74 65 63 68 20 55 53 42 20 52 65 63 Logitech USB Rec 65 69 76 65 72 20 53 79 73 74 65 6d 20 43 6f 6e eiver System Con backtrace: [<8fec5a71>] __kmalloc_track_caller+0x1dc/0x300 [<5b926275>] kvasprintf+0x60/0xcc [<21fc360f>] kasprintf+0x38/0x54 [<3b6ce9f0>] hidinput_connect+0x23a8/0x4c60 [<deaab707>] hid_connect+0x30c/0x38c [<5a28f7c9>] hid_hw_start+0x44/0x64 [<267d70e8>] hid_generic_probe+0x34/0x38 [<d68c31b1>] hid_device_probe+0xdc/0x13c [<09414e91>] really_probe+0x1d8/0x2c4 [<f9d7157f>] driver_probe_device+0x68/0x184 [<1def17c8>] __device_attach_driver+0xa0/0xd4 [<d3b2081b>] bus_for_each_drv+0x60/0xc0 [<379d02f8>] __device_attach+0xdc/0x144 [<7026ace5>] device_initial_probe+0x14/0x18 [<44527d01>] bus_probe_device+0x90/0x98 [<cf58bf2f>] device_add+0x424/0x62c drivers/hid/hid-input.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/hid/hid-input.c b/drivers/hid/hid-input.c index 4e94ea3e280a..ac201817a2dd 100644 --- a/drivers/hid/hid-input.c +++ b/drivers/hid/hid-input.c @@ -1815,6 +1815,7 @@ void hidinput_disconnect(struct hid_device *hid) input_unregister_device(hidinput->input); else input_free_device(hidinput->input); + kfree(hidinput->name); kfree(hidinput); } -- 2.18.0

7 years, 3 months

2
1
0 0

Editing is it

by Jason

Do you have photos for cutting out,or adding clipping path? We are here to help you for that also including retouching. Both for product photos and portrait photos. Yours, Jason

7 years, 3 months

1
0
0 0

v3.18.120 build: 0 failures 1 warnings (v3.18.120)

by Build bot for Mark Brown

Tree/Branch: v3.18.120 Git describe: v3.18.120 Commit: a5f9be3576 Linux 3.18.120 Build Time: 0 min 1 sec Passed: 7 / 7 (100.00 %) Failed: 0 / 7 ( 0.00 %) Errors: 0 Warnings: 1 Section Mismatches: 0 ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): 7 warnings 0 mismatches : x86_64-allmodconfig 2 warnings 0 mismatches : x86_64-defconfig ------------------------------------------------------------------------------- Warnings Summary: 1 9 ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- x86_64-allmodconfig : PASS, 0 errors, 7 warnings, 0 section mismatches Warnings: ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ------------------------------------------------------------------------------- x86_64-defconfig : PASS, 0 errors, 2 warnings, 0 section mismatches Warnings: ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches: x86_64-allnoconfig arm-multi_v7_defconfig arm-allmodconfig arm-allnoconfig arm-multi_v5_defconfig

7 years, 3 months

1
0
0 0

[PATCH] tty: serial: lpuart: avoid leaking struct tty_struct

by Stefan Agner

The function tty_port_tty_get() gets a reference to the tty. Since the code is not using tty_port_tty_set(), the reference is kept even after closing the tty. Avoid using tty_port_tty_get() by directly access the tty instance. Since lpuart_start_rx_dma() is called from the .startup() and .set_termios() callback, it is safe to assume the tty instance is valid. Cc: stable(a)vger.kernel.org # v4.9+ Fixes: 5887ad43ee02 ("tty: serial: fsl_lpuart: Use cyclic DMA for Rx") Signed-off-by: Stefan Agner <stefan(a)agner.ch> --- This fixes a memory leak observable when opening/closing the tty in a loop. This is also reported by kmemleak: unreferenced object 0xc9d17000 (size 1024): comm "(agetty)", pid 389, jiffies 4294943045 (age 100.670s) hex dump (first 32 bytes): 01 54 00 00 01 00 00 00 00 8c 9b c8 80 58 9b c8 .T...........X.. 48 58 c4 c0 00 00 00 00 00 00 00 00 00 00 00 00 HX.............. backtrace: [<(ptrval)>] kmem_cache_alloc_trace+0x160/0x2b8 [<(ptrval)>] alloc_tty_struct+0x44/0x254 [<(ptrval)>] tty_init_dev+0x44/0x1c8 [<(ptrval)>] tty_open+0x268/0x414 [<(ptrval)>] chrdev_open+0xb4/0x1bc [<(ptrval)>] do_dentry_open+0x1c0/0x388 [<(ptrval)>] vfs_open+0x34/0x38 [<(ptrval)>] path_openat+0x5b0/0x11bc [<(ptrval)>] do_filp_open+0x7c/0xe8 [<(ptrval)>] do_sys_open+0x188/0x20c [<(ptrval)>] sys_openat+0x14/0x18 [<(ptrval)>] ret_fast_syscall+0x0/0x28 [<(ptrval)>] 0xbee0a460 [<(ptrval)>] 0xffffffff I *think* the statement that accessing tty_struct without using tty_port_tty_get is safe in this case is true. It would be good if somebody with more TTY knowledge could review the change. -- Stefan drivers/tty/serial/fsl_lpuart.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/tty/serial/fsl_lpuart.c b/drivers/tty/serial/fsl_lpuart.c index 51e47a63d61a..3f8d1274fc85 100644 --- a/drivers/tty/serial/fsl_lpuart.c +++ b/drivers/tty/serial/fsl_lpuart.c @@ -979,7 +979,8 @@ static inline int lpuart_start_rx_dma(struct lpuart_port *sport) struct circ_buf *ring = &sport->rx_ring; int ret, nent; int bits, baud; - struct tty_struct *tty = tty_port_tty_get(&sport->port.state->port); + struct tty_port *port = &sport->port.state->port; + struct tty_struct *tty = port->tty; struct ktermios *termios = &tty->termios; baud = tty_get_baud_rate(tty); -- 2.18.0

7 years, 3 months

1
0
0 0

[PATCH] xprtrdma: Fix disconnect regression

by Chuck Lever

I found that injecting disconnects with v4.18-rc resulted in random failures of the multi-threaded git regression test. The root cause appears to be that, after a reconnect, the RPC/RDMA transport is waking pending RPCs before the transport has posted enough Receive buffers to receive the Replies. If a Reply arrives before enough Receive buffers are posted, the connection is dropped. A few connection drops happen in quick succession as the client and server struggle to regain credit synchronization. This regression was introduced with commit 7c8d9e7c8863 ("xprtrdma: Move Receive posting to Receive handler"). The client is supposed to post a single Receive when a connection is established because it's not supposed to send more than one RPC Call before it gets a fresh credit grant in the first RPC Reply [RFC 8166, Section 3.3.3]. Unfortunately there appears to be a longstanding bug in the Linux client's credit accounting mechanism. On connect, it simply dumps all pending RPC Calls onto the new connection. It's possible it has done this ever since the RPC/RDMA transport was added to the kernel ten years ago. Servers have so far been tolerant of this bad behavior. Currently no server implementation ever changes its credit grant over reconnects, and servers always repost enough Receives before connections are fully established. The Linux client implementation used to post a Receive before each of these Calls. This has covered up the flooding send behavior. I could try to correct this old bug so that the client sends exactly one RPC Call and waits for a Reply. Since we are so close to the next merge window, I'm going to instead provide a simple patch to post enough Receives before a reconnect completes (based on the number of credits granted to the previous connection). The spurious disconnects will be gone, but the client will still send multiple RPC Calls immediately after a reconnect. Addressing the latter problem will wait for a merge window because a) I expect it to be a large change requiring lots of testing, and b) obviously the Linux client has interoperated successfully since day zero while still being broken. Fixes: 7c8d9e7c8863 ("xprtrdma: Move Receive posting to ... ") Signed-off-by: Chuck Lever <chuck.lever(a)oracle.com> --- net/sunrpc/xprtrdma/verbs.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) Hi stable@ - This fix has been merged into v4.19 as upstream commit 8d4fb8ff427a ("xprtrdma: Fix disconnect regression"). It addresses a regression in v4.18. I expected it to go into late v4.18-rc, which is why there is no "cc: stable" on the original submission. Could you please apply it to 4.18.y ? Thank you! diff --git a/net/sunrpc/xprtrdma/verbs.c b/net/sunrpc/xprtrdma/verbs.c index 042bb24..1386c6e 100644 --- a/net/sunrpc/xprtrdma/verbs.c +++ b/net/sunrpc/xprtrdma/verbs.c @@ -279,7 +279,6 @@ ++xprt->rx_xprt.connect_cookie; connstate = -ECONNABORTED; connected: - xprt->rx_buf.rb_credits = 1; ep->rep_connected = connstate; rpcrdma_conn_func(ep); wake_up_all(&ep->rep_connect_wait); @@ -754,6 +753,7 @@ } ep->rep_connected = 0; + rpcrdma_post_recvs(r_xprt, true); rc = rdma_connect(ia->ri_id, &ep->rep_remote_cma); if (rc) { @@ -772,8 +772,6 @@ dprintk("RPC: %s: connected\n", __func__); - rpcrdma_post_recvs(r_xprt, true); - out: if (rc) ep->rep_connected = rc; @@ -1170,6 +1168,7 @@ struct rpcrdma_req * list_add(&req->rl_list, &buf->rb_send_bufs); } + buf->rb_credits = 1; buf->rb_posted_receives = 0; INIT_LIST_HEAD(&buf->rb_recv_bufs);

7 years, 3 months

2
1
0 0

[PATCH 4.4 0/5] 4.4.153-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.4.153 release. There are 5 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Tue Aug 28 06:40:50 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.153-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.4.153-rc1 Vivek Goyal <vgoyal(a)redhat.com> ovl: warn instead of error if d_type is not supported Vivek Goyal <vgoyal(a)redhat.com> ovl: Do d_type check only if work dir creation was successful Vivek Goyal <vgoyal(a)redhat.com> ovl: Ensure upper filesystem supports d_type Eric Biggers <ebiggers(a)google.com> x86/mm: Fix use-after-free of ldt_struct Andi Kleen <ak(a)linux.intel.com> x86/mm/pat: Fix L1TF stable backport for CPA ------------- Diffstat: Makefile | 4 ++-- arch/x86/include/asm/mmu_context.h | 3 +-- arch/x86/mm/pageattr.c | 2 +- fs/overlayfs/overlayfs.h | 1 + fs/overlayfs/readdir.c | 37 +++++++++++++++++++++++++++++++++++++ fs/overlayfs/super.c | 20 ++++++++++++++++++++ 6 files changed, 62 insertions(+), 5 deletions(-)

7 years, 3 months

4
8
0 0

[PATCH] soc: qcom: rmtfs-mem: Validate that scm is available

by Bjorn Andersson

The scm device must be present in order for the rmtfs driver to configure memory permissions for the rmtfs memory region, so check that it is probed before continuing. Cc: stable(a)vger.kernel.org Fixes: fa65f8045137 ("soc: qcom: rmtfs-mem: Add support for assigning memory to remote") Signed-off-by: Bjorn Andersson <bjorn.andersson(a)linaro.org> --- drivers/soc/qcom/rmtfs_mem.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/soc/qcom/rmtfs_mem.c b/drivers/soc/qcom/rmtfs_mem.c index 8a3678c2e83c..97bb5989aa21 100644 --- a/drivers/soc/qcom/rmtfs_mem.c +++ b/drivers/soc/qcom/rmtfs_mem.c @@ -212,6 +212,11 @@ static int qcom_rmtfs_mem_probe(struct platform_device *pdev) dev_err(&pdev->dev, "failed to parse qcom,vmid\n"); goto remove_cdev; } else if (!ret) { + if (!qcom_scm_is_available()) { + ret = -EPROBE_DEFER; + goto remove_cdev; + } + perms[0].vmid = QCOM_SCM_VMID_HLOS; perms[0].perm = QCOM_SCM_PERM_RW; perms[1].vmid = vmid; -- 2.18.0

7 years, 3 months

1
0
0 0

[PATCH v2] selftests: membarrier: fix test by checking supported commands

by Rafael David Tinoco

Makes membarrier_test compatible with older kernels (LTS) by checking if the membarrier features exist before running the tests. Link: https://bugs.linaro.org/show_bug.cgi?id=3771 Signed-off-by: Rafael David Tinoco <rafael.tinoco(a)linaro.org> Cc: <stable(a)vger.kernel.org> #v4.17 --- .../selftests/membarrier/membarrier_test.c | 71 +++++++++++-------- 1 file changed, 40 insertions(+), 31 deletions(-) diff --git a/tools/testing/selftests/membarrier/membarrier_test.c b/tools/testing/selftests/membarrier/membarrier_test.c index 6793f8ecc8e7..4dc263824bda 100644 --- a/tools/testing/selftests/membarrier/membarrier_test.c +++ b/tools/testing/selftests/membarrier/membarrier_test.c @@ -223,7 +223,7 @@ static int test_membarrier_global_expedited_success(void) return 0; } -static int test_membarrier(void) +static int test_membarrier(int supported) { int status; @@ -236,21 +236,22 @@ static int test_membarrier(void) status = test_membarrier_global_success(); if (status) return status; - status = test_membarrier_private_expedited_fail(); - if (status) - return status; - status = test_membarrier_register_private_expedited_success(); - if (status) - return status; - status = test_membarrier_private_expedited_success(); - if (status) - return status; - status = sys_membarrier(MEMBARRIER_CMD_QUERY, 0); - if (status < 0) { - ksft_test_result_fail("sys_membarrier() failed\n"); - return status; + + /* commit 22e4ebb975822833b083533035233d128b30e98f added this feature */ + if (supported & MEMBARRIER_CMD_PRIVATE_EXPEDITED) { + status = test_membarrier_private_expedited_fail(); + if (status) + return status; + status = test_membarrier_register_private_expedited_success(); + if (status) + return status; + status = test_membarrier_private_expedited_success(); + if (status) + return status; } - if (status & MEMBARRIER_CMD_PRIVATE_EXPEDITED_SYNC_CORE) { + + /* commit 70216e18e519a54a2f13569e8caff99a092a92d6 added this feature */ + if (supported & MEMBARRIER_CMD_PRIVATE_EXPEDITED_SYNC_CORE) { status = test_membarrier_private_expedited_sync_core_fail(); if (status) return status; @@ -261,23 +262,28 @@ static int test_membarrier(void) if (status) return status; } - /* - * It is valid to send a global membarrier from a non-registered - * process. - */ - status = test_membarrier_global_expedited_success(); - if (status) - return status; - status = test_membarrier_register_global_expedited_success(); - if (status) - return status; - status = test_membarrier_global_expedited_success(); - if (status) - return status; + + /* commit c5f58bd58f432be5d92df33c5458e0bcbee3aadf added this feature */ + if (supported & MEMBARRIER_CMD_GLOBAL_EXPEDITED) { + /* + * It is valid to send a global membarrier from a non-registered + * process. + */ + status = test_membarrier_global_expedited_success(); + if (status) + return status; + status = test_membarrier_register_global_expedited_success(); + if (status) + return status; + status = test_membarrier_global_expedited_success(); + if (status) + return status; + } + return 0; } -static int test_membarrier_query(void) +static int test_membarrier_query(int *supported) { int flags = 0, ret; @@ -297,16 +303,19 @@ static int test_membarrier_query(void) ksft_exit_skip( "sys_membarrier unsupported: CMD_GLOBAL not found.\n"); + *supported = ret; ksft_test_result_pass("sys_membarrier available\n"); return 0; } int main(int argc, char **argv) { + int supported; + ksft_print_header(); - test_membarrier_query(); - test_membarrier(); + test_membarrier_query(&supported); + test_membarrier(supported); return ksft_exit_pass(); } -- 2.18.0

7 years, 3 months

2
1
0 0

[char-misc for 4.9 2/2] mei: bus: need to unlink client before freeing

by Tomas Winkler

In case a client fails to connect in mei_cldev_enable(), the caller won't call the mei_cldev_disable leaving the client in a linked stated. Upon driver unload the client structure will be freed in mei_cl_bus_dev_release(), leaving a stale pointer on a fail_list. This will eventually end up in crash during power down flow in mei_cl_set_disonnected(). RIP: mei_cl_set_disconnected+0x5/0x260[mei] Call trace: mei_cl_all_disconnect+0x22/0x30 mei_reset+0x194/0x250 __synchronize_hardirq+0x43/0x50 _cond_resched+0x15/0x30 mei_me_intr_clear+0x20/0x100 mei_stop+0x76/0xb0 mei_me_shutdown+0x3f/0x80 pci_device_shutdown+0x34/0x60 kernel_restart+0x0e/0x30 Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=200455 Fixes: 'c110cdb17148 ("mei: bus: make a client pointer always available")' Cc: <stable(a)vger.kernel.org> 4.10+ Tested-by: Georg Müller <georgmueller(a)gmx.net> Signed-off-by: Tomas Winkler <tomas.winkler(a)intel.com> --- drivers/misc/mei/bus.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/drivers/misc/mei/bus.c b/drivers/misc/mei/bus.c index 13c6c9a2248a..fc3872fe7b25 100644 --- a/drivers/misc/mei/bus.c +++ b/drivers/misc/mei/bus.c @@ -521,17 +521,15 @@ int mei_cldev_enable(struct mei_cl_device *cldev) cl = cldev->cl; + mutex_lock(&bus->device_lock); if (cl->state == MEI_FILE_UNINITIALIZED) { - mutex_lock(&bus->device_lock); ret = mei_cl_link(cl); - mutex_unlock(&bus->device_lock); if (ret) - return ret; + goto out; /* update pointers */ cl->cldev = cldev; } - mutex_lock(&bus->device_lock); if (mei_cl_is_connected(cl)) { ret = 0; goto out; @@ -875,12 +873,13 @@ static void mei_cl_bus_dev_release(struct device *dev) mei_me_cl_put(cldev->me_cl); mei_dev_bus_put(cldev->bus); + mei_cl_unlink(cldev->cl); kfree(cldev->cl); kfree(cldev); } static const struct device_type mei_cl_device_type = { - .release = mei_cl_bus_dev_release, + .release = mei_cl_bus_dev_release, }; /** -- 2.14.4

7 years, 3 months

1
0
0 0

[char-misc for 4.9 1/2] mei: bus: fix hw module get/put balance

by Tomas Winkler

In case the device is not connected it doesn't 'get' hw module and hence should not 'put' it on disable. Cc: <stable(a)vger.kernel.org> 4.16+ Fixes:'commit 257355a44b99 ("mei: make module referencing local to the bus.c")' Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=200455 Tested-by: Georg Müller <georgmueller(a)gmx.net> Signed-off-by: Tomas Winkler <tomas.winkler(a)intel.com> --- drivers/misc/mei/bus.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/misc/mei/bus.c b/drivers/misc/mei/bus.c index 7bba62a72921..13c6c9a2248a 100644 --- a/drivers/misc/mei/bus.c +++ b/drivers/misc/mei/bus.c @@ -616,9 +616,8 @@ int mei_cldev_disable(struct mei_cl_device *cldev) if (err < 0) dev_err(bus->dev, "Could not disconnect from the ME client\n"); -out: mei_cl_bus_module_put(cldev); - +out: /* Flush queues and remove any pending read */ mei_cl_flush_queues(cl, NULL); mei_cl_unlink(cl); -- 2.14.4

7 years, 3 months

1
0
0 0

[PATCH 3.18 00/56] 3.18.120-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 3.18.120 release. There are 56 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Tue Aug 28 06:42:19 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v3.x/stable-review/patch-3.18.120-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-3.18.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 3.18.120-rc1 Jann Horn <jannh(a)google.com> reiserfs: fix broken xattr handling (heap corruption, bad retval) Lukas Wunner <lukas(a)wunner.de> PCI: hotplug: Don't leak pci_slot on registration failure Willem de Bruijn <willemb(a)google.com> packet: refine ring v3 block size test to hold one frame Florian Westphal <fw(a)strlen.de> netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state Eric Dumazet <edumazet(a)google.com> xfrm_user: prevent leaking 2 bytes of kernel memory Daniel Rosenberg <drosen(a)google.com> staging: android: ion: check for kref overflow Randy Dunlap <rdunlap(a)infradead.org> tcp: identify cryptic messages as TCP seq # bugs Stefan Wahren <stefan.wahren(a)i2se.com> net: qca_spi: Make sure the QCA7000 reset is triggered Stefan Wahren <stefan.wahren(a)i2se.com> net: qca_spi: Avoid packet drop during initial sync David Lechner <david(a)lechnology.com> net: usb: rtl8150: demote allmulti message to dev_dbg() Dan Carpenter <dan.carpenter(a)oracle.com> qlogic: check kstrtoul() for errors Alexander Duyck <alexander.h.duyck(a)intel.com> ixgbe: Be more careful when modifying MAC filters Adam Ford <aford173(a)gmail.com> ARM: dts: am3517.dtsi: Disable reference to OMAP3 OTG controller Russell King <rmk+kernel(a)armlinux.org.uk> drm/armada: fix colorkey mode property Daniel Mack <daniel(a)zonque.org> ARM: pxa: irq: fix handling of ICMR registers in suspend/resume Florian Westphal <fw(a)strlen.de> netfilter: x_tables: set module owner for icmp(6) matches Yuiko Oshino <yuiko.oshino(a)microchip.com> smsc75xx: Add workaround for gigabit link up hardware errata. Mathieu Malaterre <malat(a)debian.org> tracing: Use __printf markup to silence compiler Fabio Estevam <fabio.estevam(a)nxp.com> ARM: imx_v4_v5_defconfig: Select ULPI support Greg Ungerer <gerg(a)linux-m68k.org> m68k: fix "bad page state" oops on ColdFire boot Sudarsana Reddy Kalluru <sudarsana.kalluru(a)cavium.com> bnx2x: Fix receiving tx-timeout in error or recovery state. Marek Szyprowski <m.szyprowski(a)samsung.com> drm/exynos: gsc: Fix support for NV16/61, YUV420/YVU420 and YUV422 modes BingJing Chang <bingjingc(a)synology.com> md/raid10: fix that replacement cannot complete recovery after reassemble Dan Carpenter <dan.carpenter(a)oracle.com> dmaengine: k3dma: Off by one in k3_of_dma_simple_xlate() Keerthy <j-keerthy(a)ti.com> ARM: dts: da850: Fix interrups property for gpio Sandipan Das <sandipan(a)linux.ibm.com> perf report powerpc: Fix crash if callchain is empty Daniel Mack <daniel(a)zonque.org> ARM: dts: am437x: make edt-ft5x06 a wakeup source Michael Trimarchi <michael(a)amarulasolutions.com> brcmfmac: stop watchdog before detach and free everything Ganesh Goudar <ganeshgr(a)chelsio.com> cxgb4: when disabling dcb set txq dcb priority to 0 Casey Schaufler <casey(a)schaufler-ca.com> Smack: Mark inode instant in smack_task_to_inode Hangbin Liu <liuhangbin(a)gmail.com> ipv6: mcast: fix unsolicited report interval after receiving querys Steven Rostedt (VMware) <rostedt(a)goodmis.org> locking/lockdep: Do not record IRQ state within lockdep code Bartosz Golaszewski <bgolaszewski(a)baylibre.com> net: davinci_emac: match the mdio device against its compatible if possible Li RongQing <lirongqing(a)baidu.com> net: propagate dev_get_valid_name return code Stefan Agner <stefan(a)agner.ch> net: hamradio: use eth_broadcast_addr Govindarajulu Varadarajan <gvaradar(a)cisco.com> enic: initialize enic->rfs_h.lock in enic_probe Zhizhou Zhang <zhizhouzhang(a)asrmicro.com> arm64: make secondary_start_kernel() notrace Chunfeng Yun <chunfeng.yun(a)mediatek.com> usb: gadget: composite: fix delayed_status race condition when set_interface William Wu <william.wu(a)rock-chips.com> usb: dwc2: fix isoc split in transfer with no data Fathi Boudra <fathi.boudra(a)linaro.org> selftests: sync: add config fragment for testing sync framework Eric Dumazet <edumazet(a)google.com> netfilter: ipv6: nf_defrag: reduce struct net memory waste Kees Cook <keescook(a)chromium.org> isdn: Disable IIOCDBGVAR Sudip Mukherjee <sudipm.mukherjee(a)gmail.com> Bluetooth: avoid killing an already killed socket Chen Hu <hu1.chen(a)intel.com> serial: 8250_dw: always set baud rate in dw8250_set_termios John Ogness <john.ogness(a)linutronix.de> USB: serial: sierra: fix potential deadlock at close Takashi Iwai <tiwai(a)suse.de> ALSA: vxpocket: Fix invalid endian conversions Takashi Iwai <tiwai(a)suse.de> ALSA: memalloc: Don't exceed over the requested size Takashi Iwai <tiwai(a)suse.de> ALSA: cs5535audio: Fix invalid endian conversion Takashi Iwai <tiwai(a)suse.de> ALSA: virmidi: Fix too long output trigger loop Takashi Iwai <tiwai(a)suse.de> ALSA: vx222: Fix invalid endian conversions Cong Wang <xiyou.wangcong(a)gmail.com> vsock: split dwork to avoid reinitializations Hangbin Liu <liuhangbin(a)gmail.com> net_sched: fix NULL pointer dereference when delete tcindex filter Hangbin Liu <liuhangbin(a)gmail.com> net_sched: Fix missing res info when create new tc_index filter Cong Wang <xiyou.wangcong(a)gmail.com> llc: use refcount_inc_not_zero() for llc_sap_find() Wei Wang <weiwan(a)google.com> l2tp: use sk_dst_check() to avoid race on sk->sk_dst_cache Alexey Kodanev <alexey.kodanev(a)oracle.com> dccp: fix undefined behavior with 'cwnd' shift in ccid2_cwnd_restart() ------------- Diffstat: Makefile | 4 +- arch/arm/boot/dts/am3517.dtsi | 5 ++ arch/arm/boot/dts/am437x-sk-evm.dts | 2 + arch/arm/boot/dts/da850.dtsi | 6 +-- arch/arm/configs/imx_v4_v5_defconfig | 2 + arch/arm/mach-pxa/irq.c | 4 +- arch/arm64/kernel/smp.c | 2 +- arch/m68k/include/asm/mcf_pgalloc.h | 4 +- drivers/dma/k3dma.c | 2 +- drivers/gpu/drm/armada/armada_hw.h | 1 + drivers/gpu/drm/armada/armada_overlay.c | 30 ++++++++--- drivers/gpu/drm/exynos/exynos_drm_gsc.c | 29 ++++++---- drivers/gpu/drm/exynos/regs-gsc.h | 1 + drivers/isdn/i4l/isdn_common.c | 8 +-- drivers/md/raid10.c | 7 +++ drivers/net/ethernet/broadcom/bnx2x/bnx2x.h | 1 + drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 6 +++ drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 6 +++ drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 2 +- drivers/net/ethernet/cisco/enic/enic_clsf.c | 3 +- drivers/net/ethernet/cisco/enic/enic_main.c | 3 +- drivers/net/ethernet/intel/ixgbe/ixgbe_common.c | 12 ++++- drivers/net/ethernet/qlogic/qlcnic/qlcnic_sysfs.c | 2 + drivers/net/ethernet/qualcomm/qca_spi.c | 5 +- drivers/net/ethernet/ti/davinci_emac.c | 4 ++ drivers/net/hamradio/bpqether.c | 8 +-- drivers/net/usb/rtl8150.c | 2 +- drivers/net/usb/smsc75xx.c | 62 ++++++++++++++++++++++ drivers/net/wireless/brcm80211/brcmfmac/dhd_sdio.c | 7 +++ drivers/pci/hotplug/pci_hotplug_core.c | 9 ++++ drivers/staging/android/ion/ion.c | 17 ++++-- drivers/tty/serial/8250/8250_dw.c | 2 +- drivers/usb/dwc2/hcd_intr.c | 3 +- drivers/usb/gadget/composite.c | 3 ++ drivers/usb/serial/sierra.c | 4 +- fs/reiserfs/xattr.c | 4 +- include/net/af_vsock.h | 4 +- include/net/llc.h | 5 ++ include/net/net_namespace.h | 1 + include/net/netns/ipv6.h | 1 - kernel/locking/lockdep.c | 12 ++--- kernel/trace/trace.c | 5 ++ net/bluetooth/sco.c | 3 +- net/core/dev.c | 4 +- net/dccp/ccids/ccid2.c | 6 ++- net/ipv4/netfilter/ip_tables.c | 1 + net/ipv4/tcp.c | 4 +- net/ipv6/mcast.c | 9 ++-- net/ipv6/netfilter/ip6_tables.c | 1 + net/ipv6/netfilter/nf_conntrack_reasm.c | 6 +-- net/l2tp/l2tp_core.c | 2 +- net/llc/llc_core.c | 4 +- net/netfilter/nf_conntrack_proto_dccp.c | 8 +-- net/packet/af_packet.c | 10 ++-- net/sched/cls_tcindex.c | 8 ++- net/vmw_vsock/af_vsock.c | 15 +++--- net/vmw_vsock/vmci_transport.c | 3 +- net/xfrm/xfrm_user.c | 8 +-- security/smack/smack_lsm.c | 1 + sound/core/memalloc.c | 8 +-- sound/core/seq/seq_virmidi.c | 10 ++++ sound/pci/cs5535audio/cs5535audio.h | 6 +-- sound/pci/cs5535audio/cs5535audio_pcm.c | 4 +- sound/pci/vx222/vx222_ops.c | 8 +-- sound/pcmcia/vx/vxp_ops.c | 10 ++-- tools/perf/arch/powerpc/util/skip-callchain-idx.c | 2 +- tools/testing/selftests/sync/config | 4 ++ 67 files changed, 316 insertions(+), 129 deletions(-)

7 years, 3 months

4
57
0 0

Re: [PATCH v2 0/2] x86/xen: avoid 32-bit writes to PTEs in PV PAE guests

by Boris Ostrovsky

On 08/21/2018 11:37 AM, Juergen Gross wrote: > While the hypervisor emulates plain writes to PTEs happily, this is > much slower than issuing a hypercall for PTE modifcations. And writing > a PTE via two 32-bit write instructions (especially when clearing the > PTE) will result in an intermediate L1TF vulnerable PTE. > > Writes to PAE PTEs should always be done with 64-bit writes or via > hypercalls. > > Juergen Gross (2): > x86/xen: don't write ptes directly in 32-bit PV guests > x86/pae: use 64 bit atomic xchg function in native_ptep_get_and_clear > > arch/x86/include/asm/pgtable-3level.h | 7 +++---- > arch/x86/xen/mmu_pv.c | 7 +++---- > 2 files changed, 6 insertions(+), 8 deletions(-) > Applied to for-linus-19b. (+stable.) -boris

7 years, 3 months

1
0
0 0

request for 4.14-stable: 98112041bcca ("usb: dwc3: core: Fix ULPI PHYs and prevent phy_get/ulpi_init during suspend/resume")

by Sudip Mukherjee

Hi Greg, This was missing in 4.14-stable. Please apply to your queue. -- Regards Sudip

7 years, 3 months

1
0
0 0

request for 4.14-stable: 01cffe9ded15 ("HID: add quirk for another PIXART OEM mouse used by HP")

by Sudip Mukherjee

Hi Greg, This was missing in 4.14-stable. Please apply to your queue. -- Regards Sudip

7 years, 3 months

1
0
0 0

request for 4.14-stable: 77dd66a3c67c ("mm: Fix devm_memremap_pages() collision handling")

by Sudip Mukherjee

Hi Greg, This was missing in 4.14-stable. Please apply to your queue. -- Regards Sudip

7 years, 3 months

1
0
0 0

[PATCH] ext4: avoid buffer overrun when deleting inline directories

by Theodore Ts'o

A specially crafted file system can trick empty_inline_dir() into reading beyond the bounds of inline directory. Fix this by using the size of the inline directory instead of dir->i_size. Also clean up error reporting in __ext4_check_dir_entry so that the message is clearer and more understandable --- and avoids a potential division by zero trap if the size passed in is zero. (I'm not sure why we coded it that way in the first place; printing offset % size is actually more confusing and less useful.) https://bugzilla.kernel.org/show_bug.cgi?id=200933 Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Reported-by: Wen Xu <wen.xu(a)gatech.edu> Cc: stable(a)vger.kernel.org --- fs/ext4/dir.c | 20 +++++++++----------- fs/ext4/inline.c | 4 +++- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/fs/ext4/dir.c b/fs/ext4/dir.c index e2902d394f1b..f93f9881ec18 100644 --- a/fs/ext4/dir.c +++ b/fs/ext4/dir.c @@ -76,7 +76,7 @@ int __ext4_check_dir_entry(const char *function, unsigned int line, else if (unlikely(rlen < EXT4_DIR_REC_LEN(de->name_len))) error_msg = "rec_len is too small for name_len"; else if (unlikely(((char *) de - buf) + rlen > size)) - error_msg = "directory entry across range"; + error_msg = "directory entry overrun"; else if (unlikely(le32_to_cpu(de->inode) > le32_to_cpu(EXT4_SB(dir->i_sb)->s_es->s_inodes_count))) error_msg = "inode out of bounds"; @@ -85,18 +85,16 @@ int __ext4_check_dir_entry(const char *function, unsigned int line, if (filp) ext4_error_file(filp, function, line, bh->b_blocknr, - "bad entry in directory: %s - offset=%u(%u), " - "inode=%u, rec_len=%d, name_len=%d", - error_msg, (unsigned) (offset % size), - offset, le32_to_cpu(de->inode), - rlen, de->name_len); + "bad entry in directory: %s - offset=%u, " + "inode=%u, rec_len=%d, name_len=%d, size=%d", + error_msg, offset, le32_to_cpu(de->inode), + rlen, de->name_len, size); else ext4_error_inode(dir, function, line, bh->b_blocknr, - "bad entry in directory: %s - offset=%u(%u), " - "inode=%u, rec_len=%d, name_len=%d", - error_msg, (unsigned) (offset % size), - offset, le32_to_cpu(de->inode), - rlen, de->name_len); + "bad entry in directory: %s - offset=%u, " + "inode=%u, rec_len=%d, name_len=%d, size=%d", + error_msg, offset, le32_to_cpu(de->inode), + rlen, de->name_len, size); return 1; } diff --git a/fs/ext4/inline.c b/fs/ext4/inline.c index 3543fe80a3c4..7b4736022761 100644 --- a/fs/ext4/inline.c +++ b/fs/ext4/inline.c @@ -1753,6 +1753,7 @@ bool empty_inline_dir(struct inode *dir, int *has_inline_data) { int err, inline_size; struct ext4_iloc iloc; + size_t inline_len; void *inline_pos; unsigned int offset; struct ext4_dir_entry_2 *de; @@ -1780,8 +1781,9 @@ bool empty_inline_dir(struct inode *dir, int *has_inline_data) goto out; } + inline_len = ext4_get_inline_size(dir); offset = EXT4_INLINE_DOTDOT_SIZE; - while (offset < dir->i_size) { + while (offset < inline_len) { de = ext4_get_inline_entry(dir, &iloc, offset, &inline_pos, &inline_size); if (ext4_check_dir_entry(dir, NULL, de, -- 2.18.0.rc0

7 years, 3 months

1
0
0 0

Managed Service Providers (MSPs)

by page.brooks＠sharedstrikes.com

Hi, I just wanted to check if you would be interested in a list of Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs)? We also have the data intelligence of: • Managed Service Providers (MSP’s) • Managed Security Service Providers (MSSP’s • IT Decision Makers – 6million across all industry • Business Decision Makers – 10 million across all industry • Value Added Resellers- VARs • Independent Software Vendors- ISVs • System Integrators- SIs • VoIP Service Providers. • Telecommunications Service Providers (TSPs) • Application Service Providers (ASPs) • IT Managed Services Providers (ITMSP) • Storage Service Providers (SSPs) Kindly review and let me know if I can share more information on this. I look forward to hearing from you. Regards, Page Brooks Marketing Specialist If you don't want to include yourself in our mailing list, please reply back “Leave Out" in a subject line

7 years, 3 months

1
0
0 0

[PATCH 2/2] x86/kvm: use __decrypted attribute when declaring shared variables

by Brijesh Singh

The following commit: 368a540e0232 (x86/kvmclock: Remove memblock dependency) caused SEV guest regression. When SEV is active, we map the shared variables (wall_clock and hv_clock_boot) with C=0 to ensure that both the guest and the hypervisor is able to access the data. To map the variables we use kernel_physical_mapping_init() to split the large pages, but this routine fails to allocate a new page. Before the above commit, kvmclock initialization was called after memory allocator was available but now its called very early in the boot process. Recently we added a special .data..decrypted section to hold the shared variables. This section is mapped with C=0 very early. Use __decrypted attribute to put the wall_clock and hv_clock_boot in .data..decrypted section so that they are mapped with C=0. Signed-off-by: Brijesh Singh <brijesh.singh(a)amd.com> Fixes: 368a540e0232 ("x86/kvmclock: Remove memblock dependency") Cc: stable(a)vger.kernel.org Cc: Tom Lendacky <thomas.lendacky(a)amd.com> Cc: kvm(a)vger.kernel.org Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Borislav Petkov <bp(a)suse.de> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: linux-kernel(a)vger.kernel.org Cc: Paolo Bonzini <pbonzini(a)redhat.com> Cc: Sean Christopherson <sean.j.christopherson(a)intel.com> Cc: "Radim Krčmář" <rkrcmar(a)redhat.com> --- arch/x86/kernel/kvmclock.c | 26 +++++++++++++++++++++----- 1 file changed, 21 insertions(+), 5 deletions(-) diff --git a/arch/x86/kernel/kvmclock.c b/arch/x86/kernel/kvmclock.c index 1e67646..ae9188a 100644 --- a/arch/x86/kernel/kvmclock.c +++ b/arch/x86/kernel/kvmclock.c @@ -28,6 +28,7 @@ #include <linux/sched/clock.h> #include <linux/mm.h> #include <linux/slab.h> +#include <linux/set_memory.h> #include <asm/hypervisor.h> #include <asm/mem_encrypt.h> @@ -61,8 +62,8 @@ early_param("no-kvmclock-vsyscall", parse_no_kvmclock_vsyscall); (PAGE_SIZE / sizeof(struct pvclock_vsyscall_time_info)) static struct pvclock_vsyscall_time_info - hv_clock_boot[HVC_BOOT_ARRAY_SIZE] __aligned(PAGE_SIZE); -static struct pvclock_wall_clock wall_clock; + hv_clock_boot[HVC_BOOT_ARRAY_SIZE] __decrypted __aligned(PAGE_SIZE); +static struct pvclock_wall_clock wall_clock __decrypted; static DEFINE_PER_CPU(struct pvclock_vsyscall_time_info *, hv_clock_per_cpu); static inline struct pvclock_vcpu_time_info *this_cpu_pvti(void) @@ -267,10 +268,25 @@ static int kvmclock_setup_percpu(unsigned int cpu) return 0; /* Use the static page for the first CPUs, allocate otherwise */ - if (cpu < HVC_BOOT_ARRAY_SIZE) + if (cpu < HVC_BOOT_ARRAY_SIZE) { p = &hv_clock_boot[cpu]; - else - p = kzalloc(sizeof(*p), GFP_KERNEL); + } else { + int rc; + unsigned int sz = sizeof(*p); + + if (sev_active()) + sz = PAGE_ALIGN(sz); + + p = kzalloc(sz, GFP_KERNEL); + + /* When SEV is active the hv_clock need to be mapped as decrypted. */ + if (p && sev_active()) { + rc = set_memory_decrypted((unsigned long)p, sz >> PAGE_SHIFT); + if (rc) + return rc; + memset(p, 0, sz); + } + } per_cpu(hv_clock_per_cpu, cpu) = p; return p ? 0 : -ENOMEM; -- 2.7.4

7 years, 3 months

1
0
0 0

[PATCH v2 9/9] power: supply: twl4030-charger: fix OF sibling-node lookup

by Johan Hovold

Use the new of_get_compatible_child() helper to lookup the usb sibling node instead of using of_find_compatible_node(), which searches the entire tree from a given start node and thus can return an unrelated (non-sibling) node. This also addresses a potential use-after-free (e.g. after probe deferral) as the tree-wide helper drops a reference to its first argument (i.e. the parent device node). While at it, also fix the related phy-node reference leak. Fixes: f5e4edb8c888 ("power: twl4030_charger: find associated phy by more reliable means.") Cc: stable <stable(a)vger.kernel.org> # 4.2 Cc: NeilBrown <neilb(a)suse.de> Cc: Felipe Balbi <felipe.balbi(a)linux.intel.com> Cc: Sebastian Reichel <sre(a)kernel.org> Reviewed-by: Sebastian Reichel <sre(a)kernel.org> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/power/supply/twl4030_charger.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/power/supply/twl4030_charger.c b/drivers/power/supply/twl4030_charger.c index bbcaee56db9d..b6a7d9f74cf3 100644 --- a/drivers/power/supply/twl4030_charger.c +++ b/drivers/power/supply/twl4030_charger.c @@ -996,12 +996,13 @@ static int twl4030_bci_probe(struct platform_device *pdev) if (bci->dev->of_node) { struct device_node *phynode; - phynode = of_find_compatible_node(bci->dev->of_node->parent, - NULL, "ti,twl4030-usb"); + phynode = of_get_compatible_child(bci->dev->of_node->parent, + "ti,twl4030-usb"); if (phynode) { bci->usb_nb.notifier_call = twl4030_bci_usb_ncb; bci->transceiver = devm_usb_get_phy_by_node( bci->dev, phynode, &bci->usb_nb); + of_node_put(phynode); if (IS_ERR(bci->transceiver)) { ret = PTR_ERR(bci->transceiver); if (ret == -EPROBE_DEFER) -- 2.18.0

7 years, 3 months

1
0
0 0

[PATCH v2 8/9] NFC: nfcmrvl_uart: fix OF child-node lookup

by Johan Hovold

Use the new of_get_compatible_child() helper to lookup the nfc child node instead of using of_find_compatible_node(), which searches the entire tree from a given start node and thus can return an unrelated (i.e. non-child) node. This also addresses a potential use-after-free (e.g. after probe deferral) as the tree-wide helper drops a reference to its first argument (i.e. the parent node). Fixes: e097dc624f78 ("NFC: nfcmrvl: add UART driver") Fixes: d8e018c0b321 ("NFC: nfcmrvl: update device tree bindings for Marvell NFC") Cc: stable <stable(a)vger.kernel.org> # 4.2 Cc: Vincent Cuissard <cuissard(a)marvell.com> Cc: Samuel Ortiz <sameo(a)linux.intel.com> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/nfc/nfcmrvl/uart.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/drivers/nfc/nfcmrvl/uart.c b/drivers/nfc/nfcmrvl/uart.c index 91162f8e0366..9a22056e8d9e 100644 --- a/drivers/nfc/nfcmrvl/uart.c +++ b/drivers/nfc/nfcmrvl/uart.c @@ -73,10 +73,9 @@ static int nfcmrvl_uart_parse_dt(struct device_node *node, struct device_node *matched_node; int ret; - matched_node = of_find_compatible_node(node, NULL, "marvell,nfc-uart"); + matched_node = of_get_compatible_child(node, "marvell,nfc-uart"); if (!matched_node) { - matched_node = of_find_compatible_node(node, NULL, - "mrvl,nfc-uart"); + matched_node = of_get_compatible_child(node, "mrvl,nfc-uart"); if (!matched_node) return -ENODEV; } -- 2.18.0

7 years, 3 months

1
0
0 0

[PATCH v2 3/9] drm/msm: fix OF child-node lookup

by Johan Hovold

Use the new of_get_compatible_child() helper to lookup the legacy pwrlevels child node instead of using of_find_compatible_node(), which searches the entire tree from a given start node and thus can return an unrelated (i.e. non-child) node. This also addresses a potential use-after-free (e.g. after probe deferral) as the tree-wide helper drops a reference to its first argument (i.e. the probed device's node). While at it, also fix the related child-node reference leak. Fixes: e2af8b6b0ca1 ("drm/msm: gpu: Use OPP tables if we can") Cc: stable <stable(a)vger.kernel.org> # 4.12 Cc: Jordan Crouse <jcrouse(a)codeaurora.org> Cc: Rob Clark <robdclark(a)gmail.com> Cc: David Airlie <airlied(a)linux.ie> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/gpu/drm/msm/adreno/adreno_gpu.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/msm/adreno/adreno_gpu.c b/drivers/gpu/drm/msm/adreno/adreno_gpu.c index da1363a0c54d..93d70f4a2154 100644 --- a/drivers/gpu/drm/msm/adreno/adreno_gpu.c +++ b/drivers/gpu/drm/msm/adreno/adreno_gpu.c @@ -633,8 +633,7 @@ static int adreno_get_legacy_pwrlevels(struct device *dev) struct device_node *child, *node; int ret; - node = of_find_compatible_node(dev->of_node, NULL, - "qcom,gpu-pwrlevels"); + node = of_get_compatible_child(dev->of_node, "qcom,gpu-pwrlevels"); if (!node) { dev_err(dev, "Could not find the GPU powerlevels\n"); return -ENXIO; @@ -655,6 +654,8 @@ static int adreno_get_legacy_pwrlevels(struct device *dev) dev_pm_opp_add(dev, val, 0); } + of_node_put(node); + return 0; } -- 2.18.0

7 years, 3 months

1
0
0 0

[PATCH v2 2/9] drm/mediatek: fix OF sibling-node lookup

by Johan Hovold

Use the new of_get_compatible_child() helper to lookup the sibling instead of using of_find_compatible_node(), which searches the entire tree from a given start node and thus can return an unrelated (i.e. non-sibling) node. This also addresses a potential use-after-free (e.g. after probe deferral) as the tree-wide helper drops a reference to its first argument (i.e. the parent device node). While at it, also fix the related cec-node reference leak. Fixes: 8f83f26891e1 ("drm/mediatek: Add HDMI support") Cc: stable <stable(a)vger.kernel.org> # 4.8 Cc: Junzhi Zhao <junzhi.zhao(a)mediatek.com> Cc: Philipp Zabel <p.zabel(a)pengutronix.de> Cc: CK Hu <ck.hu(a)mediatek.com> Cc: David Airlie <airlied(a)linux.ie> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/gpu/drm/mediatek/mtk_hdmi.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/mediatek/mtk_hdmi.c b/drivers/gpu/drm/mediatek/mtk_hdmi.c index 2d45d1dd9554..643f5edd68fe 100644 --- a/drivers/gpu/drm/mediatek/mtk_hdmi.c +++ b/drivers/gpu/drm/mediatek/mtk_hdmi.c @@ -1446,8 +1446,7 @@ static int mtk_hdmi_dt_parse_pdata(struct mtk_hdmi *hdmi, } /* The CEC module handles HDMI hotplug detection */ - cec_np = of_find_compatible_node(np->parent, NULL, - "mediatek,mt8173-cec"); + cec_np = of_get_compatible_child(np->parent, "mediatek,mt8173-cec"); if (!cec_np) { dev_err(dev, "Failed to find CEC node\n"); return -EINVAL; @@ -1457,8 +1456,10 @@ static int mtk_hdmi_dt_parse_pdata(struct mtk_hdmi *hdmi, if (!cec_pdev) { dev_err(hdmi->dev, "Waiting for CEC device %pOF\n", cec_np); + of_node_put(cec_np); return -EPROBE_DEFER; } + of_node_put(cec_np); hdmi->cec_dev = &cec_pdev->dev; /* -- 2.18.0

7 years, 3 months

1
0
0 0

[PATCH v3] EDAC, amd64: Add Family 17h Model 10h support.

by Michael Jin

Add new device IDs for family 17h models 10h-2fh. This is required by amd64_edac_mod in order to properly detect PCI device functions 0 and 6. Link: https://lkml.kernel.org/r/20180815114107.29797-1-mikhail.jin@gmail.com Cc: <stable(a)vger.kernel.org> # 4.10.x Signed-off-by: Michael Jin <mikhail.jin(a)gmail.com> --- drivers/edac/amd64_edac.c | 14 ++++++++++++++ drivers/edac/amd64_edac.h | 3 +++ 2 files changed, 17 insertions(+) diff --git a/drivers/edac/amd64_edac.c b/drivers/edac/amd64_edac.c index 18aeabb1d5ee..e2addb2bca29 100644 --- a/drivers/edac/amd64_edac.c +++ b/drivers/edac/amd64_edac.c @@ -2200,6 +2200,15 @@ static struct amd64_family_type family_types[] = { .dbam_to_cs = f17_base_addr_to_cs_size, } }, + [F17_M10H_CPUS] = { + .ctl_name = "F17h_M10h", + .f0_id = PCI_DEVICE_ID_AMD_17H_M10H_DF_F0, + .f6_id = PCI_DEVICE_ID_AMD_17H_M10H_DF_F6, + .ops = { + .early_channel_count = f17_early_channel_count, + .dbam_to_cs = f17_base_addr_to_cs_size, + } + }, }; /* @@ -3188,6 +3197,11 @@ static struct amd64_family_type *per_family_init(struct amd64_pvt *pvt) break; case 0x17: + if (pvt->model >= 0x10 && pvt->model <= 0x2f) { + fam_type = &family_types[F17_M10H_CPUS]; + pvt->ops = &family_types[F17_M10H_CPUS].ops; + break; + } fam_type = &family_types[F17_CPUS]; pvt->ops = &family_types[F17_CPUS].ops; break; diff --git a/drivers/edac/amd64_edac.h b/drivers/edac/amd64_edac.h index 1d4b74e9a037..4242f8e39c18 100644 --- a/drivers/edac/amd64_edac.h +++ b/drivers/edac/amd64_edac.h @@ -115,6 +115,8 @@ #define PCI_DEVICE_ID_AMD_16H_M30H_NB_F2 0x1582 #define PCI_DEVICE_ID_AMD_17H_DF_F0 0x1460 #define PCI_DEVICE_ID_AMD_17H_DF_F6 0x1466 +#define PCI_DEVICE_ID_AMD_17H_M10H_DF_F0 0x15e8 +#define PCI_DEVICE_ID_AMD_17H_M10H_DF_F6 0x15ee /* * Function 1 - Address Map @@ -281,6 +283,7 @@ enum amd_families { F16_CPUS, F16_M30H_CPUS, F17_CPUS, + F17_M10H_CPUS, NUM_FAMILIES, }; -- 2.14.3 (Apple Git-98)

7 years, 3 months

3
4
0 0

Backport e666d4e9ceec crypto: vmx - Use skcipher for ctr fallback

by Petr Vorel

Hi, I wonder, it it makes sense to backport commit e666d4e9ceec crypto: vmx - Use skcipher for ctr fallback to v 4.14 stable kernel. I'm using it in 4.12+. These commits (somehow similar) has been backported to 4.10.2: 5839f555fa57 crypto: vmx - Use skcipher for xts fallback c96d0a1c47ab crypto: vmx - Use skcipher for cbc fallback Kind regards, Petr

7 years, 3 months

3
4
0 0

[PATCH 1/3] drm/i915: Handle incomplete Z_FINISH for compressed error states

by Chris Wilson

The final call to zlib_deflate(Z_FINISH) may require more output space to be allocated and so needs to re-invoked. Failure to do so in the current code leads to incomplete zlib streams (albeit intact due to the use of Z_SYNC_FLUSH) resulting in the occasional short object capture. Testcase: igt/i915-error-capture.js Fixes: 0a97015d45ee ("drm/i915: Compress GPU objects in error state") Signed-off-by: Chris Wilson <chris(a)chris-wilson.co.uk> Cc: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> # v4.10+ --- drivers/gpu/drm/i915/i915_gpu_error.c | 60 +++++++++++++++++++++------ 1 file changed, 47 insertions(+), 13 deletions(-) diff --git a/drivers/gpu/drm/i915/i915_gpu_error.c b/drivers/gpu/drm/i915/i915_gpu_error.c index f7f2aa71d8d9..2eb26ea38d7c 100644 --- a/drivers/gpu/drm/i915/i915_gpu_error.c +++ b/drivers/gpu/drm/i915/i915_gpu_error.c @@ -237,6 +237,7 @@ static int compress_page(struct compress *c, struct drm_i915_error_object *dst) { struct z_stream_s *zstream = &c->zstream; + int flush = Z_NO_FLUSH; zstream->next_in = src; if (c->tmp && i915_memcpy_from_wc(c->tmp, src, PAGE_SIZE)) @@ -257,8 +258,11 @@ static int compress_page(struct compress *c, zstream->avail_out = PAGE_SIZE; } - if (zlib_deflate(zstream, Z_SYNC_FLUSH) != Z_OK) + if (zlib_deflate(zstream, flush) != Z_OK) return -EIO; + + if (zstream->avail_out) + flush = Z_SYNC_FLUSH; } while (zstream->avail_in); /* Fallback to uncompressed if we increase size? */ @@ -268,19 +272,43 @@ static int compress_page(struct compress *c, return 0; } -static void compress_fini(struct compress *c, +static int compress_flush(struct compress *c, struct drm_i915_error_object *dst) { struct z_stream_s *zstream = &c->zstream; + unsigned long page; - if (dst) { - zlib_deflate(zstream, Z_FINISH); - dst->unused = zstream->avail_out; - } + do { + switch (zlib_deflate(zstream, Z_FINISH)) { + case Z_OK: /* more space requested */ + page = __get_free_page(GFP_ATOMIC | __GFP_NOWARN); + if (!page) + return -ENOMEM; + + dst->pages[dst->page_count++] = (void *)page; + zstream->next_out = (void *)page; + zstream->avail_out = PAGE_SIZE; + break; + case Z_STREAM_END: + goto end; + default: /* any error */ + return -EIO; + } + } while (1); + +end: + memset(zstream->next_out, 0, zstream->avail_out); + dst->unused = zstream->avail_out; + return 0; +} + +static void compress_fini(struct compress *c, + struct drm_i915_error_object *dst) +{ + struct z_stream_s *zstream = &c->zstream; zlib_deflateEnd(zstream); kfree(zstream->workspace); - if (c->tmp) free_page((unsigned long)c->tmp); } @@ -319,6 +347,12 @@ static int compress_page(struct compress *c, return 0; } +static int compress_flush(struct compress *c, + struct drm_i915_error_object *dst) +{ + return 0; +} + static void compress_fini(struct compress *c, struct drm_i915_error_object *dst) { @@ -951,15 +985,15 @@ i915_error_object_create(struct drm_i915_private *i915, if (ret) goto unwind; } - goto out; + if (compress_flush(&compress, dst)) { unwind: - while (dst->page_count--) - free_page((unsigned long)dst->pages[dst->page_count]); - kfree(dst); - dst = NULL; + while (dst->page_count--) + free_page((unsigned long)dst->pages[dst->page_count]); + kfree(dst); + dst = NULL; + } -out: compress_fini(&compress, dst); ggtt->vm.clear_range(&ggtt->vm, slot, PAGE_SIZE); return dst; -- 2.18.0

7 years, 3 months

1
0
0 0

request for 4.14-stable: cd8ddbf7a5e2 ("lightnvm: pblk: free padded entries in write buffer")

by Sudip Mukherjee

Hi Greg, This was not marked for stable but seems it should be. Please apply to your queue. -- Regards Sudip

7 years, 3 months

1
0
0 0

request for 4.14-stable: 295d6d5e3736 ("sched/deadline: Fix switching to -deadline")

by Sudip Mukherjee

Hi Greg, This was not marked for stable but seems it should be. Please apply to your queue. -- Regards Sudip

7 years, 3 months

1
0
0 0

Re: Patch "usb: gadget: u_audio: protect stream runtime fields with stream spinlock" has been added to the 4.14-stable tree

by Vladimir Zapolskiy

Hi Greg, On 08/26/2018 10:14 AM, gregkh(a)linuxfoundation.org wrote: > > This is a note to let you know that I've just added the patch titled > > usb: gadget: u_audio: protect stream runtime fields with stream spinlock > > to the 4.14-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > usb-gadget-u_audio-protect-stream-runtime-fields-with-stream-spinlock.patch > and it can be found in the queue-4.14 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > > From foo@baz Sun Aug 26 09:13:00 CEST 2018 > From: Vladimir Zapolskiy <vladimir_zapolskiy(a)mentor.com> > Date: Thu, 21 Jun 2018 17:22:52 +0200 > Subject: usb: gadget: u_audio: protect stream runtime fields with stream spinlock > > From: Vladimir Zapolskiy <vladimir_zapolskiy(a)mentor.com> > > [ Upstream commit 56bc61587daadef67712068f251c4ef2e3932d94 ] > > The change protects almost the whole body of u_audio_iso_complete() > function by PCM stream lock, this is mainly sufficient to avoid a race > between USB request completion and stream termination, the change > prevents a possibility of invalid memory access in interrupt context > by memcpy(): > > Unable to handle kernel paging request at virtual address 00004e80 > pgd = c0004000 > [00004e80] *pgd=00000000 > Internal error: Oops: 817 [#1] PREEMPT SMP ARM > CPU: 0 PID: 3 Comm: ksoftirqd/0 Tainted: G C 3.14.54+ #117 > task: da180b80 ti: da192000 task.ti: da192000 > PC is at memcpy+0x50/0x330 > LR is at 0xcdd92b0e > pc : [<c029ef30>] lr : [<cdd92b0e>] psr: 20000193 > sp : da193ce4 ip : dd86ae26 fp : 0000b180 > r10: daf81680 r9 : 00000000 r8 : d58a01ea > r7 : 2c0b43e4 r6 : acdfb08b r5 : 01a271cf r4 : 87389377 > r3 : 69469782 r2 : 00000020 r1 : daf82fe0 r0 : 00004e80 > Flags: nzCv IRQs off FIQs on Mode SVC_32 ISA ARM Segment kernel > Control: 10c5387d Table: 2b70804a DAC: 00000015 > Process ksoftirqd/0 (pid: 3, stack limit = 0xda192238) > > Also added a check for potential !runtime condition, commonly it is > done by PCM_RUNTIME_CHECK(substream) in the beginning, however this > does not completely prevent from oopses in u_audio_iso_complete(), > because the proper protection scheme must be implemented in PCM > library functions. > > An example of *not fixed* oops due to substream->runtime->* > dereference by snd_pcm_running(substream) from > snd_pcm_period_elapsed(), where substream->runtime is gone while > waiting the substream lock: > > Unable to handle kernel paging request at virtual address 6b6b6b6b > pgd = db7e4000 > [6b6b6b6b] *pgd=00000000 > CPU: 0 PID: 193 Comm: klogd Tainted: G C 3.14.54+ #118 > task: db5ac500 ti: db60c000 task.ti: db60c000 > PC is at snd_pcm_period_elapsed+0x48/0xd8 [snd_pcm] > LR is at snd_pcm_period_elapsed+0x40/0xd8 [snd_pcm] > pc : [<>] lr : [<>] psr: 60000193 > Flags: nZCv IRQs off FIQs on Mode SVC_32 ISA ARM Segment user > Control: 10c5387d Table: 2b7e404a DAC: 00000015 > Process klogd (pid: 193, stack limit = 0xdb60c238) > [<>] (snd_pcm_period_elapsed [snd_pcm]) from [<>] (udc_irq+0x500/0xbbc) > [<>] (udc_irq) from [<>] (ci_irq+0x280/0x304) > [<>] (ci_irq) from [<>] (handle_irq_event_percpu+0xa4/0x40c) > [<>] (handle_irq_event_percpu) from [<>] (handle_irq_event+0x3c/0x5c) > [<>] (handle_irq_event) from [<>] (handle_fasteoi_irq+0xc4/0x110) > [<>] (handle_fasteoi_irq) from [<>] (generic_handle_irq+0x20/0x30) > [<>] (generic_handle_irq) from [<>] (handle_IRQ+0x80/0xc0) > [<>] (handle_IRQ) from [<>] (gic_handle_irq+0x3c/0x60) > [<>] (gic_handle_irq) from [<>] (__irq_svc+0x44/0x78) > > Signed-off-by: Vladimir Zapolskiy <vladimir_zapolskiy(a)mentor.com> > [erosca: W/o this patch, with minimal instrumentation [1], I can > consistently reproduce BUG: KASAN: use-after-free [2]] > > [1] Instrumentation to reproduce issue [2]: > diff --git a/drivers/usb/gadget/function/u_audio.c b/drivers/usb/gadget/function/u_audio.c > index a72295c953bb..bd0b308024fe 100644 > --- a/drivers/usb/gadget/function/u_audio.c > +++ b/drivers/usb/gadget/function/u_audio.c > @@ -16,6 +16,7 @@ > #include <sound/core.h> > #include <sound/pcm.h> > #include <sound/pcm_params.h> > +#include <linux/delay.h> > > #include "u_audio.h" > > @@ -147,6 +148,8 @@ static void u_audio_iso_complete(struct usb_ep *ep, struct usb_request *req) > > spin_unlock_irqrestore(&prm->lock, flags); > > + udelay(500); //delay here to increase probability of parallel activities > + > /* Pack USB load in ALSA ring buffer */ > pending = prm->dma_bytes - hw_ptr; > > [2] After applying [1], below BUG occurs on Rcar-H3-Salvator-X board: > ================================================================== > BUG: KASAN: use-after-free in u_audio_iso_complete+0x24c/0x520 [u_audio] > Read of size 8 at addr ffff8006cafcc248 by task swapper/0/0 > > CPU: 0 PID: 0 Comm: swapper/0 Tainted: G WC 4.14.47+ #160 > Hardware name: Renesas Salvator-X board based on r8a7795 ES2.0+ (DT) > Call trace: > [<ffff2000080925ac>] dump_backtrace+0x0/0x364 > [<ffff200008092924>] show_stack+0x14/0x1c > [<ffff200008f8dbcc>] dump_stack+0x108/0x174 > [<ffff2000083c71b8>] print_address_description+0x7c/0x32c > [<ffff2000083c78e8>] kasan_report+0x324/0x354 > [<ffff2000083c6114>] __asan_load8+0x24/0x94 > [<ffff2000021d1b34>] u_audio_iso_complete+0x24c/0x520 [u_audio] > [<ffff20000152fe50>] usb_gadget_giveback_request+0x480/0x4d0 [udc_core] > [<ffff200001860ab8>] usbhsg_queue_done+0x100/0x130 [renesas_usbhs] > [<ffff20000185f814>] usbhsf_pkt_handler+0x1a4/0x298 [renesas_usbhs] > [<ffff20000185fb38>] usbhsf_irq_ready+0x128/0x178 [renesas_usbhs] > [<ffff200001859cc8>] usbhs_interrupt+0x440/0x490 [renesas_usbhs] > [<ffff2000081a0288>] __handle_irq_event_percpu+0x594/0xa58 > [<ffff2000081a07d0>] handle_irq_event_percpu+0x84/0x12c > [<ffff2000081a0928>] handle_irq_event+0xb0/0x10c > [<ffff2000081a8384>] handle_fasteoi_irq+0x1e0/0x2ec > [<ffff20000819e5f8>] generic_handle_irq+0x2c/0x44 > [<ffff20000819f0d0>] __handle_domain_irq+0x190/0x194 > [<ffff20000808177c>] gic_handle_irq+0x80/0xac > Exception stack(0xffff200009e97c80 to 0xffff200009e97dc0) > 7c80: 0000000000000000 0000000000000000 0000000000000003 ffff200008179298 > 7ca0: ffff20000ae1c180 dfff200000000000 0000000000000000 ffff2000081f9a88 > 7cc0: ffff200009eb5960 ffff200009e97cf0 0000000000001600 ffff0400041b064b > 7ce0: 0000000000000000 0000000000000002 0000000200000001 0000000000000001 > 7d00: ffff20000842197c 0000ffff958c4970 0000000000000000 ffff8006da0d5b80 > 7d20: ffff8006d4678498 0000000000000000 000000126bde0a8b ffff8006d4678480 > 7d40: 0000000000000000 000000126bdbea64 ffff200008fd0000 ffff8006fffff980 > 7d60: 00000000495f0018 ffff200009e97dc0 ffff200008b6c4ec ffff200009e97dc0 > 7d80: ffff200008b6c4f0 0000000020000145 ffff8006da0d5b80 ffff8006d4678498 > 7da0: ffffffffffffffff ffff8006d4678498 ffff200009e97dc0 ffff200008b6c4f0 > [<ffff200008084034>] el1_irq+0xb4/0x12c > [<ffff200008b6c4f0>] cpuidle_enter_state+0x818/0x844 > [<ffff200008b6c59c>] cpuidle_enter+0x18/0x20 > [<ffff20000815f2e4>] call_cpuidle+0x98/0x9c > [<ffff20000815f674>] do_idle+0x214/0x264 > [<ffff20000815facc>] cpu_startup_entry+0x20/0x24 > [<ffff200008fb09d8>] rest_init+0x30c/0x320 > [<ffff2000095f1338>] start_kernel+0x570/0x5b0 > ---<-snip->--- > > Fixes: 132fcb460839 ("usb: gadget: Add Audio Class 2.0 Driver") > Signed-off-by: Eugeniu Rosca <erosca(a)de.adit-jv.com> > > Signed-off-by: Felipe Balbi <felipe.balbi(a)linux.intel.com> > > Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> > Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> > --- > drivers/usb/gadget/function/u_audio.c | 13 ++++++++++++- > 1 file changed, 12 insertions(+), 1 deletion(-) > > --- a/drivers/usb/gadget/function/u_audio.c > +++ b/drivers/usb/gadget/function/u_audio.c > @@ -25,6 +25,7 @@ > #include <sound/core.h> > #include <sound/pcm.h> > #include <sound/pcm_params.h> > +#include <linux/delay.h> > See a comment below... > #include "u_audio.h" > > @@ -88,7 +89,7 @@ static const struct snd_pcm_hardware uac > static void u_audio_iso_complete(struct usb_ep *ep, struct usb_request *req) > { > unsigned pending; > - unsigned long flags; > + unsigned long flags, flags2; > unsigned int hw_ptr; > int status = req->status; > struct uac_req *ur = req->context; > @@ -115,7 +116,14 @@ static void u_audio_iso_complete(struct > if (!substream) > goto exit; > > + snd_pcm_stream_lock_irqsave(substream, flags2); > + > runtime = substream->runtime; > + if (!runtime || !snd_pcm_running(substream)) { > + snd_pcm_stream_unlock_irqrestore(substream, flags2); > + goto exit; > + } > + > spin_lock_irqsave(&prm->lock, flags); > > if (substream->stream == SNDRV_PCM_STREAM_PLAYBACK) { > @@ -146,6 +154,8 @@ static void u_audio_iso_complete(struct > > spin_unlock_irqrestore(&prm->lock, flags); > > + udelay(500); //delay here to increase probability of parallel activities > + ^^^^^ That part of the change came from the commit message, it just describes instrumentation, and adding it to the change itself is wrong. Note that the source commit 56bc61587daad does not have such issue. -- Best wishes, Vladimir

7 years, 3 months

2
1
0 0

request for 4.4-stable: 56656e960b555 ("ovl: rename is_merge to is_lowest")

by SZ Lin (林上智)

Hi Greg, This patch is not marked for 4.4-stable, but it's already in 4.9 and 4.14 stable. This is a trivial rename patch, but the naming would be more logical and makes backports easier. Please consider to apply this patch to 4.4-stable. -- SZ Lin (林上智)

7 years, 3 months

3
3
0 0

[GIT PULL] commits for Linux 4.9

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.9 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit ea101a702611f987c937a5fafe00f714fd9c1fe8: Linux 4.9.122 (2018-08-18 10:47:20 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.9-14082018 for you to fetch changes up to 9e73bb5b6b5317c1a0b3d722e36d306a5f7b5d1e: mm/memory.c: check return value of ioremap_prot (2018-08-18 10:17:02 -0400) - ---------------------------------------------------------------- for-greg-4.9-14082018 - ---------------------------------------------------------------- Aleksander Morgado (1): qmi_wwan: fix interface number for DW5821e production firmware Alexander Sverdlin (1): i2c: davinci: Avoid zero value of CLKH Alexey Kodanev (1): dccp: fix undefined behavior with 'cwnd' shift in ccid2_cwnd_restart() Bernd Edlinger (1): nl80211: Add a missing break in parse_station_flags Calvin Walton (1): tools/power turbostat: Read extended processor family from CPUID Colin Ian King (1): drivers: net: lmc: fix case value for target abort error Cong Wang (1): vsock: split dwork to avoid reinitializations Daniel Borkmann (1): bpf, ppc64: fix unexpected r0=0 exit path inside bpf_xadd Eric Dumazet (1): xfrm_user: prevent leaking 2 bytes of kernel memory Eugeniu Rosca (1): usb: gadget: f_uac2: fix endianness of 'struct cntrl_*_lay3' Eyal Birger (1): vti6: fix PMTU caching and reporting on xmit Florian Westphal (3): xfrm: free skb if nlsk pointer is NULL netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state atl1c: reserve min skb headroom Govindarajulu Varadarajan (1): enic: handle mtu change for vf properly Guenter Roeck (1): media: staging: omap4iss: Include asm/cacheflush.h after generic includes Jia-Ju Bai (2): usb: gadget: r8a66597: Fix two possible sleep-in-atomic-context bugs in init_controller() usb: gadget: r8a66597: Fix a possible sleep-in-atomic-context bugs in r8a66597_queue() Jim Gill (1): scsi: vmw_pvscsi: Return DID_RESET for status SAM_STAT_COMMAND_TERMINATED Johannes Thumshirn (2): scsi: fcoe: drop frames in ELS LOGO error path scsi: fcoe: clear FC_RP_STARTED flags when receiving a LOGO Kees Cook (1): x86/boot: Fix if_changed build flip/flop bug Kiran Kumar Modukuri (3): fscache: Allow cancelled operations to be enqueued cachefiles: Fix refcounting bug in backing-file read monitoring cachefiles: Wait rather than BUG'ing on "Unexpected object collision" Kirill Tkhai (1): memcg: remove memcg_cgroup::id from IDR on mem_cgroup_css_alloc() failure Len Brown (1): tools/power turbostat: fix -S on UP systems Li Wang (1): zswap: re-check zswap_is_full() after do zswap_shrink() Linus Torvalds (1): squashfs metadata 2: electric boogaloo Lucas Stach (2): drm/imx: imx-ldb: disable LDB on driver bind drm/imx: imx-ldb: check if channel is enabled before printing warning Masami Hiramatsu (1): selftests/ftrace: Add snapshot and tracing_on test case Nicholas Mc Guire (2): drm: re-enable error handling can: mpc5xxx_can: check of_iomap return before use Peter Senna Tschudin (1): tools: usb: ffs-test: Fix build on big endian systems Phillip Lougher (1): Squashfs: Compute expected length from inode size rather than block length RafaÅ‚ MiÅ‚ecki (1): Revert "MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum" Randy Dunlap (5): usb/phy: fix PPC64 build errors in phy-fsl-usb.c net: prevent ISA drivers from building on PPC32 arc: [plat-eznps] fix data type errors in platform headers arc: fix build errors in arc/include/asm/delay.h arc: fix type warnings in arc/mm/cache.c Sean Paul (1): drm/bridge: adv7511: Reset registers on hotplug Shubhrajyoti Datta (1): net: axienet: Fix double deregister of mdio Sudarsana Reddy Kalluru (3): qed: Fix possible race for the link state value. qed: Correct Multicast API to reflect existence of 256 approximate buckets. bnx2x: Fix invalid memory access in rss hash config path. Thomas Gleixner (1): perf/x86/amd/ibs: Don't access non-started event Tommi Rantala (1): xfrm: fix missing dst_release() after policy blocking lbcast and multicast Varun Prakash (1): scsi: libiscsi: fix possible NULL pointer dereference in case of TMF Willem de Bruijn (1): packet: refine ring v3 block size test to hold one frame Xin Long (1): ip6_tunnel: use the right value for ipv4 min mtu check in ip6_tnl_xmit YueHaibing (1): net: caif: Add a missing rcu_read_unlock() in caif_flow_cb jie@chenjie6@huwei.com (1): mm/memory.c: check return value of ioremap_prot mpubbise(a)codeaurora.org (1): mac80211: add stations tied to AP_VLANs during hw reconfig arch/arc/include/asm/delay.h | 3 + arch/arc/mm/cache.c | 7 +- arch/arc/plat-eznps/include/plat/ctop.h | 1 + arch/mips/bcm47xx/setup.c | 6 -- arch/mips/include/asm/mipsregs.h | 3 - arch/powerpc/net/bpf_jit_comp64.c | 29 ++------ arch/x86/boot/compressed/Makefile | 8 ++- arch/x86/events/amd/ibs.c | 6 +- drivers/gpu/drm/bridge/adv7511/adv7511_drv.c | 12 ++++ drivers/gpu/drm/drm_context.c | 2 +- drivers/gpu/drm/imx/imx-ldb.c | 9 ++- drivers/i2c/busses/i2c-davinci.c | 8 ++- drivers/net/can/mscan/mpc5xxx_can.c | 5 ++ drivers/net/ethernet/3com/Kconfig | 2 +- drivers/net/ethernet/amd/Kconfig | 4 +- drivers/net/ethernet/atheros/atl1c/atl1c_main.c | 1 + .../net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c | 13 +++- drivers/net/ethernet/cirrus/Kconfig | 1 + drivers/net/ethernet/cisco/enic/enic_main.c | 78 ++++++++-------------- drivers/net/ethernet/qlogic/qed/qed_l2.c | 15 ++--- drivers/net/ethernet/qlogic/qed/qed_l2.h | 2 +- drivers/net/ethernet/qlogic/qed/qed_mcp.c | 1 + drivers/net/ethernet/qlogic/qed/qed_sriov.c | 2 +- drivers/net/ethernet/qlogic/qed/qed_vf.c | 4 +- drivers/net/ethernet/qlogic/qed/qed_vf.h | 7 +- drivers/net/ethernet/xilinx/xilinx_axienet_mdio.c | 1 + drivers/net/usb/qmi_wwan.c | 2 +- drivers/net/wan/lmc/lmc_main.c | 2 +- drivers/scsi/fcoe/fcoe_ctlr.c | 4 +- drivers/scsi/libfc/fc_rport.c | 1 + drivers/scsi/libiscsi.c | 12 ++-- drivers/scsi/vmw_pvscsi.c | 11 ++- drivers/staging/media/omap4iss/iss_video.c | 3 +- drivers/usb/gadget/function/f_uac2.c | 20 +++--- drivers/usb/gadget/udc/r8a66597-udc.c | 6 +- drivers/usb/phy/phy-fsl-usb.c | 4 +- fs/cachefiles/namei.c | 1 - fs/cachefiles/rdwr.c | 17 +++-- fs/fscache/operation.c | 6 +- fs/squashfs/file.c | 50 ++++++++------ fs/squashfs/file_cache.c | 4 +- fs/squashfs/file_direct.c | 24 +++---- fs/squashfs/squashfs.h | 3 +- include/net/af_vsock.h | 4 +- mm/memcontrol.c | 15 +++-- mm/memory.c | 3 + mm/zswap.c | 9 +++ net/caif/caif_dev.c | 4 +- net/dccp/ccids/ccid2.c | 6 +- net/ipv6/ip6_tunnel.c | 8 +-- net/ipv6/ip6_vti.c | 11 +-- net/mac80211/util.c | 3 +- net/netfilter/nf_conntrack_proto_dccp.c | 8 +-- net/packet/af_packet.c | 10 +-- net/vmw_vsock/af_vsock.c | 15 +++-- net/vmw_vsock/vmci_transport.c | 3 +- net/wireless/nl80211.c | 1 + net/xfrm/xfrm_policy.c | 3 + net/xfrm/xfrm_user.c | 18 +++-- tools/power/x86/turbostat/turbostat.c | 8 +-- .../selftests/ftrace/test.d/00basic/snapshot.tc | 28 ++++++++ tools/usb/ffs-test.c | 19 +++++- 62 files changed, 336 insertions(+), 240 deletions(-) create mode 100644 tools/testing/selftests/ftrace/test.d/00basic/snapshot.tc -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAluBcVkACgkQ3qZv95d3 LNw9LhAAhYO1gSH1TU/L3yOt3RFvsIGSWqlDjl746dUkHgxwF0pZeFufDCN4hI8C Oi8iFRum4yScnvrm9Gj6ZMR4fvHjT3i0uixvFB8tyE6MGIOYoHyFd7FDHFLsFK4D UrA43Ow+cIjp+BuWJ/6fp0c9WwdcxDQUjqZS81Tc+FgQMiGLb0JpGLVuI+ftShdz PAdJqp4yg9oNb8xByyC5QDHm6CGC26BR+MJXsY8cmJIBcGihBy4UMZXYb8dasp9w 3qL4zLLBlHWRvH+JJJE0t2i9KrRf1TgfRuuu8f9B5Ey9YyilokpBZ7c9jFRfzLn9 TS+WW6xQqwmgLVp3/F+/r9xw2rCdZStlEPjcuiIU6nrSXf3yg41q50CQd3+gkCEy 1Rb9fWVWkRX/hyUCzCp1TBK++zPjC5DmxAxobvHKWElvdsP57CEV+0hPqyb6F/ve FPiH4u0BfdkToEDvL6mIi12CGcQV5eqW0bJv6OLbetvsGR/ATBzZfIXkm6TpWYri ayOJzIsRVmt3neACIY3iZR8lSoW7Lj4kO1q+iXzUoD5NDJYh3HVDG13cmMu7NzSC 8SLAWGA1N8i8YDTTXePQPd9Y43qRaF9D3mxlN45cDrfIYdt0cFrQ8/tjXukuaGKq Pc+jr4qfByVetWSHc7s+mPEzfHzRhO4lbCa+tZWL2sF7tTYYksw= =eZ0Z -----END PGP SIGNATURE-----

7 years, 3 months

2
1
0 0

[GIT PULL] commits for Linux 4.14

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.14 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 4cea13b66144903ae7310331b43e08f7b2d6aadb: Linux 4.14.65 (2018-08-18 10:48:00 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.14-14082018 for you to fetch changes up to a1145b9daa1f738d7aa941ebc14426db8ea4da5c: mm/memory.c: check return value of ioremap_prot (2018-08-18 10:16:43 -0400) - ---------------------------------------------------------------- for-greg-4.14-14082018 - ---------------------------------------------------------------- Aleksander Morgado (1): qmi_wwan: fix interface number for DW5821e production firmware Alexander Sverdlin (1): i2c: davinci: Avoid zero value of CLKH Alexey Kodanev (1): dccp: fix undefined behavior with 'cwnd' shift in ccid2_cwnd_restart() Benjamin Tissoires (1): gpiolib-acpi: make sure we trigger edge events at least once on boot Bernd Edlinger (1): nl80211: Add a missing break in parse_station_flags Calvin Walton (1): tools/power turbostat: Read extended processor family from CPUID Colin Ian King (1): drivers: net: lmc: fix case value for target abort error Cong Wang (2): vsock: split dwork to avoid reinitializations llc: use refcount_inc_not_zero() for llc_sap_find() Daniel Borkmann (1): bpf, ppc64: fix unexpected r0=0 exit path inside bpf_xadd Davidlohr Bueso (1): ipc/sem.c: prevent queue.status tearing in semop Eric Dumazet (1): xfrm_user: prevent leaking 2 bytes of kernel memory Eugeniu Rosca (3): usb: gadget: f_uac2: fix error handling in afunc_bind (again) usb: gadget: u_audio: fix pcm/card naming in g_audio_setup() usb: gadget: f_uac2: fix endianness of 'struct cntrl_*_lay3' Eugeniy Paltsev (1): ARC: dma [non-IOC] setup SMP_CACHE_BYTES and cache_line_size Eyal Birger (1): vti6: fix PMTU caching and reporting on xmit Faiz Abbas (1): can: m_can: Move accessing of message ram to after clocks are enabled Florian Westphal (5): xfrm: free skb if nlsk pointer is NULL netfilter: nf_tables: fix memory leaks on chain rename netfilter: nf_tables: don't allow to rename to already-pending name netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state atl1c: reserve min skb headroom Govindarajulu Varadarajan (2): enic: handle mtu change for vf properly enic: do not call enic_change_mtu in enic_probe Guenter Roeck (1): media: staging: omap4iss: Include asm/cacheflush.h after generic includes Hailong Liu (1): sched/rt: Restore rt_runtime after disabling RT_RUNTIME_SHARE Hugh Dickins (1): mm: delete historical BUG from zap_pmd_range() Jason Wang (1): vhost: reset metadata cache when initializing new IOTLB Jia-Ju Bai (2): usb: gadget: r8a66597: Fix two possible sleep-in-atomic-context bugs in init_controller() usb: gadget: r8a66597: Fix a possible sleep-in-atomic-context bugs in r8a66597_queue() Jim Gill (1): scsi: vmw_pvscsi: Return DID_RESET for status SAM_STAT_COMMAND_TERMINATED Johannes Thumshirn (3): scsi: fcoe: fix use-after-free in fcoe_ctlr_els_send scsi: fcoe: drop frames in ELS LOGO error path scsi: fcoe: clear FC_RP_STARTED flags when receiving a LOGO John Hurley (1): nfp: flower: fix port metadata conversion bug Josef Bacik (2): nbd: don't requeue the same request twice. nbd: handle unexpected replies better Joshua Frkuska (1): usb: gadget: u_audio: update hw_ptr in iso_complete after data copied Kees Cook (1): x86/boot: Fix if_changed build flip/flop bug Kiran Kumar Modukuri (3): fscache: Allow cancelled operations to be enqueued cachefiles: Fix refcounting bug in backing-file read monitoring cachefiles: Wait rather than BUG'ing on "Unexpected object collision" Kirill Tkhai (1): memcg: remove memcg_cgroup::id from IDR on mem_cgroup_css_alloc() failure Len Brown (1): tools/power turbostat: fix -S on UP systems Li Wang (1): zswap: re-check zswap_is_full() after do zswap_shrink() Linus Torvalds (1): squashfs metadata 2: electric boogaloo Lucas Stach (2): drm/imx: imx-ldb: disable LDB on driver bind drm/imx: imx-ldb: check if channel is enabled before printing warning Masami Hiramatsu (1): selftests/ftrace: Add snapshot and tracing_on test case Nicholas Mc Guire (2): drm: re-enable error handling can: mpc5xxx_can: check of_iomap return before use Ofer Levi (1): ARC: [plat-eznps] Add missing struct nps_host_reg_aux_dpc Peter Rosin (2): locking/rtmutex: Allow specifying a subclass for nested locking i2c/mux, locking/core: Annotate the nested rt_mutex usage Peter Senna Tschudin (1): tools: usb: ffs-test: Fix build on big endian systems Phillip Lougher (1): Squashfs: Compute expected length from inode size rather than block length RafaÅ‚ MiÅ‚ecki (1): Revert "MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum" Randy Dunlap (6): usb/phy: fix PPC64 build errors in phy-fsl-usb.c net: prevent ISA drivers from building on PPC32 arc: [plat-eznps] fix data type errors in platform headers arc: [plat-eznps] fix printk warning in arc/plat-eznps/mtm.c arc: fix build errors in arc/include/asm/delay.h arc: fix type warnings in arc/mm/cache.c Sean Christopherson (1): KVM: vmx: use local variable for current_vmptr when emulating VMPTRST Sean Paul (1): drm/bridge: adv7511: Reset registers on hotplug Shubhrajyoti Datta (1): net: axienet: Fix double deregister of mdio Steven Rostedt (VMware) (1): sparc/time: Add missing __init to init_tick_ops() Sudarsana Reddy Kalluru (4): qed: Fix link flap issue due to mismatching EEE capabilities. qed: Fix possible race for the link state value. qed: Correct Multicast API to reflect existence of 256 approximate buckets. bnx2x: Fix invalid memory access in rss hash config path. Taehee Yoo (2): netfilter: nft_set_hash: add rcu_barrier() in the nft_rhash_destroy() bpf: use GFP_ATOMIC instead of GFP_KERNEL in bpf_parse_prog() Theodore Ts'o (1): ext4: clear mmp sequence number when remounting read-only Thomas Gleixner (1): perf/x86/amd/ibs: Don't access non-started event Thomas Petazzoni (1): sparc: use asm-generic version of msi.h Tommi Rantala (1): xfrm: fix missing dst_release() after policy blocking lbcast and multicast Ursula Braun (1): net/smc: no shutdown in state SMC_LISTEN Varun Prakash (2): scsi: target: iscsi: cxgbit: fix max iso npdu calculation scsi: libiscsi: fix possible NULL pointer dereference in case of TMF Vladimir Zapolskiy (3): usb: gadget: u_audio: remove caching of stream buffer parameters usb: gadget: u_audio: remove cached period bytes value usb: gadget: u_audio: protect stream runtime fields with stream spinlock Willem de Bruijn (1): packet: refine ring v3 block size test to hold one frame Xin Long (1): ip6_tunnel: use the right value for ipv4 min mtu check in ip6_tnl_xmit YueHaibing (1): net: caif: Add a missing rcu_read_unlock() in caif_flow_cb Zhen Lei (1): esp6: fix memleak on error path in esp6_input dann frazier (1): hinic: Link the logical network device to the pci device in sysfs jie@chenjie6@huwei.com (1): mm/memory.c: check return value of ioremap_prot mpubbise(a)codeaurora.org (1): mac80211: add stations tied to AP_VLANs during hw reconfig arch/arc/Kconfig | 3 + arch/arc/include/asm/cache.h | 4 +- arch/arc/include/asm/delay.h | 3 + arch/arc/mm/cache.c | 7 +- arch/arc/plat-eznps/include/plat/ctop.h | 10 +++ arch/arc/plat-eznps/mtm.c | 6 +- arch/mips/bcm47xx/setup.c | 6 -- arch/mips/include/asm/mipsregs.h | 3 - arch/powerpc/net/bpf_jit_comp64.c | 29 ++----- arch/sparc/include/asm/Kbuild | 1 + arch/sparc/kernel/time_64.c | 2 +- arch/x86/boot/compressed/Makefile | 8 +- arch/x86/events/amd/ibs.c | 6 +- arch/x86/kvm/vmx.c | 15 ++-- drivers/block/nbd.c | 96 ++++++++++++++++++---- drivers/gpio/gpiolib-acpi.c | 56 ++++++++++++- drivers/gpu/drm/bridge/adv7511/adv7511_drv.c | 12 +++ drivers/gpu/drm/drm_context.c | 2 +- drivers/gpu/drm/imx/imx-ldb.c | 9 +- drivers/i2c/busses/i2c-davinci.c | 8 +- drivers/i2c/i2c-core-base.c | 2 +- drivers/i2c/i2c-mux.c | 4 +- drivers/net/can/m_can/m_can.c | 7 +- drivers/net/can/mscan/mpc5xxx_can.c | 5 ++ drivers/net/ethernet/3com/Kconfig | 2 +- drivers/net/ethernet/amd/Kconfig | 4 +- drivers/net/ethernet/atheros/atl1c/atl1c_main.c | 1 + .../net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c | 13 ++- drivers/net/ethernet/cirrus/Kconfig | 1 + drivers/net/ethernet/cisco/enic/enic_main.c | 80 +++++++----------- drivers/net/ethernet/huawei/hinic/hinic_main.c | 1 + drivers/net/ethernet/netronome/nfp/flower/main.c | 4 +- drivers/net/ethernet/qlogic/qed/qed_l2.c | 15 ++-- drivers/net/ethernet/qlogic/qed/qed_l2.h | 2 +- drivers/net/ethernet/qlogic/qed/qed_mcp.c | 13 ++- drivers/net/ethernet/qlogic/qed/qed_sriov.c | 2 +- drivers/net/ethernet/qlogic/qed/qed_vf.c | 4 +- drivers/net/ethernet/qlogic/qed/qed_vf.h | 7 +- drivers/net/ethernet/xilinx/xilinx_axienet_mdio.c | 1 + drivers/net/usb/qmi_wwan.c | 2 +- drivers/net/wan/lmc/lmc_main.c | 2 +- drivers/scsi/fcoe/fcoe_ctlr.c | 6 +- drivers/scsi/libfc/fc_rport.c | 1 + drivers/scsi/libiscsi.c | 12 +-- drivers/scsi/vmw_pvscsi.c | 11 ++- drivers/staging/media/omap4iss/iss_video.c | 3 +- drivers/target/iscsi/cxgbit/cxgbit_target.c | 16 ++-- drivers/usb/gadget/function/f_uac2.c | 24 +++--- drivers/usb/gadget/function/u_audio.c | 88 ++++++++------------ drivers/usb/gadget/udc/r8a66597-udc.c | 6 +- drivers/usb/phy/phy-fsl-usb.c | 4 +- drivers/vhost/vhost.c | 9 +- fs/cachefiles/namei.c | 1 - fs/cachefiles/rdwr.c | 17 ++-- fs/ext4/mmp.c | 7 +- fs/ext4/super.c | 2 + fs/fscache/operation.c | 6 +- fs/squashfs/file.c | 50 ++++++----- fs/squashfs/file_cache.c | 4 +- fs/squashfs/file_direct.c | 24 +++--- fs/squashfs/squashfs.h | 3 +- include/linux/rtmutex.h | 7 ++ include/net/af_vsock.h | 4 +- include/net/llc.h | 5 ++ ipc/sem.c | 2 +- kernel/locking/rtmutex.c | 29 ++++++- kernel/sched/rt.c | 2 + mm/memcontrol.c | 15 +++- mm/memory.c | 9 +- mm/zswap.c | 9 ++ net/caif/caif_dev.c | 4 +- net/core/lwt_bpf.c | 2 +- net/dccp/ccids/ccid2.c | 6 +- net/ipv6/esp6.c | 4 +- net/ipv6/ip6_tunnel.c | 8 +- net/ipv6/ip6_vti.c | 11 +-- net/llc/llc_core.c | 4 +- net/mac80211/util.c | 3 +- net/netfilter/nf_conntrack_proto_dccp.c | 8 +- net/netfilter/nf_tables_api.c | 59 ++++++++----- net/netfilter/nft_set_hash.c | 1 + net/packet/af_packet.c | 10 ++- net/smc/af_smc.c | 3 +- net/vmw_vsock/af_vsock.c | 15 ++-- net/vmw_vsock/vmci_transport.c | 3 +- net/wireless/nl80211.c | 1 + net/xfrm/xfrm_policy.c | 3 + net/xfrm/xfrm_user.c | 18 ++-- tools/power/x86/turbostat/turbostat.c | 8 +- .../selftests/ftrace/test.d/00basic/snapshot.tc | 28 +++++++ tools/usb/ffs-test.c | 19 ++++- 91 files changed, 663 insertions(+), 389 deletions(-) create mode 100644 tools/testing/selftests/ftrace/test.d/00basic/snapshot.tc -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAluBcUoACgkQ3qZv95d3 LNypkQ/+JcfYVO/MhrMr3Ipp3bPWoVw+jUJykP0m2EL6SB2eol2iG6Nvkn91Z4Z+ uYIwxkipZrkDiB6ojwThu6W1LXfvHyUwXPfUEerM6RhJnvWbNEL18hGX0TiPJJ2w vvhJj59hxD0hmRcIOZsUIEe0H/aNMNMrw/Ya3v1bpXdqGbtnmu4uDuqiLhY6UmjR 9gBnL047L4n0UVdq+GgbNSDKybTuRUeMiKO55gjfl2PHTsksIbrXsXY5LMpgZ5H9 YZ+t15l3wLgIBu+qGu05u9vbHMiwgFRZGfXHTRnj413DghZJix8mK8MQWpchV684 VE/aFiXnj2CmANAGPaTaakNyyqa0UT280+OQUPCSWrvzCTMFfrxUzT/h/HkrJqf9 PgJHXSOjb3GwVj7BGMcX+SREjk23pJYSwpsEPpq9OAOIlX9+I7ovM6axVxPR0goU Dhvfjb0VbIqsib8WUvZAylkZGhd+IzIjyGEYsiyjwf4tZiWhn+/8B+WKaHlBbXuC 98Fagd/ywH9BexhbmA4w6Q0EpC8WU4vMwZHQluxQmGp33JdiBket7flAl9trr2K8 slWozy4rzUBoa1K1t+wsMNInCqjEqqF93FQdMN9U0s3IXw0IVzicRARTa70fKoog 42Uw8k9Nt0GBuiE/k9ccuIv+NaE8WT9Vm0bI670isofrwP756ks= =pi0Q -----END PGP SIGNATURE-----

7 years, 3 months

2
1
0 0

request for 4.18-stable: 2fa4a32613c9 ("scsi: libsas: dynamically allocate and free ata host")

by Jason Yan

Hi Greg, This patch fixes a bug of libsas and is not in 4.18-stable yet. Please apply to your queue. Thanks -- Jason

7 years, 3 months

2
1
0 0

[PATCH v2] crypto: vmx - Fix sleep-in-atomic bugs

by Ondrej Mosnacek

This patch fixes sleep-in-atomic bugs in AES-CBC and AES-XTS VMX implementations. The problem is that the blkcipher_* functions should not be called in atomic context. The bugs can be reproduced via the AF_ALG interface by trying to encrypt/decrypt sufficiently large buffers (at least 64 KiB) using the VMX implementations of 'cbc(aes)' or 'xts(aes)'. Such operations then trigger BUG in crypto_yield(): [ 891.863680] BUG: sleeping function called from invalid context at include/crypto/algapi.h:424 [ 891.864622] in_atomic(): 1, irqs_disabled(): 0, pid: 12347, name: kcapi-enc [ 891.864739] 1 lock held by kcapi-enc/12347: [ 891.864811] #0: 00000000f5d42c46 (sk_lock-AF_ALG){+.+.}, at: skcipher_recvmsg+0x50/0x530 [ 891.865076] CPU: 5 PID: 12347 Comm: kcapi-enc Not tainted 4.19.0-0.rc0.git3.1.fc30.ppc64le #1 [ 891.865251] Call Trace: [ 891.865340] [c0000003387578c0] [c000000000d67ea4] dump_stack+0xe8/0x164 (unreliable) [ 891.865511] [c000000338757910] [c000000000172a58] ___might_sleep+0x2f8/0x310 [ 891.865679] [c000000338757990] [c0000000006bff74] blkcipher_walk_done+0x374/0x4a0 [ 891.865825] [c0000003387579e0] [d000000007e73e70] p8_aes_cbc_encrypt+0x1c8/0x260 [vmx_crypto] [ 891.865993] [c000000338757ad0] [c0000000006c0ee0] skcipher_encrypt_blkcipher+0x60/0x80 [ 891.866128] [c000000338757b10] [c0000000006ec504] skcipher_recvmsg+0x424/0x530 [ 891.866283] [c000000338757bd0] [c000000000b00654] sock_recvmsg+0x74/0xa0 [ 891.866403] [c000000338757c10] [c000000000b00f64] ___sys_recvmsg+0xf4/0x2f0 [ 891.866515] [c000000338757d90] [c000000000b02bb8] __sys_recvmsg+0x68/0xe0 [ 891.866631] [c000000338757e30] [c00000000000bbe4] system_call+0x5c/0x70 Fixes: 8c755ace357c ("crypto: vmx - Adding CBC routines for VMX module") Fixes: c07f5d3da643 ("crypto: vmx - Adding support for XTS") Cc: stable(a)vger.kernel.org Signed-off-by: Ondrej Mosnacek <omosnace(a)redhat.com> --- Still untested, please test and review if possible. Changes in v2: - fix leaving preemtption, etc. disabled when leaving the function (I switched to the more obvious and less efficient variant for the sake of clarity.) drivers/crypto/vmx/aes_cbc.c | 30 ++++++++++++++---------------- drivers/crypto/vmx/aes_xts.c | 21 ++++++++++++++------- 2 files changed, 28 insertions(+), 23 deletions(-) diff --git a/drivers/crypto/vmx/aes_cbc.c b/drivers/crypto/vmx/aes_cbc.c index 5285ece4f33a..b71895871be3 100644 --- a/drivers/crypto/vmx/aes_cbc.c +++ b/drivers/crypto/vmx/aes_cbc.c @@ -107,24 +107,23 @@ static int p8_aes_cbc_encrypt(struct blkcipher_desc *desc, ret = crypto_skcipher_encrypt(req); skcipher_request_zero(req); } else { - preempt_disable(); - pagefault_disable(); - enable_kernel_vsx(); - blkcipher_walk_init(&walk, dst, src, nbytes); ret = blkcipher_walk_virt(desc, &walk); while ((nbytes = walk.nbytes)) { + preempt_disable(); + pagefault_disable(); + enable_kernel_vsx(); aes_p8_cbc_encrypt(walk.src.virt.addr, walk.dst.virt.addr, nbytes & AES_BLOCK_MASK, &ctx->enc_key, walk.iv, 1); + disable_kernel_vsx(); + pagefault_enable(); + preempt_enable(); + nbytes &= AES_BLOCK_SIZE - 1; ret = blkcipher_walk_done(desc, &walk, nbytes); } - - disable_kernel_vsx(); - pagefault_enable(); - preempt_enable(); } return ret; @@ -147,24 +146,23 @@ static int p8_aes_cbc_decrypt(struct blkcipher_desc *desc, ret = crypto_skcipher_decrypt(req); skcipher_request_zero(req); } else { - preempt_disable(); - pagefault_disable(); - enable_kernel_vsx(); - blkcipher_walk_init(&walk, dst, src, nbytes); ret = blkcipher_walk_virt(desc, &walk); while ((nbytes = walk.nbytes)) { + preempt_disable(); + pagefault_disable(); + enable_kernel_vsx(); aes_p8_cbc_encrypt(walk.src.virt.addr, walk.dst.virt.addr, nbytes & AES_BLOCK_MASK, &ctx->dec_key, walk.iv, 0); + disable_kernel_vsx(); + pagefault_enable(); + preempt_enable(); + nbytes &= AES_BLOCK_SIZE - 1; ret = blkcipher_walk_done(desc, &walk, nbytes); } - - disable_kernel_vsx(); - pagefault_enable(); - preempt_enable(); } return ret; diff --git a/drivers/crypto/vmx/aes_xts.c b/drivers/crypto/vmx/aes_xts.c index 8bd9aff0f55f..e9954a7d4694 100644 --- a/drivers/crypto/vmx/aes_xts.c +++ b/drivers/crypto/vmx/aes_xts.c @@ -116,32 +116,39 @@ static int p8_aes_xts_crypt(struct blkcipher_desc *desc, ret = enc? crypto_skcipher_encrypt(req) : crypto_skcipher_decrypt(req); skcipher_request_zero(req); } else { + blkcipher_walk_init(&walk, dst, src, nbytes); + + ret = blkcipher_walk_virt(desc, &walk); + preempt_disable(); pagefault_disable(); enable_kernel_vsx(); - blkcipher_walk_init(&walk, dst, src, nbytes); - - ret = blkcipher_walk_virt(desc, &walk); iv = walk.iv; memset(tweak, 0, AES_BLOCK_SIZE); aes_p8_encrypt(iv, tweak, &ctx->tweak_key); + disable_kernel_vsx(); + pagefault_enable(); + preempt_enable(); + while ((nbytes = walk.nbytes)) { + preempt_disable(); + pagefault_disable(); + enable_kernel_vsx(); if (enc) aes_p8_xts_encrypt(walk.src.virt.addr, walk.dst.virt.addr, nbytes & AES_BLOCK_MASK, &ctx->enc_key, NULL, tweak); else aes_p8_xts_decrypt(walk.src.virt.addr, walk.dst.virt.addr, nbytes & AES_BLOCK_MASK, &ctx->dec_key, NULL, tweak); + disable_kernel_vsx(); + pagefault_enable(); + preempt_enable(); nbytes &= AES_BLOCK_SIZE - 1; ret = blkcipher_walk_done(desc, &walk, nbytes); } - - disable_kernel_vsx(); - pagefault_enable(); - preempt_enable(); } return ret; } -- 2.17.1

7 years, 3 months

4
5
0 0

Re: stable/linux-4.4.y boot: 124 boots: 3 failed, 117 passed with 2 offline, 1 untried/unknown, 1 conflict (v4.4.151)

by Guillaume Tucker

On 22/08/18 14:51, kernelci.org bot wrote: > stable/linux-4.4.y boot: 124 boots: 3 failed, 117 passed with 2 offline, 1 untried/unknown, 1 conflict (v4.4.151) > > Full Boot Summary: https://kernelci.org/boot/all/job/stable/branch/linux-4.4.y/kernel/v4.4.151/ > Full Build Summary: https://kernelci.org/build/stable/branch/linux-4.4.y/kernel/v4.4.151/ > > Tree: stable > Branch: linux-4.4.y > Git Describe: v4.4.151 > Git Commit: 78f654f6cce3442937b8c7eb4b640357871363c1 > Git URL: http://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git > Tested: 43 unique boards, 20 SoC families, 22 builds out of 191 > > Boot Regressions Detected: [...] > x86: > > defconfig+kvm_guest: > x86-x5-z8350: > lab-mhart: failing since 6 days (last pass: v4.4.147 - first fail: v4.4.148) > > x86_64_defconfig: > x86-x5-z8350: > lab-mhart: failing since 6 days (last pass: v4.4.147 - first fail: v4.4.148) We've had a couple of automated boot bisections pointing at the same commit on an x86 Atom x5-Z8350 platform (AAEON UP-CHT01), please see details below. The issue seems to have started with v4.4.148. Here's the boot details and log showing the issue on v4.4.151: https://kernelci.org/boot/id/5b7d39ea59b514c03796ba9c/ https://storage.kernelci.org/stable/linux-4.4.y/v4.4.151/x86/x86_64_defconf… [ 0.073668] swapper/0: Corrupted page table at address 5b95ef78 [ 0.080286] PGD 272a067 PUD 272d067 PMD 5b8000000e3 [ 0.085847] Bad pagetable: 0009 [#1] SMP Below is the result of the last kernelci.org automated bisection. I haven't done any further investigation, this is merely sharing the results so please take it with a pinch of salt! Hope this helps. Best wishes, Guillaume --------------------------------------8<-------------------------------------- Bisection result for stable/linux-4.4.y (v4.4.151) on x86-x5-z8350 Good: 8404ae6c8c9f Linux 4.4.147 Bad: 78f654f6cce3 Linux 4.4.151 Found: 02ff2769edbc x86/mm/pat: Make set_memory_np() L1TF safe Checks: revert: PASS verify: PASS Parameters: Tree: stable URL: http://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git Branch: linux-4.4.y Target: x86-x5-z8350 Lab: lab-mhart Config: x86_64_defconfig Plan: boot Breaking commit found: ------------------------------------------------------------------------------- commit 02ff2769edbce2261e981effbc3c4b98fae4faf0 Author: Andi Kleen <ak(a)linux.intel.com> Date: Tue Aug 7 15:09:39 2018 -0700 x86/mm/pat: Make set_memory_np() L1TF safe commit 958f79b9ee55dfaf00c8106ed1c22a2919e0028b upstream set_memory_np() is used to mark kernel mappings not present, but it has it's own open coded mechanism which does not have the L1TF protection of inverting the address bits. Replace the open coded PTE manipulation with the L1TF protecting low level PTE routines. Passes the CPA self test. Signed-off-by: Andi Kleen <ak(a)linux.intel.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> [ dwmw2: Pull in pud_mkhuge() from commit a00cc7d9dd, and pfn_pud() ] Signed-off-by: David Woodhouse <dwmw(a)amazon.co.uk> [groeck: port to 4.4] Signed-off-by: Guenter Roeck <linux(a)roeck-us.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h index b5e157c065ae..4de6c282c02a 100644 --- a/arch/x86/include/asm/pgtable.h +++ b/arch/x86/include/asm/pgtable.h @@ -378,12 +378,39 @@ static inline pmd_t pfn_pmd(unsigned long page_nr, pgprot_t pgprot) return __pmd(pfn | massage_pgprot(pgprot)); } +static inline pud_t pfn_pud(unsigned long page_nr, pgprot_t pgprot) +{ + phys_addr_t pfn = page_nr << PAGE_SHIFT; + pfn ^= protnone_mask(pgprot_val(pgprot)); + pfn &= PHYSICAL_PUD_PAGE_MASK; + return __pud(pfn | massage_pgprot(pgprot)); +} + static inline pmd_t pmd_mknotpresent(pmd_t pmd) { return pfn_pmd(pmd_pfn(pmd), __pgprot(pmd_flags(pmd) & ~(_PAGE_PRESENT|_PAGE_PROTNONE))); } +static inline pud_t pud_set_flags(pud_t pud, pudval_t set) +{ + pudval_t v = native_pud_val(pud); + + return __pud(v | set); +} + +static inline pud_t pud_clear_flags(pud_t pud, pudval_t clear) +{ + pudval_t v = native_pud_val(pud); + + return __pud(v & ~clear); +} + +static inline pud_t pud_mkhuge(pud_t pud) +{ + return pud_set_flags(pud, _PAGE_PSE); +} + static inline u64 flip_protnone_guard(u64 oldval, u64 val, u64 mask); static inline pte_t pte_modify(pte_t pte, pgprot_t newprot) diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c index 79377e2a7bcd..27610c2d1821 100644 --- a/arch/x86/mm/pageattr.c +++ b/arch/x86/mm/pageattr.c @@ -1006,8 +1006,8 @@ static int populate_pmd(struct cpa_data *cpa, pmd = pmd_offset(pud, start); - set_pmd(pmd, __pmd(cpa->pfn | _PAGE_PSE | - massage_pgprot(pmd_pgprot))); + set_pmd(pmd, pmd_mkhuge(pfn_pmd(cpa->pfn, + canon_pgprot(pmd_pgprot)))); start += PMD_SIZE; cpa->pfn += PMD_SIZE; @@ -1079,8 +1079,8 @@ static int populate_pud(struct cpa_data *cpa, unsigned long start, pgd_t *pgd, * Map everything starting from the Gb boundary, possibly with 1G pages */ while (end - start >= PUD_SIZE) { - set_pud(pud, __pud(cpa->pfn | _PAGE_PSE | - massage_pgprot(pud_pgprot))); + set_pud(pud, pud_mkhuge(pfn_pud(cpa->pfn, + canon_pgprot(pud_pgprot)))); start += PUD_SIZE; cpa->pfn += PUD_SIZE; ------------------------------------------------------------------------------- Git bisection log: ------------------------------------------------------------------------------- git bisect start # good: [8404ae6c8c9ff23a06cf38112e83002e1088bfe1] Linux 4.4.147 git bisect good 8404ae6c8c9ff23a06cf38112e83002e1088bfe1 # bad: [78f654f6cce3442937b8c7eb4b640357871363c1] Linux 4.4.151 git bisect bad 78f654f6cce3442937b8c7eb4b640357871363c1 # bad: [6b06f36f07e2c91ad0126f17d0fc8f933c827da8] x86/mm/kmmio: Make the tracer robust against L1TF git bisect bad 6b06f36f07e2c91ad0126f17d0fc8f933c827da8 # good: [90a231c63cc28d896ab353b027011a949e9884d3] x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT git bisect good 90a231c63cc28d896ab353b027011a949e9884d3 # good: [9ac0dc7d949db7afd4116d55fa4fcf6a66d820f0] mm: fix cache mode tracking in vm_insert_mixed() git bisect good 9ac0dc7d949db7afd4116d55fa4fcf6a66d820f0 # good: [dc48c1a2f45b628d3128ad4bb31d1bcd342c059d] x86/cpufeatures: Add detection of L1D cache flush support. git bisect good dc48c1a2f45b628d3128ad4bb31d1bcd342c059d # good: [0aae5fe8413dfcd949d0df1c7d6b835efecd5b3b] x86/speculation/l1tf: Invert all not present mappings git bisect good 0aae5fe8413dfcd949d0df1c7d6b835efecd5b3b # bad: [02ff2769edbce2261e981effbc3c4b98fae4faf0] x86/mm/pat: Make set_memory_np() L1TF safe git bisect bad 02ff2769edbce2261e981effbc3c4b98fae4faf0 # good: [9feecdb6cb73feaa55b0135aee8777eaac848c78] x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert git bisect good 9feecdb6cb73feaa55b0135aee8777eaac848c78 # first bad commit: [02ff2769edbce2261e981effbc3c4b98fae4faf0] x86/mm/pat: Make set_memory_np() L1TF safe ------------------------------------------------------------------------------- > For more info write to <info(a)kernelci.org> > > > > _______________________________________________ > Kernel-build-reports mailing list > Kernel-build-reports(a)lists.linaro.org > https://lists.linaro.org/mailman/listinfo/kernel-build-reports >

7 years, 3 months

3
7
0 0

+ mm-hugetlb-filter-out-hugetlb-pages-if-hugepage-migration-is-not-supported.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm/hugetlb: filter out hugetlb pages if HUGEPAGE migration is not supported. has been added to the -mm tree. Its filename is mm-hugetlb-filter-out-hugetlb-pages-if-hugepage-migration-is-not-supported.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/mm-hugetlb-filter-out-hugetlb-page… and later at http://ozlabs.org/~akpm/mmotm/broken-out/mm-hugetlb-filter-out-hugetlb-page… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: "Aneesh Kumar K.V" <aneesh.kumar(a)linux.ibm.com> Subject: mm/hugetlb: filter out hugetlb pages if HUGEPAGE migration is not supported. When scanning for movable pages, filter out Hugetlb pages if hugepage migration is not supported. Without this we hit infinte loop in __offline_pages() where we do pfn = scan_movable_pages(start_pfn, end_pfn); if (pfn) { /* We have movable pages */ ret = do_migrate_range(pfn, end_pfn); goto repeat; } Fix this by checking hugepage_migration_supported both in has_unmovable_pages which is the primary backoff mechanism for page offlining and for consistency reasons also into scan_movable_pages because it doesn't make any sense to return a pfn to non-migrateable huge page. This issue was revealed by, but not caused by 72b39cfc4d75 ("mm, memory_hotplug: do not fail offlining too early"). Link: http://lkml.kernel.org/r/20180824063314.21981-1-aneesh.kumar@linux.ibm.com Fixes: 72b39cfc4d75 ("mm, memory_hotplug: do not fail offlining too early") Signed-off-by: Aneesh Kumar K.V <aneesh.kumar(a)linux.ibm.com> Reported-by: Haren Myneni <haren(a)linux.vnet.ibm.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Reviewed-by: Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memory_hotplug.c | 3 ++- mm/page_alloc.c | 4 ++++ 2 files changed, 6 insertions(+), 1 deletion(-) --- a/mm/memory_hotplug.c~mm-hugetlb-filter-out-hugetlb-pages-if-hugepage-migration-is-not-supported +++ a/mm/memory_hotplug.c @@ -1333,7 +1333,8 @@ static unsigned long scan_movable_pages( if (__PageMovable(page)) return pfn; if (PageHuge(page)) { - if (page_huge_active(page)) + if (hugepage_migration_supported(page_hstate(page)) && + page_huge_active(page)) return pfn; else pfn = round_up(pfn + 1, --- a/mm/page_alloc.c~mm-hugetlb-filter-out-hugetlb-pages-if-hugepage-migration-is-not-supported +++ a/mm/page_alloc.c @@ -7709,6 +7709,10 @@ bool has_unmovable_pages(struct zone *zo * handle each tail page individually in migration. */ if (PageHuge(page)) { + + if (!hugepage_migration_supported(page_hstate(page))) + goto unmovable; + iter = round_up(iter + 1, 1<<compound_order(page)) - 1; continue; } _ Patches currently in -mm which might be from aneesh.kumar(a)linux.ibm.com are mm-hugetlb-filter-out-hugetlb-pages-if-hugepage-migration-is-not-supported.patch

7 years, 3 months

1
0
0 0

How to report kernel panic in 4.4.x

by Matthias B.

Hallo, 4.4.147 is the last kernel of the 4.4.x series that boots for me. All subsequent versions panic on boot. How do I report this bug? If I'm supposed to use https://bugzilla.kernel.org/ I don't know what to fill into the fields. I don't even know if the longterm kernel falls under "Mainline" or some other tree. MSB -- Fun chemistry experiments: Sodium chloride doubles its volume when combined with an equal amount of table salt.

7 years, 3 months

2
10
0 0

kernel-doc patches for 4.18

by Nathan Chancellor

Hi Greg, Arch Linux recently enabled building the kernel documentation in their PKGBUILD, which turned my normally peaceful build into a spamfest of unescaped braces warnings from Perl. These are fixed upstream with the following two patches: 701b3a3c0ac4 ("PATCH scripts/kernel-doc") 673bb2dfc364 ("scripts/kernel-doc: Escape all literal braces in regexes") Could they please be applied to 4.18? They should be clean cherry-picks. Thanks! Nathan

7 years, 3 months

3
2
0 0

Current LTS and their EOL

by Rodrigo Vivi

Hi Greg, Ben, and all Is https://www.kernel.org/category/releases.html updated in terms of EOL? Some news out of Linaro conference [2] generated a lot of doubts and questions around. Specially because on the way it was stated by the news 3.16 wouldn't be active anymore. So I'm not sure about the news, but I'd like confirmation from you about expected EOL. [2] https://itsfoss.com/linux-lts-kernel-six-years/ Thanks in advance, Rodrigo.

7 years, 3 months

4
4
0 0

[PATCH v2] avoid race condition between start_xmit and cm_rep_handler

by Aaron Knister

Inside of start_xmit() the call to check if the connection is up and the queueing of the packets for later transmission is not atomic which leaves a window where cm_rep_handler can run, set the connection up, dequeue pending packets and leave the subsequently queued packets by start_xmit() sitting on neigh->queue until they're dropped when the connection is torn down. This only applies to connected mode. These dropped packets can really upset TCP, for example, and cause multi-minute delays in transmission for open connections. Here's the code in start_xmit where we check to see if the connection is up: if (ipoib_cm_get(neigh)) { if (ipoib_cm_up(neigh)) { ipoib_cm_send(dev, skb, ipoib_cm_get(neigh)); goto unref; } } The race occurs if cm_rep_handler execution occurs after the above connection check (specifically if it gets to the point where it acquires priv->lock to dequeue pending skb's) but before the below code snippet in start_xmit where packets are queued. if (skb_queue_len(&neigh->queue) < IPOIB_MAX_PATH_REC_QUEUE) { push_pseudo_header(skb, phdr->hwaddr); spin_lock_irqsave(&priv->lock, flags); __skb_queue_tail(&neigh->queue, skb); spin_unlock_irqrestore(&priv->lock, flags); } else { ++dev->stats.tx_dropped; dev_kfree_skb_any(skb); } The patch re-checks ipoib_cm_up with priv->lock held to avoid this race condition. Since odds are the conn should be up most of the time (and thus the connection *not* down most of the time) we don't hold the lock for the first check attempt to avoid a slowdown from unecessary locking for the majority of the packets transmitted during the connection's life. Signed-off-by: Aaron Knister <aaron.s.knister(a)nasa.gov> --- drivers/infiniband/ulp/ipoib/ipoib_main.c | 46 ++++++++++++++++++++++++++----- 1 file changed, 39 insertions(+), 7 deletions(-) diff --git a/drivers/infiniband/ulp/ipoib/ipoib_main.c b/drivers/infiniband/ulp/ipoib/ipoib_main.c index 26cde95b..a950c916 100644 --- a/drivers/infiniband/ulp/ipoib/ipoib_main.c +++ b/drivers/infiniband/ulp/ipoib/ipoib_main.c @@ -1093,6 +1093,21 @@ static void unicast_arp_send(struct sk_buff *skb, struct net_device *dev, spin_unlock_irqrestore(&priv->lock, flags); } +static bool defer_neigh_skb(struct sk_buff *skb, + struct net_device *dev, + struct ipoib_neigh *neigh, + struct ipoib_pseudo_header *phdr) +{ + if (skb_queue_len(&neigh->queue) < IPOIB_MAX_PATH_REC_QUEUE) { + push_pseudo_header(skb, phdr->hwaddr); + __skb_queue_tail(&neigh->queue, skb); + return true; + } + + return false; +} + + static netdev_tx_t ipoib_start_xmit(struct sk_buff *skb, struct net_device *dev) { struct ipoib_dev_priv *priv = ipoib_priv(dev); @@ -1101,6 +1116,7 @@ static netdev_tx_t ipoib_start_xmit(struct sk_buff *skb, struct net_device *dev) struct ipoib_pseudo_header *phdr; struct ipoib_header *header; unsigned long flags; + bool deferred_pkt = true; phdr = (struct ipoib_pseudo_header *) skb->data; skb_pull(skb, sizeof(*phdr)); @@ -1160,6 +1176,23 @@ static netdev_tx_t ipoib_start_xmit(struct sk_buff *skb, struct net_device *dev) ipoib_cm_send(dev, skb, ipoib_cm_get(neigh)); goto unref; } + /* + * Re-check ipoib_cm_up with priv->lock held to avoid + * race condition between start_xmit and skb_dequeue in + * cm_rep_handler. Since odds are the conn should be up + * most of the time, we don't hold the lock for the + * first check above + */ + spin_lock_irqsave(&priv->lock, flags); + if (ipoib_cm_up(neigh)) { + spin_unlock_irqrestore(&priv->lock, flags); + ipoib_cm_send(dev, skb, ipoib_cm_get(neigh)); + } else { + deferred_pkt = defer_neigh_skb(skb, dev, neigh, phdr); + spin_unlock_irqrestore(&priv->lock, flags); + } + + goto unref; } else if (neigh->ah && neigh->ah->valid) { neigh->ah->last_send = rn->send(dev, skb, neigh->ah->ah, IPOIB_QPN(phdr->hwaddr)); @@ -1168,17 +1201,16 @@ static netdev_tx_t ipoib_start_xmit(struct sk_buff *skb, struct net_device *dev) neigh_refresh_path(neigh, phdr->hwaddr, dev); } - if (skb_queue_len(&neigh->queue) < IPOIB_MAX_PATH_REC_QUEUE) { - push_pseudo_header(skb, phdr->hwaddr); - spin_lock_irqsave(&priv->lock, flags); - __skb_queue_tail(&neigh->queue, skb); - spin_unlock_irqrestore(&priv->lock, flags); - } else { + spin_lock_irqsave(&priv->lock, flags); + deferred_pkt = defer_neigh_skb(skb, dev, neigh, phdr); + spin_unlock_irqrestore(&priv->lock, flags); + +unref: + if (!deferred_pkt) { ++dev->stats.tx_dropped; dev_kfree_skb_any(skb); } -unref: ipoib_neigh_put(neigh); return NETDEV_TX_OK; -- 2.12.3

7 years, 3 months

6
10
0 0

Linux 4.4.152

by Greg KH

I'm announcing the release of the 4.4.152 kernel. All users of the 4.4 kernel series must upgrade. The updated 4.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.4.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arc/Makefile | 15 --- arch/arc/include/asm/mach_desc.h | 2 arch/arc/kernel/irq.c | 2 arch/arm/boot/dts/am3517.dtsi | 5 + arch/arm/boot/dts/am437x-sk-evm.dts | 2 arch/arm/boot/dts/bcm-cygnus.dtsi | 4 - arch/arm/boot/dts/da850.dtsi | 6 - arch/arm/configs/imx_v4_v5_defconfig | 2 arch/arm/configs/imx_v6_v7_defconfig | 2 arch/arm/mach-pxa/irq.c | 4 - arch/arm/mm/init.c | 9 ++ arch/arm64/kernel/smp.c | 2 arch/m68k/include/asm/mcf_pgalloc.h | 4 - arch/parisc/include/asm/spinlock.h | 8 -- arch/parisc/kernel/syscall.S | 24 +++--- drivers/dma/k3dma.c | 2 drivers/gpu/drm/armada/armada_hw.h | 1 drivers/gpu/drm/armada/armada_overlay.c | 30 +++++-- drivers/gpu/drm/exynos/exynos5433_drm_decon.c | 6 - drivers/gpu/drm/exynos/exynos_drm_gsc.c | 29 +++++-- drivers/gpu/drm/exynos/regs-gsc.h | 1 drivers/gpu/drm/nouveau/nouveau_gem.c | 4 - drivers/hid/wacom_wac.c | 10 ++ drivers/i2c/busses/i2c-imx.c | 8 +- drivers/md/raid10.c | 7 + drivers/net/ethernet/broadcom/bnx2x/bnx2x.h | 1 drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 6 + drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 6 + drivers/net/ethernet/broadcom/bnxt/bnxt.c | 4 - drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 2 drivers/net/ethernet/cisco/enic/enic_clsf.c | 3 drivers/net/ethernet/cisco/enic/enic_main.c | 3 drivers/net/ethernet/intel/ixgbe/ixgbe_common.c | 12 ++- drivers/net/ethernet/qlogic/qed/qed_main.c | 12 ++- drivers/net/ethernet/qlogic/qlcnic/qlcnic_sysfs.c | 2 drivers/net/ethernet/qualcomm/qca_spi.c | 21 +++-- drivers/net/ethernet/ti/davinci_emac.c | 4 + drivers/net/hamradio/bpqether.c | 8 -- drivers/net/ieee802154/at86rf230.c | 15 +-- drivers/net/ieee802154/fakelb.c | 2 drivers/net/usb/rtl8150.c | 2 drivers/net/usb/smsc75xx.c | 62 ++++++++++++++++ drivers/net/wireless/brcm80211/brcmfmac/sdio.c | 7 + drivers/pci/hotplug/pci_hotplug_core.c | 9 ++ drivers/pci/hotplug/pciehp.h | 1 drivers/pci/hotplug/pciehp_core.c | 7 + drivers/pci/hotplug/pciehp_hpc.c | 5 - drivers/pci/probe.c | 4 + drivers/scsi/xen-scsifront.c | 33 ++++++-- drivers/staging/android/ion/ion.c | 17 +++- drivers/usb/dwc2/gadget.c | 7 + drivers/usb/dwc2/hcd_intr.c | 3 drivers/usb/gadget/composite.c | 3 drivers/usb/host/xhci.c | 7 + fs/ext4/mballoc.c | 4 - fs/reiserfs/xattr.c | 4 - include/linux/fsl/guts.h | 1 include/net/net_namespace.h | 1 include/net/netns/ipv6.h | 1 include/net/tcp.h | 2 kernel/locking/lockdep.c | 12 +-- kernel/trace/trace.c | 5 + mm/kasan/kasan.c | 5 - net/bridge/br_if.c | 11 ++ net/core/dev.c | 4 - net/ipv4/netfilter/ip_tables.c | 1 net/ipv4/tcp.c | 4 - net/ipv4/tcp_dctcp.c | 25 ------ net/ipv4/tcp_output.c | 4 - net/ipv6/mcast.c | 9 +- net/ipv6/netfilter/ip6_tables.c | 1 net/ipv6/netfilter/nf_conntrack_reasm.c | 6 - net/netfilter/nf_conntrack_proto_dccp.c | 8 +- net/packet/af_packet.c | 12 ++- net/xfrm/xfrm_user.c | 8 +- security/smack/smack_lsm.c | 1 tools/perf/arch/powerpc/util/skip-callchain-idx.c | 2 tools/perf/tests/topology.c | 1 tools/perf/util/llvm-utils.c | 6 - tools/testing/selftests/pstore/pstore_post_reboot_tests | 5 + tools/testing/selftests/static_keys/test_static_keys.sh | 13 +++ tools/testing/selftests/sync/config | 4 + tools/testing/selftests/user/test_user_copy.sh | 7 + tools/testing/selftests/x86/sigreturn.c | 46 +++++++---- tools/testing/selftests/zram/zram.sh | 5 + tools/testing/selftests/zram/zram_lib.sh | 5 + virt/kvm/eventfd.c | 11 +- 88 files changed, 471 insertions(+), 222 deletions(-) Adam Ford (1): ARM: dts: am3517.dtsi: Disable reference to OMAP3 OTG controller Ajay Gupta (1): usb: xhci: increase CRS timeout value Alexander Duyck (1): ixgbe: Be more careful when modifying MAC filters Alexey Brodkin (2): ARC: Explicitly add -mmedium-calls to CFLAGS ARC: Enable machine_desc->init_per_cpu for !CONFIG_SMP Andy Lutomirski (1): selftests/x86/sigreturn/64: Fix spurious failures on AMD CPUs Bartosz Golaszewski (1): net: davinci_emac: match the mdio device against its compatible if possible BingJing Chang (1): md/raid10: fix that replacement cannot complete recovery after reassemble Casey Schaufler (1): Smack: Mark inode instant in smack_task_to_inode Chunfeng Yun (1): usb: gadget: composite: fix delayed_status race condition when set_interface Dan Carpenter (3): dmaengine: k3dma: Off by one in k3_of_dma_simple_xlate() qlogic: check kstrtoul() for errors drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply() Daniel Mack (2): ARM: dts: am437x: make edt-ft5x06 a wakeup source ARM: pxa: irq: fix handling of ICMR registers in suspend/resume Daniel Rosenberg (1): staging: android: ion: check for kref overflow David Lechner (1): net: usb: rtl8150: demote allmulti message to dev_dbg() Elad Raz (1): bridge: Propagate vlan add failure to user Eric Dumazet (2): netfilter: ipv6: nf_defrag: reduce struct net memory waste xfrm_user: prevent leaking 2 bytes of kernel memory Esben Haabendal (1): i2c: imx: Fix race condition in dma read Fabio Estevam (2): ARM: imx_v6_v7_defconfig: Select ULPI support ARM: imx_v4_v5_defconfig: Select ULPI support Fathi Boudra (1): selftests: sync: add config fragment for testing sync framework Florian Westphal (2): netfilter: x_tables: set module owner for icmp(6) matches netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state Ganesh Goudar (1): cxgb4: when disabling dcb set txq dcb priority to 0 Govindarajulu Varadarajan (1): enic: initialize enic->rfs_h.lock in enic_probe Greg Kroah-Hartman (1): Linux 4.4.152 Greg Ungerer (1): m68k: fix "bad page state" oops on ColdFire boot Grigor Tovmasyan (1): usb: gadget: dwc2: fix memory leak in gadget_init() Hangbin Liu (1): ipv6: mcast: fix unsolicited report interval after receiving querys Jann Horn (1): reiserfs: fix broken xattr handling (heap corruption, bad retval) Jason Gerecke (1): HID: wacom: Correct touch maximum XY of 2nd-gen Intuos Jeremy Cline (1): ext4: fix spectre gadget in ext4_mb_regular_allocator() John David Anglin (2): parisc: Remove ordered stores from syscall.S parisc: Remove unnecessary barriers from spinlock.h Keerthy (1): ARM: dts: da850: Fix interrups property for gpio Kim Phillips (1): perf llvm-utils: Remove bashism from kernel include fetch script Li RongQing (1): net: propagate dev_get_valid_name return code Lukas Wunner (2): PCI: hotplug: Don't leak pci_slot on registration failure PCI: pciehp: Fix use-after-free on unplug Marek Szyprowski (3): drm/exynos: gsc: Fix support for NV16/61, YUV420/YVU420 and YUV422 modes drm/exynos: decon5433: Fix per-plane global alpha for XRGB modes drm/exynos: decon5433: Fix WINCONx reset value Mathieu Malaterre (1): tracing: Use __printf markup to silence compiler Michael Trimarchi (1): brcmfmac: stop watchdog before detach and free everything Myron Stowe (1): PCI: Skip MPS logic for Virtual Functions (VFs) Paolo Bonzini (1): KVM: irqfd: fix race between EPOLLHUP and irq_bypass_register_consumer Randy Dunlap (2): net/ethernet/freescale/fman: fix cross-build error tcp: identify cryptic messages as TCP seq # bugs Ray Jui (1): ARM: dts: Cygnus: Fix I2C controller interrupt type Russell King (1): drm/armada: fix colorkey mode property Sandipan Das (1): perf report powerpc: Fix crash if callchain is empty Shuah Khan (Samsung OSG) (4): selftests: pstore: return Kselftest Skip code for skipped tests selftests: static_keys: return Kselftest Skip code for skipped tests selftests: user: return Kselftest Skip code for skipped tests selftests: zram: return Kselftest Skip code for skipped tests Stefan Agner (1): net: hamradio: use eth_broadcast_addr Stefan Schmidt (3): ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem ieee802154: at86rf230: use __func__ macro for debug messages ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem Stefan Wahren (3): net: qca_spi: Avoid packet drop during initial sync net: qca_spi: Make sure the QCA7000 reset is triggered net: qca_spi: Fix log level if probe fails Steven Rostedt (VMware) (2): locking/lockdep: Do not record IRQ state within lockdep code ARM: 8780/1: ftrace: Only set kernel memory back to read-only after boot Sudarsana Reddy Kalluru (2): qed: Add sanity check for SIMD fastpath handler. bnx2x: Fix receiving tx-timeout in error or recovery state. Thomas Richter (1): perf test session topology: Fix test on s390 Vikas Gupta (1): bnxt_en: Fix for system hang if request_irq fails Willem de Bruijn (2): packet: reset network header if packet shorter than ll reserved space packet: refine ring v3 block size test to hold one frame William Wu (1): usb: dwc2: fix isoc split in transfer with no data Yuchung Cheng (1): tcp: remove DELAYED ACK events in DCTCP Yuiko Oshino (1): smsc75xx: Add workaround for gigabit link up hardware errata. Zhen Lei (1): kasan: fix shadow_size calculation error in kasan_module_alloc Zhizhou Zhang (1): arm64: make secondary_start_kernel() notrace Zhouyang Jia (1): scsi: xen-scsifront: add error handling for xenbus_printf

7 years, 3 months

1
1
0 0

Linux 4.9.124

by Greg KH

I'm announcing the release of the 4.9.124 kernel. All users of the 4.9 kernel series must upgrade. The updated 4.9.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.9.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arc/Makefile | 15 -- arch/arc/include/asm/mach_desc.h | 2 arch/arc/kernel/irq.c | 2 arch/arc/kernel/process.c | 47 +++++- arch/arm/boot/dts/am3517.dtsi | 5 arch/arm/boot/dts/am437x-sk-evm.dts | 2 arch/arm/boot/dts/bcm-cygnus.dtsi | 24 +-- arch/arm/boot/dts/bcm-nsp.dtsi | 32 ++-- arch/arm/boot/dts/da850.dtsi | 6 arch/arm/configs/imx_v4_v5_defconfig | 2 arch/arm/configs/imx_v6_v7_defconfig | 2 arch/arm/mach-omap2/omap-smp.c | 41 +++++ arch/arm/mach-pxa/irq.c | 4 arch/arm/mm/init.c | 9 + arch/arm64/boot/dts/broadcom/ns2.dtsi | 4 arch/arm64/kernel/smp.c | 2 arch/m68k/include/asm/mcf_pgalloc.h | 4 arch/parisc/include/asm/spinlock.h | 8 - arch/parisc/kernel/syscall.S | 24 +-- arch/s390/net/bpf_jit_comp.c | 1 arch/x86/entry/entry_64.S | 20 -- drivers/acpi/nfit/core.c | 4 drivers/ata/libahci.c | 7 - drivers/dma/k3dma.c | 2 drivers/dma/pl330.c | 2 drivers/gpu/drm/arm/malidp_hw.c | 3 drivers/gpu/drm/armada/armada_hw.h | 1 drivers/gpu/drm/armada/armada_overlay.c | 30 +++- drivers/gpu/drm/exynos/exynos5433_drm_decon.c | 6 drivers/gpu/drm/exynos/exynos_drm_gsc.c | 29 ++-- drivers/gpu/drm/exynos/regs-gsc.h | 1 drivers/gpu/drm/nouveau/nouveau_gem.c | 4 drivers/hid/wacom_wac.c | 10 + drivers/i2c/busses/i2c-imx.c | 8 - drivers/iio/pressure/bmp280-core.c | 5 drivers/infiniband/hw/mlx5/srq.c | 18 +- drivers/infiniband/sw/rxe/rxe_req.c | 3 drivers/md/raid10.c | 7 + drivers/net/ethernet/broadcom/bnx2x/bnx2x.h | 1 drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 6 drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 6 drivers/net/ethernet/broadcom/bnxt/bnxt.c | 8 - drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 2 drivers/net/ethernet/cisco/enic/enic_clsf.c | 3 drivers/net/ethernet/cisco/enic/enic_main.c | 3 drivers/net/ethernet/intel/ixgbe/ixgbe_common.c | 12 + drivers/net/ethernet/qlogic/qed/qed_main.c | 12 + drivers/net/ethernet/qlogic/qlcnic/qlcnic_sysfs.c | 2 drivers/net/ethernet/qualcomm/qca_spi.c | 21 +-- drivers/net/ethernet/renesas/ravb_main.c | 56 ++------ drivers/net/ethernet/renesas/sh_eth.c | 59 ++------ drivers/net/ethernet/stmicro/stmmac/Kconfig | 2 drivers/net/ethernet/stmicro/stmmac/dwmac-socfpga.c | 18 ++ drivers/net/ethernet/ti/davinci_emac.c | 4 drivers/net/hamradio/bpqether.c | 8 - drivers/net/ieee802154/at86rf230.c | 15 -- drivers/net/ieee802154/fakelb.c | 2 drivers/net/ipvlan/ipvlan_main.c | 36 ++++- drivers/net/usb/rtl8150.c | 2 drivers/net/usb/smsc75xx.c | 62 ++++++++ drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c | 7 + drivers/nfc/pn533/usb.c | 4 drivers/nvme/target/core.c | 8 + drivers/pci/host/pci-host-common.c | 2 drivers/pci/host/pci-versatile.c | 2 drivers/pci/host/pcie-rcar.c | 2 drivers/pci/host/pcie-xilinx-nwl.c | 2 drivers/pci/host/pcie-xilinx.c | 1 drivers/pci/hotplug/pci_hotplug_core.c | 9 + drivers/pci/hotplug/pciehp.h | 1 drivers/pci/hotplug/pciehp_core.c | 7 + drivers/pci/hotplug/pciehp_hpc.c | 18 -- drivers/pci/pci.c | 38 +++++ drivers/pci/probe.c | 4 drivers/pinctrl/bcm/pinctrl-nsp-mux.c | 6 drivers/scsi/xen-scsifront.c | 33 +++- drivers/usb/dwc2/gadget.c | 7 - drivers/usb/dwc2/hcd_intr.c | 3 drivers/usb/dwc3/dwc3-of-simple.c | 3 drivers/usb/gadget/composite.c | 3 drivers/usb/host/xhci-tegra.c | 2 drivers/usb/host/xhci.c | 7 - drivers/xen/manage.c | 18 ++ drivers/xen/xen-scsiback.c | 16 +- fs/ceph/inode.c | 1 fs/ext4/mballoc.c | 4 fs/reiserfs/xattr.c | 4 include/linux/fsl/guts.h | 1 include/linux/pci.h | 2 include/net/ipv6.h | 9 - include/net/net_namespace.h | 1 include/net/netns/ipv6.h | 1 include/net/tc_act/tc_tunnel_key.h | 1 include/net/tcp.h | 2 kernel/locking/lockdep.c | 12 - kernel/trace/trace.c | 5 mm/kasan/kasan.c | 5 net/batman-adv/bat_iv_ogm.c | 4 net/batman-adv/bat_v.c | 4 net/core/dev.c | 4 net/ieee802154/6lowpan/core.c | 6 net/ipv4/netfilter/ip_tables.c | 1 net/ipv4/tcp.c | 4 net/ipv4/tcp_dctcp.c | 25 --- net/ipv4/tcp_output.c | 4 net/ipv6/calipso.c | 9 - net/ipv6/exthdrs.c | 111 ++++------------ net/ipv6/ipv6_sockglue.c | 27 ++- net/ipv6/mcast.c | 9 - net/ipv6/netfilter/ip6_tables.c | 1 net/ipv6/netfilter/nf_conntrack_reasm.c | 6 net/netfilter/nf_conntrack_core.c | 2 net/netfilter/nf_conntrack_proto_dccp.c | 8 - net/netfilter/nf_log.c | 4 net/packet/af_packet.c | 12 + net/qrtr/qrtr.c | 4 net/sched/act_tunnel_key.c | 6 net/wireless/nl80211.c | 19 -- net/xfrm/xfrm_user.c | 8 - samples/bpf/parse_varlen.c | 6 samples/bpf/test_overhead_user.c | 19 ++ security/smack/smack_lsm.c | 1 sound/core/seq/seq_clientmgr.c | 3 tools/build/Makefile | 2 tools/objtool/elf.c | 41 ++++- tools/perf/arch/powerpc/util/skip-callchain-idx.c | 2 tools/perf/bench/numa.c | 5 tools/perf/tests/topology.c | 1 tools/perf/util/llvm-utils.c | 6 tools/testing/selftests/pstore/pstore_post_reboot_tests | 5 tools/testing/selftests/static_keys/test_static_keys.sh | 13 + tools/testing/selftests/sync/config | 4 tools/testing/selftests/user/test_user_copy.sh | 7 + tools/testing/selftests/x86/sigreturn.c | 59 +++++--- tools/testing/selftests/zram/zram.sh | 5 tools/testing/selftests/zram/zram_lib.sh | 5 virt/kvm/arm/vgic/vgic-v3.c | 5 virt/kvm/eventfd.c | 11 - 139 files changed, 894 insertions(+), 573 deletions(-) Adam Ford (1): ARM: dts: am3517.dtsi: Disable reference to OMAP3 OTG controller Ajay Gupta (1): usb: xhci: increase CRS timeout value Alexander Duyck (1): ixgbe: Be more careful when modifying MAC filters Alexey Brodkin (2): ARC: Explicitly add -mmedium-calls to CFLAGS ARC: Enable machine_desc->init_per_cpu for !CONFIG_SMP Alison Wang (1): drm: mali-dp: Enable Global SE interrupts mask for DP500 Andrey Ryabinin (1): netfilter: nf_conntrack: Fix possible possible crash on module loading. Andy Lutomirski (3): x86/entry/64: Remove %ebx handling from error_entry/exit selftests/x86/sigreturn/64: Fix spurious failures on AMD CPUs selftests/x86/sigreturn: Do minor cleanups Ard Biesheuvel (1): KVM: arm/arm64: Drop resource size check for GICV window Arun Kumar Neelakantam (1): net: qrtr: Broadcast messages only from control port Bartosz Golaszewski (1): net: davinci_emac: match the mdio device against its compatible if possible BingJing Chang (1): md/raid10: fix that replacement cannot complete recovery after reassemble Bob Copeland (1): nl80211: relax ht operation checks for mesh Casey Schaufler (1): Smack: Mark inode instant in smack_task_to_inode Chunfeng Yun (1): usb: gadget: composite: fix delayed_status race condition when set_interface Dan Carpenter (4): dmaengine: k3dma: Off by one in k3_of_dma_simple_xlate() qlogic: check kstrtoul() for errors pinctrl: nsp: off by ones in nsp_pinmux_enable() drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply() Daniel Borkmann (1): bpf, s390: fix potential memleak when later bpf_jit_prog fails Daniel Mack (2): ARM: dts: am437x: make edt-ft5x06 a wakeup source ARM: pxa: irq: fix handling of ICMR registers in suspend/resume Dave Jiang (2): acpi/nfit: fix cmd_rc for acpi_nfit_ctl to always return a value nfit: fix unchecked dereference in acpi_nfit_ctl David Lechner (1): net: usb: rtl8150: demote allmulti message to dev_dbg() Davide Caratti (1): net/sched: act_tunnel_key: fix NULL dereference when 'goto chain' is used Dinh Nguyen (1): net: stmmac: socfpga: add additional ocp reset line for Stratix10 Dongjiu Geng (1): usb: xhci: remove the code build warning Eric Dumazet (2): netfilter: ipv6: nf_defrag: reduce struct net memory waste xfrm_user: prevent leaking 2 bytes of kernel memory Esben Haabendal (1): i2c: imx: Fix race condition in dma read Fabio Estevam (2): ARM: imx_v6_v7_defconfig: Select ULPI support ARM: imx_v4_v5_defconfig: Select ULPI support Fathi Boudra (1): selftests: sync: add config fragment for testing sync framework Florian Fainelli (2): ARM: dts: NSP: Fix i2c controller interrupt type ARM: dts: NSP: Fix PCIe controllers interrupt types Florian Westphal (2): netfilter: x_tables: set module owner for icmp(6) matches netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state Ganesh Goudar (1): cxgb4: when disabling dcb set txq dcb priority to 0 Govindarajulu Varadarajan (1): enic: initialize enic->rfs_h.lock in enic_probe Greg Kroah-Hartman (1): Linux 4.9.124 Greg Ungerer (1): m68k: fix "bad page state" oops on ColdFire boot Grigor Tovmasyan (1): usb: gadget: dwc2: fix memory leak in gadget_init() Hangbin Liu (2): ipv6: mcast: fix unsolicited report interval after receiving querys ipvlan: call dev_change_flags when ipvlan mode is reset Hans de Goede (1): NFC: pn533: Fix wrong GFP flag usage Jann Horn (2): netfilter: nf_log: fix uninit read in nf_log_proc_dostring reiserfs: fix broken xattr handling (heap corruption, bad retval) Jason Gerecke (1): HID: wacom: Correct touch maximum XY of 2nd-gen Intuos Jeremy Cline (1): ext4: fix spectre gadget in ext4_mb_regular_allocator() Jiri Olsa (1): perf bench: Fix numa report output code Johan Hovold (1): usb: dwc3: of-simple: fix use-after-free on remove John David Anglin (2): parisc: Remove ordered stores from syscall.S parisc: Remove unnecessary barriers from spinlock.h John Garry (1): libahci: Fix possible Spectre-v1 pmp indexing in ahci_led_store() Josh Poimboeuf (1): objtool: Support GCC 8 '-fnoreorder-functions' Kamal Heib (1): RDMA/mlx5: Fix memory leak in mlx5_ib_create_srq() error path Keerthy (1): ARM: dts: da850: Fix interrups property for gpio Kim Phillips (1): perf llvm-utils: Remove bashism from kernel include fetch script Laura Abbott (1): tools: build: Use HOSTLDFLAGS with fixdep Li RongQing (1): net: propagate dev_get_valid_name return code Lubomir Rintel (1): ieee802154: 6lowpan: set IFLA_LINK Lukas Wunner (3): PCI: hotplug: Don't leak pci_slot on registration failure PCI: pciehp: Fix use-after-free on unplug PCI: pciehp: Fix unprotected list iteration in IRQ handler Marek Szyprowski (4): dmaengine: pl330: report BURST residue granularity drm/exynos: gsc: Fix support for NV16/61, YUV420/YVU420 and YUV422 modes drm/exynos: decon5433: Fix per-plane global alpha for XRGB modes drm/exynos: decon5433: Fix WINCONx reset value Mathieu Malaterre (1): tracing: Use __printf markup to silence compiler Max Gurtuvoy (1): nvmet: reset keep alive timer in controller enable Michael Chan (1): bnxt_en: Always set output parameters in bnxt_get_max_rings(). Michael Trimarchi (1): brcmfmac: stop watchdog before detach and free everything Myron Stowe (1): PCI: Skip MPS logic for Virtual Functions (VFs) Nicholas Mc Guire (2): PCI: xilinx: Add missing of_node_put() PCI: xilinx-nwl: Add missing of_node_put() Nishanth Menon (1): ARM: DRA7/OMAP5: Enable ACTLR[0] (Enable invalidates of BTB) for secondary cores Paolo Bonzini (1): KVM: irqfd: fix race between EPOLLHUP and irq_bypass_register_consumer Paul Moore (1): ipv6: make ipv6_renew_options() interrupt/kernel safe Peter Zijlstra (1): ARC: Improve cmpxchg syscall implementation Randy Dunlap (2): net/ethernet/freescale/fman: fix cross-build error tcp: identify cryptic messages as TCP seq # bugs Ray Jui (3): ARM: dts: Cygnus: Fix I2C controller interrupt type ARM: dts: Cygnus: Fix PCIe controller interrupt type arm64: dts: ns2: Fix I2C controller interrupt type Russell King (1): drm/armada: fix colorkey mode property Sandipan Das (1): perf report powerpc: Fix crash if callchain is empty Sergei Shtylyov (2): PCI: OF: Fix I/O space page leak PCI: versatile: Fix I/O space page leak Shuah Khan (Samsung OSG) (4): selftests: pstore: return Kselftest Skip code for skipped tests selftests: static_keys: return Kselftest Skip code for skipped tests selftests: user: return Kselftest Skip code for skipped tests selftests: zram: return Kselftest Skip code for skipped tests Stefan Agner (1): net: hamradio: use eth_broadcast_addr Stefan Schmidt (3): ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem ieee802154: at86rf230: use __func__ macro for debug messages ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem Stefan Wahren (3): net: qca_spi: Avoid packet drop during initial sync net: qca_spi: Make sure the QCA7000 reset is triggered net: qca_spi: Fix log level if probe fails Steven Rostedt (VMware) (2): locking/lockdep: Do not record IRQ state within lockdep code ARM: 8780/1: ftrace: Only set kernel memory back to read-only after boot Sudarsana Reddy Kalluru (2): qed: Add sanity check for SIMD fastpath handler. bnx2x: Fix receiving tx-timeout in error or recovery state. Sven Eckelmann (2): batman-adv: Fix bat_ogm_iv best gw refcnt after netlink dump batman-adv: Fix bat_v best gw refcnt after netlink dump Taeung Song (2): samples/bpf: add missing <linux/if_vlan.h> samples/bpf: Check the error of write() and read() Takashi Iwai (1): ALSA: seq: Fix UBSAN warning at SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT ioctl Thomas Richter (1): perf test session topology: Fix test on s390 Tomasz Duszynski (1): iio: pressure: bmp280: fix relative humidity unit Vijay Immanuel (1): IB/rxe: Fix missing completion for mem_reg work requests Vikas Gupta (1): bnxt_en: Fix for system hang if request_irq fails Vladimir Zapolskiy (4): sh_eth: fix invalid context bug while calling auto-negotiation by ethtool sh_eth: fix invalid context bug while changing link options by ethtool ravb: fix invalid context bug while calling auto-negotiation by ethtool ravb: fix invalid context bug while changing link options by ethtool Wei Yongjun (1): pinctrl: nsp: Fix potential NULL dereference Willem de Bruijn (2): packet: reset network header if packet shorter than ll reserved space packet: refine ring v3 block size test to hold one frame William Wu (1): usb: dwc2: fix isoc split in transfer with no data Yan, Zheng (1): ceph: fix dentry leak in splice_dentry() Yuchung Cheng (1): tcp: remove DELAYED ACK events in DCTCP Yuiko Oshino (1): smsc75xx: Add workaround for gigabit link up hardware errata. Zhen Lei (1): kasan: fix shadow_size calculation error in kasan_module_alloc Zhizhou Zhang (1): arm64: make secondary_start_kernel() notrace Zhouyang Jia (3): xen: add error handling for xenbus_printf scsi: xen-scsifront: add error handling for xenbus_printf xen/scsiback: add error handling for xenbus_printf

7 years, 3 months

1
1
0 0

Linux 4.14.67

by Greg KH

I'm announcing the release of the 4.14.67 kernel. All users of the 4.14 kernel series must upgrade. The updated 4.14.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.14.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 8 - arch/arc/Makefile | 15 -- arch/arc/include/asm/mach_desc.h | 2 arch/arc/kernel/irq.c | 2 arch/arc/kernel/process.c | 47 +++++- arch/arm/boot/dts/am3517.dtsi | 5 arch/arm/boot/dts/am437x-sk-evm.dts | 2 arch/arm/boot/dts/armada-385-synology-ds116.dts | 2 arch/arm/boot/dts/bcm-cygnus.dtsi | 24 +-- arch/arm/boot/dts/bcm-nsp.dtsi | 32 ++-- arch/arm/boot/dts/bcm5301x.dtsi | 2 arch/arm/boot/dts/da850.dtsi | 6 arch/arm/boot/dts/imx6qdl-zii-rdu2.dtsi | 2 arch/arm/configs/imx_v4_v5_defconfig | 2 arch/arm/configs/imx_v6_v7_defconfig | 2 arch/arm/mach-davinci/board-da850-evm.c | 2 arch/arm/mach-omap2/omap-smp.c | 41 +++++ arch/arm/mach-pxa/irq.c | 4 arch/arm/mm/init.c | 9 + arch/arm64/boot/dts/amlogic/meson-gxl-mali.dtsi | 2 arch/arm64/boot/dts/broadcom/northstar2/ns2.dtsi | 8 - arch/arm64/boot/dts/broadcom/stingray/bcm958742k.dts | 4 arch/arm64/boot/dts/broadcom/stingray/bcm958742t.dts | 4 arch/arm64/boot/dts/broadcom/stingray/stingray.dtsi | 4 arch/arm64/boot/dts/qcom/msm8916.dtsi | 4 arch/arm64/kernel/smp.c | 2 arch/arm64/mm/dma-mapping.c | 9 - arch/m68k/include/asm/mcf_pgalloc.h | 4 arch/openrisc/kernel/entry.S | 8 - arch/openrisc/kernel/head.S | 9 - arch/openrisc/kernel/traps.c | 2 arch/parisc/include/asm/spinlock.h | 8 - arch/parisc/kernel/syscall.S | 24 +-- arch/s390/net/bpf_jit_comp.c | 1 arch/x86/kernel/cpu/microcode/intel.c | 5 arch/x86/kernel/kvmclock.c | 1 arch/x86/kernel/smpboot.c | 5 block/sed-opal.c | 4 drivers/acpi/ec.c | 20 ++ drivers/acpi/nfit/core.c | 4 drivers/ata/libahci.c | 7 - drivers/block/drbd/drbd_req.c | 4 drivers/block/nbd.c | 40 ++++- drivers/dax/device.c | 12 + drivers/dma/k3dma.c | 2 drivers/dma/pl330.c | 2 drivers/edac/edac_mc.c | 1 drivers/gpu/drm/amd/amdgpu/vce_v3_0.c | 4 drivers/gpu/drm/arm/malidp_hw.c | 3 drivers/gpu/drm/arm/malidp_planes.c | 5 drivers/gpu/drm/armada/armada_crtc.c | 12 + drivers/gpu/drm/armada/armada_hw.h | 1 drivers/gpu/drm/armada/armada_overlay.c | 30 +++- drivers/gpu/drm/bridge/sil-sii8620.c | 41 +++-- drivers/gpu/drm/exynos/exynos5433_drm_decon.c | 6 drivers/gpu/drm/exynos/exynos_drm_gsc.c | 29 ++-- drivers/gpu/drm/exynos/regs-gsc.h | 1 drivers/gpu/drm/i915/gvt/kvmgt.c | 9 + drivers/gpu/drm/nouveau/nouveau_gem.c | 4 drivers/gpu/drm/tegra/drm.c | 2 drivers/gpu/host1x/job.c | 3 drivers/hid/wacom_wac.c | 10 + drivers/hwmon/nct6775.c | 2 drivers/i2c/busses/i2c-imx.c | 8 - drivers/i2c/i2c-core-acpi.c | 11 + drivers/iio/pressure/bmp280-core.c | 5 drivers/infiniband/hw/mlx4/mr.c | 7 - drivers/infiniband/hw/mlx5/srq.c | 18 +- drivers/infiniband/sw/rxe/rxe_req.c | 3 drivers/input/rmi4/rmi_2d_sensor.c | 34 ++-- drivers/md/raid10.c | 7 + drivers/mtd/devices/mtd_dataflash.c | 4 drivers/net/ethernet/broadcom/bnx2x/bnx2x.h | 1 drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 6 drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 6 drivers/net/ethernet/broadcom/bnxt/bnxt.c | 13 + drivers/net/ethernet/cavium/octeon/octeon_mgmt.c | 14 +- drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 2 drivers/net/ethernet/cisco/enic/enic_clsf.c | 3 drivers/net/ethernet/cisco/enic/enic_main.c | 3 drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 15 +- drivers/net/ethernet/freescale/fman/fman_port.c | 8 + drivers/net/ethernet/ibm/ibmvnic.c | 4 drivers/net/ethernet/intel/ixgbe/ixgbe_common.c | 12 + drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 12 - drivers/net/ethernet/mellanox/mlx5/core/vport.c | 2 drivers/net/ethernet/netronome/nfp/nfpcore/nfp_nffw.c | 2 drivers/net/ethernet/qlogic/qed/qed_dcbx.c | 11 - drivers/net/ethernet/qlogic/qed/qed_ll2.c | 11 + drivers/net/ethernet/qlogic/qed/qed_main.c | 12 + drivers/net/ethernet/qlogic/qlcnic/qlcnic_sysfs.c | 2 drivers/net/ethernet/qualcomm/qca_spi.c | 21 +-- drivers/net/ethernet/renesas/ravb_main.c | 56 ++------ drivers/net/ethernet/renesas/sh_eth.c | 59 ++------ drivers/net/ethernet/stmicro/stmmac/Kconfig | 2 drivers/net/ethernet/stmicro/stmmac/dwmac-socfpga.c | 18 ++ drivers/net/ethernet/ti/davinci_emac.c | 4 drivers/net/hamradio/bpqether.c | 8 - drivers/net/hyperv/rndis_filter.c | 1 drivers/net/ieee802154/at86rf230.c | 15 -- drivers/net/ieee802154/fakelb.c | 2 drivers/net/ipvlan/ipvlan_main.c | 36 ++++- drivers/net/usb/rtl8150.c | 2 drivers/net/usb/smsc75xx.c | 62 ++++++++ drivers/net/wireless/ath/ath10k/mac.c | 16 ++ drivers/net/wireless/ath/ath10k/wmi.h | 1 drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c | 7 + drivers/nfc/pn533/usb.c | 4 drivers/nvme/host/core.c | 2 drivers/nvme/target/core.c | 8 + drivers/nvmem/core.c | 4 drivers/pci/host/pci-ftpci100.c | 2 drivers/pci/host/pci-host-common.c | 2 drivers/pci/host/pci-versatile.c | 2 drivers/pci/host/pcie-rcar.c | 2 drivers/pci/host/pcie-xilinx-nwl.c | 2 drivers/pci/host/pcie-xilinx.c | 1 drivers/pci/hotplug/pci_hotplug_core.c | 9 + drivers/pci/hotplug/pciehp.h | 1 drivers/pci/hotplug/pciehp_core.c | 7 + drivers/pci/hotplug/pciehp_hpc.c | 18 -- drivers/pci/pci.c | 38 +++++ drivers/pci/probe.c | 4 drivers/perf/xgene_pmu.c | 2 drivers/pinctrl/bcm/pinctrl-nsp-mux.c | 6 drivers/pinctrl/pinctrl-ingenic.c | 2 drivers/s390/cio/vfio_ccw_drv.c | 5 drivers/scsi/qedf/qedf_main.c | 12 + drivers/scsi/qedi/qedi_main.c | 11 + drivers/scsi/xen-scsifront.c | 33 +++- drivers/soc/imx/gpc.c | 21 +++ drivers/soc/imx/gpcv2.c | 13 + drivers/staging/typec/tcpm.c | 3 drivers/tty/pty.c | 2 drivers/usb/dwc2/core.h | 3 drivers/usb/dwc2/gadget.c | 15 +- drivers/usb/dwc2/hcd.c | 89 ++++++++++++ drivers/usb/dwc2/hcd.h | 8 + drivers/usb/dwc2/hcd_intr.c | 11 + drivers/usb/dwc2/hcd_queue.c | 3 drivers/usb/dwc3/dwc3-of-simple.c | 3 drivers/usb/dwc3/dwc3-pci.c | 2 drivers/usb/gadget/composite.c | 3 drivers/usb/gadget/function/f_fs.c | 26 ++- drivers/usb/host/xhci-tegra.c | 2 drivers/usb/host/xhci.c | 7 - drivers/xen/manage.c | 18 ++ drivers/xen/xen-scsiback.c | 16 +- fs/btrfs/scrub.c | 17 +- fs/ceph/inode.c | 1 fs/ext4/mballoc.c | 4 fs/f2fs/segment.c | 32 ++++ fs/f2fs/segment.h | 22 ++- fs/nfs/nfs4proc.c | 17 +- fs/reiserfs/xattr.c | 4 include/linux/fsl/guts.h | 1 include/linux/pci.h | 2 include/net/ipv6.h | 9 - include/net/net_namespace.h | 1 include/net/netns/ipv6.h | 1 include/net/tc_act/tc_tunnel_key.h | 1 include/net/tcp.h | 2 include/uapi/linux/nbd.h | 3 kernel/bpf/hashtab.c | 16 +- kernel/locking/lockdep.c | 12 - kernel/trace/trace.c | 5 mm/kasan/kasan.c | 5 net/batman-adv/bat_iv_ogm.c | 4 net/batman-adv/bat_v.c | 4 net/batman-adv/translation-table.c | 7 - net/core/dev.c | 4 net/ieee802154/6lowpan/core.c | 6 net/ipv4/netfilter/ip_tables.c | 1 net/ipv4/tcp.c | 4 net/ipv4/tcp_dctcp.c | 25 --- net/ipv4/tcp_output.c | 4 net/ipv6/calipso.c | 9 - net/ipv6/exthdrs.c | 111 ++++------------ net/ipv6/ipv6_sockglue.c | 27 ++- net/ipv6/mcast.c | 9 - net/ipv6/netfilter/ip6_tables.c | 1 net/ipv6/netfilter/nf_conntrack_reasm.c | 6 net/netfilter/nf_conntrack_core.c | 2 net/netfilter/nf_conntrack_helper.c | 5 net/netfilter/nf_conntrack_proto_dccp.c | 8 - net/netfilter/nf_log.c | 4 net/netfilter/nft_compat.c | 13 + net/packet/af_packet.c | 12 + net/qrtr/qrtr.c | 4 net/sched/act_tunnel_key.c | 6 net/sctp/chunk.c | 4 net/smc/af_smc.c | 3 net/wireless/nl80211.c | 35 ++--- net/xfrm/xfrm_user.c | 8 - samples/bpf/parse_varlen.c | 6 samples/bpf/test_overhead_user.c | 19 ++ samples/bpf/trace_event_user.c | 27 +++ scripts/kconfig/zconf.y | 4 security/smack/smack_lsm.c | 1 sound/core/seq/seq_clientmgr.c | 3 tools/build/Makefile | 2 tools/objtool/elf.c | 41 ++++- tools/perf/arch/powerpc/util/skip-callchain-idx.c | 2 tools/perf/arch/x86/util/perf_regs.c | 2 tools/perf/bench/numa.c | 5 tools/perf/jvmti/jvmti_agent.c | 3 tools/perf/tests/topology.c | 1 tools/perf/util/c++/clang.cpp | 11 + tools/perf/util/header.c | 10 + tools/perf/util/llvm-utils.c | 6 tools/perf/util/parse-events.y | 5 tools/perf/util/scripting-engines/trace-event-python.c | 8 - tools/testing/selftests/bpf/test_kmod.sh | 9 + tools/testing/selftests/pstore/pstore_post_reboot_tests | 5 tools/testing/selftests/static_keys/test_static_keys.sh | 13 + tools/testing/selftests/sync/config | 4 tools/testing/selftests/sysctl/sysctl.sh | 20 +- tools/testing/selftests/user/test_user_copy.sh | 7 + tools/testing/selftests/vm/compaction_test.c | 4 tools/testing/selftests/vm/mlock2-tests.c | 12 + tools/testing/selftests/vm/run_vmtests | 5 tools/testing/selftests/vm/userfaultfd.c | 4 tools/testing/selftests/x86/sigreturn.c | 59 +++++--- tools/testing/selftests/zram/zram.sh | 5 tools/testing/selftests/zram/zram_lib.sh | 5 virt/kvm/arm/vgic/vgic-v3.c | 5 virt/kvm/eventfd.c | 11 - 227 files changed, 1565 insertions(+), 779 deletions(-) Adam Ford (2): ARM: davinci: board-da850-evm: fix WP pin polarity for MMC/SD ARM: dts: am3517.dtsi: Disable reference to OMAP3 OTG controller Ajay Gupta (1): usb: xhci: increase CRS timeout value Alex Deucher (1): drm/amdgpu: fix swapped emit_ib_size in vce3 Alexander Duyck (1): ixgbe: Be more careful when modifying MAC filters Alexander Sverdlin (1): octeon_mgmt: Fix MIX registers configuration on MTU setup Alexey Brodkin (2): ARC: Explicitly add -mmedium-calls to CFLAGS ARC: Enable machine_desc->init_per_cpu for !CONFIG_SMP Alison Wang (1): drm: mali-dp: Enable Global SE interrupts mask for DP500 Andrey Ryabinin (1): netfilter: nf_conntrack: Fix possible possible crash on module loading. Andrzej Hajda (1): drm/bridge/sii8620: fix loops in EDID fetch logic Andy Lutomirski (2): selftests/x86/sigreturn/64: Fix spurious failures on AMD CPUs selftests/x86/sigreturn: Do minor cleanups Anson Huang (2): soc: imx: gpcv2: correct PGC offset soc: imx: gpc: restrict register range for regmap access Ard Biesheuvel (1): KVM: arm/arm64: Drop resource size check for GICV window Arun Kumar Neelakantam (1): net: qrtr: Broadcast messages only from control port Ayan Kumar Halder (1): drm/arm/malidp: Preserve LAYER_FORMAT contents when setting format Bart Van Assche (1): drbd: Fix drbd_request_prepare() discard handling Bartosz Golaszewski (1): net: davinci_emac: match the mdio device against its compatible if possible BingJing Chang (1): md/raid10: fix that replacement cannot complete recovery after reassemble Bob Copeland (1): nl80211: relax ht operation checks for mesh Casey Schaufler (1): Smack: Mark inode instant in smack_task_to_inode Chengguang Xu (1): nfp: cast sizeof() to int when comparing with error code Christophe Jaillet (1): IB/mlx4: Fix an error handling path in 'mlx4_ib_rereg_user_mr()' Chunfeng Yun (1): usb: gadget: composite: fix delayed_status race condition when set_interface Dan Carpenter (6): block: sed-opal: Fix a couple off by one bugs typec: tcpm: Fix a msecs vs jiffies bug dmaengine: k3dma: Off by one in k3_of_dma_simple_xlate() qlogic: check kstrtoul() for errors pinctrl: nsp: off by ones in nsp_pinmux_enable() drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply() Daniel Borkmann (1): bpf, s390: fix potential memleak when later bpf_jit_prog fails Daniel Mack (2): ARM: dts: am437x: make edt-ft5x06 a wakeup source ARM: pxa: irq: fix handling of ICMR registers in suspend/resume Dave Jiang (2): acpi/nfit: fix cmd_rc for acpi_nfit_ctl to always return a value nfit: fix unchecked dereference in acpi_nfit_ctl David Lechner (1): net: usb: rtl8150: demote allmulti message to dev_dbg() Davide Caratti (1): net/sched: act_tunnel_key: fix NULL dereference when 'goto chain' is used Dinh Nguyen (1): net: stmmac: socfpga: add additional ocp reset line for Stratix10 Dirk Gouders (1): kconfig: fix line numbers for if-entries in menu tree Dmitry Osipenko (1): gpu: host1x: Check whether size of unpin isn't 0 Dong Jia Shi (1): vfio: ccw: fix error return in vfio_ccw_sch_event Dongjiu Geng (1): usb: xhci: remove the code build warning Doron Roberts-Kedes (1): nbd: Add the nbd NBD_DISCONNECT_ON_CLOSE config flag. Douglas Anderson (1): nvmem: Don't let a NULL cell_id for nvmem_cell_get() crash us Eli Cohen (1): net/mlx5: E-Switch, Disallow vlan/spoofcheck setup if not being esw manager Eric Dumazet (2): netfilter: ipv6: nf_defrag: reduce struct net memory waste xfrm_user: prevent leaking 2 bytes of kernel memory Esben Haabendal (1): i2c: imx: Fix race condition in dma read Fabio Estevam (2): ARM: imx_v6_v7_defconfig: Select ULPI support ARM: imx_v4_v5_defconfig: Select ULPI support Fathi Boudra (1): selftests: sync: add config fragment for testing sync framework Florian Fainelli (3): ARM: dts: NSP: Fix i2c controller interrupt type ARM: dts: NSP: Fix PCIe controllers interrupt types ARM: dts: BCM5301x: Fix i2c controller interrupt type Florian Westphal (3): netfilter: x_tables: set module owner for icmp(6) matches netfilter: nft_compat: explicitly reject ERROR and standard target netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state Ganesh Goudar (1): cxgb4: when disabling dcb set txq dcb priority to 0 Gao Feng (1): netfilter: nf_ct_helper: Fix possible panic after nf_conntrack_helper_unregister Geert Uytterhoeven (1): mtd: dataflash: Use ULL suffix for 64-bit constants Govindarajulu Varadarajan (1): enic: initialize enic->rfs_h.lock in enic_probe Greg Kroah-Hartman (1): Linux 4.14.67 Greg Ungerer (1): m68k: fix "bad page state" oops on ColdFire boot Grigor Tovmasyan (1): usb: gadget: dwc2: fix memory leak in gadget_init() Guenter Roeck (1): hwmon: (nct6775) Fix loop limit Gustavo A. R. Silva (1): drm/i915/kvmgt: Fix potential Spectre v1 Hangbin Liu (2): ipv6: mcast: fix unsolicited report interval after receiving querys ipvlan: call dev_change_flags when ipvlan mode is reset Hans de Goede (2): NFC: pn533: Fix wrong GFP flag usage i2c: core: ACPI: Properly set status byte to 0 for multi-byte writes Heikki Krogerus (1): usb: dwc3: pci: add support for Intel IceLake Hoan Tran (1): drivers/perf: xgene_pmu: Fix IOB SLOW PMU parser error Jaegeuk Kim (2): f2fs: return error during fill_super f2fs: sanity check for total valid node blocks Jann Horn (2): netfilter: nf_log: fix uninit read in nf_log_proc_dostring reiserfs: fix broken xattr handling (heap corruption, bad retval) Janne Huttunen (1): perf script python: Fix dict reference counting Jason Gerecke (1): HID: wacom: Correct touch maximum XY of 2nd-gen Intuos Jeff Moyer (1): dev-dax: check_vma: ratelimit dev_info-s Jeffrin Jose T (1): selftests: bpf: notification about privilege required to run test_kmod.sh testing script Jeremy Cline (1): ext4: fix spectre gadget in ext4_mb_regular_allocator() Jiri Olsa (3): perf tools: Fix error index for pmu event parser perf bench: Fix numa report output code perf tools: Fix compilation errors on gcc8 Johan Hovold (1): usb: dwc3: of-simple: fix use-after-free on remove Johannes Berg (1): nl80211: check nla_parse_nested() return values John Allen (1): ibmvnic: Fix error recovery on login failure John David Anglin (2): parisc: Remove ordered stores from syscall.S parisc: Remove unnecessary barriers from spinlock.h John Garry (1): libahci: Fix possible Spectre-v1 pmp indexing in ahci_led_store() Josh Poimboeuf (1): objtool: Support GCC 8 '-fnoreorder-functions' Kamal Heib (1): RDMA/mlx5: Fix memory leak in mlx5_ib_create_srq() error path Keerthy (1): ARM: dts: da850: Fix interrups property for gpio Kim Phillips (1): perf llvm-utils: Remove bashism from kernel include fetch script Laura Abbott (1): tools: build: Use HOSTLDFLAGS with fixdep Li RongQing (1): net: propagate dev_get_valid_name return code Linus Lüssing (2): batman-adv: Avoid storing non-TT-sync flags on singular entries too batman-adv: Fix multicast TT issues with bogus ROAM flags Lubomir Rintel (1): ieee802154: 6lowpan: set IFLA_LINK Lucas Stach (1): Input: synaptics-rmi4 - fix axis-swap behavior Lukas Wunner (3): PCI: hotplug: Don't leak pci_slot on registration failure PCI: pciehp: Fix use-after-free on unplug PCI: pciehp: Fix unprotected list iteration in IRQ handler Maciej Purski (3): drm/bridge/sii8620: fix potential buffer overflow drm/bridge/sii8620: fix display of packed pixel modes in MHL2 drm/bridge/sii8620: Fix display of packed pixel modes Madalin Bucur (2): fsl/fman: fix parser reporting bad checksum on short frames dpaa_eth: DPAA SGT needs to be 256B Manish Rangankar (1): scsi: qedi: Send driver state to MFW Marcelo Ricardo Leitner (1): sctp: fix erroneous inc of snmp SctpFragUsrMsgs Marek Szyprowski (5): arm64: dma-mapping: clear buffers allocated with FORCE_CONTIGUOUS flag dmaengine: pl330: report BURST residue granularity drm/exynos: gsc: Fix support for NV16/61, YUV420/YVU420 and YUV422 modes drm/exynos: decon5433: Fix per-plane global alpha for XRGB modes drm/exynos: decon5433: Fix WINCONx reset value Martin Blumenstingl (1): ARM64: dts: meson-gxl: fix Mali GPU compatible string Masahiro Yamada (1): kbuild: suppress warnings from 'getconf LFS_*' Mathieu Malaterre (1): tracing: Use __printf markup to silence compiler Matthijs van Duin (1): pty: fix O_CLOEXEC for TIOCGPTPEER Mauricio Vasquez B (1): bpf: hash map: decrement counter on error Max Gurtuvoy (1): nvmet: reset keep alive timer in controller enable Michael Chan (2): bnxt_en: Fix inconsistent BNXT_FLAG_AGG_RINGS logic. bnxt_en: Always set output parameters in bnxt_get_max_rings(). Michael Trimarchi (1): brcmfmac: stop watchdog before detach and free everything Mika Westerberg (1): ACPI / EC: Use ec_no_wakeup on Thinkpad X1 Carbon 6th Mikko Perttunen (1): drm/tegra: Fix comparison operator for buffer size Minas Harutyunyan (2): usb: dwc2: gadget: Fix issue in dwc2_gadget_start_isoc() dwc2: gadget: Fix ISOC IN DDMA PID bitfield value calculation Myron Stowe (1): PCI: Skip MPS logic for Virtual Functions (VFs) Nicholas Mc Guire (3): PCI: xilinx: Add missing of_node_put() PCI: xilinx-nwl: Add missing of_node_put() PCI: faraday: Add missing of_node_put() Nishanth Menon (1): ARM: DRA7/OMAP5: Enable ACTLR[0] (Enable invalidates of BTB) for secondary cores Paolo Bonzini (1): KVM: irqfd: fix race between EPOLLHUP and irq_bypass_register_consumer Paul Cercueil (1): pinctrl: ingenic: Fix inverted direction for < JZ4770 Paul Moore (1): ipv6: make ipv6_renew_options() interrupt/kernel safe Peng Hao (1): kvmclock: fix TSC calibration for nested guests Peter Zijlstra (1): ARC: Improve cmpxchg syscall implementation Qu Wenruo (1): btrfs: scrub: Don't use inode page cache in scrub_handle_errored_block() Randy Dunlap (2): net/ethernet/freescale/fman: fix cross-build error tcp: identify cryptic messages as TCP seq # bugs Ray Jui (5): ARM: dts: Cygnus: Fix I2C controller interrupt type ARM: dts: Cygnus: Fix PCIe controller interrupt type arm64: dts: ns2: Fix I2C controller interrupt type arm64: dts: ns2: Fix PCIe controller interrupt type arm64: dts: Stingray: Fix I2C controller interrupt type Rob Herring (1): arm64: dts: msm8916: fix Coresight ETF graph connections Robin H. Johnson (1): ACPI / EC: Use ec_no_wakeup on more Thinkpad X1 Carbon 6th systems Roland Dreier (1): nvme: fix handling of metadata_len for NVME_IOCTL_IO_CMD Russell King (2): drm/armada: fix colorkey mode property drm/armada: fix irq handling Ryan Hsu (1): ath10k: update the phymode along with bandwidth change request Sandipan Das (1): perf report powerpc: Fix crash if callchain is empty Saurav Kashyap (1): scsi: qedf: Send the driver state to MFW Scott Branden (2): arm64: dts: specify 1.8V EMMC capabilities for bcm958742k arm64: dts: specify 1.8V EMMC capabilities for bcm958742t Sergei Shtylyov (2): PCI: OF: Fix I/O space page leak PCI: versatile: Fix I/O space page leak Shuah Khan (Samsung OSG) (6): selftests: pstore: return Kselftest Skip code for skipped tests selftests: static_keys: return Kselftest Skip code for skipped tests selftests: sysctl: return Kselftest Skip code for skipped tests selftests: user: return Kselftest Skip code for skipped tests selftests: zram: return Kselftest Skip code for skipped tests selftests: vm: return Kselftest Skip code for skipped tests Stafford Horne (1): openrisc: entry: Fix delay slot exception detection Stefan Agner (1): net: hamradio: use eth_broadcast_addr Stefan Schmidt (3): ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem ieee802154: at86rf230: use __func__ macro for debug messages ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem Stefan Wahren (3): net: qca_spi: Avoid packet drop during initial sync net: qca_spi: Make sure the QCA7000 reset is triggered net: qca_spi: Fix log level if probe fails Stephen Hemminger (1): hv/netvsc: fix handling of fallback to single queue mode Steven Rostedt (VMware) (2): locking/lockdep: Do not record IRQ state within lockdep code ARM: 8780/1: ftrace: Only set kernel memory back to read-only after boot Sudarsana Reddy Kalluru (4): qed: Fix possible memory leak in Rx error path handling. qed: Add sanity check for SIMD fastpath handler. qed: Do not advertise DCBX_LLD_MANAGED capability. bnx2x: Fix receiving tx-timeout in error or recovery state. Sven Eckelmann (2): batman-adv: Fix bat_ogm_iv best gw refcnt after netlink dump batman-adv: Fix bat_v best gw refcnt after netlink dump Taeung Song (3): samples/bpf: add missing <linux/if_vlan.h> samples/bpf: Check the result of system() samples/bpf: Check the error of write() and read() Takashi Iwai (2): EDAC: Add missing MEM_LRDDR4 entry in edac_mem_types[] ALSA: seq: Fix UBSAN warning at SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT ioctl Thomas Richter (2): perf record: Support s390 random socket_id assignment perf test session topology: Fix test on s390 Tomasz Duszynski (1): iio: pressure: bmp280: fix relative humidity unit Trond Myklebust (1): pNFS: Always free the session slot on error in nfs4_layoutget_handle_exception Ursula Braun (1): net/smc: no shutdown in state SMC_LISTEN Uwe Kleine-König (1): ARM: dts: imx6: RDU2: fix irq type for mv88e6xxx switch Vijay Immanuel (1): IB/rxe: Fix missing completion for mem_reg work requests Vikas Gupta (1): bnxt_en: Fix for system hang if request_irq fails Vincent Pelletier (1): usb: gadget: ffs: Fix BUG when userland exits with submitted AIO transfers Viresh Kumar (1): arm: dts: armada: Fix "#cooling-cells" property's name Vladimir Zapolskiy (4): sh_eth: fix invalid context bug while calling auto-negotiation by ethtool sh_eth: fix invalid context bug while changing link options by ethtool ravb: fix invalid context bug while calling auto-negotiation by ethtool ravb: fix invalid context bug while changing link options by ethtool Wei Yongjun (1): pinctrl: nsp: Fix potential NULL dereference Willem de Bruijn (2): packet: reset network header if packet shorter than ll reserved space packet: refine ring v3 block size test to hold one frame William Wu (2): usb: dwc2: alloc dma aligned buffer for isoc split in usb: dwc2: fix isoc split in transfer with no data Yan, Zheng (1): ceph: fix dentry leak in splice_dentry() Yonghong Song (1): perf tools: Fix a clang 7.0 compilation error Yuchung Cheng (1): tcp: remove DELAYED ACK events in DCTCP Yuiko Oshino (1): smsc75xx: Add workaround for gigabit link up hardware errata. Zhen Lei (1): kasan: fix shadow_size calculation error in kasan_module_alloc Zhenzhong Duan (2): x86/microcode/intel: Fix memleak in save_microcode_patch() x86/mm/32: Initialize the CR4 shadow before __flush_tlb_all() Zhizhou Zhang (1): arm64: make secondary_start_kernel() notrace Zhouyang Jia (3): xen: add error handling for xenbus_printf scsi: xen-scsifront: add error handling for xenbus_printf xen/scsiback: add error handling for xenbus_printf

7 years, 3 months

1
1
0 0

Linux 4.17.19

by Greg KH

I'm announcing the release of the 4.17.19 kernel. Note, this is the LAST 4.17.y kernel to be released, it is now end-of-life. Pleas move to 4.18.y at this time. All users of the 4.17 kernel series must upgrade. The updated 4.17.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.17.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 8 - arch/arc/Makefile | 15 - arch/arc/include/asm/mach_desc.h | 2 arch/arc/kernel/irq.c | 2 arch/arc/kernel/process.c | 47 ++++-- arch/arc/plat-hsdk/platform.c | 62 ++++++++ arch/arm/boot/dts/am3517.dtsi | 5 arch/arm/boot/dts/am437x-sk-evm.dts | 2 arch/arm/boot/dts/armada-385-synology-ds116.dts | 2 arch/arm/boot/dts/bcm-cygnus.dtsi | 24 +-- arch/arm/boot/dts/bcm-hr2.dtsi | 24 +-- arch/arm/boot/dts/bcm-nsp.dtsi | 32 ++-- arch/arm/boot/dts/bcm5301x.dtsi | 2 arch/arm/boot/dts/da850.dtsi | 6 arch/arm/boot/dts/imx6qdl-zii-rdu2.dtsi | 2 arch/arm/boot/dts/omap4-droid4-xt894.dts | 9 - arch/arm/configs/imx_v4_v5_defconfig | 2 arch/arm/configs/imx_v6_v7_defconfig | 2 arch/arm/crypto/speck-neon-core.S | 6 arch/arm/mach-davinci/board-da850-evm.c | 2 arch/arm/mach-omap2/omap-smp.c | 41 +++++ arch/arm/mach-pxa/irq.c | 4 arch/arm/mm/init.c | 9 + arch/arm64/boot/dts/amlogic/meson-axg-s400.dts | 15 + arch/arm64/boot/dts/amlogic/meson-gxl-mali.dtsi | 2 arch/arm64/boot/dts/broadcom/northstar2/ns2.dtsi | 8 - arch/arm64/boot/dts/broadcom/stingray/bcm958742k.dts | 4 arch/arm64/boot/dts/broadcom/stingray/bcm958742t.dts | 4 arch/arm64/boot/dts/broadcom/stingray/stingray.dtsi | 4 arch/arm64/boot/dts/qcom/msm8916.dtsi | 4 arch/arm64/boot/dts/socionext/uniphier-ld11-global.dts | 2 arch/arm64/boot/dts/socionext/uniphier-ld20-global.dts | 2 arch/arm64/include/asm/alternative.h | 7 arch/arm64/kernel/alternative.c | 51 +++++- arch/arm64/kernel/module.c | 5 arch/arm64/kernel/smp.c | 2 arch/arm64/mm/dma-mapping.c | 9 - arch/ia64/kernel/perfmon.c | 6 arch/ia64/mm/init.c | 12 - arch/m68k/include/asm/mcf_pgalloc.h | 4 arch/nds32/kernel/setup.c | 3 arch/openrisc/kernel/entry.S | 8 - arch/openrisc/kernel/head.S | 9 - arch/openrisc/kernel/traps.c | 2 arch/parisc/include/asm/spinlock.h | 8 - arch/parisc/kernel/syscall.S | 24 +-- arch/powerpc/kernel/smp.c | 6 arch/riscv/kernel/irq.c | 4 arch/riscv/kernel/module.c | 4 arch/riscv/kernel/ptrace.c | 2 arch/s390/net/bpf_jit_comp.c | 1 arch/x86/include/asm/processor.h | 1 arch/x86/include/asm/set_memory.h | 1 arch/x86/kernel/cpu/microcode/intel.c | 5 arch/x86/kernel/kvmclock.c | 1 arch/x86/kernel/smpboot.c | 5 arch/x86/kvm/vmx.c | 9 - arch/x86/mm/init.c | 37 ++++ arch/x86/mm/init_64.c | 8 - arch/x86/mm/pageattr.c | 13 + block/blk-mq-debugfs.c | 2 block/blk-mq.c | 12 + block/sed-opal.c | 4 drivers/acpi/ec.c | 20 ++ drivers/acpi/nfit/core.c | 4 drivers/ata/libahci.c | 7 drivers/block/drbd/drbd_req.c | 4 drivers/block/nbd.c | 40 ++++- drivers/char/ipmi/kcs_bmc.c | 31 +--- drivers/clk/Makefile | 2 drivers/clk/davinci/da8xx-cfgchip.c | 2 drivers/clk/sunxi-ng/Makefile | 39 +---- drivers/clocksource/timer-stm32.c | 4 drivers/dax/device.c | 12 + drivers/dma/k3dma.c | 2 drivers/dma/omap-dma.c | 6 drivers/dma/pl330.c | 2 drivers/edac/edac_mc.c | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_pm.c | 3 drivers/gpu/drm/amd/amdgpu/vce_v3_0.c | 4 drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c | 19 ++ drivers/gpu/drm/amd/powerplay/hwmgr/vega12_hwmgr.c | 1 drivers/gpu/drm/arm/malidp_drv.c | 3 drivers/gpu/drm/arm/malidp_hw.c | 3 drivers/gpu/drm/arm/malidp_planes.c | 9 - drivers/gpu/drm/armada/armada_crtc.c | 12 + drivers/gpu/drm/armada/armada_hw.h | 1 drivers/gpu/drm/armada/armada_overlay.c | 30 ++- drivers/gpu/drm/bridge/sil-sii8620.c | 121 ++++++++-------- drivers/gpu/drm/exynos/exynos5433_drm_decon.c | 6 drivers/gpu/drm/exynos/exynos_drm_gsc.c | 29 ++- drivers/gpu/drm/exynos/regs-gsc.h | 1 drivers/gpu/drm/i915/gvt/kvmgt.c | 9 + drivers/gpu/drm/nouveau/nouveau_gem.c | 4 drivers/gpu/drm/sun4i/Makefile | 5 drivers/gpu/drm/tegra/drm.c | 2 drivers/gpu/host1x/dev.c | 3 drivers/gpu/host1x/job.c | 3 drivers/hid/hid-google-hammer.c | 2 drivers/hid/hid-ids.h | 1 drivers/hid/wacom_wac.c | 10 + drivers/hwmon/dell-smm-hwmon.c | 7 drivers/hwmon/nct6775.c | 2 drivers/i2c/busses/i2c-imx.c | 8 - drivers/i2c/i2c-core-acpi.c | 11 + drivers/iio/pressure/bmp280-core.c | 5 drivers/infiniband/hw/mlx4/mr.c | 7 drivers/infiniband/hw/mlx5/srq.c | 18 +- drivers/infiniband/hw/qedr/verbs.c | 3 drivers/infiniband/sw/rxe/rxe_req.c | 5 drivers/input/rmi4/rmi_2d_sensor.c | 34 ++-- drivers/irqchip/irq-gic-v2m.c | 2 drivers/irqchip/irq-gic-v3-its.c | 10 + drivers/md/raid10.c | 7 drivers/mtd/devices/mtd_dataflash.c | 4 drivers/net/ethernet/broadcom/bnx2x/bnx2x.h | 1 drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 6 drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 6 drivers/net/ethernet/broadcom/bnxt/bnxt.c | 15 + drivers/net/ethernet/broadcom/bnxt/bnxt.h | 1 drivers/net/ethernet/broadcom/bnxt/bnxt_tc.c | 30 +++ drivers/net/ethernet/broadcom/bnxt/bnxt_ulp.c | 2 drivers/net/ethernet/cadence/macb_main.c | 11 - drivers/net/ethernet/cavium/Kconfig | 12 - drivers/net/ethernet/cavium/octeon/octeon_mgmt.c | 14 + drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 2 drivers/net/ethernet/chelsio/cxgb4/t4_hw.c | 35 +--- drivers/net/ethernet/cisco/enic/enic_clsf.c | 3 drivers/net/ethernet/cisco/enic/enic_main.c | 3 drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 15 + drivers/net/ethernet/freescale/fman/fman_port.c | 8 + drivers/net/ethernet/ibm/ibmvnic.c | 43 +++-- drivers/net/ethernet/intel/ixgbe/ixgbe_common.c | 12 + drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 2 drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 12 - drivers/net/ethernet/mellanox/mlx5/core/vport.c | 2 drivers/net/ethernet/netronome/nfp/bpf/main.c | 6 drivers/net/ethernet/netronome/nfp/nfpcore/nfp_nffw.c | 2 drivers/net/ethernet/qlogic/qed/qed_dcbx.c | 11 - drivers/net/ethernet/qlogic/qed/qed_debug.c | 2 drivers/net/ethernet/qlogic/qed/qed_ll2.c | 11 + drivers/net/ethernet/qlogic/qed/qed_main.c | 12 + drivers/net/ethernet/qlogic/qlcnic/qlcnic_sysfs.c | 2 drivers/net/ethernet/qualcomm/qca_spi.c | 21 +- drivers/net/ethernet/realtek/r8169.c | 1 drivers/net/ethernet/renesas/ravb_main.c | 56 ++----- drivers/net/ethernet/renesas/sh_eth.c | 59 ++----- drivers/net/ethernet/sfc/ef10.c | 30 ++- drivers/net/ethernet/sfc/efx.c | 17 +- drivers/net/ethernet/stmicro/stmmac/Kconfig | 2 drivers/net/ethernet/stmicro/stmmac/dwmac-socfpga.c | 18 +- drivers/net/ethernet/ti/davinci_emac.c | 4 drivers/net/hamradio/bpqether.c | 8 - drivers/net/hyperv/rndis_filter.c | 1 drivers/net/ieee802154/adf7242.c | 34 ++++ drivers/net/ieee802154/at86rf230.c | 15 - drivers/net/ieee802154/fakelb.c | 2 drivers/net/ieee802154/mcr20a.c | 3 drivers/net/ipvlan/ipvlan_main.c | 36 +++- drivers/net/phy/marvell.c | 54 ++++--- drivers/net/phy/sfp-bus.c | 35 +++- drivers/net/usb/rtl8150.c | 2 drivers/net/usb/smsc75xx.c | 62 ++++++++ drivers/net/wireless/ath/ath10k/mac.c | 16 +- drivers/net/wireless/ath/ath10k/wmi.h | 1 drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c | 7 drivers/nfc/pn533/usb.c | 4 drivers/nvme/host/core.c | 52 +++--- drivers/nvme/host/pci.c | 2 drivers/nvme/host/rdma.c | 28 ++- drivers/nvme/target/core.c | 8 + drivers/nvmem/core.c | 4 drivers/of/base.c | 6 drivers/of/of_private.h | 2 drivers/of/overlay.c | 11 + drivers/pci/dwc/pcie-designware-host.c | 3 drivers/pci/host/pci-aardvark.c | 2 drivers/pci/host/pci-ftpci100.c | 4 drivers/pci/host/pci-v3-semi.c | 2 drivers/pci/host/pci-versatile.c | 2 drivers/pci/host/pci-xgene.c | 2 drivers/pci/host/pcie-mediatek.c | 2 drivers/pci/host/pcie-xilinx-nwl.c | 2 drivers/pci/host/pcie-xilinx.c | 1 drivers/pci/hotplug/pci_hotplug_core.c | 9 + drivers/pci/hotplug/pciehp.h | 1 drivers/pci/hotplug/pciehp_core.c | 7 drivers/pci/hotplug/pciehp_hpc.c | 18 -- drivers/pci/of.c | 2 drivers/pci/pci-acpi.c | 6 drivers/pci/pci.c | 66 ++++++++ drivers/pci/probe.c | 4 drivers/perf/xgene_pmu.c | 2 drivers/pinctrl/bcm/pinctrl-nsp-mux.c | 6 drivers/pinctrl/pinctrl-ingenic.c | 2 drivers/platform/x86/dell-laptop.c | 2 drivers/rtc/interface.c | 8 - drivers/s390/cio/vfio_ccw_drv.c | 5 drivers/s390/net/qeth_core.h | 2 drivers/s390/net/qeth_core_main.c | 23 +-- drivers/s390/net/qeth_l2_main.c | 5 drivers/s390/net/qeth_l3_main.c | 3 drivers/scsi/hpsa.c | 25 ++- drivers/scsi/hpsa.h | 1 drivers/scsi/qedf/qedf_main.c | 12 + drivers/scsi/qedi/qedi_main.c | 11 + drivers/scsi/xen-scsifront.c | 33 +++- drivers/soc/imx/gpc.c | 21 ++ drivers/soc/imx/gpcv2.c | 13 + drivers/tty/pty.c | 2 drivers/usb/chipidea/host.c | 5 drivers/usb/dwc2/core.h | 3 drivers/usb/dwc2/gadget.c | 15 + drivers/usb/dwc2/hcd.c | 93 +++++++++++- drivers/usb/dwc2/hcd.h | 8 + drivers/usb/dwc2/hcd_intr.c | 11 + drivers/usb/dwc2/hcd_queue.c | 3 drivers/usb/dwc3/dwc3-of-simple.c | 3 drivers/usb/dwc3/dwc3-pci.c | 2 drivers/usb/gadget/composite.c | 3 drivers/usb/gadget/function/f_fs.c | 26 ++- drivers/usb/host/xhci-dbgcap.c | 12 + drivers/usb/host/xhci-tegra.c | 2 drivers/usb/host/xhci.c | 7 drivers/usb/typec/tcpm.c | 3 drivers/xen/manage.c | 18 +- drivers/xen/xen-scsiback.c | 16 +- fs/btrfs/scrub.c | 17 +- fs/ceph/inode.c | 1 fs/cifs/smb2pdu.c | 5 fs/exec.c | 6 fs/ext4/mballoc.c | 4 fs/nfs/nfs4proc.c | 17 +- fs/reiserfs/xattr.c | 4 include/linux/fsl/guts.h | 1 include/linux/kthread.h | 1 include/linux/marvell_phy.h | 2 include/linux/mm.h | 4 include/linux/pci.h | 2 include/linux/sched.h | 2 include/net/ipv6.h | 9 - include/net/net_namespace.h | 1 include/net/netns/ipv6.h | 1 include/net/tc_act/tc_csum.h | 1 include/net/tc_act/tc_tunnel_key.h | 1 include/net/tcp.h | 2 include/uapi/linux/nbd.h | 3 kernel/bpf/hashtab.c | 16 +- kernel/fork.c | 35 +++- kernel/kthread.c | 30 +++ kernel/locking/lockdep.c | 12 - kernel/sched/core.c | 67 ++++---- kernel/sched/deadline.c | 11 + kernel/sched/fair.c | 30 +-- kernel/sched/sched.h | 6 kernel/trace/trace.c | 5 mm/kasan/kasan.c | 5 mm/mmap.c | 35 +--- mm/nommu.c | 10 - mm/page_alloc.c | 16 +- net/9p/client.c | 3 net/batman-adv/bat_iv_ogm.c | 4 net/batman-adv/bat_v.c | 4 net/batman-adv/debugfs.c | 40 +++++ net/batman-adv/debugfs.h | 11 + net/batman-adv/hard-interface.c | 37 ++++ net/batman-adv/translation-table.c | 7 net/core/dev.c | 4 net/core/filter.c | 3 net/ieee802154/6lowpan/core.c | 6 net/ipv4/inet_fragment.c | 2 net/ipv4/netfilter/ip_tables.c | 1 net/ipv4/tcp.c | 4 net/ipv4/tcp_dctcp.c | 25 --- net/ipv4/tcp_output.c | 4 net/ipv6/calipso.c | 9 - net/ipv6/exthdrs.c | 111 +++----------- net/ipv6/ipv6_sockglue.c | 27 ++- net/ipv6/mcast.c | 9 - net/ipv6/netfilter/ip6_tables.c | 1 net/ipv6/netfilter/nf_conntrack_reasm.c | 6 net/mac80211/tx.c | 2 net/netfilter/nf_conntrack_core.c | 2 net/netfilter/nf_conntrack_helper.c | 5 net/netfilter/nf_conntrack_proto_dccp.c | 8 - net/netfilter/nf_log.c | 4 net/netfilter/nft_compat.c | 13 + net/packet/af_packet.c | 12 + net/qrtr/qrtr.c | 13 + net/rds/connection.c | 11 + net/rds/loop.c | 56 +++++++ net/rds/loop.h | 2 net/sched/act_csum.c | 6 net/sched/act_tunnel_key.c | 6 net/sctp/chunk.c | 4 net/smc/af_smc.c | 3 net/smc/smc_clc.c | 3 net/tipc/discover.c | 18 +- net/tipc/net.c | 17 +- net/tipc/node.c | 7 net/tls/tls_sw.c | 5 net/wireless/nl80211.c | 35 +--- net/xfrm/xfrm_user.c | 8 - samples/bpf/parse_varlen.c | 6 samples/bpf/test_overhead_user.c | 19 +- samples/bpf/trace_event_user.c | 27 +++ samples/bpf/xdp2skb_meta.sh | 6 scripts/kconfig/zconf.y | 4 security/smack/smack_lsm.c | 1 sound/core/seq/seq_clientmgr.c | 3 tools/build/Build.include | 2 tools/build/Makefile | 2 tools/objtool/elf.c | 41 +++-- tools/perf/Makefile.config | 3 tools/perf/arch/powerpc/util/skip-callchain-idx.c | 2 tools/perf/arch/x86/util/perf_regs.c | 2 tools/perf/bench/numa.c | 5 tools/perf/builtin-annotate.c | 11 + tools/perf/builtin-report.c | 3 tools/perf/builtin-script.c | 25 +++ tools/perf/jvmti/jvmti_agent.c | 3 tools/perf/pmu-events/Build | 2 tools/perf/tests/builtin-test.c | 2 tools/perf/tests/parse-events.c | 8 - tools/perf/tests/topology.c | 1 tools/perf/util/c++/clang.cpp | 11 + tools/perf/util/header.c | 12 + tools/perf/util/llvm-utils.c | 6 tools/perf/util/parse-events.y | 5 tools/perf/util/scripting-engines/trace-event-python.c | 8 - tools/testing/nvdimm/test/nfit.c | 3 tools/testing/selftests/bpf/test_kmod.sh | 9 + tools/testing/selftests/bpf/test_offload.py | 12 + tools/testing/selftests/net/config | 2 tools/testing/selftests/pstore/pstore_post_reboot_tests | 5 tools/testing/selftests/static_keys/test_static_keys.sh | 13 + tools/testing/selftests/sync/config | 4 tools/testing/selftests/sysctl/sysctl.sh | 20 +- tools/testing/selftests/user/test_user_copy.sh | 7 tools/testing/selftests/vm/compaction_test.c | 4 tools/testing/selftests/vm/mlock2-tests.c | 12 - tools/testing/selftests/vm/run_vmtests | 5 tools/testing/selftests/vm/userfaultfd.c | 4 tools/testing/selftests/x86/sigreturn.c | 59 ++++--- tools/testing/selftests/zram/zram.sh | 5 tools/testing/selftests/zram/zram_lib.sh | 5 virt/kvm/arm/vgic/vgic-v3.c | 5 347 files changed, 2651 insertions(+), 1284 deletions(-) Adam Ford (2): ARM: davinci: board-da850-evm: fix WP pin polarity for MMC/SD ARM: dts: am3517.dtsi: Disable reference to OMAP3 OTG controller Ajay Gupta (1): usb: xhci: increase CRS timeout value Alex Deucher (1): drm/amdgpu: fix swapped emit_ib_size in vce3 Alexander Duyck (1): ixgbe: Be more careful when modifying MAC filters Alexander Sverdlin (2): octeon_mgmt: Fix MIX registers configuration on MTU setup net: cavium: Add fine-granular dependencies on PCI Alexandre Belloni (1): rtc: fix alarm read and set offset Alexey Brodkin (2): ARC: Explicitly add -mmedium-calls to CFLAGS ARC: Enable machine_desc->init_per_cpu for !CONFIG_SMP Alison Wang (1): drm: mali-dp: Enable Global SE interrupts mask for DP500 Anders Roxell (1): selftests: net: add config fragments Andreas Schwab (1): RISC-V: fix R_RISCV_ADD32/R_RISCV_SUB32 relocations Andrey Ryabinin (1): netfilter: nf_conntrack: Fix possible possible crash on module loading. Andrzej Hajda (1): drm/bridge/sii8620: fix loops in EDID fetch logic Andy Lutomirski (2): selftests/x86/sigreturn/64: Fix spurious failures on AMD CPUs selftests/x86/sigreturn: Do minor cleanups Anson Huang (2): soc: imx: gpcv2: correct PGC offset soc: imx: gpc: restrict register range for regmap access Ard Biesheuvel (1): KVM: arm/arm64: Drop resource size check for GICV window Arnd Bergmann (2): ieee802154: mcr20a: add missing includes drm/sun4i: link in front-end code if needed Artur Petrosyan (1): usb: dwc2: Fix host exit from hibernation flow. Arun Kumar Neelakantam (2): net: qrtr: Broadcast messages only from control port net: qrtr: Reset the node and port ID of broadcast messages Ayan Kumar Halder (3): drm/arm/malidp: Ensure that the crtcs are shutdown before removing any encoder/connector drm/arm/malidp: Preserve LAYER_FORMAT contents when setting format drm/mali-dp: Rectify the width and height passed to rotmem_required() Bart Van Assche (1): drbd: Fix drbd_request_prepare() discard handling Bartosz Golaszewski (1): net: davinci_emac: match the mdio device against its compatible if possible Bert Kenward (2): sfc: avoid hang from nested use of the filter_sem sfc: hold filter_sem consistently during reset BingJing Chang (1): md/raid10: fix that replacement cannot complete recovery after reassemble Bob Copeland (1): nl80211: relax ht operation checks for mesh Casey Leedom (1): cxgb4: assume flash part size to be 4MB, if it can't be determined Casey Schaufler (1): Smack: Mark inode instant in smack_task_to_inode Chengguang Xu (1): nfp: cast sizeof() to int when comparing with error code Christian König (1): PCI: Restore resized BAR state on resume Christophe Jaillet (1): IB/mlx4: Fix an error handling path in 'mlx4_ib_rereg_user_mr()' Chunfeng Yun (1): usb: gadget: composite: fix delayed_status race condition when set_interface Damien Thébault (1): platform/x86: dell-laptop: Fix backlight detection Dan Carpenter (10): blk-mq-debugfs: Off by one in blk_mq_rq_state_name() block: sed-opal: Fix a couple off by one bugs typec: tcpm: Fix a msecs vs jiffies bug clk: davinci: cfgchip: testing the wrong variable dmaengine: k3dma: Off by one in k3_of_dma_simple_xlate() qed: off by one in qed_parse_mcp_trace_buf() ixgbe: Off by one in ixgbe_ipsec_tx() qlogic: check kstrtoul() for errors pinctrl: nsp: off by ones in nsp_pinmux_enable() drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply() Daniel Borkmann (1): bpf, s390: fix potential memleak when later bpf_jit_prog fails Daniel Mack (2): ARM: dts: am437x: make edt-ft5x06 a wakeup source ARM: pxa: irq: fix handling of ICMR registers in suspend/resume Dave Hansen (4): mm: Allow non-direct-map arguments to free_reserved_area() x86/mm/init: Pass unconverted symbol addresses to free_init_pages() x86/mm/init: Add helper for freeing kernel image pages x86/mm/init: Remove freed kernel image areas from alias mapping Dave Jiang (2): acpi/nfit: fix cmd_rc for acpi_nfit_ctl to always return a value nfit: fix unchecked dereference in acpi_nfit_ctl David Francis (1): amd/dc/dce100: On dce100, set clocks to 0 on suspend David Lechner (1): net: usb: rtl8150: demote allmulti message to dev_dbg() Davide Caratti (2): net/sched: act_csum: fix NULL dereference when 'goto chain' is used net/sched: act_tunnel_key: fix NULL dereference when 'goto chain' is used Denis Kenzior (1): mac80211: disable BHs/preemption in ieee80211_tx_control_port() Dinh Nguyen (1): net: stmmac: socfpga: add additional ocp reset line for Stratix10 Dirk Gouders (1): kconfig: fix line numbers for if-entries in menu tree Dmitry Osipenko (2): gpu: host1x: Skip IOMMU initialization if firewall is enabled gpu: host1x: Check whether size of unpin isn't 0 Don Brace (1): scsi: hpsa: correct enclosure sas address Dong Jia Shi (1): vfio: ccw: fix error return in vfio_ccw_sch_event Dongjiu Geng (1): usb: xhci: remove the code build warning Doron Roberts-Kedes (2): nbd: Add the nbd NBD_DISCONNECT_ON_CLOSE config flag. tls: fix skb_to_sgvec returning unhandled error. Douglas Anderson (1): nvmem: Don't let a NULL cell_id for nvmem_cell_get() crash us Eli Cohen (1): net/mlx5: E-Switch, Disallow vlan/spoofcheck setup if not being esw manager Eric Biggers (1): crypto: arm/speck - fix building in Thumb2 mode Eric Dumazet (2): netfilter: ipv6: nf_defrag: reduce struct net memory waste xfrm_user: prevent leaking 2 bytes of kernel memory Esben Haabendal (1): i2c: imx: Fix race condition in dma read Evan Quan (1): drm/amd/powerplay: correct vega12 thermal support as true Fabio Estevam (2): ARM: imx_v6_v7_defconfig: Select ULPI support ARM: imx_v4_v5_defconfig: Select ULPI support Fathi Boudra (1): selftests: sync: add config fragment for testing sync framework Florian Fainelli (4): ARM: dts: NSP: Fix i2c controller interrupt type ARM: dts: NSP: Fix PCIe controllers interrupt types ARM: dts: HR2: Fix interrupt types for i2c and PCIe ARM: dts: BCM5301x: Fix i2c controller interrupt type Florian Westphal (3): netfilter: x_tables: set module owner for icmp(6) matches netfilter: nft_compat: explicitly reject ERROR and standard target netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state Frank Rowand (1): of: overlay: update phandle cache on overlay apply and remove Frederic Weisbecker (1): sched/nohz: Skip remote tick on idle task entirely Ganesh Goudar (1): cxgb4: when disabling dcb set txq dcb priority to 0 Gao Feng (1): netfilter: nf_ct_helper: Fix possible panic after nf_conntrack_helper_unregister Geert Uytterhoeven (1): mtd: dataflash: Use ULL suffix for 64-bit constants Govindarajulu Varadarajan (1): enic: initialize enic->rfs_h.lock in enic_probe Greentime Hu (1): nds32: Fix the dts pointer is not passed correctly issue. Greg Kroah-Hartman (1): Linux 4.17.19 Greg Ungerer (1): m68k: fix "bad page state" oops on ColdFire boot Grigor Tovmasyan (1): usb: gadget: dwc2: fix memory leak in gadget_init() Guenter Roeck (1): hwmon: (nct6775) Fix loop limit Gustavo A. R. Silva (2): drm/i915/kvmgt: Fix potential Spectre v1 drm/amdgpu/pm: Fix potential Spectre v1 Gustavo Pimentel (1): ARC: [plat-hsdk]: Configure APB GPIO controller on ARC HSDK platform Haiyue Wang (1): ipmi: kcs_bmc: fix IRQ exception if the channel is not open Hangbin Liu (2): ipv6: mcast: fix unsolicited report interval after receiving querys ipvlan: call dev_change_flags when ipvlan mode is reset Hans de Goede (2): NFC: pn533: Fix wrong GFP flag usage i2c: core: ACPI: Properly set status byte to 0 for multi-byte writes Harini Katakam (1): net: macb: Free RX ring for all queues Heikki Krogerus (1): usb: dwc3: pci: add support for Intel IceLake Heiner Kallweit (1): r8169: fix mac address change Helge Eichelberg (1): hwmon: (dell-smm) Disable fan support for Dell XPS13 9333 Hoan Tran (1): drivers/perf: xgene_pmu: Fix IOB SLOW PMU parser error Israel Rukshin (1): nvme-rdma: Fix command completion race at error recovery Jakub Kicinski (2): selftests/bpf: test offloads even with BPF programs present nfp: bpf: don't stop offload if replace failed Jann Horn (2): netfilter: nf_log: fix uninit read in nf_log_proc_dostring reiserfs: fix broken xattr handling (heap corruption, bad retval) Janne Huttunen (1): perf script python: Fix dict reference counting Janusz Krzysztofik (1): dmaengine: ti: omap-dma: Fix OMAP1510 incorrect residue_granularity Jason Gerecke (1): HID: wacom: Correct touch maximum XY of 2nd-gen Intuos Jeff Moyer (1): dev-dax: check_vma: ratelimit dev_info-s Jeffrin Jose T (1): selftests: bpf: notification about privilege required to run test_kmod.sh testing script Jens Axboe (1): blk-mq: don't queue more if we get a busy return Jeremy Cline (2): perf tools: Use python-config --includes rather than --cflags ext4: fix spectre gadget in ext4_mb_regular_allocator() Jerome Brunet (1): ARM64: dts: meson-axg: fix ethernet stability issue Jianchao Wang (1): nvme-pci: move nvme_kill_queues to nvme_remove_dead_ctrl Jim Mattson (1): kvm: nVMX: Restore exit qual for VM-entry failure due to MSR loading Jim Wilson (1): RISC-V: Fix PTRACE_SETREGSET bug. Jiri Olsa (4): perf tools: Fix error index for pmu event parser perf tests: Add event parsing error handling to parse events test perf bench: Fix numa report output code perf tools: Fix compilation errors on gcc8 Johan Hovold (1): usb: dwc3: of-simple: fix use-after-free on remove Johannes Berg (1): nl80211: check nla_parse_nested() return values John Allen (1): ibmvnic: Fix error recovery on login failure John David Anglin (2): parisc: Remove unnecessary barriers from spinlock.h parisc: Remove ordered stores from syscall.S John Fastabend (1): bpf: fix sk_skb programs without skb->dev assigned John Garry (1): libahci: Fix possible Spectre-v1 pmp indexing in ahci_led_store() Jon Maloy (4): tipc: fix wrong return value from function tipc_node_try_addr() tipc: correct discovery message handling during address trial period tipc: fix correct setting of message type in second discoverer tipc: make function tipc_net_finalize() thread safe Josh Poimboeuf (1): objtool: Support GCC 8 '-fnoreorder-functions' Julia Lawall (1): clocksource/drivers/stm32: Fix error return code Julian Wiedmann (1): s390/qeth: consistently re-enable device features Juri Lelli (1): sched/deadline: Fix switched_from_dl() warning Kai-Heng Feng (1): usb: xhci: dbc: Don't decrement runtime PM counter if DBC is not started Kalderon, Michal (1): RDMA/qedr: Fix NULL pointer dereference when running over iWARP without RDMA-CM Kamal Heib (1): RDMA/mlx5: Fix memory leak in mlx5_ib_create_srq() error path Karsten Graul (1): net/smc: reset recv timeout after clc handshake Katsuhiro Suzuki (1): arm64: dts: uniphier: fix widget name of headphone for LD11/LD20 boards Keerthy (1): ARM: dts: da850: Fix interrups property for gpio Kim Phillips (2): perf llvm-utils: Remove bashism from kernel include fetch script perf test shell: Prevent temporary editor files from being considered test scripts Laura Abbott (2): tools: build: Fixup host c flags tools: build: Use HOSTLDFLAGS with fixdep Li RongQing (1): net: propagate dev_get_valid_name return code Linus Lüssing (2): batman-adv: Avoid storing non-TT-sync flags on singular entries too batman-adv: Fix multicast TT issues with bogus ROAM flags Linus Torvalds (3): mm: use helper functions for allocating and freeing vm_area structs mm: make vm_area_dup() actually copy the old vma data mm: make vm_area_alloc() initialize core fields Lubomir Rintel (1): ieee802154: 6lowpan: set IFLA_LINK Lucas Stach (1): Input: synaptics-rmi4 - fix axis-swap behavior Lukas Wunner (3): PCI: hotplug: Don't leak pci_slot on registration failure PCI: pciehp: Fix use-after-free on unplug PCI: pciehp: Fix unprotected list iteration in IRQ handler Maciej Purski (4): drm/bridge/sii8620: fix display modes validation drm/bridge/sii8620: fix potential buffer overflow drm/bridge/sii8620: fix display of packed pixel modes in MHL2 drm/bridge/sii8620: Fix display of packed pixel modes Madalin Bucur (2): fsl/fman: fix parser reporting bad checksum on short frames dpaa_eth: DPAA SGT needs to be 256B Manish Rangankar (1): scsi: qedi: Send driver state to MFW Marc Zyngier (2): irqchip/gic-v2m: Fix SPI release on error path irqchip/gic-v3-its: Fix reprogramming of redistributors on CPU hotplug Marcelo Ricardo Leitner (1): sctp: fix erroneous inc of snmp SctpFragUsrMsgs Marek Szyprowski (5): arm64: dma-mapping: clear buffers allocated with FORCE_CONTIGUOUS flag dmaengine: pl330: report BURST residue granularity drm/exynos: gsc: Fix support for NV16/61, YUV420/YVU420 and YUV422 modes drm/exynos: decon5433: Fix per-plane global alpha for XRGB modes drm/exynos: decon5433: Fix WINCONx reset value Martin Blumenstingl (1): ARM64: dts: meson-gxl: fix Mali GPU compatible string Masahiro Yamada (2): clk: sunxi-ng: replace lib-y with obj-y kbuild: suppress warnings from 'getconf LFS_*' Mathieu Malaterre (1): tracing: Use __printf markup to silence compiler Matthijs van Duin (1): pty: fix O_CLOEXEC for TIOCGPTPEER Mauricio Vasquez B (1): bpf: hash map: decrement counter on error Max Gurtuvoy (1): nvmet: reset keep alive timer in controller enable Michael Chan (3): bnxt_en: Fix inconsistent BNXT_FLAG_AGG_RINGS logic. bnxt_en: Always set output parameters in bnxt_get_max_rings(). bnxt_en: Do not modify max IRQ count after RDMA driver requests/frees IRQs. Michael Hennerich (2): net: ieee802154: adf7242: Fix erroneous RX enable net: ieee802154: adf7242: Fix OCL calibration runs Michael Trimarchi (1): brcmfmac: stop watchdog before detach and free everything Mika Westerberg (1): ACPI / EC: Use ec_no_wakeup on Thinkpad X1 Carbon 6th Mikko Perttunen (1): drm/tegra: Fix comparison operator for buffer size Minas Harutyunyan (2): usb: dwc2: gadget: Fix issue in dwc2_gadget_start_isoc() dwc2: gadget: Fix ISOC IN DDMA PID bitfield value calculation Myron Stowe (1): PCI: Skip MPS logic for Virtual Functions (VFs) Nicholas Mc Guire (3): PCI: xilinx: Add missing of_node_put() PCI: xilinx-nwl: Add missing of_node_put() PCI: faraday: Add missing of_node_put() Nicholas Piggin (1): powerpc: smp_send_stop do not offline stopped CPUs Nicolas Boichat (1): HID: google: Add support for whiskers Nishanth Menon (1): ARM: DRA7/OMAP5: Enable ACTLR[0] (Enable invalidates of BTB) for secondary cores Palmer Dabbelt (1): RISC-V: Don't include irq-riscv-intc.h Paolo Abeni (1): ipfrag: really prevent allocation on netns exit Paul Cercueil (1): pinctrl: ingenic: Fix inverted direction for < JZ4770 Paul Moore (1): ipv6: make ipv6_renew_options() interrupt/kernel safe Pavel Machek (1): ARM: dts: omap4-droid4: fix dts w.r.t. pwm Peng Hao (1): kvmclock: fix TSC calibration for nested guests Peter Chen (1): usb: chipidea: host: fix disconnection detect issue Peter Zijlstra (2): kthread, sched/core: Fix kthread_parkme() (again...) ARC: Improve cmpxchg syscall implementation Qu Wenruo (1): btrfs: scrub: Don't use inode page cache in scrub_handle_errored_block() Rafael J. Wysocki (1): PCI / ACPI / PM: Resume all bridges on suspend-to-RAM Randy Dunlap (2): net/ethernet/freescale/fman: fix cross-build error tcp: identify cryptic messages as TCP seq # bugs Ravi Bangoria (2): perf script: Fix crash because of missing evsel->priv perf tools: Fix crash caused by accessing feat_ops[HEADER_LAST_FEATURE] Ray Jui (5): ARM: dts: Cygnus: Fix I2C controller interrupt type ARM: dts: Cygnus: Fix PCIe controller interrupt type arm64: dts: ns2: Fix I2C controller interrupt type arm64: dts: ns2: Fix PCIe controller interrupt type arm64: dts: Stingray: Fix I2C controller interrupt type Rob Herring (1): arm64: dts: msm8916: fix Coresight ETF graph connections Robin H. Johnson (1): ACPI / EC: Use ec_no_wakeup on more Thinkpad X1 Carbon 6th systems Roland Dreier (1): nvme: fix handling of metadata_len for NVME_IOCTL_IO_CMD Russell King (4): drm/armada: fix colorkey mode property drm/armada: fix irq handling sfp: ensure we clean up properly on bus registration failure sfp: fix module initialisation with netdev already up Ryan Hsu (1): ath10k: update the phymode along with bandwidth change request Sagi Grimberg (1): nvme-rdma: fix possible double free condition when failing to create a controller Sandipan Das (1): perf report powerpc: Fix crash if callchain is empty Saurav Kashyap (1): scsi: qedf: Send the driver state to MFW Scott Bauer (1): nvme: ensure forward progress during Admin passthru Scott Branden (2): arm64: dts: specify 1.8V EMMC capabilities for bcm958742k arm64: dts: specify 1.8V EMMC capabilities for bcm958742t Sergei Shtylyov (8): PCI: OF: Fix I/O space page leak PCI: xgene: Fix I/O space page leak PCI: versatile: Fix I/O space page leak PCI: designware: Fix I/O space page leak PCI: aardvark: Fix I/O space page leak PCI: faraday: Fix I/O space page leak PCI: mediatek: Fix I/O space page leak PCI: v3-semi: Fix I/O space page leak Shuah Khan (Samsung OSG) (6): selftests: pstore: return Kselftest Skip code for skipped tests selftests: static_keys: return Kselftest Skip code for skipped tests selftests: sysctl: return Kselftest Skip code for skipped tests selftests: user: return Kselftest Skip code for skipped tests selftests: zram: return Kselftest Skip code for skipped tests selftests: vm: return Kselftest Skip code for skipped tests Sowmini Varadhan (1): rds: clean up loopback rds_connections on netns deletion Stafford Horne (1): openrisc: entry: Fix delay slot exception detection Stefan Agner (1): net: hamradio: use eth_broadcast_addr Stefan Schmidt (3): ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem ieee802154: at86rf230: use __func__ macro for debug messages ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem Stefan Wahren (3): net: qca_spi: Avoid packet drop during initial sync net: qca_spi: Make sure the QCA7000 reset is triggered net: qca_spi: Fix log level if probe fails Stephen Hemminger (1): hv/netvsc: fix handling of fallback to single queue mode Steve French (1): smb3: increase initial number of credits requested to allow write Steven Rostedt (VMware) (2): locking/lockdep: Do not record IRQ state within lockdep code ARM: 8780/1: ftrace: Only set kernel memory back to read-only after boot Sudarsana Reddy Kalluru (4): qed: Fix possible memory leak in Rx error path handling. qed: Add sanity check for SIMD fastpath handler. qed: Do not advertise DCBX_LLD_MANAGED capability. bnx2x: Fix receiving tx-timeout in error or recovery state. Sven Eckelmann (4): batman-adv: Fix bat_ogm_iv best gw refcnt after netlink dump batman-adv: Fix bat_v best gw refcnt after netlink dump batman-adv: Fix debugfs path for renamed hardif batman-adv: Fix debugfs path for renamed softif Taeung Song (4): samples/bpf: add missing <linux/if_vlan.h> samples/bpf: Check the result of system() samples/bpf: Check the error of write() and read() samples/bpf: Fix tc and ip paths in xdp2skb_meta.sh Takashi Iwai (2): ALSA: seq: Fix UBSAN warning at SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT ioctl EDAC: Add missing MEM_LRDDR4 entry in edac_mem_types[] Thomas Falcon (1): ibmvnic: Revise RX/TX queue error messages Thomas Richter (2): perf record: Support s390 random socket_id assignment perf test session topology: Fix test on s390 Tomasz Duszynski (1): iio: pressure: bmp280: fix relative humidity unit Trond Myklebust (1): pNFS: Always free the session slot on error in nfs4_layoutget_handle_exception Ursula Braun (1): net/smc: no shutdown in state SMC_LISTEN Uwe Kleine-König (1): ARM: dts: imx6: RDU2: fix irq type for mv88e6xxx switch Venkat Duvvuru (1): bnxt_en: Fix the vlan_tci exact match check. Vijay Immanuel (1): IB/rxe: Fix missing completion for mem_reg work requests Vikas Gupta (1): bnxt_en: Fix for system hang if request_irq fails Vincent Guittot (1): sched/util_est: Fix util_est_dequeue() for throttled cfs_rq Vincent Pelletier (1): usb: gadget: ffs: Fix BUG when userland exits with submitted AIO transfers Viresh Kumar (1): arm: dts: armada: Fix "#cooling-cells" property's name Vishal Verma (1): tools/testing/nvdimm: advertise a write cache for nfit_test Vladimir Zapolskiy (4): sh_eth: fix invalid context bug while calling auto-negotiation by ethtool sh_eth: fix invalid context bug while changing link options by ethtool ravb: fix invalid context bug while calling auto-negotiation by ethtool ravb: fix invalid context bug while changing link options by ethtool Wang Dongsheng (1): net: phy: marvell: change default m88e1510 LED configuration Wei Yongjun (1): pinctrl: nsp: Fix potential NULL dereference Will Deacon (1): arm64: Avoid flush_icache_range() in alternatives patching code Willem de Bruijn (2): packet: reset network header if packet shorter than ll reserved space packet: refine ring v3 block size test to hold one frame William Wu (2): usb: dwc2: alloc dma aligned buffer for isoc split in usb: dwc2: fix isoc split in transfer with no data Xunlei Pang (1): sched/fair: Fix bandwidth timer clock drift condition Yan, Zheng (1): ceph: fix dentry leak in splice_dentry() Yonghong Song (1): perf tools: Fix a clang 7.0 compilation error Yuchung Cheng (1): tcp: remove DELAYED ACK events in DCTCP Yuiko Oshino (1): smsc75xx: Add workaround for gigabit link up hardware errata. Zhen Lei (1): kasan: fix shadow_size calculation error in kasan_module_alloc Zhenzhong Duan (2): x86/microcode/intel: Fix memleak in save_microcode_patch() x86/mm/32: Initialize the CR4 shadow before __flush_tlb_all() Zhizhou Zhang (1): arm64: make secondary_start_kernel() notrace Zhouyang Jia (3): xen: add error handling for xenbus_printf scsi: xen-scsifront: add error handling for xenbus_printf xen/scsiback: add error handling for xenbus_printf Zhu Yanjun (1): IB/rxe: avoid double kfree skb piaojun (1): net/9p/client.c: put refcount of trans_mod in error case in parse_opts()

7 years, 3 months

1
1
0 0

Linux 4.18.5

by Greg KH

I'm announcing the release of the 4.18.5 kernel. All users of the 4.18 kernel series must upgrade. The updated 4.18.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.18.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 - arch/parisc/include/asm/spinlock.h | 8 +------ arch/parisc/kernel/syscall.S | 24 ++++++++++----------- arch/powerpc/kernel/security.c | 27 +++++++++++++++--------- arch/x86/include/asm/processor.h | 1 arch/x86/include/asm/set_memory.h | 1 arch/x86/mm/init.c | 37 ++++++++++++++++++++++++++++++--- arch/x86/mm/init_64.c | 8 +------ arch/x86/mm/pageattr.c | 13 +++++++++++ drivers/edac/edac_mc.c | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_pm.c | 3 +- drivers/gpu/drm/i915/gvt/kvmgt.c | 9 +++++++- drivers/i2c/busses/i2c-imx.c | 8 +++---- drivers/i2c/i2c-core-acpi.c | 11 +++++++-- drivers/pci/controller/pci-aardvark.c | 1 drivers/pci/hotplug/pci_hotplug_core.c | 9 ++++++++ drivers/pci/hotplug/pciehp.h | 1 drivers/pci/hotplug/pciehp_core.c | 7 ++++++ drivers/pci/hotplug/pciehp_hpc.c | 18 ++++------------ drivers/pci/pci-acpi.c | 6 +---- drivers/pci/pci.c | 28 ++++++++++++++++++++++++ drivers/pci/probe.c | 4 +++ drivers/tty/pty.c | 2 - fs/ext4/mballoc.c | 4 ++- fs/reiserfs/xattr.c | 4 ++- mm/page_alloc.c | 16 ++++++++++++-- 26 files changed, 184 insertions(+), 69 deletions(-) Christian König (1): PCI: Restore resized BAR state on resume Dave Hansen (4): mm: Allow non-direct-map arguments to free_reserved_area() x86/mm/init: Pass unconverted symbol addresses to free_init_pages() x86/mm/init: Add helper for freeing kernel image pages x86/mm/init: Remove freed kernel image areas from alias mapping Esben Haabendal (1): i2c: imx: Fix race condition in dma read Greg Kroah-Hartman (1): Linux 4.18.5 Gustavo A. R. Silva (2): drm/i915/kvmgt: Fix potential Spectre v1 drm/amdgpu/pm: Fix potential Spectre v1 Hans de Goede (1): i2c: core: ACPI: Properly set status byte to 0 for multi-byte writes Jann Horn (1): reiserfs: fix broken xattr handling (heap corruption, bad retval) Jeremy Cline (1): ext4: fix spectre gadget in ext4_mb_regular_allocator() John David Anglin (2): parisc: Remove unnecessary barriers from spinlock.h parisc: Remove ordered stores from syscall.S Lukas Wunner (3): PCI: hotplug: Don't leak pci_slot on registration failure PCI: pciehp: Fix use-after-free on unplug PCI: pciehp: Fix unprotected list iteration in IRQ handler Matthijs van Duin (1): pty: fix O_CLOEXEC for TIOCGPTPEER Michael Ellerman (1): powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2 Myron Stowe (1): PCI: Skip MPS logic for Virtual Functions (VFs) Rafael J. Wysocki (1): PCI / ACPI / PM: Resume all bridges on suspend-to-RAM Takashi Iwai (1): EDAC: Add missing MEM_LRDDR4 entry in edac_mem_types[] Zachary Zhang (1): PCI: aardvark: Size bridges before resources allocation

7 years, 3 months

1
1
0 0

[PATCH 4.14.y] PCI: OF: Fix I/O space page leak

by Sergei Shtylyov

Commit a5fb9fb023a1435f2b42bccd7f547560f3a21dc3 upstream. When testing the R-Car PCIe driver on the Condor board, if the PCIe PHY driver was left disabled, the kernel crashed with this BUG: kernel BUG at lib/ioremap.c:72! Internal error: Oops - BUG: 0 [#1] PREEMPT SMP Modules linked in: CPU: 0 PID: 39 Comm: kworker/0:1 Not tainted 4.17.0-dirty #1092 Hardware name: Renesas Condor board based on r8a77980 (DT) Workqueue: events deferred_probe_work_func pstate: 80000005 (Nzcv daif -PAN -UAO) pc : ioremap_page_range+0x370/0x3c8 lr : ioremap_page_range+0x40/0x3c8 sp : ffff000008da39e0 x29: ffff000008da39e0 x28: 00e8000000000f07 x27: ffff7dfffee00000 x26: 0140000000000000 x25: ffff7dfffef00000 x24: 00000000000fe100 x23: ffff80007b906000 x22: ffff000008ab8000 x21: ffff000008bb1d58 x20: ffff7dfffef00000 x19: ffff800009c30fb8 x18: 0000000000000001 x17: 00000000000152d0 x16: 00000000014012d0 x15: 0000000000000000 x14: 0720072007200720 x13: 0720072007200720 x12: 0720072007200720 x11: 0720072007300730 x10: 00000000000000ae x9 : 0000000000000000 x8 : ffff7dffff000000 x7 : 0000000000000000 x6 : 0000000000000100 x5 : 0000000000000000 x4 : 000000007b906000 x3 : ffff80007c61a880 x2 : ffff7dfffeefffff x1 : 0000000040000000 x0 : 00e80000fe100f07 Process kworker/0:1 (pid: 39, stack limit = 0x (ptrval)) Call trace: ioremap_page_range+0x370/0x3c8 pci_remap_iospace+0x7c/0xac pci_parse_request_of_pci_ranges+0x13c/0x190 rcar_pcie_probe+0x4c/0xb04 platform_drv_probe+0x50/0xbc driver_probe_device+0x21c/0x308 __device_attach_driver+0x98/0xc8 bus_for_each_drv+0x54/0x94 __device_attach+0xc4/0x12c device_initial_probe+0x10/0x18 bus_probe_device+0x90/0x98 deferred_probe_work_func+0xb0/0x150 process_one_work+0x12c/0x29c worker_thread+0x200/0x3fc kthread+0x108/0x134 ret_from_fork+0x10/0x18 Code: f9004ba2 54000080 aa0003fb 17ffff48 (d4210000) It turned out that pci_remap_iospace() wasn't undone when the driver's probe failed, and since devm_phy_optional_get() returned -EPROBE_DEFER, the probe was retried, finally causing the BUG due to trying to remap already remapped pages. Introduce the devm_pci_remap_iospace() managed API and replace the pci_remap_iospace() call with it to fix the bug. Fixes: dbf9826d5797 ("PCI: generic: Convert to DT resource parsing API") Signed-off-by: Sergei Shtylyov <sergei.shtylyov(a)cogentembedded.com> [lorenzo.pieralisi(a)arm.com: split commit/updated the commit log] Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi(a)arm.com> Signed-off-by: Bjorn Helgaas <bhelgaas(a)google.com> Reviewed-by: Linus Walleij <linus.walleij(a)linaro.org> --- drivers/pci/host/pci-host-common.c | 2 - drivers/pci/host/pcie-rcar.c | 2 - drivers/pci/pci.c | 38 +++++++++++++++++++++++++++++++++++++ include/linux/pci.h | 2 + 4 files changed, 42 insertions(+), 2 deletions(-) Index: linux-stable/drivers/pci/host/pci-host-common.c =================================================================== --- linux-stable.orig/drivers/pci/host/pci-host-common.c +++ linux-stable/drivers/pci/host/pci-host-common.c @@ -45,7 +45,7 @@ static int gen_pci_parse_request_of_pci_ switch (resource_type(res)) { case IORESOURCE_IO: - err = pci_remap_iospace(res, iobase); + err = devm_pci_remap_iospace(dev, res, iobase); if (err) { dev_warn(dev, "error %d: failed to map resource %pR\n", err, res); Index: linux-stable/drivers/pci/host/pcie-rcar.c =================================================================== --- linux-stable.orig/drivers/pci/host/pcie-rcar.c +++ linux-stable/drivers/pci/host/pcie-rcar.c @@ -1105,7 +1105,7 @@ static int rcar_pcie_parse_request_of_pc struct resource *res = win->res; if (resource_type(res) == IORESOURCE_IO) { - err = pci_remap_iospace(res, iobase); + err = devm_pci_remap_iospace(dev, res, iobase); if (err) { dev_warn(dev, "error %d: failed to map resource %pR\n", err, res); Index: linux-stable/drivers/pci/pci.c =================================================================== --- linux-stable.orig/drivers/pci/pci.c +++ linux-stable/drivers/pci/pci.c @@ -3446,6 +3446,44 @@ void pci_unmap_iospace(struct resource * } EXPORT_SYMBOL(pci_unmap_iospace); +static void devm_pci_unmap_iospace(struct device *dev, void *ptr) +{ + struct resource **res = ptr; + + pci_unmap_iospace(*res); +} + +/** + * devm_pci_remap_iospace - Managed pci_remap_iospace() + * @dev: Generic device to remap IO address for + * @res: Resource describing the I/O space + * @phys_addr: physical address of range to be mapped + * + * Managed pci_remap_iospace(). Map is automatically unmapped on driver + * detach. + */ +int devm_pci_remap_iospace(struct device *dev, const struct resource *res, + phys_addr_t phys_addr) +{ + const struct resource **ptr; + int error; + + ptr = devres_alloc(devm_pci_unmap_iospace, sizeof(*ptr), GFP_KERNEL); + if (!ptr) + return -ENOMEM; + + error = pci_remap_iospace(res, phys_addr); + if (error) { + devres_free(ptr); + } else { + *ptr = res; + devres_add(dev, ptr); + } + + return error; +} +EXPORT_SYMBOL(devm_pci_remap_iospace); + /** * devm_pci_remap_cfgspace - Managed pci_remap_cfgspace() * @dev: Generic device to remap IO address for Index: linux-stable/include/linux/pci.h =================================================================== --- linux-stable.orig/include/linux/pci.h +++ linux-stable/include/linux/pci.h @@ -1235,6 +1235,8 @@ int pci_register_io_range(phys_addr_t ad unsigned long pci_address_to_pio(phys_addr_t addr); phys_addr_t pci_pio_to_address(unsigned long pio); int pci_remap_iospace(const struct resource *res, phys_addr_t phys_addr); +int devm_pci_remap_iospace(struct device *dev, const struct resource *res, + phys_addr_t phys_addr); void pci_unmap_iospace(struct resource *res); void __iomem *devm_pci_remap_cfgspace(struct device *dev, resource_size_t offset,

7 years, 3 months

2
1
0 0

[PATCH v2 4.9.y] PCI: OF: Fix I/O space page leak

by Sergei Shtylyov

Commit a5fb9fb023a1435f2b42bccd7f547560f3a21dc3 upstream. When testing the R-Car PCIe driver on the Condor board, if the PCIe PHY driver was left disabled, the kernel crashed with this BUG: kernel BUG at lib/ioremap.c:72! Internal error: Oops - BUG: 0 [#1] PREEMPT SMP Modules linked in: CPU: 0 PID: 39 Comm: kworker/0:1 Not tainted 4.17.0-dirty #1092 Hardware name: Renesas Condor board based on r8a77980 (DT) Workqueue: events deferred_probe_work_func pstate: 80000005 (Nzcv daif -PAN -UAO) pc : ioremap_page_range+0x370/0x3c8 lr : ioremap_page_range+0x40/0x3c8 sp : ffff000008da39e0 x29: ffff000008da39e0 x28: 00e8000000000f07 x27: ffff7dfffee00000 x26: 0140000000000000 x25: ffff7dfffef00000 x24: 00000000000fe100 x23: ffff80007b906000 x22: ffff000008ab8000 x21: ffff000008bb1d58 x20: ffff7dfffef00000 x19: ffff800009c30fb8 x18: 0000000000000001 x17: 00000000000152d0 x16: 00000000014012d0 x15: 0000000000000000 x14: 0720072007200720 x13: 0720072007200720 x12: 0720072007200720 x11: 0720072007300730 x10: 00000000000000ae x9 : 0000000000000000 x8 : ffff7dffff000000 x7 : 0000000000000000 x6 : 0000000000000100 x5 : 0000000000000000 x4 : 000000007b906000 x3 : ffff80007c61a880 x2 : ffff7dfffeefffff x1 : 0000000040000000 x0 : 00e80000fe100f07 Process kworker/0:1 (pid: 39, stack limit = 0x (ptrval)) Call trace: ioremap_page_range+0x370/0x3c8 pci_remap_iospace+0x7c/0xac pci_parse_request_of_pci_ranges+0x13c/0x190 rcar_pcie_probe+0x4c/0xb04 platform_drv_probe+0x50/0xbc driver_probe_device+0x21c/0x308 __device_attach_driver+0x98/0xc8 bus_for_each_drv+0x54/0x94 __device_attach+0xc4/0x12c device_initial_probe+0x10/0x18 bus_probe_device+0x90/0x98 deferred_probe_work_func+0xb0/0x150 process_one_work+0x12c/0x29c worker_thread+0x200/0x3fc kthread+0x108/0x134 ret_from_fork+0x10/0x18 Code: f9004ba2 54000080 aa0003fb 17ffff48 (d4210000) It turned out that pci_remap_iospace() wasn't undone when the driver's probe failed, and since devm_phy_optional_get() returned -EPROBE_DEFER, the probe was retried, finally causing the BUG due to trying to remap already remapped pages. Introduce the devm_pci_remap_iospace() managed API and replace the pci_remap_iospace() call with it to fix the bug. Fixes: dbf9826d5797 ("PCI: generic: Convert to DT resource parsing API") Signed-off-by: Sergei Shtylyov <sergei.shtylyov(a)cogentembedded.com> [lorenzo.pieralisi(a)arm.com: split commit/updated the commit log] Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi(a)arm.com> Signed-off-by: Bjorn Helgaas <bhelgaas(a)google.com> Reviewed-by: Linus Walleij <linus.walleij(a)linaro.org> --- drivers/pci/host/pci-host-common.c | 2 - drivers/pci/host/pcie-rcar.c | 2 - drivers/pci/pci.c | 38 +++++++++++++++++++++++++++++++++++++ include/linux/pci.h | 2 + 4 files changed, 42 insertions(+), 2 deletions(-) Index: linux-stable/drivers/pci/host/pci-host-common.c =================================================================== --- linux-stable.orig/drivers/pci/host/pci-host-common.c +++ linux-stable/drivers/pci/host/pci-host-common.c @@ -45,7 +45,7 @@ static int gen_pci_parse_request_of_pci_ switch (resource_type(res)) { case IORESOURCE_IO: - err = pci_remap_iospace(res, iobase); + err = devm_pci_remap_iospace(dev, res, iobase); if (err) { dev_warn(dev, "error %d: failed to map resource %pR\n", err, res); Index: linux-stable/drivers/pci/host/pcie-rcar.c =================================================================== --- linux-stable.orig/drivers/pci/host/pcie-rcar.c +++ linux-stable/drivers/pci/host/pcie-rcar.c @@ -1102,7 +1102,7 @@ static int rcar_pcie_parse_request_of_pc struct resource *res = win->res; if (resource_type(res) == IORESOURCE_IO) { - err = pci_remap_iospace(res, iobase); + err = devm_pci_remap_iospace(dev, res, iobase); if (err) { dev_warn(dev, "error %d: failed to map resource %pR\n", err, res); Index: linux-stable/drivers/pci/pci.c =================================================================== --- linux-stable.orig/drivers/pci/pci.c +++ linux-stable/drivers/pci/pci.c @@ -3407,6 +3407,44 @@ void pci_unmap_iospace(struct resource * #endif } +static void devm_pci_unmap_iospace(struct device *dev, void *ptr) +{ + struct resource **res = ptr; + + pci_unmap_iospace(*res); +} + +/** + * devm_pci_remap_iospace - Managed pci_remap_iospace() + * @dev: Generic device to remap IO address for + * @res: Resource describing the I/O space + * @phys_addr: physical address of range to be mapped + * + * Managed pci_remap_iospace(). Map is automatically unmapped on driver + * detach. + */ +int devm_pci_remap_iospace(struct device *dev, const struct resource *res, + phys_addr_t phys_addr) +{ + const struct resource **ptr; + int error; + + ptr = devres_alloc(devm_pci_unmap_iospace, sizeof(*ptr), GFP_KERNEL); + if (!ptr) + return -ENOMEM; + + error = pci_remap_iospace(res, phys_addr); + if (error) { + devres_free(ptr); + } else { + *ptr = res; + devres_add(dev, ptr); + } + + return error; +} +EXPORT_SYMBOL(devm_pci_remap_iospace); + static void __pci_set_master(struct pci_dev *dev, bool enable) { u16 old_cmd, cmd; Index: linux-stable/include/linux/pci.h =================================================================== --- linux-stable.orig/include/linux/pci.h +++ linux-stable/include/linux/pci.h @@ -1190,6 +1190,8 @@ int pci_register_io_range(phys_addr_t ad unsigned long pci_address_to_pio(phys_addr_t addr); phys_addr_t pci_pio_to_address(unsigned long pio); int pci_remap_iospace(const struct resource *res, phys_addr_t phys_addr); +int devm_pci_remap_iospace(struct device *dev, const struct resource *res, + phys_addr_t phys_addr); void pci_unmap_iospace(struct resource *res); static inline pci_bus_addr_t pci_bus_address(struct pci_dev *pdev, int bar)

7 years, 3 months

2
1
0 0

[PATCH 4/9] mmc: meson-mx-sdio: fix OF child-node lookup

by Johan Hovold

Use the new of_get_compatible_child() helper to lookup the slot child node instead of using of_find_compatible_node(), which searches the entire tree and thus can return an unrelated (i.e. non-child) node. This also addresses a potential use-after-free (e.g. after probe deferral) as the tree-wide helper drops a reference to its first argument (i.e. the node of the device being probed). While at it, also fix up the related slot-node reference leak. Fixes: ed80a13bb4c4 ("mmc: meson-mx-sdio: Add a driver for the Amlogic Meson8 and Meson8b SoCs") Cc: stable <stable(a)vger.kernel.org> # 4.15 Cc: Carlo Caione <carlo(a)endlessm.com> Cc: Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> Cc: Ulf Hansson <ulf.hansson(a)linaro.org> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/mmc/host/meson-mx-sdio.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/mmc/host/meson-mx-sdio.c b/drivers/mmc/host/meson-mx-sdio.c index 09cb89645d06..2cfec33178c1 100644 --- a/drivers/mmc/host/meson-mx-sdio.c +++ b/drivers/mmc/host/meson-mx-sdio.c @@ -517,19 +517,23 @@ static struct mmc_host_ops meson_mx_mmc_ops = { static struct platform_device *meson_mx_mmc_slot_pdev(struct device *parent) { struct device_node *slot_node; + struct platform_device *pdev; /* * TODO: the MMC core framework currently does not support * controllers with multiple slots properly. So we only register * the first slot for now */ - slot_node = of_find_compatible_node(parent->of_node, NULL, "mmc-slot"); + slot_node = of_get_compatible_child(parent->of_node, "mmc-slot"); if (!slot_node) { dev_warn(parent, "no 'mmc-slot' sub-node found\n"); return ERR_PTR(-ENOENT); } - return of_platform_device_create(slot_node, NULL, parent); + pdev = of_platform_device_create(slot_node, NULL, parent); + of_node_put(slot_node); + + return pdev; } static int meson_mx_mmc_add_host(struct meson_mx_mmc_host *host) -- 2.18.0

7 years, 3 months

2
2
0 0

[PATCH 4.18 00/22] 4.18.5-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.18.5 release. There are 22 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat Aug 25 07:47:43 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.18.5-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.18.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.18.5-rc1 Jann Horn <jannh(a)google.com> reiserfs: fix broken xattr handling (heap corruption, bad retval) Esben Haabendal <eha(a)deif.com> i2c: imx: Fix race condition in dma read Hans de Goede <hdegoede(a)redhat.com> i2c: core: ACPI: Properly set status byte to 0 for multi-byte writes Lukas Wunner <lukas(a)wunner.de> PCI: pciehp: Fix unprotected list iteration in IRQ handler Lukas Wunner <lukas(a)wunner.de> PCI: pciehp: Fix use-after-free on unplug Myron Stowe <myron.stowe(a)redhat.com> PCI: Skip MPS logic for Virtual Functions (VFs) Zachary Zhang <zhangzg(a)marvell.com> PCI: aardvark: Size bridges before resources allocation Lukas Wunner <lukas(a)wunner.de> PCI: hotplug: Don't leak pci_slot on registration failure Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PCI / ACPI / PM: Resume all bridges on suspend-to-RAM Christian König <ckoenig.leichtzumerken(a)gmail.com> PCI: Restore resized BAR state on resume John David Anglin <dave.anglin(a)bell.net> parisc: Remove ordered stores from syscall.S John David Anglin <dave.anglin(a)bell.net> parisc: Remove unnecessary barriers from spinlock.h Gustavo A. R. Silva <gustavo(a)embeddedor.com> drm/amdgpu/pm: Fix potential Spectre v1 Gustavo A. R. Silva <gustavo(a)embeddedor.com> drm/i915/kvmgt: Fix potential Spectre v1 Jeremy Cline <jcline(a)redhat.com> ext4: fix spectre gadget in ext4_mb_regular_allocator() Michael Ellerman <mpe(a)ellerman.id.au> powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2 Dave Hansen <dave.hansen(a)linux.intel.com> x86/mm/init: Remove freed kernel image areas from alias mapping Dave Hansen <dave.hansen(a)linux.intel.com> x86/mm/init: Add helper for freeing kernel image pages Dave Hansen <dave.hansen(a)linux.intel.com> x86/mm/init: Pass unconverted symbol addresses to free_init_pages() Dave Hansen <dave.hansen(a)linux.intel.com> mm: Allow non-direct-map arguments to free_reserved_area() Matthijs van Duin <matthijsvanduin(a)gmail.com> pty: fix O_CLOEXEC for TIOCGPTPEER Takashi Iwai <tiwai(a)suse.de> EDAC: Add missing MEM_LRDDR4 entry in edac_mem_types[] ------------- Diffstat: Makefile | 4 ++-- arch/parisc/include/asm/spinlock.h | 8 ++------ arch/parisc/kernel/syscall.S | 24 +++++++++++----------- arch/powerpc/kernel/security.c | 27 ++++++++++++++++--------- arch/x86/include/asm/processor.h | 1 + arch/x86/include/asm/set_memory.h | 1 + arch/x86/mm/init.c | 37 +++++++++++++++++++++++++++++++--- arch/x86/mm/init_64.c | 8 ++------ arch/x86/mm/pageattr.c | 13 ++++++++++++ drivers/edac/edac_mc.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_pm.c | 3 ++- drivers/gpu/drm/i915/gvt/kvmgt.c | 9 ++++++++- drivers/i2c/busses/i2c-imx.c | 8 ++++---- drivers/i2c/i2c-core-acpi.c | 11 +++++++--- drivers/pci/controller/pci-aardvark.c | 1 + drivers/pci/hotplug/pci_hotplug_core.c | 9 +++++++++ drivers/pci/hotplug/pciehp.h | 1 + drivers/pci/hotplug/pciehp_core.c | 7 +++++++ drivers/pci/hotplug/pciehp_hpc.c | 18 +++++------------ drivers/pci/pci-acpi.c | 6 ++---- drivers/pci/pci.c | 28 +++++++++++++++++++++++++ drivers/pci/probe.c | 4 ++++ drivers/tty/pty.c | 2 +- fs/ext4/mballoc.c | 4 +++- fs/reiserfs/xattr.c | 4 +++- mm/page_alloc.c | 16 +++++++++++++-- 26 files changed, 185 insertions(+), 70 deletions(-)

7 years, 3 months

4
24
0 0

[PATCH 4.9 000/130] 4.9.124-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.9.124 release. There are 130 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat Aug 25 07:48:45 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.124-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.9.124-rc1 Jann Horn <jannh(a)google.com> reiserfs: fix broken xattr handling (heap corruption, bad retval) Esben Haabendal <eha(a)deif.com> i2c: imx: Fix race condition in dma read Lukas Wunner <lukas(a)wunner.de> PCI: pciehp: Fix unprotected list iteration in IRQ handler Lukas Wunner <lukas(a)wunner.de> PCI: pciehp: Fix use-after-free on unplug Myron Stowe <myron.stowe(a)redhat.com> PCI: Skip MPS logic for Virtual Functions (VFs) Lukas Wunner <lukas(a)wunner.de> PCI: hotplug: Don't leak pci_slot on registration failure Sergei Shtylyov <sergei.shtylyov(a)cogentembedded.com> PCI: OF: Fix I/O space page leak John David Anglin <dave.anglin(a)bell.net> parisc: Remove unnecessary barriers from spinlock.h Willem de Bruijn <willemb(a)google.com> packet: refine ring v3 block size test to hold one frame Florian Westphal <fw(a)strlen.de> netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state Eric Dumazet <edumazet(a)google.com> xfrm_user: prevent leaking 2 bytes of kernel memory John David Anglin <dave.anglin(a)bell.net> parisc: Remove ordered stores from syscall.S Jeremy Cline <jcline(a)redhat.com> ext4: fix spectre gadget in ext4_mb_regular_allocator() Paolo Bonzini <pbonzini(a)redhat.com> KVM: irqfd: fix race between EPOLLHUP and irq_bypass_register_consumer Randy Dunlap <rdunlap(a)infradead.org> tcp: identify cryptic messages as TCP seq # bugs Stefan Wahren <stefan.wahren(a)i2se.com> net: qca_spi: Fix log level if probe fails Stefan Wahren <stefan.wahren(a)i2se.com> net: qca_spi: Make sure the QCA7000 reset is triggered Stefan Wahren <stefan.wahren(a)i2se.com> net: qca_spi: Avoid packet drop during initial sync Sergei Shtylyov <sergei.shtylyov(a)cogentembedded.com> PCI: versatile: Fix I/O space page leak David Lechner <david(a)lechnology.com> net: usb: rtl8150: demote allmulti message to dev_dbg() Randy Dunlap <rdunlap(a)infradead.org> net/ethernet/freescale/fman: fix cross-build error Dan Carpenter <dan.carpenter(a)oracle.com> drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply() Wei Yongjun <weiyongjun1(a)huawei.com> pinctrl: nsp: Fix potential NULL dereference Dan Carpenter <dan.carpenter(a)oracle.com> pinctrl: nsp: off by ones in nsp_pinmux_enable() Yuchung Cheng <ycheng(a)google.com> tcp: remove DELAYED ACK events in DCTCP Dan Carpenter <dan.carpenter(a)oracle.com> qlogic: check kstrtoul() for errors Willem de Bruijn <willemb(a)google.com> packet: reset network header if packet shorter than ll reserved space Laura Abbott <labbott(a)redhat.com> tools: build: Use HOSTLDFLAGS with fixdep Alexander Duyck <alexander.h.duyck(a)intel.com> ixgbe: Be more careful when modifying MAC filters Adam Ford <aford173(a)gmail.com> ARM: dts: am3517.dtsi: Disable reference to OMAP3 OTG controller Nishanth Menon <nm(a)ti.com> ARM: DRA7/OMAP5: Enable ACTLR[0] (Enable invalidates of BTB) for secondary cores Steven Rostedt (VMware) <rostedt(a)goodmis.org> ARM: 8780/1: ftrace: Only set kernel memory back to read-only after boot Kamal Heib <kamalheib1(a)gmail.com> RDMA/mlx5: Fix memory leak in mlx5_ib_create_srq() error path Dave Jiang <dave.jiang(a)intel.com> nfit: fix unchecked dereference in acpi_nfit_ctl Kim Phillips <kim.phillips(a)arm.com> perf llvm-utils: Remove bashism from kernel include fetch script Vikas Gupta <vikas.gupta(a)broadcom.com> bnxt_en: Fix for system hang if request_irq fails Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Always set output parameters in bnxt_get_max_rings(). Peter Zijlstra <peterz(a)infradead.org> ARC: Improve cmpxchg syscall implementation Andrey Ryabinin <aryabinin(a)virtuozzo.com> netfilter: nf_conntrack: Fix possible possible crash on module loading. Russell King <rmk+kernel(a)armlinux.org.uk> drm/armada: fix colorkey mode property Stefan Schmidt <stefan(a)datenfreihafen.org> ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem Stefan Schmidt <stefan(a)datenfreihafen.org> ieee802154: at86rf230: use __func__ macro for debug messages Stefan Schmidt <stefan(a)datenfreihafen.org> ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem Davide Caratti <dcaratti(a)redhat.com> net/sched: act_tunnel_key: fix NULL dereference when 'goto chain' is used Daniel Mack <daniel(a)zonque.org> ARM: pxa: irq: fix handling of ICMR registers in suspend/resume Vladimir Zapolskiy <vladimir_zapolskiy(a)mentor.com> ravb: fix invalid context bug while changing link options by ethtool Vladimir Zapolskiy <vladimir_zapolskiy(a)mentor.com> ravb: fix invalid context bug while calling auto-negotiation by ethtool Vladimir Zapolskiy <vladimir_zapolskiy(a)mentor.com> sh_eth: fix invalid context bug while changing link options by ethtool Vladimir Zapolskiy <vladimir_zapolskiy(a)mentor.com> sh_eth: fix invalid context bug while calling auto-negotiation by ethtool Arun Kumar Neelakantam <aneela(a)codeaurora.org> net: qrtr: Broadcast messages only from control port Paul Moore <paul(a)paul-moore.com> ipv6: make ipv6_renew_options() interrupt/kernel safe Florian Westphal <fw(a)strlen.de> netfilter: x_tables: set module owner for icmp(6) matches Lubomir Rintel <lkundrak(a)v3.sk> ieee802154: 6lowpan: set IFLA_LINK Taeung Song <treeze.taeung(a)gmail.com> samples/bpf: Check the error of write() and read() Taeung Song <treeze.taeung(a)gmail.com> samples/bpf: add missing <linux/if_vlan.h> Yuiko Oshino <yuiko.oshino(a)microchip.com> smsc75xx: Add workaround for gigabit link up hardware errata. Zhen Lei <thunder.leizhen(a)huawei.com> kasan: fix shadow_size calculation error in kasan_module_alloc Mathieu Malaterre <malat(a)debian.org> tracing: Use __printf markup to silence compiler Fabio Estevam <fabio.estevam(a)nxp.com> ARM: imx_v4_v5_defconfig: Select ULPI support Fabio Estevam <fabio.estevam(a)nxp.com> ARM: imx_v6_v7_defconfig: Select ULPI support Jason Gerecke <killertofu(a)gmail.com> HID: wacom: Correct touch maximum XY of 2nd-gen Intuos Hangbin Liu <liuhangbin(a)gmail.com> ipvlan: call dev_change_flags when ipvlan mode is reset Josh Poimboeuf <jpoimboe(a)redhat.com> objtool: Support GCC 8 '-fnoreorder-functions' Greg Ungerer <gerg(a)linux-m68k.org> m68k: fix "bad page state" oops on ColdFire boot Dave Jiang <dave.jiang(a)intel.com> acpi/nfit: fix cmd_rc for acpi_nfit_ctl to always return a value Sudarsana Reddy Kalluru <sudarsana.kalluru(a)cavium.com> bnx2x: Fix receiving tx-timeout in error or recovery state. Nicholas Mc Guire <hofrat(a)osadl.org> PCI: xilinx-nwl: Add missing of_node_put() Nicholas Mc Guire <hofrat(a)osadl.org> PCI: xilinx: Add missing of_node_put() Daniel Borkmann <daniel(a)iogearbox.net> bpf, s390: fix potential memleak when later bpf_jit_prog fails Marek Szyprowski <m.szyprowski(a)samsung.com> drm/exynos: decon5433: Fix WINCONx reset value Marek Szyprowski <m.szyprowski(a)samsung.com> drm/exynos: decon5433: Fix per-plane global alpha for XRGB modes Marek Szyprowski <m.szyprowski(a)samsung.com> drm/exynos: gsc: Fix support for NV16/61, YUV420/YVU420 and YUV422 modes Bob Copeland <me(a)bobcopeland.com> nl80211: relax ht operation checks for mesh BingJing Chang <bingjingc(a)synology.com> md/raid10: fix that replacement cannot complete recovery after reassemble Dan Carpenter <dan.carpenter(a)oracle.com> dmaengine: k3dma: Off by one in k3_of_dma_simple_xlate() Marek Szyprowski <m.szyprowski(a)samsung.com> dmaengine: pl330: report BURST residue granularity Keerthy <j-keerthy(a)ti.com> ARM: dts: da850: Fix interrups property for gpio Andy Lutomirski <luto(a)kernel.org> selftests/x86/sigreturn: Do minor cleanups Andy Lutomirski <luto(a)kernel.org> selftests/x86/sigreturn/64: Fix spurious failures on AMD CPUs Yan, Zheng <zyan(a)redhat.com> ceph: fix dentry leak in splice_dentry() Jann Horn <jannh(a)google.com> netfilter: nf_log: fix uninit read in nf_log_proc_dostring Jiri Olsa <jolsa(a)kernel.org> perf bench: Fix numa report output code Sandipan Das <sandipan(a)linux.ibm.com> perf report powerpc: Fix crash if callchain is empty Thomas Richter <tmricht(a)linux.ibm.com> perf test session topology: Fix test on s390 Hans de Goede <hdegoede(a)redhat.com> NFC: pn533: Fix wrong GFP flag usage Ajay Gupta <ajaykuee(a)gmail.com> usb: xhci: increase CRS timeout value Dongjiu Geng <gengdongjiu(a)huawei.com> usb: xhci: remove the code build warning Takashi Iwai <tiwai(a)suse.de> ALSA: seq: Fix UBSAN warning at SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT ioctl Daniel Mack <daniel(a)zonque.org> ARM: dts: am437x: make edt-ft5x06 a wakeup source Michael Trimarchi <michael(a)amarulasolutions.com> brcmfmac: stop watchdog before detach and free everything Tomasz Duszynski <tduszyns(a)gmail.com> iio: pressure: bmp280: fix relative humidity unit Ganesh Goudar <ganeshgr(a)chelsio.com> cxgb4: when disabling dcb set txq dcb priority to 0 Sven Eckelmann <sven(a)narfation.org> batman-adv: Fix bat_v best gw refcnt after netlink dump Sven Eckelmann <sven(a)narfation.org> batman-adv: Fix bat_ogm_iv best gw refcnt after netlink dump Casey Schaufler <casey(a)schaufler-ca.com> Smack: Mark inode instant in smack_task_to_inode Hangbin Liu <liuhangbin(a)gmail.com> ipv6: mcast: fix unsolicited report interval after receiving querys Steven Rostedt (VMware) <rostedt(a)goodmis.org> locking/lockdep: Do not record IRQ state within lockdep code Ard Biesheuvel <ard.biesheuvel(a)linaro.org> KVM: arm/arm64: Drop resource size check for GICV window Bartosz Golaszewski <bgolaszewski(a)baylibre.com> net: davinci_emac: match the mdio device against its compatible if possible Alexey Brodkin <Alexey.Brodkin(a)synopsys.com> ARC: Enable machine_desc->init_per_cpu for !CONFIG_SMP Max Gurtuvoy <maxg(a)mellanox.com> nvmet: reset keep alive timer in controller enable Dinh Nguyen <dinguyen(a)kernel.org> net: stmmac: socfpga: add additional ocp reset line for Stratix10 Li RongQing <lirongqing(a)baidu.com> net: propagate dev_get_valid_name return code Stefan Agner <stefan(a)agner.ch> net: hamradio: use eth_broadcast_addr Govindarajulu Varadarajan <gvaradar(a)cisco.com> enic: initialize enic->rfs_h.lock in enic_probe Sudarsana Reddy Kalluru <sudarsana.kalluru(a)cavium.com> qed: Add sanity check for SIMD fastpath handler. Zhizhou Zhang <zhizhouzhang(a)asrmicro.com> arm64: make secondary_start_kernel() notrace Zhouyang Jia <jiazhouyang09(a)gmail.com> xen/scsiback: add error handling for xenbus_printf Zhouyang Jia <jiazhouyang09(a)gmail.com> scsi: xen-scsifront: add error handling for xenbus_printf Zhouyang Jia <jiazhouyang09(a)gmail.com> xen: add error handling for xenbus_printf Grigor Tovmasyan <Grigor.Tovmasyan(a)synopsys.com> usb: gadget: dwc2: fix memory leak in gadget_init() Chunfeng Yun <chunfeng.yun(a)mediatek.com> usb: gadget: composite: fix delayed_status race condition when set_interface William Wu <william.wu(a)rock-chips.com> usb: dwc2: fix isoc split in transfer with no data John Garry <john.garry(a)huawei.com> libahci: Fix possible Spectre-v1 pmp indexing in ahci_led_store() Vijay Immanuel <vijayi(a)attalasystems.com> IB/rxe: Fix missing completion for mem_reg work requests Alison Wang <alison.wang(a)nxp.com> drm: mali-dp: Enable Global SE interrupts mask for DP500 Ray Jui <ray.jui(a)broadcom.com> arm64: dts: ns2: Fix I2C controller interrupt type Ray Jui <ray.jui(a)broadcom.com> ARM: dts: Cygnus: Fix PCIe controller interrupt type Ray Jui <ray.jui(a)broadcom.com> ARM: dts: Cygnus: Fix I2C controller interrupt type Florian Fainelli <f.fainelli(a)gmail.com> ARM: dts: NSP: Fix PCIe controllers interrupt types Florian Fainelli <f.fainelli(a)gmail.com> ARM: dts: NSP: Fix i2c controller interrupt type Fathi Boudra <fathi.boudra(a)linaro.org> selftests: sync: add config fragment for testing sync framework Shuah Khan (Samsung OSG) <shuah(a)kernel.org> selftests: zram: return Kselftest Skip code for skipped tests Shuah Khan (Samsung OSG) <shuah(a)kernel.org> selftests: user: return Kselftest Skip code for skipped tests Shuah Khan (Samsung OSG) <shuah(a)kernel.org> selftests: static_keys: return Kselftest Skip code for skipped tests Shuah Khan (Samsung OSG) <shuah(a)kernel.org> selftests: pstore: return Kselftest Skip code for skipped tests Eric Dumazet <edumazet(a)google.com> netfilter: ipv6: nf_defrag: reduce struct net memory waste Johan Hovold <johan(a)kernel.org> usb: dwc3: of-simple: fix use-after-free on remove Alexey Brodkin <abrodkin(a)synopsys.com> ARC: Explicitly add -mmedium-calls to CFLAGS Andy Lutomirski <luto(a)kernel.org> x86/entry/64: Remove %ebx handling from error_entry/exit ------------- Diffstat: Makefile | 4 +- arch/arc/Makefile | 15 +-- arch/arc/include/asm/mach_desc.h | 2 - arch/arc/kernel/irq.c | 2 +- arch/arc/kernel/process.c | 47 +++++++-- arch/arm/boot/dts/am3517.dtsi | 5 + arch/arm/boot/dts/am437x-sk-evm.dts | 2 + arch/arm/boot/dts/bcm-cygnus.dtsi | 24 ++--- arch/arm/boot/dts/bcm-nsp.dtsi | 32 +++--- arch/arm/boot/dts/da850.dtsi | 6 +- arch/arm/configs/imx_v4_v5_defconfig | 2 + arch/arm/configs/imx_v6_v7_defconfig | 2 + arch/arm/mach-omap2/omap-smp.c | 41 ++++++++ arch/arm/mach-pxa/irq.c | 4 +- arch/arm/mm/init.c | 9 ++ arch/arm64/boot/dts/broadcom/ns2.dtsi | 4 +- arch/arm64/kernel/smp.c | 2 +- arch/m68k/include/asm/mcf_pgalloc.h | 4 +- arch/parisc/include/asm/spinlock.h | 8 +- arch/parisc/kernel/syscall.S | 24 ++--- arch/s390/net/bpf_jit_comp.c | 1 + arch/x86/entry/entry_64.S | 20 +--- drivers/acpi/nfit/core.c | 4 + drivers/ata/libahci.c | 7 +- drivers/dma/k3dma.c | 2 +- drivers/dma/pl330.c | 2 +- drivers/gpu/drm/arm/malidp_hw.c | 3 +- drivers/gpu/drm/armada/armada_hw.h | 1 + drivers/gpu/drm/armada/armada_overlay.c | 30 ++++-- drivers/gpu/drm/exynos/exynos5433_drm_decon.c | 6 +- drivers/gpu/drm/exynos/exynos_drm_gsc.c | 29 ++++-- drivers/gpu/drm/exynos/regs-gsc.h | 1 + drivers/gpu/drm/nouveau/nouveau_gem.c | 4 +- drivers/hid/wacom_wac.c | 10 +- drivers/i2c/busses/i2c-imx.c | 8 +- drivers/iio/pressure/bmp280-core.c | 5 +- drivers/infiniband/hw/mlx5/srq.c | 18 ++-- drivers/infiniband/sw/rxe/rxe_req.c | 3 + drivers/md/raid10.c | 7 ++ drivers/net/ethernet/broadcom/bnx2x/bnx2x.h | 1 + drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 6 ++ drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 6 ++ drivers/net/ethernet/broadcom/bnxt/bnxt.c | 8 +- drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 2 +- drivers/net/ethernet/cisco/enic/enic_clsf.c | 3 +- drivers/net/ethernet/cisco/enic/enic_main.c | 3 +- drivers/net/ethernet/intel/ixgbe/ixgbe_common.c | 12 ++- drivers/net/ethernet/qlogic/qed/qed_main.c | 12 ++- drivers/net/ethernet/qlogic/qlcnic/qlcnic_sysfs.c | 2 + drivers/net/ethernet/qualcomm/qca_spi.c | 21 ++-- drivers/net/ethernet/renesas/ravb_main.c | 56 +++-------- drivers/net/ethernet/renesas/sh_eth.c | 59 +++-------- drivers/net/ethernet/stmicro/stmmac/Kconfig | 2 +- .../net/ethernet/stmicro/stmmac/dwmac-socfpga.c | 18 +++- drivers/net/ethernet/ti/davinci_emac.c | 4 + drivers/net/hamradio/bpqether.c | 8 +- drivers/net/ieee802154/at86rf230.c | 15 +-- drivers/net/ieee802154/fakelb.c | 2 +- drivers/net/ipvlan/ipvlan_main.c | 36 +++++-- drivers/net/usb/rtl8150.c | 2 +- drivers/net/usb/smsc75xx.c | 62 ++++++++++++ .../wireless/broadcom/brcm80211/brcmfmac/sdio.c | 7 ++ drivers/nfc/pn533/usb.c | 4 +- drivers/nvme/target/core.c | 8 ++ drivers/pci/host/pci-versatile.c | 2 +- drivers/pci/host/pcie-xilinx-nwl.c | 2 +- drivers/pci/host/pcie-xilinx.c | 1 + drivers/pci/hotplug/pci_hotplug_core.c | 9 ++ drivers/pci/hotplug/pciehp.h | 1 + drivers/pci/hotplug/pciehp_core.c | 7 ++ drivers/pci/hotplug/pciehp_hpc.c | 18 +--- drivers/pci/pci.c | 38 +++++++ drivers/pci/probe.c | 4 + drivers/pinctrl/bcm/pinctrl-nsp-mux.c | 6 +- drivers/scsi/xen-scsifront.c | 33 ++++-- drivers/usb/dwc2/gadget.c | 7 +- drivers/usb/dwc2/hcd_intr.c | 3 +- drivers/usb/dwc3/dwc3-of-simple.c | 3 +- drivers/usb/gadget/composite.c | 3 + drivers/usb/host/xhci-tegra.c | 2 +- drivers/usb/host/xhci.c | 7 +- drivers/xen/manage.c | 18 +++- drivers/xen/xen-scsiback.c | 16 ++- fs/ceph/inode.c | 1 + fs/ext4/mballoc.c | 4 +- fs/reiserfs/xattr.c | 4 +- include/linux/fsl/guts.h | 1 + include/linux/pci.h | 2 + include/net/ipv6.h | 9 +- include/net/net_namespace.h | 1 + include/net/netns/ipv6.h | 1 - include/net/tc_act/tc_tunnel_key.h | 1 - include/net/tcp.h | 2 - kernel/locking/lockdep.c | 12 +-- kernel/trace/trace.c | 5 + mm/kasan/kasan.c | 5 +- net/batman-adv/bat_iv_ogm.c | 4 +- net/batman-adv/bat_v.c | 4 +- net/core/dev.c | 4 +- net/ieee802154/6lowpan/core.c | 6 ++ net/ipv4/netfilter/ip_tables.c | 1 + net/ipv4/tcp.c | 4 +- net/ipv4/tcp_dctcp.c | 25 ----- net/ipv4/tcp_output.c | 4 - net/ipv6/calipso.c | 9 +- net/ipv6/exthdrs.c | 111 ++++++--------------- net/ipv6/ipv6_sockglue.c | 27 +++-- net/ipv6/mcast.c | 9 +- net/ipv6/netfilter/ip6_tables.c | 1 + net/ipv6/netfilter/nf_conntrack_reasm.c | 6 +- net/netfilter/nf_conntrack_core.c | 2 +- net/netfilter/nf_conntrack_proto_dccp.c | 8 +- net/netfilter/nf_log.c | 4 + net/packet/af_packet.c | 12 ++- net/qrtr/qrtr.c | 4 + net/sched/act_tunnel_key.c | 6 +- net/wireless/nl80211.c | 19 +--- net/xfrm/xfrm_user.c | 8 +- samples/bpf/parse_varlen.c | 6 +- samples/bpf/test_overhead_user.c | 19 +++- security/smack/smack_lsm.c | 1 + sound/core/seq/seq_clientmgr.c | 3 +- tools/build/Makefile | 2 +- tools/objtool/elf.c | 41 +++++--- tools/perf/arch/powerpc/util/skip-callchain-idx.c | 2 +- tools/perf/bench/numa.c | 5 +- tools/perf/tests/topology.c | 1 + tools/perf/util/llvm-utils.c | 6 +- .../selftests/pstore/pstore_post_reboot_tests | 5 +- .../selftests/static_keys/test_static_keys.sh | 13 +++ tools/testing/selftests/sync/config | 4 + tools/testing/selftests/user/test_user_copy.sh | 7 ++ tools/testing/selftests/x86/sigreturn.c | 59 ++++++----- tools/testing/selftests/zram/zram.sh | 5 +- tools/testing/selftests/zram/zram_lib.sh | 5 +- virt/kvm/arm/vgic/vgic-v3.c | 5 - virt/kvm/eventfd.c | 11 +- 137 files changed, 893 insertions(+), 572 deletions(-)

7 years, 3 months

6
129
0 0

[PATCH 4.14 000/217] 4.14.67-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.14.67 release. There are 217 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat Aug 25 07:54:25 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.67-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.14.67-rc1 Jann Horn <jannh(a)google.com> reiserfs: fix broken xattr handling (heap corruption, bad retval) Esben Haabendal <eha(a)deif.com> i2c: imx: Fix race condition in dma read Hans de Goede <hdegoede(a)redhat.com> i2c: core: ACPI: Properly set status byte to 0 for multi-byte writes Lukas Wunner <lukas(a)wunner.de> PCI: pciehp: Fix unprotected list iteration in IRQ handler Lukas Wunner <lukas(a)wunner.de> PCI: pciehp: Fix use-after-free on unplug Myron Stowe <myron.stowe(a)redhat.com> PCI: Skip MPS logic for Virtual Functions (VFs) Lukas Wunner <lukas(a)wunner.de> PCI: hotplug: Don't leak pci_slot on registration failure Sergei Shtylyov <sergei.shtylyov(a)cogentembedded.com> PCI: OF: Fix I/O space page leak John David Anglin <dave.anglin(a)bell.net> parisc: Remove unnecessary barriers from spinlock.h Ursula Braun <ubraun(a)linux.ibm.com> net/smc: no shutdown in state SMC_LISTEN Willem de Bruijn <willemb(a)google.com> packet: refine ring v3 block size test to hold one frame Florian Westphal <fw(a)strlen.de> netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state Eric Dumazet <edumazet(a)google.com> xfrm_user: prevent leaking 2 bytes of kernel memory John David Anglin <dave.anglin(a)bell.net> parisc: Remove ordered stores from syscall.S Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: sanity check for total valid node blocks Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: return error during fill_super Paolo Bonzini <pbonzini(a)redhat.com> KVM: irqfd: fix race between EPOLLHUP and irq_bypass_register_consumer Roland Dreier <roland(a)purestorage.com> nvme: fix handling of metadata_len for NVME_IOCTL_IO_CMD Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> ARM: dts: imx6: RDU2: fix irq type for mv88e6xxx switch Robin H. Johnson <robbat2(a)gentoo.org> ACPI / EC: Use ec_no_wakeup on more Thinkpad X1 Carbon 6th systems Anson Huang <Anson.Huang(a)nxp.com> soc: imx: gpc: restrict register range for regmap access Randy Dunlap <rdunlap(a)infradead.org> tcp: identify cryptic messages as TCP seq # bugs Stefan Wahren <stefan.wahren(a)i2se.com> net: qca_spi: Fix log level if probe fails Stefan Wahren <stefan.wahren(a)i2se.com> net: qca_spi: Make sure the QCA7000 reset is triggered Stefan Wahren <stefan.wahren(a)i2se.com> net: qca_spi: Avoid packet drop during initial sync Sergei Shtylyov <sergei.shtylyov(a)cogentembedded.com> PCI: versatile: Fix I/O space page leak Peng Hao <peng.hao2(a)zte.com.cn> kvmclock: fix TSC calibration for nested guests David Lechner <david(a)lechnology.com> net: usb: rtl8150: demote allmulti message to dev_dbg() Alexander Sverdlin <alexander.sverdlin(a)nsn.com> octeon_mgmt: Fix MIX registers configuration on MTU setup Qu Wenruo <wqu(a)suse.com> btrfs: scrub: Don't use inode page cache in scrub_handle_errored_block() John Allen <jallen(a)linux.ibm.com> ibmvnic: Fix error recovery on login failure Randy Dunlap <rdunlap(a)infradead.org> net/ethernet/freescale/fman: fix cross-build error Stephen Hemminger <stephen(a)networkplumber.org> hv/netvsc: fix handling of fallback to single queue mode Dan Carpenter <dan.carpenter(a)oracle.com> drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply() Wei Yongjun <weiyongjun1(a)huawei.com> pinctrl: nsp: Fix potential NULL dereference Dan Carpenter <dan.carpenter(a)oracle.com> pinctrl: nsp: off by ones in nsp_pinmux_enable() Paul Cercueil <paul(a)crapouillou.net> pinctrl: ingenic: Fix inverted direction for < JZ4770 Yuchung Cheng <ycheng(a)google.com> tcp: remove DELAYED ACK events in DCTCP Dan Carpenter <dan.carpenter(a)oracle.com> qlogic: check kstrtoul() for errors Willem de Bruijn <willemb(a)google.com> packet: reset network header if packet shorter than ll reserved space Masahiro Yamada <yamada.masahiro(a)socionext.com> kbuild: suppress warnings from 'getconf LFS_*' Laura Abbott <labbott(a)redhat.com> tools: build: Use HOSTLDFLAGS with fixdep Alexander Duyck <alexander.h.duyck(a)intel.com> ixgbe: Be more careful when modifying MAC filters Adam Ford <aford173(a)gmail.com> ARM: dts: am3517.dtsi: Disable reference to OMAP3 OTG controller Nishanth Menon <nm(a)ti.com> ARM: DRA7/OMAP5: Enable ACTLR[0] (Enable invalidates of BTB) for secondary cores Steven Rostedt (VMware) <rostedt(a)goodmis.org> ARM: 8780/1: ftrace: Only set kernel memory back to read-only after boot Kamal Heib <kamalheib1(a)gmail.com> RDMA/mlx5: Fix memory leak in mlx5_ib_create_srq() error path Dave Jiang <dave.jiang(a)intel.com> nfit: fix unchecked dereference in acpi_nfit_ctl Janne Huttunen <janne.huttunen(a)nokia.com> perf script python: Fix dict reference counting Jiri Olsa <jolsa(a)kernel.org> perf tools: Fix compilation errors on gcc8 Kim Phillips <kim.phillips(a)arm.com> perf llvm-utils: Remove bashism from kernel include fetch script Manish Rangankar <manish.rangankar(a)cavium.com> scsi: qedi: Send driver state to MFW Saurav Kashyap <saurav.kashyap(a)cavium.com> scsi: qedf: Send the driver state to MFW Vikas Gupta <vikas.gupta(a)broadcom.com> bnxt_en: Fix for system hang if request_irq fails Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Always set output parameters in bnxt_get_max_rings(). Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Fix inconsistent BNXT_FLAG_AGG_RINGS logic. Peter Zijlstra <peterz(a)infradead.org> ARC: Improve cmpxchg syscall implementation Andrey Ryabinin <aryabinin(a)virtuozzo.com> netfilter: nf_conntrack: Fix possible possible crash on module loading. Florian Westphal <fw(a)strlen.de> netfilter: nft_compat: explicitly reject ERROR and standard target Russell King <rmk+kernel(a)armlinux.org.uk> drm/armada: fix irq handling Russell King <rmk+kernel(a)armlinux.org.uk> drm/armada: fix colorkey mode property Mikko Perttunen <mperttunen(a)nvidia.com> drm/tegra: Fix comparison operator for buffer size Dmitry Osipenko <digetx(a)gmail.com> gpu: host1x: Check whether size of unpin isn't 0 Stefan Schmidt <stefan(a)datenfreihafen.org> ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem Stefan Schmidt <stefan(a)datenfreihafen.org> ieee802154: at86rf230: use __func__ macro for debug messages Stefan Schmidt <stefan(a)datenfreihafen.org> ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem Douglas Anderson <dianders(a)chromium.org> nvmem: Don't let a NULL cell_id for nvmem_cell_get() crash us Davide Caratti <dcaratti(a)redhat.com> net/sched: act_tunnel_key: fix NULL dereference when 'goto chain' is used Daniel Mack <daniel(a)zonque.org> ARM: pxa: irq: fix handling of ICMR registers in suspend/resume Vladimir Zapolskiy <vladimir_zapolskiy(a)mentor.com> ravb: fix invalid context bug while changing link options by ethtool Vladimir Zapolskiy <vladimir_zapolskiy(a)mentor.com> ravb: fix invalid context bug while calling auto-negotiation by ethtool Vladimir Zapolskiy <vladimir_zapolskiy(a)mentor.com> sh_eth: fix invalid context bug while changing link options by ethtool Vladimir Zapolskiy <vladimir_zapolskiy(a)mentor.com> sh_eth: fix invalid context bug while calling auto-negotiation by ethtool Arun Kumar Neelakantam <aneela(a)codeaurora.org> net: qrtr: Broadcast messages only from control port Paul Moore <paul(a)paul-moore.com> ipv6: make ipv6_renew_options() interrupt/kernel safe Florian Westphal <fw(a)strlen.de> netfilter: x_tables: set module owner for icmp(6) matches Lubomir Rintel <lkundrak(a)v3.sk> ieee802154: 6lowpan: set IFLA_LINK Taeung Song <treeze.taeung(a)gmail.com> samples/bpf: Check the error of write() and read() Taeung Song <treeze.taeung(a)gmail.com> samples/bpf: Check the result of system() Taeung Song <treeze.taeung(a)gmail.com> samples/bpf: add missing <linux/if_vlan.h> Maciej Purski <m.purski(a)samsung.com> drm/bridge/sii8620: Fix display of packed pixel modes Yuiko Oshino <yuiko.oshino(a)microchip.com> smsc75xx: Add workaround for gigabit link up hardware errata. Zhen Lei <thunder.leizhen(a)huawei.com> kasan: fix shadow_size calculation error in kasan_module_alloc Mathieu Malaterre <malat(a)debian.org> tracing: Use __printf markup to silence compiler Mauricio Vasquez B <mauricio.vasquez(a)polito.it> bpf: hash map: decrement counter on error Fabio Estevam <fabio.estevam(a)nxp.com> ARM: imx_v4_v5_defconfig: Select ULPI support Fabio Estevam <fabio.estevam(a)nxp.com> ARM: imx_v6_v7_defconfig: Select ULPI support Jason Gerecke <killertofu(a)gmail.com> HID: wacom: Correct touch maximum XY of 2nd-gen Intuos Zhenzhong Duan <zhenzhong.duan(a)oracle.com> x86/mm/32: Initialize the CR4 shadow before __flush_tlb_all() Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: fix swapped emit_ib_size in vce3 Hangbin Liu <liuhangbin(a)gmail.com> ipvlan: call dev_change_flags when ipvlan mode is reset Josh Poimboeuf <jpoimboe(a)redhat.com> objtool: Support GCC 8 '-fnoreorder-functions' Greg Ungerer <gerg(a)linux-m68k.org> m68k: fix "bad page state" oops on ColdFire boot Stafford Horne <shorne(a)gmail.com> openrisc: entry: Fix delay slot exception detection Dave Jiang <dave.jiang(a)intel.com> acpi/nfit: fix cmd_rc for acpi_nfit_ctl to always return a value Madalin Bucur <madalin.bucur(a)nxp.com> dpaa_eth: DPAA SGT needs to be 256B Madalin Bucur <madalin.bucur(a)nxp.com> fsl/fman: fix parser reporting bad checksum on short frames Sudarsana Reddy Kalluru <sudarsana.kalluru(a)cavium.com> bnx2x: Fix receiving tx-timeout in error or recovery state. Nicholas Mc Guire <hofrat(a)osadl.org> PCI: faraday: Add missing of_node_put() Nicholas Mc Guire <hofrat(a)osadl.org> PCI: xilinx-nwl: Add missing of_node_put() Nicholas Mc Guire <hofrat(a)osadl.org> PCI: xilinx: Add missing of_node_put() Daniel Borkmann <daniel(a)iogearbox.net> bpf, s390: fix potential memleak when later bpf_jit_prog fails Bart Van Assche <bart.vanassche(a)wdc.com> drbd: Fix drbd_request_prepare() discard handling Marek Szyprowski <m.szyprowski(a)samsung.com> drm/exynos: decon5433: Fix WINCONx reset value Marek Szyprowski <m.szyprowski(a)samsung.com> drm/exynos: decon5433: Fix per-plane global alpha for XRGB modes Marek Szyprowski <m.szyprowski(a)samsung.com> drm/exynos: gsc: Fix support for NV16/61, YUV420/YVU420 and YUV422 modes Johannes Berg <johannes.berg(a)intel.com> nl80211: check nla_parse_nested() return values Bob Copeland <me(a)bobcopeland.com> nl80211: relax ht operation checks for mesh Jeff Moyer <jmoyer(a)redhat.com> dev-dax: check_vma: ratelimit dev_info-s BingJing Chang <bingjingc(a)synology.com> md/raid10: fix that replacement cannot complete recovery after reassemble Ryan Hsu <ryanhsu(a)codeaurora.org> ath10k: update the phymode along with bandwidth change request Dan Carpenter <dan.carpenter(a)oracle.com> dmaengine: k3dma: Off by one in k3_of_dma_simple_xlate() Marek Szyprowski <m.szyprowski(a)samsung.com> dmaengine: pl330: report BURST residue granularity Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> ARM64: dts: meson-gxl: fix Mali GPU compatible string Keerthy <j-keerthy(a)ti.com> ARM: dts: da850: Fix interrups property for gpio Andy Lutomirski <luto(a)kernel.org> selftests/x86/sigreturn: Do minor cleanups Andy Lutomirski <luto(a)kernel.org> selftests/x86/sigreturn/64: Fix spurious failures on AMD CPUs Chengguang Xu <cgxu519(a)gmx.com> nfp: cast sizeof() to int when comparing with error code Eli Cohen <eli(a)mellanox.com> net/mlx5: E-Switch, Disallow vlan/spoofcheck setup if not being esw manager Yan, Zheng <zyan(a)redhat.com> ceph: fix dentry leak in splice_dentry() Jann Horn <jannh(a)google.com> netfilter: nf_log: fix uninit read in nf_log_proc_dostring Adam Ford <aford173(a)gmail.com> ARM: davinci: board-da850-evm: fix WP pin polarity for MMC/SD Jiri Olsa <jolsa(a)kernel.org> perf bench: Fix numa report output code Yonghong Song <yhs(a)fb.com> perf tools: Fix a clang 7.0 compilation error Sandipan Das <sandipan(a)linux.ibm.com> perf report powerpc: Fix crash if callchain is empty Thomas Richter <tmricht(a)linux.ibm.com> perf test session topology: Fix test on s390 Thomas Richter <tmricht(a)linux.ibm.com> perf record: Support s390 random socket_id assignment Dirk Gouders <dirk(a)gouders.net> kconfig: fix line numbers for if-entries in menu tree Dan Carpenter <dan.carpenter(a)oracle.com> typec: tcpm: Fix a msecs vs jiffies bug Hans de Goede <hdegoede(a)redhat.com> NFC: pn533: Fix wrong GFP flag usage Ajay Gupta <ajaykuee(a)gmail.com> usb: xhci: increase CRS timeout value Dongjiu Geng <gengdongjiu(a)huawei.com> usb: xhci: remove the code build warning Takashi Iwai <tiwai(a)suse.de> ALSA: seq: Fix UBSAN warning at SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT ioctl Daniel Mack <daniel(a)zonque.org> ARM: dts: am437x: make edt-ft5x06 a wakeup source Michael Trimarchi <michael(a)amarulasolutions.com> brcmfmac: stop watchdog before detach and free everything Tomasz Duszynski <tduszyns(a)gmail.com> iio: pressure: bmp280: fix relative humidity unit Ganesh Goudar <ganeshgr(a)chelsio.com> cxgb4: when disabling dcb set txq dcb priority to 0 Linus Lüssing <linus.luessing(a)c0d3.blue> batman-adv: Fix multicast TT issues with bogus ROAM flags Linus Lüssing <linus.luessing(a)c0d3.blue> batman-adv: Avoid storing non-TT-sync flags on singular entries too Sven Eckelmann <sven(a)narfation.org> batman-adv: Fix bat_v best gw refcnt after netlink dump Sven Eckelmann <sven(a)narfation.org> batman-adv: Fix bat_ogm_iv best gw refcnt after netlink dump Rob Herring <robh(a)kernel.org> arm64: dts: msm8916: fix Coresight ETF graph connections Casey Schaufler <casey(a)schaufler-ca.com> Smack: Mark inode instant in smack_task_to_inode Hangbin Liu <liuhangbin(a)gmail.com> ipv6: mcast: fix unsolicited report interval after receiving querys Zhenzhong Duan <zhenzhong.duan(a)oracle.com> x86/microcode/intel: Fix memleak in save_microcode_patch() Geert Uytterhoeven <geert(a)linux-m68k.org> mtd: dataflash: Use ULL suffix for 64-bit constants Jeffrin Jose T <ahiliation(a)gmail.com> selftests: bpf: notification about privilege required to run test_kmod.sh testing script Steven Rostedt (VMware) <rostedt(a)goodmis.org> locking/lockdep: Do not record IRQ state within lockdep code Maciej Purski <m.purski(a)samsung.com> drm/bridge/sii8620: fix display of packed pixel modes in MHL2 Ard Biesheuvel <ard.biesheuvel(a)linaro.org> KVM: arm/arm64: Drop resource size check for GICV window Marcelo Ricardo Leitner <marcelo.leitner(a)gmail.com> sctp: fix erroneous inc of snmp SctpFragUsrMsgs Bartosz Golaszewski <bgolaszewski(a)baylibre.com> net: davinci_emac: match the mdio device against its compatible if possible Doron Roberts-Kedes <doronrk(a)fb.com> nbd: Add the nbd NBD_DISCONNECT_ON_CLOSE config flag. Alexey Brodkin <Alexey.Brodkin(a)synopsys.com> ARC: Enable machine_desc->init_per_cpu for !CONFIG_SMP Dan Carpenter <dan.carpenter(a)oracle.com> block: sed-opal: Fix a couple off by one bugs Max Gurtuvoy <maxg(a)mellanox.com> nvmet: reset keep alive timer in controller enable Dinh Nguyen <dinguyen(a)kernel.org> net: stmmac: socfpga: add additional ocp reset line for Stratix10 Li RongQing <lirongqing(a)baidu.com> net: propagate dev_get_valid_name return code Stefan Agner <stefan(a)agner.ch> net: hamradio: use eth_broadcast_addr Govindarajulu Varadarajan <gvaradar(a)cisco.com> enic: initialize enic->rfs_h.lock in enic_probe Sudarsana Reddy Kalluru <sudarsana.kalluru(a)cavium.com> qed: Do not advertise DCBX_LLD_MANAGED capability. Sudarsana Reddy Kalluru <sudarsana.kalluru(a)cavium.com> qed: Add sanity check for SIMD fastpath handler. Sudarsana Reddy Kalluru <sudarsana.kalluru(a)cavium.com> qed: Fix possible memory leak in Rx error path handling. Zhizhou Zhang <zhizhouzhang(a)asrmicro.com> arm64: make secondary_start_kernel() notrace Marek Szyprowski <m.szyprowski(a)samsung.com> arm64: dma-mapping: clear buffers allocated with FORCE_CONTIGUOUS flag Zhouyang Jia <jiazhouyang09(a)gmail.com> xen/scsiback: add error handling for xenbus_printf Zhouyang Jia <jiazhouyang09(a)gmail.com> scsi: xen-scsifront: add error handling for xenbus_printf Trond Myklebust <trond.myklebust(a)hammerspace.com> pNFS: Always free the session slot on error in nfs4_layoutget_handle_exception Zhouyang Jia <jiazhouyang09(a)gmail.com> xen: add error handling for xenbus_printf Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> dwc2: gadget: Fix ISOC IN DDMA PID bitfield value calculation Grigor Tovmasyan <Grigor.Tovmasyan(a)synopsys.com> usb: gadget: dwc2: fix memory leak in gadget_init() Chunfeng Yun <chunfeng.yun(a)mediatek.com> usb: gadget: composite: fix delayed_status race condition when set_interface William Wu <william.wu(a)rock-chips.com> usb: dwc2: fix isoc split in transfer with no data William Wu <william.wu(a)rock-chips.com> usb: dwc2: alloc dma aligned buffer for isoc split in John Garry <john.garry(a)huawei.com> libahci: Fix possible Spectre-v1 pmp indexing in ahci_led_store() Vijay Immanuel <vijayi(a)attalasystems.com> IB/rxe: Fix missing completion for mem_reg work requests Ayan Kumar Halder <ayan.halder(a)arm.com> drm/arm/malidp: Preserve LAYER_FORMAT contents when setting format Alison Wang <alison.wang(a)nxp.com> drm: mali-dp: Enable Global SE interrupts mask for DP500 Hoan Tran <hoan.tran(a)amperecomputing.com> drivers/perf: xgene_pmu: Fix IOB SLOW PMU parser error Ray Jui <ray.jui(a)broadcom.com> arm64: dts: Stingray: Fix I2C controller interrupt type Ray Jui <ray.jui(a)broadcom.com> arm64: dts: ns2: Fix PCIe controller interrupt type Ray Jui <ray.jui(a)broadcom.com> arm64: dts: ns2: Fix I2C controller interrupt type Scott Branden <scott.branden(a)broadcom.com> arm64: dts: specify 1.8V EMMC capabilities for bcm958742t Scott Branden <scott.branden(a)broadcom.com> arm64: dts: specify 1.8V EMMC capabilities for bcm958742k Ray Jui <ray.jui(a)broadcom.com> ARM: dts: Cygnus: Fix PCIe controller interrupt type Ray Jui <ray.jui(a)broadcom.com> ARM: dts: Cygnus: Fix I2C controller interrupt type Florian Fainelli <f.fainelli(a)gmail.com> ARM: dts: BCM5301x: Fix i2c controller interrupt type Florian Fainelli <f.fainelli(a)gmail.com> ARM: dts: NSP: Fix PCIe controllers interrupt types Florian Fainelli <f.fainelli(a)gmail.com> ARM: dts: NSP: Fix i2c controller interrupt type Fathi Boudra <fathi.boudra(a)linaro.org> selftests: sync: add config fragment for testing sync framework Shuah Khan (Samsung OSG) <shuah(a)kernel.org> selftests: vm: return Kselftest Skip code for skipped tests Shuah Khan (Samsung OSG) <shuah(a)kernel.org> selftests: zram: return Kselftest Skip code for skipped tests Shuah Khan (Samsung OSG) <shuah(a)kernel.org> selftests: user: return Kselftest Skip code for skipped tests Shuah Khan (Samsung OSG) <shuah(a)kernel.org> selftests: sysctl: return Kselftest Skip code for skipped tests Shuah Khan (Samsung OSG) <shuah(a)kernel.org> selftests: static_keys: return Kselftest Skip code for skipped tests Shuah Khan (Samsung OSG) <shuah(a)kernel.org> selftests: pstore: return Kselftest Skip code for skipped tests Gao Feng <gfree.wind(a)vip.163.com> netfilter: nf_ct_helper: Fix possible panic after nf_conntrack_helper_unregister Eric Dumazet <edumazet(a)google.com> netfilter: ipv6: nf_defrag: reduce struct net memory waste Mika Westerberg <mika.westerberg(a)linux.intel.com> ACPI / EC: Use ec_no_wakeup on Thinkpad X1 Carbon 6th Johan Hovold <johan(a)kernel.org> usb: dwc3: of-simple: fix use-after-free on remove Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: gadget: Fix issue in dwc2_gadget_start_isoc() Vincent Pelletier <plr.vincent(a)gmail.com> usb: gadget: ffs: Fix BUG when userland exits with submitted AIO transfers Heikki Krogerus <heikki.krogerus(a)linux.intel.com> usb: dwc3: pci: add support for Intel IceLake Anson Huang <Anson.Huang(a)nxp.com> soc: imx: gpcv2: correct PGC offset Guenter Roeck <linux(a)roeck-us.net> hwmon: (nct6775) Fix loop limit Alexey Brodkin <abrodkin(a)synopsys.com> ARC: Explicitly add -mmedium-calls to CFLAGS Maciej Purski <m.purski(a)samsung.com> drm/bridge/sii8620: fix potential buffer overflow Andrzej Hajda <a.hajda(a)samsung.com> drm/bridge/sii8620: fix loops in EDID fetch logic Christophe Jaillet <christophe.jaillet(a)wanadoo.fr> IB/mlx4: Fix an error handling path in 'mlx4_ib_rereg_user_mr()' Lucas Stach <l.stach(a)pengutronix.de> Input: synaptics-rmi4 - fix axis-swap behavior Jiri Olsa <jolsa(a)kernel.org> perf tools: Fix error index for pmu event parser Dong Jia Shi <bjsdjshi(a)linux.vnet.ibm.com> vfio: ccw: fix error return in vfio_ccw_sch_event Viresh Kumar <viresh.kumar(a)linaro.org> arm: dts: armada: Fix "#cooling-cells" property's name Matthijs van Duin <matthijsvanduin(a)gmail.com> pty: fix O_CLOEXEC for TIOCGPTPEER Takashi Iwai <tiwai(a)suse.de> EDAC: Add missing MEM_LRDDR4 entry in edac_mem_types[] Gustavo A. R. Silva <gustavo(a)embeddedor.com> drm/i915/kvmgt: Fix potential Spectre v1 Jeremy Cline <jcline(a)redhat.com> ext4: fix spectre gadget in ext4_mb_regular_allocator() ------------- Diffstat: Makefile | 10 +- arch/arc/Makefile | 15 +-- arch/arc/include/asm/mach_desc.h | 2 - arch/arc/kernel/irq.c | 2 +- arch/arc/kernel/process.c | 47 +++++++-- arch/arm/boot/dts/am3517.dtsi | 5 + arch/arm/boot/dts/am437x-sk-evm.dts | 2 + arch/arm/boot/dts/armada-385-synology-ds116.dts | 2 +- arch/arm/boot/dts/bcm-cygnus.dtsi | 24 ++--- arch/arm/boot/dts/bcm-nsp.dtsi | 32 +++--- arch/arm/boot/dts/bcm5301x.dtsi | 2 +- arch/arm/boot/dts/da850.dtsi | 6 +- arch/arm/boot/dts/imx6qdl-zii-rdu2.dtsi | 2 +- arch/arm/configs/imx_v4_v5_defconfig | 2 + arch/arm/configs/imx_v6_v7_defconfig | 2 + arch/arm/mach-davinci/board-da850-evm.c | 2 +- arch/arm/mach-omap2/omap-smp.c | 41 ++++++++ arch/arm/mach-pxa/irq.c | 4 +- arch/arm/mm/init.c | 9 ++ arch/arm64/boot/dts/amlogic/meson-gxl-mali.dtsi | 2 +- arch/arm64/boot/dts/broadcom/northstar2/ns2.dtsi | 8 +- .../boot/dts/broadcom/stingray/bcm958742k.dts | 4 + .../boot/dts/broadcom/stingray/bcm958742t.dts | 4 + .../arm64/boot/dts/broadcom/stingray/stingray.dtsi | 4 +- arch/arm64/boot/dts/qcom/msm8916.dtsi | 4 +- arch/arm64/kernel/smp.c | 2 +- arch/arm64/mm/dma-mapping.c | 9 +- arch/m68k/include/asm/mcf_pgalloc.h | 4 +- arch/openrisc/kernel/entry.S | 8 +- arch/openrisc/kernel/head.S | 9 +- arch/openrisc/kernel/traps.c | 2 +- arch/parisc/include/asm/spinlock.h | 8 +- arch/parisc/kernel/syscall.S | 24 ++--- arch/s390/net/bpf_jit_comp.c | 1 + arch/x86/kernel/cpu/microcode/intel.c | 5 +- arch/x86/kernel/kvmclock.c | 1 + arch/x86/kernel/smpboot.c | 5 + block/sed-opal.c | 4 +- drivers/acpi/ec.c | 20 ++++ drivers/acpi/nfit/core.c | 4 + drivers/ata/libahci.c | 7 +- drivers/block/drbd/drbd_req.c | 4 +- drivers/block/nbd.c | 40 ++++++-- drivers/dax/device.c | 12 ++- drivers/dma/k3dma.c | 2 +- drivers/dma/pl330.c | 2 +- drivers/edac/edac_mc.c | 1 + drivers/gpu/drm/amd/amdgpu/vce_v3_0.c | 4 +- drivers/gpu/drm/arm/malidp_hw.c | 3 +- drivers/gpu/drm/arm/malidp_planes.c | 5 +- drivers/gpu/drm/armada/armada_crtc.c | 12 ++- drivers/gpu/drm/armada/armada_hw.h | 1 + drivers/gpu/drm/armada/armada_overlay.c | 30 ++++-- drivers/gpu/drm/bridge/sil-sii8620.c | 41 +++++--- drivers/gpu/drm/exynos/exynos5433_drm_decon.c | 6 +- drivers/gpu/drm/exynos/exynos_drm_gsc.c | 29 ++++-- drivers/gpu/drm/exynos/regs-gsc.h | 1 + drivers/gpu/drm/i915/gvt/kvmgt.c | 9 +- drivers/gpu/drm/nouveau/nouveau_gem.c | 4 +- drivers/gpu/drm/tegra/drm.c | 2 +- drivers/gpu/host1x/job.c | 3 +- drivers/hid/wacom_wac.c | 10 +- drivers/hwmon/nct6775.c | 2 +- drivers/i2c/busses/i2c-imx.c | 8 +- drivers/i2c/i2c-core-acpi.c | 11 +- drivers/iio/pressure/bmp280-core.c | 5 +- drivers/infiniband/hw/mlx4/mr.c | 7 +- drivers/infiniband/hw/mlx5/srq.c | 18 ++-- drivers/infiniband/sw/rxe/rxe_req.c | 3 + drivers/input/rmi4/rmi_2d_sensor.c | 34 +++---- drivers/md/raid10.c | 7 ++ drivers/mtd/devices/mtd_dataflash.c | 4 +- drivers/net/ethernet/broadcom/bnx2x/bnx2x.h | 1 + drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 6 ++ drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 6 ++ drivers/net/ethernet/broadcom/bnxt/bnxt.c | 13 ++- drivers/net/ethernet/cavium/octeon/octeon_mgmt.c | 14 ++- drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 2 +- drivers/net/ethernet/cisco/enic/enic_clsf.c | 3 +- drivers/net/ethernet/cisco/enic/enic_main.c | 3 +- drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 15 +-- drivers/net/ethernet/freescale/fman/fman_port.c | 8 ++ drivers/net/ethernet/ibm/ibmvnic.c | 4 +- drivers/net/ethernet/intel/ixgbe/ixgbe_common.c | 12 ++- drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 12 +-- drivers/net/ethernet/mellanox/mlx5/core/vport.c | 2 - .../net/ethernet/netronome/nfp/nfpcore/nfp_nffw.c | 2 +- drivers/net/ethernet/qlogic/qed/qed_dcbx.c | 11 +- drivers/net/ethernet/qlogic/qed/qed_ll2.c | 11 +- drivers/net/ethernet/qlogic/qed/qed_main.c | 12 ++- drivers/net/ethernet/qlogic/qlcnic/qlcnic_sysfs.c | 2 + drivers/net/ethernet/qualcomm/qca_spi.c | 21 ++-- drivers/net/ethernet/renesas/ravb_main.c | 56 +++-------- drivers/net/ethernet/renesas/sh_eth.c | 59 +++-------- drivers/net/ethernet/stmicro/stmmac/Kconfig | 2 +- .../net/ethernet/stmicro/stmmac/dwmac-socfpga.c | 18 +++- drivers/net/ethernet/ti/davinci_emac.c | 4 + drivers/net/hamradio/bpqether.c | 8 +- drivers/net/hyperv/rndis_filter.c | 1 + drivers/net/ieee802154/at86rf230.c | 15 +-- drivers/net/ieee802154/fakelb.c | 2 +- drivers/net/ipvlan/ipvlan_main.c | 36 +++++-- drivers/net/usb/rtl8150.c | 2 +- drivers/net/usb/smsc75xx.c | 62 ++++++++++++ drivers/net/wireless/ath/ath10k/mac.c | 16 ++- drivers/net/wireless/ath/ath10k/wmi.h | 1 + .../wireless/broadcom/brcm80211/brcmfmac/sdio.c | 7 ++ drivers/nfc/pn533/usb.c | 4 +- drivers/nvme/host/core.c | 2 +- drivers/nvme/target/core.c | 8 ++ drivers/nvmem/core.c | 4 + drivers/pci/host/pci-ftpci100.c | 2 + drivers/pci/host/pci-versatile.c | 2 +- drivers/pci/host/pcie-xilinx-nwl.c | 2 +- drivers/pci/host/pcie-xilinx.c | 1 + drivers/pci/hotplug/pci_hotplug_core.c | 9 ++ drivers/pci/hotplug/pciehp.h | 1 + drivers/pci/hotplug/pciehp_core.c | 7 ++ drivers/pci/hotplug/pciehp_hpc.c | 18 +--- drivers/pci/pci.c | 38 +++++++ drivers/pci/probe.c | 4 + drivers/perf/xgene_pmu.c | 2 +- drivers/pinctrl/bcm/pinctrl-nsp-mux.c | 6 +- drivers/pinctrl/pinctrl-ingenic.c | 2 +- drivers/s390/cio/vfio_ccw_drv.c | 5 +- drivers/scsi/qedf/qedf_main.c | 12 +++ drivers/scsi/qedi/qedi_main.c | 11 ++ drivers/scsi/xen-scsifront.c | 33 ++++-- drivers/soc/imx/gpc.c | 21 ++++ drivers/soc/imx/gpcv2.c | 13 ++- drivers/staging/typec/tcpm.c | 3 +- drivers/tty/pty.c | 2 +- drivers/usb/dwc2/core.h | 3 + drivers/usb/dwc2/gadget.c | 15 ++- drivers/usb/dwc2/hcd.c | 89 ++++++++++++++++- drivers/usb/dwc2/hcd.h | 8 ++ drivers/usb/dwc2/hcd_intr.c | 11 +- drivers/usb/dwc2/hcd_queue.c | 3 + drivers/usb/dwc3/dwc3-of-simple.c | 3 +- drivers/usb/dwc3/dwc3-pci.c | 2 + drivers/usb/gadget/composite.c | 3 + drivers/usb/gadget/function/f_fs.c | 26 +++-- drivers/usb/host/xhci-tegra.c | 2 +- drivers/usb/host/xhci.c | 7 +- drivers/xen/manage.c | 18 +++- drivers/xen/xen-scsiback.c | 16 ++- fs/btrfs/scrub.c | 17 ++-- fs/ceph/inode.c | 1 + fs/ext4/mballoc.c | 4 +- fs/f2fs/segment.c | 32 +++++- fs/f2fs/segment.h | 22 +++- fs/nfs/nfs4proc.c | 17 ++-- fs/reiserfs/xattr.c | 4 +- include/linux/fsl/guts.h | 1 + include/linux/pci.h | 2 + include/net/ipv6.h | 9 +- include/net/net_namespace.h | 1 + include/net/netns/ipv6.h | 1 - include/net/tc_act/tc_tunnel_key.h | 1 - include/net/tcp.h | 2 - include/uapi/linux/nbd.h | 3 + kernel/bpf/hashtab.c | 16 ++- kernel/locking/lockdep.c | 12 +-- kernel/trace/trace.c | 5 + mm/kasan/kasan.c | 5 +- net/batman-adv/bat_iv_ogm.c | 4 +- net/batman-adv/bat_v.c | 4 +- net/batman-adv/translation-table.c | 7 +- net/core/dev.c | 4 +- net/ieee802154/6lowpan/core.c | 6 ++ net/ipv4/netfilter/ip_tables.c | 1 + net/ipv4/tcp.c | 4 +- net/ipv4/tcp_dctcp.c | 25 ----- net/ipv4/tcp_output.c | 4 - net/ipv6/calipso.c | 9 +- net/ipv6/exthdrs.c | 111 ++++++--------------- net/ipv6/ipv6_sockglue.c | 27 +++-- net/ipv6/mcast.c | 9 +- net/ipv6/netfilter/ip6_tables.c | 1 + net/ipv6/netfilter/nf_conntrack_reasm.c | 6 +- net/netfilter/nf_conntrack_core.c | 2 +- net/netfilter/nf_conntrack_helper.c | 5 + net/netfilter/nf_conntrack_proto_dccp.c | 8 +- net/netfilter/nf_log.c | 4 + net/netfilter/nft_compat.c | 13 +++ net/packet/af_packet.c | 12 ++- net/qrtr/qrtr.c | 4 + net/sched/act_tunnel_key.c | 6 +- net/sctp/chunk.c | 4 +- net/smc/af_smc.c | 3 +- net/wireless/nl80211.c | 35 +++---- net/xfrm/xfrm_user.c | 8 +- samples/bpf/parse_varlen.c | 6 +- samples/bpf/test_overhead_user.c | 19 +++- samples/bpf/trace_event_user.c | 27 ++++- scripts/kconfig/zconf.y | 4 +- security/smack/smack_lsm.c | 1 + sound/core/seq/seq_clientmgr.c | 3 +- tools/build/Makefile | 2 +- tools/objtool/elf.c | 41 +++++--- tools/perf/arch/powerpc/util/skip-callchain-idx.c | 2 +- tools/perf/arch/x86/util/perf_regs.c | 2 +- tools/perf/bench/numa.c | 5 +- tools/perf/jvmti/jvmti_agent.c | 3 +- tools/perf/tests/topology.c | 1 + tools/perf/util/c++/clang.cpp | 11 +- tools/perf/util/header.c | 10 +- tools/perf/util/llvm-utils.c | 6 +- tools/perf/util/parse-events.y | 5 + .../util/scripting-engines/trace-event-python.c | 8 +- tools/testing/selftests/bpf/test_kmod.sh | 9 ++ .../selftests/pstore/pstore_post_reboot_tests | 5 +- .../selftests/static_keys/test_static_keys.sh | 13 +++ tools/testing/selftests/sync/config | 4 + tools/testing/selftests/sysctl/sysctl.sh | 20 ++-- tools/testing/selftests/user/test_user_copy.sh | 7 ++ tools/testing/selftests/vm/compaction_test.c | 4 +- tools/testing/selftests/vm/mlock2-tests.c | 12 ++- tools/testing/selftests/vm/run_vmtests | 5 +- tools/testing/selftests/vm/userfaultfd.c | 4 +- tools/testing/selftests/x86/sigreturn.c | 59 ++++++----- tools/testing/selftests/zram/zram.sh | 5 +- tools/testing/selftests/zram/zram_lib.sh | 5 +- virt/kvm/arm/vgic/vgic-v3.c | 5 - virt/kvm/eventfd.c | 11 +- 225 files changed, 1564 insertions(+), 778 deletions(-)

7 years, 3 months

5
212
0 0

[PATCH 4.17 000/324] 4.17.19-stable review

by Greg Kroah-Hartman

NOTE, this is going to be the LAST 4.17.y kernel release. Please move to the 4.18.y tree at this point in time if you have not already. After this release, 4.17.y will be end-of-life. This is the start of the stable review cycle for the 4.17.19 release. There are 324 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat Aug 25 07:48:40 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.17.19-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.17.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.17.19-rc1 Jann Horn <jannh(a)google.com> reiserfs: fix broken xattr handling (heap corruption, bad retval) Esben Haabendal <eha(a)deif.com> i2c: imx: Fix race condition in dma read Hans de Goede <hdegoede(a)redhat.com> i2c: core: ACPI: Properly set status byte to 0 for multi-byte writes Lukas Wunner <lukas(a)wunner.de> PCI: pciehp: Fix unprotected list iteration in IRQ handler Lukas Wunner <lukas(a)wunner.de> PCI: pciehp: Fix use-after-free on unplug Myron Stowe <myron.stowe(a)redhat.com> PCI: Skip MPS logic for Virtual Functions (VFs) Lukas Wunner <lukas(a)wunner.de> PCI: hotplug: Don't leak pci_slot on registration failure Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PCI / ACPI / PM: Resume all bridges on suspend-to-RAM Christian König <ckoenig.leichtzumerken(a)gmail.com> PCI: Restore resized BAR state on resume Ursula Braun <ubraun(a)linux.ibm.com> net/smc: no shutdown in state SMC_LISTEN Willem de Bruijn <willemb(a)google.com> packet: refine ring v3 block size test to hold one frame Florian Westphal <fw(a)strlen.de> netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state Eric Dumazet <edumazet(a)google.com> xfrm_user: prevent leaking 2 bytes of kernel memory John David Anglin <dave.anglin(a)bell.net> parisc: Remove ordered stores from syscall.S John David Anglin <dave.anglin(a)bell.net> parisc: Remove unnecessary barriers from spinlock.h Gustavo A. R. Silva <gustavo(a)embeddedor.com> drm/amdgpu/pm: Fix potential Spectre v1 Gustavo A. R. Silva <gustavo(a)embeddedor.com> drm/i915/kvmgt: Fix potential Spectre v1 Jeremy Cline <jcline(a)redhat.com> ext4: fix spectre gadget in ext4_mb_regular_allocator() Dave Hansen <dave.hansen(a)linux.intel.com> x86/mm/init: Remove freed kernel image areas from alias mapping Dave Hansen <dave.hansen(a)linux.intel.com> x86/mm/init: Add helper for freeing kernel image pages Dave Hansen <dave.hansen(a)linux.intel.com> x86/mm/init: Pass unconverted symbol addresses to free_init_pages() Dave Hansen <dave.hansen(a)linux.intel.com> mm: Allow non-direct-map arguments to free_reserved_area() Matthijs van Duin <matthijsvanduin(a)gmail.com> pty: fix O_CLOEXEC for TIOCGPTPEER Takashi Iwai <tiwai(a)suse.de> EDAC: Add missing MEM_LRDDR4 entry in edac_mem_types[] Linus Torvalds <torvalds(a)linux-foundation.org> mm: make vm_area_alloc() initialize core fields Linus Torvalds <torvalds(a)linux-foundation.org> mm: make vm_area_dup() actually copy the old vma data Linus Torvalds <torvalds(a)linux-foundation.org> mm: use helper functions for allocating and freeing vm_area structs Roland Dreier <roland(a)purestorage.com> nvme: fix handling of metadata_len for NVME_IOCTL_IO_CMD Damien Thébault <damien(a)dtbo.net> platform/x86: dell-laptop: Fix backlight detection Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> ARM: dts: imx6: RDU2: fix irq type for mv88e6xxx switch Robin H. Johnson <robbat2(a)gentoo.org> ACPI / EC: Use ec_no_wakeup on more Thinkpad X1 Carbon 6th systems Anson Huang <Anson.Huang(a)nxp.com> soc: imx: gpc: restrict register range for regmap access Randy Dunlap <rdunlap(a)infradead.org> tcp: identify cryptic messages as TCP seq # bugs Alexander Sverdlin <alexander.sverdlin(a)nokia.com> net: cavium: Add fine-granular dependencies on PCI Stefan Wahren <stefan.wahren(a)i2se.com> net: qca_spi: Fix log level if probe fails Stefan Wahren <stefan.wahren(a)i2se.com> net: qca_spi: Make sure the QCA7000 reset is triggered Stefan Wahren <stefan.wahren(a)i2se.com> net: qca_spi: Avoid packet drop during initial sync Sergei Shtylyov <sergei.shtylyov(a)cogentembedded.com> PCI: v3-semi: Fix I/O space page leak Sergei Shtylyov <sergei.shtylyov(a)cogentembedded.com> PCI: mediatek: Fix I/O space page leak Sergei Shtylyov <sergei.shtylyov(a)cogentembedded.com> PCI: faraday: Fix I/O space page leak Sergei Shtylyov <sergei.shtylyov(a)cogentembedded.com> PCI: aardvark: Fix I/O space page leak Sergei Shtylyov <sergei.shtylyov(a)cogentembedded.com> PCI: designware: Fix I/O space page leak Sergei Shtylyov <sergei.shtylyov(a)cogentembedded.com> PCI: versatile: Fix I/O space page leak Sergei Shtylyov <sergei.shtylyov(a)cogentembedded.com> PCI: xgene: Fix I/O space page leak Sergei Shtylyov <sergei.shtylyov(a)cogentembedded.com> PCI: OF: Fix I/O space page leak Karsten Graul <kgraul(a)linux.ibm.com> net/smc: reset recv timeout after clc handshake Peng Hao <peng.hao2(a)zte.com.cn> kvmclock: fix TSC calibration for nested guests David Lechner <david(a)lechnology.com> net: usb: rtl8150: demote allmulti message to dev_dbg() Alexander Sverdlin <alexander.sverdlin(a)nsn.com> octeon_mgmt: Fix MIX registers configuration on MTU setup Scott Bauer <scott.bauer(a)intel.com> nvme: ensure forward progress during Admin passthru Qu Wenruo <wqu(a)suse.com> btrfs: scrub: Don't use inode page cache in scrub_handle_errored_block() Pavel Machek <pavel(a)ucw.cz> ARM: dts: omap4-droid4: fix dts w.r.t. pwm John Allen <jallen(a)linux.ibm.com> ibmvnic: Fix error recovery on login failure Randy Dunlap <rdunlap(a)infradead.org> net/ethernet/freescale/fman: fix cross-build error Stephen Hemminger <stephen(a)networkplumber.org> hv/netvsc: fix handling of fallback to single queue mode Thomas Falcon <tlfalcon(a)linux.vnet.ibm.com> ibmvnic: Revise RX/TX queue error messages Frank Rowand <frank.rowand(a)sony.com> of: overlay: update phandle cache on overlay apply and remove Dan Carpenter <dan.carpenter(a)oracle.com> drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply() Juri Lelli <juri.lelli(a)redhat.com> sched/deadline: Fix switched_from_dl() warning Jim Mattson <jmattson(a)google.com> kvm: nVMX: Restore exit qual for VM-entry failure due to MSR loading piaojun <piaojun(a)huawei.com> net/9p/client.c: put refcount of trans_mod in error case in parse_opts() Wei Yongjun <weiyongjun1(a)huawei.com> pinctrl: nsp: Fix potential NULL dereference Dan Carpenter <dan.carpenter(a)oracle.com> pinctrl: nsp: off by ones in nsp_pinmux_enable() Paul Cercueil <paul(a)crapouillou.net> pinctrl: ingenic: Fix inverted direction for < JZ4770 Yuchung Cheng <ycheng(a)google.com> tcp: remove DELAYED ACK events in DCTCP Dan Carpenter <dan.carpenter(a)oracle.com> qlogic: check kstrtoul() for errors Alexandre Belloni <alexandre.belloni(a)bootlin.com> rtc: fix alarm read and set offset Willem de Bruijn <willemb(a)google.com> packet: reset network header if packet shorter than ll reserved space Bert Kenward <bkenward(a)solarflare.com> sfc: hold filter_sem consistently during reset Bert Kenward <bkenward(a)solarflare.com> sfc: avoid hang from nested use of the filter_sem Masahiro Yamada <yamada.masahiro(a)socionext.com> kbuild: suppress warnings from 'getconf LFS_*' Laura Abbott <labbott(a)redhat.com> tools: build: Use HOSTLDFLAGS with fixdep Laura Abbott <labbott(a)redhat.com> tools: build: Fixup host c flags Dan Carpenter <dan.carpenter(a)oracle.com> ixgbe: Off by one in ixgbe_ipsec_tx() David Francis <David.Francis(a)amd.com> amd/dc/dce100: On dce100, set clocks to 0 on suspend Alexander Duyck <alexander.h.duyck(a)intel.com> ixgbe: Be more careful when modifying MAC filters Adam Ford <aford173(a)gmail.com> ARM: dts: am3517.dtsi: Disable reference to OMAP3 OTG controller Nishanth Menon <nm(a)ti.com> ARM: DRA7/OMAP5: Enable ACTLR[0] (Enable invalidates of BTB) for secondary cores Russell King <rmk+kernel(a)armlinux.org.uk> sfp: fix module initialisation with netdev already up Russell King <rmk+kernel(a)armlinux.org.uk> sfp: ensure we clean up properly on bus registration failure Steven Rostedt (VMware) <rostedt(a)goodmis.org> ARM: 8780/1: ftrace: Only set kernel memory back to read-only after boot Kamal Heib <kamalheib1(a)gmail.com> RDMA/mlx5: Fix memory leak in mlx5_ib_create_srq() error path Dave Jiang <dave.jiang(a)intel.com> nfit: fix unchecked dereference in acpi_nfit_ctl Jeremy Cline <jcline(a)redhat.com> perf tools: Use python-config --includes rather than --cflags Janne Huttunen <janne.huttunen(a)nokia.com> perf script python: Fix dict reference counting Jiri Olsa <jolsa(a)kernel.org> perf tools: Fix compilation errors on gcc8 Kim Phillips <kim.phillips(a)arm.com> perf test shell: Prevent temporary editor files from being considered test scripts Kim Phillips <kim.phillips(a)arm.com> perf llvm-utils: Remove bashism from kernel include fetch script Manish Rangankar <manish.rangankar(a)cavium.com> scsi: qedi: Send driver state to MFW Saurav Kashyap <saurav.kashyap(a)cavium.com> scsi: qedf: Send the driver state to MFW Don Brace <don.brace(a)microsemi.com> scsi: hpsa: correct enclosure sas address Taeung Song <treeze.taeung(a)gmail.com> samples/bpf: Fix tc and ip paths in xdp2skb_meta.sh Vikas Gupta <vikas.gupta(a)broadcom.com> bnxt_en: Fix for system hang if request_irq fails Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Do not modify max IRQ count after RDMA driver requests/frees IRQs. Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Always set output parameters in bnxt_get_max_rings(). Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Fix inconsistent BNXT_FLAG_AGG_RINGS logic. Venkat Duvvuru <venkatkumar.duvvuru(a)broadcom.com> bnxt_en: Fix the vlan_tci exact match check. Peter Zijlstra <peterz(a)infradead.org> ARC: Improve cmpxchg syscall implementation Gustavo Pimentel <gustavo.pimentel(a)synopsys.com> ARC: [plat-hsdk]: Configure APB GPIO controller on ARC HSDK platform Andrey Ryabinin <aryabinin(a)virtuozzo.com> netfilter: nf_conntrack: Fix possible possible crash on module loading. Florian Westphal <fw(a)strlen.de> netfilter: nft_compat: explicitly reject ERROR and standard target Russell King <rmk+kernel(a)armlinux.org.uk> drm/armada: fix irq handling Russell King <rmk+kernel(a)armlinux.org.uk> drm/armada: fix colorkey mode property Michael Hennerich <michael.hennerich(a)analog.com> net: ieee802154: adf7242: Fix OCL calibration runs Michael Hennerich <michael.hennerich(a)analog.com> net: ieee802154: adf7242: Fix erroneous RX enable Mikko Perttunen <mperttunen(a)nvidia.com> drm/tegra: Fix comparison operator for buffer size Dmitry Osipenko <digetx(a)gmail.com> gpu: host1x: Check whether size of unpin isn't 0 Dmitry Osipenko <digetx(a)gmail.com> gpu: host1x: Skip IOMMU initialization if firewall is enabled Stefan Schmidt <stefan(a)datenfreihafen.org> ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem Stefan Schmidt <stefan(a)datenfreihafen.org> ieee802154: at86rf230: use __func__ macro for debug messages Stefan Schmidt <stefan(a)datenfreihafen.org> ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem Arnd Bergmann <arnd(a)arndb.de> drm/sun4i: link in front-end code if needed Paolo Abeni <pabeni(a)redhat.com> ipfrag: really prevent allocation on netns exit John Fastabend <john.fastabend(a)gmail.com> bpf: fix sk_skb programs without skb->dev assigned Douglas Anderson <dianders(a)chromium.org> nvmem: Don't let a NULL cell_id for nvmem_cell_get() crash us Davide Caratti <dcaratti(a)redhat.com> net/sched: act_tunnel_key: fix NULL dereference when 'goto chain' is used Davide Caratti <dcaratti(a)redhat.com> net/sched: act_csum: fix NULL dereference when 'goto chain' is used Harini Katakam <harini.katakam(a)xilinx.com> net: macb: Free RX ring for all queues Daniel Mack <daniel(a)zonque.org> ARM: pxa: irq: fix handling of ICMR registers in suspend/resume Casey Leedom <leedom(a)chelsio.com> cxgb4: assume flash part size to be 4MB, if it can't be determined Jon Maloy <jon.maloy(a)ericsson.com> tipc: make function tipc_net_finalize() thread safe Jon Maloy <jon.maloy(a)ericsson.com> tipc: fix correct setting of message type in second discoverer Jon Maloy <jon.maloy(a)ericsson.com> tipc: correct discovery message handling during address trial period Jon Maloy <jon.maloy(a)ericsson.com> tipc: fix wrong return value from function tipc_node_try_addr() Vladimir Zapolskiy <vladimir_zapolskiy(a)mentor.com> ravb: fix invalid context bug while changing link options by ethtool Vladimir Zapolskiy <vladimir_zapolskiy(a)mentor.com> ravb: fix invalid context bug while calling auto-negotiation by ethtool Vladimir Zapolskiy <vladimir_zapolskiy(a)mentor.com> sh_eth: fix invalid context bug while changing link options by ethtool Vladimir Zapolskiy <vladimir_zapolskiy(a)mentor.com> sh_eth: fix invalid context bug while calling auto-negotiation by ethtool Arun Kumar Neelakantam <aneela(a)codeaurora.org> net: qrtr: Reset the node and port ID of broadcast messages Arun Kumar Neelakantam <aneela(a)codeaurora.org> net: qrtr: Broadcast messages only from control port Paul Moore <paul(a)paul-moore.com> ipv6: make ipv6_renew_options() interrupt/kernel safe Dan Carpenter <dan.carpenter(a)oracle.com> qed: off by one in qed_parse_mcp_trace_buf() Florian Westphal <fw(a)strlen.de> netfilter: x_tables: set module owner for icmp(6) matches Lubomir Rintel <lkundrak(a)v3.sk> ieee802154: 6lowpan: set IFLA_LINK Arnd Bergmann <arnd(a)arndb.de> ieee802154: mcr20a: add missing includes Taeung Song <treeze.taeung(a)gmail.com> samples/bpf: Check the error of write() and read() Taeung Song <treeze.taeung(a)gmail.com> samples/bpf: Check the result of system() Taeung Song <treeze.taeung(a)gmail.com> samples/bpf: add missing <linux/if_vlan.h> Jim Wilson <jimw(a)sifive.com> RISC-V: Fix PTRACE_SETREGSET bug. Palmer Dabbelt <palmer(a)sifive.com> RISC-V: Don't include irq-riscv-intc.h Andreas Schwab <schwab(a)suse.de> RISC-V: fix R_RISCV_ADD32/R_RISCV_SUB32 relocations Maciej Purski <m.purski(a)samsung.com> drm/bridge/sii8620: Fix display of packed pixel modes Yuiko Oshino <yuiko.oshino(a)microchip.com> smsc75xx: Add workaround for gigabit link up hardware errata. Wang Dongsheng <dongsheng.wang(a)hxt-semitech.com> net: phy: marvell: change default m88e1510 LED configuration Zhen Lei <thunder.leizhen(a)huawei.com> kasan: fix shadow_size calculation error in kasan_module_alloc Mathieu Malaterre <malat(a)debian.org> tracing: Use __printf markup to silence compiler Mauricio Vasquez B <mauricio.vasquez(a)polito.it> bpf: hash map: decrement counter on error Heiner Kallweit <hkallweit1(a)gmail.com> r8169: fix mac address change Doron Roberts-Kedes <doronrk(a)fb.com> tls: fix skb_to_sgvec returning unhandled error. Fabio Estevam <fabio.estevam(a)nxp.com> ARM: imx_v4_v5_defconfig: Select ULPI support Fabio Estevam <fabio.estevam(a)nxp.com> ARM: imx_v6_v7_defconfig: Select ULPI support Jason Gerecke <killertofu(a)gmail.com> HID: wacom: Correct touch maximum XY of 2nd-gen Intuos Zhenzhong Duan <zhenzhong.duan(a)oracle.com> x86/mm/32: Initialize the CR4 shadow before __flush_tlb_all() Peter Zijlstra <peterz(a)infradead.org> kthread, sched/core: Fix kthread_parkme() (again...) Vincent Guittot <vincent.guittot(a)linaro.org> sched/util_est: Fix util_est_dequeue() for throttled cfs_rq Xunlei Pang <xlpang(a)linux.alibaba.com> sched/fair: Fix bandwidth timer clock drift condition Frederic Weisbecker <frederic(a)kernel.org> sched/nohz: Skip remote tick on idle task entirely Greentime Hu <greentime(a)andestech.com> nds32: Fix the dts pointer is not passed correctly issue. Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: fix swapped emit_ib_size in vce3 Kai-Heng Feng <kai.heng.feng(a)canonical.com> usb: xhci: dbc: Don't decrement runtime PM counter if DBC is not started Hangbin Liu <liuhangbin(a)gmail.com> ipvlan: call dev_change_flags when ipvlan mode is reset Josh Poimboeuf <jpoimboe(a)redhat.com> objtool: Support GCC 8 '-fnoreorder-functions' Greg Ungerer <gerg(a)linux-m68k.org> m68k: fix "bad page state" oops on ColdFire boot Eric Biggers <ebiggers(a)google.com> crypto: arm/speck - fix building in Thumb2 mode Stafford Horne <shorne(a)gmail.com> openrisc: entry: Fix delay slot exception detection Vishal Verma <vishal.l.verma(a)intel.com> tools/testing/nvdimm: advertise a write cache for nfit_test Dave Jiang <dave.jiang(a)intel.com> acpi/nfit: fix cmd_rc for acpi_nfit_ctl to always return a value Julian Wiedmann <jwi(a)linux.ibm.com> s390/qeth: consistently re-enable device features Madalin Bucur <madalin.bucur(a)nxp.com> dpaa_eth: DPAA SGT needs to be 256B Madalin Bucur <madalin.bucur(a)nxp.com> fsl/fman: fix parser reporting bad checksum on short frames Sudarsana Reddy Kalluru <sudarsana.kalluru(a)cavium.com> bnx2x: Fix receiving tx-timeout in error or recovery state. Nicholas Mc Guire <hofrat(a)osadl.org> PCI: faraday: Add missing of_node_put() Nicholas Mc Guire <hofrat(a)osadl.org> PCI: xilinx-nwl: Add missing of_node_put() Nicholas Mc Guire <hofrat(a)osadl.org> PCI: xilinx: Add missing of_node_put() Daniel Borkmann <daniel(a)iogearbox.net> bpf, s390: fix potential memleak when later bpf_jit_prog fails Bart Van Assche <bart.vanassche(a)wdc.com> drbd: Fix drbd_request_prepare() discard handling Jens Axboe <axboe(a)kernel.dk> blk-mq: don't queue more if we get a busy return Marek Szyprowski <m.szyprowski(a)samsung.com> drm/exynos: decon5433: Fix WINCONx reset value Marek Szyprowski <m.szyprowski(a)samsung.com> drm/exynos: decon5433: Fix per-plane global alpha for XRGB modes Marek Szyprowski <m.szyprowski(a)samsung.com> drm/exynos: gsc: Fix support for NV16/61, YUV420/YVU420 and YUV422 modes Johannes Berg <johannes.berg(a)intel.com> nl80211: check nla_parse_nested() return values Bob Copeland <me(a)bobcopeland.com> nl80211: relax ht operation checks for mesh Denis Kenzior <denkenz(a)gmail.com> mac80211: disable BHs/preemption in ieee80211_tx_control_port() Jeff Moyer <jmoyer(a)redhat.com> dev-dax: check_vma: ratelimit dev_info-s BingJing Chang <bingjingc(a)synology.com> md/raid10: fix that replacement cannot complete recovery after reassemble Evan Quan <evan.quan(a)amd.com> drm/amd/powerplay: correct vega12 thermal support as true Ryan Hsu <ryanhsu(a)codeaurora.org> ath10k: update the phymode along with bandwidth change request Dan Carpenter <dan.carpenter(a)oracle.com> dmaengine: k3dma: Off by one in k3_of_dma_simple_xlate() Marek Szyprowski <m.szyprowski(a)samsung.com> dmaengine: pl330: report BURST residue granularity Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> ARM64: dts: meson-gxl: fix Mali GPU compatible string Jerome Brunet <jbrunet(a)baylibre.com> ARM64: dts: meson-axg: fix ethernet stability issue Will Deacon <will.deacon(a)arm.com> arm64: Avoid flush_icache_range() in alternatives patching code Katsuhiro Suzuki <suzuki.katsuhiro(a)socionext.com> arm64: dts: uniphier: fix widget name of headphone for LD11/LD20 boards Keerthy <j-keerthy(a)ti.com> ARM: dts: da850: Fix interrups property for gpio Andy Lutomirski <luto(a)kernel.org> selftests/x86/sigreturn: Do minor cleanups Andy Lutomirski <luto(a)kernel.org> selftests/x86/sigreturn/64: Fix spurious failures on AMD CPUs Chengguang Xu <cgxu519(a)gmx.com> nfp: cast sizeof() to int when comparing with error code Sowmini Varadhan <sowmini.varadhan(a)oracle.com> rds: clean up loopback rds_connections on netns deletion Eli Cohen <eli(a)mellanox.com> net/mlx5: E-Switch, Disallow vlan/spoofcheck setup if not being esw manager Yan, Zheng <zyan(a)redhat.com> ceph: fix dentry leak in splice_dentry() Jann Horn <jannh(a)google.com> netfilter: nf_log: fix uninit read in nf_log_proc_dostring Adam Ford <aford173(a)gmail.com> ARM: davinci: board-da850-evm: fix WP pin polarity for MMC/SD Peter Chen <peter.chen(a)nxp.com> usb: chipidea: host: fix disconnection detect issue Dan Carpenter <dan.carpenter(a)oracle.com> clk: davinci: cfgchip: testing the wrong variable Ravi Bangoria <ravi.bangoria(a)linux.ibm.com> perf tools: Fix crash caused by accessing feat_ops[HEADER_LAST_FEATURE] Ravi Bangoria <ravi.bangoria(a)linux.ibm.com> perf script: Fix crash because of missing evsel->priv Jiri Olsa <jolsa(a)kernel.org> perf bench: Fix numa report output code Yonghong Song <yhs(a)fb.com> perf tools: Fix a clang 7.0 compilation error Jiri Olsa <jolsa(a)kernel.org> perf tests: Add event parsing error handling to parse events test Sandipan Das <sandipan(a)linux.ibm.com> perf report powerpc: Fix crash if callchain is empty Thomas Richter <tmricht(a)linux.ibm.com> perf test session topology: Fix test on s390 Thomas Richter <tmricht(a)linux.ibm.com> perf record: Support s390 random socket_id assignment Dirk Gouders <dirk(a)gouders.net> kconfig: fix line numbers for if-entries in menu tree Dan Carpenter <dan.carpenter(a)oracle.com> typec: tcpm: Fix a msecs vs jiffies bug Hans de Goede <hdegoede(a)redhat.com> NFC: pn533: Fix wrong GFP flag usage Ajay Gupta <ajaykuee(a)gmail.com> usb: xhci: increase CRS timeout value Dongjiu Geng <gengdongjiu(a)huawei.com> usb: xhci: remove the code build warning Jakub Kicinski <jakub.kicinski(a)netronome.com> nfp: bpf: don't stop offload if replace failed Takashi Iwai <tiwai(a)suse.de> ALSA: seq: Fix UBSAN warning at SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT ioctl Daniel Mack <daniel(a)zonque.org> ARM: dts: am437x: make edt-ft5x06 a wakeup source Haiyue Wang <haiyue.wang(a)linux.intel.com> ipmi: kcs_bmc: fix IRQ exception if the channel is not open Michael Trimarchi <michael(a)amarulasolutions.com> brcmfmac: stop watchdog before detach and free everything Tomasz Duszynski <tduszyns(a)gmail.com> iio: pressure: bmp280: fix relative humidity unit Ganesh Goudar <ganeshgr(a)chelsio.com> cxgb4: when disabling dcb set txq dcb priority to 0 Linus Lüssing <linus.luessing(a)c0d3.blue> batman-adv: Fix multicast TT issues with bogus ROAM flags Linus Lüssing <linus.luessing(a)c0d3.blue> batman-adv: Avoid storing non-TT-sync flags on singular entries too Sven Eckelmann <sven(a)narfation.org> batman-adv: Fix debugfs path for renamed softif Sven Eckelmann <sven(a)narfation.org> batman-adv: Fix debugfs path for renamed hardif Sven Eckelmann <sven(a)narfation.org> batman-adv: Fix bat_v best gw refcnt after netlink dump Sven Eckelmann <sven(a)narfation.org> batman-adv: Fix bat_ogm_iv best gw refcnt after netlink dump Rob Herring <robh(a)kernel.org> arm64: dts: msm8916: fix Coresight ETF graph connections Casey Schaufler <casey(a)schaufler-ca.com> Smack: Mark inode instant in smack_task_to_inode Hangbin Liu <liuhangbin(a)gmail.com> ipv6: mcast: fix unsolicited report interval after receiving querys Zhenzhong Duan <zhenzhong.duan(a)oracle.com> x86/microcode/intel: Fix memleak in save_microcode_patch() Marc Zyngier <marc.zyngier(a)arm.com> irqchip/gic-v3-its: Fix reprogramming of redistributors on CPU hotplug Marc Zyngier <marc.zyngier(a)arm.com> irqchip/gic-v2m: Fix SPI release on error path Geert Uytterhoeven <geert(a)linux-m68k.org> mtd: dataflash: Use ULL suffix for 64-bit constants Jeffrin Jose T <ahiliation(a)gmail.com> selftests: bpf: notification about privilege required to run test_kmod.sh testing script Steven Rostedt (VMware) <rostedt(a)goodmis.org> locking/lockdep: Do not record IRQ state within lockdep code Masahiro Yamada <yamada.masahiro(a)socionext.com> clk: sunxi-ng: replace lib-y with obj-y Jianchao Wang <jianchao.w.wang(a)oracle.com> nvme-pci: move nvme_kill_queues to nvme_remove_dead_ctrl Maciej Purski <m.purski(a)samsung.com> drm/bridge/sii8620: fix display of packed pixel modes in MHL2 Ard Biesheuvel <ard.biesheuvel(a)linaro.org> KVM: arm/arm64: Drop resource size check for GICV window Marcelo Ricardo Leitner <marcelo.leitner(a)gmail.com> sctp: fix erroneous inc of snmp SctpFragUsrMsgs Bartosz Golaszewski <bgolaszewski(a)baylibre.com> net: davinci_emac: match the mdio device against its compatible if possible Doron Roberts-Kedes <doronrk(a)fb.com> nbd: Add the nbd NBD_DISCONNECT_ON_CLOSE config flag. Anders Roxell <anders.roxell(a)linaro.org> selftests: net: add config fragments Alexey Brodkin <Alexey.Brodkin(a)synopsys.com> ARC: Enable machine_desc->init_per_cpu for !CONFIG_SMP Dan Carpenter <dan.carpenter(a)oracle.com> block: sed-opal: Fix a couple off by one bugs Dan Carpenter <dan.carpenter(a)oracle.com> blk-mq-debugfs: Off by one in blk_mq_rq_state_name() Max Gurtuvoy <maxg(a)mellanox.com> nvmet: reset keep alive timer in controller enable Israel Rukshin <israelr(a)mellanox.com> nvme-rdma: Fix command completion race at error recovery Sagi Grimberg <sagi(a)grimberg.me> nvme-rdma: fix possible double free condition when failing to create a controller Dinh Nguyen <dinguyen(a)kernel.org> net: stmmac: socfpga: add additional ocp reset line for Stratix10 Li RongQing <lirongqing(a)baidu.com> net: propagate dev_get_valid_name return code Stefan Agner <stefan(a)agner.ch> net: hamradio: use eth_broadcast_addr Govindarajulu Varadarajan <gvaradar(a)cisco.com> enic: initialize enic->rfs_h.lock in enic_probe Sudarsana Reddy Kalluru <sudarsana.kalluru(a)cavium.com> qed: Do not advertise DCBX_LLD_MANAGED capability. Sudarsana Reddy Kalluru <sudarsana.kalluru(a)cavium.com> qed: Add sanity check for SIMD fastpath handler. Sudarsana Reddy Kalluru <sudarsana.kalluru(a)cavium.com> qed: Fix possible memory leak in Rx error path handling. Zhizhou Zhang <zhizhouzhang(a)asrmicro.com> arm64: make secondary_start_kernel() notrace Marek Szyprowski <m.szyprowski(a)samsung.com> arm64: dma-mapping: clear buffers allocated with FORCE_CONTIGUOUS flag Zhouyang Jia <jiazhouyang09(a)gmail.com> xen/scsiback: add error handling for xenbus_printf Zhouyang Jia <jiazhouyang09(a)gmail.com> scsi: xen-scsifront: add error handling for xenbus_printf Trond Myklebust <trond.myklebust(a)hammerspace.com> pNFS: Always free the session slot on error in nfs4_layoutget_handle_exception Zhouyang Jia <jiazhouyang09(a)gmail.com> xen: add error handling for xenbus_printf Nicholas Piggin <npiggin(a)gmail.com> powerpc: smp_send_stop do not offline stopped CPUs Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> dwc2: gadget: Fix ISOC IN DDMA PID bitfield value calculation Grigor Tovmasyan <Grigor.Tovmasyan(a)synopsys.com> usb: gadget: dwc2: fix memory leak in gadget_init() Chunfeng Yun <chunfeng.yun(a)mediatek.com> usb: gadget: composite: fix delayed_status race condition when set_interface William Wu <william.wu(a)rock-chips.com> usb: dwc2: fix isoc split in transfer with no data William Wu <william.wu(a)rock-chips.com> usb: dwc2: alloc dma aligned buffer for isoc split in Artur Petrosyan <Arthur.Petrosyan(a)synopsys.com> usb: dwc2: Fix host exit from hibernation flow. Janusz Krzysztofik <jmkrzyszt(a)gmail.com> dmaengine: ti: omap-dma: Fix OMAP1510 incorrect residue_granularity John Garry <john.garry(a)huawei.com> libahci: Fix possible Spectre-v1 pmp indexing in ahci_led_store() Vijay Immanuel <vijayi(a)attalasystems.com> IB/rxe: Fix missing completion for mem_reg work requests Ayan Kumar Halder <ayan.halder(a)arm.com> drm/mali-dp: Rectify the width and height passed to rotmem_required() Ayan Kumar Halder <ayan.halder(a)arm.com> drm/arm/malidp: Preserve LAYER_FORMAT contents when setting format Alison Wang <alison.wang(a)nxp.com> drm: mali-dp: Enable Global SE interrupts mask for DP500 Ayan Kumar Halder <ayan.halder(a)arm.com> drm/arm/malidp: Ensure that the crtcs are shutdown before removing any encoder/connector Hoan Tran <hoan.tran(a)amperecomputing.com> drivers/perf: xgene_pmu: Fix IOB SLOW PMU parser error Ray Jui <ray.jui(a)broadcom.com> arm64: dts: Stingray: Fix I2C controller interrupt type Ray Jui <ray.jui(a)broadcom.com> arm64: dts: ns2: Fix PCIe controller interrupt type Ray Jui <ray.jui(a)broadcom.com> arm64: dts: ns2: Fix I2C controller interrupt type Scott Branden <scott.branden(a)broadcom.com> arm64: dts: specify 1.8V EMMC capabilities for bcm958742t Scott Branden <scott.branden(a)broadcom.com> arm64: dts: specify 1.8V EMMC capabilities for bcm958742k Ray Jui <ray.jui(a)broadcom.com> ARM: dts: Cygnus: Fix PCIe controller interrupt type Ray Jui <ray.jui(a)broadcom.com> ARM: dts: Cygnus: Fix I2C controller interrupt type Florian Fainelli <f.fainelli(a)gmail.com> ARM: dts: BCM5301x: Fix i2c controller interrupt type Florian Fainelli <f.fainelli(a)gmail.com> ARM: dts: HR2: Fix interrupt types for i2c and PCIe Florian Fainelli <f.fainelli(a)gmail.com> ARM: dts: NSP: Fix PCIe controllers interrupt types Florian Fainelli <f.fainelli(a)gmail.com> ARM: dts: NSP: Fix i2c controller interrupt type Fathi Boudra <fathi.boudra(a)linaro.org> selftests: sync: add config fragment for testing sync framework Shuah Khan (Samsung OSG) <shuah(a)kernel.org> selftests: vm: return Kselftest Skip code for skipped tests Shuah Khan (Samsung OSG) <shuah(a)kernel.org> selftests: zram: return Kselftest Skip code for skipped tests Shuah Khan (Samsung OSG) <shuah(a)kernel.org> selftests: user: return Kselftest Skip code for skipped tests Shuah Khan (Samsung OSG) <shuah(a)kernel.org> selftests: sysctl: return Kselftest Skip code for skipped tests Shuah Khan (Samsung OSG) <shuah(a)kernel.org> selftests: static_keys: return Kselftest Skip code for skipped tests Shuah Khan (Samsung OSG) <shuah(a)kernel.org> selftests: pstore: return Kselftest Skip code for skipped tests Gao Feng <gfree.wind(a)vip.163.com> netfilter: nf_ct_helper: Fix possible panic after nf_conntrack_helper_unregister Eric Dumazet <edumazet(a)google.com> netfilter: ipv6: nf_defrag: reduce struct net memory waste Mika Westerberg <mika.westerberg(a)linux.intel.com> ACPI / EC: Use ec_no_wakeup on Thinkpad X1 Carbon 6th Johan Hovold <johan(a)kernel.org> usb: dwc3: of-simple: fix use-after-free on remove Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: gadget: Fix issue in dwc2_gadget_start_isoc() Vincent Pelletier <plr.vincent(a)gmail.com> usb: gadget: ffs: Fix BUG when userland exits with submitted AIO transfers Heikki Krogerus <heikki.krogerus(a)linux.intel.com> usb: dwc3: pci: add support for Intel IceLake Anson Huang <Anson.Huang(a)nxp.com> soc: imx: gpcv2: correct PGC offset Guenter Roeck <linux(a)roeck-us.net> hwmon: (nct6775) Fix loop limit Helge Eichelberg <kernelorg(a)elchenberg.name> hwmon: (dell-smm) Disable fan support for Dell XPS13 9333 Steve French <stfrench(a)microsoft.com> smb3: increase initial number of credits requested to allow write Jakub Kicinski <jakub.kicinski(a)netronome.com> selftests/bpf: test offloads even with BPF programs present Alexey Brodkin <abrodkin(a)synopsys.com> ARC: Explicitly add -mmedium-calls to CFLAGS Maciej Purski <m.purski(a)samsung.com> drm/bridge/sii8620: fix potential buffer overflow Maciej Purski <m.purski(a)samsung.com> drm/bridge/sii8620: fix display modes validation Andrzej Hajda <a.hajda(a)samsung.com> drm/bridge/sii8620: fix loops in EDID fetch logic Julia Lawall <Julia.Lawall(a)lip6.fr> clocksource/drivers/stm32: Fix error return code Christophe Jaillet <christophe.jaillet(a)wanadoo.fr> IB/mlx4: Fix an error handling path in 'mlx4_ib_rereg_user_mr()' Lucas Stach <l.stach(a)pengutronix.de> Input: synaptics-rmi4 - fix axis-swap behavior Kalderon, Michal <Michal.Kalderon(a)cavium.com> RDMA/qedr: Fix NULL pointer dereference when running over iWARP without RDMA-CM Zhu Yanjun <yanjun.zhu(a)oracle.com> IB/rxe: avoid double kfree skb Nicolas Boichat <drinkcat(a)chromium.org> HID: google: Add support for whiskers Jiri Olsa <jolsa(a)kernel.org> perf tools: Fix error index for pmu event parser Dong Jia Shi <bjsdjshi(a)linux.vnet.ibm.com> vfio: ccw: fix error return in vfio_ccw_sch_event Viresh Kumar <viresh.kumar(a)linaro.org> arm: dts: armada: Fix "#cooling-cells" property's name ------------- Diffstat: Makefile | 10 +- arch/arc/Makefile | 15 +-- arch/arc/include/asm/mach_desc.h | 2 - arch/arc/kernel/irq.c | 2 +- arch/arc/kernel/process.c | 47 ++++++-- arch/arc/plat-hsdk/platform.c | 62 +++++++++++ arch/arm/boot/dts/am3517.dtsi | 5 + arch/arm/boot/dts/am437x-sk-evm.dts | 2 + arch/arm/boot/dts/armada-385-synology-ds116.dts | 2 +- arch/arm/boot/dts/bcm-cygnus.dtsi | 24 ++-- arch/arm/boot/dts/bcm-hr2.dtsi | 24 ++-- arch/arm/boot/dts/bcm-nsp.dtsi | 32 +++--- arch/arm/boot/dts/bcm5301x.dtsi | 2 +- arch/arm/boot/dts/da850.dtsi | 6 +- arch/arm/boot/dts/imx6qdl-zii-rdu2.dtsi | 2 +- arch/arm/boot/dts/omap4-droid4-xt894.dts | 9 +- arch/arm/configs/imx_v4_v5_defconfig | 2 + arch/arm/configs/imx_v6_v7_defconfig | 2 + arch/arm/crypto/speck-neon-core.S | 6 +- arch/arm/mach-davinci/board-da850-evm.c | 2 +- arch/arm/mach-omap2/omap-smp.c | 41 +++++++ arch/arm/mach-pxa/irq.c | 4 +- arch/arm/mm/init.c | 9 ++ arch/arm64/boot/dts/amlogic/meson-axg-s400.dts | 15 ++- arch/arm64/boot/dts/amlogic/meson-gxl-mali.dtsi | 2 +- arch/arm64/boot/dts/broadcom/northstar2/ns2.dtsi | 8 +- .../boot/dts/broadcom/stingray/bcm958742k.dts | 4 + .../boot/dts/broadcom/stingray/bcm958742t.dts | 4 + .../arm64/boot/dts/broadcom/stingray/stingray.dtsi | 4 +- arch/arm64/boot/dts/qcom/msm8916.dtsi | 4 +- .../boot/dts/socionext/uniphier-ld11-global.dts | 2 +- .../boot/dts/socionext/uniphier-ld20-global.dts | 2 +- arch/arm64/include/asm/alternative.h | 7 +- arch/arm64/kernel/alternative.c | 51 +++++++-- arch/arm64/kernel/module.c | 5 +- arch/arm64/kernel/smp.c | 2 +- arch/arm64/mm/dma-mapping.c | 9 +- arch/ia64/kernel/perfmon.c | 6 +- arch/ia64/mm/init.c | 12 +- arch/m68k/include/asm/mcf_pgalloc.h | 4 +- arch/nds32/kernel/setup.c | 3 +- arch/openrisc/kernel/entry.S | 8 +- arch/openrisc/kernel/head.S | 9 +- arch/openrisc/kernel/traps.c | 2 +- arch/parisc/include/asm/spinlock.h | 8 +- arch/parisc/kernel/syscall.S | 24 ++-- arch/powerpc/kernel/smp.c | 6 - arch/riscv/kernel/irq.c | 4 - arch/riscv/kernel/module.c | 4 +- arch/riscv/kernel/ptrace.c | 2 +- arch/s390/net/bpf_jit_comp.c | 1 + arch/x86/include/asm/processor.h | 1 + arch/x86/include/asm/set_memory.h | 1 + arch/x86/kernel/cpu/microcode/intel.c | 5 +- arch/x86/kernel/kvmclock.c | 1 + arch/x86/kernel/smpboot.c | 5 + arch/x86/kvm/vmx.c | 9 +- arch/x86/mm/init.c | 37 ++++++- arch/x86/mm/init_64.c | 8 +- arch/x86/mm/pageattr.c | 13 +++ block/blk-mq-debugfs.c | 2 +- block/blk-mq.c | 12 ++ block/sed-opal.c | 4 +- drivers/acpi/ec.c | 20 ++++ drivers/acpi/nfit/core.c | 4 + drivers/ata/libahci.c | 7 +- drivers/block/drbd/drbd_req.c | 4 +- drivers/block/nbd.c | 40 +++++-- drivers/char/ipmi/kcs_bmc.c | 31 ++---- drivers/clk/Makefile | 2 +- drivers/clk/davinci/da8xx-cfgchip.c | 2 +- drivers/clk/sunxi-ng/Makefile | 39 +++---- drivers/clocksource/timer-stm32.c | 4 +- drivers/dax/device.c | 12 +- drivers/dma/k3dma.c | 2 +- drivers/dma/omap-dma.c | 6 +- drivers/dma/pl330.c | 2 +- drivers/edac/edac_mc.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_pm.c | 3 +- drivers/gpu/drm/amd/amdgpu/vce_v3_0.c | 4 +- .../drm/amd/display/dc/dce100/dce100_resource.c | 19 +++- drivers/gpu/drm/amd/powerplay/hwmgr/vega12_hwmgr.c | 1 + drivers/gpu/drm/arm/malidp_drv.c | 3 +- drivers/gpu/drm/arm/malidp_hw.c | 3 +- drivers/gpu/drm/arm/malidp_planes.c | 9 +- drivers/gpu/drm/armada/armada_crtc.c | 12 +- drivers/gpu/drm/armada/armada_hw.h | 1 + drivers/gpu/drm/armada/armada_overlay.c | 30 +++-- drivers/gpu/drm/bridge/sil-sii8620.c | 121 +++++++++++---------- drivers/gpu/drm/exynos/exynos5433_drm_decon.c | 6 +- drivers/gpu/drm/exynos/exynos_drm_gsc.c | 29 +++-- drivers/gpu/drm/exynos/regs-gsc.h | 1 + drivers/gpu/drm/i915/gvt/kvmgt.c | 9 +- drivers/gpu/drm/nouveau/nouveau_gem.c | 4 +- drivers/gpu/drm/sun4i/Makefile | 5 +- drivers/gpu/drm/tegra/drm.c | 2 +- drivers/gpu/host1x/dev.c | 3 + drivers/gpu/host1x/job.c | 3 +- drivers/hid/hid-google-hammer.c | 2 + drivers/hid/hid-ids.h | 1 + drivers/hid/wacom_wac.c | 10 +- drivers/hwmon/dell-smm-hwmon.c | 7 ++ drivers/hwmon/nct6775.c | 2 +- drivers/i2c/busses/i2c-imx.c | 8 +- drivers/i2c/i2c-core-acpi.c | 11 +- drivers/iio/pressure/bmp280-core.c | 5 +- drivers/infiniband/hw/mlx4/mr.c | 7 +- drivers/infiniband/hw/mlx5/srq.c | 18 ++- drivers/infiniband/hw/qedr/verbs.c | 3 + drivers/infiniband/sw/rxe/rxe_req.c | 5 +- drivers/input/rmi4/rmi_2d_sensor.c | 34 +++--- drivers/irqchip/irq-gic-v2m.c | 2 +- drivers/irqchip/irq-gic-v3-its.c | 10 ++ drivers/md/raid10.c | 7 ++ drivers/mtd/devices/mtd_dataflash.c | 4 +- drivers/net/ethernet/broadcom/bnx2x/bnx2x.h | 1 + drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 6 + drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 6 + drivers/net/ethernet/broadcom/bnxt/bnxt.c | 15 ++- drivers/net/ethernet/broadcom/bnxt/bnxt.h | 1 - drivers/net/ethernet/broadcom/bnxt/bnxt_tc.c | 30 ++++- drivers/net/ethernet/broadcom/bnxt/bnxt_ulp.c | 2 - drivers/net/ethernet/cadence/macb_main.c | 11 +- drivers/net/ethernet/cavium/Kconfig | 12 +- drivers/net/ethernet/cavium/octeon/octeon_mgmt.c | 14 ++- drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 2 +- drivers/net/ethernet/chelsio/cxgb4/t4_hw.c | 35 +++--- drivers/net/ethernet/cisco/enic/enic_clsf.c | 3 +- drivers/net/ethernet/cisco/enic/enic_main.c | 3 +- drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 15 +-- drivers/net/ethernet/freescale/fman/fman_port.c | 8 ++ drivers/net/ethernet/ibm/ibmvnic.c | 43 +++++--- drivers/net/ethernet/intel/ixgbe/ixgbe_common.c | 12 +- drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 12 +- drivers/net/ethernet/mellanox/mlx5/core/vport.c | 2 - drivers/net/ethernet/netronome/nfp/bpf/main.c | 6 +- .../net/ethernet/netronome/nfp/nfpcore/nfp_nffw.c | 2 +- drivers/net/ethernet/qlogic/qed/qed_dcbx.c | 11 +- drivers/net/ethernet/qlogic/qed/qed_debug.c | 2 +- drivers/net/ethernet/qlogic/qed/qed_ll2.c | 11 +- drivers/net/ethernet/qlogic/qed/qed_main.c | 12 +- drivers/net/ethernet/qlogic/qlcnic/qlcnic_sysfs.c | 2 + drivers/net/ethernet/qualcomm/qca_spi.c | 21 ++-- drivers/net/ethernet/realtek/r8169.c | 1 + drivers/net/ethernet/renesas/ravb_main.c | 56 +++------- drivers/net/ethernet/renesas/sh_eth.c | 59 +++------- drivers/net/ethernet/sfc/ef10.c | 30 +++-- drivers/net/ethernet/sfc/efx.c | 17 ++- drivers/net/ethernet/stmicro/stmmac/Kconfig | 2 +- .../net/ethernet/stmicro/stmmac/dwmac-socfpga.c | 18 ++- drivers/net/ethernet/ti/davinci_emac.c | 4 + drivers/net/hamradio/bpqether.c | 8 +- drivers/net/hyperv/rndis_filter.c | 1 + drivers/net/ieee802154/adf7242.c | 34 +++++- drivers/net/ieee802154/at86rf230.c | 15 +-- drivers/net/ieee802154/fakelb.c | 2 +- drivers/net/ieee802154/mcr20a.c | 3 +- drivers/net/ipvlan/ipvlan_main.c | 36 ++++-- drivers/net/phy/marvell.c | 54 ++++++--- drivers/net/phy/sfp-bus.c | 35 ++++-- drivers/net/usb/rtl8150.c | 2 +- drivers/net/usb/smsc75xx.c | 62 +++++++++++ drivers/net/wireless/ath/ath10k/mac.c | 16 ++- drivers/net/wireless/ath/ath10k/wmi.h | 1 + .../wireless/broadcom/brcm80211/brcmfmac/sdio.c | 7 ++ drivers/nfc/pn533/usb.c | 4 +- drivers/nvme/host/core.c | 52 ++++----- drivers/nvme/host/pci.c | 2 +- drivers/nvme/host/rdma.c | 28 +++-- drivers/nvme/target/core.c | 8 ++ drivers/nvmem/core.c | 4 + drivers/of/base.c | 6 +- drivers/of/of_private.h | 2 + drivers/of/overlay.c | 11 ++ drivers/pci/dwc/pcie-designware-host.c | 3 +- drivers/pci/host/pci-aardvark.c | 2 +- drivers/pci/host/pci-ftpci100.c | 4 +- drivers/pci/host/pci-v3-semi.c | 2 +- drivers/pci/host/pci-versatile.c | 2 +- drivers/pci/host/pci-xgene.c | 2 +- drivers/pci/host/pcie-mediatek.c | 2 +- drivers/pci/host/pcie-xilinx-nwl.c | 2 +- drivers/pci/host/pcie-xilinx.c | 1 + drivers/pci/hotplug/pci_hotplug_core.c | 9 ++ drivers/pci/hotplug/pciehp.h | 1 + drivers/pci/hotplug/pciehp_core.c | 7 ++ drivers/pci/hotplug/pciehp_hpc.c | 18 +-- drivers/pci/of.c | 2 +- drivers/pci/pci-acpi.c | 6 +- drivers/pci/pci.c | 66 +++++++++++ drivers/pci/probe.c | 4 + drivers/perf/xgene_pmu.c | 2 +- drivers/pinctrl/bcm/pinctrl-nsp-mux.c | 6 +- drivers/pinctrl/pinctrl-ingenic.c | 2 +- drivers/platform/x86/dell-laptop.c | 2 +- drivers/rtc/interface.c | 8 +- drivers/s390/cio/vfio_ccw_drv.c | 5 +- drivers/s390/net/qeth_core.h | 2 +- drivers/s390/net/qeth_core_main.c | 23 ++-- drivers/s390/net/qeth_l2_main.c | 5 +- drivers/s390/net/qeth_l3_main.c | 3 +- drivers/scsi/hpsa.c | 25 ++++- drivers/scsi/hpsa.h | 1 + drivers/scsi/qedf/qedf_main.c | 12 ++ drivers/scsi/qedi/qedi_main.c | 11 ++ drivers/scsi/xen-scsifront.c | 33 ++++-- drivers/soc/imx/gpc.c | 21 ++++ drivers/soc/imx/gpcv2.c | 13 ++- drivers/tty/pty.c | 2 +- drivers/usb/chipidea/host.c | 5 +- drivers/usb/dwc2/core.h | 3 + drivers/usb/dwc2/gadget.c | 15 ++- drivers/usb/dwc2/hcd.c | 93 +++++++++++++++- drivers/usb/dwc2/hcd.h | 8 ++ drivers/usb/dwc2/hcd_intr.c | 11 +- drivers/usb/dwc2/hcd_queue.c | 3 + drivers/usb/dwc3/dwc3-of-simple.c | 3 +- drivers/usb/dwc3/dwc3-pci.c | 2 + drivers/usb/gadget/composite.c | 3 + drivers/usb/gadget/function/f_fs.c | 26 +++-- drivers/usb/host/xhci-dbgcap.c | 12 +- drivers/usb/host/xhci-tegra.c | 2 +- drivers/usb/host/xhci.c | 7 +- drivers/usb/typec/tcpm.c | 3 +- drivers/xen/manage.c | 18 ++- drivers/xen/xen-scsiback.c | 16 ++- fs/btrfs/scrub.c | 17 +-- fs/ceph/inode.c | 1 + fs/cifs/smb2pdu.c | 5 +- fs/exec.c | 6 +- fs/ext4/mballoc.c | 4 +- fs/nfs/nfs4proc.c | 17 +-- fs/reiserfs/xattr.c | 4 +- include/linux/fsl/guts.h | 1 + include/linux/kthread.h | 1 - include/linux/marvell_phy.h | 2 + include/linux/mm.h | 4 +- include/linux/pci.h | 2 + include/linux/sched.h | 2 +- include/net/ipv6.h | 9 +- include/net/net_namespace.h | 1 + include/net/netns/ipv6.h | 1 - include/net/tc_act/tc_csum.h | 1 - include/net/tc_act/tc_tunnel_key.h | 1 - include/net/tcp.h | 2 - include/uapi/linux/nbd.h | 3 + kernel/bpf/hashtab.c | 16 ++- kernel/fork.c | 35 +++++- kernel/kthread.c | 30 ++++- kernel/locking/lockdep.c | 12 +- kernel/sched/core.c | 67 ++++++------ kernel/sched/deadline.c | 11 +- kernel/sched/fair.c | 30 ++--- kernel/sched/sched.h | 6 +- kernel/trace/trace.c | 5 + mm/kasan/kasan.c | 5 +- mm/mmap.c | 35 ++---- mm/nommu.c | 10 +- mm/page_alloc.c | 16 ++- net/9p/client.c | 3 +- net/batman-adv/bat_iv_ogm.c | 4 +- net/batman-adv/bat_v.c | 4 +- net/batman-adv/debugfs.c | 40 +++++++ net/batman-adv/debugfs.h | 11 ++ net/batman-adv/hard-interface.c | 37 ++++++- net/batman-adv/translation-table.c | 7 +- net/core/dev.c | 4 +- net/core/filter.c | 3 +- net/ieee802154/6lowpan/core.c | 6 + net/ipv4/inet_fragment.c | 2 +- net/ipv4/netfilter/ip_tables.c | 1 + net/ipv4/tcp.c | 4 +- net/ipv4/tcp_dctcp.c | 25 ----- net/ipv4/tcp_output.c | 4 - net/ipv6/calipso.c | 9 +- net/ipv6/exthdrs.c | 111 +++++-------------- net/ipv6/ipv6_sockglue.c | 27 +++-- net/ipv6/mcast.c | 9 +- net/ipv6/netfilter/ip6_tables.c | 1 + net/ipv6/netfilter/nf_conntrack_reasm.c | 6 +- net/mac80211/tx.c | 2 + net/netfilter/nf_conntrack_core.c | 2 +- net/netfilter/nf_conntrack_helper.c | 5 + net/netfilter/nf_conntrack_proto_dccp.c | 8 +- net/netfilter/nf_log.c | 4 + net/netfilter/nft_compat.c | 13 +++ net/packet/af_packet.c | 12 +- net/qrtr/qrtr.c | 13 ++- net/rds/connection.c | 11 +- net/rds/loop.c | 56 ++++++++++ net/rds/loop.h | 2 + net/sched/act_csum.c | 6 +- net/sched/act_tunnel_key.c | 6 +- net/sctp/chunk.c | 4 +- net/smc/af_smc.c | 3 +- net/smc/smc_clc.c | 3 +- net/tipc/discover.c | 18 +-- net/tipc/net.c | 17 ++- net/tipc/node.c | 7 +- net/tls/tls_sw.c | 5 + net/wireless/nl80211.c | 35 +++--- net/xfrm/xfrm_user.c | 8 +- samples/bpf/parse_varlen.c | 6 +- samples/bpf/test_overhead_user.c | 19 +++- samples/bpf/trace_event_user.c | 27 ++++- samples/bpf/xdp2skb_meta.sh | 6 +- scripts/kconfig/zconf.y | 4 +- security/smack/smack_lsm.c | 1 + sound/core/seq/seq_clientmgr.c | 3 +- tools/build/Build.include | 2 +- tools/build/Makefile | 2 +- tools/objtool/elf.c | 41 ++++--- tools/perf/Makefile.config | 3 +- tools/perf/arch/powerpc/util/skip-callchain-idx.c | 2 +- tools/perf/arch/x86/util/perf_regs.c | 2 +- tools/perf/bench/numa.c | 5 +- tools/perf/builtin-annotate.c | 11 +- tools/perf/builtin-report.c | 3 +- tools/perf/builtin-script.c | 25 ++++- tools/perf/jvmti/jvmti_agent.c | 3 +- tools/perf/pmu-events/Build | 2 +- tools/perf/tests/builtin-test.c | 2 +- tools/perf/tests/parse-events.c | 8 +- tools/perf/tests/topology.c | 1 + tools/perf/util/c++/clang.cpp | 11 +- tools/perf/util/header.c | 12 +- tools/perf/util/llvm-utils.c | 6 +- tools/perf/util/parse-events.y | 5 + .../util/scripting-engines/trace-event-python.c | 8 +- tools/testing/nvdimm/test/nfit.c | 3 +- tools/testing/selftests/bpf/test_kmod.sh | 9 ++ tools/testing/selftests/bpf/test_offload.py | 12 +- tools/testing/selftests/net/config | 2 + .../selftests/pstore/pstore_post_reboot_tests | 5 +- .../selftests/static_keys/test_static_keys.sh | 13 +++ tools/testing/selftests/sync/config | 4 + tools/testing/selftests/sysctl/sysctl.sh | 20 ++-- tools/testing/selftests/user/test_user_copy.sh | 7 ++ tools/testing/selftests/vm/compaction_test.c | 4 +- tools/testing/selftests/vm/mlock2-tests.c | 12 +- tools/testing/selftests/vm/run_vmtests | 5 +- tools/testing/selftests/vm/userfaultfd.c | 4 +- tools/testing/selftests/x86/sigreturn.c | 59 ++++++---- tools/testing/selftests/zram/zram.sh | 5 +- tools/testing/selftests/zram/zram_lib.sh | 5 +- virt/kvm/arm/vgic/vgic-v3.c | 5 - 347 files changed, 2652 insertions(+), 1285 deletions(-)

7 years, 3 months

4
307
0 0

[PATCH] scsi: hpsa: limit transfer length to 1MB, not 512kB

by Martin Wilck

e2c7b43 was supposed to limit transfer length to 1MB, but got the unit of max_sectors wrong. Fixes: e2c7b433f729 ("scsi: hpsa: limit transfer length to 1MB") Signed-off-by: Martin Wilck <mwilck(a)suse.com> --- drivers/scsi/hpsa.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c index 58bb70b..c120929 100644 --- a/drivers/scsi/hpsa.c +++ b/drivers/scsi/hpsa.c @@ -976,7 +976,7 @@ static struct scsi_host_template hpsa_driver_template = { #endif .sdev_attrs = hpsa_sdev_attrs, .shost_attrs = hpsa_shost_attrs, - .max_sectors = 1024, + .max_sectors = 2048, .no_write_same = 1, }; -- 2.18.0

7 years, 3 months

3
2
0 0

[PATCH] lpfc: Correct MDS diag and nvmet configuration

by James Smart

A recent change added some MDS processing in the lpfc_drain_txq routine that relies on the fcp_wq being allocated. For nvmet operation the fcp_wq is not allocated because it can only be an nvme-target. When the original MDS support was added LS_MDS_LOOPBACK was defined wrong, (0x16) it should have been 0x10 (decimal value used for hex setting). This incorrect value allowed MDS_LOOPBACK to be set simultaneously with LS_NPIV_FAB_SUPPORTED, causing the driver to crash when it accesses the non-existent fcp_wq. Correct the bad value setting for LS_MDS_LOOPBACK. Fixes: ae9e28f36a6c ("lpfc: Add MDS Diagnostic support.") Cc: <stable(a)vger.kernel.org> # 4.12 Signed-off-by: Dick Kennedy <dick.kennedy(a)broadcom.com> Signed-off-by: James Smart <james.smart(a)broadcom.com> --- drivers/scsi/lpfc/lpfc.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/scsi/lpfc/lpfc.h b/drivers/scsi/lpfc/lpfc.h index e0d0da5f43d6..43732e8d1347 100644 --- a/drivers/scsi/lpfc/lpfc.h +++ b/drivers/scsi/lpfc/lpfc.h @@ -672,7 +672,7 @@ struct lpfc_hba { #define LS_NPIV_FAB_SUPPORTED 0x2 /* Fabric supports NPIV */ #define LS_IGNORE_ERATT 0x4 /* intr handler should ignore ERATT */ #define LS_MDS_LINK_DOWN 0x8 /* MDS Diagnostics Link Down */ -#define LS_MDS_LOOPBACK 0x16 /* MDS Diagnostics Link Up (Loopback) */ +#define LS_MDS_LOOPBACK 0x10 /* MDS Diagnostics Link Up (Loopback) */ uint32_t hba_flag; /* hba generic flags */ #define HBA_ERATT_HANDLED 0x1 /* This flag is set when eratt handled */ -- 2.13.1

7 years, 3 months

3
2
0 0

+ mm-respect-arch_dup_mmap-return-value.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm: respect arch_dup_mmap() return value has been added to the -mm tree. Its filename is mm-respect-arch_dup_mmap-return-value.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/mm-respect-arch_dup_mmap-return-va… and later at http://ozlabs.org/~akpm/mmotm/broken-out/mm-respect-arch_dup_mmap-return-va… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Nadav Amit <namit(a)vmware.com> Subject: mm: respect arch_dup_mmap() return value d70f2a14b72a4 ("include/linux/sched/mm.h: uninline mmdrop_async(), etc") ignored the return value of arch_dup_mmap(). As a result, on x86, a failure to duplicate the LDT (e.g., due to memory allocation error), would leave the duplicated memory mapping in an inconsistent state. Fix by regarding the return value, as it was before the change. Link: http://lkml.kernel.org/r/20180823051229.211856-1-namit@vmware.com Fixes: d70f2a14b72a4 ("include/linux/sched/mm.h: uninline mmdrop_async(), etc") Signed-off-by: Nadav Amit <namit(a)vmware.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- kernel/fork.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) --- a/kernel/fork.c~mm-respect-arch_dup_mmap-return-value +++ a/kernel/fork.c @@ -550,8 +550,7 @@ static __latent_entropy int dup_mmap(str goto out; } /* a new mm has just been created */ - arch_dup_mmap(oldmm, mm); - retval = 0; + retval = arch_dup_mmap(oldmm, mm); out: up_write(&mm->mmap_sem); flush_tlb_mm(oldmm); _ Patches currently in -mm which might be from namit(a)vmware.com are mm-respect-arch_dup_mmap-return-value.patch

7 years, 3 months

1
0
0 0

+ mm-migration-fix-migration-of-huge-pmd-shared-pages.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm: migration: fix migration of huge PMD shared pages has been added to the -mm tree. Its filename is mm-migration-fix-migration-of-huge-pmd-shared-pages.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/mm-migration-fix-migration-of-huge… and later at http://ozlabs.org/~akpm/mmotm/broken-out/mm-migration-fix-migration-of-huge… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Mike Kravetz <mike.kravetz(a)oracle.com> Subject: mm: migration: fix migration of huge PMD shared pages The page migration code employs try_to_unmap() to try and unmap the source page. This is accomplished by using rmap_walk to find all vmas where the page is mapped. This search stops when page mapcount is zero. For shared PMD huge pages, the page map count is always 1 no matter the number of mappings. Shared mappings are tracked via the reference count of the PMD page. Therefore, try_to_unmap stops prematurely and does not completely unmap all mappings of the source page. This problem can result is data corruption as writes to the original source page can happen after contents of the page are copied to the target page. Hence, data is lost. This problem was originally seen as DB corruption of shared global areas after a huge page was soft offlined due to ECC memory errors. DB developers noticed they could reproduce the issue by (hotplug) offlining memory used to back huge pages. A simple testcase can reproduce the problem by creating a shared PMD mapping (note that this must be at least PUD_SIZE in size and PUD_SIZE aligned (1GB on x86)), and using migrate_pages() to migrate process pages between nodes while continually writing to the huge pages being migrated. To fix, have the try_to_unmap_one routine check for huge PMD sharing by calling huge_pmd_unshare for hugetlbfs huge pages. If it is a shared mapping it will be 'unshared' which removes the page table entry and drops the reference on the PMD page. After this, flush caches and TLB. mmu notifiers are called before locking page tables, but we can not be sure of PMD sharing until page tables are locked. Therefore, check for the possibility of PMD sharing before locking so that notifiers can prepare for the worst possible case. Link: http://lkml.kernel.org/r/20180823205917.16297-2-mike.kravetz@oracle.com Fixes: 39dde65c9940 ("shared page table for hugetlb page") Signed-off-by: Mike Kravetz <mike.kravetz(a)oracle.com> Cc: "Kirill A . Shutemov" <kirill.shutemov(a)linux.intel.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> Cc: Davidlohr Bueso <dave(a)stgolabs.net> Cc: Michal Hocko <mhocko(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/hugetlb.h | 14 ++++++++++++ mm/hugetlb.c | 40 ++++++++++++++++++++++++++++++++++-- mm/rmap.c | 42 +++++++++++++++++++++++++++++++++++--- 3 files changed, 91 insertions(+), 5 deletions(-) --- a/include/linux/hugetlb.h~mm-migration-fix-migration-of-huge-pmd-shared-pages +++ a/include/linux/hugetlb.h @@ -140,6 +140,8 @@ pte_t *huge_pte_alloc(struct mm_struct * pte_t *huge_pte_offset(struct mm_struct *mm, unsigned long addr, unsigned long sz); int huge_pmd_unshare(struct mm_struct *mm, unsigned long *addr, pte_t *ptep); +void adjust_range_if_pmd_sharing_possible(struct vm_area_struct *vma, + unsigned long *start, unsigned long *end); struct page *follow_huge_addr(struct mm_struct *mm, unsigned long address, int write); struct page *follow_huge_pd(struct vm_area_struct *vma, @@ -170,6 +172,18 @@ static inline unsigned long hugetlb_tota return 0; } +static inline int huge_pmd_unshare(struct mm_struct *mm, unsigned long *addr, + pte_t *ptep) +{ + return 0; +} + +static inline void adjust_range_if_pmd_sharing_possible( + struct vm_area_struct *vma, + unsigned long *start, unsigned long *end) +{ +} + #define follow_hugetlb_page(m,v,p,vs,a,b,i,w,n) ({ BUG(); 0; }) #define follow_huge_addr(mm, addr, write) ERR_PTR(-EINVAL) #define copy_hugetlb_page_range(src, dst, vma) ({ BUG(); 0; }) --- a/mm/hugetlb.c~mm-migration-fix-migration-of-huge-pmd-shared-pages +++ a/mm/hugetlb.c @@ -4541,6 +4541,9 @@ static unsigned long page_table_shareabl return saddr; } +#define _range_in_vma(vma, start, end) \ + ((vma)->vm_start <= (start) && (end) <= (vma)->vm_end) + static bool vma_shareable(struct vm_area_struct *vma, unsigned long addr) { unsigned long base = addr & PUD_MASK; @@ -4549,13 +4552,41 @@ static bool vma_shareable(struct vm_area /* * check on proper vm_flags and page table alignment */ - if (vma->vm_flags & VM_MAYSHARE && - vma->vm_start <= base && end <= vma->vm_end) + if (vma->vm_flags & VM_MAYSHARE && _range_in_vma(vma, base, end)) return true; return false; } /* + * Determine if start,end range within vma could be mapped by shared pmd. + * If yes, adjust start and end to cover range associated with possible + * shared pmd mappings. + */ +void adjust_range_if_pmd_sharing_possible(struct vm_area_struct *vma, + unsigned long *start, unsigned long *end) +{ + unsigned long check_addr = *start; + + if (!(vma->vm_flags & VM_MAYSHARE)) + return; + + for (check_addr = *start; check_addr < *end; check_addr += PUD_SIZE) { + unsigned long a_start = check_addr & PUD_MASK; + unsigned long a_end = a_start + PUD_SIZE; + + /* + * If sharing is possible, adjust start/end if necessary. + */ + if (_range_in_vma(vma, a_start, a_end)) { + if (a_start < *start) + *start = a_start; + if (a_end > *end) + *end = a_end; + } + } +} + +/* * Search for a shareable pmd page for hugetlb. In any case calls pmd_alloc() * and returns the corresponding pte. While this is not necessary for the * !shared pmd case because we can allocate the pmd later as well, it makes the @@ -4652,6 +4683,11 @@ int huge_pmd_unshare(struct mm_struct *m { return 0; } + +void adjust_range_if_pmd_sharing_possible(struct vm_area_struct *vma, + unsigned long *start, unsigned long *end) +{ +} #define want_pmd_share() (0) #endif /* CONFIG_ARCH_WANT_HUGE_PMD_SHARE */ --- a/mm/rmap.c~mm-migration-fix-migration-of-huge-pmd-shared-pages +++ a/mm/rmap.c @@ -1362,11 +1362,21 @@ static bool try_to_unmap_one(struct page } /* - * We have to assume the worse case ie pmd for invalidation. Note that - * the page can not be free in this function as call of try_to_unmap() - * must hold a reference on the page. + * For THP, we have to assume the worse case ie pmd for invalidation. + * For hugetlb, it could be much worse if we need to do pud + * invalidation in the case of pmd sharing. + * + * Note that the page can not be free in this function as call of + * try_to_unmap() must hold a reference on the page. */ end = min(vma->vm_end, start + (PAGE_SIZE << compound_order(page))); + if (PageHuge(page)) { + /* + * If sharing is possible, start and end will be adjusted + * accordingly. + */ + adjust_range_if_pmd_sharing_possible(vma, &start, &end); + } mmu_notifier_invalidate_range_start(vma->vm_mm, start, end); while (page_vma_mapped_walk(&pvmw)) { @@ -1409,6 +1419,32 @@ static bool try_to_unmap_one(struct page subpage = page - page_to_pfn(page) + pte_pfn(*pvmw.pte); address = pvmw.address; + if (PageHuge(page)) { + if (huge_pmd_unshare(mm, &address, pvmw.pte)) { + /* + * huge_pmd_unshare unmapped an entire PMD + * page. There is no way of knowing exactly + * which PMDs may be cached for this mm, so + * we must flush them all. start/end were + * already adjusted above to cover this range. + */ + flush_cache_range(vma, start, end); + flush_tlb_range(vma, start, end); + mmu_notifier_invalidate_range(mm, start, end); + + /* + * The ref count of the PMD page was dropped + * which is part of the way map counting + * is done for shared PMDs. Return 'true' + * here. When there is no other sharing, + * huge_pmd_unshare returns false and we will + * unmap the actual page and drop map count + * to zero. + */ + page_vma_mapped_walk_done(&pvmw); + break; + } + } if (IS_ENABLED(CONFIG_MIGRATION) && (flags & TTU_MIGRATION) && _ Patches currently in -mm which might be from mike.kravetz(a)oracle.com are mm-migration-fix-migration-of-huge-pmd-shared-pages.patch hugetlb-take-pmd-sharing-into-account-when-flushing-tlb-caches.patch

7 years, 3 months

1
0
0 0

[PATCH] drm/i915: Free write_buf that we allocated with kzalloc.

by Rodrigo Vivi

We use kzalloc to allocate the write_buf that we use for i2c transfer on hdcp write. But it seems that we are forgetting to free the memory that is not needed after i2c transfer is completed. Reported-by: Brian J Wood <brian.j.wood(a)intel.com> Fixes: 2320175feb74 ("drm/i915: Implement HDCP for HDMI") Cc: Ramalingam C <ramalingam.c(a)intel.com> Cc: Sean Paul <seanpaul(a)chromium.org> Cc: Jani Nikula <jani.nikula(a)linux.intel.com> Cc: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Cc: <stable(a)vger.kernel.org> # v4.17+ Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> --- drivers/gpu/drm/i915/intel_hdmi.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_hdmi.c b/drivers/gpu/drm/i915/intel_hdmi.c index 8363fbd18ee8..a1799b5c12bb 100644 --- a/drivers/gpu/drm/i915/intel_hdmi.c +++ b/drivers/gpu/drm/i915/intel_hdmi.c @@ -943,8 +943,12 @@ static int intel_hdmi_hdcp_write(struct intel_digital_port *intel_dig_port, ret = i2c_transfer(adapter, &msg, 1); if (ret == 1) - return 0; - return ret >= 0 ? -EIO : ret; + ret = 0; + else if (ret >= 0) + ret = -EIO; + + kfree(write_buf); + return ret; } static -- 2.17.1

7 years, 3 months

2
2
0 0

[merged] reiserfs-fix-broken-xattr-handling-heap-corruption-bad-retval.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: reiserfs: fix broken xattr handling (heap corruption, bad retval) has been removed from the -mm tree. Its filename was reiserfs-fix-broken-xattr-handling-heap-corruption-bad-retval.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Jann Horn <jannh(a)google.com> Subject: reiserfs: fix broken xattr handling (heap corruption, bad retval) This fixes the following issues: - When a buffer size is supplied to reiserfs_listxattr() such that each individual name fits, but the concatenation of all names doesn't fit, reiserfs_listxattr() overflows the supplied buffer. This leads to a kernel heap overflow (verified using KASAN) followed by an out-of-bounds usercopy and is therefore a security bug. - When a buffer size is supplied to reiserfs_listxattr() such that a name doesn't fit, -ERANGE should be returned. But reiserfs instead just truncates the list of names; I have verified that if the only xattr on a file has a longer name than the supplied buffer length, listxattr() incorrectly returns zero. With my patch applied, -ERANGE is returned in both cases and the memory corruption doesn't happen anymore. Credit for making me clean this code up a bit goes to Al Viro, who pointed out that the ->actor calling convention is suboptimal and should be changed. Link: http://lkml.kernel.org/r/20180802151539.5373-1-jannh@google.com Fixes: 48b32a3553a5 ("reiserfs: use generic xattr handlers") Signed-off-by: Jann Horn <jannh(a)google.com> Acked-by: Jeff Mahoney <jeffm(a)suse.com> Cc: Eric Biggers <ebiggers(a)google.com> Cc: Al Viro <viro(a)zeniv.linux.org.uk> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/reiserfs/xattr.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/fs/reiserfs/xattr.c~reiserfs-fix-broken-xattr-handling-heap-corruption-bad-retval +++ a/fs/reiserfs/xattr.c @@ -792,8 +792,10 @@ static int listxattr_filler(struct dir_c return 0; size = namelen + 1; if (b->buf) { - if (size > b->size) + if (b->pos + size > b->size) { + b->pos = -ERANGE; return -ERANGE; + } memcpy(b->buf + b->pos, name, namelen); b->buf[b->pos + namelen] = 0; } _ Patches currently in -mm which might be from jannh(a)google.com are

7 years, 3 months

1
0
0 0

[merged] zram-fix-bug-storing-backing_dev.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: drivers/block/zram/zram_drv.c: fix bug storing backing_dev has been removed from the -mm tree. Its filename was zram-fix-bug-storing-backing_dev.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Peter Kalauskas <peskal(a)google.com> Subject: drivers/block/zram/zram_drv.c: fix bug storing backing_dev The call to strlcpy in backing_dev_store is incorrect. It should take the size of the destination buffer instead of the size of the source buffer. Additionally, ignore the newline character (\n) when reading the new file_name buffer. This makes it possible to set the backing_dev as follows: echo /dev/sdX > /sys/block/zram0/backing_dev The reason it worked before was the fact that strlcpy() copies 'len - 1' bytes, which is strlen(buf) - 1 in our case, so it accidentally didn't copy the trailing new line symbol. Which also means that "echo -n /dev/sdX" most likely was broken. Signed-off-by: Peter Kalauskas <peskal(a)google.com> Link: http://lkml.kernel.org/r/20180813061623.GC64836@rodete-desktop-imager.corp.… Acked-by: Minchan Kim <minchan(a)kernel.org> Reviewed-by: Sergey Senozhatsky <sergey.senozhatsky(a)gmail.com> Cc: <stable(a)vger.kernel.org> [4.14+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- drivers/block/zram/zram_drv.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) --- a/drivers/block/zram/zram_drv.c~zram-fix-bug-storing-backing_dev +++ a/drivers/block/zram/zram_drv.c @@ -337,6 +337,7 @@ static ssize_t backing_dev_store(struct struct device_attribute *attr, const char *buf, size_t len) { char *file_name; + size_t sz; struct file *backing_dev = NULL; struct inode *inode; struct address_space *mapping; @@ -357,7 +358,11 @@ static ssize_t backing_dev_store(struct goto out; } - strlcpy(file_name, buf, len); + strlcpy(file_name, buf, PATH_MAX); + /* ignore trailing newline */ + sz = strlen(file_name); + if (sz > 0 && file_name[sz - 1] == '\n') + file_name[sz - 1] = 0x00; backing_dev = filp_open(file_name, O_RDWR|O_LARGEFILE, 0); if (IS_ERR(backing_dev)) { _ Patches currently in -mm which might be from peskal(a)google.com are

7 years, 3 months

1
0
0 0

[PATCH 4.9.y] PCI: OF: Fix I/O space page leak

by Sergei Shtylyov

Commit a5fb9fb023a1435f2b42bccd7f547560f3a21dc3 upstream. When testing the R-Car PCIe driver on the Condor board, if the PCIe PHY driver was left disabled, the kernel crashed with this BUG: kernel BUG at lib/ioremap.c:72! Internal error: Oops - BUG: 0 [#1] PREEMPT SMP Modules linked in: CPU: 0 PID: 39 Comm: kworker/0:1 Not tainted 4.17.0-dirty #1092 Hardware name: Renesas Condor board based on r8a77980 (DT) Workqueue: events deferred_probe_work_func pstate: 80000005 (Nzcv daif -PAN -UAO) pc : ioremap_page_range+0x370/0x3c8 lr : ioremap_page_range+0x40/0x3c8 sp : ffff000008da39e0 x29: ffff000008da39e0 x28: 00e8000000000f07 x27: ffff7dfffee00000 x26: 0140000000000000 x25: ffff7dfffef00000 x24: 00000000000fe100 x23: ffff80007b906000 x22: ffff000008ab8000 x21: ffff000008bb1d58 x20: ffff7dfffef00000 x19: ffff800009c30fb8 x18: 0000000000000001 x17: 00000000000152d0 x16: 00000000014012d0 x15: 0000000000000000 x14: 0720072007200720 x13: 0720072007200720 x12: 0720072007200720 x11: 0720072007300730 x10: 00000000000000ae x9 : 0000000000000000 x8 : ffff7dffff000000 x7 : 0000000000000000 x6 : 0000000000000100 x5 : 0000000000000000 x4 : 000000007b906000 x3 : ffff80007c61a880 x2 : ffff7dfffeefffff x1 : 0000000040000000 x0 : 00e80000fe100f07 Process kworker/0:1 (pid: 39, stack limit = 0x (ptrval)) Call trace: ioremap_page_range+0x370/0x3c8 pci_remap_iospace+0x7c/0xac pci_parse_request_of_pci_ranges+0x13c/0x190 rcar_pcie_probe+0x4c/0xb04 platform_drv_probe+0x50/0xbc driver_probe_device+0x21c/0x308 __device_attach_driver+0x98/0xc8 bus_for_each_drv+0x54/0x94 __device_attach+0xc4/0x12c device_initial_probe+0x10/0x18 bus_probe_device+0x90/0x98 deferred_probe_work_func+0xb0/0x150 process_one_work+0x12c/0x29c worker_thread+0x200/0x3fc kthread+0x108/0x134 ret_from_fork+0x10/0x18 Code: f9004ba2 54000080 aa0003fb 17ffff48 (d4210000) It turned out that pci_remap_iospace() wasn't undone when the driver's probe failed, and since devm_phy_optional_get() returned -EPROBE_DEFER, the probe was retried, finally causing the BUG due to trying to remap already remapped pages. Introduce the devm_pci_remap_iospace() managed API and replace the pci_remap_iospace() call with it to fix the bug. Fixes: dbf9826d5797 ("PCI: generic: Convert to DT resource parsing API") Signed-off-by: Sergei Shtylyov <sergei.shtylyov(a)cogentembedded.com> [lorenzo.pieralisi(a)arm.com: split commit/updated the commit log] Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi(a)arm.com> Signed-off-by: Bjorn Helgaas <bhelgaas(a)google.com> Reviewed-by: Linus Walleij <linus.walleij(a)linaro.org> --- drivers/pci/host/pci-host-common.c | 2 - drivers/pci/host/pcie-rcar.c | 2 - drivers/pci/pci.c | 38 +++++++++++++++++++++++++++++++++++++ include/linux/pci.h | 2 + 4 files changed, 42 insertions(+), 2 deletions(-) Index: linux-stable/drivers/pci/host/pci-host-common.c =================================================================== --- linux-stable.orig/drivers/pci/host/pci-host-common.c +++ linux-stable/drivers/pci/host/pci-host-common.c @@ -45,7 +45,7 @@ static int gen_pci_parse_request_of_pci_ switch (resource_type(res)) { case IORESOURCE_IO: - err = pci_remap_iospace(res, iobase); + err = devm_pci_remap_iospace(dev, res, iobase); if (err) { dev_warn(dev, "error %d: failed to map resource %pR\n", err, res); Index: linux-stable/drivers/pci/host/pcie-rcar.c =================================================================== --- linux-stable.orig/drivers/pci/host/pcie-rcar.c +++ linux-stable/drivers/pci/host/pcie-rcar.c @@ -1102,7 +1102,7 @@ static int rcar_pcie_parse_request_of_pc struct resource *res = win->res; if (resource_type(res) == IORESOURCE_IO) { - err = pci_remap_iospace(res, iobase); + err = devm_pci_remap_iospace(dev, res, iobase); if (err) { dev_warn(dev, "error %d: failed to map resource %pR\n", err, res); Index: linux-stable/drivers/pci/pci.c =================================================================== --- linux-stable.orig/drivers/pci/pci.c +++ linux-stable/drivers/pci/pci.c @@ -3436,6 +3436,44 @@ char * __weak __init pcibios_setup(char return str; } +static void devm_pci_unmap_iospace(struct device *dev, void *ptr) +{ + struct resource **res = ptr; + + pci_unmap_iospace(*res); +} + +/** + * devm_pci_remap_iospace - Managed pci_remap_iospace() + * @dev: Generic device to remap IO address for + * @res: Resource describing the I/O space + * @phys_addr: physical address of range to be mapped + * + * Managed pci_remap_iospace(). Map is automatically unmapped on driver + * detach. + */ +int devm_pci_remap_iospace(struct device *dev, const struct resource *res, + phys_addr_t phys_addr) +{ + const struct resource **ptr; + int error; + + ptr = devres_alloc(devm_pci_unmap_iospace, sizeof(*ptr), GFP_KERNEL); + if (!ptr) + return -ENOMEM; + + error = pci_remap_iospace(res, phys_addr); + if (error) { + devres_free(ptr); + } else { + *ptr = res; + devres_add(dev, ptr); + } + + return error; +} +EXPORT_SYMBOL(devm_pci_remap_iospace); + /** * pcibios_set_master - enable PCI bus-mastering for device dev * @dev: the PCI device to enable Index: linux-stable/include/linux/pci.h =================================================================== --- linux-stable.orig/include/linux/pci.h +++ linux-stable/include/linux/pci.h @@ -1190,6 +1190,8 @@ int pci_register_io_range(phys_addr_t ad unsigned long pci_address_to_pio(phys_addr_t addr); phys_addr_t pci_pio_to_address(unsigned long pio); int pci_remap_iospace(const struct resource *res, phys_addr_t phys_addr); +int devm_pci_remap_iospace(struct device *dev, const struct resource *res, + phys_addr_t phys_addr); void pci_unmap_iospace(struct resource *res); static inline pci_bus_addr_t pci_bus_address(struct pci_dev *pdev, int bar)

7 years, 3 months

1
1
0 0

[PATCH v3 1/2] mm: migration: fix migration of huge PMD shared pages

by Mike Kravetz

The page migration code employs try_to_unmap() to try and unmap the source page. This is accomplished by using rmap_walk to find all vmas where the page is mapped. This search stops when page mapcount is zero. For shared PMD huge pages, the page map count is always 1 no matter the number of mappings. Shared mappings are tracked via the reference count of the PMD page. Therefore, try_to_unmap stops prematurely and does not completely unmap all mappings of the source page. This problem can result is data corruption as writes to the original source page can happen after contents of the page are copied to the target page. Hence, data is lost. This problem was originally seen as DB corruption of shared global areas after a huge page was soft offlined due to ECC memory errors. DB developers noticed they could reproduce the issue by (hotplug) offlining memory used to back huge pages. A simple testcase can reproduce the problem by creating a shared PMD mapping (note that this must be at least PUD_SIZE in size and PUD_SIZE aligned (1GB on x86)), and using migrate_pages() to migrate process pages between nodes while continually writing to the huge pages being migrated. To fix, have the try_to_unmap_one routine check for huge PMD sharing by calling huge_pmd_unshare for hugetlbfs huge pages. If it is a shared mapping it will be 'unshared' which removes the page table entry and drops the reference on the PMD page. After this, flush caches and TLB. mmu notifiers are called before locking page tables, but we can not be sure of PMD sharing until page tables are locked. Therefore, check for the possibility of PMD sharing before locking so that notifiers can prepare for the worst possible case. Fixes: 39dde65c9940 ("shared page table for hugetlb page") Cc: stable(a)vger.kernel.org Signed-off-by: Mike Kravetz <mike.kravetz(a)oracle.com> --- include/linux/hugetlb.h | 14 ++++++++++++++ mm/hugetlb.c | 40 +++++++++++++++++++++++++++++++++++++++ mm/rmap.c | 42 ++++++++++++++++++++++++++++++++++++++--- 3 files changed, 93 insertions(+), 3 deletions(-) diff --git a/include/linux/hugetlb.h b/include/linux/hugetlb.h index 36fa6a2a82e3..1c6cde68487f 100644 --- a/include/linux/hugetlb.h +++ b/include/linux/hugetlb.h @@ -140,6 +140,8 @@ pte_t *huge_pte_alloc(struct mm_struct *mm, pte_t *huge_pte_offset(struct mm_struct *mm, unsigned long addr, unsigned long sz); int huge_pmd_unshare(struct mm_struct *mm, unsigned long *addr, pte_t *ptep); +bool huge_pmd_sharing_possible(struct vm_area_struct *vma, + unsigned long *start, unsigned long *end); struct page *follow_huge_addr(struct mm_struct *mm, unsigned long address, int write); struct page *follow_huge_pd(struct vm_area_struct *vma, @@ -170,6 +172,18 @@ static inline unsigned long hugetlb_total_pages(void) return 0; } +static inline int huge_pmd_unshare(struct mm_struct *mm, unsigned long *addr, + pte_t *ptep) +{ + return 0; +} + +bool huge_pmd_sharing_possible(struct vm_area_struct *vma, + unsigned long *start, unsigned long *end) +{ + return false; +} + #define follow_hugetlb_page(m,v,p,vs,a,b,i,w,n) ({ BUG(); 0; }) #define follow_huge_addr(mm, addr, write) ERR_PTR(-EINVAL) #define copy_hugetlb_page_range(src, dst, vma) ({ BUG(); 0; }) diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 3103099f64fd..fd155dc52117 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -4555,6 +4555,9 @@ static bool vma_shareable(struct vm_area_struct *vma, unsigned long addr) /* * check on proper vm_flags and page table alignment + * + * Note that this is the same check used in huge_pmd_sharing_possible. + * If you change one, consider changing both. */ if (vma->vm_flags & VM_MAYSHARE && vma->vm_start <= base && end <= vma->vm_end) @@ -4562,6 +4565,43 @@ static bool vma_shareable(struct vm_area_struct *vma, unsigned long addr) return false; } +/* + * Determine if start,end range within vma could be mapped by shared pmd. + * If yes, adjust start and end to cover range associated with possible + * shared pmd mappings. + */ +bool huge_pmd_sharing_possible(struct vm_area_struct *vma, + unsigned long *start, unsigned long *end) +{ + unsigned long check_addr = *start; + bool ret = false; + + if (!(vma->vm_flags & VM_MAYSHARE)) + return ret; + + for (check_addr = *start; check_addr < *end; check_addr += PUD_SIZE) { + unsigned long a_start = check_addr & PUD_MASK; + unsigned long a_end = a_start + PUD_SIZE; + + /* + * If sharing is possible, adjust start/end if necessary. + * + * Note that this is the same check used in vma_shareable. If + * you change one, consider changing both. + */ + if (vma->vm_start <= a_start && a_end <= vma->vm_end) { + if (a_start < *start) + *start = a_start; + if (a_end > *end) + *end = a_end; + + ret = true; + } + } + + return ret; +} + /* * Search for a shareable pmd page for hugetlb. In any case calls pmd_alloc() * and returns the corresponding pte. While this is not necessary for the diff --git a/mm/rmap.c b/mm/rmap.c index eb477809a5c0..8cf853a4b093 100644 --- a/mm/rmap.c +++ b/mm/rmap.c @@ -1362,11 +1362,21 @@ static bool try_to_unmap_one(struct page *page, struct vm_area_struct *vma, } /* - * We have to assume the worse case ie pmd for invalidation. Note that - * the page can not be free in this function as call of try_to_unmap() - * must hold a reference on the page. + * For THP, we have to assume the worse case ie pmd for invalidation. + * For hugetlb, it could be much worse if we need to do pud + * invalidation in the case of pmd sharing. + * + * Note that the page can not be free in this function as call of + * try_to_unmap() must hold a reference on the page. */ end = min(vma->vm_end, start + (PAGE_SIZE << compound_order(page))); + if (PageHuge(page)) { + /* + * If sharing is possible, start and end will be adjusted + * accordingly. + */ + (void)huge_pmd_sharing_possible(vma, &start, &end); + } mmu_notifier_invalidate_range_start(vma->vm_mm, start, end); while (page_vma_mapped_walk(&pvmw)) { @@ -1409,6 +1419,32 @@ static bool try_to_unmap_one(struct page *page, struct vm_area_struct *vma, subpage = page - page_to_pfn(page) + pte_pfn(*pvmw.pte); address = pvmw.address; + if (PageHuge(page)) { + if (huge_pmd_unshare(mm, &address, pvmw.pte)) { + /* + * huge_pmd_unshare unmapped an entire PMD + * page. There is no way of knowing exactly + * which PMDs may be cached for this mm, so + * we must flush them all. start/end were + * already adjusted above to cover this range. + */ + flush_cache_range(vma, start, end); + flush_tlb_range(vma, start, end); + mmu_notifier_invalidate_range(mm, start, end); + + /* + * The ref count of the PMD page was dropped + * which is part of the way map counting + * is done for shared PMDs. Return 'true' + * here. When there is no other sharing, + * huge_pmd_unshare returns false and we will + * unmap the actual page and drop map count + * to zero. + */ + page_vma_mapped_walk_done(&pvmw); + break; + } + } if (IS_ENABLED(CONFIG_MIGRATION) && (flags & TTU_MIGRATION) && -- 2.17.1

7 years, 3 months

4
16
0 0

please revert commit ce8556cca6 "kbuild: verify that $DEPMOD is installed" introduced in v4.18.4.

by H. Nikolaus Schaller

This patch requires that /sbin/depmod is installed and installable on the build host. But not all build hosts for cross compiling Linux are Linux systems and are able to provide a working port of depmod, especially at the file patch /sbin/depmod. I use, for example, a Darwin system to cross compile Linux and I run depmod -a on the embedded system once, after installing a new Linux kernel there. I have no problem with seeing a warning, but aborting the build process is IMHO a bad idea since the previous behaviour didn't harm many people as far as I see. Probably 99% of people compiling Linux kernels do that on Linux and 99% of those have depmod installed for optimal operation of their build host. So IMHO printing the warning is good enough. BR and thanks, Nikolaus Schaller

7 years, 3 months

6
10
0 0

[PATCH 1/5] drm/nouveau: Check backlight IDs are >= 0, not > 0

by Lyude Paul

Remember, ida IDs start at 0, not 1! Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org Cc: Jeffery Miller <jmiller(a)neverware.com> Cc: Karol Herbst <kherbst(a)redhat.com> --- drivers/gpu/drm/nouveau/nouveau_backlight.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/nouveau/nouveau_backlight.c b/drivers/gpu/drm/nouveau/nouveau_backlight.c index 408b955e5c39..6dd72bc32897 100644 --- a/drivers/gpu/drm/nouveau/nouveau_backlight.c +++ b/drivers/gpu/drm/nouveau/nouveau_backlight.c @@ -116,7 +116,7 @@ nv40_backlight_init(struct drm_connector *connector) &nv40_bl_ops, &props); if (IS_ERR(bd)) { - if (bl_connector.id > 0) + if (bl_connector.id >= 0) ida_simple_remove(&bl_ida, bl_connector.id); return PTR_ERR(bd); } @@ -249,7 +249,7 @@ nv50_backlight_init(struct drm_connector *connector) nv_encoder, ops, &props); if (IS_ERR(bd)) { - if (bl_connector.id > 0) + if (bl_connector.id >= 0) ida_simple_remove(&bl_ida, bl_connector.id); return PTR_ERR(bd); } -- 2.17.1

7 years, 3 months

2
2
0 0

Re: [PATCH 4.17 015/324] smb3: increase initial number of credits requested to allow write

by Greg Kroah-Hartman

On Thu, Aug 23, 2018 at 09:38:31AM -0400, Scott French wrote: > Please remove the stfrench @ gmail address. I am not Steve Now removed, sorry for the noise. greg k-h

7 years, 3 months

1
0
0 0

[PATCH] powerpc/nohash: fix pte_access_permitted()

by Christophe Leroy

Commit 5769beaf180a8 ("powerpc/mm: Add proper pte access check helper for other platforms") replaced generic pte_access_permitted() by an arch specific one. The generic one is defined as (pte_present(pte) && (!(write) || pte_write(pte))) The arch specific one is open coded checking that _PAGE_USER and _PAGE_WRITE (_PAGE_RW) flags are set, but lacking to check that _PAGE_RO and _PAGE_PRIVILEGED are unset, leading to a useless test on targets like the 8xx which defines _PAGE_RW and _PAGE_USER as 0. Commit 5fa5b16be5b31 ("powerpc/mm/hugetlb: Use pte_access_permitted for hugetlb access check") replaced some tests performed with pte helpers by a call to pte_access_permitted(), leading to the same issue. This patch rewrites powerpc/nohash pte_access_permitted() using pte helpers. Fixes: 5769beaf180a8 ("powerpc/mm: Add proper pte access check helper for other platforms") Fixes: 5fa5b16be5b31 ("powerpc/mm/hugetlb: Use pte_access_permitted for hugetlb access check") Cc: stable(a)vger.kernel.org # v4.15+ Signed-off-by: Christophe Leroy <christophe.leroy(a)c-s.fr> --- arch/powerpc/include/asm/nohash/pgtable.h | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/arch/powerpc/include/asm/nohash/pgtable.h b/arch/powerpc/include/asm/nohash/pgtable.h index 2160be2e4339..b321c82b3624 100644 --- a/arch/powerpc/include/asm/nohash/pgtable.h +++ b/arch/powerpc/include/asm/nohash/pgtable.h @@ -51,17 +51,14 @@ static inline int pte_present(pte_t pte) #define pte_access_permitted pte_access_permitted static inline bool pte_access_permitted(pte_t pte, bool write) { - unsigned long pteval = pte_val(pte); /* * A read-only access is controlled by _PAGE_USER bit. * We have _PAGE_READ set for WRITE and EXECUTE */ - unsigned long need_pte_bits = _PAGE_PRESENT | _PAGE_USER; - - if (write) - need_pte_bits |= _PAGE_WRITE; + if (!pte_present(pte) || !pte_user(pte) || !pte_read(pte)) + return false; - if ((pteval & need_pte_bits) != need_pte_bits) + if (write && !pte_write(pte)) return false; return true; -- 2.13.3

7 years, 3 months

4
3
0 0

request for 4.4-stable: e7c0b5991dd1b ("ovl: warn instead of error if d_type is not supported")

by SZ Lin (林上智)

Hi Greg, This patch is not marked for 4.4-stable, but it's already in 4.9 and 4.14 stable. Please apply to 4.4-stable. This patch turned the status from error to warning if d_type is not supported, and thus operation won't be interrupted. -- SZ Lin (林上智)

7 years, 3 months

1
0
0 0

request for 4.4-stable: 21765194cecf2 ("ovl: Do d_type check only if work dir creation was successful")

by SZ Lin (林上智)

Hi Greg, This patch is not marked for 4.4-stable, but it's already in 4.9 and 4.14 stable. Please apply to 4.4-stable. This patch fixed check machanism for d_type to avoid returning d_type not supported even if underlying filesystem might be supporting it. -- SZ Lin (林上智)

7 years, 3 months

1
0
0 0

request for 4.4-stable: 45aebeaf4f674 ("ovl: Ensure upper filesystem supports d_type")

by SZ Lin (林上智)

Hi Greg, This patch is not marked for 4.4-stable, but it's already in 4.9 and 4.14 stable. Please apply to 4.4-stable. This patch added a check mechanism for d_type in upper layer of overlayfs to avoid whiteouts issue. -- SZ Lin (林上智)

7 years, 3 months

1
0
0 0

[PATCH] mm: respect arch_dup_mmap() return value

by Nadav Amit

Commit d70f2a14b72a4 ("include/linux/sched/mm.h: uninline mmdrop_async(), etc") ignored the return value of arch_dup_mmap(). As a result, on x86, a failure to duplicate the LDT (e.g., due to memory allocation error), would leave the duplicated memory mapping in an inconsistent state. Fix by regarding the return value, as it was before the change. Fixes: d70f2a14b72a4 ("include/linux/sched/mm.h: uninline mmdrop_async(), etc") Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: stable(a)vger.kernel.org Signed-off-by: Nadav Amit <namit(a)vmware.com> --- kernel/fork.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/kernel/fork.c b/kernel/fork.c index 1b27babc4c78..4527d1d331de 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -549,8 +549,7 @@ static __latent_entropy int dup_mmap(struct mm_struct *mm, goto out; } /* a new mm has just been created */ - arch_dup_mmap(oldmm, mm); - retval = 0; + retval = arch_dup_mmap(oldmm, mm); out: up_write(&mm->mmap_sem); flush_tlb_mm(oldmm); -- 2.17.1

7 years, 3 months

2
1
0 0

[PATCH] drm/edid: Add 6 bpc quirk for SDC panel in Lenovo B50-80

by Kai-Heng Feng

Another panel that reports "DFP 1.x compliant TMDS" but it supports 6bpc instead of 8 bpc. Apply 6 bpc quirk for the panel to fix it. BugLink: https://bugs.launchpad.net/bugs/1788308 Cc: <stable(a)vger.kernel.org> # v4.8+ Signed-off-by: Kai-Heng Feng <kai.heng.feng(a)canonical.com> --- drivers/gpu/drm/drm_edid.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/gpu/drm/drm_edid.c b/drivers/gpu/drm/drm_edid.c index 5dc742b27ca0..3c9fc99648b7 100644 --- a/drivers/gpu/drm/drm_edid.c +++ b/drivers/gpu/drm/drm_edid.c @@ -116,6 +116,9 @@ static const struct edid_quirk { /* CPT panel of Asus UX303LA reports 8 bpc, but is a 6 bpc panel */ { "CPT", 0x17df, EDID_QUIRK_FORCE_6BPC }, + /* SDC panel of Lenovo B50-80 reports 8 bpc, but is a 6 bpc panel */ + { "SDC", 0x3652, EDID_QUIRK_FORCE_6BPC }, + /* Belinea 10 15 55 */ { "MAX", 1516, EDID_QUIRK_PREFER_LARGE_60 }, { "MAX", 0x77e, EDID_QUIRK_PREFER_LARGE_60 }, -- 2.17.1

7 years, 3 months

2
1
0 0

[PATCH 9/9] power: supply: twl4030-charger: fix OF sibling-node lookup

by Johan Hovold

Use the new of_get_compatible_child() helper to lookup the usb sibling node instead of using of_find_compatible_node(), which searches the entire tree and thus can return an unrelated (non-sibling) node. This also addresses a potential use-after-free (e.g. after probe deferral) as the tree-wide helper drops a reference to its first argument (i.e. the parent device node). While at it, also fix the related phy-node reference leak. Fixes: f5e4edb8c888 ("power: twl4030_charger: find associated phy by more reliable means.") Cc: stable <stable(a)vger.kernel.org> # 4.2 Cc: NeilBrown <neilb(a)suse.de> Cc: Felipe Balbi <balbi(a)ti.com> Cc: Sebastian Reichel <sre(a)kernel.org> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/power/supply/twl4030_charger.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/power/supply/twl4030_charger.c b/drivers/power/supply/twl4030_charger.c index bbcaee56db9d..b6a7d9f74cf3 100644 --- a/drivers/power/supply/twl4030_charger.c +++ b/drivers/power/supply/twl4030_charger.c @@ -996,12 +996,13 @@ static int twl4030_bci_probe(struct platform_device *pdev) if (bci->dev->of_node) { struct device_node *phynode; - phynode = of_find_compatible_node(bci->dev->of_node->parent, - NULL, "ti,twl4030-usb"); + phynode = of_get_compatible_child(bci->dev->of_node->parent, + "ti,twl4030-usb"); if (phynode) { bci->usb_nb.notifier_call = twl4030_bci_usb_ncb; bci->transceiver = devm_usb_get_phy_by_node( bci->dev, phynode, &bci->usb_nb); + of_node_put(phynode); if (IS_ERR(bci->transceiver)) { ret = PTR_ERR(bci->transceiver); if (ret == -EPROBE_DEFER) -- 2.18.0

7 years, 3 months

2
2
0 0

qemu test failures (crashes) in v4.{14,17}.y-stable queues

by Guenter Roeck

Various mips64 and ppc64 qemu tests crash as follows in v4.14.y and v4.17.y (the log is from ppc64). ------------[ cut here ]------------ kernel BUG at kernel/time/hrtimer.c:1673! Oops: Exception in kernel mode, sig: 5 [#1] BE NUMA CoreNet Generic Modules linked in: CPU: 0 PID: 1 Comm: init Not tainted 4.17.19-rc1-00309-g8fe1830 #1 NIP: c000000000085d6c LR: c00000000089d840 CTR: c00000000000cd00 REGS: c00000003e1e7990 TRAP: 0700 Not tainted (4.17.19-rc1-00309-g8fe1830) MSR: 000000008002b000 <CE,EE,FP,ME> CR: 48000284 XER: 00000000 SOFTE: 0 GPR00: c00000000089d7ec c00000003e1e7c10 c000000000cb9c00 c00000003e1e8238 GPR04: c00000003e1e7c80 ffffffffffffffff 000000003b9aca00 0000000000000000 GPR08: 0000000031012c01 0000000031012c01 0000000000000002 0000000031012c01 GPR12: 0000000028000482 c000000000d35000 0000000000000000 0000000000000000 GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 GPR20: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 GPR24: 0000000000000000 0000000000000000 0000000000000016 00000000ffff9008 GPR28: c00000003e1e7e10 c00000003e1e8000 0000000000000000 000000009336eabb NIP [c000000000085d6c] .nanosleep_copyout+0x4c/0x50 LR [c00000000089d840] .do_nanosleep+0x160/0x190 Call Trace: [c00000003e1e7c10] [c00000000089d7ec] .do_nanosleep+0x10c/0x190 (unreliable) [c00000003e1e7cc0] [c000000000085e78] .hrtimer_nanosleep+0x108/0x1d0 [c00000003e1e7da0] [c000000000086068] .__se_compat_sys_nanosleep+0x78/0xb0 [c00000003e1e7e30] [c000000000000618] system_call+0x58/0x64 Instruction dump: 7c832378 e8890010 4bffbadd 60000000 38210070 e8010010 2fa30000 3940fff2 3860fdfc 7c63579e 7c0803a6 4e800020 <0fe00000> 7c0802a6 fb81ffe0 fbc1fff0 ---[ end trace 15c7fbc119007c42 ]--- I started to bisect, but abandoned it after finding commit 62d7ce7f40a9 ("posix-timers: Fix nanosleep_copyout() for CONFIG_COMPAT_32BIT_TIME") in both branches. Since there is no "config COMPAT_32BIT_TIME" in v4.14.y or v4.17.y, some relevant code is commented out by the commit, which in turn results in the crash. Guenter

7 years, 3 months

2
4
0 0

[GIT PULL] commits for Linux 4.17

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.17 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 128642b28a7de3171541132cf300e33a7a8e5f21: Linux 4.17.13 (2018-08-06 16:18:22 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.17-09082018 for you to fetch changes up to 3ad72f3a541e258f32da620840b8d4d62cecf18b: mm: make vm_area_alloc() initialize core fields (2018-08-07 02:31:10 -0400) - ---------------------------------------------------------------- for-greg-4.17-09082018 - ---------------------------------------------------------------- Adam Ford (2): ARM: davinci: board-da850-evm: fix WP pin polarity for MMC/SD ARM: dts: am3517.dtsi: Disable reference to OMAP3 OTG controller Ajay Gupta (1): usb: xhci: increase CRS timeout value Alex Deucher (1): drm/amdgpu: fix swapped emit_ib_size in vce3 Alexander Duyck (1): ixgbe: Be more careful when modifying MAC filters Alexander Sverdlin (2): octeon_mgmt: Fix MIX registers configuration on MTU setup net: cavium: Add fine-granular dependencies on PCI Alexandre Belloni (1): rtc: fix alarm read and set offset Alexey Brodkin (2): ARC: Explicitly add -mmedium-calls to CFLAGS ARC: Enable machine_desc->init_per_cpu for !CONFIG_SMP Alison Wang (1): drm: mali-dp: Enable Global SE interrupts mask for DP500 Anders Roxell (1): selftests: net: add config fragments Andreas Schwab (1): RISC-V: fix R_RISCV_ADD32/R_RISCV_SUB32 relocations Andrey Ryabinin (1): netfilter: nf_conntrack: Fix possible possible crash on module loading. Andrzej Hajda (1): drm/bridge/sii8620: fix loops in EDID fetch logic Andy Lutomirski (2): selftests/x86/sigreturn/64: Fix spurious failures on AMD CPUs selftests/x86/sigreturn: Do minor cleanups Anson Huang (2): soc: imx: gpcv2: correct PGC offset soc: imx: gpc: restrict register range for regmap access Ard Biesheuvel (1): KVM: arm/arm64: Drop resource size check for GICV window Arnaldo Carvalho de Melo (1): tools include uapi: Update if_link.h to pick IFLA_{BRPORT_ISOLATED,VXLAN_TTL_INHERIT} Arnd Bergmann (3): posix-timers: Fix nanosleep_copyout() for CONFIG_COMPAT_32BIT_TIME ieee802154: mcr20a: add missing includes drm/sun4i: link in front-end code if needed Artur Petrosyan (1): usb: dwc2: Fix host exit from hibernation flow. Arun Kumar Neelakantam (2): net: qrtr: Broadcast messages only from control port net: qrtr: Reset the node and port ID of broadcast messages Ayan Kumar Halder (3): drm/arm/malidp: Ensure that the crtcs are shutdown before removing any encoder/connector drm/arm/malidp: Preserve LAYER_FORMAT contents when setting format drm/mali-dp: Rectify the width and height passed to rotmem_required() Bart Van Assche (1): drbd: Fix drbd_request_prepare() discard handling Bartosz Golaszewski (1): net: davinci_emac: match the mdio device against its compatible if possible Bert Kenward (2): sfc: avoid hang from nested use of the filter_sem sfc: hold filter_sem consistently during reset BingJing Chang (1): md/raid10: fix that replacement cannot complete recovery after reassemble Bob Copeland (1): nl80211: relax ht operation checks for mesh Casey Leedom (1): cxgb4: assume flash part size to be 4MB, if it can't be determined Casey Schaufler (1): Smack: Mark inode instant in smack_task_to_inode Chengguang Xu (1): nfp: cast sizeof() to int when comparing with error code Christophe Jaillet (1): IB/mlx4: Fix an error handling path in 'mlx4_ib_rereg_user_mr()' Chunfeng Yun (1): usb: gadget: composite: fix delayed_status race condition when set_interface Damien ThÃ©bault (1): platform/x86: dell-laptop: Fix backlight detection Dan Carpenter (10): blk-mq-debugfs: Off by one in blk_mq_rq_state_name() block: sed-opal: Fix a couple off by one bugs typec: tcpm: Fix a msecs vs jiffies bug clk: davinci: cfgchip: testing the wrong variable dmaengine: k3dma: Off by one in k3_of_dma_simple_xlate() qed: off by one in qed_parse_mcp_trace_buf() ixgbe: Off by one in ixgbe_ipsec_tx() qlogic: check kstrtoul() for errors pinctrl: nsp: off by ones in nsp_pinmux_enable() drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply() Daniel Borkmann (1): bpf, s390: fix potential memleak when later bpf_jit_prog fails Daniel Mack (2): ARM: dts: am437x: make edt-ft5x06 a wakeup source ARM: pxa: irq: fix handling of ICMR registers in suspend/resume Dave Jiang (2): acpi/nfit: fix cmd_rc for acpi_nfit_ctl to always return a value nfit: fix unchecked dereference in acpi_nfit_ctl David Francis (1): amd/dc/dce100: On dce100, set clocks to 0 on suspend David Lechner (1): net: usb: rtl8150: demote allmulti message to dev_dbg() Davide Caratti (2): net/sched: act_csum: fix NULL dereference when 'goto chain' is used net/sched: act_tunnel_key: fix NULL dereference when 'goto chain' is used Denis Kenzior (1): mac80211: disable BHs/preemption in ieee80211_tx_control_port() Dinh Nguyen (1): net: stmmac: socfpga: add additional ocp reset line for Stratix10 Dirk Gouders (1): kconfig: fix line numbers for if-entries in menu tree Dmitry Osipenko (2): gpu: host1x: Skip IOMMU initialization if firewall is enabled gpu: host1x: Check whether size of unpin isn't 0 Don Brace (1): scsi: hpsa: correct enclosure sas address Dong Jia Shi (1): vfio: ccw: fix error return in vfio_ccw_sch_event Dongjiu Geng (1): usb: xhci: remove the code build warning Doron Roberts-Kedes (2): nbd: Add the nbd NBD_DISCONNECT_ON_CLOSE config flag. tls: fix skb_to_sgvec returning unhandled error. Douglas Anderson (1): nvmem: Don't let a NULL cell_id for nvmem_cell_get() crash us Eli Cohen (1): net/mlx5: E-Switch, Disallow vlan/spoofcheck setup if not being esw manager Eric Biggers (1): crypto: arm/speck - fix building in Thumb2 mode Eric Dumazet (1): netfilter: ipv6: nf_defrag: reduce struct net memory waste Evan Quan (1): drm/amd/powerplay: correct vega12 thermal support as true Fabio Estevam (2): ARM: imx_v6_v7_defconfig: Select ULPI support ARM: imx_v4_v5_defconfig: Select ULPI support Fathi Boudra (1): selftests: sync: add config fragment for testing sync framework Florian Fainelli (4): ARM: dts: NSP: Fix i2c controller interrupt type ARM: dts: NSP: Fix PCIe controllers interrupt types ARM: dts: HR2: Fix interrupt types for i2c and PCIe ARM: dts: BCM5301x: Fix i2c controller interrupt type Florian Westphal (2): netfilter: x_tables: set module owner for icmp(6) matches netfilter: nft_compat: explicitly reject ERROR and standard target Frank Rowand (1): of: overlay: update phandle cache on overlay apply and remove Frederic Weisbecker (1): sched/nohz: Skip remote tick on idle task entirely Ganesh Goudar (1): cxgb4: when disabling dcb set txq dcb priority to 0 Gao Feng (1): netfilter: nf_ct_helper: Fix possible panic after nf_conntrack_helper_unregister Geert Uytterhoeven (1): mtd: dataflash: Use ULL suffix for 64-bit constants Govindarajulu Varadarajan (1): enic: initialize enic->rfs_h.lock in enic_probe Greentime Hu (1): nds32: Fix the dts pointer is not passed correctly issue. Greg Ungerer (1): m68k: fix "bad page state" oops on ColdFire boot Grigor Tovmasyan (1): usb: gadget: dwc2: fix memory leak in gadget_init() Guenter Roeck (1): hwmon: (nct6775) Fix loop limit Gustavo Pimentel (1): ARC: [plat-hsdk]: Configure APB GPIO controller on ARC HSDK platform Haiyue Wang (1): ipmi: kcs_bmc: fix IRQ exception if the channel is not open Hangbin Liu (2): ipv6: mcast: fix unsolicited report interval after receiving querys ipvlan: call dev_change_flags when ipvlan mode is reset Hans de Goede (1): NFC: pn533: Fix wrong GFP flag usage Harini Katakam (1): net: macb: Free RX ring for all queues Heikki Krogerus (1): usb: dwc3: pci: add support for Intel IceLake Heiner Kallweit (1): r8169: fix mac address change Helge Eichelberg (1): hwmon: (dell-smm) Disable fan support for Dell XPS13 9333 Hoan Tran (1): drivers/perf: xgene_pmu: Fix IOB SLOW PMU parser error Israel Rukshin (1): nvme-rdma: Fix command completion race at error recovery Jakub Kicinski (2): selftests/bpf: test offloads even with BPF programs present nfp: bpf: don't stop offload if replace failed Jann Horn (1): netfilter: nf_log: fix uninit read in nf_log_proc_dostring Janne Huttunen (1): perf script python: Fix dict reference counting Janusz Krzysztofik (1): dmaengine: ti: omap-dma: Fix OMAP1510 incorrect residue_granularity Jason Gerecke (1): HID: wacom: Correct touch maximum XY of 2nd-gen Intuos Jeff Moyer (1): dev-dax: check_vma: ratelimit dev_info-s Jeffrin Jose T (1): selftests: bpf: notification about privilege required to run test_kmod.sh testing script Jens Axboe (1): blk-mq: don't queue more if we get a busy return Jeremy Cline (1): perf tools: Use python-config --includes rather than --cflags Jerome Brunet (1): ARM64: dts: meson-axg: fix ethernet stability issue Jianchao Wang (1): nvme-pci: move nvme_kill_queues to nvme_remove_dead_ctrl Jim Mattson (1): kvm: nVMX: Restore exit qual for VM-entry failure due to MSR loading Jim Wilson (1): RISC-V: Fix PTRACE_SETREGSET bug. Jiri Olsa (4): perf tools: Fix error index for pmu event parser perf tests: Add event parsing error handling to parse events test perf bench: Fix numa report output code perf tools: Fix compilation errors on gcc8 Johan Hovold (1): usb: dwc3: of-simple: fix use-after-free on remove Johannes Berg (1): nl80211: check nla_parse_nested() return values John Allen (1): ibmvnic: Fix error recovery on login failure John Fastabend (1): bpf: fix sk_skb programs without skb->dev assigned John Garry (1): libahci: Fix possible Spectre-v1 pmp indexing in ahci_led_store() Jon Maloy (4): tipc: fix wrong return value from function tipc_node_try_addr() tipc: correct discovery message handling during address trial period tipc: fix correct setting of message type in second discoverer tipc: make function tipc_net_finalize() thread safe Josh Poimboeuf (1): objtool: Support GCC 8 '-fnoreorder-functions' Julia Lawall (1): clocksource/drivers/stm32: Fix error return code Julian Wiedmann (1): s390/qeth: consistently re-enable device features Juri Lelli (1): sched/deadline: Fix switched_from_dl() warning Kai-Heng Feng (1): usb: xhci: dbc: Don't decrement runtime PM counter if DBC is not started Kalderon, Michal (1): RDMA/qedr: Fix NULL pointer dereference when running over iWARP without RDMA-CM Kamal Heib (1): RDMA/mlx5: Fix memory leak in mlx5_ib_create_srq() error path Karsten Graul (1): net/smc: reset recv timeout after clc handshake Katsuhiro Suzuki (1): arm64: dts: uniphier: fix widget name of headphone for LD11/LD20 boards Keerthy (1): ARM: dts: da850: Fix interrups property for gpio Kim Phillips (2): perf llvm-utils: Remove bashism from kernel include fetch script perf test shell: Prevent temporary editor files from being considered test scripts Laura Abbott (2): tools: build: Fixup host c flags tools: build: Use HOSTLDFLAGS with fixdep Li RongQing (1): net: propagate dev_get_valid_name return code Linus LÃ¼ssing (2): batman-adv: Avoid storing non-TT-sync flags on singular entries too batman-adv: Fix multicast TT issues with bogus ROAM flags Linus Torvalds (4): Mark HI and TASKLET softirq synchronous mm: use helper functions for allocating and freeing vm_area structs mm: make vm_area_dup() actually copy the old vma data mm: make vm_area_alloc() initialize core fields Lubomir Rintel (1): ieee802154: 6lowpan: set IFLA_LINK Lucas Stach (1): Input: synaptics-rmi4 - fix axis-swap behavior Maciej Purski (4): drm/bridge/sii8620: fix display modes validation drm/bridge/sii8620: fix potential buffer overflow drm/bridge/sii8620: fix display of packed pixel modes in MHL2 drm/bridge/sii8620: Fix display of packed pixel modes Madalin Bucur (2): fsl/fman: fix parser reporting bad checksum on short frames dpaa_eth: DPAA SGT needs to be 256B Manish Rangankar (1): scsi: qedi: Send driver state to MFW Marc Zyngier (2): irqchip/gic-v2m: Fix SPI release on error path irqchip/gic-v3-its: Fix reprogramming of redistributors on CPU hotplug Marcelo Ricardo Leitner (1): sctp: fix erroneous inc of snmp SctpFragUsrMsgs Marek Szyprowski (5): arm64: dma-mapping: clear buffers allocated with FORCE_CONTIGUOUS flag dmaengine: pl330: report BURST residue granularity drm/exynos: gsc: Fix support for NV16/61, YUV420/YVU420 and YUV422 modes drm/exynos: decon5433: Fix per-plane global alpha for XRGB modes drm/exynos: decon5433: Fix WINCONx reset value Martin Blumenstingl (1): ARM64: dts: meson-gxl: fix Mali GPU compatible string Masahiro Yamada (2): clk: sunxi-ng: replace lib-y with obj-y kbuild: suppress warnings from 'getconf LFS_*' Mathieu Malaterre (1): tracing: Use __printf markup to silence compiler Mauricio Vasquez B (1): bpf: hash map: decrement counter on error Max Gurtuvoy (1): nvmet: reset keep alive timer in controller enable Michael Chan (3): bnxt_en: Fix inconsistent BNXT_FLAG_AGG_RINGS logic. bnxt_en: Always set output parameters in bnxt_get_max_rings(). bnxt_en: Do not modify max IRQ count after RDMA driver requests/frees IRQs. Michael Hennerich (2): net: ieee802154: adf7242: Fix erroneous RX enable net: ieee802154: adf7242: Fix OCL calibration runs Michael Trimarchi (1): brcmfmac: stop watchdog before detach and free everything Mika Westerberg (1): ACPI / EC: Use ec_no_wakeup on Thinkpad X1 Carbon 6th Mikko Perttunen (1): drm/tegra: Fix comparison operator for buffer size Minas Harutyunyan (2): usb: dwc2: gadget: Fix issue in dwc2_gadget_start_isoc() dwc2: gadget: Fix ISOC IN DDMA PID bitfield value calculation Nicholas Mc Guire (3): PCI: xilinx: Add missing of_node_put() PCI: xilinx-nwl: Add missing of_node_put() PCI: faraday: Add missing of_node_put() Nicholas Piggin (1): powerpc: smp_send_stop do not offline stopped CPUs Nicolas Boichat (1): HID: google: Add support for whiskers Nishanth Menon (1): ARM: DRA7/OMAP5: Enable ACTLR[0] (Enable invalidates of BTB) for secondary cores Oleksij Rempel (1): ARM: dts: imx6sx: fix irq for pcie bridge Palmer Dabbelt (1): RISC-V: Don't include irq-riscv-intc.h Paolo Abeni (1): ipfrag: really prevent allocation on netns exit Paul Cercueil (1): pinctrl: ingenic: Fix inverted direction for < JZ4770 Paul Moore (1): ipv6: make ipv6_renew_options() interrupt/kernel safe Pavel Machek (1): ARM: dts: omap4-droid4: fix dts w.r.t. pwm Peng Hao (1): kvmclock: fix TSC calibration for nested guests Peter Chen (1): usb: chipidea: host: fix disconnection detect issue Peter Zijlstra (2): kthread, sched/core: Fix kthread_parkme() (again...) ARC: Improve cmpxchg syscall implementation Qu Wenruo (1): btrfs: scrub: Don't use inode page cache in scrub_handle_errored_block() Randy Dunlap (2): net/ethernet/freescale/fman: fix cross-build error tcp: identify cryptic messages as TCP seq # bugs Ravi Bangoria (2): perf script: Fix crash because of missing evsel->priv perf tools: Fix crash caused by accessing feat_ops[HEADER_LAST_FEATURE] Ray Jui (5): ARM: dts: Cygnus: Fix I2C controller interrupt type ARM: dts: Cygnus: Fix PCIe controller interrupt type arm64: dts: ns2: Fix I2C controller interrupt type arm64: dts: ns2: Fix PCIe controller interrupt type arm64: dts: Stingray: Fix I2C controller interrupt type Rob Herring (1): arm64: dts: msm8916: fix Coresight ETF graph connections Robin H. Johnson (1): ACPI / EC: Use ec_no_wakeup on more Thinkpad X1 Carbon 6th systems Roland Dreier (1): nvme: fix handling of metadata_len for NVME_IOCTL_IO_CMD Russell King (4): drm/armada: fix colorkey mode property drm/armada: fix irq handling sfp: ensure we clean up properly on bus registration failure sfp: fix module initialisation with netdev already up Ryan Hsu (1): ath10k: update the phymode along with bandwidth change request Sagi Grimberg (1): nvme-rdma: fix possible double free condition when failing to create a controller Sandipan Das (1): perf report powerpc: Fix crash if callchain is empty Saurav Kashyap (1): scsi: qedf: Send the driver state to MFW Scott Bauer (1): nvme: ensure forward progress during Admin passthru Scott Branden (2): arm64: dts: specify 1.8V EMMC capabilities for bcm958742k arm64: dts: specify 1.8V EMMC capabilities for bcm958742t Sergei Shtylyov (8): PCI: OF: Fix I/O space page leak PCI: xgene: Fix I/O space page leak PCI: versatile: Fix I/O space page leak PCI: designware: Fix I/O space page leak PCI: aardvark: Fix I/O space page leak PCI: faraday: Fix I/O space page leak PCI: mediatek: Fix I/O space page leak PCI: v3-semi: Fix I/O space page leak Shankara Pailoor (1): jfs: Fix inconsistency between memory allocation and ea_buf->max_size Shuah Khan (Samsung OSG) (6): selftests: pstore: return Kselftest Skip code for skipped tests selftests: static_keys: return Kselftest Skip code for skipped tests selftests: sysctl: return Kselftest Skip code for skipped tests selftests: user: return Kselftest Skip code for skipped tests selftests: zram: return Kselftest Skip code for skipped tests selftests: vm: return Kselftest Skip code for skipped tests Sowmini Varadhan (1): rds: clean up loopback rds_connections on netns deletion Stafford Horne (1): openrisc: entry: Fix delay slot exception detection Stefan Agner (1): net: hamradio: use eth_broadcast_addr Stefan Schmidt (3): ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem ieee802154: at86rf230: use __func__ macro for debug messages ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem Stefan Wahren (3): net: qca_spi: Avoid packet drop during initial sync net: qca_spi: Make sure the QCA7000 reset is triggered net: qca_spi: Fix log level if probe fails Stephen Hemminger (1): hv/netvsc: fix handling of fallback to single queue mode Steve French (1): smb3: increase initial number of credits requested to allow write Steven Rostedt (VMware) (2): locking/lockdep: Do not record IRQ state within lockdep code ARM: 8780/1: ftrace: Only set kernel memory back to read-only after boot Sudarsana Reddy Kalluru (4): qed: Fix possible memory leak in Rx error path handling. qed: Add sanity check for SIMD fastpath handler. qed: Do not advertise DCBX_LLD_MANAGED capability. bnx2x: Fix receiving tx-timeout in error or recovery state. Sven Eckelmann (4): batman-adv: Fix bat_ogm_iv best gw refcnt after netlink dump batman-adv: Fix bat_v best gw refcnt after netlink dump batman-adv: Fix debugfs path for renamed hardif batman-adv: Fix debugfs path for renamed softif Taeung Song (4): samples/bpf: add missing <linux/if_vlan.h> samples/bpf: Check the result of system() samples/bpf: Check the error of write() and read() samples/bpf: Fix tc and ip paths in xdp2skb_meta.sh Takashi Iwai (1): ALSA: seq: Fix UBSAN warning at SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT ioctl Thomas Falcon (1): ibmvnic: Revise RX/TX queue error messages Thomas Richter (2): perf record: Support s390 random socket_id assignment perf test session topology: Fix test on s390 Tomasz Duszynski (1): iio: pressure: bmp280: fix relative humidity unit Trond Myklebust (1): pNFS: Always free the session slot on error in nfs4_layoutget_handle_exception Uwe Kleine-KÃ¶nig (1): ARM: dts: imx6: RDU2: fix irq type for mv88e6xxx switch Venkat Duvvuru (1): bnxt_en: Fix the vlan_tci exact match check. Vijay Immanuel (1): IB/rxe: Fix missing completion for mem_reg work requests Vikas Gupta (1): bnxt_en: Fix for system hang if request_irq fails Vincent Guittot (1): sched/util_est: Fix util_est_dequeue() for throttled cfs_rq Vincent Pelletier (1): usb: gadget: ffs: Fix BUG when userland exits with submitted AIO transfers Viresh Kumar (1): arm: dts: armada: Fix "#cooling-cells" property's name Vishal Verma (1): tools/testing/nvdimm: advertise a write cache for nfit_test Vladimir Zapolskiy (4): sh_eth: fix invalid context bug while calling auto-negotiation by ethtool sh_eth: fix invalid context bug while changing link options by ethtool ravb: fix invalid context bug while calling auto-negotiation by ethtool ravb: fix invalid context bug while changing link options by ethtool Wang Dongsheng (1): net: phy: marvell: change default m88e1510 LED configuration Wei Yongjun (1): pinctrl: nsp: Fix potential NULL dereference Will Deacon (1): arm64: Avoid flush_icache_range() in alternatives patching code Willem de Bruijn (1): packet: reset network header if packet shorter than ll reserved space William Wu (2): usb: dwc2: alloc dma aligned buffer for isoc split in usb: dwc2: fix isoc split in transfer with no data Xunlei Pang (1): sched/fair: Fix bandwidth timer clock drift condition Yan, Zheng (1): ceph: fix dentry leak in splice_dentry() Yonghong Song (1): perf tools: Fix a clang 7.0 compilation error Yuchung Cheng (1): tcp: remove DELAYED ACK events in DCTCP Yuiko Oshino (1): smsc75xx: Add workaround for gigabit link up hardware errata. Zhen Lei (1): kasan: fix shadow_size calculation error in kasan_module_alloc Zhenzhong Duan (2): x86/microcode/intel: Fix memleak in save_microcode_patch() x86/mm/32: Initialize the CR4 shadow before __flush_tlb_all() Zhizhou Zhang (1): arm64: make secondary_start_kernel() notrace Zhouyang Jia (3): xen: add error handling for xenbus_printf scsi: xen-scsifront: add error handling for xenbus_printf xen/scsiback: add error handling for xenbus_printf Zhu Yanjun (1): IB/rxe: avoid double kfree skb piaojun (1): net/9p/client.c: put refcount of trans_mod in error case in parse_opts() Makefile | 6 +- arch/arc/Makefile | 15 +-- arch/arc/include/asm/mach_desc.h | 2 - arch/arc/kernel/irq.c | 2 +- arch/arc/kernel/process.c | 47 ++++++-- arch/arc/plat-hsdk/platform.c | 62 +++++++++++ arch/arm/boot/dts/am3517.dtsi | 5 + arch/arm/boot/dts/am437x-sk-evm.dts | 2 + arch/arm/boot/dts/armada-385-synology-ds116.dts | 2 +- arch/arm/boot/dts/bcm-cygnus.dtsi | 24 ++-- arch/arm/boot/dts/bcm-hr2.dtsi | 24 ++-- arch/arm/boot/dts/bcm-nsp.dtsi | 32 +++--- arch/arm/boot/dts/bcm5301x.dtsi | 2 +- arch/arm/boot/dts/da850.dtsi | 6 +- arch/arm/boot/dts/imx6qdl-zii-rdu2.dtsi | 2 +- arch/arm/boot/dts/imx6sx.dtsi | 2 +- arch/arm/boot/dts/omap4-droid4-xt894.dts | 9 +- arch/arm/configs/imx_v4_v5_defconfig | 2 + arch/arm/configs/imx_v6_v7_defconfig | 2 + arch/arm/crypto/speck-neon-core.S | 6 +- arch/arm/mach-davinci/board-da850-evm.c | 2 +- arch/arm/mach-omap2/omap-smp.c | 41 +++++++ arch/arm/mach-pxa/irq.c | 4 +- arch/arm/mm/init.c | 9 ++ arch/arm64/boot/dts/amlogic/meson-axg-s400.dts | 15 ++- arch/arm64/boot/dts/amlogic/meson-gxl-mali.dtsi | 2 +- arch/arm64/boot/dts/broadcom/northstar2/ns2.dtsi | 8 +- .../boot/dts/broadcom/stingray/bcm958742k.dts | 4 + .../boot/dts/broadcom/stingray/bcm958742t.dts | 4 + .../arm64/boot/dts/broadcom/stingray/stingray.dtsi | 4 +- arch/arm64/boot/dts/qcom/msm8916.dtsi | 4 +- .../boot/dts/socionext/uniphier-ld11-global.dts | 2 +- .../boot/dts/socionext/uniphier-ld20-global.dts | 2 +- arch/arm64/include/asm/alternative.h | 7 +- arch/arm64/kernel/alternative.c | 51 +++++++-- arch/arm64/kernel/module.c | 5 +- arch/arm64/kernel/smp.c | 2 +- arch/arm64/mm/dma-mapping.c | 9 +- arch/ia64/kernel/perfmon.c | 6 +- arch/ia64/mm/init.c | 12 +- arch/m68k/include/asm/mcf_pgalloc.h | 4 +- arch/nds32/kernel/setup.c | 3 +- arch/openrisc/kernel/entry.S | 8 +- arch/openrisc/kernel/head.S | 9 +- arch/openrisc/kernel/traps.c | 2 +- arch/powerpc/kernel/smp.c | 6 - arch/riscv/kernel/irq.c | 4 - arch/riscv/kernel/module.c | 4 +- arch/riscv/kernel/ptrace.c | 2 +- arch/s390/net/bpf_jit_comp.c | 1 + arch/x86/kernel/cpu/microcode/intel.c | 5 +- arch/x86/kernel/kvmclock.c | 1 + arch/x86/kernel/smpboot.c | 5 + arch/x86/kvm/vmx.c | 9 +- block/blk-mq-debugfs.c | 2 +- block/blk-mq.c | 12 ++ block/sed-opal.c | 4 +- drivers/acpi/ec.c | 20 ++++ drivers/acpi/nfit/core.c | 4 + drivers/ata/libahci.c | 7 +- drivers/block/drbd/drbd_req.c | 4 +- drivers/block/nbd.c | 40 +++++-- drivers/char/ipmi/kcs_bmc.c | 31 ++---- drivers/clk/Makefile | 2 +- drivers/clk/davinci/da8xx-cfgchip.c | 2 +- drivers/clk/sunxi-ng/Makefile | 39 +++---- drivers/clocksource/timer-stm32.c | 4 +- drivers/dax/device.c | 12 +- drivers/dma/k3dma.c | 2 +- drivers/dma/omap-dma.c | 6 +- drivers/dma/pl330.c | 2 +- drivers/gpu/drm/amd/amdgpu/vce_v3_0.c | 4 +- .../drm/amd/display/dc/dce100/dce100_resource.c | 19 +++- drivers/gpu/drm/amd/powerplay/hwmgr/vega12_hwmgr.c | 1 + drivers/gpu/drm/arm/malidp_drv.c | 3 +- drivers/gpu/drm/arm/malidp_hw.c | 3 +- drivers/gpu/drm/arm/malidp_planes.c | 9 +- drivers/gpu/drm/armada/armada_crtc.c | 12 +- drivers/gpu/drm/armada/armada_hw.h | 1 + drivers/gpu/drm/armada/armada_overlay.c | 30 +++-- drivers/gpu/drm/bridge/sil-sii8620.c | 121 +++++++++++---------- drivers/gpu/drm/exynos/exynos5433_drm_decon.c | 6 +- drivers/gpu/drm/exynos/exynos_drm_gsc.c | 29 +++-- drivers/gpu/drm/exynos/regs-gsc.h | 1 + drivers/gpu/drm/nouveau/nouveau_gem.c | 4 +- drivers/gpu/drm/sun4i/Makefile | 5 +- drivers/gpu/drm/tegra/drm.c | 2 +- drivers/gpu/host1x/dev.c | 3 + drivers/gpu/host1x/job.c | 3 +- drivers/hid/hid-google-hammer.c | 2 + drivers/hid/hid-ids.h | 1 + drivers/hid/wacom_wac.c | 10 +- drivers/hwmon/dell-smm-hwmon.c | 7 ++ drivers/hwmon/nct6775.c | 2 +- drivers/iio/pressure/bmp280-core.c | 5 +- drivers/infiniband/hw/mlx4/mr.c | 7 +- drivers/infiniband/hw/mlx5/srq.c | 18 ++- drivers/infiniband/hw/qedr/verbs.c | 3 + drivers/infiniband/sw/rxe/rxe_req.c | 5 +- drivers/input/rmi4/rmi_2d_sensor.c | 34 +++--- drivers/irqchip/irq-gic-v2m.c | 2 +- drivers/irqchip/irq-gic-v3-its.c | 10 ++ drivers/md/raid10.c | 7 ++ drivers/mtd/devices/mtd_dataflash.c | 4 +- drivers/net/ethernet/broadcom/bnx2x/bnx2x.h | 1 + drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 6 + drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 6 + drivers/net/ethernet/broadcom/bnxt/bnxt.c | 15 ++- drivers/net/ethernet/broadcom/bnxt/bnxt.h | 1 - drivers/net/ethernet/broadcom/bnxt/bnxt_tc.c | 30 ++++- drivers/net/ethernet/broadcom/bnxt/bnxt_ulp.c | 2 - drivers/net/ethernet/cadence/macb_main.c | 11 +- drivers/net/ethernet/cavium/Kconfig | 12 +- drivers/net/ethernet/cavium/octeon/octeon_mgmt.c | 14 ++- drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 2 +- drivers/net/ethernet/chelsio/cxgb4/t4_hw.c | 35 +++--- drivers/net/ethernet/cisco/enic/enic_clsf.c | 3 +- drivers/net/ethernet/cisco/enic/enic_main.c | 3 +- drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 15 +-- drivers/net/ethernet/freescale/fman/fman_port.c | 8 ++ drivers/net/ethernet/ibm/ibmvnic.c | 43 +++++--- drivers/net/ethernet/intel/ixgbe/ixgbe_common.c | 12 +- drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 12 +- drivers/net/ethernet/mellanox/mlx5/core/vport.c | 2 - drivers/net/ethernet/netronome/nfp/bpf/main.c | 6 +- .../net/ethernet/netronome/nfp/nfpcore/nfp_nffw.c | 2 +- drivers/net/ethernet/qlogic/qed/qed_dcbx.c | 11 +- drivers/net/ethernet/qlogic/qed/qed_debug.c | 2 +- drivers/net/ethernet/qlogic/qed/qed_ll2.c | 11 +- drivers/net/ethernet/qlogic/qed/qed_main.c | 12 +- drivers/net/ethernet/qlogic/qlcnic/qlcnic_sysfs.c | 2 + drivers/net/ethernet/qualcomm/qca_spi.c | 21 ++-- drivers/net/ethernet/realtek/r8169.c | 1 + drivers/net/ethernet/renesas/ravb_main.c | 56 +++------- drivers/net/ethernet/renesas/sh_eth.c | 59 +++------- drivers/net/ethernet/sfc/ef10.c | 30 +++-- drivers/net/ethernet/sfc/efx.c | 17 ++- drivers/net/ethernet/stmicro/stmmac/Kconfig | 2 +- .../net/ethernet/stmicro/stmmac/dwmac-socfpga.c | 18 ++- drivers/net/ethernet/ti/davinci_emac.c | 4 + drivers/net/hamradio/bpqether.c | 8 +- drivers/net/hyperv/rndis_filter.c | 1 + drivers/net/ieee802154/adf7242.c | 34 +++++- drivers/net/ieee802154/at86rf230.c | 15 +-- drivers/net/ieee802154/fakelb.c | 2 +- drivers/net/ieee802154/mcr20a.c | 3 +- drivers/net/ipvlan/ipvlan_main.c | 36 ++++-- drivers/net/phy/marvell.c | 54 ++++++--- drivers/net/phy/sfp-bus.c | 35 ++++-- drivers/net/usb/rtl8150.c | 2 +- drivers/net/usb/smsc75xx.c | 62 +++++++++++ drivers/net/wireless/ath/ath10k/mac.c | 16 ++- drivers/net/wireless/ath/ath10k/wmi.h | 1 + .../wireless/broadcom/brcm80211/brcmfmac/sdio.c | 7 ++ drivers/nfc/pn533/usb.c | 4 +- drivers/nvme/host/core.c | 52 ++++----- drivers/nvme/host/pci.c | 2 +- drivers/nvme/host/rdma.c | 28 +++-- drivers/nvme/target/core.c | 8 ++ drivers/nvmem/core.c | 4 + drivers/of/base.c | 6 +- drivers/of/of_private.h | 2 + drivers/of/overlay.c | 11 ++ drivers/pci/dwc/pcie-designware-host.c | 3 +- drivers/pci/host/pci-aardvark.c | 2 +- drivers/pci/host/pci-ftpci100.c | 4 +- drivers/pci/host/pci-v3-semi.c | 2 +- drivers/pci/host/pci-versatile.c | 2 +- drivers/pci/host/pci-xgene.c | 2 +- drivers/pci/host/pcie-mediatek.c | 2 +- drivers/pci/host/pcie-xilinx-nwl.c | 2 +- drivers/pci/host/pcie-xilinx.c | 1 + drivers/pci/of.c | 2 +- drivers/pci/pci.c | 38 +++++++ drivers/perf/xgene_pmu.c | 2 +- drivers/pinctrl/bcm/pinctrl-nsp-mux.c | 6 +- drivers/pinctrl/pinctrl-ingenic.c | 2 +- drivers/platform/x86/dell-laptop.c | 2 +- drivers/rtc/interface.c | 8 +- drivers/s390/cio/vfio_ccw_drv.c | 5 +- drivers/s390/net/qeth_core.h | 2 +- drivers/s390/net/qeth_core_main.c | 23 ++-- drivers/s390/net/qeth_l2_main.c | 5 +- drivers/s390/net/qeth_l3_main.c | 3 +- drivers/scsi/hpsa.c | 25 ++++- drivers/scsi/hpsa.h | 1 + drivers/scsi/qedf/qedf_main.c | 12 ++ drivers/scsi/qedi/qedi_main.c | 11 ++ drivers/scsi/xen-scsifront.c | 33 ++++-- drivers/soc/imx/gpc.c | 21 ++++ drivers/soc/imx/gpcv2.c | 13 ++- drivers/usb/chipidea/host.c | 5 +- drivers/usb/dwc2/core.h | 3 + drivers/usb/dwc2/gadget.c | 15 ++- drivers/usb/dwc2/hcd.c | 93 +++++++++++++++- drivers/usb/dwc2/hcd.h | 8 ++ drivers/usb/dwc2/hcd_intr.c | 11 +- drivers/usb/dwc2/hcd_queue.c | 3 + drivers/usb/dwc3/dwc3-of-simple.c | 3 +- drivers/usb/dwc3/dwc3-pci.c | 2 + drivers/usb/gadget/composite.c | 3 + drivers/usb/gadget/function/f_fs.c | 26 +++-- drivers/usb/host/xhci-dbgcap.c | 12 +- drivers/usb/host/xhci-tegra.c | 2 +- drivers/usb/host/xhci.c | 7 +- drivers/usb/typec/tcpm.c | 3 +- drivers/xen/manage.c | 18 ++- drivers/xen/xen-scsiback.c | 16 ++- fs/btrfs/scrub.c | 17 +-- fs/ceph/inode.c | 1 + fs/cifs/smb2pdu.c | 5 +- fs/exec.c | 6 +- fs/jfs/xattr.c | 10 +- fs/nfs/nfs4proc.c | 17 +-- include/linux/fsl/guts.h | 1 + include/linux/kthread.h | 1 - include/linux/marvell_phy.h | 2 + include/linux/mm.h | 4 +- include/linux/pci.h | 2 + include/linux/sched.h | 2 +- include/net/ipv6.h | 9 +- include/net/net_namespace.h | 1 + include/net/netns/ipv6.h | 1 - include/net/tc_act/tc_csum.h | 1 - include/net/tc_act/tc_tunnel_key.h | 1 - include/net/tcp.h | 2 - include/uapi/linux/nbd.h | 3 + kernel/bpf/hashtab.c | 16 ++- kernel/fork.c | 35 +++++- kernel/kthread.c | 30 ++++- kernel/locking/lockdep.c | 12 +- kernel/sched/core.c | 67 ++++++------ kernel/sched/deadline.c | 11 +- kernel/sched/fair.c | 30 ++--- kernel/sched/sched.h | 6 +- kernel/softirq.c | 12 +- kernel/time/hrtimer.c | 2 +- kernel/trace/trace.c | 5 + mm/kasan/kasan.c | 5 +- mm/mmap.c | 35 ++---- mm/nommu.c | 10 +- net/9p/client.c | 3 +- net/batman-adv/bat_iv_ogm.c | 4 +- net/batman-adv/bat_v.c | 4 +- net/batman-adv/debugfs.c | 40 +++++++ net/batman-adv/debugfs.h | 11 ++ net/batman-adv/hard-interface.c | 37 ++++++- net/batman-adv/translation-table.c | 7 +- net/core/dev.c | 4 +- net/core/filter.c | 3 +- net/ieee802154/6lowpan/core.c | 6 + net/ipv4/inet_fragment.c | 2 +- net/ipv4/netfilter/ip_tables.c | 1 + net/ipv4/tcp.c | 4 +- net/ipv4/tcp_dctcp.c | 25 ----- net/ipv4/tcp_output.c | 4 - net/ipv6/calipso.c | 9 +- net/ipv6/exthdrs.c | 111 +++++-------------- net/ipv6/ipv6_sockglue.c | 27 +++-- net/ipv6/mcast.c | 9 +- net/ipv6/netfilter/ip6_tables.c | 1 + net/ipv6/netfilter/nf_conntrack_reasm.c | 6 +- net/mac80211/tx.c | 2 + net/netfilter/nf_conntrack_core.c | 2 +- net/netfilter/nf_conntrack_helper.c | 5 + net/netfilter/nf_log.c | 4 + net/netfilter/nft_compat.c | 13 +++ net/packet/af_packet.c | 2 + net/qrtr/qrtr.c | 13 ++- net/rds/connection.c | 11 +- net/rds/loop.c | 56 ++++++++++ net/rds/loop.h | 2 + net/sched/act_csum.c | 6 +- net/sched/act_tunnel_key.c | 6 +- net/sctp/chunk.c | 4 +- net/smc/smc_clc.c | 3 +- net/tipc/discover.c | 18 +-- net/tipc/net.c | 17 ++- net/tipc/node.c | 7 +- net/tls/tls_sw.c | 5 + net/wireless/nl80211.c | 35 +++--- samples/bpf/parse_varlen.c | 6 +- samples/bpf/test_overhead_user.c | 19 +++- samples/bpf/trace_event_user.c | 27 ++++- samples/bpf/xdp2skb_meta.sh | 6 +- scripts/kconfig/zconf.y | 4 +- security/smack/smack_lsm.c | 1 + sound/core/seq/seq_clientmgr.c | 3 +- tools/build/Build.include | 2 +- tools/build/Makefile | 2 +- tools/include/uapi/linux/if_link.h | 2 + tools/objtool/elf.c | 41 ++++--- tools/perf/Makefile.config | 3 +- tools/perf/arch/powerpc/util/skip-callchain-idx.c | 2 +- tools/perf/arch/x86/util/perf_regs.c | 2 +- tools/perf/bench/numa.c | 5 +- tools/perf/builtin-annotate.c | 11 +- tools/perf/builtin-report.c | 3 +- tools/perf/builtin-script.c | 25 ++++- tools/perf/jvmti/jvmti_agent.c | 3 +- tools/perf/pmu-events/Build | 2 +- tools/perf/tests/builtin-test.c | 2 +- tools/perf/tests/parse-events.c | 8 +- tools/perf/tests/topology.c | 1 + tools/perf/util/c++/clang.cpp | 11 +- tools/perf/util/header.c | 12 +- tools/perf/util/llvm-utils.c | 6 +- tools/perf/util/parse-events.y | 5 + .../util/scripting-engines/trace-event-python.c | 8 +- tools/testing/nvdimm/test/nfit.c | 3 +- tools/testing/selftests/bpf/test_kmod.sh | 9 ++ tools/testing/selftests/bpf/test_offload.py | 12 +- tools/testing/selftests/net/config | 2 + .../selftests/pstore/pstore_post_reboot_tests | 5 +- .../selftests/static_keys/test_static_keys.sh | 13 +++ tools/testing/selftests/sync/config | 4 + tools/testing/selftests/sysctl/sysctl.sh | 20 ++-- tools/testing/selftests/user/test_user_copy.sh | 7 ++ tools/testing/selftests/vm/compaction_test.c | 4 +- tools/testing/selftests/vm/mlock2-tests.c | 12 +- tools/testing/selftests/vm/run_vmtests | 5 +- tools/testing/selftests/vm/userfaultfd.c | 4 +- tools/testing/selftests/x86/sigreturn.c | 59 ++++++---- tools/testing/selftests/zram/zram.sh | 5 +- tools/testing/selftests/zram/zram_lib.sh | 5 +- virt/kvm/arm/vgic/vgic-v3.c | 5 - 327 files changed, 2487 insertions(+), 1222 deletions(-) create mode 100644 tools/testing/selftests/sync/config -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlts2tYACgkQ3qZv95d3 LNybgg/+NZl+NRx12OH9XIZuNL2xVNUHOuPUs7z9NRLE/GiU4fwLV1B1wfnBhTOZ Im+kL3byVvrwdGrlFrbGsnk9vSElNS2IVSX4ORbKco9+9M/4xZgp070RU0WJHac6 sLUJh0zmnnU5JLtAIxKIZ7d67LsjuOoVa6KPM0mEZm3OBf3ilepIypihm+99vSuZ 6cLu4Cii/qKOSGenZ14IqiavNEc8IIXscTotAZcR/GXZr++dOLHyeGtsfjiXcDKf VL4FjTQusHZNoWspKZj6gZp2iyPeC1bulaBEPq6GGefWHK3FCjDoifZzlZ0y1XKA IgEN3xCDG/lxrIC1uj1VScUEOk9LXygE+6IPhT1tQ/f1ywkr+7tOY+uGvKHUpWQ4 qejpJFiltwPqM7SG78MrTKks7W5bi7FgrEHWchsYVylUY9STGhrj7WrEM/5SMs83 JtDbEbZhX4sSV0i0UDZVUebKajomjdmyJTFPrKh9LU25p6/jdFSdCC/Z6qGz+1Tp YDgcCTWm11rzWr14aRLEM3RRmLv1yeFsoLVx4J2eA8LpXZhKh0GMTBSo4QKQrDg9 JfvYAL70XZ5AUFYKW2Zs+/ftzibwFRWT4LG1Vu9xM1cQaxrE3toLaLnxpFbJNNlY P01Rp1qvKxvL55eII9AS9+kYdcT8vPOffHCpXMZrEQYfUDbBhdA= =w5qK -----END PGP SIGNATURE-----

7 years, 3 months

3
8
0 0

[GIT] Networking

by David Miller

Please queue up the following networking bug fixes for v4.17 and v4.18 -stable, respectively. Thank you!

7 years, 3 months

2
2
0 0

FAILED: patch "[PATCH] PCI: pciehp: Fix unprotected list iteration in IRQ handler" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 1204e35bedf4e5015cda559ed8c84789a6dae24e Mon Sep 17 00:00:00 2001 From: Lukas Wunner <lukas(a)wunner.de> Date: Thu, 19 Jul 2018 17:27:34 -0500 Subject: [PATCH] PCI: pciehp: Fix unprotected list iteration in IRQ handler Commit b440bde74f04 ("PCI: Add pci_ignore_hotplug() to ignore hotplug events for a device") iterates over the devices on a hotplug port's subordinate bus in pciehp's IRQ handler without acquiring pci_bus_sem. It is thus possible for a user to cause a crash by concurrently manipulating the device list, e.g. by disabling slot power via sysfs on a different CPU or by initiating a remove/rescan via sysfs. This can't be fixed by acquiring pci_bus_sem because it may sleep. The simplest fix is to avoid the list iteration altogether and just check the ignore_hotplug flag on the port itself. This works because pci_ignore_hotplug() sets the flag both on the device as well as on its parent bridge. We do lose the ability to print the name of the device blocking hotplug in the debug message, but that's probably bearable. Fixes: b440bde74f04 ("PCI: Add pci_ignore_hotplug() to ignore hotplug events for a device") Signed-off-by: Lukas Wunner <lukas(a)wunner.de> Signed-off-by: Bjorn Helgaas <bhelgaas(a)google.com> Cc: stable(a)vger.kernel.org diff --git a/drivers/pci/hotplug/pciehp_hpc.c b/drivers/pci/hotplug/pciehp_hpc.c index 84b3d421c083..aff191b4552c 100644 --- a/drivers/pci/hotplug/pciehp_hpc.c +++ b/drivers/pci/hotplug/pciehp_hpc.c @@ -539,8 +539,6 @@ static irqreturn_t pciehp_isr(int irq, void *dev_id) { struct controller *ctrl = (struct controller *)dev_id; struct pci_dev *pdev = ctrl_dev(ctrl); - struct pci_bus *subordinate = pdev->subordinate; - struct pci_dev *dev; struct slot *slot = ctrl->slot; u16 status, events; u8 present; @@ -588,14 +586,9 @@ static irqreturn_t pciehp_isr(int irq, void *dev_id) wake_up(&ctrl->queue); } - if (subordinate) { - list_for_each_entry(dev, &subordinate->devices, bus_list) { - if (dev->ignore_hotplug) { - ctrl_dbg(ctrl, "ignoring hotplug event %#06x (%s requested no hotplug)\n", - events, pci_name(dev)); - return IRQ_HANDLED; - } - } + if (pdev->ignore_hotplug) { + ctrl_dbg(ctrl, "ignoring hotplug event %#06x\n", events); + return IRQ_HANDLED; } /* Check Attention Button Pressed */

7 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] PCI: aardvark: Size bridges before resources allocation" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 91a2968e245d6ba616db37001fa1a043078b1a65 Mon Sep 17 00:00:00 2001 From: Zachary Zhang <zhangzg(a)marvell.com> Date: Fri, 29 Jun 2018 11:16:19 +0200 Subject: [PATCH] PCI: aardvark: Size bridges before resources allocation The PCIE I/O and MEM resource allocation mechanism is that root bus goes through the following steps: 1. Check PCI bridges' range and computes I/O and Mem base/limits. 2. Sort all subordinate devices I/O and MEM resource requirements and allocate the resources and writes/updates subordinate devices' requirements to PCI bridges I/O and Mem MEM/limits registers. Currently, PCI Aardvark driver only handles the second step and lacks the first step, so there is an I/O and MEM resource allocation failure when using a PCI switch. This commit fixes that by sizing bridges before doing the resource allocation. Fixes: 8c39d710363c1 ("PCI: aardvark: Add Aardvark PCI host controller driver") Signed-off-by: Zachary Zhang <zhangzg(a)marvell.com> [Thomas: edit commit log.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni(a)bootlin.com> Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi(a)arm.com> Cc: <stable(a)vger.kernel.org> diff --git a/drivers/pci/controller/pci-aardvark.c b/drivers/pci/controller/pci-aardvark.c index c9c72595bd20..10543ed7b500 100644 --- a/drivers/pci/controller/pci-aardvark.c +++ b/drivers/pci/controller/pci-aardvark.c @@ -906,6 +906,7 @@ static int advk_pcie_probe(struct platform_device *pdev) bus = bridge->bus; + pci_bus_size_bridges(bus); pci_bus_assign_resources(bus); list_for_each_entry(child, &bus->children, node)

7 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] PCI: aardvark: Size bridges before resources allocation" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 91a2968e245d6ba616db37001fa1a043078b1a65 Mon Sep 17 00:00:00 2001 From: Zachary Zhang <zhangzg(a)marvell.com> Date: Fri, 29 Jun 2018 11:16:19 +0200 Subject: [PATCH] PCI: aardvark: Size bridges before resources allocation The PCIE I/O and MEM resource allocation mechanism is that root bus goes through the following steps: 1. Check PCI bridges' range and computes I/O and Mem base/limits. 2. Sort all subordinate devices I/O and MEM resource requirements and allocate the resources and writes/updates subordinate devices' requirements to PCI bridges I/O and Mem MEM/limits registers. Currently, PCI Aardvark driver only handles the second step and lacks the first step, so there is an I/O and MEM resource allocation failure when using a PCI switch. This commit fixes that by sizing bridges before doing the resource allocation. Fixes: 8c39d710363c1 ("PCI: aardvark: Add Aardvark PCI host controller driver") Signed-off-by: Zachary Zhang <zhangzg(a)marvell.com> [Thomas: edit commit log.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni(a)bootlin.com> Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi(a)arm.com> Cc: <stable(a)vger.kernel.org> diff --git a/drivers/pci/controller/pci-aardvark.c b/drivers/pci/controller/pci-aardvark.c index c9c72595bd20..10543ed7b500 100644 --- a/drivers/pci/controller/pci-aardvark.c +++ b/drivers/pci/controller/pci-aardvark.c @@ -906,6 +906,7 @@ static int advk_pcie_probe(struct platform_device *pdev) bus = bridge->bus; + pci_bus_size_bridges(bus); pci_bus_assign_resources(bus); list_for_each_entry(child, &bus->children, node)

7 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] PCI: aardvark: Size bridges before resources allocation" failed to apply to 4.17-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.17-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 91a2968e245d6ba616db37001fa1a043078b1a65 Mon Sep 17 00:00:00 2001 From: Zachary Zhang <zhangzg(a)marvell.com> Date: Fri, 29 Jun 2018 11:16:19 +0200 Subject: [PATCH] PCI: aardvark: Size bridges before resources allocation The PCIE I/O and MEM resource allocation mechanism is that root bus goes through the following steps: 1. Check PCI bridges' range and computes I/O and Mem base/limits. 2. Sort all subordinate devices I/O and MEM resource requirements and allocate the resources and writes/updates subordinate devices' requirements to PCI bridges I/O and Mem MEM/limits registers. Currently, PCI Aardvark driver only handles the second step and lacks the first step, so there is an I/O and MEM resource allocation failure when using a PCI switch. This commit fixes that by sizing bridges before doing the resource allocation. Fixes: 8c39d710363c1 ("PCI: aardvark: Add Aardvark PCI host controller driver") Signed-off-by: Zachary Zhang <zhangzg(a)marvell.com> [Thomas: edit commit log.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni(a)bootlin.com> Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi(a)arm.com> Cc: <stable(a)vger.kernel.org> diff --git a/drivers/pci/controller/pci-aardvark.c b/drivers/pci/controller/pci-aardvark.c index c9c72595bd20..10543ed7b500 100644 --- a/drivers/pci/controller/pci-aardvark.c +++ b/drivers/pci/controller/pci-aardvark.c @@ -906,6 +906,7 @@ static int advk_pcie_probe(struct platform_device *pdev) bus = bridge->bus; + pci_bus_size_bridges(bus); pci_bus_assign_resources(bus); list_for_each_entry(child, &bus->children, node)

7 years, 3 months

1
0
0 0

[PATCH v2 for-4.4.y 0/5] net/sched: init failure fixes

by Amit Pundir

Hi Greg, Kindly consider/review following net/sched fixes for stable 4.4.y. This patchset is a follow-up of upstream fix 87b60cfacf9f ("net_sched: fix error recovery at qdisc creation") cherry-picked on stable 4.4.y. It fix null pointer dereferences due to uninitialized timer (qdisc watchdog) or double frees due to ->destroy cleaning up a second time. Here is the original submission https://www.mail-archive.com/netdev@vger.kernel.org/msg186003.html Cherry-picked and build tested on Linux 4.4.151 for ARCH=x86_64. Regards, Amit Pundir Change since v1: Rebased "sch_multiq: fix double free on init failure" patch and fixed "unused variable" build warning. Nikolay Aleksandrov (5): sch_htb: fix crash on init failure sch_multiq: fix double free on init failure sch_hhf: fix null pointer dereference on init failure sch_netem: avoid null pointer deref on init failure sch_tbf: fix two null pointer dereferences on init failure net/sched/sch_hhf.c | 3 +++ net/sched/sch_htb.c | 5 +++-- net/sched/sch_multiq.c | 9 ++------- net/sched/sch_netem.c | 4 ++-- net/sched/sch_tbf.c | 5 +++-- 5 files changed, 13 insertions(+), 13 deletions(-) -- 2.7.4

7 years, 3 months

1
5
0 0

[PATCH v5] spi: spi-mem: Adjust op len based on message/transfer size limitations

by Chuanhua Han

We need that to adjust the len of the 2nd transfer (called data in spi-mem) if it's too long to fit in a SPI message or SPI transfer. Fixes: c36ff266dc82 ("spi: Extend the core to ease integration of SPI memory controllers") Cc: <stable(a)vger.kernel.org> Signed-off-by: Chuanhua Han <chuanhua.han(a)nxp.com> Suggested-by: Boris Brezillon <boris.brezillon(a)bootlin.com> --- Changes in v5: -Add the validation check after the op->data.nbytes assignment -Assign the "len" variable after defining it -Remove the brackets on both sides of "opt-> data.nbytes" Changes in v4: -Rename variable name "opcode_addr_dummy_sum" to "len". -The comparison of "spi_max_message_size(mem->spi)" and "len" was removed. -Adjust their order when comparing the sizes of "spi_max_message_size(mem->spi)" and "len" -Changing the "unsigned long" type in the code to "size_t" Changes in v3: -Rename variable name "val" to "opcode_addr_dummy_sum". -Place the legitimacy of the transfer size(i.e., "spi_max_message_size(mem->spi)" and -"opcode_addr_dummy_sum") into "if (! ctlr - > mem_ops | |! ctlr-> mem_ops->exec_op) {" structure and add "spi_max_transfer_size(mem->spi) and opcode_addr_dummy_sum". -Adjust the formatting alignment of the code. -"(unsigned long)op->data.nbytes" was modified to "(unsigned long)(op->data.nbytes)". Changes in v2: -Place the adjusted transfer bytes code in spi_mem_adjust_op_size() and check spi_max_message_size(mem->spi) value before subtracting opcode, addr and dummy bytes. -Change the code from fsl-espi controller to generic code(The adjustment of spi transmission length was originally modified in the "drivers/spi/spi-fsl-espi.c" file, and now the adjustment of transfer length is made in the "drivers/spi/spi-mem.c" file) drivers/spi/spi-mem.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/drivers/spi/spi-mem.c b/drivers/spi/spi-mem.c index 990770d..6184fa1 100644 --- a/drivers/spi/spi-mem.c +++ b/drivers/spi/spi-mem.c @@ -328,10 +328,26 @@ EXPORT_SYMBOL_GPL(spi_mem_exec_op); int spi_mem_adjust_op_size(struct spi_mem *mem, struct spi_mem_op *op) { struct spi_controller *ctlr = mem->spi->controller; + size_t len; + + len = sizeof(op->cmd.opcode) + op->addr.nbytes + op->dummy.nbytes; if (ctlr->mem_ops && ctlr->mem_ops->adjust_op_size) return ctlr->mem_ops->adjust_op_size(mem, op); + if (!ctlr->mem_ops || !ctlr->mem_ops->exec_op) { + if (len > spi_max_transfer_size(mem->spi)) + return -EINVAL; + + op->data.nbytes = min3((size_t)op->data.nbytes, + spi_max_transfer_size(mem->spi), + spi_max_message_size(mem->spi) - + len); + + if (!op->data.nbytes) + return -EINVAL; + } + return 0; } EXPORT_SYMBOL_GPL(spi_mem_adjust_op_size); -- 2.7.4

7 years, 3 months

1
0
0 0

[PATCH 4.4 00/43] 4.4.141-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.4.141 release. There are 43 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed Jul 18 07:34:50 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.141-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.4.141-rc1 Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> loop: remember whether sysfs_create_group() was done Leon Romanovsky <leonro(a)mellanox.com> RDMA/ucm: Mark UCM interface as BROKEN Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> PM / hibernate: Fix oops at snapshot_write() Theodore Ts'o <tytso(a)mit.edu> loop: add recursion validation to LOOP_CHANGE_FD Florian Westphal <fw(a)strlen.de> netfilter: x_tables: initialise match/target check parameter struct Eric Dumazet <edumazet(a)google.com> netfilter: nf_queue: augment nfqa_cfg_policy Oleg Nesterov <oleg(a)redhat.com> uprobes/x86: Remove incorrect WARN_ON() in uprobe_init_insn() Dave Hansen <dave.hansen(a)linux.intel.com> x86/cpufeature: Add helper macro for mask check macros Dave Hansen <dave.hansen(a)linux.intel.com> x86/cpufeature: Make sure DISABLED/REQUIRED macros are updated Dave Hansen <dave.hansen(a)linux.intel.com> x86/cpufeature: Update cpufeaure macros Dave Hansen <dave.hansen(a)linux.intel.com> x86/cpufeature, x86/mm/pkeys: Fix broken compile-time disabling of pkeys Yazen Ghannam <Yazen.Ghannam(a)amd.com> x86/cpu: Add detection of AMD RAS Capabilities Dave Hansen <dave.hansen(a)linux.intel.com> x86/mm/pkeys: Fix mismerge of protection keys CPUID bits Dave Hansen <dave.hansen(a)linux.intel.com> x86/cpufeature, x86/mm/pkeys: Add protection keys related CPUID definitions Borislav Petkov <bp(a)suse.de> x86/cpufeature: Speed up cpu_feature_enabled() Alexander Kuleshov <kuleshovmail(a)gmail.com> x86/boot: Simplify kernel load address alignment check Borislav Petkov <bp(a)suse.de> x86/vdso: Use static_cpu_has() Brian Gerst <brgerst(a)gmail.com> x86/alternatives: Discard dynamic check after init Borislav Petkov <bp(a)suse.de> x86/alternatives: Add an auxilary section Borislav Petkov <bp(a)alien8.de> x86/cpufeature: Get rid of the non-asm goto variant Borislav Petkov <bp(a)suse.de> x86/cpufeature: Replace the old static_cpu_has() with safe variant Borislav Petkov <bp(a)suse.de> x86/cpufeature: Carve out X86_FEATURE_* Andi Kleen <ak(a)linux.intel.com> x86/headers: Don't include asm/processor.h in asm/atomic.h Borislav Petkov <bp(a)suse.de> x86/fpu: Get rid of xstate_fault() Borislav Petkov <bp(a)suse.de> x86/fpu: Add an XSTATE_OP() macro Borislav Petkov <bp(a)suse.de> x86/cpu: Provide a config option to disable static_cpu_has Borislav Petkov <bp(a)suse.de> x86/cpufeature: Cleanup get_cpu_cap() Borislav Petkov <bp(a)suse.de> x86/cpufeature: Move some of the scattered feature bits to x86_capability Steve Wise <swise(a)opengridcomputing.com> iw_cxgb4: correctly enforce the max reg_mr depth Paul Menzel <pmenzel(a)molgen.mpg.de> tools build: fix # escaping in .cmd files for future Make Linus Torvalds <torvalds(a)linux-foundation.org> Fix up non-directory creation in SGID directories Tomasz Kramkowski <tk(a)the-tk.com> HID: usbhid: add quirk for innomedia INNEX GENESIS/ATARI adapter Dan Carpenter <dan.carpenter(a)oracle.com> xhci: xhci-mem: off by one in xhci_stream_id_to_ring() Nico Sneck <snecknico(a)gmail.com> usb: quirks: add delay quirks for Corsair Strafe Johan Hovold <johan(a)kernel.org> USB: serial: mos7840: fix status-register error handling Jann Horn <jannh(a)google.com> USB: yurex: fix out-of-bounds uaccess in read handler Johan Hovold <johan(a)kernel.org> USB: serial: keyspan_pda: fix modem-status error handling Olli Salonen <olli.salonen(a)iki.fi> USB: serial: cp210x: add another USB ID for Qivicon ZigBee stick Dan Carpenter <dan.carpenter(a)oracle.com> USB: serial: ch341: fix type promotion bug in ch341_control_in() Hans de Goede <hdegoede(a)redhat.com> ahci: Disable LPM on Lenovo 50 series laptops with a too old BIOS Nadav Amit <namit(a)vmware.com> vmw_balloon: fix inflation with batching Jann Horn <jannh(a)google.com> ibmasm: don't write out of bounds in read handler Paul Burton <paul.burton(a)mips.com> MIPS: Fix ioremap() RAM check ------------- Diffstat: Documentation/kernel-parameters.txt | 2 +- Makefile | 4 +- arch/mips/mm/ioremap.c | 37 ++- arch/x86/Kconfig | 11 + arch/x86/Kconfig.debug | 10 - arch/x86/boot/cpuflags.h | 2 +- arch/x86/boot/mkcpustr.c | 2 +- arch/x86/crypto/crc32-pclmul_glue.c | 2 +- arch/x86/crypto/crc32c-intel_glue.c | 2 +- arch/x86/crypto/crct10dif-pclmul_glue.c | 2 +- arch/x86/entry/common.c | 1 + arch/x86/entry/entry_32.S | 2 +- arch/x86/entry/vdso/vdso32-setup.c | 1 - arch/x86/entry/vdso/vdso32/system_call.S | 2 +- arch/x86/entry/vdso/vma.c | 3 +- arch/x86/include/asm/alternative.h | 6 - arch/x86/include/asm/apic.h | 1 - arch/x86/include/asm/arch_hweight.h | 2 + arch/x86/include/asm/atomic.h | 1 - arch/x86/include/asm/atomic64_32.h | 1 - arch/x86/include/asm/cmpxchg.h | 1 + arch/x86/include/asm/cpufeature.h | 546 ++++++------------------------- arch/x86/include/asm/cpufeatures.h | 306 +++++++++++++++++ arch/x86/include/asm/disabled-features.h | 17 + arch/x86/include/asm/fpu/internal.h | 182 +++++------ arch/x86/include/asm/irq_work.h | 2 +- arch/x86/include/asm/mwait.h | 2 + arch/x86/include/asm/nospec-branch.h | 2 +- arch/x86/include/asm/processor.h | 3 +- arch/x86/include/asm/required-features.h | 9 + arch/x86/include/asm/smap.h | 2 +- arch/x86/include/asm/smp.h | 1 - arch/x86/include/asm/thread_info.h | 2 +- arch/x86/include/asm/tlbflush.h | 1 + arch/x86/include/asm/uaccess_64.h | 2 +- arch/x86/kernel/apic/apic_numachip.c | 4 +- arch/x86/kernel/cpu/Makefile | 2 +- arch/x86/kernel/cpu/centaur.c | 4 +- arch/x86/kernel/cpu/common.c | 71 ++-- arch/x86/kernel/cpu/cyrix.c | 1 + arch/x86/kernel/cpu/intel.c | 2 +- arch/x86/kernel/cpu/intel_cacheinfo.c | 2 +- arch/x86/kernel/cpu/match.c | 2 +- arch/x86/kernel/cpu/mkcapflags.sh | 6 +- arch/x86/kernel/cpu/mtrr/main.c | 2 +- arch/x86/kernel/cpu/scattered.c | 20 -- arch/x86/kernel/cpu/transmeta.c | 6 +- arch/x86/kernel/e820.c | 1 + arch/x86/kernel/head_32.S | 2 +- arch/x86/kernel/head_64.S | 4 +- arch/x86/kernel/hpet.c | 1 + arch/x86/kernel/msr.c | 2 +- arch/x86/kernel/uprobes.c | 2 +- arch/x86/kernel/verify_cpu.S | 2 +- arch/x86/kernel/vm86_32.c | 2 +- arch/x86/kernel/vmlinux.lds.S | 11 + arch/x86/lib/clear_page_64.S | 2 +- arch/x86/lib/copy_page_64.S | 2 +- arch/x86/lib/copy_user_64.S | 2 +- arch/x86/lib/memcpy_64.S | 2 +- arch/x86/lib/memmove_64.S | 2 +- arch/x86/lib/memset_64.S | 2 +- arch/x86/lib/retpoline.S | 2 +- arch/x86/mm/setup_nx.c | 1 + arch/x86/oprofile/op_model_amd.c | 1 - arch/x86/um/asm/barrier.h | 2 +- drivers/ata/ahci.c | 59 ++++ drivers/ata/libata-core.c | 3 + drivers/block/loop.c | 79 +++-- drivers/block/loop.h | 1 + drivers/hid/hid-ids.h | 3 + drivers/hid/usbhid/hid-quirks.c | 1 + drivers/infiniband/Kconfig | 12 + drivers/infiniband/core/Makefile | 4 +- drivers/infiniband/hw/cxgb4/mem.c | 2 +- drivers/misc/ibmasm/ibmasmfs.c | 27 +- drivers/misc/vmw_balloon.c | 4 +- drivers/usb/core/quirks.c | 4 + drivers/usb/host/xhci-mem.c | 2 +- drivers/usb/misc/yurex.c | 23 +- drivers/usb/serial/ch341.c | 2 +- drivers/usb/serial/cp210x.c | 1 + drivers/usb/serial/keyspan_pda.c | 4 +- drivers/usb/serial/mos7840.c | 3 + fs/btrfs/disk-io.c | 2 +- fs/inode.c | 6 + include/linux/libata.h | 1 + kernel/power/user.c | 5 + lib/atomic64_test.c | 4 + net/bridge/netfilter/ebtables.c | 2 + net/ipv4/netfilter/ip_tables.c | 1 + net/ipv6/netfilter/ip6_tables.c | 1 + net/netfilter/nfnetlink_queue.c | 3 + tools/build/Build.include | 4 +- 94 files changed, 831 insertions(+), 771 deletions(-)

7 years, 3 months

6
52
0 0

v4.17.18 build: 0 failures 1 warnings (v4.17.18)

by Build bot for Mark Brown

Tree/Branch: v4.17.18 Git describe: v4.17.18 Commit: 97f21471e8 Linux 4.17.18 Build Time: 0 min 13 sec Passed: 8 / 8 (100.00 %) Failed: 0 / 8 ( 0.00 %) Errors: 0 Warnings: 1 Section Mismatches: 0 ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): 1 warnings 0 mismatches : arm-allmodconfig 1 warnings 0 mismatches : arm-multi_v7_defconfig 1 warnings 0 mismatches : arm-multi_v5_defconfig ------------------------------------------------------------------------------- Warnings Summary: 1 3 ../include/net/ip6_route.h:71:12: warning: 'rt' may be used uninitialized in this function [-Wmaybe-uninitialized] =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- arm-allmodconfig : PASS, 0 errors, 1 warnings, 0 section mismatches Warnings: ../include/net/ip6_route.h:71:12: warning: 'rt' may be used uninitialized in this function [-Wmaybe-uninitialized] ------------------------------------------------------------------------------- arm-multi_v7_defconfig : PASS, 0 errors, 1 warnings, 0 section mismatches Warnings: ../include/net/ip6_route.h:71:12: warning: 'rt' may be used uninitialized in this function [-Wmaybe-uninitialized] ------------------------------------------------------------------------------- arm-multi_v5_defconfig : PASS, 0 errors, 1 warnings, 0 section mismatches Warnings: ../include/net/ip6_route.h:71:12: warning: 'rt' may be used uninitialized in this function [-Wmaybe-uninitialized] ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches: x86_64-allnoconfig arm-multi_v4t_defconfig x86_64-allmodconfig arm-allnoconfig x86_64-defconfig

7 years, 3 months

1
0
0 0

[PATCH v2] bcache: release dc->writeback_lock properly in bch_writeback_thread()

by Coly Li

From: Shan Hai <shan.hai(a)oracle.com> The writeback thread would exit with a lock held when the cache device is detached via sysfs interface, fix it by releasing the held lock before exiting the while-loop. Fixes: fadd94e05c02 (bcache: quit dc->writeback_thread when BCACHE_DEV_DETACHING is set) Signed-off-by: Shan Hai <shan.hai(a)oracle.com> Signed-off-by: Coly Li <colyli(a)suse.de> Tested-by: Shenghui Wang <shhuiw(a)foxmail.com> Cc: stable(a)vger.kernel.org #4.17+ --- Changelog: v2: add Fixes tag by Coly Li. v1: initial patch from Shan Hai. drivers/md/bcache/writeback.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/md/bcache/writeback.c b/drivers/md/bcache/writeback.c index 6be05bd7ca67..08c3a9f9676c 100644 --- a/drivers/md/bcache/writeback.c +++ b/drivers/md/bcache/writeback.c @@ -685,8 +685,10 @@ static int bch_writeback_thread(void *arg) * data on cache. BCACHE_DEV_DETACHING flag is set in * bch_cached_dev_detach(). */ - if (test_bit(BCACHE_DEV_DETACHING, &dc->disk.flags)) + if (test_bit(BCACHE_DEV_DETACHING, &dc->disk.flags)) { + up_write(&dc->writeback_lock); break; + } } up_write(&dc->writeback_lock); -- 2.18.0

7 years, 3 months

2
2
0 0

[PATCH] KVM: VMX: fixes for vmentry_l1d_flush module parameter

by Paolo Bonzini

Two bug fixes: 1) missing entries in the l1d_param array; this can cause a host crash if an access attempts to reach the missing entry. Future-proof the get function against any overflows as well. However, the two entries VMENTER_L1D_FLUSH_EPT_DISABLED and VMENTER_L1D_FLUSH_NOT_REQUIRED must not be accepted by the parse function, so disable them there. 2) invalid values must be rejected even if the CPU does not have the bug, so test for them before checking boot_cpu_has(X86_BUG_L1TF) ... and a small refactoring, since the .cmd field is redundant with the index in the array. Reported-by: Bandan Das <bsd(a)redhat.com> Cc: stable(a)vger.kernel.org Fixes: a7b9020b06ec6d7c3f3b0d4ef1a9eba12654f4f7 Signed-off-by: Paolo Bonzini <pbonzini(a)redhat.com> --- arch/x86/kvm/vmx.c | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c index c76ca8c4befa..8dae47e7267a 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -198,12 +198,14 @@ static const struct { const char *option; - enum vmx_l1d_flush_state cmd; + bool for_parse; } vmentry_l1d_param[] = { - {"auto", VMENTER_L1D_FLUSH_AUTO}, - {"never", VMENTER_L1D_FLUSH_NEVER}, - {"cond", VMENTER_L1D_FLUSH_COND}, - {"always", VMENTER_L1D_FLUSH_ALWAYS}, + [VMENTER_L1D_FLUSH_AUTO] = {"auto", true}, + [VMENTER_L1D_FLUSH_NEVER] = {"never", true}, + [VMENTER_L1D_FLUSH_COND] = {"cond", true}, + [VMENTER_L1D_FLUSH_ALWAYS] = {"always", true}, + [VMENTER_L1D_FLUSH_EPT_DISABLED] = {"EPT disabled", false}, + [VMENTER_L1D_FLUSH_NOT_REQUIRED] = {"not required", false}, }; #define L1D_CACHE_ORDER 4 @@ -287,8 +289,9 @@ static int vmentry_l1d_flush_parse(const char *s) if (s) { for (i = 0; i < ARRAY_SIZE(vmentry_l1d_param); i++) { - if (sysfs_streq(s, vmentry_l1d_param[i].option)) - return vmentry_l1d_param[i].cmd; + if (vmentry_l1d_param[i].for_parse && + sysfs_streq(s, vmentry_l1d_param[i].option)) + return i; } } return -EINVAL; @@ -298,13 +301,13 @@ static int vmentry_l1d_flush_set(const char *s, const struct kernel_param *kp) { int l1tf, ret; - if (!boot_cpu_has(X86_BUG_L1TF)) - return 0; - l1tf = vmentry_l1d_flush_parse(s); if (l1tf < 0) return l1tf; + if (!boot_cpu_has(X86_BUG_L1TF)) + return 0; + /* * Has vmx_init() run already? If not then this is the pre init * parameter parsing. In that case just store the value and let @@ -324,6 +327,9 @@ static int vmentry_l1d_flush_set(const char *s, const struct kernel_param *kp) static int vmentry_l1d_flush_get(char *s, const struct kernel_param *kp) { + if (WARN_ON_ONCE(l1tf_vmx_mitigation >= ARRAY_SIZE(vmentry_l1d_param))) + return sprintf(s, "???\n"); + return sprintf(s, "%s\n", vmentry_l1d_param[l1tf_vmx_mitigation].option); } -- 1.8.3.1

7 years, 3 months

3
3
0 0

Build failures in -stable queues

by Guenter Roeck

v4.4.y, v4.9.y: Building mips:cavium_octeon_defconfig ... failed -------------- Error log: /opt/buildbot/slave/stable-queue-4.4/build/drivers/net/ethernet/octeon/octeon_mgmt.c: In function 'octeon_mgmt_change_mtu': /opt/buildbot/slave/stable-queue-4.4/build/drivers/net/ethernet/octeon/octeon_mgmt.c:652:6: error: 'size_without_fcs' undeclared v4.9.y, v4.14.y: Building i386:tools/perf ... failed Building x86_64:tools/perf ... failed -------------- Error log: PERF_VERSION = 4.9.123.g5175d5 tests/parse-events.c: In function ‘test_event’: tests/parse-events.c:1681:3: error: implicit declaration of function ‘parse_events_print_error’ [-Werror=implicit-function-declaration] parse_events_print_error(&err, e->name); ^ tests/parse-events.c:1681:3: error: nested extern declaration of ‘parse_events_print_error’ This is just a snapshot; builds are still ongoing. I'll send another e-mail later if more errors are reported after the build is complete. Guenter

7 years, 3 months

3
6
0 0

[PATCH] bcache: release dc->writeback_lock properly in bch_writeback_thread()

by Coly Li

From: Shan Hai <shan.hai(a)oracle.com> The writeback thread would exit with a lock held when the cache device is detached via sysfs interface, fix it by releasing the held lock before exiting the while-loop. Signed-off-by: Shan Hai <shan.hai(a)oracle.com> Signed-off-by: Coly Li <colyli(a)suse.de> Tested-by: Shenghui Wang <shhuiw(a)foxmail.com> Cc: stable(a)vger.kernel.org #4.17+ --- drivers/md/bcache/writeback.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/md/bcache/writeback.c b/drivers/md/bcache/writeback.c index 6be05bd7ca67..08c3a9f9676c 100644 --- a/drivers/md/bcache/writeback.c +++ b/drivers/md/bcache/writeback.c @@ -685,8 +685,10 @@ static int bch_writeback_thread(void *arg) * data on cache. BCACHE_DEV_DETACHING flag is set in * bch_cached_dev_detach(). */ - if (test_bit(BCACHE_DEV_DETACHING, &dc->disk.flags)) + if (test_bit(BCACHE_DEV_DETACHING, &dc->disk.flags)) { + up_write(&dc->writeback_lock); break; + } } up_write(&dc->writeback_lock); -- 2.18.0

7 years, 3 months

1
0
0 0

[PATCH 2/2] fs/quota: Fix spectre gadget in do_quotactl

by Jeremy Cline

'type' is user-controlled, so sanitize it after the bounds check to avoid using it in speculative execution. This covers the following potential gadgets detected with the help of smatch: * fs/ext4/super.c:5741 ext4_quota_read() warn: potential spectre issue 'sb_dqopt(sb)->files' [r] * fs/ext4/super.c:5778 ext4_quota_write() warn: potential spectre issue 'sb_dqopt(sb)->files' [r] * fs/f2fs/super.c:1552 f2fs_quota_read() warn: potential spectre issue 'sb_dqopt(sb)->files' [r] * fs/f2fs/super.c:1608 f2fs_quota_write() warn: potential spectre issue 'sb_dqopt(sb)->files' [r] * fs/quota/dquot.c:412 mark_info_dirty() warn: potential spectre issue 'sb_dqopt(sb)->info' [w] * fs/quota/dquot.c:933 dqinit_needed() warn: potential spectre issue 'dquots' [r] * fs/quota/dquot.c:2112 dquot_commit_info() warn: potential spectre issue 'dqopt->ops' [r] * fs/quota/dquot.c:2362 vfs_load_quota_inode() warn: potential spectre issue 'dqopt->files' [w] (local cap) * fs/quota/dquot.c:2369 vfs_load_quota_inode() warn: potential spectre issue 'dqopt->ops' [w] (local cap) * fs/quota/dquot.c:2370 vfs_load_quota_inode() warn: potential spectre issue 'dqopt->info' [w] (local cap) * fs/quota/quota.c:110 quota_getfmt() warn: potential spectre issue 'sb_dqopt(sb)->info' [r] * fs/quota/quota_v2.c:84 v2_check_quota_file() warn: potential spectre issue 'quota_magics' [w] * fs/quota/quota_v2.c:85 v2_check_quota_file() warn: potential spectre issue 'quota_versions' [w] * fs/quota/quota_v2.c:96 v2_read_file_info() warn: potential spectre issue 'dqopt->info' [r] * fs/quota/quota_v2.c:172 v2_write_file_info() warn: potential spectre issue 'dqopt->info' [r] Additionally, a quick inspection indicates there are array accesses with 'type' in quota_on() and quota_off() functions which are also addressed by this. Cc: Josh Poimboeuf <jpoimboe(a)redhat.com> Cc: stable(a)vger.kernel.org Signed-off-by: Jeremy Cline <jcline(a)redhat.com> --- This patch isn't going to cleanly apply to stable without the "fs/quota: Replace XQM_MAXQUOTAS usage with MAXQUOTAS" patch, but I'm not sure that patch is really stable material and XQM_MAXQUOTAS has been 3 since pre-v4.4 so the end result will be the same even if that patch isn't backported. fs/quota/quota.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/quota/quota.c b/fs/quota/quota.c index d403392d8a0f..f0cbf58ad4da 100644 --- a/fs/quota/quota.c +++ b/fs/quota/quota.c @@ -18,6 +18,7 @@ #include <linux/quotaops.h> #include <linux/types.h> #include <linux/writeback.h> +#include <linux/nospec.h> static int check_quotactl_permission(struct super_block *sb, int type, int cmd, qid_t id) @@ -701,6 +702,7 @@ static int do_quotactl(struct super_block *sb, int type, int cmd, qid_t id, if (type >= MAXQUOTAS) return -EINVAL; + type = array_index_nospec(type, MAXQUOTAS); /* * Quota not supported on this fs? Check this before s_quota_types * since they needn't be set if quota is not supported at all. -- 2.17.1

7 years, 3 months

2
1
0 0

[PATCH 3/9] drm/msm: fix OF child-node lookup

by Johan Hovold

Use the new of_get_compatible_child() helper to lookup the legacy pwrlevels child node instead of using of_find_compatible_node(), which searches the entire tree and thus can return an unrelated (i.e. non-child) node. This also addresses a potential use-after-free (e.g. after probe deferral) as the tree-wide helper drops a reference to its first argument (i.e. the probed device's node). While at it, also fix the related child-node reference leak. Fixes: e2af8b6b0ca1 ("drm/msm: gpu: Use OPP tables if we can") Cc: stable <stable(a)vger.kernel.org> # 4.12 Cc: Jordan Crouse <jcrouse(a)codeaurora.org> Cc: Rob Clark <robdclark(a)gmail.com> Cc: David Airlie <airlied(a)linux.ie> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/gpu/drm/msm/adreno/adreno_gpu.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/msm/adreno/adreno_gpu.c b/drivers/gpu/drm/msm/adreno/adreno_gpu.c index da1363a0c54d..93d70f4a2154 100644 --- a/drivers/gpu/drm/msm/adreno/adreno_gpu.c +++ b/drivers/gpu/drm/msm/adreno/adreno_gpu.c @@ -633,8 +633,7 @@ static int adreno_get_legacy_pwrlevels(struct device *dev) struct device_node *child, *node; int ret; - node = of_find_compatible_node(dev->of_node, NULL, - "qcom,gpu-pwrlevels"); + node = of_get_compatible_child(dev->of_node, "qcom,gpu-pwrlevels"); if (!node) { dev_err(dev, "Could not find the GPU powerlevels\n"); return -ENXIO; @@ -655,6 +654,8 @@ static int adreno_get_legacy_pwrlevels(struct device *dev) dev_pm_opp_add(dev, val, 0); } + of_node_put(node); + return 0; } -- 2.18.0

7 years, 3 months

2
1
0 0

FAILED: patch "[PATCH] parisc: Remove unnecessary barriers from spinlock.h" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 3b885ac1dc35b87a39ee176a6c7e2af9c789d8b8 Mon Sep 17 00:00:00 2001 From: John David Anglin <dave.anglin(a)bell.net> Date: Sun, 12 Aug 2018 16:31:17 -0400 Subject: [PATCH] parisc: Remove unnecessary barriers from spinlock.h MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Now that mb() is an instruction barrier, it will slow performance if we issue unnecessary barriers. The spinlock defines have a number of unnecessary barriers. The __ldcw() define is both a hardware and compiler barrier. The mb() barriers in the routines using __ldcw() serve no purpose. The only barrier needed is the one in arch_spin_unlock(). We need to ensure all accesses are complete prior to releasing the lock. Signed-off-by: John David Anglin <dave.anglin(a)bell.net> Cc: stable(a)vger.kernel.org # 4.0+ Signed-off-by: Helge Deller <deller(a)gmx.de> diff --git a/arch/parisc/include/asm/spinlock.h b/arch/parisc/include/asm/spinlock.h index 6f84b6acc86e..8a63515f03bf 100644 --- a/arch/parisc/include/asm/spinlock.h +++ b/arch/parisc/include/asm/spinlock.h @@ -20,7 +20,6 @@ static inline void arch_spin_lock_flags(arch_spinlock_t *x, { volatile unsigned int *a; - mb(); a = __ldcw_align(x); while (__ldcw(a) == 0) while (*a == 0) @@ -30,17 +29,16 @@ static inline void arch_spin_lock_flags(arch_spinlock_t *x, local_irq_disable(); } else cpu_relax(); - mb(); } #define arch_spin_lock_flags arch_spin_lock_flags static inline void arch_spin_unlock(arch_spinlock_t *x) { volatile unsigned int *a; - mb(); + a = __ldcw_align(x); - *a = 1; mb(); + *a = 1; } static inline int arch_spin_trylock(arch_spinlock_t *x) @@ -48,10 +46,8 @@ static inline int arch_spin_trylock(arch_spinlock_t *x) volatile unsigned int *a; int ret; - mb(); a = __ldcw_align(x); ret = __ldcw(a) != 0; - mb(); return ret; }

7 years, 3 months

3
2
0 0

request for 4.4-stable: 08474cc1e6ea7 ("bridge: Propagate vlan add failure to user")

by SZ Lin (林上智)

Hi Greg, This patch is not marked for 4.4-stable, but it's already in 4.9 and 4.14 stable. Please apply to 4.4-stable. This patch fixed the kernel oops issue when executing bridge tool, please see reproducible steps with kernel 4.4 in below. # brctl addbr br0 # brctl addif br0 eth0 [ 1073.390028] device eth0 entered promiscuous mode [ 1073.395022] cpsw 4a100000.ethernet eth0: failed to initialize vlan filtering on this port # brctl addif br0 eth1 [ 1092.205685] net eth1: promiscuity not disabled as the other interface is still in promiscuity mode [ 1092.217541] device eth1 entered promiscuous mode [ 1092.222460] cpsw 4a100000.ethernet eth1: failed to initialize vlan filtering on this port # ifconfig br0 192.168.127.253 netmask 255.255.254.0 [ 1112.412740] br0: port 1(eth0) entered forwarding state [ 1112.417975] br0: port 1(eth0) entered forwarding state # brctl delif br0 eth0 [ 1137.645792] device eth0 left promiscuous mode [ 1137.650429] net eth0: promiscuity not disabled as the other interface is still in promiscuity mode [ 1137.663592] br0: port 1(eth0) entered disabled state [ 1137.668815] Unable to handle kernel NULL pointer dereference at virtual address 0000007a [ 1137.677026] pgd = dc58c000 [ 1137.679745] [0000007a] *pgd=00000000 [ 1137.683377] Internal error: Oops: 805 [#1] SMP ARM [ 1137.688189] Modules linked in: cryptodev omap_sham omap_aes omap_wdt sunrpc ip_tables x_tables autofs4 [ 1137.697598] CPU: 0 PID: 851 Comm: brctl Not tainted 4.4.0-cip-uc8100+ #1 [ 1137.704325] Hardware name: Generic AM33XX (Flattened Device Tree) [ 1137.710442] task: de580dc0 ti: dc574000 task.ti: dc574000 [ 1137.715883] PC is at __vlan_flush+0x18/0x54 [ 1137.720084] LR is at nbp_vlan_flush+0x28/0x60 [ 1137.724457] pc : [<c051ab3c>] lr : [<c051c2f4>] psr: 20080013 [ 1137.724457] sp : dc575dc8 ip : dc575de0 fp : dc575ddc [ 1137.735981] r10: 00000000 r9 : 00000000 r8 : 00000000 [ 1137.741226] r7 : dc5236d4 r6 : de239800 r5 : 00000000 r4 : 00000000 [ 1137.747779] r3 : 00000000 r2 : dc49e4c4 r1 : 00000200 r0 : 00000000 [ 1137.754333] Flags: nzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none [ 1137.761497] Control: 10c5387d Table: 9c58c019 DAC: 00000051 [ 1137.767264] Process brctl (pid: 851, stack limit = 0xdc574218) [ 1137.773119] Stack: (0xdc575dc8 to 0xdc576000) [ 1137.777496] 5dc0: 00000000 dc523600 dc575df4 dc575de0 c051c2f4 c051ab30 [ 1137.785711] 5de0: dc523600 dc49e4c0 dc575e14 dc575df8 c050e450 c051c2d8 dc49e4c0 dc49e4c0 [ 1137.793925] 5e00: 00000002 00000000 dc575e2c dc575e18 c050ebd8 c050e3d0 c0748380 dc49e4c0 [ 1137.802139] 5e20: dc575e4c dc575e30 c050f69c c050ebac dc575ea8 dc49e000 dc575ea8 c0596714 [ 1137.810353] 5e40: dc575e64 dc575e50 c05100f4 c050f650 000089a3 dc49e000 dc575e9c dc575e68 [ 1137.818567] 5e60: c04293d0 c05100a0 c0409b84 c0265738 dc575ea8 c0748380 000089a3 000089a3 [ 1137.826781] 5e80: c0748380 bee56bf4 dc575ea8 00000000 dc575ef4 dc575ea0 c0429828 c0429118 [ 1137.834995] 5ea0: 00000001 d543b3b8 00307262 00000000 00000000 00000000 00000002 00000003 [ 1137.843210] 5ec0: 7f5b0e34 bee56ebf c0147120 000089a3 fffffdfd bee56bf4 c0748380 bee56bf4 [ 1137.851424] 5ee0: 00000003 00000000 dc575f14 dc575ef8 c03f3230 c0429494 bee56bf4 ddb840a0 [ 1137.859638] 5f00: dc4ca340 00000003 dc575f7c dc575f18 c0142c08 c03f30b0 dc575f5c dc575f28 [ 1137.867852] 5f20: c0131f08 c01509ac 00000020 00000000 dc575f54 de581244 00000000 c0754108 [ 1137.876067] 5f40: de580dc0 c000fa64 dc574000 00000000 dc575f6c 00000000 dc4ca340 dc4ca340 [ 1137.884281] 5f60: 000089a3 bee56bf4 00000003 00000000 dc575fa4 dc575f80 c0142e98 c0142724 [ 1137.892495] 5f80: 7f5b10f0 b6f7ace8 00000002 00000036 c000fa64 dc574000 00000000 dc575fa8 [ 1137.900708] 5fa0: c000f8a0 c0142e30 7f5b10f0 b6f7ace8 00000003 000089a3 bee56bf4 000000cc [ 1137.908922] 5fc0: 7f5b10f0 b6f7ace8 00000002 00000036 bee56bf4 00000000 7f5b1000 00000000 [ 1137.917136] 5fe0: b6ef4711 bee56bdc 7f59f1ff b6ef4716 00080030 00000003 00000000 00000000 [ 1137.925343] Backtrace: [ 1137.927810] [<c051ab24>] (__vlan_flush) from [<c051c2f4>] (nbp_vlan_flush+0x28/0x60) [ 1137.935582] r5:dc523600 r4:00000000 [ 1137.939194] [<c051c2cc>] (nbp_vlan_flush) from [<c050e450>] (del_nbp+0x8c/0x110) [ 1137.946618] r5:dc49e4c0 r4:dc523600 [ 1137.950224] [<c050e3c4>] (del_nbp) from [<c050ebd8>] (br_del_if+0x38/0x9c) [ 1137.957125] r7:00000000 r6:00000002 r5:dc49e4c0 r4:dc49e4c0 [ 1137.962833] [<c050eba0>] (br_del_if) from [<c050f69c>] (add_del_if+0x58/0x74) [ 1137.969995] r5:dc49e4c0 r4:c0748380 [ 1137.973600] [<c050f644>] (add_del_if) from [<c05100f4>] (br_dev_ioctl+0x60/0x64) [ 1137.981023] r7:c0596714 r6:dc575ea8 r5:dc49e000 r4:dc575ea8 [ 1137.986731] [<c0510094>] (br_dev_ioctl) from [<c04293d0>] (dev_ifsioc+0x2c4/0x308) [ 1137.994330] r5:dc49e000 r4:000089a3 [ 1137.997930] [<c042910c>] (dev_ifsioc) from [<c0429828>] (dev_ioctl+0x3a0/0x8bc) [ 1138.005266] r8:00000000 r7:dc575ea8 r6:bee56bf4 r5:c0748380 r4:000089a3 [ 1138.012032] [<c0429488>] (dev_ioctl) from [<c03f3230>] (sock_ioctl+0x18c/0x2dc) [ 1138.019368] r10:00000000 r9:00000003 r8:bee56bf4 r7:c0748380 r6:bee56bf4 r5:fffffdfd [ 1138.027260] r4:000089a3 [ 1138.029817] [<c03f30a4>] (sock_ioctl) from [<c0142c08>] (do_vfs_ioctl+0x4f0/0x70c) [ 1138.037416] r7:00000003 r6:dc4ca340 r5:ddb840a0 r4:bee56bf4 [ 1138.043124] [<c0142718>] (do_vfs_ioctl) from [<c0142e98>] (SyS_ioctl+0x74/0x84) [ 1138.050460] r10:00000000 r9:00000003 r8:bee56bf4 r7:000089a3 r6:dc4ca340 r5:dc4ca340 [ 1138.058347] r4:00000000 [ 1138.060907] [<c0142e24>] (SyS_ioctl) from [<c000f8a0>] (ret_fast_syscall+0x0/0x44) [ 1138.068505] r9:dc574000 r8:c000fa64 r7:00000036 r6:00000002 r5:b6f7ace8 r4:7f5b10f0 [ 1138.076311] Code: e24cb004 f57ff05a e1a05000 e3a03000 (e1c037ba) [ 1138.082666] ---[ end trace d055796b6cd31311 ]--- Segmentation fault -- SZ Lin (林上智)

7 years, 3 months

2
1
0 0

FAILED: patch "[PATCH] parisc: Remove unnecessary barriers from spinlock.h" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 3b885ac1dc35b87a39ee176a6c7e2af9c789d8b8 Mon Sep 17 00:00:00 2001 From: John David Anglin <dave.anglin(a)bell.net> Date: Sun, 12 Aug 2018 16:31:17 -0400 Subject: [PATCH] parisc: Remove unnecessary barriers from spinlock.h MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Now that mb() is an instruction barrier, it will slow performance if we issue unnecessary barriers. The spinlock defines have a number of unnecessary barriers. The __ldcw() define is both a hardware and compiler barrier. The mb() barriers in the routines using __ldcw() serve no purpose. The only barrier needed is the one in arch_spin_unlock(). We need to ensure all accesses are complete prior to releasing the lock. Signed-off-by: John David Anglin <dave.anglin(a)bell.net> Cc: stable(a)vger.kernel.org # 4.0+ Signed-off-by: Helge Deller <deller(a)gmx.de> diff --git a/arch/parisc/include/asm/spinlock.h b/arch/parisc/include/asm/spinlock.h index 6f84b6acc86e..8a63515f03bf 100644 --- a/arch/parisc/include/asm/spinlock.h +++ b/arch/parisc/include/asm/spinlock.h @@ -20,7 +20,6 @@ static inline void arch_spin_lock_flags(arch_spinlock_t *x, { volatile unsigned int *a; - mb(); a = __ldcw_align(x); while (__ldcw(a) == 0) while (*a == 0) @@ -30,17 +29,16 @@ static inline void arch_spin_lock_flags(arch_spinlock_t *x, local_irq_disable(); } else cpu_relax(); - mb(); } #define arch_spin_lock_flags arch_spin_lock_flags static inline void arch_spin_unlock(arch_spinlock_t *x) { volatile unsigned int *a; - mb(); + a = __ldcw_align(x); - *a = 1; mb(); + *a = 1; } static inline int arch_spin_trylock(arch_spinlock_t *x) @@ -48,10 +46,8 @@ static inline int arch_spin_trylock(arch_spinlock_t *x) volatile unsigned int *a; int ret; - mb(); a = __ldcw_align(x); ret = __ldcw(a) != 0; - mb(); return ret; }

7 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] parisc: Remove unnecessary barriers from spinlock.h" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 3b885ac1dc35b87a39ee176a6c7e2af9c789d8b8 Mon Sep 17 00:00:00 2001 From: John David Anglin <dave.anglin(a)bell.net> Date: Sun, 12 Aug 2018 16:31:17 -0400 Subject: [PATCH] parisc: Remove unnecessary barriers from spinlock.h MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Now that mb() is an instruction barrier, it will slow performance if we issue unnecessary barriers. The spinlock defines have a number of unnecessary barriers. The __ldcw() define is both a hardware and compiler barrier. The mb() barriers in the routines using __ldcw() serve no purpose. The only barrier needed is the one in arch_spin_unlock(). We need to ensure all accesses are complete prior to releasing the lock. Signed-off-by: John David Anglin <dave.anglin(a)bell.net> Cc: stable(a)vger.kernel.org # 4.0+ Signed-off-by: Helge Deller <deller(a)gmx.de> diff --git a/arch/parisc/include/asm/spinlock.h b/arch/parisc/include/asm/spinlock.h index 6f84b6acc86e..8a63515f03bf 100644 --- a/arch/parisc/include/asm/spinlock.h +++ b/arch/parisc/include/asm/spinlock.h @@ -20,7 +20,6 @@ static inline void arch_spin_lock_flags(arch_spinlock_t *x, { volatile unsigned int *a; - mb(); a = __ldcw_align(x); while (__ldcw(a) == 0) while (*a == 0) @@ -30,17 +29,16 @@ static inline void arch_spin_lock_flags(arch_spinlock_t *x, local_irq_disable(); } else cpu_relax(); - mb(); } #define arch_spin_lock_flags arch_spin_lock_flags static inline void arch_spin_unlock(arch_spinlock_t *x) { volatile unsigned int *a; - mb(); + a = __ldcw_align(x); - *a = 1; mb(); + *a = 1; } static inline int arch_spin_trylock(arch_spinlock_t *x) @@ -48,10 +46,8 @@ static inline int arch_spin_trylock(arch_spinlock_t *x) volatile unsigned int *a; int ret; - mb(); a = __ldcw_align(x); ret = __ldcw(a) != 0; - mb(); return ret; }

7 years, 3 months

1
0
0 0

[PATCH 8/9] NFC: nfcmrvl_uart: fix OF child-node lookup

by Johan Hovold

Use the new of_get_compatible_child() helper to lookup the nfc child node instead of using of_find_compatible_node(), which searches the entire tree and thus can return an unrelated (i.e. non-child) node. This also addresses a potential use-after-free (e.g. after probe deferral) as the tree-wide helper drops a reference to its first argument (i.e. the parent node). Fixes: e097dc624f78 ("NFC: nfcmrvl: add UART driver") Fixes: d8e018c0b321 ("NFC: nfcmrvl: update device tree bindings for Marvell NFC") Cc: stable <stable(a)vger.kernel.org> # 4.2 Cc: Vincent Cuissard <cuissard(a)marvell.com> Cc: Samuel Ortiz <sameo(a)linux.intel.com> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/nfc/nfcmrvl/uart.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/drivers/nfc/nfcmrvl/uart.c b/drivers/nfc/nfcmrvl/uart.c index 91162f8e0366..9a22056e8d9e 100644 --- a/drivers/nfc/nfcmrvl/uart.c +++ b/drivers/nfc/nfcmrvl/uart.c @@ -73,10 +73,9 @@ static int nfcmrvl_uart_parse_dt(struct device_node *node, struct device_node *matched_node; int ret; - matched_node = of_find_compatible_node(node, NULL, "marvell,nfc-uart"); + matched_node = of_get_compatible_child(node, "marvell,nfc-uart"); if (!matched_node) { - matched_node = of_find_compatible_node(node, NULL, - "mrvl,nfc-uart"); + matched_node = of_get_compatible_child(node, "mrvl,nfc-uart"); if (!matched_node) return -ENODEV; } -- 2.18.0

7 years, 3 months

1
0
0 0

[PATCH 6/9] net: bcmgenet: fix OF child-node lookup

by Johan Hovold

Use the new of_get_compatible_child() helper to lookup the mdio child node instead of using of_find_compatible_node(), which searches the entire tree and thus can return an unrelated (i.e. non-child) node. This also addresses a potential use-after-free (e.g. after probe deferral) as the tree-wide helper drops a reference to its first argument (i.e. the node of the device being probed). Fixes: aa09677cba42 ("net: bcmgenet: add MDIO routines") Cc: stable <stable(a)vger.kernel.org> # 3.15 Cc: Florian Fainelli <f.fainelli(a)gmail.com> Cc: David S. Miller <davem(a)davemloft.net> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/net/ethernet/broadcom/genet/bcmmii.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/ethernet/broadcom/genet/bcmmii.c b/drivers/net/ethernet/broadcom/genet/bcmmii.c index 5333274a283c..87fc65560ceb 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmmii.c +++ b/drivers/net/ethernet/broadcom/genet/bcmmii.c @@ -333,7 +333,7 @@ static struct device_node *bcmgenet_mii_of_find_mdio(struct bcmgenet_priv *priv) if (!compat) return NULL; - priv->mdio_dn = of_find_compatible_node(dn, NULL, compat); + priv->mdio_dn = of_get_compatible_child(dn, compat); kfree(compat); if (!priv->mdio_dn) { dev_err(kdev, "unable to find MDIO bus node\n"); -- 2.18.0

7 years, 3 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror